Follow the steps to SSH into NSX Advanced Load Balancer CLI using a non-admin user account.
In this example, the non-admin user is configured as a super-user too.
Open an SSH client and use the cli@<Avi Controller IP> command. Replace the NSX Advanced Load Balancer Controller IP with the IP of the Controller for which access is required.
Provide the credentials when prompted for a username. In the below example, a user account with the username testuser is used, which is also configured as a super-user on NSX Advanced Load Balancer.
Using username "cli". Avi Cloud Controller Avi Networks software, Copyright (C) 2013-2017 by Avi Networks, Inc. All rights reserved. Version: 17.1.8 Date: 2017-09-21 06:03:07 UTC Build: 9020 Management: 10.10.1.1/23 UP Gateway: 10.10.1.1 UP The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php Last login: Fri Oct 27 10:32:02 2017 from 10.10.8.11 Launching a CLI shell in a container No handlers could be found for logger "docker.auth.auth" Login: testuser Password:
After providing the password, as shown in the above CLI snippet, you can get access to the NSX Advanced Load Balancer shell.
[admin:avi-controller]: >
From the NSX Advanced Load Balancer shell prompt, you can run all the show commands and shell commands.
Checking Logs Using a Super-User Account
Use the account mentioned in the previous steps and use the attach controller <controller-ip> command to go to the linux bash prompt. As it is a container with no persistent storage, none of the log files are visible when the ls command is used.
[admin:avi-controller]: > bash root@04de723c268a:/# root@04de723c268a:/# cd /opt root@04de723c268a:/opt# ls root@04de723c268a:/opt# <- No directory in /opt as seen here
Using Username avidebuguser
A non-admin user (who is also a super-user) can be associated with the NSX Advanced Load Balancer Controller by using attach <Avi Controller IP> command. This will provide the Controller container access to the user as an avidebuguser. The avidebuguser is also a sudo user. Attach option is available only if the user (local or remote) is configured as a super-user.
[admin:avi-controller]: > attach controller 10.10.1.10 No handlers could be found for logger "root" Warning: Permanently added '10.10.1.10' (ECDSA) to the list of known hosts. Avi Cloud Controller Avi Networks software, Copyright (C) 2013-2017 by Avi Networks, Inc. All rights reserved. Version: 17.1.8 Date: 2017-09-21 06:03:07 UTC Build: 9020 Management: 10.10.1.10/23 UP Gateway: 10.10.1.1 UP Esx and OpenstackWelcome, this is your controller!!! The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php Last login: Fri Oct 27 10:32:36 2017 from 172.17.0.2 avidebuguser@avi-controller:~$
Use the ls command to check the log files as shown below.
avidebuguser@avi-controller-2:/opt$ ls *avi zookeeper-3.4.6*
avidebuguser@avi-controller-2:/opt/avi/log$ pwd /opt/avi/log
Additional Information
For more information on NSX Advanced Load Balancer Linux CLI and NSX Advanced Load Balancer CLI access, see CLI - Linux Command Line Mode and Access Settings.