As we start thinking about NSX Manager, we need to think about the CLI. There’s a lot of stuff we might do there. Configuration, for example. Or Controller Cluster creation. Or other information gathering for troubleshooting.
The nsxcli is nicely organized, and ported across devices, so you get a similar (not identical) set of CLI tooling wether you’re at the Manager CLI, Controller, Edge, ESXi, or Linux. The tooling implemented in nsxcli is context sensetive, so things like “get controller-cluster status” don’t exist on the Manager.
Another fantastic thing about nsxcli is that it’s tab-completable. So I can start a command, hit <tab> <tab> (yep, twice), and a list of suggestions pops up. And if I get stuck later in the command, I can do it again.
The nsxcli is structured pretty simply: VERB NOUN. Sort of like Powershell. The pieces of the command are space-separated, rather than hyphen separated. But there’s more than just verbs and nouns. Let’s take a quick look:
nsxmgr-01> <Tab>Tab>
clear Clear setting
copy Copy from one file to another
del Delete configuration
detach Detach from NSX cluster
display Display packet capture file
exit Exit from current mode
get Retrieve the current configuration
help Display help
list List all available commands
nslookup Name server lookup
on Run Central CLI command
ping Send echo messages
reboot Reboot system
restart Restart service
resume Resume node upgrade
set Change the current configuration
shutdown Shutdown system
start Start service
stop Stop service
traceroute Trace route to destination hostname or IP address
verify Verify upgrade bundle
When you get your suggestions, you even get some nice descriptions to get started. What really starts getting interesting is when we look at the get (and set) commands.
nsxmgr-01> get <Tab><Tab>
all All items
arp-table ARP entries
auth-policy Authentication policy
capture Packet capture
certificate X509 certificate
cli-timeout CLI timeout
clock Manage the system clock
configuration Configuration details
cpu-stats CPU statisticsa
eula End User License Agreement
file File
files Files
filesystem-stats Filesystem statistics
hardening-policy Hardening Policy
hostname System’s network name
interface Interface configuration
interfaces Interface status and configuration
log-file Log file
logging-servers Syslog logging servers
management-cluster Management cluster
memory-stats Memory statistics
name-servers Name servers
network-stats Show system network stats
node Node
nodes Nodes
ntp-server NTP server
ntp-servers NTP servers
processes System processes
route IP routing table
routes IP routing table
search-domains DNS search domains
service Node service
services Node services
sockets Open IP sockets
support-bundle Support bundle
upgrade-bundle Node Upgrade bundle
uptime Show system uptime information
user Configure system passwords
version System version
nsxmgr-01> set <Tab><Tab>
auth-policy Authentication policy
banner Login banner
cli-timeout CLI timeout
eula End User License Agreement
hardening-policy Hardening Policy
hostname System’s network name
logging-server Syslog logging server
name-servers Name servers
ntp-server NTP server
route IP routing table
search-domains DNS search domains
service Node service
snmp SNMP service
timezone Timezone
user Configure system passwords
This is where we do most of the work with NSX Manager at the CLI. For example, we’ll need the API certificate thumbprint to join nodes to the management plane. That’s pretty easy:
nsxmgr-01> get certificate api thumbprint
88710fcd3fd84686cc6cc03b22298a1f84b9784b9f49bb869e889d632b3c2b22
We can get the status of the managment plane (and a little bit of info on the control plane as well)
nsxmgr-01> get management-cluster status
Number of nodes in management cluster: 1
– 172.20.40.42 (UUID 4c832d42-2dbb-3e12-2174-ef514037e38e) Online
Management cluster status: STABLE
Number of nodes in control cluster: 3
– 172.20.40.31 (UUID 5aeb415e-8dd5-40d2-aec4-2ab96dfaac68)
– 172.20.40.33 (UUID 8c2404e7-2503-497f-9c29-4fc8c4b0b2cb)
– 172.20.40.32 (UUID fd1a94fb-833e-4533-9e6f-b4c324f7f495)
Control cluster status: STABLE
I recommend spending some time exploring what we have here. It’s a rather powerful set of tools that are very easily accessible.
But the Manager is not the only NSX component we can interact with here. That’s right, we’ve implemented a centralized CLI in NSX-T! This is not the same kind of central CLI we have with NSX-V, though, where there are a specific set of commands we can use. This is better. Immensely better!
In NSX-T, I essentially tell the CLI:
On <node> exec <insert nsxcli command here>
The very cool thing about this, like I said earlier, is that nsxcli exists on all of your nodes. When you log into NSX Manager, NSX Controller, or NSX Edge nodes as user “admin”, you’re using nsxcli. When you’re logged into an ESXi host, simply type “nsxcli” (/bin/nsxcli if you’re curious about the full path). On Linux KVM hosts, it’s in the same place. Note that on ESXi and Linux, you need superuser privileges.
Also recall that I mentioned that it’s context-sensitive. In other words, I don’t have “get management-cluster” from nsxcli on an ESXi host. But I have “get logical-switches”, which isn’t available on NSX Manager.
Just like everything else in NSX-T, nodes have a UUID. So how do I find those? That’s easy!
nsxmgr-01> get nodes
UUID Type Display Name
8c2404e7-2503-497f-9c29-4fc8c4b0b2cb ctl nsxctrl-03
5aeb415e-8dd5-40d2-aec4-2ab96dfaac68 ctl nsxctrl-01
fd1a94fb-833e-4533-9e6f-b4c324f7f495 ctl nsxctrl-02
92fcc10c-cae7-4013-8948-62bb7a1c2538 edg edge-01
a3e9bc0a-74a4-4ab2-b886-73ae05aed11b edg edge-02
59291ac7-203d-4d5c-bd57-10a0496d0db9 esx esxi-01.sd.vclass.local
1ca3279f-5f5d-4009-9318-64dfb8e8841c esx esxi-02.sd.vclass.local
bb84cad3-00cf-45d3-b336-aee6ce5943f2 kvm kvm-01.sd.vclass.local
65a7e954-6312-42e8-8ac5-4b352ae01db0 kvm kvm-02.sd.vclass.local
4c832d42-2dbb-3e12-2174-ef514037e38e mgr nsxmgr-01
So let’s build that out a little bit. Here’ I’m telling NSX Manager “ On node esxi-01.sd.vclass.local, execute”, and tab completion tells me the things I can do (by the way, you can even tab complete node UUIDs!):
nsxmgr-01> on 1ca3279f-5f5d-4009-9318-64dfb8e8841c exec <Tab>Tab>
clear Clear setting
detach Detach from NSX cluster
exit Exit from current mode
get Retrieve the current configuration
help Display help
join Join NSX cluster
list List all available commands
reset Reset settings
set Change the current configuration
start Start service
<CR> Execute command
| Output modifiers
If I add the “get” verb to the command and tab complete, I’ll get all kinds of information I can gather:
nsxmgr-01> on 1ca3279f-5f5d-4009-9318-64dfb8e8841c exec get <Tab>Tab>
bridge Bridge
bridges Bridges
capture Packet capture
controllers NSX controllers
firewall Firewall configuration
host-switch Host switch
hyperbus HyperBus configuration
logical-router Logical router
logical-routers Logical routers
logical-switch Logical switch
logical-switch-port Logical switch port
logical-switches Logical switches
maintenance-mode Maintenance Mode
managers NSX managers
node-uuid Node UUID
service Node service
version System version
vif VIF
vswitch vswitch
Long story short, the NSX CLI is powerful, extensive, and it might be frequently used. Spend some time with it. Explore it!
Now that we’ve got that out of the way, let’s dive into the rest of NSX-T!
~$ history
Introduction: From NSX-V to NSX-T. An Adventure
NSX-T: The Manager of All Things NSX
VirtualKrueger 