Use Container-backed Remote CLIs and Clients¶
Remote platform CLIs can be used in any shell after sourcing the generated remote CLI/client RC file. This RC file sets up the required environment variables and aliases for the remote CLI commands.
Prerequisites
You must have configured the oidc-auth-apps OIDC Identity Provider (dex) on the target StarlingX environment to get Kubernetes authentication tokens. See Set up OIDC Auth Applications for more information.
Consider adding the following command to your .login or shell rc file, such that your shells will automatically be initialized with the environment variables and aliases for the remote CLI commands.
Otherwise, execute it before proceeding:
root@myclient:/home/user/remote_cli_wd# source remote_client_platform.sh Please enter your OpenStack Password for project admin as user admin-user:
You must complete the configuration steps described in Configuring Container-backed Remote CLIs and Clients before proceeding.
If you specified repositories that require authentication when configuring the container-backed remote CLIs, you must perform a docker login to that repository before using remote CLIs for the first time
Procedure
To be able to execute kubectl CLI commands, first it is needed to get a Kubernetes authentication token. Execute the command below to get it. The token is stored in the “admin-kubeconfig” file. The validity of the token is up to 24 hours. A new token should be generated regularly. The OAM IP mentioned below is the IP of the target StarlingX environment.
Note
The first usage of a remote CLI command will be slow as it requires that the docker image supporting the remote CLIs/clients be pulled from the remote registry.
root@myclient:/home/user/remote_cli_wd# oidc-auth -c <OAM_IP> -u ${MYUSER} -p <USER_PASSWORD>
For system CLI and Kubernetes kubectl CLI commands:
root@myclient:/home/user/remote_cli_wd# system host-list +----+--------------+-------------+----------------+-------------+--------------+ | id | hostname | personality | administrative | operational | availability | +----+--------------+-------------+----------------+-------------+--------------+ | 1 | controller-0 | controller | unlocked | enabled | available | | 2 | controller-1 | controller | unlocked | enabled | available | | 3 | compute-0 | worker | unlocked | enabled | available | | 4 | compute-1 | worker | unlocked | enabled | available | +----+--------------+-------------+----------------+-------------+--------------+ root@myclient:/home/user/remote_cli_wd# kubectl -n kube-system get pods NAME READY STATUS RESTARTS AGE calico-kube-controllers-767467f9cf-wtvmr 1/1 Running 1 3d2h calico-node-j544l 1/1 Running 1 3d calico-node-ngmxt 1/1 Running 1 3d1h calico-node-qtc99 1/1 Running 1 3d calico-node-x7btl 1/1 Running 4 3d2h ceph-pools-audit-1569848400-rrpjq 0/1 Completed 0 12m ceph-pools-audit-1569848700-jhv5n 0/1 Completed 0 7m26s ceph-pools-audit-1569849000-cb988 0/1 Completed 0 2m25s coredns-7cf476b5c8-5x724 1/1 Running 1 3d2h ... root@myclient:/home/user/remote_cli_wd#
Note
See the procedure for configuring the SSL platform certificate at Install/Update the StarlingX Rest and Web Server Certificate.
If HTTPS is enabled for the StarlingX REST API Server on the StarlingX system, copy the certificate of the CA that issued/signed the StarlingX REST API Server’s SSL certificate to the folder
$HOME/remote_wd_cli
on the remote machine and execute commands as follows:For
system
commands:~(keystone_admin)]$ system --ca-file ca.pem host-list
For
dcmanager
commands:~(keystone_admin)]$ OS_CACERT=ca.pem ~(keystone_admin)]$ dcmanager subcloud list
Note
Some CLI commands are designed to leave you in a shell prompt, for example:
root@myclient:/home/user/remote_cli_wd# openstack
or
root@myclient:/home/user/remote_cli_wd# kubectl exec -ti <pod_name> -- /bin/bash
In most cases, the remote CLI will detect and handle these commands correctly. If you encounter cases that are not handled correctly, you can force-enable or disable the shell options using the <FORCE_SHELL=true> or <FORCE_NO_SHELL=true> variables before the command.
For example:
root@myclient:/home/user/remote_cli_wd# FORCE_SHELL=true kubectl exec -ti <pod_name> -- /bin/bash root@myclient:/home/user/remote_cli_wd# FORCE_NO_SHELL=true kubectl exec <pod_name> -- ls
You cannot use both variables at the same time.
If you need to run a remote CLI command that references a local file, then that file must be copied to or created in the working directory specified in the -w option on the ./config_client.sh command.
For example:
root@myclient:/home/user# cp /<someDir>/test.yml $HOME/remote_cli_wd/test.yml root@myclient:/home/user# cd $HOME/remote_cli_wd root@myclient:/home/user/remote_cli_wd# kubectl -n kube-system create -f test.yml pod/test-pod created root@myclient:/home/user/remote_cli_wd# kubectl -n kube-system delete -f test.yml pod/test-pod deleted
For Helm commands:
% cd $HOME/remote_cli_wd
Note
When using helm, any command that requires access to a helm repository (managed locally) will require that you be in the $HOME/remote_cli_wd directory and use the –home ./.helm option. For the host local installation, it requires the users $HOME and ends up in $HOME/.config and $HOME/.cache/helm.
% helm --home ./.helm repo add bitnami https://charts.bitnami.com/bitnami % helm --home ./.helm repo update % helm --home ./.helm repo list % helm --home ./.helm search repo % helm --home ./.helm install wordpress bitnami/wordpress
Related information