Encryption/servers: POST

Adds an RKM server connection to the IBM Storage Scale Erasure Code Edition cluster.

Availability

Available on all IBM Storage Scale editions.

Description

The POST scalemgmt/v2/encryption/servers request adds a remote key manager (RKM) server connection to the IBM Storage Scale cluster. For more information about the fields in the data structures that are returned, see the mmkeyserv command.

Request URL

https://<IP address or host name of API server>:<port>scalemgmt/v2/encryption/servers

where

servers: Specifies the resource that must be added.

Request headers

Accept: application/json

Parameters

Table 1. List of parameters
Parameter name	Description and applicable keywords	Required/Optional
body	Body of the request that contains the required parameters to be passed on to the IBM Storage Scale Erasure Code Edition system to perform the requested operation.	Required

Request data

The following list of attributes is available in the request data:

{
 "restPortNumber": Port number,
  "restUserID": "User ID ",
  "passwordFile": "Password file name",
  "accept": true | false,
  "certFilePrefix": "Certificate File prefix",
  "serverNamebackup": "Server name list",
  "dis": true | false,
  "nodis": true | false,
  "connectionTimeout": Time,
  "connectionAttempts": Number of attempts,
  "microseconds": Time
  }

The details of the parameters are given in the following list.

"serverName": "Server name": Specifies the hostname or the IP address of the RKM server.
"restPortNumber": "REST Port Number": Specifies the port number for the Representational State Transfer (REST) interface on the IBM® Security Key Lifecycle Manager server.
"restUserID": "User ID": Specifies the user ID for the RKM server. The default value is SKLMAdmin.
"passwordFile": "Password file": Specifies the password file that contains a password for accessing the RKM server. If you do not provide a password, then you are prompted for a password when the request is sent. A password must be 1 - 20 characters in length. For more information, see the mmkeyserv command in the IBM Storage Scale documentation.
"accept": "true | false": Specifies whether the command is configured to automatically accept certificates from the RKM server.
"caCertFilePrefix" : "Path and file name of the Certificate file prefix ": The path and file name prefix of non-self-signed certificate files in a certificate chain.
"serverNamebackup" : "Server name list": Specifies a comma-separated list of server names that you want to add to the list of backup RKM servers defined in the RKM.conf file.
"dis": "true | false": Specifies whether the list of RKM server names, including the main RKM server and backup RKM servers, are arranged in the RKM.conf file in a different order on each node. This arrangement ensures that each node connects with the servers in a different order.
"nodis": "true | false": Specifies whether the list of RKM server names is arranged in the RKM.conf file.
"connectionTimeout": "Time": Specifies the connection timeout, in seconds, for retrieving a master encryption key (MEK) from an RKM server. The valid range is 1 - 120 seconds and the default value is 60 seconds.
"connectionAttempts": "Number of attempts": Specifies the number of attempts to retry a connection to an RKM server. The valid range is 1 - 10 retries and the default value is three retries.
"microseconds": "Time": Specifies the number of microseconds of waiting between attempts to connect. The valid range is 1 - 1000000000 and the default value is 10000 (0.1 seconds).

Response data

{
  "jobs": [
    {
      "jobId": ID of the job,
      "status": "Job status",
      "submitted": "Date and time when job was submitted",
      "completed": "Date and time when job was completed",
      "runtime": Time when Job ran,
      "request": {
        "type": "Request Type",
        "url": "Resource URL"
      },
      "result": {},
         "progress": [],
        "commands": [
          ""
        ],
        "stdout": [
          " "
        ],
        "stderr": [],
        "exitCode": 0
      },
        "pids": []
    }
  ],
  "status": {
    "code": return status code,
    "message": "Return message."
  }
}

For more information about the fields in the following data structures, see the links at the end of the topic.

"jobs":

An array of elements that describe jobs. Each element describes one job.

"jobId": "ID",: The unique ID of the job.
"submitted": "Time": The time at which the job was submitted.
"completed": "Time": The time at which the job was completed.
"runtime": "Time": The duration for which the job ran.
"status": "RUNNING | COMPLETED | FAILED": Status of the job.

"result"

"progress": Job progress: Progress information for the request.
"commands": "Command name: Array of commands that are run in this job.
"stdout": "message: Request Information.
"exitCode":"Exit code": Exit code of command. Zero indicates success and any other value denotes failure.
"stderr":"Error": CLI messages from stderr.

"pids": list

A list of process IDs for this job.

"request"

"type": "{GET | POST | PUT | DELETE}": HTTP request type.
"url": "URL": The URL through which the job is submitted.

"status":

Return status.

"message": "ReturnMessage",: The return message.
"code": ReturnCode: The return code.

Examples

The following example adds the lodestar1.fyre.ibm.com server connection with IBM Storage Scale cluster.

Request data:

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Basic YWRtaW46VHJhY2VAMjAyMQ==' -d '{ \ 
  "serverName": "lodestar1.fyre.ibm.com",
  "restPortNumber": 44742,
  "restUserID": "admin",
  "passwordFile": "/var/lib/mmfs/gui/passfile",
  "accept": false,
  "certFilePrefix": "CertFilesPrefix.n.cert",
  "serverNamebackup": "string",
  "dis": true,
  "nodis": false,
  "connectionTimeout": 60,
  "connectionAttempts": 3,
  "microseconds": 10000
   }\
 }' 'https://198.51.100.1:443/scalemgmt/v2/encryption/servers'

Response data:

Note: In the JSON data that is returned, the return code indicates whether the command is successful. The response code 200 indicates that the command successfully retrieved the information. Error code 400 represents an invalid request and 500 represents internal server error.

{
  "jobs": [
    {
      "jobId": 1000000000003,
      "status": "COMPLETED",
      "submitted": "2021-06-18 08:14:31,854",
      "completed": "2021-06-18 08:14:40,799",
      "runtime": 8945,
      "request": {
        "type": "POST",
        "url": "/scalemgmt/v2/encryption/servers"
      },
      "result": {
        "progress": [],
        "commands": [
          "mmkeyserv server add 'lodestar1.fyre.ibm.com' --server-pwd '/root/passfile1' --accept "
        ],
        "stdout": [
          "mmkeyserv: Propagating the cluster configuration data to all",
          "  affected nodes.  This is an asynchronous process.",
          "info: "
        ],
        "stderr": [],
        "exitCode": 0
      },
      "pids": []
    }
  ],
  "status": {
    "code": 200,
    "message": "The request finished successfully."
  }
}