WO2019109943A1 - Cloud platform management method and apparatus, electronic device and readable storage medium - Google Patents

Cloud platform management method and apparatus, electronic device and readable storage medium Download PDF

Info

Publication number
WO2019109943A1
WO2019109943A1 PCT/CN2018/119340 CN2018119340W WO2019109943A1 WO 2019109943 A1 WO2019109943 A1 WO 2019109943A1 CN 2018119340 W CN2018119340 W CN 2018119340W WO 2019109943 A1 WO2019109943 A1 WO 2019109943A1
Authority
WO
WIPO (PCT)
Prior art keywords
cloud platform
license
node
information
deployed
Prior art date
Application number
PCT/CN2018/119340
Other languages
French (fr)
Chinese (zh)
Inventor
田子晨
Original Assignee
北京金山云网络技术有限公司
北京金山云科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京金山云网络技术有限公司, 北京金山云科技有限公司 filed Critical 北京金山云网络技术有限公司
Publication of WO2019109943A1 publication Critical patent/WO2019109943A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present application relates to the field of cloud computing technologies, and in particular, to a cloud platform management method, apparatus, electronic device, and readable storage medium.
  • Openstack is an open source cloud computing platform management project. It mainly cooperates with various components such as Nova, Neutron and cinder to complete the related operations of the cloud platform. OpenStack supports almost all types of cloud environments. The goal of OpenStack is to provide a cloud computing management platform that is simple to implement, scalable, rich, and standardized. OpenStack provides IaaS (Infrastructure as a Service) solutions through a variety of complementary services.
  • IaaS Infrastructure as a Service
  • the cloud computing service provider can provide users with OpenStack-based cloud platform services, that is, deploy the OpenStack cloud platform for users and authorize users to use the OpenStack cloud platform.
  • the cloud computing service provider has a simple license management scheme for the user's OpenStack cloud platform, and usually only performs single-party license management for the OpenStack node.
  • flexible and effective license management for users' Openstack cloud platforms is required.
  • a license management scheme is needed to control the number of clusters and the functionality of the cluster.
  • An object of the embodiments of the present application is to provide a cloud platform management method, apparatus, electronic device, and readable storage medium for performing flexible license management on a cloud platform.
  • the specific technical solutions are as follows:
  • a first aspect of the embodiments of the present application provides a cloud platform management method, where the method includes: determining authorization permission information for the user, where the authorization permission information includes: a number of nodes, a node configuration, and a node. a period of use and a component type; digitally signing the license information, generating an authorization file according to the obtained signature information and the license information; and when the cloud platform of the user is deployed, the license file is Adding to the cloud platform of the user, deploying nodes in the cloud platform of the user according to the license information, and obtaining the deployed cloud platform.
  • the determining the license information for the user includes: determining the license information for the user according to the usage requirement of the user in the cloud platform.
  • the method before the deploying the node in the cloud platform of the user according to the license permission information, the method further includes: verifying, in the license file, Whether the signature information and the authorization permission information correspond; if the verification is passed, the signature information and the authorization permission information are stored in the cloud platform of the user.
  • the determining the license information for the user according to the usage requirement of the user in the cloud platform includes: determining whether the node is included according to the usage requirement Determining, in the request, determining whether the authorization for the number of nodes in the license information is on or off; determining whether to authorize the node configuration in the license information according to whether the requirement for the node configuration is included in the usage requirement For enabling or disabling; determining whether the license for the node usage period in the license information is turned on or off according to whether the usage requirement includes a requirement for a node usage period; whether the component type is included according to the usage requirement The requirement is to determine whether the license for the component type in the license information is turned on or off.
  • the deploying, by the user, the node in the cloud platform of the user according to the license information including: when adding a node, acquiring the number of nodes to be added a node configuration, and determining whether the sum of the number of nodes in the cloud platform and the number of nodes in the node to be added is not greater than the number of nodes in the license information, and the cloud platform has Whether the node configuration of the adding node and the total configuration of the node configuration of the node to be added are not greater than the node configuration in the license information; when the determination result is yes, the node to be added is added.
  • the method further includes: Receiving an operation instruction for expanding a node in the deployed cloud platform, adding node information to be extended to the authorization permission information, obtaining updated authorization permission information, and digitally signing the updated authorization permission information And generating an updated license file according to the obtained updated signature information and the updated license information; and installing the extended node on the deployed cloud platform according to the updated license file.
  • the method further includes: verifying The signature information and the expiration date in the license file in the deployed cloud platform; if the verification result is successful, periodically verify the license on the deployed cloud platform, and determine whether the deployed cloud platform is It runs within the scope of the license.
  • the performing the periodic authorization certificate verification on the deployed cloud platform, determining whether the deployed cloud platform is running within the scope of the license includes: Verifying whether the number of nodes in the deployed cloud platform is not greater than the number of nodes in the license information; and verifying whether the configuration of the nodes in the deployed cloud platform is not greater than the nodes in the license information. Configuring whether the motherboard serial number of the node in the deployed cloud platform is in the license information; verifying whether the current time in the deployed cloud platform is within the validity period of the license information If the verification result is yes, it is determined that the deployed cloud platform runs within the scope of the license, otherwise, it is determined that the deployed cloud platform does not run within the scope of the license.
  • a second aspect of the embodiments of the present application provides a cloud platform management apparatus, including: an authorization permission information acquisition module, configured to determine authorization permission information for the user, where the authorization permission information includes: a number of nodes , a node configuration period, a node usage period, and a component type; a license file generating module, configured to digitally sign the license information, generate an authorization license file according to the obtained signature information and the license information; and a cloud platform deployment module, When the cloud platform of the user is deployed, the license file is added to the cloud platform of the user, and the node in the cloud platform of the user is deployed according to the license information, and deployed. After the cloud platform.
  • an authorization permission information acquisition module configured to determine authorization permission information for the user, where the authorization permission information includes: a number of nodes , a node configuration period, a node usage period, and a component type
  • a license file generating module configured to digitally sign the license information, generate an authorization license file according to the obtained signature information and the license information
  • the authorization determining module is specifically configured to determine authorization information for the user according to a user's usage requirement for the cloud platform node.
  • the cloud platform management apparatus of the embodiment of the present application further includes: a signature information verification module, configured to verify the signature information and the authorization in the license file Whether the license information corresponds to the information storage module is configured to store the signature information and the license permission information in the cloud platform of the user if the signature information verification module passes the verification.
  • a signature information verification module configured to verify the signature information and the authorization in the license file Whether the license information corresponds to the information storage module is configured to store the signature information and the license permission information in the cloud platform of the user if the signature information verification module passes the verification.
  • the license information obtaining module is specifically configured to determine, according to whether the requirement for the number of nodes is included in the usage requirement, determine a node in the license information.
  • the number of licenses is turned on or off; determining whether the license configured for the node in the license information is turned on or off according to whether the requirement for the node is included in the usage requirement; whether the pair is included according to the usage requirement Determining the license period of the node in the license information to be turned on or off; determining whether the component type is in the license information according to whether the requirement for the component type is included in the use requirement
  • the license is either on or off.
  • the cloud platform deployment module is specifically configured to: when adding a node, obtain the number of nodes and node configurations of the node to be added, and determine that the cloud platform has been added. Whether the sum of the number of nodes of the node and the number of nodes of the node to be added is not greater than the number of nodes in the license information, and the node configuration of the node in the cloud platform and the node to be added Whether the total configuration of the node configuration is not greater than the node configuration in the license information; when the determination result is yes, the node to be added is added.
  • the cloud platform management apparatus of the embodiment of the present application further includes: an authorization license information update module, configured to receive, if received, a node in the deployed cloud platform The extended operation instruction adds the node information to be extended to the license information to obtain updated license information; and the license file update module is configured to digitally sign the updated license information according to the obtained update The signature information and the updated license information generate an updated license file; the extended node installation module is configured to perform an installation of the extended node on the deployed cloud platform according to the updated license file.
  • an authorization license information update module configured to receive, if received, a node in the deployed cloud platform
  • the extended operation instruction adds the node information to be extended to the license information to obtain updated license information
  • the license file update module is configured to digitally sign the updated license information according to the obtained update
  • the signature information and the updated license information generate an updated license file
  • the extended node installation module is configured to perform an installation of the extended node on the deployed cloud platform according to the updated license file.
  • the cloud platform management apparatus of the embodiment of the present application further includes: a first verification module, configured to verify signature information in the license file in the deployed cloud platform And the expiration date; the second verification module is configured to perform periodic authorization verification on the deployed cloud platform when the first verification module is successfully verified, and determine whether the deployed cloud platform runs on the license. In the range.
  • the second verification module is configured to verify whether the number of nodes in the deployed cloud platform is not greater than the number of nodes in the license information. Verifying whether the configuration of the node in the deployed cloud platform is not greater than the configuration of the node in the license information; verifying whether the serial number of the motherboard of the node in the deployed cloud platform is in the license information; Whether the current time in the deployed cloud platform is within the validity period of the license information; if the verification result is yes, it is determined that the deployed cloud platform runs within the scope of the license, otherwise Determining that the deployed cloud platform is not running within the scope of the license.
  • a third aspect of the embodiments of the present application provides an electronic device, including: a processor and a machine readable storage medium, the machine readable storage medium storing machine executable instructions executable by the processor, The steps of the cloud platform management method described in any of the above are implemented when the processor executes the machine executable instructions.
  • a fourth aspect of the embodiments of the present application provides a computer readable storage medium, where the computer readable storage medium stores a computer program, and when the computer program is executed by a processor, implementing the cloud of any of the foregoing The steps of the platform management method.
  • a fifth aspect of the embodiments of the present application provides a computer program product comprising instructions, when executed on a computer, causing a computer to perform the steps of any of the cloud platform management methods described above.
  • the cloud platform management method, the device, the electronic device, and the readable storage medium provided by the embodiment of the present application determine the license information for the user, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type;
  • the license information is digitally signed, and the license file is generated according to the obtained signature information and the license information; when the user's cloud platform is deployed, the license file is added to the user's cloud platform, and the license information is deployed according to the license information.
  • the nodes in the user's cloud platform get the deployed cloud platform.
  • the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
  • implementing any of the products or methods of the present application does not necessarily require that all of the advantages described above be achieved at the same time.
  • FIG. 1 is a flowchart of a cloud platform management method according to an embodiment of the present application
  • FIG. 2 is another flowchart of a cloud platform management method according to an embodiment of the present application.
  • FIG. 3 is a flowchart of a method for deploying a cloud platform node according to an embodiment of the present application
  • FIG. 4 is still another flowchart of a cloud platform management method according to an embodiment of the present application.
  • FIG. 5 is a structural diagram of a cloud platform management apparatus according to an embodiment of the present application.
  • FIG. 6 is another structural diagram of a cloud platform management apparatus according to an embodiment of the present application.
  • FIG. 7 is still another structural diagram of a cloud platform management apparatus according to an embodiment of the present application.
  • FIG. 8 is a structural diagram of an electronic device according to an embodiment of the present application.
  • the deployment tool and the cloud platform of the cloud platform are separated, and the deployment tool may be a server or a virtual machine independent of the cloud platform, and an independent deployment tool acquires the number of nodes in the cloud platform.
  • Information such as node configuration and component type requires authentication and other operations, which is complicated to implement and causes the deployment system to be too heavy.
  • the deployment tool can only obtain a single piece of information, such as the number of nodes. Therefore, the cloud platform license management function is single.
  • the deployment tool can only deploy the cloud platform. After the cloud platform is deployed, the cloud platform cannot be verified. Legitimacy.
  • the embodiment of the present application provides a cloud platform management method, device, electronic device, and readable storage medium, which can perform copyright control, scale control, and use period control on a cloud platform, according to a user's use of the cloud platform. It is expected that a variety of licensing methods may be provided, and the licensing method may be a single one or a combination of multiple authorization methods. At the same time, the corresponding license information is generated, and the cloud platform is deployed according to the license information, and the basic functions and extended functions of the cloud platform are provided.
  • the cloud platform deployment tool of the embodiment of the present application is integrated in the cloud platform, and can communicate with components in the cloud platform, so that the component information can be conveniently obtained, because components in the cloud platform need to be activated through the license, and The deployment tool can be combined with the license to control the components, so that the cloud platform can be deployed more conveniently and efficiently. After the cloud platform is deployed, the legality of the cloud platform can be verified.
  • the execution body of the cloud platform management method provided by the embodiment of the present application may be a server in the cloud platform.
  • the cloud platform management method provided by the embodiment of the present application is first introduced in detail.
  • FIG. 1 is a flowchart of a cloud platform management method according to an embodiment of the present application, including the following steps:
  • S101 Determine license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type.
  • the license information for the user is determined according to the user's use requirement of the node in the cloud platform.
  • the cloud platform management in the embodiment of the present application includes three phases: a license file preparation phase, a node deployment phase, and a cloud platform use phase. This step belongs to the license file preparation phase.
  • the nodes in the cloud platform refer to servers. According to different roles of the nodes in the cloud platform, the nodes can be divided into: computing nodes, storage nodes, network nodes, and the like. The number of nodes is also the number of nodes.
  • the node configuration may include: a number of CPUs (Central Processing Units), a memory capacity, and the like, which are not limited in this embodiment of the present application. For different users, the usage requirements of the cloud platform may be different.
  • the usage requirement of the cloud platform by the A user is mainly a storage function
  • the usage requirement of the cloud user by the B user is a computing function
  • the use of the cloud platform by the C user is used.
  • the requirements are storage functions and calculation functions. Therefore, in the embodiment of the present application, the license information for different users may be different, wherein the license information may be used to indicate resources that the user is authorized to use, and related information of the resources, exemplary, license The contents carried in the information can be seen in Table 1.
  • the license_name is the name of the license, for example, the game
  • the sale_type is the license support method, including: the number of nodes (for example, the number of compute nodes, the number of network nodes, the number of storage nodes), The configuration of the node (for example, the number of CPUs of the node, the memory capacity, and the storage type supported by the cloud platform, and the like), and the types of components authorized in the nodes (Neutron, Nova, Cinder, etc.), etc. Provides basic Openstack functionality (computing, networking, storage, and authentication) components as well as extended Openstack features.
  • the sale_info is the opening or closing status of the corresponding license mode, that is, whether to authorize the number of nodes, whether to configure the license for the node, etc.; date is the expiration date that each node and each component in the cloud platform can use.
  • the license information can be input by the relevant personnel.
  • the server that executes the main body is the cloud platform.
  • the background personnel can input the license information locally at the server, or the user can input the license information at the user terminal.
  • the user terminal sends it to the server.
  • the license information may also be determined according to the user's usage requirements of the nodes in the cloud platform.
  • the user requirements may include functions (such as storage functions and computing functions) that the user needs to provide the cloud platform, and the amount of resources that need to be occupied (such as the need to occupy 3) Computing nodes, 1 storage node), etc. It can also include technical solutions that users need to implement with the cloud platform.
  • the user can fill in the user requirements list and send it to the server.
  • the server analyzes the user's needs and obtains the license information. For example, the user can fill in the demand list when registering.
  • the user needs to implement some intelligent analysis algorithm by means of the cloud platform. After the background personnel analyzes the algorithm complexity of the intelligent analysis algorithm, it is determined that the implementation of the intelligent analysis algorithm requires five computing nodes and two storage nodes, and then it is determined.
  • the obtained license information may indicate that the user is authorized to use 5 compute nodes and 2 storage nodes in the cloud platform.
  • S102 Digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information.
  • the license information may be digitally signed to obtain signature information corresponding to the license information.
  • Digital signature is an encryption method that guarantees the integrity of information transmission, enables the receiver to authenticate the sender, and prevents the repudiation in the transaction.
  • the public key and the private key in the digital signature process may be pre-set asymmetric key pairs.
  • the message digest (Message-Digest) of the license information may be extracted by using a preset hash algorithm (such as the secure hash algorithm SHA), and the information digest is encrypted by using the private key to obtain the license information.
  • the signature information is combined with the obtained signature information and the license information to obtain a license file.
  • the receiver After receiving the license file, the receiver can decrypt the signature information in the license file by using the public key, and extract the information digest of the license information according to the same hash algorithm, and the decrypted information and the extracted information. For comparison, if the decrypted information is the same as the extracted information digest, it can be determined that the license information has not been tampered with; if the decrypted information is different from the extracted digest, it can be determined that the license information has been tampered with.
  • the step belongs to the node deployment phase, and after the license file is generated, the cloud platform can be deployed.
  • the license file is added to the user's cloud platform.
  • the license file is added to the database of the cloud platform.
  • the license file includes: signature information and license information, so the cloud can be deployed according to the license information.
  • the nodes in the platform For example, the authorization for the number of nodes in the license information is: deploying 3 storage nodes and 2 compute nodes.
  • the authorization for configuring the node in the license information is: the number of deployed CPUs is 10, then, in the right When the cloud platform is deployed, the cloud platform can be deployed according to the license information, and the deployed cloud platform can be obtained.
  • the cloud platform management method determines the license information for the user, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type; digitally signing the license information, according to the The signature information and the license information generate a license file; when the user's cloud platform is deployed, the license file is added to the user's cloud platform, and the nodes in the user's cloud platform are deployed according to the license information, and deployed. After the cloud platform.
  • the embodiment of the present application can perform combined authorization on the number of nodes in the cloud platform, the node configuration, and the component types in the node, thereby performing flexible authorization and license management on the cloud platform, and digitally signing the license information to ensure the license information. Not easy to be tampered with.
  • FIG. 2 is another flowchart of a cloud platform management method according to an embodiment of the present application, including the following steps:
  • S201 Determine, according to the usage requirement of the user in the cloud platform, the license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type.
  • S202 Digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information.
  • the digital signature technique encrypts the initial information with the sender's private key and transmits the obtained encrypted information together with the initial information to the recipient.
  • the receiver can decrypt the encrypted initial information only by using the sender's public key, decrypt the encrypted initial information through the public key, and compare the obtained decrypted information with the initial information. If they are the same, the received initial information is received. It is complete and has not been modified during transmission. Otherwise, the initial information has been modified, so the digital signature can verify the integrity of the information.
  • Digital signature is the process of encryption
  • digital signature verification is the process of decryption.
  • the license file may be obtained by using the public key.
  • the signature information in the decryption is decrypted, and the obtained decryption information is compared with the license information. If the information is the same, it indicates that the license information has not been tampered with. Therefore, the integrity of the license information on the cloud platform is ensured by means of public and private keys, so that the license information is not easily falsified. Then, after the verification is passed, the signature information and the license information can be stored in the user's cloud platform.
  • S201 and S202 are the same as S101 and S102 in the embodiment of FIG. 1, respectively, the steps in S204 and S103 are the same, and all implementations of S101, S102, and S103 are applicable to FIG. 2, and all of the same or similar beneficial effects can be achieved. , will not repeat them here.
  • the cloud platform management method determines the license information for the user according to the user's use requirement of the node in the cloud platform, where the license information includes: the number of nodes, the node configuration, the node use period, and the component type.
  • the embodiment of the present application can perform combined authorization for the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like, thereby performing flexible authorization and license management on the cloud platform.
  • the license information is not easily tampering.
  • the S203 and S204 in the foregoing embodiment of FIG. 2 are the node deployment stage.
  • the flowchart of the node deployment method in the cloud platform in the embodiment of the present application can be seen in FIG. 3, including the following steps:
  • the license file may be generated according to the user's use requirements of the cloud platform. After the license file is obtained, the license file may be provided to the user, so that the user can use the license file according to the license file.
  • the platform is deployed, and of course, the administrator can deploy the cloud platform. When deploying a cloud platform, you first need to add the license file to the cloud platform.
  • the license file includes: signature information and license information.
  • the signature information can be verified, that is, the integrity of the license information is verified, and the license information is determined.
  • the method of verifying the signature information may be: verifying whether the signature information and the license information in the license file correspond to each other. For details, refer to S203 in the embodiment of FIG. 2, and details are not described herein again.
  • the license information also includes an expiration date, which is the expiration date of the cloud platform. When verifying the signature information, the expiration date in the license information may also be verified. If the current time is within the valid period, the verification is successful.
  • the license information is usable; if the current time is not within the validity period, it indicates that the verification fails, and the license information is not available, and the process proceeds to S307, and the process ends.
  • S303 Store signature information and license information.
  • the signature information and the license information are stored in the cloud platform, that is, the database of the cloud platform, so that the cloud platform can be deployed according to the license information.
  • the signature information and the expiration date of each node may be verified.
  • the verification method is the same as that of S302, and details are not described herein. Through the verification of this step, it can be guaranteed that the deployed cloud platform can be used.
  • the license file is added to the cloud platform, and the signature information and the expiration date are verified. After the verification succeeds, the signature information is stored and The license information is used to deploy the node according to the license information. After the node is deployed, the signature information and the validity period of each node can be verified. After the verification succeeds, the cloud platform is successfully deployed.
  • the embodiment of the present application verifies the signature information of the digitally signed license information, and ensures the integrity of the license information on the cloud platform, so that the license information is not easily falsified.
  • FIG. 4 is still another flowchart of a cloud platform management method according to an embodiment of the present application, including the following steps:
  • S401 Determine, according to a user usage requirement of a node in the cloud platform, the license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type.
  • S402. Digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information.
  • the license file is added to the user's cloud platform, and the nodes in the user's cloud platform are deployed according to the license information, and the deployed cloud platform is obtained.
  • the license information can be stored in the cloud platform, after the cloud platform is deployed, the license information can also be viewed and updated. If the user needs to extend the deployed cloud platform, the user sends an operation instruction for expanding the node in the deployed cloud platform, and after receiving the operation instruction, the cloud platform adds the node to be extended to the authorization information. Information, get updated license information.
  • the embodiment of the present application may further extend components in the node, and may also delete nodes in the cloud platform, delete components in the node, and the like, and expand the node as an example for description.
  • the updated license information is digitally signed, and an updated license file is generated according to the obtained updated signature information and the updated license information.
  • the method in this step is the same as the method in the embodiment S102 of FIG. 1, and details are not described herein again.
  • This step differs from S102 in that the license information in this step is updated license information as compared with the license information in S102.
  • the deployed node may be installed on the deployed cloud platform according to the updated license file. For example, if two storage nodes need to be added to the license information in the updated license file, this step adds two storage nodes based on the deployed cloud platform obtained in S403.
  • S401, S402, and S403 are the same as S101, S102, and S103 in the embodiment of FIG. 1, all implementations of S101, S102, and S103 are applicable to FIG. 4, and all of the same or similar beneficial effects can be achieved. Let me repeat.
  • the cloud platform management method provided by the embodiment of the present application, after obtaining the deployed cloud platform, if receiving an operation instruction for expanding a node in the deployed cloud platform, adding the information to be extended to the license information, Updated license information; digitally sign the updated license information, generate an updated license file according to the obtained updated signature information and updated license information; and perform the deployed cloud platform according to the updated license file Expansion node installation.
  • the embodiment of the present application can also update the license information according to the user's need for the cloud platform extension, and then update the signature information and the license file corresponding to the license information, thereby flexibly expanding the cloud platform.
  • determining the license information for the user according to the usage requirement of the node in the cloud platform by the user may include:
  • the license for the number of nodes in the license information is turned on or off.
  • the requirement of using the node includes the requirement of the term of use of the node, it is determined whether the license for the use term of the node in the license information is turned on or off.
  • the number of nodes, the node configuration, the node usage period, the component type, and the like may be combined and authorized, that is, the number of nodes, the node configuration, the node usage period, the component type, and the like may be applied to the application.
  • the boil type variable can be used to indicate the on or off status of the license. For example, if the number of nodes is authorized, the value of the Boolean variable corresponding to the number of nodes can be set to TRUE. Otherwise, You can set the value of a Boolean variable corresponding to the number of nodes to FALSE.
  • the number of nodes, the node configuration, the node usage period, the component type, and the like may be set to be turned on or off, and multiple authorization modes are obtained, and the cloud is obtained through multiple authorization modes.
  • the platform is managed so that the cloud platform can be flexibly licensed and managed.
  • the nodes in the cloud platform of the user are deployed according to the license information, including:
  • the number of nodes to be added and the node configuration are obtained, and it is determined whether the sum of the number of nodes that have added nodes in the cloud platform and the number of nodes to be added is not greater than the number of nodes in the license information. And the total configuration of the node configuration of the added node in the cloud platform and the node configuration of the node to be added is not greater than the node configuration in the license information; when the judgment result is yes, the node to be added is added.
  • the cloud platform may be deployed according to the license information.
  • the cluster information information of all nodes
  • the cloud platform needs to be checked according to the license information.
  • you need to obtain information about the node to be added number of nodes, node configuration, component type in the node, etc.
  • the number of nodes to be added is equal to the number of nodes in the cloud platform.
  • the node configuration includes: the number of CPUs and the size of the memory.
  • the signature information and the expiration date are first verified when the node is added.
  • the number of CPUs in the license information is read, and then the number of CPUs of the node to be added is obtained, and finally the number of CPUs is added to the number of CPUs in the cloud platform cluster, and the license is authorized.
  • the number of CPUs in the information is compared. If the number of CPUs after the addition is less than or equal to the number of CPUs in the license information, that is, if the node to be added can be successfully deployed, the node to be added is added.
  • the cloud platform can be deployed through the license information, which can prevent the user from deploying the cloud platform beyond the scope of the license information license.
  • the method further includes:
  • the service in the cloud platform may be authenticated.
  • the keystone is a component in the cloud platform.
  • For identity authentication Create a Token (temporary token in authentication).
  • the token is created, the signature information and the expiration date are read from the nova database, the signature information is verified, and the expiration date is valid.
  • a token is created for the keystone.
  • the signature information and the expiration date in the license file in the deployed cloud platform are verified.
  • the signature information is decrypted, whether the decrypted information and the license information are verified are the same, and the license information is prevented from being tampered with.
  • the distributed cloud platform can be periodically authenticated and authenticated to determine whether the deployed cloud platform is running under the license.
  • nova-compute (a service for computing in the nova component) collects the CPU and memory of the nodes in the cloud platform, and nova-conductor (the service for database interaction in the nova component) is responsible for integrating the CPU and memory of the entire cloud platform. Then, the license information in the cloud platform database is read, and after the signature information is verified, the node configuration is verified. The nova-conductor can also obtain the number of computing, network, and storage nodes of the cloud platform, and then read the license information in the cloud platform database, and verify the signature, and then verify the number of nodes. In the embodiment of the present application, the serial number of the physical node of the Openstack cloud platform may also be verified according to the license information.
  • the motherboard serial number of the node is obtained by nova-compute (the service used for computing in the nova component), and then obtained by nova-conductor (the service for database interaction in the nova component). And verify the license information; for a separate storage node, the storage daemon obtains the serial number of the node of the node, and then completes the verification; for a separate network node, the network daemon (such as neutron-openvswitch-agent) completes the verification of the serial number of the motherboard .
  • nova-compute the service used for computing in the nova component
  • nova-conductor the service for database interaction in the nova component
  • FIG. 5 is a structural diagram of a cloud platform management apparatus according to an embodiment of the present application, including:
  • the license information obtaining module 501 is configured to determine the license information for the user, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type; specifically, according to the user's use requirements for the nodes in the cloud platform. , determining license information for the user;
  • the license file generating module 502 is configured to digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information;
  • the cloud platform deployment module 503 is configured to add the license file to the user's cloud platform when deploying the user's cloud platform, deploy the node in the user's cloud platform according to the license information, and obtain the deployed cloud platform. .
  • the cloud platform management device determines the license information for the user according to the user's use requirement of the node in the cloud platform, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type. Digitally signing the license information, and generating a license file according to the obtained signature information and the license information; when deploying the user's cloud platform, adding the license file to the user's cloud platform, according to the license information, Deploy the nodes in the user's cloud platform and get the deployed cloud platform.
  • the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
  • the device in the embodiment of the present application is a device that applies the foregoing cloud platform management method, and all embodiments of the cloud platform management method are applicable to the device, and all of the same or similar beneficial effects can be achieved.
  • FIG. 6 is another structural diagram of a cloud platform management apparatus according to an embodiment of the present application, including:
  • the license information obtaining module 601 is configured to determine the license information for the user, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type; specifically, according to the user's use requirements for the nodes in the cloud platform. , determining license information for the user;
  • the license file generating module 602 is configured to digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information;
  • the signature information verification module 603 is configured to verify whether the signature information and the license permission information in the license file correspond to each other;
  • the information storage module 604 is configured to: if the signature information verification module passes the verification, store the signature information and the license information in the cloud platform of the user;
  • the cloud platform deployment module 605 is configured to add the license file to the user's cloud platform when deploying the user's cloud platform, deploy the node in the user's cloud platform according to the license information, and obtain the deployed cloud platform. .
  • the cloud platform management device determines the license information for the user according to the user's use requirement of the node in the cloud platform, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type.
  • the embodiment of the present application can perform combined authorization for the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like, thereby performing flexible authorization and license management on the cloud platform.
  • the license information is not easily tampering.
  • FIG. 7 is still another structural diagram of a cloud platform management apparatus according to an embodiment of the present application, including:
  • the license information obtaining module 701 is configured to determine the license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type;
  • the license file generating module 702 is configured to digitally sign the license information, and generate an authorization license file according to the obtained signature information and the license information;
  • the cloud platform deployment module 703 is configured to add the license file to the user's cloud platform when deploying the user's cloud platform, deploy the node in the user's cloud platform according to the license information, and obtain the deployed cloud platform. ;
  • the license information update module 704 is configured to: if the operation instruction for expanding the node in the deployed cloud platform is received, add the node information to be extended to the license information to obtain the updated license information;
  • the license file update module 705 is configured to digitally sign the updated license information, and generate an updated license file according to the obtained updated signature information and the updated license information;
  • the extended node installation module 706 is configured to perform an installation of the extended node on the deployed cloud platform according to the updated license file.
  • the cloud platform management apparatus provided by the embodiment of the present application, after receiving the deployed cloud platform, adds an operation instruction for expanding a node in the deployed cloud platform, and adds information to be extended to the license information, and obtains Updated license information; digitally sign the updated license information, generate an updated license file according to the obtained updated signature information and updated license information; and perform the deployed cloud platform according to the updated license file Expansion node installation.
  • the embodiment of the present application can also update the license information according to the user's use requirements for the cloud platform extension, thereby flexibly expanding the cloud platform.
  • the license information obtaining module is specifically configured to determine the license information for the user according to the user's use requirements of the nodes in the cloud platform.
  • the license information obtaining module is specifically configured to determine whether the license for the number of nodes in the license information is turned on or off according to whether the requirement of the number of nodes is included in the use requirement; Whether the requirements of the node configuration are included in the requirement, determining whether the license for configuring the node in the license information is turned on or off; determining whether the license period is authorized in the license information according to whether the requirement of using the node includes the use term of the node.
  • the license is turned on or off; depending on whether the requirements for the component type are included in the usage requirements, it is determined whether the license type for the component type in the license information is turned on or off.
  • the cloud platform deployment module is specifically configured to: when adding a node, obtain the number of nodes and node configurations of the node to be added, and determine the number of nodes that have added nodes in the cloud platform and nodes to be added. Whether the sum of the number of nodes is not greater than the number of nodes in the license information, and whether the node configuration of the added node of the cloud platform and the total configuration of the node configuration of the node to be added are not greater than the node configuration in the license information; When the judgment result is yes, add the node to be added.
  • the cloud platform management apparatus further includes:
  • the first verification module is configured to verify signature information and an expiration date in the license file in the deployed cloud platform
  • the second verification module is configured to perform periodic authorization verification on the deployed cloud platform when the first verification module is successfully verified, and determine whether the deployed cloud platform runs within the scope of the license.
  • the second verification module is specifically configured to verify whether the number of nodes in the deployed cloud platform is not greater than the number of nodes in the license information; and verify the configuration of the nodes in the deployed cloud platform. Whether it is not greater than the configuration of the node in the license information; verify whether the motherboard serial number of the node in the deployed cloud platform is in the license information; verify whether the current time in the deployed cloud platform is within the validity period of the license information. If the above verification result is yes, it is determined that the deployed cloud platform runs within the scope of the license. Otherwise, it is determined that the deployed cloud platform does not run within the scope of the license.
  • FIG. 8 is a structural diagram of an electronic device according to an embodiment of the present application, including: a processor 801 and a machine readable storage medium 802.
  • the machine readable storage medium 802 stores There are machine executable instructions executable by the processor 801 that, when executed by the processor 801, implement the steps of any of the cloud platform management methods described above.
  • the processor 801 may be a general-purpose processor, including: a CPU, an NP (Network Processor), or the like; or a DSP (Digital Signal Processing) or an ASIC (Application Specific Integrated Circuit). , FPGA (Field-Programmable Gate Array) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
  • NP Network Processor
  • DSP Digital Signal Processing
  • ASIC Application Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • other programmable logic devices discrete gate or transistor logic devices, discrete hardware components.
  • the machine-readable storage medium 802 may include a RAM (Random Access Memory), and may also include a non-volatile memory, such as at least one disk storage. Alternatively, the machine readable storage medium 802 can also be at least one storage device located remotely from the processor 801.
  • RAM Random Access Memory
  • non-volatile memory such as at least one disk storage.
  • the machine readable storage medium 802 can also be at least one storage device located remotely from the processor 801.
  • the processor executes the machine executable instructions stored on the machine readable storage medium, so that the license for the user can be determined according to the user's use requirements of the nodes in the cloud platform.
  • Information wherein the license information includes: a number of nodes, a node configuration, a node usage period, and a component type; digitally signing the license information, generating an authorization license file according to the obtained signature information and the license information;
  • the platform is deployed, the license file is added to the user's cloud platform, and the nodes in the user's cloud platform are deployed according to the license information, and the deployed cloud platform is obtained.
  • the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
  • the embodiment of the present application further provides a computer readable storage medium.
  • the computer readable storage medium stores a computer program.
  • the steps of the cloud platform management method in the foregoing embodiment are implemented.
  • the license information for the user is determined according to the user's use requirement of the node in the cloud platform, wherein the license information includes : number of nodes, node configuration, node lifetime, and component type; digitally sign the license information, generate a license file based on the obtained signature information and license information; and license the user when deploying the cloud platform
  • the file is added to the user's cloud platform, and the nodes in the user's cloud platform are deployed according to the license information, and the deployed cloud platform is obtained.
  • the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
  • the embodiment of the present application further provides a computer program product comprising instructions, when executed on a computer, causing the computer to perform the steps of any of the above cloud platform management methods.
  • the computer program product of the embodiment of the present application when it is running on a computer, determines the license information for the user according to the user's use requirement of the node in the cloud platform, wherein the license information includes: the number of nodes, the node configuration, The term of use of the node and the type of the component; digitally sign the license information, generate a license file based on the obtained signature information and the license information; add the license file to the user's cloud platform when deploying the user's cloud platform According to the license information, deploy the nodes in the user's cloud platform to obtain the deployed cloud platform.
  • the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
  • the number of nodes in the cloud platform, the node configuration, the component types in the nodes, and the like may be combined and authorized, thereby performing flexible authorization and license management on the cloud platform; Digital signatures ensure that license information is not easily tampered with.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Provided are a cloud platform management method and apparatus, an electronic device and a readable storage medium, which are applied to the technical field of cloud computing. The method comprises: determining authorization information for a user, wherein the authorization information comprises: the number of nodes, a node configuration, a service life of a node and a component type; digitally signing the authorization information, and generating an authorization file according to obtained signature information and the authorization information; and when a cloud platform of the user is deployed, adding the authorization file to the cloud platform of the user, and deploying, according to the authorization information, a node in the cloud platform of the user to obtain the deployed cloud platform. Compared with the prior art, in the embodiments of the present application, by means of configuring one or more of the number of nodes, a node configuration and the type of a component in a node, a cloud platform is authorized in a combined manner, thus improving the flexibility of an authorization generation method.

Description

一种云平台管理方法、装置、电子设备及可读存储介质Cloud platform management method, device, electronic device and readable storage medium
本申请要求于2017年12月5日提交中国专利局、申请号为201711269676.0发明名称为“一种云平台管理方法、装置、电子设备及可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese Patent Application entitled "A Cloud Platform Management Method, Apparatus, Electronic Device, and Readable Storage Medium" by the Chinese Patent Office on December 5, 2017, and the application number is 201711269676.0. The content is incorporated herein by reference.
技术领域Technical field
本申请涉及云计算技术领域,特别是涉及一种云平台管理方法、装置、电子设备及可读存储介质。The present application relates to the field of cloud computing technologies, and in particular, to a cloud platform management method, apparatus, electronic device, and readable storage medium.
背景技术Background technique
Openstack是一个开源的云计算平台管理项目,它主要由Nova、Neutron、cinder等多个组件合作完成云平台的相关操作。OpenStack支持几乎所有类型的云环境,OpenStack的目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。OpenStack通过各种互补的服务提供了IaaS(Infrastructure as a Service,基础设施即服务)的解决方案。Openstack is an open source cloud computing platform management project. It mainly cooperates with various components such as Nova, Neutron and cinder to complete the related operations of the cloud platform. OpenStack supports almost all types of cloud environments. The goal of OpenStack is to provide a cloud computing management platform that is simple to implement, scalable, rich, and standardized. OpenStack provides IaaS (Infrastructure as a Service) solutions through a variety of complementary services.
云计算服务提供商可以为用户提供基于OpenStack的云平台服务,即,针对用户部署OpenStack云平台并授权用户使用该OpenStack云平台。目前,云计算服务提供商对于用户的OpenStack云平台的授权许可管理方案比较简单,通常只针对OpenStack节点进行单一方面的授权许可管理。但是随着Openstack云平台部署数量的逐渐增加,以及Openstack节点的角色和功能不断丰富,需要对用户的Openstack云平台进行灵活有效的授权许可管理。特别是在构建Openstack私有云时,需要一种授权许可管理方案来控制集群的数量和集群的功能。The cloud computing service provider can provide users with OpenStack-based cloud platform services, that is, deploy the OpenStack cloud platform for users and authorize users to use the OpenStack cloud platform. At present, the cloud computing service provider has a simple license management scheme for the user's OpenStack cloud platform, and usually only performs single-party license management for the OpenStack node. However, with the increasing number of Openstack cloud platform deployments and the increasing role and functionality of Openstack nodes, flexible and effective license management for users' Openstack cloud platforms is required. Especially when building an Openstack private cloud, a license management scheme is needed to control the number of clusters and the functionality of the cluster.
发明内容Summary of the invention
本申请实施例的目的在于提供一种云平台管理方法、装置、电子设备及可读存储介质,以对云平台进行灵活授权许可管理。具体技术方案如下:An object of the embodiments of the present application is to provide a cloud platform management method, apparatus, electronic device, and readable storage medium for performing flexible license management on a cloud platform. The specific technical solutions are as follows:
本申请实施例的第一方面,提供了一种云平台管理方法,所述方法包括:确定针对所述用户的授权许可信息,其中,所述授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;对所述授权许可信息进行数字签名,根据得到的签名信息和所述授权许可信息生成授权许可文件;在对所述 用户的云平台进行部署时,将所述授权许可文件添加至所述用户的云平台中,根据所述授权许可信息,部署所述用户的云平台中的节点,得到部署后的云平台。A first aspect of the embodiments of the present application provides a cloud platform management method, where the method includes: determining authorization permission information for the user, where the authorization permission information includes: a number of nodes, a node configuration, and a node. a period of use and a component type; digitally signing the license information, generating an authorization file according to the obtained signature information and the license information; and when the cloud platform of the user is deployed, the license file is Adding to the cloud platform of the user, deploying nodes in the cloud platform of the user according to the license information, and obtaining the deployed cloud platform.
结合第一方面,在一种可能的实现方式中,所述确定针对用户的授权许可信息,包括:根据用户对云平台中节点的使用需求,确定针对所述用户的授权许可信息。With reference to the first aspect, in a possible implementation manner, the determining the license information for the user includes: determining the license information for the user according to the usage requirement of the user in the cloud platform.
结合第一方面,在一种可能的实现方式中,在所述根据所述授权许可信息,部署所述用户的云平台中的节点之前,所述方法还包括:验证所述授权许可文件中的所述签名信息和所述授权许可信息是否对应;若验证通过,将所述签名信息和所述授权许可信息存储至所述用户的云平台中。With reference to the first aspect, in a possible implementation, before the deploying the node in the cloud platform of the user according to the license permission information, the method further includes: verifying, in the license file, Whether the signature information and the authorization permission information correspond; if the verification is passed, the signature information and the authorization permission information are stored in the cloud platform of the user.
结合第一方面,在一种可能的实现方式中,所述根据用户对云平台中节点的使用需求,确定针对所述用户的授权许可信息,包括:根据所述使用需求中是否包括对节点个数的需求,确定所述授权许可信息中对节点个数的授权许可为开启或关闭;根据所述使用需求中是否包括对节点配置的需求,确定所述授权许可信息中对节点配置的授权许可为开启或关闭;根据所述使用需求中是否包括对节点使用期限的需求,确定所述授权许可信息中对节点使用期限的授权许可为开启或关闭;根据所述使用需求中是否包括对组件类型的需求,确定所述授权许可信息中对组件类型的授权许可为开启或关闭。With reference to the first aspect, in a possible implementation, the determining the license information for the user according to the usage requirement of the user in the cloud platform includes: determining whether the node is included according to the usage requirement Determining, in the request, determining whether the authorization for the number of nodes in the license information is on or off; determining whether to authorize the node configuration in the license information according to whether the requirement for the node configuration is included in the usage requirement For enabling or disabling; determining whether the license for the node usage period in the license information is turned on or off according to whether the usage requirement includes a requirement for a node usage period; whether the component type is included according to the usage requirement The requirement is to determine whether the license for the component type in the license information is turned on or off.
结合第一方面,在一种可能的实现方式中,所述根据所述授权许可信息,部署所述用户的云平台中的节点,包括:在添加节点时,获取待添加节点的节点个数和节点配置,并判断所述云平台中已添加节点的节点个数和所述待添加节点的节点个数之和是否不大于所述授权许可信息中的节点个数,且所述云平台中已添加节点的节点配置和所述待添加节点的节点配置的总配置是否不大于所述授权许可信息中的节点配置;在判断结果均为是时,添加所述待添加节点。With reference to the first aspect, in a possible implementation manner, the deploying, by the user, the node in the cloud platform of the user according to the license information, including: when adding a node, acquiring the number of nodes to be added a node configuration, and determining whether the sum of the number of nodes in the cloud platform and the number of nodes in the node to be added is not greater than the number of nodes in the license information, and the cloud platform has Whether the node configuration of the adding node and the total configuration of the node configuration of the node to be added are not greater than the node configuration in the license information; when the determination result is yes, the node to be added is added.
结合第一方面,在一种可能的实现方式中,在所述根据所述授权许可信息,部署所述用户的云平台中的节点,得到部署后的云平台之后,所述方法还包括:若接收到对所述部署后的云平台中的节点进行扩展的操作指令,向所述授权许可信息中添加待扩展节点信息,得到更新的授权许可信息;对所 述更新的授权许可信息进行数字签名,根据得到的更新的签名信息和所述更新的授权许可信息生成更新的授权许可文件;根据所述更新的授权许可文件,对所述部署后的云平台进行扩展节点的安装。With reference to the first aspect, in a possible implementation, after the deploying the cloud platform in the cloud platform of the user according to the license information, the method further includes: Receiving an operation instruction for expanding a node in the deployed cloud platform, adding node information to be extended to the authorization permission information, obtaining updated authorization permission information, and digitally signing the updated authorization permission information And generating an updated license file according to the obtained updated signature information and the updated license information; and installing the extended node on the deployed cloud platform according to the updated license file.
结合第一方面,在一种可能的实现方式中,在所述根据所述授权许可信息,部署所述用户的云平台中的节点,得到部署后的云平台之后,所述方法还包括:验证所述部署后的云平台中授权许可文件中的签名信息及有效期限;如果上述验证结果为成功,对所述部署后的云平台进行周期性授权许可验证,确定所述部署后的云平台是否运行在授权许可的范围内。With reference to the first aspect, in a possible implementation, after the node in the cloud platform of the user is deployed according to the authorization permission information, and the deployed cloud platform is obtained, the method further includes: verifying The signature information and the expiration date in the license file in the deployed cloud platform; if the verification result is successful, periodically verify the license on the deployed cloud platform, and determine whether the deployed cloud platform is It runs within the scope of the license.
结合第一方面,在一种可能的实现方式中,所述对所述部署后的云平台进行周期性授权许可验证,确定所述部署后的云平台是否运行在授权许可的范围内,包括:验证所述部署后的云平台中节点的个数是否不大于所述授权许可信息中节点的个数;验证所述部署后的云平台中节点的配置是否不大于所述授权许可信息中节点的配置;验证所述部署后的云平台中节点的主板序列号是否在所述授权许可信息中;验证所述部署后的云平台中的当前时间是否在所述授权许可信息中的有效期限之内;如果上述验证结果均为是,确定所述部署后的云平台运行在授权许可的范围内,否则,确定所述部署后的云平台没有运行在授权许可的范围内。With reference to the first aspect, in a possible implementation manner, the performing the periodic authorization certificate verification on the deployed cloud platform, determining whether the deployed cloud platform is running within the scope of the license, includes: Verifying whether the number of nodes in the deployed cloud platform is not greater than the number of nodes in the license information; and verifying whether the configuration of the nodes in the deployed cloud platform is not greater than the nodes in the license information. Configuring whether the motherboard serial number of the node in the deployed cloud platform is in the license information; verifying whether the current time in the deployed cloud platform is within the validity period of the license information If the verification result is yes, it is determined that the deployed cloud platform runs within the scope of the license, otherwise, it is determined that the deployed cloud platform does not run within the scope of the license.
本申请实施例的第二方面,提供了一种云平台管理装置,包括:授权许可信息获取模块,用于确定针对所述用户的授权许可信息,其中,所述授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;授权许可文件生成模块,用于对所述授权许可信息进行数字签名,根据得到的签名信息和所述授权许可信息生成授权许可文件;云平台部署模块,用于在对所述用户的云平台进行部署时,将所述授权许可文件添加至所述用户的云平台中,根据所述授权许可信息,部署所述用户的云平台中的节点,得到部署后的云平台。A second aspect of the embodiments of the present application provides a cloud platform management apparatus, including: an authorization permission information acquisition module, configured to determine authorization permission information for the user, where the authorization permission information includes: a number of nodes , a node configuration period, a node usage period, and a component type; a license file generating module, configured to digitally sign the license information, generate an authorization license file according to the obtained signature information and the license information; and a cloud platform deployment module, When the cloud platform of the user is deployed, the license file is added to the cloud platform of the user, and the node in the cloud platform of the user is deployed according to the license information, and deployed. After the cloud platform.
结合第二方面,在一种可能的实现方式中,所述授权许可确定模块,具体设置为根据用户对云平台节点的使用需求,确定针对所述用户的授权许可信息。With reference to the second aspect, in a possible implementation, the authorization determining module is specifically configured to determine authorization information for the user according to a user's usage requirement for the cloud platform node.
结合第二方面,在一种可能的实现方式中,本申请实施例的云平台管理 装置,还包括:签名信息验证模块,配置为验证所述授权许可文件中的所述签名信息和所述授权许可信息是否对应;信息存储模块,配置为若签名信息验证模块验证通过,将所述签名信息和所述授权许可信息存储至所述用户的云平台中。With reference to the second aspect, in a possible implementation, the cloud platform management apparatus of the embodiment of the present application further includes: a signature information verification module, configured to verify the signature information and the authorization in the license file Whether the license information corresponds to the information storage module is configured to store the signature information and the license permission information in the cloud platform of the user if the signature information verification module passes the verification.
结合第二方面,在一种可能的实现方式中,所述授权许可信息获取模块具体配置为,根据所述使用需求中是否包括对节点个数的需求,确定所述授权许可信息中对节点个数的授权许可为开启或关闭;根据所述使用需求中是否包括对节点配置的需求,确定所述授权许可信息中对节点配置的授权许可为开启或关闭;根据所述使用需求中是否包括对节点使用期限的需求,确定所述授权许可信息中对节点使用期限的授权许可为开启或关闭;根据所述使用需求中是否包括对组件类型的需求,确定所述授权许可信息中对组件类型的授权许可为开启或关闭。With reference to the second aspect, in a possible implementation manner, the license information obtaining module is specifically configured to determine, according to whether the requirement for the number of nodes is included in the usage requirement, determine a node in the license information. The number of licenses is turned on or off; determining whether the license configured for the node in the license information is turned on or off according to whether the requirement for the node is included in the usage requirement; whether the pair is included according to the usage requirement Determining the license period of the node in the license information to be turned on or off; determining whether the component type is in the license information according to whether the requirement for the component type is included in the use requirement The license is either on or off.
结合第二方面,在一种可能的实现方式中,所述云平台部署模块具体配置为,在添加节点时,获取待添加节点的节点个数和节点配置,并判断所述云平台中已添加节点的节点个数和所述待添加节点的节点个数之和是否不大于所述授权许可信息中的节点个数,且所述云平台中已添加节点的节点配置和所述待添加节点的节点配置的总配置是否不大于所述授权许可信息中的节点配置;在判断结果均为是时,添加所述待添加节点。With reference to the second aspect, in a possible implementation, the cloud platform deployment module is specifically configured to: when adding a node, obtain the number of nodes and node configurations of the node to be added, and determine that the cloud platform has been added. Whether the sum of the number of nodes of the node and the number of nodes of the node to be added is not greater than the number of nodes in the license information, and the node configuration of the node in the cloud platform and the node to be added Whether the total configuration of the node configuration is not greater than the node configuration in the license information; when the determination result is yes, the node to be added is added.
结合第二方面,在一种可能的实现方式中,本申请实施例的云平台管理装置,还包括:授权许可信息更新模块,配置为若接收到对所述部署后的云平台中的节点进行扩展的操作指令,向所述授权许可信息中添加待扩展节点信息,得到更新的授权许可信息;授权许可文件更新模块,配置为对所述更新的授权许可信息进行数字签名,根据得到的更新的签名信息和所述更新的授权许可信息生成更新的授权许可文件;扩展节点安装模块,配置为根据所述更新的授权许可文件,对所述部署后的云平台进行扩展节点的安装。With reference to the second aspect, in a possible implementation manner, the cloud platform management apparatus of the embodiment of the present application further includes: an authorization license information update module, configured to receive, if received, a node in the deployed cloud platform The extended operation instruction adds the node information to be extended to the license information to obtain updated license information; and the license file update module is configured to digitally sign the updated license information according to the obtained update The signature information and the updated license information generate an updated license file; the extended node installation module is configured to perform an installation of the extended node on the deployed cloud platform according to the updated license file.
结合第二方面,在一种可能的实现方式中,本申请实施例的云平台管理装置,还包括:第一验证模块,配置为验证所述部署后的云平台中授权许可文件中的签名信息及有效期限;第二验证模块,配置为在所述第一验证模块验证成功时,对所述部署后的云平台进行周期性授权许可验证,确定所述部 署后的云平台是否运行在授权许可的范围内。With reference to the second aspect, in a possible implementation manner, the cloud platform management apparatus of the embodiment of the present application further includes: a first verification module, configured to verify signature information in the license file in the deployed cloud platform And the expiration date; the second verification module is configured to perform periodic authorization verification on the deployed cloud platform when the first verification module is successfully verified, and determine whether the deployed cloud platform runs on the license. In the range.
结合第二方面,在一种可能的实现方式中,所述第二验证模块具体配置为,验证所述部署后的云平台中节点的个数是否不大于所述授权许可信息中节点的个数;验证所述部署后的云平台中节点的配置是否不大于所述授权许可信息中节点的配置;验证所述部署后的云平台中节点的主板序列号是否在所述授权许可信息中;验证所述部署后的云平台中的当前时间是否在所述授权许可信息中的有效期限之内;如果上述验证结果均为是,确定所述部署后的云平台运行在授权许可的范围内,否则,确定所述部署后的云平台没有运行在授权许可的范围内。With reference to the second aspect, in a possible implementation, the second verification module is configured to verify whether the number of nodes in the deployed cloud platform is not greater than the number of nodes in the license information. Verifying whether the configuration of the node in the deployed cloud platform is not greater than the configuration of the node in the license information; verifying whether the serial number of the motherboard of the node in the deployed cloud platform is in the license information; Whether the current time in the deployed cloud platform is within the validity period of the license information; if the verification result is yes, it is determined that the deployed cloud platform runs within the scope of the license, otherwise Determining that the deployed cloud platform is not running within the scope of the license.
本申请实施例的第三方面,提供了一种电子设备,包括:处理器和机器可读存储介质,所述机器可读存储介质存储有能够被所述处理器执行的机器可执行指令,所述处理器执行所述机器可执行指令时,实现上述任一所述的云平台管理方法的步骤。A third aspect of the embodiments of the present application provides an electronic device, including: a processor and a machine readable storage medium, the machine readable storage medium storing machine executable instructions executable by the processor, The steps of the cloud platform management method described in any of the above are implemented when the processor executes the machine executable instructions.
本申请实施例的第四方面,提供了一种计算机可读存储介质,所述计算机可读存储介质内存储有计算机程序,所述计算机程序被处理器执行时,实现上述任一所述的云平台管理方法的步骤。A fourth aspect of the embodiments of the present application provides a computer readable storage medium, where the computer readable storage medium stores a computer program, and when the computer program is executed by a processor, implementing the cloud of any of the foregoing The steps of the platform management method.
本申请实施例的第五方面,提供了一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机执行上述任一所述的云平台管理方法的步骤。A fifth aspect of the embodiments of the present application provides a computer program product comprising instructions, when executed on a computer, causing a computer to perform the steps of any of the cloud platform management methods described above.
本申请实施例提供的云平台管理方法、装置、电子设备及可读存储介质,确定针对用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件;在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。本申请实施例可以对云平台中的节点个数、节点配置、节点中的组件类型等进行组合授权,从而对云平台进行灵活授权许可管理;通过对授权许可信息进行数字签名,保证授权许可信息不容易被篡改。当然,实施本申请的任一产品或方法并不一定需要同时达到以上所述的所有优点。The cloud platform management method, the device, the electronic device, and the readable storage medium provided by the embodiment of the present application determine the license information for the user, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type; The license information is digitally signed, and the license file is generated according to the obtained signature information and the license information; when the user's cloud platform is deployed, the license file is added to the user's cloud platform, and the license information is deployed according to the license information. The nodes in the user's cloud platform get the deployed cloud platform. In the embodiment of the present application, the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with. Of course, implementing any of the products or methods of the present application does not necessarily require that all of the advantages described above be achieved at the same time.
附图说明DRAWINGS
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings to be used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present application, and other drawings can be obtained according to the drawings without any creative work for those skilled in the art.
图1为本申请实施例的云平台管理方法的一种流程图;FIG. 1 is a flowchart of a cloud platform management method according to an embodiment of the present application;
图2为本申请实施例的云平台管理方法的另一种流程图;2 is another flowchart of a cloud platform management method according to an embodiment of the present application;
图3为本申请实施例的云平台节点部署方法的流程图;3 is a flowchart of a method for deploying a cloud platform node according to an embodiment of the present application;
图4为本申请实施例的云平台管理方法的又一种流程图;FIG. 4 is still another flowchart of a cloud platform management method according to an embodiment of the present application;
图5为本申请实施例的云平台管理装置的一种结构图;FIG. 5 is a structural diagram of a cloud platform management apparatus according to an embodiment of the present application;
图6为本申请实施例的云平台管理装置的另一种结构图;FIG. 6 is another structural diagram of a cloud platform management apparatus according to an embodiment of the present application;
图7为本申请实施例的云平台管理装置的又一种结构图;FIG. 7 is still another structural diagram of a cloud platform management apparatus according to an embodiment of the present application;
图8为本申请实施例的电子设备的结构图。FIG. 8 is a structural diagram of an electronic device according to an embodiment of the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application are clearly and completely described in the following with reference to the drawings in the embodiments of the present application. It is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.
现有的云平台管理方法中,云平台的部署工具和云平台是分离的,部署工具可以是独立于云平台的服务器或者虚拟机等,独立的部署工具若要获取云平台中的节点个数、节点配置和组件类型等信息,需要进行认证等操作,实现起来比较复杂,造成部署系统过重。而且部署工具只能获取单一的信息,如节点个数,因此对云平台授权许可管理功能单一,另外,部署工具只能对云平台进行部署,在对云平台部署完成之后,不能校验云平台的合法性。为了解决该问题,本申请实施例提供了一种云平台管理方法、装置、电子设备及可读存储介质,能够对云平台进行版权控制、规模控制、使用期限控制, 根据用户对云平台的使用期望,提供多种授权许可方式,授权许可方式可以是单一的一种也可以是多种授权方式进行组合。同时生成相应的授权许可信息,根据授权许可信息对云平台进行部署,提供云平台的基本功能和扩展功能等。并且,本申请实施例的云平台部署工具集成在云平台中,可以与云平台中的组件进行通信,因此可以方便地获取组件的信息,由于云平台中的组件需要通过license来进行激活,而部署工具可以结合license对组件进行权限控制,从而可以更方便、高效地对云平台进行部署,在对云平台部署完成之后,还可以校验云平台的合法性。In the existing cloud platform management method, the deployment tool and the cloud platform of the cloud platform are separated, and the deployment tool may be a server or a virtual machine independent of the cloud platform, and an independent deployment tool acquires the number of nodes in the cloud platform. Information such as node configuration and component type requires authentication and other operations, which is complicated to implement and causes the deployment system to be too heavy. Moreover, the deployment tool can only obtain a single piece of information, such as the number of nodes. Therefore, the cloud platform license management function is single. In addition, the deployment tool can only deploy the cloud platform. After the cloud platform is deployed, the cloud platform cannot be verified. Legitimacy. In order to solve the problem, the embodiment of the present application provides a cloud platform management method, device, electronic device, and readable storage medium, which can perform copyright control, scale control, and use period control on a cloud platform, according to a user's use of the cloud platform. It is expected that a variety of licensing methods may be provided, and the licensing method may be a single one or a combination of multiple authorization methods. At the same time, the corresponding license information is generated, and the cloud platform is deployed according to the license information, and the basic functions and extended functions of the cloud platform are provided. Moreover, the cloud platform deployment tool of the embodiment of the present application is integrated in the cloud platform, and can communicate with components in the cloud platform, so that the component information can be conveniently obtained, because components in the cloud platform need to be activated through the license, and The deployment tool can be combined with the license to control the components, so that the cloud platform can be deployed more conveniently and efficiently. After the cloud platform is deployed, the legality of the cloud platform can be verified.
本申请实施例提供的云平台管理方法的执行主体可以为云平台中的服务器。The execution body of the cloud platform management method provided by the embodiment of the present application may be a server in the cloud platform.
下面首先对本申请实施例所提供的云平台管理方法进行详细介绍。The cloud platform management method provided by the embodiment of the present application is first introduced in detail.
参见图1,图1为本申请实施例的云平台管理方法的一种流程图,包括以下步骤:Referring to FIG. 1, FIG. 1 is a flowchart of a cloud platform management method according to an embodiment of the present application, including the following steps:
S101,确定针对该用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型。S101. Determine license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type.
示例性的,本步骤中,根据用户对云平台中节点的使用需求,确定针对该用户的授权许可信息。Exemplarily, in this step, the license information for the user is determined according to the user's use requirement of the node in the cloud platform.
本申请实施例中的云平台管理包括三个阶段:授权许可文件准备阶段、节点部署阶段以及云平台使用阶段,本步骤属于授权许可文件准备阶段。其中,云平台中的节点指的是服务器,根据节点在云平台中角色的不同,可以将节点分为:计算节点、存储节点、网络节点等。节点个数也就是节点的个数,节点配置可以包括:CPU(Central Processing Unit,中央处理器)个数、内存容量等,本申请实施例对此不作限制。对于不同的用户,对云平台的使用需求可能是不同的,例如,A用户对云平台的使用需求主要为存储功能,B用户对云平台的使用需求为计算功能,C用户对云平台的使用需求为存储功能和计算功能等。因此,在本申请实施例中,针对不同的用户的授权许可信息可以不同,其中授权许可信息可以用于指示该用户被授权许可使用的资源,以及这些资源的相关信息,示例性的,授权许可信息中所携带的内容可以参 见表一。The cloud platform management in the embodiment of the present application includes three phases: a license file preparation phase, a node deployment phase, and a cloud platform use phase. This step belongs to the license file preparation phase. The nodes in the cloud platform refer to servers. According to different roles of the nodes in the cloud platform, the nodes can be divided into: computing nodes, storage nodes, network nodes, and the like. The number of nodes is also the number of nodes. The node configuration may include: a number of CPUs (Central Processing Units), a memory capacity, and the like, which are not limited in this embodiment of the present application. For different users, the usage requirements of the cloud platform may be different. For example, the usage requirement of the cloud platform by the A user is mainly a storage function, the usage requirement of the cloud user by the B user is a computing function, and the use of the cloud platform by the C user is used. The requirements are storage functions and calculation functions. Therefore, in the embodiment of the present application, the license information for different users may be different, wherein the license information may be used to indicate resources that the user is authorized to use, and related information of the resources, exemplary, license The contents carried in the information can be seen in Table 1.
表一Table I
变量variable 类型Types of 名称name
license_nameLicense_name stringString 信息名称Information name
sale_typeSale_type dictDict 授权许可方式Licensing method
sale_infoSale_info dictDict 授权许可内容Licensed content
DateDate stringString 有效期限Validity period
其中,license_name为授权许可的名称,例如:游戏;sale_type为授权许可支持的方式,包括:节点个数(例如,可以包括计算节点的个数、网络节点的个数、存储节点的个数)、节点配置(例如,可以包括节点的CPU个数、内存容量和云平台支持的存储类型等)以及各节点中授权的组件类型(Neutron、Nova、Cinder等)等;本申请实施例中,云平台提供基础的Openstack功能(计算功能、网络功能、存储功能和身份验证功能等)组件以及扩展的Openstack功能组件。sale_info为对应授权许可方式的开启或关闭状态,也就是说,是否对节点个数授权许可、是否对节点配置授权许可等;date为云平台中各节点、各组件可以使用的有效期限。The license_name is the name of the license, for example, the game; the sale_type is the license support method, including: the number of nodes (for example, the number of compute nodes, the number of network nodes, the number of storage nodes), The configuration of the node (for example, the number of CPUs of the node, the memory capacity, and the storage type supported by the cloud platform, and the like), and the types of components authorized in the nodes (Neutron, Nova, Cinder, etc.), etc. Provides basic Openstack functionality (computing, networking, storage, and authentication) components as well as extended Openstack features. The sale_info is the opening or closing status of the corresponding license mode, that is, whether to authorize the number of nodes, whether to configure the license for the node, etc.; date is the expiration date that each node and each component in the cloud platform can use.
授权许可信息可以相关人员输入的,示例性的,以执行主体为云平台的服务器为例,可以是后台人员在服务器本地输入授权许可信息,也可以是用户在用户终端输入授权许可信息,并由用户终端发送至服务器的。授权许可信息也可以是根据用户对云平台中节点的使用需求确定得到的,用户需求可以包括用户需要云平台提供的功能(如存储功能、计算功能)、需要占用的资源数量(如需要占用3个计算节点、1个存储节点)等。也可以包括用户需要借助云平台实现的技术方案。用户可以通过填写用户需求清单并发送至服务器,服务器分析用户的需求进而得到授权许可信息,举例而言,用户可以在注册时填写需求清单。The license information can be input by the relevant personnel. For example, the server that executes the main body is the cloud platform. For example, the background personnel can input the license information locally at the server, or the user can input the license information at the user terminal. The user terminal sends it to the server. The license information may also be determined according to the user's usage requirements of the nodes in the cloud platform. The user requirements may include functions (such as storage functions and computing functions) that the user needs to provide the cloud platform, and the amount of resources that need to be occupied (such as the need to occupy 3) Computing nodes, 1 storage node), etc. It can also include technical solutions that users need to implement with the cloud platform. The user can fill in the user requirements list and send it to the server. The server analyzes the user's needs and obtains the license information. For example, the user can fill in the demand list when registering.
示例性的,用户需要借助云平台实现某种智能分析算法,经过后台人员对该智能分析算法的算法复杂度的分析,确定实现该智能分析算法需要5个计算节点和2个存储节点,则确定得到的授权许可信息可以指示该用户被授权许可使用云平台中的5个计算节点和2个存储节点。Exemplarily, the user needs to implement some intelligent analysis algorithm by means of the cloud platform. After the background personnel analyzes the algorithm complexity of the intelligent analysis algorithm, it is determined that the implementation of the intelligent analysis algorithm requires five computing nodes and two storage nodes, and then it is determined. The obtained license information may indicate that the user is authorized to use 5 compute nodes and 2 storage nodes in the cloud platform.
S102,对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件。S102. Digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information.
本申请实施例中,在得到授权许可信息之后,可以对授权许可信息进行数字签名,得到授权许可信息对应的签名信息。数字签名是一种加密方法,可以保证信息传输的完整性、使得接收方能够对发送方进行身份认证、防止交易中的抵赖发生。数字签名过程中的公钥和私钥可以是预先设置的非对称密钥对。本申请实施例中,可以利用预设的哈希算法(如安全哈希算法SHA)提取授权许可信息的信息摘要(Message-Digest),并利用私钥对信息摘要进行加密,得到授权许可信息的签名信息,将得到的签名信息和授权许可信息进行组合,即可得到授权许可文件。接收方在接收到授权许可文件之后,可以通过公钥对授权许可文件中的签名信息进行解密,并按照相同的哈希算法提取授权许可信息的信息摘要,将解密得到的信息与提取到的信息摘要进行对比,如果解密得到的信息与提取到的信息摘要相同,可以确定授权许可信息没有被篡改;如果解密得到的信息与提取到的信息摘要不同,可以确定授权许可信息已被篡改。In the embodiment of the present application, after obtaining the license information, the license information may be digitally signed to obtain signature information corresponding to the license information. Digital signature is an encryption method that guarantees the integrity of information transmission, enables the receiver to authenticate the sender, and prevents the repudiation in the transaction. The public key and the private key in the digital signature process may be pre-set asymmetric key pairs. In the embodiment of the present application, the message digest (Message-Digest) of the license information may be extracted by using a preset hash algorithm (such as the secure hash algorithm SHA), and the information digest is encrypted by using the private key to obtain the license information. The signature information is combined with the obtained signature information and the license information to obtain a license file. After receiving the license file, the receiver can decrypt the signature information in the license file by using the public key, and extract the information digest of the license information according to the same hash algorithm, and the decrypted information and the extracted information. For comparison, if the decrypted information is the same as the extracted information digest, it can be determined that the license information has not been tampered with; if the decrypted information is different from the extracted digest, it can be determined that the license information has been tampered with.
S103,在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。S103, when the user's cloud platform is deployed, the license file is added to the user's cloud platform, and the node in the user's cloud platform is deployed according to the license information, and the deployed cloud platform is obtained.
本申请实施例中,本步骤属于节点部署阶段,在生成授权许可文件之后,可以对云平台进行部署。首先,将授权许可文件添加至用户的云平台中,具体的,将授权许可文件添加至云平台的数据库中,授权许可文件包括:签名信息和授权许可信息,因此可以根据授权许可信息,部署云平台中的节点。例如,授权许可信息中对节点个数的授权为:部署3个存储节点、2个计算节点,授权许可信息中对节点配置的授权为:部署的CPU的个数为10个,那么,在对云平台进行部署时,可以根据该授权许可信息对云平台进行部署,得到 部署后的云平台。In this embodiment of the present application, the step belongs to the node deployment phase, and after the license file is generated, the cloud platform can be deployed. First, the license file is added to the user's cloud platform. Specifically, the license file is added to the database of the cloud platform. The license file includes: signature information and license information, so the cloud can be deployed according to the license information. The nodes in the platform. For example, the authorization for the number of nodes in the license information is: deploying 3 storage nodes and 2 compute nodes. The authorization for configuring the node in the license information is: the number of deployed CPUs is 10, then, in the right When the cloud platform is deployed, the cloud platform can be deployed according to the license information, and the deployed cloud platform can be obtained.
本申请实施例提供的云平台管理方法,确定针对用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件;在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。本申请实施例可以对云平台中的节点个数、节点配置、节点中的组件类型等进行组合授权,从而对云平台进行灵活授权许可管理,通过对授权许可信息进行数字签名,保证授权许可信息不容易被篡改。The cloud platform management method provided by the embodiment of the present application determines the license information for the user, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type; digitally signing the license information, according to the The signature information and the license information generate a license file; when the user's cloud platform is deployed, the license file is added to the user's cloud platform, and the nodes in the user's cloud platform are deployed according to the license information, and deployed. After the cloud platform. The embodiment of the present application can perform combined authorization on the number of nodes in the cloud platform, the node configuration, and the component types in the node, thereby performing flexible authorization and license management on the cloud platform, and digitally signing the license information to ensure the license information. Not easy to be tampered with.
参见图2,图2为本申请实施例的云平台管理方法的另一种流程图,包括以下步骤:Referring to FIG. 2, FIG. 2 is another flowchart of a cloud platform management method according to an embodiment of the present application, including the following steps:
S201,根据用户对云平台中节点的使用需求,确定针对该用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型。S201. Determine, according to the usage requirement of the user in the cloud platform, the license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type.
S202,对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件。S202. Digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information.
S203,在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,验证授权许可文件中的签名信息和授权许可信息是否对应;若验证通过,将签名信息和授权许可信息存储至用户的云平台中。S203. When deploying the cloud platform of the user, adding the license file to the cloud platform of the user, verifying whether the signature information and the license information in the license file correspond to each other; if the verification is passed, the signature information and the license information are obtained. Stored in the user's cloud platform.
数字签名技术是将初始信息用发送者的私钥加密,将得到的加密信息和初始信息一起发送给接收者。接收者只有用发送者的公钥才能解密被加密的初始信息,通过公钥对加密的初始信息进行解密之后,将得到的解密信息与初始信息进行对比,如果相同,则说明收到的初始信息是完整的,在传输过程中没有被修改,否则说明初始信息被修改过,因此数字签名能够验证信息的完整性。数字签名是加密的过程,数字签名验证是解密的过程。The digital signature technique encrypts the initial information with the sender's private key and transmits the obtained encrypted information together with the initial information to the recipient. The receiver can decrypt the encrypted initial information only by using the sender's public key, decrypt the encrypted initial information through the public key, and compare the obtained decrypted information with the initial information. If they are the same, the received initial information is received. It is complete and has not been modified during transmission. Otherwise, the initial information has been modified, so the digital signature can verify the integrity of the information. Digital signature is the process of encryption, and digital signature verification is the process of decryption.
本申请实施例中,授权许可文件中的签名信息是通过私钥对授权许可信息进行加密之后得到的,那么,将授权许可文件添加至用户的云平台中之后,可以通过公钥对授权许可文件中的签名信息进行解密,将得到的解密信息和 授权许可信息进行对比,如果信息相同,表明授权许可信息没有被篡改。因此,通过公私钥的方式保证了授权许可信息在云平台的完整性,使授权许可信息不容易被篡改。那么,在验证通过之后,可以将签名信息和授权许可信息存储至用户的云平台中。In the embodiment of the present application, after the signature information in the license file is obtained by encrypting the license information by using the private key, after the license file is added to the cloud platform of the user, the license file may be obtained by using the public key. The signature information in the decryption is decrypted, and the obtained decryption information is compared with the license information. If the information is the same, it indicates that the license information has not been tampered with. Therefore, the integrity of the license information on the cloud platform is ensured by means of public and private keys, so that the license information is not easily falsified. Then, after the verification is passed, the signature information and the license information can be stored in the user's cloud platform.
S204,根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。S204. Deploy a node in the user's cloud platform according to the license information, and obtain the deployed cloud platform.
由于S201、S202分别与图1实施例中的S101、S102相同,S204与S103中的步骤相同,S101、S102、S103的所有实现方式均适用于图2,且均能达到相同或相似的有益效果,在此不再赘述。Since S201 and S202 are the same as S101 and S102 in the embodiment of FIG. 1, respectively, the steps in S204 and S103 are the same, and all implementations of S101, S102, and S103 are applicable to FIG. 2, and all of the same or similar beneficial effects can be achieved. , will not repeat them here.
本申请实施例提供的云平台管理方法,根据用户对云平台中节点的使用需求,确定针对用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件;在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,验证授权许可文件中的签名信息和授权许可信息是否对应;若验证通过,将签名信息和授权许可信息存储至用户的云平台中;根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。本申请实施例可以对云平台中的节点个数、节点配置、节点中的组件类型等进行组合授权,从而对云平台进行灵活授权许可管理。通过对授权许可信息进行数字签名,使授权许可信息不容易被篡改。The cloud platform management method provided by the embodiment of the present application determines the license information for the user according to the user's use requirement of the node in the cloud platform, where the license information includes: the number of nodes, the node configuration, the node use period, and the component type. Digitally signing the license information, and generating a license file according to the obtained signature information and license information; when deploying the user's cloud platform, adding the license file to the user's cloud platform, verifying the license file Whether the signature information and the license information correspond to each other; if the verification is passed, the signature information and the license information are stored in the user's cloud platform; according to the license information, the nodes in the user's cloud platform are deployed to obtain the deployed cloud platform. The embodiment of the present application can perform combined authorization for the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like, thereby performing flexible authorization and license management on the cloud platform. By authorizing the license information digitally, the license information is not easily tampering.
上述图2实施例中S203和S204是节点部署阶段,本申请实施例中云平台中节点部署方法的流程图可参见图3,包括以下步骤:The S203 and S204 in the foregoing embodiment of FIG. 2 are the node deployment stage. The flowchart of the node deployment method in the cloud platform in the embodiment of the present application can be seen in FIG. 3, including the following steps:
S301,在云平台中添加授权许可文件。S301, adding a license file in the cloud platform.
本申请实施例中,授权许可文件可以是根据用户对云平台的使用需求生成的,那么,在得到授权许可文件之后,可以将该授权许可文件提供给用户,使用户可以根据授权许可文件对云平台进行部署,当然还可以是管理员自身对云平台进行部署。在对云平台进行部署时,首先需要将该授权许可文件添加至云平台中。In the embodiment of the present application, the license file may be generated according to the user's use requirements of the cloud platform. After the license file is obtained, the license file may be provided to the user, so that the user can use the license file according to the license file. The platform is deployed, and of course, the administrator can deploy the cloud platform. When deploying a cloud platform, you first need to add the license file to the cloud platform.
S302,验证签名信息及有效期限。S302, verify signature information and expiration date.
由图1实施例和图2实施例可知,授权许可文件中包括:签名信息和授权许可信息,在得到授权许可文件之后,可以验证签名信息,即验证授权许可信息的完整性,确定授权许可信息是否被篡改,验证签名信息的方法具体可以为:验证授权许可文件中的签名信息和授权许可信息是否对应,可参见图2实施例中S203,在此不再赘述。另外,授权许可信息中还包含有效期限,该有效期限为云平台的使用期限,在验证签名信息时,还可以验证授权许可信息中的有效期限,如果当前时间在有效期限内,则表明验证成功,该授权许可信息是可以使用的;如果当前时间不在有效期限之内,那么表明验证失败,该授权许可信息是不可以使用的,进入S307,流程结束。It can be seen from the embodiment of FIG. 1 and the embodiment of FIG. 2 that the license file includes: signature information and license information. After obtaining the license file, the signature information can be verified, that is, the integrity of the license information is verified, and the license information is determined. The method of verifying the signature information may be: verifying whether the signature information and the license information in the license file correspond to each other. For details, refer to S203 in the embodiment of FIG. 2, and details are not described herein again. In addition, the license information also includes an expiration date, which is the expiration date of the cloud platform. When verifying the signature information, the expiration date in the license information may also be verified. If the current time is within the valid period, the verification is successful. The license information is usable; if the current time is not within the validity period, it indicates that the verification fails, and the license information is not available, and the process proceeds to S307, and the process ends.
S303,存储签名信息及授权许可信息。S303. Store signature information and license information.
在S302验证成功之后,将签名信息及授权许可信息存储至云平台,即云平台的数据库中,这样,可以根据授权许可信息对云平台进行部署。After the verification succeeds in S302, the signature information and the license information are stored in the cloud platform, that is, the database of the cloud platform, so that the cloud platform can be deployed according to the license information.
S304,根据授权许可信息部署节点。S304. Deploy the node according to the license information.
本申请实施例中,对云平台中节点的部署,将在下文进行详细介绍,在此不再赘述。In the embodiment of the present application, the deployment of the nodes in the cloud platform will be described in detail below, and details are not described herein again.
S305,验证签名信息及有效期限。S305, verify signature information and expiration date.
具体的,在对云平台中的各节点部署之后,还可以对各节点中的签名信息及有效期限进行验证,验证方法与S302相同,在此不再赘述。通过本步骤的验证可以保证部署后的云平台是可以使用的。Specifically, after the nodes in the cloud platform are deployed, the signature information and the expiration date of each node may be verified. The verification method is the same as that of S302, and details are not described herein. Through the verification of this step, it can be guaranteed that the deployed cloud platform can be used.
S306,云平台部署成功。S306, the cloud platform is deployed successfully.
本申请实施例提供的云平台管理方法中,在对云平台中的节点进行部署时,将授权许可文件添加至云平台,对签名信息及有效期限进行验证,在验证成功之后,存储签名信息及授权许可信息,根据授权许可信息部署节点,对节点部署之后,还可以对各节点进行签名信息及有效期限的验证,在验证成功之后,确定云平台部署成功。本申请实施例通过对授权许可信息进行数字签名的签名信息进行验证,保证了授权许可信息在云平台的完整性,使授权许可信息不容易被篡改。In the cloud platform management method provided by the embodiment of the present application, when the node in the cloud platform is deployed, the license file is added to the cloud platform, and the signature information and the expiration date are verified. After the verification succeeds, the signature information is stored and The license information is used to deploy the node according to the license information. After the node is deployed, the signature information and the validity period of each node can be verified. After the verification succeeds, the cloud platform is successfully deployed. The embodiment of the present application verifies the signature information of the digitally signed license information, and ensures the integrity of the license information on the cloud platform, so that the license information is not easily falsified.
参见图4,图4为本申请实施例的云平台管理方法的又一种流程图,包括以下步骤:Referring to FIG. 4, FIG. 4 is still another flowchart of a cloud platform management method according to an embodiment of the present application, including the following steps:
S401,根据用户对云平台中节点的使用需求,确定针对该用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型。S401. Determine, according to a user usage requirement of a node in the cloud platform, the license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type.
S402,对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件。S402. Digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information.
S403,在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。S403. When the user's cloud platform is deployed, the license file is added to the user's cloud platform, and the nodes in the user's cloud platform are deployed according to the license information, and the deployed cloud platform is obtained.
S404,若接收到对部署后的云平台中的节点进行扩展的操作指令,向授权许可信息中添加待扩展节点信息,得到更新的授权许可信息。S404. If an operation instruction for expanding a node in the deployed cloud platform is received, adding the node information to be extended to the license information to obtain updated license information.
本申请实施例中,由于授权许可信息可以存储在云平台中,因此,在对云平台进行部署之后,还可以查看、更新授权许可信息。若用户需要对部署后的云平台进行扩展,用户将发送对部署后的云平台中的节点进行扩展的操作指令,云平台在接收到该操作指令之后,向授权许可信息中添加待扩展节点的信息,得到更新的授权许可信息。当然,本申请实施例还可以对节点中的组件进行扩展,还可以删除云平台中的节点、删除节点中的组件等,在此以对节点进行扩展为例进行说明。In the embodiment of the present application, since the license information can be stored in the cloud platform, after the cloud platform is deployed, the license information can also be viewed and updated. If the user needs to extend the deployed cloud platform, the user sends an operation instruction for expanding the node in the deployed cloud platform, and after receiving the operation instruction, the cloud platform adds the node to be extended to the authorization information. Information, get updated license information. Certainly, the embodiment of the present application may further extend components in the node, and may also delete nodes in the cloud platform, delete components in the node, and the like, and expand the node as an example for description.
S405,对更新的授权许可信息进行数字签名,根据得到的更新的签名信息和更新的授权许可信息生成更新的授权许可文件。S405. Digitally sign the updated license information, and generate an updated license file according to the obtained updated signature information and the updated license information.
本步骤中,在得到更新的授权许可信息之后,对更新的授权许可信息进行数字签名,根据得到的更新的签名信息和更新的授权许可信息生成更新的授权许可文件。本步骤的方法与图1实施例S102中的方法相同,在此不再赘述。本步骤与S102相比不同的是,本步骤中的授权许可信息与S102中的授权许可信息相比,是更新的授权许可信息。In this step, after the updated license information is obtained, the updated license information is digitally signed, and an updated license file is generated according to the obtained updated signature information and the updated license information. The method in this step is the same as the method in the embodiment S102 of FIG. 1, and details are not described herein again. This step differs from S102 in that the license information in this step is updated license information as compared with the license information in S102.
S406,根据更新的授权许可文件,对部署后的云平台进行扩展节点的安装。S406. Perform an installation of the extended node on the deployed cloud platform according to the updated license file.
本申请实施例中,在得到更新的授权许可文件之后,可以根据更新的授权许可文件,对部署后的云平台进行扩展节点的安装。例如,更新的授权许可文件中的授权许可信息中需要添加2个存储节点,那么,本步骤将在S403中得到的部署后的云平台的基础上添加2个存储节点。In the embodiment of the present application, after the updated license file is obtained, the deployed node may be installed on the deployed cloud platform according to the updated license file. For example, if two storage nodes need to be added to the license information in the updated license file, this step adds two storage nodes based on the deployed cloud platform obtained in S403.
由于S401、S402、S403分别与图1实施例中的S101、S102、S103相同,S101、S102、S103的所有实现方式均适用于图4,且均能达到相同或相似的有益效果,在此不再赘述。Since S401, S402, and S403 are the same as S101, S102, and S103 in the embodiment of FIG. 1, all implementations of S101, S102, and S103 are applicable to FIG. 4, and all of the same or similar beneficial effects can be achieved. Let me repeat.
本申请实施例提供的云平台管理方法,在得到部署后的云平台之后,若接收到对部署后的云平台中的节点进行扩展的操作指令,向授权许可信息中添加待扩展节点信息,得到更新的授权许可信息;对更新的授权许可信息进行数字签名,根据得到的更新的签名信息和更新的授权许可信息生成更新的授权许可文件;根据更新的授权许可文件,对部署后的云平台进行扩展节点的安装。本申请实施例还可以根据用户对云平台扩展的使用需求,对授权许可信息进行更新,进而对授权许可信息对应的签名信息和授权许可文件进行更新,从而对云平台进行灵活扩展。The cloud platform management method provided by the embodiment of the present application, after obtaining the deployed cloud platform, if receiving an operation instruction for expanding a node in the deployed cloud platform, adding the information to be extended to the license information, Updated license information; digitally sign the updated license information, generate an updated license file according to the obtained updated signature information and updated license information; and perform the deployed cloud platform according to the updated license file Expansion node installation. The embodiment of the present application can also update the license information according to the user's need for the cloud platform extension, and then update the signature information and the license file corresponding to the license information, thereby flexibly expanding the cloud platform.
本申请的一种实现方式中,根据用户对云平台中节点的使用需求,确定针对用户的授权许可信息,可以包括:In an implementation manner of the application, determining the license information for the user according to the usage requirement of the node in the cloud platform by the user may include:
根据使用需求中是否包括对节点个数的需求,确定授权许可信息中对节点个数的授权许可为开启或关闭。According to whether the requirement of the number of nodes is included in the usage requirement, it is determined whether the license for the number of nodes in the license information is turned on or off.
根据使用需求中是否包括对节点配置的需求,确定授权许可信息中对节点配置的授权许可为开启或关闭。Determine whether the license configured for the node in the license information is turned on or off according to whether the requirement for the node configuration is included in the usage requirement.
根据使用需求中是否包括对节点使用期限的需求,确定授权许可信息中对节点使用期限的授权许可为开启或关闭。According to whether the requirement of using the node includes the requirement of the term of use of the node, it is determined whether the license for the use term of the node in the license information is turned on or off.
根据使用需求中是否包括对组件类型的需求,确定授权许可信息中对组件类型的授权许可为开启或关闭。Determine whether the license type for the component type in the license information is turned on or off according to whether the requirement for the component type is included in the usage requirement.
本申请实施例中,可以对节点个数、节点配置、节点使用期限、组件类型等多项进行组合授权,也就是说,本申请可以对节点个数、节点配置、节点使用期限、组件类型等多项中的一项或多项进行授权,当授权其中的某一 项,可以将该项的授权许可开启,否则,将该项的授权许可关闭。可选的,可以通过布尔(bool)型变量表示授权许可的开启或者关闭状态,例如,如果对节点个数进行授权许可,那么可以将节点个数对应的布尔型变量的值设置为TRUE,否则可以将节点个数对应的布尔型变量的值设置为FALSE。In the embodiment of the present application, the number of nodes, the node configuration, the node usage period, the component type, and the like may be combined and authorized, that is, the number of nodes, the node configuration, the node usage period, the component type, and the like may be applied to the application. Authorize one or more of the multiple items. When one of them is authorized, the license for the item can be opened. Otherwise, the license for the item is closed. Optionally, the boil type variable can be used to indicate the on or off status of the license. For example, if the number of nodes is authorized, the value of the Boolean variable corresponding to the number of nodes can be set to TRUE. Otherwise, You can set the value of a Boolean variable corresponding to the number of nodes to FALSE.
本申请实施例的云平台管理方法中,可以设置节点个数、节点配置、节点使用期限、组件类型等多项的开启或关闭状态,得到多种授权许可方式,通过多种授权许可方式对云平台进行管理,从而可以对云平台进行灵活授权许可管理。In the cloud platform management method of the embodiment of the present application, the number of nodes, the node configuration, the node usage period, the component type, and the like may be set to be turned on or off, and multiple authorization modes are obtained, and the cloud is obtained through multiple authorization modes. The platform is managed so that the cloud platform can be flexibly licensed and managed.
本申请的一种实现方式中,图1实施例、图2实施例和图4实施例中,根据授权许可信息,部署用户的云平台中的节点,包括:In an implementation manner of the present application, in the embodiment of FIG. 1 , the embodiment of FIG. 2 , and the embodiment of FIG. 4 , the nodes in the cloud platform of the user are deployed according to the license information, including:
在添加节点时,获取待添加节点的节点个数和节点配置,并判断云平台中已添加节点的节点个数和待添加节点的节点个数之和是否不大于授权许可信息中的节点个数,且云平台中已添加节点的节点配置和待添加节点的节点配置的总配置是否不大于授权许可信息中的节点配置;在判断结果均为是时,添加待添加节点。When adding a node, the number of nodes to be added and the node configuration are obtained, and it is determined whether the sum of the number of nodes that have added nodes in the cloud platform and the number of nodes to be added is not greater than the number of nodes in the license information. And the total configuration of the node configuration of the added node in the cloud platform and the node configuration of the node to be added is not greater than the node configuration in the license information; when the judgment result is yes, the node to be added is added.
本申请实施例中,可以根据授权许可信息对云平台进行部署,在对云平台中的节点进行部署时,需要根据授权许可信息对云平台中的集群信息(所有节点的信息)进行合法性检查。例如,在添加节点时,需要获取待添加节点的信息(节点个数、节点配置、节点中的组件类型等),将待添加节点的节点个数与云平台中已添加节点的节点个数相加,判断得到的云平台中的节点总个数是否不大于授权许可信息中的节点个数;将待添加节点的节点配置与云平台中已添加节点的节点配置相加,判断得到的云平台中的节点总配置是否不大于授权许可信息中的节点配置。如果上述判断结果均为是,则确定添加的节点部署成功,否则,确定添加的节点部署失败。其中,节点配置包括:CPU个数和和内存大小等。In the embodiment of the present application, the cloud platform may be deployed according to the license information. When the nodes in the cloud platform are deployed, the cluster information (information of all nodes) in the cloud platform needs to be checked according to the license information. . For example, when adding a node, you need to obtain information about the node to be added (number of nodes, node configuration, component type in the node, etc.), and the number of nodes to be added is equal to the number of nodes in the cloud platform. Adding, determining whether the total number of nodes in the obtained cloud platform is not greater than the number of nodes in the license information; adding the node configuration of the node to be added and the node configuration of the added node in the cloud platform, and determining the obtained cloud platform Whether the total node configuration in is not greater than the node configuration in the license information. If the above judgment result is yes, it is determined that the added node is successfully deployed. Otherwise, it is determined that the added node fails to be deployed. The node configuration includes: the number of CPUs and the size of the memory.
例如,在对节点配置进行授权许可时,并且节点配置中按照CPU个数进行授权,那么,在添加节点时,首先验证签名信息及有效期限,验证方法可参见图2实施例中的S203,在此不再赘述。在验证成功之后,读取授权许可信息中的CPU个数,然后获取待添加节点的CPU个数,最后将该CPU个数与云平 台集群中已有的CPU个数相加,并与授权许可信息中的CPU个数进行对比,如果相加之后的CPU个数小于或者等于授权许可信息中的CPU的个数,也就是说,待添加节点可以部署成功,则添加待添加节点。For example, when the node configuration is authorized, and the node configuration is authorized according to the number of CPUs, the signature information and the expiration date are first verified when the node is added. For the verification method, refer to S203 in the embodiment of FIG. This will not be repeated here. After the verification succeeds, the number of CPUs in the license information is read, and then the number of CPUs of the node to be added is obtained, and finally the number of CPUs is added to the number of CPUs in the cloud platform cluster, and the license is authorized. The number of CPUs in the information is compared. If the number of CPUs after the addition is less than or equal to the number of CPUs in the license information, that is, if the node to be added can be successfully deployed, the node to be added is added.
可见,通过授权许可信息可以对云平台进行部署,可以防止用户超出授权许可信息许可的范围对云平台进行部署。It can be seen that the cloud platform can be deployed through the license information, which can prevent the user from deploying the cloud platform beyond the scope of the license information license.
本申请的一种实现方式中,在云平台使用阶段,也就是在根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台之后,还包括:In an implementation manner of the application, after the cloud platform is deployed, that is, after the node in the cloud platform of the user is deployed according to the license information, and after the deployed cloud platform is obtained, the method further includes:
验证部署后的云平台中授权许可文件中的签名信息及有效期限。Verify the signature information and expiration date in the license file in the deployed cloud platform.
本申请实施例中,对于部署后的云平台,在对签名信息及有效期限验证之前,还可以对云平台中的服务进行身份验证,具体的,首先为keystone(云平台中的一个组件,用于身份认证)创建Token(身份认证中的临时令牌)。在创建Token时,从nova数据库中读取签名信息以及有效期限,验证签名信息以及有效期限,验证成功则为keystone创建Token。之后,验证部署后的云平台中授权许可文件中的签名信息及有效期限,具体的,对签名信息进行解密之后,验证得到的解密信息与授权许可信息是否相同,防止授权许可信息被篡改。另外,还可以对授权许可信息中的有效期限进行验证,确保当前时间在云平台使用的有效期限内。如果验证结果为成功,表明部署后的云平台可以正常使用,那么,对部署后的云平台进行周期性授权许可验证,确定部署后的云平台是否运行在授权许可的范围内。In the embodiment of the present application, for the deployed cloud platform, before the verification of the signature information and the expiration date, the service in the cloud platform may be authenticated. Specifically, the keystone is a component in the cloud platform. For identity authentication) Create a Token (temporary token in authentication). When the token is created, the signature information and the expiration date are read from the nova database, the signature information is verified, and the expiration date is valid. When the verification succeeds, a token is created for the keystone. After that, the signature information and the expiration date in the license file in the deployed cloud platform are verified. Specifically, after the signature information is decrypted, whether the decrypted information and the license information are verified are the same, and the license information is prevented from being tampered with. In addition, you can verify the expiration date in the license information to ensure that the current time is within the validity period of the cloud platform. If the verification result is successful, indicating that the deployed cloud platform can be used normally, then the deployed cloud platform is periodically authenticated and verified to determine whether the deployed cloud platform is running within the scope of the license.
在对云平台使用的过程中,为了防止云平台中节点个数、节点配置等被篡改,可以对部署后的云平台进行周期性授权许可验证,确定部署后的云平台是否运行在授权许可的范围内。可选的,验证部署后的云平台中节点的个数是否不大于授权许可信息中节点的个数;验证部署后的云平台中节点的配置是否不大于授权许可信息中节点的配置;验证部署后的云平台中节点的主板序列号是否在授权许可信息中;验证部署后的云平台中的当前时间是否在授权许可信息中的有效期限之内。如果上述验证结果均为是,确定部署后的云平台运行在授权许可的范围内,否则,确定部署后的云平台没有运行在授权许可的范围内。In the process of using the cloud platform, in order to prevent the number of nodes and node configurations in the cloud platform from being tampered with, the distributed cloud platform can be periodically authenticated and authenticated to determine whether the deployed cloud platform is running under the license. Within the scope. Optionally, it is verified whether the number of nodes in the deployed cloud platform is not greater than the number of nodes in the license information; whether the configuration of the node in the deployed cloud platform is not greater than the configuration of the node in the license information; Whether the motherboard serial number of the node in the subsequent cloud platform is in the license information; verify whether the current time in the deployed cloud platform is within the validity period of the license information. If the above verification result is yes, it is determined that the deployed cloud platform runs within the scope of the license. Otherwise, it is determined that the deployed cloud platform does not run within the scope of the license.
例如,nova-compute(nova组件中用于计算的服务)收集云平台中节点的CPU和内存,由nova-conductor(nova组件中用于数据库交互的服务)负责整合整个云平台的CPU和内存,然后读取云平台数据库中的授权许可信息,验证签名信息后,进行节点配置的验证。nova-conductor还可以获取云平台的计算、网络、存储节点的个数,然后读取云平台数据库中的授权许可信息,验证签名后,进行节点个数的验证。本申请实施例中,还可以根据授权许可信息,验证Openstack云平台的物理节点主板序列号。例如,对于Openstack计算和存储融合的节点,由nova-compute(nova组件中用于计算的服务)获取所在节点的主板序列号,然后通过nova-conductor(nova组件中用于数据库交互的服务)获取并验证授权许可信息;对于单独的存储节点,由存储守护进程获取所在节点的主板序号,然后完成验证;对于单独网络节点,由网络守护进程(例如neutron-openvswitch-agent)完成主板序列号的验证。For example, nova-compute (a service for computing in the nova component) collects the CPU and memory of the nodes in the cloud platform, and nova-conductor (the service for database interaction in the nova component) is responsible for integrating the CPU and memory of the entire cloud platform. Then, the license information in the cloud platform database is read, and after the signature information is verified, the node configuration is verified. The nova-conductor can also obtain the number of computing, network, and storage nodes of the cloud platform, and then read the license information in the cloud platform database, and verify the signature, and then verify the number of nodes. In the embodiment of the present application, the serial number of the physical node of the Openstack cloud platform may also be verified according to the license information. For example, for Openstack compute and storage converged nodes, the motherboard serial number of the node is obtained by nova-compute (the service used for computing in the nova component), and then obtained by nova-conductor (the service for database interaction in the nova component). And verify the license information; for a separate storage node, the storage daemon obtains the serial number of the node of the node, and then completes the verification; for a separate network node, the network daemon (such as neutron-openvswitch-agent) completes the verification of the serial number of the motherboard .
相应于上述方法实施例,本申请实施例还提供了一种云平台管理装置,参见图5,图5为本申请实施例的云平台管理装置的一种结构图,包括:Corresponding to the foregoing method embodiments, the embodiment of the present application further provides a cloud platform management apparatus. Referring to FIG. 5, FIG. 5 is a structural diagram of a cloud platform management apparatus according to an embodiment of the present application, including:
授权许可信息获取模块501,配置为确定针对用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;具体为根据用户对云平台中节点的使用需求,确定针对用户的授权许可信息;The license information obtaining module 501 is configured to determine the license information for the user, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type; specifically, according to the user's use requirements for the nodes in the cloud platform. , determining license information for the user;
授权许可文件生成模块502,配置为对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件;The license file generating module 502 is configured to digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information;
云平台部署模块503,配置为在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。The cloud platform deployment module 503 is configured to add the license file to the user's cloud platform when deploying the user's cloud platform, deploy the node in the user's cloud platform according to the license information, and obtain the deployed cloud platform. .
本申请实施例提供的云平台管理装置,根据用户对云平台中节点的使用需求,确定针对用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件;在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。本申请实施例可以对云平台中的节点个数、节点配置、节点中的组件类型等进行组合授权,从而对云平 台进行灵活授权许可管理;通过对授权许可信息进行数字签名,保证授权许可信息不容易被篡改。The cloud platform management device provided by the embodiment of the present application determines the license information for the user according to the user's use requirement of the node in the cloud platform, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type. Digitally signing the license information, and generating a license file according to the obtained signature information and the license information; when deploying the user's cloud platform, adding the license file to the user's cloud platform, according to the license information, Deploy the nodes in the user's cloud platform and get the deployed cloud platform. In the embodiment of the present application, the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
需要说明的是,本申请实施例的装置是应用上述云平台管理方法的装置,则上述云平台管理方法的所有实施例均适用于该装置,且均能达到相同或相似的有益效果。It should be noted that, the device in the embodiment of the present application is a device that applies the foregoing cloud platform management method, and all embodiments of the cloud platform management method are applicable to the device, and all of the same or similar beneficial effects can be achieved.
参见图6,图6为本申请实施例的云平台管理装置的另一种结构图,包括:Referring to FIG. 6, FIG. 6 is another structural diagram of a cloud platform management apparatus according to an embodiment of the present application, including:
授权许可信息获取模块601,配置为确定针对用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;具体为根据用户对云平台中节点的使用需求,确定针对用户的授权许可信息;The license information obtaining module 601 is configured to determine the license information for the user, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type; specifically, according to the user's use requirements for the nodes in the cloud platform. , determining license information for the user;
授权许可文件生成模块602,配置为对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件;The license file generating module 602 is configured to digitally sign the license information, and generate an authorization file according to the obtained signature information and the license information;
签名信息验证模块603,配置为验证授权许可文件中的签名信息和授权许可信息是否对应;The signature information verification module 603 is configured to verify whether the signature information and the license permission information in the license file correspond to each other;
信息存储模块604,配置为若签名信息验证模块验证通过,将签名信息和授权许可信息存储至用户的云平台中;The information storage module 604 is configured to: if the signature information verification module passes the verification, store the signature information and the license information in the cloud platform of the user;
云平台部署模块605,配置为在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。The cloud platform deployment module 605 is configured to add the license file to the user's cloud platform when deploying the user's cloud platform, deploy the node in the user's cloud platform according to the license information, and obtain the deployed cloud platform. .
本申请实施例提供的云平台管理装置,根据用户对云平台中节点的使用需求,确定针对用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件;在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,验证授权许可文件中的签名信息和授权许可信息是否对应;若验证通过,将签名信息和授权许可信息存储至用户的云平台中;根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。本申请实施例可以对云平台中的节点个数、节点配置、节点中的组件类型等进行组合授权,从而对云平台进行灵活授权许可管理。通过对授权许可信息进行数字签名,使授权许可信息不容易被篡改。The cloud platform management device provided by the embodiment of the present application determines the license information for the user according to the user's use requirement of the node in the cloud platform, where the license information includes: the number of nodes, the node configuration, the node usage period, and the component type. Digitally signing the license information, and generating a license file according to the obtained signature information and license information; when deploying the user's cloud platform, adding the license file to the user's cloud platform, verifying the license file Whether the signature information and the license information correspond to each other; if the verification is passed, the signature information and the license information are stored in the user's cloud platform; according to the license information, the nodes in the user's cloud platform are deployed to obtain the deployed cloud platform. The embodiment of the present application can perform combined authorization for the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like, thereby performing flexible authorization and license management on the cloud platform. By authorizing the license information digitally, the license information is not easily tampering.
参见图7,图7为本申请实施例的云平台管理装置的又一种结构图,包括:Referring to FIG. 7, FIG. 7 is still another structural diagram of a cloud platform management apparatus according to an embodiment of the present application, including:
授权许可信息获取模块701,用于确定针对用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;The license information obtaining module 701 is configured to determine the license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type;
授权许可文件生成模块702,用于对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件;The license file generating module 702 is configured to digitally sign the license information, and generate an authorization license file according to the obtained signature information and the license information;
云平台部署模块703,用于在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台;The cloud platform deployment module 703 is configured to add the license file to the user's cloud platform when deploying the user's cloud platform, deploy the node in the user's cloud platform according to the license information, and obtain the deployed cloud platform. ;
授权许可信息更新模块704,用于若接收到对部署后的云平台中的节点进行扩展的操作指令,向授权许可信息中添加待扩展节点信息,得到更新的授权许可信息;The license information update module 704 is configured to: if the operation instruction for expanding the node in the deployed cloud platform is received, add the node information to be extended to the license information to obtain the updated license information;
授权许可文件更新模块705,用于对更新的授权许可信息进行数字签名,根据得到的更新的签名信息和更新的授权许可信息生成更新的授权许可文件;The license file update module 705 is configured to digitally sign the updated license information, and generate an updated license file according to the obtained updated signature information and the updated license information;
扩展节点安装模块706,用于根据更新的授权许可文件,对部署后的云平台进行扩展节点的安装。The extended node installation module 706 is configured to perform an installation of the extended node on the deployed cloud platform according to the updated license file.
本申请实施例提供的云平台管理装置,在得到部署后的云平台之后,若接收到对部署后的云平台中的节点进行扩展的操作指令,向授权许可信息中添加待扩展节点信息,得到更新的授权许可信息;对更新的授权许可信息进行数字签名,根据得到的更新的签名信息和更新的授权许可信息生成更新的授权许可文件;根据更新的授权许可文件,对部署后的云平台进行扩展节点的安装。本申请实施例还可以根据用户对云平台扩展的使用需求,对授权许可信息进行更新,从而对云平台进行灵活扩展。The cloud platform management apparatus provided by the embodiment of the present application, after receiving the deployed cloud platform, adds an operation instruction for expanding a node in the deployed cloud platform, and adds information to be extended to the license information, and obtains Updated license information; digitally sign the updated license information, generate an updated license file according to the obtained updated signature information and updated license information; and perform the deployed cloud platform according to the updated license file Expansion node installation. The embodiment of the present application can also update the license information according to the user's use requirements for the cloud platform extension, thereby flexibly expanding the cloud platform.
在本申请的一种实现方式中,授权许可信息获取模块具体配置为,根据用户对云平台中节点的使用需求,确定针对用户的授权许可信息。In an implementation manner of the application, the license information obtaining module is specifically configured to determine the license information for the user according to the user's use requirements of the nodes in the cloud platform.
本申请的一种实现方式中,授权许可信息获取模块具体配置为,根据使用需求中是否包括对节点个数的需求,确定授权许可信息中对节点个数的授权许可为开启或关闭;根据使用需求中是否包括对节点配置的需求,确定授 权许可信息中对节点配置的授权许可为开启或关闭;根据使用需求中是否包括对节点使用期限的需求,确定授权许可信息中对节点使用期限的授权许可为开启或关闭;根据使用需求中是否包括对组件类型的需求,确定授权许可信息中对组件类型的授权许可为开启或关闭。In an implementation manner of the present application, the license information obtaining module is specifically configured to determine whether the license for the number of nodes in the license information is turned on or off according to whether the requirement of the number of nodes is included in the use requirement; Whether the requirements of the node configuration are included in the requirement, determining whether the license for configuring the node in the license information is turned on or off; determining whether the license period is authorized in the license information according to whether the requirement of using the node includes the use term of the node. The license is turned on or off; depending on whether the requirements for the component type are included in the usage requirements, it is determined whether the license type for the component type in the license information is turned on or off.
本申请的一种实现方式中,云平台部署模块具体配置为,在添加节点时,获取待添加节点的节点个数和节点配置,并判断云平台中已添加节点的节点个数和待添加节点的节点个数之和是否不大于授权许可信息中的节点个数,且云平台中已添加节点的节点配置和待添加节点的节点配置的总配置是否不大于授权许可信息中的节点配置;在判断结果均为是时,添加待添加节点。In an implementation manner of the application, the cloud platform deployment module is specifically configured to: when adding a node, obtain the number of nodes and node configurations of the node to be added, and determine the number of nodes that have added nodes in the cloud platform and nodes to be added. Whether the sum of the number of nodes is not greater than the number of nodes in the license information, and whether the node configuration of the added node of the cloud platform and the total configuration of the node configuration of the node to be added are not greater than the node configuration in the license information; When the judgment result is yes, add the node to be added.
本申请的一种实现方式中,云平台管理装置还包括:In an implementation manner of the application, the cloud platform management apparatus further includes:
第一验证模块,配置为验证部署后的云平台中授权许可文件中的签名信息及有效期限;The first verification module is configured to verify signature information and an expiration date in the license file in the deployed cloud platform;
第二验证模块,配置为在第一验证模块验证成功时,对部署后的云平台进行周期性授权许可验证,确定部署后的云平台是否运行在授权许可的范围内。The second verification module is configured to perform periodic authorization verification on the deployed cloud platform when the first verification module is successfully verified, and determine whether the deployed cloud platform runs within the scope of the license.
本申请的一种实现方式中,第二验证模块具体用于,验证部署后的云平台中节点的个数是否不大于授权许可信息中节点的个数;验证部署后的云平台中节点的配置是否不大于授权许可信息中节点的配置;验证部署后的云平台中节点的主板序列号是否在授权许可信息中;验证部署后的云平台中的当前时间是否在授权许可信息中的有效期限之内;如果上述验证结果均为是,确定部署后的云平台运行在授权许可的范围内,否则,确定部署后的云平台没有运行在授权许可的范围内。In an implementation manner of the application, the second verification module is specifically configured to verify whether the number of nodes in the deployed cloud platform is not greater than the number of nodes in the license information; and verify the configuration of the nodes in the deployed cloud platform. Whether it is not greater than the configuration of the node in the license information; verify whether the motherboard serial number of the node in the deployed cloud platform is in the license information; verify whether the current time in the deployed cloud platform is within the validity period of the license information. If the above verification result is yes, it is determined that the deployed cloud platform runs within the scope of the license. Otherwise, it is determined that the deployed cloud platform does not run within the scope of the license.
本申请实施例还提供了一种电子设备,参见图8,图8为本申请实施例的电子设备的结构图,包括:处理器801和机器可读存储介质802,机器可读存储介质802存储有能够被处理器801执行的机器可执行指令,处理器801执行机器可执行指令时,实现上述实施例中任一云平台管理方法的步骤。The embodiment of the present application further provides an electronic device. Referring to FIG. 8, FIG. 8 is a structural diagram of an electronic device according to an embodiment of the present application, including: a processor 801 and a machine readable storage medium 802. The machine readable storage medium 802 stores There are machine executable instructions executable by the processor 801 that, when executed by the processor 801, implement the steps of any of the cloud platform management methods described above.
处理器801可以是通用处理器,包括:CPU、NP(Network Processor,网络处理器)等;还可以是DSP(Digital Signal Processing,数字信号处理器)、ASIC (Application Specific Integrated Circuit,专用集成电路)、FPGA(Field-Programmable Gate Array,现场可编程门阵列)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。The processor 801 may be a general-purpose processor, including: a CPU, an NP (Network Processor), or the like; or a DSP (Digital Signal Processing) or an ASIC (Application Specific Integrated Circuit). , FPGA (Field-Programmable Gate Array) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
机器可读存储介质802可以包括RAM(Random Access Memory,随机存取存储器),也可以包括非易失性存储器(non-volatile memory),例如至少一个磁盘存储器。可选的,机器可读存储介质802还可以是至少一个位于远离处理器801的存储装置。The machine-readable storage medium 802 may include a RAM (Random Access Memory), and may also include a non-volatile memory, such as at least one disk storage. Alternatively, the machine readable storage medium 802 can also be at least one storage device located remotely from the processor 801.
由以上可见,本申请实施例的电子设备中,处理器通过执行机器可读存储介质上所存放的机器可执行指令,从而可以根据用户对云平台中节点的使用需求,确定针对用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件;在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。本申请实施例可以对云平台中的节点个数、节点配置、节点中的组件类型等进行组合授权,从而对云平台进行灵活授权许可管理;通过对授权许可信息进行数字签名,保证授权许可信息不容易被篡改。It can be seen from the above that in the electronic device of the embodiment of the present application, the processor executes the machine executable instructions stored on the machine readable storage medium, so that the license for the user can be determined according to the user's use requirements of the nodes in the cloud platform. Information, wherein the license information includes: a number of nodes, a node configuration, a node usage period, and a component type; digitally signing the license information, generating an authorization license file according to the obtained signature information and the license information; When the platform is deployed, the license file is added to the user's cloud platform, and the nodes in the user's cloud platform are deployed according to the license information, and the deployed cloud platform is obtained. In the embodiment of the present application, the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
本申请实施例还提供了一种计算机可读存储介质,计算机可读存储介质内存储有计算机程序,计算机程序被处理器执行时,实现上述实施例中任一云平台管理方法的步骤。The embodiment of the present application further provides a computer readable storage medium. The computer readable storage medium stores a computer program. When the computer program is executed by the processor, the steps of the cloud platform management method in the foregoing embodiment are implemented.
由以上可见,本申请实施例的计算机可读存储介质内存储的计算机程序被处理器执行时,根据用户对云平台中节点的使用需求,确定针对用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件;在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。本申请实施例可以对云平台中的节点个数、节点配置、节点中的组件类型等进行组合授权,从而对云平台进行灵活授权许可管理;通过对授权许可信息进行数字签名,保证授权许可信息不容易被篡改。It can be seen from the above that when the computer program stored in the computer readable storage medium of the embodiment of the present application is executed by the processor, the license information for the user is determined according to the user's use requirement of the node in the cloud platform, wherein the license information includes : number of nodes, node configuration, node lifetime, and component type; digitally sign the license information, generate a license file based on the obtained signature information and license information; and license the user when deploying the cloud platform The file is added to the user's cloud platform, and the nodes in the user's cloud platform are deployed according to the license information, and the deployed cloud platform is obtained. In the embodiment of the present application, the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
本申请实施例还提供了一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机执行上述任一云平台管理方法的步骤。The embodiment of the present application further provides a computer program product comprising instructions, when executed on a computer, causing the computer to perform the steps of any of the above cloud platform management methods.
本申请实施例的计算机程序产品,当其在计算机上运行时,根据用户对云平台中节点的使用需求,确定针对用户的授权许可信息,其中,授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;对授权许可信息进行数字签名,根据得到的签名信息和授权许可信息生成授权许可文件;在对用户的云平台进行部署时,将授权许可文件添加至用户的云平台中,根据授权许可信息,部署用户的云平台中的节点,得到部署后的云平台。本申请实施例可以对云平台中的节点个数、节点配置、节点中的组件类型等进行组合授权,从而对云平台进行灵活授权许可管理;通过对授权许可信息进行数字签名,保证授权许可信息不容易被篡改。The computer program product of the embodiment of the present application, when it is running on a computer, determines the license information for the user according to the user's use requirement of the node in the cloud platform, wherein the license information includes: the number of nodes, the node configuration, The term of use of the node and the type of the component; digitally sign the license information, generate a license file based on the obtained signature information and the license information; add the license file to the user's cloud platform when deploying the user's cloud platform According to the license information, deploy the nodes in the user's cloud platform to obtain the deployed cloud platform. In the embodiment of the present application, the number of nodes in the cloud platform, the node configuration, the component type in the node, and the like may be combined and authorized to perform flexible authorization and license management on the cloud platform; and the license information is digitally signed to ensure the license information. Not easy to be tampered with.
需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that, in this context, relational terms such as first and second are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply such entities or operations. There is any such actual relationship or order between them. Furthermore, the term "comprises" or "comprises" or "comprises" or any other variations thereof is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device that comprises a plurality of elements includes not only those elements but also Other elements, or elements that are inherent to such a process, method, item, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device that comprises the element.
本说明书中的各个实施例均采用相关的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于云平台管理装置、电子设备、可读存储介质实施例以及计算机程序产品而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。The various embodiments in the present specification are described in a related manner, and the same or similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the cloud platform management device, the electronic device, the readable storage medium embodiment, and the computer program product, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant part of the method embodiment is referred to can.
以上所述仅为本申请的较佳实施例而已,并非用于限定本申请的保护范围。凡在本申请的精神和原则之内所作的任何修改、等同替换、改进等,均包含在本申请的保护范围内。The above description is only the preferred embodiment of the present application, and is not intended to limit the scope of the present application. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of the present application are included in the scope of the present application.
工业实用性Industrial applicability
基于本申请实施例提供的上述技术方案,可以对云平台中的节点个数、 节点配置、节点中的组件类型等进行组合授权,从而对云平台进行灵活授权许可管理;通过对授权许可信息进行数字签名,保证授权许可信息不容易被篡改。Based on the foregoing technical solutions provided by the embodiments of the present application, the number of nodes in the cloud platform, the node configuration, the component types in the nodes, and the like may be combined and authorized, thereby performing flexible authorization and license management on the cloud platform; Digital signatures ensure that license information is not easily tampered with.

Claims (19)

  1. 一种云平台管理方法,所述方法包括:A cloud platform management method, the method comprising:
    确定针对用户的授权许可信息,其中,所述授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;Determining license information for the user, wherein the license information includes: a number of nodes, a node configuration, a node usage period, and a component type;
    对所述授权许可信息进行数字签名,根据得到的签名信息和所述授权许可信息生成授权许可文件;Digitally signing the license information, and generating an authorization license file according to the obtained signature information and the license information;
    在对所述用户的云平台进行部署时,将所述授权许可文件添加至所述用户的云平台中,根据所述授权许可信息,部署所述用户的云平台中的节点,得到部署后的云平台。When the cloud platform of the user is deployed, the license file is added to the cloud platform of the user, and the node in the cloud platform of the user is deployed according to the license information, and the deployed node is obtained. cloud platform.
  2. 根据权利要求1所述的方法,其中,所述确定针对用户的授权许可信息,包括:The method of claim 1, wherein the determining the license information for the user comprises:
    根据用户对云平台中节点的使用需求,确定针对所述用户的授权许可信息。The license information for the user is determined according to the user's usage requirements for the nodes in the cloud platform.
  3. 根据权利要求1或2所述的云平台管理方法,其中,在所述根据所述授权许可信息,部署所述用户的云平台中的节点之前,所述方法还包括:The cloud platform management method according to claim 1 or 2, wherein before the deploying the nodes in the cloud platform of the user according to the license permission information, the method further includes:
    验证所述授权许可文件中的所述签名信息和所述授权许可信息是否对应;Verifying whether the signature information and the license permission information in the license file correspond to each other;
    若验证通过,将所述签名信息和所述授权许可信息存储至所述用户的云平台中。If the verification is passed, the signature information and the authorization permission information are stored in the cloud platform of the user.
  4. 根据权利要求2所述的云平台管理方法,其中,所述根据用户对云平台中节点的使用需求,确定针对所述用户的授权许可信息,包括:The cloud platform management method according to claim 2, wherein the determining the license information for the user according to the usage requirement of the node in the cloud platform by the user includes:
    根据所述使用需求中是否包括对节点个数的需求,确定所述授权许可信息中对节点个数的授权许可为开启或关闭;Determining whether the license for the number of nodes in the license information is turned on or off according to whether the requirement for the number of nodes is included in the use requirement;
    根据所述使用需求中是否包括对节点配置的需求,确定所述授权许可信息中对节点配置的授权许可为开启或关闭;Determining, according to the requirement of the node configuration, whether the license for configuring the node in the license information is on or off;
    根据所述使用需求中是否包括对节点使用期限的需求,确定所述授权许可信息中对节点使用期限的授权许可为开启或关闭;Determining, according to the requirement of the use requirement of the node, whether the license for the use term of the node in the license information is turned on or off;
    根据所述使用需求中是否包括对组件类型的需求,确定所述授权许可信息中对组件类型的授权许可为开启或关闭。The authorization of the component type in the license information is determined to be on or off according to whether the requirement for the component type is included in the usage requirement.
  5. 根据权利要求1或2所述的云平台管理方法,其中,所述根据所述授权许可信息,部署所述用户的云平台中的节点,包括:The cloud platform management method according to claim 1 or 2, wherein the deploying the nodes in the cloud platform of the user according to the license permission information comprises:
    在添加节点时,获取待添加节点的节点个数和节点配置,并判断所述云平台中已添加节点的节点个数和所述待添加节点的节点个数之和是否不大于所述授权许可信息中的节点个数,且所述云平台中已添加节点的节点配置和所述待添加节点的节点配置的总配置是否不大于所述授权许可信息中的节点配置;When the node is added, the number of nodes and the node configuration of the node to be added are obtained, and it is determined whether the sum of the number of nodes in the cloud platform and the number of nodes to be added is not greater than the license. The number of nodes in the information, and whether the node configuration of the added node in the cloud platform and the total configuration of the node configuration of the node to be added are not greater than the node configuration in the license information;
    在判断结果均为是时,添加所述待添加节点。When the judgment result is yes, the node to be added is added.
  6. 根据权利要求1或2所述的云平台管理方法,其中,在所述根据所述授权许可信息,部署所述用户的云平台中的节点,得到部署后的云平台之后,所述方法还包括:The cloud platform management method according to claim 1 or 2, wherein, after the node in the cloud platform of the user is deployed according to the authorization permission information, and the deployed cloud platform is obtained, the method further includes :
    若接收到对所述部署后的云平台中的节点进行扩展的操作指令,向所述授权许可信息中添加待扩展节点信息,得到更新的授权许可信息;And if the operation instruction for expanding the node in the deployed cloud platform is received, adding the node information to be extended to the authorization permission information to obtain updated authorization permission information;
    对所述更新的授权许可信息进行数字签名,根据得到的更新的签名信息和所述更新的授权许可信息生成更新的授权许可文件;Digitally signing the updated license information, and generating an updated license file according to the obtained updated signature information and the updated license information;
    根据所述更新的授权许可文件,对所述部署后的云平台进行扩展节点的安装。And installing the extended node on the deployed cloud platform according to the updated license file.
  7. 根据权利要求1或2所述的云平台管理方法,其中,在所述根据所述授权许可信息,部署所述用户的云平台中的节点,得到部署后的云平台之后,所述方法还包括:The cloud platform management method according to claim 1 or 2, wherein, after the node in the cloud platform of the user is deployed according to the authorization permission information, and the deployed cloud platform is obtained, the method further includes :
    验证所述部署后的云平台中授权许可文件中的签名信息及有效期限;Verifying the signature information and the expiration date in the license file in the deployed cloud platform;
    如果上述验证结果为成功,对所述部署后的云平台进行周期性授权许可验证,确定所述部署后的云平台是否运行在授权许可的范围内。If the verification result is successful, perform periodic authorization verification on the deployed cloud platform to determine whether the deployed cloud platform is running within the scope of the license.
  8. 根据权利要求6所述的云平台管理方法,其中,所述对所述部署后的云平台进行周期性授权许可验证,确定所述部署后的云平台是否运行在授权 许可的范围内,包括:The cloud platform management method according to claim 6, wherein the performing the periodic authorization certificate verification on the deployed cloud platform, and determining whether the deployed cloud platform is running within the scope of the license, includes:
    验证所述部署后的云平台中节点的个数是否不大于所述授权许可信息中节点的个数;Verifying that the number of nodes in the deployed cloud platform is not greater than the number of nodes in the license information;
    验证所述部署后的云平台中节点的配置是否不大于所述授权许可信息中节点的配置;Verifying that the configuration of the node in the deployed cloud platform is not greater than the configuration of the node in the license information;
    验证所述部署后的云平台中节点的主板序列号是否在所述授权许可信息中;Verifying whether the motherboard serial number of the node in the deployed cloud platform is in the license information;
    验证所述部署后的云平台中的当前时间是否在所述授权许可信息中的有效期限之内;Verifying whether the current time in the deployed cloud platform is within the validity period of the license information;
    如果上述验证结果均为是,确定所述部署后的云平台运行在授权许可的范围内,否则,确定所述部署后的云平台没有运行在授权许可的范围内。If the verification result is yes, it is determined that the deployed cloud platform runs within the scope of the license. Otherwise, it is determined that the deployed cloud platform does not run within the scope of the license.
  9. 一种云平台管理装置,所述装置包括:A cloud platform management device, the device comprising:
    授权许可信息获取模块,设置为确定针对用户的授权许可信息,其中,所述授权许可信息包括:节点个数、节点配置、节点使用期限和组件类型;The license information obtaining module is configured to determine the license information for the user, where the license information includes: a number of nodes, a node configuration, a node usage period, and a component type;
    授权许可文件生成模块,设置为对所述授权许可信息进行数字签名,根据得到的签名信息和所述授权许可信息生成授权许可文件;a license file generating module, configured to digitally sign the license information, and generate an authorization license file according to the obtained signature information and the license information;
    云平台部署模块,设置为在对所述用户的云平台进行部署时,将所述授权许可文件添加至所述用户的云平台中,根据所述授权许可信息,部署所述用户的云平台中的节点,得到部署后的云平台。a cloud platform deployment module, configured to add the license file to the cloud platform of the user when deploying the cloud platform of the user, and deploy the cloud platform of the user according to the license information The node gets the cloud platform after deployment.
  10. 根据权利要求9所述的装置,其中,所述授权许可确定模块,具体设置为根据用户对云平台中节点的使用需求,确定针对所述用户的授权许可信息。The device according to claim 9, wherein the authorization determination module is specifically configured to determine authorization permission information for the user according to a user's usage requirement for a node in the cloud platform.
  11. 根据权利要求9或10所述的云平台管理装置,其中,所述装置还包括:The cloud platform management device according to claim 9 or 10, wherein the device further comprises:
    签名信息验证模块,设置为验证所述授权许可文件中的所述签名信息和所述授权许可信息是否对应;a signature information verification module, configured to verify whether the signature information in the license file and the license permission information correspond to;
    信息存储模块,用于若签名信息验证模块验证通过,将所述签名信息和 所述授权许可信息存储至所述用户的云平台中。And an information storage module, configured to store the signature information and the license permission information into the cloud platform of the user if the signature information verification module passes the verification.
  12. 根据权利要求10所述的云平台管理装置,其中,所述授权许可信息获取模块具体设置为,根据所述使用需求中是否包括对节点个数的需求,确定所述授权许可信息中对节点个数的授权许可为开启或关闭;The cloud platform management device according to claim 10, wherein the authorization permission information acquisition module is specifically configured to determine, according to whether the usage requirement includes a number of nodes, determine a node in the authorization permission information. The number of licenses is on or off;
    根据所述使用需求中是否包括对节点配置的需求,确定所述授权许可信息中对节点配置的授权许可为开启或关闭;Determining, according to the requirement of the node configuration, whether the license for configuring the node in the license information is on or off;
    根据所述使用需求中是否包括对节点使用期限的需求,确定所述授权许可信息中对节点使用期限的授权许可为开启或关闭;Determining, according to the requirement of the use requirement of the node, whether the license for the use term of the node in the license information is turned on or off;
    根据所述使用需求中是否包括对组件类型的需求,确定所述授权许可信息中对组件类型的授权许可为开启或关闭。The authorization of the component type in the license information is determined to be on or off according to whether the requirement for the component type is included in the usage requirement.
  13. 根据权利要求9或10所述的云平台管理装置,其中,所述云平台部署模块具体配置为,在添加节点时,获取待添加节点的节点个数和节点配置,并判断所述云平台中已添加节点的节点个数和所述待添加节点的节点个数之和是否不大于所述授权许可信息中的节点个数,且所述云平台中已添加节点的节点配置和所述待添加节点的节点配置的总配置是否不大于所述授权许可信息中的节点配置;在判断结果均为是时,添加所述待添加节点。The cloud platform management device according to claim 9 or 10, wherein the cloud platform deployment module is configured to acquire a node number and a node configuration of a node to be added when the node is added, and determine the cloud platform Whether the sum of the number of nodes of the added node and the number of nodes of the node to be added is not greater than the number of nodes in the license information, and the node configuration of the added node in the cloud platform and the to-be-added Whether the total configuration of the node configuration of the node is not greater than the node configuration in the license information; when the determination result is yes, the node to be added is added.
  14. 根据权利要求9或10所述的云平台管理装置,其中,所述装置还包括:The cloud platform management device according to claim 9 or 10, wherein the device further comprises:
    授权许可信息更新模块,配置为若接收到对所述部署后的云平台中的节点进行扩展的操作指令,向所述授权许可信息中添加待扩展节点信息,得到更新的授权许可信息;The license information update module is configured to: if an operation instruction for expanding the node in the deployed cloud platform is received, add the node information to be extended to the license information to obtain updated license information;
    授权许可文件更新模块,配置为对所述更新的授权许可信息进行数字签名,根据得到的更新的签名信息和所述更新的授权许可信息生成更新的授权许可文件;a license file update module configured to digitally sign the updated license information, and generate an updated license file according to the obtained updated signature information and the updated license information;
    扩展节点安装模块,用于根据所述更新的授权许可文件,对所述部署后的云平台进行扩展节点的安装。And an extended node installation module, configured to perform an installation of the extended node on the deployed cloud platform according to the updated license file.
  15. 根据权利要求9或10所述的云平台管理装置,其中,所述装置还包括:The cloud platform management device according to claim 9 or 10, wherein the device further comprises:
    第一验证模块,配置为验证所述部署后的云平台中授权许可文件中的签 名信息及有效期限;a first verification module, configured to verify signature information and an expiration date in the license file in the deployed cloud platform;
    第二验证模块,配置为在所述第一验证模块验证成功时,对所述部署后的云平台进行周期性授权许可验证,确定所述部署后的云平台是否运行在授权许可的范围内。The second verification module is configured to perform periodic authorization license verification on the deployed cloud platform when the first verification module is successfully verified, and determine whether the deployed cloud platform is running within the scope of the license.
  16. 根据权利要求15所述的云平台管理装置,其中,,所述第二验证模块具体用于,验证所述部署后的云平台中节点的个数是否不大于所述授权许可信息中节点的个数;验证所述部署后的云平台中节点的配置是否不大于所述授权许可信息中节点的配置;验证所述部署后的云平台中节点的主板序列号是否在所述授权许可信息中;验证所述部署后的云平台中的当前时间是否在所述授权许可信息中的有效期限之内;The cloud platform management device according to claim 15, wherein the second verification module is configured to verify whether the number of nodes in the deployed cloud platform is not greater than a node in the license information. And verifying whether the configuration of the node in the deployed cloud platform is not greater than the configuration of the node in the license information; and verifying whether the serial number of the motherboard of the node in the deployed cloud platform is in the license information; Verifying whether the current time in the deployed cloud platform is within the validity period of the license information;
    如果上述验证结果均为是,确定所述部署后的云平台运行在授权许可的范围内,否则,确定所述部署后的云平台没有运行在授权许可的范围内。If the verification result is yes, it is determined that the deployed cloud platform runs within the scope of the license. Otherwise, it is determined that the deployed cloud platform does not run within the scope of the license.
  17. 一种电子设备,包括:处理器和机器可读存储介质,所述机器可读存储介质存储有能够被所述处理器执行的机器可执行指令,所述处理器执行所述机器可执行指令时,实现权利要求1-7任一所述的云平台管理方法的步骤。An electronic device comprising: a processor and a machine readable storage medium storing machine executable instructions executable by the processor, the processor executing the machine executable instructions The steps of implementing the cloud platform management method of any of claims 1-7.
  18. 一种计算机可读存储介质,所述计算机可读存储介质内存储有计算机程序,所述计算机程序被处理器执行时,实现权利要求1-7任一所述的云平台管理方法的步骤。A computer readable storage medium having stored therein a computer program, the computer program being executed by a processor, the step of implementing the cloud platform management method of any one of claims 1-7.
  19. 一种包含指令的计算机程序产品,所述包含指令的计算机程序产品在计算机上运行时,使得计算机执行权利要求1-7任一所述的云平台管理方法步骤。A computer program product comprising instructions, the computer program product comprising instructions, when executed on a computer, causing a computer to perform the cloud platform management method steps of any of claims 1-7.
PCT/CN2018/119340 2017-12-05 2018-12-05 Cloud platform management method and apparatus, electronic device and readable storage medium WO2019109943A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711269676.0A CN109873711A (en) 2017-12-05 2017-12-05 A kind of cloud platform management method, device, electronic equipment and readable storage medium storing program for executing
CN201711269676.0 2017-12-05

Publications (1)

Publication Number Publication Date
WO2019109943A1 true WO2019109943A1 (en) 2019-06-13

Family

ID=66751259

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/119340 WO2019109943A1 (en) 2017-12-05 2018-12-05 Cloud platform management method and apparatus, electronic device and readable storage medium

Country Status (2)

Country Link
CN (1) CN109873711A (en)
WO (1) WO2019109943A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113259447A (en) * 2021-05-26 2021-08-13 中国电子信息产业集团有限公司第六研究所 Cloud platform deployment method and device, electronic equipment and storage medium

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112311739A (en) * 2019-07-31 2021-02-02 北京金山云网络技术有限公司 Service management method, management device, electronic equipment and storage medium
CN110855668A (en) * 2019-11-14 2020-02-28 浙江九州云信息科技有限公司 Method and system for managing authorization certificate of container cloud platform
CN111478953B (en) * 2020-03-27 2022-09-06 北京金山云网络技术有限公司 Self-construction method, device, system, equipment and storage medium of server cluster
CN111585880B (en) * 2020-05-13 2021-09-28 腾讯科技(深圳)有限公司 Gateway control method and device in service system and electronic equipment
CN114896621B (en) * 2022-07-15 2022-10-14 深圳竹云科技股份有限公司 Application service acquisition method, encryption method, device and computer equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010148877A1 (en) * 2010-01-08 2010-12-29 中兴通讯股份有限公司 Method and system for controlling authentication using expansion license
CN102324009A (en) * 2011-09-07 2012-01-18 上海普元信息技术股份有限公司 Software copyright control system based on cloud computing platform and method thereof
CN103944881A (en) * 2014-03-19 2014-07-23 华存数据信息技术有限公司 Cloud resource authorizing method under cloud computing environment
CN106789891A (en) * 2016-11-22 2017-05-31 国云科技股份有限公司 A kind of various dimensions software authorization control method suitable for IaaS cloud platform

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102509034B (en) * 2011-09-30 2014-11-26 广东电子工业研究院有限公司 Software license control method of software license control device
US8606899B1 (en) * 2012-05-29 2013-12-10 Sansay, Inc. Systems and methods for dynamic session license control
US20150242599A1 (en) * 2014-02-26 2015-08-27 Schlumberger Technology Corporation Cluster license server
CN104065716A (en) * 2014-06-18 2014-09-24 江苏物联网研究发展中心 OpenStack based Hadoop service providing method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010148877A1 (en) * 2010-01-08 2010-12-29 中兴通讯股份有限公司 Method and system for controlling authentication using expansion license
CN102324009A (en) * 2011-09-07 2012-01-18 上海普元信息技术股份有限公司 Software copyright control system based on cloud computing platform and method thereof
CN103944881A (en) * 2014-03-19 2014-07-23 华存数据信息技术有限公司 Cloud resource authorizing method under cloud computing environment
CN106789891A (en) * 2016-11-22 2017-05-31 国云科技股份有限公司 A kind of various dimensions software authorization control method suitable for IaaS cloud platform

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113259447A (en) * 2021-05-26 2021-08-13 中国电子信息产业集团有限公司第六研究所 Cloud platform deployment method and device, electronic equipment and storage medium
CN113259447B (en) * 2021-05-26 2022-12-20 中国电子信息产业集团有限公司第六研究所 Cloud platform deployment method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN109873711A (en) 2019-06-11

Similar Documents

Publication Publication Date Title
WO2019109943A1 (en) Cloud platform management method and apparatus, electronic device and readable storage medium
US11489678B2 (en) Platform attestation and registration for servers
CN110287654B (en) Media client device authentication using hardware trust root
US8954732B1 (en) Authenticating third-party programs for platforms
JP5314016B2 (en) Information processing apparatus, encryption key management method, computer program, and integrated circuit
US8925055B2 (en) Device using secure processing zone to establish trust for digital rights management
US8966021B1 (en) Composable machine image
CN110677376B (en) Authentication method, related device and system and computer readable storage medium
WO2018024061A1 (en) Method, device and system for licensing shared digital content
US9405912B2 (en) Hardware rooted attestation
JP6371919B2 (en) Secure software authentication and verification
WO2016074506A1 (en) Method and network device for authenticating application program integrity
US20100083386A1 (en) Tokenized Resource Access
CN111625869B (en) Data processing method and data processing device
Park et al. TM-Coin: Trustworthy management of TCB measurements in IoT
MX2012009025A (en) Software feature authorization through delegated agents.
WO2018153018A1 (en) Key update method and system
US20140157368A1 (en) Software authentication
KR20130101964A (en) System and method for securely upgrading or downgrading platform components
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN116964586A (en) Authorization encryption
Jain et al. An approach towards digital signatures for e-governance in india
JP2019057827A (en) Distributed authentication system and program
Magnanini et al. Scalable, confidential and survivable software updates
Moon et al. Cooperative remote attestation for IoT swarms

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18886352

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 22/09/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18886352

Country of ref document: EP

Kind code of ref document: A1