Using the CLI¶
Krill Manager is controlled via a command line interface (CLI) tool called
krillmanager
, separate to the krillc
tool that can be used to manage a
Krill server. This page documents how to use both in the context of a Krill
Manager instance.
krillc¶
On a Krill Manager machine you can invoke the krillc
command just as if you
had installed Krill yourself. However, what you are actually invoking is a
special wrapper provided by Krill Manager which simplifies and tailors the use
of the krillc
command to the Krill Manager context. You can read more about
this in the krillmanager krillc documentation below.
krillmanager¶
Krill Manager supports the following commands:
# krillmanager --help Usage: COMMAND [ARGUMENTS] A tool for managing NLnet Labs Krill and related services. Commands: backup Backup Krill and supporting services state certs List the TLS certificates in use by NGINX help Display this message init (Re)initialize DNS, TLS and Krill settings krillc Execute Krill CLI commands logs Show the service container logs renew Renew expiring NGINX Lets Encrypt certificates restart Restart Krill and supporting services restore Restore Krill and supporting services state from a backup start Start Krill and supporting services status Show the status of the service containers stop Stop Krill and supporting services upgrade Upgrade Krill and supporting services
Querying the Version¶
# krillmanager --version
v0.2.2 [Krill: v0.6.2]
This tells you that Krill Manager is version 0.2.2, and that it deploys version 0.6.2 of Krill.
Command: backup¶
Creates a tar archive on the host filesystem containing all configuration files and data for Krill Manager and the components that it manages. This includes NGINX certificate files and Krill embedded repository data files. It does NOT include log files.
The path to the created archive will be printed to the terminal on completion of the backup. The backup archive can be restored later using the krillmanager restore command.
警告
In order to avoid impacting your system the archive is made while all applications are running. There is a very small chance that a Krill data file will be inconsistently captured in the backup.
Command: certs¶
This command outputs information both about the certificates in use by NGINX, and the certificates being managed by the Lets Encrypt certbot tool.
Command: init¶
Runs the (re)configuration wizard. See Initial Setup.
The init
command supports some useful options for test and clustered
scenarios that are not available via the interactive wizard:
# krillmanager [--use-lets-encrypt-staging] [--private] init
The --use-lets-encrypt-staging
option causes any Let's Encrypt certificate
requests to be made to the Let's Encrypt staging environment rather than the
production environment. This can be useful to avoid hitting Let's Encrypt rate
limits in the production environment through repeated testing.
The --private
option causes a self-signed certificate to be issued to NGINX
for serving the RRDP FQDN. This might be of interest if running Krill Manager
behind a proxy which itself has the real RRDP certificate.
Command: krillc¶
This command invokes the Krill CLI tool krillc.
ちなみに
You can also invoke this command as just krillc
without the
krillmanager
prefix, just like in the krillc documentation.
In a Krill Manager instance there is no krillc
binary installed on the
host. Instead this command runs a throw away Krill Docker container and invokes
the krillc
binary contained within.
Normally invoking krillc
requires also defining environment variables or
passing command line arguments to tell krillc
where Krill is and how to
authenticate with it. With Krill Manager this is taken care of for you
automatically. If needed you can override the defaults using command line
arguments in order to interact with a separate external instance of Krill.
Krill Manager also simplifies the interaction with the host filesystem by
automatically remapping any paths to input files supplied on the command line
so that they work when krillc
accesses them from within the Docker
container.
Command: logs¶
This command outputs the Docker service logs for key Krill Manager components. If invoked without any arguments it displays a usage tip:
# krillmanager logs
Usage: krillmanager logs <krill|nginx|rsyncd> [-f] [--tail=n]
The -f
argument tells the command to keep following the log output.
The --tail
argument tells the command to show only n
lines of prior log output.
Command: renew¶
This command forces the Lets Encrypt certbot agent to attempt to renew any Let's Encrypt certificates that it is managing. If the certificates are renewed the NGINX instances will be signalled to reload the certificate files without causing any downtime.
注釈
It shouldn't be necessary to use this command as it is triggered automatically once a day.
Command: restore¶
This command restores a backup made previously by the backup command.
The restored data will be processed by the current Krill Manager version which may be newer than the version that created the backup. Any incompatibilities should be handled automatically by the restore process.
If Krill and related services were running when the restore process started Krill Manager will stop them prior to restore and start them again afterwards. Otherwise you will need to use the start command to start the services after restore.
注釈
If the domain names referred to in the backup archive do not resolve to the external public IP address of the machine being restored to, the DNS setup or configuration in the archive may be incorrect. Krill Manager will advise against proceeding with the restore in this case. A valid scenario in which this can occur is when using a CDN for RRDP in which case the FQDN resolves to the CDN endpoint and not to the instance directly.
Command: start¶
Deploy all Krill Manager managed components according to the configuration settings chosen when the init command was last run.
Command: status¶
Display a status report indicating which of the Krill Manager components are running. It also shows a recap of key URIs that can be used to work with the Krill Manager instance.
Command: stop¶
Terminate all Krill Manager components.
警告
This will cause clients to receive connection refused errors.
Command: upgrade¶
Check to see if a newer version of Krill Manager is available and if so offer to upgrade to it.
注釈
A newer version of Krill Manager doesn't necessarily contain a newer version of Krill.