Last updated on: 2023-08-29 10:06:08.

Server maintenance CLI

CERTIFICATES

Replacing Certificates

Certificates are used by VNF Manager for TLS based secure communication between the different VNF Manager components and between the user interface and the VNF Manager. Certificates are set during the initial deployment of the VNF Manager (cluster or all-in-one), but later maintenance and replacement of the certificates may be required as a result of regulatory compliance demand, certificate expiration, or revocation due to security breach. Follow this procedure when certificates’ replacement is required:

  1. Generate the replace-certificates configuration file using vnfm certificates generate-replace-config. This file should be filled with the new certificates’ paths.
  2. Replace the certificates using vnfm certificates replace. This command uses the filled configuration file from the previous step.

Note

Replacing certificates can only be done before the existing certificates expire.

generate-replace-config

Usage

vnfm certificates generate-replace-config

Generates the replace-certificates configuration file. Please fill in the generated file with the new certificates’ paths and save it.

In case you are using a management cluster, the cluster instances’ private IPs will be filled automatically. If your CLI is on a host that is not part of the cluster network, you can specify the instances’ public IPs instead. The generated configuration file will be different depending on the deployment topology - all-in-one manager or a management cluster.

In case of replacing a CA certificate, all related certificates need to be replaced as well. For each instance, either both certificate and key must be provided, or neither.

Optional flags:

  • -o, --output-path - The local path to download the replace-certificates config file to. The default output path is “./certificates_replacement_config.yaml”.

Example

$ vnfm certificates generate-replace-config
The certificates replacement configuration file was saved to certificates_replacement_config.yaml

replace

Usage

vnfm certificates replace

This command will replace the certificates on your all-in-one manager or management cluster, whichever you are currently using. It uses the filled configuration file in order to get the new certificates’ paths. At the end of the process, the old certificates are saved at the same directory as the new ones (/etc/cloudify/ssl/) with a timestamp attached to their name.

Note

The ssh_user and ssh_key need to be configured for the current profile prior to using this command. This can be done by using the command vnfm profiles set –ssh-user <username, e.g. centos> –ssh-key <path to the lcal private key-path>. These credentials will be used in order to connect (SSH) to the cluster instances and replace their certificates.

Optional flags:

  • -i, --input-path - The certificates replacement configuration file path. The default input path is “./certificates_replacement_config.yaml”.
  • -v, --verbose - Show verbose output. You can supply this up to three times (i.e. -vvv). Use this flag in case you want to print the logs from the remote hosts.

Example

$ vnfm certificates replace

Validating replace-certificates config file...
Validating status is healthy
Validating certificates on host <host-ip>
Validating certificates on host <host-ip>

Replacing certificates...
Passing CA certs to agents
Replacing certificates on host <host-ip>
Replacing certificates on host <host-ip>
Passing CA certs to agents

Validating status is healthy
Successfully replaced certificates

CONFIG

The vnfm config command is used to manage VNF Manager’s configuration.

Optional Flags

vnfm config commands support the common CLI flags.

Commands

List

Usage

vnfm config list [OPTIONS]

List all configurations

Example

$ vnfm config list

  Config:

  +-----------------------------------+--------------------------------------------------+------------+------------+-------------+
  |                name               |                      value                       |   scope    | updated_at | is_editable |
  +-----------------------------------+--------------------------------------------------+------------+------------+-------------+
  |        account_lock_period        |                        -1                        |    rest    |            |     True    |
  |            broker_port            |                       5671                       |   agent    |            |     True    |
  |         default_page_size         |                       1000                       |    rest    |            |     True    |
  | failed_logins_before_account_lock |                        4                         |    rest    |            |     True    |
  |          file_server_root         |              /opt/manager/resources              |    rest    |            |    False    |
  |          file_server_url          |        https://172.20.0.2:53333/resources        |    rest    |            |    False    |
  |             heartbeat             |                        30                        |   agent    |            |     True    |
  |    insecure_endpoints_disabled    |                       True                       |    rest    |            |    False    |
  |           ldap_dn_extra           |                                                  |    rest    |            |     True    |
  |            ldap_domain            |                                                  |    rest    |            |     True    |
  |      ldap_is_active_directory     |                       True                       |    rest    |            |     True    |
  |         ldap_nested_levels        |                        1                         |    rest    |            |     True    |
  |           ldap_password           |                                                  |    rest    |            |     True    |
  |            ldap_server            |                                                  |    rest    |            |     True    |
  |            ldap_timeout           |                       5.0                        |    rest    |            |     True    |
  |           ldap_username           |                                                  |    rest    |            |     True    |
  |             log_level             |                       INFO                       |   agent    |            |     True    |
  |         maintenance_folder        |             /opt/manager/maintenance             |    rest    |            |    False    |
  |            max_workers            |                        5                         |   agent    |            |     True    |
  |            max_workers            |                       100                        | mgmtworker |            |     True    |
  |      min_available_memory_mb      |                       100                        |    rest    |            |     True    |
  |            min_workers            |                        2                         |   agent    |            |     True    |
  |            min_workers            |                        2                         | mgmtworker |            |     True    |
  |             public_ip             |                    172.20.0.2                    |    rest    |            |    False    |
  |       rest_service_log_level      |                       INFO                       |    rest    |            |     True    |
  |       rest_service_log_path       | /var/log/cloudify/rest/vnfm-rest-service.log         |    rest    |            |    False    |
  +-----------------------------------+--------------------------------------------------+------------+------------+-------------+

Update

Usage

vnfm config update [OPTIONS] INPUTS

Update the manager configuration.

Pass INPUTS as a yaml-formatted dict with {“config name”: “new value”}, or as a path to a file containing yaml.

To resolve ambiguous names, you can prefix the config name with scope; for example, rest.ldap_username.

Example

$ vnfm config update '{"rest.ldap_username": "adminuser", "rest.ldap_password": "adminpassword"}'

INIT

The vnfm init command is used to initialize a working VNFM directory.

Before you can use vnf, you must initialize a working directory for it, in which relevant functional information will be stored.

Note

Running vnfm intall or vnfm profiles use initializes an environment automatically.

Usage

vnfm init [OPTIONS] [BLUEPRINT_PATH]

Initialize a VNFM environment.

This is required to perform many actions and should be the first action performed after installing VNFM.

Providing a BLUEPRINT_PATH also initializes a blueprint to work on.

After initialization, the CLI’s configuration can be found under ~/.vnfm/config.yaml.

Optional Flags

This command supports the common CLI flags.

  • -n, --blueprint-filename TEXT - The name of the archive’s main blueprint file. This is only relevant if uploading an archive.
  • -b, --blueprint-id TEXT - The unique identifier for the blueprint
  • -r, --reset-config - Reset the working environment. This allows to reset configuration.
  • -i, --inputs TEXT - Inputs for the deployment (Can be provided as wildcard based paths (*.yaml, /my_inputs/, etc..) to YAML files, a JSON string or as key1=value1;key2=value2). This argument can be used multiple times.
  • --install-plugins - Install the necessary plugins for the specified blueprint.
  • --hard - Hard reset the configuration, including coloring and loggers.
  • --enable-colors - Enable colors in logger. (Use –hard when working with an initialized environment.) [default: False]

Example

$ vnfm init
...

Initializing profile local...
Initialization completed successfully

...

LDAP

The vnfm ldap command is used to set LDAP authentication to enable you to integrate your LDAP users and groups with VNFM.

Optional Flags

These commands support the common CLI flags.

Commands

set

Usage

vnfm LDAP set [OPTIONS]

Set VNF Manager to use the LDAP authenticator.

Required flags

  • -s, --ldap-server TEXT - The LDAP address against which to authenticate, for example: ldaps://ldap.domain.com.
  • -u, --ldap-username TEXT - The LDAP admin username to be set on the VNF Manager.
  • -p, --ldap-password TEXT - The LDAP admin password to be set on the VNF Manager.
  • -d, --ldap-domain TEXT - The LDAP domain to be used by the server.

Optional Flags

  • -a, --ldap-is-active-directory - Specify whether the LDAP used for authentication is Active-Directory.
  • -e, --ldap-dn-extra TEXT - Additional LDAP DN options.

Example

$ vnfm ldap set -s [LDAP SERVER ADDRESS] -u [LDAP ADMIN USERNAME] -p [LDAP ADMIN PASSWORD] -d [DOMAIN NAME]

LICENSE

The vnfm license command is used to manage VNFM licenses on the VNF Manager.

Optional Flags

vnfm license commands support the common CLI flags.

Commands include:

Upload

Usage

vnfm license upload [OPTIONS] <license-path>

Upload a VNFM license to a VNF Manager.

Example

$ vnfm license upload vnfm_license.yaml

...

Uploading BIG-IP VE License `vnfm_license.yaml` to the VNF Manager...
VNFM license successfully uploaded.

...

list

Usage

vnfm license list [OPTIONS]

List details of the VNFM license.

Example

$ vnfm license list
...

Retrieving VNFM License
...

VNFM License

+--------------+--------------------------+-----------------+-------+------------------+--------------+---------+
| customer_id  |     expiration_date      | license_edition | trial | vnfm_version     | capabilities | expired |
+--------------+--------------------------+-----------------+-------+------------------+--------------+---------+
| VNFMMock     | 2019-05-27 00:00:00.000  |      Spire      |  True |       4.6        | Mock1,Mock2  |  False  |
+--------------+--------------------------+-----------------+-------+------------------+--------------+---------+

...

environments list

Usage

vnfm license environments list [OPTIONS]

List all licensed environments on the manager.

Optional flags

  • --sort-by TEXT - Key for sorting the list
  • --descending - Sort list in descending order [default: False]
  • -o, --pagination-offset INTEGER - The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0].
  • -s, --pagination-size INTEGER - The max number of results to retrieve per page [default: 1000]

Example

$ vnfm license environments list

Listing all licensed environments...

Environments:
+--------------------------------------+-----------------+----------------+
|            deployment_id             | deployment_name |  tenant_name   |
+--------------------------------------+-----------------+----------------+
| 78d88659-cf4a-4a1e-a05e-10bf3af22e19 |       app       | default_tenant |
| 8a333574-7eae-4a7b-b8e6-ba78e8823e6f |        i1       |       t        |
| 80784712-d620-4b7d-9bc9-dd53af3921e1 |        i2       |       t        |
+--------------------------------------+-----------------+----------------+

Showing 3 of 3 environments

### environments count

#### Usage
`vnfm license environments count [OPTIONS]`

Print the count of licensed environments on the manager.

#### Example

<div class="highlight"><pre style="color:#272822;background-color:#fafafa;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">$ vnfm license environments count

Licensed environments count: <span style="color:#ae81ff">3</span></code></pre></div>

PROFILES

The vnfm profiles command is used to manage VNFM profiles.

Each profile can have its own credentials for managers and VNFM environmental settings

Optional Flags

These commands support the common CLI flags.

Commands include:

list

Usage

vnfm profiles list [OPTIONS]

List all profiles.

Example

$ vnfm profiles list

...

Listing all profiles

...

Profiles:
+---------------+--------------+----------+-------------------------------------+----------+-----------+---------------+------------------+----------------+-----------------+
|      name     |  manager_ip  | ssh_user |             ssh_key_path            | ssh_port | rest_port | rest_protocol | manager_username | manager_tenant | bootstrap_state |
+---------------+--------------+----------+-------------------------------------+----------+-----------+---------------+------------------+----------------+-----------------+
| *10.239.2.241 | 10.239.2.241 |  centos  | /Users/user/rackspace/key.pem       |    22    |     80    |      http     |      admin       | default_tenant |     Complete    |
+---------------+--------------+----------+-------------------------------------+----------+-----------+---------------+------------------+----------------+-----------------+

...

show-current

Usage

vnfm profiles show-current [OPTIONS]

Displays your current active profile and its properties.

Example

$ vnfm profiles show-current

...

Active profile:
+---------------+--------------+----------+-------------------------------------+----------+-----------+---------------+------------------+----------------+-----------------+
|      name     |  manager_ip  | ssh_user |             ssh_key_path            | ssh_port | rest_port | rest_protocol | manager_username | manager_tenant | bootstrap_state |
+---------------+--------------+----------+-------------------------------------+----------+-----------+---------------+------------------+----------------+-----------------+
| *10.239.2.241 | 10.239.2.241 |  centos  | /Users/user/rackspace/key.pem       |    22    |     80    |      http     |      admin       | default_tenant |     Complete    |
+---------------+--------------+----------+-------------------------------------+----------+-----------+---------------+------------------+----------------+-----------------+

...

export

Usage

vnfm profiles export [OPTIONS]

Export all profiles to a file

Caution

Including the ssh keys of your profiles in the archive means that once the profiles are imported, the ssh keys will be put back in their original locations!

If -o / --output-path is omitted, the archive’s name will be vnfm- profiles.tar.gz.

Optional Flags

  • --include-keys - Include SSH key files in the archive.
  • -o, --output-path TEXT - The local path for the download.

Example

$ vnfm profiles export

...

Exporting profiles to /Users/assi/Work/repos/vnfm-profiles.tar.gz...
Export complete!
You can import the profiles by running `vnfm profiles import PROFILES_ARCHIVE`

 ...

import

Usage

vnfm profiles import [OPTIONS] ARCHIVE_PATH

Import profiles from a profiles archive.

Caution

If a profile exists both in the archive and locally it will be overwritten (any other profiles will be left intact).

ARCHIVE_PATH is the path to the profiles archive to import.

Optional Flags

--include-keys

Caution

Imports exported keys to their original locations.

Example

$ vnfm profiles import vnfm-profiles.tar.gz

...

Importing profiles from vnfm-profiles.tar.gz...
Import complete!
You can list profiles using `vnfm profiles list`

...

delete

Usage

vnfm profiles delete [OPTIONS] PROFILE_NAME

Delete a profile.

PROFILE_NAME is the IP of the VNF Manager the profile manages.

Example

$ vnfm profiles delete 10.239.2.241

...

Deleting profile 10.239.2.241...
Profile deleted

...

use

Usage

vnfm profiles use [OPTIONS] MANAGER_IP

Control a specific VNF Manager.

PROFILE_NAME is the IP of the manager the profile manages.

Additional CLI commands are added after a VNF Manager is used. To stop using VNF Manager, you can run vnfm init -r.

Optional Flags

  • --profile-name TEXT - Name of the profile to use.
  • -s, --ssh-user TEXT - The SSH user on the host machine with which to SSH into the manager.
  • -k, --ssh-key TEXT - The path to the SSH key-file to use when connecting.
  • --ssh-port INTEGER - The SSH port to use when connecting to the Manager.
  • -u, --manager-username TEXT - Manager username used to run commands on the Manager.
  • -p, --manager-password TEXT - Manager password used to run commands on the Manager.
  • -t, --manager-tenant TEXT - The tenant associated with the user currently operating the Manager.
  • --rest-port INTEGER - The REST server’s port.
  • --ssl - Connect to REST server using SSL
  • -c, --rest-certificate TEXT - The REST server’s external certificate file location (implies –ssl)
  • --kerberos-env TEXT - Whether or not to use kerberos while connecting to the manager
  • --skip-credentials-validation - Do not check that the passed credentials are correct (default: False)

Example

vnfm profiles use 10.239.2.241 -t default_tenant -u admin -p admin

...

Initializing local profile ...
Initialization completed successfully
Attempting to connect...
Initializing profile 10.239.2.241...
Initialization completed successfully
Using manager 10.239.2.241 with port 80

...

set

Usage

vnfm profiles set [OPTIONS]

Set the profile name, manager username and/or password and/or tenant in the current profile

Optional Flags

  • --profile-name TEXT - Name of the profile to use.
  • -u, --manager-username TEXT - Manager username used to run commands on the manager.
  • -p, --manager-password TEXT - Manager password used to run commands on the manager.
  • -t, --manager-tenant TEXT - The tenant associated with the current user
  • -s, --ssh-user TEXT - The SSH user on the manager host machine operating the manager.
  • -k, --ssh-key TEXT - The path to the ssh key-file to use when connecting
  • --ssh-port TEXT - The SSH port to use when connecting to the manager
  • --ssl TEXT - Required SSL state (on/off)
  • -c, --rest-certificate TEXT - The REST server’s external certificate file location (implies –ssl)
  • --kerberos-env TEXT - Whether or not to use kerberos while connecting to the manager
  • --skip-credentials-validation - Do not check that the passed credentials are correct (default:False)

Example

$ vnfm profiles set -u admin

...

Validating credentials...
Credentials validated
Setting username to `admin`
Settings saved successfully

...

unset

Usage

vnfm profiles unset [OPTIONS]

Clear the manager username and/or password and/or tenant from the current profile.

Optional Flags

  • -u, --manager-username - Manager username used to run commands on the manager.
  • -p, --manager-password - Manager password used to run commands on the manager.
  • -t, --manager-tenant - The tenant associated with the current user operating the manager.
  • -s, --ssh-user - The SSH user on the manager host machine
  • -k, --ssh-key - The path to the ssh key-file to use when connecting
  • -c, --rest-certificate - The REST server’s external certificate file location (implies –ssl)
  • --kerberos-env - Whether or not to use kerberos while connecting to the manager
  • --skip-credentials-validation - Do not check that the passed credentials are correct. (default:False)

Example

$ vnfm profiles unset -u
...

Validating credentials...
Credentials validated
Clearing manager username
Settings saved successfully

...

SITES

The vnfm sites command is used to manage sites and their location in VNF Manager.

Optional Flags

vnfm sites commands support the common CLI flags.

Commands

List

Usage

vnfm sites list [OPTIONS]

List all sites

Optional Flags

  • --sort-by TEXT - Key for sorting the list.
  • --descending - Sort list in descending order. [default: False]
  • -t, --tenant-name TEXT - The name of the tenant from which to list the sites. If unspecified, the current tenant is used. This argument cannot be used simultaneously with the all-tenants argument.
  • -a, --all-tenants - Include resources from all tenants associated with the user. This argument cannot be used simultaneously with the tenant-name argument.
  • --search TEXT - Search sites by name. The returned list will include only sites that contain the given search pattern.
  • -o, --pagination - offset INTEGER The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0]
  • -s, --pagination-size INTEGER - The max number of results to retrieve per page [default: 1000]

Example

$ vnfm sites list
Listing all sites...

Sites:
+----------+------------------------+------------+----------------+--------------------------+------------+
|   name   |        location        | visibility |  tenant_name   |        created_at        | created_by |
+----------+------------------------+------------+----------------+--------------------------+------------+
| Chicago  | 41.8333925,-88.0121478 |   tenant   | default_tenant | 2019-05-19 12:00:20.843  |   admin    |
|  Miami   | 25.7823404,-80.3695441 |   tenant   | default_tenant | 2019-05-19 12:00:52.143  |   admin    |
| Tel-Aviv | 32.0879122,34.7272058  |   tenant   | default_tenant | 2019-05-19 12:00:12.073  |   admin    |
+----------+------------------------+------------+----------------+--------------------------+------------+

Showing 3 of 3 sites

Create

Usage

vnfm sites create [OPTIONS] NAME

Create a new site:

NAME is the new site’s name

Optional Flags

  • --location TEXT - The location of the site, expected format: latitude,longitude such as 32.071072,34.787274
  • -l, --visibility TEXT - Defines who can access the resource, can be set to one of [‘private’, ‘tenant’, ‘global’] [default: tenant]
  • -t, --tenant-name TEXT - The name of the tenant of the site. If not specified, the current tenant will be used

Example

$ vnfm sites create --location 32.0879122,34.7272058 --visibility global Tel-Aviv

...

Get

Usage

vnfm sites get [OPTIONS] NAME

Get details for a single site

NAME is the site’s name

Optional Flags

  • -t, --tenant-name TEXT - The name of the tenant of the site. If not specified, the current tenant will be used

Example

$ vnfm sites get Tel-Aviv

...

Delete

Usage

vnfm site delete [OPTIONS] NAME

Delete a site

NAME is the site’s name

Optional Flags

  • -t, --tenant-name TEXT - The name of the tenant of the secret. If not specified, the current tenant will be used

Example

$ vnfm sites delete Tel-Aviv

...

Update

Usage

vnfm sites update [OPTIONS] NAME

Update an existing site

NAME is the site’s name

Optional Flags

  • --location TEXT - The location of the site, expected format: latitude,longitude such as 32.071072,34.787274
  • -l, --visibility TEXT - Defines who can access the resource, can be set to one of [‘private’, ‘tenant’, ‘global’]
  • -n, --new-name TEXT - The new name of the site

Example

$ vnfm sites update --location 32.0879122,34.7272058 --visibility global --new-name Tel-Aviv-Yafo Tel-Aviv

...

SNAPSHOTS

The vnfm snapshots command is used to manage data snapshots of VNF manager. You must have admin credentials to create and restore snapshots. You can use the command to create, upload, download, delete and list snapshots and also to restore a Manager using a snapshot archive. For more consult the Create snapshot topic.

Optional Flags

These commands support the common CLI flags.

Commands include:

create

Usage

vnfm snapshots create [OPTIONS] [SNAPSHOT_ID]

Create a snapshot on VNF Manager.

The snapshot will contain the relevant data to restore a VNF Manager to its previous state.

SNAPSHOT_ID is the ID to attach to the snapshot.

Optional Flags

  • --exclude-credentials - Exclude credentials from the snapshot
  • --exclude-logs - Exclude logs from the snapshot
  • --exclude-events - Exclude events from the snapshot
  • --queue - If set, snapshot-creation-workflows that can`t currently run will be queued and run automatically when possible

Example

$ vnfm snapshots create

...

Creating snapshot snapshot_XLHCNV...
Started workflow execution. The execution's id is 2219928b-69fd-49f1-8982-c42da5f82a63

...

delete

Usage

vnfm snapshots delete [OPTIONS] SNAPSHOT_ID

Delete a snapshot from VNF Manager.

SNAPSHOT_ID is the ID of the snapshot to delete.

Optional Flags

  • -t, --tenant-name TEXT - The name of the tenant of the snapshot. If unspecified, the current tenant is used.

Example

$ vnfm snapshots delete snapshot_XLHCNV

...

Deleting snapshot snapshot_XLHCNV...
Snapshot deleted successfully

...

download

Usage

vnfm snapshots download [OPTIONS] SNAPSHOT_ID

Download a snapshot from VNF Manager.

SNAPSHOT_ID is the ID of the snapshot to download.

Optional Flags

  • -o, --output-path TEXT - The local path which to download.
  • -t, --tenant-name TEXT - The name of the tenant of the snapshot. If unspecified, the current tenant is used.

Example

$ vnfm snapshots download snapshot_XLHCNV

...

Downloading snapshot snapshot_XLHCNV...
 snapshot_XLHCNV |#####################################################| 100.0%
Snapshot downloaded as snapshot_XLHCNV.zip

...

list

Usage

vnfm snapshots list [OPTIONS]

List all snapshots on VNF Manager.

Optional Flags

  • --sort-by TEXT - Key for sorting the list.
  • --descending - Sort list in descending order. [default: False]
  • -t, --tenant-name TEXT - The name of the tenant from which to list node-instance. If unspecified, the current tenant is used. This argument cannot be used simultaneously with the all-tenants argument.
  • -a, --all-tenants - Include resources from all tenants associated with the user. This argument cannot be used simultaneously with the tenant-name argument.
  • --search TEXT - Search snapshots by id. The returned list will include only snapshots that contain the given search pattern.
  • -o, --pagination-offset INTEGER - The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0]
  • -s, --pagination-size INTEGER - The max number of results to retrieve per page [default: 1000]

Example

$ vnfm snapshots list

...

Listing snapshots

...

Snapshots:
+-----------------+--------------------------+---------+-------+------------+----------------+------------+
|        id       |        created_at        |  status | error | visibility |  tenant_name   | created_by |
+-----------------+--------------------------+---------+-------+------------+----------------+------------+
| snapshot_XLHCNV | 2017-04-04 09:33:39.315  | created |       |  tenant    | default_tenant |   admin    |
+-----------------+--------------------------+---------+-------+------------+----------------+------------+

Showing 1 of 1 snapshots

restore

Usage

vnfm snapshots restore [OPTIONS] SNAPSHOT_ID

Restore VNF Manager to its previous state, or migrate a version 3.x snapshot to a tenant on VNF Manager 4.x (i.e migration).

SNAPSHOT_ID is the ID of the snapshot to use for restoration

For a more detailed description of a snapshot-restore procedure for scheduled executions, consult the VNFM Backup and Restore topic.

Optional Flags

  • --without-deployments-envs - Restore without recreating the currently existing deployments
  • -f, --force - Force restoring the snapshot on a Manager with existing blueprints or deployments
  • --restore-certificates - Restore the certificates from the snapshot, using them to replace the current Manager certificates. If the certificates’ metadata (I.E: the Manager IP address) from the snapshot does not match the Manager metadata, the certificates cannot work on this Manager and will not be restored. In the event that the certificates have been restored, the Manager will be automatically rebooted at the end of the execution. To avoid automatic reboot, use the flag –no-reboot (not recommended).
  • --ignore-plugin-failure - if set, plugin installation errors during snapshot restore will only be logged as warnings, and will pass the snapshot restore workflow
  • --no-reboot - Do not perform an automatic reboot to the Manager VM after restoring certificates a from snapshot (not recommended). Only relevant if the –restore-certificates flag was supplied

Example

$ vnfm snapshots restore snapshot_CAMWZ5

...

Restoring snapshot snapshot_XLHCNV...
Started workflow execution. The execution's id is 53921762-2b72-430b-b6fe-d6f1faced8e1

...

upload

Usage

vnfm snapshots upload [OPTIONS] SNAPSHOT_PATH

Upload a snapshot to VNF Manager.

SNAPSHOT_PATH is the path of the snapshot to upload.

Optional Flags

  • -s, --snapshot-id TEXT - The unique identifier for the snapshot
  • -t, --tenant-name TEXT - The name of the tenant of the snapshot. If unspecified, the current tenant is used.

Example

$ vnfm snapshots upload snapshot_XLHCNV.zip

...

Uploading snapshot snapshot_XLHCNV.zip...
 snapshot_XLHCNV.zip |#################################################| 100.0%
Snapshot uploaded. The snapshot's id is snapshot_76E7LB

...

status

Usage

vnfm snapshots status

Return the status of the restore_snapshot workflow (whether or not it’s in progress).

Example

$ vnfm snapshots status

...

Retrieving snapshot restore status...
No `restore_snapshot` workflow currently running.

...

SSH

The vnfm ssh command is used to connect to a VNF manager via SSH.

You can use the command to create a new terminal session, run a command, or connect to a shared tmux-based session.

Usage

vnfm ssh [OPTIONS]

Connects to a running manager via SSH.

host starts a tmux session (for example, tmux new -s “ssh_session_vi120m”) after which a command for a client is printed in the tmux session for the host to send to the client (i.e. vnfm ssh –sid ssh_session_vi120m).

When starting a new session, the host creates an alias for “exit” so that when a client connects and exits, it will run “tmux detach” instead and not terminate the session.

When the host exits the tmux session, a command will be executed to terminate the session.

Passing a command simply executes it on VNF Manager, whereas omitting a command connects to an interactive shell.

Optional Flags

  • -c, --command TEXT - Execute a command on the manager over SSH
  • --host - Host an SSH tmux session
  • --sid TEXT - Join an SSH tmux session
  • -l, --list-sessions - List available SSH tmux sessions

Example

$ vnfm ssh

...

Connecting to centos@10.239.2.241...
Last login: Tue Apr  4 05:51:20 2017 from 192.168.8.195
[centos@vnfm ~]$

...

TENANTS

The vnfm tenants command is used to create and manage tenants on VNF Manager. You can run commands on a tenant other than the one that you are logged into by specifying the name of the tenant to which the command applies. For example, vnfm tenants add-user USERNAME -t TENANT_NAME can be used to add a user to a different tenant.

Requirements

To use the command you must have VNFM sys_admin credentials. Tenant names must conform to the following requirements:

  • Minimum number of characters - 5
  • Maximum number of characters - 255
  • Valid characters are alphanumeric, or -, _, or ..
  • Value must begin with a letter
  • Cannot be empty

Optional Flags

These commands support the common CLI flags.

Commands include:

Each of the tenants related commands are detailed below in alphabetical order.

add-user

Usage

vnfm tenants add-user [OPTIONS] USERNAME

Add an individual user to a tenant. If your system is integrated with LDAP/AD, ensure that the username matches that specified in LDAP.

USERNAME is the name of the user to add to the tenant.

Required flag

  • -t, --tenant-name TEXT - The name of the tenant.
  • -r, --role TEXT - The name of the role.

Valid tenant roles are:

  • manager - User that can manage tenants
  • operations - User that can deploy and execute workflows, but cannot manage blueprints or plugins
  • user - Regular user, can perform actions on tenants resources
  • viewer - User that can only view tenant resources

Example

$ vnfm tenants add-user my-user -t my-tenant -r user

...

User `my-user` added successfully to tenant `my-tenant`

...

add-user-group

Usage

vnfm tenants add-user-group [OPTIONS] USER_GROUP_NAME

Add a user group to a tenant.

USER_GROUP_NAME is the name of the user group to add to the tenant.

If your system is integrated with LDAP/AD, ensure that the group name matches that specified in LDAP.

Required flags

  • -t, --tenant-name TEXT - The name of the tenant.
  • -r, --role TEXT - The name of the role.

Valid tenant roles are:

  • manager - User that can manage tenants
  • operations - User that can deploy and execute workflows, but cannot manage blueprints or plugins
  • user - Regular user, can perform actions on tenants resources
  • viewer - User that can only view tenant resources

Example

$ vnfm tenants add-user-group my-user-group -t my-tenant -r user

...

User group `my-user-group` added successfully to tenant `my-tenant`

...

create

Usage

vnfm tenants create [OPTIONS] TENANT_NAME

Add a tenant to VNF Manager.

TENANT_NAME is the name of the new tenant

The tenant name must be unique in VNF Manager.

Required flags

-t, --tenant-name TEXT - The name of the tenant.

Example

$ vnfm tenants create my-tenant

...

Tenant `my-tenant` created

...

delete

Usage

vnfm tenants delete [OPTIONS] TENANT_NAME

Delete a tenant from VNF Manager. TENANT_NAME is the name of the tenant

Example

$ vnfm tenants delete my-tenant

...

Deleting tenant `my-tenant`...

Tenant removed

...

get

Usage

vnfm tenants get [OPTIONS] TENANT_NAME

View information for a specific tenant, including its users.

TENANT_NAME is the name of the tenant

Optional flag

--get-data - When set to True, displays the full list of connected resources (users/tenants/user-groups), for each listed resource. When set to False displays the total number of connected resources. (default:False)

Example

$ vnfm tenants get my-tenant

...

Getting info for tenant `my-tenant`...

Requested tenant info:
+-----------+--------+-------+
|    name   | groups | users |
+-----------+--------+-------+
| my-tenant |   1    |   2   |
+-----------+--------+-------+

...

list

Usage

vnfm tenants list [OPTIONS]

Provides a list of all tenants in this instance of VNF Manager. By default, when you generate the list of tenants, only the number of linked resources is displayed. You can retrieve full details with the use of a –get-data flag.

Optional Flags

  • --sort-by TEXT - Key for sorting the list.
  • --descending - Sort list in descending order. [default: False]
  • --get-data - When set to True, displays the full list of connected resources (users/tenants/user-groups), for each listed resource. When set to False displays the total number of connected resources. (default:False)
  • --search TEXT - Search tenants by name. The returned list will include only tenants that contain the given search pattern.
  • -o, --pagination-offset INTEGER - The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0]
  • -s, --pagination-size INTEGER - The max number of results to retrieve per page [default: 1000]

Example

$ vnfm tenants list

...

Listing all tenants...

Tenants:
+----------------+--------+-------+
|      name      | groups | users |
+----------------+--------+-------+
| default_tenant |        |   1   |
|   my-tenant    |   1    |   2   |
+----------------+--------+-------+

...

remove-user

Usage

vnfm tenants remove-user [OPTIONS] USERNAME

Remove an individual user from a tenant.

USERNAME is the name of the user to remove from the tenant.

Note

If the user is part of one or more user groups that are assigned to the tenant, you need to remove the user from each group, in order for them to be prevented from accessing the tenant.

Required flags

-t, --tenant-name TEXT - The name of the tenant.

Example

$ vnfm tenants remove-user my-user -t my-tenant

...

User `my-user` removed successfully from tenant `my-tenant`

...

remove-user-group

Usage

vnfm tenants remove-user-group [OPTIONS] USER_GROUP_NAME

Remove a user group from a tenant.

USER_GROUP_NAME is the name of the user group to remove from the tenant.

Required flags

-t, --tenant-name TEXT - The name of the tenant.

Example

$ vnfm tenants remove-user-group my-user-group -t my-tenant

...

User group `my-user-group` removed successfully from tenant `my-tenant`

...

update-user

Usage

vnfm tenants update-user [OPTIONS] USERNAME

Update the user role in a tenant.

USERNAME is the name of the user for which the role needs to be updated.

Required flags

  • -t, --tenant-name TEXT - The name of the tenant.
  • -r, --role TEXT - The name of the role.

Example

$ vnfm tenants update-user my-user -t my-tenant -r viewer
User `my-user` updated successfully in tenant `my-tenant`

update-user-group

Usage

vnfm tenants update-user-group [OPTIONS] USERNAME

Update the user role in a tenant.

USERNAME is the name of the user for which the role needs to be updated.

Required flags

  • -t, --tenant-name TEXT - The name of the tenant.
  • -r, --role TEXT - The name of the role.

Example

$ vnfm tenants update-user-group my-user-group -t my-tenant -r viewer
Group `my-user-group` updated successfully in tenant `my-tenant`

USER-GROUPS

The vnfm user-groups command is used to define and manage user groups on VNF Manager.

To use the command you must have VNFM admin credentials. If your VNF Manager is integrated with LDAP/AD. ensure that the group names that you define exactly match those defined in LDAP.

Requirements

To use the command you must have VNFM admin credentials.

User names and passwords must conform to the following requirements:

  • Minimum number of characters - 5
  • Maximum number of characters - 255
  • Valid characters are alphanumeric, or -, _, or ..
  • Value must begin with a letter
  • Cannot be empty

Optional flag

These commands support the common CLI flags.

Commands

create

Usage

vnfm user-group create [OPTIONS] USER_GROUP_NAME

Create a new user group on the manager

USER_GROUP_NAME is the name of the new user group

Optional Flags

-l, --ldap-distinguished-name TEXT - The ldap group’s distinguished name. This option is required when using ldap. The format must be CN=GroupName, OU=OUName,DC=Domaincomponent, DC= DomainComponent. for example: CN=ldapwiki,OU=groups,DC=example,DC=com.

Example

$ vnfm user-groups create users

...

Group `users` created

...

add-user

Usage

vnfm user-groups add-user [OPTIONS] USERNAME

Add a user group. USERNAME is the name of the user to add to the user group

Required flags

-g, --group-name TEXT - The name of the user group.

Example

$ vnfm user-groups add-user sue -g users

...

User `sue` added successfully to user group `users`

...

delete

Usage

vnfm user-groups delete [OPTIONS] USER_GROUP_NAME

Delete a user group from VNF Manager. USER_GROUP_NAME is the name of the user group

Example

$ vnfm user-group del users2

...

Deleting user group `users2`...
User group removed

...

list

Usage

vnfm user-groups list [OPTIONS]

List all users assigned to this users’ group. By default, when you generate the list of user groups, only the number of linked resources are displayed. You can retrieve full details with the use of a –get-data flag.

Optional Flags

  • --sort-by TEXT - Key for sorting the list.
  • --descending - Sort list in descending order. [default: False]
  • --get-data - When set to True, displays the full list of connected resources (users/tenants/user-groups), for each listed resource. When set to False displays the total number of connected resources. (default:False)
  • --search TEXT - Search user-groups by name. The returned list will include only user-groups that contain the given search pattern.
  • -o, --pagination - offset INTEGER The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0]
  • -s, --pagination-size INTEGER - The max number of results to retrieve per page [default: 1000]

Example

 $ vnfm user-group list

 ...

 Listing all user groups...

 User groups:
 +-------+---------+-------+
 |  name | tenants | users |
 +-------+---------+-------+
 | users |         |   2   |
 +-------+---------+-------+

...

get

Usage

vnfm user-groups get [OPTIONS] USER_GROUP_NAME

Get details for a specific user group. USER_GROUP_NAME is the name of the user group.

Optional Flags

--get-data - When set to True, displays the full list of connected resources (users/tenants/user-groups), for each listed resource. When set to False displays the total number of connected resources. (default:False)

Example

$ vnfm user-group get users

...

Getting info for user group `users`...

Requested user group info:
+-------+---------+-------+
|  name | tenants | users |
+-------+---------+-------+
| users |         |   2   |
+-------+---------+-------+

...

USERS

The vnfm users command is used to manage users and passwords on VNF Manager. If you choose not to integrate VNF Manager with LDAP-based user management system, you must add each user individually with a unique username and a password. You can also create user groups and add users to them. The users and user groups can be assigned to one or more tenants, with different roles in each tenant.

Requirements

To use the command you must have VNFM admin credentials.

Usernames must conform to the following requirements:

  • Valid characters are alphanumeric, or -, _, or ..
  • Value must begin with a letter
  • Cannot be empty

Passwords must conform to the following requirements:

  • Minimum number of characters - 5
  • Maximum number of characters - 255
  • Valid characters are alphanumeric, or -, _, or ..
  • Value must begin with a letter
  • Cannot be empty

Optional Flags

These commands support the common CLI flags.

Commands

create

Usage

vnfm users create [OPTIONS] USERNAME

Create a new user on VNF Manager.

USERNAME is the user name for the user.

Required flags

-p, --password TEXT - The password for the user.

Optional Flags

  • -r, --security-role [sys_admin|default] - A role that defines the user as a ‘sys-admin’ (admin user) or ‘default’ (non-admin user). A ‘default’ user must be explicitly assigned to tenants in order to perform actions and access resources. (default: default)
  • -t, --tenant-name - The name of the tenant to add the user to.
  • -l, --user-tenant-role - The role of the user in the specified tenant.

Example

$ vnfm users create sue -p test1

...

User `sue` created as a non-admin user in the system with password 'test1'.

...

set-password

Usage

vnfm users set-password [OPTIONS] USERNAME

Set the password for a specific user. You can use this command in a non-LDAP setup to change each of the users’ passwords, and in LDAP mode to change only the password of the bootstrap-admin (the user created by default upon Manager’s installation) .

USERNAME is the username of the user.

Required flags

-p, --password TEXT - The new password for the password.

Example

$ vnfm users set-password sue -p new_pass

...

Setting new password for user sue...
New password set

...

set-role

Usage

vnfm users set-role [OPTIONS] USERNAME

Set the system-wide (security) role for a specific user.

USERNAME is the username of the user.

The system-wide role defines the user as a ‘sys-admin’ (admin user) or ‘default’ (non-admin user). To give the user sys-admin permissions, set this role to ‘sys_admin’. Otherwise, the user has the system-wide role ‘default’. A ‘default’ user must be explicitly assigned to tenants in order to perform actions and access resources.

Optional Flags

-r, --security-role [sys_admin|default] - A role to specifies the user’s permissions on the manager. (default: default)

Example

$ vnfm users set-role sue -r sys_admin

...

Setting new role for user sue...
New role `sys_admin` set

...

delete

Usage

vnfm users delete [OPTIONS] USERNAME

Delete a user from VNF Manager. You can delete a user only if the user is:

  • Not assigned to any tenants
  • Not a member of any user groups
  • Not the creator of any VNFM resources (Blueprint, Deployment, Plugin, Secret) on the Manager.

USERNAME is the username of the user.

Example

$ vnfm users delete sue

...

Deleting user `sue`...
User removed

...

list

Usage

vnfm users list

In non-LDAP mode, this command lists all of the users defined in this VNF Manager. In LDAP mode, this command lists all of the users who logged in to VNFM and successfully authenticated with the LDAP system. By default, when you generate the list of users, only the number of user groups and tenants each user is associated with are displayed. You can retrieve full details with the use of a –get-data flag.

Optional Flags

  • --sort-by TEXT - Key for sorting the list.
  • --descending - Sort list in descending order. [default: False]
  • --get-data - When set to True, displays the full list of connected resources (users/tenants/user-groups), for each listed resource. When set to False displays the total number of connected resources. (default:False)
  • --search TEXT - Search users by username. The returned list will include only users that contain the given search pattern.
  • -o, --pagination-offset INTEGER - The number of resources to skip; –pagination-offset=1 skips the first resource [default: 0]
  • -s, --pagination-size INTEGER - The max number of results to retrieve per page [default: 1000]

Example

$ vnfm users list

...

Listing all users...

Users:
+----------+--------+------------------+------------------------------+--------+--------------------------+---------+
| username | groups | system wide role | system wide roles via groups | active |      last_login_at       | tenants |
+----------+--------+------------------+------------------------------+--------+--------------------------+---------+
|  admin   |        |    sys_admin     |                              |  True  | 2018-03-05 16:03:56.726  |    1    |
|   sue    |        |     default      |                              |  True  |                          |         |
+----------+--------+------------------+------------------------------+--------+--------------------------+---------+

...

get

Usage

vnfm users get [OPTIONS] USERNAME

Get details for a single user.

USERNAME is the username of the user.

Optional Flags

--get-data - When set to True, displays the full list of tenants and/or user groups the user is associated with. When set to False displays only their total number. (default:False)

Example

$ vnfm users get sue2

...

Getting info for user `sue2`...

Requested user info:
+----------+--------+------------------+------------------------------+--------+---------------+---------+
| username | groups | system wide role | system wide roles via groups | active | last_login_at | tenants |
+----------+--------+------------------+------------------------------+--------+---------------+---------+
|   sue    |        |     default      |                              |  True  |               |         |
+----------+--------+------------------+------------------------------+--------+---------------+---------+

...

deactivate

Usage

vnfm users deactivate [OPTIONS] USERNAME

Deactivate a user. Deactivated users cannot login to VNFM, but are in the list of users. To let the user login to VNFM, reactivate the user.

USERNAME is the username of the user.

Example

$ vnfm users deactivate assi2

...

Deactivating user `assi2`...
User deactivated

...

activate

Usage

vnfm users activate [OPTIONS] USERNAME

Activate a user.

USERNAME is the username of the user.

Example

$ vnfm users activate sue2

...

Activating user `sue2`...
User activated

...

What’s Next?