# Overview This file describes the HIL API. We first describe the main objects, then users and security model, and finally provide a full reference for the API. By default, HIL is using the unstable "v0" version for all its API. ## Objects in the HIL * project - a grouping of resources (e.g., headnodes, nodes, networks). * node - a physical node. Either unallocated or belongs to a project. Has one or more NICs attached to it. * headnode - a controlling machine for a project, today a VM, assigned to one project * NIC - network card, identified by a user-specified label (e.g., PXE, ipmi, user1, silly) will have a visible ethernet mac address (or equivalent unique number for other network types), and is always part of one node and connected to at most one port. * HNIC - headnode network card, identified by a user-specified label (e.g., PXE, ipmi, user1, silly), and is always part of one headnode. * port - a port to which NICs can be connected. Only visible to admins. * network - a network, today implemented as a VLAN, that NICs and HNICs can be connected to. See networks.md for more details. The authentication system is pluggable. Authentication mechanisms are provided by extensions (see `extensions.md`), but the rules about who is allowed to access what are dictated by HIL core. Operations etiher require administratie priilieges, or access to a particular project. Of note, "users" are not a concept that HIL core understands, though some of the individual auth extensions do. ## API design philosophy We provide the most basic API that we can, and attempt to impose no structure that is not required for authorization purposes. - A 'project' is merely an authorization domain. It is reasonable to have logically independent groupings of resources within one project, but the HIL will not help you create such a structure. Policies like this belong in higher-level tools built on top of the hil. - We considered having a mechanism for staging a large number of networking changes and performing them all-together, and even potentially allowing roll-back. Instead, we simply have API calls to connect a NIC to a network, and to disconnect it. All other functionalities can be built on top of this. There is no garbage-collection of objects. If an object is being used somehow, it cannot be deleted. For example, if a node is on a network, the user can neither de-allocate the node nor delete the network. They must first detach the node from the network. (The one exception to this is that, when deleting a headnode, all of its HNICs are deleted with it. This is due to a technical limitation---we cannot currently dynamically add and remove HNICs.) Most objects are identified by "labels" that are globally unique, e.g., nodes, networks, groups, users, headnodes. While we may eventually change this, it seems a reasonable limitation for now that simplifies the implementation and will allow potential sharing of resources. The system will return an error if a second user tries to create an object with an already existing label. The one exception is NICs, where the label is unique only on a per-node basis. # API Reference ## How to read Each possible API call has an entry below containing: * an HTTP method and URL path, including possible `` in the path to be treated as arguments. * Optionally, a summary of the request body (which will always be a JSON object). * A human readable description of the semantics of the call * A summary of the response body for a successful request. Many calls do not return any data, in which case this is omitted. * Any authorization requirements, which could include: * Administrative access * Access to a particular project or * No special access In general, administrative access is sufficient to perform any action. * A list of possible errors. In addition to the error codes listed for each API call, HIL may return: * 400 if something is wrong with the request (e.g. malformed request body) * 401 if the user does not have permission to execute the supplied request. * 404 if the api call references an object that does not exist (obviously, this is acceptable for calls that create the resource). Below is an example. ### my_api_call `POST /url/path/to/` Request Body: { "some_field": "a value", "this-is-an-example": true, "some-optional-field": { (Optional) "more-fields": 12352356, ... } } Attempt to do something mysterious to `` which must be a coffee pot, and must not be in use by other users. If successful, the response will include some cryptic information. Response Body (on success): { "some-info": "Hello, World!", "numbers": [1,2,3] } Authorization requirements: * No special access. Possible errors: * 418, if `` is a teapot. * 409, if: * `` does not exist * `` is busy * `{"foo": , "baz": }` denotes a JSON object (in the body of the request). ## Core API Specification API calls provided by the HIL core. These are present in all installations. ### Networks #### network_create `PUT /network/` Request Body: { "owner": , "access": , "net_id": } Create a network. For the semantics of each of the fields, see [Networks](./networks.html). Authorization requirements: * If net_id is `''` and owner and access are the same project, then access to that project is required. * Otherwise, administrative access is required. Possible errors: * 409, if a network by that name already exists. * See also bug #461 #### network_delete `DELETE /network/` Delete a network. The user's project must be the owner of the network, and the network must not be connected to any nodes or headnodes. Finally, there may not be any pending actions involving the network. Authorization requirements: * If the owner is a project, access to that project is required. * Otherwise, administrative access is required. Possible Errors: * 409 if: * The network is connected to a node or headnode. * There are pending actions involving the network. #### show_network `GET /network/` View detailed information about ``. The result must contain the following fields: * "name", the name of the network * "channels", description of legal channel identifiers for this network. This is a list of channel identifiers, with possible wildcards. The format of these is driver specific, see below. * "owner", the name of the project which created the network, or "admin", if it was created by an administrator. * "access", a list of projects that have access to the network or null if the network is public * "connected-nodes": nodes and list of nics connected to network Response body (on success): { "name": , "channels": , "owner": , "access": "connected-nodes": {"": [` where `` is a VLAN id number. This attaches the network in tagged, mode, with the given VLAN id. Additionally, the `show_networks` api call may return the channel identifier `vlan/*`, which indicates that any VLAN-based channel id may be used. Where documentation specifies that the network driver should choose a default channel, the VLAN drivers choose `vlan/native`. #### list_networks `GET /networks` List all networks. Returns a JSON dictionary of dictionaries, where the exterior dictionary is indexed by the network name and the value of each key is another dictionary with keys corresponding to that network's id and projects Response contains all networks if the user is an admin. Otherwise, response only contains all public networks. The response must contain the following fields: * "network", the name of a network * "network_id", the id of the network * "projects", a list of projects with access to the network or 'None' if network is public Example Response for an admin user: { "netA": { "network_id": "101", "projects": ["qproj-01", qproj-02"] }, "netB": { "network_id": "102", "projects": None } } Example Response for a regular user: { "netA": { "network_id": "102", "projects": None }, "netB": { "network_id": "103", "projects": None } } Authorization requirements: * Administrative access is required to list all networks * No special access is required to list all public networks #### list_network_attachments `GET /network//attachments` List all nodes that are attached to network . If optional argument 'project' is supplied, only attached nodes belonging to the specified project will be listed. Returns a JSON dictionary of dictionaries with first level key being the name of the attached node and second level keys being: * "nic", the name of the nic on which the node is attached * "channel", the channel on which the attachment exists * "project", the name of the project which owns the attached node Example Response: { "node1": { "nic": "nic1", "channel" "vlan/native", "project": "projectA" }, "node2": { "nic": "nic2", "channel": "vlan/235", "project": "projectB" } } Authorization requirements: * Admins or the project that is the owner can list all attached nodes. * Other projects can only list their own nodes. #### network_grant_project_access `PUT /network//access/` Add to access list for . Authorization requirements: * Only admins or the network owner can grant a project access to the network. Possible Errors: * 404 - If the network or project does not exist * 409 - If the project already has access to the network #### network_revoke_project_access `DELETE /network//access/` Remove from access list for . Authorization requirements: * Only admins, the network owner, or the project itself can revoke a project's access to the network. Possible Errors: * 404 - If the network or project does not exist. * 409 - If the project is the owner of the network. #### node_connect_network `POST /node//nic//connect_network` Request body: { "network": , "channel": (Optional) } Connect the network named `` to `` on ``. `` should be a legal channel identifier specified by the output of `show_network`, above. If `` is omitted, the driver will choose a default, which should be some form of "untagged." Networks are connected and detached asynchronously. If successful, this API call returns a status code of 202 Accepted, and queues the network operation to be performed. Each nic may have no more than one pending network operation; an attempt to queue a second action will result in an error. It is important that users of this API check the status of their request using the `show_networking_action` API to ensure that their previous calls were successful before queuing any new actions on the same nic. Response body: { "status_id": , } Authorization requirements: * Access to the project to which `` is assigned. * Either `` must be public, or its `"access"` field must name the project to which `` is assigned. Possible errors: * 409, if: * The current project does not control ``. * The current project does not have access to ``. * There is already a pending network operation on ``. * `` is already attached to `` (possibly on a different channel). * The channel identifier is not legal for this network. #### node_detach_network `POST /node//nic//detach_network` Request body: { "network": } Detach `` from ``. Networks are connected and detached asynchronously. If successful, this API call returns a status code of 202 Accepted, and queues the network operation to be preformed. Each nic may have no more than one pending network operation; an attempt to queue a second action will result in an error. Just like the `node_attach_network` API, please check the status using the `show_networking_action` API to check the status of previous calls before queuing any new actions. Response body: { "status_id": , } Authorization requirements: * Access to the project to which `` is assigned. Possible Errors: * 409, if: * The current project does not control ``. * There is already a pending network operation on ``. * `` is not attached to ``. ### Nodes #### node_register `PUT /node/` Register a node with optional metadata The `"obmd"` field has two subfields. The first is `"uri"`, which is the uri for the given node under obmd's API; if obmd's API is available at `https://obmd.example.com`, then `node4` will have a uri of `https://obmd.example.com/node/node4`. The second is `"admin_token"`, which is the admin token for obmd. Note that different nodes may be managed by different instances of obmd; HIL does not care. Request Body: { "obmd": { "uri": "https://obmd.example.com/node/node4", "admin_token": "208eb61c77c3468558ccd9eec9ca0598" }, "metadata": { (Optional) "label_1": "value_1", "label_2": "value_2" } } Authorization requirements: * Administrative access. Possible errors: * 409, if a node with the name `` already exists #### node_delete `DELETE /node/` Delete the node named `` from the database. Authorization requirements: * Administrative access. #### node_register_nic `PUT /node//nic/` Request Body: { "macaddr": } Register a nic named `` belonging to ``. `` should be the nic's mac address. This isn't used by HIL itself, but is useful for users trying to configure their nodes. Authorization requirements: * Administrative access. Possible errors: * 409 if `` already has a nic named `` #### node_delete_nic `DELETE /node//nic/` Delete the nic named `` and belonging to ``. Authorization requirements: * Administrative access. #### node_enable/disable_obm `PUT /node//obm` Request body: { "enabled": } Enable or disable management of the node's OBM. The OBM must be disabled to detach the node from a project, and must be enabled to do things like power cycle the node, view the console etc. Accepts a boolean argument indicating whether to enable or disable the obm. Enabling an obm which is already enabled, or disabling one that is already disabled will silently no-op. Authorization requirements: * Access to the project to which `` is assigned (if any) or administrative access. #### node_power_cycle `POST /node//power_cycle` Request Body: { "force": (Optional, defaults to False) } Power cycle the node named ``, and set it's next boot device to PXE. If the node is powered off, this turns it on. Accepts one optional boolean argument that determines whether to soft (default) or hard reboot the system. Authorization requirements: * Access to the project to which `` is assigned (if any) or administrative access. Possible Errors: * 409, if the node's OBM is not enabled (see node_enable_obm). #### node_set_bootdev `PUT /node//boot_device` Request body: { "bootdev": } The request body consists of JSON with a `bootdev` argument: Sets the node's next boot device persistently Authorization requirements: * Access to the project to which `` is assigned (if any) or administrative access. Possible Errors: * 409, if the node's OBM is not enabled (see node_enable_obm). ##### For IPMI devices The valid/allowed boot devices are: * pxe : do a pxe boot (network boot) * disk: boot from local hard disk * none: to reset boot order to default. #### node_power_off `POST /node//power_off` Power off the node named ``. If the node is already powered off, this will have no effect. Authorization requirements: * Access to the project to which `` is assigned (if any) or administrative access. Possible Errors: * 409, if the node's OBM is not enabled (see node_enable_obm). #### node_power_on `POST /node//power_on` Power on the node named ``. If the node is already powered on, this will have no effect. Authorization requirements: * Access to the project to which `` is assigned (if any) or administrative access. Possible Errors: * 409, if the node's OBM is not enabled (see node_enable_obm). #### node_power_status `GET /node//power_status` Returns the node's power status. Response body: [ "power_status": "" ] Response examples: "on" or "off" for IPMI, or "Mock Status" for mock OBM. Authorization requirements: * Access to the project to which `` is assigned (if any) or administrative access. Possible Errors: * 409, if the node's OBM is not enabled (see node_enable_obm). #### show_console `GET /node//` is assigned (if any) or administrative access. Possible Errors: * 409, if the node's OBM is not enabled (see node_enable_obm). #### list_nodes `GET /nodes/` Return a list of all nodes or free/available nodes. The value of `is_free` can be `all` to return all nodes or `free` to return free/available nodes. Response body: [ "node-1", "node-2", ... ] Authorization requirements: * No special access #### list_project_nodes `GET /project//nodes` List all nodes belonging to the given project Response body: [ "node-1", "node-2", ... ] Authorization requirements: * Access to `` or administrative access #### list_project_networks `GET /project//networks` List all networks belonging to the given project Response body: [ "network-1", "network-2", ... ] Authorization requirements: * Access to `` or administrative access #### show_node `GET /node/` Show details of a node. Returns a JSON object representing a node. The object will have at least the following fields: * "name", the name/label of the node (string). * "project", the name of the project a node belongs to or null if the node does not belong to a project * "nics", a list of nics, each represented by a JSON object having at least the following fields: - "label", the nic's label. - "macaddr", the nic's mac address. - "networks", a JSON object describing what networks are attached to the nic. The keys are channels and the values are the names of networks attached to those channels. - "port", the port to which the nic is connected to or null if the nic is not connected to any port. This field is only visibile if the caller is an admin. - "switch", the switch that has the port to which the nic is connected to or null if the nic is not connected to any port. Just like port, this is only visible if the caller is an admin. * "metadata", a dictionary of metadata objects Response body when run by a non-admin user: { "metadata": { "EK": "pk" }, "name": "node1", "nics": [ { "label": "nic1", "macaddr": "01:23:45:67:89", "networks": { "vlan/235": "storage", "vlan/native": "pxe" } }, { "label": "nic2", "macaddr": "12:34:56:78:90", "networks": {} } ], "project": "project1" } Response body when run by an admin: { "metadata": { "EK": "pk" }, "name": "node1", "nics": [ { "label": "nic1", "macaddr": "01:23:45:67:89", "networks": { "vlan/235": "storage", "vlan/native": "pxe" }, "port": "gi1/0/1", "switch": "dell-01" }, { "label": "nic2", "macaddr": "12:34:56:78:90", "networks": {}, "port": null, "switch": null } ], "project": "project1" } Authorization requirements: * If the node is free, no special access is required. * Otherwise, access to the project to which `` is assigned is required. * Admin acces to view port and switch information. ### Projects #### project_create `PUT /project/` Create a project named `` Authorization requirements: * Administrative access. Possible Errors: * 409, if the project already exists #### project_delete `DELETE /project/` Delete the project named `` Authorization requirements: * Administrative access. Possible Errors: * 409, if: * The project does not exist * The project still has resources allocated to it: * nodes * networks * headnodes #### project_connect_node `POST /project//connect_node` Request body: { "node": } Reserve the node named `` for use by ``. The node must be free. Authorization requirements: * Access to `` or administrative access. Possible errors: * 404, if the node or project does not exist. * 409, if the node is not free. #### project_detach_node `POST /project//detach_node` { "node": } Return `` to the free pool. `` must belong to the project ``. It must not be attached to any networks, or have any pending network actions. If a maintenance pool is configured, the maintenance service will be notified and the node will be moved into the maintenance project. Otherwise, the node will go directly to the free pool. Read `docs/maintenance-pool.md` for more information. Authorization requirements: * Access to `` or administrative access. Possible errors * 409, if the node is attached to any networks, or has pending network actions, or if the node's obm is enabled. #### list_projects `GET /projects` Return a list of all projects in HIL Response body: [ "manhattan", "runway", ... ] Authorization requirements: * Administrative access. #### node_set_metadata `PUT /node//metadata/