Node Serviceability Commands Reference
Objective
This document provides reference information on the execcli command-line interface tool. This CLI tool enables you to service your customer edge (CE) site nodes as well as provide features to debug and troubleshoot network issues, file operations, process operations, container troubleshooting, resource monitoring, and kubectl admin operations.
Note: If additional system tuning is needed for your use cases using
execcli, contact the F5 Distributed Cloud Support Team.
Access Command
-
To access the
execclicommand, log into your node using SSH. For cloud sites running on CentOS, usecentosas the username. For cloud sites running on RHEL, usecloud-useras the username. -
Enter
execcli.
>>> execcli
Exec cli commands to debug CE
Usage:
execcli [command]
Examples:
execcli journalctl -u vpm -f
Available Commands:
atomic-host-deploy Upgrade base OS before node provisioning
check-mem return `free`, `vmstat` command
chronyc-sources check if ntp is synced
crictl-images check crio images
crictl-inspect check crio container
crictl-logs check crio container log
crictl-ps list crio containers
crictl-ps-a list crio containers with -a option
curl-host curl on host OS
curl-vega curl in kubernetes cluster
docker-images check docker images
docker-inspect check docker container
docker-logs check docker container log
docker-prune prune docker all unused objects
docker-ps list docker containers
docker-ps-a list docker containers with -a option
dropstats dump argo dropstats
dropstats-non-zero dump argo dropstats (skip zero packet counter)
edit-azure-client-id-secret update azure client id and secret for this CE when it had expired
edit-certified-hardware edit ceritifed-hardware config (please do not use this unless F5 XC support requested)
edit-etc-hosts edit /etc/hosts
edit-sysctl-conf edit sysctl.conf
edit-udev-10-nic-name edit /etc/udev/rules.d/10-nic-names.rules to update nicname
envoy-clusters show installed envoy clusters
envoy-config-dump show envoy config-dump
envoy-hc-config-dump show envoy healthcheck config-dump
envoy-listeners show installed envoy listeners
etcdctl-cluster-member-status From etcd pod on this node, check etcd member cluster status 'etcdctl -w table member status --cluster'
files files <commands> perform file operations on node, saving to file output is allowed but only under /tmp directory
firewall-cmd calls firewall-cmd command on node
flow-l dump argo flow info
flow-l-match dump argo flow info with ip or ip:port pair
ip calls ip command
ip-link-set bring a network interface up or down
ip-link-show see link-layer information of all available devices
ipsec-status Show ipsec status
ipsec-statusall Show ipsec status for all targets
journalctl check system log
kubectl calls kubectl command on node
load-sysctl-conf load sysctl.conf
lsof calls lsof command on node
mpls invoke argo mpls command
netstat netstat command on node
nh invoke argo nh command
nmcli configure NetworkManager profile
ping calls ping command on node
rpm-ostree calls rpm-ostree command on node
rt invoke argo rt command
show-ip-bgp Show bgp with more detail
show-ip-bgp-neighbors Show bgp neighbor info
show-ip-bgp-neighbors-advertised-route Show advertised routes to bgp neighbors
show-ip-bgp-summary Show bgp summary
sysctl calls sysctl command on node
systemctl-restart-crio restart crio service
systemctl-restart-docker restart docker service
systemctl-restart-iscsid restart iscsid service
systemctl-restart-kubelet restart kubelet service
systemctl-restart-multipathd restart multipathd service
systemctl-restart-vpm restart vpm service
systemctl-status-crio check crio service
systemctl-status-docker check docker service
systemctl-status-iscsid check iscsid service
systemctl-status-kubelet check kubelet service
systemctl-status-multipathd check multipathd service
systemctl-status-vpm check vpm service
top top command to check resource usage
traceroute calls traceroute command on node
vegactl-configuration-list vegactl configuration list
vegactl-introspect-dump-table vegactl introspect dump-table
vegactl-introspect-get vegactl introspect get
vegactl-introspect-list-tracebuffers list vega tracebuffer
vegactl-introspect-show-election check vegactl cluster primary election status
vegactl-introspect-show-tracebuffer show vega tracebuffer
vif invoke argo vif command
vifdump Capture packets on specified vif
vifdump-d Capture dropped packets on specified vif id or all vif
vifdump-file-cp docker cp $(argo):/tmp/. /tmp/vifdump/
vifdump-file-rm rm argo /tmp/*.pcap file
vifdump-stop stop vifdump command if previous run abnormally ended
Flags:
-h, --help help for execcli
Use " execcli [command] --help" for more information about a command.
Note: For more information, see How to collect debug-info for cloud and on-prem Customer Edge (CE) site.
Debugging Commands
The following general Linux commands are supported:
- File operations: You can execute
catandgrepcommands with an ability to use additional operations like pipe (|) and redirect (>). These operations will allow you to collect necessary debug information when requested by F5 Distributed Cloud Support and engineering teams during a maintenance window or other service windows.
-
Network troubleshooting: You can execute
ip <xyz>commands to troubleshoot interfaces, check IP neighbors, or set a different maximum transmission unit (MTU) if needed. Additionally, you can also invokepingandtraceroutecommands fromexecclifor troubleshooting purposes. -
Kubernetes/container troubleshooting: Upon direction from F5 Distributed Cloud Support and engineering teams, you can execute
docker/crictl <xyz>commands to troubleshoot container status, get logs, or set parameters. -
Resource monitoring: Upon direction from F5 Distributed Cloud Support and engineering teams, you can monitor resources by CLI using the
lsofandnetstatcommands. These commands must be executed by shell script, because the logs may be required when network connectivity is down. -
Applying workarounds: Upon direction from F5 Distributed Cloud Support and engineering teams, you can modify files by executing commands like
vi /etc/xxxorecho “workaround file” >> /etc/xxx. These operations will allow you to fix issues temporarily. -
Kubectl administrator operations: You can execute
kubectladmin command for managing F5 App Stack clusters. For example,kubectl delete node.