root / man / ganeti-rapi.sgml @ 6e99c5a0
History | View | Annotate | Download (3.8 kB)
1 |
<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ |
---|---|
2 |
|
3 |
<!-- Fill in your name for FIRSTNAME and SURNAME. --> |
4 |
<!-- Please adjust the date whenever revising the manpage. --> |
5 |
<!ENTITY dhdate "<date>February 11, 2009</date>"> |
6 |
<!-- SECTION should be 1-8, maybe w/ subsection other parameters are |
7 |
allowed: see man(7), man(1). --> |
8 |
<!ENTITY dhsection "<manvolnum>8</manvolnum>"> |
9 |
<!ENTITY dhucpackage "<refentrytitle>ganeti-rapi</refentrytitle>"> |
10 |
<!ENTITY dhpackage "ganeti-rapi"> |
11 |
|
12 |
<!ENTITY debian "<productname>Debian</productname>"> |
13 |
<!ENTITY gnu "<acronym>GNU</acronym>"> |
14 |
<!ENTITY gpl "&gnu; <acronym>GPL</acronym>"> |
15 |
<!ENTITY footer SYSTEM "footer.sgml"> |
16 |
]> |
17 |
|
18 |
<refentry> |
19 |
<refentryinfo> |
20 |
<copyright> |
21 |
<year>2008</year> |
22 |
<year>2009</year> |
23 |
<holder>Google Inc.</holder> |
24 |
</copyright> |
25 |
&dhdate; |
26 |
</refentryinfo> |
27 |
<refmeta> |
28 |
&dhucpackage; |
29 |
|
30 |
&dhsection; |
31 |
<refmiscinfo>ganeti 2.0</refmiscinfo> |
32 |
</refmeta> |
33 |
<refnamediv> |
34 |
<refname>&dhpackage;</refname> |
35 |
|
36 |
<refpurpose>ganeti remote API daemon</refpurpose> |
37 |
</refnamediv> |
38 |
<refsynopsisdiv> |
39 |
<cmdsynopsis> |
40 |
<command>&dhpackage; </command> |
41 |
<arg>-d</arg> |
42 |
<arg>-f</arg> |
43 |
<arg>-p <replaceable>PORT</replaceable></arg> |
44 |
<arg>--no-ssl</arg> |
45 |
<arg>-K <replaceable>SSL_KEY_FILE</replaceable></arg> |
46 |
<arg>-C <replaceable>SSL_CERT_FILE</replaceable></arg> |
47 |
|
48 |
</cmdsynopsis> |
49 |
</refsynopsisdiv> |
50 |
|
51 |
<refsect1> |
52 |
<title>DESCRIPTION</title> |
53 |
|
54 |
<para> |
55 |
<command>&dhpackage;</command> is the daemon providing a remote |
56 |
API for Ganeti clusters. |
57 |
</para> |
58 |
|
59 |
<para> |
60 |
It is automatically started on the master node, and by default |
61 |
it uses SSL encryption. This can be disabled by passing the |
62 |
<option>--no-ssl</option> option, or alternatively the |
63 |
certificate used can be changed via the <option>-C</option> |
64 |
option and the key via the <option>-K</option> option. |
65 |
</para> |
66 |
|
67 |
<para> |
68 |
The daemon will listen by default on the port 5080, but this can |
69 |
be changed via the <option>-p</option> option. |
70 |
</para> |
71 |
|
72 |
<para> |
73 |
See the <emphasis>Ganeti remote API</emphasis> documentation for |
74 |
further information. |
75 |
</para> |
76 |
|
77 |
<para> |
78 |
Requests are logged to |
79 |
<filename>@LOCALSTATEDIR@/log/ganeti/rapi-daemon.log</filename>, |
80 |
in the same format as for the node and master daemon. |
81 |
</para> |
82 |
|
83 |
</refsect1> |
84 |
|
85 |
<refsect1> |
86 |
<title>ACCESS CONTROLS</title> |
87 |
|
88 |
<para> |
89 |
All query operations are allowed without authentication. Only |
90 |
the modification operations require authentication, in the form |
91 |
of basic authentication. |
92 |
</para> |
93 |
|
94 |
<para> |
95 |
The users and their rights are defined in a file named |
96 |
<filename>rapi_users</filename>, located in the <filename |
97 |
class="directory">@LOCALSTATEDIR@/ganeti</filename> |
98 |
directory. The users should be listed one per line, in the |
99 |
following format: |
100 |
</para> |
101 |
|
102 |
<screen>username password options</screen> |
103 |
|
104 |
<para> |
105 |
Currently the <replaceable>options</replaceable> field should |
106 |
equal the string <emphasis>write</emphasis> in order to actually |
107 |
give write permission for the given users. Example: |
108 |
</para> |
109 |
<screen>rclient secret write |
110 |
guest tespw |
111 |
</screen> |
112 |
<para>The first user (<userinput>rclient</userinput>) will have |
113 |
read-write rights, whereas the second user does only have read |
114 |
(query) rights, and as such is no different than not using |
115 |
authentication at all.</para> |
116 |
</refsect1> |
117 |
&footer; |
118 |
|
119 |
</refentry> |
120 |
|
121 |
<!-- Keep this comment at the end of the file |
122 |
Local variables: |
123 |
mode: sgml |
124 |
sgml-omittag:t |
125 |
sgml-shorttag:t |
126 |
sgml-minimize-attributes:nil |
127 |
sgml-always-quote-attributes:t |
128 |
sgml-indent-step:2 |
129 |
sgml-indent-data:t |
130 |
sgml-parent-document:nil |
131 |
sgml-default-dtd-file:nil |
132 |
sgml-exposed-tags:nil |
133 |
sgml-local-catalogs:nil |
134 |
sgml-local-ecat-files:nil |
135 |
End: |
136 |
--> |