Para ejecutar comandos de la CLI, inicie sesión en el contenedor de NSX Container Plugin, abra un terminal y ejecute el comando nsxcli.

También puede obtener avisos de la CLI ejecutando el siguiente comando en un nodo:
  kubectl exec -it <pod name> nsxcli
Tabla 1. Comandos de la CLI para el contenedor de NCP
Tipo Comando
Estado get ncp-master status
Estado get ncp-nsx status
Estado get ncp-watcher <nombre-monitor>
Estado get ncp-watchers
Estado get ncp-k8s-api-server status
Estado check projects
Estado check project <nombre-proyecto>
Caché get project-cache <nombre-proyecto>
Caché get project-caches
Caché get namespace-cache <nombre-espaciodenombres>
Caché get namespace-caches
Caché get pod-cache <nombre-pod>
Caché get pod-caches
Caché get ingress-caches
Caché get ingress-cache <ingress-name>
Caché get ingress-controllers
Caché get ingress-controller <nombre-controlador-entrada>
Caché get network-policy-caches
Caché get network-policy-cache <nombre-pod>
Soporte técnico get ncp-log file <nombredearchivo>
Soporte técnico get ncp-log-level
Soporte técnico set ncp-log-level <nivel-registro>
Soporte técnico get support-bundle file <nombredearchivo>
Soporte técnico get node-agent-log file <nombredearchivo>
Soporte técnico get node-agent-log file <nombredearchivo> <nombre-nodo>
Tabla 2. Comandos de la CLI para el contenedor de agentes del nodo de NSX
Tipo Comando
Estado get node-agent-hyperbus status
Caché

get container-cache <nombre-contenedor>

Caché

get container-caches

Tabla 3. Comandos de la CLI para el contenedor de Kube Proxy de NSX
Tipo Comando
Estado get ncp-k8s-api-server status
Estado get kube-proxy-watcher <nombre-monitor>
Estado get kube-proxy-watchers
Estado dump ovs-flows

Comandos de estado para el contenedor de NCP

  • Mostrar el estado del maestro de NCP
    get ncp-master status

    Ejemplo:

    kubenode> get ncp-master status
    This instance is not the NCP master
    Current NCP Master id is a4h83eh1-b8dd-4e74-c71c-cbb7cc9c4c1c
    Last master update at Wed Oct 25 22:46:40 2017
  • Mostrar el estado de la conexión entre NCP y NSX Manager
    get ncp-nsx status

    Ejemplo:

    kubenode> get ncp-nsx status
    NSX Manager status: Healthy
  • Mostrar el estado del monitor para la entrada, el espacio de nombres, el pod y el servicio
    get ncp-watcher <watcher-name>
    get ncp-watchers

    Ejemplo 1:

    kubenode> get ncp-watcher pod
        Average event processing time: 1174 msec (in past 3600-sec window)
        Current watcher started time: Mar 02 2017 10:47:35 PST
        Number of events processed: 1 (in past 3600-sec window)
        Total events processed by current watcher: 1
        Total events processed since watcher thread created: 1
        Total watcher recycle count: 0
        Watcher thread created time: Mar 02 2017 10:47:35 PST
        Watcher thread status: Up

    Ejemplo 2:

    kubenode> get ncp-watchers
        pod:
            Average event processing time: 1145 msec (in past 3600-sec window)
            Current watcher started time: Mar 02 2017 10:51:37 PST
            Number of events processed: 1 (in past 3600-sec window)
            Total events processed by current watcher: 1
            Total events processed since watcher thread created: 1
            Total watcher recycle count: 0
            Watcher thread created time: Mar 02 2017 10:51:37 PST
            Watcher thread status: Up
     
        namespace:
            Average event processing time: 68 msec (in past 3600-sec window)
            Current watcher started time: Mar 02 2017 10:51:37 PST
            Number of events processed: 2 (in past 3600-sec window)
            Total events processed by current watcher: 2
            Total events processed since watcher thread created: 2
            Total watcher recycle count: 0
            Watcher thread created time: Mar 02 2017 10:51:37 PST
            Watcher thread status: Up
     
        ingress:
            Average event processing time: 0 msec (in past 3600-sec window)
            Current watcher started time: Mar 02 2017 10:51:37 PST
            Number of events processed: 0 (in past 3600-sec window)
            Total events processed by current watcher: 0
            Total events processed since watcher thread created: 0
            Total watcher recycle count: 0
            Watcher thread created time: Mar 02 2017 10:51:37 PST
            Watcher thread status: Up
     
        service:
            Average event processing time: 3 msec (in past 3600-sec window)
            Current watcher started time: Mar 02 2017 10:51:37 PST
            Number of events processed: 1 (in past 3600-sec window)
            Total events processed by current watcher: 1
            Total events processed since watcher thread created: 1
            Total watcher recycle count: 0
            Watcher thread created time: Mar 02 2017 10:51:37 PST
            Watcher thread status: Up
  • Mostrar el estado de conexión entre el servidor de API de NCP y de Kubernetes
    get ncp-k8s-api-server status

    Ejemplo:

    kubenode> get ncp-k8s-api-server status
    Kubernetes ApiServer status: Healthy
  • Comprobar todos los proyectos o uno específico
    check projects
    check project <project-name>

    Ejemplo:

    kubenode> check projects
        default:
            Tier-1 link port for router 1b90a61f-0f2c-4768-9eb6-ea8954b4f327 is missing
            Switch 40a6829d-c3aa-4e17-ae8a-7f7910fdf2c6 is missing
    
        ns1:
            Router 8accc9cd-9883-45f6-81b3-0d1fb2583180 is missing
    
    kubenode> check project default
        Tier-1 link port for router 1b90a61f-0f2c-4768-9eb6-ea8954b4f327 is missing
        Switch 40a6829d-c3aa-4e17-ae8a-7f7910fdf2c6 is missing

Comandos de caché para el contenedor de NCP

  • Obtener la caché interna para los proyectos o los espacios de nombres
    get project-cache <project-name>
    get project-caches
    get namespace-cache <namespace-name>
    get namespace-caches

    Ejemplo:

    kubenode> get project-caches
        default:
            logical-router: 8accc9cd-9883-45f6-81b3-0d1fb2583180
            logical-switch:
                id: 9d7da647-27b6-47cf-9cdb-6e4f4d5a356d
                ip_pool_id: 519ff57f-061f-4009-8d92-3e6526e7c17e
                subnet: 10.0.0.0/24
                subnet_id: f75fd64c-c7b0-4b42-9681-fc656ae5e435
     
        kube-system:
            logical-router: 5032b299-acad-448e-a521-19d272a08c46
            logical-switch:
                id: 85233651-602d-445d-ab10-1c84096cc22a
                ip_pool_id: ab1c5b09-7004-4206-ac56-85d9d94bffa2
                subnet: 10.0.1.0/24
                subnet_id: 73e450af-b4b8-4a61-a6e3-c7ddd15ce751
    
        testns:
            ext_pool_id: 346a0f36-7b5a-4ecc-ad32-338dcb92316f
            labels:
                ns: myns
                project: myproject
            logical-router: 4dc8f8a9-69b4-4ff7-8fb7-d2625dc77efa
            logical-switch:
                id: 6111a99a-6e06-4faa-a131-649f10f7c815
                ip_pool_id: 51ca058d-c3dc-41fd-8f2d-e69006ab1b3d
                subnet: 50.0.2.0/24
                subnet_id: 34f79811-bd29-4048-a67d-67ceac97eb98
            project_nsgroup: 9606afee-6348-4780-9dbe-91abfd23e475
            snat_ip: 4.4.0.3
    
    kubenode> get project-cache default
        logical-router: 8accc9cd-9883-45f6-81b3-0d1fb2583180
        logical-switch:
            id: 9d7da647-27b6-47cf-9cdb-6e4f4d5a356d
            ip_pool_id: 519ff57f-061f-4009-8d92-3e6526e7c17e
            subnet: 10.0.0.0/24
            subnet_id: f75fd64c-c7b0-4b42-9681-fc656ae5e435
    
    kubenode> get namespace-caches          
        default:
            logical-router: 8accc9cd-9883-45f6-81b3-0d1fb2583180
            logical-switch:
                id: 9d7da647-27b6-47cf-9cdb-6e4f4d5a356d
                ip_pool_id: 519ff57f-061f-4009-8d92-3e6526e7c17e
                subnet: 10.0.0.0/24
                subnet_id: f75fd64c-c7b0-4b42-9681-fc656ae5e435
    
        kube-system:
            logical-router: 5032b299-acad-448e-a521-19d272a08c46
            logical-switch:
                id: 85233651-602d-445d-ab10-1c84096cc22a
                ip_pool_id: ab1c5b09-7004-4206-ac56-85d9d94bffa2
                subnet: 10.0.1.0/24
                subnet_id: 73e450af-b4b8-4a61-a6e3-c7ddd15ce751
    
        testns:
            ext_pool_id: 346a0f36-7b5a-4ecc-ad32-338dcb92316f
            labels:
                ns: myns
                project: myproject
            logical-router: 4dc8f8a9-69b4-4ff7-8fb7-d2625dc77efa
            logical-switch:
                id: 6111a99a-6e06-4faa-a131-649f10f7c815
                ip_pool_id: 51ca058d-c3dc-41fd-8f2d-e69006ab1b3d
                subnet: 50.0.2.0/24
                subnet_id: 34f79811-bd29-4048-a67d-67ceac97eb98
            project_nsgroup: 9606afee-6348-4780-9dbe-91abfd23e475
            snat_ip: 4.4.0.3
    
    kubenode> get namespace-cache default          
        logical-router: 8accc9cd-9883-45f6-81b3-0d1fb2583180
        logical-switch:
            id: 9d7da647-27b6-47cf-9cdb-6e4f4d5a356d
            ip_pool_id: 519ff57f-061f-4009-8d92-3e6526e7c17e
            subnet: 10.0.0.0/24
            subnet_id: f75fd64c-c7b0-4b42-9681-fc656ae5e435
  • Obtener la caché interna para los pods
    get pod-cache <pod-name>
    get pod-caches

    Ejemplo:

    kubenode> get pod-caches
        nsx.default.nginx-rc-uq2lv:
            cif_id: 2af9f734-37b1-4072-ba88-abbf935bf3d4
            gateway_ip: 10.0.0.1
            host_vif: d6210773-5c07-4817-98db-451bd1f01937
            id: 1c8b5c52-3795-11e8-ab42-005056b198fb
            ingress_controller: False
            ip: 10.0.0.2/24
            labels:
                app: nginx
            mac: 02:50:56:00:08:00
            port_id: d52c833a-f531-4bdf-bfa2-e8a084a8d41b
            vlan: 1
    
        nsx.testns.web-pod-1:
            cif_id: ce134f21-6be5-43fe-afbf-aaca8c06b5cf
            gateway_ip: 50.0.2.1
            host_vif: d6210773-5c07-4817-98db-451bd1f01937
            id: 3180b521-270e-11e8-ab42-005056b198fb
            ingress_controller: False
            ip: 50.0.2.3/24
            labels:
                app: nginx-new
                role: db
                tier: cache
            mac: 02:50:56:00:20:02
            port_id: 81bc2b8e-d902-4cad-9fc1-aabdc32ecaf8
            vlan: 3
    
    kubenode> get pod-cache nsx.default.nginx-rc-uq2lv
        cif_id: 2af9f734-37b1-4072-ba88-abbf935bf3d4
        gateway_ip: 10.0.0.1
        host_vif: d6210773-5c07-4817-98db-451bd1f01937
        id: 1c8b5c52-3795-11e8-ab42-005056b198fb
        ingress_controller: False
        ip: 10.0.0.2/24
        labels:
            app: nginx
        mac: 02:50:56:00:08:00
        port_id: d52c833a-f531-4bdf-bfa2-e8a084a8d41b
        vlan: 1
    
  • Obtener cachés de directiva de red o una específica
    get network-policy caches
    get network-policy-cache <network-policy-name>

    Ejemplo:

    kubenode> get network-policy-caches
        nsx.testns.allow-tcp-80:
            dest_labels: None
            dest_pods:
                50.0.2.3
            match_expressions:
                key: tier
                operator: In
                values:
                    cache
            name: allow-tcp-80
            np_dest_ip_set_ids:
                22f82d76-004f-4d12-9504-ce1cb9c8aa00
                np_except_ip_set_ids:
            np_ip_set_ids:
                14f7f825-f1a0-408f-bbd9-bb2f75d44666
            np_isol_section_id: c8d93597-9066-42e3-991c-c550c46b2270
            np_section_id: 04693136-7925-44f2-8616-d809d02cd2a9
            ns_name: testns
            src_egress_rules: None
            src_egress_rules_hash: 97d170e1550eee4afc0af065b78cda302a97674c
            src_pods:
                50.0.2.0/24
            src_rules:
                from:
                    namespaceSelector:
                        matchExpressions:
                            key: tier
                            operator: DoesNotExist
                        matchLabels:
                            ns: myns
                ports:
                    port: 80
                    protocol: TCP
            src_rules_hash: e4ea7b8d91c1e722670a59f971f8fcc1a5ac51f1
    
    
    kubenode> get network-policy-cache nsx.testns.allow-tcp-80
        dest_labels: None
        dest_pods:
            50.0.2.3
        match_expressions:
            key: tier
            operator: In
            values:
                cache
        name: allow-tcp-80
        np_dest_ip_set_ids:
            22f82d76-004f-4d12-9504-ce1cb9c8aa00
            np_except_ip_set_ids:
        np_ip_set_ids:
            14f7f825-f1a0-408f-bbd9-bb2f75d44666
        np_isol_section_id: c8d93597-9066-42e3-991c-c550c46b2270
        np_section_id: 04693136-7925-44f2-8616-d809d02cd2a9
        ns_name: testns
        src_egress_rules: None
        src_egress_rules_hash: 97d170e1550eee4afc0af065b78cda302a97674c
        src_pods:
            50.0.2.0/24
        src_rules:
            from:
                namespaceSelector:
                    matchExpressions:
                        key: tier
                        operator: DoesNotExist
                    matchLabels:
                        ns: myns
            ports:
                port: 80
                protocol: TCP
        src_rules_hash: e4ea7b8d91c1e722670a59f971f8fcc1a5ac51f1
    

Comandos de soporte para el contenedor de NCP

  • Guardar el paquete de soporte técnico de NCP en el almacén de archivos

    El paquete de soporte técnico consta de los archivos de registro de todos los contenedores de los pods con la etiqueta tier:nsx-networking. El archivo de paquete tiene formato tgz y se guarda en el directorio del almacén de archivos predeterminado de la CLI /var/vmware/nsx/file-store. Puede utilizar el comando del almacén de archivos de la CLI para copiar el archivo de paquete a un sitio remoto.

    get support-bundle file <filename>

    Ejemplo:

    kubenode>get support-bundle file foo
    Bundle file foo created in tgz format
    kubenode>copy file foo url scp://[email protected]:/tmp
  • Guardar los registros de NCP en el almacén de archivos

    El archivo de registro se guarda en formato tgz y en el directorio del almacén de archivos predeterminado de la CLI /var/vmware/nsx/file-store. Puede utilizar el comando del almacén de archivos de la CLI para copiar el archivo de paquete a un sitio remoto.

    get ncp-log file <filename>

    Ejemplo:

    kubenode>get ncp-log file foo
    Log file foo created in tgz format
  • Guardar los registros del agente del nodo en el almacén de archivos

    Guarde los registros del agente del nodo de uno nodo o de todos. Los registros se guardan en formato tgz y en el directorio del almacén de archivos predeterminado de la CLI /var/vmware/nsx/file-store. Puede utilizar el comando del almacén de archivos de la CLI para copiar el archivo de paquete a un sitio remoto.

    get node-agent-log file <filename>
    get node-agent-log file <filename> <node-name>

    Ejemplo:

    kubenode>get node-agent-log file foo
    Log file foo created in tgz format
  • Obtener y establecer el nivel de registro

    Los niveles de registro disponibles son NOTSET, DEBUG, INFO, WARNING, ERROR y CRITICAL.

    get ncp-log-level
    set ncp-log-level <log level>

    Ejemplo:

    kubenode>get ncp-log-level
    NCP log level is INFO
     
    kubenode>set ncp-log-level DEBUG
    NCP log level is changed to DEBUG

Comandos de estado para el contenedor de agentes del nodo de NSX

  • Mostrar el estado de conexión entre HyperBus y el agente de este nodo.
    get node-agent-hyperbus status

    Ejemplo:

    kubenode> get node-agent-hyperbus status
    HyperBus status: Healthy

Comandos de caché para el contenedor de agentes del nodo de NSX

  • Obtener la caché interna para contenedores de agentes del nodo de NSX.
    get container-cache <container-name>
    get container-caches

    Ejemplo 1:

    kubenode> get container-cache cif104
        ip: 192.168.0.14/32
        mac: 50:01:01:01:01:14
        gateway_ip: 169.254.1.254/16
        vlan_id: 104

    Ejemplo 2:

    kubenode> get container-caches
        cif104:
            ip: 192.168.0.14/32
            mac: 50:01:01:01:01:14
            gateway_ip: 169.254.1.254/16
            vlan_id: 104

Comandos de estado para el contenedor del proxy de NSX Kube

  • Mostrar el estado de conexión entre el servidor de Kube Proxy y de Kubernetes
    get ncp-k8s-api-server status

    Ejemplo:

    kubenode> get kube-proxy-k8s-api-server status
    Kubernetes ApiServer status: Healthy
  • Mostrar el estado del monitor de Kube Proxy
    get kube-proxy-watcher <watcher-name>
    get kube-proxy-watchers

    Ejemplo 1:

    kubenode> get kube-proxy-watcher endpoint
        Average event processing time: 15 msec (in past 3600-sec window)
        Current watcher started time: May 01 2017 15:06:24 PDT
        Number of events processed: 90 (in past 3600-sec window)
        Total events processed by current watcher: 90
        Total events processed since watcher thread created: 90
        Total watcher recycle count: 0
        Watcher thread created time: May 01 2017 15:06:24 PDT
        Watcher thread status: Up

    Ejemplo 2:

    kubenode> get kube-proxy-watchers
        endpoint:
            Average event processing time: 15 msec (in past 3600-sec window)
            Current watcher started time: May 01 2017 15:06:24 PDT
            Number of events processed: 90 (in past 3600-sec window)
            Total events processed by current watcher: 90
            Total events processed since watcher thread created: 90
            Total watcher recycle count: 0
            Watcher thread created time: May 01 2017 15:06:24 PDT
            Watcher thread status: Up
    
         service:
            Average event processing time: 8 msec (in past 3600-sec window)
            Current watcher started time: May 01 2017 15:06:24 PDT
            Number of events processed: 2 (in past 3600-sec window)
            Total events processed by current watcher: 2
            Total events processed since watcher thread created: 2
            Total watcher recycle count: 0
            Watcher thread created time: May 01 2017 15:06:24 PDT
            Watcher thread status: Up
  • Volcar los flujos OVS en un nodo
    dump ovs-flows

    Ejemplo:

    kubenode> dump ovs-flows
        NXST_FLOW reply (xid=0x4):
        cookie=0x0, duration=8.876s, table=0, n_packets=0, n_bytes=0, idle_age=8, priority=100,ip actions=ct(table=1)
        cookie=0x0, duration=8.898s, table=0, n_packets=0, n_bytes=0, idle_age=8, priority=0 actions=NORMAL
        cookie=0x0, duration=8.759s, table=1, n_packets=0, n_bytes=0, idle_age=8, priority=100,tcp,nw_dst=10.96.0.1,tp_dst=443 actions=mod_tp_dst:443
        cookie=0x0, duration=8.719s, table=1, n_packets=0, n_bytes=0, idle_age=8, priority=100,ip,nw_dst=10.96.0.10 actions=drop
        cookie=0x0, duration=8.819s, table=1, n_packets=0, n_bytes=0, idle_age=8, priority=90,ip,in_port=1 actions=ct(table=2,nat)
        cookie=0x0, duration=8.799s, table=1, n_packets=0, n_bytes=0, idle_age=8, priority=80,ip actions=NORMAL
        cookie=0x0, duration=8.856s, table=2, n_packets=0, n_bytes=0, idle_age=8, actions=NORMAL