REST API AlertWeb
Control plane API для автоматизации панели. За nginx браузер и скрипты ходят на префикс /api; бэкенд видит пути без префикса (/vms, не /api/vms).
Введение
# Базовый URL (через nginx)
export API=https://panel.example.ru/api
export TOKEN=<access_token>
- Формат: JSON, UTF-8
- Авторизация:
Authorization: Bearer <access_token>(кроме login/health) - OpenAPI:
GET $API/openapi.yamlна вашей установке - Permissions: RBAC — каждый endpoint требует scope (см. роли в панели)
Аутентификация
POST
/auth/login
Логин email/password → access + refresh token.
curl -sS -X POST "$API/auth/login" \
-H 'Content-Type: application/json' \
-d '{"email":"admin@example.ru","password":"your-password"}'
{
"access_token": "eyJhbG...",
"refresh_token": "eyJhbG...",
"expires_in": 3600
}
POST
/auth/refresh
curl -sS -X POST "$API/auth/refresh" \
-H 'Content-Type: application/json' \
-d '{"refresh_token":"'"$REFRESH"'"}'
GET
/auth/me
curl -sS "$API/auth/me" -H "Authorization: Bearer $TOKEN"
POST
/auth/ldap/login
Если LDAP включён в настройках платформы.
Дашборд и аудит
| Метод | Путь | Permission |
|---|---|---|
| GET | /dashboard/stats | vms.read |
| GET | /dashboard/charts | vms.read |
| GET | /audit | platform.audit.read |
curl -sS "$API/dashboard/stats" -H "Authorization: Bearer $TOKEN"
Пользователи и RBAC
| Метод | Путь |
|---|---|
| GET/POST | /users |
| PATCH | /users/{uuid} |
| GET/POST/DELETE | /users/{uuid}/roles |
| GET | /roles |
| GET/DELETE | /sessions, /sessions/{uuid} |
curl -sS "$API/users" -H "Authorization: Bearer $TOKEN"
curl -sS -X POST "$API/users" -H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-d '{"email":"ops@example.ru","password":"...","first_name":"Ops","role_ids":[2]}'
Инфраструктура
Локации, кластеры, ноды
| Метод | Путь | Заметки |
|---|---|---|
| GET/POST | /locations | География |
| GET/POST | /clusters | |
| PATCH | /clusters/{id}/migration-settings | concurrency |
| PATCH | /clusters/{id}/storage-settings | Ceph/NAS JSON |
| POST | /clusters/{id}/rebalance | batch migrate |
| GET/POST | /nodes | bootstrap_token при создании |
| PATCH | /nodes/{uuid}/status | enable/disable |
| POST | /nodes/{uuid}/drain | эвакуация VM |
| GET | /nodes/{uuid}/metrics | CPU/RAM/disk |
| GET/POST | /networks | физические сети |
# Создать ноду
curl -sS -X POST "$API/nodes" -H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"name": "node-msk-01",
"cluster_id": 1,
"address": "10.0.0.11",
"ssh_port": 22
}'
# Ответ содержит bootstrap_token для agent.env
Виртуальные машины
| Метод | Путь | Эффект |
|---|---|---|
| GET | /vms | Список (+ фильтры query) |
| POST | /vms | job vm.create |
| POST | /vms/schedule-preview | размещение на ноде |
| GET/PATCH/DELETE | /vms/{uuid} | destroy → vm.destroy |
| POST | /vms/{uuid}/actions/start|stop|restart | |
| POST | /vms/{uuid}/resize | CPU/RAM |
| POST | /vms/{uuid}/boot-disk/resize | диск |
| POST | /vms/{uuid}/reinstall | переустановка ОС |
| POST | /vms/{uuid}/clone | полный/linked clone |
| POST | /vms/{uuid}/migrate | live migrate |
| POST | /vms/{uuid}/console | VNC token |
| POST | /vms/batch-actions | start/stop/destroy… |
| POST | /vms/batch-migrate | |
| GET/POST | /vms/{uuid}/snapshots | |
| GET/POST | /vms/{uuid}/backups | |
| GET/POST | /vms/{uuid}/nics | сетевые интерфейсы |
| GET/POST | /vms/{uuid}/iso | подключение ISO |
| POST | /vms/{uuid}/allocate-ip | из IPAM |
| POST | /vms/{uuid}/abort-operation | сброс зависшей операции |
POST
/vms
Создание VM из шаблона (асинхронно, результат в jobs).
curl -sS -X POST "$API/vms" -H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"name": "web-prod-01",
"cluster_id": 1,
"template_id": 3,
"vcpu": 4,
"ram_mb": 8192,
"disk_gb": 40,
"ip_pool_id": 1,
"root_password": "ChangeMe123!",
"ssh_public_key": "ssh-ed25519 AAAA..."
}'
POST
/vms/{uuid}/actions/start
curl -sS -X POST "$API/vms/$VM_UUID/actions/start" \
-H "Authorization: Bearer $TOKEN"
POST
/vms/{uuid}/console
WebSocket: GET /api/console/ws?vm={uuid}&token=...
curl -sS -X POST "$API/vms/$VM_UUID/console" \
-H "Authorization: Bearer $TOKEN"
IPAM
| Метод | Путь |
|---|---|
| GET/POST | /ipam/pools |
| GET/PATCH | /ipam/pools/{id} |
| GET | /ipam/pools/{id}/stats |
| GET | /ipam/pools/{id}/addresses |
| PATCH | /ipam/pools/{id}/addresses/{address} |
curl -sS -X POST "$API/ipam/pools" -H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"name": "public-ipv4",
"cidr": "203.0.113.0/24",
"gateway": "203.0.113.1",
"dns_servers": ["8.8.8.8","1.1.1.1"]
}'
Шаблоны ОС
| Метод | Путь |
|---|---|
| GET/POST | /templates |
| DELETE | /templates/{id} |
| POST | /templates/sync-repo |
| POST | /templates/{id}/distribute |
| GET | /templates/ready, /cache-overview |
ISO-образы
| Метод | Путь | |
|---|---|---|
| GET/POST | /iso/repositories | |
| GET/POST | /iso/images | |
| POST | /iso/upload | multipart, до GB |
| POST | /iso/upload-url | загрузка по URL |
| POST | /iso/images/{id}/distribute |
curl -sS -X POST "$API/iso/upload" -H "Authorization: Bearer $TOKEN" \
-F "name=debian-12" -F "os_type=linux" -F "file=@debian.iso"
Фоновые задачи (jobs)
| Метод | Путь |
|---|---|
| GET | /jobs |
| GET | /jobs/{uuid} |
| GET | /jobs/{uuid}/logs |
| GET | /jobs/{uuid}/steps |
| POST | /jobs/{uuid}/cancel |
curl -sS "$API/jobs/$JOB_UUID/logs" -H "Authorization: Bearer $TOKEN"
Миграции
| Метод | Путь |
|---|---|
| GET | /migrations |
| GET | /migration-queue |
| GET | /migration-batches |
| GET | /unknown-vms |
| POST | /unknown-vms/import |
Webhooks
curl -sS -X POST "$API/webhooks" -H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"name": "slack-migrations",
"url": "https://hooks.example.com/alertweb",
"events": ["migration.completed", "migration.failed"],
"secret": "whsec_..."
}'
Firewall
| Метод | Путь |
|---|---|
| GET/POST | /firewall/policies |
| POST | /firewall/policies/{uuid}/apply |
Marketplace
| Метод | Путь |
|---|---|
| GET/POST | /marketplace/items |
| POST | /vms/{uuid}/marketplace/install |
API-ключи
Ключи вида alertweb_* с ограничением scopes — альтернатива JWT для автоматизации.
curl -sS -X POST "$API/api-keys" -H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-d '{"name":"terraform","scopes":["vms.read","vms.write","nodes.read"]}'
curl -sS "$API/vms" -H "Authorization: Bearer alertweb_xxxx..."
Платформа и лицензия
| Метод | Путь | |
|---|---|---|
| GET/PATCH | /platform/settings | |
| GET/PATCH | /platform/auth/ldap | |
| GET/PATCH | /platform/settings/license | ключ, статус |
| GET | /platform/settings/security/nginx | генерация конфига |
Ошибки и коды
- 401 — невалидный или просроченный token
- 403 — нет permission (RBAC)
- 404 — объект не найден
- 409 — конфликт состояния (VM busy, нода drained)
- 422 — валидация тела запроса
{
"error": "permission denied",
"code": "forbidden"
}
Установка панели — руководство по установке.
Актуальная схема всех полей — OpenAPI на вашем инстансе.