Machine Credentials

Machine Credentials contain the necessary information for logging into remote hosts as well as how to escalate privileges (sudo/su).

Managing Machine Credentials URL

Get a machine credential object by ID

Get a list of machine credentials

Create a machine credential

Update a machine credential

Delete a machine credential

Managing Machine Credentials

Machine Credential

    {
        "id": <value>,
        "name": <value>,
        "login-name": <value>,
        "login-password": <value>,
        "ssh-private-key": <value>,
        "ssh-unlock": <value>
        "become-mode": <value>,
        "become-user": <value>,
        "become-password": <value>,
        "use-ssh-keys": <value>,
        "comment": <value>
    }
Property Description of Values

id

A UUID for the Machine Credential.

name

A human-readable name for the credential. Required.

login-name

The username that is used to log in to target nodes over SSH. Required.

login-password

The password that is used to log in to target nodes over SSH, if using password authentication.

ssh-private-key

The private-key that is used to log in to target nodes over SSH, if using key-based authentication. Must be in OpenSSH format, which is commonly used when creating keys using the OpenSSH ssh-keygen tool.

ssh-unlock

The ssh passphrase required to unlock the key, if the private key requires one.

become-mode

The privilege-escalation mechanism to obtain super-user privileges on target nodes. Can be sudo, su, or direct (if login-name already has super-user privs). Defaults to direct.

become-user

The name of the super-user on target nodes whose privileges will be assumed. Required if become-mode is sudo or su. Defaults to root.

become-password

The password that is used in response to sudo or su prompts on target nodes. Required if the become-mode is sudo or su and the target node prompts for passwords.

use-ssh-keys

Ignored. Optional.

comment

A comment that describes the credential. Optional.

For security reasons, passwords and other sensitive fields are not returned in response objects.

GET /api/v2/lcm/machine_credentials/{id}

Gets a specific machine credentials record by ID.

Path arguments: id: A Machine Credential ID.

Returns a Machine Credential object.

Example:

 curl http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3

Output:

{

    "become-user": null,
    "become-mode": "sudo",
    "created-on": "2016-06-20T21:00:41.405Z",
    "type": "machine-credential",
    "related-resources": {
        "datacenters": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/datacenters/",
        "nodes": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/nodes/",
        "clusters": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/clusters/"
    },
    "modified-by": "system",
    "modified-on": "2016-06-20T21:00:41.405Z",
    "name": "my cluster creds",
    "use-ssh-keys": false,
    "comment": null,
    "login-user": "johndoe",
    "id": "ba908cb4-9116-4cf9-abe6-694ad75b70d3",
    "href": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3",
    "created-by": "system"

}

GET /api/v2/lcm/machine_credentials/

Gets a paginated list of all Machine Credential records. See Paginated Results for an overview of the query string parameters that can be used.

Example:

 curl http://localhost:8888/api/v2/lcm/machine_credentials/

Output:

    {
        "next": null,
        "previous": null,
        "last": 1,
        "count": 1,
        "per-page": 50,
        "current": 1,
        "results": [
            {
                "created-on": "2016-06-20T21:00:41.405Z",
                "type": "machine-credential",
                "related-resources": {
                    "datacenters": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/datacenters/",
                    "nodes": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/nodes/",
                    "clusters": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/clusters/"
                },
                "modified-on": "2016-06-20T21:00:41.405Z",
                "name": "my cluster creds",
                "login-user": "johndoe",
                "id": "ba908cb4-9116-4cf9-abe6-694ad75b70d3",
                "href": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3"
            }
        ]
    }

[[method-post-machine-credential-object"]] === POST /api/v2/lcm/machine_credentials/

Creates a new machine credential object.

Body: A Machine Credential object (with no ID property).

Returns the newly created Machine Credential object.

Example:

Input:

    {
        "become-mode":"sudo",
        "use-ssh-keys":false,
        "name":"my cluster creds",
        "login-user":"johndoe",
        "login-password":"foo",
        "become-password":"foo",
        "ssh-private-key":null,
        "ssh-unlock":null,
        "become-user":null
    }
 curl -X POST -d '<example input>' http://localhost:8888/api/v2/lcm/machine_credentials/

Output:

    {
        "become-user": null,
        "become-mode": "sudo",
        "created-on": "2016-06-20T21:00:41.405Z",
        "type": "machine-credential",
        "related-resources": {
            "datacenters": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/datacenters/",
            "nodes": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/nodes/",
            "clusters": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/clusters/"
        },
        "modified-by": "system",
        "modified-on": "2016-06-20T21:00:41.405Z",
        "name": "my cluster creds",
        "use-ssh-keys": false,
        "comment": null,
        "login-user": "johndoe",
        "id":
        "ba908cb4-9116-4cf9-abe6-694ad75b70d3",
        "href": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3",
        "created-by": "system"
    }

PUT /api/v2/lcm/machine_credentials/{id}

Updates an existing machine credential record by ID.

Path arguments: id: A Machine Credential ID.

Returns the updated Machine Credential object.

Example:

Input:

    {
        "become-user":null,
        "become-mode":"sudo",
        "name":"my cluster creds",
        "use-ssh-keys":false,
        "comment":null,
        "login-user":"janedoe",
        "id":"ba908cb4-9116-4cf9-abe6-694ad75b70d3",
        "created-by":"system",
        "login-password":"blah",
        "become-password":"blah",
        "ssh-private-key":null,
        "ssh-unlock":null
    }
 curl -X PUT -d '<example input>' http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3

Output:

    {
        "become-user": null,
        "become-mode": "sudo",
        "created-on": "2016-06-20T21:00:41.405Z",
        "type": "machine-credential",
        "related-resources": {
            "datacenters": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/datacenters/",
            "nodes": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/nodes/",
            "clusters": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3/clusters/"
        },
        "modified-by": "system",
        "modified-on": "2016-06-20T21:09:08.308Z",
        "name": "my cluster creds",
        "use-ssh-keys": false,
        "comment": null,
        "login-user": "janedoe",
        "id": "ba908cb4-9116-4cf9-abe6-694ad75b70d3",
        "href": "http://localhost:8888/api/v2/lcm/machine_credentials/ba908cb4-9116-4cf9-abe6-694ad75b70d3",
        "created-by": "system"
    }

DELETE /api/v2/lcm/machine_credentials/{id}

Deletes an existing machine credential record by ID. This is subject to foreign key constraint violations.

Path arguments: id: A Machine Credential ID.

Returns the IDs of the deleted objects.

Example:

 curl -X DELETE http://localhost:8888/api/v2/lcm/machine_credentials/5d756e26-4e49-41bc-8d5a-0e5c1dbfdc98

Output:

 {"deleted": {"machine-credential": ["ba908cb4-9116-4cf9-abe6-694ad75b70d3"]}}