Last updated on: 2023-08-29 10:06:08.

VNF Manager CLI

This CLI reference guide contains vnfm_manager commands used for manager-related operations and maintenance. This reference guide provides command descriptions for use with:

Manager configuration operations

  • vnfm_manager install - use to set private and public IP addresses using the CLI. Settings include private_ip;public_ip.

    vnfm_manager install [--private-ip <PRIVATE_IP>] [--public-ip <PUBLIC_IP>] [--admin-password <password>] [-v]
  • vnfm_manager validate - use to validate the configurations.

  • vnfm_manager add-networks - use to add networks to a running Manager.

    vnfm_manager add-networks --networks '{"<network-name>": "<ip>", "<network-name>":"<ip>"}'
  • vnfm_manager remove - use to uninstall the VNF Manager, run: vnfm_manager remove -f. To remove all of the files that the installation process extracted, run:

    sudo yum remove vnfm-manager-install

Certificate operations

vnfm_manager generate-test-cert - use to create example certificate (3-node cluster) run on the node with the management service (-s). For a 3-node cluster, use the following example setup:

vnfm_manager generate-test-cert -s <manager 1 ip>,<manager 1 hostname>
vnfm_manager generate-test-cert -s <manager 2 ip>,<manager 2 hostname>
vnfm_manager generate-test-cert -s <manager 3 ip>,<manager 3 hostname>

Run the previous commands on the same host. For production purposes, use a proper CA (for example, a company CA).

Example - create certificates and store as Kubernetes secret

docker pull vnfmplatform/community-vnfm-manager-aio:latest
docker run --name vnfm_manager_local -d --restart unless-stopped --tmpfs /run --tmpfs /run/lock -p 8000:8000 vnfmplatform/community-vnfm-manager-aio
docker exec -it created_ID bash

vnfm_manager generate-test-cert -s 'vnfm-manager-worker.vnfm-demo.svc.cluster.local,rabbitmq.vnfm-demo.svc.cluster.local,postgres-postgresql.vnfm-demo.svc.cluster.local'

## save certs in tls.crt|tls.key|ca.crt
kubectl create secret generic vnfm-certs --from-file=./tls.crt --from-file=./tls.key --from-file=./ca.crt

VNFM_MANGER commands for Docker Containers

Use the following commands when deploying VNF manager from a Docker container.

Local command line interface

The VNFM Docker image comes with VNFM CLI pre installed. The following topic describes how to use VNFM docker image as local CLI client.

Install local Docker image

Install VNFM on your local desktop. Use the following steps to install VNFM docker image on your local desktop.

For example:

> sudo docker run --name vnfm_manager_local -d --restart unless-stopped -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /run/lock --security-opt seccomp:unconfined --cap-add SYS_ADMIN -p 80:80 -p 8000:8000 vnfmplatform/community-vnfm-manager-aio:latest

Executing the VNFM CLI outside your local Community or Premium docker image

To execute the VNFM CLI from your desktop to your local docker image, use the following command:

> docker exec -it <VNFM docker image name> vnfm <command>

For example to get the local manager status, use the following command:

> docker exec -it vnfm_manager_local vnfm status

Running the CLI on your local Community or Premium docker image

Open an interactive shell on the manager using the following command

> docker exec -it <image name> /bin/sh

This command will open a shell on your manager instance. You can now run any of the CLI command directly (without the “docker exec” prefix)

> vnfm <command>

For example:

> docker exec -it vnfm_manager_local /bin/sh

On your image prompt run the following cli command:

sh-4.2#> vnfm status


Use to reference the name of the Docker container and for Docker execution calls when deploying a VNF Manager using a Docker container.

Required Flag:

--name - the container name for use with later Docker execution calls.


docker run --name vnfm_manager_local -d --restart unless-stopped \
  -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /run/lock \
  --security-opt seccomp:unconfined --cap-add SYS_ADMIN \
  -p 80:80 -p 443:443 -p 5671:5671 -p 53333:53333 -p 8000:8000 \

Or using a minimal command:

docker run -d \
  -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /run/lock \

Docker Run flags:

  • --restart unless-stopped - auto-restart of the container
  • security-opt secconmp:unconfined --cap-add SYS_ADMIN or alternatively --privileged - when running a SystemD-based container, giving the container elevated privileges is required for SystemD itself to run. When using a new enough Docker Engine (at least 17.05+), those flags can be omitted, but the host SELinux policy can need adjustment by doing setsebool -P container_manage_cgroup true. Neither those flags, nor the SELinux adjustment, are required when using containers not based on SystemD.
  • -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /run/lock - mounts required only when using a SystemD-based container. The host machine must also use SystemD.
  • -p 80:80 -p 5671:5671 -p 53333:53333 -p 8000:8000 or alternatively -p 443:443 - the ports 5671 and 53333 are used for manager/agent communication, while the port 80 or 443 is used for CLI/UI access to the manager. Port 8000 is used for the hello-world example and is optional. Using the -p flags, or even –network host, these ports can be forwarded from the host machine to the container.
  • --name vnfm_manager_local - the name given to the container, for use with later docker exec calls.
  • -v /some/absolute/path/to/config.yaml:/etc/cloudify/config.yaml:rw - mounting a yaml file at /etc/cloudify/config.yaml allows configuring the manager container, including setting an admin password, and providing paths to TLS certificates.


The Docker container’s starter service will take a while to boot up all the manager components. Run vnfm_manager wait-for-starter to synchronously wait for the manager to fully start. When done, wait-for-starter will print out the manager’s admin password to stdout.

docker exec vnfm_manager_local vnfm_manager wait-for-starter


Use to change the admin password.

docker exec vnfm_manager_local vnfm_manager reset-admin-password NEW_PASSWORD

What’s Next?