which is used by default, can also be disabled by passing command line
parameters.
+
+Users and passwords
+-------------------
+
+``ganeti-rapi`` reads users and passwords from a file (usually
+``/var/lib/ganeti/rapi_users``) on startup. After modifying the password
+file, ``ganeti-rapi`` must be restarted.
+
+Each line consists of two or three fields separated by whitespace. The
+first two fields are for username and password. The third field is
+optional and can be used to specify per-user options. Currently,
+``write`` is the only option supported and enables the user to execute
+operations modifying the cluster. Lines starting with the hash sign
+(``#``) are treated as comments.
+
+Passwords can either be written in clear text or as a hash. Clear text
+passwords may not start with an opening brace (``{``) or they must be
+prefixed with ``{cleartext}``. To use the hashed form, get the MD5 hash
+of the string ``$username:Ganeti Remote API:$password`` (e.g. ``echo -n
+'jack:Ganeti Remote API:abc123' | openssl md5``) [#pwhash]_ and prefix
+it with ``{ha1}``. Using the scheme prefix for all passwords is
+recommended. Scheme prefixes are not case sensitive.
+
+Example::
+
+ # Give Jack and Fred read-only access
+ jack abc123
+ fred {cleartext}foo555
+
+ # Give write access to an imaginary instance creation script
+ autocreator xyz789 write
+
+ # Hashed password for Jessica
+ jessica {HA1}7046452df2cbb530877058712cf17bd4 write
+
+
+.. [#pwhash] Using the MD5 hash of username, realm and password is
+ described in RFC2617_ ("HTTP Authentication"), sections 3.2.2.2 and
+ 3.3. The reason for using it over another algorithm is forward
+ compatibility. If ``ganeti-rapi`` were to implement HTTP Digest
+ authentication in the future, the same hash could be used.
+ In the current version ``ganeti-rapi``'s realm, ``Ganeti Remote
+ API``, can only be changed by modifying the source code.
+
+
Protocol
--------
-The protocol used is JSON_ over HTTP designed after the REST_
-principle.
+The protocol used is JSON_ over HTTP designed after the REST_ principle.
+HTTP Basic authentication as per RFC2617_ is supported.
.. _JSON: http://www.json.org/
.. _REST: http://en.wikipedia.org/wiki/Representational_State_Transfer
+.. _RFC2617: http://tools.ietf.org/rfc/rfc2617.txt
+
+
+PUT or POST?
+------------
+
+According to RFC2616 the main difference between PUT and POST is that
+POST can create new resources but PUT can only create the resource the
+URI was pointing to on the PUT request.
+
+Unfortunately, due to historic reasons, the Ganeti RAPI library is not
+consistent with this usage, so just use the methods as documented below
+for each resource.
+
+For more details have a look in the source code at
+``lib/rapi/rlib2.py``.
+
+
+Generic parameter types
+-----------------------
+
+A few generic refered parameter types and the values they allow.
+
+``bool``
+++++++++
+
+A boolean option will accept ``1`` or ``0`` as numbers but not
+i.e. ``True`` or ``False``.
Generic parameters
------------------
-A few parameter mean the same thing across all resources which implement it.
+A few parameter mean the same thing across all resources which implement
+it.
``bulk``
++++++++
-Bulk-mode means that for the resources which usually return just a
-list of child resources (e.g. ``/2/instances`` which returns just
-instance names), the output will instead contain detailed data for all
-these subresources. This is more efficient than query-ing the
-sub-resources themselves.
+Bulk-mode means that for the resources which usually return just a list
+of child resources (e.g. ``/2/instances`` which returns just instance
+names), the output will instead contain detailed data for all these
+subresources. This is more efficient than query-ing the sub-resources
+themselves.
``dry-run``
+++++++++++
-The optional *dry-run* argument, if provided and set to a positive
-integer value (e.g. ``?dry-run=1``), signals to Ganeti that the job
-should not be executed, only the pre-execution checks will be done.
+The boolean *dry-run* argument, if provided and set, signals to Ganeti
+that the job should not be executed, only the pre-execution checks will
+be done.
-This is useful in trying to determine (without guarantees though, as
-in the meantime the cluster state could have changed) if the operation
-is likely to succeed or at least start executing.
+This is useful in trying to determine (without guarantees though, as in
+the meantime the cluster state could have changed) if the operation is
+likely to succeed or at least start executing.
``force``
+++++++++++
Usage examples
--------------
-You can access the API using your favorite programming language as
-long as it supports network connections.
+You can access the API using your favorite programming language as long
+as it supports network connections.
Shell
+++++
Python
++++++
-.. highlight: python
+.. highlight:: python
+
+::
import urllib2
f = urllib2.urlopen('https://CLUSTERNAME:5080/2/info')
++++++++++
.. warning:: While it's possible to use JavaScript, it poses several
- potential problems, including browser blocking request due to
- non-standard ports or different domain names. Fetching the data on
- the webserver is easier.
+ potential problems, including browser blocking request due to
+ non-standard ports or different domain names. Fetching the data on
+ the webserver is easier.
.. highlight:: javascript
}
}
+
+``/2/redistribute-config``
+++++++++++++++++++++++++++
+
+Redistribute configuration to all nodes.
+
+It supports the following commands: ``PUT``.
+
+``PUT``
+~~~~~~~
+
+Redistribute configuration to all nodes. The result will be a job id.
+
+
``/2/instances``
++++++++++++++++
}
]
-If the optional *bulk* argument is provided and set to a true value
+If the optional bool *bulk* argument is provided and set to a true value
(i.e ``?bulk=1``), the output contains detailed information about
instances as a list.
Creates an instance.
-If the optional *dry-run* argument is provided and set to a positive
-integer valu (e.g. ``?dry-run=1``), the job will not be actually
-executed, only the pre-execution checks will be done. Query-ing the
-job result will return, in both dry-run and normal case, the list of
+If the optional bool *dry-run* argument is provided, the job will not be
+actually executed, only the pre-execution checks will be done. Query-ing
+the job result will return, in both dry-run and normal case, the list of
nodes selected for the instance.
Returns: a job ID that can be used later for polling.
It supports the ``dry-run`` argument.
+``/2/instances/[instance_name]/info``
++++++++++++++++++++++++++++++++++++++++
+
+It supports the following commands: ``GET``.
+
+``GET``
+~~~~~~~
+
+Requests detailed information about the instance. An optional parameter,
+``static`` (bool), can be set to return only static information from the
+configuration without querying the instance's nodes. The result will be
+a job id.
+
+
``/2/instances/[instance_name]/reboot``
+++++++++++++++++++++++++++++++++++++++
Reboots the instance.
-The URI takes optional ``type=hard|soft|full`` and
-``ignore_secondaries=False|True`` parameters.
+The URI takes optional ``type=soft|hard|full`` and
+``ignore_secondaries=0|1`` parameters.
+
+``type`` defines the reboot type. ``soft`` is just a normal reboot,
+without terminating the hypervisor. ``hard`` means full shutdown
+(including terminating the hypervisor process) and startup again.
+``full`` is like ``hard`` but also recreates the configuration from
+ground up as if you would have done a ``gnt-instance shutdown`` and
+``gnt-instance start`` on it.
+
+``ignore_secondaries`` is a bool argument indicating if we start the
+instance even if secondary disks are failing.
It supports the ``dry-run`` argument.
Startup an instance.
-The URI takes an optional ``force=False|True`` parameter to start the
-instance if even if secondary disks are failing.
+The URI takes an optional ``force=1|0`` parameter to start the
+instance even if secondary disks are failing.
It supports the ``dry-run`` argument.
+``/2/instances/[instance_name]/reinstall``
+++++++++++++++++++++++++++++++++++++++++++++++
+
+Installs the operating system again.
+
+It supports the following commands: ``POST``.
+
+``POST``
+~~~~~~~~
+
+Takes the parameters ``os`` (OS template name) and ``nostartup`` (bool).
+
+
+``/2/instances/[instance_name]/replace-disks``
+++++++++++++++++++++++++++++++++++++++++++++++
+
+Replaces disks on an instance.
+
+It supports the following commands: ``POST``.
+
+``POST``
+~~~~~~~~
+
+Takes the parameters ``mode`` (one of ``replace_on_primary``,
+``replace_on_secondary``, ``replace_new_secondary`` or
+``replace_auto``), ``disks`` (comma separated list of disk indexes),
+``remote_node`` and ``iallocator``.
+
+Either ``remote_node`` or ``iallocator`` needs to be defined when using
+``mode=replace_new_secondary``.
+
+``mode`` is a mandatory parameter. ``replace_auto`` tries to determine
+the broken disk(s) on its own and replacing it.
+
+
+``/2/instances/[instance_name]/activate-disks``
++++++++++++++++++++++++++++++++++++++++++++++++
+
+Activate disks on an instance.
+
+It supports the following commands: ``PUT``.
+
+``PUT``
+~~~~~~~
+
+Takes the bool parameter ``ignore_size``. When set ignore the recorded
+size (useful for forcing activation when recorded size is wrong).
+
+
+``/2/instances/[instance_name]/deactivate-disks``
++++++++++++++++++++++++++++++++++++++++++++++++++
+
+Deactivate disks on an instance.
+
+It supports the following commands: ``PUT``.
+
+``PUT``
+~~~~~~~
+
+Takes no parameters.
+
``/2/instances/[instance_name]/tags``
+++++++++++++++++++++++++++++++++++++
Add a set of tags.
The request as a list of strings should be ``PUT`` to this URI. The
-result willl be a job id.
+result will be a job id.
It supports the ``dry-run`` argument.
Delete a tag.
-In order to delete a set of tags, the DELETE request should be
-addressed to URI like::
+In order to delete a set of tags, the DELETE request should be addressed
+to URI like::
/tags?tag=[tag]&tag=[tag]
- id: job ID as a number
- status: current job status as a string
-- ops: involved OpCodes as a list of dictionaries for each
- opcodes in the job
+- ops: involved OpCodes as a list of dictionaries for each opcodes in
+ the job
- opstatus: OpCodes status as a list
-- opresult: OpCodes results as a list of lists
+- opresult: OpCodes results as a list
+
+For a successful opcode, the ``opresult`` field corresponding to it will
+contain the raw result from its :term:`LogicalUnit`. In case an opcode
+has failed, its element in the opresult list will be a list of two
+elements:
+
+- first element the error type (the Ganeti internal error name)
+- second element a list of either one or two elements:
+
+ - the first element is the textual error description
+ - the second element, if any, will hold an error classification
+
+The error classification is most useful for the ``OpPrereqError``
+error type - these errors happen before the OpCode has started
+executing, so it's possible to retry the OpCode without side
+effects. But whether it make sense to retry depends on the error
+classification:
+
+``resolver_error``
+ Resolver errors. This usually means that a name doesn't exist in DNS,
+ so if it's a case of slow DNS propagation the operation can be retried
+ later.
+
+``insufficient_resources``
+ Not enough resources (iallocator failure, disk space, memory,
+ etc.). If the resources on the cluster increase, the operation might
+ succeed.
+
+``wrong_input``
+ Wrong arguments (at syntax level). The operation will not ever be
+ accepted unless the arguments change.
+
+``wrong_state``
+ Wrong entity state. For example, live migration has been requested for
+ a down instance, or instance creation on an offline node. The
+ operation can be retried once the resource has changed state.
+
+``unknown_entity``
+ Entity not found. For example, information has been requested for an
+ unknown instance.
+
+``already_exists``
+ Entity already exists. For example, instance creation has been
+ requested for an already-existing instance.
+
+``resource_not_unique``
+ Resource not unique (e.g. MAC or IP duplication).
+
+``internal_error``
+ Internal cluster error. For example, a node is unreachable but not set
+ offline, or the ganeti node daemons are not working, etc. A
+ ``gnt-cluster verify`` should be run.
+
+``environment_error``
+ Environment error (e.g. node disk error). A ``gnt-cluster verify``
+ should be run.
+
+Note that in the above list, by entity we refer to a node or instance,
+while by a resource we refer to an instance's disk, or NIC, etc.
+
``DELETE``
~~~~~~~~~~
[
{
"id": "node1.example.com",
- "uri": "\/instances\/node1.example.com"
+ "uri": "\/nodes\/node1.example.com"
},
{
"id": "node2.example.com",
- "uri": "\/instances\/node2.example.com"
+ "uri": "\/nodes\/node2.example.com"
}
]
-If the optional 'bulk' argument is provided and set to 'true' value
-(i.e '?bulk=1'), the output contains detailed information about nodes
-as a list.
+If the optional 'bulk' argument is provided and set to 'true' value (i.e
+'?bulk=1'), the output contains detailed information about nodes as a
+list.
Example::
...
]
+``/2/nodes/[node_name]``
++++++++++++++++++++++++++++++++++
+
+Returns information about a node.
+
+It supports the following commands: ``GET``.
+
``/2/nodes/[node_name]/evacuate``
+++++++++++++++++++++++++++++++++
~~~~~~~~
To evacuate a node, either one of the ``iallocator`` or ``remote_node``
-parameters must be passed:
+parameters must be passed::
evacuate?iallocator=[iallocator]
evacuate?remote_node=[nodeX.example.com]
``POST``
~~~~~~~~
-No parameters are required, but ``live`` can be set to a boolean value.
+No parameters are required, but the bool parameter ``live`` can be set
+to use live migration (if available).
migrate?live=[0|1]
Change the node role.
-The request is a string which should be PUT to this URI. The result will be a
-job id.
+The request is a string which should be PUT to this URI. The result will
+be a job id.
-It supports the ``force`` argument.
+It supports the bool ``force`` argument.
``/2/nodes/[node_name]/storage``
++++++++++++++++++++++++++++++++
Requests a list of storage units on a node. Requires the parameters
``storage_type`` (one of ``file``, ``lvm-pv`` or ``lvm-vg``) and
-``output_fields``. The result will be a job id, using which the result can be
-retrieved.
+``output_fields``. The result will be a job id, using which the result
+can be retrieved.
``/2/nodes/[node_name]/storage/modify``
+++++++++++++++++++++++++++++++++++++++
``PUT``
~~~~~~~
-Modifies parameters of storage units on the node. Requires the parameters
-``storage_type`` (one of ``file``, ``lvm-pv`` or ``lvm-vg``) and ``name`` (name
-of the storage unit). Parameters can be passed additionally. Currently only
-``allocatable`` (bool) is supported. The result will be a job id.
+Modifies parameters of storage units on the node. Requires the
+parameters ``storage_type`` (one of ``file``, ``lvm-pv`` or ``lvm-vg``)
+and ``name`` (name of the storage unit). Parameters can be passed
+additionally. Currently only ``allocatable`` (bool) is supported. The
+result will be a job id.
+
+``/2/nodes/[node_name]/storage/repair``
++++++++++++++++++++++++++++++++++++++++
+
+Repairs a storage unit on the node.
+
+``PUT``
+~~~~~~~
+
+Repairs a storage unit on the node. Requires the parameters
+``storage_type`` (currently only ``lvm-vg`` can be repaired) and
+``name`` (name of the storage unit). The result will be a job id.
``/2/nodes/[node_name]/tags``
+++++++++++++++++++++++++++++
Deletes tags.
-In order to delete a set of tags, the DELETE request should be
-addressed to URI like::
+In order to delete a set of tags, the DELETE request should be addressed
+to URI like::
/tags?tag=[tag]&tag=[tag]
Return a list of all OSes.
Can return error 500 in case of a problem. Since this is a costly
-operation for Ganeti 2.0, it is not recommended to execute it too
-often.
+operation for Ganeti 2.0, it is not recommended to execute it too often.
Example::
Deletes tags.
-In order to delete a set of tags, the DELETE request should be
-addressed to URI like::
+In order to delete a set of tags, the DELETE request should be addressed
+to URI like::
/tags?tag=[tag]&tag=[tag]
The version resource.
-This resource should be used to determine the remote API version and
-to adapt clients accordingly.
+This resource should be used to determine the remote API version and to
+adapt clients accordingly.
It supports the following commands: ``GET``.
``GET``
~~~~~~~
-Returns the remote API version. Ganeti 1.2 returned ``1`` and Ganeti
-2.0 returns ``2``.
+Returns the remote API version. Ganeti 1.2 returned ``1`` and Ganeti 2.0
+returns ``2``.
+
+.. vim: set textwidth=72 :
+.. Local Variables:
+.. mode: rst
+.. fill-column: 72
+.. End: