root / man / ganeti-rapi.rst @ fcdb582d
History | View | Annotate | Download (1.7 kB)
1 |
ganeti-rapi(8) Ganeti | Version @GANETI_VERSION@ |
---|---|
2 |
================================================ |
3 |
|
4 |
Name |
5 |
---- |
6 |
|
7 |
ganeti-rapi - Ganeti remote API daemon |
8 |
|
9 |
Synopsis |
10 |
-------- |
11 |
|
12 |
**ganeti-rapi** [-d] [-f] [--no-ssl] [-K *SSL_KEY_FILE*] [-C |
13 |
*SSL_CERT_FILE*] |
14 |
|
15 |
DESCRIPTION |
16 |
----------- |
17 |
|
18 |
**ganeti-rapi** is the daemon providing a remote API for Ganeti |
19 |
clusters. |
20 |
|
21 |
It is automatically started on the master node, and by default it |
22 |
uses SSL encryption. This can be disabled by passing the |
23 |
``--no-ssl`` option, or alternatively the certificate used can be |
24 |
changed via the ``-C`` option and the key via the ``-K`` option. |
25 |
|
26 |
The daemon will listen to the "ganeti-rapi" tcp port, as listed in the |
27 |
system services database, or if not defined, to port 5080 by default. |
28 |
|
29 |
See the *Ganeti remote API* documentation for further information. |
30 |
|
31 |
Requests are logged to ``@LOCALSTATEDIR@/log/ganeti/rapi-daemon.log``, |
32 |
in the same format as for the node and master daemon. |
33 |
|
34 |
ACCESS CONTROLS |
35 |
--------------- |
36 |
|
37 |
All query operations are allowed without authentication. Only the |
38 |
modification operations require authentication, in the form of basic |
39 |
authentication. |
40 |
|
41 |
The users and their rights are defined in the |
42 |
``@LOCALSTATEDIR@/lib/ganeti/rapi/users`` file. The users |
43 |
should be listed one per line, in the following format:: |
44 |
|
45 |
username password options |
46 |
|
47 |
Currently the *options* field should equal the string ``write`` in |
48 |
order to actually give write permission for the given users. Example:: |
49 |
|
50 |
rclient secret write |
51 |
guest testpw |
52 |
|
53 |
The first user (*rclient*) has read-write rights, whereas the second |
54 |
user (*guest*) only has read (query) rights, and as such is no |
55 |
different than not using authentication at all. |
56 |
|
57 |
More details (including on how to use hashed passwords) can be found |
58 |
in the Ganeti documentation. |