From cd07bf9d16efc77a6fcc4bf7bbd3dc4f302da66e Mon Sep 17 00:00:00 2001 From: Mark Gurevich Date: Fri, 30 Mar 2018 11:19:16 -0400 Subject: [PATCH] Updated for review comments --- .../restapi/restapi_setup/restapi_setup.rst | 34 +++++++++++-------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/docs/source/advanced/restapi/restapi_setup/restapi_setup.rst b/docs/source/advanced/restapi/restapi_setup/restapi_setup.rst index 3208826bc..84e15230f 100644 --- a/docs/source/advanced/restapi/restapi_setup/restapi_setup.rst +++ b/docs/source/advanced/restapi/restapi_setup/restapi_setup.rst @@ -75,7 +75,7 @@ The REST API client needs to download the xCAT certificate CA from the xCAT http When accessing the REST API, the certificate CA must be specified and the FQDN of the https server must be used. For example: :: - curl -X GET --cacert /root/ca-cert.pem 'https:///xcatws/nodes?userName=root& userPW=cluster' + curl -X GET --cacert /root/ca-cert.pem 'https:///xcatws/nodes?userName=root&userPW=' Extend the Timeout of Web Server ================================ @@ -83,10 +83,10 @@ Extend the Timeout of Web Server Some operations like 'create osimage' (copycds) need a long time (longer than 3 minutes sometimes) to complete. It would fail with a ``timeout error`` (504 Gateway Time-out) if the timeout setting in the web server is not extended: :: For [RHEL] - Edit /etc/httpd/conf/httpd.conf and change existing or add new entry: "Timeout 600" - service htttd restart + Edit "/etc/httpd/conf/httpd.conf" and change existing or add new entry: "Timeout 600" + service httpd restart For [SLES] - Edit /etc/apache2/httpd.conf and change existing or add new entry: "Timeout 600" + Edit "/etc/apache2/httpd.conf" and change existing or add new entry: "Timeout 600" service apache2 restart Set Up an Account for Web Service Access @@ -114,21 +114,27 @@ Use non-root Account Create new user and setup the password and policy rules. :: - useradd -u wsuser - passwd wsuser # set the password - tabch key=xcat,username=wsuser passwd.password= - mkdef -t policy 6 name=wsuser rule=allow + # create a user + useradd -u + # set the password + passwd + # add password to passwd table + tabch key=xcat,username= passwd.password= + # add user to policy table + mkdef -t policy 6 name= rule=allow ``Note:`` in the tabch command above you can put the salted password (from /etc/shadow) in the xCAT passwd table instead of the clear text password, if you prefer. -Identical user with the same name and userid need to be created on each compute node. :: +Identical user with the same name and uid need to be created on each compute node. :: - useradd -u wsuser - passwd wsuser # set the password + # create a user + useradd -u + # set the password + passwd Create the SSL certificate under that user's home directory so that user can be authenticated to xCAT. This is done by running the following command on the Management node as root: :: - /opt/xcat/share/xcat/scripts/setup-local-client.sh + /opt/xcat/share/xcat/scripts/setup-local-client.sh When running this command you'll see SSL certificates created. Enter "y" where prompted and take the defaults. @@ -138,11 +144,11 @@ To enable the POST method of resources like nodeshell, nodecopy, updating and fi Run a test request to see if everything is working: :: - curl -X GET --cacert /root/ca-cert.pem 'https:///xcatws/nodes?userName=&userPW=' + curl -X GET --cacert /root/ca-cert.pem 'https:///xcatws/nodes?userName=&userPW=' or if you did not set up the certificate: :: - curl -X GET -k 'https:///xcatws/nodes?userName=&userPW=' + curl -X GET -k 'https:///xcatws/nodes?userName=&userPW=' You should see some output that includes your list of nodes.