command , netapp
DESCRIPTION
dsdddTRANSCRIPT
NetApp® Lifetime Key Management™ Appliance 4.0Command Line Interface Reference Guide
NetApp, Inc.495 East Java DriveSunnyvale, CA 94089 U.S.A.Telephone: +1 (408) 822-6000Fax: +1 (408) 822-4501Support telephone: +1 (888) 4-NETAPPDocumentation comments: [email protected] Web: http://www.netapp.com
Part number 215-03955_A0September 2008
Copyright, trademark information, notices and warnings
Copyright information
Copyright © 1994-2008 NetApp, Inc. All rights reserved. Printed in the U.S.A.
Part number: 215-03955_A0 (09208_KM40)
Model Number: KM500
No part of this document covered by copyright may be reproduced in any form or by any means—graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an electronic retrieval system—without prior written permission of the copyright owner.
Portions of this product copyright © 2005 Sun Microsystems, Inc. All rights reserved.
This software is provided “AS IS,” without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. (“SUN”) AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING, OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
JRE and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
Portions of this product are derived from FreeBSD, which is copyrighted by FreeBSD. Copyright © 1994-2003 FreeBSD, Inc. All rights reserved.
Software derived from copyrighted material of FreeBSD is subject to the following license and disclaimer:
Redistribution and use of the software in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
ii Copyright, trademark information, notices and warnings
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young.
This product includes software developed by the OpenSSL project for use in the OpenSSL Toolkit.
This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/. Copyright © 2001 Carnegie Mellon University. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. The name “Carnegie Mellon University” must not be used to endorse or promote products derived from this software without prior written permission. For permission or any other legal details, please contact:
Office of Technology TransferCarnegie Mellon University5000 Forbes AvenuePittsburgh, PA 15213-3890(412) 268-4387, fax: (412) [email protected]
4. Redistributions of any form whatsoever must retain the following acknowledgment:
“This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/).”
Software derived from copyrighted NetApp material is subject to the following license and disclaimer:
THIS SOFTWARE IS PROVIDED BY NETAPP “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL NETAPP BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
NetApp reserves the right to change any products described herein at any time, and without notice. NetApp assumes no responsibility or liability arising from the use of products described herein, except as expressly agreed to in writing by NetApp. The use or purchase of this product does not convey a license under any patent rights, trademark rights, or any other intellectual property rights of NetApp.
The product described in this manual may be protected by one or more U.S.A. patents, foreign patents, or pending applications.
Copyright, trademark information, notices and warnings iii
RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.277-7103 (October 1988) and FAR 52-227-19 (June 1987).
Trademark information
NetApp, the Network Appliance logo, the bolt design, NetApp—the Network Appliance Company, Cryptainer, Cryptoshred, DataFabric, DataFort, Data ONTAP, Decru, FAServer, FilerView, FlexClone, FlexVol, Manage ONTAP, MultiStore, NearStore, NetCache, NOW NetApp on the Web, SANscreen, SecureShare, SnapDrive, SnapLock, SnapManager, SnapMirror, SnapMover, SnapRestore, SnapValidator, SnapVault, Spinnaker Networks, SpinCluster, SpinFS, SpinHA, SpinMove, SpinServer, StoreVault, SyncMirror, Topio, VFM, VFM (Virtual File Manager), and WAFL are registered trademarks of NetApp, Inc. in the U.S.A. and/or other countries. gFiler, Network Appliance, SnapCopy, Snapshot, and The evolution of storage are trademarks of NetApp, Inc. in the U.S.A. and/or other countries and registered trademarks in some other countries. The NetApp arch logo; the StoreVault logo; ApplianceWatch; BareMetal; Camera-to-Viewer; ComplianceClock; ComplianceJournal; ContentDirector; ContentFabric; EdgeFiler; FlexShare; FPolicy; Go Further, Faster; HyperSAN; InfoFabric; Lifetime Key Management, LockVault; NOW; ONTAPI; OpenKey, RAID-DP; ReplicatorX; RoboCache; RoboFiler; SecureAdmin; Serving Data by Design; SharedStorage; Simplicore; Simulate ONTAP; Smart SAN; SnapCache; SnapDirector; SnapFilter; SnapMigrator; SnapSuite; SohoFiler; SpinMirror; SpinRestore; SpinShot; SpinStor; vFiler; Virtual File Manager; VPolicy; and Web Filer are trademarks of NetApp, Inc. in the U.S.A. and other countries. NetApp Availability Assurance and NetApp ProTech Expert are service marks of NetApp, Inc. in the U.S.A.
IBM, the IBM logo, AIX, and System Storage are trademarks and/or registered trademarks of International Business Machines Corporation.
Apple is a registered trademark and QuickTime is a trademark of Apple, Inc. in the U.S.A. and/or other countries. Microsoft is a registered trademark and Windows Media is a trademark of Microsoft Corporation in the U.S.A. and/or other countries. RealAudio, RealNetworks, RealPlayer, RealSystem, RealText, and RealVideo are registered trademarks and RealMedia, RealProxy, and SureStream are trademarks of RealNetworks, Inc. in the U.S.A. and/or other countries.
All other brands or products are trademarks or registered trademarks of their respective holders and should be treated as such.
NetApp, Inc. is a licensee of the CompactFlash and CF Logo trademarks. NetApp, Inc. NetCache is certified RealSystem compatible.
Power supply notice
The appliance is suitable for IT power systems. Connect each power supply to a separate power source for failover support.
WARNING: The power supply cord is used as the main disconnect device. Ensure that the socket-outlet is located/installed near the equipment and is easily accessible.
ATTENTION: LE CORDON D'ALIMENTATION EST UTILISÉ COMME INTERRUPTEUR GÉNÉRAL. LA PRISE DE COURANT DOIT ÊTRE SITUÉE OU INSTALLÉE À PROXIMITÉ DU MATÉRIEL ET ÊTRE FACILE D'ACCÉS.
WARNUNG: Das Netzkabel dient als Netzschalter. Stellen Sie sicher, das die Steckdose einfach zugänglich ist.
WARNING: This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 10A international) is used on the phase conductors (all current-carrying conductors).
iv Copyright, trademark information, notices and warnings
ATTENTION: Pour ce qui est de la protection contre les courts-circuits (surtension), ce produit dépend de l’installation électrique du local. Vérifier qu'un fusible ou qu’un disjoncteur de 120 V alt., 15 A U.S. maximum (240 V alt., 10 A international) est utilisé sur les conducteurs de phase (conducteurs de charge).
WARNUNG: Dieses Produkt ist darauf angewiesen, daß im Gebäude ein Kurzschluß- bzw. Überstromschutz installiert ist. Stellen Sie sicher, daß eine Sicherung oder ein Unterbrecher von nicht mehr als 240 V Wechselstrom, 10 A (bzw. in den USA 120 V Wechselstrom, 15 A) an den Phasenleitern (allen stromführenden Leitern) verwendet wird.
VARNING: Apparaten skall anslutas till jordat uttag när den ansluts till ett nätverk.
OPPMERKSAMHET: Apparatet må kun tilkoples jordet stikkontakt.
Dual power supply notice
WARNING: This unit has more than one power supply connection; all connections must be removed to remove all power from the unit.
WARNUNG: Diese Einheit verfügt über mehr als einen Stromanschluß; um Strom gänzlich von der Einheit fernzuhalten, müssen alle Stromzufuhren abgetrennt sein.
ATTENTION: Cette unité est équipée de plusieurs raccordements d'alimentation. Pour supprimer tout courant électrique de l'unité, tous les cordons d'alimentation doivent être débranchés.
Lithium battery notice
This product contains a lithium battery. Although the battery is not field-serviceable, observe the following warning:
CAUTION: Danger of explosion if battery is replaced with incorrect type. Replace only with the same type recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.
ATTENTION: II y a danger d'explosion s'il a remplacement incorrect de la batterie. Remplacer uniquement avec une batterie du meme type ou d'un type equivalent recommande par le constructeur. Mettre au rebut les batteries usagees conformement aux instructions du fabricant.
WARNUNG: Bei Einsetzen einer falschen Batterie besteht Explosionsgefahr. Ersetzen Sie die Batterie nur durch den gleichen oder vom Hersteller empfohlenen Batterietyp. Entsorgen Sie die benutzten Batterien nach den Anweisungen des Herstellers.
WARNING: TO PREVENT BODILY INJURY WHEN MOUNTING OR SERVICING THE APPLIANCE, DO NOT LIFT OR CARRY THE UNIT BY THE FRONT PANEL. THE FRONT PANEL IS INTENDED TO BE AN EASILY DETACHABLE COMPONENT AND IS NOT DESIGNED TO CARRY PRODUCT WEIGHT.
Perchlorate present
Important: Special handling may apply. See: http://www.dtsc.ca.gov/hazardouswaste/perchlorate/
Rack mounting notice
Appropriate hardware is provided with the appliance to mount it in an EIA standard 19” rack. Follow instructions provided in the package to mount the slide rails to the sides of the LKM appliance and attach the rail mounts to the rack. Then slide the appliance into the rack on the rails and secure the appliance in place using the provided screws.
WARNING: To prevent bodily injury when mounting or servicing this unit in a rack, take special precautions to ensure that the system remains stable. These guidelines are provided to ensure your safety:
Copyright, trademark information, notices and warnings v
This unit should be mounted at the bottom of the rack if it is the only unit in the rack.
When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack.
If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack.
ATTENTION: Pour éviter toute blessure corporelle pendant les opérations de montage ou de réparation de cette unité en casier, il convient de prendre des précautions spéciales afin de maintenir la stabilité du système. Les directives ci-dessous sont destinées à assurer la protection du personnel.
Si cette unité constitue la seule unité montée en casier, elle doit être placée dans le bas.
Si cette unité est montée dans un casier partiellement rempli, charger le casier de bas en haut en plaçant l'élément le plus lourd dans le bas.
Si le casier est équipé de dispositifs stabilisateurs, installer les stabilisateurs avant de monter ou de réparer l'unité en casier.
WARNUNG: Zur Vermeidung von Körperverletzung beim Anbringen oder Warten dieser Einheit in einem Gestell müssen Sie besondere Vorkehrungen treffen, um sicherzustellen, daß das System stabil bleibt. Die folgenden Richtlinien sollen zur Gewährleistung Ihrer Sicherheit dienen:
Wenn diese Einheit die einzige im Gestell ist, sollte sie unten im Gestell angebracht werden.
Bei Anbringung dieser Einheit in einem zum Teil gefüllten Gestell ist das Gestell von unten nach oben zu laden, wobei das schwerste Bauteil unten im Gestell anzubringen ist.
Wird das Gestell mit Stabilisierungszubehör geliefert, sind zuerst die Stabilisatoren zu installieren, bevor Sie die Einheit im Gestell anbringen oder sie warten.
vi Copyright, trademark information, notices and warnings
NetApp KM-Series Command Line Reference Guide 4.0
Table of Contents
1 Top-level commands...................................................................................................... 4
2 db3 commands.............................................................................................................. 7
3 trustee commands......................................................................................................... 83.1 trustee keys commands...........................................................................................................................................................83.2 trustee linkkey commands....................................................................................................................................................103.3 trustee linkkeysharing commands......................................................................................................................................113.4 trustee peer commands.........................................................................................................................................................113.5 trustee unapproved commands...........................................................................................................................................12
4 lkm commands............................................................................................................ 164.1 lkm db commands..................................................................................................................................................................184.2 lkm key commands................................................................................................................................................................20
4.2.1 lkm key attribute commands....................................................................................................................................234.2.2 lkm key journal commands.......................................................................................................................................24
4.3 lkm openkey commands.......................................................................................................................................................254.3.1 lkm openkey enroll commands.................................................................................................................................26
4.3.1.1 lkm openkey enroll pending commands.......................................................................................................274.4 lkm server commands...........................................................................................................................................................29
4.4.1 lkm server certificate commands.............................................................................................................................31
5 net commands............................................................................................................. 325.1 net util commands..................................................................................................................................................................33
5.1.1 net util tcpdump commands......................................................................................................................................36
6 keyman commands..................................................................................................... 386.1 keyman cryptainerkeys commands.....................................................................................................................................396.2 keyman lkmkeys commands................................................................................................................................................416.3 keyman purgekeys commands............................................................................................................................................42
7 cli commands............................................................................................................... 447.1 cli cshelp commands..............................................................................................................................................................45
8 active-role commands................................................................................................. 46
9 domain commands..................................................................................................... 47
10 group commands...................................................................................................... 5310.1 group group commands......................................................................................................................................................5510.2 group role commands..........................................................................................................................................................56
11 role commands.......................................................................................................... 58
12 user commands......................................................................................................... 6012.1 user cifs commands.............................................................................................................................................................62
NetApp Proprietary Information Page 2 of 144
NetApp KM-Series Command Line Reference Guide 4.0
12.1.1 user cifs password commands...............................................................................................................................6312.2 user comers commands......................................................................................................................................................6412.3 user group commands.........................................................................................................................................................6612.4 user home commands.........................................................................................................................................................6812.5 user role commands............................................................................................................................................................70
13 cluster commands..................................................................................................... 7213.1 cluster config commands....................................................................................................................................................73
13.1.1 cluster config ipsec commands..............................................................................................................................7513.1.2 cluster config member commands........................................................................................................................7613.1.3 cluster config potentialmember commands........................................................................................................7813.1.4 cluster config route commands..............................................................................................................................81
13.1.4.1 cluster config route heartbeat commands.................................................................................................82
14 db commands............................................................................................................ 8414.1 db index commands.............................................................................................................................................................8814.2 db trx commands..................................................................................................................................................................8814.3 db xlog commands...............................................................................................................................................................89
15 system commands.................................................................................................... 9015.1 system agreement commands..........................................................................................................................................9515.2 system banner commands.................................................................................................................................................95
15.2.1 system banner postlogin commands....................................................................................................................9515.2.2 system banner prelogin commands......................................................................................................................96
15.3 system certificate commands............................................................................................................................................9715.3.1 system certificate request commands.................................................................................................................99
15.4 system crypto commands................................................................................................................................................10015.4.1 system crypto approve commands.....................................................................................................................10315.4.2 system crypto channel commands......................................................................................................................10415.4.3 system crypto ignitionkey commands................................................................................................................10515.4.4 system crypto masterkey commands.................................................................................................................10515.4.5 system crypto protected commands...................................................................................................................10615.4.6 system crypto rc commands.................................................................................................................................10715.4.7 system crypto rip commands...............................................................................................................................10915.4.8 system crypto secretshare commands..............................................................................................................11115.4.9 system crypto whitelist commands.....................................................................................................................113
15.5 system date commands...................................................................................................................................................11515.6 system httpd commands..................................................................................................................................................11515.7 system license commands...............................................................................................................................................11615.8 system log commands......................................................................................................................................................11715.9 system property commands............................................................................................................................................11915.10 system raid commands..................................................................................................................................................121
15.10.1 system raid errors commands...........................................................................................................................12115.11 system tamper commands............................................................................................................................................12215.12 system timezone commands........................................................................................................................................12315.13 system util commands...................................................................................................................................................124
15.13.1 system util mbeventlog commands..................................................................................................................12915.13.2 system util techdump commands.....................................................................................................................12915.13.3 system util trend commands.............................................................................................................................130
15.14 system wizard commands.............................................................................................................................................13215.14.1 system wizard cluster commands....................................................................................................................13415.14.2 system wizard crypto commands......................................................................................................................13515.14.3 system wizard network commands..................................................................................................................136
NetApp Proprietary Information Page 3 of 144
NetApp KM-Series Command Line Reference Guide 4.0
1 TOP-LEVEL COMMANDS
active-role... Active role commandsauthorize + Authorize admin loginchallenge + Generate challenge for PKI authenticationcli... Command line administration commandscluster... Cluster commandsdb... Database administration commandsdb3... DB3 administration commandsdomain... User/group domain commandsgroup... Group commandshelp Command line usage helpkeyman... Key management commandslkm... LKM management commandsnet... Network commandspassword Change user passwordquit Quit the current client sessionrole... Role commandssystem... System commandstrustee... Trustees management commandsuser... User commandswho Display who is logged inwhoami Display effective user ID
authorize
Purpose: Authorize admin login
Usage: authorize <user>
Parameters:
<user> username[@domain]
NetApp Proprietary Information Page 4 of 144
NetApp KM-Series Command Line Reference Guide 4.0
challenge
Purpose: Generate challenge for PKI authentication
Usage: challenge <user>
Parameters:
<user> username[@domain]
help
Purpose: Command line usage help
Usage: help
password
Purpose: Change user password
Usage: password [-f, --force] [--new <new>] [--old <old>] [--user <user>]
Options:
-f, --force Force password change of an admin--new <new> New password--old <old> Old password--user <user> username[@domain]
NetApp Proprietary Information Page 5 of 144
NetApp KM-Series Command Line Reference Guide 4.0
quit
Purpose: Quit the current client session
Usage: quit
who
Purpose: Display who is logged in
Usage: who
whoami
Purpose: Display effective user ID
Usage: whoami
NetApp Proprietary Information Page 6 of 144
NetApp KM-Series Command Line Reference Guide 4.0
2 DB3 COMMANDS
db3 restart Restart DB3 serverdb3 techdump Series of diagnostic queriesdb3 zeroize Zeroizes DB3 data
db3 restart
Purpose: Restart DB3 server
Usage: db3 restart
db3 techdump
Purpose: Series of diagnostic queries
Usage: db3 techdump
db3 zeroize
Purpose: Zeroizes DB3 data
Usage: db3 zeroize
NetApp Proprietary Information Page 7 of 144
NetApp KM-Series Command Line Reference Guide 4.0
3 TRUSTEE COMMANDS
trustee delete Remove a trustee from the systemtrustee keys... Trustee key export and import commandstrustee linkkey... Link key commandstrustee linkkeysharing... Commands to control the sharing of link keys over trustee
linkstrustee list List all approved trustees in the systemtrustee peer... Trustee peer commandstrustee unapproved... Trust establishment commands for unapproved trustees
trustee delete
Purpose: Remove a trustee from the system
Usage: trustee delete [-i, --id <id>] [-l, --label <label>]
Options:
-i, --id <id> Trustee ID-l, --label <label> Trustee identification label
trustee list
Purpose: List all approved trustees in the system
Usage: trustee list [-i, --id <id>] [-l, --label <label>] [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-i, --id <id> Trustee ID-l, --label <label> Trustee identifying label-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward
3.1 trustee keys commands
trustee keys export + Export a Cryptainer Key to the trustee
NetApp Proprietary Information Page 8 of 144
NetApp KM-Series Command Line Reference Guide 4.0
trustee keys import Import a Cryptainer Key from a trustee
trustee keys export
Purpose: Export a Cryptainer Key to the trustee
Usage: trustee keys export [-c, --cryptainer-path <cryptainer-path>] [-f, --ftp <ftp>] [-k, --key-id <key-id>] [-l, --lun <lun>] [--media-label <media-label>] [--owner-name <owner-name>] [-p, --password <password>] [--pool-label <pool-label>] [-d, --port-wwn <port-wwn>] [--tgt-name <tgt-name>] [-u, --username <username>] <label>
Parameters:
<label> Name of the trustee to whom the key is to be exported
Options:
-c, --cryptainer-path <cryptainer-path> Path to a NAS cryptainer-f, --ftp <ftp> Upload keys export package to a FTP server-k, --key-id <key-id> Key ID-l, --lun <lun> Fibre Channel or iSCSI disk LUN--media-label <media-label> Media label (SAN)--owner-name <owner-name> iSCSI owner name-p, --password <password> Password of FTP user--pool-label <pool-label> Pool label (SAN)-d, --port-wwn <port-wwn> Disk port WWN <xx:xx:xx:xx:xx:xx:xx:xx>--tgt-name <tgt-name> iSCSI target name-u, --username <username> User to connect to FTP server as
trustee keys impo rt
Purpose: Import a Cryptainer Key from a trustee
Usage: trustee keys import [-f, --ftp <ftp>] [-p, --password <password>] [-u, --username <username>] [-w, --webfile <webfile>]
Options:
-f, --ftp <ftp> Download trusted package from a FTP server-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as-w, --webfile <webfile> Key file uploaded to web server
NetApp Proprietary Information Page 9 of 144
NetApp KM-Series Command Line Reference Guide 4.0
3.2 trustee linkkey commands
trustee linkkey delete Remove a link key from the systemtrustee linkkey list List all approved link keys in the systemtrustee linkkey map + Change the link key which is used for a particular trustee
link
trustee linkkey delete
Purpose: Remove a link key from the system
Usage: trustee linkkey delete [-i, --id <id>] [-l, --label <label>]
Options:
-i, --id <id> Trustee ID-l, --label <label> Trustee identification label
trustee linkkey list
Purpose: List all approved link keys in the system
Usage: trustee linkkey list [-i, --id <id>] [-l, --label <label>] [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-i, --id <id> Trustee ID-l, --label <label> Trustee identifying label-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward
trustee linkkey map
Purpose: Change the link key which is used for a particular trustee link
Usage: trustee linkkey map <label> <id>
Parameters:
<label> Name of the trustee<id> Link Key ID
NetApp Proprietary Information Page 10 of 144
NetApp KM-Series Command Line Reference Guide 4.0
3.3 trustee linkkeysharing commands
trustee linkkeysharing disable Disable link key sharing over a trustee linktrustee linkkeysharing enable Enable link key sharing over a trustee link
trustee linkkeysharing disable
Purpose: Disable link key sharing over a trustee link
Usage: trustee linkkeysharing disable [-i, --id <id>] [-l, --label <label>]
Options:
-i, --id <id> Link Key ID-l, --label <label> Trustee identification label
trustee linkkeysharing enable
Purpose: Enable link key sharing over a trustee link
Usage: trustee linkkeysharing enable [-i, --id <id>] [-l, --label <label>]
Options:
-i, --id <id> Link Key ID-l, --label <label> Trustee identification label
3.4 trustee peer commands
trustee peer delete Remove a trustee from the systemtrustee peer list List all approved trustees in the system
trustee peer delete
Purpose: Remove a trustee from the system
Usage: trustee peer delete [-i, --id <id>] [-l, --label <label>]
Options:
-i, --id <id> Trustee ID-l, --label <label> Trustee identification label
NetApp Proprietary Information Page 11 of 144
NetApp KM-Series Command Line Reference Guide 4.0
trustee peer list
Purpose: List all approved trustees in the system
Usage: trustee peer list [-i, --id <id>] [-l, --label <label>] [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-i, --id <id> Trustee ID-l, --label <label> Trustee identifying label-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward
3.5 trustee unapproved commands
trustee unapproved approve Get a secret shared trustee authorization token. The secretsharing is done using the specified recovery cards
trustee unapproved create + Create a trust establishment package for a new trusteetrustee unapproved delete Delete a pending trusteetrustee unapproved list List the pending unapproved trustees in the systemtrustee unapproved receive Receive a trust package created by a remote trusteetrustee unapproved review Check whether trustee approval is neededtrustee unapproved rmall Remove all unapproved trustees from the systemtrustee unapproved send + Send a previously created trust package to a remote
trustee
trustee unapproved approve
Purpose: Get a secret shared trustee authorization token. The secretsharing is done using the specified recovery cards
Usage: trustee unapproved approve [-i, --id <id>] [-l, --label <label>] [-t, --type <type>]
Options:
-i, --id <id> Trustee ID-l, --label <label> Trustee identifying label-t, --type <type> Link type: one of
LKMLKM/LKMDF/LKMOPENKEY/LEGACY(default)
NetApp Proprietary Information Page 12 of 144
NetApp KM-Series Command Line Reference Guide 4.0
trustee unapproved create
Purpose: Create a trust establishment package for a new trustee
Usage: trustee unapproved create <label> <mylabel>
Parameters:
<label> Label used as identifier for this trustee<mylabel> Label with which to introduce this Appliance to the trustee
trustee unapproved delete
Purpose: Delete a pending trustee
Usage: trustee unapproved delete [-i, --id <id>] [-l, --label <label>]
Options:
-i, --id <id> Trustee ID-l, --label <label> Trustee identification label
trustee unapproved list
Purpose: List the pending unapproved trustees in the system
Usage: trustee unapproved list [-i, --id <id>] [-l, --label <label>] [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-i, --id <id> Trustee ID-l, --label <label> Trustee identifying label-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward
NetApp Proprietary Information Page 13 of 144
NetApp KM-Series Command Line Reference Guide 4.0
trustee unapproved receive
Purpose: Receive a trust package created by a remote trustee
Usage: trustee unapproved receive [-f, --ftp <ftp>] [-c, --mylabel <mylabel>] [-n, --name <name>] [-p, --password <password>] [-t, --type <type>] [-u, --username <username>] [-v, --verifier <verifier>] [-w, --webfile <webfile>]
Options:
-f, --ftp <ftp> Download trusted package from a FTP server-c, --mylabel <mylabel> Self credentials to use to talk to the trustee-n, --name <name> Name to associate with the trustee-p, --password <password> Password of FTP user-t, --type <type> Link type: one of
LKMLKM/LKMDF/LKMOPENKEY/LEGACY(default)-u, --username <username> User to connect to FTP server as-v, --verifier <verifier> Verification hash for this package-w, --webfile <webfile> File uploaded to web server
trustee unapproved review
Purpose: Check whether trustee approval is needed
Usage: trustee unapproved review [-q, --quiet] [-v, --verbose]
Options:
-q, --quiet Print nothing if no problems are detected-v, --verbose Show more detail
NetApp Proprietary Information Page 14 of 144
NetApp KM-Series Command Line Reference Guide 4.0
trustee unapproved rmall
Purpose: Remove all unapproved trustees from the system
Usage: trustee unapproved rmall
trustee unapproved send
Purpose: Send a previously created trust package to a remote trustee
Usage: trustee unapproved send [-f, --ftp <ftp>] [-p, --password <password>] [-u, --username <username>] <label>
Parameters:
<label> Label of the trustee to whom the trust package is to be sent
Options:
-f, --ftp <ftp> Upload trust package to a FTP server-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as
NetApp Proprietary Information Page 15 of 144
NetApp KM-Series Command Line Reference Guide 4.0
4 LKM COMMANDS
lkm db... ConfigDB commandslkm disk usage List free/used spacelkm doc Generate Documentation for LKM interfaceslkm key... Key commandslkm openkey LKM OpenKey commandslkm restart Restart LKM daemonlkm server... Server commandslkm state info Show LKM subsystem state informationlkm status Check the status of all configured LKM Serverslkm test LKM self test on specified function areaslkm zeroize Zeroize LKM information
NetApp Proprietary Information Page 16 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm disk usage
Purpose: List free/used space
Usage: lkm disk usage
lkm doc
Purpose: Generate Documentation for LKM interfaces
Usage: lkm doc
lkm restart
Purpose: Restart LKM daemon
Usage: lkm restart
lkm state info
Purpose: Show LKM subsystem state information
Usage: lkm state info
lkm status
Purpose: Check the status of all configured LKM Servers
Usage: lkm status [-v, --verbose]
Options:
-v, --verbose Display data specific to each SNS
NetApp Proprietary Information Page 17 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm test
Purpose: LKM self test on specified function areas
Usage: lkm test [--all] [--key-parse] [--key-share] [--key-translation] [--key-vault-encrypt] [--key-vault-sign] [--time-key-generate <time-key-generate>] [--time-key-translation <time-key-translation>] [--verbose]
Options:
--all Tests full suite except timing ones (tests none by default)--key-parse Tests key parsing functions--key-share Tests key sharing policy functions--key-translation Exercises SEP--key-vault-encrypt Tests key vault encryption functions--key-vault-sign Tests key vault signing functions--time-key-generate <time-key-generate> Benchmark Key Generation--time-key-translation <time-key-translation>
Benchmark Translation
--verbose Output all status (output failures only by default)
lkm zeroize
Purpose: Zeroize LKM information
Usage: lkm zeroize [--keep_journal] [--keep_key_db] [--keep_remote_cdbs]
Options:
--keep_journal Allow the zeroize process to keep LKM journal--keep_key_db Allow the zeroize process to keep LKM key DB--keep_remote_cdbs Allow the zeroize process to keep remote ConfigDBs
4.1 lkm db commands
lkm db copy + Copy configuration databaselkm db export + Export a configuration database as compressed XMLlkm db list List configuration databaseslkm db remove + Remove configuration database
NetApp Proprietary Information Page 18 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm db copy
Purpose: Copy configuration database
Usage: lkm db copy <from> <to>
Parameters:
<from> Database Name<to> Destination Database Name
lkm db export
Purpose: Export a configuration database as compressed XML
Usage: lkm db export [-f, --ftp-dir <ftp-dir>] [-p, --password <password>] [-u, --username <username>] <db>
Parameters:
<db> Config Database to export
Options:
-f, --ftp-dir <ftp-dir> Export to FTP server as compressed XML file <ftp://[user:pass@]host[:port]/path>
-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as
lkm db list
Purpose: List configuration databases
Usage: lkm db list
lkm db remove
Purpose: Remove configuration database
Usage: lkm db remove <dbfile>
Parameters:
<dbfile> Database to remove
NetApp Proprietary Information Page 19 of 144
NetApp KM-Series Command Line Reference Guide 4.0
4.2 lkm key commands
lkm key add Add lkm key objectslkm key attribute... Key attribute commandslkm key delete Remove single lkm key objectlkm key export Export lkm key objectslkm key import Import lkm key objectslkm key journal... Key journal commandslkm key list List lkm key objectslkm key resync + Resync LKM keyslkm key sharing group list List all key sharing groups this LKM appliance knows
aboutlkm key statistics List key countslkm key update Update single lkm key objectlkm key verify List corrupt lkm key objectslkm key whitelist list List the key whitelist
NetApp Proprietary Information Page 20 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm key add
Purpose: Add lkm key objects
Usage: lkm key add
lkm key delete
Purpose: Remove single lkm key object
Usage: lkm key delete
lkm key export
Purpose: Export lkm key objects
Usage: lkm key export [-f, --ftp <ftp>] [-n, --limit <limit>] [-o, --offset <offset>] [--order <order>] [--order-by <order-by>] [-p, --password <password>] [-s, --seqnum <seqnum>] [-u, --username <username>]
Options:
-f, --ftp <ftp> Upload keys export package to a FTP server-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward--order <order> asc | desc--order-by <order-by> the attr_name to order by-p, --password <password> Password of FTP user-s, --seqnum <seqnum> Sequence number to start from-u, --username <username> User to connect to FTP server as
lkm key import
Purpose: Import lkm key objects
Usage: lkm key import [-f, --ftp <ftp>] [-p, --password <password>] [-u, --username <username>] [-w, --webfile <webfile>]
Options:
-f, --ftp <ftp> Download keys export package from a FTP server-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as-w, --webfile <webfile> Key file uploaded to web server
NetApp Proprietary Information Page 21 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm key list
Purpose: List lkm key objects
Usage: lkm key list [-n, --limit <limit>] [-o, --offset <offset>] [--order <order>] [--order-by <order-by>] [--verify-show <verify-show>] [--verify-skip]
Options:
-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward--order <order> asc | desc--order-by <order-by> the attr_name to order by--verify-show <verify-show> Verify and show good and/or no good keys [all (default) |
ok | ng ]--verify-skip Skip verification and show all keys (not recommended)
lkm key resync
Purpose: Resync LKM keys
Usage: lkm key resync <peer>
Parameters:
<peer> IP address
lkm key sharing group list
Purpose: List all key sharing groups this LKM appliance knows about
Usage: lkm key sharing group list [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward
NetApp Proprietary Information Page 22 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm key statistics
Purpose: List key counts
Usage: lkm key statistics [--reset]
Options:
--reset Reset statistics table (advanced)
lkm key update
Purpose: Update single lkm key object
Usage: lkm key update
lkm key verify
Purpose: List corrupt lkm key objects
Usage: lkm key verify [-a, --all] [-n, --limit <limit>] [-o, --offset <offset>] [--order <order>] [--order-by <order-by>] [--skip-verification]
Options:
-a, --all Display all matching keys, not just corrupt ones-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward--order <order> asc | desc--order-by <order-by> the attr_name to order by--skip-verification Skip verification of key signatures
lkm key whitelist list
Purpose: List the key whitelist
Usage: lkm key whitelist list
4.2.1 lkm key attribute commands
lkm key attribute add + Add a new key attributelkm key attribute list List allowed key attributes
NetApp Proprietary Information Page 23 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm key attribute add
Purpose: Add a new key attribute
Usage: lkm key attribute add <attr_type> <is_primary_key> <attr_name> <attr_display_name>
Parameters:
<attr_type> Key attribute type<is_primary_key> Whether attribute is a handler<attr_name> Key attribute name<attr_display_name> Key attribute display name
lkm key attribute list
Purpose: List allowed key attributes
Usage: lkm key attribute list [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward
4.2.2 lkm key journal commands
lkm key journal list List keys from the LKM key journallkm key journal state Output LKM key journal statelkm key journal status Output LKM key journal statuslkm key journal zeroize Zeroize LKM key journal
lkm key journal list
Purpose: List keys from the LKM key journal
Usage: lkm key journal list [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward
NetApp Proprietary Information Page 24 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm key journal state
Purpose: Output LKM key journal state
Usage: lkm key journal state [-i, --init-time] [-r, --recompute]
Options:
-i, --init-time Display init-time statistics-r, --recompute Recompute statistics
lkm key journal status
Purpose: Output LKM key journal status
Usage: lkm key journal status
lkm key journal zeroize
Purpose: Zeroize LKM key journal
Usage: lkm key journal zeroize [-o, --overwrite]
Options:
-o, --overwrite Overwrite entries
4.3 lkm openkey commands
lkm openkey client list List OpenKey clientslkm openkey enroll... LKM OpenKey enrollment commandslkm openkey license list List OpenKey licenses
NetApp Proprietary Information Page 25 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm openkey client list
Purpose: List OpenKey clients
Usage: lkm openkey client list
lkm openkey license list
Purpose: List OpenKey licenses
Usage: lkm openkey license list
4.3.1 lkm openkey enroll commands
lkm openkey enroll list Displays current OpenKey enrollment settingslkm openkey enroll pending... Interact with the list of enrollments pending manual
approvallkm openkey enroll set + Modify OpenKey enrollment settings
NetApp Proprietary Information Page 26 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm openkey enroll list
Purpose: Displays current OpenKey enrollment settings
Usage: lkm openkey enroll list
lkm openkey enroll set
Purpose: Modify OpenKey enrollment settings
Usage: lkm openkey enroll set [-t, --endtime <endtime>] [-k, --ksg <ksg>] [-m, --netmask <netmask>] [-o, --only-added] [-p, --port <port>] [-b, --range-begin <range-begin>] [-e, --range-end <range-end>] [-s, --subnet <subnet>] <mode>
Parameters:
<mode> off|auto|manual
Options:
-t, --endtime <endtime> Cut-off time for accepting enrollment requests. 'YYYY-MM-DD HH:MM:SS' Default is forever.
-k, --ksg <ksg> Default key sharing group. Name must begin and end with forward slash delimiter.
-m, --netmask <netmask> Only accept peers from this subnet. Used with -s, not -b or -e. Default 0.0.0.0.
-o, --only-added Only allow enrollment by peers in the lkm server list (but with no certificate).
-p, --port <port> Port on which to accept enrollment requests. Default 32580.
-b, --range-begin <range-begin> Only accept peers from this ip range. Used with -e, not -s or -m. Default 0.0.0.0.
-e, --range-end <range-end> Only accept peers from this ip range. Used with -b, not -s or -m. Default 255.255.255.255.
-s, --subnet <subnet> Only accept peers from this subnet. Used with -m, not -b or -e. Default 0.0.0.0.
4.3.1.1 lkm openkey enroll pending commands
lkm openkey enroll pending accept Accept pending OpenKey clients (making them peers)lkm openkey enroll pending certificateget +
Get certificate of enrolled OpenKey client awaiting manual approval
lkm openkey enroll pending list List enrolled OpenKey clients awaiting manual approvallkm openkey enroll pending reject Reject pending OpenKey clients (removing them from the
list)
NetApp Proprietary Information Page 27 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm openkey enroll pending accept
Purpose: Accept pending OpenKey clients (making them peers)
Usage: lkm openkey enroll pending accept [-a, --all] [-k, --ksg <ksg>] [-m, --netmask <netmask>] [-s, --subnet <subnet>]
Options:
-a, --all Accept all. Must specify this or -s.-k, --ksg <ksg> Key sharing group. Name must begin and end with
forward slash delimiter.-m, --netmask <netmask> Only accept peers from this subnet. If given, must specify
-s.-s, --subnet <subnet> Only accept peers from this subnet. If netmask is
unspecified, this is a single IP address.
lkm openkey enroll pending certificate get
Purpose: Get certificate of enrolled OpenKey client awaiting manual approval
Usage: lkm openkey enroll pending certificate get [-t, --text] <ip>
Parameters:
<ip> IP address
Options:
-t, --text Display certificate as text fields, not PEM.
lkm openkey enroll pending list
Purpose: List enrolled OpenKey clients awaiting manual approval
Usage: lkm openkey enroll pending list [-c, --count] [-i, --ip <ip>] [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-c, --count Show only total number of pending OpenKey clients-i, --ip <ip> IP address of pending OpenKey client-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward
NetApp Proprietary Information Page 28 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm openkey enroll pending reject
Purpose: Reject pending OpenKey clients (removing them from the list)
Usage: lkm openkey enroll pending reject [-a, --all] [-m, --netmask <netmask>] [-s, --subnet <subnet>]
Options:
-a, --all Reject all. Must specify this or -s (but not both).-m, --netmask <netmask> Only reject peers from this subnet. If given, must specify
-s. Default is 255.255.255.255.-s, --subnet <subnet> Only reject peers from this subnet. If netmask is
unspecified, this is a single IP address.
4.4 lkm server commands
lkm server add + Add LKM serverlkm server certificate... Certificate commandslkm server list List LKM serverslkm server remove + Remove LKM serverlkm server set + Modify a property of LKM server
lkm server add
Purpose: Add LKM server
Usage: lkm server add [--key-sharing-group <key-sharing-group>] [-p, --port <port>] [--protocol <protocol>] [-s, --secret <secret>] [--trustee <trustee>] [--type <type>] <peer>
Parameters:
<peer> IP address
Options:
--key-sharing-group <key-sharing-group> Name must begin and end with forward slash delimiter-p, --port <port> Port on which LKM server is listening--protocol <protocol> xml-s, --secret <secret> Shared secret--trustee <trustee> Label of established Trustee Link--type <type> software | appliance | datafort | third-party
NetApp Proprietary Information Page 29 of 144
NetApp KM-Series Command Line Reference Guide 4.0
lkm server list
Purpose: List LKM servers
Usage: lkm server list [-c, --count] [-i, --ip <ip>] [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-c, --count Show only total number of LKM servers-i, --ip <ip> IP address of LKM server-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward
lkm server remove
Purpose: Remove LKM server
Usage: lkm server remove <peer>
Parameters:
<peer> IP address
lkm server set
Purpose: Modify a property of LKM server
Usage: lkm server set [--key-sharing-group <key-sharing-group>] [-p, --port <port>] [--protocol <protocol>] [-s, --secret <secret>] [--trustee <trustee>] <peer>
Parameters:
<peer> IP address
Options:
--key-sharing-group <key-sharing-group> Name must begin and end with forward slash delimiter-p, --port <port> Port on which LKM server is listening--protocol <protocol> binary | xml-s, --secret <secret> Shared secret (software)--trustee <trustee> Label of established Trustee Link
NetApp Proprietary Information Page 30 of 144
NetApp KM-Series Command Line Reference Guide 4.0
4.4.1 lkm server certificate commands
lkm server certificate get + Get certificate of peerlkm server certificate set + Set certificate of peer
lkm server certificate get
Purpose: Get certificate of peer
Usage: lkm server certificate get <peer>
Parameters:
<peer> IP address
lkm server certificate set
Purpose: Set certificate of peer
Usage: lkm server certificate set <peer> <certificate>
Parameters:
<peer> IP address<certificate> Certificate
NetApp Proprietary Information Page 31 of 144
NetApp KM-Series Command Line Reference Guide 4.0
5 NET COMMANDS
net apply Apply network changesnet connection list List network connectionsnet interface get + Get network interface informationnet status Display network statusnet util... Network utilities
net apply
Purpose: Apply network changes
Usage: net apply [--httpd] [--sshd]
Options:
--httpd Restart httpd--sshd Restart sshd
net connection list
Purpose: List network connections
Usage: net connection list
net interface get
Purpose: Get network interface information
Usage: net interface get <ifname>
Parameters:
<ifname> Network interface name (for example: bge0, bge1, em0)
NetApp Proprietary Information Page 32 of 144
NetApp KM-Series Command Line Reference Guide 4.0
net status
Purpose: Display network status
Usage: net status [-q, --quiet] [-v, --verbose]
Options:
-q, --quiet Print nothing if no problems are detected-v, --verbose Show more detail
5.1 net util commands
net util arp Display or delete ARP tablenet util host + Look up hostnames using DNSnet util ifconfig Display network interface settingsnet util ipsecstats Display IPsec statisticsnet util netstat Display network statusnet util ping + Ping a hostnet util tcpdump... Network packet capture facility
net util arp
Purpose: Display or delete ARP table
Usage: net util arp [-a] [-d] [-n]
Options:
-a Apply action to all entries-d Delete all entries-n Show network addresses as numbers
net util host
Purpose: Look up hostnames using DNS
Usage: net util host <hostname>
Parameters:
<hostname> Hostname or IP address
NetApp Proprietary Information Page 33 of 144
NetApp KM-Series Command Line Reference Guide 4.0
net util ifconfig
Purpose: Display network interface settings
Usage: net util ifconfig [-C] [-L] [-a] [-d] [-l] [-m] [-u]
Options:
-C List all of the interface cloners available on the system-L Display address lifetime for IPv6 addresses-a Display information about all interfaces in the system-d Display information only about interfaces that are down-l List all available interfaces on the system-m Display all of the supported media for the specified
interface-u Display information only about interfaces that are up
NetApp Proprietary Information Page 34 of 144
NetApp KM-Series Command Line Reference Guide 4.0
net util ipsecstats
Purpose: Display IPsec statistics
Usage: net util ipsecstats
net util netstat
Purpose: Display network status
Usage: net util netstat [-I <>] [-L] [-W] [-a] [-b] [-d] [-e] [-f <>] [-i] [-m] [-n] [-p <>] [-r] [-s]
Options:
-I <> Show information about the specified interface-L Show the size of various listen queues-W Avoid truncating addresses-a With the default display, show the state of all sockets;
With the routing table display, (option -r, as described below), show protocol-cloned routes
-b With the interface display (option -i, as described below), show the number of bytes in and out
-d With the interface display (option -i, as described below), show the number of dropped packets
-e Show detailed information on each TCP connection-f <> Limit statistics or address control block reports to those of
the specified address family-i Show state of interfaces which have been auto-configured-m Show statistics recorded by the memory management
routines-n Show network addresses as numbers-p <> Show statistics about protocol-r Show the routing tables-s Show per-protocol stats
NetApp Proprietary Information Page 35 of 144
NetApp KM-Series Command Line Reference Guide 4.0
net util ping
Purpose: Ping a host
Usage: net util ping [-I <>] [-S <>] [-c <>] [-s <>] <hostname>
Parameters:
<hostname> Hostname or IP address
Options:
-I <> Interface to send packets from-S <> Source address to be used when sending packets-c <> Number of packets to send (default is 4).-s <> Number of data bytes to send (default is 56).
5.1.1 net util tcpdump commands
net util tcpdump delete + Delete packet capture filenet util tcpdump start + Start packet capturenet util tcpdump status + Show status of packet capturenet util tcpdump stop + Stop packet capture
net util tcpdump delete
Purpose: Delete packet capture file
Usage: net util tcpdump delete <interface>
Parameters:
<interface> Interface whose packet capture file is to be deleted; use 'all' to specify all interfaces
NetApp Proprietary Information Page 36 of 144
NetApp KM-Series Command Line Reference Guide 4.0
net util tcpdump start
Purpose: Start packet capture
Usage: net util tcpdump start [-x, --file <file>] [-f, --ftpserver <ftpserver>] [-p, --password <password>] [-s, --snaplen <snaplen>] [-u, --user <user>] <interface> <filter>
Parameters:
<interface> Interface on which to start packet capture; use 'all' to specify all interfaces
<filter> Packet-matching filter
Options:
-x, --file <file> Specify the file that should be written on the ftp server-f, --ftpserver <ftpserver> Specify the ftp server that the file should be outputted to-p, --password <password> Specify the password that should be used to connect to
the ftp server-s, --snaplen <snaplen> Maximum length of packet to capture-u, --user <user> Specify the user that should be used to connect to the ftp
server
net util tcpdump status
Purpose: Show status of packet capture
Usage: net util tcpdump status <interface>
Parameters:
<interface> Interface on which to check status; use 'all' to specify all interfaces
net util tcpdump stop
Purpose: Stop packet capture
Usage: net util tcpdump stop <interface>
Parameters:
<interface> Interface on which to stop packet capture; use 'all' to specify all interfaces
NetApp Proprietary Information Page 37 of 144
NetApp KM-Series Command Line Reference Guide 4.0
6 KEYMAN COMMANDS
keyman cryptainerkeys... Cryptainer key management commandskeyman domainkeys list List Domain Keyskeyman expirekeys Check keys for expirationkeyman lkmkeys... LKM key management commandskeyman masterkeys Query Master Keyskeyman purgekeys... Key purge management commandskeyman set Set attributes of keys
keyman domainkeys list
Purpose: List Domain Keys
Usage: keyman domainkeys list [-d, --dk-id <dk-id>] [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-d, --dk-id <dk-id> Domain Key ID-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward
keyman expirekeys
Purpose: Check keys for expiration
Usage: keyman expirekeys [-c, --coordinator]
Options:
-c, --coordinator Run this command only if the local node is cluster coordinator
NetApp Proprietary Information Page 38 of 144
NetApp KM-Series Command Line Reference Guide 4.0
keyman masterkeys
Purpose: Query Master Keys
Usage: keyman masterkeys [-g, --generation <generation>] [-n, --limit <limit>] [-m, --mk-id <mk-id>] [-o, --offset <offset>]
Options:
-g, --generation <generation> Master Key generation-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-m, --mk-id <mk-id> Master Key ID-o, --offset <offset> Query offset: negative=>step backward
keyman set
Purpose: Set attributes of keys
Usage: keyman set [-k, --ck-id <ck-id>] [-e, --expiration date <expiration date>] [-n, --limit <limit>] [-o, --offset <offset>] [-r, --read-only date <read-only date>]
Options:
-k, --ck-id <ck-id> Cryptainer Key ID-e, --expiration date <expiration date> Lower limit timestamp: local time (not UTC): 'YYYY-MM-DD
[hh:mm:ss]' or 'now'-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward-r, --read-only date <read-only date> Lower limit timestamp: local time (not UTC): 'YYYY-MM-DD
[hh:mm:ss]' or 'now'
6.1 keyman cryptainerkeys commands
keyman cryptainerkeys generate + Generate Cryptainer Keyskeyman cryptainerkeys list List Cryptainer Keyskeyman cryptainerkeys rename + Assign a new name to an existing Cryptainer Key
NetApp Proprietary Information Page 39 of 144
NetApp KM-Series Command Line Reference Guide 4.0
keyman cryptainerkeys generate
Purpose: Generate Cryptainer Keys
Usage: keyman cryptainerkeys generate [-x, --exportable <exportable>] [-i, --index <index>] [-n, --name <name>] <no-of-keys>
Parameters:
<no-of-keys> No of keys to generate
Options:
-x, --exportable <exportable> This option is no longer supported. All keys are exportable-i, --index <index> Index for keys to be used as suffix-n, --name <name> Prefix for keys name
keyman cryptainerkeys list
Purpose: List Cryptainer Keys
Usage: keyman cryptainerkeys list [-k, --ck-id <ck-id>] [--expired] [-n, --limit <limit>] [-o, --offset <offset>] [--readonly]
Options:
-k, --ck-id <ck-id> Cryptainer Key ID--expired List keys in expired state-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward--readonly List keys in read-only state
keyman cryptainerkeys rename
Purpose: Assign a new name to an existing Cryptainer Key
Usage: keyman cryptainerkeys rename <ck-id> <new-name>
Parameters:
<ck-id> ID of the Cryptainer Key to be renamed<new-name> New name to be associated with this Cryptainer Key
NetApp Proprietary Information Page 40 of 144
NetApp KM-Series Command Line Reference Guide 4.0
6.2 keyman lkmkeys commands
keyman lkmkeys backup Back up Cryptainer Keys to LKM serverkeyman lkmkeys import Import Cryptainer Keys from LKM serverkeyman lkmkeys list Display Cryptainer Keys from LKM server
keyman lkmkeys backup
Purpose: Back up Cryptainer Keys to LKM server
Usage: keyman lkmkeys backup
keyman lkmkeys import
Purpose: Import Cryptainer Keys from LKM server
Usage: keyman lkmkeys import [-k, --ck-id <ck-id>] [-d, --dk-id <dk-id>] [-n, --iscsi-owner-name <iscsi-owner-name>] [-n, --iscsi-tgt-name <iscsi-tgt-name>] [-s, --lower-limit-timestamp <lower-limit-timestamp>] [-l, --lun <lun>] [--media-label <media-label>] [--pool-label <pool-label>] [-p, --port-wwn <port-wwn>] [-f, --upper-limit-timestamp <upper-limit-timestamp>]
Options:
-k, --ck-id <ck-id> Cryptainer Key ID-d, --dk-id <dk-id> Domain Key ID-n, --iscsi-owner-name <iscsi-owner-name> iSCSI Owner Name-n, --iscsi-tgt-name <iscsi-tgt-name> iSCSI Target Name-s, --lower-limit-timestamp <lower-limit-timestamp>
Lower limit timestamp: local time (not UTC): 'YYYY-MM-DD [hh:mm:ss]' or 'now'
-l, --lun <lun> Logical Unit Number--media-label <media-label> Media Label (SAN)--pool-label <pool-label> Pool Label (SAN)-p, --port-wwn <port-wwn> Disk port WWN <xx:xx:xx:xx:xx:xx:xx:xx>-f, --upper-limit-timestamp <upper-limit-timestamp>
Upper limit timestamp: local time (not UTC): 'YYYY-MM-DD [hh:mm:ss]' or 'now'
NetApp Proprietary Information Page 41 of 144
NetApp KM-Series Command Line Reference Guide 4.0
keyman lkmkeys list
Purpose: Display Cryptainer Keys from LKM server
Usage: keyman lkmkeys list [-k, --ck-id <ck-id>] [-d, --dk-id <dk-id>] [-n, --iscsi-owner-name <iscsi-owner-name>] [-n, --iscsi-tgt-name <iscsi-tgt-name>] [-s, --lower-limit-timestamp <lower-limit-timestamp>] [-l, --lun <lun>] [--media-label <media-label>] [--pool-label <pool-label>] [-p, --port-wwn <port-wwn>] [-v, --server <server>] [-f, --upper-limit-timestamp <upper-limit-timestamp>]
Options:
-k, --ck-id <ck-id> Cryptainer Key ID-d, --dk-id <dk-id> Domain Key ID-n, --iscsi-owner-name <iscsi-owner-name> iSCSI Owner Name-n, --iscsi-tgt-name <iscsi-tgt-name> iSCSI Target Name-s, --lower-limit-timestamp <lower-limit-timestamp>
Lower limit timestamp: local time (not UTC): 'YYYY-MM-DD [hh:mm:ss]' or 'now'
-l, --lun <lun> Logical Unit Number--media-label <media-label> Media Label (SAN)--pool-label <pool-label> Pool Label (SAN)-p, --port-wwn <port-wwn> Disk port WWN <xx:xx:xx:xx:xx:xx:xx:xx>-v, --server <server> Server IP (default first available)-f, --upper-limit-timestamp <upper-limit-timestamp>
Upper limit timestamp: local time (not UTC): 'YYYY-MM-DD [hh:mm:ss]' or 'now'
6.3 keyman purgekeys commands
keyman purgekeys accelerate Speedup rate of purging unused Cryptainer and Master Keys
keyman purgekeys start Start purging unused Cryptainer and Master Keyskeyman purgekeys status Display the number of keys remaining to be purgedkeyman purgekeys stop Stop purging unused Cryptainer and Master Keys
NetApp Proprietary Information Page 42 of 144
NetApp KM-Series Command Line Reference Guide 4.0
keyman purgekeys accelerate
Purpose: Speedup rate of purging unused Cryptainer and Master Keys
Usage: keyman purgekeys accelerate
keyman purgekeys start
Purpose: Start purging unused Cryptainer and Master Keys
Usage: keyman purgekeys start [-a, --age <age>] [-k, --ck-id <ck-id>] [-r, --remove-tape-history]
Options:
-a, --age <age> Age in days-k, --ck-id <ck-id> Cryptainer Key ID-r, --remove-tape-history purge old tape key references too
keyman purgekeys status
Purpose: Display the number of keys remaining to be purged
Usage: keyman purgekeys status
keyman purgekeys stop
Purpose: Stop purging unused Cryptainer and Master Keys
Usage: keyman purgekeys stop
NetApp Proprietary Information Page 43 of 144
NetApp KM-Series Command Line Reference Guide 4.0
7 CLI COMMANDS
cli complete Command line completioncli cshelp... CLI context-sensitive help commandscli documentation Print CLI documentationcli format + Change CLI display formatcli pager + Turn on/off screenful CLI output display pager
cli complete
Purpose: Command line completion
Usage: cli complete
cli documentati on
Purpose: Print CLI documentation
Usage: cli documentation [-n, --name-only]
Options:
-n, --name-only Output command names only
cli format
Purpose: Change CLI display format
Usage: cli format <format>
Parameters:
<format> Set CLI display format <default|text/gui|text/xml>
NetApp Proprietary Information Page 44 of 144
NetApp KM-Series Command Line Reference Guide 4.0
cli pager
Purpose: Turn on/off screenful CLI output display pager
Usage: cli pager <on|off>
Parameters:
<on|off> Turn screenful pager on or off
7.1 cli cshelp commands
cli cshelp disable Disable CLI context-sensitive help '?' key bindingcli cshelp enable Enable CLI context-sensitive help '?' key bindingcli cshelp find Find CLI context-sensitive help
cli cshelp disable
Purpose: Disable CLI context-sensitive help '?' key binding
Usage: cli cshelp disable
cli cshelp enable
Purpose: Enable CLI context-sensitive help '?' key binding
Usage: cli cshelp enable
cli cshelp find
Purpose: Find CLI context-sensitive help
Usage: cli cshelp find
NetApp Proprietary Information Page 45 of 144
NetApp KM-Series Command Line Reference Guide 4.0
8 ACTIVE-ROLE COMMANDS
active-role add + Activate an authorized roleactive-role list List active rolesactive-role remove + Remove an active role
active- role add
Purpose: Activate an authorized role
Usage: active-role add <active-role>
Parameters:
<active-role> Authorized role to activate
active- role list
Purpose: List active roles
Usage: active-role list
active- role remove
Purpose: Remove an active role
Usage: active-role remove <active-role>
Parameters:
<active-role> Active role to remove
NetApp Proprietary Information Page 46 of 144
NetApp KM-Series Command Line Reference Guide 4.0
9 DOMAIN COMMANDS
domain add + Add a domaindomain controller discover + Discover the domain controllers of a given domaindomain group list + List groups in the domaindomain hash import + Start a background process to import the password
hashesdomain list List domainsdomain migrate + Move all users and groups in a domain to another domaindomain remove + Remove a domaindomain set + Set domain settingsdomain user list + List users in the domaindomain validate + Validate domain access
NetApp Proprietary Information Page 47 of 144
NetApp KM-Series Command Line Reference Guide 4.0
domain add
Purpose: Add a domain
Usage: domain add [--auto-import <auto-import>] [--kdc <kdc>] [--krb-realm <krb-realm>] [--ldap-bind-dn <ldap-bind-dn>] [--ldap-schema <ldap-schema>] [--netbios <netbios>] [-p, --password <password>] [--search-dn-list <search-dn-list>] [--server <server>] [-u, --username <username>] <name> <type> <subtype>
Parameters:
<name> Domain name<type> <cifs|nfs><subtype> <local|windows|nis|ldap|userless>
Options:
--auto-import <auto-import> Auto import user password hashes--kdc <kdc> Kerberos Key Distribution Center (multiple comma-
delimited KDC's can be specified)--krb-realm <krb-realm> Kerberos Realm--ldap-bind-dn <ldap-bind-dn> Location in LDAP directory of the domain access user--ldap-schema <ldap-schema> LDAP server schema--netbios <netbios> NetBIOS name of domain-p, --password <password> domain access user or Unix domain root user password--search-dn-list <search-dn-list> Custom list of search DNs to use when querying Windows
DCs for user and group listings (e.g. OU=dept1&OU=dept2)
--server <server> Server name-u, --username <username> domain access user or Unix domain root user name
domain controller discover
Purpose: Discover the domain controllers of a given domain
Usage: domain controller discover [--netbios <netbios>] <name>
Parameters:
<name> Domain name
Options:
--netbios <netbios> Domain's NetBIOS name
NetApp Proprietary Information Page 48 of 144
NetApp KM-Series Command Line Reference Guide 4.0
domain group list
Purpose: List groups in the domain
Usage: domain group list [-g, --group <group>] [-n, --num-of-groups <num-of-groups>] <domain>
Parameters:
<domain> Name of domain
Options:
-g, --group <group> Wildcard group name string-n, --num-of-groups <num-of-groups> Max number of results expected, default is 10; if you want
all results, set to 0.
domain hash import
Purpose: Start a background process to import the password hashes
Usage: domain hash import [-p, --password <password>] [-u, --user <user>] <domain>
Parameters:
<domain> Name of domain
Options:
-p, --password <password> password-u, --user <user> User name
domain list
Purpose: List domains
Usage: domain list [-n, --limit <limit>] [--name <name>] [--netbios <netbios>] [-o, --offset <offset>] [--server <server>] [--type <type>]
Options:
-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Domain name--netbios <netbios> NetBIOS name of domain-o, --offset <offset> Query offset: negative=>step backward--server <server> Server name--type <type> <cifs|nfs>
NetApp Proprietary Information Page 49 of 144
NetApp KM-Series Command Line Reference Guide 4.0
domain migrate
Purpose: Move all users and groups in a domain to another domain
Usage: domain migrate <source-domain> <dest-domain>
Parameters:
<source-domain> Name of source domain<dest-domain> Name of destination domain
domain remove
Purpose: Remove a domain
Usage: domain remove [-f, --forced] <domain name>
Parameters:
<domain name> Name of domain
Options:
-f, --forced Remove all users and groups in the domain along with the domain
NetApp Proprietary Information Page 50 of 144
NetApp KM-Series Command Line Reference Guide 4.0
domain set
Purpose: Set domain settings
Usage: domain set [--auto-import <auto-import>] [--kdc <kdc>] [--krb-realm <krb-realm>] [--ldap-bind-dn <ldap-bind-dn>] [--ldap-schema <ldap-schema>] [--netbios <netbios>] [-p, --password <password>] [--search-dn-list <search-dn-list>] [--server <server>] [-u, --username <username>] <domain name>
Parameters:
<domain name> Name of domain
Options:
--auto-import <auto-import> Auto import user password hashes--kdc <kdc> Kerberos Key Distribution Center--krb-realm <krb-realm> Kerberos Realm--ldap-bind-dn <ldap-bind-dn> Location in LDAP directory of the domain access user--ldap-schema <ldap-schema> LDAP server schema--netbios <netbios> NetBIOS name of domain-p, --password <password> domain access user or Unix domain root user password--search-dn-list <search-dn-list> Custom list of search DNs to use when querying Windows
DCs for user and group listings--server <server> Server name-u, --username <username> domain access user or Unix domain root user name
domain user list
Purpose: List users in the domain
Usage: domain user list [-n, --num-of-users <num-of-users>] [-u, --user <user>] <domain>
Parameters:
<domain> Name of domain
Options:
-n, --num-of-users <num-of-users> Max number of results expected, default is 10; if you want all results, set to 0.
-u, --user <user> Wildcard user name string
NetApp Proprietary Information Page 51 of 144
NetApp KM-Series Command Line Reference Guide 4.0
domain validate
Purpose: Validate domain access
Usage: domain validate <name>
Parameters:
<name> Domain name
NetApp Proprietary Information Page 52 of 144
NetApp KM-Series Command Line Reference Guide 4.0
10 GROUP COMMANDS
group add + Add a groupgroup domain discover + Discover & display all groups & members in Windows
domaingroup group... Nested group membership commandsgroup list List groupsgroup remove + Remove a groupgroup review Check whether group review is neededgroup role... Group role commands
group add
Purpose: Add a group
Usage: group add <group>
Parameters:
<group> groupname@domain (Wrap with double quotes if it contains a space: e.g., "My Group")
group domain discover
Purpose: Discover & display all groups & members in Windows domain
Usage: group domain discover <domain>
Parameters:
<domain> Name of domain
NetApp Proprietary Information Page 53 of 144
NetApp KM-Series Command Line Reference Guide 4.0
group list
Purpose: List groups
Usage: group list [-c, --count-only] [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--icase] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--sid <sid>]
Options:
-c, --count-only Display the total count only--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--flags <flags> Group flags: system,role,primary,comers,everyone,admin--icase Use case-insensitive search for group name-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Group name-o, --offset <offset> Query offset: negative=>step backward--sid <sid> Windows security id
group remove
Purpose: Remove a group
Usage: group remove <group>
Parameters:
<group> groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")
group review
Purpose: Check whether group review is needed
Usage: group review [-q, --quiet] [-v, --verbose]
Options:
-q, --quiet Print nothing if no problems are detected-v, --verbose Show more detail
NetApp Proprietary Information Page 54 of 144
NetApp KM-Series Command Line Reference Guide 4.0
10.1 group group commands
group group list List nested group membershipsgroup group parentlist List parent groups of nested group memberships
group group list
Purpose: List nested group memberships
Usage: group group list [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]
Options:
--domain <domain> Child group/role domain--domain-type <domain-type> Child group/role domain type (<cifs|nfs>)--flags <flags> Parent group/role flags -
system,role,primary,comers,everyone,admin--group <group> Parent group/role name--group-domain <group-domain> Parent group/role domain--group-domain-type <group-domain-type> Parent group/role domain (<cifs|nfs>)--icase Use case-insensitive search for group name-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Child group/role name-o, --offset <offset> Query offset: negative=>step backward--uflags <uflags> Group membership flags - comers,normal
NetApp Proprietary Information Page 55 of 144
NetApp KM-Series Command Line Reference Guide 4.0
group group parentlist
Purpose: List parent groups of nested group memberships
Usage: group group parentlist [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]
Options:
--domain <domain> Child group/role domain--domain-type <domain-type> Child group/role domain type (<cifs|nfs>)--flags <flags> Parent group/role flags -
system,role,primary,comers,everyone,admin--group <group> Parent group/role name--group-domain <group-domain> Parent group/role domain--group-domain-type <group-domain-type> Parent group/role domain (<cifs|nfs>)--icase Use case-insensitive search for group name-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Child group/role name-o, --offset <offset> Query offset: negative=>step backward--uflags <uflags> Group membership flags - comers,normal
10.2 group role commands
group role grant + Grant a role to a groupgroup role revoke + Revoke a role from a group
group role grant
Purpose: Grant a role to a group
Usage: group role grant <role> <group>
Parameters:
<role> Role: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")
<group> Group: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")
NetApp Proprietary Information Page 56 of 144
NetApp KM-Series Command Line Reference Guide 4.0
group role revoke
Purpose: Revoke a role from a group
Usage: group role revoke <role> <group>
Parameters:
<role> Role: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")
<group> Group: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")
NetApp Proprietary Information Page 57 of 144
NetApp KM-Series Command Line Reference Guide 4.0
11 ROLE COMMANDS
role list List rolesrole path list List role hierarchy
role list
Purpose: List roles
Usage: role list [-c, --count-only] [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--icase] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--sid <sid>]
Options:
-c, --count-only Display the total count only--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--flags <flags> Group flags: system,role,primary,comers,everyone,admin--icase Use case-insensitive search for group name-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Group name-o, --offset <offset> Query offset: negative=>step backward--sid <sid> Windows security id
NetApp Proprietary Information Page 58 of 144
NetApp KM-Series Command Line Reference Guide 4.0
role path list
Purpose: List role hierarchy
Usage: role path list [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]
Options:
--domain <domain> Child group/role domain--domain-type <domain-type> Child group/role domain type (<cifs|nfs>)--flags <flags> Parent group/role flags -
system,role,primary,comers,everyone,admin--group <group> Parent group/role name--group-domain <group-domain> Parent group/role domain--group-domain-type <group-domain-type> Parent group/role domain (<cifs|nfs>)--icase Use case-insensitive search for group name-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Child group/role name-o, --offset <offset> Query offset: negative=>step backward--uflags <uflags> Group membership flags - comers,normal
NetApp Proprietary Information Page 59 of 144
NetApp KM-Series Command Line Reference Guide 4.0
12 USER COMMANDS
user add + Add a user accountuser cifs... User CIFS commandsuser comers... User new comers commandsuser group... Group membership (non-nested) commandsuser home... User home directory commandsuser list List all users in databaseuser remove + Remove a user from the databaseuser role... User role commandsuser set + Set user settingsuser token dump + Dump token info
user add
Purpose: Add a user account
Usage: user add [--dcrcert <dcrcert>] [--dcrid <dcrid>] [--domain <domain>] [--fullname <fullname>] [--icase] [--id <id>] [--local] [--localcert <localcert>] [--localid <localid>] [--password <password>] <group> <username>
Parameters:
<group> Group/role name<username> User login name
Options:
--dcrcert <dcrcert> Pre-assigned certificate--dcrid <dcrid> Pre-assigned ID--domain <domain> Domain--fullname <fullname> Full name--icase Username is case insensitive--id <id> [<Unix id>,<group id>]--local Dont replicate administrators in a cluster--localcert <localcert> Local certificate--localid <localid> Local ID--password <password> User password
NetApp Proprietary Information Page 60 of 144
NetApp KM-Series Command Line Reference Guide 4.0
user list
Purpose: List all users in database
Usage: user list [-c, --count-only] [--domain <domain>] [--domain-type <domain-type>] [--fullname <fullname>] [--gid <gid>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--sid <sid>]
Options:
-c, --count-only Display the total count only--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--fullname <fullname> Full name--gid <gid> Unix group id--icase Use case-insensitive search for user name--id <id> Unix id-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Name-o, --offset <offset> Query offset: negative=>step backward--sid <sid> Windows security id
user remove
Purpose: Remove a user from the database
Usage: user remove [--icase] [--id <id>] <user>
Parameters:
<user> username[@domain]
Options:
--icase Username is case insensitive--id <id> Unix id
NetApp Proprietary Information Page 61 of 144
NetApp KM-Series Command Line Reference Guide 4.0
user set
Purpose: Set user settings
Usage: user set [--dcrcert <dcrcert>] [--dcrid <dcrid>] [--fullname <fullname>] [--id <id>] [--localcert <localcert>] [--localid <localid>] [--newpass <newpass>] [-r, --resetpass] <user>
Parameters:
<user> username[@domain]
Options:
--dcrcert <dcrcert> Pre-assigned certificate--dcrid <dcrid> Pre-assigned ID--fullname <fullname> Full name--id <id> [<Unix id>,<group id>]--localcert <localcert> Local certificate--localid <localid> Local ID--newpass <newpass> New password for this user-r, --resetpass Prompt for new password for this user
user token dump
Purpose: Dump token info
Usage: user token dump <user>
Parameters:
<user> username[@domain]
12.1 user cifs commands
user cifs password... Commands for operating on or with CIFS passwordsuser cifs sid + Query a domain controller for a user's Windows SIDuser cifs validate + Check that a user can log into a Windows or LDAP domain
NetApp Proprietary Information Page 62 of 144
NetApp KM-Series Command Line Reference Guide 4.0
user cifs sid
Purpose: Query a domain controller for a user's Windows SID
Usage: user cifs sid <user>
Parameters:
<user> username[@domain]
user cifs validate
Purpose: Check that a user can log into a Windows or LDAP domain
Usage: user cifs validate [--domain-name <domain-name>] [--kdc <kdc>] [--krb-realm <krb-realm>] [--server <server>] <domain type> <user name> <password>
Parameters:
<domain type> Domain Type (<windows|ldap>)<user name> User's name<password> User's password
Options:
--domain-name <domain-name> Name of Windows domain--kdc <kdc> Kerberos Key Distribution Center (<ldap> domains only)--krb-realm <krb-realm> Kerberos Realm of user (<ldap> domains only)--server <server> Authentication server for domain
12.1.1 user cifs password commands
user cifs password nullify + Nullify password (also nullifies the DataFort password if applicable)
user cifs password verify + Verify the password hashes of a user in the configdb
NetApp Proprietary Information Page 63 of 144
NetApp KM-Series Command Line Reference Guide 4.0
user cifs password nullify
Purpose: Nullify password (also nullifies the DataFort password if applicable)
Usage: user cifs password nullify <user>
Parameters:
<user> username[@domain]
user cifs password verify
Purpose: Verify the password hashes of a user in the configdb
Usage: user cifs password verify [-p, --pword <pword>] [--type <type>] <user>
Parameters:
<user> username[@domain]
Options:
-p, --pword <pword> User password (zero'd hashes if unspecified)--type <type> Password type: datafort or file_server (default)
12.2 user comers commands
user comers cancel Cancel the addition of new users and groups to databaseuser comers confirm Confirm the addition of new users and groups to database
NetApp Proprietary Information Page 64 of 144
NetApp KM-Series Command Line Reference Guide 4.0
user comers cancel
Purpose: Cancel the addition of new users and groups to database
Usage: user comers cancel [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]
Options:
--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--flags <flags> Group flags - system,role,primary,comers,everyone,admin--group <group> Group/role name--group-domain <group-domain> Group/role domain--group-domain-type <group-domain-type> Group/role domain type (<cifs|nfs>)--icase Use case-insensitive search for user/group/role name--id <id> Unix id-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Name-o, --offset <offset> Query offset: negative=>step backward--uflags <uflags> Group membership flags - comers,normal
NetApp Proprietary Information Page 65 of 144
NetApp KM-Series Command Line Reference Guide 4.0
user comers confirm
Purpose: Confirm the addition of new users and groups to database
Usage: user comers confirm [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]
Options:
--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--flags <flags> Group flags - system,role,primary,comers,everyone,admin--group <group> Group/role name--group-domain <group-domain> Group/role domain--group-domain-type <group-domain-type> Group/role domain type (<cifs|nfs>)--icase Use case-insensitive search for user/group/role name--id <id> Unix id-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Name-o, --offset <offset> Query offset: negative=>step backward--uflags <uflags> Group membership flags - comers,normal
12.3 user group commands
user group grant + Grant a group to a useruser group list List (non-nested) group membershipsuser group parentlist List parent groups of (non-nested) group membershipsuser group revoke + Revoke a group from a user
NetApp Proprietary Information Page 66 of 144
NetApp KM-Series Command Line Reference Guide 4.0
user group grant
Purpose: Grant a group to a user
Usage: user group grant [--flags <flags>] <group> <user>
Parameters:
<group> Group/role: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")
<user> username[@domain]
Options:
--flags <flags> Group flags - system,role,primary,comers,everyone,admin
user group list
Purpose: List (non-nested) group memberships
Usage: user group list [-c, --count-only] [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]
Options:
-c, --count-only Display the total count only--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--flags <flags> Group flags - system,role,primary,comers,everyone,admin--group <group> Group/role name--group-domain <group-domain> Group/role domain--group-domain-type <group-domain-type> Group/role domain type (<cifs|nfs>)--icase Use case-insensitive search for user/group/role name--id <id> Unix id-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Name-o, --offset <offset> Query offset: negative=>step backward--uflags <uflags> Group membership flags - comers,normal
NetApp Proprietary Information Page 67 of 144
NetApp KM-Series Command Line Reference Guide 4.0
user group parentlist
Purpose: List parent groups of (non-nested) group memberships
Usage: user group parentlist [-c, --count-only] [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]
Options:
-c, --count-only Display the total count only--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--flags <flags> Group flags - system,role,primary,comers,everyone,admin--group <group> Group/role name--group-domain <group-domain> Group/role domain--group-domain-type <group-domain-type> Group/role domain type (<cifs|nfs>)--icase Use case-insensitive search for user/group/role name--id <id> Unix id-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Name-o, --offset <offset> Query offset: negative=>step backward--uflags <uflags> Group membership flags - comers,normal
user group revoke
Purpose: Revoke a group from a user
Usage: user group revoke [--flags <flags>] <group> <user>
Parameters:
<group> Group/role: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")
<user> username[@domain]
Options:
--flags <flags> Group flags - system,role,primary,comers,everyone,admin
12.4 user home commands
user home list List the home directories that have been set
NetApp Proprietary Information Page 68 of 144
NetApp KM-Series Command Line Reference Guide 4.0
user home remove + Remove the home directory for a user or all users in a domain
user home set + Set the home directory for a user or all users in a domain
user home list
Purpose: List the home directories that have been set
Usage: user home list
user home remove
Purpose: Remove the home directory for a user or all users in a domain
Usage: user home remove [--vip <vip>] <user or domain>
Parameters:
<user or domain> [username]@domain (Wrap with double quotes if it contains a space: e.g., "My Group")
Options:
--vip <vip> Remove vip home directory rule
user home set
Purpose: Set the home directory for a user or all users in a domain
Usage: user home set [--vip] <user or domain> <path>
Parameters:
<user or domain> [username]@domain (Wrap with double quotes if it contains a space: e.g., "My Group")
<path> Full file path: (CIFS): \\<server>\<share>[\<path>] (NFS): <server>:<export>[/<path>]
Options:
--vip Set a vip based home directory rule (CIFS only). In the absence of a User specific rule, A vip bound share matching the user login name will be used as the user's home dir. If non exists, access to the vip is denied.
NetApp Proprietary Information Page 69 of 144
NetApp KM-Series Command Line Reference Guide 4.0
12.5 user role commands
user role grant + Grant a role to a useruser role list List user authorized rolesuser role revoke + Revoke a role from a user
user role grant
Purpose: Grant a role to a user
Usage: user role grant [--flags <flags>] <group> <user>
Parameters:
<group> Group/role: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")
<user> username[@domain]
Options:
--flags <flags> Group flags - system,role,primary,comers,everyone,admin
NetApp Proprietary Information Page 70 of 144
NetApp KM-Series Command Line Reference Guide 4.0
user role list
Purpose: List user authorized roles
Usage: user role list [-c, --count-only] [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]
Options:
-c, --count-only Display the total count only--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--flags <flags> Group flags - system,role,primary,comers,everyone,admin--group <group> Group/role name--group-domain <group-domain> Group/role domain--group-domain-type <group-domain-type> Group/role domain type (<cifs|nfs>)--icase Use case-insensitive search for user/group/role name--id <id> Unix id-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Name-o, --offset <offset> Query offset: negative=>step backward--uflags <uflags> Group membership flags - comers,normal
user role revoke
Purpose: Revoke a role from a user
Usage: user role revoke [--flags <flags>] <group> <user>
Parameters:
<group> Group/role: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")
<user> username[@domain]
Options:
--flags <flags> Group flags - system,role,primary,comers,everyone,admin
NetApp Proprietary Information Page 71 of 144
NetApp KM-Series Command Line Reference Guide 4.0
13 CLUSTER COMMANDS
cluster config... Cluster configuration commandscluster disable + Disable clusteringcluster enable + Enable clusteringcluster rexec Execute a CLI command on member DataFort(s)cluster rsh + Access the CLI of specified DataFortcluster state Get cluster statecluster status Check configuration database status
cluster disable
Purpose: Disable clustering
Usage: cluster disable <member-ip or name>
Parameters:
<member-ip or name> Name or IP of member DataFort being disabled in this cluster
cluster enable
Purpose: Enable clustering
Usage: cluster enable <member-ip or name>
Parameters:
<member-ip or name> Name or IP of member DataFort coming back to the cluster
NetApp Proprietary Information Page 72 of 144
NetApp KM-Series Command Line Reference Guide 4.0
cluster rexec
Purpose: Execute a CLI command on member DataFort(s)
Usage: cluster rexec [--ip <ip>] [--name <name>]
Options:
--ip <ip> Member DataFort's IP address. If this option is not provided and no name is specified
--name <name> Member DataFort's name. If this option is not provided and no IP is specified
cluster rsh
Purpose: Access the CLI of specified DataFort
Usage: cluster rsh <member-ip or name>
Parameters:
<member-ip or name> Member DataFort's name or IP address
cluster state
Purpose: Get cluster state
Usage: cluster state
cluster status
Purpose: Check configuration database status
Usage: cluster status
13.1 cluster config commands
cluster config ipsec... IPsec commandscluster config member... Member commandscluster config name + Set the cluster's namecluster config potentialmember... Potential cluster member commandscluster config pull + Copy a configuration database from a member DataFortcluster config remote list + List the remote member's table
NetApp Proprietary Information Page 73 of 144
NetApp KM-Series Command Line Reference Guide 4.0
cluster config route... Member route commandscluster config set-local Set cluster properties of this DataFort
cluster config name
Purpose: Set the cluster's name
Usage: cluster config name <name>
Parameters:
<name> Cluster's name
cluster config pull
Purpose: Copy a configuration database from a member DataFort
Usage: cluster config pull [-r, --rebuild] <member-ip>
Parameters:
<member-ip> Cluster member's name or IP address
Options:
-r, --rebuild Rebuild all tables from scratch
cluster config remote list
Purpose: List the remote member's table
Usage: cluster config remote list [-p, --potential] <remote-ip>
Parameters:
<remote-ip> Remote DataFort's IP address
Options:
-p, --potential List remote member's potential table. Without the option lists cluster table.
NetApp Proprietary Information Page 74 of 144
NetApp KM-Series Command Line Reference Guide 4.0
cluster config set-local
Purpose: Set cluster properties of this DataFort
Usage: cluster config set-local [--coord <coord>] [--ip <ip>] [--member-id <member-id>] [--name <name>]
Options:
--coord <coord> Can be coordinator?--ip <ip> This DataFort's IP address--member-id <member-id> This DataFort's member ID--name <name> This DataFort's name
13.1.1 cluster config ipsec commands
cluster config ipsec dumpsad Dump the Security Association Database (SAD) entriescluster config ipsec dumpspd Dump the Security Policy Database (SPD) entriescluster config ipsec flushsad Flush the Security Association Database (SAD) entriescluster config ipsec restart Restart IPsec daemoncluster config ipsec secret Set shared secret for IPsec traffic between DataFort
appliances
NetApp Proprietary Information Page 75 of 144
NetApp KM-Series Command Line Reference Guide 4.0
cluster config ipsec dumpsad
Purpose: Dump the Security Association Database (SAD) entries
Usage: cluster config ipsec dumpsad
cluster config ipsec dumpspd
Purpose: Dump the Security Policy Database (SPD) entries
Usage: cluster config ipsec dumpspd
cluster config ipsec flushsad
Purpose: Flush the Security Association Database (SAD) entries
Usage: cluster config ipsec flushsad
cluster config ipsec resta rt
Purpose: Restart IPsec daemon
Usage: cluster config ipsec restart
cluster config ipsec secret
Purpose: Set shared secret for IPsec traffic between DataFort appliances
Usage: cluster config ipsec secret [-s, --secret <secret>]
Options:
-s, --secret <secret> IPsec secret string
13.1.2 cluster config member commands
cluster config member count Show number of member DataFort appliancescluster config member list List cluster member DataFort appliancescluster config member remove + Remove a cluster member DataFortcluster config member rmall Remove all cluster memberscluster config member set + Change cluster member attributes
NetApp Proprietary Information Page 76 of 144
NetApp KM-Series Command Line Reference Guide 4.0
cluster config member count
Purpose: Show number of member DataFort appliances
Usage: cluster config member count
cluster config member list
Purpose: List cluster member DataFort appliances
Usage: cluster config member list [-c, --count] [-n, --limit <limit>] [--member-id <member-id>] [--member-ip <member-ip>] [-o, --offset <offset>]
Options:
-c, --count Show only current number of members-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--member-id <member-id> Member DataFort's member ID--member-ip <member-ip> Member DataFort's IP address-o, --offset <offset> Query offset: negative=>step backward
cluster config member remove
Purpose: Remove a cluster member DataFort
Usage: cluster config member remove <member-ip>
Parameters:
<member-ip> Cluster member's name or IP address
NetApp Proprietary Information Page 77 of 144
NetApp KM-Series Command Line Reference Guide 4.0
cluster config member rmall
Purpose: Remove all cluster members
Usage: cluster config member rmall
cluster config member set
Purpose: Change cluster member attributes
Usage: cluster config member set [--coord <coord>] [--ip <ip>] [--txid <txid>] <old-member-ip>
Parameters:
<old-member-ip> Member's IP address
Options:
--coord <coord> Can be coordinator?--ip <ip> Member DataFort's IP new address--txid <txid> Last txid known to local member on this member's line
13.1.3 cluster config potentialmember commands
cluster config potentialmember add + Add a new potential membercluster config potentialmemberauthenticate +
Authenticate a new potential member
cluster config potentialmember commit Ask the master for the global domain key and join the cluster
cluster config potentialmember getmaster Get the IP address of the potential master membercluster config potentialmember list List potential cluster memberscluster config potentialmember review Check whether potential cluster members are waitingcluster config potentialmember rmall Remove all unconfirmed potential members from cluster
groupcluster config potentialmember set + Change potential member attributescluster config potentialmember status Show potential cluster members status
NetApp Proprietary Information Page 78 of 144
NetApp KM-Series Command Line Reference Guide 4.0
cluster config potentialmembe r add
Purpose: Add a new potential member
Usage: cluster config potentialmember add [-m, --master] [-n, --name <name>] [-s, --slave] <member-ip>
Parameters:
<member-ip> Potential member's IP address
Options:
-m, --master Potential member is already in the cluster-n, --name <name> Potential member's name-s, --slave Member should not be a coordinator
cluster config potentialmembe r authenticate
Purpose: Authenticate a new potential member
Usage: cluster config potentialmember authenticate [-i, --initial] <member-ip>
Parameters:
<member-ip> Cluster member's IP address
Options:
-i, --initial Authenticate using the initial cluster token
NetApp Proprietary Information Page 79 of 144
NetApp KM-Series Command Line Reference Guide 4.0
cluster config potentialmembe r commit
Purpose: Ask the master for the global domain key and join the cluster
Usage: cluster config potentialmember commit
cluster config potentialmembe r getmaster
Purpose: Get the IP address of the potential master member
Usage: cluster config potentialmember getmaster
cluster config potentialmembe r list
Purpose: List potential cluster members
Usage: cluster config potentialmember list [-c, --count] [-n, --limit <limit>] [--member-id <member-id>] [--member-ip <member-ip>] [-o, --offset <offset>]
Options:
-c, --count Show only current number of members-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--member-id <member-id> Member DataFort's member ID--member-ip <member-ip> Member DataFort's IP address-o, --offset <offset> Query offset: negative=>step backward
cluster config potentialmembe r review
Purpose: Check whether potential cluster members are waiting
Usage: cluster config potentialmember review [-q, --quiet] [-v, --verbose]
Options:
-q, --quiet Print nothing if no problems are detected-v, --verbose Show more detail
NetApp Proprietary Information Page 80 of 144
NetApp KM-Series Command Line Reference Guide 4.0
cluster config potentialmembe r rmall
Purpose: Remove all unconfirmed potential members from cluster group
Usage: cluster config potentialmember rmall
cluster config potentialmembe r set
Purpose: Change potential member attributes
Usage: cluster config potentialmember set [--coord <coord>] [--ip <ip>] [--name <name>] <old-member-ip>
Parameters:
<old-member-ip> Member's IP address
Options:
--coord <coord> Can be coordinator?--ip <ip> Potential member DataFort's new IP address--name <name> Potential member's new name
cluster config potentialmembe r status
Purpose: Show potential cluster members status
Usage: cluster config potentialmember status
13.1.4 cluster config route commands
cluster config route add + Add a route to a cluster membercluster config route heartbeat... Route heartbeat commandscluster config route list Display the routes to cluster memberscluster config route remove + Remove a route to a cluster membercluster config route rmall Remove routes to all cluster members
NetApp Proprietary Information Page 81 of 144
NetApp KM-Series Command Line Reference Guide 4.0
cluster config route add
Purpose: Add a route to a cluster member
Usage: cluster config route add [-p, --peer <peer>] [-s, --source <source>] [-t, --timeout <timeout>] <member-ip>
Parameters:
<member-ip> Cluster member's IP address
Options:
-p, --peer <peer> Peer IP address-s, --source <source> Source IP address-t, --timeout <timeout> Connection establishment timeout seconds.
cluster config route list
Purpose: Display the routes to cluster members
Usage: cluster config route list
cluster config route remove
Purpose: Remove a route to a cluster member
Usage: cluster config route remove <member-ip>
Parameters:
<member-ip> Cluster member's IP address
cluster config route rmall
Purpose: Remove routes to all cluster members
Usage: cluster config route rmall
13.1.4.1 cluster config route heartbeat commands
cluster config route heartbeat disable Dont maintain a route heartbeat and keep alive for all open routes
NetApp Proprietary Information Page 82 of 144
NetApp KM-Series Command Line Reference Guide 4.0
cluster config route heartbeat enable Maintain a route heartbeat and keep alive for all open routes
cluster config route heartbeat disable
Purpose: Dont maintain a route heartbeat and keep alive for all open routes
Usage: cluster config route heartbeat disable
cluster config route heartbeat enable
Purpose: Maintain a route heartbeat and keep alive for all open routes
Usage: cluster config route heartbeat enable
NetApp Proprietary Information Page 83 of 144
NetApp KM-Series Command Line Reference Guide 4.0
14 DB COMMANDS
db begin Begin a transactiondb commit Commit the current transactiondb connect Connect to configuration databasedb export Export the configuration database as compressed XML filedb import Import the configuration databasedb index... Indexing administration commandsdb record + Get a configuration database recorddb recover Recover a config database through the Recovery Wizarddb rollback Rollback the current transactiondb save Checkpoint database and save changes to diskdb select Perform a database querydb size Display database available spacedb status Display configuration database statusdb trx... Transaction administration commandsdb xlog... Transaction log administration commands
db begin
Purpose: Begin a transaction
Usage: db begin [-p, --priority <priority>]
Options:
-p, --priority <priority> Transaction priority: <system | user>
NetApp Proprietary Information Page 84 of 144
NetApp KM-Series Command Line Reference Guide 4.0
db commit
Purpose: Commit the current transaction
Usage: db commit
db connect
Purpose: Connect to configuration database
Usage: db connect [-f, --force-reconnect]
Options:
-f, --force-reconnect Forcibly disconnect and reconnect to configuration Database
db export
Purpose: Export the configuration database as compressed XML file
Usage: db export [-f, --ftp-dir <ftp-dir>] [-l, --lkm] [-p, --password <password>] [-x, --purge] [-u, --username <username>]
Options:
-f, --ftp-dir <ftp-dir> Export to FTP server as compressed XML file <ftp://[user:pass@]host[:port]/path>
-l, --lkm Export to Lifetime Key Management server-p, --password <password> Password of FTP user-x, --purge Purge unused Cryptainer Keys after export is complete-u, --username <username> User to connect to FTP server as
NetApp Proprietary Information Page 85 of 144
NetApp KM-Series Command Line Reference Guide 4.0
db import
Purpose: Import the configuration database
Usage: db import [-v, --dbversion <dbversion>] [-f, --ftp <ftp>] [-p, --password <password>] [-u, --username <username>] [-w, --webfile <webfile>]
Options:
-v, --dbversion <dbversion> Currently valid choices for <dbversion> are:-f, --ftp <ftp> Download compressed XML configdb from FTP server
<ftp://[user:pass@]host[:port]/path_to_configdb>-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as-w, --webfile <webfile> Name of compressed XML configdb file uploaded to web
server
db record
Purpose: Get a configuration database record
Usage: db record <rid>
Parameters:
<rid> Record id: 0x[64-bit hex]
db recover
Purpose: Recover a config database through the Recovery Wizard
Usage: db recover [-p, --password <password>] [-u, --username <username>]
Options:
-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as
NetApp Proprietary Information Page 86 of 144
NetApp KM-Series Command Line Reference Guide 4.0
db rollback
Purpose: Rollback the current transaction
Usage: db rollback
db save
Purpose: Checkpoint database and save changes to disk
Usage: db save
db select
Purpose: Perform a database query
Usage: db select [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward
db size
Purpose: Display database available space
Usage: db size [-s, --summary] [-t, --tables]
Options:
-s, --summary Shows free space only-t, --tables Shows table information
db status
Purpose: Display configuration database status
Usage: db status [-v, --verbose]
Options:
-v, --verbose Show more detail
NetApp Proprietary Information Page 87 of 144
NetApp KM-Series Command Line Reference Guide 4.0
14.1 db index commands
db index list List all database indexesdb index test Test database index integrity
db index list
Purpose: List all database indexes
Usage: db index list
db index test
Purpose: Test database index integrity
Usage: db index test
14.2 db trx commands
db trx kill + Kill (rollback) a transactiondb trx list List transactions
db trx kill
Purpose: Kill (rollback) a transaction
Usage: db trx kill <txid>
Parameters:
<txid> Txid (0x[64-bit hex]) of trx to be killed
NetApp Proprietary Information Page 88 of 144
NetApp KM-Series Command Line Reference Guide 4.0
db trx list
Purpose: List transactions
Usage: db trx list
14.3 db xlog commands
db xlog list Query transaction redo log recordsdb xlog test Test transaction redo log
db xlog list
Purpose: Query transaction redo log records
Usage: db xlog list [-a, --action <action>] [-d, --detail] [-n, --limit <limit>] [-o, --offset <offset>] [-i, --rid <rid>] [-x, --txid <txid>]
Options:
-a, --action <action> Xlog action: <start | insert | update | delete | p2commit | ready | dont_commit | commit | abort | chkpt>
-d, --detail Show extra record details - record id and tablename-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward-i, --rid <rid> Record id: 0x[64-bit hex]-x, --txid <txid> Transaction id 0x[64-bit hex]
db xlog test
Purpose: Test transaction redo log
Usage: db xlog test
NetApp Proprietary Information Page 89 of 144
NetApp KM-Series Command Line Reference Guide 4.0
15 SYSTEM COMMANDS
system agreement... Agreement commandssystem allproperties globalize Globalize all properties which can be globalizedsystem banner Banner commandssystem certificate... Certificate commandssystem check Perform basic system checkssystem crypto... Crypto commandssystem date... Date commandssystem finalize Finalize the systemsystem httpd... HTTPD commandssystem license... License commandssystem log... System log commandssystem lproperty get Get long propertysystem ntpd restart Restart NTP daemonsystem property... Property commandssystem raid... Raid commandssystem reboot Reboot the systemsystem revert Revert system to snapshot imagesystem selftest Perform system selftestsystem sensors Display system sensorssystem serial Display Appliance serial numbersystem shutdown Shutdown the systemsystem snmp restart Restart the SNMP agentsystem sshd restart Restart the Appliance SSH serversystem tamper... Tamper commandssystem timers list List system timerssystem timezone... Timezone commandssystem upgrade Upgrade the systemsystem util... System utilitiessystem version Display the version of all system componentssystem wizard... Wizard commandssystem zeroize Zeroize all key material and delete configuration database
NetApp Proprietary Information Page 90 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system allproperties globalize
Purpose: Globalize all properties which can be globalized
Usage: system allproperties globalize
system check
Purpose: Perform basic system checks
Usage: system check [-q, --quiet] [-v, --verbose]
Options:
-q, --quiet Print nothing if no problems are detected-v, --verbose Show more detail
system finalize
Purpose: Finalize the system
Usage: system finalize
system lproperty get
Purpose: Get long property
Usage: system lproperty get [-d, --detail] [-n, --limit <limit>] [-k, --name <name>] [-o, --offset <offset>] [-r, --role <role>] [-v, --value <value>]
Options:
-d, --detail Show more detail-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-k, --name <name> Query properties by name-o, --offset <offset> Query offset: negative=>step backward-r, --role <role> Evaluate permissions for specified role-v, --value <value> Query properties by value
NetApp Proprietary Information Page 91 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system ntpd restart
Purpose: Restart NTP daemon
Usage: system ntpd restart
system reboot
Purpose: Reboot the system
Usage: system reboot [-p]
Options:
-p Power cycle Appliance
system revert
Purpose: Revert system to snapshot image
Usage: system revert [-k, --keep_ip] [--verbose]
Options:
-k, --keep_ip use saved IP in case configdb value is not set--verbose Print a more verbose set of messages to the screen
system selftest
Purpose: Perform system selftest
Usage: system selftest [-q, --quiet] [-v, --verbose]
Options:
-q, --quiet Print nothing if no problems are detected-v, --verbose Show more detail
NetApp Proprietary Information Page 92 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system sensors
Purpose: Display system sensors
Usage: system sensors
system serial
Purpose: Display Appliance serial number
Usage: system serial
system shutdown
Purpose: Shutdown the system
Usage: system shutdown
system snmp restart
Purpose: Restart the SNMP agent
Usage: system snmp restart
system sshd restart
Purpose: Restart the Appliance SSH server
Usage: system sshd restart
system timers list
Purpose: List system timers
Usage: system timers list
system upgrade
Purpose: Upgrade the system
NetApp Proprietary Information Page 93 of 144
NetApp KM-Series Command Line Reference Guide 4.0
Usage: system upgrade [-k, --keep_ip] [--keep_journal] [--keep_key_db] [--keep_remote_cdbs] [-n, --no_snapshot] [-r, --partial] [-p, --password <password>] [-u, --username <username>] [--verbose] [-v, --verify] [-z, --zeroize]
Options:
-k, --keep_ip Allow the upgrade process to keep old admin IP info--keep_journal Allow the zeroize process to keep LKM journal--keep_key_db Allow the zeroize process to keep LKM key DB--keep_remote_cdbs Allow the zeroize process to keep remote ConfigDBs-n, --no_snapshot Do not create a snapshot with the upgrade-r, --partial Allow the upgrade process to do a partial zeroization-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as--verbose Print a more verbose set of messages to the screen-v, --verify Only compute and display a verification hash of package-z, --zeroize Allow the upgrade process to zeroize the box
system version
Purpose: Display the version of all system components
Usage: system version [-c, --crypto-card <crypto-card>]
Options:
-c, --crypto-card <crypto-card> Index number of the specific crypto-card in this Appliance to which this command should apply
system zeroize
Purpose: Zeroize all key material and delete configuration database
Usage: system zeroize [-k, --keep_ip] [--keep_journal] [--keep_key_db] [-p, --keep_protected] [--keep_remote_cdbs]
Options:
-k, --keep_ip Allow the zeroize process to keep old admin IP info--keep_journal Allow the zeroize process to keep LKM journal--keep_key_db Allow the zeroize process to keep LKM key DB-p, --keep_protected Allow the zeroize process to keep contents of protected
EEPROM--keep_remote_cdbs Allow the zeroize process to keep remote ConfigDBs
NetApp Proprietary Information Page 94 of 144
NetApp KM-Series Command Line Reference Guide 4.0
15.1 system agreement commands
system agreement sign Sign the license agreementsystem agreement view view the license agreement
system agreement sign
Purpose: Sign the license agreement
Usage: system agreement sign
system agreement view
Purpose: view the license agreement
Usage: system agreement view
15.2 system banner commands
system banner postlogin... Postlogin banner commandssystem banner prelogin... Prelogin banner commands
15.2.1 system banner postlogin commands
system banner postlogin add Append string to postlogin banner messagesystem banner postlogin get Print the postlogin banner messagesystem banner postlogin set Initialize postlogin banner message
NetApp Proprietary Information Page 95 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system banner postlogin add
Purpose: Append string to postlogin banner message
Usage: system banner postlogin add
system banner postlogin get
Purpose: Print the postlogin banner message
Usage: system banner postlogin get
system banner postlogin set
Purpose: Initialize postlogin banner message
Usage: system banner postlogin set
15.2.2 system banner prelogin commands
system banner prelogin add Append string to prelogin banner messagesystem banner prelogin get Print the prelogin banner messagesystem banner prelogin set Initialize prelogin banner message
NetApp Proprietary Information Page 96 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system banner prelogin add
Purpose: Append string to prelogin banner message
Usage: system banner prelogin add
system banner prelogin get
Purpose: Print the prelogin banner message
Usage: system banner prelogin get
system banner prelogin set
Purpose: Initialize prelogin banner message
Usage: system banner prelogin set
15.3 system certificate commands
system certificate get View the Appliance certificatesystem certificate getcert Get the PEM format certificatesystem certificate request... Certificate request commandssystem certificate set + Set results from the CA as the Appliance certificatesystem certificate sign + Self-sign and set the Appliance certificate
NetApp Proprietary Information Page 97 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system certificate get
Purpose: View the Appliance certificate
Usage: system certificate get
system certificate getcert
Purpose: Get the PEM format certificate
Usage: system certificate getcert [-s, --summary] [-v, --version <version>]
Options:
-s, --summary Output summary only-v, --version <version> Certificate version
system certificate set
Purpose: Set results from the CA as the Appliance certificate
Usage: system certificate set [-v, --version <version>] <certificate>
Parameters:
<certificate> Certificate
Options:
-v, --version <version> Certificate version
NetApp Proprietary Information Page 98 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system certificate sign
Purpose: Self-sign and set the Appliance certificate
Usage: system certificate sign [-v, --version <version>] <CN> <C> <ST> <L> <O> <OU> <E>
Parameters:
<CN> commonName<C> countryName<ST> stateOrProvinceName<L> localityName<O> organizationName<OU> organizationalUnitName<E> emailAddress
Options:
-v, --version <version> Certificate version
15.3.1 system certificate request commands
system certificate request generate + Generate a certificate request for the CA to signsystem certificate request get Get the certificate request
NetApp Proprietary Information Page 99 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system certificate request generate
Purpose: Generate a certificate request for the CA to sign
Usage: system certificate request generate [-v, --version <version>] <CN> <C> <ST> <L> <O> <OU> <E>
Parameters:
<CN> commonName<C> countryName<ST> stateOrProvinceName<L> localityName<O> organizationName<OU> organizationalUnitName<E> emailAddress
Options:
-v, --version <version> Certificate version
system certificate request get
Purpose: Get the certificate request
Usage: system certificate request get [-v, --version <version>]
Options:
-v, --version <version> Certificate version
15.4 system crypto commands
system crypto approve... Approve action by messages signed by recovery cardssystem crypto authenticate Authenticate System Card and SEPsystem crypto channel... Establish secure channelsystem crypto ignitionkey... SEP and System Card Ignition Key commandssystem crypto interrupts Display crypto device interrupt count statisticssystem crypto level Get the crypto level of SEPsystem crypto manager Security managersystem crypto masterkey... Appliance Master Key commandssystem crypto numSEPs Get the number of SEPs in this Datafortsystem crypto protected... Protected EEPROMsystem crypto proxy Execute System Card commands
NetApp Proprietary Information Page 100 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto rc... Recovery Card commandssystem crypto rip... Recovery Information Package Commandssystem crypto scstatus Status of the System Cardsystem crypto secretshare... Secret sharing commandssystem crypto start Start the crypto module (set cipher and load Master Key)system crypto test Crypto self testsystem crypto whitelist... Manage whitelist entries
system crypto authenticate
Purpose: Authenticate System Card and SEP
Usage: system crypto authenticate
system crypto interrupts
Purpose: Display crypto device interrupt count statistics
Usage: system crypto interrupts [-c, --crypto-card <crypto-card>]
Options:
-c, --crypto-card <crypto-card> Index number of the specific crypto-card in this DataFort to which this command should apply
system crypto level
Purpose: Get the crypto level of SEP
Usage: system crypto level [-c, --crypto-card <crypto-card>]
Options:
-c, --crypto-card <crypto-card> Index number of the specific crypto-card in this DataFort to which this command should apply
NetApp Proprietary Information Page 101 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto manager
Purpose: Security manager
Usage: system crypto manager [-a, --authenticate] [-c, --changeaks] [-d, --device <device>] [-g, --genmk] [-h, --help] [-i, --id] [-k, --key <key>] [-n, --newik] [-r, --rcid] [-s, --seed] [-V, --version-syscard]
Options:
-a, --authenticate Authenticate System Card to SEP-c, --changeaks Change system card and SEP AKS-d, --device <device> Use the specified SEP in the Datafort instead of the
default-g, --genmk Generate first encmk-h, --help Show help and exit-i, --id Get public key and node ID of the SEP-k, --key <key> Use specified key as as enc(MK) in start up-n, --newik MK must already be loaded to SEP, returns enc(MK)
encrypted w/ new IK-r, --rcid Retrieve DRTKN ID-s, --seed Send RNG seed to system card-V, --version-syscard Get the version of the system card
system crypto numSEPs
Purpose: Get the number of SEPs in this Datafort
Usage: system crypto numSEPs
system crypto proxy
Purpose: Execute System Card commands
Usage: system crypto proxy [-r, --reset]
Options:
-r, --reset Reset System Card
NetApp Proprietary Information Page 102 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto scstatus
Purpose: Status of the System Card
Usage: system crypto scstatus
system crypto start
Purpose: Start the crypto module (set cipher and load Master Key)
Usage: system crypto start [-c, --cluster]
Options:
-c, --cluster start crypto without global domain key
system crypto test
Purpose: Crypto self test
Usage: system crypto test [-c, --crypto-card <crypto-card>]
Options:
-c, --crypto-card <crypto-card> Index number of the specific crypto-card in this DataFort to which this command should apply
15.4.1 system crypto approve commands
system crypto approve clear + Clear approve statesystem crypto approve message + Process (possibly part of) signed authorization messagesystem crypto approve nonce + Generate a noncesystem crypto approve status Get status of recovery card-based approval
system crypto approve clear
Purpose: Clear approve state
Usage: system crypto approve clear <purpose>
Parameters:
<purpose> purpose code
NetApp Proprietary Information Page 103 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto approve message
Purpose: Process (possibly part of) signed authorization message
Usage: system crypto approve message <message>
Parameters:
<message> (possibly part of) signed message
system crypto approve nonce
Purpose: Generate a nonce
Usage: system crypto approve nonce <purpose>
Parameters:
<purpose> purpose code
system crypto approve status
Purpose: Get status of recovery card-based approval
Usage: system crypto approve status
15.4.2 system crypto chan nel commands
system crypto channel challenge + Send challengesystem crypto channel response + Receive response
system crypto channel challenge
Purpose: Send challenge
Usage: system crypto channel challenge <id>
Parameters:
<id> peer device id
NetApp Proprietary Information Page 104 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto channel response
Purpose: Receive response
Usage: system crypto channel response <msg>
Parameters:
<msg> response message
15.4.3 system crypto ignitionkey commands
system crypto ignitionkey change Change ignition key valuesystem crypto ignitionkey ring Run the ECCDH Blade ring protocol to establish a new
Ignition Key among the SEPs
system crypto ignitionkey change
Purpose: Change ignition key value
Usage: system crypto ignitionkey change
system crypto ignitionkey ring
Purpose: Run the ECCDH Blade ring protocol to establish a new Ignition Key among the SEPs
Usage: system crypto ignitionkey ring
15.4.4 system crypto masterkey commands
system crypto masterkey create Generate and save a new master keysystem crypto masterkey load Load a previously saved master key into the SEP
NetApp Proprietary Information Page 105 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto masterkey create
Purpose: Generate and save a new master key
Usage: system crypto masterkey create [--replace]
Options:
--replace Replace masterkey if it exists
system crypto masterkey load
Purpose: Load a previously saved master key into the SEP
Usage: system crypto masterkey load [-c, --crypto-card <crypto-card>]
Options:
-c, --crypto-card <crypto-card> Index number of the specific crypto-card in this DataFort to which this command should apply
15.4.5 system crypto protected commands
system crypto protected clearSSL Clear SSL private key and cert from EEPROMsystem crypto protected loadSSL Load SSL private key and cert from protected EEPROMsystem crypto protected saveSSL Save SSL private key and cert to protected EEPROM
system crypto protected clearSSL
Purpose: Clear SSL private key and cert from EEPROM
Usage: system crypto protected clearSSL
system crypto protected loadSSL
Purpose: Load SSL private key and cert from protected EEPROM
Usage: system crypto protected loadSSL [-v, --version <version>]
Options:
-v, --version <version> Certificate version
NetApp Proprietary Information Page 106 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto protected saveSSL
Purpose: Save SSL private key and cert to protected EEPROM
Usage: system crypto protected saveSSL [-v, --version <version>]
Options:
-v, --version <version> Certificate version
15.4.6 system crypto rc commands
system crypto rc add + Add a new recovery card to the systemsystem crypto rc check + Check if the inserted Recovery Card belongs to this
Appliancesystem crypto rc delete Remove recovery cards from the systemsystem crypto rc list List the Recovery Cards in the systemsystem crypto rc restore Restore recovery officers from the config DB into the SEP
whitelist during recovery wizardsystem crypto rc sync Synchronize SEP whitelist with config DB
system crypto rc add
Purpose: Add a new recovery card to the system
Usage: system crypto rc add [--certblob <certblob>] <label> <domain> <command> <drtknid>
Parameters:
<label> Label of the recovery card<domain> Domain to which recovery card belongs<command> Securely signed and channel encrypted message
containing the RC key<drtknid> ID of the Recovery Card
Options:
--certblob <certblob> certification chain blob
NetApp Proprietary Information Page 107 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto rc check
Purpose: Check if the inserted Recovery Card belongs to this Appliance
Usage: system crypto rc check [--certblob <certblob>] <id>
Parameters:
<id> ID of the recovery card to check
Options:
--certblob <certblob> optional certificate chain to verify in SW
system crypto rc delete
Purpose: Remove recovery cards from the system
Usage: system crypto rc delete [-d, --domain <domain>] [-i, --id <id>] [-l, --label <label>]
Options:
-d, --domain <domain> Recovery card domain-i, --id <id> Recovery card id-l, --label <label> Recovery card label
system crypto rc list
Purpose: List the Recovery Cards in the system
Usage: system crypto rc list [-c, --count] [-d, --domain <domain>] [-i, --id <id>] [-l, --label <label>] [-n, --limit <limit>] [-o, --offset <offset>]
Options:
-c, --count Show current number of Recovery Cards-d, --domain <domain> Recovery Card domain-i, --id <id> Recovery Card ID-l, --label <label> Recovery Card label-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward
NetApp Proprietary Information Page 108 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto rc restore
Purpose: Restore recovery officers from the config DB into the SEP whitelist during recovery wizard
Usage: system crypto rc restore
system crypto rc sync
Purpose: Synchronize SEP whitelist with config DB
Usage: system crypto rc sync
15.4.7 system crypto rip commands
system crypto rip export Export an RIPsystem crypto rip getcombination Get the Combination ID given recovery card IDs and key
type being recoveredsystem crypto rip getshare Get a secret share given a combination ID and a recovery
card IDsystem crypto rip import Import an RIPsystem crypto rip loadshare Load a share for recoverysystem crypto rip rclist List the recovery cards from currently loaded RIP filesystem crypto rip status Get the status of the currently loaded RIP file
system crypto rip export
Purpose: Export an RIP
Usage: system crypto rip export [-f, --ftpPath <ftpPath>] [-p, --password <password>] [-u, --username <username>]
Options:
-f, --ftpPath <ftpPath> FTP path for the RIP-p, --password <password> password on the FTP server-u, --username <username> username on the FTP server
NetApp Proprietary Information Page 109 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto rip getcombination
Purpose: Get the Combination ID given recovery card IDs and key type being recovered
Usage: system crypto rip getcombination
system crypto rip getshare
Purpose: Get a secret share given a combination ID and a recovery card ID
Usage: system crypto rip getshare
system crypto rip import
Purpose: Import an RIP
Usage: system crypto rip import [-f, --ftpPath <ftpPath>] [-p, --password <password>] [-u, --username <username>] [-w, --webFile <webFile>]
Options:
-f, --ftpPath <ftpPath> FTP path for the RIP-p, --password <password> password on the FTP server-u, --username <username> username on the FTP server-w, --webFile <webFile> RIP file uploaded to web server
system crypto rip loadshare
Purpose: Load a share for recovery
Usage: system crypto rip loadshare [-f, --first] [-l, --last]
Options:
-f, --first First share of combination-l, --last Last share of combination
NetApp Proprietary Information Page 110 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto rip rclist
Purpose: List the recovery cards from currently loaded RIP file
Usage: system crypto rip rclist
system crypto rip status
Purpose: Get the status of the currently loaded RIP file
Usage: system crypto rip status
15.4.8 system crypto secretshare commands
system crypto secretshare authorizeDrtkn Get a secret shared drtkn authorization token. The secretsharing is done using the specified recovery cards
system crypto secretshare getclustertoken Get a secret shared cluster token from a remote master potential member. The secretsharing is done using the specified recovery cards
system crypto secretshare getcombination Get the Combination ID given recovery card IDs and key type being recovered
system crypto secretshare getshare + Get the secret share given the recovery card IDs and combination ID
system crypto secretshare loadshare + Load a secret share into the SEPsystem crypto secretshare recoverykey Secret share a recovery policy key and store the sharessystem crypto secretshare scheme + Set the recovery secret sharing scheme for this Appliance
NetApp Proprietary Information Page 111 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto secretshare authorizeDr tkn
Purpose: Get a secret shared drtkn authorization token. The secretsharing is done using the specified recovery cards
Usage: system crypto secretshare authorizeDrtkn
system crypto secretshare getclustert oken
Purpose: Get a secret shared cluster token from a remote master potential member. The secretsharing is done using the specified recovery cards
Usage: system crypto secretshare getclustertoken
system crypto secretshare getcombination
Purpose: Get the Combination ID given recovery card IDs and key type being recovered
Usage: system crypto secretshare getcombination [-c, --cleartext_recoverable] [-r, --recoverable]
Options:
-c, --cleartext_recoverable secret share for the cleartext recoverable policy key-r, --recoverable secret share for the recoverable policy key
system crypto secretshare getshare
Purpose: Get the secret share given the recovery card IDs and combination ID
Usage: system crypto secretshare getshare [-c, --cltkn] [-d, --drtkn] [-t, --trustee] <combnid> <drtknid>
Parameters:
<combnid> ID of the combination of secret shares<drtknid> ID of the required the drtkn whose component is required
Options:
-c, --cltkn get share for a cluster token-d, --drtkn get share for a drtkn authorization-t, --trustee get share for a trustee authorization
NetApp Proprietary Information Page 112 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto secretshare loadshare
Purpose: Load a secret share into the SEP
Usage: system crypto secretshare loadshare [-f, --first] [-l, --last] <command> <drtknid>
Parameters:
<command> Secure signed and channel encrypted message containing encrypted share
<drtknid> ID of the recovery card which encrypted the share
Options:
-f, --first first share in a combination-l, --last last share in a combination
system crypto secretshare recoverykey
Purpose: Secret share a recovery policy key and store the shares
Usage: system crypto secretshare recoverykey [-c, --cleartext_recoverable] [-r, --recoverable]
Options:
-c, --cleartext_recoverable secret share for the cleartext recoverable policy key-r, --recoverable secret share for the recoverable policy key
system crypto secretshare scheme
Purpose: Set the recovery secret sharing scheme for this Appliance
Usage: system crypto secretshare scheme <rec_scheme>
Parameters:
<rec_scheme> Currently valid choices for <recovery scheme> include:
15.4.9 system crypto whitelist commands
system crypto whitelist add + Add a public keysystem crypto whitelist lock Lock the whitelistsystem crypto whitelist query + query whitelist
NetApp Proprietary Information Page 113 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto whitelist remove + Remove a public key
system crypto whitelist add
Purpose: Add a public key
Usage: system crypto whitelist add [--certblob <certblob>] <keyblob>
Parameters:
<keyblob> public key blob
Options:
--certblob <certblob> certificate chain blob
system crypto whitelist lock
Purpose: Lock the whitelist
Usage: system crypto whitelist lock
system crypto whitelist query
Purpose: query whitelist
Usage: system crypto whitelist query <pattern>
Parameters:
<pattern> search pattern
system crypto whitelist remove
Purpose: Remove a public key
Usage: system crypto whitelist remove <pattern>
Parameters:
<pattern> key removal pattern
NetApp Proprietary Information Page 114 of 144
NetApp KM-Series Command Line Reference Guide 4.0
15.5 system date commands
system date get Get system datesystem date set Set system date
system date get
Purpose: Get system date
Usage: system date get [-f, --format <format>]
Options:
-f, --format <format> Date format in Unix 'date' command convention)
system date set
Purpose: Set system date
Usage: system date set [-f, --format <format>]
Options:
-f, --format <format> Date format in Unix 'date' command convention)
15.6 system httpd commands
system httpd getstatus Return the percentage of the job done and the job typesystem httpd restart Restart the Appliance web serversystem httpd setjobtype + Set the type of the current jobsystem httpd setstatus + Set the status of the current job
NetApp Proprietary Information Page 115 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system httpd getstatus
Purpose: Return the percentage of the job done and the job type
Usage: system httpd getstatus
system httpd restart
Purpose: Restart the Appliance web server
Usage: system httpd restart
system httpd setjobtype
Purpose: Set the type of the current job
Usage: system httpd setjobtype <type>
Parameters:
<type> Job type to be set
system httpd setstatus
Purpose: Set the status of the current job
Usage: system httpd setstatus <status>
Parameters:
<status> Status value to be set
15.7 system license commands
system license add + Add specified licensesystem license check + Check if a valid license exists for a featuresystem license list List all licensessystem license remove + Remove specified license
NetApp Proprietary Information Page 116 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system license add
Purpose: Add specified license
Usage: system license add <license>
Parameters:
<license> Appliance feature license
system license check
Purpose: Check if a valid license exists for a feature
Usage: system license check <feature>
Parameters:
<feature> Appliance license-enabled feature: <cluster|tape|disk|ipsec|hash-import|dha|iscsi|dcs|nfs|cifs>
system license list
Purpose: List all licenses
Usage: system license list
system license remove
Purpose: Remove specified license
Usage: system license remove <license>
Parameters:
<license> Appliance feature license
15.8 system log commands
system log list Query Appliance internal system logsystem log note + Allows a administrator to annotate the system logsystem log resetconf Reset log configuration to factory defaultssystem log restart Restart syslog daemonsystem log verify + Verify a signed log message
NetApp Proprietary Information Page 117 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system log list
Purpose: Query Appliance internal system log
Usage: system log list [-b, --begin <begin>] [-i, --interval <interval>] [-n, --limit <limit>] [-o, --offset <offset>] [-p, --priority <priority>] [-t, --type <type>]
Options:
-b, --begin <begin> Message datetime >= <begin datetime> where datetime is local time (not UTC): 'YYYY-MM-DD [hh:mm:ss]' or 'now'
-i, --interval <interval> Messages within the begin datetime and this interval (in sec) (negative implies backward in time)
-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward-p, --priority <priority> Message priority <= <priority>: 0 (highest) to 7-t, --type <type> Message type == <type>: <SEC|OPR|PRF|ADT>
system log note
Purpose: Allows a administrator to annotate the system log
Usage: system log note <type> <level> <mesg>
Parameters:
<type> <SEC|OPR|PRF|ADT><level> Message level: 0 (highest) to 7<mesg> Administrative note to add to system log
NetApp Proprietary Information Page 118 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system log resetconf
Purpose: Reset log configuration to factory defaults
Usage: system log resetconf
system log restart
Purpose: Restart syslog daemon
Usage: system log restart
system log verify
Purpose: Verify a signed log message
Usage: system log verify <mesg>
Parameters:
<mesg> Log message to be verified mesg-text [meta-data signature]
15.9 system property commands
system property get Display an Appliance system propertysystem property globalize + Globalize an Appliance system propertysystem property secureset + Set an Appliance system property using an interactive
promptsystem property set Set or delete an Appliance system property
NetApp Proprietary Information Page 119 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system property get
Purpose: Display an Appliance system property
Usage: system property get [-d, --detail] [-n, --limit <limit>] [-k, --name <name>] [-o, --offset <offset>] [-r, --role <role>] [-v, --value <value>]
Options:
-d, --detail Show more detail-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-k, --name <name> Query properties by name-o, --offset <offset> Query offset: negative=>step backward-r, --role <role> Evaluate permissions for specified role-v, --value <value> Query properties by value
system property globalize
Purpose: Globalize an Appliance system property
Usage: system property globalize <name> <boolean>
Parameters:
<name> Property name<boolean> Globalize? <on|off>
system property secureset
Purpose: Set an Appliance system property using an interactive prompt
Usage: system property secureset [-g, --global] [-i, --insert] [-v, --value <value>] <name>
Parameters:
<name> Property name
Options:
-g, --global Globalize the property while setting it-i, --insert Insert again even if the property exists already.-v, --value <value> Property value
NetApp Proprietary Information Page 120 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system property set
Purpose: Set or delete an Appliance system property
Usage: system property set [-g, --global]
Options:
-g, --global Globalize the property while setting it
15.10 system raid commands
system raid errors... Get the error counters of the raid diskssystem raid status Get the status of the raidsystem raid temperature Get the temperature of the raid disks
system raid status
Purpose: Get the status of the raid
Usage: system raid status
system raid temperatu re
Purpose: Get the temperature of the raid disks
Usage: system raid temperature
15.10.1 system raid errors commands
system raid errors nonmedium Non-medium error counters of the raid diskssystem raid errors read Read error counters of the raid diskssystem raid errors verify Verify error counters of the raid diskssystem raid errors write Write error counters of the raid disks
NetApp Proprietary Information Page 121 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system raid errors nonmedium
Purpose: Non-medium error counters of the raid disks
Usage: system raid errors nonmedium
system raid errors read
Purpose: Read error counters of the raid disks
Usage: system raid errors read
system raid errors verify
Purpose: Verify error counters of the raid disks
Usage: system raid errors verify
system raid errors write
Purpose: Write error counters of the raid disks
Usage: system raid errors write
15.11 system tamper commands
system tamper reset Ignore tamper errors and continue workingsystem tamper status Report if the Appliance has been physically tampered with
system tamper reset
Purpose: Ignore tamper errors and continue working
Usage: system tamper reset [-c, --crypto-card <crypto-card>]
Options:
-c, --crypto-card <crypto-card> Index number of the specific crypto-card in this DataFort to which this command should apply
NetApp Proprietary Information Page 122 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system tamper status
Purpose: Report if the Appliance has been physically tampered with
Usage: system tamper status [-c, --crypto-card <crypto-card>]
Options:
-c, --crypto-card <crypto-card> Index number of the specific crypto-card in this DataFort to which this command should apply
15.12 system timezone commands
system timezone get Get system timezonesystem timezone list List all recognized timezonessystem timezone set + Set system timezone
system timezone get
Purpose: Get system timezone
Usage: system timezone get
system timezone list
Purpose: List all recognized timezones
Usage: system timezone list
system timezone set
Purpose: Set system timezone
Usage: system timezone set <timezone>
Parameters:
<timezone> Timezone (e.g.,America/Los_Angeles)
NetApp Proprietary Information Page 123 of 144
NetApp KM-Series Command Line Reference Guide 4.0
15.13 system util commands
system util autosupport + Trigger an autosupport messagesystem util cat + Display the contents of a filesystem util df Display free space statistics for all filesystemssystem util echo + Write argument to the standard outputsystem util iostat Display statistics of various devicessystem util lcdmessages Display the LCD messagessystem util ls + Display a directory listingsystem util mbeventlog... Manipulate motherboard event logsystem util mibget Query MIB informationsystem util mibwalk Walk through MIB informationsystem util openfiles Display the number of open filessystem util ps Display a listing of running processessystem util stacklog Display Appliance stack trace logsystem util stacktest Test Appliance stack trace logsystem util techdump... Prepare reports for NetApp customer supportsystem util top Display a listing of the top CPU processessystem util trend... Trending information: chargeback or usage trendssystem util uptime Show how long the system has been running,and its load
averages for the last 1,5,and 15 minutessystem util vmstat Report virtual memory statistics
system util autosuppor t
Purpose: Trigger an autosupport message
Usage: system util autosupport <subject>
Parameters:
<subject> subject of the message
system util cat
Purpose: Display the contents of a file
Usage: system util cat <file>
Parameters:
<file> Currently valid choices for <file> include:
NetApp Proprietary Information Page 124 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system util df
Purpose: Display free space statistics for all filesystems
Usage: system util df [-h] [-i] [-k] [-m]
Options:
-h Print sizes in human-readable format-i Include statistics on number of free inodes-k Use 1024-byte blocks-m Use 1048576-byte blocks
system util echo
Purpose: Write argument to the standard output
Usage: system util echo <string>
Parameters:
<string> any string
system util iostat
Purpose: Display statistics of various devices
Usage: system util iostat [-c, --count <count>] [-w, --wait <wait>]
Options:
-c, --count <count> Total number of samples to display (default 10)-w, --wait <wait> Time interval between samples (default 1 sec)
NetApp Proprietary Information Page 125 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system util lcdmessages
Purpose: Display the LCD messages
Usage: system util lcdmessages
system util ls
Purpose: Display a directory listing
Usage: system util ls <directory>
Parameters:
<directory> Currently valid choices for <directory> include:
NetApp Proprietary Information Page 126 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system util mibget
Purpose: Query MIB information
Usage: system util mibget
system util mibwalk
Purpose: Walk through MIB information
Usage: system util mibwalk
system util openfiles
Purpose: Display the number of open files
Usage: system util openfiles
system util ps
Purpose: Display a listing of running processes
Usage: system util ps [-a] [-c] [-j] [-l] [-m] [-r] [-u] [-v] [-x]
Options:
-a Display information about other users' processes as well as your own
-c Change the ``command'' column output to just contain the executable name
-j Print information associated with the following keywords: user
-l Display information associated with the following keywords: uid
-m Sort by memory usage-r Sort by current cpu usage-u Display information associated with the following
keywords: user-v Display information associated with the following
keywords: pid-x Display information about processes without controlling
terminals
NetApp Proprietary Information Page 127 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system util stacklog
Purpose: Display Appliance stack trace log
Usage: system util stacklog
system util stacktest
Purpose: Test Appliance stack trace log
Usage: system util stacktest
system util top
Purpose: Display a listing of the top CPU processes
Usage: system util top
system util uptime
Purpose: Show how long the system has been running,and its load averages for the last 1,5,and 15 minutes
Usage: system util uptime
system util vmstat
Purpose: Report virtual memory statistics
Usage: system util vmstat [-c <>] [-i] [-m] [-n <>] [-p <>] [-s] [-z]
Options:
-c <> Repeat the display count times (max = 255)-i Report on the number of interrupts taken by each device
since system startup-m Report on the usage of kernel dynamic memory listed first
by size of allocation and then by type of usage-n <> Change the maximum number of disks to display from the
default of 2-p <> Specify which types of devices to display-s Display the contents of the sum structure-z Report on memory used by the kernel zone allocator
NetApp Proprietary Information Page 128 of 144
NetApp KM-Series Command Line Reference Guide 4.0
15.13.1 system util mbeventlog commands
system util mbeventlog list Display motherboard event logssystem util mbeventlog remove Purge motherboard event logs
system util mbeventlo g list
Purpose: Display motherboard event logs
Usage: system util mbeventlog list
system util mbeventlo g remove
Purpose: Purge motherboard event logs
Usage: system util mbeventlog remove
15.13.2 system util techdump commands
system util techdump domain Prepare a report about the domains in the Appliance's configuration database
system util techdump os Prepare a report about the Appliance operating systemsystem util techdump server Prepare a report about the servers in the Appliance's
configuration databasesystem util techdump user Prepare a report about the users in the Appliance's
configuration database
system util techdump domain
Purpose: Prepare a report about the domains in the Appliance's configuration database
Usage: system util techdump domain [--all] [--name <name>] [--password <password>] [--server <server>] [--username <username>]
Options:
--all Dump information for all domains--name <name> Dump information for specified domain--password <password> Password of access user--server <server> Server/Domain Controller - this option ignored if domain
already in database--username <username> Access user - needed if domain is not in database
NetApp Proprietary Information Page 129 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system util techdump os
Purpose: Prepare a report about the Appliance operating system
Usage: system util techdump os
system util techdump server
Purpose: Prepare a report about the servers in the Appliance's configuration database
Usage: system util techdump server [--all] [--name <name>]
Options:
--all Dump information for all servers--name <name> Dump information for specified server (takes real name)
system util techdump user
Purpose: Prepare a report about the users in the Appliance's configuration database
Usage: system util techdump user [--domain <domain>] [--name <name>]
Options:
--domain <domain> Dump information for users in the specified domain--name <name> username@domain
15.13.3 system util trend commands
system util trend disable Disable the trendssystem util trend enable Enable the trendssystem util trend list Display a list of current trending information, if no counter
name is specified then a list of counters is displayedsystem util trend status Status trending process
NetApp Proprietary Information Page 130 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system util trend disable
Purpose: Disable the trends
Usage: system util trend disable
system util trend enable
Purpose: Enable the trends
Usage: system util trend enable [-s, --sample_rate <sample_rate>]
Options:
-s, --sample_rate <sample_rate> The given sample rate the trends should be sampled at(in seconds). Must be between 5 and 86400 (one day).
system util trend list
Purpose: Display a list of current trending information, if no counter name is specified then a list of counters is displayed
Usage: system util trend list [-b, --board_num <board_num>] [-c, --counter_name <counter_name>] [-n, --num_samples <num_samples>]
Options:
-b, --board_num <board_num> The board number that is to be displayed-c, --counter_name <counter_name> The counter name that is to be displayed, or the keyword
ALL to display all counters.-n, --num_samples <num_samples> An integer to specify that the number of samples that
should be displayed
system util trend status
Purpose: Status trending process
Usage: system util trend status [-b, --get_interval_rate]
Options:
-b, --get_interval_rate Option to get the number of available bins
NetApp Proprietary Information Page 131 of 144
NetApp KM-Series Command Line Reference Guide 4.0
15.14 system wizard commands
system wizard admin add Add a new full admin for the appliancesystem wizard agreement Get commands to sign the appliance license agreementsystem wizard cluster... Get commands to run cluster setupsystem wizard crypto... Get commands to run crypto mini-wizardssystem wizard datetime set Set the date, time and timezonesystem wizard finalize Get commands to finish the appliance setupsystem wizard license add Add a new license for a featuresystem wizard lkm configure Nothing needs to be done yetsystem wizard nas configure Configure Appliance serverside settingssystem wizard network... Get commands to manage network settingssystem wizard next Get the next action for the wizard to performsystem wizard prev Revert back to the previous page of the wizardsystem wizard restoredb Get commands to load a existing configuration DB into the
appliancesystem wizard san configure Configure Appliance WWNs and other settingssystem wizard status Get the status of the last wizard that was run
system wizard admin add
Purpose: Add a new full admin for the appliance
Usage: system wizard admin add [--wiztype <wiztype>]
Options:
--wiztype <wiztype> Wizard type
NetApp Proprietary Information Page 132 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system wizard agreement
Purpose: Get commands to sign the appliance license agreement
Usage: system wizard agreement
system wizard datetime set
Purpose: Set the date, time and timezone
Usage: system wizard datetime set
system wizard finalize
Purpose: Get commands to finish the appliance setup
Usage: system wizard finalize
system wizard license add
Purpose: Add a new license for a feature
Usage: system wizard license add
system wizard lkm configure
Purpose: Nothing needs to be done yet
Usage: system wizard lkm configure
system wizard nas configure
Purpose: Configure Appliance serverside settings
Usage: system wizard nas configure
system wizard next
Purpose: Get the next action for the wizard to perform
Usage: system wizard next
NetApp Proprietary Information Page 133 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system wizard prev
Purpose: Revert back to the previous page of the wizard
Usage: system wizard prev
system wizard restoredb
Purpose: Get commands to load a existing configuration DB into the appliance
Usage: system wizard restoredb
system wizard san configure
Purpose: Configure Appliance WWNs and other settings
Usage: system wizard san configure
system wizard status
Purpose: Get the status of the last wizard that was run
Usage: system wizard status
15.14.1 system wizard cluster commands
system wizard cluster enroll Enroll the new members into whitelists of cluster nodessystem wizard cluster introduce Introduce new members to an existing member and vice
versasystem wizard cluster join Get the new member to join the cluster after enrollmentsystem wizard cluster stabilize Wait to see if the cluster forms correctly
NetApp Proprietary Information Page 134 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system wizard cluster enroll
Purpose: Enroll the new members into whitelists of cluster nodes
Usage: system wizard cluster enroll
system wizard cluster introduce
Purpose: Introduce new members to an existing member and vice versa
Usage: system wizard cluster introduce
system wizard cluster join
Purpose: Get the new member to join the cluster after enrollment
Usage: system wizard cluster join
system wizard cluster stabilize
Purpose: Wait to see if the cluster forms correctly
Usage: system wizard cluster stabilize
15.14.2 system wizard crypto commands
system wizard crypto backup Backup recovery material into secret sharessystem wizard crypto rcadd Get commands to introduce a new recovery card into the
systemsystem wizard crypto recover Recovery key material from secret sharessystem wizard crypto setup Get commands to setup trust between SEP and system
card and generate keyssystem wizard crypto tamperreset How to clear intrusion on this appliance
NetApp Proprietary Information Page 135 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system wizard crypto backup
Purpose: Backup recovery material into secret shares
Usage: system wizard crypto backup
system wizard crypto rcadd
Purpose: Get commands to introduce a new recovery card into the system
Usage: system wizard crypto rcadd
system wizard crypto recover
Purpose: Recovery key material from secret shares
Usage: system wizard crypto recover
system wizard crypto setup
Purpose: Get commands to setup trust between SEP and system card and generate keys
Usage: system wizard crypto setup [--slave] [--wiztype <wiztype>]
Options:
--slave This crypto node is joining a cluster, generate only local keys
--wiztype <wiztype> Wizard type
system wizard crypto tamperreset
Purpose: How to clear intrusion on this appliance
Usage: system wizard crypto tamperreset
15.14.3 system wizard network commands
system wizard network certificate Manage the appliance SSL certificatessystem wizard network manage Manage the appliance network settings
NetApp Proprietary Information Page 136 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system wizard network certificate
Purpose: Manage the appliance SSL certificates
Usage: system wizard network certificate
system wizard network manage
Purpose: Manage the appliance network settings
Usage: system wizard network manage
NetApp Proprietary Information Page 137 of 144
NetApp KM-Series Command Line Reference Guide 4.0
Alphabetical Index
active-role add........................................................................................................................................................................................46active-role list.........................................................................................................................................................................................46active-role remove.................................................................................................................................................................................46authorize....................................................................................................................................................................................................4challenge...................................................................................................................................................................................................5cli complete............................................................................................................................................................................................44cli cshelp disable....................................................................................................................................................................................45cli cshelp enable....................................................................................................................................................................................45cli cshelp find..........................................................................................................................................................................................45cli documentation..................................................................................................................................................................................44cli format.................................................................................................................................................................................................44cli pager...................................................................................................................................................................................................45cluster config ipsec dumpsad.............................................................................................................................................................76cluster config ipsec dumpspd.............................................................................................................................................................76cluster config ipsec flushsad...............................................................................................................................................................76cluster config ipsec restart..................................................................................................................................................................76cluster config ipsec secret...................................................................................................................................................................76cluster config member count..............................................................................................................................................................77cluster config member list...................................................................................................................................................................77cluster config member remove..........................................................................................................................................................77cluster config member rmall...............................................................................................................................................................78cluster config member set...................................................................................................................................................................78cluster config name..............................................................................................................................................................................74cluster config potentialmember add.................................................................................................................................................79cluster config potentialmember authenticate.................................................................................................................................79cluster config potentialmember commit..........................................................................................................................................80cluster config potentialmember getmaster.....................................................................................................................................80cluster config potentialmember list...................................................................................................................................................80cluster config potentialmember review............................................................................................................................................80cluster config potentialmember rmall...............................................................................................................................................81cluster config potentialmember set...................................................................................................................................................81cluster config potentialmember status.............................................................................................................................................81cluster config pull..................................................................................................................................................................................74cluster config remote list.....................................................................................................................................................................74cluster config route add.......................................................................................................................................................................82cluster config route heartbeat disable..............................................................................................................................................83cluster config route heartbeat enable...............................................................................................................................................83cluster config route list.........................................................................................................................................................................82cluster config route remove................................................................................................................................................................82cluster config route rmall.....................................................................................................................................................................82cluster config set-local..........................................................................................................................................................................75cluster disable........................................................................................................................................................................................72cluster enable.........................................................................................................................................................................................72cluster rexec...........................................................................................................................................................................................73cluster rsh................................................................................................................................................................................................73cluster state............................................................................................................................................................................................73cluster status..........................................................................................................................................................................................73db begin...................................................................................................................................................................................................84
NetApp Proprietary Information Page 138 of 144
NetApp KM-Series Command Line Reference Guide 4.0
db commit...............................................................................................................................................................................................85db connect..............................................................................................................................................................................................85db export.................................................................................................................................................................................................85db import.................................................................................................................................................................................................86db index list.............................................................................................................................................................................................88db index test...........................................................................................................................................................................................88db record.................................................................................................................................................................................................86db recover...............................................................................................................................................................................................86db rollback..............................................................................................................................................................................................87db save....................................................................................................................................................................................................87db select..................................................................................................................................................................................................87db size......................................................................................................................................................................................................87db status..................................................................................................................................................................................................87db trx kill..................................................................................................................................................................................................88db trx list..................................................................................................................................................................................................89db xlog list...............................................................................................................................................................................................89db xlog test.............................................................................................................................................................................................89db3 restart.................................................................................................................................................................................................7db3 techdump..........................................................................................................................................................................................7db3 zeroize................................................................................................................................................................................................7domain add.............................................................................................................................................................................................48domain controller discover..................................................................................................................................................................48domain group list...................................................................................................................................................................................49domain hash import..............................................................................................................................................................................49domain list..............................................................................................................................................................................................49domain migrate.....................................................................................................................................................................................50domain remove......................................................................................................................................................................................50domain set..............................................................................................................................................................................................51domain user list.....................................................................................................................................................................................51domain validate.....................................................................................................................................................................................52group add................................................................................................................................................................................................53group domain discover.........................................................................................................................................................................53group group list......................................................................................................................................................................................55group group parentlist..........................................................................................................................................................................56group list..................................................................................................................................................................................................54group remove.........................................................................................................................................................................................54group review...........................................................................................................................................................................................54group role grant.....................................................................................................................................................................................56group role revoke..................................................................................................................................................................................57help.............................................................................................................................................................................................................5keyman cryptainerkeys generate.......................................................................................................................................................40keyman cryptainerkeys list..................................................................................................................................................................40keyman cryptainerkeys rename.........................................................................................................................................................40keyman domainkeys list......................................................................................................................................................................38keyman expirekeys...............................................................................................................................................................................38keyman lkmkeys backup.....................................................................................................................................................................41keyman lkmkeys import......................................................................................................................................................................41keyman lkmkeys list.............................................................................................................................................................................42keyman masterkeys..............................................................................................................................................................................39keyman purgekeys accelerate............................................................................................................................................................43keyman purgekeys start.......................................................................................................................................................................43keyman purgekeys status....................................................................................................................................................................43keyman purgekeys stop.......................................................................................................................................................................43
NetApp Proprietary Information Page 139 of 144
NetApp KM-Series Command Line Reference Guide 4.0
keyman set.............................................................................................................................................................................................39lkm db copy............................................................................................................................................................................................19lkm db export.........................................................................................................................................................................................19lkm db list...............................................................................................................................................................................................19lkm db remove.......................................................................................................................................................................................19lkm disk usage.......................................................................................................................................................................................17lkm doc....................................................................................................................................................................................................17lkm key add............................................................................................................................................................................................21lkm key attribute add...........................................................................................................................................................................24lkm key attribute list.............................................................................................................................................................................24lkm key delete........................................................................................................................................................................................21lkm key export.......................................................................................................................................................................................21lkm key import.......................................................................................................................................................................................21lkm key journal list................................................................................................................................................................................24lkm key journal state............................................................................................................................................................................25lkm key journal status..........................................................................................................................................................................25lkm key journal zeroize........................................................................................................................................................................25lkm key list..............................................................................................................................................................................................22lkm key resync.......................................................................................................................................................................................22lkm key sharing group list...................................................................................................................................................................22lkm key statistics...................................................................................................................................................................................23lkm key update......................................................................................................................................................................................23lkm key verify.........................................................................................................................................................................................23lkm key whitelist list.............................................................................................................................................................................23lkm openkey client list..........................................................................................................................................................................26lkm openkey enroll list.........................................................................................................................................................................27lkm openkey enroll pending accept...................................................................................................................................................28lkm openkey enroll pending certificate get......................................................................................................................................28lkm openkey enroll pending list..........................................................................................................................................................28lkm openkey enroll pending reject.....................................................................................................................................................29lkm openkey enroll set.........................................................................................................................................................................27lkm openkey license list.......................................................................................................................................................................26lkm restart..............................................................................................................................................................................................17lkm server add.......................................................................................................................................................................................29lkm server certificate get.....................................................................................................................................................................31lkm server certificate set.....................................................................................................................................................................31lkm server list.........................................................................................................................................................................................30lkm server remove................................................................................................................................................................................30lkm server set.........................................................................................................................................................................................30lkm state info.........................................................................................................................................................................................17lkm status...............................................................................................................................................................................................17lkm test...................................................................................................................................................................................................18lkm zeroize..............................................................................................................................................................................................18net apply..................................................................................................................................................................................................32net connection list.................................................................................................................................................................................32net interface get....................................................................................................................................................................................32net status................................................................................................................................................................................................33net util arp...............................................................................................................................................................................................33net util host.............................................................................................................................................................................................33net util ifconfig.......................................................................................................................................................................................34net util ipsecstats..................................................................................................................................................................................35net util netstat........................................................................................................................................................................................35net util ping.............................................................................................................................................................................................36
NetApp Proprietary Information Page 140 of 144
NetApp KM-Series Command Line Reference Guide 4.0
net util tcpdump delete........................................................................................................................................................................36net util tcpdump start...........................................................................................................................................................................37net util tcpdump status........................................................................................................................................................................37net util tcpdump stop............................................................................................................................................................................37password....................................................................................................................................................................................................5quit..............................................................................................................................................................................................................6role list.....................................................................................................................................................................................................58role path list............................................................................................................................................................................................59system agreement sign........................................................................................................................................................................95system agreement view.......................................................................................................................................................................95system allproperties globalize............................................................................................................................................................91system banner postlogin add..............................................................................................................................................................96system banner postlogin get...............................................................................................................................................................96system banner postlogin set...............................................................................................................................................................96system banner prelogin add................................................................................................................................................................97system banner prelogin get.................................................................................................................................................................97system banner prelogin set.................................................................................................................................................................97system certificate get...........................................................................................................................................................................98system certificate getcert....................................................................................................................................................................98system certificate request generate...............................................................................................................................................100system certificate request get..........................................................................................................................................................100system certificate set............................................................................................................................................................................98system certificate sign..........................................................................................................................................................................99system check..........................................................................................................................................................................................91system crypto approve clear.............................................................................................................................................................103system crypto approve message.....................................................................................................................................................104system crypto approve nonce...........................................................................................................................................................104system crypto approve status...........................................................................................................................................................104system crypto authenticate...............................................................................................................................................................101system crypto channel challenge.....................................................................................................................................................104system crypto channel response......................................................................................................................................................105system crypto ignitionkey change...................................................................................................................................................105system crypto ignitionkey ring..........................................................................................................................................................105system crypto interrupts....................................................................................................................................................................101system crypto level.............................................................................................................................................................................101system crypto manager.....................................................................................................................................................................102system crypto masterkey create......................................................................................................................................................106system crypto masterkey load.........................................................................................................................................................106system crypto numSEPs....................................................................................................................................................................102system crypto protected clearSSL...................................................................................................................................................106system crypto protected loadSSL....................................................................................................................................................106system crypto protected saveSSL....................................................................................................................................................107system crypto proxy............................................................................................................................................................................102system crypto rc add..........................................................................................................................................................................107system crypto rc check......................................................................................................................................................................108system crypto rc delete......................................................................................................................................................................108system crypto rc list............................................................................................................................................................................108system crypto rc restore....................................................................................................................................................................109system crypto rc sync.........................................................................................................................................................................109system crypto rip export....................................................................................................................................................................109system crypto rip getcombination...................................................................................................................................................110system crypto rip getshare................................................................................................................................................................110system crypto rip import....................................................................................................................................................................110
NetApp Proprietary Information Page 141 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system crypto rip loadshare..............................................................................................................................................................110system crypto rip rclist.......................................................................................................................................................................111system crypto rip status.....................................................................................................................................................................111system crypto scstatus.......................................................................................................................................................................103system crypto secretshare authorizeDrtkn....................................................................................................................................112system crypto secretshare getclustertoken...................................................................................................................................112system crypto secretshare getcombination...................................................................................................................................112system crypto secretshare getshare...............................................................................................................................................112system crypto secretshare loadshare.............................................................................................................................................113system crypto secretshare recoverykey.........................................................................................................................................113system crypto secretshare scheme.................................................................................................................................................113system crypto start.............................................................................................................................................................................103system crypto test...............................................................................................................................................................................103system crypto whitelist add..............................................................................................................................................................114system crypto whitelist lock..............................................................................................................................................................114system crypto whitelist query...........................................................................................................................................................114system crypto whitelist remove........................................................................................................................................................114system date get...................................................................................................................................................................................115system date set...................................................................................................................................................................................115system finalize.......................................................................................................................................................................................91system httpd getstatus......................................................................................................................................................................116system httpd restart...........................................................................................................................................................................116system httpd setjobtype....................................................................................................................................................................116system httpd setstatus.......................................................................................................................................................................116system license add.............................................................................................................................................................................117system license check.........................................................................................................................................................................117system license list...............................................................................................................................................................................117system license remove......................................................................................................................................................................117system log list......................................................................................................................................................................................118system log note...................................................................................................................................................................................118system log resetconf..........................................................................................................................................................................119system log restart...............................................................................................................................................................................119system log verify.................................................................................................................................................................................119system lproperty get.............................................................................................................................................................................91system ntpd restart...............................................................................................................................................................................92system property get............................................................................................................................................................................120system property globalize.................................................................................................................................................................120system property secureset................................................................................................................................................................120system property set............................................................................................................................................................................121system raid errors nonmedium........................................................................................................................................................122system raid errors read......................................................................................................................................................................122system raid errors verify....................................................................................................................................................................122system raid errors write.....................................................................................................................................................................122system raid status...............................................................................................................................................................................121system raid temperature...................................................................................................................................................................121system reboot........................................................................................................................................................................................92system revert..........................................................................................................................................................................................92system selftest.......................................................................................................................................................................................92system sensors......................................................................................................................................................................................93system serial..........................................................................................................................................................................................93system shutdown...................................................................................................................................................................................93system snmp restart.............................................................................................................................................................................93system sshd restart...............................................................................................................................................................................93
NetApp Proprietary Information Page 142 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system tamper reset..........................................................................................................................................................................122system tamper status........................................................................................................................................................................123system timers list..................................................................................................................................................................................93system timezone get..........................................................................................................................................................................123system timezone list...........................................................................................................................................................................123system timezone set..........................................................................................................................................................................123system upgrade.....................................................................................................................................................................................93system util autosupport.....................................................................................................................................................................124system util cat.....................................................................................................................................................................................124system util df.......................................................................................................................................................................................125system util echo..................................................................................................................................................................................125system util iostat.................................................................................................................................................................................125system util lcdmessages...................................................................................................................................................................126system util ls........................................................................................................................................................................................126system util mbeventlog list...............................................................................................................................................................129system util mbeventlog remove.......................................................................................................................................................129system util mibget..............................................................................................................................................................................127system util mibwalk............................................................................................................................................................................127system util openfiles...........................................................................................................................................................................127system util ps.......................................................................................................................................................................................127system util stacklog............................................................................................................................................................................128system util stacktest..........................................................................................................................................................................128system util techdump domain..........................................................................................................................................................129system util techdump os...................................................................................................................................................................130system util techdump server............................................................................................................................................................130system util techdump user................................................................................................................................................................130system util top.....................................................................................................................................................................................128system util trend disable...................................................................................................................................................................131system util trend enable....................................................................................................................................................................131system util trend list...........................................................................................................................................................................131system util trend status.....................................................................................................................................................................131system util uptime..............................................................................................................................................................................128system util vmstat..............................................................................................................................................................................128system version.......................................................................................................................................................................................94system wizard admin add..................................................................................................................................................................132system wizard agreement.................................................................................................................................................................133system wizard cluster enroll.............................................................................................................................................................135system wizard cluster introduce.......................................................................................................................................................135system wizard cluster join.................................................................................................................................................................135system wizard cluster stabilize.........................................................................................................................................................135system wizard crypto backup...........................................................................................................................................................136system wizard crypto rcadd..............................................................................................................................................................136system wizard crypto recover...........................................................................................................................................................136system wizard crypto setup...............................................................................................................................................................136system wizard crypto tamperreset..................................................................................................................................................136system wizard datetime set..............................................................................................................................................................133system wizard finalize........................................................................................................................................................................133system wizard license add................................................................................................................................................................133system wizard lkm configure............................................................................................................................................................133system wizard nas configure............................................................................................................................................................133system wizard network certificate...................................................................................................................................................137system wizard network manage......................................................................................................................................................137system wizard next.............................................................................................................................................................................133
NetApp Proprietary Information Page 143 of 144
NetApp KM-Series Command Line Reference Guide 4.0
system wizard prev.............................................................................................................................................................................134system wizard restoredb....................................................................................................................................................................134system wizard san configure............................................................................................................................................................134system wizard status..........................................................................................................................................................................134system zeroize........................................................................................................................................................................................94trustee delete............................................................................................................................................................................................8trustee keys export..................................................................................................................................................................................9trustee keys import..................................................................................................................................................................................9trustee linkkey delete...........................................................................................................................................................................10trustee linkkey list.................................................................................................................................................................................10trustee linkkey map..............................................................................................................................................................................10trustee linkkeysharing disable............................................................................................................................................................11trustee linkkeysharing enable.............................................................................................................................................................11trustee list..................................................................................................................................................................................................8trustee peer delete................................................................................................................................................................................11trustee peer list......................................................................................................................................................................................12trustee unapproved approve...............................................................................................................................................................12trustee unapproved create..................................................................................................................................................................13trustee unapproved delete...................................................................................................................................................................13trustee unapproved list.........................................................................................................................................................................13trustee unapproved receive.................................................................................................................................................................14trustee unapproved review..................................................................................................................................................................14trustee unapproved rmall....................................................................................................................................................................15trustee unapproved send.....................................................................................................................................................................15user add...................................................................................................................................................................................................60user cifs password nullify.....................................................................................................................................................................64user cifs password verify......................................................................................................................................................................64user cifs sid.............................................................................................................................................................................................63user cifs validate....................................................................................................................................................................................63user comers cancel...............................................................................................................................................................................65user comers confirm.............................................................................................................................................................................66user group grant....................................................................................................................................................................................67user group list.........................................................................................................................................................................................67user group parentlist.............................................................................................................................................................................68user group revoke..................................................................................................................................................................................68user home list.........................................................................................................................................................................................69user home remove................................................................................................................................................................................69user home set........................................................................................................................................................................................69user list....................................................................................................................................................................................................61user remove............................................................................................................................................................................................61user role grant........................................................................................................................................................................................70user role list............................................................................................................................................................................................71user role revoke.....................................................................................................................................................................................71user set....................................................................................................................................................................................................62user token dump...................................................................................................................................................................................62who.............................................................................................................................................................................................................6whoami......................................................................................................................................................................................................6
NetApp Proprietary Information Page 144 of 144