X-Git-Url: https://code.grnet.gr/git/ganeti-local/blobdiff_plain/9ff4f2c0152f7e4d03439f96b8354d07327fafbc..34ea8da365c0900a17e97b2a05c88c8919c1be94:/man/ganeti-rapi.rst diff --git a/man/ganeti-rapi.rst b/man/ganeti-rapi.rst index 35ba870..7b5ce1f 100644 --- a/man/ganeti-rapi.rst +++ b/man/ganeti-rapi.rst @@ -9,8 +9,8 @@ ganeti-rapi - Ganeti remote API daemon Synopsis -------- -**ganeti-rapi** [-d] [-f] [--no-ssl] [-K *SSL_KEY_FILE*] [-C -*SSL_CERT_FILE*] +| **ganeti-rapi** [-d] [-f] [\--no-ssl] [-K *SSL_KEY_FILE*] +| [-C *SSL_CERT_FILE*] [\--require-authentication] DESCRIPTION ----------- @@ -23,7 +23,7 @@ uses SSL encryption. This can be disabled by passing the ``--no-ssl`` option, or alternatively the certificate used can be changed via the ``-C`` option and the key via the ``-K`` option. -The daemon will listen to the "ganeti-rapi" tcp port, as listed in the +The daemon will listen to the "ganeti-rapi" TCP port, as listed in the system services database, or if not defined, to port 5080 by default. See the *Ganeti remote API* documentation for further information. @@ -34,28 +34,14 @@ in the same format as for the node and master daemon. ACCESS CONTROLS --------------- -All query operations are allowed without authentication. Only the +Most query operations are allowed without authentication. Only the modification operations require authentication, in the form of basic -authentication. +authentication. Specify the ``--require-authentication`` command line +flag to always require authentication. The users and their rights are defined in the -``@LOCALSTATEDIR@/lib/ganeti/rapi/users`` file. The users -should be listed one per line, in the following format:: - - username password options - -Currently the *options* field should equal the string ``write`` in -order to actually give write permission for the given users. Example:: - - rclient secret write - guest testpw - -The first user (*rclient*) has read-write rights, whereas the second -user (*guest*) only has read (query) rights, and as such is no -different than not using authentication at all. - -More details (including on how to use hashed passwords) can be found -in the Ganeti documentation. +``@LOCALSTATEDIR@/lib/ganeti/rapi/users`` file. The format of this file +is described in the Ganeti documentation (``rapi.html``). .. vim: set textwidth=72 : .. Local Variables: