Command reference for OCI containers

This reference lists and describes the commands for administering the OCI containers.

On Linux®, the following separate command line interfaces (CLIs) are merged into a single CLI in Z Anomaly Analytics and Z Operational Log and Data Analytics 5.1.x.10 or later.
  • Z Data Analytics Platform CLI
  • Z Anomaly Analytics OCI container CLI
You can run the single CLI by using one of the following commands:
Docker
<ZOA_HOME>/bin/dockerManageZoa.sh
Podman
<ZOA_HOME>/bin/podmanManageZoa.sh
Where <ZOA_HOME> is the directory into which the Z Data Analytics platform and Z Anomaly Analytics OCI-based capabilities are installed.

Commands for administering installed software containers

Table 1. Commands for administering installed software containers
Command Explanation
backup-data Back up data from one named volume to the host file system.
config-certificates Configure or reconfigure TLS certificates.
Provide one of the following subcommands:
delete-cert
Delete a certificate from the truststore.
export
Export the existing set of TLS artifacts from the OCI volume in which they are stored.
force-generate
Generate a set of TLS artifacts even if a prior set exists.
This subcommand requires the same information as the generate subcommand. This subcommand is used when a certificate is expired, or when the certificate configuration properties must be updated. The following properties are required to generate the TLS artifacts:
  • CRYPT_ALGO
  • COUNTRY
  • STATE
  • LOCATION
  • ORG_UNIT
generate
If no TLS artifacts exist, generate a set of TLS artifacts. This process is automatically run during a successful installation or upgrade.
The following TLS artifacts are generated:
  • rootCA.crt - Contains the root certificate, which is necessary to establish an X.509 certificate authority for internal authentication.
  • zoasvc.crt - Contains the certificate for common services such as Apache Kafka, the authentication service, and the gateway service.
  • zoasvc.key - Contains the private key that is used to secure the zoasvc.crt file.
  • zoasvc.ks - Contains the keystore in PKCS12 format. It contains the contents of both the zoasvc.crt and zoasvc.key files.
  • zoasvc.ts - Contains the truststore in PKCS12 format. It contains the contents of the zoasvc.crt file only.
generate-csr-only
Generate and export a certificate signing request that is based on an existing private key. This subcommand does not modify any of the certificate properties.
import-cert
Import the certificate for an external application into the truststore to establish a trust relationship with that application.
list-certs
List certificates that are installed in the truststore.
config-certificates Configure or reconfigure TLS certificates.
Provide one of the following subcommands:
sync-certs
Update the certificates available to the dashboards service from the truststore. This subcommand is needed only if the dashboards service is lacking the certificates that are needed to establish a chain of trust with the authentication service or external services.
This subcommand might be necessary after you upgrade from an earlier version, particularly when it is necessary to synchronize certificates between:
  • The truststore used for Java-based components
  • The trust chain used by the dashboards component
use-provided
Install a set of externally provided CA-signed TLS artifacts.
This subcommand prompts for:
  • The directory where the TLS artifacts are located.
  • A CA-signed certificate in the PEM format.
  • The private key that is used for the CA signing request.
  • The root certificate and the intermediate certificate (if provided), both in the PEM format. They are necessary to validate the authenticity of the CA-signed certificate.
    Note: Certificate chains are not supported.
  • The password for the private key
Notes:
  • This command was updated in 5.1.x.14.
  • After you use the delete-cert, force-generate, generate, generate-csr-only, or use-provided subcommands, restart the containers.
config-parser-pipeline Configure or reconfigure the pipelines for the parser component. This action loads the Logstash configuration files for both curated and raw data streams.
Notes:
  • This command was newly added in 5.1.x.14.
  • This command does not update the corresponding index templates. To update the index templates for the raw data streams, use the process-cdp-policy command.
config-rulesengine Configure Rules Engine rules for metric-based machine learning.
Notes:
  • This command was newly added in 5.1.x.14.
  • This command is applicable to IBM Z Anomaly Analytics use cases only.
create-platform-monitor Create a Platform Health monitor that can be customized to send alerts when space gets low.
Note: This command was newly added in 5.1.x.20.
datastore Manage data store indexes.
Provide one of the following subcommands:
list-indices
List indexes that contain operational data that is present in the data store. You are prompted to provide a pattern for the index names to list.
delete-indices
Delete indexes that contain operational data from the data store. You are prompted to provide a pattern for the index names to delete.
show-locked-indices
List indexes in the data store that were locked as a result of an action that either an administrator or built-in, self-monitoring processes took.
Note: The list might include indexes that contain operational data and management indexes that the list-indices action does not show.
unlock-index
Unlock an index in the data store that was locked as a result of an action that either an administrator or built-in, self-monitoring processes took. You are prompted to provide the name of the locked index.
Note: This action can be applied to indexes that contain operational data and to management indexes.
list-datastreams
List data streams that contain operational data that is present in the data store. You are prompted to provide a pattern for the data stream names to list.
delete-datastreams
Delete data streams that contain operational data from the data store. You are prompted to provide a pattern for the data stream names to delete.
Note: The show-locked-indices, unlock-index, list-datastreams, and delete-datastreams subcommands were newly added in 5.1.x.19.
datastore-debug-logging Enable or disable debug logging for the data store service.
enable
Set the overall logging level for the data store service to DEBUG.
Note: The change does not persist if the container is shut down.
disable
Reset the overall logging level for the data store service.
Note: This command was newly added in 5.1.x.19.
down Stop and remove containers and networks.
export-custom-objects Export custom searches, visualizations, and dashboards from a Z Data Analytics Platform workspace.
gather Collect configuration and log files and compress them in a ZIP archive for submission to IBM® Support.
get-log-level View the log level of a specific container.
Note: This command was renamed from "getLogLevel" in 5.1.x.14.
help Show usage information.
import-custom-objects Import previously exported custom searches, visualizations, and dashboards into a Z Data Analytics Platform workspace.
inspect-images Print information about OCI images.
Note: This command was renamed from "inspectImages" in 5.1.x.14.
kafka-console-consumer Show the contents of a Kafka topic.
kafka-consumer-groups Show information about a Kafka consumer group.
kafka-debug-logging Enable or disable debug logging for the kafkabroker service.
enable
Set the overall logging level for the kafkabroker service to DEBUG.
disable
Reset the overall logging level for the kafkabroker service.
Note: This command was newly added in 5.1.x.19.
kafka-prune Prune data from a Kafka topic and optionally configure data retention duration for that topic.
Provide one of the following subcommands:
ZLDA
Process Kafka topics for the Z Data Analytics Platform.
ZAA
Process Kafka topics for Z Anomaly Analytics.
ZDiscovery
Process Kafka topics for the Z Resource Discovery Data Service component.
Note:
  • This subcommand was newly added in 5.1.x.14.
  • This subcommand is applicable to the ServiceNow CMDB integration use-cases only.
kafka-topics Manage Kafka topics.
Note: This subcommand was enhanced in 5.1.x.16. It now provides a broader set of capabilities, including the ability to view topic details, alter topic configuration, or delete topics. The additional capability is provided to improve serviceability and must be used under the guidance of IBM Support.
logs View output from containers.
manage-security-tenants Create, update, or delete security tenants.
The available subcommands are,
create
Create a security tenant.
update
Update the configuration of an existing security tenant. The update can be performed either as a replacement of the existing configuration, or as an additive update.
delete
Delete an existing security tenant and all artifacts that are associated with it.
Note: This command was newly added in 5.1.x.16.
manage-zdap-secrets List, create, update, or delete secrets that contain sensitive information that the extended features of the Z Data Analytics Platform require.
Note: This command was newly added in 5.1.x.16.
migrate-index-pattern Migrate custom visualizations and searches from versions before 5.1.x.10.
Note: This command was newly added in 5.1.x.14.
move-data Move data from one named volume to another.
parser-debug-logging Enable or disable debug logging for the parser service
enable
Set the overall logging level for the parser service to DEBUG.
disable
Reset the overall logging level for the parser service.
Note: This command was newly added in 5.1.x.19.
process-cdp-policy Generate index templates for non-curated data streams from a Z Common Data Provider policy file.
Notes:
  • This command was renamed from processCdpPolicy in 5.1.x.14.
  • This command generates the file cdp_template_list.txt. It can be used to reload non-curated data stream configuration files during an upgrade.
ps List containers.
purge Stop and remove containers and networks and purge data volumes.
reset-datastore-api-password Create a new, randomly generated password for API access to the data store service.
Note: This command was newly added in 5.1.x.16.
reset-datastore-security Initialize IBM-provided default security configuration for the data store service.
Note:
  • This command was newly added in 5.1.x.16.
  • The command is automatically run when Fix Pack 5.1.x.16 is installed. After the fix pack is installed, use this command only if IBM Support instructs you to do so.
restart Restart running services.
restore-data Restore backup data on the host file system to the named volume.
seed-ldap Seed the authentication service with LDAP user IDs based on an input file.
Note: This command was newly added in 5.1.x.14.
set-log-level Set a log level for a specific container.
Note: This command was renamed from "setLogLevel" in 5.1.x.14.
start Start stopped services.
stop Stop running services.
up Create and start containers.
update-keycloak-password Update the password of the following Keycloak user IDs:
  • keycloakadmin - Used to access the master realm.
  • zoakcadmin - Used to access the Izoakcadmin realm.
  • <Other IDs> - Any other Keycloak user ID.
Keycloak user ID Description
keycloakadmin

You are prompted to enter the ID's current password before resetting it.

The encoded entry in the environment variables is also updated.
zoakcadmin

Keycloak is checked to see if the ID exists. If not, it is created.

Also, the encoded entry in the environment variables is updated.
<Other IDs>

Keycloak is checked to see if the ID exists (and is not found by any enabled User Federations). If not, it is created.

If the ID is found by an enabled User Federation, the password is not reset in Keycloak. Instead, it must be reset in the authentication provider.