X-Git-Url: https://code.grnet.gr/git/ganeti-local/blobdiff_plain/e8f936b0df818882bd84f65a0bf12042a8d86428..a4f2b4b1ea4a42292e62e0d2a106c2657760f2d3:/man/ganeti-rapi.rst diff --git a/man/ganeti-rapi.rst b/man/ganeti-rapi.rst index ed96997..7b5ce1f 100644 --- a/man/ganeti-rapi.rst +++ b/man/ganeti-rapi.rst @@ -9,8 +9,8 @@ ganeti-rapi - Ganeti remote API daemon Synopsis -------- -**ganeti-rapi** [-d] [-f] [\--no-ssl] [-K *SSL_KEY_FILE*] [-C -*SSL_CERT_FILE*] +| **ganeti-rapi** [-d] [-f] [\--no-ssl] [-K *SSL_KEY_FILE*] +| [-C *SSL_CERT_FILE*] [\--require-authentication] DESCRIPTION ----------- @@ -23,7 +23,7 @@ uses SSL encryption. This can be disabled by passing the ``--no-ssl`` option, or alternatively the certificate used can be changed via the ``-C`` option and the key via the ``-K`` option. -The daemon will listen to the "ganeti-rapi" tcp port, as listed in the +The daemon will listen to the "ganeti-rapi" TCP port, as listed in the system services database, or if not defined, to port 5080 by default. See the *Ganeti remote API* documentation for further information. @@ -34,28 +34,14 @@ in the same format as for the node and master daemon. ACCESS CONTROLS --------------- -All query operations are allowed without authentication. Only the +Most query operations are allowed without authentication. Only the modification operations require authentication, in the form of basic -authentication. +authentication. Specify the ``--require-authentication`` command line +flag to always require authentication. The users and their rights are defined in the -``@LOCALSTATEDIR@/lib/ganeti/rapi/users`` file. The users -should be listed one per line, in the following format:: - - username password options - -Currently the *options* field should equal the string ``write`` in -order to actually give write permission for the given users. Example:: - - rclient secret write - guest testpw - -The first user (*rclient*) has read-write rights, whereas the second -user (*guest*) only has read (query) rights, and as such is no -different than not using authentication at all. - -More details (including on how to use hashed passwords) can be found -in the Ganeti documentation. +``@LOCALSTATEDIR@/lib/ganeti/rapi/users`` file. The format of this file +is described in the Ganeti documentation (``rapi.html``). .. vim: set textwidth=72 : .. Local Variables: