Synnefo » snf-ganeti » ganeti-local

<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [

  <!-- Fill in your name for FIRSTNAME and SURNAME. -->

  <!-- Please adjust the date whenever revising the manpage. -->

  <!ENTITY dhdate      "<date>February 11, 2009</date>">

  <!-- SECTION should be 1-8, maybe w/ subsection other parameters are

       allowed: see man(7), man(1). -->

  <!ENTITY dhsection   "<manvolnum>8</manvolnum>">

  <!ENTITY dhucpackage "<refentrytitle>ganeti-rapi</refentrytitle>">

  <!ENTITY dhpackage   "ganeti-rapi">

  <!ENTITY debian      "<productname>Debian</productname>">

  <!ENTITY gnu         "<acronym>GNU</acronym>">

  <!ENTITY gpl         "&gnu; <acronym>GPL</acronym>">

  <!ENTITY footer SYSTEM "footer.sgml">

]>

<refentry>

  <refentryinfo>

    <copyright>

      <year>2008</year>

      <year>2009</year>

      <holder>Google Inc.</holder>

    </copyright>

    &dhdate;

  </refentryinfo>

  <refmeta>

    &dhucpackage;

    &dhsection;

    <refmiscinfo>ganeti 2.0</refmiscinfo>

  </refmeta>

  <refnamediv>

    <refname>&dhpackage;</refname>

    <refpurpose>ganeti remote API daemon</refpurpose>

  </refnamediv>

  <refsynopsisdiv>

    <cmdsynopsis>

      <command>&dhpackage; </command>

      <arg>-d</arg>

      <arg>-f</arg>

      <arg>--no-ssl</arg>

      <arg>-K <replaceable>SSL_KEY_FILE</replaceable></arg>

      <arg>-C <replaceable>SSL_CERT_FILE</replaceable></arg>

    </cmdsynopsis>

  </refsynopsisdiv>

  <refsect1>

    <title>DESCRIPTION</title>

    <para>

      <command>&dhpackage;</command> is the daemon providing a remote

      API for Ganeti clusters.

    </para>

    <para>

      It is automatically started on the master node, and by default

      it uses SSL encryption. This can be disabled by passing the

      <option>--no-ssl</option> option, or alternatively the

      certificate used can be changed via the <option>-C</option>

      option and the key via the <option>-K</option> option.

    </para>

    <para>

      The daemon will listen to the "ganeti-rapi" tcp port, as listed in the

      system services database, or to port 5080 by default.

    </para>

    <para>

      See the <emphasis>Ganeti remote API</emphasis> documentation for

      further information.

    </para>

    <para>

      Requests are logged to

      <filename>@LOCALSTATEDIR@/log/ganeti/rapi-daemon.log</filename>,

      in the same format as for the node and master daemon.

    </para>

  </refsect1>

  <refsect1>

    <title>ACCESS CONTROLS</title>

    <para>

      All query operations are allowed without authentication. Only

      the modification operations require authentication, in the form

      of basic authentication.

    </para>

    <para>

      The users and their rights are defined in a file named

      <filename>rapi_users</filename>, located in the <filename

      class="directory">@LOCALSTATEDIR@/ganeti</filename>

      directory. The users should be listed one per line, in the

      following format:

    </para>

    <screen>username password options</screen>

    <para>

      Currently the <replaceable>options</replaceable> field should

      equal the string <emphasis>write</emphasis> in order to actually

      give write permission for the given users. Example:

    </para>

    <screen>rclient   secret    write

guest   tespw

</screen>

    <para>The first user (<userinput>rclient</userinput>) will have

    read-write rights, whereas the second user does only have read

    (query) rights, and as such is no different than not using

    authentication at all.</para>

  </refsect1>

  &footer;

</refentry>

<!-- Keep this comment at the end of the file

Local variables:

mode: sgml

sgml-omittag:t

sgml-shorttag:t

sgml-minimize-attributes:nil

sgml-always-quote-attributes:t

sgml-indent-step:2

sgml-indent-data:t

sgml-parent-document:nil

sgml-default-dtd-file:nil

sgml-exposed-tags:nil

sgml-local-catalogs:nil

sgml-local-ecat-files:nil

End:

-->