Academy

NCLU - NETWORK COMMAND LINE UTILITY Academy

UNIT 3
 Outline Academy

Academy
Unit Outline
 NCLU Overview
 NCLU Commands
 Committing and Aborting Configuration
 Track and Roll-Back Historical Commits
Network Command Line Utility - NCLU Academy

 NCLU is a command line interface which has the following properties:

 Simplifies the networking configuration process.

 Provides access to networking commands directly via Bash, allowing a simple and
easy configuration and troubleshooting - no file editing needed.

 The NCLU wrapper utility called net is capable of:

 Configuring layer 2 and layer 3 features

 Installing ACLs and VXLANs

 Restoring configuration files

 Providing monitoring and troubleshooting functionality

for these features

3
NCLU Commands Academy

Show NCLU commands

cumulus@leaf1:mgmt:~$ net [TAB]
abort : abandon changes in the commit buffer
add : add/modify configuration
clear : clear counters, BGP neighbors, etc
commit : apply the commit buffer to the system
del : remove configuration
example : detailed examples of common workflows
help : context sensitive information; see section below
pending : show changes staged in the commit buffer
rollback : revert to a previous configuration state
show : show command output

4
NCLU Help Options Academy

 NCLU context sensitive help

 Use [TAB] from any mode to view available commands
View available commands
cumulus@leaf1:mgmt:~$ net [TAB]

 Use [TAB] to auto complete commands.

Autocomplete a command
cumulus@leaf1:mgmt:~$ net sh[TAB]
cumulus@leaf1:mgmt:~$ net show

 NCLU has a number of built-in examples to guide users through basic configuration setup
Show NCLU examples
cumulus@leaf1:mgmt:~$ net example [TAB]
acl : access-list
bgp : Border Gateway Protocol
bond : bond, port-channel, etc
bridge : a layer2 bridge
clag : Multi-Chassis Link Aggregation
5
Context Aware Recommendation Academy

Context aware recommendation

cumulus@leaf1:mgmt:~$ net add interface swp9 mtu 500
ERROR: Command not found

net add interface swp9 mtu 500

^ Invalid value here
Did you mean one of the following?
net add interface <interface> mtu <552-9216>

cumulus@leaf1:mgmt:~$ net add interface swp9 mtu 5000

cumulus@leaf1:mgmt:~$ net add interface swp2,9-12 mtu 5000

A range of interfaces can be used

6
NCLU Workflow Academy

 NCLU uses the following workflow for staging and committing changes to Cumulus Linux:

Use the net add and net del commands to stage/remove configuration changes

Use the net pending command to review staged changes

Use net commit or net abort to commit/delete staged changes

 net commit applies the changes to the relevant configuration files, such as
/etc/network/interfaces, then runs necessary follow on commands to enable the
configuration, such as ifreload -a.
 If two different users try to commit changes at the same time, NCLU displays a warning
but implements the change according to the first commit received. The second user will
need to abort the commit.

7
Configuration Example Academy

 NCLU configuration steps:

1. Change configuration by using net add or net del
Add or delete interfaces
cumulus@leaf1:mgmt:~$ net add interface swp2 link speed 10000
cumulus@leaf1:mgmt:~$ net del interface swp1

2. Show changes staged in the commit buffer

Show pending changes
cumulus@leaf1:mgmt:~$ net pending
--- /etc/network/interfaces 2020-08-20 12:16:38.719602651 +0000
+++ /run/nclu/ifupdown2/interfaces.tmp 2020-09-22 07:59:10.293230643 +0000

<output omitted>

-auto swp1
-iface swp1
+auto swp2 Shows lines added and removed
+iface swp2
+ link-speed 10000 8
Committing Configuration Academy

3. Use net commit or net abort to commit/delete staged changes

Commit changes
cumulus@leaf1:mgmt:~$ net commit

-auto swp1
-iface swp1
+auto swp2
+iface swp2
+ link-speed 10000

net add/del commands since the last "net commit"

================================================
User Timestamp Command
------- -------------------------- ---------------------------------------
cumulus 2020-09-22 08:06:35.900493 net add interface swp2 link speed 10000
cumulus 2020-09-22 08:06:43.624910 net del interface swp1

Abort changes
cumulus@leaf1:mgmt:~$ net abort
9
 Adding Commit Description Academy

 When committing changes, it is possible to add describing. Then the description can be
used to rollback to that configuration.

Add commit description

cumulus@leaf1:mgmt:~$ net add interface swp2,9-12 mtu 5000
cumulus@leaf1:mgmt:~$ net commit description SET-MTU
 NCLU tracks historical commits
Commit description
View commit history
cumulus@leaf1:mgmt:~$ net show commit history
net show commit history
# Date Description
30 2020-09-22 08:06:23 nclu "net commit" (user cumulus)
32 2020-09-22 08:07:31 nclu "net commit" (user cumulus)
34 2020-09-22 08:08:41 nclu SET-MTU

Commit number Commit description

10
Rolling-back to a Previous Configuration Academy

NCLU enables to revert to a previous configuration state by using the commit

number or description.

Rollback to a previous configuration

cumulus@leaf1:mgmt:~$ net rollback

<number> : any integer
description : description
last : the most recent 'net commit' snapshot

cumulus@leaf1:mgmt:~$ net rollback 28

cumulus@leaf1:mgmt:~$ net rollback description SET-MTU

11
Show the Configuration Academy

 NCLU enables to show the commands to recreate current configuration:

Show the configuration

cumulus@leaf1:mgmt:~$ net show configuration commands
net add interface swp16 breakout 4x
net add bridge bridge vids 33
net add interface eth0 ip address dhcp
net add interface swp1,10-15,swp16s0-3,swp2-9
net commit

12
Back-up the Configuration Academy

 NCLU enables to back up the configuration to a single file:

Back up the configuration

cumulus@leaf1:mgmt:~$ net show configuration commands >> leaf1-config.txt

 You can then use the file to retrieve the configuration or to copy the configuration to
other switches:

Retrieve the configuration

cumulus@leaf1:mgmt:~$ source leaf1-config.txt

13
Reset the Configuration Academy

 NCLU enables to reset the configuration:

Reset the configuration

cumulus@leaf1:mgmt:~$ net del all
cumulus@leaf1:mgmt:~$ net commit

 Deletes all NCLU configurations

 The command does not remove management VRF configurations, as NCLU does
not interact with eth0 interface and management VRF.

14
Configuring User Accounts Academy

You can configure user accounts in Cumulus Linux with read-only or edit permissions
for NCLU:
 NCLU read-only users:
 Add the user to the netshow group.
 A user in the netshow group can run NCLU net show commands, such as net
show interface or net show config, and certain general Linux commands, such
as ls, cd or man, but cannot run net add, net del or net commit commands.
 NCLU read-write users:
 Add the user to the netedit group.
 A user in the netedit group can run NCLU configuration commands, such net
add, net del or net commit in addition to NCLU net show commands.

Those users don’t have sudo privileges

Allowing New Users to Use NCLU Editing Commands Academy

Add a user
cumulus@leaf1:mgmt:~$ sudo adduser ben
.
Enter new UNIX password:
Retype new UNIX password:

Add the user to the ‘netedit’ group

cumulus@leaf1:mgmt:~$ sudo adduser ben netedit
Adding user `ben' to group `netedit' ...
Adding user ben to group netedit
Done.

Allow net editing commands

16
Allowing New Users to Use NCLU Show Commands Academy

Add a user
cumulus@leaf1:mgmt:~$ sudo adduser guy
.
Enter new UNIX password:
Retype new UNIX password:

Add the user to the ‘netshow’ group

cumulus@leaf1:mgmt:~$ sudo adduser guy netshow Allow ‘net show’
Adding user `guy' to group `netshow' ... commands only
Adding user guy to group netshow
Done.

Check access to NCLU commands

guy@leaf1:mgmt:~$ net add int swp2 ip add 5.5.5.5/24
ERROR: You do not have permission to execute that command.

User ‘guy’ is not allowed to use NCLU editing commands

17
 Outline Academy

Academy
Unit Summary
 NCLU Overview
 NCLU Commands
 Committing and Aborting Configuration
 Track and Roll-Back Historical Commits