4 Documents Ganeti version |version|
11 Ganeti supports a remote API for enable external tools to easily
12 retrieve information about a cluster's state. The remote API daemon,
13 *ganeti-rapi*, is automatically started on the master node. By default
14 it runs on TCP port 5080, but this can be changed either in
15 ``.../constants.py`` or via the command line parameter *-p*. SSL mode,
16 which is used by default, can also be disabled by passing command line
23 ``ganeti-rapi`` reads users and passwords from a file (usually
24 ``/var/lib/ganeti/rapi_users``) on startup. After modifying the password
25 file, ``ganeti-rapi`` must be restarted.
27 Each line consists of two or three fields separated by whitespace. The
28 first two fields are for username and password. The third field is
29 optional and can be used to specify per-user options. Currently,
30 ``write`` is the only option supported and enables the user to execute
31 operations modifying the cluster. Lines starting with the hash sign
32 (``#``) are treated as comments.
34 Passwords can either be written in clear text or as a hash. Clear text
35 passwords may not start with an opening brace (``{``) or they must be
36 prefixed with ``{cleartext}``. To use the hashed form, get the MD5 hash
37 of the string ``$username:Ganeti Remote API:$password`` (e.g. ``echo -n
38 'jack:Ganeti Remote API:abc123' | openssl md5``) [#pwhash]_ and prefix
39 it with ``{ha1}``. Using the scheme prefix for all passwords is
40 recommended. Scheme prefixes are not case sensitive.
44 # Give Jack and Fred read-only access
46 fred {cleartext}foo555
48 # Give write access to an imaginary instance creation script
49 autocreator xyz789 write
51 # Hashed password for Jessica
52 jessica {HA1}7046452df2cbb530877058712cf17bd4 write
55 .. [#pwhash] Using the MD5 hash of username, realm and password is
56 described in RFC2617_ ("HTTP Authentication"), sections 3.2.2.2 and
57 3.3. The reason for using it over another algorithm is forward
58 compatibility. If ``ganeti-rapi`` were to implement HTTP Digest
59 authentication in the future, the same hash could be used.
60 In the current version ``ganeti-rapi``'s realm, ``Ganeti Remote
61 API``, can only be changed by modifying the source code.
67 The protocol used is JSON_ over HTTP designed after the REST_ principle.
68 HTTP Basic authentication as per RFC2617_ is supported.
70 .. _JSON: http://www.json.org/
71 .. _REST: http://en.wikipedia.org/wiki/Representational_State_Transfer
72 .. _RFC2617: http://tools.ietf.org/rfc/rfc2617.txt
75 A note on JSON as used by RAPI
76 ++++++++++++++++++++++++++++++
78 JSON_ as used by Ganeti RAPI does not conform to the specification in
79 :rfc:`4627`. Section 2 defines a JSON text to be either an object
80 (``{"key": "value", …}``) or an array (``[1, 2, 3, …]``). In violation
81 of this RAPI uses plain strings (``"master-candidate"``, ``"1234"``) for
82 some requests or responses. Changing this now would likely break
83 existing clients and cause a lot of trouble.
87 Unlike Python's `JSON encoder and decoder
88 <http://docs.python.org/library/json.html>`_, other programming
89 languages or libraries may only provide a strict implementation, not
90 allowing plain values. For those, responses can usually be wrapped in an
91 array whose first element is then used, e.g. the response ``"1234"``
92 becomes ``["1234"]``. This works equally well for more complex values.
97 # Insert code to get response here
100 decoded = JSON.parse("[#{response}]").first
102 Short of modifying the encoder to allow encoding to a less strict
103 format, requests will have to be formatted by hand. Newer RAPI requests
104 already use a dictionary as their input data and shouldn't cause any
111 According to RFC2616 the main difference between PUT and POST is that
112 POST can create new resources but PUT can only create the resource the
113 URI was pointing to on the PUT request.
115 Unfortunately, due to historic reasons, the Ganeti RAPI library is not
116 consistent with this usage, so just use the methods as documented below
119 For more details have a look in the source code at
120 ``lib/rapi/rlib2.py``.
123 Generic parameter types
124 -----------------------
126 A few generic refered parameter types and the values they allow.
131 A boolean option will accept ``1`` or ``0`` as numbers but not
132 i.e. ``True`` or ``False``.
137 A few parameter mean the same thing across all resources which implement
143 Bulk-mode means that for the resources which usually return just a list
144 of child resources (e.g. ``/2/instances`` which returns just instance
145 names), the output will instead contain detailed data for all these
146 subresources. This is more efficient than query-ing the sub-resources
152 The boolean *dry-run* argument, if provided and set, signals to Ganeti
153 that the job should not be executed, only the pre-execution checks will
156 This is useful in trying to determine (without guarantees though, as in
157 the meantime the cluster state could have changed) if the operation is
158 likely to succeed or at least start executing.
163 Force operation to continue even if it will cause the cluster to become
164 inconsistent (e.g. because there are not enough master candidates).
169 You can access the API using your favorite programming language as long
170 as it supports network connections.
175 Ganeti includes a standalone RAPI client, ``lib/rapi/client.py``.
184 wget -q -O - https://CLUSTERNAME:5080/2/info
188 curl https://CLUSTERNAME:5080/2/info
194 .. highlight:: python
199 f = urllib2.urlopen('https://CLUSTERNAME:5080/2/info')
206 .. warning:: While it's possible to use JavaScript, it poses several
207 potential problems, including browser blocking request due to
208 non-standard ports or different domain names. Fetching the data on
209 the webserver is easier.
211 .. highlight:: javascript
215 var url = 'https://CLUSTERNAME:5080/2/info';
217 var xmlreq = new XMLHttpRequest();
218 xmlreq.onreadystatechange = function () {
219 if (xmlreq.readyState != 4) return;
220 if (xmlreq.status == 200) {
221 info = eval("(" + xmlreq.responseText + ")");
224 alert('Error fetching cluster info');
228 xmlreq.open('GET', url, true);
234 .. highlight:: javascript
241 It supports the following commands: ``GET``.
246 Shows the list of mapped resources.
248 Returns: a dictionary with 'name' and 'uri' keys for each of them.
253 The ``/2`` resource, the root of the version 2 API.
255 It supports the following commands: ``GET``.
260 Show the list of mapped resources.
262 Returns: a dictionary with ``name`` and ``uri`` keys for each of them.
267 Cluster information resource.
269 It supports the following commands: ``GET``.
274 Returns cluster information.
279 "config_version": 2000000,
281 "software_version": "2.0.0~beta2",
282 "os_api_version": 10,
284 "candidate_pool_size": 10,
285 "enabled_hypervisors": [
291 "default_hypervisor": "fake",
292 "master": "node1.example.com",
297 "protocol_version": 20,
300 "auto_balance": true,
308 ``/2/redistribute-config``
309 ++++++++++++++++++++++++++
311 Redistribute configuration to all nodes.
313 It supports the following commands: ``PUT``.
318 Redistribute configuration to all nodes. The result will be a job id.
327 Returns a list of features supported by the RAPI server. Available
330 ``instance-create-reqv1``
331 Instance creation request data version 1 supported.
337 The instances resource.
339 It supports the following commands: ``GET``, ``POST``.
344 Returns a list of all available instances.
350 "name": "web.example.com",
351 "uri": "\/instances\/web.example.com"
354 "name": "mail.example.com",
355 "uri": "\/instances\/mail.example.com"
359 If the optional bool *bulk* argument is provided and set to a true value
360 (i.e ``?bulk=1``), the output contains detailed information about
372 "name": "web.example.com",
373 "tags": ["tag1", "tag2"],
381 "pnode": "node1.example.com",
382 "nic.macs": ["01:23:45:67:89:01"],
383 "snodes": ["node2.example.com"],
384 "disk_template": "drbd",
398 If the optional bool *dry-run* argument is provided, the job will not be
399 actually executed, only the pre-execution checks will be done. Query-ing
400 the job result will return, in both dry-run and normal case, the list of
401 nodes selected for the instance.
403 Returns: a job ID that can be used later for polling.
407 ``__version__`` (int, required)
408 Must be ``1`` (older Ganeti versions used a different format for
409 instance creation requests, version ``0``, but that format is not
411 ``mode`` (string, required)
412 Instance creation mode.
413 ``name`` (string, required)
415 ``disk_template`` (string, required)
416 Disk template for instance.
417 ``disks`` (list, required)
418 List of disk definitions. Example: ``[{"size": 100}, {"size": 5}]``.
419 Each disk definition must contain a ``size`` value and can contain an
420 optional ``mode`` value denoting the disk access mode (``ro`` or
422 ``nics`` (list, required)
423 List of NIC (network interface) definitions. Example: ``[{}, {},
424 {"ip": "198.51.100.4"}]``. Each NIC definition can contain the
425 optional values ``ip``, ``mode``, ``link`` and ``bridge``.
426 ``os`` (string, required)
427 Instance operating system.
428 ``osparams`` (dictionary)
429 Dictionary with OS parameters. If not valid for the given OS, the job
431 ``force_variant`` (bool)
432 Whether to force an unknown variant.
437 ``src_node`` (string)
438 Source node for import.
439 ``src_path`` (string)
440 Source directory for import.
442 Whether to start instance after creation.
444 Whether to ensure instance's IP address is inactive.
445 ``name_check`` (bool)
446 Whether to ensure instance's name is resolvable.
447 ``file_storage_dir`` (string)
448 File storage directory.
449 ``file_driver`` (string)
451 ``iallocator`` (string)
452 Instance allocator name.
453 ``source_handshake`` (list)
454 Signed handshake from source (remote import only).
455 ``source_x509_ca`` (string)
456 Source X509 CA in PEM format (remote import only).
457 ``source_instance_name`` (string)
458 Source instance name (remote import only).
459 ``hypervisor`` (string)
462 Hypervisor parameters, hypervisor-dependent.
467 ``/2/instances/[instance_name]``
468 ++++++++++++++++++++++++++++++++
470 Instance-specific resource.
472 It supports the following commands: ``GET``, ``DELETE``.
477 Returns information about an instance, similar to the bulk output from
485 It supports the ``dry-run`` argument.
488 ``/2/instances/[instance_name]/info``
489 +++++++++++++++++++++++++++++++++++++++
491 It supports the following commands: ``GET``.
496 Requests detailed information about the instance. An optional parameter,
497 ``static`` (bool), can be set to return only static information from the
498 configuration without querying the instance's nodes. The result will be
502 ``/2/instances/[instance_name]/reboot``
503 +++++++++++++++++++++++++++++++++++++++
505 Reboots URI for an instance.
507 It supports the following commands: ``POST``.
512 Reboots the instance.
514 The URI takes optional ``type=soft|hard|full`` and
515 ``ignore_secondaries=0|1`` parameters.
517 ``type`` defines the reboot type. ``soft`` is just a normal reboot,
518 without terminating the hypervisor. ``hard`` means full shutdown
519 (including terminating the hypervisor process) and startup again.
520 ``full`` is like ``hard`` but also recreates the configuration from
521 ground up as if you would have done a ``gnt-instance shutdown`` and
522 ``gnt-instance start`` on it.
524 ``ignore_secondaries`` is a bool argument indicating if we start the
525 instance even if secondary disks are failing.
527 It supports the ``dry-run`` argument.
530 ``/2/instances/[instance_name]/shutdown``
531 +++++++++++++++++++++++++++++++++++++++++
533 Instance shutdown URI.
535 It supports the following commands: ``PUT``.
540 Shutdowns an instance.
542 It supports the ``dry-run`` argument.
545 ``/2/instances/[instance_name]/startup``
546 ++++++++++++++++++++++++++++++++++++++++
548 Instance startup URI.
550 It supports the following commands: ``PUT``.
557 The URI takes an optional ``force=1|0`` parameter to start the
558 instance even if secondary disks are failing.
560 It supports the ``dry-run`` argument.
562 ``/2/instances/[instance_name]/reinstall``
563 ++++++++++++++++++++++++++++++++++++++++++++++
565 Installs the operating system again.
567 It supports the following commands: ``POST``.
572 Takes the parameters ``os`` (OS template name) and ``nostartup`` (bool).
575 ``/2/instances/[instance_name]/replace-disks``
576 ++++++++++++++++++++++++++++++++++++++++++++++
578 Replaces disks on an instance.
580 It supports the following commands: ``POST``.
585 Takes the parameters ``mode`` (one of ``replace_on_primary``,
586 ``replace_on_secondary``, ``replace_new_secondary`` or
587 ``replace_auto``), ``disks`` (comma separated list of disk indexes),
588 ``remote_node`` and ``iallocator``.
590 Either ``remote_node`` or ``iallocator`` needs to be defined when using
591 ``mode=replace_new_secondary``.
593 ``mode`` is a mandatory parameter. ``replace_auto`` tries to determine
594 the broken disk(s) on its own and replacing it.
597 ``/2/instances/[instance_name]/activate-disks``
598 +++++++++++++++++++++++++++++++++++++++++++++++
600 Activate disks on an instance.
602 It supports the following commands: ``PUT``.
607 Takes the bool parameter ``ignore_size``. When set ignore the recorded
608 size (useful for forcing activation when recorded size is wrong).
611 ``/2/instances/[instance_name]/deactivate-disks``
612 +++++++++++++++++++++++++++++++++++++++++++++++++
614 Deactivate disks on an instance.
616 It supports the following commands: ``PUT``.
624 ``/2/instances/[instance_name]/prepare-export``
625 +++++++++++++++++++++++++++++++++++++++++++++++++
627 Prepares an export of an instance.
629 It supports the following commands: ``PUT``.
634 Takes one parameter, ``mode``, for the export mode. Returns a job ID.
637 ``/2/instances/[instance_name]/export``
638 +++++++++++++++++++++++++++++++++++++++++++++++++
642 It supports the following commands: ``PUT``.
653 ``destination`` (required)
654 Destination information, depends on export mode.
655 ``shutdown`` (bool, required)
656 Whether to shutdown instance before export.
657 ``remove_instance`` (bool)
658 Whether to remove instance after export.
660 Name of X509 key (remote export only).
661 ``destination_x509_ca``
662 Destination X509 CA (remote export only).
665 ``/2/instances/[instance_name]/migrate``
666 ++++++++++++++++++++++++++++++++++++++++
668 Migrates an instance.
670 Supports the following commands: ``PUT``.
682 Whether a previously failed migration should be cleaned up.
685 ``/2/instances/[instance_name]/rename``
686 ++++++++++++++++++++++++++++++++++++++++
690 Supports the following commands: ``PUT``.
699 ``new_name`` (string, required)
702 Whether to ensure instance's IP address is inactive.
703 ``name_check`` (bool)
704 Whether to ensure instance's name is resolvable.
707 ``/2/instances/[instance_name]/modify``
708 ++++++++++++++++++++++++++++++++++++++++
710 Modifies an instance.
712 Supports the following commands: ``PUT``.
722 Dictionary with OS parameters.
724 Hypervisor parameters, hypervisor-dependent.
728 Whether to force the operation.
730 List of NIC changes. Each item is of the form ``(op, settings)``.
731 ``op`` can be ``add`` to add a new NIC with the specified settings,
732 ``remove`` to remove the last NIC or a number to modify the settings
733 of the NIC with that index.
735 List of disk changes. See ``nics``.
736 ``disk_template`` (string)
737 Disk template for instance.
738 ``remote_node`` (string)
739 Secondary node (used when changing disk template).
741 Change instance's OS name. Does not reinstall the instance.
742 ``force_variant`` (bool)
743 Whether to force an unknown variant.
746 ``/2/instances/[instance_name]/tags``
747 +++++++++++++++++++++++++++++++++++++
749 Manages per-instance tags.
751 It supports the following commands: ``GET``, ``PUT``, ``DELETE``.
756 Returns a list of tags.
760 ["tag1", "tag2", "tag3"]
767 The request as a list of strings should be ``PUT`` to this URI. The
768 result will be a job id.
770 It supports the ``dry-run`` argument.
778 In order to delete a set of tags, the DELETE request should be addressed
781 /tags?tag=[tag]&tag=[tag]
783 It supports the ``dry-run`` argument.
789 The ``/2/jobs`` resource.
791 It supports the following commands: ``GET``.
796 Returns a dictionary of jobs.
798 Returns: a dictionary with jobs id and uri.
806 It supports the following commands: ``GET``, ``DELETE``.
811 Returns a job status.
813 Returns: a dictionary with job parameters.
817 - id: job ID as a number
818 - status: current job status as a string
819 - ops: involved OpCodes as a list of dictionaries for each opcodes in
821 - opstatus: OpCodes status as a list
822 - opresult: OpCodes results as a list
824 For a successful opcode, the ``opresult`` field corresponding to it will
825 contain the raw result from its :term:`LogicalUnit`. In case an opcode
826 has failed, its element in the opresult list will be a list of two
829 - first element the error type (the Ganeti internal error name)
830 - second element a list of either one or two elements:
832 - the first element is the textual error description
833 - the second element, if any, will hold an error classification
835 The error classification is most useful for the ``OpPrereqError``
836 error type - these errors happen before the OpCode has started
837 executing, so it's possible to retry the OpCode without side
838 effects. But whether it make sense to retry depends on the error
842 Resolver errors. This usually means that a name doesn't exist in DNS,
843 so if it's a case of slow DNS propagation the operation can be retried
846 ``insufficient_resources``
847 Not enough resources (iallocator failure, disk space, memory,
848 etc.). If the resources on the cluster increase, the operation might
852 Wrong arguments (at syntax level). The operation will not ever be
853 accepted unless the arguments change.
856 Wrong entity state. For example, live migration has been requested for
857 a down instance, or instance creation on an offline node. The
858 operation can be retried once the resource has changed state.
861 Entity not found. For example, information has been requested for an
865 Entity already exists. For example, instance creation has been
866 requested for an already-existing instance.
868 ``resource_not_unique``
869 Resource not unique (e.g. MAC or IP duplication).
872 Internal cluster error. For example, a node is unreachable but not set
873 offline, or the ganeti node daemons are not working, etc. A
874 ``gnt-cluster verify`` should be run.
876 ``environment_error``
877 Environment error (e.g. node disk error). A ``gnt-cluster verify``
880 Note that in the above list, by entity we refer to a node or instance,
881 while by a resource we refer to an instance's disk, or NIC, etc.
887 Cancel a not-yet-started job.
890 ``/2/jobs/[job_id]/wait``
891 +++++++++++++++++++++++++
896 Waits for changes on a job. Takes the following body parameters in a
900 The job fields on which to watch for changes.
902 ``previous_job_info``
903 Previously received field values or None if not yet available.
905 ``previous_log_serial``
906 Highest log serial number received so far or None if not yet
909 Returns None if no changes have been detected and a dict with two keys,
910 ``job_info`` and ``log_entries`` otherwise.
918 It supports the following commands: ``GET``.
923 Returns a list of all nodes.
929 "id": "node1.example.com",
930 "uri": "\/nodes\/node1.example.com"
933 "id": "node2.example.com",
934 "uri": "\/nodes\/node2.example.com"
938 If the optional 'bulk' argument is provided and set to 'true' value (i.e
939 '?bulk=1'), the output contains detailed information about nodes as a
949 "name": "www.example.com",
960 ``/2/nodes/[node_name]``
961 +++++++++++++++++++++++++++++++++
963 Returns information about a node.
965 It supports the following commands: ``GET``.
967 ``/2/nodes/[node_name]/evacuate``
968 +++++++++++++++++++++++++++++++++
970 Evacuates all secondary instances off a node.
972 It supports the following commands: ``POST``.
977 To evacuate a node, either one of the ``iallocator`` or ``remote_node``
978 parameters must be passed::
980 evacuate?iallocator=[iallocator]
981 evacuate?remote_node=[nodeX.example.com]
983 The result value will be a list, each element being a triple of the job
984 id (for this specific evacuation), the instance which is being evacuated
985 by this job, and the node to which it is being relocated. In case the
986 node is already empty, the result will be an empty list (without any
987 jobs being submitted).
989 And additional parameter ``early_release`` signifies whether to try to
990 parallelize the evacuations, at the risk of increasing I/O contention
991 and increasing the chances of data loss, if the primary node of any of
992 the instances being evacuated is not fully healthy.
994 If the dry-run parameter was specified, then the evacuation jobs were
995 not actually submitted, and the job IDs will be null.
998 ``/2/nodes/[node_name]/migrate``
999 +++++++++++++++++++++++++++++++++
1001 Migrates all primary instances from a node.
1003 It supports the following commands: ``POST``.
1008 No parameters are required, but the bool parameter ``live`` can be set
1009 to use live migration (if available).
1013 ``/2/nodes/[node_name]/role``
1014 +++++++++++++++++++++++++++++
1018 It supports the following commands: ``GET``, ``PUT``.
1020 The role is always one of the following:
1031 Returns the current node role.
1040 Change the node role.
1042 The request is a string which should be PUT to this URI. The result will
1045 It supports the bool ``force`` argument.
1047 ``/2/nodes/[node_name]/storage``
1048 ++++++++++++++++++++++++++++++++
1050 Manages storage units on the node.
1055 Requests a list of storage units on a node. Requires the parameters
1056 ``storage_type`` (one of ``file``, ``lvm-pv`` or ``lvm-vg``) and
1057 ``output_fields``. The result will be a job id, using which the result
1060 ``/2/nodes/[node_name]/storage/modify``
1061 +++++++++++++++++++++++++++++++++++++++
1063 Modifies storage units on the node.
1068 Modifies parameters of storage units on the node. Requires the
1069 parameters ``storage_type`` (one of ``file``, ``lvm-pv`` or ``lvm-vg``)
1070 and ``name`` (name of the storage unit). Parameters can be passed
1071 additionally. Currently only ``allocatable`` (bool) is supported. The
1072 result will be a job id.
1074 ``/2/nodes/[node_name]/storage/repair``
1075 +++++++++++++++++++++++++++++++++++++++
1077 Repairs a storage unit on the node.
1082 Repairs a storage unit on the node. Requires the parameters
1083 ``storage_type`` (currently only ``lvm-vg`` can be repaired) and
1084 ``name`` (name of the storage unit). The result will be a job id.
1086 ``/2/nodes/[node_name]/tags``
1087 +++++++++++++++++++++++++++++
1089 Manages per-node tags.
1091 It supports the following commands: ``GET``, ``PUT``, ``DELETE``.
1096 Returns a list of tags.
1100 ["tag1", "tag2", "tag3"]
1107 The request as a list of strings should be PUT to this URI. The result
1110 It supports the ``dry-run`` argument.
1117 In order to delete a set of tags, the DELETE request should be addressed
1120 /tags?tag=[tag]&tag=[tag]
1122 It supports the ``dry-run`` argument.
1130 It supports the following commands: ``GET``.
1135 Return a list of all OSes.
1137 Can return error 500 in case of a problem. Since this is a costly
1138 operation for Ganeti 2.0, it is not recommended to execute it too often.
1147 Manages cluster tags.
1149 It supports the following commands: ``GET``, ``PUT``, ``DELETE``.
1154 Returns the cluster tags.
1158 ["tag1", "tag2", "tag3"]
1165 The request as a list of strings should be PUT to this URI. The result
1168 It supports the ``dry-run`` argument.
1176 In order to delete a set of tags, the DELETE request should be addressed
1179 /tags?tag=[tag]&tag=[tag]
1181 It supports the ``dry-run`` argument.
1187 The version resource.
1189 This resource should be used to determine the remote API version and to
1190 adapt clients accordingly.
1192 It supports the following commands: ``GET``.
1197 Returns the remote API version. Ganeti 1.2 returned ``1`` and Ganeti 2.0
1200 .. vim: set textwidth=72 :