FortiAnalyzer-BigData cluster controller CLI
This section describes how to use fazbdctl
, the FortiAnalyzer-BigData Command Line Interface (CLI), and contains references for all fazbdctl
commands.
fazbdctl
is available on the cluster controller (see Connect to the FortiAnalyzer-BigData CLI) and is the main command used to manage the hosts of FortiAnalyzer-BigData.
Syntax
fazbdctl <command>
Commands
Command |
Description |
---|---|
enable |
Enable/disable cluster-wide features. |
help |
Help about any command. |
init |
Initialize the FAZ-BD cluster. |
reset |
Factory-reset or re-install the OS of a single node or the whole cluster. |
set |
Set system parameters. |
show |
Display system or cluster information. |
upgrade |
Upgrade system components. |
decommission |
Decommission a defect blade after it is powered off to get ready for new blade. |
disk-encryption |
Operations related to disk-encryption. |
Option |
Description |
---|---|
-h, --help |
Help information. |
Show version
fazbdctl show version
Shows the FortiAnalyzer-BigData version of the host.
Show members
fazbdctl show members
Lists all the cluster hosts' information managed by the cluster controller.
Option |
Description |
---|---|
{-o | --option} wide |
Display additional columns such as MAC address and version information in wide format. |
Example response
In this example:
Management IP/Mask
is10.106.2.168/24
Field name |
Chassis |
Blade |
Role |
Address |
Ext Address |
Host Name |
---|---|---|---|---|---|---|
Value example |
1 |
2 |
Controller |
198.18.1.2 |
10.106.2.170 |
blade‑198.18.1.2 |
|
1 |
32 |
Member |
198.18.1.32 |
10.106.2.174 |
blade‑198.18.1.32 |
Field name |
State |
Status |
Tips |
---|---|---|---|
Value example |
Joined |
Alive |
|
|
Upgrading |
Alive |
Need upgrade |
Field descriptions
Field name |
Description |
---|---|
Management IP/Mask |
This is the management IP address that is configured. |
Chassis |
By default, the Chassis ID is 1. |
Blade |
Represents which the slot the blade is located in. The order of the blade slots starts from the left side of the FortiAnalyzer-BigData appliance, starting from 1 to 14. |
Role |
Role is either controller or member. |
Address |
The internal IP address is immutable and is generated from the 198.18.{chass ID}.{blade ID} |
Ext Address |
The external IP address is set by users through |
Host Name |
The host name. |
State |
The current status of the host.
|
Status |
The current status of the host.
|
Tips |
Tips and notes about the host.
|
Example response in wide format
In this example:
Management IP/Mask
is10.106.2.168/24
Gateway
is10.106.2.254
Field name |
Chassis |
Blade |
Role |
Address |
Ext Address |
Ext Gateway |
Host Name |
---|---|---|---|---|---|---|---|
Value example |
1 |
2 |
Controller |
198.18.1.2 |
10.106.2.170 |
10.106.2.254 |
blade‑10‑0‑1‑2 |
|
1 |
32 |
Member |
198.18.1.32 |
10.106.2.174 |
10.106.2.254 |
blade‑10‑0‑1‑32 |
Field name |
MAC |
Version |
State |
Status |
Tips |
---|---|---|---|---|---|
Value example |
00:50:56:b2:7d:77 |
FortiAnalyzer-BigData-VM64 1.2.0 |
Joined |
Alive |
|
|
00:50:56:b2:e2:7b |
FortiAnalyzer-BigData-VM64 1.1.0 |
Upgrading |
Alive |
Need upgrade |
Additional field descriptions for wide format
Field name |
Description |
---|---|
Gateway |
This is the gateway for the management IP address that is configured. |
Ext Gateway |
The gateway for the external IP address. |
MAC |
The MAC address of the internal interface. |
Version |
The FortiAnalyzer-BigData version number running on the host. |
Upgrade
fazbdctl upgrade {bootloader | fazbd | cluster} [-U <URL>][-o <option>][-p <password>][-u <username>][-n][-s]
Use this command to upgrade bootloader with argument "bootloader" and upgrade FortiAnalyzer-BigData OS with argument "fazbd" or "cluster" for the whole cluster. For more information, see the FortiAnalyzer-BigData Administration Guide in the Fortinet Doc Library.
- This command should be executed only on the cluster controller. It has no effect if run on other hosts.
- This command is only allowed when all the FortiAnalyzer-BigData services are healthy, but you can use
-f
to force the upgrade to run.Extra options Description {-U | --image-url} <URL>
URL with protocol for the image to be downloaded and installed. Supported protocols are FTP, SFTP, HTTP and HTTPS. Example: http://10.160.74.123/FAZBD.out
{-o | --option} <Option>
Re-run options when failed: skip | retry | restart
.{-p | --password} [<password>]
Password for the download server if there is one. {-u | --username} [<username>]
Username for the download server if there is one. {-n | --no-swap}
Disable RAM swap creation during the upgrade process. {-s | --skip-pre-upgrade}
Skip the pre-upgrade.
Examples
Command Description fazbdctl upgrade cluster
Interactively upgrade FortiAnalyzer-BigData. fazbdctl upgrade cluster -o retry
If last upgrade fails, retry from the state where the upgrade fails.
Reset
fazbdctl reset [<worker-ip> | cluster] [-A | -I] [-o <option>][-n]
Reset the entire OS and optionally format all the disks for a single host or the whole cluster. When there is no argument specified, the reset applies to local host.
These are the available options in this command:
Extra options |
Description |
---|---|
{-A | --all-settings} |
Resets all settings. |
{-I | --all-except-ip} |
Keeps the public IP constant. |
|
Re-run options when failed in soft reset: skip, retry, restart |
{-x | --exclude-faz} |
Excludes the Main host when resetting the cluster. |
|
Keeps current subnet after hard-resetting cluster. |
If no option is set, a soft reset will be performed. Otherwise, a hard reset will be performed to additionally format all the disks.
Examples
Command |
Description |
---|---|
fazbdctl reset |
Re-install the OS of this node (local). |
fazbdctl reset 198.18.1.32 |
Re-install the OS of node 198.18.1.32, from a controller. |
fazbdctl reset 198.18.1.32 -A |
Factory-reset and clears all settings and data from the specified node, from a controller. |
fazbdctl reset cluster |
Re-install the OS of the whole cluster, from the controller. |
fazbdctl reset cluster -I |
Factory-reset the whole cluster from the controller, keeping external management IP address. |
fazbdctl reset cluster -A |
Factory-reset the whole cluster from the controller, clearing all settings and data. |
|
Factory-reset the whole cluster from the controller, clearing all settings and data but retaining the original subnet after reset. |
For instructions on how to reset your device, see the FortiAnalyzer-BigData Administration Guide in the Fortinet Doc Library.
Init
fazbdctl init cluster [-o <option>][-n][-F][-l]
Initialize the FortiAnalyzer-BigData cluster. This command initializes and configures the FortiAnalyzer-BigData cluster hosts. The process takes approximately 30 to 40 minutes. For more information, see the FortiAnalyzer-BigData Administration Guide in the Fortinet Doc Library.
- This command should be executed only on the cluster controller. It has no effect if run on other hosts.
Extra options Description {-o | --option} <Option>
Re-run options when failed: skip | retry |restart
{-n | --no-swap}
Disable RAM swap creation during the initialization process. {-F | --force}
Force to run, even if the cluster is already initialized.
{-l | --encrypt-data-disks}
Enable data-at-rest encryption on the data disks.
If you run this command on an existing cluster, it will reinitialize and cause you to lose all log data and configurations. |
Decommission
fazbdctl decommission <member IP/host name>[-Y]
After a defective blade is powered off, run this command to make the cluster ready for a replacement blade.
Extra options | Description |
---|---|
{-Y | --auto-confirm}
|
Skip interactive prompt and confirmation. |
Disk Encryption
fazbdctl disk-encryption {init | change-phrase | status | open} [-f]
For instructions to enable data-at-reset encryption and related operations, see the FortiAnalyzer-BigData Administration Guide in the Fortinet Doc Library.
Command | Description |
---|---|
init
|
Initialize disk encryption on target host(s) when they are newly added or added as replacement. Pass a list of space-separated hosts with quotes if needed. For example, fazbdctl disk-encryption init "blade-198-18-1-3 blade-198-18-1-5" |
change-passphrase
|
Change the data disk encryption passphrase for all cluster hosts. |
status <IP(s)/Host(s)>
|
Get the status of data disk encryption for the cluster or target host(s). |
open all|members|<IP(s)/Host(s)
|
Open the encrypted disk on all, members, or target host(s) will operate on local host if no argument is passed. |
Extra options | Description |
---|---|
[-f]
|
Filter the status output by the attribute name. |
Set management and external addresses
fazbdctl {set | unset} addr {<external ip/mask> | dhcp} [<gateway>] [--management] \ [-H] [-A] [-Y]
Set management IP address on the cluster controller and external IP addresses (used for Hyperscale logging) on cluster hosts to allow them to communicate with the outside world.
external ip/mask
can be IP CIDR address or simply dhcp
.
- The optional
management
flag indicates the data carried in theexternal ip/mask
andgateway
fields is used to set the main management IP address. This flag is not compatible with-H
and-A
and is only available on the cluster controller. - The optional
-H
flag specifies the internal IP address of a host where the external IP will be assigned. Without this flag, the external IP address is assigned to the local host. - The optional
-A
flag sets external IP addresses on all hosts from the controller. In this case, theexternal ip/mask
field specifies the starting external IP address to be assigned to the first host. The remaining hosts are assigned external IP addresses incrementally from the starting external IP address within the network subnet, wrapping around when reaching the boundary of the network subnet. This flag is not compatible ifexternal ip/mask
isdhcp
. - The optional
-Y
flag lets you skip interactive confirmation when the command is issued.
Examples
Command |
Description |
---|---|
fazbdctl set addr 10.160.74.174/24 10.160.74.1
|
Set external IP CIDR address and gateway on local host. |
fazbdctl set addr -H 198.18.1.3
|
Set external IP CIDR address and gateway for host 198.18.1.3. |
fazbdctl set addr dhcp
|
Set external IP CIDR address via DHCP on local host. |
fazbdctl set addr 10.160.74.174/24
|
Set external IP CIDR address on local host. |
fazbdctl set addr 10.160.74.174/24 10.160.74.1 --management
|
Set management IP CIDR address with gateway on controller host. |
fazbdctl unset addr -H 198.18.1.3
|
Unset external IP CIDR address on host 198.18.1.3. |
fazbdctl unset addr --management
|
Unset the management IP CIDR address. |
fazbdctl set addr 10.160.74.174/24 10.160.74.1 -A
|
Set external IP CIDR address on all members, starting from 10.160.74.174. |
|
Unset external IP CIDR address on all members. |
Set appliance role
fazbdctl set appliance {extender-chassis-id}
Designate an appliance as an extender appliance so you can add it as an extender to the main appliance. For instructions on assigning a new chassis ID to the extender appliance, see the FortiAnalyzer-BigData Administration Guide in the Fortinet Doc Library.
- This command should be executed only on the cluster controller. It has no effect if run on other hosts.
Set Security Event Manager hosts OS password
fazbdctl set password
By default, the OS password for the Security Event Manager hosts is fortinet@123
. Use this command to set a new password for them. This password is used to SSH to Security Event Manager hosts and enters the secure shell by using fazbdctl execute shell
in a remote CLI console.
Enable Secure Shell
fazbdctl execute shell
Enter the secure shell by using in a remote CLI console session from the Cluster Manager web GUI. The Security Event Manager host OS password will be prompted.
Enable/Disable IP-Forward
fazbdctl [ enable | disable ] ip-forward
By default, all the cluster hosts except the cluster controller have no external network access. In some cases, you might want to allow external network access for all hosts, for example, to backup and restore data to external HDFS, to support Hyperscale log ingestion, etc.. This command allows you to forward packets from your internal network by enabling or disabling the NAT setup on the cluster controller.
- This command should be executed only on the cluster controller. It has no effect if run on other hosts.
Unstack chassis
fazbdctl unstack-chassis
Use this command in the cluster controller to unstack the chassis so that they can be separated safely. For more information see How to remove a chassis from a stacked setup in the FortiAnalyzer-BigData Administration Guide.