Disable GUI configuration changes
In certain situations, it makes sense to disable the ability to do GUI configuration changes. By setting the nacoma path to "false", the menu item will be hidden. One situation where you might want to do this, is if you have peered masters and want to avoid configuration changes being pushed via multiple nodes, which is strongly discouraged.
The end result of setting the nacoma path to "false" will be that the "Configure" item under the "Manage" menu item in the web GUI will no longer be visible on that node.
First, create the following file on the node where you wish to block nacoma:
It should contain the following:
<?php defined('SYSPATH') OR die('No direct access allowed.'); $config['nacoma_path'] = false;
Save this file and open up your web UI on this node. You should see that "Configure" is no longer available from the drop down menu.
Disable API configuration changes
CautionThis will completely disable the API on the node, which will affect anything calling the API for any reason. This could include external dashboards or other consumers of API responses not related to configuration.
You can disable the API on a node by invalidating all types of authentication. Open this file:
Set all auth_method and beta_features attributes from "true" to "false". Save the file.
Contacting the API on this node to for example commit a configuration save will now give an error:
# curl -k -H 'content-type: application/json' -X POST 'https://localhost/api/config/change' -u 'user:pass'
"full_error": "The API is locked down, all 'auth_method's are disabled through http_api.yml"