Commit f1d243bd authored by Michael Hanselmann's avatar Michael Hanselmann

RAPI documentation fix and update

- Mention user capabilities in security.rst
- Replace “query” with “read” in RAPI documentation
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
parent 542e3dea
...@@ -16,6 +16,7 @@ it runs on TCP port 5080, but this can be changed either in ...@@ -16,6 +16,7 @@ it runs on TCP port 5080, but this can be changed either in
which is used by default, can also be disabled by passing command line which is used by default, can also be disabled by passing command line
parameters. parameters.
.. _rapi-users:
Users and passwords Users and passwords
------------------- -------------------
...@@ -64,10 +65,11 @@ Example:: ...@@ -64,10 +65,11 @@ Example::
jessica {HA1}7046452df2cbb530877058712cf17bd4 write jessica {HA1}7046452df2cbb530877058712cf17bd4 write
# Monitoring can query for values # Monitoring can query for values
monitoring {HA1}ec018ffe72b8e75bb4d508ed5b6d079c query monitoring {HA1}ec018ffe72b8e75bb4d508ed5b6d079c read
# A user who can query and write # A user who can read and write (the former is implied by granting
superuser {HA1}ec018ffe72b8e75bb4d508ed5b6d079c query,write # write access)
superuser {HA1}ec018ffe72b8e75bb4d508ed5b6d079c read,write
.. [#pwhash] Using the MD5 hash of username, realm and password is .. [#pwhash] Using the MD5 hash of username, realm and password is
......
...@@ -98,7 +98,9 @@ Remote API ...@@ -98,7 +98,9 @@ Remote API
---------- ----------
Starting with Ganeti 2.0, Remote API traffic is encrypted using SSL/TLS Starting with Ganeti 2.0, Remote API traffic is encrypted using SSL/TLS
by default. It supports Basic authentication as per :rfc:`2617`. by default. It supports Basic authentication as per :rfc:`2617`. Users
can be granted different capabilities. Details can be found in the
:ref:`RAPI documentation <rapi-users>`.
Paths for certificate, private key and CA files required for SSL/TLS Paths for certificate, private key and CA files required for SSL/TLS
will be set at source configure time. Symlinks or command line will be set at source configure time. Symlinks or command line
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment