Authentication for Rapid Home Provisioning
For using Rapid Home Provisioning (RHP) REST APIs, perform the following steps:
-
Register a REST user
To register a REST user associated to the CRS user, run the following command:
rhpctl register user -user <restUserName> -restuser -email <useremail> -rhpuser <crsUser>
In response to the preceding command, you will be prompted for a password.Note:
CRS user is the user you used to setup RHP or any user with similar role and permission.Where:-
The
<restUserName>
option is the name used to authenticate each REST request sent to the RHP Server. -
The
<useremail>
option is the email address where the notifications will be sent if enabled. -
The
<crsUser>
option is the name of a user with similar role and permissions to perform the RHP operations.
Example:
To register a REST user called
rest
with the email idrest@email.com
associated to the CRS user, log on to the RHP server as the CRS user, and run the following command:$ $ORACLE_HOME/bin/rhpctl register user -user rest -restuser -email rest@email.com -rhpuser $USER
-
-
Enable HTTPS on the RHP server.:
For Rapid Home Provisioning (RHP) REST APIs, the certificate is obtained directly from the RHP server. HTTPS is enabled by default on the RHP server.
If HTTPS is not enabled on the RHP server, then log on to the RHP server and perform the following steps:
-
Stop RHP server.
$ $ORACLE_HOME/bin/srvctl stop rhpserver
-
Enable HTTPS on the RHP server.
$ $ORACLE_HOME/bin/srvctl modify rhpserver -enableHTTPS YES
-
Start RHP server.
$ $ORACLE_HOME/bin/srvctl start rhpserver
-
-
Export RHP REST API certificate if HTTPS is enabled.
You can perform this task if you are logged on to the RHP server as the
CRS User
or any user with similar role or permissions.-
Change directory to a path where the user has write permissions to export the certificate.
$ cd ~
-
Run the following command:
$ $ORACLE_HOME/bin/crskeytoolctl -printrootcert
Cluster root public certificate is printed to file:
<ClusterGUID.pem>
.Note:
The certificate is created every time the RHP server is started. All clients must update its certificate every time the RHP server is started.
-
-
Verify the working of RHP REST API.
To verify the working of RHP REST API, you will need the RHP server host name which will be used in all REST requests, and the user and password of the registered user (as explained in Step 2).
-
Set the environment variable
CURL_CA_BUNDLE
with the absolute path to thepem
certificate exported using the following command:$ export CURL_CA_BUNDLE=/home/crsUser/<clusterGUID>.pem
Note:
To remove the environment variable run the following command :$ unset CURL_CA_BUNDLE
-
If you want to find the name of the node where RHP server is running, then run the following command:
$ $ORACLE_HOME/bin/srvctl status rhpserver
In response, you will get the name of the node and the status of RHP server.
-
Using the following cURL command, query the working copies. This will prompt you for the user password:
curl -u <restUser> http://<RHPServerHostName>:8894/rhp-restapi/rhp/workingcopies
Example:
To get the names of the working copies, log on to the RHP server and run the following command:
$ curl -u rest https://$HOSTNAME:8894/rhp-restapi/rhp/workingcopies
This will prompt you for the password:
Enter host password for user "rest":
Enter the password, and in response you get the names of the working copies available in the RHP server. If there are no working copies, then you get an empty items array in response:
{"items":[ ]}
.
-