smcli - Systems management command-line interface
The systems management command-line interface (smcli) is a utility that you can use to perform system management tasks from the command line. Using smcli, you can specify options that are not associated with any command.
Synopsis
smcli [-h | -? | --help]
smcli [-c] [-prompt] [-user user_name] [-pw password] command_string
smcli -d
Running smcli commands
You can run smcli commands locally from the management node or remotely by accessing the management node using a remote-access utility, such as Secure Shell (SSH).
You can execute up to 20 concurrent smcli threads simultaneously. The 20 concurrent threads are executed in the sequence in which you issue them as 20 independent commands. Obtaining a thread for final execution is dependent on the availability and priority of the thread.
By default, only five commands can run concurrently. In order to set the value to allow more than five commands to be run concurrently, you must increase the max.cli.threads value. Complete the following steps:
- Call IBM® Support and obtain the password that is required to run the pesh command.
- From the management software command-line interface, use the lsconfig -v command to determine the UVMID of management node.
- Run the command pesh UVMID,
where UVMID is the system ID that you determined
in the previous step. When you are prompted, enter the password that
you obtained from IBM Support.Note: For more information about the command, see pesh.
- Edit the following file:
/opt/ibm/director/lwi/conf/overrides/USMIKernel.properties
- Append the following line to the end of the file:
The max.cli.threads value can be any value up to 20.max.cli.threads=20
- Restart the IBM Flex System Manager.
- Ensure that logging is set to capture sufficient data for future debugging.
- Thread scheduling is handled in the thread pool and is based on the assigned priority of the thread.
- With the exception of CSM, you must manually execute concurrent commands that require the completion of or data from previously-launched threads. This will ensure that the first command completes execution before the command that depends on it starts execution.
- To initialize the commands, a security check is done at the launch of each command.
- If you ran multiple CLI commands with success in the past, your sequencing might be modified.
- Authorization for each thread is not passed from one thread to another. The authorization of the command execution is done at the initial level, so there is no security check at the pool level. The role-based access levels that are defined for each type of user are passed along when a user executes a command.
smcli command authentication
- Include the user credentials with the command using the -user and -pw options.
- Set up a prompt, using the -prompt option or the CLIPROMPT environment variable.
- Create a persistent copy of the user name and encrypted password, using the smcli -c command. After the user name and password are saved, the saved credentials are used each time you run a command; you do not need to specify user credentials with the smcli commands until you delete the persistent copy, using the smcli -d command.
If you do not specify the -prompt, -user, and -pw options, IBM Flex System Manager uses the value of the CLIPROMPT environment variable (if set) to determine whether to prompt for the user name and password. You can set this variable to true (prompt) or false (no prompt).
If the CLIPROMPT environment variable is not set or is set to false, and you do not specify the -prompt, -user, and -pw options with the command, IBM Flex System Manager checks to determine if a persistent copy of the user name and encrypted password were created previously with the -c option. If a persistent user name and password were created previously, IBM Flex System Manager uses these credentials. If none of these options were used, IBM Flex System Manager CLI uses the operating system to acquire the user ID, then performs the authorization check to ensure that the user is authorized to perform the command.
- The password is protected from being displayed only when you are prompted for the password or when IBM Flex System Manager uses the persistent copy of the encrypted password. When you specify the password using the -pw option, the characters for the password are displayed as plain text.
- When you specify user credentials from the command line using the -user and -pw options, there is a fraction of a second during which the command (including the user name and password) can be seen by listing the processes on the system.
smcli logging
export SMCLI_DEBUG=1
/opt/ibm/director/log/smcli.log
- Call IBM Support and obtain the password that is required to run the pesh command.
- From the management software command-line interface, use the lsconfig -v command to determine the UVMID of management node.
- Run the command pesh UVMID, where UVMID is the system ID that you determined in the previous step. When you are prompted, enter the password that you obtained from IBM Support. For more information about the command, see pesh.
- Example of removing the setting of the SMCLI_DEBUG environment
variable in Windows:
or remove the environment variable.set SMCLI_DEBUG=
- Example of removing the setting of the SMCLI_DEBUG environment
variable in Linux:
unset SMCLI_DEBUG
Operands
None
Options
- -c
- Creates a copy of the specified user name and password.
The password in the copy is encrypted.
If the CLIPROMPT environment variable is not set or is set to false, and you do not specify the -prompt, -user, and -pw options with the command, IBM Flex System Manager checks to determine if a persistent copy of the user name and encrypted password were created previously with the -c option. If a persistent user name and password were created previously, IBM Flex System Manager uses these credentials. If none of these options were used, IBM Flex System Manager CLI uses the operating system to acquire the user ID, then performs the authorization check to ensure that the user is authorized to perform the command.
If you do not specify the -user or -pw options, IBM Flex System Manager prompts you for the user name or password.
Tips:- After you create a persistent copy of the user name and password, you no longer have to provide the user name and password for subsequent smcli commands.
- If you specify this option, you must also specify a valid command.
- -d
- Deletes the persistent copy of the user name and encrypted password.Important: For security reasons, you should always run the smcli -d command when you finish using the CLI.
- -h | -?
- Displays the syntax and a brief description of smcli. Tips:
- If you specify additional options, the options are ignored.
- If you want to display the syntax and brief description of a specific command, specify the command name before the -h | -? option.
- --help
- Displays detailed information about smcli, including the
syntax, a description of smcli, a description
of the options and operands, error codes, and examples.Tips:
- If you specify additional options, the options are ignored.
- If you want to display the detailed information about a specific command, specify the command name before the --help option.
- -prompt
- Prompts you for a user name and password. Tips:
- This option protects the display of the password. When you are prompted for the password, no characters are displayed.
- Specifying the -prompt option overrides all other mechanisms for prompting, including the CLIPROMPT environment variable.
- If you specify this option with the -user and -pw options, the -prompt option is ignored.
- -pw password
- Specifies the password for the user name.Important: The password is displayed as plain text when you specify the -pw option. Using this option could cause a security exposure.Tip: If you specify this option without the -prompt or -user options, you will be prompted for the user name.
- -user user_name
- Specifies a valid user name. Tip: If you specify this option without the -prompt or -pw options, you will be prompted for the password.
- command_string
- Runs the specified command and options.
Exit status
The following codes are returned by this command.- 0: The operation completed.
- 1: A usage error occurred.
- 2: The command or bundle was not found.
- 3: The command was not performed because either authentication failed or you are not authorized to perform the action.
- 8: The exit code is out of range (0 to 255).
- 29: The specified locale is not valid or not supported.
- 10: A file-processing error occurred.
- 125: An internal error occurred.
Examples
- Create a user session
This example illustrates how to create a user session that uses the persistent copy of the user name and password. The PROMPT environment variable is set to yes, so the user is prompted for the password.
smcli -c -user Admin1 password:
Tip: No characters are displayed when you type the password. - Authenticate using the specified user name and password
This example illustrates how to list the IBM Flex System Manager users using the specified user name and password for authentication.
smcli -user Admin1 -pw passw0rd lsuser mysystem\Admin1 mysystem\Admin2
- Authenticate by prompting for user name and password
This example illustrates how to list the IBM Flex System Manager users and prompt for the user name and password to use for authentication.
smcli -prompt lsuser user: Admin1 password: mysystem\Admin1 mysystem\Admin2
- Display help for the smcli command
This example displays help for the smcli command. The information displayed is the same as the content of this topic.
smcli -?
- Create a credentials file
This example illustrates how to create a copy of the user name and encrypted password that can be used to authorize the user when running future smcli commands. The PROMPT environment variable is set to yes, so the user is prompted for the password. This example also lists all smcli commands and bundles.
smcli -c -user Administrator lsbundle password:
- Delete the credentials file
This example illustrates how to delete the credentials file.
smcli -d