Table Of Contents
- JSON-RPC 2.0 over WebSocket API
- API Methods
- acme.dns.authenticator
- alert
- alertclasses
- alertservice
- api_key
- app
- app.available
- app.available_space
- app.categories
- app.certificate_choices
- app.config
- app.container_console_choices
- app.container_ids
- app.convert_to_custom
- app.create
- app.delete
- app.get_instance
- app.gpu_choices
- app.ip_choices
- app.latest
- app.outdated_docker_images
- app.pull_images
- app.query
- app.redeploy
- app.rollback
- app.rollback_versions
- app.similar
- app.start
- app.stop
- app.update
- app.upgrade
- app.upgrade_summary
- app.used_ports
- app.image
- app.ix_volume
- app.registry
- audit
- auth
- auth.twofactor
- boot
- boot.environment
- catalog
- certificate
- cloud_backup
- cloudsync
- cloudsync.credentials
- config
- core
- cronjob
- device
- disk
- dns
- docker
- docker.network
- enclosure.label
- failover.disabled
- failover.reboot
- filesystem
- filesystem.acltemplate
- ftp
- group
- initshutdownscript
- interface
- interface.bridge_members_choices
- interface.cancel_rollback
- interface.checkin
- interface.checkin_waiting
- interface.choices
- interface.commit
- interface.create
- interface.default_route_will_be_removed
- interface.delete
- interface.get_instance
- interface.has_pending_changes
- interface.ip_in_use
- interface.lacpdu_rate_choices
- interface.lag_ports_choices
- interface.query
- interface.rollback
- interface.save_default_route
- interface.services_restarted_on_sync
- interface.update
- interface.vlan_parent_interface_choices
- interface.websocket_interface
- interface.websocket_local_ip
- interface.xmit_hash_policy_choices
- ipmi
- ipmi.chassis
- ipmi.lan
- ipmi.sel
- iscsi.auth
- iscsi.extent
- iscsi.global
- iscsi.initiator
- iscsi.portal
- iscsi.target
- iscsi.targetextent
- jbof
- k8s_to_docker
- kerberos
- kerberos.keytab
- kerberos.realm
- keychaincredential
- keychaincredential.create
- keychaincredential.delete
- keychaincredential.generate_ssh_key_pair
- keychaincredential.get_instance
- keychaincredential.query
- keychaincredential.remote_ssh_host_key_scan
- keychaincredential.remote_ssh_semiautomatic_setup
- keychaincredential.setup_ssh_connection
- keychaincredential.update
- keychaincredential.used_by
- kmip
- network.configuration
- network.general
- nfs
- nvmet.global
- nvmet.host
- nvmet.host_subsys
- nvmet.namespace
- nvmet.port
- nvmet.port_subsys
- nvmet.subsys
- pool
- pool.attach
- pool.attachments
- pool.create
- pool.ddt_prefetch
- pool.ddt_prune
- pool.detach
- pool.expand
- pool.export
- pool.filesystem_choices
- pool.get_disks
- pool.get_instance
- pool.import_find
- pool.import_pool
- pool.is_upgraded
- pool.offline
- pool.online
- pool.processes
- pool.query
- pool.remove
- pool.replace
- pool.scrub
- pool.update
- pool.upgrade
- pool.validate_name
- pool.dataset
- pool.dataset.attachments
- pool.dataset.change_key
- pool.dataset.checksum_choices
- pool.dataset.compression_choices
- pool.dataset.create
- pool.dataset.delete
- pool.dataset.destroy_snapshots
- pool.dataset.details
- pool.dataset.encryption_algorithm_choices
- pool.dataset.encryption_summary
- pool.dataset.export_key
- pool.dataset.export_keys
- pool.dataset.export_keys_for_replication
- pool.dataset.get_instance
- pool.dataset.get_quota
- pool.dataset.inherit_parent_encryption_properties
- pool.dataset.lock
- pool.dataset.processes
- pool.dataset.promote
- pool.dataset.query
- pool.dataset.recommended_zvol_blocksize
- pool.dataset.recordsize_choices
- pool.dataset.set_quota
- pool.dataset.snapshot_count
- pool.dataset.unlock
- pool.dataset.update
- pool.resilver
- pool.scrub
- pool.snapshot
- pool.snapshottask
- pool.snapshottask.create
- pool.snapshottask.delete
- pool.snapshottask.delete_will_change_retention_for
- pool.snapshottask.get_instance
- pool.snapshottask.max_count
- pool.snapshottask.max_total_count
- pool.snapshottask.query
- pool.snapshottask.run
- pool.snapshottask.update
- pool.snapshottask.update_will_change_retention_for
- privilege
- replication
- replication.count_eligible_manual_snapshots
- replication.create
- replication.create_dataset
- replication.delete
- replication.get_instance
- replication.list_datasets
- replication.list_naming_schemas
- replication.query
- replication.restore
- replication.run
- replication.run_onetime
- replication.target_unmatched_snapshots
- replication.update
- replication.config
- reporting
- reporting.exporters
- route
- rsynctask
- service
- sharing.nfs
- sharing.smb
- smb
- snmp
- ssh
- staticroute
- support
- system
- system.advanced
- system.advanced.config
- system.advanced.get_gpu_pci_choices
- system.advanced.login_banner
- system.advanced.sed_global_password
- system.advanced.sed_global_password_is_set
- system.advanced.serial_port_choices
- system.advanced.syslog_certificate_authority_choices
- system.advanced.syslog_certificate_choices
- system.advanced.update
- system.advanced.update_gpu_pci_ids
- system.general
- system.general.checkin
- system.general.checkin_waiting
- system.general.config
- system.general.country_choices
- system.general.kbdmap_choices
- system.general.local_url
- system.general.timezone_choices
- system.general.ui_address_choices
- system.general.ui_certificate_choices
- system.general.ui_httpsprotocols_choices
- system.general.ui_restart
- system.general.ui_v6address_choices
- system.general.update
- system.global
- system.ntpserver
- system.reboot
- system.security
- system.security.info
- systemdataset
- tn_connect
- truecommand
- truenas
- tunable
- update
- ups
- user
- virt.device
- virt.global
- virt.instance
- virt.instance.create
- virt.instance.delete
- virt.instance.device_add
- virt.instance.device_delete
- virt.instance.device_list
- virt.instance.device_update
- virt.instance.get_instance
- virt.instance.image_choices
- virt.instance.query
- virt.instance.restart
- virt.instance.set_bootable_disk
- virt.instance.start
- virt.instance.stop
- virt.instance.update
- virt.volume
- vmware
- API Events
- acme.dns.authenticator
- alert
- alertservice
- api_key
- app
- app.image
- app.registry
- certificate
- cloud_backup
- cloudsync
- cloudsync.credentials
- core
- cronjob
- docker.network
- filesystem.acltemplate
- group
- initshutdownscript
- interface
- iscsi.auth
- iscsi.extent
- iscsi.initiator
- iscsi.portal
- iscsi.target
- iscsi.targetextent
- jbof
- kerberos.keytab
- kerberos.realm
- keychaincredential
- nvmet.host
- nvmet.host_subsys
- nvmet.namespace
- nvmet.port
- nvmet.port_subsys
- nvmet.subsys
- pool
- pool.dataset
- pool.scrub
- pool.snapshot
- pool.snapshottask
- privilege
- replication
- reporting.exporters
- rsynctask
- service
- sharing.nfs
- staticroute
- system.ntpserver
- tunable
- user
- virt.instance
- virt.volume
- vmware
- Jobs
- Query Methods
Previous topic
Next topic
kmip.update¶
Update KMIP Server Configuration.
System currently authenticates connection with remote KMIP Server with a TLS handshake. certificate and certificate_authority determine the certs which will be used to initiate the TLS handshake with server.
validate is enabled by default. When enabled, system will test connection to server making sure it’s reachable.
manage_zfs_keys/manage_sed_disks when enabled will sync keys from local database to remote KMIP server. When disabled, if there are any keys left to be retrieved from the KMIP server, it will sync them back to local database.
enabled if true, cannot be set to disabled if there are existing keys pending to be synced. However users can still perform this action by enabling force_clear.
ssl_version can be specified to match the ssl configuration being used by KMIP server.
change_server is a boolean field which allows users to migrate data between two KMIP servers. System will first migrate keys from old KMIP server to local database and then migrate the keys from local database to new KMIP server. If it is unable to retrieve all the keys from old server, this will fail. Users can bypass this by enabling force_clear.
force_clear is a boolean option which when enabled will in this case remove all pending keys to be synced from database. It should be used with extreme caution as users may end up with not having ZFS dataset or SED disks keys leaving them locked forever. It is disabled by default.
Type: object
No Additional Properties
Type: array
No Additional Items
No Additional Properties
No Additional Items
Tuple Validation
Parameter 1: kmip_update
kmip_update
Type: objectNo Additional Properties
Enabled
Type: booleanManage Sed Disks
Type: booleanManage Zfs Keys
Type: booleanPort
Type: integerValue must be greater or equal to 1 and lesser or equal to 65535
Ssl Version
Type: enum (of string)Must be one of:
- "PROTOCOL_TLSv1"
- "PROTOCOL_TLSv1_1"
- "PROTOCOL_TLSv1_2"
Force Clear
Type: booleanChange Server
Type: booleanValidate
Type: booleanKmipEntry
Type: objectNo Additional Properties
Id
Type: integerEnabled
Type: booleanManage Sed Disks
Type: booleanManage Zfs Keys
Type: booleanPort
Type: integerValue must be greater or equal to 1 and lesser or equal to 65535
Ssl Version
Type: enum (of string)Must be one of:
- "PROTOCOL_TLSv1"
- "PROTOCOL_TLSv1_1"
- "PROTOCOL_TLSv1_2"
Required roles: KMIP_WRITE