Revision a4978169
| b/NEWS | ||
|---|---|---|
| 88 | 88 |
- Added per-request RPC timeout |
| 89 | 89 |
- RAPI now requires a Content-Type header for requests with a body (e.g. |
| 90 | 90 |
``PUT`` or ``POST``) which must be set to ``application/json`` (see |
| 91 |
RFC2616 (HTTP/1.1), section 7.2.1)
|
|
| 91 |
:rfc:`2616` (HTTP/1.1), section 7.2.1)
|
|
| 92 | 92 |
- ``ganeti-watcher`` attempts to restart ``ganeti-rapi`` if RAPI is not |
| 93 | 93 |
reachable |
| 94 | 94 |
- Implemented initial support for running Ganeti daemons as separate |
| b/doc/design-2.2.rst | ||
|---|---|---|
| 411 | 411 |
not know the secret, it can't forge the certificates or redirect the |
| 412 | 412 |
data. Unless disabled by a new cluster parameter, verifying the HMAC |
| 413 | 413 |
signatures must be mandatory. The HMAC signature for X509 certificates |
| 414 |
will be prepended to the certificate similar to an RFC822 header and
|
|
| 414 |
will be prepended to the certificate similar to an :rfc:`822` header and
|
|
| 415 | 415 |
only covers the certificate (from ``-----BEGIN CERTIFICATE-----`` to |
| 416 | 416 |
``-----END CERTIFICATE-----``). The header name will be |
| 417 | 417 |
``X-Ganeti-Signature`` and its value will have the format |
| b/doc/rapi.rst | ||
|---|---|---|
| 53 | 53 |
|
| 54 | 54 |
|
| 55 | 55 |
.. [#pwhash] Using the MD5 hash of username, realm and password is |
| 56 |
described in RFC2617_ ("HTTP Authentication"), sections 3.2.2.2 and
|
|
| 56 |
described in :rfc:`2617` ("HTTP Authentication"), sections 3.2.2.2 and
|
|
| 57 | 57 |
3.3. The reason for using it over another algorithm is forward |
| 58 | 58 |
compatibility. If ``ganeti-rapi`` were to implement HTTP Digest |
| 59 | 59 |
authentication in the future, the same hash could be used. |
| ... | ... | |
| 65 | 65 |
-------- |
| 66 | 66 |
|
| 67 | 67 |
The protocol used is JSON_ over HTTP designed after the REST_ principle. |
| 68 |
HTTP Basic authentication as per RFC2617_ is supported.
|
|
| 68 |
HTTP Basic authentication as per :rfc:`2617` is supported.
|
|
| 69 | 69 |
|
| 70 | 70 |
.. _JSON: http://www.json.org/ |
| 71 | 71 |
.. _REST: http://en.wikipedia.org/wiki/Representational_State_Transfer |
| 72 |
.. _RFC2617: http://tools.ietf.org/rfc/rfc2617.txt |
|
| 73 | 72 |
|
| 74 | 73 |
|
| 75 | 74 |
A note on JSON as used by RAPI |
| ... | ... | |
| 108 | 107 |
PUT or POST? |
| 109 | 108 |
------------ |
| 110 | 109 |
|
| 111 |
According to RFC2616 the main difference between PUT and POST is that
|
|
| 112 |
POST can create new resources but PUT can only create the resource the
|
|
| 113 |
URI was pointing to on the PUT request. |
|
| 110 |
According to :rfc:`2616` the main difference between PUT and POST is
|
|
| 111 |
that POST can create new resources but PUT can only create the resource
|
|
| 112 |
the URI was pointing to on the PUT request.
|
|
| 114 | 113 |
|
| 115 | 114 |
Unfortunately, due to historic reasons, the Ganeti RAPI library is not |
| 116 | 115 |
consistent with this usage, so just use the methods as documented below |
| b/doc/security.rst | ||
|---|---|---|
| 93 | 93 |
---------- |
| 94 | 94 |
|
| 95 | 95 |
Starting with Ganeti 2.0, Remote API traffic is encrypted using SSL/TLS |
| 96 |
by default. It supports Basic authentication as per RFC2617.
|
|
| 96 |
by default. It supports Basic authentication as per :rfc:`2617`.
|
|
| 97 | 97 |
|
| 98 | 98 |
Paths for certificate, private key and CA files required for SSL/TLS |
| 99 | 99 |
will be set at source configure time. Symlinks or command line |
Also available in: Unified diff