1 <!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
3 <!-- Fill in your name for FIRSTNAME and SURNAME. -->
4 <!-- Please adjust the date whenever revising the manpage. -->
5 <!ENTITY dhdate "<date>June 08, 2010</date>">
6 <!-- SECTION should be 1-8, maybe w/ subsection other parameters are
7 allowed: see man(7), man(1). -->
8 <!ENTITY dhsection "<manvolnum>8</manvolnum>">
9 <!ENTITY dhucpackage "<refentrytitle>ganeti-rapi</refentrytitle>">
10 <!ENTITY dhpackage "ganeti-rapi">
12 <!ENTITY debian "<productname>Debian</productname>">
13 <!ENTITY gnu "<acronym>GNU</acronym>">
14 <!ENTITY gpl "&gnu; <acronym>GPL</acronym>">
15 <!ENTITY footer SYSTEM "footer.sgml">
24 <holder>Google Inc.</holder>
32 <refmiscinfo>Ganeti 2.2</refmiscinfo>
35 <refname>&dhpackage;</refname>
37 <refpurpose>Ganeti remote API daemon</refpurpose>
41 <command>&dhpackage; </command>
45 <arg>-K <replaceable>SSL_KEY_FILE</replaceable></arg>
46 <arg>-C <replaceable>SSL_CERT_FILE</replaceable></arg>
52 <title>DESCRIPTION</title>
55 <command>&dhpackage;</command> is the daemon providing a remote
56 API for Ganeti clusters.
60 It is automatically started on the master node, and by default
61 it uses SSL encryption. This can be disabled by passing the
62 <option>--no-ssl</option> option, or alternatively the
63 certificate used can be changed via the <option>-C</option>
64 option and the key via the <option>-K</option> option.
68 The daemon will listen to the "ganeti-rapi" tcp port, as listed in the
69 system services database, or to port 5080 by default.
73 See the <emphasis>Ganeti remote API</emphasis> documentation for
78 Requests are logged to
79 <filename>@LOCALSTATEDIR@/log/ganeti/rapi-daemon.log</filename>,
80 in the same format as for the node and master daemon.
86 <title>ACCESS CONTROLS</title>
89 All query operations are allowed without authentication. Only
90 the modification operations require authentication, in the form
91 of basic authentication.
95 The users and their rights are defined in a file named
96 <filename>rapi_users</filename>, located in the <filename
97 class="directory">@LOCALSTATEDIR@/ganeti</filename>
98 directory. The users should be listed one per line, in the
102 <screen>username password options</screen>
105 Currently the <replaceable>options</replaceable> field should
106 equal the string <emphasis>write</emphasis> in order to actually
107 give write permission for the given users. Example:
109 <screen>rclient secret write
112 <para>The first user (<userinput>rclient</userinput>) will have
113 read-write rights, whereas the second user does only have read
114 (query) rights, and as such is no different than not using
115 authentication at all.</para>
117 <para>More details (including on how to use hashed passwords) can be found
118 in the Ganeti documentation.</para>
125 <!-- Keep this comment at the end of the file
130 sgml-minimize-attributes:nil
131 sgml-always-quote-attributes:t
134 sgml-parent-document:nil
135 sgml-default-dtd-file:nil
136 sgml-exposed-tags:nil
137 sgml-local-catalogs:nil
138 sgml-local-ecat-files:nil