Network Management

Reply
Contributor I
Posts: 20
Registered: ‎02-21-2014

AirWave 8.2.4 NO CLI

Was about to update AirWave and noticed a nice little warning message that the CLI would no longer be available.

 

At least it was in the Relase Notes, unlike the whole adding docker to AirWave.

 

Looking at 8.2.4 User Guide Appendix B it looks like the replacement to the CentOS shell is a choose your ending number menu.

 

Way to suck...

At least give me a number option to drop back out to a real shell.

 

 

Moderator
Posts: 1,270
Registered: ‎10-16-2008

Re: AirWave 8.2.4 NO CLI

Thanks for the feedback.

 

There was much debate that went into this feature, and this is just the initial roll out.  As we continue forward, we're hoping to develop custom modules to restore some of the functionality lost by not having direct access to the shell.  If you could help us distinguish which CLI operations you commonly perform from the CLI, we can start to plan out improvements.

 

We already have a request for a subset of network debugging tools: ping, traceroute, tcpdump, nslookup.  And we're keeping a watchful eye on all inbound requests.  So expanding on your feedback response would help a lot in shaping the future of the product.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
New Contributor
Posts: 2
Registered: ‎09-25-2013

Re: AirWave 8.2.4 NO CLI

A way to escape to the full shell would be much appreciated.

Contributor I
Posts: 20
Registered: ‎02-21-2014

Re: AirWave 8.2.4 NO CLI

I'd like to add a request for a full shell menu option.  

Do I need to add that to the idea's feature request? 

MVP
Posts: 1,404
Registered: ‎11-07-2008

Re: AirWave 8.2.4 NO CLI

mholden, while we appreciate the deep, insightful feedback of "Way to suck", it would be far more helpful to inform us on how you are using the CLI and why you require access to the root shell.

 

Access to the shell has causedd no end of support issues long-term where changes were made, packages installed that resulted in stability issues, modifications to settings made that created long, difficult to pin down root-causes that were impacting customer perception of the product. Additionally, leaving root access was a threat vector of bad actors having access to the system adding in software that exposed the machine to additional risk (packages that added CSS vulnerabilities and exploits via some web interface installed as part of the 3rd party package).

 

No other product in the Aruba portfolio leave access to the shell open and this is just the evolution of AirWave into a more secure and stable product. While we can appreicate a small handful of customers that like having access to the shell, it's not a requirement and so long as our customers are informing us as to what they need from the shell that they aren't getting from the AMP CLI and GUI, we can add those support features in as needed. 

 

Thanks, as always. 

Jerrod Howard
Sr. Techical Marketing Engineer
MVP
Posts: 1,404
Registered: ‎11-07-2008

Re: AirWave 8.2.4 NO CLI

Menchini, again, what needs do you have critical to the operation of the AMP do you need root access for? 

Jerrod Howard
Sr. Techical Marketing Engineer
MVP
Posts: 1,404
Registered: ‎11-07-2008

Re: AirWave 8.2.4 NO CLI

There will not likely be any addition to the AMPCLI to enable full root access, it defies the purpose of putting this in in the first place. 

 

A list of what you need root access for that is critical to the operation of the AMP server would help us understand your needs and requirements, or address them via the other alternative paths provided in the GUI or AMP CLI, and if they aren't there, we can add them. But root access, just to have it, is not likely going to be a valid reason. 

Jerrod Howard
Sr. Techical Marketing Engineer
Contributor I
Posts: 20
Registered: ‎02-21-2014

Re: AirWave 8.2.4 NO CLI

Jerrod sorry, you are correct, knee jerk reaction. 

 

While full root access is not strickly needed, shell access has been VERY useful.

I've always hated loggin in a root, a user accuont is much better, and I've in some cases created such an account. 

Shell access is VERY much appreciated and used. 

I've used it as everything from a make shift SCP server so that we can get flash backups off the controllers, to a jump box for being able to change the default route on controllers. 

 

Root access has also been required when creating mount and backup scripts in order to have AirWave backups go to CIFS shares. sudoers would be fine for these functions. 

 

Another reason for shell Troubleshooting and Upgrading. 

 

Perhaps a balanced approach of going therough a couple of menu options to get to a user shell, and doing the one time key to get full root access like on the controllers would allow for flexablity while reducing the support calls.

MVP
Posts: 1,404
Registered: ‎11-07-2008

Re: AirWave 8.2.4 NO CLI

Some of those have been discussed to be added in future versions (adding a module to enable offline backups or to make the scripting of backups easier). Downloading of the logs should contain all the troubleshooting logs moving forward (and if not, TAC case will file a bug to add that in). A jump box, while handy (and I've used it many times), it's not a feature we support or advocate so losing it shouldn't be a critical loss. 

 

SCP server host still works with the AMP CLI, you can load up and down files into the AMP via the AMP CLI to use for controller firmware, move files in and out, load certs and new packages, etc. 

 

However, there will not likely be any steps or processes that ends up with the ability to get any root access to the system, via user account, sudo, or otherwise. Thanks for the feedback, we will bring this up with PLM and engineering as things to add in. 

Jerrod Howard
Sr. Techical Marketing Engineer
Contributor I
Posts: 20
Registered: ‎02-21-2014

Re: AirWave 8.2.4 NO CLI

One other use for the CLI.

I didn't see how you are able to load a Web https certificate for AirWave now. 

 

Was there a feature in 8.2.4 that allows us to change the web cert in the GUI? 

Search Airheads
Showing results for 
Search instead for 
Did you mean: