JSON RPC
Module description
AAA - a subsystem that manages and stores information about users, roles, access rights of objects on the cluster
Operations
Add HA resources to cluster
Context model: ClusterHAResource
Request data
{
"context": {
"op": "cluster_resource_ha_add"
},
"data": {
"reserved_ha_cpu": "<reserved_ha_cpu>",
"reserved_ha_ram": "<reserved_ha_ram>",
"reserved_ha_disk": "<reserved_ha_disk>",
"resources_share": "<resources_share>"
}
}
Description
reserved_ha_cpu [ int ] - Reserved HA CPU percent
reserved_ha_ram [ int ] - Reserved HA RAM percent
reserved_ha_disk [ int ] - Reserved HA Disk percent
resources_share [ ] - Cluster resource sharing (Default - no) ['yes', 'no']
Show HA resources from cluster
Context model: ClusterHAResource
Request data
Update HA resources to cluster
Context model: ClusterHAResource
Request data
{
"context": {
"op": "cluster_resource_ha_update"
},
"data": {
"reserved_ha_cpu": "<reserved_ha_cpu>",
"reserved_ha_ram": "<reserved_ha_ram>",
"reserved_ha_disk": "<reserved_ha_disk>",
"resources_share": "<resources_share>"
}
}
Description
reserved_ha_cpu [ int ] - Reserved HA CPU percent
reserved_ha_ram [ int ] - Reserved HA RAM percent
reserved_ha_disk [ int ] - Reserved HA Disk percent
resources_share [ ] - Cluster resource sharing (Default - no) ['yes', 'no']
Delete HA resources from cluster
Context model: ClusterHAResource
Request data
Add reserved resources to nodes
Context model: ClusterResource
Request data
{
"context": {
"op": "cluster_resource_reserved_add"
},
"data": {
"overcommit_cpu": "<overcommit_cpu>",
"overcommit_ram": "<overcommit_ram>",
"reserved_system_cpu": "<reserved_system_cpu>",
"reserved_system_ram": "<reserved_system_ram>",
"reserved_system_disk": "<reserved_system_disk>",
"uuids": "<uuids>"
}
}
Description
overcommit_cpu [ float ] - Overcommit CPU (float)
overcommit_ram [ float ] - Overcommit RAM (float)
reserved_system_cpu [ int ] - Reserved CPU count
reserved_system_ram [ memstr ] - Reserved RAM count
reserved_system_disk [ memstr ] - Reserved Disk count
uuids [ * required ] - List of UUID nodes
Show reserved resources from node
Context model: ClusterResource
Request data
Description
uuids [ * required ] - List of UUID nodes
Update reserved resources to node
Context model: ClusterResource
Request data
{
"context": {
"op": "cluster_resource_reserved_update"
},
"data": {
"overcommit_cpu": "<overcommit_cpu>",
"overcommit_ram": "<overcommit_ram>",
"reserved_system_cpu": "<reserved_system_cpu>",
"reserved_system_ram": "<reserved_system_ram>",
"reserved_system_disk": "<reserved_system_disk>",
"uuid": "<uuid>"
}
}
Description
overcommit_cpu [ float ] - Overcommit CPU (float)
overcommit_ram [ float ] - Overcommit RAM (float)
reserved_system_cpu [ int ] - Reserved CPU count
reserved_system_ram [ memstr ] - Reserved RAM count
reserved_system_disk [ memstr ] - Reserved Disk count
uuid [ str required ] - Node UUID
Delete reserved resources from node
Context model: ClusterResource
Request data
Description
uuids [ * required ] - List of UUID nodes
View available RAM and CPU resources
Request data
View available RAM and CPU resources by nodes
Request data
Force delete namespace (Virtual DC) from Cluster
Context model: Namespaces
Request data
Description
cluster [ required ] - Cluster name
ns [ required ] - Namespace name
Add new namespace (Virtual DC) to Cluster
Context model: Namespaces
Request data
{
"context": {
"op": "namespace_add"
},
"data": {
"cluster": "<cluster>",
"ns": "<ns>",
"paths": "<paths>",
"descr": "<descr>",
"vcpu": "<vcpu>",
"vram": "<vram>",
"init_file": "<init_file>"
}
}
Description
cluster [ required ] - Cluster name
ns [ required ] - Namespace name
paths [ jsonstr ] - Directory tree as JSON object
descr [ ] - Namespace description
vcpu [ int required ] - Virtual CPU
vram [ memstr required ] - Virtual RAM
init_file [ str ] - Path to namespace initial configuration file
Update namespace (Virtual DC) to Cluster
Context model: Namespaces
Request data
{
"context": {
"op": "namespace_update"
},
"data": {
"cluster": "<cluster>",
"ns": "<ns>",
"paths": "<paths>",
"descr": "<descr>",
"vcpu": "<vcpu>",
"vram": "<vram>"
}
}
Description
cluster [ required ] - Cluster name
ns [ required ] - Namespace name
paths [ jsonstr ] - Directory tree as JSON object
descr [ ] - Namespace description
vcpu [ int ] - Virtual CPU
vram [ memstr ] - Virtual RAM
Present paths structure of namespace
Context model: Namespaces
Request data
Update paths of current namespace (Virtual DC)
Context model: Namespaces
Request data
Description
paths [ jsonstr ] - Directory tree as JSON object
List namespaces (Virtual DC) from Cluster
Context model: Namespaces
Request data
Description
cluster [ required ] - Cluster name
Show namespace (Virtual DC) from Cluster
Context model: Namespaces
Request data
Description
cluster [ required ] - Cluster name
ns [ required ] - Namespace name
Delete user
Context model: Users
Request data
Description
login [ required ] - User login
Delete user (force delete user data)
Context model: Users
Request data
Description
login [ required ] - User login
Add new user
Context model: Users
Request data
{
"context": {
"op": "user_add"
},
"data": {
"login": "<login>",
"path": "<path>",
"email": "<email>",
"whitelist_networks": "<whitelist_networks>",
"roles": "<roles>",
"descr": "<descr>",
"passwd": "<passwd>"
}
}
Description
login [ required ] - User login
path [ path ] - User path
email [ email ] - User email
whitelist_networks [ ipv4network * ] - List of white networks
roles [ * ] - User roles
descr [ ] - User description
passwd [ ] - User password
Send namespace cert to user(s)
Context model: Users
Request data
Description
login [ required ] - User login
Delete yourself OTP token
Context model: Users
Request data
Delete OTP token of user
Context model: Users
Request data
Description
login [ required ] - User login whose otp-code needs to be deleted
Update user whielist networks
Context model: Users
Request data
{
"context": {
"op": "user_whitelist_update"
},
"data": {
"login": "<login>",
"whitelist_networks": "<whitelist_networks>"
}
}
Description
login [ required ] - User login
whitelist_networks [ ipv4network * required ] - List of white networks
Update user status
Context model: Users
Request data
Description
login [ required ] - User login
status [ required ] - User status ['ACTIVE', 'BLOCKED']
Update user path
Context model: Users
Request data
Description
login [ required ] - User login
path [ required ] - User path
Update user
Context model: Users
Request data
{
"context": {
"op": "user_update"
},
"data": {
"login": "<login>",
"email": "<email>",
"roles": "<roles>",
"descr": "<descr>",
"passwd": "<passwd>",
"prev_passwd": "<prev_passwd>",
"cert": "<cert>"
}
}
Description
login [ required ] - User login
email [ email ] - User email
roles [ * ] - User roles
descr [ ] - User description
passwd [ ] - User password
prev_passwd [ ] - User last password
cert [ ] - Update user cert ['yes', 'no']
Update your email or password
Context model: Users
Request data
{
"context": {
"op": "user_param_update"
},
"data": {
"email": "<email>",
"passwd": "<passwd>",
"prev_passwd": "<prev_passwd>"
}
}
Description
email [ email ] - User email
passwd [ ] - User password
prev_passwd [ ] - User last password
Update user certificate
Context model: Users
Request data
List users
Context model: Users
Request data
Show user
Context model: Users
Request data
Description
login [ ] - User login
Delete LDAP config
Context model: Ldaps
Request data
Description
name [ required ] - Config name
Add LDAP config
Context model: Ldaps
Request data
{
"context": {
"op": "param_ldap_add"
},
"data": {
"name": "<name>",
"url": "<url>",
"ca_data": "<ca_data>",
"ca_file": "<ca_file>",
"user": "<user>",
"passwd": "<passwd>",
"base_dn": "<base_dn>",
"query_group": "<query_group>",
"query_user": "<query_user>",
"query_active_users": "<query_active_users>",
"user_map": "<user_map>",
"group_map": "<group_map>",
"default_path": "<default_path>",
"notif_route": "<notif_route>",
"error_limit": "<error_limit>"
}
}
Description
name [ required ] - Config name
url [ ] - Server URL
ca_data [ ] - Ldap server certificate contents
ca_file [ ] - Ldap server certificate
user [ ] - Service user
passwd [ ] - Service passwd
base_dn [ ] - LDAP base DN
query_group [ ] - LDAP query to get groups
query_user [ ] - LDAP query to get users
query_active_users [ ] - LDAP query to get active users
user_map [ jsonstr ] - User mapping attributes
group_map [ jsonstr ] - Group mapping attributes
default_path [ path ] - Default path for loaded users
notif_route [ ] - Route name for send notifications about LDAP errors
error_limit [ int ] - Limit the number of LDAP errors before will be send notification
List LDAP config
Context model: Ldaps
Request data
Show LDAP config
Context model: Ldaps
Request data
Description
name [ required ] - Config name
Update LDAP config
Context model: Ldaps
Request data
{
"context": {
"op": "param_ldap_update"
},
"data": {
"name": "<name>",
"url": "<url>",
"ca_data": "<ca_data>",
"ca_file": "<ca_file>",
"user": "<user>",
"passwd": "<passwd>",
"base_dn": "<base_dn>",
"query_group": "<query_group>",
"query_user": "<query_user>",
"query_active_users": "<query_active_users>",
"user_map": "<user_map>",
"group_map": "<group_map>",
"default_path": "<default_path>",
"notif_route": "<notif_route>",
"error_limit": "<error_limit>"
}
}
Description
name [ required ] - Config name
url [ ] - Server URL
ca_data [ ] - Ldap server certificate contents
ca_file [ ] - Ldap server certificate
user [ ] - Service user
passwd [ ] - Service passwd
base_dn [ ] - LDAP base DN
query_group [ ] - LDAP query to get groups
query_user [ ] - LDAP query to get users
query_active_users [ ] - LDAP query to get active users
user_map [ jsonstr ] - User mapping attributes
group_map [ jsonstr ] - Group mapping attributes
default_path [ path ] - Default path for loaded users
notif_route [ ] - Route name for send notifications about LDAP errors
error_limit [ int ] - Limit the number of LDAP errors before will be send notification
Disable checks
Context model: Params
Request data
Enable checks
Context model: Params
Request data
Delete AAA params
Context model: Params
Request data
Add AAA params
Context model: Params
Request data
{
"context": {
"op": "param_add"
},
"data": {
"auth_type": "<auth_type>",
"cert": "<cert>",
"ldap": "<ldap>",
"ldap_sync": "<ldap_sync>",
"validation_ip": "<validation_ip>",
"acc_delete_days": "<acc_delete_days>",
"acc_block_unused_days": "<acc_block_unused_days>",
"acc_block_try_cnt": "<acc_block_try_cnt>",
"acc_block_try_timeout_sec": "<acc_block_try_timeout_sec>",
"acc_block_try_suspend_sec": "<acc_block_try_suspend_sec>",
"sessions_max_cnt": "<sessions_max_cnt>",
"sessions_timeout_sec": "<sessions_timeout_sec>",
"password_pattern": "<password_pattern>",
"password_salt": "<password_salt>",
"password_diff_cnt": "<password_diff_cnt>",
"password_exp_days": "<password_exp_days>",
"password_min_exp_days": "<password_min_exp_days>",
"password_min_change": "<password_min_change>",
"require_generated_password_change": "<require_generated_password_change>",
"whitelist_networks": "<whitelist_networks>",
"tfa_client": "<tfa_client>",
"tfa_wait_sec": "<tfa_wait_sec>",
"notif_route": "<notif_route>",
"ns_owner_access": "<ns_owner_access>"
}
}
Description
auth_type [ ] - Auth type (default - BASIC) ['BASIC', 'TFA']
cert [ ] - Using cert for verify users connections ['yes', 'no']
ldap [ ] - LDAP config name
ldap_sync [ ] - Sync data from LDAP server (default - no) ['yes', 'no']
validation_ip [ ] - Check client network adress (default - no) ['yes', 'no']
acc_delete_days [ int ] - Days after completly delete account (default - 45 days)
acc_block_unused_days [ int ] - Days after block unused account (default - 45 days)
acc_block_try_cnt [ int ] - Try login count before suspend (default - 3)
acc_block_try_timeout_sec [ int ] - Try login interval counting (default - 5 min)
acc_block_try_suspend_sec [ int ] - Try login suspend timeout (default - 60 min)
sessions_max_cnt [ int ] - Max number of user sessions (default - 2)
sessions_timeout_sec [ int ] - Session timeout (default - 3 min)
password_pattern [ ] - Password regexp pattern (default - min 8 + UpperCase + LowerCase + Number + Spec char )
password_salt [ ] - Additional password salt (default - empty)
password_diff_cnt [ int ] - Password difference count char (default - 4)
password_exp_days [ int ] - Password expiration period (default - 60 days)
password_min_exp_days [ int ] - Password min expiration period (default - 10 days)
password_min_change [ int ] - Password min change count symbols (default - 2)
require_generated_password_change [ ] - Is possible to enter in namespace by user with generated password ['yes', 'no']
whitelist_networks [ ipv4network * ] - List of white networks
tfa_client [ ] - TFA Client factor (default - OTP) ['OTP']
tfa_wait_sec [ ] - TFA timeout (default - 1 min)
notif_route [ ] - Route name for notifications
ns_owner_access [ ] - Namespace owner access (default - yes) ['yes', 'no']
Update AAA params
Context model: Params
Request data
{
"context": {
"op": "param_update"
},
"data": {
"auth_type": "<auth_type>",
"cert": "<cert>",
"ldap": "<ldap>",
"ldap_sync": "<ldap_sync>",
"validation_ip": "<validation_ip>",
"acc_delete_days": "<acc_delete_days>",
"acc_block_unused_days": "<acc_block_unused_days>",
"acc_block_try_cnt": "<acc_block_try_cnt>",
"acc_block_try_timeout_sec": "<acc_block_try_timeout_sec>",
"acc_block_try_suspend_sec": "<acc_block_try_suspend_sec>",
"sessions_max_cnt": "<sessions_max_cnt>",
"sessions_timeout_sec": "<sessions_timeout_sec>",
"password_pattern": "<password_pattern>",
"password_salt": "<password_salt>",
"password_diff_cnt": "<password_diff_cnt>",
"password_exp_days": "<password_exp_days>",
"password_min_exp_days": "<password_min_exp_days>",
"password_min_change": "<password_min_change>",
"require_generated_password_change": "<require_generated_password_change>",
"whitelist_networks": "<whitelist_networks>",
"tfa_client": "<tfa_client>",
"tfa_wait_sec": "<tfa_wait_sec>",
"otp_code_live_period_years": "<otp_code_live_period_years>",
"notif_route": "<notif_route>",
"ns_owner_access": "<ns_owner_access>"
}
}
Description
auth_type [ ] - Auth type (default - BASIC) ['BASIC', 'TFA']
cert [ ] - Using cert for verify users connections ['yes', 'no']
ldap [ ] - LDAP config name
ldap_sync [ ] - Sync data from LDAP server (default - no) ['yes', 'no']
validation_ip [ ] - Check client network adress (default - no) ['yes', 'no']
acc_delete_days [ int ] - Days after completly delete account (default - 45 days)
acc_block_unused_days [ int ] - Days after block unused account (default - 45 days)
acc_block_try_cnt [ int ] - Try login count before suspend (default - 3)
acc_block_try_timeout_sec [ int ] - Try login interval counting (default - 5 min)
acc_block_try_suspend_sec [ int ] - Try login suspend timeout (default - 60 min)
sessions_max_cnt [ int ] - Max number of user sessions (default - 2)
sessions_timeout_sec [ int ] - Session timeout (default - 3 min)
password_pattern [ ] - Password regexp pattern (default - min 8 + UpperCase + LowerCase + Number + Spec char )
password_salt [ ] - Additional password salt (default - empty)
password_diff_cnt [ int ] - Password difference count char (default - 4)
password_exp_days [ int ] - Password expiration period (default - 60 days)
password_min_exp_days [ int ] - Password min expiration period (default - 10 days)
password_min_change [ int ] - Password min change count symbols (default - 2)
require_generated_password_change [ ] - Is possible to enter in namespace by user with generated password ['yes', 'no']
whitelist_networks [ ipv4network * ] - List of white networks
tfa_client [ ] - TFA Client factor (default - OTP) ['OTP']
tfa_wait_sec [ ] - TFA timeout (default - 1 min)
otp_code_live_period_years [ int ] - The time period from the moment the OTP-code is installed when it will be valid (in years)
notif_route [ ] - Route name for notifications
ns_owner_access [ ] - Namespace owner access (default - yes) ['yes', 'no']
Show AAA params
Context model: Params
Request data
Delete role
Context model: Roles
Request data
Description
role [ required ] - Role name
Delete permissions
Context model: Permissions
Request data
Description
name [ required ] - Permission name
Add new permissions
Context model: Permissions
Request data
{
"context": {
"op": "permissions_add"
},
"data": {
"name": "<name>",
"data": "<data>",
"descr": "<descr>"
}
}
Description
name [ required ] - Permission name
data [ jsonstr required ] - Permissions data
descr [ ] - Permission description
Add new role
Context model: Roles
Request data
{
"context": {
"op": "role_add"
},
"data": {
"role": "<role>",
"permissions": "<permissions>",
"descr": "<descr>"
}
}
Description
role [ required ] - Role name
permissions [ * required ] - Permission groups
descr [ ] - Role description
Update role
Context model: Roles
Request data
{
"context": {
"op": "role_update"
},
"data": {
"role": "<role>",
"permissions": "<permissions>",
"descr": "<descr>"
}
}
Description
role [ required ] - Role name
permissions [ * ] - Permission groups
descr [ ] - Role description
List roles
Context model: Roles
Request data
Show role
Context model: Roles
Request data
Description
role [ required ] - Role name
Show available permissions
Request data
Description
filter [ ] - Permission filter
List permissions
Context model: Permissions
Request data
Show permissions
Context model: Permissions
Request data
Description
name [ required ] - Permission name
List sessions
Context model: UserSessions
Request data
Delete session
Context model: UserSessions
Request data
Description
uuid [ required ] - Session UUID
Delete namespace (Virtual DC) from Cluster
Request data
{
"context": {
"op": "namespace_del"
},
"data": {
"ns": "<ns>",
"cluster": "<cluster>",
"force": "<force>"
}
}
Description
ns [ str required ] - Namespace to delete
cluster [ str required ] - Cluster containing namespace to be deleted
force [ str ] - Provide the name of the namespace to force-delete it
Models
ClusterResource
overcommit_cpu [ float ] - Overcommit CPU (float)
overcommit_ram [ float ] - Overcommit RAM (float)
reserved_system_cpu [ int ] - Reserved CPU count
reserved_system_ram [ memstr ] - Reserved RAM count
reserved_system_disk [ memstr ] - Reserved Disk count
uuids [ * required ] - List of UUID nodes
ClusterHAResource
reserved_ha_cpu [ int ] - Reserved HA CPU percent
reserved_ha_ram [ int ] - Reserved HA RAM percent
reserved_ha_disk [ int ] - Reserved HA Disk percent
resources_share [ ] - Cluster resource sharing (Default - no) ['yes', 'no']
UserSessions
uuid [ ] - Session UUID
login [ ] - User login
Permissions
name [ required ] - Permission name
data [ jsonstr required ] - Permissions data
descr [ ] - Permission description
Roles
role [ required ] - Role name
permissions [ * ] - Permission groups
descr [ ] - Role description
Ldaps
name [ required ] - Config name
url [ ] - Server URL
ca_file [ ] - Ldap server certificate
ca_data [ ] - Ldap server certificate contents
user [ ] - Service user
passwd [ ] - Service passwd
base_dn [ ] - LDAP base DN
query_group [ ] - LDAP query to get groups
query_user [ ] - LDAP query to get users
query_active_users [ ] - LDAP query to get active users
user_map [ jsonstr ] - User mapping attributes
group_map [ jsonstr ] - Group mapping attributes
default_path [ path ] - Default path for loaded users
notif_route [ ] - Route name for send notifications about LDAP errors
error_limit [ int ] - Limit the number of LDAP errors before will be send notification
Params
auth_type [ ] - Auth type (default - BASIC) ['BASIC', 'TFA']
cert [ ] - Using cert for verify users connections ['yes', 'no']
ldap [ ] - LDAP config name
ldap_sync [ ] - Sync data from LDAP server (default - no) ['yes', 'no']
ldap_sync_priority_users [ ] - Priority users in case of collision for load Ldap users ['local', 'ldap']
validation_ip [ ] - Check client network adress (default - no) ['yes', 'no']
acc_delete_days [ int ] - Days after completly delete account (default - 45 days)
acc_block_unused_days [ int ] - Days after block unused account (default - 45 days)
acc_block_try_cnt [ int ] - Try login count before suspend (default - 3)
acc_block_try_timeout_sec [ int ] - Try login interval counting (default - 5 min)
acc_block_try_suspend_sec [ int ] - Try login suspend timeout (default - 60 min)
sessions_max_cnt [ int ] - Max number of user sessions (default - 2)
sessions_timeout_sec [ int ] - Session timeout (default - 3 min)
password_pattern [ ] - Password regexp pattern (default - min 8 + UpperCase + LowerCase + Number + Spec char )
password_salt [ ] - Additional password salt (default - empty)
password_diff_cnt [ int ] - Password difference count char (default - 4)
password_exp_days [ int ] - Password expiration period (default - 60 days)
password_min_exp_days [ int ] - Password min expiration period (default - 10 days)
password_min_change [ int ] - Password min change count symbols (default - 2)
require_generated_password_change [ ] - Is possible to enter in namespace by user with generated password ['yes', 'no']
otp_code_live_period_years [ int ] - The time period from the moment the OTP-code is installed when it will be valid (in years)
whitelist_networks [ ipv4network * ] - List of white networks
tfa_client [ ] - TFA Client factor (default - OTP) ['OTP']
tfa_wait_sec [ ] - TFA timeout (default - 1 min)
notif_route [ ] - Route name for notifications
ns_owner_access [ ] - Namespace owner access (default - yes) ['yes', 'no']
Namespaces
cluster [ required ] - Cluster name
ns [ required ] - Namespace name
paths [ jsonstr ] - Directory tree as JSON object
descr [ ] - Namespace description
master_key_id [ ] - Namespace key
encrypt_key_id [ ] - Namespace encrypt key
vcpu [ int required ] - Virtual CPU
vram [ memstr required ] - Virtual RAM
labels [ str ] - Labels to delegate to a namespace
init_file [ str ] - Path to namespace initial configuration file
Users
login [ required ] - User login
path [ path ] - User path
email [ email ] - User email
whitelist_networks [ ipv4network * ] - List of white networks
roles [ * ] - User roles
passwd [ ] - User password
prev_passwd [ ] - User last password
descr [ ] - User description
key_id [ ] - User cert
auth_code [ ] - User's code for authentication