Revision a4978169
b/NEWS | ||
---|---|---|
88 | 88 |
- Added per-request RPC timeout |
89 | 89 |
- RAPI now requires a Content-Type header for requests with a body (e.g. |
90 | 90 |
``PUT`` or ``POST``) which must be set to ``application/json`` (see |
91 |
RFC2616 (HTTP/1.1), section 7.2.1)
|
|
91 |
:rfc:`2616` (HTTP/1.1), section 7.2.1)
|
|
92 | 92 |
- ``ganeti-watcher`` attempts to restart ``ganeti-rapi`` if RAPI is not |
93 | 93 |
reachable |
94 | 94 |
- Implemented initial support for running Ganeti daemons as separate |
b/doc/design-2.2.rst | ||
---|---|---|
411 | 411 |
not know the secret, it can't forge the certificates or redirect the |
412 | 412 |
data. Unless disabled by a new cluster parameter, verifying the HMAC |
413 | 413 |
signatures must be mandatory. The HMAC signature for X509 certificates |
414 |
will be prepended to the certificate similar to an RFC822 header and
|
|
414 |
will be prepended to the certificate similar to an :rfc:`822` header and
|
|
415 | 415 |
only covers the certificate (from ``-----BEGIN CERTIFICATE-----`` to |
416 | 416 |
``-----END CERTIFICATE-----``). The header name will be |
417 | 417 |
``X-Ganeti-Signature`` and its value will have the format |
b/doc/rapi.rst | ||
---|---|---|
53 | 53 |
|
54 | 54 |
|
55 | 55 |
.. [#pwhash] Using the MD5 hash of username, realm and password is |
56 |
described in RFC2617_ ("HTTP Authentication"), sections 3.2.2.2 and
|
|
56 |
described in :rfc:`2617` ("HTTP Authentication"), sections 3.2.2.2 and
|
|
57 | 57 |
3.3. The reason for using it over another algorithm is forward |
58 | 58 |
compatibility. If ``ganeti-rapi`` were to implement HTTP Digest |
59 | 59 |
authentication in the future, the same hash could be used. |
... | ... | |
65 | 65 |
-------- |
66 | 66 |
|
67 | 67 |
The protocol used is JSON_ over HTTP designed after the REST_ principle. |
68 |
HTTP Basic authentication as per RFC2617_ is supported.
|
|
68 |
HTTP Basic authentication as per :rfc:`2617` is supported.
|
|
69 | 69 |
|
70 | 70 |
.. _JSON: http://www.json.org/ |
71 | 71 |
.. _REST: http://en.wikipedia.org/wiki/Representational_State_Transfer |
72 |
.. _RFC2617: http://tools.ietf.org/rfc/rfc2617.txt |
|
73 | 72 |
|
74 | 73 |
|
75 | 74 |
A note on JSON as used by RAPI |
... | ... | |
108 | 107 |
PUT or POST? |
109 | 108 |
------------ |
110 | 109 |
|
111 |
According to RFC2616 the main difference between PUT and POST is that
|
|
112 |
POST can create new resources but PUT can only create the resource the
|
|
113 |
URI was pointing to on the PUT request. |
|
110 |
According to :rfc:`2616` the main difference between PUT and POST is
|
|
111 |
that POST can create new resources but PUT can only create the resource
|
|
112 |
the URI was pointing to on the PUT request.
|
|
114 | 113 |
|
115 | 114 |
Unfortunately, due to historic reasons, the Ganeti RAPI library is not |
116 | 115 |
consistent with this usage, so just use the methods as documented below |
b/doc/security.rst | ||
---|---|---|
93 | 93 |
---------- |
94 | 94 |
|
95 | 95 |
Starting with Ganeti 2.0, Remote API traffic is encrypted using SSL/TLS |
96 |
by default. It supports Basic authentication as per RFC2617.
|
|
96 |
by default. It supports Basic authentication as per :rfc:`2617`.
|
|
97 | 97 |
|
98 | 98 |
Paths for certificate, private key and CA files required for SSL/TLS |
99 | 99 |
will be set at source configure time. Symlinks or command line |
Also available in: Unified diff