Revision f52cb680
b/man/ganeti-rapi.rst | ||
---|---|---|
1 |
ganeti-rapi(8) Ganeti | Version @GANETI_VERSION@ |
|
2 |
================================================ |
|
3 |
|
|
4 |
Name |
|
5 |
---- |
|
6 |
|
|
7 |
ganeti-rapi - Ganeti remote API daemon |
|
8 |
|
|
9 |
Synopsis |
|
10 |
-------- |
|
11 |
|
|
12 |
**ganeti-rapi** [-d] [-f] [--no-ssl] [-K *SSL_KEY_FILE*] [-C |
|
13 |
*SSL_CERT_FILE*] |
|
14 |
|
|
15 |
DESCRIPTION |
|
16 |
----------- |
|
17 |
|
|
18 |
**ganeti-rapi** is the daemon providing a remote API for Ganeti |
|
19 |
clusters. |
|
20 |
|
|
21 |
It is automatically started on the master node, and by default it |
|
22 |
uses SSL encryption. This can be disabled by passing the |
|
23 |
``--no-ssl`` option, or alternatively the certificate used can be |
|
24 |
changed via the ``-C`` option and the key via the ``-K`` option. |
|
25 |
|
|
26 |
The daemon will listen to the "ganeti-rapi" tcp port, as listed in the |
|
27 |
system services database, or if not defined, to port 5080 by default. |
|
28 |
|
|
29 |
See the *Ganeti remote API* documentation for further information. |
|
30 |
|
|
31 |
Requests are logged to ``@LOCALSTATEDIR@/log/ganeti/rapi-daemon.log``, |
|
32 |
in the same format as for the node and master daemon. |
|
33 |
|
|
34 |
ACCESS CONTROLS |
|
35 |
--------------- |
|
36 |
|
|
37 |
All query operations are allowed without authentication. Only the |
|
38 |
modification operations require authentication, in the form of basic |
|
39 |
authentication. |
|
40 |
|
|
41 |
The users and their rights are defined in a file named rapi_users, |
|
42 |
located in the ``@LOCALSTATEDIR@/lib/ganeti`` directory. The users |
|
43 |
should be listed one per line, in the following format:: |
|
44 |
|
|
45 |
username password options |
|
46 |
|
|
47 |
Currently the *options* field should equal the string ``write`` in |
|
48 |
order to actually give write permission for the given users. Example:: |
|
49 |
|
|
50 |
rclient secret write |
|
51 |
guest testpw |
|
52 |
|
|
53 |
The first user (*rclient*) has read-write rights, whereas the second |
|
54 |
user (*guest*) only has read (query) rights, and as such is no |
|
55 |
different than not using authentication at all. |
|
56 |
|
|
57 |
More details (including on how to use hashed passwords) can be found |
|
58 |
in the Ganeti documentation. |
Also available in: Unified diff