Server maintenance CLI¶
CERTIFICATES¶
Replacing Certificates
Certificates are used by VNF Manager for TLS based secure communication between the different VNF Manager components and between the user interface and the VNF Manager. Certificates are set during the initial deployment of the VNF Manager (cluster or all-in-one), but later maintenance and replacement of the certificates may be required as a result of regulatory compliance demand, certificate expiration, or revocation due to security breach. Follow this procedure when certificates’ replacement is required:
- Generate the replace-certificates configuration file using vnfm certificates generate-replace-config. This file should be filled with the new certificates’ paths.
- Replace the certificates using vnfm certificates replace. This command uses the filled configuration file from the previous step.
Note
Replacing certificates can only be done before the existing certificates expire.
generate-replace-config¶
Usage
vnfm certificates generate-replace-config
Generates the replace-certificates configuration file. Please fill in the generated file with the new certificates’ paths and save it.
In case you are using a management cluster, the cluster instances’ private IPs will be filled automatically. If your CLI is on a host that is not part of the cluster network, you can specify the instances’ public IPs instead. The generated configuration file will be different depending on the deployment topology - all-in-one manager or a management cluster.
In case of replacing a CA certificate, all related certificates need to be replaced as well. For each instance, either both certificate and key must be provided, or neither.
Optional flags:
-o, --output-path
- The local path to download the replace-certificates config file to. The default output path is “./certificates_replacement_config.yaml”.
Example
$ vnfm certificates generate-replace-config
The certificates replacement configuration file was saved to certificates_replacement_config.yaml
replace¶
Usage
vnfm certificates replace
This command will replace the certificates on your all-in-one manager or management cluster, whichever you are currently using. It uses the filled configuration file in order to get the new certificates’ paths. At the end of the process, the old certificates are saved at the same directory as the new ones (/etc/cloudify/ssl/) with a timestamp attached to their name.
Note
The ssh_user and ssh_key need to be configured for the current profile prior to using this command. This can be done by using the command vnfm profiles set –ssh-user <username, e.g. centos> –ssh-key <path to the lcal private key-path>. These credentials will be used in order to connect (SSH) to the cluster instances and replace their certificates.
Optional flags:
-i, --input-path
- The certificates replacement configuration file path. The default input path is “./certificates_replacement_config.yaml”.-v, --verbose
- Show verbose output. You can supply this up to three times (i.e. -vvv). Use this flag in case you want to print the logs from the remote hosts.
Example
$ vnfm certificates replace
Validating replace-certificates config file...
Validating status is healthy
Validating certificates on host <host-ip>
Validating certificates on host <host-ip>
Replacing certificates...
Passing CA certs to agents
Replacing certificates on host <host-ip>
Replacing certificates on host <host-ip>
Passing CA certs to agents
Validating status is healthy
Successfully replaced certificates
CONFIG¶
The vnfm config
command is used to manage VNF Manager’s configuration.
Optional Flags
vnfm config
commands support the common CLI flags.
Commands
List¶
Usage
vnfm config list [OPTIONS]
List all configurations
Example
$ vnfm config list
Config:
+-----------------------------------+--------------------------------------------------+------------+------------+-------------+
| name | value | scope | updated_at | is_editable |
+-----------------------------------+--------------------------------------------------+------------+------------+-------------+
| account_lock_period | -1 | rest | | True |
| broker_port | 5671 | agent | | True |
| default_page_size | 1000 | rest | | True |
| failed_logins_before_account_lock | 4 | rest | | True |
| file_server_root | /opt/manager/resources | rest | | False |
| file_server_url | https://172.20.0.2:53333/resources | rest | | False |
| heartbeat | 30 | agent | | True |
| insecure_endpoints_disabled | True | rest | | False |
| ldap_dn_extra | | rest | | True |
| ldap_domain | | rest | | True |
| ldap_is_active_directory | True | rest | | True |
| ldap_nested_levels | 1 | rest | | True |
| ldap_password | | rest | | True |
| ldap_server | | rest | | True |
| ldap_timeout | 5.0 | rest | | True |
| ldap_username | | rest | | True |
| log_level | INFO | agent | | True |
| maintenance_folder | /opt/manager/maintenance | rest | | False |
| max_workers | 5 | agent | | True |
| max_workers | 100 | mgmtworker | | True |
| min_available_memory_mb | 100 | rest | | True |
| min_workers | 2 | agent | | True |
| min_workers | 2 | mgmtworker | | True |
| public_ip | 172.20.0.2 | rest | | False |
| rest_service_log_level | INFO | rest | | True |
| rest_service_log_path | /var/log/cloudify/rest/vnfm-rest-service.log | rest | | False |
+-----------------------------------+--------------------------------------------------+------------+------------+-------------+
Update¶
Usage
vnfm config update [OPTIONS] INPUTS
Update the manager configuration.
Pass INPUTS as a yaml-formatted dict with {“config name”: “new value”}
, or as a path to a file containing yaml.
To resolve ambiguous names, you can prefix the config name with scope; for example, rest.ldap_username
.
Example
$ vnfm config update '{"rest.ldap_username": "adminuser", "rest.ldap_password": "adminpassword"}'
INIT¶
The vnfm init
command is used to initialize a working VNFM directory.
Before you can use vnf, you must initialize a working directory for it, in which relevant functional information will be stored.
Note
Running vnfm intall
or vnfm profiles use
initializes an environment automatically.
Usage
vnfm init [OPTIONS] [BLUEPRINT_PATH]
Initialize a VNFM environment.
This is required to perform many actions and should be the first action performed after installing VNFM.
Providing a BLUEPRINT_PATH also initializes a blueprint to work on.
After initialization, the CLI’s configuration can be found under ~/.vnfm/config.yaml.
Optional Flags
This command supports the common CLI flags.
-n, --blueprint-filename TEXT
- The name of the archive’s main blueprint file. This is only relevant if uploading an archive.-b, --blueprint-id TEXT
- The unique identifier for the blueprint-r, --reset-config
- Reset the working environment. This allows to reset configuration.-i, --inputs TEXT
- Inputs for the deployment (Can be provided as wildcard based paths (*.yaml, /my_inputs/, etc..
) to YAML files, a JSON string or askey1=value1;key2=value2
). This argument can be used multiple times.--install-plugins
- Install the necessary plugins for the specified blueprint.--hard
- Hard reset the configuration, including coloring and loggers.--enable-colors
- Enable colors in logger. (Use –hard when working with an initialized environment.) [default: False]
Example
$ vnfm init
...
Initializing profile local...
Initialization completed successfully
...
LDAP¶
The vnfm ldap
command is used to set LDAP authentication to enable you to integrate your LDAP users and groups with VNFM.
Optional Flags
These commands support the common CLI flags.
Commands
set¶
Usage
vnfm LDAP set [OPTIONS]
Set VNF Manager to use the LDAP authenticator.
Required flags
-s, --ldap-server TEXT
- The LDAP address against which to authenticate, for example: ldaps://ldap.domain.com.-u, --ldap-username TEXT
- The LDAP admin username to be set on the VNF Manager.-p, --ldap-password TEXT
- The LDAP admin password to be set on the VNF Manager.-d, --ldap-domain TEXT
- The LDAP domain to be used by the server.
Optional Flags
-a, --ldap-is-active-directory
- Specify whether the LDAP used for authentication is Active-Directory.-e, --ldap-dn-extra TEXT
- Additional LDAP DN options.
Example
$ vnfm ldap set -s [LDAP SERVER ADDRESS] -u [LDAP ADMIN USERNAME] -p [LDAP ADMIN PASSWORD] -d [DOMAIN NAME]
LICENSE¶
The vnfm license
command is used to manage VNFM licenses on the VNF Manager.
Optional Flags
vnfm license
commands support the common CLI flags.
Commands include:
Upload¶
Usage
vnfm license upload [OPTIONS] <license-path>
Upload a VNFM license to a VNF Manager.
Example
$ vnfm license upload vnfm_license.yaml
...
Uploading BIG-IP VE License `vnfm_license.yaml` to the VNF Manager...
VNFM license successfully uploaded.
...
list¶
Usage
vnfm license list [OPTIONS]
List details of the VNFM license.
Example
$ vnfm license list
...
Retrieving VNFM License
...
VNFM License
+--------------+--------------------------+-----------------+-------+------------------+--------------+---------+
| customer_id | expiration_date | license_edition | trial | vnfm_version | capabilities | expired |
+--------------+--------------------------+-----------------+-------+------------------+--------------+---------+
| VNFMMock | 2019-05-27 00:00:00.000 | Spire | True | 4.6 | Mock1,Mock2 | False |
+--------------+--------------------------+-----------------+-------+------------------+--------------+---------+
...
environments list¶
Usage
vnfm license environments list [OPTIONS]
List all licensed environments on the manager.
Optional flags
--sort-by TEXT
- Key for sorting the list--descending
- Sort list in descending order [default: False]-o, --pagination-offset INTEGER
- The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0].-s, --pagination-size INTEGER
- The max number of results to retrieve per page [default: 1000]
Example
$ vnfm license environments list
Listing all licensed environments...
Environments:
+--------------------------------------+-----------------+----------------+
| deployment_id | deployment_name | tenant_name |
+--------------------------------------+-----------------+----------------+
| 78d88659-cf4a-4a1e-a05e-10bf3af22e19 | app | default_tenant |
| 8a333574-7eae-4a7b-b8e6-ba78e8823e6f | i1 | t |
| 80784712-d620-4b7d-9bc9-dd53af3921e1 | i2 | t |
+--------------------------------------+-----------------+----------------+
Showing 3 of 3 environments
### environments count
#### Usage
`vnfm license environments count [OPTIONS]`
Print the count of licensed environments on the manager.
#### Example
<div class="highlight"><pre style="color:#272822;background-color:#fafafa;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">$ vnfm license environments count
Licensed environments count: <span style="color:#ae81ff">3</span></code></pre></div>
PROFILES¶
The vnfm profiles
command is used to manage VNFM profiles.
Each profile can have its own credentials for managers and VNFM environmental settings
Optional Flags
These commands support the common CLI flags.
Commands include:
list¶
Usage
vnfm profiles list [OPTIONS]
List all profiles.
Example
$ vnfm profiles list
...
Listing all profiles
...
Profiles:
+---------------+--------------+----------+-------------------------------------+----------+-----------+---------------+------------------+----------------+-----------------+
| name | manager_ip | ssh_user | ssh_key_path | ssh_port | rest_port | rest_protocol | manager_username | manager_tenant | bootstrap_state |
+---------------+--------------+----------+-------------------------------------+----------+-----------+---------------+------------------+----------------+-----------------+
| *10.239.2.241 | 10.239.2.241 | centos | /Users/user/rackspace/key.pem | 22 | 80 | http | admin | default_tenant | Complete |
+---------------+--------------+----------+-------------------------------------+----------+-----------+---------------+------------------+----------------+-----------------+
...
show-current¶
Usage
vnfm profiles show-current [OPTIONS]
Displays your current active profile and its properties.
Example
$ vnfm profiles show-current
...
Active profile:
+---------------+--------------+----------+-------------------------------------+----------+-----------+---------------+------------------+----------------+-----------------+
| name | manager_ip | ssh_user | ssh_key_path | ssh_port | rest_port | rest_protocol | manager_username | manager_tenant | bootstrap_state |
+---------------+--------------+----------+-------------------------------------+----------+-----------+---------------+------------------+----------------+-----------------+
| *10.239.2.241 | 10.239.2.241 | centos | /Users/user/rackspace/key.pem | 22 | 80 | http | admin | default_tenant | Complete |
+---------------+--------------+----------+-------------------------------------+----------+-----------+---------------+------------------+----------------+-----------------+
...
export¶
Usage
vnfm profiles export [OPTIONS]
Export all profiles to a file
Caution
Including the ssh keys of your profiles in the archive means that once the profiles are imported, the ssh keys will be put back in their original locations!
If -o / --output-path
is omitted, the archive’s name will be vnfm- profiles.tar.gz
.
Optional Flags
--include-keys
- Include SSH key files in the archive.-o, --output-path TEXT
- The local path for the download.
Example
$ vnfm profiles export
...
Exporting profiles to /Users/assi/Work/repos/vnfm-profiles.tar.gz...
Export complete!
You can import the profiles by running `vnfm profiles import PROFILES_ARCHIVE`
...
import¶
Usage
vnfm profiles import [OPTIONS] ARCHIVE_PATH
Import profiles from a profiles archive.
Caution
If a profile exists both in the archive and locally it will be overwritten (any other profiles will be left intact).
ARCHIVE_PATH
is the path to the profiles archive to import.
Optional Flags
--include-keys
Caution
Imports exported keys to their original locations.
Example
$ vnfm profiles import vnfm-profiles.tar.gz
...
Importing profiles from vnfm-profiles.tar.gz...
Import complete!
You can list profiles using `vnfm profiles list`
...
delete¶
Usage
vnfm profiles delete [OPTIONS] PROFILE_NAME
Delete a profile.
PROFILE_NAME
is the IP of the VNF Manager the profile manages.
Example
$ vnfm profiles delete 10.239.2.241
...
Deleting profile 10.239.2.241...
Profile deleted
...
use¶
Usage
vnfm profiles use [OPTIONS] MANAGER_IP
Control a specific VNF Manager.
PROFILE_NAME
is the IP of the manager the profile manages.
Additional CLI commands are added after a VNF Manager is used. To stop using VNF Manager, you can run vnfm init -r.
Optional Flags
--profile-name TEXT
- Name of the profile to use.-s, --ssh-user TEXT
- The SSH user on the host machine with which to SSH into the manager.-k, --ssh-key TEXT
- The path to the SSH key-file to use when connecting.--ssh-port INTEGER
- The SSH port to use when connecting to the Manager.-u, --manager-username TEXT
- Manager username used to run commands on the Manager.-p, --manager-password TEXT
- Manager password used to run commands on the Manager.-t, --manager-tenant TEXT
- The tenant associated with the user currently operating the Manager.--rest-port INTEGER
- The REST server’s port.--ssl - Connect to REST
server using SSL-c, --rest-certificate TEXT
- The REST server’s external certificate file location (implies –ssl)--kerberos-env TEXT
- Whether or not to use kerberos while connecting to the manager--skip-credentials-validation
- Do not check that the passed credentials are correct (default: False)
Example
vnfm profiles use 10.239.2.241 -t default_tenant -u admin -p admin
...
Initializing local profile ...
Initialization completed successfully
Attempting to connect...
Initializing profile 10.239.2.241...
Initialization completed successfully
Using manager 10.239.2.241 with port 80
...
set¶
Usage
vnfm profiles set [OPTIONS]
Set the profile name, manager username and/or password and/or tenant in the current profile
Optional Flags
--profile-name TEXT
- Name of the profile to use.-u, --manager-username TEXT
- Manager username used to run commands on the manager.-p, --manager-password TEXT
- Manager password used to run commands on the manager.-t, --manager-tenant TEXT
- The tenant associated with the current user-s, --ssh-user TEXT
- The SSH user on the manager host machine operating the manager.-k, --ssh-key TEXT
- The path to the ssh key-file to use when connecting--ssh-port TEXT
- The SSH port to use when connecting to the manager--ssl TEXT
- Required SSL state (on/off)-c, --rest-certificate TEXT
- The REST server’s external certificate file location (implies –ssl)--kerberos-env TEXT
- Whether or not to use kerberos while connecting to the manager--skip-credentials-validation
- Do not check that the passed credentials are correct (default:False)
Example
$ vnfm profiles set -u admin
...
Validating credentials...
Credentials validated
Setting username to `admin`
Settings saved successfully
...
unset¶
Usage
vnfm profiles unset [OPTIONS]
Clear the manager username and/or password and/or tenant from the current profile.
Optional Flags
-u, --manager-username
- Manager username used to run commands on the manager.-p, --manager-password
- Manager password used to run commands on the manager.-t, --manager-tenant
- The tenant associated with the current user operating the manager.-s, --ssh-user
- The SSH user on the manager host machine-k, --ssh-key
- The path to the ssh key-file to use when connecting-c, --rest-certificate
- The REST server’s external certificate file location (implies –ssl)--kerberos-env
- Whether or not to use kerberos while connecting to the manager--skip-credentials-validation
- Do not check that the passed credentials are correct. (default:False)
Example
$ vnfm profiles unset -u
...
Validating credentials...
Credentials validated
Clearing manager username
Settings saved successfully
...
SITES¶
The vnfm sites command is used to manage sites and their location in VNF Manager.
Optional Flags
vnfm sites
commands support the common CLI flags.
Commands
List¶
Usage
vnfm sites list [OPTIONS]
List all sites
Optional Flags
--sort-by TEXT
- Key for sorting the list.--descending
- Sort list in descending order. [default: False]-t, --tenant-name TEXT
- The name of the tenant from which to list the sites. If unspecified, the current tenant is used. This argument cannot be used simultaneously with the all-tenants argument.-a, --all-tenants
- Include resources from all tenants associated with the user. This argument cannot be used simultaneously with the tenant-name argument.--search TEXT
- Search sites by name. The returned list will include only sites that contain the given search pattern.-o, --pagination
- offset INTEGER The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0]-s, --pagination-size INTEGER
- The max number of results to retrieve per page [default: 1000]
Example
$ vnfm sites list
Listing all sites...
Sites:
+----------+------------------------+------------+----------------+--------------------------+------------+
| name | location | visibility | tenant_name | created_at | created_by |
+----------+------------------------+------------+----------------+--------------------------+------------+
| Chicago | 41.8333925,-88.0121478 | tenant | default_tenant | 2019-05-19 12:00:20.843 | admin |
| Miami | 25.7823404,-80.3695441 | tenant | default_tenant | 2019-05-19 12:00:52.143 | admin |
| Tel-Aviv | 32.0879122,34.7272058 | tenant | default_tenant | 2019-05-19 12:00:12.073 | admin |
+----------+------------------------+------------+----------------+--------------------------+------------+
Showing 3 of 3 sites
Create¶
Usage
vnfm sites create [OPTIONS] NAME
Create a new site:
NAME
is the new site’s name
Optional Flags
--location TEXT
- The location of the site, expected format: latitude,longitude such as 32.071072,34.787274-l, --visibility TEXT
- Defines who can access the resource, can be set to one of [‘private’, ‘tenant’, ‘global’] [default: tenant]-t, --tenant-name TEXT
- The name of the tenant of the site. If not specified, the current tenant will be used
Example
$ vnfm sites create --location 32.0879122,34.7272058 --visibility global Tel-Aviv
...
Get¶
Usage
vnfm sites get [OPTIONS] NAME
Get details for a single site
NAME
is the site’s name
Optional Flags
-t, --tenant-name TEXT
- The name of the tenant of the site. If not specified, the current tenant will be used
Example
$ vnfm sites get Tel-Aviv
...
Delete¶
Usage
vnfm site delete [OPTIONS] NAME
Delete a site
NAME
is the site’s name
Optional Flags
-t, --tenant-name TEXT
- The name of the tenant of the secret. If not specified, the current tenant will be used
Example
$ vnfm sites delete Tel-Aviv
...
Update¶
Usage
vnfm sites update [OPTIONS] NAME
Update an existing site
NAME
is the site’s name
Optional Flags
--location TEXT
- The location of the site, expected format: latitude,longitude such as 32.071072,34.787274-l, --visibility TEXT
- Defines who can access the resource, can be set to one of [‘private’, ‘tenant’, ‘global’]-n, --new-name TEXT
- The new name of the site
Example
$ vnfm sites update --location 32.0879122,34.7272058 --visibility global --new-name Tel-Aviv-Yafo Tel-Aviv
...
SNAPSHOTS¶
The vnfm snapshots command is used to manage data snapshots of VNF manager. You must have admin credentials to create and restore snapshots. You can use the command to create, upload, download, delete and list snapshots and also to restore a Manager using a snapshot archive. For more consult the Create snapshot topic.
Optional Flags
These commands support the common CLI flags.
Commands include:
create¶
Usage
vnfm snapshots create [OPTIONS] [SNAPSHOT_ID]
Create a snapshot on VNF Manager.
The snapshot will contain the relevant data to restore a VNF Manager to its previous state.
SNAPSHOT_ID
is the ID to attach to the snapshot.
Optional Flags
--exclude-credentials
- Exclude credentials from the snapshot--exclude-logs
- Exclude logs from the snapshot--exclude-events
- Exclude events from the snapshot--queue
- If set, snapshot-creation-workflows that can`t currently run will be queued and run automatically when possible
Example
$ vnfm snapshots create
...
Creating snapshot snapshot_XLHCNV...
Started workflow execution. The execution's id is 2219928b-69fd-49f1-8982-c42da5f82a63
...
delete¶
Usage
vnfm snapshots delete [OPTIONS] SNAPSHOT_ID
Delete a snapshot from VNF Manager.
SNAPSHOT_ID
is the ID of the snapshot to delete.
Optional Flags
-t, --tenant-name TEXT
- The name of the tenant of the snapshot. If unspecified, the current tenant is used.
Example
$ vnfm snapshots delete snapshot_XLHCNV
...
Deleting snapshot snapshot_XLHCNV...
Snapshot deleted successfully
...
download¶
Usage
vnfm snapshots download [OPTIONS] SNAPSHOT_ID
Download a snapshot from VNF Manager.
SNAPSHOT_ID
is the ID of the snapshot to download.
Optional Flags
-o, --output-path TEXT
- The local path which to download.-t, --tenant-name TEXT
- The name of the tenant of the snapshot. If unspecified, the current tenant is used.
Example
$ vnfm snapshots download snapshot_XLHCNV
...
Downloading snapshot snapshot_XLHCNV...
snapshot_XLHCNV |#####################################################| 100.0%
Snapshot downloaded as snapshot_XLHCNV.zip
...
list¶
Usage
vnfm snapshots list [OPTIONS]
List all snapshots on VNF Manager.
Optional Flags
--sort-by TEXT
- Key for sorting the list.--descending
- Sort list in descending order. [default: False]-t, --tenant-name TEXT
- The name of the tenant from which to list node-instance. If unspecified, the current tenant is used. This argument cannot be used simultaneously with the all-tenants argument.-a, --all-tenants
- Include resources from all tenants associated with the user. This argument cannot be used simultaneously with the tenant-name argument.--search TEXT
- Search snapshots by id. The returned list will include only snapshots that contain the given search pattern.-o, --pagination-offset INTEGER
- The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0]-s, --pagination-size INTEGER
- The max number of results to retrieve per page [default: 1000]
Example
$ vnfm snapshots list
...
Listing snapshots
...
Snapshots:
+-----------------+--------------------------+---------+-------+------------+----------------+------------+
| id | created_at | status | error | visibility | tenant_name | created_by |
+-----------------+--------------------------+---------+-------+------------+----------------+------------+
| snapshot_XLHCNV | 2017-04-04 09:33:39.315 | created | | tenant | default_tenant | admin |
+-----------------+--------------------------+---------+-------+------------+----------------+------------+
Showing 1 of 1 snapshots
restore¶
Usage
vnfm snapshots restore [OPTIONS] SNAPSHOT_ID
Restore VNF Manager to its previous state, or migrate a version 3.x snapshot to a tenant on VNF Manager 4.x (i.e migration).
SNAPSHOT_ID
is the ID of the snapshot to use for restoration
For a more detailed description of a snapshot-restore procedure for scheduled executions, consult the VNFM Backup and Restore topic.
Optional Flags
--without-deployments-envs
- Restore without recreating the currently existing deployments-f, --force
- Force restoring the snapshot on a Manager with existing blueprints or deployments--restore-certificates
- Restore the certificates from the snapshot, using them to replace the current Manager certificates. If the certificates’ metadata (I.E: the Manager IP address) from the snapshot does not match the Manager metadata, the certificates cannot work on this Manager and will not be restored. In the event that the certificates have been restored, the Manager will be automatically rebooted at the end of the execution. To avoid automatic reboot, use the flag –no-reboot (not recommended).--ignore-plugin-failure
- if set, plugin installation errors during snapshot restore will only be logged as warnings, and will pass the snapshot restore workflow--no-reboot
- Do not perform an automatic reboot to the Manager VM after restoring certificates a from snapshot (not recommended). Only relevant if the –restore-certificates flag was supplied
Example
$ vnfm snapshots restore snapshot_CAMWZ5
...
Restoring snapshot snapshot_XLHCNV...
Started workflow execution. The execution's id is 53921762-2b72-430b-b6fe-d6f1faced8e1
...
upload¶
Usage
vnfm snapshots upload [OPTIONS] SNAPSHOT_PATH
Upload a snapshot to VNF Manager.
SNAPSHOT_PATH
is the path of the snapshot to upload.
Optional Flags
-s, --snapshot-id TEXT
- The unique identifier for the snapshot-t, --tenant-name TEXT
- The name of the tenant of the snapshot. If unspecified, the current tenant is used.
Example
$ vnfm snapshots upload snapshot_XLHCNV.zip
...
Uploading snapshot snapshot_XLHCNV.zip...
snapshot_XLHCNV.zip |#################################################| 100.0%
Snapshot uploaded. The snapshot's id is snapshot_76E7LB
...
status¶
Usage
vnfm snapshots status
Return the status of the restore_snapshot
workflow (whether or not it’s in progress).
Example
$ vnfm snapshots status
...
Retrieving snapshot restore status...
No `restore_snapshot` workflow currently running.
...
SSH¶
The vnfm ssh command is used to connect to a VNF manager via SSH.
You can use the command to create a new terminal session, run a command, or connect to a shared tmux-based session.
Usage
vnfm ssh [OPTIONS]
Connects to a running manager via SSH.
host
starts a tmux session (for example, tmux new -s “ssh_session_vi120m”) after which a command for a client is printed in the tmux session for the host to send to the client (i.e. vnfm ssh –sid ssh_session_vi120m).
When starting a new session, the host creates an alias for “exit” so that when a client connects and exits, it will run “tmux detach” instead and not terminate the session.
When the host exits the tmux session, a command will be executed to terminate the session.
Passing a command simply executes it on VNF Manager, whereas omitting a command connects to an interactive shell.
Optional Flags
-c, --command TEXT
- Execute a command on the manager over SSH--host
- Host an SSH tmux session--sid TEXT
- Join an SSH tmux session-l, --list-sessions
- List available SSH tmux sessions
Example
$ vnfm ssh
...
Connecting to centos@10.239.2.241...
Last login: Tue Apr 4 05:51:20 2017 from 192.168.8.195
[centos@vnfm ~]$
...
TENANTS¶
The vnfm tenants command is used to create and manage tenants on VNF Manager. You can run commands on a tenant other than the one that you are logged into by specifying the name of the tenant to which the command applies. For example, vnfm tenants add-user USERNAME -t TENANT_NAME can be used to add a user to a different tenant.
Requirements
To use the command you must have VNFM sys_admin credentials. Tenant names must conform to the following requirements:
- Minimum number of characters - 5
- Maximum number of characters - 255
- Valid characters are alphanumeric, or -, _, or ..
- Value must begin with a letter
- Cannot be empty
Optional Flags
These commands support the common CLI flags.
Commands include:
Each of the tenants related commands are detailed below in alphabetical order.
add-user¶
Usage
vnfm tenants add-user [OPTIONS] USERNAME
Add an individual user to a tenant. If your system is integrated with LDAP/AD, ensure that the username matches that specified in LDAP.
USERNAME
is the name of the user to add to the tenant.
Required flag
-t, --tenant-name TEXT
- The name of the tenant.-r, --role TEXT
- The name of the role.
Valid tenant roles are:
manager
- User that can manage tenantsoperations
- User that can deploy and execute workflows, but cannot manage blueprints or pluginsuser
- Regular user, can perform actions on tenants resourcesviewer
- User that can only view tenant resources
Example
$ vnfm tenants add-user my-user -t my-tenant -r user
...
User `my-user` added successfully to tenant `my-tenant`
...
add-user-group¶
Usage
vnfm tenants add-user-group [OPTIONS] USER_GROUP_NAME
Add a user group to a tenant.
USER_GROUP_NAME
is the name of the user group to add to the tenant.
If your system is integrated with LDAP/AD, ensure that the group name matches that specified in LDAP.
Required flags
-t, --tenant-name TEXT
- The name of the tenant.-r, --role TEXT
- The name of the role.
Valid tenant roles are:
manager
- User that can manage tenantsoperations
- User that can deploy and execute workflows, but cannot manage blueprints or pluginsuser
- Regular user, can perform actions on tenants resourcesviewer
- User that can only view tenant resources
Example
$ vnfm tenants add-user-group my-user-group -t my-tenant -r user
...
User group `my-user-group` added successfully to tenant `my-tenant`
...
create¶
Usage
vnfm tenants create [OPTIONS] TENANT_NAME
Add a tenant to VNF Manager.
TENANT_NAME
is the name of the new tenant
The tenant name must be unique in VNF Manager.
Required flags
-t, --tenant-name TEXT
- The name of the tenant.
Example
$ vnfm tenants create my-tenant
...
Tenant `my-tenant` created
...
delete¶
Usage
vnfm tenants delete [OPTIONS] TENANT_NAME
Delete a tenant from VNF Manager. TENANT_NAME is the name of the tenant
Example
$ vnfm tenants delete my-tenant
...
Deleting tenant `my-tenant`...
Tenant removed
...
get¶
Usage
vnfm tenants get [OPTIONS] TENANT_NAME
View information for a specific tenant, including its users.
TENANT_NAME
is the name of the tenant
Optional flag
--get-data
- When set to True, displays the full list of connected resources (users/tenants/user-groups), for each listed resource. When set to False displays the total number of connected resources. (default:False)
Example
$ vnfm tenants get my-tenant
...
Getting info for tenant `my-tenant`...
Requested tenant info:
+-----------+--------+-------+
| name | groups | users |
+-----------+--------+-------+
| my-tenant | 1 | 2 |
+-----------+--------+-------+
...
list¶
Usage
vnfm tenants list [OPTIONS]
Provides a list of all tenants in this instance of VNF Manager. By default, when you generate the list of tenants, only the number of linked resources is displayed. You can retrieve full details with the use of a –get-data flag.
Optional Flags
--sort-by TEXT
- Key for sorting the list.--descending
- Sort list in descending order. [default: False]--get-data
- When set to True, displays the full list of connected resources (users/tenants/user-groups), for each listed resource. When set to False displays the total number of connected resources. (default:False)--search TEXT
- Search tenants by name. The returned list will include only tenants that contain the given search pattern.-o, --pagination-offset INTEGER
- The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0]-s, --pagination-size INTEGER
- The max number of results to retrieve per page [default: 1000]
Example
$ vnfm tenants list
...
Listing all tenants...
Tenants:
+----------------+--------+-------+
| name | groups | users |
+----------------+--------+-------+
| default_tenant | | 1 |
| my-tenant | 1 | 2 |
+----------------+--------+-------+
...
remove-user¶
Usage
vnfm tenants remove-user [OPTIONS] USERNAME
Remove an individual user from a tenant.
USERNAME
is the name of the user to remove from the tenant.
Note
If the user is part of one or more user groups that are assigned to the tenant, you need to remove the user from each group, in order for them to be prevented from accessing the tenant.
Required flags
-t, --tenant-name TEXT
- The name of the tenant.
Example
$ vnfm tenants remove-user my-user -t my-tenant
...
User `my-user` removed successfully from tenant `my-tenant`
...
remove-user-group¶
Usage
vnfm tenants remove-user-group [OPTIONS] USER_GROUP_NAME
Remove a user group from a tenant.
USER_GROUP_NAME
is the name of the user group to remove from the tenant.
Required flags
-t, --tenant-name TEXT
- The name of the tenant.
Example
$ vnfm tenants remove-user-group my-user-group -t my-tenant
...
User group `my-user-group` removed successfully from tenant `my-tenant`
...
update-user¶
Usage
vnfm tenants update-user [OPTIONS] USERNAME
Update the user role in a tenant.
USERNAME
is the name of the user for which the role needs to be updated.
Required flags
-t, --tenant-name TEXT
- The name of the tenant.-r, --role TEXT
- The name of the role.
Example
$ vnfm tenants update-user my-user -t my-tenant -r viewer
User `my-user` updated successfully in tenant `my-tenant`
update-user-group¶
Usage
vnfm tenants update-user-group [OPTIONS] USERNAME
Update the user role in a tenant.
USERNAME
is the name of the user for which the role needs to be updated.
Required flags
-t, --tenant-name TEXT
- The name of the tenant.-r, --role TEXT
- The name of the role.
Example
$ vnfm tenants update-user-group my-user-group -t my-tenant -r viewer
Group `my-user-group` updated successfully in tenant `my-tenant`
USER-GROUPS¶
The vnfm user-groups command is used to define and manage user groups on VNF Manager.
To use the command you must have VNFM admin credentials. If your VNF Manager is integrated with LDAP/AD. ensure that the group names that you define exactly match those defined in LDAP.
Requirements
To use the command you must have VNFM admin credentials.
User names and passwords must conform to the following requirements:
- Minimum number of characters - 5
- Maximum number of characters - 255
- Valid characters are alphanumeric, or -, _, or ..
- Value must begin with a letter
- Cannot be empty
Optional flag
These commands support the common CLI flags.
Commands
create¶
Usage
vnfm user-group create [OPTIONS] USER_GROUP_NAME
Create a new user group on the manager
USER_GROUP_NAME
is the name of the new user group
Optional Flags
-l, --ldap-distinguished-name TEXT
- The ldap group’s distinguished name. This option is required when using ldap. The format must be CN=GroupName, OU=OUName,DC=Domaincomponent, DC= DomainComponent. for example: CN=ldapwiki,OU=groups,DC=example,DC=com.
Example
$ vnfm user-groups create users
...
Group `users` created
...
add-user¶
Usage
vnfm user-groups add-user [OPTIONS] USERNAME
Add a user group. USERNAME is the name of the user to add to the user group
Required flags
-g, --group-name TEXT
- The name of the user group.
Example
$ vnfm user-groups add-user sue -g users
...
User `sue` added successfully to user group `users`
...
delete¶
Usage
vnfm user-groups delete [OPTIONS] USER_GROUP_NAME
Delete a user group from VNF Manager. USER_GROUP_NAME is the name of the user group
Example
$ vnfm user-group del users2
...
Deleting user group `users2`...
User group removed
...
list¶
Usage
vnfm user-groups list [OPTIONS]
List all users assigned to this users’ group. By default, when you generate the list of user groups, only the number of linked resources are displayed. You can retrieve full details with the use of a –get-data flag.
Optional Flags
--sort-by TEXT
- Key for sorting the list.--descending
- Sort list in descending order. [default: False]--get-data
- When set to True, displays the full list of connected resources (users/tenants/user-groups), for each listed resource. When set to False displays the total number of connected resources. (default:False)--search TEXT
- Search user-groups by name. The returned list will include only user-groups that contain the given search pattern.-o, --pagination
- offset INTEGER The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0]-s, --pagination-size INTEGER
- The max number of results to retrieve per page [default: 1000]
Example
$ vnfm user-group list
...
Listing all user groups...
User groups:
+-------+---------+-------+
| name | tenants | users |
+-------+---------+-------+
| users | | 2 |
+-------+---------+-------+
...
get¶
Usage
vnfm user-groups get [OPTIONS] USER_GROUP_NAME
Get details for a specific user group. USER_GROUP_NAME is the name of the user group.
Optional Flags
--get-data
- When set to True, displays the full list of connected resources (users/tenants/user-groups), for each listed resource. When set to False displays the total number of connected resources. (default:False)
Example
$ vnfm user-group get users
...
Getting info for user group `users`...
Requested user group info:
+-------+---------+-------+
| name | tenants | users |
+-------+---------+-------+
| users | | 2 |
+-------+---------+-------+
...
USERS¶
The vnfm users
command is used to manage users and passwords on VNF Manager.
If you choose not to integrate VNF Manager with LDAP-based user management system, you must add each user individually
with a unique username and a password. You can also create user groups and add users to them. The users and user
groups can be assigned to one or more tenants, with different roles in each tenant.
Requirements
To use the command you must have VNFM admin credentials.
Usernames must conform to the following requirements:
- Valid characters are alphanumeric, or -, _, or ..
- Value must begin with a letter
- Cannot be empty
Passwords must conform to the following requirements:
- Minimum number of characters - 5
- Maximum number of characters - 255
- Valid characters are alphanumeric, or -, _, or ..
- Value must begin with a letter
- Cannot be empty
Optional Flags
These commands support the common CLI flags.
Commands
create¶
Usage
vnfm users create [OPTIONS] USERNAME
Create a new user on VNF Manager.
USERNAME
is the user name for the user.
Required flags
-p, --password TEXT
- The password for the user.
Optional Flags
-r, --security-role [sys_admin|default]
- A role that defines the user as a ‘sys-admin’ (admin user) or ‘default’ (non-admin user). A ‘default’ user must be explicitly assigned to tenants in order to perform actions and access resources. (default: default)-t, --tenant-name
- The name of the tenant to add the user to.-l, --user-tenant-role
- The role of the user in the specified tenant.
Example
$ vnfm users create sue -p test1
...
User `sue` created as a non-admin user in the system with password 'test1'.
...
set-password¶
Usage
vnfm users set-password [OPTIONS] USERNAME
Set the password for a specific user. You can use this command in a non-LDAP setup to change each of the users’ passwords, and in LDAP mode to change only the password of the bootstrap-admin (the user created by default upon Manager’s installation) .
USERNAME
is the username of the user.
Required flags
-p, --password TEXT
- The new password for the password.
Example
$ vnfm users set-password sue -p new_pass
...
Setting new password for user sue...
New password set
...
set-role¶
Usage
vnfm users set-role [OPTIONS] USERNAME
Set the system-wide (security) role for a specific user.
USERNAME
is the username of the user.
The system-wide role defines the user as a ‘sys-admin’ (admin user) or ‘default’ (non-admin user). To give the user sys-admin permissions, set this role to ‘sys_admin’. Otherwise, the user has the system-wide role ‘default’. A ‘default’ user must be explicitly assigned to tenants in order to perform actions and access resources.
Optional Flags
-r, --security-role [sys_admin|default]
- A role to specifies the user’s permissions on the manager. (default: default)
Example
$ vnfm users set-role sue -r sys_admin
...
Setting new role for user sue...
New role `sys_admin` set
...
delete¶
Usage
vnfm users delete [OPTIONS] USERNAME
Delete a user from VNF Manager. You can delete a user only if the user is:
- Not assigned to any tenants
- Not a member of any user groups
- Not the creator of any VNFM resources (Blueprint, Deployment, Plugin, Secret) on the Manager.
USERNAME
is the username of the user.
Example
$ vnfm users delete sue
...
Deleting user `sue`...
User removed
...
list¶
Usage
vnfm users list
In non-LDAP mode, this command lists all of the users defined in this VNF Manager. In LDAP mode, this command lists all of the users who logged in to VNFM and successfully authenticated with the LDAP system. By default, when you generate the list of users, only the number of user groups and tenants each user is associated with are displayed. You can retrieve full details with the use of a –get-data flag.
Optional Flags
--sort-by TEXT
- Key for sorting the list.--descending
- Sort list in descending order. [default: False]--get-data
- When set to True, displays the full list of connected resources (users/tenants/user-groups), for each listed resource. When set to False displays the total number of connected resources. (default:False)--search TEXT
- Search users by username. The returned list will include only users that contain the given search pattern.-o, --pagination-offset INTEGER
- The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0]-s, --pagination-size INTEGER
- The max number of results to retrieve per page [default: 1000]
Example
$ vnfm users list
...
Listing all users...
Users:
+----------+--------+------------------+------------------------------+--------+--------------------------+---------+
| username | groups | system wide role | system wide roles via groups | active | last_login_at | tenants |
+----------+--------+------------------+------------------------------+--------+--------------------------+---------+
| admin | | sys_admin | | True | 2018-03-05 16:03:56.726 | 1 |
| sue | | default | | True | | |
+----------+--------+------------------+------------------------------+--------+--------------------------+---------+
...
get¶
Usage
vnfm users get [OPTIONS] USERNAME
Get details for a single user.
USERNAME
is the username of the user.
Optional Flags
--get-data
- When set to True, displays the full list of tenants and/or user groups the user is associated with. When set to False displays only their total number. (default:False)
Example
$ vnfm users get sue2
...
Getting info for user `sue2`...
Requested user info:
+----------+--------+------------------+------------------------------+--------+---------------+---------+
| username | groups | system wide role | system wide roles via groups | active | last_login_at | tenants |
+----------+--------+------------------+------------------------------+--------+---------------+---------+
| sue | | default | | True | | |
+----------+--------+------------------+------------------------------+--------+---------------+---------+
...
deactivate¶
Usage
vnfm users deactivate [OPTIONS] USERNAME
Deactivate a user. Deactivated users cannot login to VNFM, but are in the list of users. To let the user login to VNFM, reactivate the user.
USERNAME
is the username of the user.
Example
$ vnfm users deactivate assi2
...
Deactivating user `assi2`...
User deactivated
...
activate¶
Usage
vnfm users activate [OPTIONS] USERNAME
Activate a user.
USERNAME
is the username of the user.
Example
$ vnfm users activate sue2
...
Activating user `sue2`...
User activated
...
What’s Next?