JSON RPC
Module description
AAA - a subsystem that manages and stores information about users, roles, access rights of objects on the cluster
Operations
Add HA resources to cluster
Context model: ClusterHAResource
Request data
{
"context": {
"op": "cluster_resource_ha_add"
},
"data": {
"reserved_ha_cpu": "<reserved_ha_cpu>",
"reserved_ha_ram": "<reserved_ha_ram>",
"reserved_ha_disk": "<reserved_ha_disk>",
"resources_share": "<resources_share>"
}
}
Description
reserved_ha_cpu [ int ] - Reserved HA CPU percent
reserved_ha_ram [ int ] - Reserved HA RAM percent
reserved_ha_disk [ int ] - Reserved HA Disk percent
resources_share [ ] - Cluster resource sharing (Default - no) ['yes', 'no']
Show HA resources from cluster
Context model: ClusterHAResource
Request data
Update HA resources to cluster
Context model: ClusterHAResource
Request data
{
"context": {
"op": "cluster_resource_ha_update"
},
"data": {
"reserved_ha_cpu": "<reserved_ha_cpu>",
"reserved_ha_ram": "<reserved_ha_ram>",
"reserved_ha_disk": "<reserved_ha_disk>",
"resources_share": "<resources_share>"
}
}
Description
reserved_ha_cpu [ int ] - Reserved HA CPU percent
reserved_ha_ram [ int ] - Reserved HA RAM percent
reserved_ha_disk [ int ] - Reserved HA Disk percent
resources_share [ ] - Cluster resource sharing (Default - no) ['yes', 'no']
Delete HA resources from cluster
Context model: ClusterHAResource
Request data
Show reserved resources from node
Context model: ClusterResource
Request data
Description
uuids [ * required ] - List of UUID nodes
Update reserved resources to node
Context model: ClusterResource
Request data
{
"context": {
"op": "cluster_resource_reserved_update"
},
"data": {
"overcommit_ram": "<overcommit_ram>",
"reserved_system_cpu": "<reserved_system_cpu>",
"reserved_system_ram": "<reserved_system_ram>",
"reserved_system_disk": "<reserved_system_disk>",
"uuid": "<uuid>"
}
}
Description
overcommit_ram [ float ] - Overcommit RAM (float)
reserved_system_cpu [ int ] - Reserved CPU count
reserved_system_ram [ memstr ] - Reserved RAM count
reserved_system_disk [ memstr ] - Reserved Disk count
uuid [ str required ] - Node UUID
Delete reserved resources from node
Context model: ClusterResource
Request data
Description
uuids [ * required ] - List of UUID nodes
View available RAM and CPU resources
Request data
View available RAM and CPU resources by nodes
Request data
Force delete namespace (Virtual DC) from Cluster
Context model: Namespaces
Request data
Description
cluster [ required ] - Cluster name
ns [ required ] - Namespace name
Add new namespace (Virtual DC) to Cluster
Context model: Namespaces
Request data
{
"context": {
"op": "namespace_add"
},
"data": {
"cluster": "<cluster>",
"ns": "<ns>",
"paths": "<paths>",
"descr": "<descr>",
"cpu": "<cpu>",
"ram": "<ram>",
"config_name": "<config_name>"
}
}
Description
cluster [ required ] - Cluster name
ns [ required ] - Namespace name
paths [ jsonstr ] - Directory tree as JSON object
descr [ ] - Namespace description
cpu [ float required ] - namespace CPU
ram [ memstr required ] - RAM
config_name [ str ] - The name of the configuration for defining roles
Update namespace (Virtual DC) to Cluster
Context model: Namespaces
Request data
{
"context": {
"op": "namespace_update"
},
"data": {
"cluster": "<cluster>",
"ns": "<ns>",
"paths": "<paths>",
"descr": "<descr>",
"cpu": "<cpu>",
"ram": "<ram>"
}
}
Description
cluster [ required ] - Cluster name
ns [ required ] - Namespace name
paths [ jsonstr ] - Directory tree as JSON object
descr [ ] - Namespace description
cpu [ float ] - Namespace CPU
ram [ memstr ] - RAM
Present paths structure of namespace
Context model: Namespaces
Request data
Update paths of current namespace (Virtual DC)
Context model: Namespaces
Request data
Description
paths [ jsonstr ] - Directory tree as JSON object
List namespaces (Virtual DC) from Cluster
Context model: Namespaces
Request data
Description
cluster [ required ] - Cluster name
Show namespace (Virtual DC) from Cluster
Context model: Namespaces
Request data
Description
cluster [ required ] - Cluster name
ns [ required ] - Namespace name
Delete user
Context model: Users
Request data
Description
login [ required ] - User login
Delete user (force delete user data)
Context model: Users
Request data
Description
login [ required ] - User login
Add new user
Context model: Users
Request data
{
"context": {
"op": "user_add"
},
"data": {
"login": "<login>",
"path": "<path>",
"email": "<email>",
"whitelist_networks": "<whitelist_networks>",
"roles": "<roles>",
"descr": "<descr>",
"passwd": "<passwd>"
}
}
Description
login [ required ] - User login
path [ path ] - User path
email [ email ] - User email
whitelist_networks [ ipv4network * ] - List of white networks
roles [ * ] - User roles
descr [ ] - User description
passwd [ ] - User password
Send namespace cert to user(s)
Context model: Users
Request data
Description
login [ required ] - User login
Delete yourself OTP token
Context model: Users
Request data
Delete OTP token of user
Context model: Users
Request data
Description
login [ required ] - User login whose otp-code needs to be deleted
Update user whielist networks
Context model: Users
Request data
{
"context": {
"op": "user_whitelist_update"
},
"data": {
"login": "<login>",
"whitelist_networks": "<whitelist_networks>"
}
}
Description
login [ required ] - User login
whitelist_networks [ ipv4network * required ] - List of white networks
Update user status
Context model: Users
Request data
Description
login [ required ] - User login
status [ required ] - User status ['ACTIVE', 'BLOCKED']
Update user path
Context model: Users
Request data
Description
login [ required ] - User login
path [ required ] - User path
Update user
Context model: Users
Request data
{
"context": {
"op": "user_update"
},
"data": {
"login": "<login>",
"email": "<email>",
"roles": "<roles>",
"descr": "<descr>",
"passwd": "<passwd>",
"prev_passwd": "<prev_passwd>",
"cert": "<cert>"
}
}
Description
login [ required ] - User login
email [ email ] - User email
roles [ * ] - User roles
descr [ ] - User description
passwd [ ] - User password
prev_passwd [ ] - User last password
cert [ ] - Update user cert ['yes', 'no']
Update your email or password
Context model: Users
Request data
{
"context": {
"op": "user_param_update"
},
"data": {
"email": "<email>",
"passwd": "<passwd>",
"prev_passwd": "<prev_passwd>"
}
}
Description
email [ email ] - User email
passwd [ ] - User password
prev_passwd [ ] - User last password
Update user certificate
Context model: Users
Request data
List users
Context model: Users
Request data
Show user
Context model: Users
Request data
Description
login [ required ] - User login
Show user
Context model: Users
Request data
Delete LDAP config
Context model: Ldaps
Request data
Description
name [ required ] - Config name
Add LDAP config
Context model: Ldaps
Request data
{
"context": {
"op": "param_ldap_add"
},
"data": {
"name": "<name>",
"url": "<url>",
"ca_data": "<ca_data>",
"ca_file": "<ca_file>",
"user": "<user>",
"passwd": "<passwd>",
"base_dn": "<base_dn>",
"query_group": "<query_group>",
"query_user": "<query_user>",
"query_active_users": "<query_active_users>",
"user_map": "<user_map>",
"group_map": "<group_map>",
"default_path": "<default_path>",
"notif_route": "<notif_route>",
"error_limit": "<error_limit>"
}
}
Description
name [ required ] - Config name
url [ ] - Server URL
ca_data [ ] - Ldap server certificate contents
ca_file [ ] - Ldap server certificate
user [ ] - Service user
passwd [ ] - Service passwd
base_dn [ ] - LDAP base DN
query_group [ ] - LDAP query to get groups
query_user [ ] - LDAP query to get users
query_active_users [ ] - LDAP query to get active users
user_map [ jsonstr ] - User mapping attributes
group_map [ jsonstr ] - Group mapping attributes
default_path [ path ] - Default path for loaded users
notif_route [ ] - Route name for send notifications about LDAP errors
error_limit [ int ] - Limit the number of LDAP errors before will be send notification
List LDAP config
Context model: Ldaps
Request data
Show LDAP config
Context model: Ldaps
Request data
Description
name [ required ] - Config name
Update LDAP config
Context model: Ldaps
Request data
{
"context": {
"op": "param_ldap_update"
},
"data": {
"name": "<name>",
"url": "<url>",
"ca_data": "<ca_data>",
"ca_file": "<ca_file>",
"user": "<user>",
"passwd": "<passwd>",
"base_dn": "<base_dn>",
"query_group": "<query_group>",
"query_user": "<query_user>",
"query_active_users": "<query_active_users>",
"user_map": "<user_map>",
"group_map": "<group_map>",
"default_path": "<default_path>",
"notif_route": "<notif_route>",
"error_limit": "<error_limit>"
}
}
Description
name [ required ] - Config name
url [ ] - Server URL
ca_data [ ] - Ldap server certificate contents
ca_file [ ] - Ldap server certificate
user [ ] - Service user
passwd [ ] - Service passwd
base_dn [ ] - LDAP base DN
query_group [ ] - LDAP query to get groups
query_user [ ] - LDAP query to get users
query_active_users [ ] - LDAP query to get active users
user_map [ jsonstr ] - User mapping attributes
group_map [ jsonstr ] - Group mapping attributes
default_path [ path ] - Default path for loaded users
notif_route [ ] - Route name for send notifications about LDAP errors
error_limit [ int ] - Limit the number of LDAP errors before will be send notification
Disable checks
Context model: Params
Request data
Enable checks
Context model: Params
Request data
Delete AAA params
Context model: Params
Request data
Add AAA params
Context model: Params
Request data
{
"context": {
"op": "param_add"
},
"data": {
"auth_type": "<auth_type>",
"auth_type_privileged": "<auth_type_privileged>",
"cert": "<cert>",
"cert_privileged": "<cert_privileged>",
"ldap": "<ldap>",
"ldap_sync": "<ldap_sync>",
"validation_ip": "<validation_ip>",
"acc_delete_days": "<acc_delete_days>",
"acc_block_unused_days": "<acc_block_unused_days>",
"acc_block_unused_days_privileged": "<acc_block_unused_days_privileged>",
"acc_block_try_cnt": "<acc_block_try_cnt>",
"acc_block_try_cnt_privileged": "<acc_block_try_cnt_privileged>",
"acc_block_try_timeout_sec": "<acc_block_try_timeout_sec>",
"acc_block_try_timeout_sec_privileged": "<acc_block_try_timeout_sec_privileged>",
"acc_block_try_suspend_sec": "<acc_block_try_suspend_sec>",
"acc_block_try_suspend_sec_privileged": "<acc_block_try_suspend_sec_privileged>",
"sessions_max_cnt": "<sessions_max_cnt>",
"sessions_max_cnt_privileged": "<sessions_max_cnt_privileged>",
"sessions_timeout_sec": "<sessions_timeout_sec>",
"sessions_timeout_sec_privileged": "<sessions_timeout_sec_privileged>",
"sessions_multi_origin": "<sessions_multi_origin>",
"password_pattern": "<password_pattern>",
"password_pattern_privileged": "<password_pattern_privileged>",
"password_salt": "<password_salt>",
"password_diff_cnt": "<password_diff_cnt>",
"password_diff_cnt_privileged": "<password_diff_cnt_privileged>",
"password_exp_days": "<password_exp_days>",
"password_exp_days_privileged": "<password_exp_days_privileged>",
"password_min_exp_days": "<password_min_exp_days>",
"password_min_exp_days_privileged": "<password_min_exp_days_privileged>",
"password_min_change": "<password_min_change>",
"password_min_change_privileged": "<password_min_change_privileged>",
"require_generated_password_change": "<require_generated_password_change>",
"whitelist_networks": "<whitelist_networks>",
"tfa_client": "<tfa_client>",
"tfa_wait_sec": "<tfa_wait_sec>",
"notif_route": "<notif_route>",
"ns_owner_access": "<ns_owner_access>"
}
}
Description
auth_type [ ] - Auth type (default - BASIC) ['BASIC', 'TFA']
auth_type_privileged [ ] - Auth type (default - BASIC) ['BASIC', 'TFA']
cert [ ] - Using cert for verify users connections ['yes', 'no']
cert_privileged [ ] - Using cert for verify users connections ['yes', 'no']
ldap [ ] - LDAP config name
ldap_sync [ ] - Sync data from LDAP server (default - no) ['yes', 'no']
validation_ip [ ] - Check client network adress (default - no) ['yes', 'no']
acc_delete_days [ int ] - Days after completly delete account (default - 45 days)
acc_block_unused_days [ int ] - Days after block unused account (default - 45 days)
acc_block_unused_days_privileged [ int ] - Days after block unused account (default - 45 days)
acc_block_try_cnt [ int ] - Try login count before suspend (default - 3)
acc_block_try_cnt_privileged [ int ] - Try login count before suspend (default - 3)
acc_block_try_timeout_sec [ int ] - Try login interval counting (default - 5 min)
acc_block_try_timeout_sec_privileged [ int ] - Try login interval counting (default - 5 min)
acc_block_try_suspend_sec [ int ] - Try login suspend timeout (default - 60 min)
acc_block_try_suspend_sec_privileged [ int ] - Try login suspend timeout (default - 60 min)
sessions_max_cnt [ int ] - Max number of user sessions (default - 2)
sessions_max_cnt_privileged [ int ] - Max number of user sessions (default - 2)
sessions_timeout_sec [ int ] - Session timeout (default - 3 min)
sessions_timeout_sec_privileged [ int ] - Session timeout (default - 3 min)
sessions_multi_origin [ ] - Allow multiple user sessions from different IPs ['yes', 'no']
password_pattern [ ] - Password regexp pattern (default - min 8 + UpperCase + LowerCase + Number + Spec char )
password_pattern_privileged [ ] - Password regexp pattern (default - min 8 + UpperCase + LowerCase + Number + Spec char )
password_salt [ ] - Additional password salt (default - empty)
password_diff_cnt [ int ] - Password difference count char (default - 4)
password_diff_cnt_privileged [ int ] - Password difference count char (default - 4)
password_exp_days [ int ] - Password expiration period (default - 60 days)
password_exp_days_privileged [ int ] - Password expiration period (default - 60 days)
password_min_exp_days [ int ] - Password min expiration period (default - 10 days)
password_min_exp_days_privileged [ int ] - Password min expiration period (default - 10 days)
password_min_change [ int ] - Password min change count symbols (default - 2)
password_min_change_privileged [ int ] - Password min change count symbols (default - 2)
require_generated_password_change [ ] - Is possible to enter in namespace by user with generated password ['yes', 'no']
whitelist_networks [ ipv4network * ] - List of white networks
tfa_client [ ] - TFA Client factor (default - OTP) ['OTP']
tfa_wait_sec [ ] - TFA timeout (default - 1 min)
notif_route [ ] - Route name for notifications
ns_owner_access [ ] - Namespace owner access (default - yes) ['yes', 'no']
Update AAA params
Context model: Params
Request data
{
"context": {
"op": "param_update"
},
"data": {
"auth_type": "<auth_type>",
"auth_type_privileged": "<auth_type_privileged>",
"cert": "<cert>",
"cert_privileged": "<cert_privileged>",
"ldap": "<ldap>",
"ldap_sync": "<ldap_sync>",
"validation_ip": "<validation_ip>",
"acc_delete_days": "<acc_delete_days>",
"acc_block_unused_days": "<acc_block_unused_days>",
"acc_block_try_cnt": "<acc_block_try_cnt>",
"acc_block_try_cnt_privileged": "<acc_block_try_cnt_privileged>",
"acc_block_try_timeout_sec": "<acc_block_try_timeout_sec>",
"acc_block_try_timeout_sec_privileged": "<acc_block_try_timeout_sec_privileged>",
"acc_block_try_suspend_sec": "<acc_block_try_suspend_sec>",
"acc_block_try_suspend_sec_privileged": "<acc_block_try_suspend_sec_privileged>",
"sessions_max_cnt": "<sessions_max_cnt>",
"sessions_max_cnt_privileged": "<sessions_max_cnt_privileged>",
"sessions_timeout_sec": "<sessions_timeout_sec>",
"sessions_timeout_sec_privileged": "<sessions_timeout_sec_privileged>",
"sessions_multi_origin": "<sessions_multi_origin>",
"password_pattern": "<password_pattern>",
"password_pattern_privileged": "<password_pattern_privileged>",
"password_salt": "<password_salt>",
"password_diff_cnt": "<password_diff_cnt>",
"password_diff_cnt_privileged": "<password_diff_cnt_privileged>",
"password_exp_days": "<password_exp_days>",
"password_exp_days_privileged": "<password_exp_days_privileged>",
"password_min_exp_days": "<password_min_exp_days>",
"password_min_exp_days_privileged": "<password_min_exp_days_privileged>",
"password_min_change": "<password_min_change>",
"password_min_change_privileged": "<password_min_change_privileged>",
"require_generated_password_change": "<require_generated_password_change>",
"whitelist_networks": "<whitelist_networks>",
"tfa_client": "<tfa_client>",
"tfa_wait_sec": "<tfa_wait_sec>",
"otp_code_live_period_years": "<otp_code_live_period_years>",
"notif_route": "<notif_route>",
"ns_owner_access": "<ns_owner_access>"
}
}
Description
auth_type [ ] - Auth type (default - BASIC) ['BASIC', 'TFA']
auth_type_privileged [ ] - Auth type (default - BASIC) ['BASIC', 'TFA']
cert [ ] - Using cert for verify users connections ['yes', 'no']
cert_privileged [ ] - Using cert for verify users connections ['yes', 'no']
ldap [ ] - LDAP config name
ldap_sync [ ] - Sync data from LDAP server (default - no) ['yes', 'no']
validation_ip [ ] - Check client network adress (default - no) ['yes', 'no']
acc_delete_days [ int ] - Days after completly delete account (default - 45 days)
acc_block_unused_days [ int ] - Days after block unused account (default - 45 days)
acc_block_try_cnt [ int ] - Try login count before suspend (default - 3)
acc_block_try_cnt_privileged [ int ] - Try login count before suspend (default - 3)
acc_block_try_timeout_sec [ int ] - Try login interval counting (default - 5 min)
acc_block_try_timeout_sec_privileged [ int ] - Try login interval counting (default - 5 min)
acc_block_try_suspend_sec [ int ] - Try login suspend timeout (default - 60 min)
acc_block_try_suspend_sec_privileged [ int ] - Try login suspend timeout (default - 60 min)
sessions_max_cnt [ int ] - Max number of user sessions (default - 2)
sessions_max_cnt_privileged [ int ] - Max number of user sessions (default - 2)
sessions_timeout_sec [ int ] - Session timeout (default - 3 min)
sessions_timeout_sec_privileged [ int ] - Session timeout (default - 3 min)
sessions_multi_origin [ ] - Allow multiple user sessions from different IPs ['yes', 'no']
password_pattern [ ] - Password regexp pattern (default - min 8 + UpperCase + LowerCase + Number + Spec char )
password_pattern_privileged [ ] - Password regexp pattern (default - min 8 + UpperCase + LowerCase + Number + Spec char )
password_salt [ ] - Additional password salt (default - empty)
password_diff_cnt [ int ] - Password difference count char (default - 4)
password_diff_cnt_privileged [ int ] - Password difference count char (default - 4)
password_exp_days [ int ] - Password expiration period (default - 60 days)
password_exp_days_privileged [ int ] - Password expiration period (default - 60 days)
password_min_exp_days [ int ] - Password min expiration period (default - 10 days)
password_min_exp_days_privileged [ int ] - Password min expiration period (default - 10 days)
password_min_change [ int ] - Password min change count symbols (default - 2)
password_min_change_privileged [ int ] - Password min change count symbols (default - 2)
require_generated_password_change [ ] - Is possible to enter in namespace by user with generated password ['yes', 'no']
whitelist_networks [ ipv4network * ] - List of white networks
tfa_client [ ] - TFA Client factor (default - OTP) ['OTP']
tfa_wait_sec [ ] - TFA timeout (default - 1 min)
otp_code_live_period_years [ int ] - The time period from the moment the OTP-code is installed when it will be valid (in years)
notif_route [ ] - Route name for notifications
ns_owner_access [ ] - Namespace owner access (default - yes) ['yes', 'no']
Show AAA params
Context model: Params
Request data
Description
filter [ str ] - param filter ['common', 'privileged']
Delete permissions from namespace
Context model: Permissions
Request data
{
"context": {
"op": "permissions_ns_del"
},
"data": {
"ns": "<ns>",
"permissions": "<permissions>"
}
}
Description
ns [ str required ] - Namespace to modify permissions list
permissions [ * required ] - Permissions list
Delegating permissions to namespace
Context model: Permissions
Request data
{
"context": {
"op": "permissions_ns_add"
},
"data": {
"ns": "<ns>",
"permissions": "<permissions>"
}
}
Description
ns [ str required ] - Namespace to modify permissions list
permissions [ * required ] - Permissions list
List permissions
Context model: Permissions
Request data
Description
cluster [ str ] - cluster name
ns [ str ] - namespace name
Add new role
Context model: Roles
Request data
{
"context": {
"op": "role_add"
},
"data": {
"role": "<role>",
"permissions": "<permissions>",
"descr": "<descr>"
}
}
Description
role [ required ] - Role name
permissions [ * required ] - Permission list
descr [ ] - Role description
Delete role
Context model: Roles
Request data
Description
role [ required ] - Role name
Update role
Context model: Roles
Request data
{
"context": {
"op": "role_update"
},
"data": {
"role": "<role>",
"permissions": "<permissions>",
"descr": "<descr>"
}
}
Description
role [ required ] - Role name
permissions [ * ] - Permission list
descr [ ] - Role description
List roles
Context model: Roles
Request data
Show role
Context model: Roles
Request data
Description
role [ required ] - Role name
List sessions
Context model: UserSessions
Request data
Delete session
Context model: UserSessions
Request data
Description
uuid [ required ] - Session UUID
Delete namespace (Virtual DC) from Cluster
Request data
{
"context": {
"op": "namespace_del"
},
"data": {
"ns": "<ns>",
"cluster": "<cluster>",
"force": "<force>"
}
}
Description
ns [ str required ] - Namespace to delete
cluster [ str required ] - Cluster containing namespace to be deleted
force [ str ] - Provide the name of the namespace to force-delete it
Set user active time
Request data
{
"context": {
"op": "user_active_add"
},
"data": {
"login": "<login>",
"date_from": "<date_from>",
"date_before": "<date_before>",
"active_weekdays": "<active_weekdays>",
"time_from": "<time_from>",
"time_before": "<time_before>"
}
}
Description
login [ str required ] - User login
date_from [ str ] - date user is active from
date_before [ str ] - date user is active before
active_weekdays [ str * ] - user active weekdays
time_from [ str ] - daily time user is active from
time_before [ str ] - daily time user is active before
Delete user active time
Request data
Description
login [ str required ] - login
Update user active time
Request data
{
"context": {
"op": "user_active_update"
},
"data": {
"login": "<login>",
"date_from": "<date_from>",
"date_before": "<date_before>",
"active_weekdays": "<active_weekdays>",
"time_from": "<time_from>",
"time_before": "<time_before>"
}
}
Description
login [ str required ] - User login
date_from [ str ] - date user is active from
date_before [ str ] - date user is active before
active_weekdays [ str * ] - user active weekdays
time_from [ str ] - daily time user is active from
time_before [ str ] - daily time user is active before
Show user active time
Request data
Description
login [ str required ] - login
Add cluster parameters
Request data
{
"context": {
"op": "cluster_resource_overcommit_add"
},
"data": {
"cpu_overcommit_type": "<cpu_overcommit_type>",
"default_cpu_overcommit_ratio": "<default_cpu_overcommit_ratio>",
"cpu_quota_period": "<cpu_quota_period>",
"node_memory_limit": "<node_memory_limit>",
"ram_overcommit": "<ram_overcommit>",
"default_overcommit_tolerance": "<default_overcommit_tolerance>"
}
}
Description
cpu_overcommit_type [ str required ] - cpu overcommit type ['shares', 'quotas']
default_cpu_overcommit_ratio [ int required ] - cluster default cpu overcommit ratio
cpu_quota_period [ int ] - an interval in microseconds for cpu runtime quota
node_memory_limit [ int ] - node memory max usage limit percent
ram_overcommit [ int ] - ram overcommit percent
default_overcommit_tolerance [ int ] - clsuter default VM overcommit tolerance
Show cluster parameters
Request data
Update cluster parameters
Request data
{
"context": {
"op": "cluster_resource_overcommit_update"
},
"data": {
"cpu_overcommit_type": "<cpu_overcommit_type>",
"default_cpu_overcommit_ratio": "<default_cpu_overcommit_ratio>",
"cpu_quota_period": "<cpu_quota_period>",
"node_memory_limit": "<node_memory_limit>",
"ram_overcommit": "<ram_overcommit>",
"default_overcommit_tolerance": "<default_overcommit_tolerance>"
}
}
Description
cpu_overcommit_type [ str ] - cpu overcommit type ['shares', 'quotas']
default_cpu_overcommit_ratio [ int ] - cluster default cpu overcommit ratio
cpu_quota_period [ int ] - an interval in microseconds for cpu runtime quota
node_memory_limit [ int ] - node memory max usage limit percent
ram_overcommit [ int ] - ram overcommit percent
default_overcommit_tolerance [ int ] - clsuter default VM overcommit tolerance
Delete cluster parameters
Request data
Enable balloon memory overcommit on cluster
Request data
Disable balloon memory overcommit on cluster
Request data
Calculate resources that must be reserved for system
Request data
Collect and set reserved resources required by system
Request data
Models
ClusterResource
overcommit_ram [ float ] - Overcommit RAM (float)
reserved_system_cpu [ int ] - Reserved CPU count
reserved_system_ram [ memstr ] - Reserved RAM count
reserved_system_disk [ memstr ] - Reserved Disk count
uuids [ * required ] - List of UUID nodes
ClusterHAResource
reserved_ha_cpu [ int ] - Reserved HA CPU percent
reserved_ha_ram [ int ] - Reserved HA RAM percent
reserved_ha_disk [ int ] - Reserved HA Disk percent
resources_share [ ] - Cluster resource sharing (Default - no) ['yes', 'no']
UserSessions
uuid [ ] - Session UUID
login [ ] - User login
Permissions
ns [ str required ] - Namespace to modify permissions list
permissions [ * required ] - Permissions list
Roles
role [ required ] - Role name
permissions [ * ] - Permission list
descr [ ] - Role description
Ldaps
name [ required ] - Config name
url [ ] - Server URL
ca_file [ ] - Ldap server certificate
ca_data [ ] - Ldap server certificate contents
user [ ] - Service user
passwd [ ] - Service passwd
base_dn [ ] - LDAP base DN
query_group [ ] - LDAP query to get groups
query_user [ ] - LDAP query to get users
query_active_users [ ] - LDAP query to get active users
user_map [ jsonstr ] - User mapping attributes
group_map [ jsonstr ] - Group mapping attributes
default_path [ path ] - Default path for loaded users
notif_route [ ] - Route name for send notifications about LDAP errors
error_limit [ int ] - Limit the number of LDAP errors before will be send notification
Params
auth_type [ ] - Auth type (default - BASIC) ['BASIC', 'TFA']
auth_type_privileged [ ] - Auth type (default - BASIC) ['BASIC', 'TFA']
cert [ ] - Using cert for verify users connections ['yes', 'no']
cert_privileged [ ] - Using cert for verify users connections ['yes', 'no']
ldap [ ] - LDAP config name
ldap_sync [ ] - Sync data from LDAP server (default - no) ['yes', 'no']
ldap_sync_priority_users [ ] - Priority users in case of collision for load Ldap users ['local', 'ldap']
validation_ip [ ] - Check client network adress (default - no) ['yes', 'no']
acc_delete_days [ int ] - Days after completly delete account (default - 45 days)
acc_block_unused_days [ int ] - Days after block unused account (default - 45 days)
acc_block_unused_days_privileged [ int ] - Days after block unused account (default - 45 days)
acc_block_try_cnt [ int ] - Try login count before suspend (default - 3)
acc_block_try_cnt_privileged [ int ] - Try login count before suspend (default - 3)
acc_block_try_timeout_sec [ int ] - Try login interval counting (default - 5 min)
acc_block_try_timeout_sec_privileged [ int ] - Try login interval counting (default - 5 min)
acc_block_try_suspend_sec [ int ] - Try login suspend timeout (default - 60 min)
acc_block_try_suspend_sec_privileged [ int ] - Try login suspend timeout (default - 60 min)
sessions_max_cnt [ int ] - Max number of user sessions (default - 2)
sessions_max_cnt_privileged [ int ] - Max number of user sessions (default - 2)
sessions_timeout_sec [ int ] - Session timeout (default - 3 min)
sessions_timeout_sec_privileged [ int ] - Session timeout (default - 3 min)
sessions_multi_origin [ ] - Allow multiple user sessions from different IPs ['yes', 'no']
password_pattern [ ] - Password regexp pattern (default - min 8 + UpperCase + LowerCase + Number + Spec char )
password_pattern_privileged [ ] - Password regexp pattern (default - min 8 + UpperCase + LowerCase + Number + Spec char )
password_salt [ ] - Additional password salt (default - empty)
password_diff_cnt [ int ] - Password difference count char (default - 4)
password_diff_cnt_privileged [ int ] - Password difference count char (default - 4)
password_exp_days [ int ] - Password expiration period (default - 60 days)
password_exp_days_privileged [ int ] - Password expiration period (default - 60 days)
password_min_exp_days [ int ] - Password min expiration period (default - 10 days)
password_min_exp_days_privileged [ int ] - Password min expiration period (default - 10 days)
password_min_change [ int ] - Password min change count symbols (default - 2)
password_min_change_privileged [ int ] - Password min change count symbols (default - 2)
require_generated_password_change [ ] - Is possible to enter in namespace by user with generated password ['yes', 'no']
otp_code_live_period_years [ int ] - The time period from the moment the OTP-code is installed when it will be valid (in years)
whitelist_networks [ ipv4network * ] - List of white networks
tfa_client [ ] - TFA Client factor (default - OTP) ['OTP']
tfa_wait_sec [ ] - TFA timeout (default - 1 min)
notif_route [ ] - Route name for notifications
ns_owner_access [ ] - Namespace owner access (default - yes) ['yes', 'no']
Namespaces
cluster [ required ] - Cluster name
ns [ required ] - Namespace name
paths [ jsonstr ] - Directory tree as JSON object
descr [ ] - Namespace description
master_key_id [ ] - Namespace key
encrypt_key_id [ ] - Namespace encrypt key
cpu [ float required ] - namespace CPU
ram [ memstr required ] - RAM
config_name [ str ] - The name of the configuration for defining roles
Users
login [ required ] - User login
path [ path ] - User path
email [ email ] - User email
whitelist_networks [ ipv4network * ] - List of white networks
roles [ * ] - User roles
passwd [ ] - User password
prev_passwd [ ] - User last password
descr [ ] - User description
key_id [ ] - User cert
auth_code [ ] - User's code for authentication