Instructions

Follow the steps to SSH into NSX Advanced Load Balancer CLI using a non-admin user account.

In this example, the non-admin user is configured as a super-user too.

Open an SSH client and use the cli@<Avi Controller IP> command. Replace the NSX Advanced Load Balancer Controller IP with the IP of the Controller for which access is required.
Provide the credentials when prompted for a username. In the below example, a user account with the username testuser is used, which is also configured as a super-user on NSX Advanced Load Balancer.

Using username "cli".
Avi Cloud Controller
Avi Networks software, Copyright (C) 2013-2017 by Avi Networks, Inc.
All rights reserved.
Version: 17.1.8
Date: 2017-09-21 06:03:07 UTC
Build: 9020
Management: 10.10.1.1/23 UP
Gateway: 10.10.1.1 UP
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
Last login: Fri Oct 27 10:32:02 2017 from 10.10.8.11
Launching a CLI shell in a container
No handlers could be found for logger "docker.auth.auth"
Login: testuser
Password:

After providing the password, as shown in the above CLI snippet, you can get access to the NSX Advanced Load Balancer shell.

[admin:avi-controller]: >

From the NSX Advanced Load Balancer shell prompt, you can run all the show commands and shell commands.

Checking Logs Using a Super-User Account

Use the account mentioned in the previous steps and use the attach controller <controller-ip> command to go to the linux bash prompt. As it is a container with no persistent storage, none of the log files are visible when the ls command is used.

[admin:avi-controller]: > bash
root@04de723c268a:/#
root@04de723c268a:/# cd /opt
root@04de723c268a:/opt# ls
root@04de723c268a:/opt# <- No directory in /opt as seen here

Using Username avidebuguser

A non-admin user (who is also a super-user) can be associated with the NSX Advanced Load Balancer Controller by using attach <Avi Controller IP> command. This will provide the Controller container access to the user as an avidebuguser. The avidebuguser is also a sudo user. Attach option is available only if the user (local or remote) is configured as a super-user.

[admin:avi-controller]: > attach controller 10.10.1.10
No handlers could be found for logger "root"
Warning: Permanently added '10.10.1.10' (ECDSA) to the list of known hosts.
Avi Cloud Controller
Avi Networks software, Copyright (C) 2013-2017 by Avi Networks, Inc.
All rights reserved.
Version: 17.1.8
Date: 2017-09-21 06:03:07 UTC
Build: 9020
Management: 10.10.1.10/23 UP
Gateway: 10.10.1.1 UP
Esx and OpenstackWelcome, this is your controller!!!
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
Last login: Fri Oct 27 10:32:36 2017 from 172.17.0.2
avidebuguser@avi-controller:~$

Use the ls command to check the log files as shown below.

avidebuguser@avi-controller-2:/opt$ ls
*avi  zookeeper-3.4.6*

avidebuguser@avi-controller-2:/opt/avi/log$ pwd 
/opt/avi/log

Additional Information

For more information on NSX Advanced Load Balancer Linux CLI and NSX Advanced Load Balancer CLI access, see CLI - Linux Command Line Mode and Access Settings.