Commit f1d243bd authored by Michael Hanselmann's avatar Michael Hanselmann

RAPI documentation fix and update

- Mention user capabilities in security.rst
- Replace “query” with “read” in RAPI documentation
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
parent 542e3dea
......@@ -16,6 +16,7 @@ it runs on TCP port 5080, but this can be changed either in
which is used by default, can also be disabled by passing command line
parameters.
.. _rapi-users:
Users and passwords
-------------------
......@@ -64,10 +65,11 @@ Example::
jessica {HA1}7046452df2cbb530877058712cf17bd4 write
# Monitoring can query for values
monitoring {HA1}ec018ffe72b8e75bb4d508ed5b6d079c query
monitoring {HA1}ec018ffe72b8e75bb4d508ed5b6d079c read
# A user who can query and write
superuser {HA1}ec018ffe72b8e75bb4d508ed5b6d079c query,write
# A user who can read and write (the former is implied by granting
# write access)
superuser {HA1}ec018ffe72b8e75bb4d508ed5b6d079c read,write
.. [#pwhash] Using the MD5 hash of username, realm and password is
......
......@@ -98,7 +98,9 @@ Remote API
----------
Starting with Ganeti 2.0, Remote API traffic is encrypted using SSL/TLS
by default. It supports Basic authentication as per :rfc:`2617`.
by default. It supports Basic authentication as per :rfc:`2617`. Users
can be granted different capabilities. Details can be found in the
:ref:`RAPI documentation <rapi-users>`.
Paths for certificate, private key and CA files required for SSL/TLS
will be set at source configure time. Symlinks or command line
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment