rest api官方介绍
rest api文档
rest api token
调用pve rest api ,有两种认证方式
Ticket Cookie
Ticket Cookie的方式是最为推荐的,获取的方式为,通过post请求,发送用户名和密码到pve的server端获取token,获取到的token有效期仅为两小时,而且token权限与用户一致,不仅不需要明文存储token只需要动态获取,而且还实现了权限管控,该方式更加适用于自行研发的运维管理后端。
shell 命令:
curl -k -d 'username=root@pam' --data-urlencode 'password=xxxxxxxx' https://192.168.1.4:8006/api2/json/access/ticket
此处的username与password使用自己创建的用户名密码,192.168.1.4替换安装pve的实际ip
king@king-server:~$ curl -k -d 'username=root@pam' --data-urlencode 'password=kingadmin' https://192.168.1.4:8006/api2/json/access/ticket
{"data":{"CSRFPreventionToken":"63E7C465:9DHa4wu4STQ5PDIYW7iSMeVwcqhFo00N3S2I9/8dTug","username":"root@pam","ticket":"PVE:root@pam:63E7C465::TjvmpvRJ2NfvDE3VIxE6VYE/3wJXNJ0bd4lJSQKEIAAqfhfITZ5KmMqLXB6iIh8B7EodIrfUML/Vod/Jh888gAVkG3TR72F3CQ719FJZIm0WohlaGde+w4hasWyvjaT5fjUIozhw+dFsbixr6leDJvv1pPJ16Zl83KOMdowa+rNYHfbtyfXCB4YvDpdAMkZb6wMPc9yTAUwcwTE+kOxkmZDj3MFqvUWyZbHQQarWTb94Z7jDaL9qVySablLMEGcaZ/HgLZo5YOA8xrJc6MMckyPY05atkIikQdUOk6zBG84aNYpx63AasPSGv2FM3O2nZKa525c8DbBB77uaEDtXNw==","cap":{"nodes":{"Permissions.Modify":1,"Sys.PowerMgmt":1,"Sys.Incoming":1,"Sys.Console":1,"Sys.Modify":1,"Sys.Syslog":1,"Sys.Audit":1},"access":{"User.Modify":1,"Group.Allocate":1,"Permissions.Modify":1},"sdn":{"Permissions.Modify":1,"SDN.Allocate":1,"SDN.Audit":1},"storage":{"Datastore.AllocateSpace":1,"Permissions.Modify":1,"Datastore.AllocateTemplate":1,"Datastore.Audit":1,"Datastore.Allocate":1},"vms":{"VM.Config.CDROM":1,"VM.Backup":1,"VM.Config.HWType":1,"VM.PowerMgmt":1,"Permissions.Modify":1,"VM.Monitor":1,"VM.Config.Cloudinit":1,"VM.Config.CPU":1,"VM.Clone":1,"VM.Console":1,"VM.Snapshot.Rollback":1,"VM.Migrate":1,"VM.Config.Network":1,"VM.Snapshot":1,"VM.Config.Disk":1,"VM.Config.Memory":1,"VM.Allocate":1,"VM.Audit":1,"VM.Config.Options":1},"dc":{"Sys.Audit":1,"SDN.Audit":1,"SDN.Allocate":1}}}}king@king-server:~$
API Tokens
API Tokens方式个人认为常适用于临时测试功能使用,需要手动从PVE GUI控制台创建,并在创建时赋予合适的权限,优点是可以设置超时时间(可以永久),在使用时将token信息设置金HTTP request请求头即可。
缺点是需要手动创建,而且token存在明文泄露的风险,所以适用于临时测试使用,在涉及到用户交互场景时,无法满足针对用户的权限管控。
创建过程:UI界面Datacenter->Permissions->API Tokens->Add按键->填写用户名密码以及过期时间