Machine Credentials¶
Machine Credentials contain the necessary information for logging into remote hosts as well as how to escalate privileges (sudo/su).
Managing Machine Credentials | URL |
---|---|
Get a machine credential object by ID | GET /api/v1/lcm/machine_credentials/{id} |
Get a list of machine credentials | GET /api/v1/lcm/machine_credentials/ |
Create a machine credential | POST /api/v1/lcm/machine_credentials/ |
Update a machine credential | PUT /api/v1/lcm/machine_credentials/{id} |
Delete a machine credential | DELETE /api/v1/lcm/repositories/{id} |
Managing Machine Credentials¶
- Machine Credential¶
{ "id": <value>, "name": <value>, "login-name": <value>, "login-password": <value>, "ssh-private-key": <value>, "ssh-unlock": <value> "become-mode": <value>, "become-user": <value>, "become-password": <value>, "use-ssh-keys": <value>, "comment": <value> }
Property Description of Values id A UUID for the Machine Credential. name A human-readable name for the credential. Required. login-name The username that will be used to log in to target nodes over SSH. Required. login-password The password that will be used to log in to target nodes over SSH, if using password authentication. ssh-private-key The private-key that will be used to log in to target nodes over SSH, if using key-based authentication. Must be in OpenSSH format, which is commonly used when creating keys with OpenSSH’s ssh-keygen tool. ssh-unlock The ssh passphrase required to unlock the key, if the private key requires one. become-mode The privilege-escalation mechanism to obtain super-user privileges on target nodes. Can be sudo, su, or direct (if login-name already has super-user privs). Defaults to direct. become-user The name of the super-user on target nodes whose privileges will be assumed. Required if become-mode is sudo or su. Defaults to root. become-password The password that will be used in response to sudo or su prompts on target nodes. Required if the become-mode is sudo or su and the target node prompts for passwords. use-ssh-keys Ignored. Optional. comment A comment that describes the credential. Optional. Note that, for security reasons, passwords and other sensitive fields are not returned in response objects.
- GET /api/v1/lcm/machine_credentials/{id}¶
Gets a specific machine credentials record by ID.
Path arguments: id – A Machine Credential ID. Returns a Machine Credential object.
Example:
curl http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3
Output:
{ "become-user": null, "become-mode": "sudo", "created-on": "2016-06-20T21:00:41.405Z", "type": "machine-credential", "related-resources": { "datacenters": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/datacenters/", "nodes": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/nodes/", "clusters": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/clusters/" }, "modified-by": "system", "modified-on": "2016-06-20T21:00:41.405Z", "name": "my cluster creds", "use-ssh-keys": false, "comment": null, "login-user": "johndoe", "id": "ba908cb4-9116-4cf9-abe6-694ad75b70d3", "href": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3", "created-by": "system" }
- GET /api/v1/lcm/machine_credentials/¶
Gets a paginated list of all Machine Credential records. See Paginated Results for an overview of the query string parameters that can be used.
Example:
curl http://localhost:8888/api/v1/lcm/machine_credentials/
Output:
{ "next": null, "previous": null, "last": 1, "count": 1, "per-page": 50, "current": 1, "results": [ { "created-on": "2016-06-20T21:00:41.405Z", "type": "machine-credential", "related-resources": { "datacenters": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/datacenters/", "nodes": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/nodes/", "clusters": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/clusters/" }, "modified-on": "2016-06-20T21:00:41.405Z", "name": "my cluster creds", "login-user": "johndoe", "id": "ba908cb4-9116-4cf9-abe6-694ad75b70d3", "href": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3" } ] }
- POST /api/v1/lcm/machine_credentials/¶
Creates a new machine credential object.
Body: A Machine Credential object (with no ID property). Returns the newly created Machine Credential object.
Example:
Input:
{ "become-mode":"sudo", "use-ssh-keys":false, "name":"my cluster creds", "login-user":"johndoe", "login-password":"foo", "become-password":"foo", "ssh-private-key":null, "ssh-unlock":null, "become-user":null }
curl -X POST -d '<example input>' http://localhost:8888/api/v1/lcm/machine_credentials/
Output:
{ "become-user": null, "become-mode": "sudo", "created-on": "2016-06-20T21:00:41.405Z", "type": "machine-credential", "related-resources": { "datacenters": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/datacenters/", "nodes": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/nodes/", "clusters": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/clusters/" }, "modified-by": "system", "modified-on": "2016-06-20T21:00:41.405Z", "name": "my cluster creds", "use-ssh-keys": false, "comment": null, "login-user": "johndoe", "id": "ba908cb4-9116-4cf9-abe6-694ad75b70d3", "href": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3", "created-by": "system" }
- PUT /api/v1/lcm/machine_credentials/{id}¶
Update an existing machine credential record by ID.
Path arguments: id – A Machine Credential ID. Returns the updated Machine Credential object.
Example:
Input:
{ "become-user":null, "become-mode":"sudo", "name":"my cluster creds", "use-ssh-keys":false, "comment":null, "login-user":"janedoe", "id":"ba908cb4-9116-4cf9-abe6-694ad75b70d3", "created-by":"system", "login-password":"blah", "become-password":"blah", "ssh-private-key":null, "ssh-unlock":null }
curl -X PUT -d '<example input>' http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3
Output:
{ "become-user": null, "become-mode": "sudo", "created-on": "2016-06-20T21:00:41.405Z", "type": "machine-credential", "related-resources": { "datacenters": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/datacenters/", "nodes": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/nodes/", "clusters": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/clusters/" }, "modified-by": "system", "modified-on": "2016-06-20T21:09:08.308Z", "name": "my cluster creds", "use-ssh-keys": false, "comment": null, "login-user": "janedoe", "id": "ba908cb4-9116-4cf9-abe6-694ad75b70d3", "href": "http://localhost:8888/api/v1/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3", "created-by": "system" }
- DELETE /api/v1/lcm/machine_credentials/{id}¶
Delete an existing machine credential record by ID. This is subject to foreign key constraint violations.
Path arguments: id – A Machine Credential ID. Returns the IDs of the deleted objects.
Example:
curl -X DELETE http://localhost:8888/api/v1/lcm/machine_credentials/5d756e26-4e49-41bc-8d5a-0e5c1dbfdc98
Output:
{"deleted": {"machine-credential": ["ba908cb4-9116-4cf9-abe6-694ad75b70d3"]}}