smcli - Systems management command-line interface

The systems management command-line interface (smcli) is a utility that you can use to perform system management tasks from the command line. Using smcli, you can specify options that are not associated with any command.

Synopsis

smcli [-h | -? | --help]

smcli [-c] [-prompt] [-user user_name] [-pw password] command_string

smcli -d

Running smcli commands

You can run smcli commands locally from the management node or remotely by accessing the management node using a remote-access utility, such as Secure Shell (SSH).

You can execute up to 20 concurrent smcli threads simultaneously. The 20 concurrent threads are executed in the sequence in which you issue them as 20 independent commands. Obtaining a thread for final execution is dependent on the availability and priority of the thread.

By default, only five commands can run concurrently. In order to set the value to allow more than five commands to be run concurrently, you must increase the max.cli.threads value. Complete the following steps:

  1. Call IBM® Support and obtain the password that is required to run the pesh command.
  2. From the management software command-line interface, use the lsconfig -v command to determine the UVMID of management node.
  3. Run the command pesh UVMID, where UVMID is the system ID that you determined in the previous step. When you are prompted, enter the password that you obtained from IBM Support.
    Note: For more information about the command, see pesh.
  4. Edit the following file:
    /opt/ibm/director/lwi/conf/overrides/USMIKernel.properties
  5. Append the following line to the end of the file:
    max.cli.threads=20
    The max.cli.threads value can be any value up to 20.
  6. Restart the IBM Flex System Manager.
Notes:
  • Ensure that logging is set to capture sufficient data for future debugging.
  • Thread scheduling is handled in the thread pool and is based on the assigned priority of the thread.
  • With the exception of CSM, you must manually execute concurrent commands that require the completion of or data from previously-launched threads. This will ensure that the first command completes execution before the command that depends on it starts execution.
  • To initialize the commands, a security check is done at the launch of each command.
  • If you ran multiple CLI commands with success in the past, your sequencing might be modified.
  • Authorization for each thread is not passed from one thread to another. The authorization of the command execution is done at the initial level, so there is no security check at the pool level. The role-based access levels that are defined for each type of user are passed along when a user executes a command.

smcli command authentication

IBM Flex System Manager can authenticate and authorize command requests using an external user registry server or Windows Active Directory. You can specify user credentials (user name and password) for authentication and authorization every time that you run a command. However, if you do not specify user credentials, then IBM Flex System Manager checks to ensure that the user ID executing the command has the proper authorization. You can specify the user credentials in one of these ways:
  • Include the user credentials with the command using the -user and -pw options.
  • Set up a prompt, using the -prompt option or the CLIPROMPT environment variable.
  • Create a persistent copy of the user name and encrypted password, using the smcli -c command. After the user name and password are saved, the saved credentials are used each time you run a command; you do not need to specify user credentials with the smcli commands until you delete the persistent copy, using the smcli -d command.

If you do not specify the -prompt, -user, and -pw options, IBM Flex System Manager uses the value of the CLIPROMPT environment variable (if set) to determine whether to prompt for the user name and password. You can set this variable to true (prompt) or false (no prompt).

If the CLIPROMPT environment variable is not set or is set to false, and you do not specify the -prompt, -user, and -pw options with the command, IBM Flex System Manager checks to determine if a persistent copy of the user name and encrypted password were created previously with the -c option. If a persistent user name and password were created previously, IBM Flex System Manager uses these credentials. If none of these options were used, IBM Flex System Manager CLI uses the operating system to acquire the user ID, then performs the authorization check to ensure that the user is authorized to perform the command.

Important:
  • The password is protected from being displayed only when you are prompted for the password or when IBM Flex System Manager uses the persistent copy of the encrypted password. When you specify the password using the -pw option, the characters for the password are displayed as plain text.
  • When you specify user credentials from the command line using the -user and -pw options, there is a fraction of a second during which the command (including the user name and password) can be seen by listing the processes on the system.

smcli logging

To enable logging for and allow for future debugging of smcli, you must set the SMCLI_DEBUG environment variable. The environment variable can be set to any value, although the following example shows a value of "1":
export SMCLI_DEBUG=1
When logging is enabled, the logs are placed in the following location:
/opt/ibm/director/log/smcli.log
Note: To view the logs, use the pesh command to gain access:
  1. Call IBM Support and obtain the password that is required to run the pesh command.
  2. From the management software command-line interface, use the lsconfig -v command to determine the UVMID of management node.
  3. Run the command pesh UVMID, where UVMID is the system ID that you determined in the previous step. When you are prompted, enter the password that you obtained from IBM Support. For more information about the command, see pesh.
Only one level of logging is supported.
Note: The log setting applies only to the smcli client program, and not to the actual command that is being run.
To disable logging for smcli, you must remove the setting of the SMCLI_DEBUG environment variable.
  • Example of removing the setting of the SMCLI_DEBUG environment variable in Windows: 
    set SMCLI_DEBUG=
    or remove the environment variable.
  • Example of removing the setting of the SMCLI_DEBUG environment variable in Linux:
    unset SMCLI_DEBUG

Operands

None

Options

-c
Creates a copy of the specified user name and password. The password in the copy is encrypted.

If the CLIPROMPT environment variable is not set or is set to false, and you do not specify the -prompt, -user, and -pw options with the command, IBM Flex System Manager checks to determine if a persistent copy of the user name and encrypted password were created previously with the -c option. If a persistent user name and password were created previously, IBM Flex System Manager uses these credentials. If none of these options were used, IBM Flex System Manager CLI uses the operating system to acquire the user ID, then performs the authorization check to ensure that the user is authorized to perform the command.

If you do not specify the -user or -pw options, IBM Flex System Manager prompts you for the user name or password.

Tips:
  • After you create a persistent copy of the user name and password, you no longer have to provide the user name and password for subsequent smcli commands.
  • If you specify this option, you must also specify a valid command.
-d
Deletes the persistent copy of the user name and encrypted password.
Important: For security reasons, you should always run the smcli -d command when you finish using the CLI.
-h | -?
Displays the syntax and a brief description of smcli.
Tips:
  • If you specify additional options, the options are ignored.
  • If you want to display the syntax and brief description of a specific command, specify the command name before the -h | -? option.
--help
Displays detailed information about smcli, including the syntax, a description of smcli, a description of the options and operands, error codes, and examples.
Tips:
  • If you specify additional options, the options are ignored.
  • If you want to display the detailed information about a specific command, specify the command name before the --help option.
-prompt
Prompts you for a user name and password.
Tips:
  • This option protects the display of the password. When you are prompted for the password, no characters are displayed.
  • Specifying the -prompt option overrides all other mechanisms for prompting, including the CLIPROMPT environment variable.
  • If you specify this option with the -user and -pw options, the -prompt option is ignored.
-pw password
Specifies the password for the user name.
Important: The password is displayed as plain text when you specify the -pw option. Using this option could cause a security exposure.
Tip: If you specify this option without the -prompt or -user options, you will be prompted for the user name.
-user user_name
Specifies a valid user name.
Tip: If you specify this option without the -prompt or -pw options, you will be prompted for the password.
command_string
Runs the specified command and options.

Exit status

The following codes are returned by this command.
  • 0: The operation completed.
  • 1: A usage error occurred.
  • 2: The command or bundle was not found.
  • 3: The command was not performed because either authentication failed or you are not authorized to perform the action.
  • 8: The exit code is out of range (0 to 255).
  • 29: The specified locale is not valid or not supported.
  • 10: A file-processing error occurred.
  • 125: An internal error occurred.

Examples

  1. Create a user session

    This example illustrates how to create a user session that uses the persistent copy of the user name and password. The PROMPT environment variable is set to yes, so the user is prompted for the password.

    smcli -c -user Admin1
password:
    Tip: No characters are displayed when you type the password.
  2. Authenticate using the specified user name and password

    This example illustrates how to list the IBM Flex System Manager users using the specified user name and password for authentication.

    smcli -user Admin1 -pw passw0rd lsuser

mysystem\Admin1
mysystem\Admin2
  3. Authenticate by prompting for user name and password

    This example illustrates how to list the IBM Flex System Manager users and prompt for the user name and password to use for authentication.

    smcli -prompt lsuser
user: Admin1
password:

mysystem\Admin1
mysystem\Admin2
  4. Display help for the smcli command

    This example displays help for the smcli command. The information displayed is the same as the content of this topic.

    smcli -?
  5. Create a credentials file

    This example illustrates how to create a copy of the user name and encrypted password that can be used to authorize the user when running future smcli commands. The PROMPT environment variable is set to yes, so the user is prompted for the password. This example also lists all smcli commands and bundles.

    smcli -c -user Administrator lsbundle
password:
  6. Delete the credentials file

    This example illustrates how to delete the credentials file.

    smcli -d
Parent topic: IBM Flex System Manager commands
Related tasks:
Authenticating users
Authorizing users