Use Container-backed Remote CLIs and Clients¶

Remote platform CLIs can be used in any shell after sourcing the generated remote CLI/client RC file. This RC file sets up the required environment variables and aliases for the remote CLI commands.

Prerequisites

You must have configured the oidc-auth-apps OIDC Identity Provider (dex) on the target StarlingX environment to get Kubernetes authentication tokens. See Set up OIDC Auth Applications for more information.
Consider adding the following command to your .login or shell rc file, such that your shells will automatically be initialized with the environment variables and aliases for the remote CLI commands.

Otherwise, execute it before proceeding:
```
root@myclient:/home/user/remote_cli_wd# source remote_client_platform.sh
Please enter your OpenStack Password for project admin as user admin-user:
```
You must complete the configuration steps described in Configuring Container-backed Remote CLIs and Clients before proceeding.
If you specified repositories that require authentication when configuring the container-backed remote CLIs, you must perform a docker login to that repository before using remote CLIs for the first time

Procedure

To be able to execute kubectl CLI commands, first it is needed to get a Kubernetes authentication token. Execute the command below to get it. The token is stored in the “admin-kubeconfig” file. The validity of the token is up to 24 hours. A new token should be generated regularly. The OAM IP mentioned below is the IP of the target StarlingX environment.

Note

The first usage of a remote CLI command will be slow as it requires that the docker image supporting the remote CLIs/clients be pulled from the remote registry.
```
root@myclient:/home/user/remote_cli_wd# oidc-auth -c <OAM_IP> -u ${MYUSER} -p <USER_PASSWORD>
```

For system CLI and Kubernetes kubectl CLI commands:

root@myclient:/home/user/remote_cli_wd# system host-list
+----+--------------+-------------+----------------+-------------+--------------+
| id | hostname     | personality | administrative | operational | availability |
+----+--------------+-------------+----------------+-------------+--------------+
| 1  | controller-0 | controller  | unlocked       | enabled     | available    |
| 2  | controller-1 | controller  | unlocked       | enabled     | available    |
| 3  | compute-0    | worker      | unlocked       | enabled     | available    |
| 4  | compute-1    | worker      | unlocked       | enabled     | available    |
+----+--------------+-------------+----------------+-------------+--------------+
root@myclient:/home/user/remote_cli_wd# kubectl -n kube-system get pods
NAME                                       READY   STATUS      RESTARTS   AGE
calico-kube-controllers-767467f9cf-wtvmr   1/1     Running     1          3d2h
calico-node-j544l                          1/1     Running     1          3d
calico-node-ngmxt                          1/1     Running     1          3d1h
calico-node-qtc99                          1/1     Running     1          3d
calico-node-x7btl                          1/1     Running     4          3d2h
ceph-pools-audit-1569848400-rrpjq          0/1     Completed   0          12m
ceph-pools-audit-1569848700-jhv5n          0/1     Completed   0          7m26s
ceph-pools-audit-1569849000-cb988          0/1     Completed   0          2m25s
coredns-7cf476b5c8-5x724                   1/1     Running     1          3d2h
...
root@myclient:/home/user/remote_cli_wd#

Note

See the procedure for configuring the SSL platform certificate at Install/Update the StarlingX Rest and Web Server Certificate.

If HTTPS is enabled for the StarlingX REST API Server on the StarlingX system, copy the certificate of the CA that issued/signed the StarlingX REST API Server’s SSL certificate to the folder $HOME/remote_wd_cli on the remote machine and execute commands as follows:

For system commands:

~(keystone_admin)]$ system --ca-file ca.pem host-list

For dcmanager commands:

~(keystone_admin)]$ OS_CACERT=ca.pem
~(keystone_admin)]$ dcmanager subcloud list

Note

Some CLI commands are designed to leave you in a shell prompt, for example:

root@myclient:/home/user/remote_cli_wd# openstack

root@myclient:/home/user/remote_cli_wd# kubectl exec -ti <pod_name> -- /bin/bash

In most cases, the remote CLI will detect and handle these commands correctly. If you encounter cases that are not handled correctly, you can force-enable or disable the shell options using the <FORCE_SHELL=true> or <FORCE_NO_SHELL=true> variables before the command.

For example:

root@myclient:/home/user/remote_cli_wd# FORCE_SHELL=true kubectl exec -ti <pod_name> -- /bin/bash
root@myclient:/home/user/remote_cli_wd# FORCE_NO_SHELL=true kubectl exec <pod_name> -- ls

You cannot use both variables at the same time.

If you need to run a remote CLI command that references a local file, then that file must be copied to or created in the working directory specified in the -w option on the ./config_client.sh command.

For example:

root@myclient:/home/user# cp /<someDir>/test.yml $HOME/remote_cli_wd/test.yml
root@myclient:/home/user# cd $HOME/remote_cli_wd
root@myclient:/home/user/remote_cli_wd# kubectl -n kube-system  create -f test.yml
pod/test-pod created
root@myclient:/home/user/remote_cli_wd# kubectl -n kube-system  delete -f test.yml
pod/test-pod deleted

For Helm commands:
```
% cd $HOME/remote_cli_wd
```
Note

When using helm, any command that requires access to a helm repository (managed locally) will require that you be in the $HOME/remote_cli_wd directory and use the –home ./.helm option. For the host local installation, it requires the users $HOME and ends up in $HOME/.config and $HOME/.cache/helm.
```
% helm --home ./.helm repo add bitnami https://charts.bitnami.com/bitnami
% helm --home ./.helm repo update
% helm --home ./.helm repo list
% helm --home ./.helm search repo
% helm --home ./.helm install wordpress bitnami/wordpress
```

Related information