1.1 - Photon Management Daemon Command-line Interface (pmd-cli)
Photon OS provides the Photon Management Daemon command line interface (pmd-cli).
Setup Steps
The pmd-cli utility is included with your Photon OS distribution. To make sure that you have the latest version, you can run:
Syntax
pmd-cli [connection_auth_options] <component> <command> [command_options]
Passed-in parameter values can be enclosed in single (') or double-quotes (") as long as you use matching characters to denote the beginning and end of the value. Unless a parameter value contains special characters or spaces, you can also omit quotes altogether.
Connection / Authorization Options
Local Connections
For local connections, you omit the connection and authorization options:
pmd-cli <component> <cmd> <options>
Permissions for the currently logged-in user apply when executing commands. This is the same as specifying –servername localhost.
Remote Connections
For connecting to a remote server (a server other than the local server), you specify two connection / authorization options:
--servername
: name of the server--user
: username of a user account on the server
Note: For authentication, you can specify the username (–user <username>) on the command line, but never the password. For security reasons, the system must prompt you for the password.
The option for remote connection is as follows:
System User
pmd-cli --servername <server> --user <username>
Component
<component>
is one of the following values:
Firewall Management
The Photon Management Daemon provides CLI commands to help you get information about the firewall.
Syntax
pmd-cli [connection_auth_options] firewall <command> [command_options]
firewall help
Get help for firewall CLI commands.
firewall rules
Get a list of the current persistent firewall rules.
pmd-cli firewall rules [command-options]
This command returns information about each firewall rule, such as the chain to which it belongs, the policy to enforce, the table to manipulate, and so on.
Add a new firewall rule.
pmd-cli firewall rules --chain <chain_name> --add <rule_specification>
Example:
pmd-cli firewall rules --chain INPUT --add "-p tcp -m tcp --dport 21 -j ACCEPT"
Note: To confirm that the firewall rule was added, run iptables -S. Running pmd-cli firewall rules lists only persistent rules.
Delete a new firewall rule.
pmd-cli firewall rules --chain <chain_name> --delete <rule_specification>
Note: To confirm that the firewall rule was removed, run iptables -S. Running pmd-cli firewall rules lists only persistent rules.
Make firewall rule changes peristent (add –persist flag)
pmd-cli firewall rules --chain <chain_name> --add <rule_specification> --persist
firewall version
Get the version number of the fwmgmt component on the server.
Network Management
The Photon Management Daemon provides CLI commands to help you manage network interfaces.
Syntax
pmd-cli [connection_auth_options] net <command> [command_options]
Query and control the netmanager subsystem.
-h --help Show this help message and exit
-v --version Show package version
Many of these commands require the interface name (–interface <ifname>). Command options are described below.
Command Command Option Description
----------------------------------------------------------------------------------------------------
set-mtu [LINK] [MTU] Set Link MTU
set-mac [LINK] [MAC] Set Link MAC
set-link-mode [LINK] [MODE { yes | no | on | off | 1 | 0} ] Set Link managed by networkd
set-dhcp-mode [LINK] [DHCP-MODE { yes | no | ipv4 | ipv6 } ] Set Link DHCP setting
set-dhcp4-client-identifier [LINK] [IDENTIFIER { mac | duid | duid-only}
set-dhcp-iaid [LINK] [IAID] Sets the DHCP Identity Association
Identifier (IAID) for the
interface, a 32-bit unsigned
integer.
set-dhcp-duid [LINK | system] [DUID { link-layer-time | Sets the DHCP Client DUID type which
vendor | link-layer | uuid } ] [RAWDATA] specifies how the DUID should be
generated and [RAWDATA] to overides the
global DUIDRawData.
set-link-state [LINK] [STATE { up | down } ] Set Link State
add-link-address [LINK] [ADDRESS] [PEER] ] Add Link Address
delete-link-address [LINK] Removes Address from Link
add-default-gateway [LINK] [GW address] onlink [ONLINK Add Link Default Gateway
{ yes | no | on | off | 1 | 0}]
delete-gateway [LINK] Removes Gateway from Link
add-route [LINK] [GW address] metric [METRIC { number }] Set Link route
delete-route [LINK] Removes route from Link
add-additional-gw [LINK] [ADDRESS] [ROUTE address] [GW address] Configures additional gateway for
[ROUTING POLICY TABLE number] another NIC with routing policy rules
set-hostname [HOSTNAME] Sets hostname
add-dns [LINK | system] [ADDRESS] Set Link DNS servers
add-domain [LINK | system] [DOMAIN] Set Link DOMAIN
revert-resolve-link [LINK] Flushes all DNS server and Domain
settings of the link
set-link-local-address [LINK] [LinkLocalAddressing Set Link link-local
{ yes | no | on | off | 1 | 0}] address autoconfiguration
set-ipv4ll-route [LINK] [IPv4LLRoute Set the route needed
{ yes | no | on | off | 1 | 0}] for non-IPv4LL hosts to communicate
with IPv4LL-only hosts
set-llmnr [LINK] [LLMNR { yes | no | on | off | 1 | 0}] Set Link Link-Local Multicast Name
Resolution
set-multicast-dns [LINK] [MulticastDNS { yes | no | on | off | 1 | 0}] Set Link Multicast DNS
set-lldp [LINK] [LLDP { yes | no | on | off | 1 | 0}] Set Link Ethernet LLDP packet reception
set-emit-lldp [LINK] [EmitLLDP { yes | no | on | off | 1 | 0}] Set Link Ethernet LLDP packet emission
set-ipforward [LINK] [IPForward { yes | no | on | off | 1 | 0}] Set Link IP packet forwarding for the system
set-ipv6acceptra [LINK] [IPv6AcceptRA { yes | no | on | off | 1 | 0}] Set Link IPv6 Router Advertisement (RA) reception
support for the interface
set-ipmasquerade [LINK] [IPMasquerade { yes | no | on | off | 1 | 0}] Set IP masquerading for the network interface
set-dhcp4-use-dns [LINK] [UseDNS { yes | no | on | off | 1 | 0}] Set Link DHCP4 Use DNS
set-dhcp4-use-domains [LINK] [UseDomains { yes | no | on | off | 1 | 0}] Set Link DHCP4 Use DOMAINS
set-dhcp4-use-mtu [LINK] [UseMTU { yes | no | on | off | 1 | 0}] Set Link DHCP4 Use MTU
set-dhcp4-use-ntp [LINK] [UseNTP { yes | no | on | off | 1 | 0}] Set Link DHCP4 Use NTP
set-dhcp4-use-dns [LINK] [UseDNS { yes | no | on | off | 1 | 0}] Set Link DHCP4 Use DNS
set-dhcp6-use-dns [LINK] [UseDNS { yes | no | on | off | 1 | 0}] Set Link DHCP6 Use DNS
set-dhcp6-use-ntp [LINK] [UseNTP { yes | no | on | off | 1 | 0}] Set Link DHCP6 Use NTP
add-ntp [LINK] [NTP] Add Link NTP server address. This option may be
specified more than once.
This setting is read by systemd-timesyncd.service(8)
set-ntp [LINK] [NTP] Set Link NTP server address. This option may be
specified more than once.
This setting is read by systemd-timesyncd.service(8)
delete-ntp [LINK] [NTP] Delete Link NTP server address. This option may be
specified more than once.
This setting is read by systemd-timesyncd.service(8)
disable-ipv6 [LINK] Disables IPv6 on the interface.
enable-ipv6 [LINK] Enables IPv6 on the interface.
create-vlan [VLAN name] dev [LINK master] id [ID INTEGER] Creates vlan netdev and sets master to device
create-bridge [BRIDGE name] [LINK] [LINK] ... Creates bridge netdev and sets master to device
create-bond [BOND name] mode [MODE {balance-rr Creates bond netdev and sets master to device
| active-backup | balance-xor | broadcast
| 802.3ad | balance-tlb | balance-alb}]
[LINK] [LINK] ...
create-vxlan [VXLAN name] [dev LINK] vni [INTEGER] Creates vxlan VXLAN
[local ADDRESS] [remote ADDRESS] (Virtual eXtensible Local Area Network) tunneling.
[port PORT]
[independent { yes | no | on | off | 1 | 0}].
create-macvlan [MACVLAN name] dev [LINK] mode Creates macvlan virtualized bridged networking.
[MODE {private | vepa | bridge | passthru | source}]
create-macvtap [MACVTAP name] dev [LINK] mode [MODE Creates macvtap virtualized bridged networking.
{private | vepa | bridge | passthru | source}]
create-ipvlan [IPVLAN name] dev [LINK] mode Creates ipvlan, virtual LAN, separates
[MODE {l2 | l3 | l3s}] broadcast domains by adding tags to network packet.
create-ipvtap [IPVTAP name] dev [LINK] Create ipvtap.
mode [MODE {l2 | l3 | l3s}]
create-vrf [VRF name] table [INTEGER}] Creates Virtual routing and forwarding (VRF).
create-veth [VETH name] peer [PEER name}] Creates virtual Ethernet devices.
create-ipip [IPIP name] [dev LINK] local [ADDRESS] Creates ipip tunnel.
remote [ADDRESS] [independent
{ yes | no | on | off | 1 | 0}]
create-sit [SIT name] [dev LINK] local [ADDRESS] Creates sit tunnel.
remote [ADDRESS] [independent
{ yes | no | on | off | 1 | 0}]
create-vti [VTI name] [dev LINK] local [ADDRESS] Creates vti tunnel.
remote [ADDRESS] [independent
{ yes | no | on | off | 1 | 0}]
create-gre [GRE name] [dev LINK] local [ADDRESS] Creates gre tunnel.
remote [ADDRESS] [independent
{ yes | no | on | off | 1 | 0}]
create-wg [WIREGUARD name] private-key [PRIVATEKEY] Creates a wireguard tunnel.
listen-port [PORT INTEGER] public-key
[PUBLICKEY] preshared-key [PRESHAREDKEY]
allowed-ips [IP,IP ...] endpoint [IP:PORT]
reload Reload .network and .netdev files.
reconfigure [LINK] Reconfigure Link.
add-nft-table [FAMILY {ipv4 | ipv6 | ip}] [TABLE] Adds a new table.
get-nft-tables [FAMILY {ipv4 | ipv6 | ip}] [TABLE] shows nftable's tables.
delete-nft-table [FAMILY {ipv4 | ipv6 | ip}] [TABLE] deletes a existing nftable's table.
add-nft-chain [FAMILY {ipv4 | ip}] [TABLE] [CHAIN] adds a new nftable's chain.
get-nft-chains [FAMILY {ipv4 | ipv6 | ip}] [TABLE] [CHAIN] shows nftable's chains.
delete-nft-chain [FAMILY {ipv4 | ipv6 | ip}] [TABLE] [CHAIN] deletes a nftable's chain from table
add-nft-rule [FAMILY {ipv4 | ipv6 | ip}] [TABLE] [CHAIN] configures a nft rule for a port.
[PROTOCOL { tcp | udp}]
[SOURCE PORT / DESTINATION PORT {sport|dport}]
[PORT] [ACTION {accept | drop}]
get-nft-rules [TABLE] shows nftable's rules.
delete-nft-rule [FAMILY {ipv4 | ipv6 | ip}] [TABLE] deletes a nftable's rule from table
[CHAIN] [HANDLE]
nft-run runs a nft command. See man NFT(8)
is-networkd-running Check if systemd-networkd is running or not.
get-hostname Gets hostname
get-dns-servers Gets DNS Servers
get-dns-domains Gets DNS Server DOMAINS
get-ntp [LINK] Get Link NTP server address
get-link-address [LINK] Get Link Address
get-link-route [LINK] Get Link route
get-dhcp-mode [LINK] Get Link DHCP setting.
[DHCP-MODE { yes | no | ipv4 | ipv6 }]
get-mac [LINK] Get Link MAC
get-mtu [LINK] Get Link MTU
get-dhcp-iaid [LINK] Get the DHCP Identity Association Identifier (IAID)
for the interface, a 32-bit unsigned integer.
get-dhcp4-client-identifier [LINK] Get Link DHCP4 Client Identifier.
net -v Get the network-config-manager supported version
Note
You can add (+) or remove (-) a parameter by prepending the parameter name with +
or -
.
Package Management
The Photon Management Daemon provides CLI commands to help you manage packages and repositories.
Syntax
pmd-cli [connection options] pkg <command> [command options]
If a command allows for multiple package names, simply specify on the command line, separated by spaces.
pmd-cli pkg info <package_name_1> <package_name_2> <package_name_3> ...
pkg check-local
Checks local rpm folder for problems.
pkg check-update
Check for available package upgrades.
pkg clean all
Remove cached data from tdnf.
pkg help
Get help text for pkg CLI commands.
pkg count
Get the total number of packages in all repos (including installed).
pkg distro-sync
Synchronize installed packages to the latest available versions. If no packages are specified, then all available packages are synchronized.
pkg downgrade
Downgrade the specified package(s). If no packages are specified, then all available packages are downgraded.
pmd-cli pkg downgrade <package_name>
pkg erase
Remove the specified package(s).
pmd-cli pkg erase <package_name>
pkg info
Get general information about the specified package(s), such as name, version, release, repository, install size, and so on.
pmd-cli pkg info <package_name>
If no packages are specified, then this command returns information about all packages.
Install the specified package(s). Update the package if an update is available.
pmd-cli pkg install <package_name>
pkg list
Get a list of packages or groups of packages.
You can filter by group: all, available, installed, extras, obsoletes, recent, and upgrades.
pmd-cli pkg list upgrades
You can also filter by wildcards.
pkg provides openssh
Find what package provides the given binary.
pmd-cli pkg provides openssh
pkg reinstall
Reinstall the specified package(s).
pmd-cli pkg reinstall <package_name>
pkg repolist
Get a list of the configured software repositories.
This command returns a list of the configured software repositories, including the repository ID, repository name, and status.
pkg search ssh
Search package details for the given string.
If no parameters are specified, then all available packages are updated.
pkg update
Update the specified package(s).
pmd-cli pkg update *package_name*
If no parameters are specified, then all available packages are updated.
pkg updateinfo
Get the update information on all enabled repositories (status = enabled). If this command returns nothing, then the update information may not exist on the server.
pkg version
Get the version number of the package management component on the server.
User Management
The Photon Management Daemon provides CLI commands to help you manage users and user groups.
Syntax
pmd-cli [connection options] usr <command> [command options]
usr help
Display help text for user commands.
usr users
Get a list of users. This command returns information about each user, including their user name, user ID, user group (if applicable), home directory, and default shell.
usr useradd
Add a new user. Specify the username.
pmd-cli usr useradd <username>
The system assigns a user ID, home directory, and default shell to the new user. The user group is unspecified.
usr userdel
Delete the specified user.
pmd-cli usr userdel <username>
usr userid
Get the user ID of the specified user (by name). Used to determine whether the specified user exists.
pmd-cli usr userid <username>
usr groups
Get a list of user groups. This command returns the following information about each user group: user group name and user group ID.
usr groupadd
Add a new user group.
pmd-cli usr groupadd <user_group_name>
The system assigns a group ID to the new user group.
usr groupdel
Delete the specified user group.
pmd-cli usr groupdel <user_group_name>
usr groupid
Get the group ID for the specified user group (by name). Used to determine whether the specified user group exists.
pmd-cli usr groupid <user_group_name>
usr version
Get the version of the usermgmt component at the server.
1.3 - Photon Real-Time Operating System Command-line Interface
Photon Real-Time Operating System provides commands for manipulating real-time properties of processes.
tuna
The tuna utility can be used to view and modify process priorities, CPU isolation and other real time characteristics in the system.
Examples:
View processes and their RT scheduling policies and priorities:
$ tuna -P
thread ctxt_switches
pid SCHED_rtpri affinity voluntary nonvoluntary cmd
1 OTHER 0 0 1211 917 systemd
2 OTHER 0 0 281 0 kthreadd
3 OTHER 0 0 3 1 rcu_gp
4 OTHER 0 0 2 1 rcu_par_gp
6 OTHER 0 0 8 1 kworker/0:0H-kblockd
13 FIFO 1 0 317 1 rcu_sched
16 FIFO 99 0 3 2 posixcputmr/0
17 FIFO 99 0 6 2 migration/0
679 FIFO 50 0 1647541 1 irq/58-eth0-rxt
The following tasks are performed by using the tuna
command:
Isolate a set of CPUs
$ tuna -c <cpulist> -i (where <cpulist> can be X,Y-Z)
See the list of processes running on the specific CPUs before and after isolation
$ tuna -c <cpulist> --show_threads
$ tuna -c <cpulist> -i --show_threads
taskset
The taskset command can be used to get/set CPU affinity of tasks:
Run a program bound to a set of CPUs
$ taskset -c <cpulist> ./program (where <cpulist> can be X,Y-Z)
Move a running task to a set of CPUs
$ taskset -c p <cpulist> <pid>
View the CPU affinity settings of a running task
$ taskset -c -p <pid>
chrt
The chrt
command can be used to get or set the real-time scheduling policies and priorities of processes:
- Modify the scheduling policy and priority of a running task
$ chrt -f -p <priority> <pid>
(sets the task with pid to SCHED_FIFO policy with priority )
ps
The ps
command can be used to list processes with their scheduling policies and priorities:
$ ps -eo cmd,pid,cpu,pri,cls
`CMD ` ` PID CPU PRI CLS`
`/lib/systemd/systemd --swit ` ` 1 - 19 TS`
`[kthreadd]` ` 2 - 19 TS`