-
Guido Trotter authored
Currently rapi is the only daemon which accepts a port option, rather than querying its own port from services, and failing back to the default if not found. Changing this to conform to what other daemons do. Also update the ganeti-rapi(8) manpage Signed-off-by:
Guido Trotter <ultrotter@google.com> Reviewed-by:
Michael Hanselmann <hansmi@google.com>
8c96d01f
ganeti-rapi.sgml 3.80 KiB
<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
<!-- Fill in your name for FIRSTNAME and SURNAME. -->
<!-- Please adjust the date whenever revising the manpage. -->
<!ENTITY dhdate "<date>February 11, 2009</date>">
<!-- SECTION should be 1-8, maybe w/ subsection other parameters are
allowed: see man(7), man(1). -->
<!ENTITY dhsection "<manvolnum>8</manvolnum>">
<!ENTITY dhucpackage "<refentrytitle>ganeti-rapi</refentrytitle>">
<!ENTITY dhpackage "ganeti-rapi">
<!ENTITY debian "<productname>Debian</productname>">
<!ENTITY gnu "<acronym>GNU</acronym>">
<!ENTITY gpl "&gnu; <acronym>GPL</acronym>">
<!ENTITY footer SYSTEM "footer.sgml">
]>
<refentry>
<refentryinfo>
<copyright>
<year>2008</year>
<year>2009</year>
<holder>Google Inc.</holder>
</copyright>
&dhdate;
</refentryinfo>
<refmeta>
&dhucpackage;
&dhsection;
<refmiscinfo>ganeti 2.0</refmiscinfo>
</refmeta>
<refnamediv>
<refname>&dhpackage;</refname>
<refpurpose>ganeti remote API daemon</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>&dhpackage; </command>
<arg>-d</arg>
<arg>-f</arg>
<arg>--no-ssl</arg>
<arg>-K <replaceable>SSL_KEY_FILE</replaceable></arg>
<arg>-C <replaceable>SSL_CERT_FILE</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>
<command>&dhpackage;</command> is the daemon providing a remote
API for Ganeti clusters.
</para>
<para>
It is automatically started on the master node, and by default
it uses SSL encryption. This can be disabled by passing the
<option>--no-ssl</option> option, or alternatively the
certificate used can be changed via the <option>-C</option>
option and the key via the <option>-K</option> option.
</para>
<para>
The daemon will listen to the "ganeti-rapi" tcp port, as listed in the
system services database, or to port 5080 by default.
</para>
<para>
See the <emphasis>Ganeti remote API</emphasis> documentation for
further information.
</para>
<para>
Requests are logged to
<filename>@LOCALSTATEDIR@/log/ganeti/rapi-daemon.log</filename>,
in the same format as for the node and master daemon.
</para>
</refsect1>
<refsect1>
<title>ACCESS CONTROLS</title>
<para>
All query operations are allowed without authentication. Only
the modification operations require authentication, in the form
of basic authentication.
</para>
<para>
The users and their rights are defined in a file named
<filename>rapi_users</filename>, located in the <filename
class="directory">@LOCALSTATEDIR@/ganeti</filename>
directory. The users should be listed one per line, in the
following format:
</para>
<screen>username password options</screen>
<para>
Currently the <replaceable>options</replaceable> field should
equal the string <emphasis>write</emphasis> in order to actually
give write permission for the given users. Example:
</para>
<screen>rclient secret write
guest tespw
</screen>
<para>The first user (<userinput>rclient</userinput>) will have
read-write rights, whereas the second user does only have read
(query) rights, and as such is no different than not using
authentication at all.</para>
</refsect1>
&footer;
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:nil
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
-->