cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Musayev, Ilya" <imusa...@webmd.net>
Subject RE: Forbid direct API connection
Date Thu, 15 Nov 2012 22:29:17 GMT
Fabrice

Are you using port 8080 or 8096 for API calls?

If its 8096 - you can setup iptable rules to allow only incoming connection from x host.

Regards
ilya

-----Original Message-----
From: Geoff Higginbottom [mailto:geoff.higginbottom@shapeblue.com] 
Sent: Thursday, November 15, 2012 7:33 AM
To: cloudstack-users@incubator.apache.org
Subject: RE: Forbid direct API connection

Hi Fabrice,

As an admin, you can provision a new VM for a specific account, the user does not need an
API / Secret Key.   You will be using the Admin Account API /Secret Key or the Unauthenticated
Port which requires no keys.

If you have to do it at account level, you could simply create a user within each account
which has the API / Secret Keys enabled, but only known to yourself, but I don’t believe
this is required as the Root Admin can do most things on behalf of any account.

Regards

Geoff


-----Original Message-----
From: Fabrice Brazier [mailto:fabrice.brazier@apalia.net]
Sent: 15 November 2012 11:11
To: cloudstack-users@incubator.apache.org
Subject: RE: Forbid direct API connection

Hi Geoff,

I have two management server and I want to allow API connection only on the second management
server.
I need the secret key and the API key for each account. E.g. I want to provision a new VM
for the end-user through the API (from the second management server)

Regards
Fabrice

-----Message d'origine-----
De : Geoff Higginbottom [mailto:geoff.higginbottom@shapeblue.com]
Envoyé : jeudi 15 novembre 2012 11:59
À : cloudstack-users@incubator.apache.org
Objet : RE: Forbid direct API connection

Hi Fabrice,

If users do not have a Secret Key and API key then they cannot use the API.
You could use a SQL Query to go through and remove all Keys.  Admins could still use the unauthenticated
API Port, obviously on a random port for enhanced security.

Regards

Geoff

-----Original Message-----
From: Fabrice Brazier [mailto:fabrice.brazier@apalia.net]
Sent: 15 November 2012 10:55
To: cloudstack-users@incubator.apache.org
Subject: Forbid direct API connection

Hi Folks,



Is there a way to disable the API connection on a  management server ?

I don’t want to allow api request from internet.



Thanks,

Fabrice



--
Fabrice Brazier
*Apalia*™*
*FR: +33-632-73-53-00
*http://www.apalia.net
fabrice.brazier@apalia.net*
ShapeBlue provides a range of strategic and technical consulting and implementation services
to help IT Service Providers and Enterprises to build a true IaaS compute cloud. ShapeBlue’s
expertise, combined with CloudStack technology, allows IT Service Providers and Enterprises
to deliver true, utility based, IaaS to the customer or end-user.

________________________________

This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those
of the author and do not necessarily represent those of Shape Blue Ltd. If you are not the
intended recipient of this email, you must neither take any action based upon its contents,
nor copy or show it to anyone. Please contact the sender if you believe you have received
this email in error. Shape Blue Ltd is a company incorporated in England & Wales.

ShapeBlue provides a range of strategic and technical consulting and implementation services
to help IT Service Providers and Enterprises to build a true IaaS compute cloud. ShapeBlue’s
expertise, combined with CloudStack technology, allows IT Service Providers and Enterprises
to deliver true, utility based, IaaS to the customer or end-user.

________________________________

This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those
of the author and do not necessarily represent those of Shape Blue Ltd. If you are not the
intended recipient of this email, you must neither take any action based upon its contents,
nor copy or show it to anyone. Please contact the sender if you believe you have received
this email in error. Shape Blue Ltd is a company incorporated in England & Wales.
Mime
View raw message