root / man / ganeti-rapi.rst @ 2237687b
History | View | Annotate | Download (1.7 kB)
| 1 | f52cb680 | Iustin Pop | ganeti-rapi(8) Ganeti | Version @GANETI_VERSION@ |
|---|---|---|---|
| 2 | f52cb680 | Iustin Pop | ================================================ |
| 3 | f52cb680 | Iustin Pop | |
| 4 | f52cb680 | Iustin Pop | Name |
| 5 | f52cb680 | Iustin Pop | ---- |
| 6 | f52cb680 | Iustin Pop | |
| 7 | f52cb680 | Iustin Pop | ganeti-rapi - Ganeti remote API daemon |
| 8 | f52cb680 | Iustin Pop | |
| 9 | f52cb680 | Iustin Pop | Synopsis |
| 10 | f52cb680 | Iustin Pop | -------- |
| 11 | f52cb680 | Iustin Pop | |
| 12 | f52cb680 | Iustin Pop | **ganeti-rapi** [-d] [-f] [--no-ssl] [-K *SSL_KEY_FILE*] [-C |
| 13 | f52cb680 | Iustin Pop | *SSL_CERT_FILE*] |
| 14 | f52cb680 | Iustin Pop | |
| 15 | f52cb680 | Iustin Pop | DESCRIPTION |
| 16 | f52cb680 | Iustin Pop | ----------- |
| 17 | f52cb680 | Iustin Pop | |
| 18 | f52cb680 | Iustin Pop | **ganeti-rapi** is the daemon providing a remote API for Ganeti |
| 19 | f52cb680 | Iustin Pop | clusters. |
| 20 | f52cb680 | Iustin Pop | |
| 21 | f52cb680 | Iustin Pop | It is automatically started on the master node, and by default it |
| 22 | f52cb680 | Iustin Pop | uses SSL encryption. This can be disabled by passing the |
| 23 | f52cb680 | Iustin Pop | ``--no-ssl`` option, or alternatively the certificate used can be |
| 24 | f52cb680 | Iustin Pop | changed via the ``-C`` option and the key via the ``-K`` option. |
| 25 | f52cb680 | Iustin Pop | |
| 26 | f52cb680 | Iustin Pop | The daemon will listen to the "ganeti-rapi" tcp port, as listed in the |
| 27 | f52cb680 | Iustin Pop | system services database, or if not defined, to port 5080 by default. |
| 28 | f52cb680 | Iustin Pop | |
| 29 | f52cb680 | Iustin Pop | See the *Ganeti remote API* documentation for further information. |
| 30 | f52cb680 | Iustin Pop | |
| 31 | f52cb680 | Iustin Pop | Requests are logged to ``@LOCALSTATEDIR@/log/ganeti/rapi-daemon.log``, |
| 32 | f52cb680 | Iustin Pop | in the same format as for the node and master daemon. |
| 33 | f52cb680 | Iustin Pop | |
| 34 | f52cb680 | Iustin Pop | ACCESS CONTROLS |
| 35 | f52cb680 | Iustin Pop | --------------- |
| 36 | f52cb680 | Iustin Pop | |
| 37 | f52cb680 | Iustin Pop | All query operations are allowed without authentication. Only the |
| 38 | f52cb680 | Iustin Pop | modification operations require authentication, in the form of basic |
| 39 | f52cb680 | Iustin Pop | authentication. |
| 40 | f52cb680 | Iustin Pop | |
| 41 | fdd9ac5b | Michael Hanselmann | The users and their rights are defined in the |
| 42 | fdd9ac5b | Michael Hanselmann | ``@LOCALSTATEDIR@/lib/ganeti/rapi/users`` file. The users |
| 43 | f52cb680 | Iustin Pop | should be listed one per line, in the following format:: |
| 44 | f52cb680 | Iustin Pop | |
| 45 | f52cb680 | Iustin Pop | username password options |
| 46 | f52cb680 | Iustin Pop | |
| 47 | f52cb680 | Iustin Pop | Currently the *options* field should equal the string ``write`` in |
| 48 | f52cb680 | Iustin Pop | order to actually give write permission for the given users. Example:: |
| 49 | f52cb680 | Iustin Pop | |
| 50 | f52cb680 | Iustin Pop | rclient secret write |
| 51 | f52cb680 | Iustin Pop | guest testpw |
| 52 | f52cb680 | Iustin Pop | |
| 53 | f52cb680 | Iustin Pop | The first user (*rclient*) has read-write rights, whereas the second |
| 54 | f52cb680 | Iustin Pop | user (*guest*) only has read (query) rights, and as such is no |
| 55 | f52cb680 | Iustin Pop | different than not using authentication at all. |
| 56 | f52cb680 | Iustin Pop | |
| 57 | f52cb680 | Iustin Pop | More details (including on how to use hashed passwords) can be found |
| 58 | f52cb680 | Iustin Pop | in the Ganeti documentation. |