Command-Line Interface

Contiv uses the netctl command-line interface (CLI) to configure networks, policies, and service load balancers.

Note: netctl directly talks to netmaster, bypassing Contiv authentication and authorization. If you want to use this utility, set it up on a separate cluster node.

netctl

NAME:

netctl - A new cli application

USAGE:

   ./netctl [global options] command [command options] [arguments...]

COMMANDS:

aci-gw ACI Gateway information
app-profile Application Profile manipulation tools
bgp Router capability configuration
endpoint, ep Endpoint Inspection
external-contracts External contracts
global Global information
group Endpoint Group manipulation tools
login Authenticate to Contiv netprofile Network profile manipulation tools
network, net Network manipulation tools
policy Policy manipulation tools
service Service object creation
tenant Tenant manipulation tools
version Version Information
help, h Shows a list of commands or help for one command

GLOBAL OPTIONS:

--help, -h Show help
--insecure Disable strict certificate checking
--netmaster "http://netmaster:9999" The hostname of the netmaster [$NETMASTER]
--version, -v Print the version

group

NAME:

group - Endpoint Group manipulation tools

USAGE:

   netctl group command [command options] [arguments...] 

COMMANDS:

create Create an endpoint group
inspect Inspect a EndpointGroup
rm, delete Delete an endpoint group
ls, list List endpoint groups
help, h Shows a list of commands or help for one command

OPTIONS:

--help, -h show help

aci-gw

NAME:

netctl aci-gw - ACI Gateway information

USAGE:

netctl aci-gw command [command options] [arguments...]

COMMANDS:

info Show ACI gateway information
inspect Inspect aci gateway operational information
set Set aci-gw parameters.
help, h Shows a list of commands or help for one command

OPTIONS:

--help, -h show help

app-profile

NAME:

netctl app-profile - Application Profile manipulation tools

USAGE:

netctl app-profile command [command options] [arguments...]

COMMANDS:

create Create an application profile
update Update an application profile
rm, delete Delete an application profile
ls, list List application profiles
group-ls, group-list List groups in an app-profile
help, h Shows a list of commands or help for one command

OPTIONS:

--help, -h show help

bgp

NAME:

netctl bgp - Router capability configuration

USAGE:

netctl bgp command [command options] [arguments...]

COMMANDS:

ls, list List BGP configuration
rm, delete Delete BGP configuration
create Add BGP configuration.
inspect Inspect BGP
help, h Shows a list of commands or help for one command

OPTIONS:

--help, -h show help

endpoint

NAME:

endpoint, ep - Endpoint Inspection

USAGE:

netctl endpoint command [command options] [arguments...]

COMMANDS:

inspect Inspect an Endpoint
help, h Shows a list of commands or help for one command

external-contracts

NAME:

netctl external-contracts - External contracts

USAGE:

netctl external-contracts command [command options] [arguments...]

COMMANDS:

ls, list List external contracts
rm, delete Delete external contracts
create Create external contracts
help, h Shows a list of commands or help for one command

OPTIONS:

--help, -h show help

global

NAME:

netctl global - Global information

USAGE:

netctl global command [command options] [arguments...]

COMMANDS:

info Show global information
inspect Inspect global operational information
set Set global parameters
help, h Shows a list of commands or help for one command

OPTIONS:

--help, -h show help

login

Contiv comes with a proxy called auth_proxy which transparently sits in front of netmaster and provides authentication (Active Directory, LDAP, local users) and authorization (RBAC). netctl can send requests to auth_proxy as if it were sending requests directly to netmaster. For more details, please see the auth_proxy repo.

You must login before you can send any netctl requests to auth_proxy. Any requests destined for auth_proxy must include the global --netmaster flag with the full HTTPS auth_proxy URL as the value.

If the target auth_proxy is using an expired, invalid, or untrusted certificate, you will additionally need to specify the global --insecure flag.

netctl stores its auth_proxy access token under $HOME/.netctl/config.json. To "logout", simply delete this file.

NAME:

netctl login - Authenticate to Contiv

USAGE:

In these examples, set $AUTH_PROXY_URL to the full HTTPS auth_proxy URL. This will look something like: https://1.2.3.4:10000

Login (you will be prompted for your username and password)

netctl --netmaster=$AUTH_PROXY_URL login

Send authenticated request (token is automatically sent)

netctl --netmaster=$AUTH_PROXY_URL network ls

Send request to auth_proxy with untrusted certificate

netctl --insecure --netmaster=$AUTH_PROXY_URL network ls

OPTIONS:

--help, -h show help

netprofile

NAME:

netctl netprofile - Network profile manipulation tools

USAGE:

netctl netprofile command [command options] [arguments...]

COMMANDS:

create Create a network profile
rm, delete Delete a network profile
ls, list List network profile
inspect Inspect network profile
help, h Shows a list of commands or help for one command

OPTIONS:

--help, -h show help

network

NAME:

netctl network - Network manipulation tools

USAGE:

netctl network command [command options] [arguments...]

COMMANDS:

ls, list List networks
inspect Inspect a network
rm, delete Delete a network
create Create a network
help, h Shows a list of commands or help for one command

OPTIONS:

--help, -h show help

policy

NAME:

netctl policy - Policy manipulation tools

USAGE:

netctl policy command [command options] [arguments...]

COMMANDS:

create Create a new policy
rm, delete Delete a policy
ls, list List policies
inspect Inspect a policy
rule-ls List rules for a given tenant, policy
rule-rm Delete a rule from the policy
rule-add Add a new rule to the policy
help, h Shows a list of commands or help for one command

OPTIONS:

--help, -h show help

service

NAME:

netctl service - Service object creation

USAGE:

netctl service command [command options] [arguments...]

COMMANDS:

ls, list List service objects
inspect Inspect a Network
rm, delete Delete service object
create Create Service object.
help, h Shows a list of commands or help for one command

OPTIONS:

--help, -h show help

tenant

NAME:

tenant Tenant manipulation tools

USAGE:

netctl tenant command [command options] [arguments...]

COMMANDS:

ls, list List tenants
rm, delete Delete a tenant
create Create a tenant
inspect Inspect a tenant
help, h Shows a list of commands or help for one command

OPTIONS:

--help, -h show help

version

netctl version Version Information for netctl client and sever, git commit hash, and build time.

help

netctl help Shows help information