4 Documents Ganeti version |version|
11 Ganeti supports a remote API for enable external tools to easily
12 retrieve information about a cluster's state. The remote API daemon,
13 *ganeti-rapi*, is automatically started on the master node. By default
14 it runs on TCP port 5080, but this can be changed either in
15 ``.../constants.py`` or via the command line parameter *-p*. SSL mode,
16 which is used by default, can also be disabled by passing command line
23 ``ganeti-rapi`` reads users and passwords from a file (usually
24 ``/var/lib/ganeti/rapi_users``) on startup. After modifying the password
25 file, ``ganeti-rapi`` must be restarted.
27 Each line consists of two or three fields separated by whitespace. The
28 first two fields are for username and password. The third field is
29 optional and can be used to specify per-user options. Currently,
30 ``write`` is the only option supported and enables the user to execute
31 operations modifying the cluster. Lines starting with the hash sign
32 (``#``) are treated as comments.
34 Passwords can either be written in clear text or as a hash. Clear text
35 passwords may not start with an opening brace (``{``) or they must be
36 prefixed with ``{cleartext}``. To use the hashed form, get the MD5 hash
37 of the string ``$username:Ganeti Remote API:$password`` (e.g. ``echo -n
38 'jack:Ganeti Remote API:abc123' | openssl md5``) [#pwhash]_ and prefix
39 it with ``{ha1}``. Using the scheme prefix for all passwords is
40 recommended. Scheme prefixes are not case sensitive.
44 # Give Jack and Fred read-only access
46 fred {cleartext}foo555
48 # Give write access to an imaginary instance creation script
49 autocreator xyz789 write
51 # Hashed password for Jessica
52 jessica {HA1}7046452df2cbb530877058712cf17bd4 write
55 .. [#pwhash] Using the MD5 hash of username, realm and password is
56 described in RFC2617_ ("HTTP Authentication"), sections 3.2.2.2 and
57 3.3. The reason for using it over another algorithm is forward
58 compatibility. If ``ganeti-rapi`` were to implement HTTP Digest
59 authentication in the future, the same hash could be used.
60 In the current version ``ganeti-rapi``'s realm, ``Ganeti Remote
61 API``, can only be changed by modifying the source code.
67 The protocol used is JSON_ over HTTP designed after the REST_ principle.
68 HTTP Basic authentication as per RFC2617_ is supported.
70 .. _JSON: http://www.json.org/
71 .. _REST: http://en.wikipedia.org/wiki/Representational_State_Transfer
72 .. _RFC2617: http://tools.ietf.org/rfc/rfc2617.txt
78 According to RFC2616 the main difference between PUT and POST is that
79 POST can create new resources but PUT can only create the resource the
80 URI was pointing to on the PUT request.
82 Unfortunately, due to historic reasons, the Ganeti RAPI library is not
83 consistent with this usage, so just use the methods as documented below
86 For more details have a look in the source code at
87 ``lib/rapi/rlib2.py``.
90 Generic parameter types
91 -----------------------
93 A few generic refered parameter types and the values they allow.
98 A boolean option will accept ``1`` or ``0`` as numbers but not
99 i.e. ``True`` or ``False``.
104 A few parameter mean the same thing across all resources which implement
110 Bulk-mode means that for the resources which usually return just a list
111 of child resources (e.g. ``/2/instances`` which returns just instance
112 names), the output will instead contain detailed data for all these
113 subresources. This is more efficient than query-ing the sub-resources
119 The boolean *dry-run* argument, if provided and set, signals to Ganeti
120 that the job should not be executed, only the pre-execution checks will
123 This is useful in trying to determine (without guarantees though, as in
124 the meantime the cluster state could have changed) if the operation is
125 likely to succeed or at least start executing.
130 Force operation to continue even if it will cause the cluster to become
131 inconsistent (e.g. because there are not enough master candidates).
136 You can access the API using your favorite programming language as long
137 as it supports network connections.
146 wget -q -O - https://CLUSTERNAME:5080/2/info
150 curl https://CLUSTERNAME:5080/2/info
156 .. highlight:: python
161 f = urllib2.urlopen('https://CLUSTERNAME:5080/2/info')
168 .. warning:: While it's possible to use JavaScript, it poses several
169 potential problems, including browser blocking request due to
170 non-standard ports or different domain names. Fetching the data on
171 the webserver is easier.
173 .. highlight:: javascript
177 var url = 'https://CLUSTERNAME:5080/2/info';
179 var xmlreq = new XMLHttpRequest();
180 xmlreq.onreadystatechange = function () {
181 if (xmlreq.readyState != 4) return;
182 if (xmlreq.status == 200) {
183 info = eval("(" + xmlreq.responseText + ")");
186 alert('Error fetching cluster info');
190 xmlreq.open('GET', url, true);
196 .. highlight:: javascript
203 It supports the following commands: ``GET``.
208 Shows the list of mapped resources.
210 Returns: a dictionary with 'name' and 'uri' keys for each of them.
215 The ``/2`` resource, the root of the version 2 API.
217 It supports the following commands: ``GET``.
222 Show the list of mapped resources.
224 Returns: a dictionary with ``name`` and ``uri`` keys for each of them.
229 Cluster information resource.
231 It supports the following commands: ``GET``.
236 Returns cluster information.
241 "config_version": 2000000,
243 "software_version": "2.0.0~beta2",
244 "os_api_version": 10,
246 "candidate_pool_size": 10,
247 "enabled_hypervisors": [
253 "default_hypervisor": "fake",
254 "master": "node1.example.com",
259 "protocol_version": 20,
262 "auto_balance": true,
270 ``/2/redistribute-config``
271 ++++++++++++++++++++++++++
273 Redistribute configuration to all nodes.
275 It supports the following commands: ``PUT``.
280 Redistribute configuration to all nodes. The result will be a job id.
286 The instances resource.
288 It supports the following commands: ``GET``, ``POST``.
293 Returns a list of all available instances.
299 "name": "web.example.com",
300 "uri": "\/instances\/web.example.com"
303 "name": "mail.example.com",
304 "uri": "\/instances\/mail.example.com"
308 If the optional bool *bulk* argument is provided and set to a true value
309 (i.e ``?bulk=1``), the output contains detailed information about
321 "name": "web.example.com",
322 "tags": ["tag1", "tag2"],
330 "pnode": "node1.example.com",
331 "nic.macs": ["01:23:45:67:89:01"],
332 "snodes": ["node2.example.com"],
333 "disk_template": "drbd",
347 If the optional bool *dry-run* argument is provided, the job will not be
348 actually executed, only the pre-execution checks will be done. Query-ing
349 the job result will return, in both dry-run and normal case, the list of
350 nodes selected for the instance.
352 Returns: a job ID that can be used later for polling.
354 ``/2/instances/[instance_name]``
355 ++++++++++++++++++++++++++++++++
357 Instance-specific resource.
359 It supports the following commands: ``GET``, ``DELETE``.
364 Returns information about an instance, similar to the bulk output from
372 It supports the ``dry-run`` argument.
375 ``/2/instances/[instance_name]/info``
376 +++++++++++++++++++++++++++++++++++++++
378 It supports the following commands: ``GET``.
383 Requests detailed information about the instance. An optional parameter,
384 ``static`` (bool), can be set to return only static information from the
385 configuration without querying the instance's nodes. The result will be
389 ``/2/instances/[instance_name]/reboot``
390 +++++++++++++++++++++++++++++++++++++++
392 Reboots URI for an instance.
394 It supports the following commands: ``POST``.
399 Reboots the instance.
401 The URI takes optional ``type=soft|hard|full`` and
402 ``ignore_secondaries=0|1`` parameters.
404 ``type`` defines the reboot type. ``soft`` is just a normal reboot,
405 without terminating the hypervisor. ``hard`` means full shutdown
406 (including terminating the hypervisor process) and startup again.
407 ``full`` is like ``hard`` but also recreates the configuration from
408 ground up as if you would have done a ``gnt-instance shutdown`` and
409 ``gnt-instance start`` on it.
411 ``ignore_secondaries`` is a bool argument indicating if we start the
412 instance even if secondary disks are failing.
414 It supports the ``dry-run`` argument.
417 ``/2/instances/[instance_name]/shutdown``
418 +++++++++++++++++++++++++++++++++++++++++
420 Instance shutdown URI.
422 It supports the following commands: ``PUT``.
427 Shutdowns an instance.
429 It supports the ``dry-run`` argument.
432 ``/2/instances/[instance_name]/startup``
433 ++++++++++++++++++++++++++++++++++++++++
435 Instance startup URI.
437 It supports the following commands: ``PUT``.
444 The URI takes an optional ``force=1|0`` parameter to start the
445 instance even if secondary disks are failing.
447 It supports the ``dry-run`` argument.
449 ``/2/instances/[instance_name]/reinstall``
450 ++++++++++++++++++++++++++++++++++++++++++++++
452 Installs the operating system again.
454 It supports the following commands: ``POST``.
459 Takes the parameters ``os`` (OS template name) and ``nostartup`` (bool).
462 ``/2/instances/[instance_name]/replace-disks``
463 ++++++++++++++++++++++++++++++++++++++++++++++
465 Replaces disks on an instance.
467 It supports the following commands: ``POST``.
472 Takes the parameters ``mode`` (one of ``replace_on_primary``,
473 ``replace_on_secondary``, ``replace_new_secondary`` or
474 ``replace_auto``), ``disks`` (comma separated list of disk indexes),
475 ``remote_node`` and ``iallocator``.
477 Either ``remote_node`` or ``iallocator`` needs to be defined when using
478 ``mode=replace_new_secondary``.
480 ``mode`` is a mandatory parameter. ``replace_auto`` tries to determine
481 the broken disk(s) on its own and replacing it.
484 ``/2/instances/[instance_name]/activate-disks``
485 +++++++++++++++++++++++++++++++++++++++++++++++
487 Activate disks on an instance.
489 It supports the following commands: ``PUT``.
494 Takes the bool parameter ``ignore_size``. When set ignore the recorded
495 size (useful for forcing activation when recorded size is wrong).
498 ``/2/instances/[instance_name]/deactivate-disks``
499 +++++++++++++++++++++++++++++++++++++++++++++++++
501 Deactivate disks on an instance.
503 It supports the following commands: ``PUT``.
511 ``/2/instances/[instance_name]/tags``
512 +++++++++++++++++++++++++++++++++++++
514 Manages per-instance tags.
516 It supports the following commands: ``GET``, ``PUT``, ``DELETE``.
521 Returns a list of tags.
525 ["tag1", "tag2", "tag3"]
532 The request as a list of strings should be ``PUT`` to this URI. The
533 result will be a job id.
535 It supports the ``dry-run`` argument.
543 In order to delete a set of tags, the DELETE request should be addressed
546 /tags?tag=[tag]&tag=[tag]
548 It supports the ``dry-run`` argument.
554 The ``/2/jobs`` resource.
556 It supports the following commands: ``GET``.
561 Returns a dictionary of jobs.
563 Returns: a dictionary with jobs id and uri.
571 It supports the following commands: ``GET``, ``DELETE``.
576 Returns a job status.
578 Returns: a dictionary with job parameters.
582 - id: job ID as a number
583 - status: current job status as a string
584 - ops: involved OpCodes as a list of dictionaries for each opcodes in
586 - opstatus: OpCodes status as a list
587 - opresult: OpCodes results as a list
589 For a successful opcode, the ``opresult`` field corresponding to it will
590 contain the raw result from its :term:`LogicalUnit`. In case an opcode
591 has failed, its element in the opresult list will be a list of two
594 - first element the error type (the Ganeti internal error name)
595 - second element a list of either one or two elements:
597 - the first element is the textual error description
598 - the second element, if any, will hold an error classification
600 The error classification is most useful for the ``OpPrereqError``
601 error type - these errors happen before the OpCode has started
602 executing, so it's possible to retry the OpCode without side
603 effects. But whether it make sense to retry depends on the error
607 Resolver errors. This usually means that a name doesn't exist in DNS,
608 so if it's a case of slow DNS propagation the operation can be retried
611 ``insufficient_resources``
612 Not enough resources (iallocator failure, disk space, memory,
613 etc.). If the resources on the cluster increase, the operation might
617 Wrong arguments (at syntax level). The operation will not ever be
618 accepted unless the arguments change.
621 Wrong entity state. For example, live migration has been requested for
622 a down instance, or instance creation on an offline node. The
623 operation can be retried once the resource has changed state.
626 Entity not found. For example, information has been requested for an
630 Entity already exists. For example, instance creation has been
631 requested for an already-existing instance.
633 ``resource_not_unique``
634 Resource not unique (e.g. MAC or IP duplication).
637 Internal cluster error. For example, a node is unreachable but not set
638 offline, or the ganeti node daemons are not working, etc. A
639 ``gnt-cluster verify`` should be run.
641 ``environment_error``
642 Environment error (e.g. node disk error). A ``gnt-cluster verify``
645 Note that in the above list, by entity we refer to a node or instance,
646 while by a resource we refer to an instance's disk, or NIC, etc.
652 Cancel a not-yet-started job.
655 ``/2/jobs/[job_id]/wait``
656 +++++++++++++++++++++++++
661 Waits for changes on a job. Takes the following body parameters in a
665 The job fields on which to watch for changes.
667 ``previous_job_info``
668 Previously received field values or None if not yet available.
670 ``previous_log_serial``
671 Highest log serial number received so far or None if not yet
674 Returns None if no changes have been detected and a dict with two keys,
675 ``job_info`` and ``log_entries`` otherwise.
683 It supports the following commands: ``GET``.
688 Returns a list of all nodes.
694 "id": "node1.example.com",
695 "uri": "\/nodes\/node1.example.com"
698 "id": "node2.example.com",
699 "uri": "\/nodes\/node2.example.com"
703 If the optional 'bulk' argument is provided and set to 'true' value (i.e
704 '?bulk=1'), the output contains detailed information about nodes as a
714 "name": "www.example.com",
725 ``/2/nodes/[node_name]``
726 +++++++++++++++++++++++++++++++++
728 Returns information about a node.
730 It supports the following commands: ``GET``.
732 ``/2/nodes/[node_name]/evacuate``
733 +++++++++++++++++++++++++++++++++
735 Evacuates all secondary instances off a node.
737 It supports the following commands: ``POST``.
742 To evacuate a node, either one of the ``iallocator`` or ``remote_node``
743 parameters must be passed::
745 evacuate?iallocator=[iallocator]
746 evacuate?remote_node=[nodeX.example.com]
748 ``/2/nodes/[node_name]/migrate``
749 +++++++++++++++++++++++++++++++++
751 Migrates all primary instances from a node.
753 It supports the following commands: ``POST``.
758 No parameters are required, but the bool parameter ``live`` can be set
759 to use live migration (if available).
763 ``/2/nodes/[node_name]/role``
764 +++++++++++++++++++++++++++++
768 It supports the following commands: ``GET``, ``PUT``.
770 The role is always one of the following:
781 Returns the current node role.
790 Change the node role.
792 The request is a string which should be PUT to this URI. The result will
795 It supports the bool ``force`` argument.
797 ``/2/nodes/[node_name]/storage``
798 ++++++++++++++++++++++++++++++++
800 Manages storage units on the node.
805 Requests a list of storage units on a node. Requires the parameters
806 ``storage_type`` (one of ``file``, ``lvm-pv`` or ``lvm-vg``) and
807 ``output_fields``. The result will be a job id, using which the result
810 ``/2/nodes/[node_name]/storage/modify``
811 +++++++++++++++++++++++++++++++++++++++
813 Modifies storage units on the node.
818 Modifies parameters of storage units on the node. Requires the
819 parameters ``storage_type`` (one of ``file``, ``lvm-pv`` or ``lvm-vg``)
820 and ``name`` (name of the storage unit). Parameters can be passed
821 additionally. Currently only ``allocatable`` (bool) is supported. The
822 result will be a job id.
824 ``/2/nodes/[node_name]/storage/repair``
825 +++++++++++++++++++++++++++++++++++++++
827 Repairs a storage unit on the node.
832 Repairs a storage unit on the node. Requires the parameters
833 ``storage_type`` (currently only ``lvm-vg`` can be repaired) and
834 ``name`` (name of the storage unit). The result will be a job id.
836 ``/2/nodes/[node_name]/tags``
837 +++++++++++++++++++++++++++++
839 Manages per-node tags.
841 It supports the following commands: ``GET``, ``PUT``, ``DELETE``.
846 Returns a list of tags.
850 ["tag1", "tag2", "tag3"]
857 The request as a list of strings should be PUT to this URI. The result
860 It supports the ``dry-run`` argument.
867 In order to delete a set of tags, the DELETE request should be addressed
870 /tags?tag=[tag]&tag=[tag]
872 It supports the ``dry-run`` argument.
880 It supports the following commands: ``GET``.
885 Return a list of all OSes.
887 Can return error 500 in case of a problem. Since this is a costly
888 operation for Ganeti 2.0, it is not recommended to execute it too often.
897 Manages cluster tags.
899 It supports the following commands: ``GET``, ``PUT``, ``DELETE``.
904 Returns the cluster tags.
908 ["tag1", "tag2", "tag3"]
915 The request as a list of strings should be PUT to this URI. The result
918 It supports the ``dry-run`` argument.
926 In order to delete a set of tags, the DELETE request should be addressed
929 /tags?tag=[tag]&tag=[tag]
931 It supports the ``dry-run`` argument.
937 The version resource.
939 This resource should be used to determine the remote API version and to
940 adapt clients accordingly.
942 It supports the following commands: ``GET``.
947 Returns the remote API version. Ganeti 1.2 returned ``1`` and Ganeti 2.0
950 .. vim: set textwidth=72 :