Encryption/clients: POST

Creates a key client to connect with the remote key management (RKM) server.

Availability

Available on all IBM Storage Scale editions.

Description

The POST /scalemgmt/v2/encryption/clients request creates a key client that communicates with the RKM server. For more information about the fields in the data structures that are returned, see the mmkeyserv command in the IBM Storage Scale documentation .

Request URL

https://<IP address or host name of API server>:port/scalemgmt/v2/encryption/clients
where:
clients
Specifies the resource to be added.

Request headers

Accept: application/json

Request data

{
  "clientName": "Client name",
  "serverName": "Server name",
  "passwordFile": "Password file path",
  "daysToExpiration": Number of days till expiration,
  "keyStorePwdFile": "Keystore password file",
  "clientCertFile": "Client certification file",
  "clientPrivateKeyFile": "Client private key file",
  "caCertFilePrefix": "Path and file name of certifcate prefix",
  "caCertChainFile": "CA certificates file"
}
The details of the parameters are given in the following list.
"clientName": "Client name"
Specifies the name of the key client that is created. The name must be within 1 - 16 characters in length. It must be unique within the IBM Storage Scale cluster.
"serverName": "Server name"
Specifies the name of the RKM server to which the key client belongs.
"passwordFile": "Password file"
Specifies the password file that contains a password for accessing the RKM server. If you do not provide a password, then you are prompted for one when the request is sent. A password must be 1 - 20 characters in length. For more information, see the mmkeyserv command in the IBM Storage Scale documentation.
"daysToExpiration": "Number of days till expiration"
The number of days until the new client certificate expires. The valid range is 1 - 18262. The default value is 1095.
"keyStorePwdFile" : "Keystore password file"
The password file that contains a client keystore password.
"clientCertFile": "Client certificate file"
The file that contains a client certificate from a certificate authority (CA).
"clientPrivateKeyFile" : "Client private key file"
The file that contains a client private key that matches the client certificate.
"caCertFilePrefix" : "Path and file name of Certificate prefix"
The path and file name prefix of non-self-signed certificate files in a certificate chain.
"caCertChainFile": "CA Certificate file"
The file that contains the certificates of the CA that signed the client certificate.

Response data

{
  "jobs": [
    {
      "jobId": 3000000000003,
      "status": "RUNNING | COMPLETED | FAILED",
      "submitted": "Time and date",
      "completed": "Time and date",
      "runtime": 7,
      "request": {
        "data": {
          "caCertChainFile": "Password file name",
          "caCertFilePrefix": "Prefix file name",
          "clientCertFile": "Certificate file name",
          "clientName": "Client name",
          "clientPrivateKeyFile": "Private key file",
          "daysToExpiration": Number of days,
          "keyStorePwdFile": "Keystore Password file",
          "passwordFile": "Password file name",
          "serverName": "Server name"
        },
        "type": "POST | GET | PUT | DELETE",
        "url": "Request URL"
      },
      "result": {},
      "pids": []
    }
  ],
  "status": {
    "code": Request Code,
    "message": "Request message"
  }
}

The details of the parameters are provided in the following list:

"jobs":
An array of elements that describe jobs. Each element describes one job.
"status":
Return status.
"message": "ReturnMessage",
The return message.
"code": ReturnCode
The return code.
"result"
"commands":"Commands issued"
An array of commands that are run in this job.
"progress":"Request progress"
Specifies the progress information for the request.
"exitCode":"Exit code"
Specifies the exit code of command. Zero indicates success and any value other than zero denotes failure.
"stderr":"Error"
Specifies the CLI messages from stderr.
"stdout":"String"
Specifies the CLI messages from stdout.
"request"
"type":"{GET | POST | PUT | DELETE}"
Specifies the HTTP request type.
"url":"URL"
Specifies the URL through which the job is submitted.
"data":
Specifies the request data.
"caCertChainFile": "CA Certificate file"
The file that contains the certificates of the CA that signed the client certificate.
"caCertFilePrefix" : "Path and file name of Certificate prefix"
The path and file name prefix of non-self-signed certificate files in a certificate chain.
"clientCertFile": "Client certificate file"
The file that contains a client certificate from a certificate authority (CA).
"clientName": "Client name"
Specifies the name of the key client that is created. The name must be within 1 - 16 characters in length. It must be unique within the IBM Storage Scale cluster. Required.
"clientPrivateKeyFile" : "Client private key file"
The file that contains a client private key that matches the client certificate.
"daysToExpiration": "Number of days till expiration"
The number of days until the new client certificate expires. The valid range is 1 - 18262. The default value is 1095.
"keyStorePwdFile": "Keystore password file"
The password file that contains a client keystore password.
"passwordFile": "Password file"
Specifies the password file that contains a password for accessing the RKM server. If you do not provide a password, then you are prompted for one when the request is sent. A password must be 1 - 20 characters in length. For more information, see the mmkeyserv command in the IBM Storage Scale documentation.
"passwordFile": "Password file"
Specifies the password file that contains a password for accessing the RKM server. If you do not provide a password, then you are prompted for one when the request is sent. A password must be 1 - 20 characters in length. For more information, see the mmkeyserv command in the IBM Storage Scale documentation.
"serverName": "Server name"
Specifies the name of the RKM server to which the key client belongs. Required.
"jobId":"ID",
Specifies the unique ID of the job.
"submitted":"Date and Time"
Specifies the date and time at which the job was submitted.
"completed":Date and Time"
Specifies the date and time at which the job was completed.
"runtime":Duration"
Specifies the duration for which the job ran.
"status":"RUNNING | COMPLETED | FAILED"
Specifies the status of the job.
"pids":"Process ID"
Specifies the process IDs of all the active sub processes that manage the job.

Examples

The following example shows how to create a key client myclient1.

Request data: 
 curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Basic YWRtaW46YWRtaW4wMDE=' -d '{ \ 
   "clientName": "myclient1", \ 
   "serverName": "sklm11.fyre.ibm.com", \ 
   "passwordFile": "/tmp/password", \ 
   "daysToExpiration": 1095, \ 
   "keyStorePwdFile": "/tmp/password", \ 
   "clientCertFile": "/tmp/cert", \ 
   "clientPrivateKeyFile": "/tmp/CA/certfiles.1.cert", \ 
   "caCertFilePrefix": "/tmp/cert", \ 
   "caCertChainFile": "/tmp/CA/certfiles.0.cert" \ 
 }' 'https://198.51.100.1:443/scalemgmt/v2/encryption/clients'

Response data:

Note: In the JSON data that is returned, the return code indicates whether the command is successful. The response code 200 indicates that the command successfully retrieved the information. Error code 400 represents an invalid request and 500 represents internal server error. 
{
    "jobs": [
        {
            "jobId": 1000000000002,
            "status": "COMPLETED",
            "submitted": "2021-06-20 06:45:11,894",
            "completed": "2021-06-20 06:45:20,141",
            "runtime": 8247,
            "request": {
                "data": {
                    "clientName": "myclient2",
                    "keyStorePwdFile": "/root/passfile1",
                    "passwordFile": "/root/passfile1",
                    "serverName": "lodestar1.fyre.ibm.com" 
                    "clientCertFile": "/tmp/cert", \ 
                    "clientPrivateKeyFile": "/tmp/CA/certfiles.1.cert", \ 
                    "caCertFilePrefix": "/tmp/cert", \ 
                    "caCertChainFile": "/tmp/CA/certfiles.0.cert" \
                },
                "type": "POST",
                "url": "/scalemgmt/v2/encryption/clients"
            },
            "result": {
                "progress": [],
                "commands": [
                    "mmkeyserv client create 'myclient2' --server 'lodestar1.fyre.ibm.com' --server-pwd '/root/passfile1' --keystore-pwd '/root/passfile1' "
                ],
                "stdout": [
                    "mmkeyserv: Propagating the cluster configuration data to all",
                    "  affected nodes.  This is an asynchronous process.",
                    "info: "
                ],
                "stderr": [],
                "exitCode": 0
            },
            "pids": []
        }
    ],
    "status": {
        "code": 200,
        "message": "The request finished successfully."
    }
}

Related information

mmkeyserv command in the IBM Storage Scale documentation.