lunar (1) netopeer2-cli.1.gz

Provided by: netopeer2_2.0.35-1ubuntu1_amd64 bug

NAME

       netopeer2-cli - NETCONF client with command line interface build on libnetconf2

DESCRIPTION

       netopeer2-cli  serves  as  a generic NETCONF client providing a simple interactive command
       line interface. It allows user to establish  a  NETCONF  session  with  a  NETCONF-enabled
       device  on the network and to obtain and manipulate its configuration data.  netopeer2-cli
       is limited to a single NETCONF connection at a time via a forward or a reverse (Call Home)
       connecting method.

       Here is the list of NETCONF capabilities supported by netopeer2-cli:

       • NETCONF protocol version 1.0 and 1.1 (RFC 6241)

       • SSH transport (RFC 6242)

       • TLS transport (RFC 5539bis)

       • Call Home (reverse SSH/TLS)

       • Event Notifications (RFC 5277)

       • Access Control (RFC 6536)

       • :writable-running capability

       • :startup capability

       • :candidate capability

       • :confirmed-commit capability

       • :validate capability version 1.1

       • :with-defaults capability (RFC 6243)

       • :url capability

       • :xpath capability

TRANSPORT

       The  supported transport protocols are detected automatically based on how was libnetconf2
       compiled.  Unsupported (sub)commands are then not available and are hidden  in  the  help.
       This page, however, contains them all.

COMMANDS

   help
       Display  list  of  commands.  --(h)elp  option  is  also  accepted by all commands to show
       detailed information about the command.

   connect
       Connect to a NETCONF server.

       connect [--help] [--host hostname] [--port num]
           [--ssh] [--login username]
           --tls  [--cert cert_path [--key key_path]] [--trusted trusted_CA_store.pem]

           --h(o)st hostname
               Specifies the hostname of the NETCONF server to  connect  to.  If  not  specified,
               'localhost' is used.

           --(p)ort num
               Port to connect to the NETCONF server on. By default, port 830 for SSH or 6513 for
               TLS transport is used.

           --(s)sh
               Use NETCONF over SSH transport. This is the default, when both  SSH  and  TLS  are
               enabled.

           --(l)ogin username
               Specify  the  SSH username to connect with. By default, the current system user is
               used.

           --(t)ls
               Use NETCONF over TLS transport.

           --(c)ert cert_path
               Use a specific certificate for TLS handshake.  cert_path  specifies  path  to  the
               client  certificate in CRT format. If the --key option is not specified, cert_path
               is expected to contain also the private key for the  client  certificate,  in  PEM
               format.

           --(k)ey key_path
               Specifies path to the private key for the client certificate in KEY format. If not
               specified, cert_path is expected to contain also the private key  for  the  client
               certificate, in PEM format.

           --t(r)usted trusted_CA_store.pem
               Specifies  path  to  a  trusted  CA  certificate  bundle  in PEM format to be used
               exclusively for server verification for this connection instead of the default  CA
               directory.

   listen
       Listen for a NETCONF Call Home.

       listen [--help] [--timeout sec] [--host hostname] [--port num]
           [--ssh] [--login username]
           --tls  [--cert cert_path [--key key_path]] [--trusted trusted_CA_store.pem]

           --t(i)meout sec
               Specifies  the time for how long the CLI will listen for the Call Home connection.
               By default, 60 (a minute) is used.

           --h(o)st hostname
               Specifies the hostname (interface) to listen on. By default, ::0 is used.

           other options
               The rest of the options have similar meaning as in connect.

   disconnect
       Disconnect from a NETCONF server.

   commit
       Perform NETCONF <commit> operation. For more details see RFC 6241 section 8.3.4.1.

       commit  [--help]   [--confirmed]   [--confirm-timeout   sec]   [--persist   new-commit-id]
       [--persist-id commit-id]

           --(c)onfirmed
               Make the <commit> a confirmed commit. See RFC 6421 section 8.4.

           --confirm-(t)imeout sec
               Specify the confirmed commit timeout. Can be used only with --confirmed.

           --(p)ersist new-commit-id
               Make  the  commit  a  persistent commit. new-commit-id is the identificator of the
               commit.

           --persist-(i)d commit-id
               Confirm a persistent commit with the commit-id identificator.

   cancel-commit
       Cancel a pending confirmed commit.

       cancel-commit [--help] [--persist-id commit-id]

           --persist-(i)d commit-id
               Cancel a specific commit-id pending confirmed commit.

   copy-config
       Perform NETCONF <copy-config> operation. For more details see RFC 6241 section 7.3.

       copy-config     [--help]     --target     running|startup|candidate|url:url      (--source
       running|startup|candidate|url:url  |  --src-config  [file]) [--defaults report-all|report-
       all-tagged|trim|explicit]

           --(t)arget running|startup|candidate|url:url
               Specifies the target of the <copy-config>  operation.  Either  a  datastore  or  a
               specific URL can be specified.

           --(s)ource running|startup|candidate|url:url
               Specifies  the  source  of  the  <copy-config>  operation. Either a datastore or a
               specific URL can be specified.

           --src-(c)onfig [file]
               Specifies  the  source  of  the  <copy-config>  operation.  If  a  file  with  the
               configuration is not specified, the configuration is read from the standard input.

           --(d)efaults report-all|report-all-tagged|trim|explicit
               Use  :with-defaults capability with the specified retrieval mode. For more details
               see RFC 6243 section 3.

   delete-config
       Perform NETCONF <delete-config> operation. For more details see RFC 6241 section 7.4.

       delete-config [--help] --target startup|url:url

           --(t)arget startup|url:url
               Specifies  the  target  of  the  <delete-config>  operation.  Either  the  startup
               datastore or a specific URL can be specified.

   discard-changes
       Perform NETCONF <discard-changes> operation. It reverts the candidate configuration to the
       current running configuration. For more details see RFC 6241 section 8.3.4.2.

   edit-config
       Perform NETCONF <edit-config> operation. For more details see RFC 6241 section 7.2.

       edit-config [--help] --target running|candidate (--config [file]  |  --url  url)  [--defop
       merge|replace|none] [--test set|test-only|test-then-set] [--error stop|continue|rollback]

           --(t)arget running|candidate
               Specifies the target of the <edit-config> operation.

           --(c)onfig [file]
               Specifies  the  content  of  the  <edit-config>  operation.  If  a  file  with the
               configuration is not specified, the configuration is read from the standard input.

           --(u)rl ur
               Specifies the content of the <edit-config> operation. It is  retrieved  from  that
               specific URL.

           --def(o)p merge|replace|none
               Specifies default operation for applying configuration data.

               merge  Merge  configuration  data  at the corresponding level. This is the default
                      value.

               replace
                      Edit configuration data completely replaces the configuration in the target
                      datastore.

               none   The  target  datastore is unaffected by the edit configuration data, unless
                      and until the edit configuration data contains the operation  attribute  to
                      request a different operation.

           --t(e)st set|test-only|test-then-set
               Perform  validation  of  the modified configuration data. This option is available
               only if the server supports :validate:1.1 capability (see RFC 6241 section 8.6).

               set    Do not perform validation test.

               test-only
                      Do not apply the modified data, only perform the validation test.

               test-then-set
                      Perform a validation test before attempting to apply modified configuration
                      data.  This is the default value.

           --e(r)ror stop|continue|rollback
               Set reaction to an error.

               stop   Abort the operation on first error. This is the default value.

               continue
                      Continue  to process configuration data on error. The error is recorded and
                      negative response is returned.

               rollback
                      Stop the operation processing on error and restore the configuration to its
                      complete  state  at  the  start of this operation. This action is available
                      only if the server supports :rollback-on-error  capability  (see  RFC  6241
                      section 8.5).

   get
       Perform  NETCONF <get> operation. Retrieves both status as well as configuration data from
       the current running datastore. For more details see RFC 6241 section 7.7.

       get  [--help]  [--filter-subtree  [file]  |  --filter-xpath  XPath]  [--defaults   report-
       all|report-all-tagged|trim|explicit] [--out file]

           --filter-(s)ubtree [file]
               Specifies  if the request will contain a subtree filter (RFC 6241 section 6).  The
               file is expected to contain the filter specification. If it is not  specified,  it
               is read from standard input.

           --filter-(x)path XPath
               Specififes  is  the  request will contain an XPath filter. XPath is the expression
               used for filtering.

           --(d)efaults report-all|report-all-tagged|trim|explicit
               Use :with-defaults capability with specified retrieval mode. For more details  see
               RFC 6243 section 3.

           --(o)ut file
               Print the result of the command into a file rather than to the standard output.

   get-config
       Perform  NETCONF  <get-config>  operation.  Retrieves  only  configuration  data  from the
       specified source. For more details see RFC 6241 section 7.1.

       get-config  [--help]  --source  running|startup|candidate   [--filter-subtree   [file]   |
       --filter-xpath XPath] [--defaults report-all|report-all-tagged|trim|explicit] [--out file]

           --(s)ource running|startup|candidate
               Specifies the source of the <get-config> operation.

           --filter-(s)ubtree [file]
               Specifies  if the request will contain a subtree filter (RFC 6241 section 6).  The
               file is expected to contain the filter specification. If it is not  specified,  it
               is read from standard input.

           --filter-(x)path XPath
               Specififes  is  the  request will contain an XPath filter. XPath is the expression
               used for filtering.

           --(d)efaults report-all|report-all-tagged|trim|explicit
               Use :with-defaults capability with specified retrieval mode. For more details  see
               RFC 6243 section 3.

           --(o)ut file
               Print the result of the command into a file rather than to the standard output.

   get-schema
       Perform  NETCONF  <get-schema>  operation  that retrieves specified data model used by the
       server. This operation is available only if the server  implements  the  YANG  Module  for
       NETCONF  Monitoring.  The  list  of  available  schemas  can  be  retrieved from /netconf-
       state/schemas subtree via the <get> operation. For more details see RFC 6022 sections  3.1
       and 4.

       get-schema [--help] --model identifier [--version version] [--format format] [--out file]

           --(m)odel identifier
               Identifier for the schema list entry.

           --(v)ersion version
               Version of the requested schema.

           --(f)ormat format
               The  data  modeling  language  (format)  of the requested schema. Default value is
               yang.

           --(o)ut file
               Print the result of the command into a file rather than to the standard output.

   kill-session
       Perform NETCONF <kill-session> operation  to  terminate  specified  NETCONF  session.   To
       terminate  the  current session, use the disconnect command. For more details see RFC 6241
       section 7.9.

       kill-session [--help] --sid sesion-ID

           --(s)id session-ID
               Session identifier of the NETCONF session to be terminated.

   lock
       Perform the NETCONF <lock> operation to lock  the  entire  configuration  datastore  of  a
       server. For more details see RFC 6241 section 7.5.

       lock [--help] --target running|startup|candidate

           --(t)arget running|startup|candidate
               Target datastore to lock..

   unlock
       Perform  the  NETCONF  <unlock>  operation  to  release  a  configuration lock, previously
       obtained with the <lock> operation. For more details see RFC 6241 section 7.6.

       lock [--help] --target running|startup|candidate

           --(t)arget running|startup|candidate
               Target datastore to unlock.

   validate
       Perform the NETCONF <validate> operation to validate configuration data. For more  details
       see RFC 6241 section 8.6.4.1.

       validate [--help] (--source running|startup|candidate|url:url | --src-config [file])

           --(s)ource running|startup|candidate|url:url
               Specifies the source of the <validate> operation. Either a datastore or a specific
               URL can be specified.

           --src-(c)onfig [file]
               Specifies the source of the <validate> operation. If a file with the configuration
               is not specified, the configuration is read from the standard input.

   subscribe
       Perform  NETCONF Event Notifications <create-subscription> operation. For more details see
       RFC 5277 section 2.1.1.

       subscribe [--help] [--filter-subtree [file] | --filter-xpath XPath] [--begin time]  [--end
       time] [--stream stream] [--out file]

           --filter-(s)ubtree [file]
               Specifies  if the request will contain a subtree filter (RFC 6241 section 6).  The
               file is expected to contain the filter specification. If it is not  specified,  it
               is read from standard input.

           --filter-(x)path XPath
               Specififes  is  the  request will contain an XPath filter. XPath is the expression
               used for filtering.

           --(b)egin time
               Start to replay event notifications from past (future time is not valid).  If  the
               start  time  is  not specified, replay feature is not activated and only new event
               notifications are received. Format of the time parameter is described below.

           --(e)nd time
               Specifies when the event replay stops. Format of the time parameter is as follows:

               +time  Current time plus the given number of seconds.

               time   Absolute time as number of seconds since 1970-01-01.

               -time  Current time minus the given number of seconds.

           --s(t)ream stream
               Specifies which event stream is of the interest. If not specified, default NETCONF
               stream  is  received.  The  list  of  available  streams  can  be  retrieved  from
               /netconf/streams subtree via the <get> operation.

           --(o)ut file
               Print the received notifications into a file rather than to the standard output.

   cert
       Manage client and trusted  Certificate  Authority  certificates  that  are  used  for  TLS
       verification stored in ~/.netopeer2-cli/client.* and ~/.netopeer2-cli/certs respectively.

       This command is available with TLS support.

       cert  [--help]  [display]  [add  cert_path]  [remove  cert_name]  [displayown] [replaceown
       (cert_path.pem | cert_path.crt key_path.key)]

           display
               Displays all the recognized certificates in ~/.netopeer2-cli/certs. First the file
               name  and  serial  number,  then  subject,  issuer and validity are shown for each
               certificate.

           add cert_path
               Adds the cert_path certificate to the trusted CA  dir  ~/.netopeer2-cli/certs  and
               recalculates hashes of all the certificates.

           remove cert_name
               Removes  the  cert_name certificate from the trusted CA dir ~/.netopeer2-cli/certs
               and recalculates hashes of all the certificates. cert_name is the certificate file
               name, as displayed in the cert display command output.

           displayown
               Shows information about the status of the default client certificates and displays
               information     about     any     relevant     found      client      certificates
               ~/.netopeer2-cli/client.crt and ~/.netopeer2-cli/client.pem.

           replaceown cert_path [key_path]
               Replaces  the default client certificates with the PEM certificate in cert_path or
               the CRT certificate cert_path and  private  key  key_path.   All  previous  client
               certificates are deleted.

   crl
       Manage    Certificate    Revocation   List   certificates   that   are   stored   in   the
       ~/.netopeer2-cli/crl directory.

       This command is available only with TLS support.

       crl [--help] [display] [add crl_path] [remove crl_name]

           display
               Displays all the recognized CRLs in ~/.netopeer2-cli/crl.  First  the  file  name,
               then  issuer,  last  and  next update dates are shown for each CRL followed by the
               serial numbers and revocation dates of all the revocated certificates.

           add crl_path
               Adds the crl_path CRL to the ~/.netopeer2-cli/crl dir and recalculates  hashes  of
               all the CRLs.

           remove crl_name
               Removes  the  cert_name  CRL  from  the  ~/.netopeer2-cli/crl dir and recalculates
               hashes of all the CRLs. crl_name is the CRL file name, as  displayed  in  the  crl
               display command output.

   auth
       Manage SSH authentication options - authentication preferences and private keys.

       This command is available with SSH support.

       auth  (--help  |  pref  [(publickey  |  interactive  |  password)  preference] | keys [add
       private_key_path] [remove key_index])

           pref
               Print the current authentication method preferences or change  a  specific  method
               preference.

           preference
               The  new  preference  of  the  authentication  method. Negative values disable the
               authentication method.

           keys
               Manage keys used for authentication.

           path_to_the_key
               If specified, add or remove the keys. If not, show the current keys.

   editor
       Manage the external editor used for modifying raw input data.

       editor [--help] [path/name_of_the_editor]

           path/name_of_the_editor
               The full path or just the name of the editor to be used.

   status
       Print information about the current NETCONF session.

   user-rpc
       Send your own content in an RPC envelope.

       user-rpc [--help] [--content file] [--out file]

           --(c)ontent file
               Specifies a file containing NETCONF RPC operation in XML format. Only the  NETCONF
               <rpc>  envelope  is  added to the file content and then it is sent to a server. If
               the file is omitted, the RPC content is read from the standard input.

           --(o)ut file
               Print the command result into a file rather than to the standard output.

   searchpath
       Set the directory, which will be used when  searching  for  modules.  Modules  are  always
       needed  to  be  able  to  work  with the same data as a NETCONF server.  They are searched
       locally (in this directory) only if the server does not support the  <get-schema>  NETCONF
       operation. If it does, all the modules (except ietf-netconf-monitoring, which includes the
       definition of the <get-schema> RPC itself) are downloaded from the server.

       searchpath model-dir-path

   outputformat
       Set the format for all the output data. XML is the default.

       outputformat (xml | xml_noformat | json)

   version
       Print the CLI version.

   verb
       Set CLI verbosity. Only errors are printed by default.

       verb (error/0 | warning/1 | verbose/2 | debug/3)

   quit
       Quit the program.

FILES

       ~/.netopeer2-cli/config.xml
              Per user configuration for NETCONF  <hello>  message  (see  RFC  6241  for  further
              details).

       ~/.netopeer2-cli/history
              Per user history of executed commands.

       ~/.netopeer2-cli/client.pem
              Per  user  certificate  with  its  private  key  that  is  sent  to  the server for
              verification. If  present  together  with  client.crt  and  client.key  it  is  not
              utilized. Only with TLS support.

       ~/.netopeer2-cli/client.crt
              Per  user  certificate  that  is  sent  to  the  server  for  verification. Needs a
              corresponding private key to be utilized. Only with TLS support.

       ~/.netopeer2-cli/client.key
              Per user private key for the user certificate. Needs a corresponding certificate to
              be utilized. Only with TLS support.

       ~/.netopeer2-cli/certs
              Per  user trusted Certificate Authority directory that is searched when verifying a
              server certificate. Only with TLS support.

       ~/.netopeer2-cli/crl
              Per user Certificate Revocation List directory that is searched  when  verifying  a
              server certificate. Only with TLS support.

SEE ALSO

       RFC 5277 (Event Notifications)
       RFC 6241 (NETCONF v1.1)
       RFC 6242 (NETCONF over SSH)
       RFC 6243 (With-defaults capability)
       RFC 6536 (NETCONF Access Control)
       http://tools.ietf.org/html/draft-ietf-netconf-rfc5539bis-05 (NETCONF over TLS)
       http://tools.ietf.org/html/draft-ietf-netconf-reverse-ssh-05 (Call Home)
       https://github.com/CESNET/netopeer2 (Netopeer homepage)

AUTHORS

       Michal Vasko <mvasko@cesnet.cz>
       Radek Krejci <rkrejci@cesnet.cz>

       Copyright © 2012-2021 CESNET, a.l.e.
       Copyright © 2018-2021 Deutsche Telekom AG.