0% found this document useful (0 votes)

35 views378 pages

Command Ref AOS v6 8

Uploaded by

Ilavarasu c b sekar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

35 views378 pages

Command Ref AOS v6 8

Uploaded by

Ilavarasu c b sekar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 378

Command Reference

AOS 6.8
May 20, 2024
Contents

Acropolis Command-Line Interface (aCLI).............................................. 4

CLI Reference Conventions........................................................................................................ 4
ads............................................................................................................................................. 4
core........................................................................................................................................... 5
ha............................................................................................................................................... 6
host........................................................................................................................................... 7
image......................................................................................................................................... 8
iscsi_client.......................................................................................................................... 12
net........................................................................................................................................... 13
nf............................................................................................................................................. 29
parcel..................................................................................................................................... 29
snapshot..................................................................................................................................30
vg............................................................................................................................................. 30
vm............................................................................................................................................. 39
vm_group..................................................................................................................................64

Nutanix Command-Line Interface (nCLI)............................................... 67

Installing the nCLI on Your Local System................................................................................. 67
Initiating an nCLI Session From Your Local System.................................................................. 68
Command Format..................................................................................................................... 69
Embedded Help........................................................................................................................69
nCLI Entities.............................................................................................................................69
Nutanix Command-Line Interface Reference............................................................................ 70
CLI Reference Conventions............................................................................................ 70
alerts: Alert.................................................................................................................. 71
authconfig: Authentication Configuration..................................................................... 72
cloud: Cloud.................................................................................................................. 79
cluster: Cluster............................................................................................................ 83
container: Storage Container....................................................................................... 99
data-at-rest-encryption: Data At Rest Encryption..................................................105
data-at-rest-encryption-certificate: Data At Rest Encryption Certificate.......... 107
datastore: Datastore...................................................................................................110
disk: Physical Disk.......................................................................................................111
events: Event............................................................................................................... 112
failover-cluster: Failover Cluster............................................................................ 113
file-server: File Server............................................................................................. 114
health-check: Health Check....................................................................................... 150
host: Physical Host...................................................................................................... 151
http-proxy: HTTP Proxy..............................................................................................156
key-management-server: Key Management Server..................................................... 158
license: License..........................................................................................................159
managementserver: Management Server..................................................................... 161
multicluster: Multicluster.......................................................................................... 163
network: Network.........................................................................................................164
nutanix-guest-tools: Nutanix Guest Tools............................................................... 171
progress-monitor: Progress Monitor..........................................................................173
protection-domain: Protection domain...................................................................... 174
pulse-config: Pulse Configuration..............................................................................189

ii
rackable-unit: Rackable unit..................................................................................... 190
remote-site: Remote Site........................................................................................... 190
rsyslog-config: TLS configuration for RSyslog service..............................................196
smb-server: Nutanix SMB server................................................................................. 199
snapshot: Snapshot..................................................................................................... 200
snmp: SNMP.................................................................................................................. 201
software: Software...................................................................................................... 205
ssl-certificate: SSL Certificate...............................................................................207
storagepool: Storage Pool.......................................................................................... 208
storagetier: Storage Tier...........................................................................................209
task: Tasks...................................................................................................................211
user: User.................................................................................................................... 212
vdisk: Virtual Disk....................................................................................................... 215
virtual-disk: Virtual Disk.......................................................................................... 218
virtualmachine: Virtual Machine................................................................................ 219
volume-group: Volume Groups.................................................................................... 221
vstore: VStore............................................................................................................. 227

Controller VM Commands................................................................... 229

Specifying Credentials............................................................................................................229
cluster.................................................................................................................................... 229
genesis................................................................................................................................... 331
ncc......................................................................................................................................... 348
setup_hyperv.py......................................................................................................................375

iii
ACROPOLIS COMMAND-LINE INTERFACE
(ACLI)
Acropolis provides a command-line interface for managing hosts, networks, snapshots, and VMs.

Accessing the Acropolis CLI

To access the Acropolis CLI, log on to a Controller VM in the cluster with SSH and type acli at the shell
prompt.
To exit the Acropolis CLI and return to the shell, type exit at the <acropolis> prompt.

CLI Reference Conventions

This command-line interface reference uses the following conventions.

• Parameters in italic are unique to your environment.

value

• Parameters in square brackets are optional.

[ value ]

• Parameters in curly brackets must be one of a limited set of values.

{ value1 | value2 }
One example is boolean parameters: { true | false }
• The keyword is a literal string required by the command, and the value is the unique value for your
environment.
keyword=value

ads

Operations

• Get current Acropolis Dynamic Scheduling (ADS) configuration : ads.get

• Enable or disable Acropolis Dynamic Scheduling (ADS) : ads.update

Get current Acropolis Dynamic Scheduling (ADS) configuration

<acropolis> ads.get
Required arguments
None

Enable or disable Acropolis Dynamic Scheduling (ADS)

<acropolis> ads.update [ enable="{ true | false }" ]
Required arguments
None
Optional arguments
enable

AOS | Acropolis Command-Line Interface (aCLI) | 4

Enable ADS.
Type: boolean
Default: true

core

Operations

• Exits the CLI : core.exit

• Gets the current value of the given configuration options : core.get
• Provides help text for the named object : core.help
• Sets the value of the given configuration options : core.set

Exits the CLI

<acropolis> core.exit
Required arguments
None

Gets the current value of the given configuration options

<acropolis> core.get [ options ]
Required arguments
None
Optional arguments
options
Comma-delimited list
Type: list of configuration options

Provides help text for the named object

<acropolis> core.help [ name ]
Required arguments
None
Optional arguments
name
Command or namespace to describe
Type: command or namespace name

Sets the value of the given configuration options

<acropolis> core.set [ assume_default="{ true | false }" ][ inline_help="{ true | false }" ][
json="{ true | false }" ][ page_size="page_size" ][ pretty="{ true | false }" ][ use_dns="{ true |
false }" ]
Required arguments
None
Optional arguments
assume_default

AOS | Acropolis Command-Line Interface (aCLI) | 5

Reply to all prompts with default values.
Type: boolean
inline_help
Show inline help for tab completion.
Type: boolean
json
Output JSON.
Type: boolean
page_size
Number of lines before pagination.
Type: int
pretty
Show pretty output.
Type: boolean
use_dns
Perform DNS lookups.
Type: boolean

Operations

• Get current HA configuration : ha.get

• Enable, disable or modify VM availability configuration : ha.update

Get current HA configuration

<acropolis> ha.get
Required arguments
None

Enable, disable or modify VM availability configuration

<acropolis> ha.update [ num_host_failures_to_tolerate="num_host_failures_to_tolerate"
][ wait="{ true | false }" ]
Required arguments
None
Optional arguments
num_host_failures_to_tolerate
Number of host failures to tolerate. Setting to 0 will restart VMs on a best-effort basis.
Type: int
wait
If True, wait for the host evacuation attempt to finish
Type: boolean
Default: true

AOS | Acropolis Command-Line Interface (aCLI) | 6

host

Operations

• Puts a host into maintenance mode : host.enter_maintenance_mode

• Check if AHV host can enter maintenance mode : host.enter_maintenance_mode_check
• Takes a host out of maintenance mode : host.exit_maintenance_mode
• Retrieves scheduler information about a Host : host.get
• Lists hosts in the cluster : host.list
• Lists VMs currently running on the host : host.list_vms

Puts a host into maintenance mode

This command initiates a transition into maintenance mode. The host will be marked as unschedulable, so
that no new VMs are instantiated on it. Subsequently, an attempt is made to evacuate VMs from the host.
If the evacuation attempt fails (e.g., because there are insufficient resources available elsewhere in the
cluster), the host will remain in the "entering maintenance mode" state, where it is marked unschedulable,
waiting for user remediation. The user may safely run this command again, and may do so with different
options (e.g., by specifying mode=power_off to power off the remaining VMs on the host). A request to
enter maintenance mode may be aborted at any time using the host.exit_maintenance_mode command.
The user should use the host.get command to determine the host's current maintenance mode state.
<acropolis> host.enter_maintenance_mode host [ mode="mode" ][
non_migratable_vm_action="non_migratable_vm_action" ][ wait="{ true | false }" ]
Required arguments
host
Host identifier
Type: host
Optional arguments
mode
Evacuation mode ('live', 'cold', 'power_off')
Type: string
Default: live
non_migratable_vm_action
Action for non migratable VMs ('block', 'acpi_shutdown')
Type: string
Default: block
wait
If True, wait for the host evacuation attempt to finish
Type: boolean
Default: true

Check if AHV host can enter maintenance mode

User can proceed to 'host.enter_maintenance_mode' if check succeeds.
<acropolis> host.enter_maintenance_mode_check host [
non_migratable_vm_action="non_migratable_vm_action" ]

AOS | Acropolis Command-Line Interface (aCLI) | 7

Required arguments
host
Host identifier
Type: host
Optional arguments
non_migratable_vm_action
Action for non migratable VMs ('block', 'acpi_shutdown')
Type: string
Default: block

Takes a host out of maintenance mode

This command may be used to abort a prior attempt to enter maintenance mode, even if the attempt is
ongoing. If the host is no longer in maintenance mode, this command has no effect.
<acropolis> host.exit_maintenance_mode host
Required arguments
host
Host identifier
Type: host

Retrieves scheduler information about a Host

<acropolis> host.get host_list
Required arguments
host_list
Host identifier
Type: list of hosts

Lists hosts in the cluster

<acropolis> host.list
Required arguments
None

Lists VMs currently running on the host

<acropolis> host.list_vms host
Required arguments
host
Host UUID
Type: host

image

Operations

• Create an image : image.create

• Delete an image(s) : image.delete
• Retrieves information about an image : image.get

AOS | Acropolis Command-Line Interface (aCLI) | 8

• List all Images : image.list
• Update an image : image.update

Create an image
Images of the following type can be created: - iso - qcow2 - raw - vdi - vhd - vhdx - vmdk Two different
modes of creation are supported. A URL to a disk image can be provided with the source_url keyword
argument or an existing vmdisk can be provided with the clone_from_vmdisk keyword argument. If the
image is created from a source_url then a container must also be provided. Otherwise the container
keyword argument should not be specified and the image will reside in the same container as the vmdisk.
In addition to a creation mode, an image type must also be provided. Image types can either be an ISO
(kIsoImage) or a disk image (kDiskImage). Optionally, a checksum may also be specified if we are creating
an image from a source_url in order to verify the correctness of the image.
<acropolis> image.create name [ annotation="annotation" ][ architecture="architecture"
][ clone_from_vmdisk="clone_from_vmdisk" ][ compute_checksum="{ true |
false }" ][ container="container" ][ image_type="{raw|vhd|vmdk|vdi|iso|qcow2|
vhdx}" ][ product_name="product_name" ][ product_version="product_version"
][ sha1_checksum="sha1_checksum" ][ sha256_checksum="sha256_checksum" ][
source_url="source_url" ][ wait="{ true | false }" ]
Required arguments
name
Comma-delimited list of image names
Type: list of strings with expansion wildcards
Optional arguments
annotation
Image description
Type: string
architecture
Disk image CPU architecture
Type: image architecture
clone_from_vmdisk
UUID of the source vmdisk
Type: VM disk
compute_checksum
If True, we will compute the checksum of the image
Type: boolean
Default: false
container
Destination Storage Container
Type: container
image_type
Image type
Type: image type
product_name
Name of the producer/distributor of the image

AOS | Acropolis Command-Line Interface (aCLI) | 9

Type: string
product_version
Version string for the image
Type: string
sha1_checksum
SHA-1 checksum
Type: hex checksum
sha256_checksum
SHA-256 checksum
Type: hex checksum
source_url
URL location of the source image
Type: image URL
wait
If True, we will wait for the image creation to complete
Type: boolean
Default: true
Examples
1. Create an image named 'foo' from an image located at http://test.com/disk_image.
<acropolis> image.create foo source_url=http://test.com/image_iso container=default
image_type=kIsoImage architecture=kX86_64

2. Create an image named 'bar' from a vmdisk 0b4fc60b-cc56-41c6-911e-67cc8406d096.

<acropolis> image.create bar clone_from_vmdisk=0b4fc60b-cc56-41c6-911e-67cc8406d096
image_type=kDiskImage

Delete an image(s)
<acropolis> image.delete image_list
Required arguments
image_list
Image identifiers
Type: list of images

Retrieves information about an image

<acropolis> image.get image_list [ include_vmdisk_paths="{ true | false }" ][
include_vmdisk_sizes="{ true | false }" ]
Required arguments
image_list
Image identifiers
Type: list of images
Optional arguments
include_vmdisk_paths
Fetch vmdisk paths

AOS | Acropolis Command-Line Interface (aCLI) | 10

Type: boolean
Default: false
include_vmdisk_sizes
Fetch vmdisk sizes (in bytes)
Type: boolean
Default: true

List all Images

<acropolis> image.list
Required arguments
None

Update an image
<acropolis> image.update [ annotation="annotation" ][ architecture="architecture"
][ image="image" ][ image_type="{raw|vhd|vmdk|vdi|iso|qcow2|vhdx}" ][ name="name" ][
product_name="product_name" ][ product_version="product_version" ]
Required arguments
None
Optional arguments
annotation
Image description
Type: string
architecture
Disk image CPU architecture
Type: image architecture
image
Image identifier
Type: image
image_type
Image type
Type: image type
name
Image name
Type: string
product_name
Name of the producer/distributor of the image
Type: string
product_version
Version string for the image
Type: string
Examples

AOS | Acropolis Command-Line Interface (aCLI) | 11

1. Update the name of an image named 'foo'.
<acropolis> image.update foo name=bar

iscsi_client

Operations

• Retrieves information about an ISCSI client : iscsi_client.get

• Lists all ISCSI clients : iscsi_client.list
• Update an ISCSI client's parameters : iscsi_client.update

Retrieves information about an ISCSI client

<acropolis> iscsi_client.get [ client_uuid_list="client_uuid_list" ][
name_list="name_list" ][ network_id_list="network_id_list" ]
Required arguments
None
Optional arguments
client_uuid_list
Comma-delimited list of iscsi initiator client uuids
Type: List of iSCSI clients
name_list
Comma-delimited list of iscsi initiator names (IQNs)
Type: List of iSCSI clients
network_id_list
Comma-delimited list of iscsi initiator network identifiers
Type: List of iSCSI clients

Lists all ISCSI clients

<acropolis> iscsi_client.list
Required arguments
None

Update an ISCSI client's parameters

<acropolis> iscsi_client.update [ client_secret="client_secret" ][
client_uuid="client_uuid" ][ name="name" ][ network_id="network_id" ]
Required arguments
None
Optional arguments
client_secret
Client secret to be used in CHAP authentication
Type: string
client_uuid
iscsi client UUID

AOS | Acropolis Command-Line Interface (aCLI) | 12

Type: iSCSI client name or network id
name
iscsi initiator name (IQNs)
Type: iSCSI client name or network id
network_id
iscsi initiator network identifier
Type: iSCSI client name or network id

net

Operations

• Add a DHCP pool to a managed network : net.add_dhcp_pool

• Blacklists IP addresses for a managed network : net.add_to_ip_blacklist
• Clear the DHCP DNS configuration for a managed network : net.clear_dhcp_dns
• Clear the DHCP TFTP configuration for a managed network : net.clear_dhcp_tftp
• Clears the UVM MAC address prefix configuration : net.clear_mac_prefix
• Clears the network function chain for this network : net.clear_network_function_chain
• Clears the config for VPC east-west traffic : net.clear_vpc_east_west_traffic_config
• Creates a new virtual network for VMs : net.create
• Creates a traffic mirror configuration : net.create_traffic_mirror
• Creates a Virtual Switch : net.create_virtual_switch
• Deletes a network : net.delete
• Delete a DHCP pool from a managed network : net.delete_dhcp_pool
• Removes IP addresses from a managed network's blacklist : net.delete_from_ip_blacklist
• Deletes a traffic mirror session : net.delete_traffic_mirror
• Deletes a virtual switch : net.delete_virtual_switch
• Disable virtual switch (delete all virtual switches) : net.disable_virtual_switch
• Retrieves information about a network : net.get
• Retrieves information about a specific host NIC : net.get_host_nic
• Gets the UVM MAC address prefix configuration : net.get_mac_prefix
• Retrieves information about a traffic mirror session configuration and statistics :
net.get_traffic_mirror

• Retrieves information about a specific virtual switch configuration : net.get_virtual_switch

• Retrieves the VLAN discovery configuration : net.get_vlan_discovery_config
• Lists all networks : net.list
• Lists all physical NICs of a host : net.list_host_nic
• List blacklisted IPs for a managed network : net.list_ip_blacklist

AOS | Acropolis Command-Line Interface (aCLI) | 13

• Lists all traffic mirror sessions : net.list_traffic_mirror
• Lists all virtual switch configurations : net.list_virtual_switch
• Lists VMs configured on the network : net.list_vms
• Migrates an OVS bridge to Virtual Switch : net.migrate_br_to_virtual_switch
• Configure the UVM MAC OUI prefix for the cluster : net.set_mac_prefix
• Sets the config for VPC east-west traffic : net.set_vpc_east_west_traffic_config
• Updates network metadata : net.update
• Configure the DHCP DNS configuration for a managed network : net.update_dhcp_dns
• Configure the DHCP TFTP configuration for a managed network : net.update_dhcp_tftp
• Sets the network function chain for this network : net.update_network_function_chain
• Updates a traffic mirror session : net.update_traffic_mirror
• Updates a Virtual Switch configuration : net.update_virtual_switch
• Updates the config for VPC east-west traffic : net.update_vpc_east_west_traffic_config

Add a DHCP pool to a managed network

A managed network may have zero or more non-overlapping DHCP pools. Each pool must be entirely
contained within the network's managed subnet. In the absence of a DHCP pool, the user must specify
an IPv4 address when creating a virtual network adapter (see vm.nic_create). If the managed network
has a DHCP pool, the user need not provide an address; the NIC will automatically be assigned an IPv4
address from one of the pools at creation time, provided at least one address is available. Addresses in the
DHCP pool are not reserved. That is, a user may manually specify an address belonging to the pool when
creating a virtual adapter.
<acropolis> net.add_dhcp_pool network [ end="end" ][ start="start" ]
Required arguments
network
Network identifier
Type: network
Optional arguments
end
Last IPv4 address
Type: IPv4 address
start
First IPv4 address
Type: IPv4 address
Examples
1. Auto-assign addresses from the inclusive range 192.168.1.16 - 192.168.1.32.
<acropolis> net.add_dhcp_pool vlan.16 start=192.168.1.16 end=192.168.1.32

Blacklists IP addresses for a managed network

A blacklisted IP address can not be assigned to a VM network adapter. This property may be useful for
avoiding conflicts between VMs and other hosts on the physical network.

AOS | Acropolis Command-Line Interface (aCLI) | 14

<acropolis> net.add_to_ip_blacklist network [ cookie="cookie" ][ ip_list="ip_list" ][
num_ip_addresses="num_ip_addresses" ]
Required arguments
network
Network identifier
Type: network
Optional arguments
cookie
Opaque data
Type: string
ip_list
Comma-delimited list of IP addresses
Type: list of IPv4 addresses
num_ip_addresses
Number of IP addresses to reserve
Type: int

Clears the UVM MAC address prefix configuration

Note that the MAC prefix may not be cleared while VM vNICs are still configured with the configured prefix.
To determine which VMs have vNICs with the prefix, use net.list_vms.
<acropolis> net.clear_mac_prefix
Required arguments
None

AOS | Acropolis Command-Line Interface (aCLI) | 15

Clears the network function chain for this network
<acropolis> net.clear_network_function_chain network
Required arguments
network
Network identifier
Type: network

Clears the config for VPC east-west traffic

<acropolis> net.clear_vpc_east_west_traffic_config
Required arguments
None

Creates a new virtual network for VMs

Each VM network interface is bound to a virtual network (see vm.nic_create). While a virtual network is
in use by a VM, it cannot be modified or deleted. Currently, the only supported L2 type is VLAN. Each
virtual network is bound to a single VLAN, and trunking VLANs to a virtual network is not supported. A
virtual network on VLAN 66 would be named "vlan.66". Each virtual network maps to a virtual switch in the
cluster. Virtual switch is a collection of AHV nodes and set of uplink ports on those nodes, which provide
external connectivity to the same physical network. Internally, it's mapped to an OVS bridge on the nodes
in the cluster, such as br0, br1, etc. The option 'virtual_switch' can be used to map a virtual network to
a particular virtual switch in the cluster. If this option is not specified, the virtual network will map to the
default virtual switch. User can still use the option 'vswitch_name' to map a virtual network to a particular
OVS bridge directly, but this is deprecated and not recommended. When using this option, the user is
responsible for ensuring that the specified OVS bridge exists on all hosts, and that the physical switch
ports for the bridge uplinks are uniformly and correctly configured to receive the VLAN-tagged traffic. On
hypervisors where it is supported, a virtual network may have an IPv4 configuration. Such a network is
a "managed" network. A network without an IPv4 configuration is an "unmanaged" network. A network
must be configured as "managed" or "unmanaged" at creation time. It is not possible to convert one to
the other. A particular L2 (i.e., a particular VLAN) may have at most one managed network defined at
a time. To create a managed network, the user specifies the "ip_config" keyword. This consists of an
IPv4 default gateway address and subnet in CIDR notation. The user may optionally specify a DHCP
server address, to avoid conflict with other services on the network. By default, the last available host
address in the subnet is used. Optionally mtu can be specified as part of network create if mtu other
than default (1500) is required. Every virtual NIC on a managed network must be assigned an IPv4
address at NIC creation time. All DHCP traffic on the network will be rerouted to an internal DHCP server,
who hands out configured IPv4 addresses. DHCP traffic on the physical network will not reach the
virtual network, and vice versa. In case of cloud cluster you must specify only ip_config. VLAN id should
not be specified on cloud clusters. For more about managed networks, see the following commands:
net.add_dhcp_pool net.add_to_ip_blacklist net.clear_dhcp_dns net.clear_dhcp_tftp net.delete_dhcp_pool
net.delete_from_ip_blacklist net.list_ip_blacklist net.update_dhcp_dns net.update_dhcp_tftp
<acropolis> net.create name [ annotation="annotation" ][ dhcp_address="dhcp_address"
][ ip_config="ip_config" ][ mtu="mtu" ][ virtual_switch="virtual_switch" ][ vlan="vlan" ][
vswitch_name="vswitch_name" ]
Required arguments
name
Network name
Type: string
Optional arguments
annotation
Annotation string

AOS | Acropolis Command-Line Interface (aCLI) | 16

Type: string
dhcp_address
DHCP server address (for managed networks)
Type: IPv4 address
ip_config
IP configuration in CIDR notation ("default_gateway/prefix")
Type: string
mtu
MTU setting
Type: int
virtual_switch
Virtual Switch name
Type: string
vlan
VLAN ID
Type: int
vswitch_name
OVS bridge name. This option is deprecated, please use virtual_switch option
Type: string
Examples
1. Create an unmanaged network on VLAN 66.
<acropolis> net.create mynet vlan=66

2. Create an unmanaged network on VLAN 66 with MTU 9000.

<acropolis> net.create mynet vlan=66 mtu=9000

3. Create a managed network on VLAN 99, bound to virtual switch br1.IPv4 range is 10.1.1.0 - 10.1.1.255,
the default gateway is 10.1.1.1, and the DHCP server is 10.1.1.254
<acropolis> net.create mynet vlan=99 virtual_switch=vs1 ip_config=10.1.1.1/24

4. Create an untagged managed network. The managed IPv4 range is 192.168.0.0 - 192.168.3.255, and
the default gateway is 192.168.5.254. In this example, the DHCP server will be automatically configured
as 192.168.5.253 to avoid collision with the default gateway.
<acropolis> net.create mynet vlan=0 ip_config=192.168.5.254/22

5. Create a cloud network.

<acropolis> net.create mynet ip_config=10.192.20.0/24

Creates a traffic mirror configuration

<acropolis> net.create_traffic_mirror name [ description="description" ][
dest_list="dest_list" ][ source_list="source_list" ][ virtual_switch="virtual_switch" ]
Required arguments
name
Traffic mirror name
Type: string

AOS | Acropolis Command-Line Interface (aCLI) | 17

Optional arguments
description
Description of traffic mirror
Type: string
dest_list
List of destination ports, in the format of [port1_config;port2_config],
each port configuration in the format of {uuid=host_uuid/
vm_uuid,type=kVmNic,identifier=host_nic_name/vnic_mac_addr}
Type: List of SPAN source/dest ports
source_list
List of source ports, in the format of [port1_config;port2_config], each port configuration in
the format of {uuid=host_uuid/vm_uuid,type=kHostNic/kVmNic,identifier=host_nic_name/
vnic_mac_addr,direction=kIngress/kEgress/kBiDir}
Type: List of SPAN source/dest ports
virtual_switch
Virtual switch to associate a SPAN session with.
Type: Virtual Switch Name
Examples
1. Create a traffic mirror session with one host NIC as source and one vNIC as destination
<acropolis> net.create_traffic_mirror traffic-mirror-example
source_list=[{uuid=host_uuid,type=kHostNic,identifier=eth1,direction=kBiDir}]
dest_list=[{uuid=vm_uuid,type=kVmNic,identifier=vnic_mac_addr}]

2. Create a traffic mirror session with one VM vNIC as source and one VM vNIC as destination and virtual
switch vs0
<acropolis> net.create_traffic_mirror traffic-mirror-example
source_list=[{uuid=host_uuid,type=kVmNic,identifier=11:22:33:44:55:66,direction=kBiDir}]
dest_list=[{uuid=vm_uuid, type=kVmNic,identifier=vnic_mac_addr}] virtual_switch=vs0

Creates a Virtual Switch

<acropolis> net.create_virtual_switch vs_name [ bond_type="bond_type" ][
cluster="cluster" ][ description="description" ][ enable_igmp_querier="{ true | false }"
][ enable_igmp_snooping="{ true | false }" ][ gateway_ip_address="gateway_ip_address" ][
host_ip_addr_config="host_ip_addr_config" ][ host_uplink_config="host_uplink_config"
][ igmp_snooping_timeout="igmp_snooping_timeout" ][ lacp_fallback="{ true | false }" ][
lacp_timeout="lacp_timeout" ][ mtu="mtu" ]
Required arguments
vs_name
Virtual switch name
Type: string
Optional arguments
bond_type
Type of uplink bond
Type: NIC Team policy
cluster
UUID of cluster (optional)

AOS | Acropolis Command-Line Interface (aCLI) | 18

Type: string
description
Description of virtual switch
Type: string
enable_igmp_querier
Whether to enable IGMP querier on this virtual switch, default is false
Type: boolean
enable_igmp_snooping
Whether to enable IGMP snooping on this virtual switch, default is false
Type: boolean
gateway_ip_address
Gateway IPv4 address configuration
Type: IPv4 address
host_ip_addr_config
Map of host to IPv4 address mappings, in the format of {host1-
uuid:host1_ip_address;host2-uuid:host2_ip_address} where each address is in CIDR
notation (a.b.c.d/prefix_length)
Type: List of host to IPv4 address mapping
host_uplink_config
List of host uplinks, in the format of {host1-uuid:[host1_uplink_port_list];host2-uuid:
[host2_uplink_port_list]}
Type: List of host uplinks
igmp_snooping_timeout
Timeout value in seconds for entries in OVS multicast DB, default is 300, and must be a
value in the range between 15 and 3600
Type: int
lacp_fallback
Whether to enable LACP fallback to active-backup on LACP negotiation failure
Type: boolean
lacp_timeout
LACP timeout value
Type: LACP timeout value
mtu
MTU of uplink interfaces, default is 1500
Type: int
Examples
1. Create virtual switch configuration on a cluster with 3 nodes, set uplink bond mode to active-backup,
mtu to 1600
<acropolis> net.create_virtual_switch vs-example mtu=1600 bond_type=kActiveBackup
host_uplink_config={host1-uuid:[eth0,eth1];host2-uuid:[eth2,eth3];host3-
uuid:[eth0,eth1,eth2,eth3]} host_ip_addr_config={host1-uuid:10.1.1.4/24;host2-
uuid:10.1.1.5/24;host3-uuid:10.1.1.6/24} gateway_ip_address=10.1.1.1

AOS | Acropolis Command-Line Interface (aCLI) | 19

2. Create virtual switch configuration on a cluster with 3 nodes, set uplink bond mode to use LACP, and
tune LACP parameters
<acropolis> net.create_virtual_switch vs-example bond_type=kBalanceTcp
lacp_fallback=true lacp_timeout=kSlow host_uplink_config={host1-uuid:
[eth0,eth1];host2-uuid:[eth2,eth3];host3-uuid:[eth0,eth1,eth2,eth3]}
host_ip_addr_config={host1-uuid:10.1.1.4/24;host2-uuid:10.1.1.5/24;host3-
uuid:10.1.1.6/24} gateway_ip_address=10.1.1.1

3. Create virtual switch configuration on a cluster with 3 nodes, use single uplink on node 1, and no uplink
on remained nodes, explicitly specify the cluster UUID
<acropolis> net.create_virtual_switch vs-example mtu=1500 bond_type=kNoBond
cluster=cluster_uuid host_uplink_config={host1-uuid:[eth0];host2-uuid:[];host3-uuid:
[]}

4. Create virtual switch configuration on a cluster with 3 nodes, no uplink used on any node, enable IGMP
snooping and querier, set snooping timeout to 500 second
<acropolis> net.create_virtual_switch vs-example bond_type=kNoBond
host_uplink_config={host1-uuid:[];host2-uuid:[];host3-uuid:[]}
enable_igmp_snooping=true enable_igmp_querier=true igmp_snooping_timeout=500

Deletes a network
Note that a network may not be deleted while VMs are still attached to it. To determine which VMs are on a
network, use net.list_vms.
<acropolis> net.delete network
Required arguments
network
Network identifier
Type: network

Removes IP addresses from a managed network's blacklist

<acropolis> net.delete_from_ip_blacklist network [ cookie="cookie" ][
ip_list="ip_list" ]
Required arguments
network
Network identifier
Type: network

AOS | Acropolis Command-Line Interface (aCLI) | 20

Optional arguments
cookie
Opaque data
Type: string
ip_list
Comma-delimited list of IP addresses
Type: list of IPv4 addresses

Deletes a traffic mirror session

<acropolis> net.delete_traffic_mirror traffic_mirror
Required arguments
traffic_mirror
Traffic mirror session identifier
Type: SPAN Session Name

Deletes a virtual switch

<acropolis> net.delete_virtual_switch virtual_switch
Required arguments
virtual_switch
Virtual switch identifier
Type: Virtual Switch Name

Disable virtual switch (delete all virtual switches)

<acropolis> net.disable_virtual_switch
Required arguments
None

Retrieves information about a network

<acropolis> net.get network_list
Required arguments
network_list
Network identifier
Type: list of networks

Retrieves information about a specific host NIC

<acropolis> net.get_host_nic host host_nic_name_list
Required arguments
host
Host UUID
Type: host
host_nic_name_list
List of host NIC names.
Type: list of strings

AOS | Acropolis Command-Line Interface (aCLI) | 21

Gets the UVM MAC address prefix configuration
<acropolis> net.get_mac_prefix
Required arguments
None

Retrieves information about a traffic mirror session configuration and statistics

<acropolis> net.get_traffic_mirror traffic_mirror_name_list
Required arguments
traffic_mirror_name_list
List of traffic mirror names.
Type: list of SPAN Session Names

Retrieves information about a specific virtual switch configuration

<acropolis> net.get_virtual_switch virtual_switch_name_list
Required arguments
virtual_switch_name_list
List of virtual switch names.
Type: list of Virtual Switch Names

Retrieves the VLAN discovery configuration

<acropolis> net.get_vlan_discovery_config
Required arguments
None

Lists all networks

<acropolis> net.list
Required arguments
None

Lists all physical NICs of a host

<acropolis> net.list_host_nic host
Required arguments
host
Host UUID
Type: host

AOS | Acropolis Command-Line Interface (aCLI) | 22

Lists all traffic mirror sessions
<acropolis> net.list_traffic_mirror
Required arguments
None

Lists all virtual switch configurations

<acropolis> net.list_virtual_switch
Required arguments
None

Lists VMs configured on the network

<acropolis> net.list_vms network
Required arguments
network
Network identifier
Type: network

Migrates an OVS bridge to Virtual Switch

<acropolis> net.migrate_br_to_virtual_switch bridge [ cluster="cluster" ][
description="description" ][ vs_name="vs_name" ]
Required arguments
bridge
OVS bridge name
Type: string
Optional arguments
cluster
UUID of cluster (optional)
Type: string
description
Description of virtual switch
Type: string
vs_name
Name of virtual switch
Type: string
Examples
1. Migrate br1 to virtual switch vs1. To make this work, br1 needs to exist on every node of this cluster,
except storage-only nodes, and its configuration on every node needs to be consistent.
<acropolis> net.migrate_br_to_virtual_switch br1 vs_name=vs1

Configure the UVM MAC OUI prefix for the cluster

<acropolis> net.set_mac_prefix mac_prefix
Required arguments
mac_prefix
MAC address prefix (OUI) in xx:xx:xx hexadecimal notation

AOS | Acropolis Command-Line Interface (aCLI) | 23

Type: MAC address prefix

Sets the config for VPC east-west traffic

<acropolis> net.set_vpc_east_west_traffic_config [ permit_all_traffic="{ true |
false }" ][ virtual_switch="virtual_switch" ]
Required arguments
None
Optional arguments
permit_all_traffic
Whether to permit all traffic to the bridge of chosen virtual switch or only the geneve traffic,
ICMP and the Openflow connections
Type: boolean
virtual_switch
Virtual switch name
Type: string

Configure the DHCP DNS configuration for a managed network

This command is used to configure the DNS information that the DHCP server includes in its responses
to clients on the virtual network. In particular, it is used to configure a list of DNS server IP addresses, and
domain search paths. The DHCP server's DNS configuration may be modified while VMs are connected to
the network. However, the DHCP server hands out infinite leases, so clients will need to manually renew to
pick up the new settings.
<acropolis> net.update_dhcp_dns network [ domains="domains" ][ servers="servers" ]
Required arguments
network
Network identifier
Type: network

AOS | Acropolis Command-Line Interface (aCLI) | 24

Optional arguments
domains
Comma-delimited list of search domains
Type: list of DNS domains
servers
Comma-delimited list of DNS server IP addresses
Type: list of IPv4 addresses
Examples
1. Configure DNS servers and search domains.
<acropolis> net.update_dhcp_dns vlan.123 servers=10.1.1.1,10.1.1.2
domains=eng.nutanix.com,corp.nutanix.com

Configure the DHCP TFTP configuration for a managed network

This command is used to configure the TFTP information that the DHCP server includes in its responses
to clients on the virtual network. In particular, it is used to configure the TFTP server name (option 66)
and boot file name (option 67). The DHCP server's TFTP configuration may be modified while VMs are
connected to the network. However, the TFTP server hands out infinite leases, so clients will need to
manually renew to pick up the new settings.
<acropolis> net.update_dhcp_tftp network [ bootfile_name="bootfile_name" ][
server_name="server_name" ]
Required arguments
network
Network identifier
Type: network
Optional arguments
bootfile_name
Boot file name
Type: string
server_name
TFTP server name
Type: string
Examples
1. Configure TFTP server and bootfile.
<acropolis> net.update_dhcp_tftp vlan.123 server_name=10.1.1.1
bootfile_name=ARDBP32.BIN

Sets the network function chain for this network

<acropolis> net.update_network_function_chain network chain
Required arguments
network
Network identifier
Type: network
chain

AOS | Acropolis Command-Line Interface (aCLI) | 25

Network function chain identifier
Type: network function chain

Updates a traffic mirror session

<acropolis> net.update_traffic_mirror traffic_mirror [ description="description" ][
dest_list="dest_list" ][ enable="{ true | false }" ][ name="name" ][ source_list="source_list"
][ virtual_switch="virtual_switch" ]
Required arguments
traffic_mirror
Traffic mirror session identifier
Type: SPAN Session Name
Optional arguments
description
Description of traffic mirror session
Type: string
dest_list
List of destination ports, in the format of [port1_config;port2_config],
each port configuration in the format of {uuid=host_uuid/
vm_uuid,type=kVmNic,identifier=host_nic_name/vnic_mac_addr}
Type: List of SPAN source/dest ports
enable
Whether to enable or disable a traffic mirror session. Default is true.
Type: boolean
name
Traffic mirror session name
Type: string
source_list
List of source ports, in the format of [port1_config;port2_config], each port configuration
in the format of {uuid=host_uuid/vm_uuid,type=kHostNic,identifier=host_nic_name/
vnic_mac_addr,direction=kIngress/kEgress/kBiDir}
Type: List of SPAN source/dest ports
virtual_switch
Virtual switch to associate a SPAN session with.
Type: Virtual Switch Name
Examples
1. Update traffic mirror session name
<acropolis> net.update_traffic_mirror traffic-mirror-example name=traffic-mirror-demo

2. Update a traffic mirror session with one host NIC as source and one vNIC as destination and virtual
switch vs1
<acropolis> net.update_traffic_mirror traffic-mirror-example
source_list=[{uuid=host_uuid,type=kHostNic,identifier=eth1,direction=kBiDir}]
dest_list=[{uuid=vm_uuid,type=kVmNic,identifier=vnic_mac_addr}] virtual_switch=vs1

AOS | Acropolis Command-Line Interface (aCLI) | 26

3. Enable a traffic mirror session
<acropolis> net.update_traffic_mirror traffic-mirror-example enable=true

4. Disable a traffic mirror session

<acropolis> net.update_traffic_mirror traffic-mirror-example enable=false

Updates a Virtual Switch configuration

<acropolis> net.update_virtual_switch virtual_switch [
bond_type="bond_type" ][ description="description" ][
enable_igmp_querier="{ true | false }" ][ enable_igmp_snooping="{ true | false }" ][
gateway_ip_address="gateway_ip_address" ][ host_ip_addr_config="host_ip_addr_config" ][
host_uplink_config="host_uplink_config" ][ igmp_query_vlan_list="igmp_query_vlan_list"
][ igmp_snooping_timeout="igmp_snooping_timeout" ][ lacp_fallback="{ true |
false }" ][ lacp_timeout="lacp_timeout" ][ mtu="mtu" ][ quick_mode="{ true | false }" ][
vs_name="vs_name" ]
Required arguments
virtual_switch
Virtual switch identifier
Type: Virtual Switch Name
Optional arguments
bond_type
Type of uplink bond
Type: NIC Team policy
description
Description of virtual switch
Type: string
enable_igmp_querier
Whether to enable IGMP querier on this virtual switch, default is false
Type: boolean
enable_igmp_snooping
Whether to enable IGMP snooping on this virtual switch, default is false
Type: boolean
gateway_ip_address
Gateway IPv4 address configuration
Type: IPv4 address
host_ip_addr_config
Map of host to IPv4 address mappings, in the format of {host1-uuid:host1_ip_address;
host2-uuid:host2_ip_address} where each address is in CIDR notation (a.b.c.d/
prefix_length)
Type: List of host to IPv4 address mapping
host_uplink_config
List of host uplinks, in the format of {host1-uuid:[host1_uplink_port_list];host2-uuid:
[host2_uplink_port_list]}
Type: List of host uplinks

AOS | Acropolis Command-Line Interface (aCLI) | 27

igmp_query_vlan_list
List of VLAN IDs mapped to the virtual switch for which IGMP querier is enabled. When it's
not set or set as an empty list, querier is enabled for all VLANs of the virtual switch.
Type: list of VLAN ID
igmp_snooping_timeout
Timeout value in seconds for entries in OVS multicast DB, default is 300, and must be a
value in the range between 15 and 3600
Type: int
lacp_fallback
Whether to enable LACP fallback to active-backup on LACP negotiation failure
Type: boolean
lacp_timeout
LACP timeout value
Type: LACP timeout value
mtu
MTU of uplink interfaces, default is 1500
Type: int
quick_mode
With quick mode, hosts are not put into maintenance mode during OVS configuration
changes
Type: boolean
vs_name
Virtual switch name
Type: string
Examples
1. Update name and uplink mtu of virtual switch vs1
<acropolis> net.update_virtual_switch vs1 vs_name=new-name mtu=1600

2. Update bond type of virtual switch vs1 from active-backup to balance-tcp, without changing uplink ports
<acropolis> net.update_virtual_switch vs1 bond_type=kBalanceTcp

3. Update LACP parameters of virtual switch vs1, only valid when bond type is balance-tcp
<acropolis> net.update_virtual_switch vs1 lacp_fallback=true lacp_timeout=kSlow

4. Update uplink of virtual switch vs1, change uplink on host1

<acropolis> net.update_virtual_switch vs1 host_uplink_config={host1-uuid:[eth2,eth3]}

5. Update uplink of virtual switch vs1, remove all uplinks, and hosts are not put into maintenance mode
during this change
<acropolis> net.update_virtual_switch vs1 bond_type=kNoBond
host_uplink_config={host1-uuid:[];host2-uuid:[];host3-uuid:[]} quick_mode=true

6. Enable IGMP snooping and querier on virtual switch vs1, set snooping timeout to 500 second, send
querier in VLAN 100 & 200
<acropolis> net.update_virtual_switch vs1 enable_igmp_snooping=true
enable_igmp_querier=true igmp_snooping_timeout=500 igmp_query_vlan_list=[100,200]

AOS | Acropolis Command-Line Interface (aCLI) | 28

7. Update IPv4 addresses for the hosts and gateway IPv4 address on virtual switch vs1
<acropolis> net.update_virtual_switch vs1 host_ip_addr_config={host1-
uuid:10.1.1.4/24;host2-uuid:10.1.1.5/24;host3-uuid:10.1.1.6/24}
gateway_ip_address=10.1.1.1

Updates the config for VPC east-west traffic

<acropolis> net.update_vpc_east_west_traffic_config [ permit_all_traffic="{ true |
false }" ][ virtual_switch="virtual_switch" ]
Required arguments
None
Optional arguments
permit_all_traffic
Whether to permit all traffic to the bridge of chosen virtual switch or only the geneve traffic,
ICMP and the Openflow connections
Type: boolean
virtual_switch
Virtual switch name
Type: string

Operations

• Gets specific network function chains : nf.chain_get

• Lists all network function chains : nf.chain_list

Gets specific network function chains

<acropolis> nf.chain_get chains
Required arguments
chains
Network function chain
Type: list of network function chains

Lists all network function chains

<acropolis> nf.chain_list
Required arguments
None

parcel

Operations

• Retrieves information about a parcel : parcel.get

• List all Parcels : parcel.list

AOS | Acropolis Command-Line Interface (aCLI) | 29

Retrieves information about a parcel
<acropolis> parcel.get parcel_list
Required arguments
parcel_list
Parcel identifiers
Type: list of parcels

List all Parcels

<acropolis> parcel.list
Required arguments
None

snapshot

Operations

• Deletes one or more snapshots : snapshot.delete

• Retrieves information about a snapshot : snapshot.get
• Lists all snapshots : snapshot.list

Deletes one or more snapshots

<acropolis> snapshot.delete snapshot_list
Required arguments
snapshot_list
Comma-delimited list of snapshot identifiers
Type: list of snapshots

Retrieves information about a snapshot

<acropolis> snapshot.get snapshot_list
Required arguments
snapshot_list
Snapshot identifier
Type: list of snapshots

Lists all snapshots

<acropolis> snapshot.list
Required arguments
None

Operations

• Allow volume group to be accessed from an iSCSI intiator : vg.attach_external

• Attach a VG to the specified VM : vg.attach_to_vm

AOS | Acropolis Command-Line Interface (aCLI) | 30

• Clone Volume Group : vg.clone
• Create one or more VGs : vg.create
• Delete one or more VGs : vg.delete
• Stop allowing volume group to be accessed from an iSCSI intiator : vg.detach_external
• Detach a VG from a VM : vg.detach_from_vm
• Add a disk to a VG : vg.disk_create
• Remove a disk from a VG : vg.disk_delete
• Update the properties or replace the volume group disk : vg.disk_update
• Retrieve information about a VG : vg.get
• List all VGs : vg.list
• Update the VGs : vg.update
• Update the iSCSI initiator properties for a VG : vg.update_external

Allow volume group to be accessed from an iSCSI intiator

<acropolis> vg.attach_external vg [ initiator_name="initiator_name" ][
initiator_network_id="initiator_network_id" ]
Required arguments
vg
VG identifier
Type: volume group
Optional arguments
initiator_name
Name of iSCSI initiator as a valid IQN
Type: iSCSI IQN
initiator_network_id
Network identifier of iSCSI initiator as a valid IPv4 address
Type: string
Examples
1. Attach an iSCSI client identified by name, iqn.1994-05.com.redhat:71eef92fe6c, to the VG, vg1,:
<acropolis> vg.attach_external vg1.attach_external
initiator_name=iqn.1994-05.com.redhat:71eef92fe6c

2. Attach an iSCSI client identified by network id, 10.1.1.1, to the VG, vg2,:
<acropolis> vg.attach_external vg2.attach_external initiator_network_id=10.1.1.1

Attach a VG to the specified VM

<acropolis> vg.attach_to_vm vg vm [ index="index" ]
Required arguments
vg
VG identifier
Type: volume group

AOS | Acropolis Command-Line Interface (aCLI) | 31

vm
VM identifier
Type: VM
Optional arguments
index
Device index on the scsi bus
Type: int

Clone Volume Group

The source volume group must be specified through the 'clone_from_vg' argument. If the ISCSI target
names for the clones are not specified through the 'iscsi_target_prefix_list' argument, then default values
will be used.
<acropolis> vg.clone name_list [ clone_from_vg="clone_from_vg" ][
created_by="created_by" ][ iscsi_target_prefix_list="iscsi_target_prefix_list" ][
load_balance_vm_attachments="{ true | false }" ][ target_secret_list="target_secret_list" ]
Required arguments
name_list
Comma-delimited list of VG names
Type: list of strings with expansion wildcards
Optional arguments
clone_from_vg
VG from which to clone
Type: volume group
created_by
Service/user who created these VGs
Type: string
iscsi_target_prefix_list
Comma-delimited list of iscsi target prefixes for each of the VGs
Type: list of strings
load_balance_vm_attachments
Whether to enable/disable VG load balance VM attachments
Type: boolean
target_secret_list
Comma delimited CHAP secrets associated with each of the VGs. To delete the secret, set
target_secret="" using vg.update
Type: list of strings
Examples
1. Clone two VGs vg1 and vg2 with iscsi targets vgt1 and vgt2 from source-vg
<acropolis> vg.clone vg1,vg2 clone_from_vg=source-vg
iscsi_target_prefix_list=vgt1,vgt2

2. Clone two VGs vg1 and vg2 with target_secrets vg1_target_secret and vg2_target_secret
<acropolis> vg.clone vg1,vg2 clone_from_vg=source-vg
target_secret_list=vg1_target_secret,vg2_target_secret

AOS | Acropolis Command-Line Interface (aCLI) | 32

3. Clone VG vg2 from vg1 with load_balance_vm_attachments set
<acropolis> vg.clone vg.clone vg2 clone_from_vg=vg1 load_balance_vm_attachments=True

Create one or more VGs

<acropolis> vg.create name_list [ annotation="annotation" ][
created_by="created_by" ][ flash_mode="{ true | false }" ][ is_hidden="{ true
| false }" ][ iscsi_target_prefix_list="iscsi_target_prefix_list" ][
load_balance_vm_attachments="{ true | false }" ][ shared="{ true | false }" ][
target_secret_list="target_secret_list" ][ usage_type="usage_type" ]
Required arguments
name_list
Comma-delimited list of VG names
Type: list of strings with expansion wildcards
Optional arguments
annotation
Annotation string
Type: string
created_by
Service/user who created these VGs
Type: string
flash_mode
Whether to enable/disable flash mode
Type: boolean
is_hidden
Whether the VG is meant to be hidden or not
Type: boolean
iscsi_target_prefix_list
Comma-delimited list of iscsi target prefixes for each of the VGs
Type: list of strings
load_balance_vm_attachments
Whether to enable/disable VG load balance VM attachments
Type: boolean
shared
Allow VG to be attached to multiple VMs simultaneously?
Type: boolean
target_secret_list
Comma delimited CHAP secrets associated with each of the VGs. To delete the secret, set
target_secret="" using vg.update
Type: list of strings
usage_type
Expected usage type for the VG
Type: usage type

AOS | Acropolis Command-Line Interface (aCLI) | 33

Delete one or more VGs
<acropolis> vg.delete vg_list
Required arguments
vg_list
Comma-delimited VG identifiers
Type: list of volume groups

Stop allowing volume group to be accessed from an iSCSI intiator

<acropolis> vg.detach_external vg [ initiator_name="initiator_name" ][
initiator_network_id="initiator_network_id" ]
Required arguments
vg
VG identifier
Type: volume group
Optional arguments
initiator_name
Name of iSCSI initiator as a valid IQN
Type: VG external initiator name
initiator_network_id
Network identifier of iSCSI initiator as a valid IPv4 address
Type: VG external initiator name

Detach a VG from a VM
<acropolis> vg.detach_from_vm vg vm
Required arguments
vg
VG identifier
Type: volume group
vm
VM identifier
Type: VM attached to VG

Add a disk to a VG
Exactly one of the following options is required: clone_from_adsf_file, clone_from_vmdisk, create_size.
Disk sizes must be specified with a multiplicative suffix. The size will be rounded up to the nearest sector
size. The following suffixes are valid: c(Bytes)=1, s(Sectors)=512, k(Kilobyte)=1000, K(Kibibyte)=1024,
m(Megabyte)=1e6, M(Mibibyte)=2^20, g(Gigabyte)=1e9, G(Gibibyte)=2^30, t(Terabyte)=1e12,
T(Tibibyte)=2^40. If the disk image is cloned from an existing vmdisk or ADSF file, the user may specify a
minimum size for the resulting clone. This can be used to expand a disk image at clone time.
<acropolis> vg.disk_create vg [ annotation="annotation" ][
clone_from_adsf_file="clone_from_adsf_file" ][ clone_from_vmdisk="clone_from_vmdisk" ][
clone_min_size="clone_min_size" ][ container="container" ][ create_size="create_size" ][
index="index" ]
Required arguments
vg
VG identifier

AOS | Acropolis Command-Line Interface (aCLI) | 34

Type: volume group
Optional arguments
annotation
Annotation string
Type: string
clone_from_adsf_file
Path to an ADSF file
Type: ADSF path
clone_from_vmdisk
A vmdisk UUID
Type: VM disk
clone_min_size
Minimum size of the resulting clone (only applies to cloned disks)
Type: size with cskKmMgGtT suffix
container
Storage Container (only applies to newly-created disks)
Type: container
create_size
Size of new disk
Type: size with cskKmMgGtT suffix
index
Device index on bus
Type: int
Examples
1. Create a blank 5GiB disk on ctr, and add it to my_vg at index 3
<acropolis> vg.disk_create my_vg create_size=5G container=ctr index=3

2. Clone a disk from the ADSF file /ctr/plan9.iso, and add it to a volume group my_vg
<acropolis> vg.disk_create my_vg clone_from_adsf_file=/ctr/plan9.iso

3. Clone a disk from the existing vmdisk, and add it to the first open slot
<acropolis> vg.disk_create my_vg clone_from_vmdisk=0b4fc60b-
cc56-41c6-911e-67cc8406d096

Remove a disk from a VG

<acropolis> vg.disk_delete vg index
Required arguments
vg
VG identifier
Type: volume group
index
Disk index

AOS | Acropolis Command-Line Interface (aCLI) | 35

Type: VG disk index

Update the properties or replace the volume group disk

Exactly one of the following options is required: clone_from_adsf_file, clone_from_image,
clone_from_vmdisk, create_size, flash_mode, new_size. Flash mode and new_size updates will be done
on the existing disk. For other options, the existing disk is deleted and replaced by an existing image, file or
a vDisk.
<acropolis> vg.disk_update vg index [ annotation="annotation" ][
clone_from_adsf_file="clone_from_adsf_file" ][ clone_from_image="clone_from_image"
][ clone_from_vmdisk="clone_from_vmdisk" ][ clone_min_size="clone_min_size" ][
container="container" ][ create_size="create_size" ][ flash_mode="{ true | false }" ][
new_annotation="new_annotation" ][ new_size="new_size" ]
Required arguments
vg
VG identifier
Type: volume group
index
Disk index
Type: VG disk index
Optional arguments
annotation
Annotation string
Type: string
clone_from_adsf_file
Path to an ADSF file
Type: ADSF path
clone_from_image
An image name/UUID
Type: image
clone_from_vmdisk
A vmdisk UUID
Type: VM disk
clone_min_size
Minimum size of the resulting clone(only applies to cloned disks)
Type: size with cskKmMgGtT suffix
container
Storage Container (only applies to newly-created disks)
Type: container
create_size
Size of new disk
Type: size with cskKmMgGtT suffix
flash_mode
Enable/Disable flash mode on this disk

AOS | Acropolis Command-Line Interface (aCLI) | 36

Type: boolean
new_annotation
New Annotation string
Type: string
new_size
New size for the existing disk
Type: size with cskKmMgGtT suffix
Examples
1. Replace the disk at index 0 with blank 5GiB disk on ctr.
<acropolis> vg.disk_update my_vg 0 create_size=5G container=ctr

2. Replace the disk at index 0 with blank 5GiB disk on ctr with annotation.
<acropolis> vg.disk_update my_vg 0 create_size=5G container=ctr annotation=foo

3. Replace the disk at index 0 with a clone of /ctr/plan9.iso.

<acropolis> vg.disk_update my_vg 0 clone_from_adsf_file=/ctr/plan9.iso

4. Replace the disk at index 0 with a clone of the existing vmdisk.

<acropolis> vg.disk_update my_vg 0 clone_from_vmdisk=0b4fc60b-
cc56-41c6-911e-67cc8406d096

5. Update the size of disk at index 0 to 5GiB.

<acropolis> vg.disk_update my_vg 0 new_size=5G

6. Disable flash mode for disk at index 0.

<acropolis> vg.disk_update my_vg 0 flash_mode=false

7. Update annotation string for disk at index 0.

<acropolis> vg.disk_update my_vg 0 new_annotation="Updated annotation"

Retrieve information about a VG

<acropolis> vg.get vg_list [ include_vmdisk_paths="{ true | false }" ][
include_vmdisk_sizes="{ true | false }" ]
Required arguments
vg_list
VG identifier
Type: list of volume groups
Optional arguments
include_vmdisk_paths
Fetch disk paths
Type: boolean
Default: false
include_vmdisk_sizes
Fetch disk sizes (in bytes)
Type: boolean
Default: true

AOS | Acropolis Command-Line Interface (aCLI) | 37

List all VGs
<acropolis> vg.list
Required arguments
None

Update the VGs

<acropolis> vg.update vg_list [ annotation="annotation" ][
cbr_not_capable_reason="cbr_not_capable_reason" ][ created_by="created_by" ][
flash_mode="{ true | false }" ][ iscsi_target_prefix_list="iscsi_target_prefix_list" ][
load_balance_vm_attachments="{ true | false }" ][ name="name" ][ shared="{ true | false }" ][
target_secret_list="target_secret_list" ]
Required arguments
vg_list
Comma-delimited list of VG identifiers
Type: list of volume groups
Optional arguments
annotation
Annotation string
Type: string
cbr_not_capable_reason
If set, marks the VG incapable of CBR workflows
Type: string
created_by
Service/user who created these VGs
Type: string
flash_mode
Whether to enable/disable flash mode
Type: boolean
iscsi_target_prefix_list
Comma-delimited list of iscsi target prefixes for each of the VGs
Type: list of strings
load_balance_vm_attachments
Whether to enable/disable VG load balance VM attachments
Type: boolean
name
VG name
Type: string
shared
Allow VG to be attached to multiple VMs simultaneously?
Type: boolean
target_secret_list
Comma delimited CHAP secrets associated with each of the VGs. Enter "" to delete the
secret.

AOS | Acropolis Command-Line Interface (aCLI) | 38

Type: list of strings
Examples
1. Update target_secret for VG vg1 and delete target_secret for VG vg2
<acropolis> vg.update vg1,vg2 target_secret_list=new_vg1_secret,""

Update the iSCSI initiator properties for a VG

<acropolis> vg.update_external vg [ initiator_name="initiator_name" ][
initiator_network_id="initiator_network_id" ]
Required arguments
vg
VG identifier
Type: volume group
Optional arguments
initiator_name
Name of iSCSI initiator as a valid IQN
Type: VG external initiator name
initiator_network_id
Network identifier of iSCSI initiator as a valid IPv4 address
Type: VG external initiator name

Operations

• Enable VM-host affinity : vm.affinity_set

• Unsets affinity setting of specified VMs : vm.affinity_unset
• Clones a VM : vm.clone
• Creates one or more VMs : vm.create
• Deletes one or more VMs : vm.delete
• Attaches a new disk drive to a VM : vm.disk_create
• Detaches a disk drive from a VM and deletes the underlying disk : vm.disk_delete
• Gets details about the disks attached to a VM : vm.disk_get
• Lists the disks attached to a VM : vm.disk_list
• Updates the backing for the specified disk drive : vm.disk_update
• Retrieves information about a VM : vm.get
• Attaches a new GPU to a VM : vm.gpu_assign
• Detaches a GPU from a VM : vm.gpu_deassign
• Initiates a Guest level Reboot of the VMs : vm.guest_reboot
• Initiates a Guest level Shutdown of the VMs : vm.guest_shutdown
• Lists all VMs : vm.list

AOS | Acropolis Command-Line Interface (aCLI) | 39

• Live migrates a VM to another host : vm.migrate
• Clear the network function chain for this NIC : vm.nic_clear_network_function_chain
• Attaches a network adapter to a VM : vm.nic_create
• Deletes a NIC from a VM : vm.nic_delete
• Gets details about the NICs attached to a VM : vm.nic_get
• Lists the NICs attached to a VM : vm.nic_list
• Updates a network adapter, specified by the MAC address, on a VM : vm.nic_update
• Updates the network function chain for this NIC : vm.nic_update_network_function_chain
• Powers off the specified VMs : vm.off
• Powers on the specified VMs : vm.on
• Power cycles the specified VMs : vm.power_cycle
• Initiates a reboot by issuing an ACPI event : vm.reboot
• Resets the specified VMs : vm.reset
• Restores a VM to a snapshotted state : vm.restore
• Attaches a new serial port to a VM : vm.serial_port_create
• Detaches a serial port from a VM : vm.serial_port_delete
• Initiates a shutdown by issuing an ACPI event : vm.shutdown
• Creates one or more snapshots in a single consistency group : vm.snapshot_create
• Prints the graph representation of the snapshot history for a VM : vm.snapshot_get_tree
• Gets a list of all snapshots associated with a VM : vm.snapshot_list
• Updates the specified VMs : vm.update
• Updates a VM's boot device : vm.update_boot_device
• Updates storage container of all disks of the VM or just the specified disks : vm.update_container

Enable VM-host affinity

<acropolis> vm.affinity_set vm_list [ host_list="host_list" ]
Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs
Optional arguments
host_list
Host list
Type: list of hosts

Unsets affinity setting of specified VMs

This will unset a VM affinity configuration, including policy, constraint, and binding entities.
<acropolis> vm.affinity_unset vm_list

AOS | Acropolis Command-Line Interface (aCLI) | 40

Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs

Clones a VM
One of the 'clone_from_*' arguments must be provided. The resulting VMs will be cloned from the
specified source. When the source has one or more NICs on a managed network, the caller may optionally
provide set of initial IP addresses. The first clone will get the first IP address set for each of its NIC, and
subsequent clones will be assigned subsequent IP addresses in sequence. If memory size or CPU-related
parameters are specified, they override the values allotted to the source VM/snapshot. Memory size must
be specified with a multiplicative suffix. The following suffixes are valid: M=2^20, G=2^30.
<acropolis> vm.clone name_list [ clone_affinity="{ true
| false }" ][ clone_from_snapshot="clone_from_snapshot" ][
clone_from_vm="clone_from_vm" ][ clone_ip_address="clone_ip_address"
][ memory="memory" ][ num_cores_per_vcpu="num_cores_per_vcpu" ][
num_threads_per_core="num_threads_per_core" ][ num_vcpus="num_vcpus" ]
Required arguments
name_list
Comma-delimited list of VM names
Type: list of strings with expansion wildcards
Optional arguments
clone_affinity
Clone source VM's affinity rules.
Type: boolean
clone_from_snapshot
Snapshot from which to clone
Type: snapshot
clone_from_vm
VM from which to clone
Type: VM
clone_ip_address
IP addresses to assign to clones
Type: list of IPv4 addresses
memory
Memory size
Type: size with MG suffix
num_cores_per_vcpu
Number of cores per vCPU
Type: int
num_threads_per_core
Number of threads per core
Type: int
num_vcpus

AOS | Acropolis Command-Line Interface (aCLI) | 41

Number of vCPUs
Type: int

Creates one or more VMs

Memory size must be specified with a multiplicative suffix. The following suffixes are valid: M=2^20,
G=2^30. Disabling branding will remove product and manufacturer information from the VM xml. Enabling
metrics allows host-specific metrics to be percolated to this VM.
<acropolis> vm.create name_list [ agent_vm="{ true | false }" ][ bios_uuid="bios_uuid"
][ disable_branding="{ true | false }" ][ disable_hyperv="{ true | false }" ][
enable_metrics="{ true | false }" ][ extra_flags="extra_flags" ][ flash_mode="{ true
| false }" ][ generation_uuid="generation_uuid" ][ hardware_virtualization="{ true
| false }" ][ machine_type="machine_type" ][ memory="memory" ][
memory_overcommit="{ true | false }" ][ num_cores_per_vcpu="num_cores_per_vcpu"
][ num_threads_per_core="num_threads_per_core" ][ num_vcpus="num_vcpus" ][
num_vnuma_nodes="num_vnuma_nodes" ][ nvram_container="nvram_container" ][
secure_boot="{ true | false }" ][ uefi_boot="{ true | false }" ][ vcpu_hard_pin="{ true | false }" ][
virtual_tpm="{ true | false }" ][ windows_credential_guard="{ true | false }" ]
Required arguments
name_list
Comma-delimited list of VM names
Type: list of strings with expansion wildcards
Optional arguments
agent_vm
Agent VM
Type: boolean
bios_uuid
BIOS UUID
Type: UUID
disable_branding
Disable Nutanix branding
Type: boolean
disable_hyperv
If True, then all the hyperv flags passed to a VM are disabled.
Type: boolean
enable_metrics
Enable host metrics for this VM
Type: boolean
extra_flags
Additional VM flags as key=value pairs, separated by semicolon
Type: string
flash_mode
Enable/Disable flash mode for all VM disks.
Type: boolean
generation_uuid

AOS | Acropolis Command-Line Interface (aCLI) | 42

VM Generation UUID
Type: UUID
hardware_virtualization
Virtual machine extension for hardware virtualization
Type: boolean
machine_type
Machine architecture type
Type: Machine Architecture Type
memory
Memory size
Type: size with MG suffix
Default: 1G
memory_overcommit
If True, the configured memory for the VM may reside outside of the host physical memory.
Type: boolean
num_cores_per_vcpu
Number of cores per vCPU
Type: int
num_threads_per_core
Number of threads per core
Type: int
num_vcpus
Number of vCPUs
Type: int
Default: 1
num_vnuma_nodes
Number of vNUMA nodes
Type: int
nvram_container
Container to store NVRAM disk if uefi_boot=True
Type: container
secure_boot
UVM Secure boot
Type: boolean
uefi_boot
UEFI boot
Type: boolean
vcpu_hard_pin
Enable hard pinning vcpu to pcpus
Type: boolean

AOS | Acropolis Command-Line Interface (aCLI) | 43

virtual_tpm
Enable virtual TPM device.
Type: boolean
windows_credential_guard
Windows UVM credential guard
Type: boolean

Deletes one or more VMs

If the VM is powered on, it will be powered off and then deleted.
<acropolis> vm.delete vm_list [ delete_snapshots="{ true | false }" ]
Required arguments
vm_list
Comma-delimited VM identifiers
Type: list of VMs
Optional arguments
delete_snapshots
Delete snapshots?
Type: boolean
Default: false

Attaches a new disk drive to a VM

Exactly one of the following options is required: clone_from_adsf_file, clone_from_vmdisk, create_size,
empty, clone_from_image, clone_from_dr_snapshot, share_vmdisk, passthru_from_external_url,
clone_from_external_url. A disk drives may either be a regular disk drive, or a CD-ROM drive. Only CD-
ROM drives may be empty. Disk sizes must be specified with a multiplicative suffix. The size will be
rounded up to the nearest sector size. The following suffixes are valid: c=1, s=512, k=1000, K=1024,
m=1e6, M=2^20, g=1e9, G=2^30, t=1e12, T=2^40. By default, regular disk drives are configured on
the SCSI bus, and CD-ROM drives are configured on the IDE bus. The user may override this behavior
with the "bus" keyword. By default, a disk drive is placed on the first available bus slot. The user may
override this behavior with the "index" keyword. Disks on the SCSI bus may optionally be configured for
passthrough on platforms that support iSCSI. When in passthrough mode, SCSI commands are passed
directly to ADFS via iSCSI. When SCSI passthrough is disabled, the hypervisor provides a SCSI emulation
layer, and treats the underlying iSCSI target as a block device. By default, SCSI passthrough is enabled
for SCSI devices on supported platforms. If the disk image is cloned from an existing vmdisk, ADSF file, or
Acropolis Image, the user may specify a minimum size for the resulting clone. This can be used to expand
a disk image at clone time. If the VM is running, the disk is hot-added to the VM. Note that certain buses,
like IDE, are not hot-pluggable.
<acropolis> vm.disk_create vm [ bus="bus" ][ cdrom="{ true
| false }" ][ clone_from_adsf_file="clone_from_adsf_file"
][ clone_from_external_url="clone_from_external_url" ][
clone_from_image="clone_from_image" ][ clone_from_vmdisk="clone_from_vmdisk" ][
clone_min_size="clone_min_size" ][ container="container" ][ create_size="create_size"
][ device_uuid="device_uuid" ][ empty="{ true | false }" ][ flash_mode="{ true | false }"
][ index="index" ][ passthru_from_external_url="passthru_from_external_url" ][
scsi_passthru="{ true | false }" ]
Required arguments
vm
VM identifier

AOS | Acropolis Command-Line Interface (aCLI) | 44

Type: VM
Optional arguments
bus
Device bus
Type: Bus Type
cdrom
Indicates if the disk is a CDROM drive
Type: boolean
clone_from_adsf_file
Path to an ADSF file
Type: ADSF path
clone_from_external_url
URL of the external datasource to clone from
Type: string
clone_from_image
An image name/UUID
Type: image
clone_from_vmdisk
A vmdisk UUID
Type: VM disk
clone_min_size
Minimum size of the resulting clone (only applies to cloned disks)
Type: size with cskKmMgGtT suffix
container
Container (only applies to newly-created disks and clones from external datasources)
Type: container
create_size
Size of new disk
Type: size with cskKmMgGtT suffix
device_uuid
Device UUID
Type: UUID
empty
Whether the disk is empty (only applies to CDROMs)
Type: boolean
flash_mode
If true, enable flash mode on the disk.
Type: boolean
index
Device index on bus

AOS | Acropolis Command-Line Interface (aCLI) | 45

Type: int
passthru_from_external_url
URL of the external datasource for passthrough disk
Type: string
scsi_passthru
Passthrough disk?
Type: boolean
Examples
1. Create a blank 5GiB disk on ctr, and attach it as SCSI:3.
<acropolis> vm.disk_create my_vm create_size=5G container=ctr bus=scsi index=3

2. Clone a disk from the ADSF file /ctr/plan9.iso, and use it as the backing image for a newly-created CD-
ROM drive on the first available IDE slot.
<acropolis> vm.disk_create my_vm clone_from_adsf_file=/ctr/plan9.iso cdrom=1

3. Clone a disk from the existing vmdisk, and attach it to the first available SCSI slot.
<acropolis> vm.disk_create my_vm clone_from_vmdisk=0b4fc60b-
cc56-41c6-911e-67cc8406d096

4. Create a disk from an Acropolis image and attach it to the first SCSI slot.
<acropolis> vm.disk_create my_vm clone_from_image=my_image

5. Create a new empty CD-ROM drive, and attach it to the first available IDE slot.
<acropolis> vm.disk_create my_vm empty=1 cdrom=1

6. Create a disk in 'ctr' with data cloned from the datasource specified by clone_from_external_url.
<acropolis> vm.disk_create my_vm container=ctr clone_from_external_url=nfs://
server.fqdn/export1/sql_server/data_disk1

7. Create a passthrough disk in 'ctr' that forwards both reads and writes to the datasource specified by
passthru_from_external_url.
<acropolis> vm.disk_create my_vm container=ctr passthru_from_external_url=nfs://
server.fqdn/export1/temp/data_disk1

Detaches a disk drive from a VM and deletes the underlying disk

If the VM is running, the disk is hot-removed from the VM. Note that certain buses, like IDE, are not hot-
pluggable.
<acropolis> vm.disk_delete vm [ device_uuid="device_uuid" ][ disk_addr="disk_addr" ]
Required arguments
vm
VM identifier
Type: VM
Optional arguments
device_uuid
Device UUID
Type: UUID
disk_addr
Disk address ("bus.index")

AOS | Acropolis Command-Line Interface (aCLI) | 46

Type: VM disk

Gets details about the disks attached to a VM

<acropolis> vm.disk_get vm [ device_uuid="device_uuid" ][ disk_addr="disk_addr" ][
include_vmdisk_datasource_info="{ true | false }" ][ include_vmdisk_paths="{ true | false }"
][ include_vmdisk_sizes="{ true | false }" ]
Required arguments
vm
VM identifier
Type: VM
Optional arguments
device_uuid
Device UUID
Type: UUID
disk_addr
Disk address ("bus.index")
Type: VM disk
include_vmdisk_datasource_info
Fetch the backing external datasource details, if applicable
Type: boolean
Default: false
include_vmdisk_paths
Fetch vmdisk paths
Type: boolean
Default: false
include_vmdisk_sizes
Fetch vmdisk sizes (in bytes)
Type: boolean
Default: true

Lists the disks attached to a VM

<acropolis> vm.disk_list vm
Required arguments
vm
VM identifier
Type: VM

Updates the backing for the specified disk drive

Exactly one of the following options is required: - create_size: replace the disk with a new disk
with the specified size - new_size: re-size an existing disk - empty: un-mount a CD-ROM drive -
clone_from_adsf_file: clone from an ADFS file expressed as a NFS path - clone_from_vmdisk: clone from
a VM disk - clone_from_image: clone from an image - flash_mode: change flash mode of an existing disk
Disk sizes must be specified with a multiplicative suffix. The size will be rounded up to the nearest sector
size. The following suffixes are valid: c=1, s=512, k=1000, K=1024, m=1e6, M=2^20, g=1e9, G=2^30,

AOS | Acropolis Command-Line Interface (aCLI) | 47

t=1e12, T=2^40. The existing disk image will be deleted and replaced by the new image (which may be a
clone of the existing image).
<acropolis> vm.disk_update vm [ clone_from_adsf_file="clone_from_adsf_file" ][
clone_from_image="clone_from_image" ][ clone_from_vmdisk="clone_from_vmdisk" ][
clone_min_size="clone_min_size" ][ container="container" ][ create_size="create_size"
][ device_uuid="device_uuid" ][ disk_addr="disk_addr" ][ empty="{ true | false }" ][
flash_mode="{ true | false }" ][ new_size="new_size" ]
Required arguments
vm
VM identifier
Type: VM
Optional arguments
clone_from_adsf_file
Path to an ADSF file
Type: ADSF path
clone_from_image
An image name/UUID
Type: image
clone_from_vmdisk
A vmdisk UUID
Type: VM disk
clone_min_size
Minimum size of the resulting clone (only applies to cloned disks)
Type: size with cskKmMgGtT suffix
container
Container (only applies to newly-created disks)
Type: container
create_size
Size of new disk
Type: size with cskKmMgGtT suffix
device_uuid
Device UUID
Type: UUID
disk_addr
Disk address ("bus.index")
Type: VM disk
empty
Whether the disk is empty (only applies to CDROMs)
Type: boolean
flash_mode
Set flash mode on the specified disk.
Type: boolean

AOS | Acropolis Command-Line Interface (aCLI) | 48

new_size
New size for the existing disk
Type: size with cskKmMgGtT suffix
Examples
1. Replace the disk at SCSI:0 with blank 5GiB disk on ctr.
<acropolis> vm.disk_update my_vm disk_addr=scsi.0 create_size=5G container=ctr

2. Replace the disk at IDE:0 with a clone of /ctr/plan9.iso. Note that if IDE:0 is a CD-ROM drive, it remains
such.
<acropolis> vm.disk_update my_vm disk_addr=ide.0 clone_from_adsf_file=/ctr/plan9.iso

3. Replace the disk at SCSI:0 with a clone of the existing vmdisk.

<acropolis> vm.disk_update my_vm disk_addr=scsi.0 clone_from_vmdisk=0b4fc60b-
cc56-41c6-911e-67cc8406d096

4. Eject the image from the CD-ROM drive at IDE:0.

<acropolis> vm.disk_update my_vm disk_addr=ide.0 empty=1

5. Update the size of disk at SCSI:1 to 5GiB.

<acropolis> vm.disk_update my_vm disk_addr=scsi.1 new_size=5G

6. Enable flash mode for an existing disk at SCSI:0.

<acropolis> vm.disk_update my_vm disk_addr=scsi.0 flash_mode=True

7. Enable flash mode for an existing disk at SCSI:0 and resize the disk.
<acropolis> vm.disk_update my_vm disk_addr=scsi.0 new_size=100G flash_mode=True

Retrieves information about a VM

<acropolis> vm.get vm_list [ include_address_assignments="{ true | false }" ][
include_vmdisk_datasource_info="{ true | false }" ][ include_vmdisk_paths="{ true | false }"
][ include_vmdisk_sizes="{ true | false }" ]
Required arguments
vm_list
VM identifier
Type: list of VMs
Optional arguments
include_address_assignments
Fetch configured IP addresses
Type: boolean
Default: true
include_vmdisk_datasource_info
Fetch the backing external datasource details, if applicable
Type: boolean
Default: false
include_vmdisk_paths
Fetch vmdisk paths
Type: boolean

AOS | Acropolis Command-Line Interface (aCLI) | 49

Default: false
include_vmdisk_sizes
Fetch vmdisk sizes (in bytes)
Type: boolean
Default: true

Attaches a new GPU to a VM

Changes to the GPU configuration can only be made when VM is powered off.
<acropolis> vm.gpu_assign vm [ extra_param="extra_param" ][ gpu="gpu" ]
Required arguments
vm
VM identifier
Type: VM
Optional arguments
extra_param
extra_parameters
Type: string
gpu
GPU
Type: gpu
Examples
1. Add a new GPU in passthrough mode
<acropolis> vm.gpu_assign my_vm gpu=Nvidia_Tesla_M60

Detaches a GPU from a VM

Changes to the GPU configuration can only be made when VM is powered off.
<acropolis> vm.gpu_deassign vm [ device_uuid="device_uuid" ]
Required arguments
vm
VM identifier
Type: VM
Optional arguments
device_uuid
GPU device UUID
Type: gpu_device_uuid
Examples
1. Remove a new GPU in passthrough mode
<acropolis> vm.gpu_deassign my_vm device_uuid=e6d85ee8-3797-4bae-98f2-9e4511be908d

2. Remove a new GPU in passthrough mode

<acropolis> vm.gpu_deassign my_vm gpu=Nvidia_Tesla_M60

AOS | Acropolis Command-Line Interface (aCLI) | 50

Initiates a Guest level Reboot of the VMs
Requires NGT.
<acropolis> vm.guest_reboot vm_list [ enable_script_exec="{ true | false }" ][
fail_on_script_failure="{ true | false }" ]
Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs
Optional arguments
enable_script_exec
Whether to execute pre-reboot script.
Type: boolean
fail_on_script_failure
Whether to abort reboot if script fails.
Type: boolean

Initiates a Guest level Shutdown of the VMs

Requires NGT.
<acropolis> vm.guest_shutdown vm_list [ enable_script_exec="{ true | false }" ][
fail_on_script_failure="{ true | false }" ]
Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs
Optional arguments
enable_script_exec
Whether to execute pre-shutdown script.
Type: boolean
fail_on_script_failure
Whether to abort shutdown if script fails.
Type: boolean

Lists all VMs

<acropolis> vm.list [ memory="memory" ][ num_vcpus="num_vcpus" ][
power_state="power_state" ]
Required arguments
None
Optional arguments
memory
List VMs with the given amount of memory
Type: size with MG suffix
num_vcpus
List VMs with the given number of VCPUs

AOS | Acropolis Command-Line Interface (aCLI) | 51

Type: int
power_state
List VMs with the given power state
Type: Power State

Live migrates a VM to another host

If no host is specified, the scheduler will pick the one with the most available CPU and memory that can
support the VM. Note that no such host may be available. If multiple VMs are specified, it is recommended
to also provide the bandwidth_mbps parameter. This limit is applied to each of the migrations individually.
<acropolis> vm.migrate vm_list [ bandwidth_mbps="bandwidth_mbps" ][ host="host" ][
max_downtime_ms="max_downtime_ms" ]
Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs
Optional arguments
bandwidth_mbps
Maximum bandwidth in MiB/s
Type: int
Default: 0
host
Destination host
Type: host
max_downtime_ms
Maximum time in ms for which this Vm can be stunned while migrating
Type: int
Default: 0

Attaches a network adapter to a VM

A VM NIC must be associated with a virtual network. It is not possible to change this association. To
connect a VM to a different virtual network, it is necessary to create a new NIC. If the virtual network is
managed (see network.create), the NIC must be assigned an IPv4 address at creation time. If the network
has no DHCP pool, the user must specify the IPv4 address manually. If the VM is running, the NIC is hot-
added to the VM.

AOS | Acropolis Command-Line Interface (aCLI) | 52

<acropolis> vm.nic_create vm [ allow_unknown_macs="{ true | false }"
][ connected="{ true | false }" ][ ip="ip" ][ mac="mac" ][ model="model" ][
network="network" ][ network_function_nic_type="network_function_nic_type" ][
queues="queues" ][ request_ip="{ true | false }" ][ rx_queue_size="rx_queue_size" ][
secondary_ip_addresses="secondary_ip_addresses" ][ trunked_networks="trunked_networks"
][ type="type" ][ vlan_mode="vlan_mode" ]
Required arguments
vm
VM identifier
Type: VM
Optional arguments
allow_unknown_macs
If true, then allow unknown unicast traffic to be forwarded to this NIC
Type: boolean
connected
Whether or not the NIC is connected.
Type: boolean
ip
IPv4 address
Type: IPv4 address
mac
MAC address
Type: MAC address
model
Virtual hardware model. Defaults to 'virtio', can also specify 'e1000'.
Type: string
network
Network identifier
Type: network
network_function_nic_type
Network function nic type
Type: Network function NIC Type
queues
Maximum number of Tx/Rx queue pairs (default: 1)
Type: int
request_ip
If true, then try to request an IP from Acropolis (static if the 'ip=' field is set, otherwise
dynamic if the network is managed.) If false, then don't request an IP from Acropolis at all
(even if 'ip=' is set.
Type: boolean
rx_queue_size
Receive queue depth (default: 256)

AOS | Acropolis Command-Line Interface (aCLI) | 53

Type: int
secondary_ip_addresses
List of secondary IP Addresses.
Type: list of IPv4 addresses
trunked_networks
List of trunked networks.
Type: list of ints
type
NIC Type
Type: NIC Type
Default: 1
vlan_mode
VLan Mode. Access by default.
Type: Vlan Type

Deletes a NIC from a VM

If the VM is running, the NIC is hot-removed from the VM. If the NIC to be removed is specified as the boot
device in the boot configuration, the boot device configuration will be cleared as a side effect of removing
the NIC.
<acropolis> vm.nic_delete vm mac_addr
Required arguments
vm
VM identifier
Type: VM
mac_addr
NIC MAC address
Type: NIC address

Gets details about the NICs attached to a VM

<acropolis> vm.nic_get vm [ include_address_assignments="{ true | false }" ][
mac_addr="mac_addr" ]
Required arguments
vm
VM identifier
Type: VM
Optional arguments
include_address_assignments
Fetch configured IP addresses
Type: boolean
Default: true
mac_addr
NIC MAC address
Type: NIC address

AOS | Acropolis Command-Line Interface (aCLI) | 54

Lists the NICs attached to a VM
<acropolis> vm.nic_list vm [ include_address_assignments="{ true | false }" ]
Required arguments
vm
VM identifier
Type: VM
Optional arguments
include_address_assignments
Fetch configured IP addresses
Type: boolean
Default: true

Updates a network adapter, specified by the MAC address, on a VM

<acropolis> vm.nic_update vm mac_addr [ allow_unknown_macs="{ true
| false }" ][ connected="{ true | false }" ][ ip="ip" ][ network="network" ][
queues="queues" ][ request_ip="{ true | false }" ][ rx_queue_size="rx_queue_size" ][
secondary_ip_addresses="secondary_ip_addresses" ][ trunked_networks="trunked_networks"
][ type="type" ][ update_vlan_trunk_info="{ true | false }" ][ vlan_mode="vlan_mode" ]
Required arguments
vm
VM identifier
Type: VM
mac_addr
NIC MAC address
Type: NIC address
Optional arguments
allow_unknown_macs
If true, then allow unknown unicast traffic to be forwarded to this NIC
Type: boolean
connected
Whether or not the NIC is connected.
Type: boolean
ip
IPv4 address
Type: IPv4 address
network
Network identifier
Type: network
queues
Maximum number of Tx/Rx queue pairs (default: 1)
Type: int
request_ip
If true, request a new IP address.

AOS | Acropolis Command-Line Interface (aCLI) | 55

Type: boolean
rx_queue_size
Receive queue depth (default: 256)
Type: int
secondary_ip_addresses
List of secondary IP Addresses.
Type: list of IPv4 addresses
trunked_networks
List of trunked networks.
Type: list of ints
type
NIC Type
Type: NIC Type
update_vlan_trunk_info
If true, then update vlan type and trunked network list.
Type: boolean
vlan_mode
VLan Mode. Access by default.
Type: Vlan Type

Powers off the specified VMs

<acropolis> vm.off vm_list
Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs

Powers on the specified VMs

If no host is specified, the scheduler will pick the one with the most available CPU and memory that can
support the VM. Note that no such host may be available.

AOS | Acropolis Command-Line Interface (aCLI) | 56

<acropolis> vm.on vm_list [ enable_migrations="{ true | false }" ][ host="host" ]
Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs
Optional arguments
enable_migrations
Whether live migrations of other VMs should be performed to free up space in order to
power on the VM on a node
Type: boolean
Default: false
host
Host on which to power on the VM
Type: host

Power cycles the specified VMs

<acropolis> vm.power_cycle vm_list [ change_host="{ true | false }" ][ host="host" ]
Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs
Optional arguments
change_host
Whether to power on on a different host
Type: boolean
Default: false
host
Host on which to power on the VM
Type: host

Initiates a reboot by issuing an ACPI event

<acropolis> vm.reboot vm_list
Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs

Resets the specified VMs

<acropolis> vm.reset vm_list
Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs

AOS | Acropolis Command-Line Interface (aCLI) | 57

Restores a VM to a snapshotted state
If the VM is currently running, it will be powered off. Since VM snapshots do not include the VM memory
image, the VM will remain powered off after the restore is complete. A VM snapshot may no longer be
compatible with the current virtual network configuration. In this case, the user may choose not to restore
the VM's network adapters using the "restore_network_config" keyword argument.
<acropolis> vm.restore vm snapshot [ restore_network_config="{ true | false }" ]
Required arguments
vm
VM identifier
Type: VM
snapshot
Snapshot identifier
Type: snapshot
Optional arguments
restore_network_config
Whether to restore the VM's networking configuration
Type: boolean
Default: true

Attaches a new serial port to a VM

Changes to the serial port configuration only take effect after a full power cycle.
<acropolis> vm.serial_port_create vm [ index="index" ][ type="type" ]
Required arguments
vm
VM identifier
Type: VM
Optional arguments
index
Serial port index
Type: int
type
Serial port type
Type: serial port type
Examples
1. Add a new serial port at COM1 in server mode.
<acropolis> vm.serial_port_create my_vm index=0 type=kServer

Detaches a serial port from a VM

Changes to the serial port configuration only take effect after a full power cycle.
<acropolis> vm.serial_port_delete vm index
Required arguments
vm
VM identifier

AOS | Acropolis Command-Line Interface (aCLI) | 58

Type: VM
index
Serial port index
Type: int
Examples
1. Remove the serial port at COM2.
<acropolis> vm.serial_port_delete my_vm 1

Initiates a shutdown by issuing an ACPI event

<acropolis> vm.shutdown vm_list
Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs

Creates one or more snapshots in a single consistency group

If multiple VMs are specified, all of their configurations and disks will fall into the same consistency group.
Since this operation requires the coordination of multiple resources, it should not be abused by specifying
more than several VMs at a time. Snapshots are crash-consistent. They do not include the VM's current
memory image, only the VM configuration and its disk contents. The snapshot is taken atomically across
all of a VM's configuration and disks to ensure consistency. If no snapshot name is provided, the snapshot
will be referred to as "<vm_name>-<timestamp>", where the timestamp is in ISO 8601 format (YYYY-MM-
DDTHH:MM:SS.mmmmmm).
<acropolis> vm.snapshot_create vm_list [ snapshot_name_list="snapshot_name_list" ]
Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs
Optional arguments
snapshot_name_list
Comma-delimited list of names for each snapshot
Type: list of strings
Examples
1. Create a snapshot named 'dev-vm-gold' from a VM named 'dev-vm'.
<acropolis> vm.snapshot_create dev-vm snapshot_name_list=dev-vm-gold

2. Create a consistent snapshot across several VMs, using the default naming scheme.
<acropolis> vm.snapshot_create vm1,vm2,vm3

Prints the graph representation of the snapshot history for a VM

<acropolis> vm.snapshot_get_tree vm
Required arguments
vm
VM identifier

AOS | Acropolis Command-Line Interface (aCLI) | 59

Type: VM

Gets a list of all snapshots associated with a VM

<acropolis> vm.snapshot_list vm
Required arguments
vm
VM identifier
Type: VM

Updates the specified VMs

Note that some attributes may not be modifiable while the VM is running. For instance, the KVM hypervisor
supports at present only hot add for CPU and Memory. Memory size must be specified with a multiplicative
suffix. The following suffixes are valid: M=2^20, G=2^30. The hwclock_timezone attribute specifies the
VM's hardware clock timezone. Most operating systems assume the system clock is UTC, but some (like
Windows) expect the local timezone. Changes to the clock timezone only take effect after a full VM power
cycle. The vga_console attribute controls whether the VM has a VGA console device. Changes to this
attribute only take effect after a full VM power cycle. The agent_vm attribute controls whether the VM is an
agent VM. When their host enters maintenance mode, after normal VMs are evacuated, agent VMs are
powered off. When the host is restored, agent VMs are powered on before normal VMs are restored. Agent
VMs cannot be HA-protected. Disabling branding will remove product and manufacturer information from
the VM xml. Changes to this attribute only take effect after a full VM power cycle. Enabling metrics allows
host-specific metrics to be percolated to this VM.
<acropolis> vm.update vm_list [ agent_vm="{ true | false }" ][ annotation="annotation"
][ bios_uuid="bios_uuid" ][ cbr_not_capable_reason="cbr_not_capable_reason"
][ cpu_passthrough="{ true | false }" ][ disable_branding="{ true |
false }" ][ disable_hyperv="{ true | false }" ][ enable_metrics="{ true |
false }" ][ extra_flags="extra_flags" ][ flash_mode="{ true | false }" ][
generation_uuid="generation_uuid" ][ gpu_console="{ true | false }" ][
ha_priority="ha_priority" ][ hardware_virtualization="{ true | false }" ][
hwclock_timezone="hwclock_timezone" ][ machine_type="machine_type"
][ memory="memory" ][ memory_overcommit="{ true | false }" ][
name="name" ][ num_cores_per_vcpu="num_cores_per_vcpu" ][
num_threads_per_core="num_threads_per_core" ][ num_vcpus="num_vcpus" ][
num_vnuma_nodes="num_vnuma_nodes" ][ nvram_container="nvram_container" ][
secure_boot="{ true | false }" ][ uefi_boot="{ true | false }" ][ vcpu_hard_pin="{ true
| false }" ][ vga_console="{ true | false }" ][ virtual_tpm="{ true | false }" ][
windows_credential_guard="{ true | false }" ]
Required arguments
vm_list
Comma-delimited list of VM identifiers
Type: list of VMs
Optional arguments
agent_vm
Agent vm
Type: boolean
annotation
Annotation string
Type: string
bios_uuid

AOS | Acropolis Command-Line Interface (aCLI) | 60

BIOS UUID
Type: UUID
cbr_not_capable_reason
If set, marks the VM incapable of CBR workflows
Type: string
cpu_passthrough
Pass through all host CPU features.
Type: boolean
disable_branding
Disable Nutanix branding
Type: boolean
disable_hyperv
If True, then all the hyperv flags passed to a VM are disabled.
Type: boolean
enable_metrics
Enable host metrics
Type: boolean
extra_flags
Additional VM flags as key=value pairs, separated by semicolon
Type: string
flash_mode
Enable/Disable flash mode for all VM disks.
Type: boolean
generation_uuid
VM Generation UUID
Type: UUID
gpu_console
Enable/Disable GPU console for the VM.
Type: boolean
ha_priority
Numeric priority for HA restart
Type: int
hardware_virtualization
Virtual machine extention for hardware virtualization
Type: boolean
hwclock_timezone
Hardware clock timezone
Type: timezone
machine_type
Machine architecture type

AOS | Acropolis Command-Line Interface (aCLI) | 61

Type: Machine Architecture Type
memory
Memory size
Type: size with MG suffix
memory_overcommit
If True, the configured memory for the VM may reside outside of the host physical memory.
Type: boolean
name
VM name
Type: string
num_cores_per_vcpu
Number of cores per vCPU
Type: int
num_threads_per_core
Number of threads per core
Type: int
num_vcpus
Number of vCPUs
Type: int
num_vnuma_nodes
Number of vNUMA nodes
Type: int
nvram_container
Container to store NVRAM disk if uefi_boot=True
Type: container
secure_boot
Secure boot
Type: boolean
uefi_boot
UEFI boot
Type: boolean
vcpu_hard_pin
Enable hard pinning vcpu to pcpus
Type: boolean
vga_console
VGA console device
Type: boolean
virtual_tpm
Enable virtual TPM device.
Type: boolean

AOS | Acropolis Command-Line Interface (aCLI) | 62

windows_credential_guard
Windows UVM credential guard
Type: boolean

Updates a VM's boot device

<acropolis> vm.update_boot_device vm [ boot_device_order="boot_device_order" ][
disk_addr="disk_addr" ][ mac_addr="mac_addr" ]
Required arguments
vm
VM identifier
Type: VM
Optional arguments
boot_device_order
Device boot order
Type: list of boot device types
disk_addr
Disk bus address
Type: VM disk
mac_addr
NIC MAC address
Type: NIC address

Updates storage container of all disks of the VM or just the specified disks
<acropolis> vm.update_container vm [ container="container" ][
device_uuid_list="device_uuid_list" ][ disk_addr_list="disk_addr_list" ][ wait="{ true |
false }" ]
Required arguments
vm
VM identifier
Type: VM
Optional arguments
container
Container
Type: container
device_uuid_list
List of devices
Type: list of UUIDs
disk_addr_list
Disk address ("bus.index")
Type: VM disk list
wait
Wait for tasks to complete
Type: boolean

AOS | Acropolis Command-Line Interface (aCLI) | 63

Default: true
Examples
1. Update container of all disks of the VM.
<acropolis> vm.update_container my_vm container=target_ctr

2. Update container of disk at SCSI:0 AND SCSI:1.

<acropolis> vm.update_container my_vm container=target_ctr
disk_addr_list=scsi.0,scsi.1

3. Update container of disk by specified device UUID.

<acropolis> vm.update_container my_vm container=target_ctrdevice_uuid_list=99359b95-
f8b0-4100-8c4b-88b1ddacf676,e6d85ee8-3797-4bae-98f2-9e4511be908d

vm_group

Operations

• Add VMs to a VM group : vm_group.add_vms

• Enables vm-vm preferential anti-affinity : vm_group.antiaffinity_set
• Clears vm-vm anti-affinity : vm_group.antiaffinity_unset
• Creates one or more VM groups : vm_group.create
• Deletes one or more VM groups : vm_group.delete
• Retrieves information about a VM group : vm_group.get
• Lists all VM groups : vm_group.list
• Lists VMs configured to the VmGroup : vm_group.list_vms
• Remove VMs from a VM group : vm_group.remove_vms
• Updates the specified VM groups : vm_group.update

Add VMs to a VM group

<acropolis> vm_group.add_vms vm_group [ vm_list="vm_list" ]
Required arguments
vm_group
VmGroup identifier
Type: VM group type
Optional arguments
vm_list
Comma-delimited VM identifiers
Type: list of VMs

Enables vm-vm preferential anti-affinity

<acropolis> vm_group.antiaffinity_set vm_group_list
Required arguments
vm_group_list
Comma-delimited list of VM group identifiers

AOS | Acropolis Command-Line Interface (aCLI) | 64

Type: list of VM group types

Clears vm-vm anti-affinity

<acropolis> vm_group.antiaffinity_unset vm_group_list
Required arguments
vm_group_list
Comma-delimited list of VM group identifiers
Type: list of VM group types

Creates one or more VM groups

<acropolis> vm_group.create name_list
Required arguments
name_list
Comma-delimited list of VM group names
Type: list of strings

Deletes one or more VM groups

<acropolis> vm_group.delete vm_group_list
Required arguments
vm_group_list
Comma-delimited VM group identifiers
Type: list of VM group types

Retrieves information about a VM group

<acropolis> vm_group.get vm_group_list
Required arguments
vm_group_list
VM group identifier
Type: list of VM group types

Lists all VM groups

<acropolis> vm_group.list
Required arguments
None

Lists VMs configured to the VmGroup

<acropolis> vm_group.list_vms vm_group
Required arguments
vm_group
VmGroup identifier
Type: VM group type

Remove VMs from a VM group

<acropolis> vm_group.remove_vms vm_group [ vm_list="vm_list" ]
Required arguments
vm_group
VmGroup identifier

AOS | Acropolis Command-Line Interface (aCLI) | 65

Type: VM group type
Optional arguments
vm_list
Comma-delimited VM identifiers
Type: List of VM configured to VmGroup

Updates the specified VM groups

<acropolis> vm_group.update vm_group_list [ name="name" ]
Required arguments
vm_group_list
Comma-delimited list of VM group identifiers
Type: list of VM group types
Optional arguments
name
VM group name
Type: string

AOS | Acropolis Command-Line Interface (aCLI) | 66

NUTANIX COMMAND-LINE INTERFACE
(NCLI)
The Nutanix command-line interface (nCLI) allows you to run system administration commands against the
Nutanix cluster from any of the following machines:

• Your local machine (preferred)

• Any Controller VM in the cluster

Installing the nCLI on Your Local System

About this task

Tip: For the default credentials of all cluster components, see KB-1661.

Procedure

1. Verify that your system has Java Runtime Environment (JRE) version 5.0 or higher.
To check which version of Java is installed on your system or to download the latest version, go to
http://www.java.com/en/download/installed.jsp.

2. Download the nCLI.

a. Connect to the Nutanix web console.

b. Click the user icon at the top of the console.

c. Select Download nCLI.

d. Download and unzip the file on your local system.

3. Configure your Windows %PATH% or Linux $PATH environment variables.

• ncli directory (for example, C:\ncli)

• JRE bin directory (for example, C:\Program Files\Java\jre1.6.0_21\bin)
The procedure to complete this step depends on your operating system. For more information, go to
http://java.com/en/download/help/path.xml.

AOS | Nutanix Command-Line Interface (nCLI) | 67

Initiating an nCLI Session From Your Local System
Before you begin
Install the nCLI on your local system by following Installing the nCLI on Your Local System on page 67.

Procedure

1. On your local system, open a command prompt (such as bash for Linux or CMD for Windows).

2. At the command prompt, start the nCLI by using one of the following commands.

a. ncli -s management_ip_addr -u 'username' -p 'user_password'

In this case, the console displays the password.
b. ncli -s management_ip_addr -u 'username' -p
In this case, you are prompted to specify the password.

• Replace management_ip_addr with the IP address of any Nutanix Controller VM in the cluster.
• Replace username with the name of the user (if not specified, the default is admin).
• (Optional) Replace user_password with the password of the user.

Note: When specifying the -p 'user_password' command-line argument to establish an nCLI

session interactively, the credentials are stored in the user's history file. This flag is intended for use in
automated scripts or third-party application integration to nCLI.
To prevent retention of the password for interactive login, specify the -p command flag
alone without the password as described in step 2(b). An interactive prompt is provided to
supply the password, which will not be stored in the user's history file.

Table 1: Troubleshooting

Error Explanation/Resolution

ncli not found or not recognized The Windows %PATH% or Linux $PATH environment variable is not
as a command set.

Error: Bad credentials The admin user password has been changed from the default and
you did not specify the correct password.
Type exit and start the nCLI again with the correct password.

Error: Could not connect to Nutanix The cluster is not started.

Gateway
Log on to a Controller VM as the nutanix user and run the following
command: cluster start
When the cluster is up, exit the nCLI and start it again.

Results
The Nutanix CLI is now in interactive mode. To exit this mode, type exit at the ncli> prompt.

AOS | Nutanix Command-Line Interface (nCLI) | 68

Command Format
Nutanix Command-Line Interface commands must match the following format:
ncli> entity action parameter1=value parameter2=value ...
entity can be replaced by any Nutanix entity, such as cluster or disk.

action can be replaced by any valid action for the preceding entity. Each entity has a unique set of
actions, but a common action across all entities is list. For example, you can type the following command
to request a list of all storage pools in the cluster.
ncli> storagepool list
Some actions require parameters at the end of the command. For example, when creating an NFS
datastore, you need to provide both the name of the datastore as it will appear to the hypervisor and the
name of the source storage container.
ncli> datastore create name="NTNX-NFS" ctr-name="nfs-ctr"
Parameter-value pairs can be listed in any order, as long as they are preceded by a valid entity and action.

Tip: To avoid syntax errors, surround all string values with double-quotes, as demonstrated in the preceding
example. This is particularly important when specifying parameters that accept a list of values.

Embedded Help
The nCLI provides assistance on all entities and actions. By typing help at the command line, you can
request additional information at one of three levels of detail.
help
Provides a list of entities and their corresponding actions
entity help
Provides a list of all actions and parameters associated with the entity, as well as which parameters
are required, and which are optional
entity action help
Provides a list of all parameters associated with the action, as well as a description of each
parameter
The nCLI provides additional details at each level. To control the scope of the nCLI help output, add the
detailed parameter, which can be set to either true or false.
For example, type the following command to request a detailed list of all actions and parameters for the
cluster entity.
ncli> cluster help detailed=true
You can also type the following command if you prefer to see a list of parameters for the cluster edit-params
action without descriptions.
ncli> cluster edit-params help detailed=false

nCLI Entities
alerts: An Alert
authconfig: Configuration information used to authenticate user
cloud: Manage AWS or AZURE Cloud
cluster: A Nutanix Complete Cluster
container: A Storage Container is a container for virtual disks
data-at-rest-encryption: Manage data-at-rest-encryption related operations
data-at-rest-encryption-certificate: Manage data-at-rest-encryption related digital certificates

AOS | Nutanix Command-Line Interface (nCLI) | 69

datastore: An NFS Datastore
disk: A Physical Disk
events: An Event
failover-cluster: Hyper-V failover cluster
file-server: Minerva file server
health-check: A health check
host: A Physical Host hosts Virtual Machines
http-proxy: An HTTP Proxy
key-management-server: Manage key management servers
license: License for a Nutanix cluster
managementserver: An infrastructure management server such as VCenter
multicluster: A Nutanix Management Console to manage multiple clusters
network: Network specific commands
nutanix-guest-tools: Admin commands for Nutanix Guest Tools
progress-monitor: Monitor progress of long running tasks
protection-domain: A protection domain to be used for Data Protection
pulse-config: Configuration information used for Pulse setup
rackable-unit: A rackable unit
remote-site: A remote cluster to be used for replicating data
rsyslog-config: TLS configuration for RSyslog service
share: Share
smb-server: The Nutanix SMB file server
snapshot: Snapshot of a Virtual Disk
snmp: An SNMP agent
software: NOS Software Release
ssl-certificate: Manage SSL certificates
storagepool: A Pool of Physical Disks
storagetier: A Tier of physical storage
tag: A tag that groups entities
task: A Task
user: A User
vdisk: A Virtual Disk
virtual-disk: Commands for performing different actions on Virtual Disks.
virtualmachine: A Virtual Machine
volume-group: A Volume Group
vstore: A file namespace in a Storage Container

Nutanix Command-Line Interface Reference

CLI Reference Conventions
This command-line interface reference uses the following conventions.

• Parameters in italic are unique to your environment.

value

• Parameters in square brackets are optional.

[ value ]

AOS | Nutanix Command-Line Interface (nCLI) | 70

• Parameters in curly brackets must be one of a limited set of values.
{ value1 | value2 }
One example is boolean parameters: { true | false }
• The keyword is a literal string required by the command, and the value is the unique value for your
environment.
keyword=value

alerts: Alert
Description An Alert
Alias alert

Operations
• Acknowledge Alerts : acknowledge | ack
• Update Alert Configuration : edit-alert-config | update-alert-config
• List Alert Configuration : get-alert-config
• List history of Alerts : history
• List of unresolved Alerts : list | ls
• Resolve Alerts : resolve

Acknowledge Alerts
ncli> alerts { acknowledge | ack } ids="ids"
Required arguments
ids
A comma-separated list of ids of the Alerts

Update Alert Configuration

ncli> alerts { edit-alert-config | update-alert-config }[ enable="{ true | false }" ][
enable-default-nutanix-email="{ true | false }" ][ enable-email-digest="{ true | false }" ][
email-contacts="email_contacts" ]
Required arguments
None
Optional arguments
enable
Enable Alert emails
enable-default-nutanix-email
Enable default Nutanix email
enable-email-digest
Enable alert email digest
email-contacts
Comma-separated list of emails to be used while sending alerts. Set to '-' to clear all the
existing emails.

AOS | Nutanix Command-Line Interface (nCLI) | 71

List Alert Configuration
ncli> alerts { get-alert-config }
Required arguments
None

List history of Alerts

ncli> alerts { history } duration="duration" [ acknowledged="acknowledged" ][
resolved="resolved" ][ auto-resolved="auto_resolved" ][ max-alerts="max_alerts" ]
Required arguments
duration
Duration (in days) for getting the history of Alerts
Optional arguments
acknowledged
Acknowledged Alerts?
resolved
Resolved Alerts?
auto-resolved
Auto resolved Alerts?
max-alerts
Maximum number of Alerts to fetch (permitted max value = 1000)
Default: 100

List of unresolved Alerts

ncli> alerts { list | ls }[ acknowledged="acknowledged" ][ max-alerts="max_alerts" ]
Required arguments
None
Optional arguments
acknowledged
Acknowledged Alerts?
max-alerts
Maximum number of Alerts to fetch (permitted max value = 1000)
Default: 100

Resolve Alerts
ncli> alerts { resolve } ids="ids"
Required arguments
ids
A comma-separated list of ids of the Alerts

authconfig: Authentication Configuration

Description Configuration information used to authenticate user
Alias

AOS | Nutanix Command-Line Interface (nCLI) | 72

Operations
• Add directory role mapping : add-role-mapping
• Comma-separated list of values to be added to the existing directory role mapping :
add-to-role-mapping-values

• Clear Certificate Revocation information : clear-certificate-revocation

• Create Directory Service Configuration : create-directory | add-directory
• delete ca chain certificate : delete-ca-chain-certificate | delete-ca-chain-
cert

• Delete directory role mappings : delete-role-mapping

• Update Authentication Configuration : edit | update
• Update Directory Service Configuration : edit-directory | update-directory
• Get Client Auth Configuration : get-client-authentication-config
• Get the list of entity values for the specified entity type and the directory name : get-
directory-values-by-type

• List Authentication Configuration : list | ls

• List Authentication Configuration : list-directory | ls-directory
• Get the list of directory role mappings : list-role-mappings | ls-role-mappings
• Remove Authentication Configuration : remove | rm
• Remove Directory Service Configuration : remove-directory | rm-directory
• Comma-separated list of values to be removed from the existing directory role
mapping : remove-from-role-mapping-values
• Set Certificate Revocation information : set-certificate-revocation
• Test LDAP Connection and authentication : test-ldap-connection
• Enable/Disable client authentication : update-client-authentication
• Update service account (CAC) : update-service-account

Add directory role mapping

ncli> authconfig { add-role-mapping } role="role" entity-type="entity_type" entity-
values="entity_values" name="name"
Required arguments
role
Role of the directory.
entity-type
Type of directory entity.
entity-values
List of entity values.
name
Directory Name

AOS | Nutanix Command-Line Interface (nCLI) | 73

Comma-separated list of values to be added to the existing directory role mapping
ncli> authconfig { add-to-role-mapping-values } name="name" role="role" entity-
type="entity_type" entity-values="entity_values"
Required arguments
name
Name
role
Role
entity-type
Entity Type
entity-values
Values

Clear Certificate Revocation information

ncli> authconfig { clear-certificate-revocation }
Required arguments
None

Create Directory Service Configuration

ncli> authconfig { create-directory | add-directory } directory-
type="directory_type" connection-type="connection_type" directory-url="directory_url"
domain="domain" name="name" service-account-username="service_account_username"
[ group-search-type="group_search_type" ][ user-object-class="user_object_class" ][
user-search-base="user_search_base" ][ username-attribute="username_attribute" ][
group-object-class="group_object_class" ][ group-search-base="group_search_base"
][ group-member-attribute="group_member_attribute" ][ group-member-
attribute-value="group_member_attribute_value" ][ service-account-
password="service_account_password" ]
Required arguments
directory-type
Type of the Directory Service
connection-type
Connection type for the Directory Service
directory-url
Url to connect to the Directory Service
domain
Domain of the Directory Service
name
Name of the Directory Service
service-account-username
User name of the directory administrator
Optional arguments
group-search-type
Type of the search whether RECURSIVE or NON_RECURSIVE
user-object-class
Object class for users

AOS | Nutanix Command-Line Interface (nCLI) | 74

user-search-base
Search base for users
username-attribute
Unique identifier for a user that can be used for authentication
group-object-class
Object class for groups
group-search-base
Search base for groups
group-member-attribute
Attribute in group that associates users to group
group-member-attribute-value
User attributevalue that will be used in group entity to associate user to the group
service-account-password
Password of the directory administrator

delete ca chain certificate

ncli> authconfig { delete-ca-chain-certificate | delete-ca-chain-cert } ca-
chain-certificate-name="ca_chain_certificate_name"
Required arguments
ca-chain-certificate-name
Name of the Certificate

Delete directory role mappings

ncli> authconfig { delete-role-mapping } name="name" [ role="role" ][ entity-
type="entity_type" ]
Required arguments
name
Directory Name
Optional arguments
role
Role
entity-type
Entity Type

Update Authentication Configuration

ncli> authconfig { edit | update } auth-type-list="auth_type_list" [ directory-
list="directory_list" ]
Required arguments
auth-type-list
Authentication Types
Optional arguments
directory-list
Id of an alert type.

AOS | Nutanix Command-Line Interface (nCLI) | 75

Update Directory Service Configuration
ncli> authconfig { edit-directory | update-directory } directory-
type="directory_type" connection-type="connection_type" directory-url="directory_url"
domain="domain" name="name" [ group-search-type="group_search_type" ][ user-
object-class="user_object_class" ][ user-search-base="user_search_base" ][ username-
attribute="username_attribute" ][ group-object-class="group_object_class" ][ group-
search-base="group_search_base" ][ group-member-attribute="group_member_attribute"
][ group-member-attribute-value="group_member_attribute_value" ][
service-account-username="service_account_username" ][ service-account-
password="service_account_password" ]
Required arguments
directory-type
Type of the Directory Service
connection-type
Connection type for the Directory Service
directory-url
Url to connect to the Directory Service
domain
Domain of the Directory Service
name
Name of the Directory Service
Optional arguments
group-search-type
Type of the search whether RECURSIVE or NON_RECURSIVE
user-object-class
Object class for users
user-search-base
Search base for users
username-attribute
Unique identifier for a user that can be used for authentication
group-object-class
Object class for groups
group-search-base
Search base for groups
group-member-attribute
Attribute in group that associates users to group
group-member-attribute-value
User attributevalue that will be used in group entity to associate user to the group
service-account-username
User name of the directory administrator
service-account-password
Password of the directory administrator

Get Client Auth Configuration

ncli> authconfig { get-client-authentication-config }

AOS | Nutanix Command-Line Interface (nCLI) | 76

Required arguments
None

Get the list of entity values for the specified entity type and the directory name.
ncli> authconfig { get-directory-values-by-type } name="name" directory-
name="directory_name" username="username" password="password" entity-
type="entity_type"
Required arguments
name
Name of the Directory
directory-name
Name of the directory.
username
User name.
password
Password for corresponding username.
entity-type
Type of the directory entity.

List Authentication Configuration

ncli> authconfig { list | ls }
Required arguments
None

List Authentication Configuration

ncli> authconfig { list-directory | ls-directory }[ name="name" ]
Required arguments
None
Optional arguments
name
Name of the Directory Service

Get the list of directory role mappings

ncli> authconfig { list-role-mappings | ls-role-mappings } name="name" [
role="role" ][ entity-type="entity_type" ]
Required arguments
name
Name
Optional arguments
role
Role
entity-type
Entity Type

Remove Authentication Configuration

ncli> authconfig { remove | rm }

AOS | Nutanix Command-Line Interface (nCLI) | 77

Required arguments
None

Remove Directory Service Configuration

ncli> authconfig { remove-directory | rm-directory } name="name"
Required arguments
name
Name of the Directory

Comma-separated list of values to be removed from the existing directory role mapping
ncli> authconfig { remove-from-role-mapping-values } name="name" role="role"
entity-type="entity_type" entity-values="entity_values"
Required arguments
name
Name
role
Role
entity-type
Entity Type
entity-values
Values

Set Certificate Revocation information

ncli> authconfig { set-certificate-revocation }[ set-ocsp-
responder="set_ocsp_responder" ][ set-crl-uri="set_crl_uri" ][ set-
crl-refresh-interval="set_crl_refresh_interval" ][ set-crl-expiration-
interval="set_crl_expiration_interval" ]
Required arguments
None
Optional arguments
set-ocsp-responder
URI for OCSP responder
set-crl-uri
Comma separated list of CRL URI
set-crl-refresh-interval
Time between CRL refresh in seconds (default is 86400 seconds, 1 day)
set-crl-expiration-interval
Time interval, in seconds, after which the CRLs are expired if the DP has not been
accessible (default is 604800 seconds, 7 days)

Test LDAP Connection and authentication

ncli> authconfig { test-ldap-connection } directory-name="directory_name"
password="password" username="username"
Required arguments
directory-name
Directory name to test LDAP configuration.

AOS | Nutanix Command-Line Interface (nCLI) | 78

password
Password to test LDAP configuration.
username
Username to test LDAP configuration.

Enable/Disable client authentication

ncli> authconfig { update-client-authentication } enable-client-auth="{ true |
false }"
Required arguments
enable-client-auth
Enable client auth

Update service account (CAC)

ncli> authconfig { update-service-account }[ enable="{ true | false }" ][ directory-
name="directory_name" ][ username="username" ][ password="password" ]
Required arguments
None
Optional arguments
enable
Enable Service Account (CAC)
directory-name
Service Account (CAC) Directory Name
username
Service Account (CAC) Username
password
Service Account (CAC) Password

cloud: Cloud
Description Manage AWS or AZURE Cloud
Alias
Operations
• Add AWS or AZURE credentials : add-credentials
• Clear all cloud credentials : clear-all-credentials
• Deploy and configure a Nutanix CVM on cloud, and create a Remote Site on the
local cluster which points to the new CVM : deploy-remote-site
• Destroy a cloud remote site : destroy-remote-site
• List AWS credentials : ls-credentials
• List AWS CVM images : ls-cvm-images
• List AWS CVMs : ls-cvms
• List AWS VPC subnets : ls-subnets
• Remove AWS credentials : remove-credentials
• Set default AWS credentials : set-default-credentials

AOS | Nutanix Command-Line Interface (nCLI) | 79

Add AWS or AZURE credentials
ncli> cloud { add-credentials } cloud-type="cloud_type" [ name="name" ][ aws-
access-key="aws_access_key" ][ aws-secret-key="aws_secret_key" ][ azure-certificate-
file-path="azure_certificate_file_path" ][ azure-subscription-id="azure_subscription_id" ]
Required arguments
cloud-type
Type of the cloud service
Optional arguments
name
Given name of the credentials
aws-access-key
AWS access key
aws-secret-key
AWS secret key
azure-certificate-file-path
Path to the AZURE certificate file
azure-subscription-id
AZURE subscription id

Clear all cloud credentials

ncli> cloud { clear-all-credentials } cloud-type="cloud_type"
Required arguments
cloud-type
Cloud type

Deploy and configure a Nutanix CVM on cloud, and create a Remote Site on the local cluster which
points to the new CVM
ncli> cloud { deploy-remote-site } cloud-type="cloud_type" region="region"
remote-site-name="remote_site_name" local-ctr-name="local_ctr_name" connectivity-
type="connectivity_type" [ instance-name="instance_name" ][ credential-
name="credential_name" ][ image-id="image_id" ][ image-name="image_name" ][ admin-
password="admin_password" ][ remote-sp-name="remote_sp_name" ][ remote-ctr-
name="remote_ctr_name" ][ subnet-id="subnet_id" ][ ssh-tunnel-port="ssh_tunnel_port" ][
azure-virtual-network="azure_virtual_network" ][ enable-proxy="{ true | false }" ][ enable-
on-wire-compression="{ true | false }" ][ max-bandwidth="max_bandwidth" ][ instance-
type="instance_type" ]
Required arguments
cloud-type
Type of the cloud service
region
Name of the region, eg. us-east-1 | eu-west-1 | East Asia | Brazil South
remote-site-name
Name of the Remote Site on the local cluster
local-ctr-name
Name of a local Storage Container to be backed-up to the deployed CVM
connectivity-type

AOS | Nutanix Command-Line Interface (nCLI) | 80

The platform to use for the cloud instance. Choose between 'vpn'(recommended) and 'ssh-
tunnel'
Optional arguments
instance-name
Prefix for the name of the instance deployed in the cloud
credential-name
Given name of the credentials
image-id
ID of the CVM image to use for deployment
image-name
Name of the CVM image to use for deployment
admin-password
Password for the nutanix user on the CVM deployed in the cloud
remote-sp-name
Name of the storage pool to be created on the deployed CVM
remote-ctr-name
Name of Storage Container to be created on the deployed CVM
subnet-id
Cloud subnet ID
ssh-tunnel-port
Port to use for SSH tunnel, in the range of 3000-3099
azure-virtual-network
Azure VPN Name
enable-proxy
Boolean parameter to indicate whether the addresses specified in address-list can be used
as a proxy to communicate with other Nutanix components on the remote site
enable-on-wire-compression
Enable or disable on-wire compression of data during replication
Default: true
max-bandwidth
Maximum bandwidth (in kilobytes per sec) to be used while replicating to the remote site. If
not specified, restriction is not placed on maximum bandwidth used by replication
instance-type
Cloud instance type

AOS | Nutanix Command-Line Interface (nCLI) | 81

List AWS credentials
ncli> cloud { ls-credentials } cloud-type="cloud_type" [ name="name" ][ is-
default="is_default" ]
Required arguments
cloud-type
Type of the cloud service
Optional arguments
name
Given name of the credentials
is-default
Whether the AWS Credentials are being used as the default

List AWS CVM images

ncli> cloud { ls-cvm-images } cloud-type="cloud_type" [ credential-
name="credential_name" ][ region="region" ][ list-local-only="list_local_only" ]
Required arguments
cloud-type
Type of the cloud service
Optional arguments
credential-name
Given name of the credentials
region
Name of the region, eg. us-east-1 | eu-west-1 | East Asia | Brazil South
list-local-only
Whether the list is local to the system (only for Azure cloud type)

List AWS CVMs

ncli> cloud { ls-cvms } cloud-type="cloud_type" region="region" [ credential-
name="credential_name" ]
Required arguments
cloud-type
Type of the cloud service
region
Name of the region, eg. us-east-1 | eu-west-1 | East Asia | Brazil South
Optional arguments
credential-name
Given name of the credentials

List AWS VPC subnets

ncli> cloud { ls-subnets } cloud-type="cloud_type" region="region" [ credential-
name="credential_name" ]
Required arguments
cloud-type
Type of the cloud service
region
Name of the region, eg. us-east-1 | eu-west-1 | East Asia | Brazil South

AOS | Nutanix Command-Line Interface (nCLI) | 82

Optional arguments
credential-name
Given name of the credentials

Remove AWS credentials

ncli> cloud { remove-credentials } cloud-type="cloud_type" name="name"
Required arguments
cloud-type
Type of the cloud service
name
Given name of the credentials

Set default AWS credentials

ncli> cloud { set-default-credentials } name="name" cloud-type="cloud_type"
Required arguments
name
Given name of the credentials
cloud-type
Type of the cloud service

cluster: Cluster
Description A Nutanix Complete Cluster
Alias

AOS | Nutanix Command-Line Interface (nCLI) | 83

Operations
• Add public key to the cluster : add-public-key
• Add domain name(s) to DNS Search suffix list : add-to-dns-search-suffixes
• Add addresses to the list of name servers : add-to-name-servers
• Add addresses to the list of NFS subnet whitelist : add-to-nfs-whitelist
• Add addresses to the list of NTP servers : add-to-ntp-servers
• Add a Metro Availability Witness : add-witness
• Clear the external IP address of the Cluster : clear-external-ip-address
• Clear configuration of SMTP Server used for transmitting alerts and report emails to
Nutanix support : clear-smtp-server
• Configure discovered node with IP addresses (Hypervisor, CVM and IPMI
addresses) : configure-node
• Discover new nodes available to add to the cluster : discover-nodes
• Edit the security params of a Cluster : edit-cvm-security-params
• Edit the hypervisor LLDP config of the Cluster : edit-hypervisor-lldp-params
• Edit the hypervisor security compliance config of a Cluster : edit-hypervisor-
security-params

• Edit params of a Cluster : edit-params | edit-info

• Generates and downloads the csr from discovered node based on certification
information from the cluster : generate-csr-for-discovered-node
• Get the security config for the Cluster : get-cvm-security-config
• Get the DNS Domain Suffix : get-dns-domain-suffix
• Get the DNS Search Suffixes : get-dns-search-suffixes
• Get the domain fault tolerance state of the cluster : get-domain-fault-tolerance-
status | get-dm-ft-stat

• Get the hypervisor LLDP config of the Cluster : get-hypervisor-lldp-config

• Get the hypervisor security config for the Cluster : get-hypervisor-security-
config

• Get Ipmi monitoring status : get-ipmi-monitoring-status

• Gets the Microsoft Azure Account details : get-la-jolla-azure-info
• Get the list of name servers : get-name-servers
• Get the list of NFS subnet whitelist : get-nfs-whitelist
• Get the list of NTP servers : get-ntp-servers
• Get params of a Cluster : get-params | info
• Get the redundancy state of the cluster : get-redundancy-state
• Get remote support status on a Cluster : get-remote-support-status
• Check the removal status for Physical Hosts : get-remove-status | get-rm-status
• Get the resiliency preference of the cluster : get-resiliency-preference
• Get configuration of SMTP Server used for transmitting alerts and report emails to
AOS | Nutanix Command-Line Interface (nCLI) | 84
Nutanix support : get-smtp-server
• Invalidate user sessions : invalidate-sessions
Add public key to the cluster
ncli> cluster { add-public-key } name="name" file-path="file_path"
Required arguments
name
Name of the cluster public key
file-path
Full path of the public key file

Add domain name(s) to DNS Search suffix list

ncli> cluster { add-to-dns-search-suffixes }[ search-suffix="search_suffix" ]
Required arguments
None
Optional arguments
search-suffix
Domain names to be added to DNS Search suffix list

Add addresses to the list of name servers

ncli> cluster { add-to-name-servers }[ servers="servers" ][ name-
servers="name_servers" ]
Required arguments
None
Optional arguments
servers
Comma-separated list of IP addresses to be included in the name servers list
name-servers
Comma-separated list of IPV4/IPV6 addresses to be included in the name servers list

Add addresses to the list of NFS subnet whitelist

ncli> cluster { add-to-nfs-whitelist }[ ip-subnet-masks="ip_subnet_masks" ][
subnets="subnets" ]
Required arguments
None
Optional arguments
ip-subnet-masks
Comma-separated list with entries of the form 'IP/subnet mask'(a.b.c.d/l.m.n.o) to be
included in the NFS subnet whitelist
subnets
Comma-separated list with entries of the form 'IPv4/subnet mask and/or IPv6/
prefix' (a.b.c.d/l.m.n.o) and/or IPv6/prefix range: 1-128 to be included in the 's NFS subnet
whitelist

Add addresses to the list of NTP servers

ncli> cluster { add-to-ntp-servers }[ servers="servers" ][ ntp-servers="ntp_servers"
]
Required arguments
None

AOS | Nutanix Command-Line Interface (nCLI) | 85

Optional arguments
servers
Comma-separated list of IP addresses/Host names to be included in the NTP servers list
ntp-servers
Comma-separated list of IPV4/IPV6/Hostname addresses to be included in the NTP
servers list

Add a Metro Availability Witness

ncli> cluster { add-witness } username="username" password="password" [
test-only="test_only" ][ external-ip-address="external_ip_address" ][ external-
addresses="external_addresses" ]
Required arguments
username
username
password
password
Optional arguments
test-only
Only test the config without storing it.
Default: false
external-ip-address
external IP address of the Witness
external-addresses
external address of the Witness

Clear the external IP address of the Cluster

ncli> cluster { clear-external-ip-address }
Required arguments
None

Clear configuration of SMTP Server used for transmitting alerts and report emails to Nutanix
support
ncli> cluster { clear-smtp-server }
Required arguments
None

Configure discovered node with IP addresses (Hypervisor, CVM and IPMI addresses)
ncli> cluster { configure-node } node-uuid="node_uuid" [ cvm-ip="cvm_ip" ][
hypervisor-ip="hypervisor_ip" ][ ipmi-ip="ipmi_ip" ][ ipmi-netmask="ipmi_netmask" ][
ipmi-gateway="ipmi_gateway" ]
Required arguments
node-uuid
UUID of the new node
Optional arguments
cvm-ip
IP address of the controller VM

AOS | Nutanix Command-Line Interface (nCLI) | 86

hypervisor-ip
IP address of the Hypervisor Host
ipmi-ip
IPMI address of the node
ipmi-netmask
IPMI netmask of the node
ipmi-gateway
IPMI gateway of the node

Discover new nodes available to add to the cluster

ncli> cluster { discover-nodes }
Required arguments
None

Edit the security params of a Cluster

ncli> cluster { edit-cvm-security-params }[ enable-aide="{ true | false }" ][ enable-
core="{ true | false }" ][ enable-high-strength-password="{ true | false }" ][ enable-
banner="{ true | false }" ][ enable-snmpv3-only="{ true | false }" ][ schedule="schedule"
][ enable-kernel-core="{ true | false }" ][ ssh-security-level="ssh_security_level" ][
enable-lock-status="{ true | false }" ][ ip-restriction="ip_restriction" ][ add-to-ssh-
whitelist="add_to_ssh_whitelist" ][ remove-from-ssh-whitelist="remove_from_ssh_whitelist"
][ enable-dodin-opts="{ true | false }" ][ enable-page-poison="{ true | false }" ][ enable-
slub-debug="{ true | false }" ][ enable-fapolicy="{ true | false }" ][ enable-processor-
mitigations="{ true | false }" ]
Required arguments
None
Optional arguments
enable-aide
Enable intrusion detection service.
enable-core
Enable user process core dumps.
enable-high-strength-password
Enable to set the minimum length for password to 14 and remember to 5 in PAM.
enable-banner
Enable DoD knowledge of consent banner for SSH and console logins.
enable-snmpv3-only
Enable to set the CVM host to either ignore or explicitly restrict v1 and v2 snmp based
connections.
schedule
Set cron schedule to run Salt periodically.
enable-kernel-core
Enable kernel core dumps.
ssh-security-level
Different security levels for the nutanix user for ssh login to the Nutanix Cluster. It can be
configured with one of the following levels: 'default', 'limited' or 'restricted'
enable-lock-status

AOS | Nutanix Command-Line Interface (nCLI) | 87

Enable to lock the security config settings. If true, the config settings can not be edited by
the user and a support call will need to be made to unlock this configuration.
ip-restriction
Different IP restriction levels for the nutanix user for ssh login to the Nutanix Cluster. It can
be configured with one of the following levels: 'normal' or 'restricted'
add-to-ssh-whitelist
Comma-separated list of ip addresses or subnets of the form 'a.b.c.d/l.m.n.o' or 'a.b.c.d/xx'
to be whitelisted for ssh login to the Nutanix Cluster.
remove-from-ssh-whitelist
Comma-separated list of ip addresses or subnets of the form 'a.b.c.d/l.m.n.o' or 'a.b.c.d/xx'
to be removed from the whitelisted address list for ssh login to the Nutanix Cluster.
enable-dodin-opts
Enable additional options for Dodin clusters, such as additional email alerts, fewer login
attempts, requiring manual invervention to unlock, stricter mount options, and more. Some
performance impact when set.
enable-page-poison
Enable Page Posioning which prevents use-after-free attacks.
enable-slub-debug
Enable Slub Debugging which prevents use-after-free attacks.
enable-fapolicy
Enable File Access Policy.
enable-processor-mitigations
Enable Processor Mitigations.

Edit the hypervisor LLDP config of the Cluster

ncli> cluster { edit-hypervisor-lldp-params }[ enable-lldp-tx="{ true | false }" ]
Required arguments
None
Optional arguments
enable-lldp-tx
Enable LLDP TX mode.

Edit the hypervisor security compliance config of a Cluster

ncli> cluster { edit-hypervisor-security-params }[ enable-aide="{ true | false }" ][
enable-core="{ true | false }" ][ enable-high-strength-password="{ true | false }" ][ enable-
banner="{ true | false }" ][ schedule="schedule" ][ enable-itlb-multihit-mitigation="{ true
| false }" ][ enable-retbleed-mitigation="{ true | false }" ][ enable-memory-poison="{ true |
false }" ][ enable-logcore="{ true | false }" ]
Required arguments
None
Optional arguments
enable-aide
Enable intrusion detection service.
enable-core
Enable user process core dumps.
enable-high-strength-password

AOS | Nutanix Command-Line Interface (nCLI) | 88

Enable to set the minimum length for password to 14 and remember to 5 in PAM.
enable-banner
Enable DoD knowledge of consent banner for SSH and console logins.
schedule
Set cron schedule to run Salt periodically.
enable-itlb-multihit-mitigation
Enable to mitigate CVE-2018-12207 (iTLB Multihit) on AHV Intel hosts at cost of
performance impact.
enable-retbleed-mitigation
Enable to mitigate CVE-2022-29900 and CVE-2022-29901 (Retbleed) on affected AHV
hosts at cost of performance impact.
enable-memory-poison
Enable kernel memory poison on AHV hosts at cost of performance impact.
enable-logcore
Enable to log core dump stack traces in system logs.

Edit params of a Cluster

ncli> cluster { edit-params | edit-info }[ new-name="new_name" ][ support-
verbosity-level="support_verbosity_level" ][ external-ip-address="external_ip_address"
][ external-ip-addresses="external_ip_addresses" ][ cluster-fqdn="cluster_fqdn"
][ masquerading-ip-address="masquerading_ip_address" ][ masquerading-ip-
addresses="masquerading_ip_addresses" ][ masquerading-port="masquerading_port" ][
cluster-usage-warning-alert-threshold-pct="cluster_usage_warning_alert_threshold_pct"
][ cluster-usage-critical-alert-threshold-pct="cluster_usage_critical_alert_threshold_pct"
][ external-data-services-ip-address="external_data_services_ip_address" ][ external-
data-services-ip-addresses="external_data_services_ip_addresses" ][ enable-shadow-
clones="{ true | false }" ][ enable-password-remote-login="{ true | false }" ][ enable-rf1-
container="{ true | false }" ][ logon-name="logon_name" ][ password="password" ][ disable-
degraded-node-monitoring="{ true | false }" ][ enable-on-disk-dedup="{ true | false }" ][
enable-rebuild-reservation="{ true | false }" ][ enable-intransit-encryption="{ true |
false }" ]
Required arguments
None
Optional arguments
new-name
Name of the cluster
support-verbosity-level
Verbosity level settings for populating support information
external-ip-address
External IP address to access the cluster. Set to '-' to clear the existing value
external-ip-addresses
External IP addresses to access the cluster. It accepts ipv4 and ipv6. Set to '-' to clear the
existing value
cluster-fqdn
FQDN to access the cluster. Set to '-' to clear the existing value
masquerading-ip-address
Masquerading IP address to access the cluster. Set to '-' to clear the existing value

AOS | Nutanix Command-Line Interface (nCLI) | 89

masquerading-ip-addresses
Masquerading IP address to access the cluster.It accepts ipv4 and ipv6. Set to '-' to clear
the existing value
masquerading-port
Masquerading port to access the cluster. Set to '-' to clear the existing value
cluster-usage-warning-alert-threshold-pct
Cluster usage alert threshold percentage for warning.
cluster-usage-critical-alert-threshold-pct
Cluster usage alert threshold percentage for critical.
external-data-services-ip-address
External Data Services IP address of the cluster. Set to '-' to clear the existing value
external-data-services-ip-addresses
External Data Services IP address of the cluster.It accepts ipv4 and ipv6. Set to '-' to clear
the existing value
enable-shadow-clones
Enable/Disable shadow clones
enable-password-remote-login
Enable/Disable password remote login to cluster
enable-rf1-container
Enable/Disable container with replication factor 1 support
logon-name
Logon name (domain\username) of a domain user/administrator account that has
privileges to perform the operation
password
Password for the account specified by the logon account name
disable-degraded-node-monitoring
Whether to disable detection of partially degraded nodes.
enable-on-disk-dedup
Whether to enable on-disk deduplication for any new writes at cluster level. It might be
disabled again when storage issue detected.
enable-rebuild-reservation
Enable/Disable rebuild capacity reservation
enable-intransit-encryption
Enable/Disable data in transit encryption

Generates and downloads the csr from discovered node based on certification information from
the cluster
ncli> cluster { generate-csr-for-discovered-node } cvm-ip="cvm_ip" file-
path="file_path"
Required arguments
cvm-ip
IPv6 address of the controller VM of discovered node
file-path
Path where csr from the discovered node needs to be downloaded

AOS | Nutanix Command-Line Interface (nCLI) | 90

Get the security config for the Cluster
ncli> cluster { get-cvm-security-config }
Required arguments
None

Get the DNS Domain Suffix

ncli> cluster { get-dns-domain-suffix }
Required arguments
None

Get the DNS Search Suffixes

ncli> cluster { get-dns-search-suffixes }
Required arguments
None

Get the domain fault tolerance state of the cluster

ncli> cluster { get-domain-fault-tolerance-status | get-dm-ft-stat } type="type"
Required arguments
type
Fault tolerance domain type { rack, rackable_unit, node, disk }

Get the hypervisor LLDP config of the Cluster

ncli> cluster { get-hypervisor-lldp-config }
Required arguments
None

Get the hypervisor security config for the Cluster

ncli> cluster { get-hypervisor-security-config }
Required arguments
None

Get Ipmi monitoring status

ncli> cluster { get-ipmi-monitoring-status }
Required arguments
None

Gets the Microsoft Azure Account details

ncli> cluster { get-la-jolla-azure-info }
Required arguments
None

Get the list of name servers

ncli> cluster { get-name-servers }
Required arguments
None

AOS | Nutanix Command-Line Interface (nCLI) | 91

Get the list of NFS subnet whitelist
ncli> cluster { get-nfs-whitelist }
Required arguments
None

Get the list of NTP servers

ncli> cluster { get-ntp-servers }
Required arguments
None

Get params of a Cluster

ncli> cluster { get-params | info }
Required arguments
None

Get the redundancy state of the cluster

ncli> cluster { get-redundancy-state }
Required arguments
None

Get remote support status on a Cluster

ncli> cluster { get-remote-support-status }
Required arguments
None

Check the removal status for Physical Hosts

ncli> cluster { get-remove-status | get-rm-status }[ id="id" ]
Required arguments
None
Optional arguments
id
ID of the Physical Host

Get the resiliency preference of the cluster

ncli> cluster { get-resiliency-preference }
Required arguments
None

Get configuration of SMTP Server used for transmitting alerts and report emails to Nutanix
support
ncli> cluster { get-smtp-server }
Required arguments
None

Invalidate user sessions

ncli> cluster { invalidate-sessions } username="username" [
low_timestamp_secs="low_timestamp_secs" ][ high_timestamp_secs="high_timestamp_secs" ]

AOS | Nutanix Command-Line Interface (nCLI) | 92

Required arguments
username
username
Optional arguments
low_timestamp_secs
Lower bound timestamp in secs (non-inclusive) for invalidating user sessions
high_timestamp_secs
Higher bound timestamp in secs (inclusive) for invalidating user sessions

Join the Nutanix storage cluster to the Windows AD domain specified in the cluster name. This
operation is only valid for clusters having hosts running Hyper-V.
ncli> cluster { join-domain } domain="domain" logon-name="logon_name"
name-server-ip="name_server_ip" [ cluster-name="cluster_name" ][ external-ip-
address="external_ip_address" ][ password="password" ][ ou-path="ou_path" ][ cps-
prefix="cps_prefix" ]
Required arguments
domain
Full name of the domain
logon-name
Logon name (domain\username) of a domain user/administrator account that has
privileges to perform the operation
name-server-ip
IP address of the name server that can resolve the domain name
Optional arguments
cluster-name
Name of the cluster
external-ip-address
External IP address to access the cluster. Set to '-' to clear the existing value
password
Password for the account specified by the logon account name
ou-path
Organizational Unit path of the domain
cps-prefix
CPS prefix path of the domain

Get the list of public keys configured in the cluster

ncli> cluster { list-public-keys | ls-public-keys }[ name="name" ]
Required arguments
None
Optional arguments
name
Name of the cluster public key

List All registered Metro Availability Witness

ncli> cluster { list-witness }
Required arguments

AOS | Nutanix Command-Line Interface (nCLI) | 93

None

Remove all domain names from DNS search suffix list

ncli> cluster { remove-all-dns-search-suffixes }
Required arguments
None

Remove all the public keys previously configured in the cluster

ncli> cluster { remove-all-public-keys | rm-all-public-keys }
Required arguments
None

Remove domain suffix from DNS config

ncli> cluster { remove-dns-domain-suffix }
Required arguments
None

Remove single domain name from DNS search suffix list

ncli> cluster { remove-from-dns-search-suffixes }[ search-suffix="search_suffix" ]
Required arguments
None
Optional arguments
search-suffix
Domain name to be removed from DNS Search suffix list

Remove addresses from the list of name servers

ncli> cluster { remove-from-name-servers }[ servers="servers" ][ name-
servers="name_servers" ]
Required arguments
None
Optional arguments
servers
Comma-separated list of IP addresses to be removed from the name servers list
name-servers
Comma-separated list of IPV4/IPV6 addresses to be removed in the name servers list

Remove addresses from the list of NFS subnet whitelist

ncli> cluster { remove-from-nfs-whitelist }[ ip-subnet-masks="ip_subnet_masks" ][
subnets="subnets" ]
Required arguments
None
Optional arguments
ip-subnet-masks
Comma-separated list with entries of the form 'IP/subnet mask'(a.b.c.d/l.m.n.o) to be
included in the NFS subnet whitelist
subnets

AOS | Nutanix Command-Line Interface (nCLI) | 94

Comma-separated list with entries of the form 'IPv4/subnet mask and/or IPv6/
prefix' (a.b.c.d/l.m.n.o) and/or IPv6/prefix range: 1-128 to be included in the 's NFS subnet
whitelist

Remove addresses from the list of NTP servers

ncli> cluster { remove-from-ntp-servers }[ servers="servers" ][ ntp-
servers="ntp_servers" ]
Required arguments
None
Optional arguments
servers
Comma-separated list of IP addresses/Host names to be removed from the NTP servers
list
ntp-servers
Comma-separated list of IPV4/IPV6/Hostname addresses to be removed in the NTP
servers list

Delete public key with the specified name from the cluster
ncli> cluster { remove-public-key | rm-public-key } name="name"
Required arguments
name
Name of the cluster public key

Begin the process of removing a Physical Host

ncli> cluster { remove-start | rm-start | delete } id="id" [ skip-space-
check="{ true | false }" ][ force="force" ]
Required arguments
id
ID of the Physical Host
Optional arguments
skip-space-check
Skip checking storage space-related constraints when initiating removal of a host from the
cluster
Default: false
force
Forcefully perform the requested operation skipping any constraint validation
Default: false

Delete a Metro Availability Witness

ncli> cluster { remove-witness } id="id" [ recover="recover" ]
Required arguments
id
Id of the Metro Availability Witness
Optional arguments
recover
Recover from a Metro Availability Witness an unsuccessful remove operation

AOS | Nutanix Command-Line Interface (nCLI) | 95

Default: false

Send an email to test the SMTP Server configuration

ncli> cluster { send-test-email } recipient="recipient" subject="subject"
Required arguments
recipient
Recipient of the test email
subject
Subject of the test email

Sets the DVM configuration parameters for LaJolla cluster

ncli> cluster { set-dvm-configuration } ip-start="ip_start" ip-end="ip_end"
ip-mask="ip_mask" gateway="gateway" company-name="company_name" [ license-
key="license_key" ][ data-telemetry="data_telemetry" ]
Required arguments
ip-start
IP Address range start.
ip-end
IP Address range end.
ip-mask
Subnet mask.
gateway
Default Gateway IP.
company-name
Company name setting dvm configuraiton
Optional arguments
license-key
License key of Microsoft
data-telemetry
True/False indicating whether you want your data to be sent to Microsoft.

Set the external IP address (IPv4) of the Cluster

ncli> cluster { set-external-ip-address }[ external-ip-
address="external_ip_address" ][ logon-name="logon_name" ][ password="password" ]
Required arguments
None
Optional arguments
external-ip-address
External IP address to access the cluster. Set to '-' to clear the existing value
logon-name
Logon name (domain\username) of a domain user/administrator account that has
privileges to perform the operation
password
Password for the account specified by the logon account name

AOS | Nutanix Command-Line Interface (nCLI) | 96

Enable or disable Ipmi monitoring
ncli> cluster { set-ipmi-monitoring-status } enable="{ true | false }"
Required arguments
enable
Enable or disable Ipmi monitoring

Set the redundancy state of the cluster

ncli> cluster { set-redundancy-state } desired-redundancy-
factor="desired_redundancy_factor"
Required arguments
desired-redundancy-factor
Desired redundancy factor of the cluster

Set the resiliency preference of the cluster to either { Smart, Immediate }

ncli> cluster { set-resiliency-preference } desired-resiliency-
preference="desired_resiliency_preference"
Required arguments
desired-resiliency-preference
Desired resiliency preference of the cluster

Set configuration of SMTP Server used for transmitting alert and report emails to Nutanix support
ncli> cluster { set-smtp-server }[ port="port" ][ username="username"
][ password="password" ][ security-mode="security_mode" ][ from-email-
address="from_email_address" ][ address="address" ][ smtp-address="smtp_address" ]
Required arguments
None
Optional arguments
port
Port number of the SMTP Server. By default, port 25 is used
username
Username to access the SMTP Server
password
Password to access the SMTP Server
security-mode
Security mode used by SMTP Server for data encryption and authentication. SMTP Server
in Nutanix cluster can be configured with one of the following mode: 'none', 'ssl' or 'starttls'
Default: none
from-email-address
From email address to be used while sending emails (Set to '-' to clear the existing value)
address
Fully Qualified Domain Name(FQDN) or IPv4 address of the SMTP Server
smtp-address
Fully Qualified Domain Name(FQDN) or IPv6/IPv4 address of the SMTP Server

Set the timezone of the Cluster

ncli> cluster { set-timezone } timezone="timezone"

AOS | Nutanix Command-Line Interface (nCLI) | 97

Required arguments
timezone
Timezone of the cluster

Starts the CPS deployment in Lajolla cluster

ncli> cluster { start-la-jolla-deployment } ip-start="ip_start" ip-end="ip_end" ip-
mask="ip_mask" gateway="gateway" company-name="company_name" username="username"
password="password" storage_admin_password="storage_admin_password"
azure_onboarding_enabled="azure_onboarding_enabled" [ license-
key="license_key" ][ azure_subscription_name="azure_subscription_name" ][
azure_subscription_id="azure_subscription_id" ][
azure_site_recovery_region="azure_site_recovery_region" ][
azure_ops_insights_region="azure_ops_insights_region" ]
Required arguments
ip-start
IP Address range start.
ip-end
IP Address range end.
ip-mask
Subnet mask.
gateway
Default Gateway IP.
company-name
Company name setting dvm configuraiton
username
Active Directory User name
password
Active directory password
storage_admin_password
Admin password for the cluster
azure_onboarding_enabled
Set to true or false based on whether Azure info details are provided or not
Optional arguments
license-key
License key of Microsoft
azure_subscription_name
Subscription name of Microsoft Account
azure_subscription_id
Subscription Id of Microsoft Account
azure_site_recovery_region
Site recovery region of Microsoft
azure_ops_insights_region
Ops insight region of Microsoft

AOS | Nutanix Command-Line Interface (nCLI) | 98

Start remote support on a Cluster
ncli> cluster { start-remote-support }[ duration="duration" ]
Required arguments
None
Optional arguments
duration
Time (in minutes) to keep remote support enabled

Get the status of all services in the cluster

ncli> cluster { status }
Required arguments
None

Stop remote support on a Cluster

ncli> cluster { stop-remote-support }[ duration="duration" ]
Required arguments
None
Optional arguments
duration
Time (in minutes) to keep remote support disabled

Add domian name as DNS Domain suffix

ncli> cluster { update-dns-domain-suffix }[ domain-suffix="domain_suffix" ]
Required arguments
None
Optional arguments
domain-suffix
Domain name to be added as DNS Domain suffix

Update a Metro Availability Witness

ncli> cluster { update-witness } id="id" password="password"
Required arguments
id
Id of the Metro Availability Witness
password
password

Get version of software running on a Cluster

ncli> cluster { version }
Required arguments
None

container: Storage Container

Description A Storage Container is a container for virtual disks
Alias ctrstorage-container

AOS | Nutanix Command-Line Interface (nCLI) | 99

Operations
• Add addresses to Storage Container's NFS subnet whitelist : add-to-nfs-
whitelist

• Create a new Storage Container : create | add

• Edit a Storage Container : edit | update
• Get the down-migrate times (in minutes) for Storage Tiers in a Storage Container :
get-down-migrate-times | get-dm-times

• List Storage Containers : list | ls

• Get stats data for Storage Containers : list-stats | ls-stats
• Delete a Storage Container : remove | rm
• Remove addresses from Storage Container's NFS subnet whitelist : remove-from-
nfs-whitelist

• Set the down-migrate times (in minutes) for a Storage Tier in a Storage Container :
set-down-migrate-times | set-dm-times

Add addresses to Storage Container's NFS subnet whitelist

ncli> container { add-to-nfs-whitelist }[ id="id" ][ name="name" ][ ip-subnet-
masks="ip_subnet_masks" ][ subnets="subnets" ]
Required arguments
None
Optional arguments
id
ID of the Storage Container
name
Name of the Storage Container
ip-subnet-masks
Comma-separated list with entries of the form 'IP/subnet mask'(a.b.c.d/l.m.n.o) to be
included in the Storage Container's NFS subnet whitelist
subnets
Comma-separated list with entries of the form 'IPv4/subnet mask and/or IPv6/
prefix' (a.b.c.d/l.m.n.o) and/or IPv6/prefix range: 1-128 to be included in the Storage
Container's NFS subnet whitelist

Create a new Storage Container

ncli> container { create | add } name="name" [ res-capacity="res_capacity"
][ adv-capacity="adv_capacity" ][ sp-id="sp_id" ][ sp-name="sp_name" ][ rf="rf"
][ random-io-priority-order="random_io_priority_order" ][ sequential-io-
priority-order="sequential_io_priority_order" ][ enable-compression="{ true | false }"
][ fingerprint-on-write="fingerprint_on_write" ][ on-disk-dedup="on_disk_dedup"
][ compression-delay="compression_delay" ][ erasure-code="erasure_code" ][
inline-ec-enabled="inline_ec_enabled" ][ inline-ec-type="inline_ec_type" ][
max-ec-info-strip-size="max_ec_info_strip_size" ][ prefer-higher-ec-fault-
domain="prefer_higher_ec_fault_domain" ][ erasure-code-delay="erasure_code_delay"
][ ip-subnet-masks="ip_subnet_masks" ][ subnets="subnets" ][ enable-software-
encryption="{ true | false }" ][ affinity-host-uuid="affinity_host_uuid" ]
Required arguments

AOS | Nutanix Command-Line Interface (nCLI) | 100

name
Name of the Storage Container
Optional arguments
res-capacity
Explicit reserved Capacity (GiB) of the Storage Container. The physical reservation will
take RF into account
adv-capacity
Advertised Capacity (GiB) of the Storage Container. The limitation on physical capacity will
take RF into account
sp-id
ID of the Storage Pool for the Storage Container
sp-name
Name of the Storage Pool for the Storage Container
rf
Replication Factor for all data in the Storage Container
random-io-priority-order
Comma-separated random I/O priority order (high to low) of Storage Tiers in a Storage
Container
sequential-io-priority-order
Comma-separated sequential I/O priority order (high to low) of Storage Tiers in a Storage
Container
enable-compression
Enable or disable compression on a Storage Container
Default: false
fingerprint-on-write
Fingerprint on writes to the Storage Container {on, off, none}
on-disk-dedup
On-disk dedup of the Storage Container {none, off, post-process}
compression-delay
Time delay in minutes for compressing/uncompressing the data on Storage Container
erasure-code
Erasure code should be of the form: 'on', 'off' or <N>/<K> where N, K are valid positive
integers
inline-ec-enabled
Enable/Disable inline erasure code on the Storage Container. Possible values are true/
false.
inline-ec-type
Inline erasure code type on the Storage Container. Requirements: 'erasure-code'
parameter needs to be 'on' and 'inline-ec-enabled' parameter needs to be set to 'true'.
'inline-ec-type' can take one of the possible values {'same-vdisk-strips', 'cross-vdisk-strips'}.
max-ec-info-strip-size
Maximum size of info egroups set for erasure coding on the Storage Container. Possible
values: greater than 0.
prefer-higher-ec-fault-domain

AOS | Nutanix Command-Line Interface (nCLI) | 101

If set to true, EC strips will be created such that they are higher fault domain aware even
if they are shorter. Existing longer EC strips that yield higher space savings but are lower
fault domain aware will be made shorter so that they become higher fault domain aware.
erasure-code-delay
Erasure code delay (mins) of the Storage Container. 'clear' for clearing the Erasure code
delay setting
ip-subnet-masks
Comma-separated list with entries of the form 'IP/subnet mask'(a.b.c.d/l.m.n.o) to be
included in the Storage Container's NFS subnet whitelist
subnets
Comma-separated list with entries of the form 'IPv4/subnet mask and/or IPv6/
prefix' (a.b.c.d/l.m.n.o) and/or IPv6/prefix range: 1-128 to be included in the Storage
Container's NFS subnet whitelist
enable-software-encryption
Enable or disable software encryption on the Storage Container
affinity-host-uuid
Uuid of the host to place RF1 Storage Container

Edit a Storage Container

ncli> container { edit | update }[ id="id" ][ name="name" ][ new-name="new_name"
][ res-capacity="res_capacity" ][ adv-capacity="adv_capacity" ][ rf="rf" ][
random-io-priority-order="random_io_priority_order" ][ sequential-io-priority-
order="sequential_io_priority_order" ][ enable-compression="{ true | false }" ][
compression-delay="compression_delay" ][ fingerprint-on-write="fingerprint_on_write"
][ on-disk-dedup="on_disk_dedup" ][ erasure-code="erasure_code" ][ inline-
ec-enabled="inline_ec_enabled" ][ inline-ec-type="inline_ec_type" ][ max-
ec-info-strip-size="max_ec_info_strip_size" ][ prefer-higher-ec-fault-
domain="prefer_higher_ec_fault_domain" ][ erasure-code-delay="erasure_code_delay"
][ ip-subnet-masks="ip_subnet_masks" ][ subnets="subnets" ][ enable-software-
encryption="{ true | false }" ]
Required arguments
None
Optional arguments
id
ID of the Storage Container
name
Name of the Storage Container
new-name
Name of the Storage Container
res-capacity
Explicit reserved Capacity (GiB) of the Storage Container. The physical reservation will
take RF into account
adv-capacity
Advertised Capacity (GiB) of the Storage Container. The limitation on physical capacity will
take RF into account
rf
Replication Factor for all data in the Storage Container

AOS | Nutanix Command-Line Interface (nCLI) | 102

random-io-priority-order
Comma-separated random I/O priority order (high to low) of Storage Tiers in a Storage
Container
sequential-io-priority-order
Comma-separated sequential I/O priority order (high to low) of Storage Tiers in a Storage
Container
enable-compression
Enable or disable compression on a Storage Container
compression-delay
Time delay in minutes for compressing/uncompressing the data on Storage Container
fingerprint-on-write
Fingerprint on writes to the Storage Container {on, off, none}
on-disk-dedup
On-disk dedup of the Storage Container {none, off, post-process}
erasure-code
Erasure code should be of the form: 'on', 'off' or <N>/<K> where N, K are valid positive
integers
inline-ec-enabled
Enable/Disable inline erasure code on the Storage Container. Possible values are true/
false.
inline-ec-type
Inline erasure code type on the Storage Container. Requirements: 'erasure-code'
parameter needs to be 'on' and 'inline-ec-enabled' parameter needs to be set to 'true'.
'inline-ec-type' can take one of the possible values {'same-vdisk-strips', 'cross-vdisk-strips'}.
max-ec-info-strip-size
Maximum size of info egroups set for erasure coding on the Storage Container. Possible
values: greater than 0.
prefer-higher-ec-fault-domain
If set to true, EC strips will be created such that they are higher fault domain aware even
if they are shorter. Existing longer EC strips that yield higher space savings but are lower
fault domain aware will be made shorter so that they become higher fault domain aware.
erasure-code-delay
Erasure code delay (mins) of the Storage Container. 'clear' for clearing the Erasure code
delay setting
ip-subnet-masks
Comma-separated list with entries of the form 'IP/subnet mask'(a.b.c.d/l.m.n.o) to be
included in the Storage Container's NFS subnet whitelist
subnets
Comma-separated list with entries of the form 'IPv4/subnet mask and/or IPv6/
prefix' (a.b.c.d/l.m.n.o) and/or IPv6/prefix range: 1-128 to be included in the Storage
Container's NFS subnet whitelist
enable-software-encryption
Enable or disable software encryption on the Storage Container

AOS | Nutanix Command-Line Interface (nCLI) | 103

Get the down-migrate times (in minutes) for Storage Tiers in a Storage Container
ncli> container { get-down-migrate-times | get-dm-times }[ id="id" ][ name="name"
]
Required arguments
None
Optional arguments
id
ID of the Storage Container
name
Name of the Storage Container

List Storage Containers

ncli> container { list | ls }[ id="id" ][ name="name" ]
Required arguments
None
Optional arguments
id
ID of the Storage Container
name
Name of the Storage Container

Get stats data for Storage Containers

ncli> container { list-stats | ls-stats }[ id="id" ][ name="name" ]
Required arguments
None
Optional arguments
id
ID of the Storage Container
name
Name of the Storage Container

Delete a Storage Container

ncli> container { remove | rm }[ id="id" ][ name="name" ][ ignore-small-
files="ignore_small_files" ]
Required arguments
None
Optional arguments
id
ID of the Storage Container
name
Name of the Storage Container
ignore-small-files
Ignore all the small files on the Storage Container {true, false} while marking for removal
Default: false

AOS | Nutanix Command-Line Interface (nCLI) | 104

Remove addresses from Storage Container's NFS subnet whitelist
ncli> container { remove-from-nfs-whitelist }[ id="id" ][ name="name" ][ ip-
subnet-masks="ip_subnet_masks" ][ subnets="subnets" ]
Required arguments
None
Optional arguments
id
ID of the Storage Container
name
Name of the Storage Container
ip-subnet-masks
Comma-separated list with entries of the form 'IP/subnet mask'(a.b.c.d/l.m.n.o) to be
included in the Storage Container's NFS subnet whitelist
subnets
Comma-separated list with entries of the form 'IPv4/subnet mask and/or IPv6/
prefix' (a.b.c.d/l.m.n.o) and/or IPv6/prefix range: 1-128 to be included in the Storage
Container's NFS subnet whitelist

Set the down-migrate times (in minutes) for a Storage Tier in a Storage Container
ncli> container { set-down-migrate-times | set-dm-times } tier-names="tier_names"
[ id="id" ][ name="name" ][ time-in-min="time_in_min" ]
Required arguments
tier-names
A comma-separated list of Storage Tiers
Optional arguments
id
ID of the Storage Container
name
Name of the Storage Container
time-in-min
Time in minutes after which to down-migrate data in a given Storage Tier in a Storage
Container
Default: 30

data-at-rest-encryption: Data At Rest Encryption

Description Manage data-at-rest-encryption related operations
Alias

AOS | Nutanix Command-Line Interface (nCLI) | 105

Operations
• Generates a backup file for all the software encryption keys used on this cluster :
backup-software-encryption-keys

• List of results of the certificate tests that were performed against key management
servers : get-recent-certificate-test-results
• Get current encryption status of the cluster : get-status
• Enable or disable disk passwords for encryption on the cluster : password
• Assigns new passwords to encryption capable disks when cluster is password
protected : rekey-disks
• Generates new passwords for each container with software encryption enabled
and makes a new password for the metadata encryption key : rekey-software-
encryption-keys

• Test encryption configuration on given hosts and key management servers : test-
configuration

Generates a backup file for all the software encryption keys used on this cluster
ncli> data-at-rest-encryption { backup-software-encryption-keys } file-
path="file_path" [ password="password" ]
Required arguments
file-path
Path to store the backup
Optional arguments
password
Password to use to encrypt the backup file

List of results of the certificate tests that were performed against key management servers
ncli> data-at-rest-encryption { get-recent-certificate-test-results }[ host-
ids="host_ids" ][ key-management-server-names="key_management_server_names" ]
Required arguments
None
Optional arguments
host-ids
List of Host ids
key-management-server-names
List of Key Management Server names

Get current encryption status of the cluster

ncli> data-at-rest-encryption { get-status }
Required arguments
None

Enable or disable disk passwords for encryption on the cluster

ncli> data-at-rest-encryption { password } enable="{ true | false }"
Required arguments
enable

AOS | Nutanix Command-Line Interface (nCLI) | 106

Enable or disable disk passwords for encryption

Assigns new passwords to encryption capable disks when cluster is password protected. If disk
ids are not given, rekey will be performed on all disks of the cluster
ncli> data-at-rest-encryption { rekey-disks }[ disk-ids="disk_ids" ]
Required arguments
None
Optional arguments
disk-ids
IDs of the Physical Disks

Generates new passwords for each container with software encryption enabled and makes a new
password for the metadata encryption key
ncli> data-at-rest-encryption { rekey-software-encryption-keys }
Required arguments
None

Test encryption configuration on given hosts and key management servers. If no parameters are
specified, test will be conducted on all nodes and key management servers configured in the
cluster
ncli> data-at-rest-encryption { test-configuration }[ host-ids="host_ids" ][ key-
management-server-names="key_management_server_names" ]
Required arguments
None
Optional arguments
host-ids
A comma-separated list of the ids of the Physical Hosts
key-management-server-names
Comma-separated list of key management server names

data-at-rest-encryption-certificate: Data At Rest Encryption Certificate

Description Manage data-at-rest-encryption related digital certificates
Alias

AOS | Nutanix Command-Line Interface (nCLI) | 107

Operations
• Download one or more CSRs from the cluster as zip file : download-csrs
• Get certification information : get-csr-information
• Get the list of ca certificates stored in the cluster : list-ca-certificates | ls-ca-
certificates

• Delete ca certificate with the specified name from the cluster : remove-ca-
certificate | rm-ca-certificate

• Delete certificate installed on a node for a key management server : remove-cvm-

certificate | rm-cvm-certificate

• Replace expired digital certificate : replace-cvm-certificate

• Update certification information : update-csr-information
• Upload ca certificate to the cluster : upload-ca-certificate
• Upload digital certificates as a single file or a zip file : upload-cvm-certificates

Download one or more CSRs from the cluster as zip file

ncli> data-at-rest-encryption-certificate { download-csrs } file-path="file_path" [
host-ids="host_ids" ]
Required arguments
file-path
Path where zip file needs to be downloaded
Optional arguments
host-ids
A comma-separated list of the ids of the Physical Hosts

Get certification information

ncli> data-at-rest-encryption-certificate { get-csr-information }
Required arguments
None

Get the list of ca certificates stored in the cluster

ncli> data-at-rest-encryption-certificate { list-ca-certificates | ls-ca-
certificates }
Required arguments
None

Delete ca certificate with the specified name from the cluster

ncli> data-at-rest-encryption-certificate { remove-ca-certificate | rm-ca-
certificate } ca-name="ca_name"
Required arguments
ca-name
Certificate Authority name

AOS | Nutanix Command-Line Interface (nCLI) | 108

Delete certificate installed on a node for a key management server
ncli> data-at-rest-encryption-certificate { remove-cvm-certificate
| rm-cvm-certificate } host-id="host_id" key-management-server-
name="key_management_server_name"
Required arguments
host-id
Id of the node on which certificate is installed
key-management-server-name
Key management Server name for which certificate is installed

Replace expired digital certificate.

ncli> data-at-rest-encryption-certificate { replace-cvm-certificate } host-
id="host_id" key-management-server-name="key_management_server_name" file-
path="file_path"
Required arguments
host-id
ID of the Physical Host
key-management-server-name
Key management server name
file-path
Certificate path

Update certification information

ncli> data-at-rest-encryption-certificate { update-csr-information }[
country-code="country_code" ][ state="state" ][ city="city" ][ organization-
name="organization_name" ][ email-address="email_address" ][ organizational-
units="organizational_units" ][ domain-name="domain_name" ]
Required arguments
None
Optional arguments
country-code
Country Code
state
State
city
City
organization-name
Organization Name
email-address
Email Address
organizational-units
List of comma-separated Organizational Units. Set to '-' to clear existing value(s)
domain-name
Domain name that is to be included in Common Name. Set to '-' to clear the existing value

AOS | Nutanix Command-Line Interface (nCLI) | 109

Upload ca certificate to the cluster
ncli> data-at-rest-encryption-certificate { upload-ca-certificate } ca-
name="ca_name" file-path="file_path"
Required arguments
ca-name
Certificate Authority Name
file-path
Certificate path

Upload digital certificates as a single file or a zip file.

ncli> data-at-rest-encryption-certificate { upload-cvm-certificates } key-
management-server-name="key_management_server_name" file-path="file_path"
Required arguments
key-management-server-name
Key management server name
file-path
Path of a zipped or regular file

datastore: Datastore
Description An NFS Datastore
Alias
Operations
• Create a new NFS datastore on the Physical Hosts using the Storage Container
(ESX only) : create | add
• Delete the NFS datastore on the Physical Hosts : delete | remove | rm
• List NFS Datastores : list | ls

Create a new NFS datastore on the Physical Hosts using the Storage Container (ESX only).
Storage Container name will be used as datastore name, if datastore name is not specified
ncli> datastore { create | add } ctr-name="ctr_name" [ name="name" ][ host-
ids="host_ids" ][ read-only="read_only" ]
Required arguments
ctr-name
Name of the Storage Container
Optional arguments
name
Name of the Datastore (default = Storage Container name)
host-ids
A comma-separated list of the ids of the Physical Hosts (default = Includes all hosts)
read-only
Whether a Physical Host must have only read-only access to the Datastore
Default: false

Delete the NFS datastore on the Physical Hosts

ncli> datastore { delete | remove | rm } name="name" [ host-ids="host_ids" ]

AOS | Nutanix Command-Line Interface (nCLI) | 110

Required arguments
name
Name of the Datastore
Optional arguments
host-ids
A comma-separated list of the ids of the Physical Hosts (default = Includes all hosts)

List NFS Datastores

ncli> datastore { list | ls }
Required arguments
None

disk: Physical Disk

Description A Physical Disk
Alias
Operations
• Check the removal status for Physical Disks : get-remove-status | get-rm-status
• List Physical Disks : list | ls
• List Physical Disks that are not assigned to any Storage Pool : list-free | ls-free
• Get stats data for Physical Disks : list-stats | ls-stats
• Begin the process of removing a Physical Disk : remove-start | rm-start | delete

Check the removal status for Physical Disks

ncli> disk { get-remove-status | get-rm-status }[ id="id" ]
Required arguments
None
Optional arguments
id
ID of the Physical Disk

List Physical Disks

ncli> disk { list | ls }[ id="id" ][ sp-id="sp_id" ][ sp-name="sp_name" ][ tier-
name="tier_name" ]
Required arguments
None
Optional arguments
id
ID of the Physical Disk
sp-id
ID of the Storage Pool for the Physical Disk
sp-name
Name of the Storage Pool for the Physical Disk
tier-name

AOS | Nutanix Command-Line Interface (nCLI) | 111

Corresponding Storage Tier

List Physical Disks that are not assigned to any Storage Pool
ncli> disk { list-free | ls-free }
Required arguments
None

Get stats data for Physical Disks

ncli> disk { list-stats | ls-stats }[ id="id" ][ sp-id="sp_id" ][ tier-
name="tier_name" ]
Required arguments
None
Optional arguments
id
ID of the Physical Disk
sp-id
ID of the Storage Pool for the Physical Disk
tier-name
Corresponding Storage Tier

Begin the process of removing a Physical Disk

ncli> disk { remove-start | rm-start | delete } id="id" [ force="force" ]
Required arguments
id
ID of the Physical Disk
Optional arguments
force
Forcefully perform the requested operation skipping any constraint validation
Default: false

events: Event
Description An Event
Alias event

Operations
• Acknowledge Events : acknowledge | ack
• List history of Events : history
• List of unacknowledged Events : list | ls

Acknowledge Events
ncli> events { acknowledge | ack } ids="ids"
Required arguments
ids
A comma-separated list of ids of the Events

AOS | Nutanix Command-Line Interface (nCLI) | 112

List history of Events
ncli> events { history } duration="duration" [ acknowledged="acknowledged" ][ max-
events="max_events" ]
Required arguments
duration
Duration (in days) for getting the history of Events
Optional arguments
acknowledged
Acknowledged Events?
max-events
Maximum number of Events to fetch
Default: 100

List of unacknowledged Events

ncli> events { list | ls }[ max-events="max_events" ]
Required arguments
None
Optional arguments
max-events
Maximum number of Events to fetch
Default: 100

failover-cluster: Failover Cluster

Description Hyper-V failover cluster
Alias
Operations
• Create a failover cluster : create
• Join nodes to a failover cluster : join-nodes
• List all failover clusters : list
• Remove node from a failover cluster : remove-node

Create a failover cluster

ncli> failover-cluster { create } name="name" ip-address="ip_address" logon-
name="logon_name" [ password="password" ][ host-ids="host_ids" ]
Required arguments
name
Simple name of the failover cluster. Must be at most 15 characters long.
ip-address
IP address of the failover cluster
logon-name
Logon name (domain\username) of a domain user/administrator account that has
privileges to perform the operation
Optional arguments

AOS | Nutanix Command-Line Interface (nCLI) | 113

password
Password for the account specified by the logon account name
host-ids
A comma-separated list of the ids of the Physical Hosts

Join nodes to a failover cluster

ncli> failover-cluster { join-nodes } name="name" logon-name="logon_name" [
password="password" ][ host-ids="host_ids" ]
Required arguments
name
Simple name of the failover cluster. Must be at most 15 characters long.
logon-name
Logon name (domain\username) of a domain user/administrator account that has
privileges to perform the operation
Optional arguments
password
Password for the account specified by the logon account name
host-ids
A comma-separated list of the ids of the Physical Hosts

List all failover clusters

ncli> failover-cluster { list }
Required arguments
None

Remove node from a failover cluster

ncli> failover-cluster { remove-node } name="name" logon-name="logon_name" host-
id="host_id" [ password="password" ]
Required arguments
name
Simple name of the failover cluster. Must be at most 15 characters long.
logon-name
Logon name (domain\username) of a domain user/administrator account that has
privileges to perform the operation
host-id
ID of the Physical Host
Optional arguments
password
Password for the account specified by the logon account name

file-server: File Server

Description Minerva file server
Alias fs

AOS | Nutanix Command-Line Interface (nCLI) | 114

Operations
• Activate a file server : activate | activate
• Add a admin user : add-admin-user
• Add DNS entries : add-dns
• Add a icap server : add-icap-server
• Add a Quota Policy : add-quota-policy
• Add a Share : add-share
• Add a Snapshot Policy : add-snapshot-policy
• Add a user : add-user | add-user
• Add a User Mapping : add-user-mapping | add-user-mapping
• Add a virus scan policy : add-virus-scan-policy
• Clone a file server : clone | clone
• Join and unjoin the File Server to the Windows AD domain or bind and unbind from
LDAP : configure-name-services | configure-name-services
• Add a File Server : create | add
• Delete a File Server : delete | remove | rm
• Delete a admin user : delete-admin-user
• Delete a icap server : delete-icap-server
• Delete infected files : delete-infected-files
• Delete a Quota Policy : delete-quota-policy
• Delete a Share : delete-share
• Delete a Snapshot Policy : delete-snapshot-policy
• Delete a user : delete-user
• Delete a virus scan policy : delete-virus-scan-policy
• Update a File Server : edit | update
• Edit the security params of a File Server : edit-security-params
• Show an individual FileServer's details : get
• Get a admin user : get-admin-user
• Show built in groupsper File Server : get-builtin-groups
• get-file-servers-usage : get-file-servers-usage
• Get File Server Manager : get-fsm
• Get icap server : get-icap-server
• Get infected file : get-infected-file
• Get principal type from principal name : get-principal-type | get-principal-
type

• Get a Quota Policy Email Config : get-quota-email-config

• Get a Quota Policy : get-quota-policy
• Get the security config for the File
AOSServer : get-security-config
| Nutanix Command-Line Interface (nCLI) | 115
• Show an individual share's details : get-share | show-share
Activate a file server.
ncli> file-server { activate | activate } uuid="uuid" dns-domain-
name="dns_domain_name" dns-server-ip-address-list="dns_server_ip_address_list"
ntp-servers="ntp_servers" internal-virtual-network="internal_virtual_network"
external-virtual-network="external_virtual_network" [ internal-virtual-
network-gateway="internal_virtual_network_gateway" ][ internal-virtual-
network-mask="internal_virtual_network_mask" ][ internal-virtual-
network-ips="internal_virtual_network_ips" ][ external-virtual-network-
gateway="external_virtual_network_gateway" ][ external-virtual-network-
mask="external_virtual_network_mask" ][ external-virtual-network-
ips="external_virtual_network_ips" ][ external-ipv6-virtual-network-
gateway="external_ipv6_virtual_network_gateway" ][ external-ipv6-virtual-network-
prefix-length="external_ipv6_virtual_network_prefix_length" ][ external-ipv6-
virtual-network-ips="external_ipv6_virtual_network_ips" ][ windows-ad-domain-
name="windows_ad_domain_name" ][ windows-ad-username="windows_ad_username" ][
windows-ad-password="windows_ad_password" ][ overwrite="overwrite" ][ add-user-as-
afs-admin="add_user_as_afs_admin" ][ organizational-unit="organizational_unit" ][ rfc-
enabled="rfc_enabled" ][ preferred-domain-controller="preferred_domain_controller" ][ ad-
protocol-type="ad_protocol_type" ][ ldap-protocol-type="ldap_protocol_type" ][ local-
protocol-type="local_protocol_type" ][ nfsv4-domain="nfsv4_domain" ][ ldap-server-
uri="ldap_server_uri" ][ ldap-base-dn="ldap_base_dn" ][ ldap-username="ldap_username"
][ ldap-password="ldap_password" ][ ldap-ssh-key="ldap_ssh_key" ][ dns-
operation-type="dns_operation_type" ][ dns-server="dns_server" ][ dns-server-
username="dns_server_username" ][ dns-server-password="dns_server_password" ][
nfsversion="nfsversion" ]
Required arguments
uuid
Uuid of the file server
dns-domain-name
Fully qualified domain name (fileserver namespace). This, along with the
fileserver name, constitutes the namespace of the fileserver. Example:
fileserver_name.corp.companyname.com. This is also used to create fileserver DNS
entries on the nameservers so that clients can access the fileserver using its name.
dns-server-ip-address-list
List of comma-separated dns server ip addresses for file server configuration.
ntp-servers
List of comma-separated ntp servers for file server configuration.
internal-virtual-network
The identifier of the internal virtual network. Please use network UUID on AHV and ESX.
external-virtual-network
The identifier of the external virtual network. Please use network UUID on AHV and ESX.
Optional arguments
internal-virtual-network-gateway
The gateway ip address of the internal virtual network associated with file server VMs.
internal-virtual-network-mask
The network mask of the internal virtual network associated with file server VMs.
internal-virtual-network-ips
IPs used by new file server VMs in internal virtual network. Comma-separated IP ranges or
IPs, e.g. "10.4.1.3-10.4.1.5,10.4.1.11".

AOS | Nutanix Command-Line Interface (nCLI) | 116

external-virtual-network-gateway
The gateway ip address of the external virtual network associated with file server VMs.
external-virtual-network-mask
The network mask of the external virtual network associated with file server VMs.
external-virtual-network-ips
IPs used by new file server VMs in external virtual network.
external-ipv6-virtual-network-gateway
The ipv6 gateway address of the external virtual network associated with file server VMs.
external-ipv6-virtual-network-prefix-length
The prefix length of the external virtual network associated with file server VMs.
external-ipv6-virtual-network-ips
IPV6 IPs used by new file server VMs in the external
virtual network. Comma-separated IP ranges or IPs, e.g.
"2001:db8:152:4101:10:53:7:91-2001:db8:152:4101:10:53:7:93,2001:db8:1502:4101:10:53:76:99"
windows-ad-domain-name
The windows AD domain the file server is associated with.
windows-ad-username
The name of a user account with administrative privileges in the AD domain the file server
is associated with.
windows-ad-password
The password for the above Windows AD account
overwrite
If a machine account with the same name as file-server name is present on the AD, then
overwrite it during join-domain operation.
Default: false
add-user-as-afs-admin
AD user or group name as 'name' or 'NETBIOS\name' format.
organizational-unit
An Organizational unit container is where the AFS machine account will be created as
part of domain join operation. Use a / to specify hierarchical Organization Units. Default
container OU is "Computers". Examples: Engineering, Department/Engineering.
rfc-enabled
RFC 2307 ENABLED (true, false)
Default: false
preferred-domain-controller
Use a specific domain controller for join-domain operation in a multi DC Active Directory
setups. By default, AFS discovers a site local domain controller for join-domain operation.
ad-protocol-type
Protocol Type(NONE,SMB,NFS,"NFS,SMB")
ldap-protocol-type
Protocol Type(NONE,NFS)
local-protocol-type
Protocol Type(NONE,NFS)
nfsv4-domain

AOS | Nutanix Command-Line Interface (nCLI) | 117

NFSV4 Domain
ldap-server-uri
LDAP URI.
ldap-base-dn
LDAP Base DN.
ldap-username
LDAP Username.
ldap-password
LDAP Password.
ldap-ssh-key
LDAP SSH Certificate Key.
dns-operation-type
DNS Nameserver operation type: AFS specific DNS entries are needed on
the nameservers so that clients can connect to the fileserver using its FQDN
(fileserver_name.domain_name). AFS can add these entries automatically for MS-DNS
servers or they can be added manually. Select one of "MS_DNS" or "MANUAL".
dns-server
Preferred Nameserver FQDN (if not given, AFS finds one using an NS query)
dns-server-username
Username to use for adding fileserver DNS entries on the nameservers.
dns-server-password
Password to use for adding fileserver DNS entries on the nameservers.
nfsversion
Nfs version (NFSV3, NFSV4, NFSV3V4)

Add a admin user

ncli> file-server { add-admin-user } uuid="uuid" user="user" role="role"
Required arguments
uuid
Uuid of the file server that admin user is associated with
user
AD user or group name as 'name' or 'NETBIOS\name' format.
role
Role of the given user or group (one of AdMIN or BACKUP_OPERATOR).

Add DNS entries

ncli> file-server { add-dns } uuid="uuid" dns-operation-type="dns_operation_type"
dns-server-username="dns_server_username" dns-server-password="dns_server_password" [
dns-server="dns_server" ]
Required arguments
uuid
UUID of the FileServer
dns-operation-type
DNS Nameserver operation type: AFS specific DNS entries are needed on
the nameservers so that clients can connect to the fileserver using its FQDN

AOS | Nutanix Command-Line Interface (nCLI) | 118

(fileserver_name.domain_name). AFS can add these entries automatically for MS-DNS
servers or they can be added manually. Select one of "MS_DNS" or "MANUAL".
dns-server-username
Username to use for adding fileserver DNS entries on the nameservers.
dns-server-password
Password to use for adding fileserver DNS entries on the nameservers.
Optional arguments
dns-server
Preferred Nameserver FQDN (if not given, AFS finds one using an NS query)

Add a icap server

ncli> file-server { add-icap-server } uuid="uuid" ip-address-or-host-
name="ip_address_or_host_name" port="port" [ description="description" ]
Required arguments
uuid
Uuid of the file server that icap server is associated with
ip-address-or-host-name
Antivirus server ip address.
port
Antivirus server port number.
Optional arguments
description
Antivirus server description.

Add a Quota Policy

ncli> file-server { add-quota-policy } uuid="uuid" share-uuid="share_uuid"
principal-value="principal_value" quota-size-gib="quota_size_gib" quota-
enforcement-type="quota_enforcement_type" [ principal-type="principal_type" ][ send-
quota-notifications-to-user="send_quota_notifications_to_user" ][ notification-
recipients="notification_recipients" ]
Required arguments
uuid
Uuid of the file server that quota policy is associated with
share-uuid
Uuid of the share that quota policy is associated with
principal-value
Quota policy principal value (user or group name)
quota-size-gib
Quota size in Gibs
quota-enforcement-type
Quota enforcement type (Hard or Soft)
Optional arguments
principal-type
Quota policy principal type (enter 'user' or 'group')
send-quota-notifications-to-user

AOS | Nutanix Command-Line Interface (nCLI) | 119

Send quota notifications to user
notification-recipients
Additional notification recipients (comma-separated)

Add a Share
ncli> file-server { add-share } uuid="uuid" name="name" [ description="description"
][ enable-windows-previous-version="{ true | false }" ][ share-type="share_type" ][
share-size-gib="share_size_gib" ][ default-quota-limit-gib="default_quota_limit_gib"
][ quota-enforcement-type="quota_enforcement_type" ][ send-quota-notifications-
to-user="send_quota_notifications_to_user" ][ enable-access-based-enumeration="{ true
| false }" ][ enable-smb3-encryption="{ true | false }" ][ protocol-type="protocol_type" ][
secondary-protocol-type="secondary_protocol_type" ][ enable-symlink-creation="{ true
| false }" ][ enable-simultaneous-access="{ true | false }" ][ enable-compression="{ true
| false }" ][ share-path="share_path" ][ share-auth-type="share_auth_type"
][ default-share-access-type="default_share_access_type" ][ client-with-
read-write-access="client_with_read_write_access" ][ client-with-read-only-
access="client_with_read_only_access" ][ client-with-no-access="client_with_no_access"
][ anonymous-uid="anonymous_uid" ][ anonymous-gid="anonymous_gid" ][ squash-
type="squash_type" ][ file-blocking-extensions="file_blocking_extensions" ]
Required arguments
uuid
uuid of the File Server
name
Name of the Share
Optional arguments
description
Description of the Share
enable-windows-previous-version
Enable self service restore flag
share-type
Type of Share. Distributed or Standard (General Purpose)
share-size-gib
Share size in Gibs
default-quota-limit-gib
Default quota limit in Gibs (Quota applies to all users of the share)
quota-enforcement-type
Quota enforcement type (Hard or Soft)
send-quota-notifications-to-user
Send quota notifications to user
enable-access-based-enumeration
Enable access based enumeration flag
enable-smb3-encryption
Enable SMB3 Encryption
protocol-type
Primary protocol type (SMB or NFS)
secondary-protocol-type

AOS | Nutanix Command-Line Interface (nCLI) | 120

Secondary protocol type (SMB or NFS)
enable-symlink-creation
Symlink Creation Enabled
enable-simultaneous-access
Simultaneous Access Enabled
enable-compression
Compression Enabled
share-path
Share path for nested share
share-auth-type
Type of Share Authentication. (System-none, Kerberos)
default-share-access-type
Type of Default Share Access. (Read-write, Read-only, No-Access)
client-with-read-write-access
Comma-separated list of clients
client-with-read-only-access
Comma-separated list of clients
client-with-no-access
Comma-separated list of clients
anonymous-uid
Anonymous UID.
anonymous-gid
Anonymous GID.
squash-type
Squash Type.(root-squash,all-squash,none)
file-blocking-extensions
Comma-separated list of file blocking patterns.

Add a Snapshot Policy

ncli> file-server { add-snapshot-policy } file-server-uuid="file_server_uuid"
snapshot-policy-type="snapshot_policy_type" frequency="frequency" local-
retention="local_retention" [ days-of-week="days_of_week" ][ days-of-
month="days_of_month" ]
Required arguments
file-server-uuid
Uuid of the file server that snapshot policy is associated with
snapshot-policy-type
Snapshot policy type - hourly, daily, weekly, monthly
frequency
Snapshot policy frequency. Repeat snapshot every nth hour/day. For weekly and monthly,
frequency is 1.
local-retention
Maximum number of snapshots to retain locally
Optional arguments

AOS | Nutanix Command-Line Interface (nCLI) | 121

days-of-week
Comma-separated day of week values for the schedule: 1-7 (starts with Sunday(1))
days-of-month
Comma-separated day of month values for the schedule: 1-31

Add a user
ncli> file-server { add-user | add-user } uuid="uuid" user="user" [
password="password" ]
Required arguments
uuid
Uuid of the file server
user
File server user name.
Optional arguments
password
The password for the above file server user.

Add a User Mapping

ncli> file-server { add-user-mapping | add-user-mapping } uuid="uuid"
[ template-mapping-rule="template_mapping_rule" ][ smb-user-and-group-
with-no-nfs-mapping-action="smb_user_and_group_with_no_nfs_mapping_action"
][ nfs-user-no-smb-mapping-action="nfs_user_no_smb_mapping_action"
][ smb-user-map-to-nfs-user="smb_user_map_to_nfs_user" ][ smb-group-
map-to-nfs-group="smb_group_map_to_nfs_group" ][ nfs-user-map-
to-smb-name="nfs_user_map_to_smb_name" ][ nfs-group-map-to-smb-
name="nfs_group_map_to_smb_name" ][ one-to-one-mapping="one_to_one_mapping" ][ wild-
card-mapping="wild_card_mapping" ][ deny-access-smb-users="deny_access_smb_users"
][ deny-access-smb-groups="deny_access_smb_groups" ][ deny-access-nfs-
users="deny_access_nfs_users" ][ deny-access-nfs-groups="deny_access_nfs_groups" ][
file-path="file_path" ]
Required arguments
uuid
Uuid of the file server
Optional arguments
template-mapping-rule
Pre-defined templates to map SMB and NFS identities. Allowed
values(NO_TEMPLATE_MAPPING, SMB_NAME_NFS_NAME)
smb-user-and-group-with-no-nfs-mapping-action
SMB user and group with no NFS mapping action. Allowed values (DENY_ACCESS,
MAP_IDENTITIES). This is NFS default mappings
nfs-user-no-smb-mapping-action
NFS user and group with no SMB mapping action. Allowed values (DENY_ACCESS,
MAP_IDENTITIES). This is SMB default mapping.
smb-user-map-to-nfs-user
SMB user mapping with NFS id or name i.e 10 or nutanix. This is Default NFS user.
smb-group-map-to-nfs-group
SMB group mapping with NFS id or name i.e 20 or nutanix. This is Defaul NFS group.
nfs-user-map-to-smb-name

AOS | Nutanix Command-Line Interface (nCLI) | 122

NFS user mapping with SMB name, eg. domain\username. This is Default SMB Name.
nfs-group-map-to-smb-name
NFS group mapping with SMB name, eg. domain\username. This is Default smb name.
one-to-one-mapping
One to one explicit mapping associated with file server. i.e <smb-name>|<nfs-name>|
<mapping-type>
wild-card-mapping
Wild card explicit mapping associated with file server.i.e <Priority>|<smb-name>|<nfs-
name>|<mapping-type>
deny-access-smb-users
Deny access SMB users, eg. domain\username.
deny-access-smb-groups
Deny access SMB groups, eg. domain\username.
deny-access-nfs-users
Deny access NFS users, eg. username.
deny-access-nfs-groups
Deny access NFS groups, eg. username.
file-path
File path

Add a virus scan policy

ncli> file-server { add-virus-scan-policy } uuid="uuid" [ scan-time-interval-
secs="scan_time_interval_secs" ][ share-uuid="share_uuid" ][ scan-on-write="scan_on_write"
][ scan-on-read="scan_on_read" ][ file-size-exclusion-bytes="file_size_exclusion_bytes" ][
block-access-file="block_access_file" ][ enable-anti-virus="{ true | false }" ][ file-type-
exclusions="file_type_exclusions" ]
Required arguments
uuid
Uuid of the file server
Optional arguments
scan-time-interval-secs
Scan time interval in uses
share-uuid
Uuid of the Share
scan-on-write
Scan on write policy
scan-on-read
Scan on read policy
file-size-exclusion-bytes
File size exclusion
block-access-file
Block access file
enable-anti-virus
Enable antivirus

AOS | Nutanix Command-Line Interface (nCLI) | 123

file-type-exclusions
File type exclusion list

Clone a file server.

ncli> file-server { clone | clone } uuid="uuid" name="name" dns-domain-
name="dns_domain_name" dns-server-ip-address-list="dns_server_ip_address_list"
ntp-servers="ntp_servers" internal-virtual-network="internal_virtual_network"
external-virtual-network="external_virtual_network" [ snapshot-uuid="snapshot_uuid"
][ internal-virtual-network-gateway="internal_virtual_network_gateway" ][
internal-virtual-network-mask="internal_virtual_network_mask" ][ internal-
virtual-network-ips="internal_virtual_network_ips" ][ external-virtual-
network-gateway="external_virtual_network_gateway" ][ external-virtual-
network-mask="external_virtual_network_mask" ][ external-virtual-network-
ips="external_virtual_network_ips" ][ external-ipv6-virtual-network-
gateway="external_ipv6_virtual_network_gateway" ][ external-ipv6-virtual-network-
prefix-length="external_ipv6_virtual_network_prefix_length" ][ external-ipv6-
virtual-network-ips="external_ipv6_virtual_network_ips" ][ windows-ad-domain-
name="windows_ad_domain_name" ][ windows-ad-username="windows_ad_username" ][
windows-ad-password="windows_ad_password" ][ overwrite="overwrite" ][ add-user-
as-afs-admin="add_user_as_afs_admin" ][ organizational-unit="organizational_unit" ][
preferred-domain-controller="preferred_domain_controller" ][ rfc-enabled="rfc_enabled" ][
ad-protocol-type="ad_protocol_type" ][ ldap-protocol-type="ldap_protocol_type" ][ local-
protocol-type="local_protocol_type" ][ nfsv4-domain="nfsv4_domain" ][ ldap-server-
uri="ldap_server_uri" ][ ldap-base-dn="ldap_base_dn" ][ ldap-username="ldap_username"
][ ldap-password="ldap_password" ][ ldap-ssh-key="ldap_ssh_key" ][ dns-
operation-type="dns_operation_type" ][ dns-server="dns_server" ][ dns-server-
username="dns_server_username" ][ dns-server-password="dns_server_password" ][
nfsversion="nfsversion" ]
Required arguments
uuid
Uuid of the file server
name
Name of the file server clone
dns-domain-name
Fully qualified domain name (fileserver namespace). This, along with the
fileserver name, constitutes the namespace of the fileserver. Example:
fileserver_name.corp.companyname.com. This is also used to create fileserver DNS
entries on the nameservers so that clients can access the fileserver using its name.
dns-server-ip-address-list
List of comma-separated dns server ip addresses for file server configuration.
ntp-servers
List of comma-separated ntp servers for file server configuration.
internal-virtual-network
The identifier of the internal virtual network. Please use network UUID on AHV and ESX.
external-virtual-network
The identifier of the external virtual network. Please use network UUID on AHV and ESX.
Optional arguments
snapshot-uuid
File Server snapshot uuid

AOS | Nutanix Command-Line Interface (nCLI) | 124

internal-virtual-network-gateway
The gateway ip address of the internal virtual network associated with file server VMs.
internal-virtual-network-mask
The network mask of the internal virtual network associated with file server VMs.
internal-virtual-network-ips
IPs used by new file server VMs in internal virtual network. Comma-separated IP ranges or
IPs, e.g. "10.4.1.3-10.4.1.5,10.4.1.11".
external-virtual-network-gateway
The gateway ip address of the external virtual network associated with file server VMs.
external-virtual-network-mask
The network mask of the external virtual network associated with file server VMs.
external-virtual-network-ips
IPs used by new file server VMs in external virtual network.
external-ipv6-virtual-network-gateway
The ipv6 gateway address of the external virtual network associated with file server VMs.
external-ipv6-virtual-network-prefix-length
The prefix length of the external virtual network associated with file server VMs.
external-ipv6-virtual-network-ips
IPV6 IPs used by new file server VMs in the external
virtual network. Comma-separated IP ranges or IPs, e.g.
"2001:db8:152:4101:10:53:7:91-2001:db8:152:4101:10:53:7:93,2001:db8:1502:4101:10:53:76:99"
windows-ad-domain-name
The windows AD domain the file server is associated with.
windows-ad-username
The name of a user account with administrative privileges in the AD domain the file server
is associated with.
windows-ad-password
The password for the above Windows AD account
overwrite
If a machine account with the same name as file-server name is present on the AD, then
overwrite it during join-domain operation.
Default: false
add-user-as-afs-admin
AD user or group name as 'name' or 'NETBIOS\name' format.
organizational-unit
An Organizational unit container is where the AFS machine account will be created as
part of domain join operation. Use a / to specify hierarchical Organization Units. Default
container OU is "Computers". Examples: Engineering, Department/Engineering.
preferred-domain-controller
Use a specific domain controller for join-domain operation in a multi DC Active Directory
setups. By default, AFS discovers a site local domain controller for join-domain operation.
rfc-enabled
RFC 2307 ENABLED (true, false)
Default: false

AOS | Nutanix Command-Line Interface (nCLI) | 125

ad-protocol-type
Protocol Type(NONE,SMB,NFS,"NFS,SMB")
ldap-protocol-type
Protocol Type(NONE,NFS)
local-protocol-type
Protocol Type(NONE,NFS)
nfsv4-domain
NFSV4 Domain
ldap-server-uri
LDAP URI.
ldap-base-dn
LDAP Base DN.
ldap-username
LDAP Username.
ldap-password
LDAP Password.
ldap-ssh-key
LDAP SSH Certificate Key.
dns-operation-type
DNS Nameserver operation type: AFS specific DNS entries are needed on
the nameservers so that clients can connect to the fileserver using its FQDN
(fileserver_name.domain_name). AFS can add these entries automatically for MS-DNS
servers or they can be added manually. Select one of "MS_DNS" or "MANUAL".
dns-server
Preferred Nameserver FQDN (if not given, AFS finds one using an NS query)
dns-server-username
Username to use for adding fileserver DNS entries on the nameservers.
dns-server-password
Password to use for adding fileserver DNS entries on the nameservers.
nfsversion
Nfs version (NFSV3, NFSV4, NFSV3V4)

Join and unjoin the File Server to the Windows AD domain or bind and unbind from LDAP.
ncli> file-server { configure-name-services | configure-name-services
} uuid="uuid" [ windows-ad-domain-name="windows_ad_domain_name" ][ windows-
ad-username="windows_ad_username" ][ organizational-unit="organizational_unit"
][ windows-ad-password="windows_ad_password" ][ overwrite="overwrite" ][ add-
user-as-afs-admin="add_user_as_afs_admin" ][ rfc-enabled="rfc_enabled" ][
use-ad-credential-for-dns="use_ad_credential_for_dns" ][ preferred-domain-
controller="preferred_domain_controller" ][ ad-protocol-type="ad_protocol_type" ][
ldap-protocol-type="ldap_protocol_type" ][ local-protocol-type="local_protocol_type"
][ nfsv4-domain="nfsv4_domain" ][ ldap-server-uri="ldap_server_uri" ][ ldap-base-
dn="ldap_base_dn" ][ ldap-username="ldap_username" ][ ldap-password="ldap_password" ][
ldap-ssh-key="ldap_ssh_key" ][ nfsversion="nfsversion" ][ force="force" ]
Required arguments
uuid

AOS | Nutanix Command-Line Interface (nCLI) | 126

Uuid of the file server
Optional arguments
windows-ad-domain-name
The windows AD domain the file server is associated with.
windows-ad-username
The name of a user account with administrative privileges in the AD domain the file server
is associated with.
organizational-unit
An Organizational unit container is where the AFS machine account will be created as
part of domain join operation. Use a / to specify hierarchical Organization Units. Default
container OU is "Computers". Examples: Engineering, Department/Engineering.
windows-ad-password
The password for the above Windows AD account
overwrite
If a machine account with the same name as file-server name is present on the AD, then
overwrite it during join-domain operation.
Default: false
add-user-as-afs-admin
AD user or group name as 'name' or 'NETBIOS\name' format.
rfc-enabled
RFC 2307 ENABLED (true, false)
Default: false
use-ad-credential-for-dns
Use the same AD credential for dns
Default: false
preferred-domain-controller
Use a specific domain controller for join-domain operation in a multi DC Active Directory
setups. By default, AFS discovers a site local domain controller for join-domain operation.
ad-protocol-type
Protocol Type(NONE,SMB,NFS,"NFS,SMB")
ldap-protocol-type
Protocol Type(NONE,NFS)
local-protocol-type
Protocol Type(NONE,NFS)
nfsv4-domain
NFSV4 Domain
ldap-server-uri
LDAP URI.
ldap-base-dn
LDAP Base DN.
ldap-username
LDAP Username.
ldap-password

AOS | Nutanix Command-Line Interface (nCLI) | 127

LDAP Password.
ldap-ssh-key
LDAP SSH Certificate Key.
nfsversion
Nfs version (NFSV3, NFSV4, NFSV3V4)
force
If the joined Active Directory is down or not reachable, then use this option to leave the
domain by bypassing all AD interaction. Please ensure to remove the fileserver machine
account manually afterwards.
Default: false

Add a File Server

ncli> file-server { create | add } name="name" dns-domain-
name="dns_domain_name" dns-server-ip-address-list="dns_server_ip_address_list"
ntp-servers="ntp_servers" size-gib="size_gib" internal-virtual-
network="internal_virtual_network" external-virtual-network="external_virtual_network"
[ internal-virtual-network-gateway="internal_virtual_network_gateway" ][
internal-virtual-network-mask="internal_virtual_network_mask" ][ internal-
virtual-network-ips="internal_virtual_network_ips" ][ external-virtual-
network-gateway="external_virtual_network_gateway" ][ external-virtual-
network-mask="external_virtual_network_mask" ][ external-virtual-network-
ips="external_virtual_network_ips" ][ external-ipv6-virtual-network-
gateway="external_ipv6_virtual_network_gateway" ][ external-ipv6-virtual-
network-prefix-length="external_ipv6_virtual_network_prefix_length" ][
external-ipv6-virtual-network-ips="external_ipv6_virtual_network_ips" ][
nvm-count="nvm_count" ][ memory="memory" ][ cpu-count="cpu_count" ][ ad-
protocol-type="ad_protocol_type" ][ ldap-protocol-type="ldap_protocol_type"
][ local-protocol-type="local_protocol_type" ][ windows-ad-domain-
name="windows_ad_domain_name" ][ windows-ad-username="windows_ad_username"
][ windows-ad-password="windows_ad_password" ][ overwrite="overwrite" ][
organizational-unit="organizational_unit" ][ rfc-enabled="rfc_enabled" ][ pd-
name="pd_name" ][ add-user-as-afs-admin="add_user_as_afs_admin" ][ preferred-domain-
controller="preferred_domain_controller" ][ nfsv4-domain="nfsv4_domain" ][ ldap-server-
uri="ldap_server_uri" ][ ldap-base-dn="ldap_base_dn" ][ ldap-username="ldap_username"
][ ldap-password="ldap_password" ][ ldap-ssh-key="ldap_ssh_key" ][ dns-
operation-type="dns_operation_type" ][ dns-server="dns_server" ][ dns-server-
username="dns_server_username" ][ dns-server-password="dns_server_password" ][
nfsversion="nfsversion" ]
Required arguments
name
Name of the file server
dns-domain-name
Fully qualified domain name (fileserver namespace). This, along with the
fileserver name, constitutes the namespace of the fileserver. Example:
fileserver_name.corp.companyname.com. This is also used to create fileserver DNS
entries on the nameservers so that clients can access the fileserver using its name.
dns-server-ip-address-list
List of comma-separated dns server ip addresses for file server configuration.
ntp-servers
List of comma-separated ntp servers for file server configuration.

AOS | Nutanix Command-Line Interface (nCLI) | 128

size-gib
File server size in gibs
internal-virtual-network
The identifier of the internal virtual network. Please use network UUID on AHV and ESX.
external-virtual-network
The identifier of the external virtual network. Please use network UUID on AHV and ESX.
Optional arguments
internal-virtual-network-gateway
The gateway ip address of the internal virtual network associated with file server VMs.
internal-virtual-network-mask
The network mask of the internal virtual network associated with file server VMs.
internal-virtual-network-ips
IPs used by new file server VMs in internal virtual network. Comma-separated IP ranges or
IPs, e.g. "10.4.1.3-10.4.1.5,10.4.1.11".
external-virtual-network-gateway
The gateway ip address of the external virtual network associated with file server VMs.
external-virtual-network-mask
The network mask of the external virtual network associated with file server VMs.
external-virtual-network-ips
IPs used by new file server VMs in the external virtual network. Comma-separated IP
ranges or IPs, e.g. "10.4.1.3-10.4.1.5,10.4.1.11"
external-ipv6-virtual-network-gateway
The ipv6 gateway address of the external virtual network associated with file server VMs.
external-ipv6-virtual-network-prefix-length
The prefix length of the external virtual network associated with file server VMs.
external-ipv6-virtual-network-ips
IPV6 IPs used by new file server VMs in the external
virtual network. Comma-separated IP ranges or IPs, e.g.
"2001:db8:152:4101:10:53:7:91-2001:db8:152:4101:10:53:7:93,2001:db8:1502:4101:10:53:76:99"
nvm-count
Total number of file server VMs associated with the file server.
Default: 3
memory
Memory associated with each file server VM.
Default: 12
cpu-count
Number of vCPUs per file server VM.
Default: 4
ad-protocol-type
Protocol Type(NONE,SMB,NFS,"NFS,SMB")
ldap-protocol-type
Protocol Type(NONE,NFS)
local-protocol-type

AOS | Nutanix Command-Line Interface (nCLI) | 129

Protocol Type(NONE,NFS)
windows-ad-domain-name
The windows AD domain the file server is associated with.
windows-ad-username
The name of a user account with administrative privileges in the AD domain the file server
is associated with.
windows-ad-password
The password for the above Windows AD account
overwrite
If a machine account with the same name as file-server name is present on the AD, then
overwrite it during join-domain operation.
Default: false
organizational-unit
An Organizational unit container is where the AFS machine account will be created as
part of domain join operation. Use a / to specify hierarchical Organization Units. Default
container OU is "Computers". Examples: Engineering, Department/Engineering.
rfc-enabled
RFC 2307 ENABLED (true, false)
Default: false
pd-name
Name of the pd going to be associated with the file server.
add-user-as-afs-admin
AD user or group name as 'name' or 'NETBIOS\name' format.
preferred-domain-controller
Use a specific domain controller for join-domain operation in a multi DC Active Directory
setups. By default, AFS discovers a site local domain controller for join-domain operation.
nfsv4-domain
NFSV4 Domain
ldap-server-uri
LDAP URI.
ldap-base-dn
LDAP Base DN.
ldap-username
LDAP Username.
ldap-password
LDAP Password.
ldap-ssh-key
LDAP SSH Certificate Key.
dns-operation-type
DNS Nameserver operation type: AFS specific DNS entries are needed on
the nameservers so that clients can connect to the fileserver using its FQDN
(fileserver_name.domain_name). AFS can add these entries automatically for MS-DNS
servers or they can be added manually. Select one of "MS_DNS" or "MANUAL".
dns-server

AOS | Nutanix Command-Line Interface (nCLI) | 130

Preferred Nameserver FQDN (if not given, AFS finds one using an NS query)
dns-server-username
Username to use for adding fileserver DNS entries on the nameservers.
dns-server-password
Password to use for adding fileserver DNS entries on the nameservers.
nfsversion
Nfs version (NFSV3, NFSV4, NFSV3V4)

Delete a File Server

ncli> file-server { delete | remove | rm } uuid="uuid" [ force="force" ][ delete-
pd-and-snapshots="delete_pd_and_snapshots" ][ delete-container="delete_container" ]
Required arguments
uuid
UUID of the FileServer
Optional arguments
force
force delete file server
delete-pd-and-snapshots
delete pd and all snapshots
delete-container
delete container associated with file server

Delete a admin user

ncli> file-server { delete-admin-user } uuid="uuid" admin-user-
uuid="admin_user_uuid"
Required arguments
uuid
Uuid of the file server that admin user is associated with
admin-user-uuid
uuid of the admin user

Delete a icap server

ncli> file-server { delete-icap-server } uuid="uuid" icap-server-
uuid="icap_server_uuid"
Required arguments
uuid
Uuid of the file server that icap is associated with
icap-server-uuid
uuid of the icap server

Delete infected files

ncli> file-server { delete-infected-files } uuid="uuid" infected-file-
uuids="infected_file_uuids"
Required arguments
uuid
uuid of the file server

AOS | Nutanix Command-Line Interface (nCLI) | 131

infected-file-uuids
Comma-separated list of infected file uuids

Delete a Quota Policy

ncli> file-server { delete-quota-policy } uuid="uuid" share-uuid="share_uuid"
quota-policy-uuid="quota_policy_uuid"
Required arguments
uuid
Uuid of the file server that quota policy is associated with
share-uuid
Uuid of the share that quota policy is associated with
quota-policy-uuid
uuid of the quota policy

Delete a Share
ncli> file-server { delete-share } uuid="uuid" share-uuid="share_uuid" [
force="force" ]
Required arguments
uuid
uuid of the File Server
share-uuid
uuid of the FileServer share
Optional arguments
force
force delete Share

Delete a Snapshot Policy

ncli> file-server { delete-snapshot-policy } file-server-uuid="file_server_uuid"
uuid="uuid"
Required arguments
file-server-uuid
Uuid of the file server that snapshot policy is associated with
uuid
uuid of the snapshot policy

Delete a user
ncli> file-server { delete-user } uuid="uuid" user="user"
Required arguments
uuid
Uuid of the file server that user is associated with
user
Name of the user

Delete a virus scan policy

ncli> file-server { delete-virus-scan-policy } uuid="uuid" share-uuid="share_uuid"
Required arguments
uuid

AOS | Nutanix Command-Line Interface (nCLI) | 132

Uuid of the file server that virus scan policy is associated with
share-uuid
Uuid of the share that virus scan policy is associated with

Update a File Server

ncli> file-server { edit | update } uuid="uuid" [ name="name" ][ dns-
domain-name="dns_domain_name" ][ total-nvm-count="total_nvm_count" ][
internal-virtual-network-ips="internal_virtual_network_ips" ][ external-
virtual-network-ips="external_virtual_network_ips" ][ external-ipv6-virtual-
network-ips="external_ipv6_virtual_network_ips" ][ dns-server-ip-address-
list="dns_server_ip_address_list" ][ ntp-servers="ntp_servers" ][ size-
gib="size_gib" ][ memory="memory" ][ cpu-count="cpu_count" ][ file-blocking-
extensions="file_blocking_extensions" ][ clear-recommendation="clear_recommendation" ]
Required arguments
uuid
Uuid of the file server
Optional arguments
name
Name of the file server
dns-domain-name
Fully qualified domain name (fileserver namespace). This, along with the
fileserver name, constitutes the namespace of the fileserver. Example:
fileserver_name.corp.companyname.com. This is also used to create fileserver DNS
entries on the nameservers so that clients can access the fileserver using its name.
total-nvm-count
Total number of file server VMs associated with the file server.
internal-virtual-network-ips
IPs used by new file server VMs in the internal virtual network.
external-virtual-network-ips
IPs used by new file server VMs in the external virtual network. Comma-separated IP
ranges or IPs, e.g. "10.4.1.3-10.4.1.5,10.4.1.11"
external-ipv6-virtual-network-ips
IPV6 IPs used by new file server VMs in the external
virtual network. Comma-separated IP ranges or IPs, e.g.
"2001:db8:152:4101:10:53:7:91-2001:db8:152:4101:10:53:7:93,2001:db8:1502:4101:10:53:76:99"
dns-server-ip-address-list
List of comma-separated dns server ip addresses for file server configuration.
ntp-servers
List of comma-separated ntp servers for file server configuration.
size-gib
File server size in gibs
memory
Memory associated with each file server VM.
cpu-count
Number of vCPUs per file server VM.
file-blocking-extensions

AOS | Nutanix Command-Line Interface (nCLI) | 133

Comma-separated list of file blocking patterns. These patterns apply on all present or
future shares which do not have share level patterns configured (share patterns override
these patterns).
clear-recommendation
Clear recommended action associated with file server.i.e {scaleup, scaleout or rebalance}
Default: false

Edit the security params of a File Server

ncli> file-server { edit-security-params } fs-name="fs_name" [ enable-aide="{ true |
false }" ][ enable-core="{ true | false }" ][ enable-high-strength-password="{ true | false }" ][
enable-banner="{ true | false }" ][ schedule="schedule" ][ enable-slub-debug="{ true | false }"
][ enable-page-poison="{ true | false }" ][ enable-fapolicy="{ true | false }" ][ enable-
processor-mitigations="{ true | false }" ]
Required arguments
fs-name
Name of the file server
Optional arguments
enable-aide
Enable intrusion detection service.
enable-core
Enable user process core dumps.
enable-high-strength-password
Enable to set the minimum length for password to 14 and remember to 5 in PAM.
enable-banner
Enable DoD knowledge of consent banner for SSH and console logins.
schedule
Set cron schedule to run Salt periodically.
enable-slub-debug
Enable Slub Debugging which prevents use-after-free attacks.
enable-page-poison
Enable Page Posioning which prevents use-after-free attacks.
enable-fapolicy
Enable File Access Policy.
enable-processor-mitigations
Enable Processor Mitigations.

Show an individual FileServer's details

ncli> file-server { get } uuid="uuid" [ projection="projection" ]
Required arguments
uuid
uuid of the FileServer
Optional arguments
projection
Projections on the attributes

AOS | Nutanix Command-Line Interface (nCLI) | 134

Get a admin user
ncli> file-server { get-admin-user } uuid="uuid" admin-user-uuid="admin_user_uuid"
Required arguments
uuid
Uuid of the file server that admin user is associated with
admin-user-uuid
uuid of the admin user

Show built in groupsper File Server

ncli> file-server { get-builtin-groups } uuid="uuid" [ projection="projection" ]
Required arguments
uuid
uuid of the FileServer
Optional arguments
projection
Projections on the attributes

get-file-servers-usage
ncli> file-server { get-file-servers-usage }
Required arguments
None

Get File Server Manager

ncli> file-server { get-fsm }
Required arguments
None

Get icap server

ncli> file-server { get-icap-server } uuid="uuid" icap-server-
uuid="icap_server_uuid"
Required arguments
uuid
uuid of the file server
icap-server-uuid
uuid of the icap server

Get infected file

ncli> file-server { get-infected-file } uuid="uuid" infected-file-
uuid="infected_file_uuid" [ quarantined="quarantined" ]
Required arguments
uuid
uuid of the file server
infected-file-uuid
uuid of the infected file
Optional arguments
quarantined

AOS | Nutanix Command-Line Interface (nCLI) | 135

Quarantined

Get principal type from principal name

ncli> file-server { get-principal-type | get-principal-type } uuid="uuid" share-
uuid="share_uuid" principal-value="principal_value" [ principal-type="principal_type" ][
protocol-type="protocol_type" ]
Required arguments
uuid
Uuid of the file server
share-uuid
Uuid of the Share
principal-value
Quota policy principal value (user or group name)
Optional arguments
principal-type
Quota policy principal type (enter 'user' or 'group')
protocol-type
Primary protocol type (SMB or NFS)

Get a Quota Policy Email Config

ncli> file-server { get-quota-email-config } uuid="uuid"
Required arguments
uuid
Uuid of the file server

Get a Quota Policy

ncli> file-server { get-quota-policy } uuid="uuid" share-uuid="share_uuid" quota-
policy-uuid="quota_policy_uuid"
Required arguments
uuid
Uuid of the file server that quota policy is associated with
share-uuid
uuid of the share
quota-policy-uuid
uuid of the quota policy

Get the security config for the File Server

ncli> file-server { get-security-config } fs-name="fs_name"
Required arguments
fs-name
Name of the file server

Show an individual share's details

ncli> file-server { get-share | show-share } uuid="uuid" share-uuid="share_uuid" [
projection="projection" ]
Required arguments
uuid

AOS | Nutanix Command-Line Interface (nCLI) | 136

uuid of the file server
share-uuid
uuid of the FileServer share
Optional arguments
projection
Projections on the attributes

Get a file server share snapshot

ncli> file-server { get-snapshot } uuid="uuid" share-uuid="share_uuid" snapshot-
uuid="snapshot_uuid"
Required arguments
uuid
uuid of the file server
share-uuid
uuid of the file server share
snapshot-uuid
uuid of the file server share snapshot

Get ssl certificate

ncli> file-server { get-ssl-certificate | get-ssl-certificate } uuid="uuid"
Required arguments
uuid
Uuid of the file server

Get a User Mapping

ncli> file-server { get-user-mapping | get-user-mapping } uuid="uuid"
Required arguments
uuid
Uuid of the file server

Get a virus scan policy

ncli> file-server { get-virus-scan-policy } uuid="uuid" [ share-uuid="share_uuid" ]
Required arguments
uuid
uuid of the file server
Optional arguments
share-uuid
uuid of the file server share

Join the File Server to the Windows AD domain specified.

ncli> file-server { join-domain | join-domain } uuid="uuid" windows-ad-
domain-name="windows_ad_domain_name" windows-ad-username="windows_ad_username" [
organizational-unit="organizational_unit" ][ windows-ad-password="windows_ad_password"
][ overwrite="overwrite" ][ add-user-as-afs-admin="add_user_as_afs_admin" ][ preferred-
domain-controller="preferred_domain_controller" ]
Required arguments
uuid

AOS | Nutanix Command-Line Interface (nCLI) | 137

Uuid of the file server
windows-ad-domain-name
The windows AD domain the file server is associated with.
windows-ad-username
The name of a user account with administrative privileges in the AD domain the file server
is associated with.
Optional arguments
organizational-unit
An Organizational unit container is where the AFS machine account will be created as
part of domain join operation. Use a / to specify hierarchical Organization Units. Default
container OU is "Computers". Examples: Engineering, Department/Engineering.
windows-ad-password
The password for the above Windows AD account
overwrite
If a machine account with the same name as file-server name is present on the AD, then
overwrite it during join-domain operation.
Default: false
add-user-as-afs-admin
AD user or group name as 'name' or 'NETBIOS\name' format.
preferred-domain-controller
Use a specific domain controller for join-domain operation in a multi DC Active Directory
setups. By default, AFS discovers a site local domain controller for join-domain operation.

Leave File Server from domain

ncli> file-server { leave-domain | leave-domain } uuid="uuid" [ windows-ad-
password="windows_ad_password" ][ windows-ad-username="windows_ad_username" ][
force="force" ]
Required arguments
uuid
Uuid of the file server
Optional arguments
windows-ad-password
The password for the above Windows AD account
windows-ad-username
The name of a user account with administrative privileges in the AD domain the file server
is associated with.
force
If the joined Active Directory is down or not reachable, then use this option to leave the
domain by bypassing all AD interaction. Please ensure to remove the fileserver machine
account manually afterwards.
Default: false

List all File Servers with filtering

ncli> file-server { list | ls }[ count="count" ][ filter-criteria="filter_criteria" ][
search-string="search_string" ][ projection="projection" ]
Required arguments

AOS | Nutanix Command-Line Interface (nCLI) | 138

None
Optional arguments
count
Number of Containers to retrieve
filter-criteria
Filter criteria
search-string
Search string
projection
Projections on the attributes

List all admin users with filtering

ncli> file-server { list-admin-users } uuid="uuid"
Required arguments
uuid
uuid of the file server

List all shares with filtering

ncli> file-server { list-all-fs-shares }[ count="count" ][ filter-
criteria="filter_criteria" ][ search-string="search_string" ][ search-attribute-
list="search_attribute_list" ][ projection="projection" ]
Required arguments
None
Optional arguments
count
Number of shares to retrieve
filter-criteria
Filter criteria
search-string
Search string
search-attribute-list
Search attribute list
projection
Projections on the attributes

List all DNS entries

ncli> file-server { list-dns } uuid="uuid"
Required arguments
uuid
uuid of the file server

List all icap servers with filtering

ncli> file-server { list-icap-servers } uuid="uuid"
Required arguments
uuid

AOS | Nutanix Command-Line Interface (nCLI) | 139

uuid of the file server

List all infected files

ncli> file-server { list-infected-files } uuid="uuid" quarantined="quarantined"
[ share-uuid="share_uuid" ][ count="count" ][ page="page" ][ filter-
criteria="filter_criteria" ][ search-string="search_string" ][ projection="projection" ]
Required arguments
uuid
uuid of the file server
quarantined
Quarantined
Optional arguments
share-uuid
Uuid of the share
count
Number of infected files to retrieve
page
Page number
filter-criteria
Filter criteria
search-string
Search string
projection
Projections on the attributes

List all quota policies with filtering

ncli> file-server { list-quota-policies } uuid="uuid" share-uuid="share_uuid"
Required arguments
uuid
Uuid of the file server that quota policy is associated with
share-uuid
uuid of the share

List all shares with filtering

ncli> file-server { list-shares | list-shares } uuid="uuid" [ count="count" ][
filter-criteria="filter_criteria" ][ search-string="search_string" ][ search-attribute-
list="search_attribute_list" ][ projection="projection" ]
Required arguments
uuid
uuid of the file server
Optional arguments
count
Number of Containers to retrieve
filter-criteria
Filter criteria

AOS | Nutanix Command-Line Interface (nCLI) | 140

search-string
Search string
search-attribute-list
Search attribute list
projection
Projections on the attributes

List all Snapshot policies with filtering

ncli> file-server { list-snapshot-policies } file-server-uuid="file_server_uuid"
Required arguments
file-server-uuid
uuid of the file server

List all Snapshots with filtering

ncli> file-server { list-snapshots } uuid="uuid" share-uuid="share_uuid"
Required arguments
uuid
uuid of the file server
share-uuid
uuid of the file server share

List users
ncli> file-server { list-user } uuid="uuid"
Required arguments
uuid
uuid of the file server

Load balance a File Server

ncli> file-server { load-balance } uuid="uuid" action="action" [ total-nvm-
count="total_nvm_count" ][ internal-virtual-network-ips="internal_virtual_network_ips"
][ external-virtual-network-ips="external_virtual_network_ips" ][ external-ipv6-
virtual-network-ips="external_ipv6_virtual_network_ips" ][ memory="memory" ][ cpu-
count="cpu_count" ]
Required arguments
uuid
Uuid of the file server
action
Action based on the recommendation associated with file server.i.e {scaleup, scaleout or
rebalance}
Optional arguments
total-nvm-count
Total number of file server VMs associated with the file server.
internal-virtual-network-ips
IPs used by new file server VMs in the internal virtual network.
external-virtual-network-ips
IPs used by new file server VMs in the external virtual network. Comma-separated IP
ranges or IPs, e.g. "10.4.1.3-10.4.1.5,10.4.1.11"

AOS | Nutanix Command-Line Interface (nCLI) | 141

external-ipv6-virtual-network-ips
IPV6 IPs used by new file server VMs in the external
virtual network. Comma-separated IP ranges or IPs, e.g.
"2001:db8:152:4101:10:53:7:91-2001:db8:152:4101:10:53:7:93,2001:db8:1502:4101:10:53:76:99"
memory
Memory associated with each file server VM.
cpu-count
Number of vCPUs per file server VM.

Add a protection domain for File Server.

ncli> file-server { protect | protect } uuid="uuid" [ pd-name="pd_name" ][ metro-
avail="metro_avail" ][ remote-site-name="remote_site_name" ][ enable-witness="{ true |
false }" ]
Required arguments
uuid
Uuid of the file server
Optional arguments
pd-name
Name of the pd going to be associated with the file server.
metro-avail
Enable metro availability for the file server PD.
Default: false
remote-site-name
Name of the Remote Site
enable-witness
Enable witness failure handling for the file server metro PD.
Default: false

Quarantine infected files

ncli> file-server { quarantine-infected-files } uuid="uuid" infected-file-
uuids="infected_file_uuids"
Required arguments
uuid
uuid of the file server
infected-file-uuids
Comma-separated list of infected file uuids

Generates SSL Certificate with cipher Strength 2048 bits and replaces the existing certificate
ncli> file-server { regenerate-ssl-certificate } uuid="uuid"
Required arguments
uuid
UUID of the FileServer

AOS | Nutanix Command-Line Interface (nCLI) | 142

Remove DNS entries
ncli> file-server { remove-dns } uuid="uuid" dns-operation-
type="dns_operation_type" dns-server-username="dns_server_username" dns-server-
password="dns_server_password" [ dns-server="dns_server" ]
Required arguments
uuid
UUID of the FileServer
dns-operation-type
DNS Nameserver operation type: AFS specific DNS entries are needed on
the nameservers so that clients can connect to the fileserver using its FQDN
(fileserver_name.domain_name). AFS can add these entries automatically for MS-DNS
servers or they can be added manually. Select one of "MS_DNS" or "MANUAL".
dns-server-username
Username to use for adding fileserver DNS entries on the nameservers.
dns-server-password
Password to use for adding fileserver DNS entries on the nameservers.
Optional arguments
dns-server
Preferred Nameserver FQDN (if not given, AFS finds one using an NS query)

Rescan infected files

ncli> file-server { rescan-infected-files } uuid="uuid" infected-file-
uuids="infected_file_uuids"
Required arguments
uuid
uuid of the file server
infected-file-uuids
Comma-separated list of infected file uuids

Reset infected files

ncli> file-server { reset-infected-files } uuid="uuid" infected-file-
uuids="infected_file_uuids"
Required arguments
uuid
uuid of the file server
infected-file-uuids
Comma-separated list of infected file uuids

Search User Mapping

ncli> file-server { search-user-mapping } uuid="uuid" name-or-ids="name_or_ids"
search-mapping-type="search_mapping_type" mapping-type="mapping_type"
Required arguments
uuid
uuid of the File Server
name-or-ids
Search identity mapping name or ids
search-mapping-type

AOS | Nutanix Command-Line Interface (nCLI) | 143

Search user mapping (SMB_TO_NFS or NFS_TO_SMB)
mapping-type
Mapping type of the search user ie. user or group.

Change password for pfx file

ncli> file-server { ssl-certificate-change-pfx-file-password } uuid="uuid"
Required arguments
uuid
Uuid of the file server

Generates SSL Certificate with cipher Strength 2048 bits and replaces the existing certificate
ncli> file-server { ssl-certificate-generate } uuid="uuid"
Required arguments
uuid
Uuid of the file server

Test icap server connection

ncli> file-server { test-icap-connection } uuid="uuid" icap-server-
uuid="icap_server_uuid"
Required arguments
uuid
Uuid of the file server that icap server is associated with
icap-server-uuid
uuid of the icap server

Unquarantine infected files

ncli> file-server { unquarantine-infected-files } uuid="uuid" infected-file-
uuids="infected_file_uuids"
Required arguments
uuid
uuid of the file server
infected-file-uuids
Comma-separated list of infected file uuids

Update a admin user

ncli> file-server { update-admin-user } uuid="uuid" admin-user-
uuid="admin_user_uuid" [ user="user" ][ role="role" ]
Required arguments
uuid
Uuid of the file server that admin user is associated with
admin-user-uuid
Admin user uuid.
Optional arguments
user
AD user or group name as 'name' or 'NETBIOS\name' format.
role
Role of the given user or group (one of AdMIN or BACKUP_OPERATOR).

AOS | Nutanix Command-Line Interface (nCLI) | 144

Update a icap server
ncli> file-server { update-icap-server } uuid="uuid" icap-server-
uuid="icap_server_uuid" [ description="description" ][ enabled="{ true | false }" ]
Required arguments
uuid
Uuid of the file server that Icap is associated with
icap-server-uuid
Uuid of the antivirus server
Optional arguments
description
Antivirus server description.
enabled
Enable or diable antivirus server.

Update network of a File Server

ncli> file-server { update-network } uuid="uuid" [ dns-server-ip-address-
list="dns_server_ip_address_list" ][ ntp-servers="ntp_servers" ][ internal-virtual-
network="internal_virtual_network" ][ external-virtual-network="external_virtual_network"
][ internal-virtual-network-gateway="internal_virtual_network_gateway" ][
internal-virtual-network-mask="internal_virtual_network_mask" ][ internal-
virtual-network-ips="internal_virtual_network_ips" ][ external-virtual-
network-gateway="external_virtual_network_gateway" ][ external-virtual-
network-mask="external_virtual_network_mask" ][ external-virtual-network-
ips="external_virtual_network_ips" ][ external-ipv6-virtual-network-
gateway="external_ipv6_virtual_network_gateway" ][ external-ipv6-virtual-network-
prefix-length="external_ipv6_virtual_network_prefix_length" ][ external-ipv6-virtual-
network-ips="external_ipv6_virtual_network_ips" ][ delete-external-ipv6-virtual-
network="delete_external_ipv6_virtual_network" ]
Required arguments
uuid
Uuid of the file server
Optional arguments
dns-server-ip-address-list
List of comma-separated dns server ip addresses for file server configuration.
ntp-servers
List of comma-separated ntp servers for file server configuration.
internal-virtual-network
The identifier of the internal virtual network. Please use network UUID on AHV and ESX.
external-virtual-network
The identifier of the external virtual network. Please use network UUID on AHV and ESX.
internal-virtual-network-gateway
The gateway ip address of the internal virtual network associated with file server VMs.
internal-virtual-network-mask
The network mask of the internal virtual network associated with file server VMs.
internal-virtual-network-ips
IPs used by new file server VMs in internal virtual network. Comma-separated IP ranges or
IPs, e.g. "10.4.1.3-10.4.1.5,10.4.1.11".

AOS | Nutanix Command-Line Interface (nCLI) | 145

Update a Quota Policy Email Config

ncli> file-server { update-quota-email-config } uuid="uuid" [ subject="subject" ][
content="content" ]
Required arguments
uuid
Uuid of the file server
Optional arguments
subject
Email subject.
content
Email content.

Update a Quota Policy

ncli> file-server { update-quota-policy } uuid="uuid" share-uuid="share_uuid"
quota-policy-uuid="quota_policy_uuid" [ quota-size-gib="quota_size_gib" ][ quota-
enforcement-type="quota_enforcement_type" ][ send-quota-notifications-to-
user="send_quota_notifications_to_user" ][ notification-recipients="notification_recipients" ]
Required arguments
uuid
Uuid of the file server that quota policy is associated with
share-uuid
Uuid of the share that quota policy is associated with
quota-policy-uuid
Uuid of the Quota Policy
Optional arguments
quota-size-gib

AOS | Nutanix Command-Line Interface (nCLI) | 146

Quota size in Gibs
quota-enforcement-type
Quota enforcement type (Hard or Soft)
send-quota-notifications-to-user
Send quota notifications to user
notification-recipients
Additional notification recipients (comma-separated)

Update a Share
ncli> file-server { update-share | edit-share } uuid="uuid" share-
uuid="share_uuid" [ name="name" ][ enable-windows-previous-version="{ true | false }"
][ description="description" ][ share-size-gib="share_size_gib" ][ default-quota-
limit-gib="default_quota_limit_gib" ][ quota-enforcement-type="quota_enforcement_type"
][ send-quota-notifications-to-user="send_quota_notifications_to_user" ][ enable-
access-based-enumeration="{ true | false }" ][ enable-smb3-encryption="{ true | false }"
][ protocol-type="protocol_type" ][ secondary-protocol-type="secondary_protocol_type"
][ enable-symlink-creation="{ true | false }" ][ enable-simultaneous-access="{ true |
false }" ][ enable-compression="{ true | false }" ][ share-auth-type="share_auth_type"
][ default-share-access-type="default_share_access_type" ][ client-with-
read-write-access="client_with_read_write_access" ][ client-with-read-only-
access="client_with_read_only_access" ][ client-with-no-access="client_with_no_access"
][ anonymous-uid="anonymous_uid" ][ anonymous-gid="anonymous_gid" ][ squash-
type="squash_type" ][ file-blocking-extensions="file_blocking_extensions" ]
Required arguments
uuid
uuid of the File Server
share-uuid
Uuid of the Share
Optional arguments
name
Name of the Share
enable-windows-previous-version
Enable self service restore flag
description
Description of the Share
share-size-gib
Share size in Gibs
default-quota-limit-gib
Default quota limit in Gibs (Quota applies to all users of the share)
quota-enforcement-type
Quota enforcement type (Hard or Soft)
send-quota-notifications-to-user
Send quota notifications to user
enable-access-based-enumeration
Enable access based enumeration flag
enable-smb3-encryption

AOS | Nutanix Command-Line Interface (nCLI) | 147

Enable SMB3 Encryption
protocol-type
Primary protocol type (SMB or NFS)
secondary-protocol-type
Secondary protocol type (SMB or NFS)
enable-symlink-creation
Symlink Creation Enabled
enable-simultaneous-access
Simultaneous Access Enabled
enable-compression
Compression Enabled
share-auth-type
Type of Share Authentication. (System-none, Kerberos)
default-share-access-type
Type of Default Share Access. (Read-write, Read-only, No-Access)
client-with-read-write-access
Comma-separated list of clients
client-with-read-only-access
Comma-separated list of clients
client-with-no-access
Comma-separated list of clients
anonymous-uid
Anonymous UID.
anonymous-gid
Anonymous GID.
squash-type
Squash Type.(root-squash,all-squash,none)
file-blocking-extensions
Comma-separated list of file blocking patterns.

Update a Snapshot Policy

ncli> file-server { update-snapshot-policy } file-server-uuid="file_server_uuid"
uuid="uuid" [ snapshot-policy-type="snapshot_policy_type" ][ frequency="frequency"
][ days-of-week="days_of_week" ][ days-of-month="days_of_month" ][ local-
retention="local_retention" ]
Required arguments
file-server-uuid
Uuid of the file server that snapshot policy is associated with
uuid
Uuid of the Snapshot Policy
Optional arguments
snapshot-policy-type
Snapshot policy type - hourly, daily, weekly, monthly
frequency

AOS | Nutanix Command-Line Interface (nCLI) | 148

Snapshot policy frequency. Repeat snapshot every nth hour/day. For weekly and monthly,
frequency is 1.
days-of-week
Comma-separated day of week values for the schedule: 1-7 (starts with Sunday(1))
days-of-month
Comma-separated day of month values for the schedule: 1-31
local-retention
Maximum number of snapshots to retain locally

Update a user
ncli> file-server { update-user } uuid="uuid" [ user="user" ][ password="password" ]
Required arguments
uuid
Uuid of the file server that user is associated with
Optional arguments
user
File server user name.
password
The password for the above file server user.

Update a User Mapping

ncli> file-server { update-user-mapping } uuid="uuid"
Required arguments
uuid
uuid of the File Server

Update a virus scan policy

ncli> file-server { update-virus-scan-policy } uuid="uuid" [ scan-time-interval-
secs="scan_time_interval_secs" ][ share-uuid="share_uuid" ][ scan-on-write="scan_on_write"
][ scan-on-read="scan_on_read" ][ file-size-exclusion-bytes="file_size_exclusion_bytes" ][
block-access-file="block_access_file" ][ enable-anti-virus="{ true | false }" ][ file-type-
exclusions="file_type_exclusions" ]
Required arguments
uuid
Uuid of the file server that antivirus scan policy is associated with
Optional arguments
scan-time-interval-secs
Scan time interval in uses
share-uuid
Uuid of the Share
scan-on-write
Scan on write policy
scan-on-read
Scan on read policy
file-size-exclusion-bytes
File size exclusion

AOS | Nutanix Command-Line Interface (nCLI) | 149

block-access-file
Block access file
enable-anti-virus
Enable antivirus
file-type-exclusions
File type exclusion list

Upgrade given list of File Servers

ncli> file-server { upgrade | upgrade } version="version" [ uuid="uuid" ][ upgrade-
all-file-servers="upgrade_all_file_servers" ]
Required arguments
version
Version of the file server
Optional arguments
uuid
Uuid of the file server
upgrade-all-file-servers
Upgrade all file servers flag.

Upgrade Files module. Example: LCM

ncli> file-server { upgrade-files-module } version="version" package-
path="package_path" files-module-type="files_module_type" [ task-uuid="task_uuid" ][
parent-task-uuid="parent_task_uuid" ]
Required arguments
version
Files module version
package-path
Files module package path
files-module-type
Files module type
Optional arguments
task-uuid
Task uuid
parent-task-uuid
Parent task uuid

Verify DNS entries

ncli> file-server { verify-dns } uuid="uuid" [ dns-server="dns_server" ]
Required arguments
uuid
UUID of the FileServer
Optional arguments
dns-server
Dns server IP address

health-check: Health Check

AOS | Nutanix Command-Line Interface (nCLI) | 150

Description A health check
Alias check

Operations
• Edit a Health Check : edit | update
• List Health Checks : list | ls

Edit a Health Check

ncli> health-check { edit | update } id="id" [ enable="{ true | false }" ][
interval="interval" ][ parameter-thresholds="parameter_thresholds" ][ severity="severity"
][ enable-severity-threshold="{ true | false }" ][ parameter-name="parameter_name" ][
parameter-value="parameter_value" ][ auto-resolve="auto_resolve" ]
Required arguments
id
Id of the Health Check
Optional arguments
enable
Enable/Disable Health Check
interval
Scheduled interval at which Health Check should be run (in seconds)
parameter-thresholds
List of comma-separated parameter and it's threshold. All the values should be of format
<parameter-name:value>.
severity
Severity Threshold to update
enable-severity-threshold
Enable or Disable the selected Severity Threshold
parameter-name
Name of the parameter to update.
parameter-value
Updated value of the parameter.
auto-resolve
Enable/Disable Auto Resolve feature for this check. Value should be set to either true or
false

List Health Checks

ncli> health-check { list | ls }[ id="id" ]
Required arguments
None
Optional arguments
id
Id of the Health Check

host: Physical Host

Description A Physical Host hosts Virtual Machines

AOS | Nutanix Command-Line Interface (nCLI) | 151

Alias
Operations
• Configure discovered node with IP addresses (Hypervisor, CVM and IPMI
addresses) : configure-node
• Discover new nodes available to add to the cluster : discover-nodes
• Edit Physical Host : edit | update
• Enable metadata store on a Physical Host : enable-metadata-store
• Generates and downloads the csr from discovered node based on certification
information from the cluster : generate-csr-for-discovered-node
• Get certificate related information : get-certificate-information
• Check the removal status for Physical Hosts : get-remove-status | get-rm-status
• Join one or more host(s) to a domain : join-domain
• List Physical Hosts : list | ls
• Get stats data for Physical Host : list-stats | ls-stats
• Begin the process of removing a Physical Host : remove-start | rm-start | delete
• Reset to factory setting, the default location to be used for storing the virtual
machine configuration files and the virtual hard disk files : reset-default-vm-vhd-
location

• Set the default location to be used for storing the virtual machine configuration files
and the virtual hard disk files : set-default-vm-vhd-location
• Set the monitoring status of Physical Hosts : set-monitoring

Configure discovered node with IP addresses (Hypervisor, CVM and IPMI addresses)
ncli> host { configure-node } node-uuid="node_uuid" [ cvm-ip="cvm_ip" ][
hypervisor-ip="hypervisor_ip" ][ ipmi-ip="ipmi_ip" ][ ipmi-netmask="ipmi_netmask" ][
ipmi-gateway="ipmi_gateway" ]
Required arguments
node-uuid
UUID of the new node
Optional arguments
cvm-ip
IP address of the controller VM
hypervisor-ip
IP address of the Hypervisor Host
ipmi-ip
IPMI address of the node
ipmi-netmask
IPMI netmask of the node
ipmi-gateway
IPMI gateway of the node

AOS | Nutanix Command-Line Interface (nCLI) | 152

Discover new nodes available to add to the cluster
ncli> host { discover-nodes }
Required arguments
None

Edit Physical Host

ncli> host { edit | update } id="id" [ hypervisor-username="hypervisor_username"
][ hypervisor-password="hypervisor_password" ][ new-ms-name="new_ms_name"
][ oplog-disk-pct="oplog_disk_pct" ][ ipmi-username="ipmi_username" ][ ipmi-
password="ipmi_password" ][ cvm-nat-ip="cvm_nat_ip" ][ cvm-nat-port="cvm_nat_port" ]
Required arguments
id
ID of the Physical Host
Optional arguments
hypervisor-username
Username to access the Hypervisor Host
hypervisor-password
Password to access the Hypervisor Host, Depreciated for EXSi and AHV.
new-ms-name
Name of the Management Server
oplog-disk-pct
The percentage of the oplog-disk to use for oplog data
ipmi-username
Username for IPMI access to a Physical Host
ipmi-password
Password for IPMI access to a Physical Host
cvm-nat-ip
NAT IP address of the controller VM. Set to '-' to clear the existing value
cvm-nat-port
NAT port of the controller VM. Set to '-' to clear the existing value

Enable metadata store on a Physical Host

ncli> host { enable-metadata-store } id="id"
Required arguments
id
ID of the Physical Host

Generates and downloads the csr from discovered node based on certification information from
the cluster
ncli> host { generate-csr-for-discovered-node } cvm-ip="cvm_ip" file-
path="file_path"
Required arguments
cvm-ip
IPv6 address of the controller VM of discovered node
file-path
Path where csr from the discovered node needs to be downloaded

AOS | Nutanix Command-Line Interface (nCLI) | 153

Get certificate related information.
ncli> host { get-certificate-information }[ id="id" ]
Required arguments
None
Optional arguments
id
ID of the Physical Host

Check the removal status for Physical Hosts

ncli> host { get-remove-status | get-rm-status }[ id="id" ]
Required arguments
None
Optional arguments
id
ID of the Physical Host

Join one or more host(s) to a domain. This operation is only valid for hosts running Hyper-V.
ncli> host { join-domain } domain="domain" logon-name="logon_name"
restart="restart" [ name-server-ip="name_server_ip" ][ host-name-
prefix="host_name_prefix" ][ password="password" ][ host-ids="host_ids" ][ host-
names="host_names" ][ ou-path="ou_path" ][ cps-prefix="cps_prefix" ]
Required arguments
domain
Full name of the domain
logon-name
Logon name (domain\username) of a domain user/administrator account that has
privileges to perform the operation
restart
Whether to restart the host(s) after the successful execution of a domain join/unjoin
operation
Optional arguments
name-server-ip
IP address of the name server that can resolve the domain name
host-name-prefix
The prefix to be used in naming the hosts running Hyper-V. Must not exceed 11 characters
in length
password
Password for the account specified by the logon account name
host-ids
A comma-separated list of the ids of the Physical Hosts
host-names
A comma-separated list of the names of the Physical Hosts
ou-path
Organizational Unit path of the domain
cps-prefix

AOS | Nutanix Command-Line Interface (nCLI) | 154

CPS prefix path of the domain

List Physical Hosts

ncli> host { list | ls }[ id="id" ]
Required arguments
None
Optional arguments
id
ID of the Physical Host

Get stats data for Physical Host

ncli> host { list-stats | ls-stats }[ id="id" ]
Required arguments
None
Optional arguments
id
ID of the Physical Host

Begin the process of removing a Physical Host

ncli> host { remove-start | rm-start | delete } id="id" [ skip-space-check="{ true |
false }" ][ force="force" ]
Required arguments
id
ID of the Physical Host
Optional arguments
skip-space-check
Skip checking storage space-related constraints when initiating removal of a host from the
cluster
Default: false
force
Forcefully perform the requested operation skipping any constraint validation
Default: false

Reset to factory setting, the default location to be used for storing the virtual machine
configuration files and the virtual hard disk files. This operation is only valid for hosts running
Hyper-V.
ncli> host { reset-default-vm-vhd-location } host-ids="host_ids"
Required arguments
host-ids
A comma-separated list of the ids of the Physical Hosts

Set the default location to be used for storing the virtual machine configuration files and the
virtual hard disk files. This operation is only valid for hosts running Hyper-V.
ncli> host { set-default-vm-vhd-location } ctr-for-vm-config="ctr_for_vm_config"
ctr-for-vhd-files="ctr_for_vhd_files" [ host-ids="host_ids" ]
Required arguments
ctr-for-vm-config

AOS | Nutanix Command-Line Interface (nCLI) | 155

Name of the Storage Container to be used for storing VM configuration files.
ctr-for-vhd-files
Name of the Storage Container to be used for storing virtual hard disk files.
Optional arguments
host-ids
A comma-separated list of the ids of the Physical Hosts

Set the monitoring status of Physical Hosts

ncli> host { set-monitoring } enabled="{ true | false }" ids="ids"
Required arguments
enabled
Enable monitoring of Physical Hosts?
ids
A comma-separated list of the ids of the Physical Hosts

http-proxy: HTTP Proxy

Description An HTTP Proxy
Alias proxy

Operations
• Create a new HTTP Proxy : add
• Add HTTP Proxy whitelist entry : add-to-whitelist
• Delete HTTP Proxy whitelist entry : delete-from-whitelist
• Edit an HTTP Proxy : edit | update
• Get HTTP Proxy whitelist : get-whitelist
• List HTTP Proxies : list | ls
• Remove an HTTP Proxy : remove | rm

Create a new HTTP Proxy

ncli> http-proxy { add } name="name" port="port" [ address="address" ][ host="host"
][ username="username" ][ password="password" ][ proxy-types="proxy_types" ]
Required arguments
name
Name of the HTTP Proxy
port
Port number of the HTTP Proxy
Optional arguments
address
Address of the HTTP Proxy
host
Address of the HTTP Proxy
username
Username to access the HTTP Proxy

AOS | Nutanix Command-Line Interface (nCLI) | 156

password
Password to access the HTTP Proxy
proxy-types
Proxy types to send applicable traffic

Add HTTP Proxy whitelist entry

ncli> http-proxy { add-to-whitelist } target-type="target_type" target="target"
Required arguments
target-type
Type of the target. Values can be {IPV4_ADDRESS, IPV6_ADDRESS,
IPV4_NETWORK_MASK, DOMAIN_NAME_SUFFIX, HOST_NAME}
target
Http proxy whitelist target. If the target-type is IPV4_NETWORK_MASK, specify the
netmask using traditional notation (for example, 172.16.0.0/255.240.0.0), not CIDR
notation.

Delete HTTP Proxy whitelist entry

ncli> http-proxy { delete-from-whitelist } target="target"
Required arguments
target
Http proxy whitelist target. If the target-type is IPV4_NETWORK_MASK, specify the
netmask using traditional notation (for example, 172.16.0.0/255.240.0.0), not CIDR
notation.

Edit an HTTP Proxy

ncli> http-proxy { edit | update } name="name" [ address="address" ][ host="host" ][
username="username" ][ password="password" ][ port="port" ]
Required arguments
name
Name of the HTTP Proxy
Optional arguments
address
Address of the HTTP Proxy
host
Address of the HTTP Proxy
username
Username to access the HTTP Proxy
password
Password to access the HTTP Proxy
port
Port number of the HTTP Proxy

Get HTTP Proxy whitelist

ncli> http-proxy { get-whitelist }
Required arguments
None

AOS | Nutanix Command-Line Interface (nCLI) | 157

List HTTP Proxies
ncli> http-proxy { list | ls }[ name="name" ]
Required arguments
None
Optional arguments
name
Name of the HTTP Proxy

Remove an HTTP Proxy

ncli> http-proxy { remove | rm } name="name"
Required arguments
name
Name of an HTTP Proxy

key-management-server: Key Management Server

Description Manage key management servers
Alias
Operations
• Add key management server : add
• Change the key management server type : change-key-management-server-type
• Get specified key management server : get
• List all key management servers : list | ls
• Remove key management server : remove | rm
• Update key management server : update

Add key management server

ncli> key-management-server { add } name="name" [ address-list="address_list" ][
address-values="address_values" ]
Required arguments
name
Key management server name
Optional arguments
address-list
List of comma-separated addresses of the key management server. All addresses should
be of format <ipaddress> or of format <ipaddress:port>. Port 5696 is used as default if port
number is not specified
address-values
List of comma-separated addresses(IPv6 Capable) of the key management server. All
addresses should be of format <ipaddress> or of format <ipaddress:port>. Port 5696 is
used as default if port number is not specified

Change the key management server type

ncli> key-management-server { change-key-management-server-type } key-
management-server-type="key_management_server_type"
Required arguments

AOS | Nutanix Command-Line Interface (nCLI) | 158

key-management-server-type
The desired key management server type, valid entries are 'ekm', 'lkm', and 'pckm'

Get specified key management server

ncli> key-management-server { get } name="name"
Required arguments
name
Key management server name

List all key management servers

ncli> key-management-server { list | ls }
Required arguments
None

Remove key management server

ncli> key-management-server { remove | rm } name="name"
Required arguments
name
Key management server name

Update key management server

ncli> key-management-server { update } name="name" [ address-list="address_list" ][
address-values="address_values" ][ force="force" ]
Required arguments
name
Key management server name
Optional arguments
address-list
List of comma-separated addresses of the key management server. All addresses should
be of format <ipaddress> or of format <ipaddress:port>. Port 5696 is used as default if port
number is not specified
address-values
List of comma-separated addresses(IPv6 Capable) of the key management server. All
addresses should be of format <ipaddress> or of format <ipaddress:port>. Port 5696 is
used as default if port number is not specified
force
Forcefully perform the requested operation skipping any constraint validation

license: License
Description License for a Nutanix cluster
Alias

AOS | Nutanix Command-Line Interface (nCLI) | 159

Operations
• Apply a license file to the cluster : apply-license
• Download cluster info as a file : download-cluster-info
• Get cluster info from the cluster : generate-cluster-info
• Read allowances for features as listed in the license : get-allowances
• Read license file from the cluster : get-license

Apply a license file to the cluster

ncli> license { apply-license } license-file="license_file"
Required arguments
license-file
License file

Download cluster info as a file

ncli> license { download-cluster-info } file-path="file_path" [ csf-
version="csf_version" ]
Required arguments
file-path
File path
Optional arguments
csf-version
CSF Version
Default: 1

Get cluster info from the cluster

ncli> license { generate-cluster-info }[ csf-version="csf_version" ]
Required arguments
None
Optional arguments
csf-version
CSF Version
Default: 1

Read allowances for features as listed in the license

ncli> license { get-allowances }[ feature-name="feature_name" ]
Required arguments
None
Optional arguments
feature-name
Feature name

Read license file from the cluster

ncli> license { get-license }[ showAllClusters="showAllClusters" ]
Required arguments

AOS | Nutanix Command-Line Interface (nCLI) | 160

None
Optional arguments
showAllClusters
Show PE Licenses
Default: false

managementserver: Management Server

Description An infrastructure management server such as VCenter
Alias ms

Operations
• Add a new Management Server : add
• Add a new Management Server : edit | update
• List Management Servers : list | ls
• Returns a list of information for management servers which are used for managing
the cluster : list-management-server-info
• Create and register a management server extension for Nutanix : register
• Delete a Management Server : remove | rm
• Unregister the management server extension for Nutanix : unregister

Add a new Management Server

ncli> managementserver { add } name="name" url="url" username="username"
password="password" [ type="type" ]
Required arguments
name
Name of the Management Server
url
Access URL of the Management Server
username
Username for access to the Management Server
password
Password for access to the Management Server
Optional arguments
type
Hypervisor type of the Management Server
Default: vmware

Add a new Management Server

ncli> managementserver { edit | update } name="name" [ url="url" ][
username="username" ][ password="password" ]
Required arguments
name
Name of the Management Server
Optional arguments

AOS | Nutanix Command-Line Interface (nCLI) | 161

url
Access URL of the Management Server
username
Username for access to the Management Server
password
Password for access to the Management Server, Depreciated for EXSi and AHV.

List Management Servers

ncli> managementserver { list | ls }[ name="name" ]
Required arguments
None
Optional arguments
name
Name of the Management Server

Returns a list of information for management servers which are used for managing the cluster.
ncli> managementserver { list-management-server-info }
Required arguments
None

Create and register a management server extension for Nutanix.

ncli> managementserver { register } ip-address="ip_address" port="port" admin-
username="admin_username" admin-password="admin_password"
Required arguments
ip-address
Address of the management server.
port
Port of the management server.
admin-username
Administrator username of the management server.
admin-password
Administrator password of the management server.

Delete a Management Server

ncli> managementserver { remove | rm } name="name"
Required arguments
name
Name of the Management Server

Unregister the management server extension for Nutanix.

ncli> managementserver { unregister } ip-address="ip_address" port="port" admin-
username="admin_username" admin-password="admin_password"
Required arguments
ip-address
Address of the management server.
port

AOS | Nutanix Command-Line Interface (nCLI) | 162

Port of the management server.
admin-username
Administrator username of the management server.
admin-password
Administrator password of the management server.

multicluster: Multicluster
Description A Nutanix Management Console to manage multiple clusters
Alias
Operations
• Get cluster state : get-cluster-state
• Register the cluster with Prism Central asynchronously : register-to-prism-
central

• Remove from multicluster : remove-from-multicluster

Get cluster state

ncli> multicluster { get-cluster-state }[ cluster-id="cluster_id" ]
Required arguments
None
Optional arguments
cluster-id
Id of the cluster

Register the cluster with Prism Central asynchronously.

ncli> multicluster { register-to-prism-central } username="username"
password="password" [ external-ip-address-or-svm-ips="external_ip_address_or_svm_ips"
][ multicluster-fqdn="multicluster_fqdn" ]
Required arguments
username
username
password
password
Optional arguments
external-ip-address-or-svm-ips
External IP address or list of SVM IP addresses
multicluster-fqdn
Fully qualified domain name of multicluster

Remove from multicluster

ncli> multicluster { remove-from-multicluster } username="username"
password="password" [ external-ip-address-or-svm-ips="external_ip_address_or_svm_ips"
][ multicluster-fqdn="multicluster_fqdn" ][ force="force" ][ local_only="{ true |
false }" ][ skip_prechecks="{ true | false }" ][ skip_data_cleanup="{ true | false }"
][ cleanup_only="cleanup_only" ][ prechecks_only="prechecks_only" ][ cluster-
id="cluster_id" ]

AOS | Nutanix Command-Line Interface (nCLI) | 163

Required arguments
username
username
password
password
Optional arguments
external-ip-address-or-svm-ips
External IP address or list of SVM IP addresses
multicluster-fqdn
Fully qualified domain name of multicluster
force
Forcefully perform the requested operation skipping any constraint validation
Default: false
local_only
If remote is unreachable, perform unregistration locally
Default: false
skip_prechecks
Whether to skip execution of prechecks for PC-PE Unregistration
Default: false
skip_data_cleanup
Whether to skip data cleanup post PC-PE Unregistration
Default: true
cleanup_only
Whether to perform cleanup only operation post PC-PE Unregistration
Default: false
prechecks_only
Whether to perform precheck only for PC-PE Unregistration
Default: false
cluster-id
Id of the cluster

network: Network
Description Network specific commands
Alias net

AOS | Nutanix Command-Line Interface (nCLI) | 164

Operations
• Add an SNMP Profile : add-snmp-profile
• Add a switch configuration : add-switch-config
• Delete an SNMP Profile : delete-snmp-profile
• Delete a switch configuration : delete-switch-config
• Diable QoS if enabled, for all traffic types : disable-qos
• Edit one or more QoS traffic types (mgmt and data service) : edit-qos
• Update an SNMP Profile : edit-snmp-profile
• Update a switch collector configuration : edit-switch-collector-config
• Update a switch configuration : edit-switch-config
• Enable QoS if not enabled : enable-qos
• Gets QoS configuration status along with any specific DSCP value for any specific
traffic type if configured : get-qos
• Get switch collector configuration : get-switch-collector-config
• List all host interfaces : list-host-nics
• List all host virtual interfaces : list-host-vnics
• List all SNMP Profiles : list-snmp-profile
• List all switches information : list-switch
• List all switch interfaces information : list-switch-ports
• List all VM virtual Nics : list-vm-nics

Add an SNMP Profile

ncli> network { add-snmp-profile } name="name" [ uuid="uuid" ][ default="default"
][ version="version" ][ community="community" ][ level="level" ][ username="username"
][ auth-type="auth_type" ][ auth-key="auth_key" ][ priv-type="priv_type" ][ priv-
key="priv_key" ]
Required arguments
name
SNMP profile name
Optional arguments
uuid
SNMP profile UUID
default
Used as Default SNMP profile
version
SNMP version [snmpv2c, snmpv3]
community
SNMP community string. Used for snmpv2c only. If not set, default to "public"
level
SNMP security level [NoAuthNoPriv, AuthnoPriv, AuthPriv].

AOS | Nutanix Command-Line Interface (nCLI) | 165

username
SNMP username
auth-type
SNMP authentication type [SHA]
auth-key
SNMP authentication key
priv-type
SNMP encryption type [AES or DES]
priv-key
SNMP encryption key

Add a switch configuration

ncli> network { add-switch-config }[ switch-id="switch_id" ][ switch-
address="switch_address" ][ switch-address-value="switch_address_value" ][ snmp-
profile-name="snmp_profile_name" ][ host-addresses="host_addresses" ][ host-address-
list="host_address_list" ][ version="version" ][ community="community" ][ level="level"
][ username="username" ][ auth-type="auth_type" ][ auth-key="auth_key" ][ priv-
type="priv_type" ][ priv-key="priv_key" ]
Required arguments
None
Optional arguments
switch-id
Switch ID
switch-address
Switch address
switch-address-value
Switch address IPv4 only
snmp-profile-name
SNMP profile name to apply on switch config
host-addresses
List of comma-separated Host addresses which is connected to this switch IPv4 only
host-address-list
List of dictionary containing Host addresses(ipv4/ipv6) which is connected to this switch
version
SNMP version [snmpv2c, snmpv3]
community
SNMP community string. Used for snmpv2c only. If not set, default to "public"
level
SNMP security level [NoAuthNoPriv, AuthnoPriv, AuthPriv].
username
SNMP username
auth-type
SNMP authentication type [SHA]
auth-key

AOS | Nutanix Command-Line Interface (nCLI) | 166

SNMP authentication key
priv-type
SNMP encryption type [AES or DES]
priv-key
SNMP encryption key

Delete an SNMP Profile

ncli> network { delete-snmp-profile } uuid="uuid"
Required arguments
uuid
UUID of the SNMP Profile

Delete a switch configuration

ncli> network { delete-switch-config } switch-id="switch_id"
Required arguments
switch-id
ID of the switch

Diable QoS if enabled, for all traffic types.

ncli> network { disable-qos }
Required arguments
None

Edit one or more QoS traffic types (mgmt and data service). The values provided are considered
as hexadecimal whether they are provided with prefix '0x' or not.
ncli> network { edit-qos }[ mgmt="mgmt" ][ data-svc="data_svc" ]
Required arguments
None
Optional arguments
mgmt
value of mgmt traffic
data-svc
value of data services traffic

Update an SNMP Profile

ncli> network { edit-snmp-profile } uuid="uuid" [ name="name" ][ default="default"
][ version="version" ][ community="community" ][ level="level" ][ username="username"
][ auth-type="auth_type" ][ auth-key="auth_key" ][ priv-type="priv_type" ][ priv-
key="priv_key" ]
Required arguments
uuid
SNMP profile UUID
Optional arguments
name
SNMP profile name
default

AOS | Nutanix Command-Line Interface (nCLI) | 167

Used as Default SNMP profile
version
SNMP version [snmpv2c, snmpv3]
community
SNMP community string. Used for snmpv2c only. If not set, default to "public"
level
SNMP security level [NoAuthNoPriv, AuthnoPriv, AuthPriv].
username
SNMP username
auth-type
SNMP authentication type [SHA]
auth-key
SNMP authentication key
priv-type
SNMP encryption type [AES or DES]
priv-key
SNMP encryption key

Update a switch collector configuration

ncli> network { edit-switch-collector-config }[ enabled="{ true | false }" ][
schedule-interval-in-secs="schedule_interval_in_secs" ][ schedule-discovery-in-
secs="schedule_discovery_in_secs" ]
Required arguments
None
Optional arguments
enabled
Enable/Disable switch collector
schedule-interval-in-secs
Scheduled interval to collect the switch stats (in seconds)
schedule-discovery-in-secs
Switch discovery interval (in seconds)

Update a switch configuration

ncli> network { edit-switch-config } switch-id="switch_id" [ switch-
address="switch_address" ][ switch-address-value="switch_address_value" ][ snmp-
profile-name="snmp_profile_name" ][ host-addresses="host_addresses" ][ host-address-
list="host_address_list" ][ version="version" ][ community="community" ][ level="level"
][ username="username" ][ auth-type="auth_type" ][ auth-key="auth_key" ][ priv-
type="priv_type" ][ priv-key="priv_key" ]
Required arguments
switch-id
Switch ID
Optional arguments
switch-address
Switch address

AOS | Nutanix Command-Line Interface (nCLI) | 168

switch-address-value
Switch address IPv4 only
snmp-profile-name
SNMP profile name to apply on switch config
host-addresses
List of comma-separated Host addresses which is connected to this switch IPv4 only
host-address-list
List of dictionary containing Host addresses(ipv4/ipv6) which is connected to this switch
version
SNMP version [snmpv2c, snmpv3]
community
SNMP community string. Used for snmpv2c only. If not set, default to "public"
level
SNMP security level [NoAuthNoPriv, AuthnoPriv, AuthPriv].
username
SNMP username
auth-type
SNMP authentication type [SHA]
auth-key
SNMP authentication key
priv-type
SNMP encryption type [AES or DES]
priv-key
SNMP encryption key

Enable QoS if not enabled. It sets default values of 0x10 to mgmt and 0xa to data services traffics
unless thier values are explicitly provided. The values provided are considered hexadecimal
whether they have prefix '0x' or not.
ncli> network { enable-qos }[ mgmt="mgmt" ][ data-svc="data_svc" ]
Required arguments
None
Optional arguments
mgmt
value of mgmt traffic
data-svc
value of data services traffic

Gets QoS configuration status along with any specific DSCP value for any specific traffic type if
configured.
ncli> network { get-qos }
Required arguments
None

AOS | Nutanix Command-Line Interface (nCLI) | 169

Get switch collector configuration
ncli> network { get-switch-collector-config }
Required arguments
None

List all host interfaces

ncli> network { list-host-nics } host-id="host_id" [ pnic-id="pnic_id" ]
Required arguments
host-id
ID of the Host
Optional arguments
pnic-id
ID of Host Nic

List all host virtual interfaces

ncli> network { list-host-vnics } host-id="host_id" [ host-vnic-id="host_vnic_id" ]
Required arguments
host-id
ID of the Host
Optional arguments
host-vnic-id
ID of Host Virtual Nic

List all SNMP Profiles

ncli> network { list-snmp-profile }[ uuid="uuid" ]
Required arguments
None
Optional arguments
uuid
UUID of the SNMP Profile

List all switches information

ncli> network { list-switch }[ switch-id="switch_id" ][ config-only="config_only" ]
Required arguments
None
Optional arguments
switch-id
ID of the switch
config-only
Config-only flag

List all switch interfaces information

ncli> network { list-switch-ports } switch-id="switch_id" [ port-id="port_id" ]
Required arguments
switch-id
ID of the switch

AOS | Nutanix Command-Line Interface (nCLI) | 170

Optional arguments
port-id
port ID of the switch interface

List all VM virtual Nics

ncli> network { list-vm-nics } vm-id="vm_id" [ vnic-id="vnic_id" ]
Required arguments
vm-id
ID of the VM
Optional arguments
vnic-id
ID of VM Nic

nutanix-guest-tools: Nutanix Guest Tools

Description Admin commands for Nutanix Guest Tools
Alias ngt

Operations
• Delete Nutanix Guest Tools : delete
• Disable Nutanix Guest Tools : disable
• Disable Applications in Nutanix Guest Tools : disable-applications
• Enable Nutanix Guest Tools : enable
• Enable Applications in Nutanix Guest Tools : enable-applications
• Get Nutanix Guest Tools : get
• List Nutanix Guest Tools : list
• List applications supported by Nutanix Guest Tools : list-applications
• Mount Nutanix Guest Tools : mount
• Unmount Nutanix Guest Tools : unmount

Delete Nutanix Guest Tools

ncli> nutanix-guest-tools { delete } vm-id="vm_id"
Required arguments
vm-id
ID of the Virtual Machine

Disable Nutanix Guest Tools

ncli> nutanix-guest-tools { disable } vm-id="vm_id"
Required arguments
vm-id
ID of the Virtual Machine

Disable Applications in Nutanix Guest Tools

ncli> nutanix-guest-tools { disable-applications } vm-id="vm_id" application-
names="application_names"

AOS | Nutanix Command-Line Interface (nCLI) | 171

Required arguments
vm-id
ID of the Virtual Machine
application-names
Comma-separated list of application names in Nutanix Guest Tools

Enable Nutanix Guest Tools

ncli> nutanix-guest-tools { enable } vm-id="vm_id" [ application-
names="application_names" ]
Required arguments
vm-id
ID of the Virtual Machine
Optional arguments
application-names
Comma-separated list of application names in Nutanix Guest Tools

Enable Applications in Nutanix Guest Tools

ncli> nutanix-guest-tools { enable-applications } vm-id="vm_id" application-
names="application_names"
Required arguments
vm-id
ID of the Virtual Machine
application-names
Comma-separated list of application names in Nutanix Guest Tools

Get Nutanix Guest Tools

ncli> nutanix-guest-tools { get } vm-id="vm_id"
Required arguments
vm-id
Id of Virtual machine

List Nutanix Guest Tools

ncli> nutanix-guest-tools { list }[ application-names="application_names" ][ vm-
names="vm_names" ]
Required arguments
None
Optional arguments
application-names
Comma separated list of application names. If no application name given all entities will be
returned.
vm-names
Comma separated list of vm names.

List applications supported by Nutanix Guest Tools

ncli> nutanix-guest-tools { list-applications }
Required arguments
None

AOS | Nutanix Command-Line Interface (nCLI) | 172

Mount Nutanix Guest Tools
ncli> nutanix-guest-tools { mount } vm-id="vm_id"
Required arguments
vm-id
ID of the Virtual Machine

Unmount Nutanix Guest Tools

ncli> nutanix-guest-tools { unmount } vm-id="vm_id"
Required arguments
vm-id
ID of the Virtual Machine

progress-monitor: Progress Monitor

Description Monitor progress of long running tasks
Alias
Operations
• Remove a specific Progress Monitor : delete | remove
• List all or specific Progress Monitors : list | ls

Remove a specific Progress Monitor

ncli> progress-monitor { delete | remove } id="id"
Required arguments
id
Id of the progress monitor to be deleted

List all or specific Progress Monitors

ncli> progress-monitor { list | ls }[ operation="operation" ][ entity="entity" ][
entity-id="entity_id" ][ verbose="verbose" ][ has-fanout-details="has_fanout_details" ]
Required arguments
None
Optional arguments
operation
Operation to be monitored
entity
Entity (for example: VM, VDisk etc.)
entity-id
ID of Entity to be monitored
verbose
Set verbose to get detailed information
Default: false
has-fanout-details
Returns Fanout tasks details
Default: false

AOS | Nutanix Command-Line Interface (nCLI) | 173

protection-domain: Protection domain
Description A protection domain to be used for Data Protection
Alias pd

AOS | Nutanix Command-Line Interface (nCLI) | 174

Operations
• Abort replications of a Protection domain : abort-replication | abort-repl
• Mark Protection domain as active : activate
• Add a daily snapshot schedule to a Protection domain : add-daily-schedule
• Add an hourly snapshot schedule to a Protection domain : add-hourly-schedule
• Add an minutely snapshot schedule to a Protection domain : add-minutely-
schedule

• Add a monthly snapshot schedule to a Protection domain : add-monthly-schedule

• Create a new out of band snapshot schedule in a Protection domain to take a
snapshot at a specified time : add-one-time-snapshot | create-one-time-
snapshot

• Add a secondly snapshot schedule to a Protection domain : add-secondly-

schedule

• Add a weekly snapshot schedule to a Protection domain : add-weekly-schedule

• Clear retention policies for snapshot schedules of a Protection domain : clear-
retention-policy

• Remove all snapshot schedules from a Protection domain : clear-schedules

• Create a new active Protection domain : create | add
• List all Protection domains : list | ls
• Get the status of replication in a Protection domain : list-replication-status |
ls-repl-status

• List Snapshots of a Protection domain : list-snapshots | ls-snaps

• List all pending actions for Protection domains : ls-pending-actions
• List out of band snapshot schedules of Protection domains : ls-pending-one-
time-snapshots

• List the snapshot schedules of a Protection domain : ls-schedules

• Disable metro availability for a specific Protection domain : metro-avail-disable
• Enable metro availability for a specific Protection domain : metro-avail-enable
• Mark Protection domain as inactive and failover to the specified Remote Site :
migrate

• Pause replications of a Protection domain : pause-replication | pause-repl

• Promote to active metro availability role for a Protection domain : promote-to-
active

• Add Virtual Machines and NFS files to a Protection domain : protect

• Realize the latest snapshot or the snapshot at time in usecs in a Protection domain :
realize-snapshot

• Mark a Protection domain for removal : remove | rm

• Remove a snapshot schedule from a Protection domain : remove-from-schedules
• Restore Virtual Machines and/or NFS files in a Snapshot : restore-snapshot
• Resume previously paused replications of a Protection domain : resume-
replication | resume-repl
AOS | Nutanix Command-Line Interface (nCLI) | 175
• Resume all schedules in the Protection domain : resume-schedules
Abort replications of a Protection domain
ncli> protection-domain { abort-replication | abort-repl } name="name"
replication-ids="replication_ids"
Required arguments
name
Name of the Protection domain
replication-ids
List of comma-separated identifier of replications

Mark Protection domain as active

ncli> protection-domain { activate } name="name" [ snap-id="snap_id" ]
Required arguments
name
Name of the Protection domain
Optional arguments
snap-id
Id of the Snapshot to be restored while making Protection domain as active. By default,
latest snapshot is restored.
Default: -1

Add a daily snapshot schedule to a Protection domain

ncli> protection-domain { add-daily-schedule } name="name" [ start-
time="start_time" ][ end-time="end_time" ][ every-nth-day="every_nth_day" ][ local-
retention="local_retention" ][ remote-retention="remote_retention" ][ app-consistent-
snapshots="app_consistent_snapshots" ]
Required arguments
name
Name of the Protection domain
Optional arguments
start-time
Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which the schedule become active. If
not specified, schedule will become active immediately
end-time
Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which the schedule become inactive.
If not specified, schedule will be active indefinitely
every-nth-day
Repeat the daily schedule every nth day
Default: 1
local-retention
Maximum number of snapshots to retain locally
Default: 1
remote-retention
Comma-separated entries in the form of <remote_site_name>:<quantity> to specify the
remote sites' retention policies for the schedule.
app-consistent-snapshots

AOS | Nutanix Command-Line Interface (nCLI) | 176

Whether Consistency group created for Virtual Machine performs application consistent
snapshots. Such special Consistency group can contain one and only one Virtual Machine
Default: false

Add an hourly snapshot schedule to a Protection domain

ncli> protection-domain { add-hourly-schedule } name="name" [ start-
time="start_time" ][ end-time="end_time" ][ every-nth-hour="every_nth_hour" ][ local-
retention="local_retention" ][ remote-retention="remote_retention" ][ app-consistent-
snapshots="app_consistent_snapshots" ]
Required arguments
name
Name of the Protection domain
Optional arguments
start-time
Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which the schedule become active. If
not specified, schedule will become active immediately
end-time
Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which the schedule become inactive.
If not specified, schedule will be active indefinitely
every-nth-hour
Repeat the hourly schedule every nth hour
Default: 1
local-retention
Maximum number of snapshots to retain locally
Default: 1
remote-retention
Comma-separated entries in the form of <remote_site_name>:<quantity> to specify the
remote sites' retention policies for the schedule.
app-consistent-snapshots
Whether Consistency group created for Virtual Machine performs application consistent
snapshots. Such special Consistency group can contain one and only one Virtual Machine
Default: false

Add an minutely snapshot schedule to a Protection domain

ncli> protection-domain { add-minutely-schedule } name="name" [ start-
time="start_time" ][ end-time="end_time" ][ every-nth-minute="every_nth_minute" ][ local-
retention="local_retention" ][ remote-retention="remote_retention" ][ local-retention-
type="local_retention_type" ][ remote-retention-type="remote_retention_type" ][ app-
consistent-snapshots="app_consistent_snapshots" ]
Required arguments
name
Name of the Protection domain
Optional arguments
start-time
Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which the schedule become active. If
not specified, schedule will become active immediately

AOS | Nutanix Command-Line Interface (nCLI) | 177

end-time
Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which the schedule become inactive.
If not specified, schedule will be active indefinitely
every-nth-minute
Repeat the minutely schedule every nth minute
Default: 1
local-retention
Maximum number of snapshots to retain or days/weeks/months a snapshot is to be
retained locally.
Default: 1
remote-retention
Comma-separated entries in the form of <remote_site_name>:<quantity/period> to specify
the remote sites' retention policies for the schedule. Quantity corresponds to maximum
number of snapshots to retain and period is number of days/weeks/months for which a
snapshot is to be retained remotely. Default value is 1 for a remote site
local-retention-type
Type of Local Retention (DAYS | WEEKS | MONTHS | NUM_SNAPSHOTS)
Default: NUM_SNAPSHOTS
remote-retention-type
Comma-separated entries in the form of <remote_site_name>:<retention_type> to specify
the remote sites' retention types for the schedule.Type of Remote Retention can be
anything from (DAYS | WEEKS | MONTHS | NUM_SNAPSHOTS)
app-consistent-snapshots
Whether Consistency group created for Virtual Machine performs application consistent
snapshots. Such special Consistency group can contain one and only one Virtual Machine
Default: false

Add a monthly snapshot schedule to a Protection domain

ncli> protection-domain { add-monthly-schedule } name="name" [ days-of-
month="days_of_month" ][ start-time="start_time" ][ end-time="end_time" ][ local-
retention="local_retention" ][ remote-retention="remote_retention" ][ app-consistent-
snapshots="app_consistent_snapshots" ][ timezone="timezone" ]
Required arguments
name
Name of the Protection domain
Optional arguments
days-of-month
Comma-separated day of month values for the schedule: 1-31
start-time
Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which the schedule become active. If
not specified, schedule will become active immediately
end-time
Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which the schedule become inactive.
If not specified, schedule will be active indefinitely
local-retention
Maximum number of snapshots to retain locally

AOS | Nutanix Command-Line Interface (nCLI) | 178

Default: 1
remote-retention
Comma-separated entries in the form of <remote_site_name>:<quantity> to specify the
remote sites' retention policies for the schedule.
app-consistent-snapshots
Whether Consistency group created for Virtual Machine performs application consistent
snapshots. Such special Consistency group can contain one and only one Virtual Machine
Default: false
timezone
Timezone of the time values specified. (e.g: PST, America/Los_Angeles, GMT-8:00)
Default: GMT

Create a new out of band snapshot schedule in a Protection domain to take a snapshot at a
specified time
ncli> protection-domain { add-one-time-snapshot | create-one-time-snapshot
} name="name" [ snap-time="snap_time" ][ remote-sites="remote_sites" ][ retention-
time="retention_time" ][ app-consistent-snapshots="app_consistent_snapshots" ]
Required arguments
name
Name of the Protection domain
Optional arguments
snap-time
Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which snapshot is to be taken. If not
specified, snapshot will be taken immediately
remote-sites
Comma-separated list of Remote Site to which snapshots are replicated. If not specified,
remote replication is not performed
retention-time
Number of seconds to retain the snapshot. Aged snapshots will be garbage collected. By
default, snapshot is retained forever
app-consistent-snapshots
Whether Consistency group created for Virtual Machine performs application consistent
snapshots. Such special Consistency group can contain one and only one Virtual Machine
Default: false

Add a secondly snapshot schedule to a Protection domain

ncli> protection-domain { add-secondly-schedule } name="name" [ start-
time="start_time" ][ end-time="end_time" ][ every-nth-second="every_nth_second" ][
local-retention="local_retention" ][ remote-retention="remote_retention" ][ local-
retention-type="local_retention_type" ][ remote-retention-type="remote_retention_type" ][
app-consistent-snapshots="app_consistent_snapshots" ]
Required arguments
name
Name of the Protection domain
Optional arguments
start-time

AOS | Nutanix Command-Line Interface (nCLI) | 179

Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which the schedule become active. If
not specified, schedule will become active immediately
end-time
Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which the schedule become inactive.
If not specified, schedule will be active indefinitely
every-nth-second
Repeat the secondly schedule every nth second
Default: 15
local-retention
Maximum number of snapshots to retain or days/weeks/months a snapshot is to be
retained locally.
Default: 1
remote-retention
Comma-separated entries in the form of <remote_site_name>:<quantity/period> to specify
the remote sites' retention policies for the schedule. Quantity corresponds to maximum
number of snapshots to retain and period is number of days/weeks/months for which a
snapshot is to be retained remotely. Default value is 1 for a remote site
local-retention-type
Type of Local Retention (DAYS | WEEKS | MONTHS | NUM_SNAPSHOTS)
Default: NUM_SNAPSHOTS
remote-retention-type
Comma-separated entries in the form of <remote_site_name>:<retention_type> to specify
the remote sites' retention types for the schedule.Type of Remote Retention can be
anything from (DAYS | WEEKS | MONTHS | NUM_SNAPSHOTS)
app-consistent-snapshots
Whether Consistency group created for Virtual Machine performs application consistent
snapshots. Such special Consistency group can contain one and only one Virtual Machine
Default: false

Add a weekly snapshot schedule to a Protection domain

ncli> protection-domain { add-weekly-schedule } name="name" [ days-of-
week="days_of_week" ][ start-time="start_time" ][ end-time="end_time" ][ local-
retention="local_retention" ][ remote-retention="remote_retention" ][ app-consistent-
snapshots="app_consistent_snapshots" ][ timezone="timezone" ]
Required arguments
name
Name of the Protection domain
Optional arguments
days-of-week
Comma-separated day of week values for the schedule: 1-7 (starts with Sunday(1)), or
(sun | mon | tue | wed | thu | fri | sat)
start-time
Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which the schedule become active. If
not specified, schedule will become active immediately
end-time

AOS | Nutanix Command-Line Interface (nCLI) | 180

Specify time in format MM/dd/yyyy [HH:mm:ss [z]] at which the schedule become inactive.
If not specified, schedule will be active indefinitely
local-retention
Maximum number of snapshots to retain locally
Default: 1
remote-retention
Comma-separated entries in the form of <remote_site_name>:<quantity> to specify the
remote sites' retention policies for the schedule.
app-consistent-snapshots
Whether Consistency group created for Virtual Machine performs application consistent
snapshots. Such special Consistency group can contain one and only one Virtual Machine
Default: false
timezone
Timezone of the time values specified. (e.g: PST, America/Los_Angeles, GMT-8:00)
Default: GMT

Clear retention policies for snapshot schedules of a Protection domain

ncli> protection-domain { clear-retention-policy } name="name" id="id"
Required arguments
name
Name of the Protection domain
id
ID of a cron schedule of a Protection domain

Remove all snapshot schedules from a Protection domain

ncli> protection-domain { clear-schedules } name="name"
Required arguments
name
Name of the Protection domain

Create a new active Protection domain

ncli> protection-domain { create | add } name="name"
Required arguments
name
Name of the Protection domain

List all Protection domains

ncli> protection-domain { list | ls }[ name="name" ][ metro-avail="metro_avail"
][ vstore-name="vstore_name" ][ remote-site="remote_site" ][ forward-to-remote-
site="forward_to_remote_site" ]
Required arguments
None
Optional arguments
name
Name of the Protection domain
metro-avail

AOS | Nutanix Command-Line Interface (nCLI) | 181

Whether the Protection domain is stretched or not
vstore-name
Name of a VStore
remote-site
Name of the Remote Site
forward-to-remote-site
Name of the Remote Site to get the PD details

Get the status of replication in a Protection domain

ncli> protection-domain { list-replication-status | ls-repl-status }[
name="name" ]
Required arguments
None
Optional arguments
name
Name of the Protection domain

List Snapshots of a Protection domain

ncli> protection-domain { list-snapshots | ls-snaps }[ name="name" ][ snap-
id="snap_id" ][ state="state" ][ oob-schedule-id="oob_schedule_id" ][ count="count" ]
Required arguments
None
Optional arguments
name
Name of the Protection domain
snap-id
Id of the Snapshot
state
State of the Snapshot
oob-schedule-id
Id of the out of band schedule that created the Snapshot
count
Count of the Protection domains to be displayed. (default = 100 Protection domains)
Default: 100

List all pending actions for Protection domains

ncli> protection-domain { ls-pending-actions }[ name="name" ]
Required arguments
None
Optional arguments
name
Name of the Protection domain

AOS | Nutanix Command-Line Interface (nCLI) | 182

List out of band snapshot schedules of Protection domains
ncli> protection-domain { ls-pending-one-time-snapshots }[ name="name" ]
Required arguments
None
Optional arguments
name
Name of the Protection domain

List the snapshot schedules of a Protection domain

ncli> protection-domain { ls-schedules } name="name" [ timezone-
offset="timezone_offset" ]
Required arguments
name
Name of the Protection domain
Optional arguments
timezone-offset
Timezone offset in seconds w.r.t GMT. (e.g: GMT+1:00 => 3600)

Disable metro availability for a specific Protection domain

ncli> protection-domain { metro-avail-disable } name="name" [ skip-remote-
check="{ true | false }" ][ force-disable-decoupled-pd="force_disable_decoupled_pd" ]
Required arguments
name
Name of the Protection domain
Optional arguments
skip-remote-check
Skip checking remoteProtection domain
Default: false
force-disable-decoupled-pd
Force disable for decoupled protection domain
Default: false

Enable metro availability for a specific Protection domain

ncli> protection-domain { metro-avail-enable } name="name" [ ctr-name="ctr_name"
][ remote-site="remote_site" ][ re-enable="{ true | false }" ][ skip-remote-check="{ true |
false }" ][ failure-handling="failure_handling" ]
Required arguments
name
Name of the Protection domain
Optional arguments
ctr-name
Name of the Storage Container
remote-site
Name of the Remote Site
re-enable

AOS | Nutanix Command-Line Interface (nCLI) | 183

Resynchronize operation.
Default: false
skip-remote-check
Skip checking remoteProtection domain
Default: false
failure-handling
Failure handling mode (Modes : [Automatic, Manual, Witness])

Mark Protection domain as inactive and failover to the specified Remote Site
ncli> protection-domain { migrate } name="name" remote-site="remote_site" [ skip-
vm-mobility-check="{ true | false }" ]
Required arguments
name
Name of the Protection domain
remote-site
Remote Site to be used for planned failover
Optional arguments
skip-vm-mobility-check
Skip the vm mobility check while migrating a Protection domain

Pause replications of a Protection domain

ncli> protection-domain { pause-replication | pause-repl } name="name"
replication-ids="replication_ids"
Required arguments
name
Name of the Protection domain
replication-ids
List of comma-separated identifier of replications

Promote to active metro availability role for a Protection domain

ncli> protection-domain { promote-to-active } name="name" [ skip-remote-
check="{ true | false }" ][ skip-clones-check="{ true | false }" ]
Required arguments
name
Name of the Protection domain
Optional arguments
skip-remote-check
Skip checking remoteProtection domain
Default: false
skip-clones-check
This forcefully performs enable/re-enable operation if there exists test clones mounted
on the cluster. It is also used to skip clones check on the old primary site during promote
operation. This option should only be used for backup workflows.
Default: false

AOS | Nutanix Command-Line Interface (nCLI) | 184

Add Virtual Machines and NFS files to a Protection domain
ncli> protection-domain { protect } name="name" [ vm-names="vm_names" ][
vm-ids="vm_ids" ][ volume-group-uuids="volume_group_uuids" ][ host-id="host_id"
][ files="files" ][ cg-name="cg_name" ][ ignore-duplicates="ignore_duplicates" ][
app-consistent-snapshots="app_consistent_snapshots" ][ auto-protect-related-
entities="auto_protect_related_entities" ]
Required arguments
name
Name of the Protection domain
Optional arguments
vm-names
Comma-separated list of Virtual Machine names to be added in Protection domain
vm-ids
Comma-separated list of Virtual Machine ids to be added in Protection domain
volume-group-uuids
UUIDs of the Volume Groups
host-id
Add all Virtual Machines in a Physical Host to a Protection domain
files
Comma-separated list of NFS files to be added in Protection domain
cg-name
Name of the Consistency group to which Virtual Machines are added. If not specified, each
Virtual Machines is added to a Consistency group which has same name as the Virtual
Machine name
ignore-duplicates
Whether to ignore if any of the specified Virtual Machines already exist in the specified
Protection domain
Default: true
app-consistent-snapshots
Whether Consistency group created for Virtual Machine performs application consistent
snapshots. Such special Consistency group can contain one and only one Virtual Machine
Default: false
auto-protect-related-entities
Whether the related entities need to be auto-protected
Default: false

Realize the latest snapshot or the snapshot at time in usecs in a Protection domain
ncli> protection-domain { realize-snapshot } name="name" [ snapshot-create-time-
usecs="snapshot_create_time_usecs" ]
Required arguments
name
Name of the Protection Domain
Optional arguments
snapshot-create-time-usecs
Create time of the snapshot to be realized.

AOS | Nutanix Command-Line Interface (nCLI) | 185

Mark a Protection domain for removal. Protection domain will be removed from the appliance
when all outstanding operations on it are cancelled
ncli> protection-domain { remove | rm } name="name" [ skip-remote-check="{ true |
false }" ]
Required arguments
name
Name of the Protection domain
Optional arguments
skip-remote-check
Skip checking remoteProtection domain
Default: false

Remove a snapshot schedule from a Protection domain

ncli> protection-domain { remove-from-schedules } name="name" id="id"
Required arguments
name
Name of the Protection domain
id
ID of a cron schedule of a Protection domain

Restore Virtual Machines and/or NFS files in a Snapshot

ncli> protection-domain { restore-snapshot } name="name" [ vm-names="vm_names"
][ vm-uuids="vm_uuids" ][ files="files" ][ volume-group-uuids="volume_group_uuids"
][ path-prefix="path_prefix" ][ vm-name-prefix="vm_name_prefix" ][ vg-name-
prefix="vg_name_prefix" ][ snap-id="snap_id" ]
Required arguments
name
Name of the Protection Domain
Optional arguments
vm-names
Names of VM to be restored.
vm-uuids
Uuids of VM to be restored.
files
Names of NFS files to be restored
volume-group-uuids
UUIDs of Volume Groups to be restored
path-prefix
Path prefix to be applied for cloning VMs. It is recommended to not use path_prefix while
restoring a virtual machine or volume group.
vm-name-prefix
Name prefix to be applied for cloning VMs.
vg-name-prefix
Name prefix to be applied for cloning VGs.
snap-id

AOS | Nutanix Command-Line Interface (nCLI) | 186

Id of the snapshot to restore entities from.

Resume previously paused replications of a Protection domain

ncli> protection-domain { resume-replication | resume-repl } name="name"
replication-ids="replication_ids"
Required arguments
name
Name of the Protection domain
replication-ids
List of comma-separated identifier of replications

Resume all schedules in the Protection domain

ncli> protection-domain { resume-schedules } name="name"
Required arguments
name
Name of the Protection Domain

Retain snapshots forever of a Protection domain

ncli> protection-domain { retain-snapshot | retain-snap } name="name" snap-
ids="snap_ids"
Required arguments
name
Name of the Protection domain
snap-ids
List of comma-separated identifier of Snapshots

Remove out of band snapshot schedules from a Protection domain

ncli> protection-domain { rm-one-time-schedules } name="name" schedule-
ids="schedule_ids"
Required arguments
name
Name of the Protection domain
schedule-ids
List of comma-separated identifier of Out of band schedules

Remove snapshots of a Protection domain

ncli> protection-domain { rm-snapshot | rm-snap } name="name" [ snap-
ids="snap_ids" ][ clear-all="clear_all" ]
Required arguments
name
Name of the Protection domain
Optional arguments
snap-ids
List of comma-separated identifier of Snapshots
clear-all
Remove all snapshots
Default: false

AOS | Nutanix Command-Line Interface (nCLI) | 187

Rollback an active Protection domain to a snapshot
ncli> protection-domain { rollback-pd } name="name" snap-id="snap_id"
Required arguments
name
Name of the Protection domain
snap-id
Snapshot to which Protection domain is to be rollbacked

Set retention policies for snapshot schedules of a Protection domain

ncli> protection-domain { set-retention-policy } name="name" id="id" [ local-
retention="local_retention" ][ remote-retention="remote_retention" ][ local-retention-
type="local_retention_type" ][ remote-retention-type="remote_retention_type" ]
Required arguments
name
Name of the Protection domain
id
ID of a cron schedule of a Protection domain
Optional arguments
local-retention
Maximum number of snapshots to retain or days/weeks/months a snapshot is to be
retained locally.
remote-retention
Comma-separated entries in the form of <remote_site_name>:<quantity/period> to specify
the remote sites' retention policies for the schedule. Quantity corresponds to maximum
number of snapshots to retain and period is number of days/weeks/months for which a
snapshot is to be retained remotely. Default value is 1 for a remote site
local-retention-type
Type of Local Retention (DAYS | WEEKS | MONTHS | NUM_SNAPSHOTS)
Default: NUM_SNAPSHOTS
remote-retention-type
Comma-separated entries in the form of <remote_site_name>:<retention_type> to specify
the remote sites' retention types for the schedule.Type of Remote Retention can be
anything from (DAYS | WEEKS | MONTHS | NUM_SNAPSHOTS)

The data protection status of the Protection domain

ncli> protection-domain { status }
Required arguments
None

Suspend all schedules in the Protection domain

ncli> protection-domain { suspend-schedules } name="name"
Required arguments
name
Name of the Protection Domain

AOS | Nutanix Command-Line Interface (nCLI) | 188

Mark Virtual Machines and NFS files for removal from a given Protection domain. They will be
removed when all outstanding operations on them are completed/cancelled
ncli> protection-domain { unprotect } name="name" [ files="files" ][ vm-
names="vm_names" ][ vm-ids="vm_ids" ][ volume-group-uuids="volume_group_uuids" ]
Required arguments
name
Name of the Protection domain
Optional arguments
files
Comma-separated list of NFS files to be removed from Protection domain
vm-names
Comma-separated list of Virtual Machine name to be removed from Protection domain
vm-ids
Comma-separated list of Virtual Machine name to be removed from Protection domain
volume-group-uuids
UUIDs of the Volume Groups

Change failure handling mode for a protection domain

ncli> protection-domain { update-failure-handling } name="name" failure-
handling="failure_handling"
Required arguments
name
Name of the Protection domain
failure-handling
Failure handling mode (Modes : [Automatic, Manual, Witness])

pulse-config: Pulse Configuration

Description Configuration information used for Pulse setup
Alias
Operations
• Update Pulse Configuration : edit | update
• List Pulse Configuration : list | ls

Update Pulse Configuration

ncli> pulse-config { edit | update }[ enable="{ true | false }" ][ enable-default-
nutanix-email="{ true | false }" ][ support-verbosity-level="support_verbosity_level" ][
email-contacts="email_contacts" ]
Required arguments
None
Optional arguments
enable
Enable Pulse emails
enable-default-nutanix-email
Enable Pulse default Nutanix email

AOS | Nutanix Command-Line Interface (nCLI) | 189

support-verbosity-level
List Pulse Configuration
email-contacts
Comma-separated list of emails to be used while sending Pulse info. Set to '-' to clear all
the existing emails.

List Pulse Configuration

ncli> pulse-config { list | ls }
Required arguments
None

rackable-unit: Rackable unit

Description A rackable unit
Alias ru
Operations
• Edit a Rackable unit : edit | update
• List Rackable unit : list | ls
• Remove a Rackable unit : remove | rm

Edit a Rackable unit

ncli> rackable-unit { edit | update } id="id" location="location"
Required arguments
id
Id of the Rackable unit
location
Location of the Rackable unit

List Rackable unit

ncli> rackable-unit { list | ls }
Required arguments
None

Remove a Rackable unit

ncli> rackable-unit { remove | rm } id="id"
Required arguments
id
Id of the Rackable unit

remote-site: Remote Site

Description A remote cluster to be used for replicating data
Alias rs

AOS | Nutanix Command-Line Interface (nCLI) | 190

Operations
• Add bandwidth policy : add-bandwidth-schedule
• Add a network mapping : add-network-mapping
• Create a new Remote Site : create | add
• Edit a Remote Site : edit | update
• List Remote Sites : list | ls
• List schedules for bandwidth throttling : list-bandwidth-schedules
• List network mapping(s) corresponding to a remote site : list-network-mapping
• List networks corresponding to the local cluster or a remote site : list-networks
• List Snapshots of a Remote Site : list-snapshots | ls-snaps
• Mark a Remote Site for removal : remove | rm
• Remove a bandwidth schedule : remove-bandwidth-schedule
• Remove a network mapping : remove-network-mapping
• Download a snapshot from a Remote Site : retrieve-snapshot
• Remove snapshots of a Protection domain : rm-snapshot | rm-snap

Add bandwidth policy

ncli> remote-site { add-bandwidth-schedule } remote-site-name="remote_site_name"
[ days-of-week="days_of_week" ][ start-time="start_time" ][ end-time="end_time" ][ max-
bandwidth="max_bandwidth" ][ default-bandwidth="default_bandwidth" ]
Required arguments
remote-site-name
Name of the Remote Site
Optional arguments
days-of-week
Comma-separated day of week values for the policy: 1-7 (starts with Sunday(1)), or (sun |
mon | tue | wed | thu | fri | sat)
start-time
Specify time in format [hh:mm:ss aa] at which this bandwidth policy will start on a particular
day.
end-time
Specify time in format [hh:mm:ss aa] at which this bandwidth policy will end on a particular
day.
max-bandwidth
Maximum bandwidth for policy in kilobytes per second.
default-bandwidth
Maximum bandwidth (in kilobytes per sec) to be used while replicating to the remote site. If
not specified, restriction is not placed on maximum bandwidth used by replication

Add a network mapping

ncli> remote-site { add-network-mapping } remote-site-name="remote_site_name"
src-network="src_network" dest-network="dest_network"

AOS | Nutanix Command-Line Interface (nCLI) | 191

Required arguments
remote-site-name
Name of the Remote Site
src-network
Name of the source network
dest-network
Name of the destination network

Create a new Remote Site

ncli> remote-site { create | add } name="name" [ capabilities="capabilities"
][ enable-proxy="{ true | false }" ][ enable-ssh-tunnel="{ true | false }" ][
enable-compression="{ true | false }" ][ vstore-map="vstore_map" ][ remote-
dr-external-subnet="remote_dr_external_subnet" ][ dr-external-subnet-
addresses="dr_external_subnet_addresses" ][ address-list="address_list" ][
addresses="addresses" ]
Required arguments
name
Name of the Remote Site
Optional arguments
capabilities
Capabilities of the Remote Site; comma-separated values of (backup | disaster_recovery).
Backup sites only allow data backup, whereas disaster recovery allows the user to run
VMs in the event of a disaster.
enable-proxy
Boolean parameter to indicate whether the addresses specified in address-list can be used
as a proxy to communicate with other Nutanix components on the remote site
enable-ssh-tunnel
Boolean parameter to indicate whether the addresses specified in address-list can be
used as a SSH tunnel to communicate with other Nutanix components on the remote site.
Enabling SSH tunnel mode will also enable proxy mode
enable-compression
Enable or disable compression of data during replication
vstore-map
By default, data from a local vStore is replicated to a identically named vStore in the
remote site. To setup data replication from local vStore to remote vStore having different
names, provide comma-separated list of <local vStore>:<target vStore> mapping. Mapping
is not required if the names of local and target vStore are same
remote-dr-external-subnet
Remote DR external subnet of remote site
dr-external-subnet-addresses
Remote DR external subnet of remote site, subnet can be IPv4 or IPv6.
address-list
List of comma-separated addresses of the remote site. All addresses should be of format
<ip> or of format <ip:port>. Default port is used if the port number is not specified
addresses

AOS | Nutanix Command-Line Interface (nCLI) | 192

List of comma-separated IPv4/IPv6 addresses of the remote site. All addresses should be
of format <ip> or of format <ip4:port>/<[ip6]:port>. Default port is used if the port number is
not specified.

Edit a Remote Site

ncli> remote-site { edit | update } name="name" [ capabilities="capabilities"
][ enable-proxy="{ true | false }" ][ enable-ssh-tunnel="{ true | false }" ][ enable-
compression="{ true | false }" ][ address-add="address_add" ][ addresses-
add="addresses_add" ][ address-del="address_del" ][ addresses-del="addresses_del" ][
address-list="address_list" ][ addresses="addresses" ][ vstore-map-add="vstore_map_add"
][ vstore-map-del="vstore_map_del" ][ enable-bandwidth-policy="{ true | false }" ][
remote-dr-external-subnet="remote_dr_external_subnet" ][ dr-external-subnet-
addresses="dr_external_subnet_addresses" ]
Required arguments
name
Name of the Remote Site
Optional arguments
capabilities
Capabilities of the Remote Site; comma-separated values of (backup | disaster_recovery).
Backup sites only allow data backup, whereas disaster recovery allows the user to run
VMs in the event of a disaster.
enable-proxy
Boolean parameter to indicate whether the addresses specified in address-list can be used
as a proxy to communicate with other Nutanix components on the remote site
enable-ssh-tunnel
Boolean parameter to indicate whether the addresses specified in address-list can be
used as a SSH tunnel to communicate with other Nutanix components on the remote site.
Enabling SSH tunnel mode will also enable proxy mode
enable-compression
Enable or disable compression of data during replication
address-add
Address to be included in the remote site address list. Address should be of the format
<ip> or of the format <ip:port> and should conform to the format of the current remote site
address list
addresses-add
Address to be included in the remote site address list. Address should be of the format
<ipv4>/<ipv6> or of the format <ipv4:port>/<[ipv6]:port> and should conform to the format
of the current remote site address list
address-del
Address to be removed from the remote site address list. Port number, if provided, is
ignored
addresses-del
Address to be removed from the remote site address list. Port number, if provided, is
ignored
address-list
List of comma-separated addresses of the remote site. All addresses should be of format
<ip> or of format <ip:port>. Default port is used if the port number is not specified
addresses

AOS | Nutanix Command-Line Interface (nCLI) | 193

List of comma-separated IPv4/IPv6 addresses of the remote site. All addresses should be
of format <ip> or of format <ip4:port>/<[ip6]:port>. Default port is used if the port number is
not specified.
vstore-map-add
Entry of the form <local vStore>:<target vStore> to be included in the vStore replication
map. If mapping for a local vStore already exists, mapping is updated with the the new
target vStore
vstore-map-del
Entry of the form <local vStore>:<target vStore> to be removed from the vStore replication
map
enable-bandwidth-policy
Enable or Disable bandwidth policy
remote-dr-external-subnet
Remote DR external subnet of remote site
dr-external-subnet-addresses
Remote DR external subnet of remote site, subnet can be IPv4 or IPv6.

List Remote Sites

ncli> remote-site { list | ls }[ name="name" ]
Required arguments
None
Optional arguments
name
Name of the Remote Site

List schedules for bandwidth throttling.

ncli> remote-site { list-bandwidth-schedules } name="name"
Required arguments
name
Name of the Remote Site

List network mapping(s) corresponding to a remote site

ncli> remote-site { list-network-mapping } remote-site-name="remote_site_name"
Required arguments
remote-site-name
Name of the Remote Site

List networks corresponding to the local cluster or a remote site. If remote-site-name is provided
then networks corresponding to that remote site are returned else local cluster's networks are
returned
ncli> remote-site { list-networks }[ remote-site-name="remote_site_name" ]
Required arguments
None
Optional arguments
remote-site-name
Name of the Remote Site

AOS | Nutanix Command-Line Interface (nCLI) | 194

List Snapshots of a Remote Site
ncli> remote-site { list-snapshots | ls-snaps }[ name="name" ][ pd-
name="pd_name" ][ snap-id="snap_id" ][ state="state" ][ oob-schedule-
id="oob_schedule_id" ]
Required arguments
None
Optional arguments
name
Name of the Remote Site
pd-name
Name of the Protection domain
snap-id
Id of the Snapshot
state
State of the Snapshot
oob-schedule-id
Id of the out of band schedule that created the Snapshot

Mark a Remote Site for removal. Site will be removed from the appliance when all outstanding
operations that are using the remote site are cancelled
ncli> remote-site { remove | rm } name="name"
Required arguments
name
Name of the Remote Site

Remove a bandwidth schedule

ncli> remote-site { remove-bandwidth-schedule } name="name" [ schedule-
id="schedule_id" ][ remove-all-schedules="remove_all_schedules" ][ remove-default-
bandwidth-policy="remove_default_bandwidth_policy" ]
Required arguments
name
Name of the Remote Site
Optional arguments
schedule-id
Id of bandwidth schedule
remove-all-schedules
Remove all bandwidth schedules
Default: false
remove-default-bandwidth-policy
Remove default bandwidth policy
Default: false

Remove a network mapping

ncli> remote-site { remove-network-mapping } remote-site-name="remote_site_name"
src-network="src_network" dest-network="dest_network"
Required arguments

AOS | Nutanix Command-Line Interface (nCLI) | 195

remote-site-name
Name of the Remote Site
src-network
Name of the source network
dest-network
Name of the destination network

Remove snapshots of a Protection domain

ncli> remote-site { rm-snapshot | rm-snap } name="name" pd-name="pd_name" snap-
ids="snap_ids"
Required arguments
name
Name of the Remote Site
pd-name
Name of the Protection domain
snap-ids
List of comma-separated identifier of Snapshots

rsyslog-config: TLS configuration for RSyslog service

Description TLS configuration for RSyslog service
Alias

AOS | Nutanix Command-Line Interface (nCLI) | 196

Operations
• Create RSyslog Server Module : create-module | add-module
• Create RSyslog Configuration : create-server | add-server
• Remove RSyslog Server Module : delete-module | remove-module
• Remove RSyslog Server : delete-server | remove-server
• Update RSyslog Server : edit-server | update-server
• Returns the status of RSyslog service : get-status
• List RSyslog Servers : list | ls
• List RSyslog Server Modules : list-modules | ls-modules
• List RSyslog Servers : list-servers | ls-servers
• Sets the status of RSyslog service : set-status

Create RSyslog Server Module

ncli> rsyslog-config { create-module | add-module } server-name="server_name"
module-name="module_name" level="level" [ include-monitor-logs="{ true | false }" ]
Required arguments
server-name
Log Server Name
module-name
Name of the RSyslog Server Module
level
Log level for RSyslog Server Module
Optional arguments
include-monitor-logs
Include monitor logs for the given RSyslog Server Module

Create RSyslog Configuration

ncli> rsyslog-config { create-server | add-server } name="name" ip-
address="ip_address" port="port" [ network-protocol="network_protocol" ][ relp-
enabled="relp_enabled" ]
Required arguments
name
Name of the RSyslog Server
ip-address
Ip address of the RSyslog Server
port
port number
Optional arguments
network-protocol
Protocol for RSyslog server configuration
relp-enabled
Reliable Event Logging Protocol option

AOS | Nutanix Command-Line Interface (nCLI) | 197

Remove RSyslog Server Module
ncli> rsyslog-config { delete-module | remove-module } server-name="server_name"
module-name="module_name"
Required arguments
server-name
Name of the RSyslog Server
module-name
Name of the RSyslog Server Module

Remove RSyslog Server

ncli> rsyslog-config { delete-server | remove-server } name="name"
Required arguments
name
Name of the log server

Update RSyslog Server

ncli> rsyslog-config { edit-server | update-server } name="name" [ ip-
address="ip_address" ][ port="port" ][ network-protocol="network_protocol" ][ relp-
enabled="relp_enabled" ]
Required arguments
name
Name of the RSyslog Server
Optional arguments
ip-address
Ip address of the RSyslog Server
port
port number
network-protocol
Protocol for RSyslog server configuration
relp-enabled
Reliable Event Logging Protocol option

Returns the status of RSyslog service

ncli> rsyslog-config { get-status }
Required arguments
None

List RSyslog Servers

ncli> rsyslog-config { list | ls }
Required arguments
None

List RSyslog Server Modules

ncli> rsyslog-config { list-modules | ls-modules } server-name="server_name"
Required arguments
server-name

AOS | Nutanix Command-Line Interface (nCLI) | 198

Name of the log server

List RSyslog Servers

ncli> rsyslog-config { list-servers | ls-servers }
Required arguments
None

Sets the status of RSyslog service

ncli> rsyslog-config { set-status } enable="{ true | false }"
Required arguments
enable
Enable RSyslog Status

smb-server: Nutanix SMB server

Description The Nutanix SMB file server
Alias
Operations
• Disable Kerberos security services in the SMB server : disable-kerberos
• Enable Kerberos security services in the SMB server : enable-kerberos
• Get the status of Kerberos for the SMB server : get-kerberos-status

Disable Kerberos security services in the SMB server. This operation is only valid for clusters
having hosts running Hyper-V.
ncli> smb-server { disable-kerberos } logon-name="logon_name" [
password="password" ]
Required arguments
logon-name
Logon name (domain\username) of a domain user/administrator account that has
privileges to perform the operation
Optional arguments
password
Password for the account specified by the logon account name

Enable Kerberos security services in the SMB server. This operation is only valid for clusters
having hosts running Hyper-V.
ncli> smb-server { enable-kerberos } logon-name="logon_name" [ password="password"
]
Required arguments
logon-name
Logon name (domain\username) of a domain user/administrator account that has
privileges to perform the operation
Optional arguments
password
Password for the account specified by the logon account name

AOS | Nutanix Command-Line Interface (nCLI) | 199

Get the status of Kerberos for the SMB server. This operation is only valid for clusters having hosts
running Hyper-V.
ncli> smb-server { get-kerberos-status }
Required arguments
None

snapshot: Snapshot
Description Snapshot of a Virtual Disk
Alias snap

Operations
• Create a (fast) clone based on a Snapshot : clone
• Create a new Snapshot of a Virtual Disk or a NFS file : create | add
• List Snapshots : list | ls
• Get stats data for Snapshots : list-stats | ls-stats
• Delete a Snapshot : remove | rm

Create a (fast) clone based on a Snapshot

ncli> snapshot { clone }[ name="name" ][ clone-names="clone_names" ][ src-
file="src_file" ][ dest-files="dest_files" ][ allow-overwrite="allow_overwrite" ]
Required arguments
None
Optional arguments
name
Name of the Snapshot
clone-names
A comma-separated list of names for the newly created Snapshots
src-file
Absolute path of the NFS snapshot file
dest-files
Absolute path(s) of the clone(s) to be created
allow-overwrite
Enable overwriting if a NFS file already exists in the destination path
Default: false

Create a new Snapshot of a Virtual Disk or a NFS file

ncli> snapshot { create | add }[ name="name" ][ vdisk-name="vdisk_name" ][ src-
file="src_file" ][ dest-file="dest_file" ][ allow-overwrite="allow_overwrite" ]
Required arguments
None
Optional arguments
name
Name of the Snapshot. If name is not specified, format snap_<vDisk-
name>_YYYY_MM_DD_HH_MM_SS is used to generate the name

AOS | Nutanix Command-Line Interface (nCLI) | 200

vdisk-name
Name of the Virtual Disk
src-file
Absolute path of the NFS snapshot file
dest-file
Absolute path of the snapshot file to be created
allow-overwrite
Enable overwriting if a NFS file already exists in the destination path
Default: false

List Snapshots
ncli> snapshot { list | ls }[ name="name" ][ vdisk-name="vdisk_name" ]
Required arguments
None
Optional arguments
name
Name of the Snapshot
vdisk-name
Name of the corresponding Virtual Disk

Get stats data for Snapshots

ncli> snapshot { list-stats | ls-stats }[ name="name" ][ vdisk-name="vdisk_name" ]
Required arguments
None
Optional arguments
name
Name of the Snapshot
vdisk-name
Name of the corresponding Virtual Disk

Delete a Snapshot
ncli> snapshot { remove | rm } name="name"
Required arguments
name
Name of the Snapshot

snmp: SNMP
Description An SNMP agent
Alias

AOS | Nutanix Command-Line Interface (nCLI) | 201

Operations
• Add a transport to the list of snmp transports : add-transport
• Add a trap sink to the list of trap sinks : add-trap
• Add an snmp user along with its authentication and privacy keys : add-user
• Edit one of the trap sinks from the list of trap sinks : edit-trap | update-trap
• Modify the authentication and encrytption information of an existing snmp user :
edit-user | update-user

• Returns the status of the snmp service : get-status

• List all the transports specified for the snmp agent : list-transports | ls-
transports

• List all the configured trap sinks along with their user information : list-traps | ls-
traps

• Lists all the snmp users along with their properties like authentication and privacy
information : list-users | ls-users
• Remove a transport from the list of snmp transports : remove-transport | delete-
transport

• Remove a trap from the list of snmp traps : remove-trap | delete-trap

• Remove a user from the list of snmp users : remove-user | delete-user
• Sets the status of the snmp service : set-status

Add a transport to the list of snmp transports. Each transport is a protocol:port pair
ncli> snmp { add-transport } protocol="protocol" port="port"
Required arguments
protocol
Protocol for the snmp agent or trap sink. Currently supported protocols are UDP, TCP and
UDP_6
port
Port number on which an snmp agent listens for requests or on which a trap sink is waiting
traps

Add a trap sink to the list of trap sinks. Each trap sink is a combination of trap sink address,
username and authentication information
ncli> snmp { add-trap } address="address" [ username="username" ][ port="port"
][ protocol="protocol" ][ version="version" ][ community="community" ][ engine-
id="engine_id" ][ inform="inform" ]
Required arguments
address
Address of an snmp trap sink. This should be an IP address or FQDN
Optional arguments
username
Identity of an snmp user. It is required for version snmpv3. It is not used for version
snmpv2c.
port

AOS | Nutanix Command-Line Interface (nCLI) | 202

Port number on which an snmp agent listens for requests or on which a trap sink is waiting
traps
protocol
Protocol for the snmp agent or trap sink. Currently supported protocols are UDP, TCP and
UDP_6
version
SNMP version [snmpv2c, snmpv3]
community
SNMP community string. Used for snmpv2c only. If not set, default to "public"
engine-id
Engine id of the snmp trap sink. This must be a hex string starting with 0x. It is set for
snmpv3, not used for snmpv2c.
inform
Flag that specifies whether a trap sink is actually an inform sink
Default: false

Add an snmp user along with its authentication and privacy keys
ncli> snmp { add-user } username="username" auth-key="auth_key" [ auth-
type="auth_type" ][ priv-key="priv_key" ][ priv-type="priv_type" ]
Required arguments
username
Identity of an snmp user. It is required for version snmpv3. It is not used for version
snmpv2c.
auth-key
Authentication key for an snmp user
Optional arguments
auth-type
Authentication type for snmp user. Can be SHA
priv-key
Encryption key for an snmp user
priv-type
Encryption type for an snmp user. Can be AES

Edit one of the trap sinks from the list of trap sinks. Editable properties are username,
authentication and privacy settings and protocol
ncli> snmp { edit-trap | update-trap } address="address" [ port="port" ][
protocol="protocol" ][ version="version" ][ community="community" ][ engine-
id="engine_id" ][ inform="inform" ][ username="username" ]
Required arguments
address
Address of an snmp trap sink. This should be an IP address or FQDN
Optional arguments
port
Port number on which an snmp agent listens for requests or on which a trap sink is waiting
traps
protocol

AOS | Nutanix Command-Line Interface (nCLI) | 203

Protocol for the snmp agent or trap sink. Currently supported protocols are UDP, TCP and
UDP_6
version
SNMP version [snmpv2c, snmpv3]
community
SNMP community string. Used for snmpv2c only. If not set, default to "public"
engine-id
Engine id of the snmp trap sink. This must be a hex string starting with 0x. It is set for
snmpv3, not used for snmpv2c.
inform
Flag that specifies whether a trap sink is actually an inform sink
username
Identity of an snmp user. It is required for version snmpv3. It is not used for version
snmpv2c.

Modify the authentication and encrytption information of an existing snmp user

ncli> snmp { edit-user | update-user } username="username" [ auth-key="auth_key" ][
auth-type="auth_type" ][ priv-key="priv_key" ][ priv-type="priv_type" ]
Required arguments
username
Identity of an snmp user. It is required for version snmpv3. It is not used for version
snmpv2c.
Optional arguments
auth-key
Authentication key for an snmp user
auth-type
Authentication type for snmp user. Can be SHA
priv-key
Encryption key for an snmp user
priv-type
Encryption type for an snmp user. Can be AES

Returns the status of the snmp service

ncli> snmp { get-status }
Required arguments
None

List all the transports specified for the snmp agent. Each transport is a protocol:port pair
ncli> snmp { list-transports | ls-transports }
Required arguments
None

List all the configured trap sinks along with their user information.
ncli> snmp { list-traps | ls-traps }[ address="address" ]
Required arguments
None

AOS | Nutanix Command-Line Interface (nCLI) | 204

Optional arguments
address
Address of an snmp trap sink. This should be an IP address or FQDN

Lists all the snmp users along with their properties like authentication and privacy information
ncli> snmp { list-users | ls-users }[ username="username" ]
Required arguments
None
Optional arguments
username
Identity of an snmp user. It is required for version snmpv3. It is not used for version
snmpv2c.

Remove a transport from the list of snmp transports

ncli> snmp { remove-transport | delete-transport } protocol="protocol" port="port"
Required arguments
protocol
Protocol for the snmp agent or trap sink. Currently supported protocols are UDP, TCP and
UDP_6
port
Port number on which an snmp agent listens for requests or on which a trap sink is waiting
traps

Remove a trap from the list of snmp traps

ncli> snmp { remove-trap | delete-trap } address="address"
Required arguments
address
Address of an snmp trap sink. This should be an IP address or FQDN

Remove a user from the list of snmp users

ncli> snmp { remove-user | delete-user } username="username"
Required arguments
username
Identity of an snmp user. It is required for version snmpv3. It is not used for version
snmpv2c.

Sets the status of the snmp service

ncli> snmp { set-status } enable="{ true | false }"
Required arguments
enable
Enable or disable snmp agent on a cluster

software: Software
Description NOS Software Release
Alias

AOS | Nutanix Command-Line Interface (nCLI) | 205

Operations
• Toggle automatic download of a Software : automatic-download
• Download a Software : download
• List Software : list | ls
• Pause Downloading / Uploading a Software : pause
• Delete a Software : remove | rm | delete
• Upload a Software : upload

Toggle automatic download of a Software

ncli> software { automatic-download }[ enable="{ true | false }" ]
Required arguments
None
Optional arguments
enable
Enable/Disable automatic downloads

Download a Software
ncli> software { download } name="name" software-type="software_type"
Required arguments
name
Name of the software
software-type
Type of the software ( NOS | HYPERVISOR | FIRMWARE_DISK | NCC | FILES |
FILE_SERVER | PRISM_CENTRAL_DEPLOY | PRISM_CENTRAL | FILE_ANALYTICS)

List Software
ncli> software { list | ls }[ name="name" ][ software-type="software_type" ]
Required arguments
None
Optional arguments
name
Name of the software
software-type
Type of the software ( NOS | HYPERVISOR | FIRMWARE_DISK | NCC | FILES |
FILE_SERVER | PRISM_CENTRAL_DEPLOY | PRISM_CENTRAL | FILE_ANALYTICS)

Pause Downloading / Uploading a Software

ncli> software { pause } name="name" software-type="software_type"
Required arguments
name
Name of the software
software-type
Type of the software ( NOS | HYPERVISOR | FIRMWARE_DISK | NCC | FILES |
FILE_SERVER | PRISM_CENTRAL_DEPLOY | PRISM_CENTRAL | FILE_ANALYTICS)

AOS | Nutanix Command-Line Interface (nCLI) | 206

Delete a Software
ncli> software { remove | rm | delete } name="name" software-type="software_type"
Required arguments
name
Name of the software
software-type
Type of the software ( NOS | HYPERVISOR | FIRMWARE_DISK | NCC | FILES |
FILE_SERVER | PRISM_CENTRAL_DEPLOY | PRISM_CENTRAL | FILE_ANALYTICS)

Upload a Software
ncli> software { upload } file-path="file_path" software-type="software_type" [
hypervisor-type="hypervisor_type" ][ meta-file-path="meta_file_path" ]
Required arguments
file-path
Path to the software to be uploaded
software-type
Type of the software ( NOS | HYPERVISOR | FIRMWARE_DISK | NCC | FILES |
FILE_SERVER | PRISM_CENTRAL_DEPLOY | PRISM_CENTRAL | FILE_ANALYTICS)
Optional arguments
hypervisor-type
Type of the Hypervisor
meta-file-path
Path to the metadata file of the software to be uploaded

ssl-certificate: SSL Certificate

Description Manage SSL certificates
Alias
Operations
• Import SSL Certificate, key and CA certificate or chain file : import
• Change password for pfx file : ssl-certificate-change-pfx-file-password
• Generates SSL Certificate with cipher Strength 2048 bits and replaces the existing
certificate : ssl-certificate-generate

Import SSL Certificate, key and CA certificate or chain file. This import replaces the existing
certificate
ncli> ssl-certificate { import } certificate-path="certificate_path" cacertificate-
path="cacertificate_path" key-path="key_path" key-type="key_type"
Required arguments
certificate-path
Path of the SSL certificate
cacertificate-path
Path of the CA certificate or chain file
key-path
Path of the private key
key-type

AOS | Nutanix Command-Line Interface (nCLI) | 207

Type of Private key. Must be either RSA_2048 or ECDSA_256 or ECDSA_384 or
ECDSA_521

Change password for pfx file

ncli> ssl-certificate { ssl-certificate-change-pfx-file-password }
Required arguments
None

Generates SSL Certificate with cipher Strength 2048 bits and replaces the existing certificate
ncli> ssl-certificate { ssl-certificate-generate }
Required arguments
None

storagepool: Storage Pool

Description A Pool of Physical Disks
Alias sp

Operations
• Create a new Storage Pool : create | add
• Edit a Storage Pool : edit | update
• List Storage Pools : list | ls
• Get stats data for Storage Pools : list-stats | ls-stats

Create a new Storage Pool

ncli> storagepool { create | add } name="name" [ disk-ids="disk_ids" ][ add-all-
free-disks="add_all_free_disks" ][ force="force" ]
Required arguments
name
Name of the Storage Pool
Optional arguments
disk-ids
IDs of Physical Disk in the Storage Pool
add-all-free-disks
Add all free disks that are not part of any storage pool?
force
Forcefully perform the requested operation skipping any constraint validation
Default: false

Edit a Storage Pool

ncli> storagepool { edit | update }[ id="id" ][ name="name" ][ new-name="new_name"
][ add-all-free-disks="add_all_free_disks" ][ add-disk-ids="add_disk_ids" ][ rm-disk-
ids="rm_disk_ids" ][ force="force" ]
Required arguments
None
Optional arguments

AOS | Nutanix Command-Line Interface (nCLI) | 208

id
ID of the Storage Pool
name
Name of the Storage Pool
new-name
Name of the Storage Pool
add-all-free-disks
Add all free disks that are not part of any storage pool?
add-disk-ids
A comma-separated list of Physical Disk IDs to be added to the Storage Pool
rm-disk-ids
A comma-separated list of Physical Disk IDs to be removed from the Storage Pool
force
Forcefully perform the requested operation skipping any constraint validation
Default: false

List Storage Pools

ncli> storagepool { list | ls }[ id="id" ][ name="name" ]
Required arguments
None
Optional arguments
id
ID of the Storage Pool
name
Name of the Storage Pool

Get stats data for Storage Pools

ncli> storagepool { list-stats | ls-stats }[ id="id" ][ name="name" ]
Required arguments
None
Optional arguments
id
ID of the Storage Pool
name
Name of the Storage Pool

storagetier: Storage Tier

Description A Tier of physical storage
Alias tier

AOS | Nutanix Command-Line Interface (nCLI) | 209

Operations
• List the (global) default I/O priority order of Storage Tiers : get-default-io-
priority-order | get-def-io-pri

• List Storage Tiers : list | ls

• List types of Storage Tiers : list-supported-types | ls-supported-types
• Remove a Storage Tier : remove | rm
• Set the (global) default I/O priority order of Storage Tiers : set-default-io-
priority-order | set-def-io-pri

List the (global) default I/O priority order of Storage Tiers

ncli> storagetier { get-default-io-priority-order | get-def-io-pri }
Required arguments
None

List Storage Tiers

ncli> storagetier { list | ls }[ name="name" ][ type="type" ]
Required arguments
None
Optional arguments
name
Name of the Storage Tier
type
Type of Storage Tier (as provided by the 'list-supported-types' operation)

List types of Storage Tiers

ncli> storagetier { list-supported-types | ls-supported-types }
Required arguments
None

Remove a Storage Tier

ncli> storagetier { remove | rm } name="name"
Required arguments
name
Name of the Storage Tier

Set the (global) default I/O priority order of Storage Tiers

ncli> storagetier { set-default-io-priority-order | set-def-io-pri }
random-io-priority-order="random_io_priority_order" sequential-io-priority-
order="sequential_io_priority_order"
Required arguments
random-io-priority-order
Random I/O priority order (high to low) of Storage Tiers
sequential-io-priority-order
Sequential I/O priority order (high to low) of Storage Tiers

AOS | Nutanix Command-Line Interface (nCLI) | 210

task: Tasks
Description A Task
Alias
Operations
• Inspect Task : get
• List all Tasks : list | ls
• Poll Task to completion : wait-for-task

Inspect Task
ncli> task { get } taskid="taskid" [ include-entity-names="{ true | false }" ]
Required arguments
taskid
Id of the task
Optional arguments
include-entity-names
Include entity names

List all Tasks

ncli> task { list | ls }[ entity-types="entity_types" ][ entity-uuids="entity_uuids" ][
operation-type-list="operation_type_list" ][ include-completed="{ true | false }" ][ epoch-
cut-off-time="epoch_cut_off_time" ][ count="count" ][ include-entity-names="{ true |
false }" ]
Required arguments
None
Optional arguments
entity-types
Comma separated Entity types
entity-uuids
Comma separated Entity types
operation-type-list
Comma separated Operation types
include-completed
Include Completed Tasks
epoch-cut-off-time
Tasks greater than cut off epoch time in microseconds will be returned. This is applicable
only when include completed is set to True.
count
Maximum number of tasks
include-entity-names
Include entity names

Poll Task to completion

ncli> task { wait-for-task } taskid="taskid" [ timeoutseconds="timeoutseconds" ][
include-entity-names="{ true | false }" ]

AOS | Nutanix Command-Line Interface (nCLI) | 211

Required arguments
taskid
Id of the task
Optional arguments
timeoutseconds
Timeout seconds
include-entity-names
Include entity names

user: User
Description A User
Alias
Operations
• Change the password of a User : change-password
• Add a new User : create | add
• Delete a User : delete | remove | rm
• Disable a User : disable
• Edit a User : edit | update
• Enable a User : enable
• Get the IP Addresses and browser details of a user who is currently logged in : get-
logged-in-user | get-logged-in-user

• Get a list of all users who are currently logged in to the system along with their IP
Addresses and browser details : get-logged-in-users | get-logged-in-users
• Grant backup administration role to a User : grant-backup-admin-role
• Grant cluster administration role to a User : grant-cluster-admin-role
• Grant user administration role to a User : grant-user-admin-role
• List Users : list | ls
• Reset the password of a User : reset-password
• Revoke backup administration role from a User : revoke-backup-admin-role
• Revoke cluster administration role from a User : revoke-cluster-admin-role
• Revoke user administration role from a User : revoke-user-admin-role
• Show profile of current User : show-profile

Change the password of a User

ncli> user { change-password } current-password="current_password" new-
password="new_password"
Required arguments
current-password
Current password of the user
new-password

AOS | Nutanix Command-Line Interface (nCLI) | 212

New password of the user

Add a new User

ncli> user { create | add } user-name="user_name" user-password="user_password"
first-name="first_name" last-name="last_name" email-id="email_id" [ middle-
initial="middle_initial" ]
Required arguments
user-name
User name of the user
user-password
Password of the user
first-name
First name of the user
last-name
Last name of the user
email-id
Email address of the user
Optional arguments
middle-initial
Middle Initial of the user

Delete a User
ncli> user { delete | remove | rm } user-name="user_name"
Required arguments
user-name
User name of the user

Disable a User
ncli> user { disable } user-name="user_name"
Required arguments
user-name
User name of the user

Edit a User
ncli> user { edit | update } user-name="user_name" [ first-name="first_name" ][
last-name="last_name" ][ middle-initial="middle_initial" ][ email-id="email_id" ]
Required arguments
user-name
User name of the user
Optional arguments
first-name
First name of the user
last-name
Last name of the user
middle-initial
Middle Initial of the user

AOS | Nutanix Command-Line Interface (nCLI) | 213

email-id
Email address of the user

Enable a User
ncli> user { enable } user-name="user_name"
Required arguments
user-name
User name of the user

Get the IP Addresses and browser details of a user who is currently logged in
ncli> user { get-logged-in-user | get-logged-in-user } username="username"
Required arguments
username
UserName of the Logged in User

Get a list of all users who are currently logged in to the system along with their IP Addresses and
browser details
ncli> user { get-logged-in-users | get-logged-in-users }
Required arguments
None

Grant backup administration role to a User

ncli> user { grant-backup-admin-role } user-name="user_name"
Required arguments
user-name
User name of the user

Grant cluster administration role to a User

ncli> user { grant-cluster-admin-role } user-name="user_name"
Required arguments
user-name
User name of the user

Grant user administration role to a User

ncli> user { grant-user-admin-role } user-name="user_name"
Required arguments
user-name
User name of the user

List Users
ncli> user { list | ls }[ user-name="user_name" ]
Required arguments
None
Optional arguments
user-name
User name of the user

AOS | Nutanix Command-Line Interface (nCLI) | 214

Reset the password of a User
ncli> user { reset-password } user-name="user_name" password="password"
Required arguments
user-name
User name of the user
password
password

Revoke backup administration role from a User

ncli> user { revoke-backup-admin-role } user-name="user_name"
Required arguments
user-name
User name of the user

Revoke cluster administration role from a User

ncli> user { revoke-cluster-admin-role } user-name="user_name"
Required arguments
user-name
User name of the user

Revoke user administration role from a User

ncli> user { revoke-user-admin-role } user-name="user_name"
Required arguments
user-name
User name of the user

Show profile of current User

ncli> user { show-profile }
Required arguments
None

vdisk: Virtual Disk

Description A Virtual Disk
Alias

AOS | Nutanix Command-Line Interface (nCLI) | 215

Operations
• Create a (fast) clone of a Virtual Disk : clone
• Create a new Virtual Disk : create | add
• Edit a Virtual Disk : edit | update
• List Virtual Disks : list | ls
• List Snapshots : list-snapshots | ls-snaps
• Get stats data for Virtual Disks : list-stats | ls-stats
• Delete a Virtual Disk : remove | rm
• Remove reserved capacity of vdisks in a given container : remove-reservation
• Create a new Snapshot of a Virtual Disk : snapshot | snap

Create a (fast) clone of a Virtual Disk

ncli> vdisk { clone } name="name" clone-names="clone_names" [ snap-
name="snap_name" ]
Required arguments
name
Name of the Virtual Disk
clone-names
A comma-separated list of names for the newly created Snapshots
Optional arguments
snap-name
Name of the Snapshot on which the clone is based

Create a new Virtual Disk

ncli> vdisk { create | add } name="name" max-capacity="max_capacity" [ ctr-
id="ctr_id" ][ ctr-name="ctr_name" ][ res-capacity="res_capacity" ][ fingerprint-
on-write="fingerprint_on_write" ][ on-disk-dedup="on_disk_dedup" ][ erasure-code-
delay="erasure_code_delay" ][ shared="shared" ]
Required arguments
name
Name of the Virtual Disk
max-capacity
Max Capacity (GiB) of the Virtual Disk
Optional arguments
ctr-id
ID of the Storage Container for the Virtual Disk
ctr-name
Name of the Storage Container for the Virtual Disk
res-capacity
Reserved Capacity (GiB) of the Virtual Disk
fingerprint-on-write
Fingerprint on writes to the Virtual Disk {on, off, none}. This VDisk level setting overrides
the Storage Container level setting

AOS | Nutanix Command-Line Interface (nCLI) | 216

on-disk-dedup
On-disk dedup of the Virtual Disk {off, post-process, none}. This VDisk level setting
overrides the Storage Container level setting.
erasure-code-delay
Erasure code delay (secs) of the Virtual Disk
shared
Is this a shared Virtual Disk?
Default: false

Edit a Virtual Disk

ncli> vdisk { edit | update } name="name" [ max-capacity="max_capacity" ][ res-
capacity="res_capacity" ][ fingerprint-on-write="fingerprint_on_write" ][ on-disk-
dedup="on_disk_dedup" ][ erasure-code-delay="erasure_code_delay" ]
Required arguments
name
Name of the Virtual Disk
Optional arguments
max-capacity
Max Capacity (GiB) of the Virtual Disk
res-capacity
Reserved Capacity (GiB) of the Virtual Disk
fingerprint-on-write
Fingerprint on writes to the Virtual Disk {on, off, none}. This VDisk level setting overrides
the Storage Container level setting
on-disk-dedup
On-disk dedup of the Virtual Disk {off, post-process, none}. This VDisk level setting
overrides the Storage Container level setting.
erasure-code-delay
Erasure code delay (secs) of the Virtual Disk

List Virtual Disks

ncli> vdisk { list | ls }[ names="names" ][ vm-id="vm_id" ][ ctr-id="ctr_id" ]
Required arguments
None
Optional arguments
names
A comma-separated list of the names of the Virtual Disks
vm-id
ID of a Virtual Machine that the Virtual Disk is mapped to
ctr-id
Get Virtual Disks in the specified Storage Container

List Snapshots
ncli> vdisk { list-snapshots | ls-snaps }[ name="name" ]
Required arguments

AOS | Nutanix Command-Line Interface (nCLI) | 217

None
Optional arguments
name
Name of the Virtual Disk or Snapshot

Get stats data for Virtual Disks

ncli> vdisk { list-stats | ls-stats }[ names="names" ][ vm-id="vm_id" ][ ctr-
id="ctr_id" ]
Required arguments
None
Optional arguments
names
A comma-separated list of the names of the Virtual Disks
vm-id
ID of a Virtual Machine that the Virtual Disk is mapped to
ctr-id
Get Virtual Disks in the specified Storage Container

Delete a Virtual Disk

ncli> vdisk { remove | rm } name="name"
Required arguments
name
Name of the Virtual Disk

Remove reserved capacity of vdisks in a given container. If container id not specified, reserved
capacity will be removed for all vdisks
ncli> vdisk { remove-reservation }[ ctr-id="ctr_id" ]
Required arguments
None
Optional arguments
ctr-id
ID of the Storage Container

Create a new Snapshot of a Virtual Disk

ncli> vdisk { snapshot | snap } name="name" [ snap-name="snap_name" ]
Required arguments
name
Name of the Virtual Disk
Optional arguments
snap-name
Name of the Snapshot

virtual-disk: Virtual Disk

Description Commands for performing different actions on Virtual Disks.
Alias

AOS | Nutanix Command-Line Interface (nCLI) | 218

Operations
• List Virtual Disk : list | ls

List Virtual Disk

ncli> virtual-disk { list | ls }[ id="id" ]
Required arguments
None
Optional arguments
id
Id of the Virtual Disk

virtualmachine: Virtual Machine

Description A Virtual Machine
Alias vm

Operations
• Attach a disk from file level restore capable snapshot to a VM : attach-flr-disk
• Detach a file level restore disk from a VM : detach-flr-disk
• List Virtual Machine : list | ls
• Get all file level restore capable snapshots attached to a VM : list-attached-flr-
snapshots

• Get file level restore capable snapshots of a VM : list-flr-snapshots | ls-flr-

snaps

• Get snapshots of a VM : list-snapshots | ls-snaps

• Get stats data for Virtual Machine : list-stats | ls-stats
• Update FingerPrintOnWrite on all vdisks of a VM : update-fingerprint-on-write
• Update OnDiskDedup on all vdisks of a VM : update-on-disk-dedup

Attach a disk from file level restore capable snapshot to a VM

ncli> virtualmachine { attach-flr-disk } vm-id="vm_id" snap-id="snap_id" disk-
label="disk_label"
Required arguments
vm-id
ID of the Virtual Machine
snap-id
Id of the Snapshot
disk-label
Label for disk to be attached

Detach a file level restore disk from a VM

ncli> virtualmachine { detach-flr-disk } vm-id="vm_id" attached-disk-
label="attached_disk_label"
Required arguments
vm-id

AOS | Nutanix Command-Line Interface (nCLI) | 219

ID of the Virtual Machine
attached-disk-label
Attached disk label

List Virtual Machine

ncli> virtualmachine { list | ls }[ name="name" ][ id="id" ][ host-id="host_id"
][ get-unprotected-cbr-vms-only="get_unprotected_cbr_vms_only" ][ count="count" ][
pageNumnber="pageNumnber" ]
Required arguments
None
Optional arguments
name
Name of the Virtual Machine
id
ID of the Virtual Machine
host-id
ID of the Physical Host running Virtual Machines
get-unprotected-cbr-vms-only
Get only unprotected Virtual Machines that can participate in Nutanix Converged Backup
and Recovery?
Default: false
count
Count of the Virtual Machine
pageNumnber
PageNumber of the Virtual Machine
Default: false

Get all file level restore capable snapshots attached to a VM.

ncli> virtualmachine { list-attached-flr-snapshots } vm-id="vm_id" [ snap-
id="snap_id" ]
Required arguments
vm-id
ID of the Virtual Machine
Optional arguments
snap-id
Id of the Snapshot

Get file level restore capable snapshots of a VM.

ncli> virtualmachine { list-flr-snapshots | ls-flr-snaps } vm-id="vm_id" [
snapshot-count="snapshot_count" ]
Required arguments
vm-id
ID of the Virtual Machine
Optional arguments
snapshot-count

AOS | Nutanix Command-Line Interface (nCLI) | 220

Number of snapshots to be fetched. A value of 0 indicates all snapshots will be returned.

Get snapshots of a VM.

ncli> virtualmachine { list-snapshots | ls-snaps } vm-id="vm_id" [ snap-
id="snap_id" ]
Required arguments
vm-id
ID of the Virtual Machine
Optional arguments
snap-id
Id of the Snapshot

Get stats data for Virtual Machine

ncli> virtualmachine { list-stats | ls-stats }[ name="name" ][ id="id" ][ host-
id="host_id" ]
Required arguments
None
Optional arguments
name
Name of the Virtual Machine
id
ID of the Virtual Machine
host-id
ID of the Physical Host running Virtual Machines

Update FingerPrintOnWrite on all vdisks of a VM

ncli> virtualmachine { update-fingerprint-on-write } vm-id="vm_id" fingerprint-
on-write="fingerprint_on_write"
Required arguments
vm-id
Uuid of Virtual machine
fingerprint-on-write
Finger Print on Write

Update OnDiskDedup on all vdisks of a VM

ncli> virtualmachine { update-on-disk-dedup } vm-id="vm_id" on-disk-
dedup="on_disk_dedup"
Required arguments
vm-id
Uuid of Virtual machine
on-disk-dedup
On Disk Dedup

volume-group: Volume Groups

Description A Volume Group
Alias

AOS | Nutanix Command-Line Interface (nCLI) | 221

Operations
• Attach Volume Group to VM : attach-to-vm
• Clone VM Disk for Volume Group : clone-disk
• Closes Volume Group for iSCSI initiators : close | detach-external
• Create Volume Group : create
• Create VM Disk for Volume Group : create-disk
• Delete Volume Group : delete
• Delete VM Disk from Volume Group : delete-disk
• Detach Volume Group to VM : detach-from-vm
• Inspect Volume Group : get
• List all Volume Groups : list | ls
• Show unprotected Volume Groups : list-unprotected
• Opens Volume Group for iSCSI initiators : open | attach-external
• Update Volume Group : update
• Update VM Disk for Volume Group : update-disk

Attach Volume Group to VM

ncli> volume-group { attach-to-vm } uuid="uuid" vm-uuid="vm_uuid" [ index="index" ]
Required arguments
uuid
UUID of the Volume Group
vm-uuid
Virtual machine UUID
Optional arguments
index
Volume Group index of the disk

Clone VM Disk for Volume Group

ncli> volume-group { clone-disk } uuid="uuid" [ vmdisk-uuid="vmdisk_uuid" ][ adsf-
filepath="adsf_filepath" ][ index="index" ][ size-mib="size_mib" ]
Required arguments
uuid
UUID of the Volume Group
Optional arguments
vmdisk-uuid
VM Disk UUID to clone from
adsf-filepath
ADSF file path to VM Disk to clone from
index
Volume Group index of the disk
size-mib

AOS | Nutanix Command-Line Interface (nCLI) | 222

Size (MiB) to create a VM Disk for Volume Group

Closes Volume Group for iSCSI initiators

ncli> volume-group { close | detach-external } uuid="uuid" [ iscsi-
initiator="iscsi_initiator" ][ iscsi-client-ip="iscsi_client_ip" ][ iscsi-client="iscsi_client"
]
Required arguments
uuid
UUID of the Volume Group
Optional arguments
iscsi-initiator
iSCSI qualified name
iscsi-client-ip
iSCSI client ip address
iscsi-client
List of supported authentication types

Create Volume Group

ncli> volume-group { create } name="name" [ description="description" ][
shared="shared" ][ iscsi-target="iscsi_target" ][ iscsi-target-prefix="iscsi_target_prefix"
][ iscsi-initiator-name-list="iscsi_initiator_name_list" ][ attached-
clients="attached_clients" ][ load-balance-vm-attachments="load_balance_vm_attachments"
][ enabled-authentications="{ true | false }" ][ created-by="created_by" ]
Required arguments
name
Volume Group name
Optional arguments
description
Volume Group description
shared
True or false indicating whether volume is shared across multiple iSCSI initiators
iscsi-target
iSCSI target name
iscsi-target-prefix
iSCSI target prefix name
iscsi-initiator-name-list
iSCSI qualified name list
attached-clients
List of the attached clients
load-balance-vm-attachments
Whether to enable VG load balancing for vm attachments
enabled-authentications
List of supported authentication types
created-by
Name of the service/user which created this VG

AOS | Nutanix Command-Line Interface (nCLI) | 223

Create VM Disk for Volume Group
ncli> volume-group { create-disk } uuid="uuid" size-mib="size_mib" [ container-
id="container_id" ][ container-uuid="container_uuid" ][ index="index" ]
Required arguments
uuid
UUID of the Volume Group
size-mib
Size (MiB) to create a VM Disk for Volume Group
Optional arguments
container-id
ID of Storage Container to create VM Disk
container-uuid
UUID of the Storage Container
index
Volume Group index of the disk

Delete Volume Group

ncli> volume-group { delete } uuid="uuid"
Required arguments
uuid
UUID of the Volume Group

Delete VM Disk from Volume Group

ncli> volume-group { delete-disk } uuid="uuid" index="index"
Required arguments
uuid
UUID of the Volume Group
index
Volume Group index of the disk

Detach Volume Group to VM

ncli> volume-group { detach-from-vm } uuid="uuid" vm-uuid="vm_uuid" [ index="index"
]
Required arguments
uuid
UUID of the Volume Group
vm-uuid
Virtual machine UUID
Optional arguments
index
Volume Group index of the disk

Inspect Volume Group

ncli> volume-group { get }[ uuid="uuid" ][ name="name" ][ include-disk-size="{ true |
false }" ][ include-disk-path="{ true | false }" ]
Required arguments

AOS | Nutanix Command-Line Interface (nCLI) | 224

None
Optional arguments
uuid
UUID of the Volume Group
name
Name of the Volume Group
include-disk-size
Whether to include disk sizes, true by default
include-disk-path
Whether to include disk paths, true by default

List all Volume Groups

ncli> volume-group { list | ls }[ include-disk-size="{ true | false }" ][ include-
disk-path="{ true | false }" ]
Required arguments
None
Optional arguments
include-disk-size
Whether to include disk sizes, true by default
include-disk-path
Whether to include disk paths, true by default

Show unprotected Volume Groups

ncli> volume-group { list-unprotected }[ uuids="uuids" ]
Required arguments
None
Optional arguments
uuids
Volume Group UUIDs

Opens Volume Group for iSCSI initiators

ncli> volume-group { open | attach-external } uuid="uuid" [ iscsi-
initiator="iscsi_initiator" ][ iscsi-client-ip="iscsi_client_ip" ][ iscsi-client="iscsi_client"
]
Required arguments
uuid
UUID of the Volume Group
Optional arguments
iscsi-initiator
iSCSI qualified name
iscsi-client-ip
iSCSI client ip address
iscsi-client
List of supported authentication types

AOS | Nutanix Command-Line Interface (nCLI) | 225

Update Volume Group
ncli> volume-group { update } uuid="uuid" [ name="name" ][ description="description"
][ shared="shared" ][ iscsi-target="iscsi_target" ][ iscsi-target-
prefix="iscsi_target_prefix" ][ attached-clients="attached_clients" ][ load-balance-vm-
attachments="load_balance_vm_attachments" ][ enabled-authentications="{ true | false }" ][
created-by="created_by" ][ usage-type="usage_type" ][ is-hidden="is_hidden" ]
Required arguments
uuid
UUID of the Volume Group
Optional arguments
name
Volume Group name
description
Volume Group description
shared
True or false indicating whether volume is shared across multiple iSCSI initiators
iscsi-target
iSCSI target name
iscsi-target-prefix
iSCSI target prefix
attached-clients
List of the attached clients
load-balance-vm-attachments
Whether to enable VG load balancing for vm attachments
enabled-authentications
List of supported authentication types
created-by
Name of the service/user which created this VG
usage-type
Expected usage type for the volume group
is-hidden
Whether the VG is meant to be hidden or not

Update VM Disk for Volume Group

ncli> volume-group { update-disk } uuid="uuid" index="index" size-
mib="size_mib" [ preserve-data="preserve_data" ][ vmdisk-uuid="vmdisk_uuid" ][ adsf-
filepath="adsf_filepath" ]
Required arguments
uuid
UUID of the Volume Group
index
Volume Group index of the disk
size-mib
Size (MiB) to create a VM Disk for Volume Group
Optional arguments

AOS | Nutanix Command-Line Interface (nCLI) | 226

preserve-data
Whether to preserve data of the volume disk, true by default
vmdisk-uuid
VM Disk UUID to clone from
adsf-filepath
ADSF file path to VM Disk to clone from

vstore: VStore
Description A file namespace in a Storage Container
Alias
Operations
• List VStores : list | ls
• Protect a VStore : protect
• Unprotect a VStore : unprotect

List VStores
ncli> vstore { list | ls }[ id="id" ][ name="name" ]
Required arguments
None
Optional arguments
id
ID of a VStore
name
Name of a VStore

Protect a VStore. Files in a protected VStore are replicated to a Remote Site at a defined
frequency and these protected files can be recovered in the event of a disaster
ncli> vstore { protect }[ id="id" ][ name="name" ]
Required arguments
None
Optional arguments
id
ID of a VStore
name
Name of a VStore

Unprotect a VStore
ncli> vstore { unprotect }[ id="id" ][ name="name" ]
Required arguments
None
Optional arguments
id
ID of a VStore

AOS | Nutanix Command-Line Interface (nCLI) | 227

name
Name of a VStore

AOS | Nutanix Command-Line Interface (nCLI) | 228

CONTROLLER VM COMMANDS
Specifying Credentials
When specifying a password on the command line, always enclose the password in single quotes. For
example:--hypervisor_password='nutanix/4u'

• To display all user name and password options for diagnostics.py, type /home/nutanix/diagnostics/
diagnostics.py --help | egrep -A1 'password|user'
--hypervisor_password: Default hypervisor password.
(default: 'nutanix/4u')

--hyperv_hypervisor_username: The username to use when logging into the local

Hyper-V node.

--hypervisor_username: The username to use when logging into the local

hypervisor.

--ipmi_password: The password to use when logging into the local IPMI device.
(default: 'ADMIN')
--ipmi_username: The username to use when logging into the local IPMI device.
(default: 'ADMIN')

--kmip_user_id: Username to insert into certificate signing request.

(default: 'nutanix')

--nsc_username: User name that provides services through SSH at Nutanix

service center.

• You can find all user name and password options for cluster, genesis, and setup_hyperv.py by also typing
--help | egrep -A1 'password|user' as part of the command. For example, setup_hyperv.py --help | egrep -A1
'password|user'

cluster

Usage
Usage: /usr/local/nutanix/cluster/bin/cluster [flags] [command]

commands:

add_cluster_create_access_key
convert_cluster
create
destroy
disable_auto_install
disable_rate_limit_iops
enable_auto_install
enable_rate_limit_iops
foundation_upgrade
host_upgrade
ipconfig
lite_upgrade
migrate_zeus
pass_shutdown_token
reconfig
remove_all_public_keys
remove_public_key

AOS | Controller VM Commands | 229

restart_genesis
set_rack_aware
set_two_node_cluster_leader
start
status
stop
upgrade
upgrade_node

/usr/local/nutanix/cluster/bin/cluster
--add_dependencies
Include Dependencies.
Default: false
--backplane_netmask
Backplane netmask
--backplane_network
Backplane network config
Default: false
--backplane_subnet
Backplane subnet
--backplane_vlan
Backplane VLAN id
Default: -1
--block_aware
Set to True to enable block awareness. This workflow is unsupported, in favour of
configuring block awareness on a created cluster
Default: false
--bundle
Bundle for upgrading host in cluster.
--cluster_create_access_key
Public key of external agent to be added to authorized keys of all svm ips provided in input.
The key is authorized to allow access for the duration of cluster create only.
--cluster_external_ip
Cluster ip to manage the entire cluster.
--cluster_flags
Comma seperated list of strings, each denoting a boolean cluster flag
--cluster_function_list
List of functions of the cluster (use with create). Accepted functions are dict_keys(['ndfs',
'multicluster', 'cloud_data_gateway', 'minerva', 'witness_vm', 'extension_store_vm',
'ags_cluster', 'jump_box_vm', 'xi_vm', 'two_node_cluster', 'one_node_cluster', 'iam_cluster',
'clusters_on_aws_cluster'])
Default: ndfs
--cluster_name
Name of the cluster (use with create).
--cluster_uuid

AOS | Controller VM Commands | 230

Cluster uuid for cluster in string format.
--config
Path to the cluster configuration file.
--container_name
Name of the default container on the cluster.
--dns_servers
Comma separated list of one or more DNS servers.
--domain_password
Domain password of the hosts.
--domain_username
Domain username of the hosts.
--enable_lite_upgrade
Set to False to disable lite upgrade before it is ready.
Default: true
--encrypted_password
Encrypted password to be applied on the cluster
--external_access_keys
Public ssh keys to be added to external keys of the cluster.
--force_install_genesis
Installs the infrastructure package on all of the nodes.
Default: true
--foundation_upgrade
Operation specified will be done in context of foundation upgrade
Default: false
--hardware_device_type
Type of hardware device. Please specify one of the following: disk nic hba bios bmc.
(Currently supported: disk, bios, bmc.)
--help
show this help
Default: 0
--helpfull
Show flags for all modules
Default: false
--helpshort
show usage only for this module
Default: 0
--helpxml
like --help, but generates XML output
Default: false
--host_upgrade
Operation specified will be done in context of host_upgrade

AOS | Controller VM Commands | 231

Default: false
--hyperv_sku
Hypervisor sku to which the HyperV host is being upgraded.
--hypervisor
Hypervisor that needs to be upgraded. Possible values: esx, kvm, hyperv.
--ignore_preupgrade_tests
Perform preupgrade tests
Default: false
--ignore_vm_conversion_warnings
Ignore vm conversion errors during cluster conversion.
Default: false
--installer_dir_path
Location of the Nutanix installer directory.
--ip_specification_json
JSON file with IP configuration.
--key_file
Nutanix default SSH public key.
Default: /home/nutanix/ssh_keys/nutanix.pub
--key_name
Identifier of the public ssh key in the cluster.
Default: legacy_nos_compatibility
--lockdown_mode
Lockdown mode is the highest security mode available for a cluster as it disables SSH
access completely to the cluster.
Default: false
--manual_upgrade
Manual upgrade method.
Default: false
--md5sum
Md5sum of the bundle.
--migrate_from
The old zeus node IP address for Zeus migration.
--migrate_to
The new zeus node IP address for Zeus migration.
--ncc_precheck_args
Additional args to pass to NCC during precheck.
--no_verification
Skip verification for package integrity.
Default: true
--ntp_servers
Comma separated list of one or more NTP servers.

AOS | Controller VM Commands | 232

--nutanix_default_password_salt
Seed prism admin password only if the password hash does not contain this salt.
Default: $6$Mkd8T74/$
--password_lockdown_mode
Password lockdown mode is the penultimate security hardening as it disables SSH access
only via password. SSH access can be still performed via external access keys
Default: false
--provided_root_certificate
File to be used as the root certificate when creating or upgrading a cluster.
--provided_root_certificate_key
File to be used as the root CA private key.
--python_proto_egg_path
Path of protobuf egg relative to the install dir.
Default: lib/py/protobuf-2.6.1-py2.6-linux-x86_64.egg
--rack_aware
Set to True to enable rack awareness. This workflow is unsupported, in favour of
configuring rack awareness on a created cluster
Default: false
--rack_config_json_path
Path to the json file containing svm_ips to rack namemapping. Json file will contain
svm_ips as the keys and the name of the rack they belong to, as values
--redundancy_factor
Number of replicas of data as kept in cluster. Clusterwill tolerate node failure of
'redundancy_factor -1'nodes.
Default: -1
--remove_installer_dir
Whether or not to remove the installer directory automatically when finished.
Default: true
--seed_prism_password
Seed Prism admin password to be the same as the nutanix user if nutanix user has non-
default password.
Default: true
--shutdown_token_ip
IP address of intended shutdown token holder SVM.
--skip_discovery
Skip discovery.
Default: false
--skip_genesis_gateway_server_stop
If set to true, skip stopping the genesis gateway server after initialising the cluster during
cluster create
Default: false
--skip_ncc_prechecks

AOS | Controller VM Commands | 233

If set to true, skip NCC checks during preupgrade.
Default: false
--skip_reconfig
Skip CVM reconfig.
Default: false
--skip_rf1_vms_check
If set to true, skip checking if there are running RF1 VMs which will get rebooted during
upgrade
Default: false
--skip_upgrade
Skip actual upgrade.
Default: false
--stand_alone_upgrade_timeout
Timeout for stand-alone upgrade.
Default: 600
--svm_ips
Comma separated list of IP addresses of one or more SVMs in the target cluster. Not
required if cluster.cfg is being used.
--svm_login
User name for logging into SVM.
Default: nutanix
--target_hypervisor
Target hypervisor type for cluster conversion. Valid types esx/kvm.
--timeout
Number of seconds each command to SVMs should take.
Default: 180
--upgrade_node_ip
Ipv4 or IPv6 address of node to be upgraded.
--vcenter_json_file
File containing vcenter details for dial workflow. The json has host, username and
password keys.
--vcenter_not_required
Set it to true if vcenter is not used to manage ESX cluster.
Default: false
--verification_file
Metadata file for package integrity, upgrade info.
--version
Version to which upgrade needs to be performed.
--wait
Wait for action to complete.
Default: true

AOS | Controller VM Commands | 234

cluster.client.ce_helper
--ce_version_map_znode_path
Zookeeper node containing the CE version mapping.
Default: /appliance/logical/community_edition/version_map

cluster.client.cluster_upgrade
--svm_reboot_timeout
Maximum time expected for SVM to reboot/shutdown.
Default: 420

cluster.client.cmsp.consts
--airgap_url
Airgap URL.
--aws_docker_registry_endpoint
Amazon Docker Registry endpoint
Default: https://464585393164.dkr.ecr.us-west-2.amazonaws.com
--aws_ecr_api_endpoint
Amazon ECR API endpoint
Default: https://api.ecr.us-west-2.amazonaws.com
--aws_s3_endpoint
Amazon S3 buckets endpoint
Default: https://prod-us-west-2-starport-layer-bucket.s3.us-west-2.amazonaws.com
--canaveral_endpoint
Canaveral registry endpoint
Default: https://artifactory.dyn.ntnxdpro.com
--cmsp_check_api_retry_count
Retry count for http v2 apis.
Default: 3
--cmsp_check_api_timeout
Timeout in seconds for http v2 apis.
Default: 60
--cmsp_check_dig_timeout
Timeout for dig command in secs .
Default: 3
--cmsp_network_name
CMSP network name
Default: cmsp_network
--cmsp_platform_upgrade
Trigger CMSP platform upgrade on PC upgrade
Default: false
--cmsp_pod_network

AOS | Controller VM Commands | 235

CMSP Pod Network range
Default: 10.100.0.0/16
--cmsp_precheck_retry_cnt_nodes_alive
CMSP precheck to perform retries if SVMIPs does not match IDF server list.
Default: 30
--cmsp_service_ip_network
CMSP K8s-Service IP range
Default: 10.200.32.0/24
--cmsp_storage_disk
Device path for CMSP storage disk. For e.g. /dev/sdd
--cmsp_storage_disk_size
CMSP storage disk size. Value should match as seen using lsblk command
Default: 100G
--cmsp_upgrade_init_marker
Marker file to determine cmsp post upgrade initialisation
Default: /home/nutanix/.cmsp_init_upgrade
--cmsp_upgrade_marker
Marker file to determine cmsp upgrade
Default: /home/nutanix/.cmsp_upgrade
--connection_time_out_secs
Amount of time in seconds, the client waits to connect to the server
Default: 5
--cred_helper_path
Path to credential helper to encrypt and encode strings
Default: /home/docker/msp_controller/bootstrap/msp_tools/credHelper
--custom_csi_config_path
Path to Custom CSI configuration
Default: /home/nutanix/config/custom_csi.config
--data_service_connectivity_timeout
Timeout for connecting to data service ip in seconds.
Default: 5
--default_aplos_api_port
Default Aplos API port on PC.
Default: 9440
--default_data_services_port
Default data services port on PE.
Default: 3260
--docker_hub_cdn_endpoint
Docker hub CDN endpoint
Default: https://production.cloudflare.docker.com

AOS | Controller VM Commands | 236

--docker_hub_endpoint
Docker hub registry endpoint
Default: https://docker.io
--docker_hub_redirect_endpoint
Docker hub registry redirect endpoint
Default: https://index.docker.io
--download_portal_url
Download portal URL
Default: https://download.nutanix.com
--enable_timeout
Timeout for enable process.
Default: 7200
--etcd_partition_label
Label for etcd partition on msp backbone disk.
Default: cmsp_etcd
--etcd_partition_size_mb
Size of etcd partition.
Default: 10240
--helm_endpoint
Helm endpoint
Default: https://nutanix.github.io
--idf_health_znode
Zookeeper node where each idf creates an ephemeral node indicating it is current
availability.
Default: /appliance/logical/health-monitor/insights_server
--inject_error_cmsp_state
State for which cmsp state machine should FATAL
Default: 1000
--kubelet_drain_timeout_secs
time given for drain or uncordon commands to run before retrying
Default: 300
--lcm_config_node_path
LCM Config ZKNode path
Default: /appliance/logical/lcm/config
--lcm_partition_label
Label for lcm partition on msp backbone disk.
Default: lcm
--lcm_partition_size_mb
Size of lcm partition.
Default: 153600

AOS | Controller VM Commands | 237

--local_registry_path
Mount point of registry in msp_controller container
Default: /home/msp_config/msp-registry.qcow2
--migration_timeout
Timeout for migration process per cluster in seconds.
Default: 1200
--min_ips_scale_out
Minimum IPs needed in the block for scale-out PC.
Default: 7
--min_ips_single_node
Minimum IPs needed in the block for single node PC.
Default: 2
--min_memory_for_upgrading_three_tier_pc
Minimum installed memory on PC needed to upgrade legacy 3-tier PC.
Default: 26
--min_pc_memory_for_cmsp
Minimum installed memory on PC needed to enable CMSP.
Default: 16
--msp_api_url
Base URL for MSP APIs.
Default: http://localhost:2082/msp
--msp_backbone_disk
Device path for MSP backbone disk. For e.g. /dev/sde
--msp_backbone_disk_component
Component name for persistent storage disk for msp backbone services.
Default: msp_backbone
--msp_backbone_disk_path
Path to persistent storage disk for msp backbone services (etcd, registry).
Default: /home/nutanix/data/msp-backbone-storage
--msp_backbone_disk_size
MSP backbone disk size. Value should match as seen using lsblk command
Default: 260G
--msp_bundle_absolute_path
Absolute path of the MSP bundle in the LCM server
Default: /var/www/html/release/builds/msp-builds
--msp_bundle_relative_path
Relative path of the MSP bundle in the LCM server
Default: /builds/msp-builds
--msp_controller_start_timeout
Timeout for MSP controller service to come up.

AOS | Controller VM Commands | 238

Default: 1800
--msp_controller_start_wait
Wait time for MSP controller service to come up.
Default: 180
--msp_temp_location
Location to extract MSP package.
Default: /home/nutanix/msp_preupgrade
--msp_volume_plugin_name
Name of CMSP volume plugin
Default: nutanix:latest
--mspctl_path
Path to mspctl on PC.
Default: /usr/local/nutanix/cluster/bin/mspctl
--pc_cmsp_services_zk_path
ZK path for overriding list of PC services to be registered on C-MSP.
Default: /appliance/logical/genesis/pc_services_cmsp_list
--pc_disk_component
Component name for additional disk on PC.
Default: msp
--pc_disk_label
Label for CMSP storage partition on pc disk.
Default: MSP
--pc_disk_path
Path to additional persistent storage disk on PC.
Default: /home/nutanix/data/sys-storage
--pc_disk_size_mb
Size of additional persistent storage disk on PC.
Default: 102400
--quay_endpoint
Quay endpoint
Default: https://quay.io
--registry_partition_label
Label for registry partition on msp backbone disk.
Default: cmsp_registry
--registry_partition_size_mb
Size of registry partition.
Default: 102400
--set_airgap_url
Force Airgap URL using flag
Default: false

AOS | Controller VM Commands | 239

--skip_migration_prechecks
Skip prechecks for migration
Default: false
--skip_msp_cluster_upgrade_precheck
Skip MSP cluster upgrade checks
Default: true

cluster.client.cmsp.utils
--kubeconfig_path
path to file to be used as kubeconfig for kubectl commands
Default: /home/nutanix/.kf.cfg
--msp_api_retry_count
retry count for calling msp controller APIs
Default: 5
--msp_api_retry_interval_secs
time between retries for msp controller APIs in seconds
Default: 10

cluster.client.consts
--ahv_gateway_ca_certificate_path
Location of the CA certificate on host for AHV Gateway.
Default: /etc/ahv-gateway/certs/ca.crt
--ahv_gateway_ca_upload_certificate_path
Location of the CA certificate to upload to via ssh.
Default: /etc/ahv-gateway/certs_upload_ssh/ca.crt
--ahv_gateway_client_temp_ca_cert_location
Location of the temporary CA certificate for the AHV Gateway client
Default: /home/nutanix/certs/AHVGWTempCerts/CA_ahvgw_temp.crt
--ahv_gateway_client_temp_cert_location
Location of the temporary certificate for the AHV Gateway client
Default: /home/nutanix/certs/AHVGWTempCerts/ahvgw_client_temp.crt
--ahv_gateway_client_temp_key_location
Location of the temporary key for the AHV Gateway client
Default: /home/nutanix/certs/AHVGWTempCerts/ahvgw_client_temp.key
--ahv_gateway_server_cert_location
Location of the AHV gateway certificate.
Default: /etc/ahv-gateway/certs/servercert.crt
--ahv_gateway_server_key_location
Location of the AHV gateway key.
Default: /etc/ahv-gateway/certs/serverkey.pem
--ahv_gateway_server_upload_cert_location

AOS | Controller VM Commands | 240

Location of the AHV gateway certificate to upload to via ssh.
Default: /etc/ahv-gateway/certs_upload_ssh/servercert.crt
--ahv_gateway_server_upload_key_location
Location of the AHV gateway key to upload to via ssh.
Default: /etc/ahv-gateway/certs_upload_ssh/serverkey.pem
--allow_hetero_sed_node
Flag that can be set by an SRE to let a node have a mix of sed and non-sed disks.
Default: true
--app_deployment_progress_zknode
Zknode to use for deployment state machine
Default: /appliance/logical/app_deployment_progress
--app_deployment_proto_zknode
Zknode to use for deployment state machine
Default: /appliance/logical/app_deployment_info
--authn_enabled
Boolean signifying if the service authn feature is enabled in the current NOS
Default: true
--auxiliary_config_json_path
Path to the auxiliary_config.json file
Default: /etc/nutanix/auxiliary_config.json
--backplane_physical_segmentation_support
Boolean to control whether to enable/disable Physical segmentation for Backplane feature
Default: true
--backplane_segmentation_on_dvs_support
Boolean to control whether to enable/disable Backplane segmentation on DVS feature
Default: true
--blockstore_only_low_endurance_disks
Supports low endurance as valid drives for blockstore enablement.
Default: true
--boot_size
Size of the root partition in bytes.
Default: 20969472
--boot_size_extra_alignment
Extra alignment size of the root partition in bytes.
Default: 41943040
--build_last_commit_date_path
Path to the file that contains the local release version's last commit date.
Default: /etc/nutanix/build_last_commit_date
--bulk_esx_vm_shutdown_time
Time allowed for bulk concurrent ESX power operations

AOS | Controller VM Commands | 241

Default: 180
--ca_trust_anchor_path
Zookeeper path where pki CA certs are stored.
Default: /appliance/logical/pki_ca_certs
--cassandra_health_znode
Zookeeper node where each cassandra creates an ephmeral node indicating it is currently
available.
Default: /appliance/logical/health-monitor/cassandra
--clean_debug_data
If 'clean_debug_data' is True, then when we destroy a cluster we will also remove the logs,
binary logs, cached packages, and core dumps on each node.
Default: false
--cloud_config_json_path
Path to json file storing information about the cloud configuration of the cluster
Default: /etc/nutanix/cloud_config.json
--cloud_config_znode
Zookeeper node base path containing the cloud configuration of the cluster.
Default: /appliance/physical/cloud_config
--cloud_disk_mount_name_prefix
Default cloud disk mount name prefix.
Default: cloud_disk_
--cloud_disk_size_bytes
Size of cloud disk to be added to the cluster in bytes.
Default: 9007199254740991
--cloud_init_network_conf_file
Path to the cloud init network configuration file.
Default: /etc/cloud/cloud.cfg.d/99_network_config.cfg
--cloud_storage_tier_random_io_priority
Random IO priority on cloud disks.
Default: 6
--cloud_storage_tier_sequential_io_priority
Sequential IO priority on cloud disks.
Default: 6
--cloud_storage_tiering_enabled
Flag to enable cloud storage tier.
Default: false
--cluster_create_access_key_file
Path to file containing cluster create access key
Default: /etc/nutanix/cluster_create_access_key.pub
--cluster_create_password_enforcement

AOS | Controller VM Commands | 242

Boolean to control the mandatory nature of password update as part of cluster create
Default: false
--cluster_create_password_sync_marker
Path to marker file to indicate that cluster create triggered on this node.
Default: /home/nutanix/.cluster_create_password_sync
--cluster_create_security_opts
Enable cluster create security features and enforce security settings at cluster creation
time
Default: true
--cluster_disabled_services
Zookeeper node where a service profile is represented asthe set of services to disable.
Default: /appliance/logical/cluster_disabled_services
--cluster_hibernate_task_status_znode
Location in Zookeeper where we keep the current status of cluster hibernation task as
tracked by different components.
Default: /appliance/logical/cluster_hibernate_task_status
--command_timeout_secs
Number of seconds to spend retrying an RPC request.
Default: 180
--compute_only_enabled
Boolean signifying CO feature support in current NOS
Default: true
--compute_only_log_dir
Directory containing logs relating to compute only nodes
Default: /home/nutanix/data/logs/compute_only
--convert_cluster_zknode
Holds information about cluster conversion operations and current status for each node.
Default: /appliance/logical/genesis/convert_cluster
--csr_cn_entry
Common name to use instead of <node_uuid>.nutanix.com
--csr_cn_suffix
Suffix to use instead of nutanix.com when creating CSR
Default: nutanix.com
--cvm_certs_file
File containing SSL certs of all CVMs in the cluster.
Default: /home/nutanix/ssh_keys/cvm_certs
--cvm_power_off_timeout_secs
Default CVM shutdown timeout in secs.
Default: 500
--cx4_rdma_support

AOS | Controller VM Commands | 243

Boolean to control whether to enable/disable CX4 RDMA feature
Default: true
--default_cvm_password
Default password for the CVM.
Default: nutanix/4u
--default_cvm_port
Default PE IP Port on PC.
Default: 9440
--default_disable_services_file
Path to the default_disabled_services.json file.
Default: /home/nutanix/config/genesis/service_profiles/default_disabled_services.json
--default_esx_password
Default password for the ESX hypervisor.
Default: nutanix/4u
--default_max_sectors_kb
Default value for max_sectors_kb size for disks is set to512, unless SSD block_params in
hcl.json overrides it
Default: 512
--default_upgrade_info_zknode
Location in a zookeeper where we keep the Upgrade node information.
Default: /appliance/logical/upgrade_info/nos
--degraded_node_policy_dir
Zookeeper directory where we store the degraded_node_policy
Default: /appliance/logical/zookeeper-monitor
--degraded_node_policy_path
Zookeeper location to store the degraded node shutdown policy.
Default: /appliance/logical/zookeeper-monitor/degraded_node_policy
--deployment_container_name
Name for the private container for app images.
Default: NutanixManagementShare
--deployment_info_zknode
Zknode to keep download info related to uvm deployments
Default: /appliance/logical/deployment_info
--disable_cloud_only_repartition_disk_check
If True, we do not check for cloud environment for auto-repartition.
Default: false
--disable_cluster_sync_marker_path
Path of the marker to disable Cluster Sync.
Default: /home/nutanix/.disable_cluster_sync
--disable_external_ssh

AOS | Controller VM Commands | 244

If True, external SSH access using the password or SSH keys added via prism will be
disabled.
Default: false
--disable_external_ssh_marker
Marker file used to denote that the external ssh connections be disabled.
Default: /home/nutanix/.disable_external_ssh
--disable_remote_tunnel_marker
Marker file used to denote that the remote tunnel should be disabled.
Default: /home/nutanix/.disable_remote_tunnel
--disable_set_irq_affinities
Boolean to control whether to enable/disable AOS setting of irq_affinities
Default: false
--disable_xps_driver
Boolean to control whether to enable/disable XPS driver
Default: true
--discover_scsi_emulated_nvme
When True, the SCSI emulated NVMe's are discovered.
Default: true
--disk_diagnostics_asup_path
Path for disk diagnostics ASUP data.
Default: /home/nutanix/data/serviceability/disk_diagnostics_run.json
--disk_size_skew_pct_threshold
Skew threshold (%) for max and min size of disk_size. If the skew computed during a disk
addition is determined to be outside the threshold, the extent store size of the disk will be
modified to avoid any performance issues.
Default: 15
--diskservice_add_disks_forced_response
If set to True, disk_service would always respond back to the add_disks RPC successfully.
Default: False.
Default: false
--diskservice_add_disks_retry_count
Tries to add disks to cluster.
Default: 3
--diskservice_add_disks_rpc_timeout_secs
Timeout of add_disks RPC. Default: 600 secs.
Default: 600
--dont_configure_hades_marker_path
Path of the marker to disable call to Hades configure(), Hades will be configured when this
file is deleted.
Default: /home/nutanix/.dont_configure_hades
--dual_stack_network_support

AOS | Controller VM Commands | 245

Flag to control IPv4/IPv6 dual stack support
Default: true
--e2fsck_legacy
When set to True, e2fsck legacy is used, i.e., e2fsck -y.
Default: false
--enable_cluster_hibernate_resume
This flag will enable/disable Hibernate Resume feature on CVM. Set to False by default,
thereby disabling the RPC in Genesis for initiating the Hibernation or Resume workflow.
Default: false
--enable_concurrent_operations
Flag to control the concurrent operations feature with respect to expand cluster for cloud
substrates only.
Default: false
--enable_disk_offline_alert
Flag to enable/disable disk offline alert.
Default: true
--enable_hades_auto_repartition_disk
When True, Hades repartitions and adds the disks instead of disk_operator.
Default: false
--enable_hades_disk_proto_update_random_time_delay
Flag to enable/disable random time delay in updating disks in proto.
Default: false
--enable_hugepages_only_for_spdk
Enable hugespages only if SPDK is enabled. For non-SPDK clusters, do not enable
hugepages.
Default: false
--enable_hyperv_internal_switch_ha_monitoring
Flag that can be set by an SRE to disable the HyperV HA algorithm of monitoring the
internal switch health.
Default: true
--enable_legacy_aplos_uwsgi_stack
If True, then the legacy Aplos stack with uwsgi is started. If False, v3 APIs are routed
through Mercury.
Default: false
--enable_low_endurance_oplog_store
Supports low endurance as valid drives for oplog selection.
Default: false
--enable_max_node_guardrails
Blanket gflag for max nodes guardrails in AOS code. Nutanix support or engineering could
choose to disable this if needed for generational upgrades.
Default: true

AOS | Controller VM Commands | 246

--enable_network_configuration_keeper
Switch to enable/disable network configuration keeper
Default: true
--enable_parallel_npe_support
Switch to enable/disable Parallel NPE support
Default: true
--enable_replace_node_cassandra_skew_fix
This flag will enable/disable Cassandra skew fix in replace node operation.
Default: false
--enable_sed_clean_disks_parallel
Run clean disks on SEDs in parallel.
Default: false
--enable_storage_tier_eligibility_check
Allow storage tier eligibility rules to be checked before disk state operation, for ex: disk
addition done in Hades. Default: True.
Default: true
--ergon_register_name
Name of component to be registered with ergon service.
Default: kGenesis
--esx_cvm_backplane_portgroup
Portgroup for backplane interface created in CVM.
Default: CVM Backplane Network
--esx_dvs_portgroup_marker
String identifier for DVS/NSX-T based portgroup
Default: dvs:
--esx_external_vswitch
External vswitch name in ESX host.
Default: vSwitch0
--esx_host_backplane_portgroup
Portgroup for backplane interface created in ESXi host.
Default: Backplane Network
--esx_port_key_external_id_marker
String identifier for external ID
Default: extId:
--expand_cluster_info_znode
Location in Zookeeper where we keep the info for nodes to be added.
Default: /appliance/logical/expand_cluster_info
--expand_cluster_npe_status
Zookeeper node to track NPE progress from Expand Cluster
Default: /appliance/logical/expand_cluster/npe

AOS | Controller VM Commands | 247

--expand_cluster_status_znode
Location in Zookeeper where the list for nodes which are currently being added by Genesis
are kept.
Default: /appliance/logical/genesis/npe/expand_cluster_status
--expand_cluster_whitelist_znode
Location in Zookeeper where we keep the whitelist containing allowed hypervisors for
imaging new nodes.
Default: /appliance/logical/expand_cluster_whitelist
--expand_npe_enabled
Switch to enable/disable NPE for Expand Cluster
Default: true
--experimental_allow_g4_g5_in_same_block
Flag to disable the check for G4 and G5 nodes comingling in the same block.
Default: false
--external_switch_rename_enabled
Feature enable / disable flag for External Switch rename support on HyperV.
Default: False
--fail_hades_config_on_pmem_partition_failure
If True, we fail the Hades configure RPC if any of the PMEM device partition fail.
Default: false
--fail_hades_config_on_repartition_failure
If True, we fail the Hades configure RPC should any of the auto-repartition fail.
Default: false
--fail_hades_config_on_stale_pmem_removal_error
If True, we fail the Hades configure RPC if stale PMEM device removal fail.
Default: false
--fatal_on_ratio_violation
Raise the fatal in Hades of ratio is not met for blockstore enablement.
Default: false
--firmware_config_json_path
Path to json file storing information about firmware of hardware devices such as BIOS and
BMC.
Default: /etc/nutanix/firmware_config.json
--firmware_installer_storage
Directory where the firmware installer is located.
Default: /home/nutanix/data/installer/firmware
--firmware_upgrade_fatal_failure
Firmware upgrade failed and hardware is not working.
Default: fatal
--firmware_upgrade_params_znode
Zookeeper location to store firmware upgrade parameters.

AOS | Controller VM Commands | 248

Default: /appliance/logical/upgrade_info/firmware_upgrade_params
--firmware_upgrade_recoverable_failure
Firmware upgrade failed but hardware is functioning ok.
Default: recoverable
--firmware_znode
Zookeeper node where we keep firmware upgrade information.
Default: /appliance/logical/genesis/firmware
--foundation_installer_dir
Path at which the foundation installer is present.
Default: /home/nutanix/software_downloads/foundation
--foundation_port
Port on which foundation service listens.
Default: 8000
--foundation_uncompress_path
Location for uncompressing foundation package.
Default: /home/nutanix/software_uncompressed/foundation/
--foundation_upgrade_flock_path
Path to the flock in order that must be acquired before running the foundation upgrade
script.
Default: /home/nutanix/foundation_upgrade_lock
--foundation_upgrade_info_znode
Location in a zookeeper where we keep the foundationUpgrade node information.
Default: /appliance/logical/upgrade_info/foundation
--foundation_upgrade_installer_dir
Directory where all foundation upgrade related packages are stored.
Default: /home/nutanix/data/installer/foundation
--foundation_upgrade_params_znode
Zookeeper location to store foundation upgrade paramteters.
Default: /appliance/logical/upgrade_info/foundation_upgrade_params
--foundation_url_port
Foundation service port.
Default: 8000
--foundation_version
Zookeeper location to store foundation version.
Default: /appliance/logical/foundation/version
--frozen_mounts_file
Path to the file that indicates that Nutanix mountpoints are currently frozen.
Default: /tmp/frozen_nutanix_mounts
--gateway_rpc_timeout_secs
Timeout for each gateway RPC.

AOS | Controller VM Commands | 249

Default: 60
--gateway_server_jsonrpc_url
URL of the JSON RPC handler on the Gateway HTTP server.
Default: /jsonrpc
--gateway_server_port
Port that the Genesis Gateway server listens on
Default: 2200
--genesis_bin_dir
Directory where all of the Genesis scripts are located.
Default: /home/nutanix/cluster/bin
--genesis_cert_location
Location of genesis service certificate file
Default: /home/certs/GenesisService/GenesisService.crt
--genesis_cluster_manager_path
Zk path for healthy genesis node list
Default: /appliance/logical/pyleaders/genesis_cluster_manager
--genesis_gateway_server_state_zk_dir
Path to zookeeper directory where state of genesis gateway server for each CVM is stored
Default: /appliance/logical/genesis/gateway_server_state
--genesis_jsonrpc_url
URL of the JSON RPC handler on the Genesis HTTP server.
Default: /jsonrpc
--genesis_key_location
Location of genesis service key file
Default: /home/certs/GenesisService/GenesisService.key
--genesis_libs
Directory where genesis libraries are located.
Default: /home/nutanix/cluster/lib
--genesis_path
Path to genesis command on SVMs.
Default: /home/nutanix/cluster/bin/genesis
--genesis_port
Port that Genesis listens on.
Default: 2100
--genesis_restart_required_path
Marker file to indicate that genesis restart is required during upgrade.
Default: /home/nutanix/.genesis_restart_required_path
--genesis_rpc_timeout_secs
Timeout for each Genesis RPC.
Default: 60

AOS | Controller VM Commands | 250

--genesis_venv
Directory where genesis virtualenv is located
Default: /home/nutanix/cluster/.venv
--genesis_wal_zk_path
Path to zknode that will be used as a wal to implement any genesis operations
idempotently.
Default: /appliance/logical/genesis/_genesis_wal
--hades_block_store_experimental_sleep_secs_before_zeus_config_update
Experimental gflag to sleep before updating the blockstore info in zeus config for
blockstore disks.
Default: 0
--hades_config_znode_dir
Parent zookeeper directory for hades config per CVM.
Default: /appliance/physical/hades/configuration
--hades_disks_proto_random_delay_ms
Random delay in Hades to update the disks proto.
Default: 20
--hades_location
Location of Hades binary.
Default: /usr/local/nutanix/bootstrap/bin/hades
--hades_mixed_capacity_enabled
Flag to enable mixed capacity support on the node.
Default: true
--hades_retry_count
Default retry count.
Default: 5
--hades_znode_dir
Parent zookeeper directory for hades information.
Default: /appliance/physical/hades
--hardware_config_json_path
Path to the hardware_config.json file.
Default: /etc/nutanix/hardware_config.json
--hardware_config_znode_path
Zookeeper node base path containing the hardware configurations of each node.
Default: /appliance/physical/hardware_configs
--hcl_json_path
Path to the hcl.json file.
Default: /etc/nutanix/hcl.json
--health_monitor_znode
Zookeeper node where ephmeral nodes of services are created.

AOS | Controller VM Commands | 251

Default: /appliance/logical/health-monitor
--hibernate_cloud_storage_tier_prefix
Default storage tier prefix for cloud disks used for hibernate/resume.
Default: CLOUD-Hibernate-
--hibernate_cluster_info_znode
Location in Zookeeper where we persist the info required for cluster hibernation.
Default: /appliance/logical/hibernate_cluster_info
--hibernate_workflow_status_znode
Location in Zookeeper where we persist the status of cluster hibernation operation. This is
where the hibernation workflow state machine details are saved.
Default: /appliance/logical/genesis/hibernate_workflow_status
--home_nutanix_size
Size of /home/nutanix partition in bytes.
Default: 83884032
--home_nutanix_size_extra_alignment
Extra alignment size of /home/nutanix partition in bytes.
Default: 83886080
--host_bootdisk_repair_preprocess_znode
Location in Zookeeper where the status of the host bootdisk repair preprocess is kept.
Default: /appliance/logical/genesis/host_bootdisk_preprocess
--host_bootdisk_repair_status_znode
Location in Zookeeper where the status of the host bootdisk repair is kept.
Default: /appliance/logical/genesis/host_bootdisk_repair_status
--host_bundle_name
Base name of the host bundle to be copied to other CVM and hosts.
Default: host-bundle
--host_client_cert_location
Location of the libvirt certificate to use when establishing a connection.
Default: /etc/pki/libvirt/clientcert.pem
--host_client_key_location
Location of the libvirt key used when establishing a connection.
Default: /etc/pki/libvirt/private/clientkey.pem
--host_server_cert_location
Location of the libvirt certificate used when accepting clients.
Default: /etc/pki/libvirt/servercert.pem
--host_server_key_location
Location of the libvirt key used when accepting clients.
Default: /etc/pki/libvirt/private/serverkey.pem
--host_upgrade_flock_path
Path to the flock in order that must be acquired before running host upgrade

AOS | Controller VM Commands | 252

Default: /tmp/host_upgrade_lock
--host_upgrade_installer_dir
Directory where all hypervisor upgrade related bundle are stored.
Default: /home/nutanix/data/installer/hypervisor/
--host_znode
Zookeeper node where we keep the host related dataof the cluster.
Default: /appliance/logical/genesis/hypervisor
--hpssacli_location
Location of hpssacli utility.
Default: /usr/local/nutanix/cluster/lib/hp/hpssacli
--hyperv_details_znode
Location in Zookeeper where we keep the HyperV details, like domain info, failover cluster
info, used when adding new hyperv nodes to cluster.
Default: /appliance/logical/genesis/hyperv_details
--hyperv_external_vswitch_name
Default name of the network switch for Hyper-V's external network.
Default: ExternalSwitch
--hyperv_failed_internal_switch_health_znode
Zookeeper node where genesis on each node monitors the health of their internal switch
and publishes if bad.
Default: /appliance/logical/genesis/hyperv_failed_internal_switch_health
--hyperv_host_backplane_adapter
Backplane Adapter created in Hyperv host.
Default: Backplane
--hyperv_internal_adapter_macaddr
MAC address of the internal network adapter connected to the CVM in Hyper-V nodes.
Default: 00:15:5D:00:00:80
--hyperv_internal_vswitch_name
Default name of the network switch for Hyper-V's internal network.
Default: InternalSwitch
--hyperv_lsiutil_relative_path
Path of the LSIUtil utility in a Hyper-V node relative to the Nutanix directory.
Default: \Utils\LSIUtil.exe
--hyperv_megacli64_relative_path
Path of the MegaCli64 utility in a Hyper-V node relative to the Nutanix directory.
Default: \Utils\MegaCli64.exe
--hyperv_powershell_path
The path to the powershell binary on the Hyper-V host.
Default: ${env:windir}\System32\WindowsPowerShell\v1.0\powershell.exe
--hyperv_sas2ircu_relative_path

AOS | Controller VM Commands | 253

Path of the sas2ircu utility in a Hyper-V node relative to the Nutanix directory.
Default: \Utils\sas2ircu.exe
--hyperv_sas3ircu_relative_path
Path of the sas3ircu utility in a Hyper-V node relative to the Nutanix directory.
Default: \Utils\sas3ircu.exe
--hyperv_sg_raw_path
Path to the utility to allow sg_raw on Hyper-V clusters.
Default: /home/nutanix/bin/winsg_raw
--hyperv_sg_scan_relative_path
Path of the sg_scan utility in a Hyper-V node relative to the Nutanix directory.
Default: \Utils\sg_scan.exe
--hyperv_sg_ses_relative_path
Path of the sg_ses utility in a Hyper-V node relative to the Nutanix directory.
Default: \Utils\sg_ses.exe
--hyperv_upgrade_min_space
Minimum space required for hyperv host upgrade.
Default: 6291456
--hyperv_upgrade_status_znode
Location where the status of the hyperv upgrade is kept.
Default: /appliance/logical/genesis/hyperv_upgrade_status
--hypervisor_ca_certificate_path
Location of the CA certificate used on the AHV host.
Default: /etc/pki/CA/cacert.pem
--hypervisor_ilorest_bin_path
Path of ilorest utility bin on hypervisor
Default: /usr/bin/ilorest
--hypervisor_ilorest_lib_path
Path of ilorest utility lib on hypervisor
Default: /lib64/ilorest_chif.so
--hypervisor_imaging_foundation_zknode
Holds IP address of CVM which needs to be reimaged using foundation service.
Default: /appliance/logical/genesis/hypervisor_imaging/foundation
--hypervisor_imaging_zknode
Holds details of the node which needs to be reimaged using foundation service.
Default: /appliance/logical/genesis/hypervisor_imaging
--hypervisor_installer_dir
Path at which various hypervisor installer tarballs are kept.
Default: /home/nutanix/software_downloads/hypervisor
--hypervisor_installer_info_znode
Location in Zookeeper where we keep the info about the hypervisor installers.

AOS | Controller VM Commands | 254

Default: /appliance/logical/software_info/hypervisor_installer
--hypervisor_release_version_path
File on hypervisor that contains the local AHV version.
Default: /etc/nutanix-release
--infra_acropolis_proxy_server_port
The Acropolis Proxy (Narsil) server port.
Default: 2036
--infra_enable_ahv_vm_serialization
Whether to enable serialization of calls to Acropolis from Infra through Acropolis Proxy
Service.
Default: true
--installer_foundation_version_path
Path to file containing the foundation version that was used for imaging
Default: /etc/nutanix/foundation_version
--installer_phoenix_version_path
Path to file containing the phoenix version that was used for imaging
Default: /etc/nutanix/phoenix_version
--installer_storage
Directory where the installer is located.
Default: /home/nutanix/data/installer
--ip6_dynamic_addr_support
Boolean to control auto detection of ipv6 address on eth0 of the CVM
Default: true
--ip6tables_backup_path
Path to the backup of ip6tables file
Default: /home/nutanix/config/salt_templates/ip6tables.backup
--ip6tables_path
Path to the ip6tables file
Default: /etc/sysconfig/ip6tables
--iptables_backup_path
Path to the backup of iptables file
Default: /home/nutanix/config/salt_templates/iptables.backup
--iptables_path
Path to the iptables file
Default: /etc/sysconfig/iptables
--journal_logs_fstab_entry
Mount options while binding journal_logs_mount_path to /var/log/journal
Default: /var/log/journal none defaults,noexec,rw,seclabel,bind,nosuid,noatime,nodev 0 2
--journal_logs_mount_path
Path where /var/log/journal is bind in home partition

AOS | Controller VM Commands | 255

Default: /home/log/journal
--key_management_server_test_result
Path to zknode that will store key management server test results.
Default: /appliance/logical/genesis/kms_test_result
--kmip_user_id
Username to insert into certificate signing request.
Default: nutanix
--kvm_external_virtual_switch
External virtual switch name in KVM host.
Default: vs0
--kvm_external_vswitch
External vswitch name in KVM host.
Default: br0
--kvm_host_backplane_interface
Backplane interface created in KVM host.
Default: br0-backplane
--large_partitions_flag
If larger partitions are enabled on this installation.
Default: false
--large_pc_memory_max_size_gb
The upper limit of memory size to check if PC is large PC.
Default: 57
--license_file_zknode
Path to the zookeeper node that contains the cluster license information.
Default: /appliance/logical/license/license_file
--local_ahv_mnvcli_path
Path of mnvcli utility
Default: /usr/local/nutanix/cluster/lib/Linux/mnv_cli
--local_ahv_mvcli_path
Path of mvcli utility
Default: /usr/local/nutanix/cluster/lib/Linux/mvcli
--local_esx_mnvcli_path
Path of mnvcli utility
Default: /usr/local/nutanix/cluster/lib/esx5/mnv_cli
--local_esx_mvcli_path
Path of mvcli utility
Default: /usr/local/nutanix/cluster/lib/esx5/mvcli
--local_hyperv_mnvcli_path
Path of mnv_cli utility
Default: /usr/local/nutanix/cluster/lib/hyperv/mnv_cli.exe

AOS | Controller VM Commands | 256

--local_hyperv_mvcli_path
Path of mvcli utility
Default: /usr/local/nutanix/cluster/lib/hyperv/mvcli.exe
--local_ilorest_esx_bin_path
ilorest utility binary path for esx
Default: /usr/local/nutanix/cluster/lib/hpe_ilo/esx/ilorest
--local_ilorest_esx_lib_path
ilorest utility lib path for esx
Default: /usr/local/nutanix/cluster/lib/hpe_ilo/esx/ilorest_chif.so
--local_ilorest_kvm_bin_path
ilorest utility binary path for kvm
Default: /usr/local/nutanix/cluster/lib/hpe_ilo/kvm/ilorest
--local_ilorest_kvm_lib_path
ilorest utility lib path for kvm
Default: /usr/local/nutanix/cluster/lib/hpe_ilo/kvm/ilorest_chif.so
--local_timezone_path
Path to the file that contains the local timezone.
Default: /etc/localtime
--logpipe_path
Path to logpipe.
Default: /home/nutanix/bin/logpipe
--low_water_mark_file
File where the time manager logs the time every minute
Default: /home/nutanix/.low_water_mark.json
--manual_discovery_timeout_secs
Timeout for manual discovery API.
Default: 30
--max_concurrent_esx_powerops
Max concurrent ESX VM power operations
Default: 50
--max_foundation_active_sessions
Max number of active foundation sessions allowed
Default: 2
--max_nodes_supported_by_aos
Maximum number of nodes supported by AOS cluster.
Default: 48
--max_nodes_supported_on_ahv_cluster
Maximum number of nodes supported on a cluster with AHV nodes
Default: 32
--max_nodes_supported_on_esx_cluster

AOS | Controller VM Commands | 257

Maximum number of nodes supported on a cluster with ESX nodes
Default: 48
--max_nodes_supported_on_hyperv_cluster
Maximum number of nodes supported on a cluster with HyperV nodes
Default: 16
--max_pe_nodes_registration_supported_to_pc
Maximum number of Prism Elements registration supported.
Default: 400
--mem_nvme_storage_tiering_enabled
Flag to enable memory device storage tiering.
Default: true
--min_disk_space_gb_new_vdisk_pc_upgrade
Minimum space (GB) required on the hosting PE for adding new vdisk dedicated for PC
upgrade
Default: 30
--min_ext4_ratio_pct
Percentage of total EXT4 disk statfs size to total node disk statfs size.
Default: 5
--min_pe_version_cmsp_pcdr_recovery
Minimum version of PE for PC DR recovery.
Default: 6.5.3
--min_vcpu_large_pc
Minimum PC Large CPU size
Default: 10
--min_vcpu_small_pc
Minimum PC Small CPU size
Default: 6
--min_vcpu_xlarge_pc
Minimum PC Xlarge CPU size
Default: 14
--minimum_disk_size_in_gb_for_extra_alignment
Minimum disk size required in GB to add extra alignment.
Default: 2048
--mount_dir
Path of storage dir where disk should be mounted
Default: /home/nutanix/data/stargate-storage/disks
--multiq_vcpu_threshold
Minimum number of vcpus required to balance IRQs for 8 queues
Default: 16
--ncc_pre_upgrade_timeout

AOS | Controller VM Commands | 258

The number of seconds for NCC initialization during pre-upgrade. This will be added to the
total timeout of the plugins.
Default: 180
--ncli_add_node_enabled
Switch to enable/disable ncli add-node feature
Default: false
--ndfs_path_prefix
Prefix path of ndfs file
Default: ndfs:///
--ndp_timeout_secs
Timeout for hitting NDP manually.
Default: 20
--node_in_firmware_upgrade_znode
This node exists if some node is undergoing firmware upgrade of hardware components. It
stores information about that node.
Default: /appliance/logical/genesis/firmware/upgrade_node
--node_reconfigure_marker
Path to marker file to indicate that this node should be reconfigured.
Default: /home/nutanix/.node_reconfigure
--node_remove_ack_znode
Location in Zookeeper to persist node remove ack bit
Default: /appliance/logical/genesis/node_remove_ack
--node_shutdown_token_priority_list
Location in Zookeeper where we keep list of svm ips which are given preference for token.
Default: /appliance/logical/genesis/node_shutdown_priority_list
--non_ha_vm_info
Location where the non-HA VMs configuration file path is stored
Default: /appliance/logical/genesis/non_ha_vm_info
--nos_installer_dir
Path at which NOS installer tarballs are kept.
Default: /home/nutanix/software_downloads/nos
--nos_tar_timeout_secs
Timeout in secs for tarring nos package
Default: 3600
--npe_enabled
Flag to enable/disable NPE feature in the cluster
Default: true
--npe_info_znode
Intent znode to start NPE statemachine
Default: /appliance/logical/npe_info

AOS | Controller VM Commands | 259

--npe_status_znode
Location in Zookeeper to persist NPE current operation status for nodes
Default: /appliance/logical/genesis/npe_status
--ns_backplane_config_zknode
Location in Zookeeper where the backplane segmentation config is kept.
Default: /appliance/logical/genesis/ns/configuration
--ns_backplane_dvs_portkey_map_znode
Location in Zookeeper where the DVS portkeys for all the vmknics are stored.
Default: /appliance/logical/genesis/ns/backplane_dvs_portkey_map
--ns_child_params_zknode
Location in Zookeeper where the child params for service network segmentation is kept.
Default: /appliance/logical/genesis/ns/child_params
--ns_config_zknode
Location in Zookeeper where the services specific network segmentation config is kept.
Default: /appliance/logical/genesis/ns/services_config
--ns_ip_pools_znode
Location in Zookeeper where the IP Pools for Service Segmentation are stored.
Default: /appliance/logical/genesis/ns/ip_pools
--ns_op_zknode
Location in Zookeeper where the network segmentation operation parameters and status
are kept.
Default: /appliance/logical/genesis/ns/params
--ntp_external_netif
Network interface of SVM for communicating with NTP server.
Default: all
--num_retries_to_update_cloud_disks_to_zeus_proto
Number of retries to commit the cloud disk info to zeus proto.
Default: 20
--nutanix_bin_dir
Path to the nutanix bin folder.
Default: /home/nutanix/bin
--nutanix_binary_log_dir
Directory containing binary logs.
Default: /home/nutanix/data/binary_logs
--nutanix_core_dir
Directory containing core dumps of all Nutanix binaries.
Default: /home/nutanix/data/cores
--nutanix_data_dir
Path to the nutanix data folder.
Default: /home/nutanix/data

AOS | Controller VM Commands | 260

--nutanix_default_ssh_key
Nutanix default SSH key used for logging into SVM.
Default: /home/nutanix/ssh_keys/nutanix
--nutanix_home
Nutanix home directory.
Default: /home/nutanix
--nutanix_lock_dir
Directory containing Nutanix service lock files.
Default: /home/nutanix/data/locks
--nutanix_storage_dir
Nutanix stargate storage disks directory
Default: /home/nutanix/data/stargate-storage/disks
--nvme_namespace_resize_enabled
If True, performs NVMe namespace resize for supportedNVMe disk on supported
platforms.
Default: false
--nvme_namespace_resize_intent_dir
Directory to create intent files during NVMe namespace resize.
Default: /home/nutanix/data/stargate-storage/nvme_namespace_resize_intents
--nvme_sed_support_enabled
Flag to enable or disable NVMe SED
Default: false
--one_node_zookeeper_host_port_list
Host port list for zookeeper in one node cluster.
Default: zk1:9876
--password_decryption_private_key_filename
Name of private key file used for password decryption
Default: private_key.pem
--password_encryption_keypair_dir
Directory having key pair used for password encryption and decryption
Default: /etc/nutanix/cluster_enc_key
--password_encryption_public_key_filename
Name of public key file used for password encryption
Default: public_key.pem
--pc_deployment_ephemeral
Zknode to use for task tracking
Default: /appliance/logical/pc_deployment_ephemeral
--pc_installer_dir
Path at which PC installer tarballs are kept.
Default: /home/nutanix/software_downloads/prism_central

AOS | Controller VM Commands | 261

--pc_installer_storage
Directory where the installer is located in case of PC.
Default: /home/nutanix/upgrade/installer
--pc_marker_file_path
PC Marker file path
Default: /etc/nutanix/pc-marker
--pc_upgrade_disk_component
Component name for additional disk on PC.
Default: pc-upgrade
--pc_upgrade_disk_feat_enabled
Flag to enable the new vdisk addition for upgrades
Default: true
--pc_upgrade_disk_installer_dir
Path at which PC installer tarballs are kept with the new Upgrade Vdisk
Default: /home/nutanix/upgrade/software_downloads/prism_central
--pc_upgrade_disk_size_mb
Size of persistent storage disk for upgrade on PC.
Default: 30720
--pc_upgrade_disk_zk_path
Zk node that will be used as a marker to set upgrade paths in case of PC.
Default: /appliance/logical/prism/upgrade_disk
--pc_upgrade_metadata
Zknode which stores some metadata related to PC Upgrade
Default: /appliance/logical/prism/prism_central/upgrade_metadata
--pc_upgrade_path
Upgrade path for PC upgrades
Default: /home/nutanix/upgrade
--persistent_foundation_cvms_zk_path
Zookeeper node to track which cvms have foundation started in a 'persistent' mode
Default: /appliance/logical/genesis/persistent_foundation
--phoenix_firmware_installer_path
Path to the module in phoenix image which does firmware install.
Default: /phoenix/firmware_installer.py
--phoenix_firmware_installer_sh_path
Path to the shell script in phoenix image which triggers firmware install.
Default: /phoenix/firmware_installer.sh
--place_scsi_emulated_nvme_in_pcie_tier
When True, the SCSI emulated NVMe's are placed in the SSD-PCIe tier.
Default: true
--planned_outage_esx_enabled

AOS | Controller VM Commands | 262

Switch to enable/disable support for ESX Hypervisor for Planned Outage
Default: true
--planned_outage_manager_enabled
Switch to enable/disable support for Planned Outage Manager
Default: true
--planned_outage_zk_path
Expect ZK child nodes under this path that are IP addresses of nodes that are going down.
Default: /appliance/logical/genesis/planned_outage
--pmem_support
Flag indicating if PMEM support is enabled on AOS
Default: false
--precheck_framework_enabled
Switch to enable/disable precheck framework for running prechecks
Default: false
--precheck_info_znode
Intent znode to start Precheck framework's statemachine
Default: /appliance/logical/precheck_info
--precheck_status_znode
Location in Zookeeper to persist Precheck frameworks's current operation status for nodes
Default: /appliance/logical/genesis/precheck_status
--proto_rpc_active_tasks_zknode
Intent znode which has list of ongoing genesis proto rpc tasks
Default: /appliance/logical/genesis/proto_rpc_active_tasks
--ptlc_storage_tiering_enabled
Flag to enable pTLC storage tier.
Default: true
--qos_enabled
gflag to enable QoS marking for outgoing traffic
Default: true
--qos_zknode
Location in Zookeeper where qos mapping is stored.
Default: /appliance/logical/genesis/qos_info
--rate_limit_marker_zknode
Marker file to rate limit IO operations on CVM.
Default: /appliance/logical/genesis/rate_limit_marker
--release_tag_path
Path to the file that contains the local release tag.
Default: /etc/nutanix/release_tag
--release_version_path
Path to the file that contains the local release version.

AOS | Controller VM Commands | 263

Default: /etc/nutanix/release_version
--remove_cloud_data_directories
Boolean to remove cloud data directories and its contents.
Default: true
--remove_nodes_info_znode
Intent znode to start RemoveNodes statemachine
Default: /appliance/logical/remove_nodes_info
--remove_nodes_status_znode
Location in Zookeeper to persist Remove Nodes operation status for nodes
Default: /appliance/logical/genesis/remove_nodes_status
--reset_gflags_on_destroy
When performing cluster destroy, remove all gflag files.
Default: false
--resume_cluster_info_znode
Location in Zookeeper where we persist the info required to resume cluster from
hibernation.
Default: /appliance/logical/resume_cluster_info
--resume_s3_conn_check_retry_count
Max retries to check S3 connectivity in resume.
Default: 10
--resume_workflow_status_znode
Location in Zookeeper where we persist the status of resuming a cluster from hibernation.
This is where the resume workflow state machine details are saved.
Default: /appliance/logical/genesis/resume_workflow_status
--rf1_vms_task_timeout_secs
Default timeout value for tasks to handle RF1 VMs
Default: 1200
--rf1_vms_zk_path
zk path for rf1 vms
Default: /appliance/logical/genesis/rf1_vms
--rolling_restart_znode
Location in Zookeeper where the intent of rollingrestart is committed.
Default: /appliance/logical/genesis/rolling_restart_znode
--rolling_svm_update_znode
Location in Zookeeper where the intent of rollingsvm update is committed.
Default: /appliance/logical/genesis/rolling_svm_update_znode
--run_parallel
Run various operations in parallel.
Default: false
--salt_command_path

AOS | Controller VM Commands | 264

Path to the script to run salt related state changes.
Default: /srv/salt/statechange
--salt_state_configuration_directory
Directory where the current salt states are maintained.
Default: /home/saltstates
--san_list_for_csr_generation
List of pairs to use for the SAN of the node certificate, where each element in the list is in
the form of x=y
--sasircu_location
Location of sas2ircu utility.
Default: /home/nutanix/cluster/lib/lsi-sas/sas2ircu
--secure_files_zkpath
Path of the Zookeeper node storing Azure certificates.
Default: /appliance/logical/secure_files
--sed_certs_file_name
Name of the file containing list of signed certs of the node.
Default: SEDCerts.txt
--sed_flock_path
File to use as a lock to ensure orderly trusted_storage_device calls to the drives.
Default: /tmp/sed_tool_lock
--sed_status_flush_seconds
Number of seconds to wait before flushing the status of a self encrypting drive operation.
Default: 10
--sed_tool_path
Path to the self_encrypting_drive binary.
Default: /usr/local/nutanix/bin/self_encrypting_drive
--self_encrypting_drive_config_zkpath
Path to the zookeeper node where self encrypting drive configuration is stored.
Default: /appliance/logical/genesis/sed_state
--self_encrypting_drives_operation_status
Path to the zookeeper node where each drive will store it's status after an operation was
issued
Default: /appliance/logical/genesis/sed_operation_status
--service_segmentation_on_dvs_support
Boolean to control whether to enable/disable Service segmentation on DVS feature
Default: true
--service_segmentation_support
Boolean to control whether to enable/disable Service Segmentation feature
Default: true
--service_start_timeout_secs

AOS | Controller VM Commands | 265

Default timeout for waitinig for a service to start.
Default: 600
--service_status_check_interval_secs
Default interval to check a service running status.
Default: 30
--service_vm_config_json_path
Path to the service_vm_config.json file.
Default: /home/nutanix/data/stargate-storage/service_vm_config.json
--services_definition
Zookeeper node where a service profile stored.
Default: /appliance/logical/services_definition
--services_enablement_status
Zookeeper node will only contain user intentfor services's state.
Default: /appliance/logical/services_enablement_status
--set_dns_ntp_config_immutable
Whether to make the DNS and NTP conf files immutable
Default: true
--sg_raw_path
Path to the sg_raw binary.
Default: /usr/bin/sg_raw
--sg_ses_location
Location of sg_ses utility.
Default: /usr/local/nutanix/cluster/lib/sg3utils/bin/sg_ses
--single_ssd_repair_status_znode
Location in Zookeeper where the status for node which is currently being repaired by
Genesis is kept.
Default: /appliance/logical/genesis/single_ssd_repair_status
--skip_dry_run_error
Skip dry-run if it fails.
Default: false
--skip_esxi_vc_compatibility_check
Skip the ESXi VC version compatibility check.
Default: false
--skip_handling_rf1_vms
Whether to skip auto shutdown and start RF1 VMs during AOS and Host maintenance
Default: false
--skip_license_enforcement_check
Flag to control if license enforcement check needs to be run or not.
Default: false
--skip_service_fault_tolerant_check

AOS | Controller VM Commands | 266

Override option to make upgrade proceed whenfault tolerance is not normal.
Default: false
--small_pc_data_disk_size_gb
The size of the data disk for a small PC.
Default: 500
--small_pc_disk_max_size_gb
The upper limit of disk size to check if PC is small PC.
Default: 2400
--snmp_firewall_client
SNMP client for opening/closing firewall ports
Default: NutanixSnmpManager
--spdk_enabled
If True, stargate SPDK related activities are performed in Hades.
Default: true
--spdk_intent_path
Path where intent is set by spdk_setup.sh.
Default: /home/nutanix/data/stargate-storage/spdk_setup_intents
--spdk_setup_script_path
Path to the SPDK setup script.
Default: /usr/local/nutanix/bin/spdk_setup.sh
--ssd_default_rules_path
Location of the SSD udevadm rules file.
Default: /etc/udev/rules.d/999-defaultssd.rules
--ssd_read_ahead_size_kb
Read ahead size in KB for SSDs. Min: 0 Max: 256 KB
Default: 16
--ssd_rules_path
Location of the SSD udevadm rules file.
Default: /etc/udev/rules.d/99-ssd.rules
--ssd_threshold_to_enable_multiqueue_nic
Number of SSDs needed to be on the node to enable features like multi-queue
Default: 4
--ssh_key_dir
Location of ssh keys and ssl certificates
Default: /home/nutanix/ssh_keys
--ssh_security_level
Each level is inclusive of all the levels below it. 0 is default, 1 disables password
authentication, 2 disables external access entirely.
Default: 0
--ssl_terminator_genesis_config_zknode

AOS | Controller VM Commands | 267

Path for Genesis SSL terminator configuration.
Default: /appliance/logical/ssl_terminator_config/genesis_route_config
--stargate_block_store_disable_constraint
Flag to circumvent blockStore constraint check.
Default: false
--stargate_block_store_enabled
Flag to enable block store on the cluster.
Default: true
--stargate_disk_config
JSON file on stargate disk holding disk config
Default: disk_config.json
--stargate_ha_term_conn_ack_timeout_msecs
The stargate NfsTerminate ACK timeout value to be set. This is used only when there are
hyper-v nodes in the cluster. This value is set on all stargates before upgrade and also set
persistently in stargate.gflags
Default: 30000
--stargate_health_znode
Zookeeper node where each stargate creates an ephmeral node indicating it is currently
available.
Default: /appliance/logical/health-monitor/stargate
--stargate_max_system_mem_for_huge_pages_in_gb
Maximum memory that could be reserved for rest of the system except Stargate, when
Stargate is configured to use hugepages.
Default: 24
--stargate_min_cvm_memsize_for_huge_pages_in_gb
Minimum CVM memory size at which we enable hugepages support.
Default: 48
--stargate_min_system_mem_for_huge_pages_in_gb
Minimum memory that must be reserved for rest of the system except Stargate, when
Stargate is configured to use hugepages.
Default: 19
--stargate_num_huge_page_allocation_attempt
Maximum number of attempts to allocate hugepage memory before Stargate decides to
fatal.
Default: 10
--stargate_port
Port for Stargate.
Default: 2009
--stargate_system_mem_for_huge_pages_increment_gb
Amount of physical memory reserved per every 8G over
stargate_min_cvm_memsize_for_huge_pages_in_gb for the rest of the system except
Stargate, when Stargate is configured to use hugepages.

AOS | Controller VM Commands | 268

Default: 1
--svm_backplane_netif
Backplane network interface of SVM to communicate with other nodes within cluster.
Default: eth2
--svm_ca_bundle_path
Path to the CA certificate bundle file.
Default: /home/nutanix/certs/ca.pem
--svm_ca_certs_dir
Directory where CA certificates are cached on the filesystem.
Default: /home/nutanix/certs/CA_certs
--svm_certs_dir
Directory where certificates are cached on the filesystem.
Default: /home/nutanix/certs
--svm_csr_path
Path to local Svm's certificate signing request file.
Default: /home/nutanix/certs/svm.csr
--svm_eth1_mtu_size
eth1 MTU size configured in the SVMs.
Default: 1500
--svm_external_netif
External network interface of SVM to communicate with other SVMs.
Default: eth0
--svm_internal_ip
IP address of the SVM IP address on the internal Nutanix vSwitch.
Default: 192.168.5.2
--svm_internal_netif
Internal network interface of the SVM to communicate with local hypervisor.
Default: eth1
--svm_internal_sub_netif
Internal network sub-interface of the SVM to communicate with local hypervisor.
Default: eth1:1
--svm_mtu_size
eth0 MTU size configured in the SVMs.
Default: 1500
--svm_os_version
The default version of SVM os
Default: centos
--svm_private_key_path
Path to local Svm's digital certificates private key.
Default: /home/nutanix/certs/svm.key

AOS | Controller VM Commands | 269

--svm_self_signed_cert_path
Path to local Svm's self signed certificate.
Default: /home/nutanix/certs/svm.crt
--svmboot_iso_upgraded
Name of the customized svmboot iso used during AOS upgrade
Default: svmboot.iso.upgraded
--svmboot_xenserver_iso
xenserver specific svmboot -- to workaround kexec issues
Default: svmboot-415-xenserver.iso
--sys_stats_collector_pgid_file
File where the process group id of sys_stats_collector is stored.
Default: /var/tmp/sys_stats_pgid_file
--tentative_backplane_ips
Location in Zookeeper where the node tentative ips used for network segmentation would
be kept.
Default: /appliance/logical/genesis/tentative_backplane_ips
--test_lcm_rpc_enable
Flag that can be set to allow lcm to expose rpc call to automation test.
Default: false
--tiny_pc_disk_max_size_gb
The upper limit of disk size to check if PC is tiny PC.
Default: 480
--tiny_pc_swap_disk_size_gb
The size of the swap disk for a tiny PC.
Default: 8
--tiny_pc_swap_space
Flag to control the inclusion of swap space in a tiny PC.
Default: false
--tmp_trust_bootstrap_path
JSON file for trust at bootstrap
Default: /tmp/trust_bootstrap.json
--two_node_genesis_rpc_timeout_secs
Timeout for each Genesis RPC in two node clusters.
Default: 180
--two_node_zookeeper_host_port_list
Host port pair list for zookeeper in two node cluster.
Default: zk1:9876,zk2:9876
--two_node_zookeeper_timeout_secs
Timeout for zookeeper in two node clusters.
Default: 40

AOS | Controller VM Commands | 270

--upgrade_finish_flock_path
Path to the flock in order that must be acquired before running the finish script.
Default: /tmp/upgrade_finish_lock
--upgrade_flock_path
Path to the flock in order that must be acquired before running the upgrade install script.
Default: /tmp/upgrade_lock
--upgrade_info_firmware_znode
Location in a zookeeper where we keep the upgrade information for firmware upgrades
published by Prism.
Default: /appliance/logical/upgrade_info/firmware
--upgrade_info_znode
Location in a zookeeper where we keep the Upgrade node information.
Default: /appliance/logical/upgrade_info/nos
--upgrade_info_znode_dir
Parent Directory of location in a zookeeper where we keep the Upgrade node information.
Default: /appliance/logical/upgrade_info
--upgrade_params_znode
Zookeeper location to store upgrade paramteters.
Default: /appliance/logical/upgrade_info/upgrade_params
--use_default_aws_cloud_disk_size
If True, the default Amazon cloud disk size will be in use.
Default: true
--use_legacy_csr_generation
Whether to use the new CSR generation code or legacy
Default: true
--validate_cloud_disk_retry_count
Number of retries to validate cloud disks parameters and bucket connectivity.
Default: 5
--validate_ext4_total_ratio
Implement the ratio met criteria for blockstore enablement.
Default: false
--vib_based_esx_upgrade
If this is true, vib install will be used for esx upgrade else profile based upgrade will be
used.
Default: false
--vmd_led_tool
A tool that helps manage NVMe LED when CVM has access to physical root port.
Default: /usr/local/nutanix/cluster/bin/vmd_led
--vmxnet3_rx_queue_size
RX buffer size for vmxnet3.

AOS | Controller VM Commands | 271

Default: 2048
--vmxnet3_tx_queue_size
TX buffer size for vmxnet3.
Default: 512
--wait_secs_for_spdk_intents_to_clear_before_stargate_stop
Time in seconds for which genesis will wait for ongoing SPDK setup to complete before
stopping Stargate. Presence of intent files is used to detect if SPDK setup is in progress.
Default: 120
--witness_config_cache_path
Path to the witness configuration cache kept in sync by witness manager
Default: /home/nutanix/config/witness_config_proto.dat
--witness_config_zknode
Zookeeper node containing the witness config once it is created.
Default: /appliance/witness_config
--xen_details_znode
Location in Zookeeper where we keep the Xen details, like credentials, etc when adding
new xen nodes to cluster.
Default: /appliance/logical/genesis/xen_details
--xi_cluster_ssh_key
Xi Cluster SSH key used to login using the cluster vipcreated by DCM
Default: /home/nutanix/xi_ssh_key_dir/nutanix
--xi_ssh_key_dir
Location of ssh keys specific to the cluster created by DCM
Default: /home/nutanix/xi_ssh_key_dir
--zeus_config_update_retry_count
Number of retries while trying to update Zeus configuration proto.
Default: 20
--zk_commit_timeout
Max timeout until which genesis attemps to commit to zookeeper.
Default: 60
--zk_pc_cmsp_failback_spec_path
Zk path for backup and restore aware utils during failback
Default: /appliance/logical/cmsp/failback_spec
--zk_pc_cmsp_failover_spec_path
Zk path for backup and restore aware utils during failover
Default: /appliance/logical/cmsp/failover_spec
--zookeeper_ca_certs_zkdir
Path to the zookeeper directory node where CA certificates are stored.
Default: /appliance/logical/certs/CA_certs
--zookeeper_certs_zkdir

AOS | Controller VM Commands | 272

Path to the zookeeper directory node where Svm certificates are stored.
Default: /appliance/logical/certs
--zookeeper_host_port_list
Host port pair list for zookeeper.
Default: zk1:9876,zk2:9876,zk3:9876
--zookeeper_migration_zknode
Path to the zookeeper migration status zknode.
Default: /appliance/logical/zookeeper_migration
--zookeeper_server_config_file
zookeeper server config file.
Default: /home/nutanix/data/zookeeper_monitor/zk_server_config_file

cluster.client.container.docker.utils
--default_multipath_config_path
Location of default multipath config.
Default: /usr/share/doc/device-mapper-multipath-0.4.9/multipath.conf
--default_volume_plugin_name
Name of default docker nutanix volume plugin
Default: pc/nvp
--default_volume_plugin_type
Default docker volume plugin type
Default: default
--docker_migration_marker
Marker file to ensure resiliency of docker home migration
Default: /home/nutanix/.docker_migration_marker
--docker_systemd_service
Name of the systemd docker service
Default: docker
--docker_volume_plugin_binary_path
Path to volume plugin install script
Default: /home/nutanix/bin/create_plugin_from_tar.sh
--docker_volume_plugin_image_path
Path to docker volume plugin image
Default: /home/nutanix/docker_plugin/pc-dvp.tar.gz
--old_docker_directory
Buffer fold to keep docker home data till its migrated
Default: /home/docker/docker-latest.old
--volume_plugin_install_timeout_secs
Timeout in secs for volume plugin installation
Default: 60

AOS | Controller VM Commands | 273

--volume_plugin_version_znode
Path to docker volume plugin image
Default: /appliance/logical/genesis/volume_plugin

cluster.client.esx_upgrade_helper
--esx_enter_maintenance_mode_timeout_secs
Timeout in seconds for ESX enter maintenance mode operation to complete
Default: 0
--esx_temp_dir
Directory where temporary esx related file saved. Like deprecated vib list json created and
copy to the host.
Default: /home/nutanix/tmp/
--esx_uvm_migration_sliding_window_timeout_secs
Duration in seconds for atleast one UVM to migrate during ESX enter maintenance mode
operation, before timing out
Default: 1200
--esx_vib_extraction_dir
Directory where ESXi vibs are extracted on CVM before copying to host.
Default: /home/nutanix/tmp/.esx_upgrade
--foundation_esx_vib_path
Path in foundation package where ESX VIBs are stored.
Default: /home/nutanix/foundation/lib/driver/esx/vibs
--poweroff_uvms
Power off UVMs during hypervisor upgrade if Vmotion is not enabled or Vcenter is not
configured for cluster.
Default: false
--undefined_esx_bios_uuid
Hex value of undefined bios uuid of ESX hypervisor.
Default: 00000000-0000-0000-0000-000000000000
--update_foundation_vibs
Update VIBS which are present in foundation during ESX hypervisor upgrade.
Default: true

cluster.client.firewall.consts
--cluster_function_temp_file
Path to temporary file which has the cluster function
Default: /home/nutanix/tmp/cluster_function
--consider_salt_framework
Whether to consider salt framework or not
Default: true
--copy_command_timeout_secs
Timeout in seconds for cp command.

AOS | Controller VM Commands | 274

Default: 10
--cvm_ips_ipset_name
Name of the Nutanix cluster ipset to be used in iptables rules containing only CVM IP
addresses
Default: ntnx-cvm-ips
--dynamic_service_firewall_support
Whether to open ports dynamically in firewall only for running services or not
Default: true
--execute_concurrent_salt_call
Indicate if salt call should be executed concurrently.
Default: true
--firewall_rules_znode
Location in Zookeeper where cluster-wide firewall rules are kept.
Default: /appliance/logical/genesis/firewall_rules
--handle_cerebro_firewall_rules
Boolean to decide if Genesis handles Cerebro firewall rules
Default: false
--host_ips_ipset_name
Name of the Nutanix cluster ipset to be used in iptables rules containing only hypervisor IP
addresses
Default: ntnx-host-ips
--ip_set_based_firewall_support
Whether to use ipset based firewall rules or subnet based for nutanix services
Default: true
--iptables_command_timeout_secs
Timeout in seconds for any iptables command.
Default: 10
--iptables_salt_blacklist_path
Path to salt config for iptables state.
Default: /srv/pillar/blacklist.sls
--iptables_salt_config_path
Path to salt config for iptables state.
Default: /srv/pillar/iptables.sls
--iptables_temp
Path to temporary iptables file
Default: /home/nutanix/tmp/iptables.temp
--jumpbox_vm_deployments
Comma separated list of deployments where Jumpbox rules are applied
Default: 512
--nat_table_salt_config

AOS | Controller VM Commands | 275

Path to pillar file for nat table rules.
Default: /srv/pillar/nattable.sls
--node_ips_ipset_name
Name of the Nutanix cluster ipset to be used in iptables rules containing both CVM and
hypervisor IP addresses
Default: ntnx-node-ips
--prism_client_key
Client key value for prism
Default: prism.nfs_whitelists
--rejectlist_salt_config
Path to pillar file for reject rules.
Default: /srv/pillar/rejectlist.sls
--relax_ip_set_based_firewall_for_ports
List of ports for which ipset based firewall restriction is to be relaxed and legacy subnet
based rules are also to be added along with ipset
Default: 2030,2036,2073,2090,8740
--salt_call_command_path
Path to the salt-call command.
Default: /usr/bin/salt-call
--salt_call_command_timeout_secs
Timeout in seconds for the salt-call command.
Default: 90
--salt_jinja_template
Path to salt ipv4 jinja template.
Default: /srv/salt/security/CVM/iptables/iptables4.jinja
--salt_pc_jinja_template
Path to salt ipv4 jinja template on PC.
Default: /srv/salt/security/PC/iptables/iptables4.jinja
--salt_states_templates_dir
Path to dir holding the salt templates.
Default: /home/nutanix/config/salt_templates
--unsupported_firewall_deployments
Comma separated list of deployments where firewall will FATAL out
Default: 128,64,8
--valid_firewall_deployments
Comma separated list of deployments where firewall uses salt
Default: 1,16,2,4,256,512,32,4096

cluster.client.flow_upgrade_helper
--flow_installation_path
Location where FLOW is installed on a CVM.

AOS | Controller VM Commands | 276

Default: /home/nutanix/flow/
--flow_installation_root
Root location where FLOW is installed on a CVM.
Default: /home/nutanix/
--flow_installer_path
Location for uncompressing nutanix FLOW binaries.
Default: /home/nutanix/flow/installer/
--flow_retry_interval
Interval after which the thread will retry.
Default: 10
--flow_tmp_path
Location for uncompressing nutanix FLOW binaries.
Default: /home/nutanix/software_downloads/flow_tmp/
--flow_ui_install_path
Location where Flow UI bits should be installed
Default: /home/apache/www/console/
--flow_ui_path
Location where Flow UI bits are located
Default: /home/nutanix/flow/ui/flowUINg/console/
--flow_venv_installation_path
Location where FLOW venv is installed on a CVM.
Default: /home/nutanix/.venvs/flow/
--flow_version_path
Location for flow_version installed on a CVM.
Default: /home/nutanix/flow/flow_version.txt
--flow_version_znode
Zookeeper node where we keep the current release version of FLOW.
Default: /appliance/logical/genesis/flow_version

cluster.client.genesis.breakfix.host_bootdisk_utils
--host_boot_timeout
The maximum amount of time for which the state machine waits for host to be up.
Default: 36000

cluster.client.genesis.cluster_manager_helper
--agave_dir
Identify if agave is running on cluster.
Default: /home/nutanix/agave
--cloud_start_dynamic_ring_changer

AOS | Controller VM Commands | 277

Whether to start Dynamic ring changer for cloud nodes.Dynamic Ring changer is required
to run for some time to add new metadata disk. This may be required in customer
escalations if existing metadata disk becomes full.
Default: false
--cluster_state_znode
Location in Zookeeper where we keep whether a node start or stop.
Default: /appliance/logical/genesis/cluster_state
--cluster_upgrade_method
Location in Zookeeper where we keep upgrade method.
Default: /appliance/logical/genesis/cluster_upgrade_method
--cluster_versions_znode
Location in Zookeeper where we keep the desired software versions map.
Default: /appliance/logical/genesis/cluster_versions
--cvm_reboot_wait
Timeout for waiting for cvm reboot.
Default: 100
--force_disable_blackbox
File to disable blackbox mode completely.
Default: /home/nutanix/.force_disable_blackbox
--node_shutdown_token_state_znode
Location in Zookeeper where we keep state of which node has currently requested to go
down for maintenance.
Default: /appliance/logical/genesis/node_shutdown_token
--node_status_rpc_timeout_secs
Timeout in seconds, for waiting for node_status RPC to complete.
Default: 120
--node_upgrade_status
Location in Zookeeper where we store upgrade status of nodes.
Default: /appliance/logical/genesis/node_upgrade_status
--pc_dr_recovery_genesis_znode
Recovery zk node for services to be created right at the beginning by genesis itself
Default: /appliance/logical/prism/pcdr/recover
--pc_dr_recovery_progress_znode
Zookeeper node of the Pc Recovery Progress
Default: /appliance/logical/prism/pcdr/startup
--pc_release_version_znode
Zookeeper node where we keep the current pc release version of the cluster.
Default: /appliance/logical/genesis/pc_release_version
--planned_outage_monitor_interval
Interval at which planned outage watcher thread checksif some remote node needs to be
started

AOS | Controller VM Commands | 278

Default: 600
--planned_outage_monitor_znode
Location in Zookeeper to trigger remote monitoring of CVMs
Default: /appliance/logical/genesis/planned_outage_monitor
--prism_user_repository_znode
Zookeeper node of the Prism user repository
Default: /appliance/physical/userrepository
--rdma_config_timeout
Timeout for waiting for RDMA configuration to complete.
Default: 300
--release_tag_znode
Zookeeper node where we keep the current release tag of the cluster.
Default: /appliance/logical/genesis/release_tag
--release_version_znode
Zookeeper node where we keep the current release version of the cluster.
Default: /appliance/logical/genesis/release_version
--shutdown_token_timeout
Timeout for waiting for shutdown token.
Default: 60
--uncompress_path
Location for uncompressing nutanix binaries.
Default: /home/nutanix/software_uncompressed/nos/
--uncompress_path_pc
Location for uncompressing nutanix binaries.
Default: /home/nutanix/upgrade/software_uncompressed/pc/

cluster.client.genesis.compute_only.client
--compute_only_reachability_check_timeout_secs
Timeout in seconds, to wait before giving up on connecting to Compute Only node for the
first time
Default: 5
--configured_marker_file
Path to the marker file containing cluster id if node is part of a cluster
Default: /root/configured

AOS | Controller VM Commands | 279

Default: /bootbank/Nutanix/factory_config.json
--factory_config_json_path_on_host
Path to factory_config.json on the CO host
Default: /root/factory_config.json
--hardware_config_json_path_on_esx_host
Path to hardware_config.json on the ESX CO host
Default: /bootbank/Nutanix/hardware_config.json
--hardware_config_json_path_on_host
Path to hardware_config.json on the CO host
Default: /root/hardware_config.json

cluster.client.genesis.convert_cluster.thread_utils
--parallel_vms_conversions_cnt
Maximum VMs getting converted simultaneously through threads. The value should be an
integer > 0, else the default value will be taken.
Default: 20
--parallel_vms_conversions_safe_cnt
Maximum VMs getting converted simultaneously through threads in safe mode. The value
should be an integer > 0, else the default value will be taken.
Default: 20

cluster.client.genesis.convert_cluster.utils
--cluster_conversion_preserve_mac
Preserve MAC addresses of VM NICs in conversion
Default: true
--convert_cluster_blacklisted_vms
List of VM UUIDs which won't be converted during cluster conversion
Default: /appliance/logical/genesis/convert_cluster/blacklisted_vms
--convert_cluster_disable_marker
Marker file to disable hypervisor conversion on node.
Default: /home/nutanix/.convert_cluster_disable
--convert_cluster_node_ids
List of node ids which will be converted to target hypervisor
Default: /appliance/logical/genesis/convert_cluster/converting_node_ids
--converting_vms_info
Path to zk node where the reg info of all VMs undergoing conversion are stored
Default: /appliance/logical/genesis/convert_cluster/converting_vms
--default_vcenter_port
Default port to register with vCenter.
Default: 443
--esx_svm_uuids
List of ESXi CVM uuids getting stored

AOS | Controller VM Commands | 280

Default: /appliance/logical/genesis/convert_cluster/esx_svm_uuids
--fail_vm_uuids_conversion
Comma separated list of VM UUIDs which will fail vm conversion
--fail_vm_uuids_power_off
Comma separated list of VM UUIDs which will fail vm power off operation during
conversion
--fail_vm_uuids_power_on
Comma separated list of VM UUIDs which will fail vm power on operation during
conversion
--ignore_networks_with_no_vms
If a network has no vms attached then that networkwill not be retained post ESXi to AHV
conversion.This flag has no effect on AHV to ESXi conversion
Default: false
--ignore_reverse_conversion_checks
Ignore checks performed in reverse conversion eg. presence of ESXi cluster name in
vCenter and existence of metadata zknode, etc.
Default: false

cluster.client.genesis.convert_cluster.vm_migration
--disable_vm_migration
Disable VM migration for the node. This is used for error injection and testing.
Default: false
--vm_uuids_after_convert_vm_info_set_abort
List of vms which need to be terminated prematurely, aftercreating ConvertVm task and
setting converting_vm_info. vmuuids are comma separated
--vm_uuids_for_abort
List of vms which need to be terminated prematurely, after creating ConvertVm task,
vmuuids are comma sepatated

cluster.client.genesis.expand_cluster.utils
--nos_packages_file
File containing packages present in the nos software
Default: install/nutanix-packages.json
--num_retries_to_check_for_genesis_availability
Number of retries to verify if the RPCs are reachable
Default: 30

AOS | Controller VM Commands | 281

--service_start_stop_timeout
Max timeout until which genesis attempts to start or stop cluster services.
Default: 1200
--stargate_rpc_retry_count
Retry count to call Stargate RPCs.
Default: 5
--stargate_rpc_retry_delay
Delay between Stargate RPC retries
Default: 30

cluster.client.genesis.networking.esx_dvs_helper
--dvs_op_timeout
DVS switch operation timeout in seconds
Default: 60
--vm_nic_update_timeout_secs
Timeout in seconds for vNIC updation operation on CVM
Default: 60

cluster.client.genesis.networking.network_config_utils
--network_config_zknode
Location where we create child zknode with the name <node-uuid> and store node specific
network configuration.
Default: /appliance/logical/genesis/network_configuration
--network_configuration_zk_connection_timeout_secs
Timeout in seconds for the network_config_utils module.
Default: 10

cluster.client.genesis.node_manager_helper
--auto_discovery_interval_secs
Number of seconds to sleep when local node can't join any discovered cluster.
Default: 5
--cluster_destroy_marker
Path to marker file to indicate that a cluster destroy operation invoked via PC is in
progress.
Default: /home/nutanix/.cluster_destroy
--co_nodes_unconfigure_marker
Path to marker file to indicate that node has to unconfigure CO nodes as part of
unconfiguring itself. The contents of the marker file containsspace seperated IPs of the CO
nodes to unconfigure
Default: /home/nutanix/.co_nodes_unconfigure
--discovery_timeout_secs
Timeout for discovery.
Default: 1

AOS | Controller VM Commands | 282

--download_staging_area
Directory where we will download directories from other SVMs.
Default: /home/nutanix/tmp
--fault_tolerance_initialization_max_retries
The maximum number of retries to commit modified proto to zeus. Retry indefinitely if set
to -1.
Default: 30
--firmware_disable_auto_upgrade_marker
Path to marker file to indicate that automatic firmware upgrade should not be performed on
this node.
Default: /home/nutanix/.firmware_disable_auto_upgrade
--foundation_disable_auto_upgrade_marker
Path to marker file to indicate that automatic foundation upgrade should not be performed
on this node.
Default: /home/nutanix/.foundation_disable_auto_upgrade
--genesis_restart_timeout
Time we wait for the genesis to restart.
Default: 120
--gevent_resolver_reinitialize_on_dns_change
The flag determines if gevent ares dns resolver should be reinitialized on a DNS config
change.
Default: true
--gold_image_version_path
Path to the file that contains the version of the gold image.
Default: /etc/nutanix/svm-version
--hcl_znode_path
Zookeeper node containing the hcl.
Default: /appliance/physical/hcl
--mem_resolution_for_zk_proto_mb
Minimum memory change of CVM to reflect in proto.
Default: 128
--move_time_back
The flag is set to allow time to be moved back by more than time_rollback_tolerance_secs.
Default: false
--nagios_config_path
Path to the nagios configuration file.
Default: /home/nutanix/serviceability/config/nagios3/nutanix_nagios.cfg
--node_disable_auto_upgrade_marker
Path to marker file to indicate that automatic software upgrade should not be performed on
this node.
Default: /home/nutanix/.node_disable_auto_upgrade

AOS | Controller VM Commands | 283

--node_ssh_key_dir
Path for node specific ssh keys on local disk
Default: /home/nutanix/ssh_keys/.blackbox
--node_unconfigure_marker
Path to marker file to indicate that node is ready to be unconfigured.
Default: /home/nutanix/.node_unconfigure
--num_parallel_services_stop
Maximum number of services to stop in parallel.
Default: 32
--pc_download_staging_area
Directory where we will download directories from other PCVMs.
Default: /home/nutanix/upgrade/tmp
--pc_zookeeper_start_timeout_secs
Timeout for waiting on Zookeeper connection on cluster create.
Default: 360
--rpm_genesis_log_file
Path to rpm log file during Genesis self install.
Default: /home/nutanix/data/logs/rpm.genesis.out
--safe_update_or_restart_retry_interval
Retry interval to check whether genesis update or restart can be issued.
Default: 30
--set_node_configured_time_timeout
Timeout for setting the node_configured_time field inzeus config.
Default: 5
--sshd_config_path
Path to sshd config file.
Default: /etc/ssh/sshd_config
--stop_service_zknode
Start services upto but not including the service specified in this zk node.
Default: /appliance/logical/genesis/stop_service
--stop_services_timeout
Maximum time to wait for all services to stop.
Default: 120.0
--svm_internal_ips
Internal IP addresses on eth1. The first one is the primary IP address, and the remaining
are aliases.
Default: 192.168.5.2,192.168.5.254
--svm_internal_netif_netmask
The netmask for the internal IP addresses on eth1.
Default: 255.255.255.128

AOS | Controller VM Commands | 284

--svm_non_ha_internal_netmask
The netmask for the non-data internal IP aliases on eth1.
Default: 255.255.255.0
--svm_upgrade_finish_zknode
Zk path to keep track of the svm_upgrade script on two node clusters.
Default: /appliance/logical/genesis/svm_upgrade_finish
--timezones_dir
Directory where all of the valid timezones exist.
Default: /usr/share/zoneinfo
--vlan_sniffer_log
Path to vlan_sniffer log.
Default: /home/nutanix/data/logs/vlan_sniffer.log
--vlan_sniffer_path
Path to vlan sniffer binary.
Default: /home/nutanix/cluster/lib/el7/vlan_sniffer
--zookeeper_start_timeout_secs
Timeout for waiting on Zookeeper connection on startup.
Default: 120

cluster.client.genesis.ns.consts
--client_for_kVolumes
Client name for kVolumes, used to pass to Firewall
Default: service_segmentation_kVolumes
--disable_wait_time
Time to wait (in seconds), between removing network segmentation configuration in zeus
and removing the interface configuration on cvms
Default: 5
--hyperv_physical_backplane_segmentation_support
Boolean to control whether physical backplane segmentation is supported or not on hyperv
Default: true
--ip_pool_based_backplane_segmentation
Boolean to control whether ip pool based backplane segmentation is suppported
Default: true
--iser_supported_pci_model_ids
PCI model ids of NICs on which iSER will be supported
Default: 15b3:1017,15b3:101d,15b3:101f
--lldpad_service_start_stop_timeout
Timeout for command to start/stop lldpad service on CVM
Default: 15
--max_interfaces_for_service_segmentation

AOS | Controller VM Commands | 285

The maximum number of interfaces which can be created on the CVM for service
segmentation
Default: 3
--mixed_hypervisor_backplane_support
Boolean to control whether backplane network support on mixed hypervisoris allowed or
not
Default: true
--ns_check_ping_wait_time
The time for which arping waits for a response to check duplicate ip
Default: 10
--ns_co_node_support
Boolean to control whether backplane and service segmentation support is present for CO
Nodes
Default: true
--ns_config_cache_path
Path to the ns configuration cache
Default: /home/nutanix/config/ns_configuration_proto.dat
--ns_nsx_support
Boolean to control whether network segmentation is supported or not on NSX VDS setup
Default: true
--ns_state_machine_timeout
The timeout for completion of network segmentation state machine.
Default: 600
--ns_wait_for_master_ephemeral
Ephemeral zknode used in network segmentation enable to ensure pre_reboot phase of
rolling reboot is executed after genesis master
Default: /appliance/logical/genesis/ns/wait_for_master
--ports_for_kVolumes
Comma separated TCP ports needed by kVolumes
Default: 3205,3260
--rdma_manageability_supported_pci_model_ids
PCI model ids of NICs on which RDMA live port selection will be supported
Default: 15b3:1017,15b3:101d,15b3:101f
--rdma_supported_pci_model_ids
PCI model ids of NICs on which RF2 RDMA will be supported
Default: 15b3:1013,15b3:1015,15b3:1017,15b3:101d,15b3:101f
--rdma_ztr_supported_pci_model_ids
PCI model ids of NICs on which RF2 RDMA will be supported
Default: 15b3:1017,15b3:101d,15b3:101f
--reconfigure_iser_retry_delay

AOS | Controller VM Commands | 286

Time in milliseconds to wait before retrying reconfiguring iSER in case of failure at genesis
start
Default: 5000
--reconfigure_rdma_retry_delay
Time in milliseconds to wait before retrying reconfiguring RDMA interface in case of failure
at genesis start
Default: 5000
--retry_count_zk_map_publish
Retry count for publishing new zk mapping.
Default: 3
--revert_ns_config_on_failure
Revert the network segmentation configuration in the case of a failure.
Default: true
--service_segmentation_support_for_dr
Boolean to control whether to enable/disable support for DR service segmentation
Default: true
--zookeeper_ports_for_kVolumes
Comma separated zookeeper TCP ports needed by kVolumes to be opened on CVM IPs
only.
Default: 9876

cluster.client.genesis.ns.dvs_helper
--configure_vnics_on_new_node_timeout_secs
Timeout in seconds to configure vNICS on new node
Default: 120
--cvm_power_on_wait_time_secs
Number of seconds we wait for CVM to startup after we power it on
Default: 10
--cvm_shutdown_timeout_secs
Timeout in seconds for CVM to shutdown during rolling reboot
Default: 600
--vm_nic_create_timeout_secs
Timeout in seconds for vNIC creation operation on CVM
Default: 180

AOS | Controller VM Commands | 287

--cvm_iser_ip
IP address of of the iSER interface on the CVM
Default: 192.168.5.4
--mellanox_tc_wrap
Path to the Mellanox's tc_wrap.py script
Default: /usr/local/nutanix/bin/tc_wrap.py
--rdma_nic_config_file
Path to json containing the mac of the nic to be used for rdma
Default: /etc/nutanix/nic_config.json
--rdma_setup_passthrough_max_retries
Maximum num of retries to wait for passthrough to work
Default: 15
--rdma_setup_passthrough_max_wait_ms
Maximum wait time in ms to wait before retry
Default: 2000

cluster.client.genesis.ns.service_utils
--wait_for_master_timeout_secs
Timeout in seconds for pre_reboot phase to wait for the genesis master to finish its
execution
Default: 600

cluster.client.genesis.pb_client.client
--genesis_service_host
The genesis service host.
Default: 127.0.0.1
--genesis_service_port
The genesis service port.
Default: 2100

cluster.client.genesis.remove_nodes.remove_nodes_utils
--multi_node_removal_enabled
Feature flag for concurrent node remove operation
Default: true

AOS | Controller VM Commands | 288

--common_pool_mem_for_high_mem_nodes_deep_storage_gb
Common pool memory reservation for nodes with cvm memory equal to 36gb
Default: 16
--common_pool_mem_for_high_mem_nodes_gb
Common pool memory reservation for nodes with cvm memory equal to 36gb
Default: 14
--common_pool_mem_for_low_mem_nodes_gb
Common pool memory reservation for nodes with cvm memory less than 20gb
Default: 8
--common_pool_mem_for_very_high_mem_nodes_deep_storage_gb
Common pool memory reservation for nodes with cvm memory greater than or equal to
40gb
Default: 20
--common_pool_mem_for_very_high_mem_nodes_gb
Common pool memory reservation for nodes with cvm memory greater than or equal to
40gb
Default: 17
--deep_nodes_capacity_threshold_tb
Memory threshold of nodes to consider for high common pool mem
Default: 60
--default_common_pool_memory_in_gb
Stargate default common pool memory reservation
Default: 12
--memory_update_history
File containing history of memory update on node
Default: /home/nutanix/config/memory_update.history
--memory_update_resolution
Minumum amount of memory difference for update
Default: 2097152
--rolling_restart_memory_update_reason
Reason set in rolling restart for memory update
Default: cvm_memory_update
--target_memory_zknode
CVM target memory map zk node
Default: /appliance/logical/genesis/target_memory_map

cluster.client.genesis.resource_management.rm_prechecks
--cushion_memory_in_kb
Cushion Memory required in nodes before update
Default: 2097152
--delta_memory_for_nos_upgrades_kb

AOS | Controller VM Commands | 289

Amount of CVM memory to be increased during NOS upgrade
Default: 4194304
--host_memory_threshold_in_kb
Min host memory for memory update , set to 62 Gb
Default: 65011712
--max_cvm_memory_upgrade_kb
Maximum allowed CVM memory for update during upgrade
Default: 31457280

cluster.client.genesis.resource_management.rm_tasks
--cvm_reconfig_component
Component for CVM reconfig
Default: kGenesis
--cvm_reconfig_operation
Component for CVM reconfig
Default: kCvmreconfig

cluster.client.genesis_utils
--apply_el8_workarounds
Set to True if we need to apply workarounds if CVM is running on EL8
Default: true
--genesis_up_retries
Number of retries for node genesis rpcs to be up after reboot
Default: 40
--maintenance_mode_retry_count
Number of times Genesis will attempt to put the host into maintenance mode.
Default: 3
--min_nos_version_for_stargate_huge_page_support
NOS version starting which huge pages are supported for Stargate
Default: 5.19
--orion_config_path
Path to orion config
Default: /appliance/logical/orion/config
--pc_ip_refresh_cache_interval_seconds
Interval for refreshing pc ip cache in seconds.
Default: 900
--setup_certs_retry_count
Number of times Genesis will attempt to setup service authentication certificates on the
cluster.
Default: 3
--svm_default_login

AOS | Controller VM Commands | 290

User name for logging into SVM.
Default: nutanix
--sync_network_configuration
Location in Zookeeper where a workflow can write to run an on demand network collection
Default: /appliance/logical/genesis/network_configuration/sync_network_configuration
--timeout_HA_route_verification
Timeout for setting HA route.
Default: 180
--timeout_zk_operation
Timeout for zk operation like write
Default: 120
--upgrade_fail_marker
Marker to indicate upgrade has failed.
Default: /appliance/logical/genesis/upgrade_failed
--zk_cluster_external_path
Location of zkNode for cluster external state
Default: /appliance/physical/clusterexternalstate
--zk_trust_cluster_external_path
Location of zkNode for trust setup details
Default: /appliance/physical/trustsetup/clusterexternalstate

cluster.client.hades.flags
--hades_alternate_jsonrpc_urls
Alternate URLs for the Hades HTTP server.
Default: /hades/jsonrpc
--hades_import_timeout_secs
Timeout for import Disk Manager using hades_proxy.
Default: 600
--hades_jsonrpc_url
URL of the JSON RPC handler on the Hades HTTP server.
Default: /jsonrpc
--hades_port
Port that Hades listens on.
Default: 2099
--hades_rpc_timeout_secs
Timeout for each Hades RPC.
Default: 30
--lsiutil_location
Location of lsiutil utility.
Default: /home/nutanix/cluster/lib/lsi-sas/lsiutil

AOS | Controller VM Commands | 291

cluster.client.host_upgrade_common
--host_poweroff_uvm_file
File containing list of UVM which are powered off for host upgrade.
Default: /home/nutanix/config/.host_poweroff_vm_list
--upgrade_delay
Seconds to wait before runninguprgade script in Esx Host.
Default: 0

cluster.client.host_upgrade_helper
--host_disable_auto_upgrade_marker
Path to marker file to indicate that automatic host upgrade should not be performed on this
node.
Default: /home/nutanix/.host_disable_auto_upgrade
--hypervisor_upgrade_history_file
File path where hypervisor upgrade history is recorded.
Default: /home/nutanix/config/hypervisor_upgrade.history
--hypervisor_upgrade_info_znode
Location in a zookeeper where we keep the Hypervisor upgrade information.
Default: /appliance/logical/upgrade_info/hypervisor

cluster.client.hyperv_upgrade_helper
--perpetual_container
Container name to test if hypervisors have access to storage.
Default: NutanixManagementShare
--upgrade_helper_rshell_timeout
The default timeout for RemoteShell connection made by HyperVHostObject.
Default: 600

cluster.client.ipv4config
--end_linklocal_ip
End of the range of link local IP4 addresses.
Default: 169.254.254.255
--esx_cmd_timeout_secs
Default timeout for running a remote command on an ESX host.
Default: 120
--hyperv_cmd_timeout_secs
Default timeout for running a remote command on an hyperv host.
Default: 120
--ip_version_preference
Version to give preference when the machine is dual stack
Default: 4
--ipmi_apply_config_retries

AOS | Controller VM Commands | 292

Number of times to try applying an IPMI IPv4 configuration before failing.
Default: 6
--kvm_cmd_timeout_secs
Default timeout for running a remote command on an KVM host.
Default: 120
--kvm_external_network_interface
Default name of the network device for KVM's external network.
Default: br0
--linklocal_netmask
End of the range of link local IP4 addresses.
Default: 255.255.0.0
--start_linklocal_ip
Start of the range of link local IP4 addresses.
Default: 169.254.1.0
--xen_external_network_interface
Default name of the network device for Xen's external network.
Default: xapi1

cluster.client.kvm_upgrade_helper
--ahv_enter_maintenance_mode_check_max_retry_count
Max retry count for checking enter maintenance mode
Default: 20
--ahv_enter_maintenance_mode_retry_max_delay_secs
Max delay time for exponential backoff retries to enter maintenance
Default: 720
--ahv_enter_maintenance_mode_retry_slot_time_secs
Slot time for exponential backoff retries to enter maintenance
Default: 120
--ahv_enter_maintenance_mode_timeout_secs
Seconds to wait before retrying enter maintenance mode operation on failures
Default: 7200
--ahv_remove_unknown_packages_on_upgrade
Remove RPMs not in AHV manifest file on upgrade
Default: false
--kvm_reboot_delay
Seconds to delay before reboot KVM host
Default: 30

cluster.client.lcm.lcm_genesis_utils
--rpc_timeout
Default timeout for RPC.

AOS | Controller VM Commands | 293

Default: 600.0

cluster.client.license_config
--license_config_file
Zookeeper path where license configuration is stored.
Default: /appliance/logical/license/configuration
--license_config_proto_file
License configuration file shipped with NOS.
Default: configuration.cfg
--license_dir
License feature set files directory shipped with NOS.
Default: /home/nutanix/serviceability/license
--license_public_key
License public key string shipped with NOS.
Default: /appliance/logical/license/public_key
--license_public_key_str
License public key string shipped with NOS.
Default: public_key.pub
--zookeeper_license_cbl_path
Zookeeper path where cbl flag information is stored.
Default: /appliance/logical/license/pc_cbl_status
--zookeeper_license_root_path
Zookeeper path where license information is stored.
Default: /appliance/logical/license
--zookeeper_license_trial_root_path
Zookeeper path where license trial information is stored.
Default: /appliance/logical/license/trial

cluster.client.lite_upgrade.core.consts
--cluster_sync_path
Path to cluster_sync command on SVMs.
Default: /home/nutanix/cluster/bin/cluster_sync
--hades_path
Path to hades command on SVMs.
Default: /home/nutanix/cluster/bin/hades
--lite_upgrade_running_zknode
Zk node that tracks if lite upgrade is running.
Default: /appliance/logical/genesis/lite_upgrade/active

cluster.client.lite_upgrade.interfaces.genesis_interface
--genesis_lu_intent_zknode

AOS | Controller VM Commands | 294

Lite upgrade zk node, set with target version.
Default: /appliance/logical/genesis/lite_upgrade/genesis_intent

cluster.client.multihome_utils
--multihome_zkpath
Marker to indicate if any node of cluster is multihome.
Default: /appliance/logical/genesis/multihome

cluster.client.ncc_upgrade_helper
--cluster_health_shutdown_max_retries
Max number of retries to shutdown cluster health.
Default: 5
--cluster_health_shutdown_threshold_ms
Time threshold (ms) between cluster health shutdown retries.
Default: 2000
--ncc_installation_path
Location where NCC is installed on a CVM.
Default: /home/nutanix/ncc
--ncc_num_nodes_to_upload
Number of nodes to upload the NCC installer directory to.
Default: 2
--ncc_uncompress_path
Location for uncompressing nutanix NCC binaries.
Default: /home/nutanix/data/ncc/installer
--ncc_upgrade_info_znode
Location in a zookeeper where we keep the Upgrade node information.
Default: /appliance/logical/upgrade_info/ncc
--ncc_upgrade_params_znode
Zookeeper location to store NCC upgrade parameters.
Default: /appliance/logical/upgrade_info/ncc_upgrade_params
--ncc_upgrade_status
Location in Zookeeper where we store upgrade status of nodes.
Default: /appliance/logical/genesis/ncc_upgrade_status
--ncc_upgrade_timeout_secs
Timeout in seconds for the NCC upgrade module.
Default: 30
--ncc_version_znode
Zookeeper node where we keep the current release version of NCC.
Default: /appliance/logical/genesis/ncc_version

AOS | Controller VM Commands | 295

cluster.client.preupgrade_checks
--arithmos_binary_path
Path to the arithmos binary.
Default: /home/nutanix/bin/arithmos
--check_flow_networking_enablement
Flag to control if Flow Networking enablement is to be checked.
Default: true
--check_pc_cmsp_compatibility
Flag to control if CMSP enablement should be enforced.
Default: true
--cluster_external_state
Cluster external state zk path
Default: /appliance/physical/clusterexternalstate
--connected_cluster_path
Connected cluster zk path
Default: /appliance/physical/zeusconfig
--disable_xi_build_to_build_upgrades
Disable build to build upgrade support for Xi clusters
Default: False
--flow_networking_ga_version
For all PCs before this version, Flow Networking must be disabled before upgrading
beyond it.
Default: 2021.7
--license_config_path
The path to the license configuration.
Default: /appliance/logical/license/configuration
--min_disk_space_for_upgrade
Minimum space (KB) required on /home/nutanix for upgrade to proceed.
Default: 3600000
--min_replication_factor
Minimum replication factor required per container.
Default: 1
--min_space_post_uncompress
Minimum space (KB) required on /home/nutanix on the preupgrade driving node for
upgrade to proceed.
Default: 1500000
--minimum_memory_for_prism_pro_for_tiny_pc_in_gb
Minimum memory needed for prism pro features in case of tiny pc.
Default: 8
--minimum_memory_for_prism_pro_in_gb

AOS | Controller VM Commands | 296

Minimum memory needed for prism pro features.
Default: 16
--mountsfile
Path to the mounts file in proc.
Default: /proc/mounts
--preupgrade_alert_table_threshold
Threshold size of audits table before a PC upgrade.
Default: 300000
--preupgrade_audit_table_threshold
Threshold size of audits table before a PC upgrade.
Default: 300000
--preupgrade_event_table_threshold
Threshold size of events table before a PC upgrade.
Default: 300000
--preupgrade_insights_rpc_timeout_secs
Seconds after which the insights RPC will timeout.
Default: 300
--preupgrade_upgrade_sandbox_install_timeout
Seconds after which the installation of the upgrade sandbox will timeout.
Default: 360
--preupgrade_upgrade_sandbox_path
Path to the upgrade sandbox.
Default: /home/nutanix/upgrade_sandbox
--prism_gateway_port
The port on which prism gateway is running.
Default: 9440
--role_mapping_path
Role mapping zk path
Default: /appliance/logical/prism/rolemapping
--signature_verification_available_version
Release version in which gpg signature validation is supported.
Default: 5.8
--stargate_mount_prefix
Mount point prefix for stargate disks
Default: /home/nutanix/data/stargate-storage/disks/
--svm_rpc_timeout
RPC timeout per SVM in the cluster.
Default: 10

AOS | Controller VM Commands | 297

cluster.client.preupgrade_checks_ncc_helper
--ncc_esx_lockdown_cmd_timeout_secs
Time limit imposed while querying for lockdown status on ESX hosts.
Default: 60
--ncc_temp_location
Location to extract NCC.
Default: /home/nutanix/ncc_preupgrade

cluster.client.salt_helper
--change_salt_state_max_retries
Maximum number of retries for setting a new salt state.
Default: 10
--change_salt_state_retry_delay_sec
Delay in seconds between retries.
Default: 10

cluster.client.service.curator_service
--cluster_fault_tolerance_status
Value that indicates that the service is fault tolerant to allow shutdown of a node at this time
Default: 1
--curator_cgroup_memory_limit_mb
If -1, creation of cgroup with memory limit is disabled for this component. If specified as a
positive number then a cgroup is created for this component with this set as the memory
limit.
Default: 3328.0
--curator_config_json_file
JSON file with curator configuration
Default: curator_config.json
--curator_data_dir_size
Curator data directory size in MB (80 GB).
Default: 81920
--curator_data_dir_symlink
Path to curator data directory symlink.
Default: /home/nutanix/data/curator
--curator_data_disk_subdir
Path to curator subdirectory in data disk.
Default: curator
--curator_oom_score
If -1, OOM is disabled for this component. If in [1, 1000], it is taken as the OOM score to be
applied for this component.
Default: -1
--curator_path

AOS | Controller VM Commands | 298

Path to the curator binary.
Default: /home/nutanix/bin/curator
--curator_rss_mem_limit
Maximum amount of resident memory Curator may use on an Svm with 8GB memory
configuration.
Default: 536870912

cluster.client.service.foundation_service
--foundation_memory_limit_mb
If -1, creation of cgroup with memory limit is disabled for this component. If specified as
positive number then a cgroup is created for this component with this set as the memory
limit.
Default: 160
--foundation_path
Path to the foundation service script.
Default: /home/nutanix/foundation/bin/foundation
--foundation_rss_mem_limit
Maximum amount of resident memory Foundation may use on a CVM with 8GB memory
configuration.
Default: 167772160

cluster.client.service.kafka_gflags
--kafka_disk_size_factor_wrt_data_disk
Kafka disk size = data disk size / <this constant>
Default: 7
--kafka_disks_base_dir
Base directory of kafka data disks. Each disk is mounted with directory name being disk
serial on this base dir. Applicable to host attached disks
Default: /home/nutanix/data/kafka/disks/
--kafka_pc_deployed_disk_scsi_id
When PC is deployed, kafka disk is attached at this scsi id
Default: 4

cluster.client.service.service_utils
--auto_set_cloud_gflags
If true, recommended gflags will be automatically set for cloud instances.
Default: true
--cgroup_limits_version
Version in the cgroup_limits services file
Default: cfs_v1
--cgroup_subsystems
Default subsystems used for cgroup creation.
Default: memory,freezer,net_cls

AOS | Controller VM Commands | 299

--containersvcmon_path
Path to container service monitor binary.
Default: /home/nutanix/bin/containersvcmon
--enable_numa_aware_cpu_affinity
Whether NUMA aware CPU affinity is enabled.
Default: true
--enable_service_monitor
If true, C based service_monitor will re-spawn the service process upon exit, else Python
based self_monitor will be used.
Default: true
--enforce_cgroup_limits_enabled
Whether enforcement of cpu limits is enabled flag.
Default: true
--genesis_gflags_whitelist_enforcement_enabled
Whether enforcement of gflags whitelist to control the dynamically editable gflags is
enabled.
Default: true
--memory_limits_base_size_kb
Total memory size of the standard Svm based on which memory limits are derived.
Default: 8388608
--min_vcpus_for_numa_awareness
Minimum number of VCPUs on the CVM to enable NUMA aware CPU affinity
Default: 20
--path_to_cgclassify_binary
Path to cgclassify binary, which is used to add a process into cgroup.
Default: /bin/cgclassify
--path_to_cgcreate_binary
Path to cgcreate binary, which is used to create a cgroup.
Default: /bin/cgcreate
--path_to_cgset_binary
Path to cgset binary, which is used to set parameter for cgroup.
Default: /bin/cgset
--path_to_chrt_binary
Path to chrt binary, which is used to set realtime priority for a process.
Default: /usr/bin/chrt
--path_to_root_cgroup
Path to root cgroup directory.
Default: /sys/fs/cgroup
--path_to_taskset_binary
Path to taskset binary, which is used to set cpu affinity for a process.

AOS | Controller VM Commands | 300

Default: /bin/taskset
--python39_venv_path
Python3.9 binary present in all the virtual environments to start the respective service
Default: venv/bin/python3.9
--service_cmdlines_dir
Path to the directory where service command lines are stored.
Default: /home/nutanix/data/cmdlines
--service_monitor_disable_utc_timestamps
It True, use the local system time instead of UTC timestamps in the log messages emitted
by the service monitor and service_proxy.
Default: false
--service_monitor_path
Path to the service monitor binary.
Default: /home/nutanix/bin/service_monitor
--service_proxy_path
Path to the service proxy binary.
Default: /home/nutanix/bin/service_proxy
--service_start_as_container
Flag to indicate service can start as containers
Default: true
--service_start_wait_sec
Wait time in sec for genesis service to start.
Default: 5
--service_stop_wait
Wait time for how long we should wait before we start issuing SIGKILL instead of
SIGTERM.
Default: 5
--stargate_pinned_numa_nodes
Comma separated list NUMA Nodes to which stargate service is pinned.
Default: 0

cluster.client.sshkeys_helper
--authorized_keys_file
Path to file containing list of permitted RSA keys
Default: /home/nutanix/.ssh/authorized_keys2
--authorized_keys_file_admin
Path to file containing list of permitted RSA keys for admin.
Default: /home/admin/.ssh/authorized_keys2
--external_keys_file
Path to file containing list of external keys
Default: /home/nutanix/.ssh/external_keys

AOS | Controller VM Commands | 301

--id_rsa_path
Nutanix default SSH key used for logging into SVM.
Default: /home/nutanix/.ssh/id_rsa
--id_rsa_public_pem_path
PEM formatted public key for this node.
Default: /home/nutanix/.ssh/id_rsa.pub.pem
--node_ip_in_authorized_keys
Whether or not to have all the node ips in the from= section of the authorized_keys2 file to
add additional security.
Default: false
--old_authorized_keys_file
Path to file containing list of permitted RSA keys
Default: /home/nutanix/.ssh/authorized_keys
--ssh_client_configuration
Location of ssh client configuration file.
Default: /home/nutanix/.ssh/config
--ssh_config_server_alive_count_max
Max SSH keepalive messages missed before declaring connection dead.
Default: 3
--ssh_config_server_alive_interval
SSH keepalive message interval.
Default: 10
--ssh_fingerprint_file
Location of ssh public key fingerprint file.
Default: /home/nutanix/.ssh/fingerprints
--ssh_path
Location of ssh folder for nutanix.
Default: /home/nutanix/.ssh
--ssh_path_admin
Location of ssh folder for admin.
Default: /home/admin/.ssh

cluster.client.time_manager.time_manager_utils
--is_chrony_enabled
Chronyd is disabled by default
Default: true
--ntpdate_timeout_secs
Timeout to wait for ntp server to return a valid time.
Default: 10

AOS | Controller VM Commands | 302

cluster.client.two_node.helper_utils
--allow_replacement_of_separated_node
If True keep genesis alive when there is only one node in the zeus config proto, even
though peer monitoring cannot be done. This will allow the addition of a second node, after
which the two node cluster manager will reinitialize.
Default: true

cluster.client.two_node.state_transitions
--witness_state_history_size
Maximum length of witness state history to keep in zeus configuration.
Default: 10

cluster.client.upgrade_helper
--arithmos_rpc_timeout
Timeout for arithmos RPCs retries
Default: 180
--cluster_name_update_timeout
Default timeout for updating the cluster name in zeus.
Default: 5
--num_nodes_to_upload
Number of nodes to upload the installer directory to.
Default: 2
--nutanix_packages_json_basename
Base file name of the JSON file that contains the list of packages to expect in the
packages directory.
Default: nutanix-packages.json
--uncompress_buffer_ratio
Space Buffer ratio to uncompress a compressed file.
Default: 0.2
--upgrade_genesis_restart
Location in Zookeeper where we store if genesis restart is required or not.
Default: /appliance/logical/upgrade_info/upgrade_genesis_restart

cluster.client.utils.foundation_rest_client
--foundation_ipv6_interface
Ipv6 interface corresponding to eth0
Default: 2

cluster.client.utils.foundation_utils
--foundation_root_dir
Root directory for foundation in CVM
Default: /home/nutanix

AOS | Controller VM Commands | 303

cluster.client.utils.hypervisor_ha
--ha_service_reforward_fix_enabled
If True, return False if we failed to update the route.
Default: false
--internal_nutanix_portgroup_name
Name of the internal Nutanix portgroup configured on ESX.
Default: vmk-svm-iscsi-pg
--terminate_connection_timeout_secs
Timeout in seconds for the NfsTerminateConnection RPC issued to stargate on a failback.
Default: 15

cluster.client.utils.pmem_utils
--pmem_homogeneity_tolerance_percent
Percentage value of maximum allowed deviation between any 2 PMEM Sizes, when
checking for equality
Default: 5

cluster.client.utils.state_machine
--sm_debug_mode
State Machine runs in debug mode based on a config file
Default: false
--sm_debug_mode_config_file
Location of configuration json for debugging
Default: /home/nutanix/tmp/sm_debug_config.json

cluster.client.utils.volume_utils
--hosting_pe_external_ip
PE VM endpoint.
--pe_zeus_config_path
Zookeeper node path to PE config.
Default: /appliance/physical/zeusconfig

cluster.deployment.deployment
--APP_DEPLOYMENT_TIMEOUT
Timeout in seconds for "Application Deployment" taskto complete. Timeout for App
deployment state machine execution
Default: 12000
--CMSP_DEPLOYMENT_TIMEOUT
Timeout in seconds for CMSP Deployment
Default: 7200
--DEPLOYMENT_TASK_TIMEOUT
Timeout in seconds for the PC deployment task(Prism Central Deployment). Timeout of
PCD genesis part.

AOS | Controller VM Commands | 304

Default: 13000
--GENESIS_BOOT_TIMEOUT
Timeout in seconds for genesis to come up on PC.
Default: 3600
--SHORT_POLL_FREQUENCY
Frequency in seconds at which PE genesis polls PC genesis to check if it has come up or
not.
Default: 5
--TASK_TRACKING_TIMEOUT
Time interval (in seconds) after which __check_pc_deployment thread checks for an
incomplete PC deployment task and mark it failed if its stuck
Default: 300
--VM_CREATE_POLL_TIMEOUT
poll timeout for VmCreate uhura rpc
Default: 240
--VM_POWER_ON_POLL_TIMEOUT
poll timeout for VmPowerOn uhura rpc
Default: 600
--enable_cmsp_over_ssh
Enable cmsp over ssh
Default: false
--min_total_multi_vdisk_size_mb
The minimum total size of data disk in PC that qualifies for multi VDisks
Default: 2560000
--multi_vdisk
Set this to True to enable attaching multi VDisk for data disk size larger than 2.5 TB.
Default: false
--multi_vdisk_pc_start_scsi_id
The first scsi id of extra data disk to be added for PC deployment
Default: 5
--num_cmsp_disks
Total Number of CMSP disks
Default: 1
--number_of_vdisk
Number of VDisk to be added for PC deployment
Default: 4
--prepare_pc_disks_script
Path to the script that partitions PC data disks
Default: /usr/local/nutanix/cluster/bin/prepare_pc_disks
--single_vdisk_pc_scsi_id

AOS | Controller VM Commands | 305

The scsi id for single data disk to be added for PC deployment
Default: 3
--upgrade_disk_feat_fresh_deploy
Switch on this flag if separate disk for PC upgrades feat is to be enabled
Default: true

cluster.deployment.deployment_utils
--cmsp_api_timeout
Timeout in seconds for CMSP apis.
Default: 300
--cmsp_esx_gen_retry_count
Retry count for generating esx spec during cmsp spec generation.
Default: 30
--default_password_reset_timeout
Timeout in seconds for the executing the password reset script on the PC VM.
Default: 480

cluster.disk_flags
--add_upgrade_disk_max_retries
Maximum number of retries to add upgrade diskValue of 0 indicates unlimited retries.
Default: 5
--add_upgrade_disk_retry_time_in_secs
Retry delay for adding pcvm upgrade disk.
Default: 5
--clean_disk_log_path
Path to the logs from the clean_disks script.
Default: /home/nutanix/data/logs/clean_disks.log
--clean_disk_script_path
Path to the clean_disks script.
Default: /home/nutanix/cluster/bin/clean_disks
--disk_partition_margin
Limit for the number of bytes we will allow to be unpartitioned on a disk.
Default: 2147483648
--disk_size_threshold_percent
Percentage of available disk space to be allocated to stargate
Default: 95
--disk_size_threshold_size
Size of the available disk space not to be allocated to stargate
Default: 107374182400
--enable_all_ssds_for_oplog
DEPRECATED: Use all ssds attached to this node for oplog storage.

AOS | Controller VM Commands | 306

Default: true
--enable_fio_realtime_scheduling
Use realtime scheduling policy for fusion io driver.
Default: false
--fio_realtime_priority
Priority for fusion io driver, when realtime scheduling policy is being used.
Default: 10
--format_fusion_percent
The percentage of total capacity of fusion-io drives that should be formatted as usable
Default: 60
--max_ssds_for_oplog
Maximum number of ssds used for oplog per node. If value is -1, use all ssds available. If
only_select_nvme_disks_for_oplog gflag is true and NVMe disks are present, only NVMe
disks are used for selecting oplog disks.
Default: 12
--metadata_maxsize_GB
Maximum size of metadata in GB
Default: 30
--only_select_low_latency_disks_for_oplog
If true and low latency disks are present, only use these disks for selecting oplog disks.
Default: false
--only_select_nvme_disks_for_oplog
If true and NVMe disks are present, only use NVMe disks for selecting oplog disks.
Default: true
--path_to_setscheduler_binary
Path to setscheduler binary, which is used to set realtime priority for fusion io driver.
Default: /home/nutanix/bin/setscheduler
--skip_metadata_link_setup
Skip creation of metadata links (Use rootfs for storing metadata
Default: false
--skip_scsi_bus_rescan
Skip rescanning scsi bus while running disk prep
Default: false
--striped_models_csv
A comma-separated list of disk models that should be striped together to form a single
logical device.
Default: SSD_910_200GB

cluster.genesis.breakfix.host_bootdisk_breakfix
--breakfix_npe_enabled
Flag to enable ungraceful hostboodisk breakfix usingNPE

AOS | Controller VM Commands | 307

Default: false
--timeout_for_repaired_node_to_join_healthy_genesis_list
Waiting period for repaired node to join healthy genesis list
Default: 1800

cluster.genesis.breakfix.host_bootdisk_graceful
--clone_bootdisk_default_timeout
The default timeout for completion of cloning of bootdisk.
Default: 28800
--restore_bootdisk_default_timeout
The default timeout for completion of restore of bootdisk.
Default: 14400
--wait_for_phoenix_boot_timeout
The maximum amount of time for which the state machine waits after cloning for the node,
to be booted in phoenix environment.
Default: 36000

cluster.genesis.breakfix.ssd_breakfix
--ssd_repair_copy_svmrescue_timeout
Timeout for copying svmrescue.iso from CVM to host
Default: 900

cluster.genesis.breakfix.ssd_breakfix_esx_helper
--svm_regex
Regular expression used to find the SVM vmx name.
Default: ServiceVM

cluster.genesis.cluster_manager
--retry_app_deployment_leadership_voulnteer
seconds to wait before retrying leadership voulnteer.
Default: 10

cluster.genesis.convert_cluster.cluster_conversion
--disable_hypervisor_version_check
This check is for ensuring that all the esx nodes are of same hypervisor version
Default: false
--relax_cluster_ahv_version_check
Relax cluster's AHV version check which makes sure all nodes(including storage-only
nodes) will have same AHV version after conversion. With the flag we allow a maximum of
2 count of AHV versions in the cluster.
Default: false

cluster.genesis.expand_cluster.expand_cluster
--average_latency

AOS | Controller VM Commands | 308

Average latency threshold
Default: 2
--expand_ssh_retry_timeout
Time till which the retries by the ssh_client will be performed.
Default: 300
--network_bandwidth_checks_enabled
Enable / Disable for network bandwidth checks
Default: true
--node_up_retries
Number of retries for node genesis rpcs to be up after reboot
Default: 40
--packet_loss
Packet loss %
Default: 0
--pending_restart_retry_interval
Interval after which the node should retry volunteering for cluster expansion
Default: 300
--volunteer_check_retry_interval
Interval after which the node should retry volunteering for cluster expansion
Default: 60

cluster.genesis.expand_cluster.pre_expand_cluster_checks
--cassandra_metadata_failure_check_threshold
Threshold for the cassandra metadata failure check.
Default: 3
--esx_co_expansion_enabled
True if adding an esx co node is enabled
Default: true
--is_nus_cluster
When True, pre check proceeds to add an all flash node with low endurance drives to all
flash NUS cluster.
Default: false

cluster.genesis.hibernate_resume.hibernate_cluster
--hibernate_cluster_timeout
Hibernate cluster statemachine timeout.
Default: 8640000

cluster.genesis.hibernate_resume.pre_hibernate_checks
--arithmos_rpc_retry_count
Retry count to call Arithmos RPCs.
Default: 10

AOS | Controller VM Commands | 309

--arithmos_rpc_retry_delay
Retry delay to call Arithmos RPCs.
Default: 10
--hibernate_cerebro_idle_retry_count
Max retries to check for Cerebro's idle state before proceeding with hibernate.
Default: 12
--hibernate_resume_cvm_down_timeout
Max timeout for trying no_cvm_down test for hibernate and resume.
Default: 600

cluster.genesis.hibernate_resume.resume_cluster
--resume_cluster_timeout
Resume cluster statemachine timeout.
Default: 8640000

cluster.genesis.network_configuration_keeper.network_configuration_keeper
--network_collector_interval
Interval at which network collector thread collects network related data.
Default: 1800

cluster.genesis.service_management.service_mgmt_utils
--core_services_managed
This Flag will be used to force service mgmt to enable/disable core services.
Default: false

cluster.hades.cloud_helper_util
--enable_bucket_access_check
If True, we check the bucket access.
Default: true

cluster.hades.disk_diagnostics
--disk_health_monitor_interval_secs
Time interval in seconds for monitoring disk health.
Default: 900
--disk_health_monitor_mark_disks_bad
Allow disk health monitor to mark disks bad if the health check fails.
Default: false
--disk_health_monitor_smart_checks_count
Number of health checks to run before confirming a disk is bad.
Default: 1
--enable_disk_health_monitor
Enable periodic disk health monitoring.
Default: true

AOS | Controller VM Commands | 310

--enable_resource_monitor_checks
Allow usage of resource monitor. For ex: In disk health monitor.
Default: true
--max_disk_offline_count
Maximum error count for disk after which disk is to removed.
Default: 3
--max_disk_offline_timeout
Maximum time value where disk offline events areignored.
Default: 3600

cluster.hades.disk_error_parser.consts
--disk_error_parse_interval_secs
Periodicity with which kernel logs need to be checkedto detect disk errors.
Default: 300
--enable_disk_error_parser
Enable disk error parser.
Default: true

cluster.hades.disk_led_control
--use_tartarus_led
Use Tartarus for led control
Default: false

cluster.hades.disk_manager
--abort_on_disk_slot_overlap
Abort hades operation when multiple disks are seen with the same slot.
Default: true
--aws_cores_partition
Partition in which core files are stored on AWS.
Default: /dev/xvdb1
--clean_disks_pe_pool_size
How many disks to clean in parallel.
Default: 12
--device_mapper_name
A name of the device mapper that is to be created in case striped devices are discovered.
Default: dm0
--disk_unmount_retry_count
Number of times to retry unmounting the disk.
Default: 60
--experimental_delay_disk_add_udev_event_max_secs
Maximum time in seconds to delay Hades handling of disk add udev events.
Default: 0

AOS | Controller VM Commands | 311

--experimental_delay_disk_remove_udev_event_max_secs
Maximum time in seconds to delay Hades handling of disk remove udev events.
Default: 0
--experimental_wait_for_ro_mount_intent_file_secs
If set, wait for ro-mount intent file to show up within the specified time, before trying to fix
the drive's mount state.
Default: 0
--firmware_upgrade_default_wait
Default wait time after issuing firmware upgrade.
Default: 10
--num_software_access_mode_update_tries
The number of times to try updating the software access mode for a given disk.
Default: 5
--populate_motherboard_info
Hades populates motherboard information in config proto. This is cloud substrate
dependent, this flag can be used to skip populating motherboard information and
continuing Hades configuration correctly.
Default: true
--run_wipefs
Clear all filesystem signatures from disk before creating filesystem
Default: true
--sanitize_duplicate_location
When same location is used with multiple logical slot, UI may misbehave. Remove
duplicate from Hades logically.
Default: true
--sas3flash_location
Location of sas3flash utility.
Default: /home/nutanix/cluster/lib/lsi-sas/sas3flash
--sas3flash_target_runtime
Approximate time taken by sas3flash for upgrading HBA
Default: 300
--sas_disk_firmware_upgrade_retry_count
Numter of times to retry SAS disk firmware upgrade.
Default: 60
--sata_disk_firmware_upgrade_retry_count
Default retry count for firmware upgrade.
Default: 12
--sg_write_buffer_path
Location of sg_write_buffer. The version of the current binary used is 1.18 20141107.
Default: /usr/local/nutanix/cluster/lib/sg3utils/bin/sg_write_buffer
--skip_commit_partial_disk_list

AOS | Controller VM Commands | 312

Skip committing partial disks discovered to Hades Proto.
Default: false
--skip_disk_remove_reboot
Skip reboot for bad or removed disk.
Default: false
--skip_disk_remove_reboot_marker
Skip reboot marker for bad or removed disk.
Default: /home/nutanix/.skip_disk_remove_reboot_marker
--slot_to_disk_location
Use slot_to_disk_location from Disk class.
Default: true
--stargate_directory
Directory where stargate disks should be mounted.
Default: /home/nutanix/data/stargate-storage
--unmount_default_wait_sec
Default wait time for unmount during disk remove.
Default: 5
--unmount_timeout
Default wait time for unmounting to succeed.
Default: 120

cluster.hades.raid_utils
--min_raid_sync_speed
Minimum raid sync speed
Default: 50000

cluster.hades.resource_monitor.lsof_monitor
--lsof_monitor_timeout_secs
Timeout in secs to check LsofMonitor resource.
Default: 10

cluster.hades.utils.async_rpc_util
--async_max_workers
Default max workers for concurrent tasks.
Default: 1
--hades_task_name
Name of component to be registered with ergon service.
Default: kHades

cluster.hades.utils.trim_util
--force_disable_trim_adapter_pci_ids
Comma separated list of PCI IDs to forcefully disable trim on. Like '1000:1001,1000:1002'

AOS | Controller VM Commands | 313

--force_disable_trim_disk_models
Comma separated list of disk models to forcefully disable trim on. The setting in hcl.json is
ignored for these disk models.
--force_enable_trim_adapter_pci_ids
Comma separated list of PCI IDs to forcefully enable trim on. Like '1000:1001,1000:1002'
--force_enable_trim_disk_models
Comma separated list of disk models to forcefully enable trim on. The setting in hcl.json is
ignored for these disk models.
--trim_min_discard_bytes
Minimum value of 'discard_max_bytes' reported by a device in order to enable trim on that
device. This is currently only applicable to non-xtrim managed disks.
Default: 134217728
--trim_min_discard_bytes_threshold_pct
How close discard_max_bytes can be to gflag 'trim_min_discard_bytes' for us to consider
a device as trimmable.
Default: 5
--trim_skip_discard_max_bytes_check
If True, skips the check of disk discard_max_bytes with the threshold to decide the disk
eligibility for trim.
Default: false

cluster.hyperv_upgrade
--vmms_setting_info
Location where the vmms settings are stored
Default: /appliance/logical/genesis/vmms_setting_info

cluster.rsyslog_helper
--ahv_rsyslog_queue_memory_size
Size of rsyslog remote logging action queue in bytes.
Default: 104857600
--audit_log_dir
Default path for prism audit log files.
Default: /home/nutanix/data/prism
--lock_dir
Default path for nutanix lock files.
Default: /home/nutanix/data/locks/
--log_dir
Default path for nutanix log files.
Default: /home/nutanix/data/logs
--module_level
Level of syslog used for sending module logs
Default: local0
--read_timeout_in_sec

AOS | Controller VM Commands | 314

Time in seconds after which the logs will be forced to syslog server, if no new message is
seen.
Default: 10
--rsyslog_conf_dir
Default directory to store rsyslog related configs.
Default: /etc/rsyslog.d
--rsyslog_conf_file
Default Configuration file for Rsyslog service.
Default: /etc/rsyslog.d/rsyslog-nutanix.conf
--rsyslog_configure_queue
Boolean indicating whether to configure action queue for rsyslog.
Default: true
--rsyslog_queue_memory_size
Size of rsyslog remote logging action queue in bytes.
Default: 104857600
--rsyslog_rule_header
Nutanix specified rsyslog rules are appended only below this marker.
Default: # Nutanix remote server rules
--rsyslog_rule_header_end
Nutanix specified rsyslog rules are added above this marker.
Default: # Nutanix remote server rules end
--rsyslog_work_dir
Default path for syslog state files. This stores thestate of rsyslog across restarts. We Will
create this folder if path is in /home/log
Default: /home/log/rsyslog
--syslog_module
Dummy module name to denote non nutanix default syslog.
Default: syslog_module
--take_ssh_path_for_rsyslog_config
Boolean indicating whether to take ssh path for sending rsyslog config to ahv.
Default: false

cluster.secure_s2s_tcp.secure_s2s_tcp
--apache_uid_owner
User-identifier for apache user.
Default: 48
--experimental_secure_port_list
List of ports for which to enabled secure tcp communication. This is an experimental gflag
and should ideally have the same value on all nodes of a cluster.
--nutanix_uid_owner
User-identifier for Nutanix user.

AOS | Controller VM Commands | 315

Default: 1000
--secure_s2s_zkpath
zkpath to secure_s2s_tcp zknode
Default: /appliance/logical/genesis/secure_s2s_tcp
--secure_tcp_egress_port
Port for TCP Egress Listener.
Default: 9351
--secure_tcp_ingress_port
Port for TCP Ingress Listener.
Default: 9350

cluster.secure_s2s_tcp.secure_s2s_tcp_utils
--secure_tcp_conn_mark
Connection mark to be used by the Mangle table rulesto allow us to preserve source IP.
Default: 53630
--secure_tcp_lookup_table_num
Table number in the IP routing rules that uses theabove defined mark.
Default: 53630

cluster.service.acropolis_service
--acropolis_cgroup_memory_limit_mb
If -1, creation of cgroup with memory limit is disabled for this component. If specified as
positive number then a cgroup is created for this component with this set as the memory
limit in megabytes.
Default: 3540
--acropolis_path
Path to the acropolis binary.
Default: /home/nutanix/bin/acropolis
--host_connection_retry_count
Number of retries if host agent connection fails.
Default: 2

cluster.service.cluster_config_service
--cluster_config_memory_limit_mb
If -1, creation of cgroup with memory limit is disabled for this component. If specified as
positive number then a cgroup is created for this component with this set as the memory
limit.
Default: 320
--cluster_config_path
Path to the Cluster Config Python binary.
Default: /home/nutanix/bin/cluster_config
--cluster_config_server_rss_mem_limit

AOS | Controller VM Commands | 316

Maximum amount of resident memory Cluster Config may use on an Svm with 8GB
memory configuration.
Default: 268435456
--cluster_config_use_backplane_ip
Whether to use the backplane IP for this service.
Default: true
--cluster_config_use_service_proxy
Whether to use the service proxy to run this service.
Default: true
--go_cluster_config
Whether to run go cluster config server or not
Default: false
--go_cluster_config_path
Path to the Cluster Config Go binary.
Default: /home/nutanix/bin/go_cluster_config_server

cluster.service.ha_service
--def_stargate_stable_interval
Default number of seconds a stargate has to be alive to be considered asstable and
healthy.
Default: 30
--enable_co_host_route_entry
Enable host route entry for CO nodes
Default: true
--enable_optimised_ha_resolution
Enable optmisations in some sections of determining HA route for each host.
Default: true
--hyperv_internal_switch_health_timeout
Timeout for how long we should wait before waking up the thread that monitors internal
switch health on HyperV.
Default: 30
--num_worker_threads
The number of worker threads to use for running tasks.
Default: 8
--old_stop_ha_zk_node
When this node is created the old ha should not take any actions on the cluster.
Default: /appliance/logical/genesis/ha_stop
--optimised_route_discovery_secs
Timeout in seconds within which to discover an existing route on the host
Default: 5
--stargate_aggressive_monitoring_secs

AOS | Controller VM Commands | 317

Default number of seconds a stargate is aggressively monitored after it is down.
Default: 3
--stargate_aggressive_monitoring_two_node_multiplier
Multiplier to the --stargate_aggressive_monitoring_secsfor the two node cluster.
Default: 4
--stargate_exit_handler_aggressive_timeout_secs
Aggressive timeout for accessing the Stargate exit handler page during an unplanned
failover.
Default: 3
--stargate_exit_handler_timeout_secs
Default timeout for accessing the Stargate exit handler page.
Default: 10
--stargate_health_watch_timeout
Timeout for how long we should wait before waking up the thread that monitors stargate
health.
Default: 30
--stargate_initialization_secs
Number of seconds to wait for stargate to initialize.
Default: 30
--stop_ha_zk_node
When this node is created ha 2.0 should not take any actions on the cluster.
Default: /appliance/logical/genesis/ha_2_stop
--tcpkill_log
Path to tcpkill binary.
Default: /home/nutanix/data/logs/tcpkill.log
--tcpkill_path
Path to el7 tcpkill binary.
Default: /home/nutanix/cluster/lib/el7/tcpkill

cluster.service.hyperint_service
--hyperint_esx_connect_max_retries
Maximum number of retries for connecting to esx hosts.Value of 0 indicates unlimited
retries.
Default: 0
--hyperint_esx_connect_retry_time_in_secs
Retry delay for connecting to esx hosts.
Default: 10
--hyperint_esx_one_time_password_script
Path to helper script for obtaining one time password on ESX
Default: /home/nutanix/cluster/lib/esx5/get_one_time_password.py
--hyperint_memory_limit_mb

AOS | Controller VM Commands | 318

If -1, creation of cgroup with memory limit is disabled for this component. If specified as
positive number then a cgroup is created for this component with this set as the memory
limit.
Default: 500
--hyperint_monitor_path
Path to the Hyperint monitor binary.
Default: /home/nutanix/bin/hyperint_monitor
--hyperint_rss_mem_limit
Maximum amount of resident memory Hyperint may use on an Svm with 8GB memory
configuration.
Default: 67108864

cluster.service.kafka_service
--kafka_bootstrap_binary
Path to binary which will start kafka on PC in docker container
Default: /usr/local/nutanix/bin/bootstrap_kafka
--kafka_data_volume_mode
Volume mode to provide data volume to kafka. If host attached, vmdisk is attached to PC
VM. Else, docker volume plugin is used to conenct to remote PE cluster iscsi endpoint
Default: host_attached
--kafka_rss_mem_limit
Maximum amount of resident memory Kafka may use on an svm with 8 GB memory
configuration.
Default: 268435456

cluster.service.snmp_service
--snmp_manager_path
Path to the snmp_manager binary.
Default: /home/nutanix/cluster/bin/snmp_manager

cluster.two_node.cluster_manager
--block_transitions_if_cluster_stopped
If true, don't transition to standalone mode if cluster is in stopped state
Default: true
--ensure_set_two_node_leader_conditions
If true, ensure conditions are met before manually setting two node leader
Default: true
--minimum_pass_pings_to_allow_fails
Default minimum number of pings to peer node that must pass before we allow some pings
to fail (controlled by number_of_ping_fails_to_reset_pass_counter flag) and not reset pass
counter.
Default: 10
--minimum_uptime_mins_before_starting_pings
Minimum system uptime before starting pinging the peer node.

AOS | Controller VM Commands | 319

Default: 4
--minutes_of_successful_pings_for_transition
Default number of minutes for successful pings beforeconsidering peer node stable and
moving to kSwitchToTwoNode mode.
Default: 7
--node_health_check_ping_interval_secs
Default time (in seconds) for which health thread sleeps before checking on another node.
Default: 2
--non_leader_get_cluster_op_mode_from_zk_retries
Number of retries a non-leader node will do get cluster operation mode from Zookeeper
after initiating as non-leader from witness.
Default: 3
--number_of_ping_fails_to_reset_pass_counter
Default number of pings to peer node that should failto reset the pass counter.
Default: 4
--retry_count_for_kSwitchToTwoNode
Default number of retries for successful initialization in kSwitchToTwoNode state.
Default: 5
--rpc_retry_timeout_seconds
Default time till when to keep retrying RPCs to peer node before claiming failure.
Default: 600
--seconds_of_successful_pings_during_planned_outage
Default number of seconds to wait before initiating transition for planned outages.
Default: 8
--seconds_to_wait_before_checking_ha_forwarding
Default number of seconds to wait before checking again if host is forwarding storage
traffic.
Default: 30
--seconds_to_wait_before_pinging_upgrading_node
Default number of seconds to wait before pinging a node that separated due to upgrade.
Default: 5
--seconds_to_wait_before_retry_for_kSwitchToTwoNode
Default number of seconds to wait before retrying for successful initializaton in
kSwitchToTwoNode state.
Default: 2
--threshold_number_of_consecutive_failed_pings
Default threshold for number of times a ping to a nodecan fail before it is assumed down.
Default: 4
--transition_to_standalone_due_to_degraded_cassandra_on_peer
If True, allow transitions to kStandAlone if peer cassandra is degraded.
transition_to_standalone_due_to_degraded_service_on_peer also needs to be true to
support this.

AOS | Controller VM Commands | 320

Default: true
--transition_to_standalone_due_to_degraded_service_on_peer
If True, allow transitions to kStandAlone if peer services are degraded. This gflag is only
used to control global support for transition due to any degraded services.
Default: true
--transition_to_standalone_due_to_degraded_stargate_on_peer
If True, allow transitions to kStandAlone if peer stargate is degraded.
transition_to_standalone_due_to_degraded_service_on_peer also needs to be true to
support this.
Default: true
--unit_test_mode
If True, running in unit test mode
Default: false

cluster.two_node.witness_manager
--enable_sync_up_logical_ts_between_cluster_and_witness
If True, will sync up logical timestamp between witness vm and cluster automatically once
out of sync be detected in ping_witness
Default: true
--sync_up_logical_ts_retrieval_delay_msecs
Delay between sync up logical timestamp between witness VM and cluster retrieval
attempts.
Default: 1000
--witness_logical_timestamp_sync_up_retries
Number of retry times for the cluster logical timestamp sync up between witness VM and
cluster
Default: 5
--witness_ping_interval_seconds
Frequency (in seconds) to check the availability of the witness VM.
Default: 60
--witness_refresh_cluster_name
If True, will check whether to update the witness with the current cluster info.
Default: true

cluster.utils.disks_utils
--mkfs_timeout
Timeout in secs for mkfs command
Default: 180

cluster.utils.hyperv_ha_utils
--default_internal_switch_monitor_interval
Default polling period for monitoring internal switch health
Default: 30

AOS | Controller VM Commands | 321

--default_ping_success_percent
Default percentage of success which is used to determine switch health
Default: 100
--default_total_ping_count
Default number of pings sent to determine switch health
Default: 5

cluster.utils.new_node_nos_upgrade
--stand_alone_upgrade_log
Log file for stand-alone upgrade.
Default: /home/nutanix/data/logs/stand_alone_upgrade.out

cluster_config.client.flags
--auto_enable_cmsp
Flag to control if CMSP should be auto enabled.
Default: true
--cassandra_disk_size_mb_large_pc
Large PC Disk size in MB for Cassandra
Default: 2560000
--cassandra_disk_size_mb_small_pc
Small PC Disk size in MB for Cassandra
Default: 512000
--cassandra_disks_base_dir
Base directory for the Cassandra disks mount path
Default: /home/nutanix/data/stargate-storage/disks
--cluser_ssp_config_migrate_workers
Number of cluster ssp config execution threads
Default: 2
--cluster_config_download_recovery_timeout_in_sec
Max seconds since download task creation to resume the task.
Default: 86400
--cluster_config_ha_leadership_timeout_secs
Timeout to wait for leadership to occur.
Default: 30
--cluster_config_ha_quorum_time_secs
Time to sleep for cluser config to form quorum.
Default: 10
--cluster_config_ha_zeus_retry_count
Number of times to retry getting zeus leader/contenders
Default: 6
--cluster_config_image_poll_timeout

AOS | Controller VM Commands | 322

Timeout in seconds for image to be migrated
Default: 300
--cluster_config_list_max_length
The maximum length for list.
Default: 300
--cluster_config_poll_download_task_timeout_in_sec
The default maximum poll download task timeout in seconds.
Default: 120
--cluster_config_poll_prism_central_deployment_task_timeout_in_sec
The default maximum poll deployment task timeout in seconds for prism central
deployment.
Default: 7200
--cluster_config_poll_prism_central_download_task_timeout_in_sec
The default maximum poll download task timeout in seconds for prism centraldeployment.
Default: 7200
--cluster_config_poll_remote_pc_deployment_task_timeout_in_sec
The default maximum poll task timeout in seconds for remote prism central deployment.
Default: 12000
--cluster_config_poll_task_timeout_in_sec
The default maximum poll task timeout in seconds.
Default: 3600
--cluster_config_query_upgrade_task_timeout_in_sec
The default maximum poll download task timeout in seconds.
Default: 3600
--cluster_config_retry_max_delay_ms
Maximum delay in milliseconds.
Default: 2000
--cluster_config_retry_max_retries
Maximum number of retries, or None for infinite retries
Default: 3
--cluster_config_retry_slot_time_ms
Delay slot time in milliseconds.
Default: 500
--cluster_download_workers
Number of cluster download execution threads
Default: 5
--cmsp_auto_enable_gateway_address
Gateway address for use by CMSP auto enablement.
Default: 192.168.5.1
--cmsp_auto_enable_ip_block_end

AOS | Controller VM Commands | 323

End IP for use by CMSP auto enablement.
Default: 192.168.5.64
--cmsp_auto_enable_ip_block_start
Start IP for use by CMSP auto enablement.
Default: 192.168.5.2
--cmsp_auto_enable_pc_domain_name
PC domain name for use by CMSP auto enablement.
Default: prism-central.cluster.local
--cmsp_auto_enable_retry_delay_secs
Retry delay in seconds for auto enabling CMSP.
Default: 300
--cmsp_auto_enable_subnet_mask
Subet mask for use by CMSP auto enablement.
Default: 255.255.255.0
--cmsp_auto_enablement_timeout_secs
Timeout for use by CMSP auto enablement.
Default: 3600
--enable_pc_multivdisk_deployment
Enable multivdisk deploy workflow on PC
Default: true
--enable_pc_multivdisk_deployment_on_large_pc
Enable multivdisk deploy workflow on large PC
Default: true
--enable_pc_multivdisk_deployment_on_small_pc
Enable multivdisk deploy workflow on small PC
Default: false
--general_service_workers
Number of execution threads for general use
Default: 5
--largest_schedule_gap_in_days
The largest number of days that start time can be scheduled ahead in the future.
Default: 30
--least_schedule_gap_in_mins
The Least number of minutes that start time can be scheduled ahead in the future.
Default: 10
--least_time_out_in_hours
The least number of hours that schedule time out could be.
Default: 1
--max_cassandra_data_disks
Maximum number of Cassandra data disks

AOS | Controller VM Commands | 324

Default: 4
--mcc_server_host
Default server host.
Default: 127.0.0.1
--mcc_server_port
Default server port.
Default: 9461
--multicluster_config_actions_workers
Number of multicluster config actions including cancel, pause execution threads
Default: 3
--multicluster_config_workers
Number of multicluster config execution threads
Default: 6
--nucalm_container_name
Name of the container which will be created to install volume plugin for enabling Nucalm.
Default: NutanixManagementShare
--num_create_retries
Number of retries to create the disks
Default: 3
--num_disks_to_create
Number of additional disks to be created
Default: 3
--pc_deploy_workers
Number of prism central deployment execution threads
Default: 3
--resize_vm_task_timeout_secs
Timeout in seconds for resizing all PC VMs.
Default: 300
--storage_container_uuid
Container UUID on which the disk will be created
--update_rc_tokens_watcher_delay_secs
Retry delay in seconds for updating rc tokens on PC when certs updated on PE
Default: 30
--wait_for_pe_pc_sync_secs
Time to wait for the PE-PC data sync
Default: 300
--watch_for_pe_registration
Watch for host PE to be registered to PC, to initiate the disk addition
Default: true

AOS | Controller VM Commands | 325

util.cluster.consts
--ahv_repartition
Flag that allows starting the repartitioning of AHV.
Default: false
--authn_ca_bundle
File name of the CA bundle that should be used for authentication.
Default: ca.pem
--authn_ca_bundle_forward
File name of the CA bundle that can be used for authentication with certificate path in the
forward direction i.e. from the target certificate to the trust anchor.
Default: ca_forward.pem
--authn_certs_root_path
Base location of the certificates used in service authentication.
Default: /home/certs
--authn_ica
Name of the service authn intermediate ca file.
Default: ica.crt
--authn_ica_key
Name of the service authn intermediate ca private key.
Default: ica.key
--authn_ica_registered
Name of the service authn intermediate ca file when the PE is registered to a PC.
Default: ica.crt.registered
--authn_ica_req
Name of the service authn intermediate ca file CSR.
Default: ica.csr
--authn_root_ca
Name of the service authn root ca file.
Default: root.crt
--authn_root_ca_key
Name of the service authn root ca private key.
Default: root.key
--authn_root_ca_registered
Name of the service authn root ca file when the PE is registered to a PC.
Default: root.crt.registered
--authn_trusted_cas
File name of the CA bundle storing additional trusted certificates on the cluster.
Default: trusted_cas.pem
--authn_zk_base_path
Zookeeper base path for authn certificates.

AOS | Controller VM Commands | 326

Default: /appliance/logical/auth/
--authorized_certs_file
Path to file containing list of permitted SSL certs.
Default: /home/nutanix/ssh_keys/AuthorizedCerts.txt
--azure_cert_dir
Directory in which Azure certificates are stored.
Default: /home/cloud/azure
--cloud_credentials_zkpath
Zookeeper node path to the cloud credentials node.
Default: /appliance/logical/cloud_credentials
--default_host_password
Default password for the hypervisor.
Default: nutanix/4u
--default_remote_shell_receive_timeout_secs
The default timeout for idle connections after which the connection is terminated if there is
no activity.
Default: 3600
--default_remote_shell_socket_timeout_secs
Timeout for the socket connecting to NutanixHostAgent.
Default: 300
--default_remote_shell_timeout_secs
The default timeout for completion of a powershell command made by calling the execute
method.
Default: 3600
--dell_ptagent_password
Password for dell ptagent user 'ptuser'
Default: Dellam123
--dell_ptagent_port
Port of dell PTagent REST service
Default: 8086
--dell_ptagent_user_name
User name for dell ptagent
Default: ptuser
--disable_hades_marker_path
Path of the marker to disable Hades.
Default: /home/nutanix/.disable_hades
--disable_ssh_client_multiplexing
Disable SSHClient multiplexing for the service.
Default: false
--disk_location_json_path

AOS | Controller VM Commands | 327

Path to the disk_location.json file.
Default: /etc/nutanix/disk_location.json
--factory_config_json_path
Path to the factory_config.json file.
Default: /etc/nutanix/factory_config.json
--host_ssh_key
Location of ssh key for accessing the CVM's host.
Default: /home/nutanix/ssh_keys/host
--host_ssl_cert
Location of ssl cer for accessing the CVM's Hyperv host.
Default: /home/nutanix/ssh_keys/host.cer
--hyperv_hypervisor_username
The username to use when logging into the local Hyper-V node.
Default: Administrator
--hyperv_ipmicfg_relative_path
Path of the ipmicfg utility in a Hyper-V node relative to the Nutanix directory.
Default: \ipmicfg\IPMICFG-Win.exe
--hyperv_nutanix_path
The path of the Nutanix directory on the Hyper-V host.
Default: ${env:ProgramFiles}\Nutanix
--hypervisor_ahv_nonroot_support
Flag to enable non root user(nutanix) for cvmto AHV ssh command execution.
Default: false
--hypervisor_esxi_smartctl_path
Path to the smartctl binary on ESX.
Default: /smartctl_cmd
--hypervisor_esxi_smartctl_wrapper_path
Path to the smartctl wrapper script on ESX.
Default: /smartctl
--hypervisor_internal_ip
Internal IP address of the hypervisor.
Default: 192.168.5.1
--hypervisor_ipmicfg_menu_path
Path to the ipmicfg Menu.dat on hypervisor.
Default: /Menu.dat
--hypervisor_ipmicfg_path
Path to the ipmicfg binary on hypervisor.
Default: /ipmicfg
--hypervisor_username
The username to use when logging into the local hypervisor.

AOS | Controller VM Commands | 328

Default: root
--ipmi_password
The password to use when logging into the local IPMI device.
Default: ADMIN
--ipmi_username
The username to use when logging into the local IPMI device.
Default: ADMIN
--ledctl_location
Location of ledctl utility.
Default: /usr/sbin/ledctl
--local_esxi_smartctl_path
Local path to the smartctl binary for ESX.
Default: /usr/local/nutanix/bootstrap/lib/smartctl.esx
--local_esxi_smartctl_wrapper_path
Local path to the smartctl wrapper for ESX.
Default: /usr/local/nutanix/bootstrap/lib/smartctl.esx.sh
--local_ipmicfg_menu_path
Path to the ipmicfg Menu.dat on the local host.
Default: /usr/local/nutanix/cluster/lib/esx5/Menu.dat
--local_ipmicfg_path
Path to the ipmicfg binary on the local host.
Default: /usr/local/nutanix/cluster/lib/esx5/IPMICFG-Linux.x86_64
--maintenance_mode_history_file
The path of maintenance mode history file which records the time when CVM entered
maintenance mode.
Default: /home/nutanix/config/maintenance_mode.history
--megacli64_location
Location of MegaCli64 utility.
Default: /usr/local/nutanix/cluster/lib/MegaCli/MegaCli64
--nested_esx_marker_path
Is this nested ESX?
Default: /home/nutanix/.nested_esx_marker
--node_ssh_key
Location of ssh key for accessing remote CVMs and hosts.
Default: /home/nutanix/.ssh/id_rsa
--node_ssl_cert
Location of ssl cer for accessing remote Hyperv hosts.
Default: /home/nutanix/.ssh/id_rsa.cer
--ntnx_priviliged_cmd_path
ntnx_priviliged_cmd's complete path in cvm.

AOS | Controller VM Commands | 329

Default: /usr/local/nutanix/secure/bin/ntnx_privileged_cmd
--nutanix_host_agent_port
The port on which the NutanixHostAgent service listens on the Hyper-V host.
Default: 3071
--nutanix_log_dir
Directory containing logs.
Default: /home/nutanix/data/logs
--prism_monitor_port
Default port used by Prism Monitor.
Default: 2019
--sas3ircu_location
Location of sas3ircu utility.
Default: /home/nutanix/cluster/lib/lsi-sas/sas3ircu
--ssh_client_controlpersist
Specifies the duration for which the master ssh connection would remain open after the
last commandexecution.
Default: 15m
--storcli64_location
Path to storcli utility.
Default: /home/nutanix/cluster/lib/storcli/storcli64
--svm_non_ha_internal_ip
Internal IP address of SVM that is not redirected for HA.
Default: 192.168.5.254
--vcenter_info
zk node of host to vcenter info
Default: /appliance/logical/genesis/vcenter_info
--zeus_config_cache_path
Path to the zeus configuration cache kept in sync by Genesis.
Default: /home/nutanix/config/configuration_proto.dat
--zkmigration_wal_path
Path to the zookeeper migration local WAL.
Default: /home/nutanix/data/zookeeper_monitor/zookeeper_migration.wal
--zkquorum_change_wal_path
Path to the zookeeper quorum change local WAL.
Default: /home/nutanix/data/zookeeper_monitor/quorum_change.wal
--zookeeper_timeout_secs
Zookeeper connection timeout in seconds.
Default: 60

AOS | Controller VM Commands | 330

util.ndb.infrastructure.cluster
--infra_service_vm_config_json_path
Path to the service_vm_config.json file with the svm id.
Default: /home/nutanix/data/stargate-storage/service_vm_config.json

genesis

Usage
Usage: /usr/local/nutanix/cluster/bin/genesis start|stop [all|<service1>
[<service2> ...]]|restart|status

/usr/local/nutanix/cluster/bin/genesis
--force
Flag to indicate if services shouldbe forcefully stopped
Default: true
--foreground
Run Genesis in foreground.
Default: false
--genesis_debug_stack
Flag to indicate whether signal handler need to be registered for debugging greenlet
stacks.
Default: true
--genesis_self_monitoring
Genesis to do self monitoring.
Default: true
--genesis_upgrade
Flag to indicate that genesis restarted because it is upgrading itself.
Default: false
--help
show this help
Default: 0
--helpshort
show usage only for this module
Default: 0
--helpxml
like --help, but generates XML output
Default: false
--version
Print version info and exit
Default: None

AOS | Controller VM Commands | 331

cluster.client.genesis.breakfix.host_bootdisk_utils
--host_boot_timeout
The maximum amount of time for which the state machine waits for host to be up.
Default: 36000

cluster.client.genesis.cluster_manager_helper
--agave_dir
Identify if agave is running on cluster.
Default: /home/nutanix/agave
--cloud_start_dynamic_ring_changer
Whether to start Dynamic ring changer for cloud nodes.Dynamic Ring changer is required
to run for some time to add new metadata disk. This may be required in customer
escalations if existing metadata disk becomes full.
Default: false
--cluster_state_znode
Location in Zookeeper where we keep whether a node start or stop.
Default: /appliance/logical/genesis/cluster_state
--cluster_upgrade_method
Location in Zookeeper where we keep upgrade method.
Default: /appliance/logical/genesis/cluster_upgrade_method
--cluster_versions_znode
Location in Zookeeper where we keep the desired software versions map.
Default: /appliance/logical/genesis/cluster_versions
--cvm_reboot_wait
Timeout for waiting for cvm reboot.
Default: 100
--force_disable_blackbox
File to disable blackbox mode completely.
Default: /home/nutanix/.force_disable_blackbox
--node_shutdown_token_state_znode
Location in Zookeeper where we keep state of which node has currently requested to go
down for maintenance.
Default: /appliance/logical/genesis/node_shutdown_token
--node_status_rpc_timeout_secs
Timeout in seconds, for waiting for node_status RPC to complete.
Default: 120
--node_upgrade_status
Location in Zookeeper where we store upgrade status of nodes.
Default: /appliance/logical/genesis/node_upgrade_status
--pc_dr_recovery_genesis_znode
Recovery zk node for services to be created right at the beginning by genesis itself

AOS | Controller VM Commands | 332

Default: /appliance/logical/prism/pcdr/recover
--pc_dr_recovery_progress_znode
Zookeeper node of the Pc Recovery Progress
Default: /appliance/logical/prism/pcdr/startup
--pc_release_version_znode
Zookeeper node where we keep the current pc release version of the cluster.
Default: /appliance/logical/genesis/pc_release_version
--planned_outage_monitor_interval
Interval at which planned outage watcher thread checksif some remote node needs to be
started
Default: 600
--planned_outage_monitor_znode
Location in Zookeeper to trigger remote monitoring of CVMs
Default: /appliance/logical/genesis/planned_outage_monitor
--prism_user_repository_znode
Zookeeper node of the Prism user repository
Default: /appliance/physical/userrepository
--rdma_config_timeout
Timeout for waiting for RDMA configuration to complete.
Default: 300
--release_tag_znode
Zookeeper node where we keep the current release tag of the cluster.
Default: /appliance/logical/genesis/release_tag
--release_version_znode
Zookeeper node where we keep the current release version of the cluster.
Default: /appliance/logical/genesis/release_version
--shutdown_token_timeout
Timeout for waiting for shutdown token.
Default: 60
--uncompress_path
Location for uncompressing nutanix binaries.
Default: /home/nutanix/software_uncompressed/nos/
--uncompress_path_pc
Location for uncompressing nutanix binaries.
Default: /home/nutanix/upgrade/software_uncompressed/pc/

cluster.client.genesis.compute_only.client
--compute_only_reachability_check_timeout_secs
Timeout in seconds, to wait before giving up on connecting to Compute Only node for the
first time
Default: 5

AOS | Controller VM Commands | 333

--configured_marker_file
Path to the marker file containing cluster id if node is part of a cluster
Default: /root/configured

cluster.client.genesis.compute_only.consts
--configured_marker_file_path_on_esx
Path to the marker file on the ESX CO host containing cluster id if node is part of a cluster
Default: /bootbank/configured
--factory_config_json_path_on_esx_host
Path to factory_config.json on the ESX CO host
Default: /bootbank/Nutanix/factory_config.json
--factory_config_json_path_on_host
Path to factory_config.json on the CO host
Default: /root/factory_config.json
--hardware_config_json_path_on_esx_host
Path to hardware_config.json on the ESX CO host
Default: /bootbank/Nutanix/hardware_config.json
--hardware_config_json_path_on_host
Path to hardware_config.json on the CO host
Default: /root/hardware_config.json

AOS | Controller VM Commands | 334

List of node ids which will be converted to target hypervisor
Default: /appliance/logical/genesis/convert_cluster/converting_node_ids
--converting_vms_info
Path to zk node where the reg info of all VMs undergoing conversion are stored
Default: /appliance/logical/genesis/convert_cluster/converting_vms
--default_vcenter_port
Default port to register with vCenter.
Default: 443
--esx_svm_uuids
List of ESXi CVM uuids getting stored
Default: /appliance/logical/genesis/convert_cluster/esx_svm_uuids
--fail_vm_uuids_conversion
Comma separated list of VM UUIDs which will fail vm conversion
--fail_vm_uuids_power_off
Comma separated list of VM UUIDs which will fail vm power off operation during
conversion
--fail_vm_uuids_power_on
Comma separated list of VM UUIDs which will fail vm power on operation during
conversion
--ignore_networks_with_no_vms
If a network has no vms attached then that networkwill not be retained post ESXi to AHV
conversion.This flag has no effect on AHV to ESXi conversion
Default: false
--ignore_reverse_conversion_checks
Ignore checks performed in reverse conversion eg. presence of ESXi cluster name in
vCenter and existence of metadata zknode, etc.
Default: false

cluster.client.genesis.expand_cluster.utils
--nos_packages_file
File containing packages present in the nos software
Default: install/nutanix-packages.json

AOS | Controller VM Commands | 335

--num_retries_to_check_for_genesis_availability
Number of retries to verify if the RPCs are reachable
Default: 30

cluster.client.genesis.hibernate_resume.hibernate_resume_utils
--hades_rpc_retry_count
Retry count to call Hades RPCs for hibernate and resume
Default: 10
--hades_rpc_retry_delay
Delay between Hades RPC retries
Default: 30
--service_start_stop_timeout
Max timeout until which genesis attempts to start or stop cluster services.
Default: 1200
--stargate_rpc_retry_count
Retry count to call Stargate RPCs.
Default: 5
--stargate_rpc_retry_delay
Delay between Stargate RPC retries
Default: 30

cluster.client.genesis.node_manager_helper
--auto_discovery_interval_secs
Number of seconds to sleep when local node can't join any discovered cluster.
Default: 5

AOS | Controller VM Commands | 336

--cluster_destroy_marker
Path to marker file to indicate that a cluster destroy operation invoked via PC is in
progress.
Default: /home/nutanix/.cluster_destroy
--co_nodes_unconfigure_marker
Path to marker file to indicate that node has to unconfigure CO nodes as part of
unconfiguring itself. The contents of the marker file containsspace seperated IPs of the CO
nodes to unconfigure
Default: /home/nutanix/.co_nodes_unconfigure
--discovery_timeout_secs
Timeout for discovery.
Default: 1
--download_staging_area
Directory where we will download directories from other SVMs.
Default: /home/nutanix/tmp
--fault_tolerance_initialization_max_retries
The maximum number of retries to commit modified proto to zeus. Retry indefinitely if set
to -1.
Default: 30
--firmware_disable_auto_upgrade_marker
Path to marker file to indicate that automatic firmware upgrade should not be performed on
this node.
Default: /home/nutanix/.firmware_disable_auto_upgrade
--foundation_disable_auto_upgrade_marker
Path to marker file to indicate that automatic foundation upgrade should not be performed
on this node.
Default: /home/nutanix/.foundation_disable_auto_upgrade
--genesis_restart_timeout
Time we wait for the genesis to restart.
Default: 120
--gevent_resolver_reinitialize_on_dns_change
The flag determines if gevent ares dns resolver should be reinitialized on a DNS config
change.
Default: true
--gold_image_version_path
Path to the file that contains the version of the gold image.
Default: /etc/nutanix/svm-version
--hcl_znode_path
Zookeeper node containing the hcl.
Default: /appliance/physical/hcl
--mem_resolution_for_zk_proto_mb
Minimum memory change of CVM to reflect in proto.

AOS | Controller VM Commands | 337

Default: 128
--move_time_back
The flag is set to allow time to be moved back by more than time_rollback_tolerance_secs.
Default: false
--nagios_config_path
Path to the nagios configuration file.
Default: /home/nutanix/serviceability/config/nagios3/nutanix_nagios.cfg
--node_disable_auto_upgrade_marker
Path to marker file to indicate that automatic software upgrade should not be performed on
this node.
Default: /home/nutanix/.node_disable_auto_upgrade
--node_ssh_key_dir
Path for node specific ssh keys on local disk
Default: /home/nutanix/ssh_keys/.blackbox
--node_unconfigure_marker
Path to marker file to indicate that node is ready to be unconfigured.
Default: /home/nutanix/.node_unconfigure
--num_parallel_services_stop
Maximum number of services to stop in parallel.
Default: 32
--pc_download_staging_area
Directory where we will download directories from other PCVMs.
Default: /home/nutanix/upgrade/tmp
--pc_zookeeper_start_timeout_secs
Timeout for waiting on Zookeeper connection on cluster create.
Default: 360
--rpm_genesis_log_file
Path to rpm log file during Genesis self install.
Default: /home/nutanix/data/logs/rpm.genesis.out
--safe_update_or_restart_retry_interval
Retry interval to check whether genesis update or restart can be issued.
Default: 30
--set_node_configured_time_timeout
Timeout for setting the node_configured_time field inzeus config.
Default: 5
--sshd_config_path
Path to sshd config file.
Default: /etc/ssh/sshd_config
--stop_service_zknode
Start services upto but not including the service specified in this zk node.

AOS | Controller VM Commands | 338

Default: /appliance/logical/genesis/stop_service
--stop_services_timeout
Maximum time to wait for all services to stop.
Default: 120.0
--svm_internal_ips
Internal IP addresses on eth1. The first one is the primary IP address, and the remaining
are aliases.
Default: 192.168.5.2,192.168.5.254
--svm_internal_netif_netmask
The netmask for the internal IP addresses on eth1.
Default: 255.255.255.128
--svm_non_ha_internal_netmask
The netmask for the non-data internal IP aliases on eth1.
Default: 255.255.255.0
--svm_upgrade_finish_zknode
Zk path to keep track of the svm_upgrade script on two node clusters.
Default: /appliance/logical/genesis/svm_upgrade_finish
--timezones_dir
Directory where all of the valid timezones exist.
Default: /usr/share/zoneinfo
--vlan_sniffer_log
Path to vlan_sniffer log.
Default: /home/nutanix/data/logs/vlan_sniffer.log
--vlan_sniffer_path
Path to vlan sniffer binary.
Default: /home/nutanix/cluster/lib/el7/vlan_sniffer
--zookeeper_start_timeout_secs
Timeout for waiting on Zookeeper connection on startup.
Default: 120

AOS | Controller VM Commands | 339

--ip_pool_based_backplane_segmentation
Boolean to control whether ip pool based backplane segmentation is suppported
Default: true
--iser_supported_pci_model_ids
PCI model ids of NICs on which iSER will be supported
Default: 15b3:1017,15b3:101d,15b3:101f
--lldpad_service_start_stop_timeout
Timeout for command to start/stop lldpad service on CVM
Default: 15
--max_interfaces_for_service_segmentation
The maximum number of interfaces which can be created on the CVM for service
segmentation
Default: 3
--mixed_hypervisor_backplane_support
Boolean to control whether backplane network support on mixed hypervisoris allowed or
not
Default: true
--ns_check_ping_wait_time
The time for which arping waits for a response to check duplicate ip
Default: 10
--ns_co_node_support
Boolean to control whether backplane and service segmentation support is present for CO
Nodes
Default: true
--ns_config_cache_path
Path to the ns configuration cache
Default: /home/nutanix/config/ns_configuration_proto.dat
--ns_nsx_support
Boolean to control whether network segmentation is supported or not on NSX VDS setup
Default: true
--ns_state_machine_timeout
The timeout for completion of network segmentation state machine.
Default: 600
--ns_wait_for_master_ephemeral
Ephemeral zknode used in network segmentation enable to ensure pre_reboot phase of
rolling reboot is executed after genesis master
Default: /appliance/logical/genesis/ns/wait_for_master
--ports_for_kVolumes
Comma separated TCP ports needed by kVolumes
Default: 3205,3260
--rdma_manageability_supported_pci_model_ids

AOS | Controller VM Commands | 340

PCI model ids of NICs on which RDMA live port selection will be supported
Default: 15b3:1017,15b3:101d,15b3:101f
--rdma_supported_pci_model_ids
PCI model ids of NICs on which RF2 RDMA will be supported
Default: 15b3:1013,15b3:1015,15b3:1017,15b3:101d,15b3:101f
--rdma_ztr_supported_pci_model_ids
PCI model ids of NICs on which RF2 RDMA will be supported
Default: 15b3:1017,15b3:101d,15b3:101f
--reconfigure_iser_retry_delay
Time in milliseconds to wait before retrying reconfiguring iSER in case of failure at genesis
start
Default: 5000
--reconfigure_rdma_retry_delay
Time in milliseconds to wait before retrying reconfiguring RDMA interface in case of failure
at genesis start
Default: 5000
--retry_count_zk_map_publish
Retry count for publishing new zk mapping.
Default: 3
--revert_ns_config_on_failure
Revert the network segmentation configuration in the case of a failure.
Default: true
--service_segmentation_support_for_dr
Boolean to control whether to enable/disable support for DR service segmentation
Default: true
--zookeeper_ports_for_kVolumes
Comma separated zookeeper TCP ports needed by kVolumes to be opened on CVM IPs
only.
Default: 9876

AOS | Controller VM Commands | 341

Timeout in seconds for vNIC creation operation on CVM
Default: 180

cluster.client.genesis.ns.rdma_helper
--ahv_iser_ip
IP address of of the iSER interface on the AHV host
Default: 192.168.5.3
--check_rdma_switch_config_script
Script to check RDMA interface and port config
Default: /usr/local/nutanix/cluster/bin/check_rdma_switch_config
--cvm_iser_ip
IP address of of the iSER interface on the CVM
Default: 192.168.5.4
--mellanox_tc_wrap
Path to the Mellanox's tc_wrap.py script
Default: /usr/local/nutanix/bin/tc_wrap.py
--rdma_nic_config_file
Path to json containing the mac of the nic to be used for rdma
Default: /etc/nutanix/nic_config.json
--rdma_setup_passthrough_max_retries
Maximum num of retries to wait for passthrough to work
Default: 15
--rdma_setup_passthrough_max_wait_ms
Maximum wait time in ms to wait before retry
Default: 2000

cluster.client.genesis.ns.service_utils
--wait_for_master_timeout_secs
Timeout in seconds for pre_reboot phase to wait for the genesis master to finish its
execution
Default: 600

cluster.client.genesis.pb_client.client
--genesis_service_host
The genesis service host.
Default: 127.0.0.1
--genesis_service_port
The genesis service port.
Default: 2100

cluster.client.genesis.remove_nodes.remove_nodes_utils
--multi_node_removal_enabled

AOS | Controller VM Commands | 342

Feature flag for concurrent node remove operation
Default: true

cluster.client.genesis.resource_management.rm_helper
--additional_common_pool_memory_in_mb
Amount of additional memory that need to beadded into common memory pool
Default: 0
--common_pool_map
Mapping of node with its common pool memory in kb
Default: /appliance/logical/genesis/common_pool_map
--common_pool_mem_for_high_mem_nodes_deep_storage_gb
Common pool memory reservation for nodes with cvm memory equal to 36gb
Default: 16
--common_pool_mem_for_high_mem_nodes_gb
Common pool memory reservation for nodes with cvm memory equal to 36gb
Default: 14
--common_pool_mem_for_low_mem_nodes_gb
Common pool memory reservation for nodes with cvm memory less than 20gb
Default: 8
--common_pool_mem_for_very_high_mem_nodes_deep_storage_gb
Common pool memory reservation for nodes with cvm memory greater than or equal to
40gb
Default: 20
--common_pool_mem_for_very_high_mem_nodes_gb
Common pool memory reservation for nodes with cvm memory greater than or equal to
40gb
Default: 17
--deep_nodes_capacity_threshold_tb
Memory threshold of nodes to consider for high common pool mem
Default: 60
--default_common_pool_memory_in_gb
Stargate default common pool memory reservation
Default: 12
--memory_update_history
File containing history of memory update on node
Default: /home/nutanix/config/memory_update.history
--memory_update_resolution
Minumum amount of memory difference for update
Default: 2097152
--rolling_restart_memory_update_reason
Reason set in rolling restart for memory update

AOS | Controller VM Commands | 343

Default: cvm_memory_update
--target_memory_zknode
CVM target memory map zk node
Default: /appliance/logical/genesis/target_memory_map

cluster.client.genesis.resource_management.rm_prechecks
--cushion_memory_in_kb
Cushion Memory required in nodes before update
Default: 2097152
--delta_memory_for_nos_upgrades_kb
Amount of CVM memory to be increased during NOS upgrade
Default: 4194304
--host_memory_threshold_in_kb
Min host memory for memory update , set to 62 Gb
Default: 65011712
--max_cvm_memory_upgrade_kb
Maximum allowed CVM memory for update during upgrade
Default: 31457280

cluster.client.genesis.resource_management.rm_tasks
--cvm_reconfig_component
Component for CVM reconfig
Default: kGenesis
--cvm_reconfig_operation
Component for CVM reconfig
Default: kCvmreconfig

AOS | Controller VM Commands | 344

Default: /appliance/logical/orion/config
--pc_ip_refresh_cache_interval_seconds
Interval for refreshing pc ip cache in seconds.
Default: 900
--setup_certs_retry_count
Number of times Genesis will attempt to setup service authentication certificates on the
cluster.
Default: 3
--svm_default_login
User name for logging into SVM.
Default: nutanix
--sync_network_configuration
Location in Zookeeper where a workflow can write to run an on demand network collection
Default: /appliance/logical/genesis/network_configuration/sync_network_configuration
--timeout_HA_route_verification
Timeout for setting HA route.
Default: 180
--timeout_zk_operation
Timeout for zk operation like write
Default: 120
--upgrade_fail_marker
Marker to indicate upgrade has failed.
Default: /appliance/logical/genesis/upgrade_failed
--zk_cluster_external_path
Location of zkNode for cluster external state
Default: /appliance/physical/clusterexternalstate
--zk_trust_cluster_external_path
Location of zkNode for trust setup details
Default: /appliance/physical/trustsetup/clusterexternalstate

cluster.client.lcm.lcm_genesis_utils
--rpc_timeout
Default timeout for RPC.
Default: 600.0

cluster.client.lite_upgrade.interfaces.genesis_interface
--genesis_lu_intent_zknode
Lite upgrade zk node, set with target version.
Default: /appliance/logical/genesis/lite_upgrade/genesis_intent

cluster.genesis.breakfix.host_bootdisk_breakfix
--breakfix_npe_enabled

AOS | Controller VM Commands | 345

Flag to enable ungraceful hostboodisk breakfix usingNPE
Default: false
--timeout_for_repaired_node_to_join_healthy_genesis_list
Waiting period for repaired node to join healthy genesis list
Default: 1800

cluster.genesis.breakfix.ssd_breakfix
--ssd_repair_copy_svmrescue_timeout
Timeout for copying svmrescue.iso from CVM to host
Default: 900

cluster.genesis.breakfix.ssd_breakfix_esx_helper
--svm_regex
Regular expression used to find the SVM vmx name.
Default: ServiceVM

cluster.genesis.cluster_manager
--retry_app_deployment_leadership_voulnteer
seconds to wait before retrying leadership voulnteer.
Default: 10

AOS | Controller VM Commands | 346

cluster.genesis.expand_cluster.expand_cluster
--average_latency
Average latency threshold
Default: 2
--expand_ssh_retry_timeout
Time till which the retries by the ssh_client will be performed.
Default: 300
--network_bandwidth_checks_enabled
Enable / Disable for network bandwidth checks
Default: true
--node_up_retries
Number of retries for node genesis rpcs to be up after reboot
Default: 40
--packet_loss
Packet loss %
Default: 0
--pending_restart_retry_interval
Interval after which the node should retry volunteering for cluster expansion
Default: 300
--volunteer_check_retry_interval
Interval after which the node should retry volunteering for cluster expansion
Default: 60

cluster.genesis.hibernate_resume.hibernate_cluster
--hibernate_cluster_timeout
Hibernate cluster statemachine timeout.
Default: 8640000

cluster.genesis.hibernate_resume.pre_hibernate_checks
--arithmos_rpc_retry_count

AOS | Controller VM Commands | 347

Retry count to call Arithmos RPCs.
Default: 10
--arithmos_rpc_retry_delay
Retry delay to call Arithmos RPCs.
Default: 10
--hibernate_cerebro_idle_retry_count
Max retries to check for Cerebro's idle state before proceeding with hibernate.
Default: 12
--hibernate_resume_cvm_down_timeout
Max timeout for trying no_cvm_down test for hibernate and resume.
Default: 600

cluster.genesis.hibernate_resume.resume_cluster
--resume_cluster_timeout
Resume cluster statemachine timeout.
Default: 8640000

cluster.genesis.network_configuration_keeper.network_configuration_keeper
--network_collector_interval
Interval at which network collector thread collects network related data.
Default: 1800

cluster.genesis.server.server
--genesis_document_root
Document root where static files are served from.
Default: /home/nutanix/cluster/www
--genesis_server_timeout_secs
Timeout for rpc made through http server.
Default: 30

cluster.genesis.service_management.service_mgmt_utils
--core_services_managed
This Flag will be used to force service mgmt to enable/disable core services.
Default: false

ncc

Usage
nutanix@cvm$ /home/nutanix/ncc/bin/ncc [flags]

/home/nutanix/ncc/bin/ncc
--help
show this help

AOS | Controller VM Commands | 348

Default: 0
--helpxml
like --help, but generates XML output
Default: false
--ncc_logging_dir
Directory where script log files are stored.
Default: /home/nutanix/data/logs
--ncc_version
Show script version.
Default: false
--show_version
Show detailed NCC version.
Default: false
--version
Show script version.
Default: false

ncc.lib.analytics.analytics_utils
--esxcmd_timeout_secs
Number of seconds to wait for an Esx command to finish.
Default: 60
--stats_email_attachment_dir
Path to the directory where email attachments must be placed.
Default: /home/nutanix/data/email/attachments
--stats_from_address
From address to use when sending emails.
Default: [email protected]
--stats_to_addresses
Comma separated list of email addresses to whom email must be sent.
Default: [email protected]
--zk_analytics_node_cache_path
Directory where the zookeeper cache is stored.
Default: /home/nutanix/data/analytics

AOS | Controller VM Commands | 349

--zk_cluster_health_node
Zookeeper node containing the serialized protobuf message detailingcurrent cluster health
issues.
Default: /appliance/logical/cluster_health
--zknode_update_interval_sec
Time interval between updates to Zookeeper nodes in case status does notchange.
Default: 120
--zookeeper_session_timeout_secs
Maximum number of seconds to wait for connecting to zookeeper.
Default: 2

ncc.lib.analytics.get_esxtop_stats
--esx_configuration_file
Path of esxtop configuration file defining the parameters to be tracked.
Default: /home/nutanix/data/analytics/esxtop_configuration
--esxtop_csv_file
Path of esxtop configuration file defining the parameters to be tracked.
Default: /home/nutanix/data/analytics/esxtop.csv
--esxtop_csv_gzipped_file
Path of gzipped esxtop configuration file defining the parameters to betracked.
Default: /home/nutanix/data/analytics/esxtop.csv.gz
--esxtop_duration
Duration between each esxtop iteration.
Default: 5
--esxtop_iterations
Number of esxtop iterations.
Default: 1
--high_vcpu_util_threshold
High
Default: 80
--host_cpu_util_threshold
CPU Utilization threshold for detecting high utilization rate.
Default: 75
--host_swapping_threshold
Swapping threshold for VMs.
Default: 0
--low_vcpu_util_threshold
Low
Default: 10
--remote_esx_configuration_file
Path of esxtop configuration file defining the parameters to be tracked.

AOS | Controller VM Commands | 350

Default: /esxtop_configuration
--vm_cpu_ready_threshold
Ready time threshold for VMs.
Default: 10

ncc.lib.flags
--email_asup_external_contact_list
External contact list to send email asups.
Default: [email protected]

ncc.lib.ncc_email_helper
--ignore_frequency_check
If set, NCC frequency check is ignored.
Default: false
--ncc_email_content_in_html
Sends email in HTML format. Otherwise sends email as plain text.
Default: true
--ncc_email_subject
Subject of the email to be sent.
Default: NCC Email Digest
--ncc_send_email
If True, ncc tries to sends an email from Zookeeper leader if configured time constraints
are met.
Default: false
--send_email_force
If set, NCC always sends an email.
Default: false
--send_email_local
If set, NCC sends emails from local node.
Default: false
--zk_ncc_email
Zk node having NCC email configuration.
Default: /appliance/logical/analytics/ncc_email

ncc.lib.service_consts
--known_hosts
known_hosts file to use for validating nsc servers.
Default: /home/nutanix/data/serviceability/known_hosts
--zookeeper_remote_support_root_path
Zookeeper path where remote support information is stored.
Default: /appliance/logical/serviceability
--zookeeper_remote_support_status_file

AOS | Controller VM Commands | 351

Zookeeper path where remote support status is stored.
Default: /appliance/logical/serviceability/remote_support_status
--zookeeper_smtp_tunnel_status_file
Zookeeper path where remote support status is stored.
Default: /appliance/logical/serviceability/smtp_tunnel_status
--zookeeper_support_info_status_file
Zookeeper path where support_info status is stored.
Default: /appliance/logical/serviceability/support_info_status

ncc.ncc_utils.cluster_utils
--connection_timeout_secs
Timeout for a connection to a server
Default: 10
--hcl_file_path
The path of file hcl.json on CVM.
Default: /etc/nutanix/hcl.json
--hyperv_ncc_cmd_timeout_secs
Timeout seconds for some commands run on HyperV
Default: 120
--min_storage_for_high_density_nodes
Min storage in TB for high density nodes.The value should be comma separated list of
<AOS version>:<threshold in terabytes>
Default: 5.11:140
--prism_secure_key_zk_path
Znode containing the PrismSecureKey.
Default: /appliance/logical/prismsecurekey

ncc.util.data_access.insights_data_access
--batch_entity_cnt
Batch cnt of entities read and written to Entity DB
Default: 50
--batch_entity_cnt_long_term
Batch cnt of entities read and written to Entity DBfor long term data
Default: 10
--num_intervals_for_latest_data
The number of interval for latest data from IDF if not given time range.
Default: 12
--overwrite_metric_schema
If set we force overwrite the metric schema for capacity metrics.
Default: true
--resample_hourly_data

AOS | Controller VM Commands | 352

If we want to resample daily data using hourly values.
Default: true
--updated_gap_in_hours
The gap for updating the non-overwritten-historical data in hours.
Default: 0

ncc.util.ncc_logger
--enable_plugin_wise_logging
Enabling this flag will add plugin name to log record during plugin run
Default: true

ncc.util.ncc_utils.arithmos_interface.arithmos_interface_new
--arithmos_update_interval
Time in seconds between updates to arithmos.
Default: 30
--cos_update_interval
Interval measured in arithmos cycles during which check.overall_score is updated.
Default: 2
--score_update_paused
Score updates will be kept in memory until this flag is set to False again. Useful for testing.
Default: false

ncc.util.ncc_utils.arithmos_utils
--cluster_cpu_usage_sampling_interval_sec
Sampling interval for CPU usage for a cluster.
Default: 300
--cluster_memory_usage_sampling_interval_sec
Sampling interval for Memory usage for a cluster.
Default: 300
--cpu_capacity_data_path
The file containing the cpu capacity of a cluster in hz.
Default: /home/nutanix/data/ncc/cpu_capacity.json
--cpu_usage_processed_data_path
The file containing the cpu usage of a cluster in hz.
Default: /home/nutanix/data/ncc/cpu_usage.json
--cpu_usage_raw_data_path
The file containing the cpu usage of a cluster in cycles along with timestamp.
Default: /home/nutanix/data/ncc/cpu_usage_raw.json
--is_compute_only_node_supported
Turn on to support compute only node specific checks.
Default: true

AOS | Controller VM Commands | 353

--memory_capacity_data_path
The file containing the memory capacity of a cluster in bytes.
Default: /home/nutanix/data/ncc/memory_capacity.json
--memory_usage_processed_data_path
The file containing the Memory usage of a cluster in bytes.
Default: /home/nutanix/data/ncc/memory_usage.json
--memory_usage_raw_data_path
The file containing the memory usage of a cluster in bytes along with timestamp.
Default: /home/nutanix/data/ncc/memory_usage_raw.json

ncc.util.ncc_utils.cluster_utils
--cmd_timeout_secs
Timeout seconds for commands run on ESX and CVMs
Default: 60
--copy_timeout_secs
Timeout seconds for file copy operations.
Default: 600
--cvm_timeout_cmd
Timeout for any command executed on cvms via ssh
Default: /usr/bin/timeout -s 9 %d
--cvm_uname
Username used to authenticate with cluster CVMs
Default: nutanix
--dummy_target_for_local_ip
Dummy ip to which socket is connected in order to get local ip address
Default: 1.1.1.1
--ncc_max_rss_mem_mb
Maximum memory used by ncc for heap or data segment.
Default: 256
--ping_cmd_timeout_secs
Timeout secs for ping command to check alive nodes
Default: 10
--zkserver_config_proto_path
Path to the zookeeper server config proto in Zookeeper.
Default: /appliance/logical/zkserver_config

ncc.util.ncc_utils.gflags_definition
--delete_email_config
If True, ncc email configuration is deleted.
Default: false
--set_email_frequency

AOS | Controller VM Commands | 354

Frequency in hours at which NCC should periodically run. E.g Run ncc every 24 hours: <--
set_email_frequency=24>
Default: 0
--show_email_config
If set, display NCC email configuration
Default: false

ncc.util.ncc_utils.globals
--insights_rpc_server_ip
The IP address of Insights RPC server.
Default: 127.0.0.1
--insights_rpc_server_port
The port where the Insights RPC server listens.
Default: 2027

ncc.util.ncc_utils.heart_filter
--ncc_query_unresolved_alerts
Flag to identify if HeartFilter should query for unresolved alerts from IDF
Default: true

ncc.util.ncc_utils.upgrade_utils
--cluster_upgrading_timeout
Timeout for checking whether cluster is upgrading or not
Default: 600

ncc.util.plugins.consts
--HDD_latency_threshold_ms
HDD await threshold (ms/command) to determine Disk issues.
Default: 500
--SSD_latency_threshold_ms
SSD await threshold (ms/command) to determine Disk issues.
Default: 50
--ahv_crash_file_age_policy_days
The age of crash files that are to be alerted.
Default: 7
--ahv_enable_audit_disk_usage_ncc_check
Enable/Disable audit disk usage NCC check for AHV host
Default: false
--ahv_enable_file_integrity_ncc_check
Enable/Disable file integrity NCC check for AHV host
Default: false
--ahv_enable_remote_log_forwarding_ncc_check

AOS | Controller VM Commands | 355

Enable/Disable remote log forwarding NCC check for AHV host
Default: false
--ahv_read_only_fs_check_exclude_list
The list of filesystems that are expected to be read-only.
Default: /sys/fs/cgroup
--anonymize_output
Flag to specify if the output of log collector should be anonymized.
Default: false
--audit_volume_usage_threshold_pct_critical
Critical threshold for high disk usage on /home/log/audit.
Default: 99
--audit_volume_usage_threshold_pct_warning
Warn threshold for high disk usage on /home/log/audit.
Default: 75
--avg_io_latency_threshold_ms
Average I/O Latency threshold (ms) for a VM.
Default: 5000
--cas_failures_threshold
Threshold count for cas failure log warnings.
Default: 5
--cassandra_column_families
Comma separated list of column families to check against size thresholds.
Default: historical_stats
--cassandra_crashes_threshold
Threshold for number of cassandra crashes.
Default: 5
--cassandra_gc_activity_threshold
Threshold for garbage collection related messages.
Default: 5
--cassandra_high_heap_usage_threshold
Threshold for number of heap usage log messages.
Default: 5
--cassandra_init_json_file_path
Path to find cassandra_init.json file.
Default: /home/nutanix/data/cassandra/conf/cassandra_init.json
--cassandra_load_threshold
Threshold for cassandra load-related messages.
Default: 5
--cassandra_min_token_size
Minimum size cassandra token

AOS | Controller VM Commands | 356

Default: 60
--cassandra_progress_timeout_threshold
Threshold for number of cassandra progress timeout log messages.
Default: 5
--cassandra_restarts_threshold
Threshold for cassandra restarts.
Default: 5
--cassandra_retries_threshold
Threshold count for cassandra retry log warnings.
Default: 5
--cassandra_ring_cluster_version
Cluster version of the nodetool_ring_file.
--cassandra_stage_counters_threshold
Threshold for number of missing stage counter messages.
Default: 5
--cassandra_token_precision
Maximum chars in the cassandra token that are expected to be unique.
Default: 8
--cassandra_unavailability_threshold
Threshold count for cassandra unavailability log warnings.
Default: 5
--check_cloud_cvm_services
Comma-separated list of services which are checked on cloud CVM.
Default: cassandra,pithos,hera,stargate,insights_server,ergon,cerebro,chronos,curator,alert_manager,cluster_
--check_max_failure_score
Health score to indicate check failure.
Default: 24
--check_max_info_score
Health score to indicate check info.
Default: 98
--check_max_warning_score
Health score to indicate check warning.
Default: 74
--cluster_zeus_config_base_path
Path where we keep zeus config for each cluster.
Default: /appliance/physical/zeusconfig
--config_file_dir
The base directory contains all plugin configs
Default: /home/nutanix/ncc/plugin_config
--ctr_ec_ideal_delay_threshold

AOS | Controller VM Commands | 357

Current ideal EC delay value setting for better Erasure coding benefits.
Default: 604800
--cvm_avg_mem_util_threshold
CVM memory average usage threshold (%) to determine memory contention.
Default: 90
--cvm_commit_memory_threshold_pct
CVM Memory Commit Threshold(%).
Default: 90
--cvm_enable_file_integrity_ncc_check
Whether to enable aide_check.
Default: false
--cvm_load_average_threshold_critical
CVM Load level.
Default: 100
--cvm_load_factor
CVM Load factor used with number of vCPUs to compute CVM Load threshold.
Default: 3.0
--cvm_mem_min_threshold
Minimum threshold for CVM memory for NOS > 2.6.4
Default: 15728640
--cvm_util_critical_threshold_pct
Critical utilization threshold (%) to determine CVM CPU contention.
Default: 98
--cvm_util_warn_threshold_pct
Warning utilization threshold (%) to determine CVM CPU contention.
Default: 95
--default_hardware_type
Default hardware block type for Svms without the rackable unit id field.
Default: kNX2000
--detect_rogue_plugin
If True, cpu intensive plugins will be detected and marked rogue. If False, cpu intensive
plugins will not be detected but plugins may still be marked rogue for other offences.
Default: true
--disk_abort_rate_threshold
Disk read/write abort threshold. (aborts/sec)
Default: 0
--disk_corruptions_threshold
Threshold count for disk corruption log warnings.
Default: 5
--disk_read_latency_threshold

AOS | Controller VM Commands | 358

Latency threshold (ms/command) to determine storage issues.
Default: 10
--disk_read_write_errors_threshold
Threshold count for disk read/write log warnings.
Default: 5
--disk_usage_threshold_pct_critical
Threshold for disk usage (percentage) from being labeled as critical.
Default: 90
--disk_usage_threshold_pct_warning
Threshold for disk usage (percentage) from being labeled as a warning.
Default: 75
--disk_write_latency_threshold
Latency threshold (ms/command) to determine storage issues.
Default: 10
--display_details_for_num_moves
Displays the effect on the ring by applying the suggested node moves. The default is not to
display any, the value of 0 is to display all until max_number_of_node_moves.
Default: -1
--email_from_address
Default senders email addresses.
Default: [email protected]
--email_human_readable_format
Whether emails are to be sent in text or binary format.
Default: true
--enable_kernel_mitigations_check
Whether to enable kernel mitigations NCC check.
Default: false
--enable_rsyslog_forwarding_check
Whether to enable rsyslog forwarding NCC check.
Default: false
--end_time_secs
End point of time range.
Default: 1715606064
--entity_id
The id of the entity.
--entity_info
This will be a stringified json containing entity related info, eg:{'entity_class':
'entity_class_name', 'entity_model': 'model_name', 'to_version':'2.7', 'from_version':'2.6',
'location_ids': ['list of node_uuids'], 'device_ids':['list of device_ids']}
--entity_type
The type of entity.

AOS | Controller VM Commands | 359

Default: cluster
--error_id_json_path
The file containing the error ids
Default: /home/nutanix/ncc/plugin_config/error_ids.json
--ext4_journal_sequence_threshold
Threshold for high ext4 journal sequence id as it approaches 2^31.
Default: 1879048192
--field
Field of data to be trained. E.g. CPU usage, disk usage.
Default: hypervisor_cpu_usage_ppm
--file_path
Full path of file to copy.
--forced_reschedule_interval_sec
Reschedule interval if the check execution falls in maintenance window.
Default: 300
--future_end_time_secs
End point of a future time range.
Default: 1716210864
--future_start_time_secs
Start Point of a future time range.
Default: 1715606064
--garbage_egroups_size_critical_threshold_pct
Default threshold for reporting size (percentage) occupied by garbage egroups as critical
event.
Default: 25
--garbage_egroups_size_warning_threshold_pct
Default threshold for reporting size (percentage) occupied by garbage egroups as warning
event.
Default: 15
--generate_node_add_order
Generate the order for node adds specified in the operations file, which results in the
minimal token skew.
Default: false
--gx_cpuprofile_frequency
Number of interrupts per second the pprof cpu-profiler uses to sample.
Default: 100
--gx_mysql_db
MySQL database that is used to store the profiles.
Default: profiles
--gx_mysql_host
MySQL server's IP address.

AOS | Controller VM Commands | 360

Default: 10.1.56.13
--gx_mysql_hostname
MySQL server's host name.
Default: gxprof.eng.nutanix.com
--gx_mysql_passwd
MySQL password for the given 'gx_mysql_user'.
Default: password
--gx_mysql_user
MySQL user name that was granted access to 'gx_mysql_db'.
Default: nutanix
--gx_output_file
Output filename without extension where gx write profiling data.
--gx_output_type
Specify whether the output file is in `html` or `text` format.
Default: html
--gx_pprof_file
Specify the pprof file that is to be translated to gxprof format.
--gx_profile_description
A text string of other important notes about the profile.
--gx_profile_detail_json
A dictionary json of additional details about the profile.
--gx_profile_id
Numeric identifier of the profile in the database.
--gx_profile_name
Name of the profile in the database.
Default: no name
--gx_profile_recorder
Name of the person who run the profiler.
Default: unknown
--gx_program
Specify the program that is being run.
--gx_program_build_date
Version timestamp of the program that was being profiled.
Default: Build date is unspecified
--gx_program_build_id
Version number of the program that was being profiled.
Default: Build version is unspecified
--gx_regression_id
Numeric identifier of a regression in the database.
--gx_run_duration

AOS | Controller VM Commands | 361

The duration it takes to complete a run of the program or test. The unit of the duration is
dependent on which program is being run. It could be second, mili-second, micro-second
or others.
Default: 0
--gx_run_status
Current status of the execution being profiled.
Default: Running pprof.
--gx_sample_excluded_symbols
Comma-separated list of symbols to be excluded from profiling data.
Default: __restore_rt,std::_Function_handler::_M_invoke,std::_Bind::__call,std::function::operator
--gx_total_seconds
The pprof sampling duration in seconds.
--gx_verbose
Log the progress for all gx commands to help trouble-shooting.
Default: false
--health_disk_latency_threshold_ms
Latency threshold (ms/command) to determine Disk issues.
Default: 50
--helpshort
show usage only for this module
Default: 0
--high_disk_usage_threshold
Threshold count for disk usage log warnings.
Default: 5
--home_nutanix_usage_threshold_pct_critical
Critical threshold for high disk usage on /home/nutanix as well as other disks that are not in
Arithmos (percentage).
Default: 90
--home_nutanix_usage_threshold_pct_warning
Warn threshold for high disk usage on /home/nutanix as well as other disks that are not in
Arithmos (percentage).
Default: 75
--host_avg_cpu_util_threshold_pct
Host utilization threshold (%) to determine host CPU contention.
Default: 75
--host_balloon_threshold
Balloon threshold to determine host memory bottlenecks.
Default: 0
--host_disk_usage_threshold_pct_critical
Threshold for host disk usage (percentage) being labeled as critical.
Default: 95

AOS | Controller VM Commands | 362

--host_disk_usage_threshold_pct_warning
Threshold for host disk usage (percentage) being labeled as warning.
Default: 90
--host_peak_cpu_util_threshold_pct
Host utilization threshold (%) to determine host CPU contention.
Default: 90
--host_preupgrade_log_path
The log path of hypervisor preupgrade checks.
Default: /home/nutanix/data/logs/host_preupgrade.out
--host_rcv_drop_threshold
Receive packets drop threshold at host to determine network issues.
Default: 0
--host_swap_in_threshold
Swap in threshold (mbytes/sec) to determine host memory bottlenecks.
Default: 0
--host_swap_out_threshold
Swap out threshold (mbytes/sec) to determine host memory bottlenecks.
Default: 0
--host_swap_threshold_mbps
Swap rate threshold (mbytes/sec) to determine host memory bottlenecks.
Default: 0
--host_swap_used_threshold_bytes
Swap used threshold (bytes) to determine host memory bottlenecks.
Default: 0
--host_tx_drop_threshold
Transmitted packets drop threshold at host to determine network issues.
Default: 0
--hwclock_time_difference_days
Number of days of time difference that is allowed between the SVM and the hypervisor
Default: 2
--hyperv_external_switch_rename_enabled
Feature enable / disable flag for External Switch rename support on HyperV.
Default: False
--hyperv_host_external_vswitch_name
Default name of the network switch for Hyper-V's external network.
Default: ExternalSwitch
--hyperv_host_internal_ip_address
IP address of internal interface on the Hyper-V host
Default: 192.168.5.1
--hyperv_user_name

AOS | Controller VM Commands | 363

User name to use to connect to the Hyper-V host
Default: administrator
--hyperv_user_password
Password to use to connect to the Hyper-V host
Default: nutanix/4u
--hypervisor_pre_upgrade_check_enable
The flag to specify if the current ncc run is for hypervisor pre-upgrade
Default: false
--hypervisor_pre_upgrade_check_list_path
The flag to specify the path of all hypervisor pre_upgrade checks
Default: /home/nutanix/ncc/config/hypervisor_pre_upgrade_check_list.json
--hypervisor_sample_period
Hypervisor monitoring sampling interval.
Default: 300
--ignore_negative_slope
Whether ignore the negative slope or not.
Default: true
--ignore_objects_upgrade_precheck
Flag to specify if want to ignore the objects upgrade prechecks.
Default: false
--inode_usage_threshold_pct_critical
Threshold for inode usage (percentage) being labeled as critical.
Default: 90
--inode_usage_threshold_pct_warning
Threshold for inode usage (percentage) being labeled as a warning.
Default: 75
--insights_max_memory_usage_MB
Maximum amount of memory in MB that the insights collector can use.
Default: 256
--intel_ssd_num_bytes_written_critical_limit
Critical markers for number of bytes written into the Intel SSDs.
Default: 7000000000000000.0
--intel_ssd_num_bytes_written_warning_limit
Warning markers for number of bytes written into the Intel SSDs.
Default: 6500000000000000.0
--intel_ssd_warning_marker_position_below_max_celcius
Temperature warning marker position for the Intel 910 SSDs. Since maximum temperature
is retrieved from the device automatically, this value is actually the number of celcuis below
the maximum temperature allowed storagepool
Default: 7

AOS | Controller VM Commands | 364

--inter_cvm_bw_mb_sec_threshold
Minimum bandwidth between CVMs (MB/s).
Default: 800
--ip_list
List of IPs to copy the file to.
--iperf_server_timeout_secs
Timeout (in seconds) for the iperf server per client.
Default: 60
--is_periodic_run
Flag to specify if the current ncc task is async orperiodic. True if the current task is periodic
else False.
Default: false
--list_modules
List all available ncc modules.
Default: false
--local_http_proxy_port
Port of the local service proxy (ikat_proxy).
Default: 0
--log_collection_duration
Time duration for which logs are parsed.
Default: 300
--log_plugin_output
Logs the protobug generated by each plugin execution - used mainly for debugging.
Default: false
--log_types
Log types to include within the compression.
--log_util_ip_list
List of IPs to gather logs from.
--max_cassandra_restart_time_secs
Maximum time for cassandra daemon to be killed and restarted.
Default: 15
--max_health_score
Maximum health score for any plugin.
Default: 100
--max_number_of_node_moves
The number of iterations to find minimum token skew. Default is to use 3 node moves. The
time taken is exponential in the number of node moves and the number of nodes in cluster.
Default: 3
--max_retry_on_not_master
Number of retries when a rpc to cerebro returns kNotMaster
Default: 3

AOS | Controller VM Commands | 365

--max_ring_load_balance_ratio
Maximum ratio between least and greatest loaded node in cassandra ring.
Default: 3
--max_ring_token_balance_ratio
Maximum token skew allowed in cassandra ring.
Default: 2
--minimum_container_rf
Minimum replication factor for containers.
Default: 2
--monitor_log_file_name
file name of the server monitor log.
Default: cluster_health_monitor.log
--ncc_acropolis_proxy_server_port
The Acropolis Proxy (Narsil) server port.
Default: 2036
--ncc_canvas_json_dump_file
File to which canvas json of latest NCC run will be serialized.
--ncc_enable_ahv_vm_serialization
Whether to enable serialization of calls to Acropolis from NCC through Acropolis Proxy
Service.
Default: true
--ncc_enable_intrusive_plugins
If true, run plugins with intrusive impacts also.
Default: false
--ncc_execution_token
Execution token for the task.
--ncc_factory_config_path
Path to factory config file.
Default: /etc/nutanix/factory_config.json
--ncc_global
If true, any local plugins invoked will be run across all nodes in the cluster.
Default: true
--ncc_hardware_config_path
Path to hardware config file.
Default: /etc/nutanix/hardware_config.json
--ncc_init_time
Approx. upper limit of time taken by ncc client binary to initialise.
Default: 60
--ncc_interactive
If true, the plugins will be run in an interactive mode, where the result will be available as
soon as its ready.

AOS | Controller VM Commands | 366

Default: true
--ncc_master_ip
IP of the node from where the command is run.
--ncc_plugin_dir
Directory from where plugin should be loaded.
Default: /home/nutanix/ncc/bin/plugins
--ncc_plugin_output_file
File to which raw output of latest NCC run will be written (use '' to disable).
Default: /home/nutanix/data/logs/ncc-output-latest.log
--ncc_plugin_output_history_file
File to which raw output of all NCC runs will be written.
Default: /home/nutanix/data/logs/ncc-output.log
--ncc_pre_upgrade_init_time
The number of seconds for NCC initialization during pre-upgrade. This will be added to the
total timeout of the plugins.
Default: 180
--ncc_preupgrade_output_log_path
The log path that contains the output of the latest ncc preupgrade run.
Default: /home/nutanix/data/logs/ncc_preupgrade_output_latest.out
--ncc_print_config
Print the plugin config and exit without running.
Default: false
--ncc_show_hidden
If true, display hidden plugins/modules.
Default: false
--ncc_show_tree
If true, display all the plugins in a tree format.
Default: false
--ncc_telemetry_anonymizer_expiry_time
Amount of time after which anonymizer needs to be refreshed to consider new entities.
Default: 3600
--ncc_telemetry_check_scores_flush_frequency
Flushing frequency for check score table.
Default: 900
--ncc_telemetry_check_scores_queue_maxsize
Maximum size of queue which processes and sends check scores to Pulse.
Default: 1000
--ncc_telemetry_counts_flush_frequency
Flushing frequency for stats table.
Default: 28800

AOS | Controller VM Commands | 367

--ncc_telemetry_enabled
Send ncc stats to Pulse. Heartbeat sent by health_rpc_service won't be affected by this
flag.
Default: true
--ncc_via_rpc
Indicates if NCC is running via RPC.
Default: false
--ncli_password
Use a non-default ncli password (will be prompted for password input).
Default: true
--neuron_check_licensing_plugins_list
The flags specifies the path of the plugin list for cbl.
Default: /home/nutanix/neuron/plugin_config/licensing_plugins.json
--neuron_execution_token
Execution token for the task.
--neuron_plugin_dir
Directory from where plugin should be loaded.
Default: /home/nutanix/neuron/bin/plugins
--neuron_plugin_output_file
File to which raw output of latest NCC run will be written (use '' to disable).
Default: /home/nutanix/data/logs/neuron-output-latest.log
--neuron_port
The base server directory
Default: 2800
--nfs_abort_rate_threshold
NFS read/write abort threshold (aborts/sec).
Default: 0
--nfs_command_latency_threshold
Latency threshold (ms/command) to determine storage issues.
Default: 10
--nfs_file_count_threshold
Upper threshold on the number of NFS files and directories per datastore.
Default: 20000
--nic_error_check_period_secs
Period over which to monitor NIC errors (seconds).
Default: 3600
--nic_error_threshold_info
Maximum errors permissible for any NIC.
Default: 5
--nic_error_threshold_warning

AOS | Controller VM Commands | 368

Maximum errors permissible for any NIC before warning is issued.
Default: 100
--nodetool_ring_file
Path to the 'nodetool' ring output file. Default is to use the nodetool command on the
cluster.
--non_shell_vdisk_count_safe_threshold
Safe threshold for max number of regular vdisks in versions > 5.5
Default: 600000
--non_shell_vdisk_count_threshold
Maximum number of non-shell vdisks in cluster.
Default: 200000
--nutanix_model_config_file_dir
The base directory contains all nutanix models
Default: /home/nutanix/ncc/config
--nvm_peak_cpu_util_threshold_pct
Peak utilization threshold (%) to determine FSVM CPU contention.
Default: 90
--nwviz_disable_switch_collector
Disables switch_collector
Default: false
--nwviz_disable_switch_interface_collector
Disables switch_interface_collector
Default: false
--nwviz_ignore_auto_discovery
Disable auto discovery from host NICs using LLDP
Default: true
--operations_file
Path to node operations add/remove/no-op file.
--oplog_episode_count_threshold
Threshold for the number of episodes per vdisk.
Default: 12000
--oplog_episode_count_threshold_pre_4_6
Threshold for the number of episodes for a vdisk in a cluster which has a version lower
than 4.6.
Default: 100
--orphan_snapshot_prefixes
A commas separated list of prefixes of snapshot names for skip reporting orphan
snapshots.
Default: XDSNAP_
--override_existing_plugin_config

AOS | Controller VM Commands | 369

Over-ride the plugin configuration stored in Zookeeper with the default NCC plugin
configuration.
Default: false
--plugin_output_history_file
File to which raw output of all NCC runs will be written.
Default: /home/nutanix/data/logs/ncc-output.log
--plugins_to_run
The flag to specify the plugins that needs to be part of a single run e.g. --
plugins_to_run=host_disk_usage_check,metadata_mounted_check
--pre_upgrade_check_enable
The flag to specify if the current ncc run is for pre-upgrade
Default: false
--pre_upgrade_check_list_path
The flag to specify the path of all pre_upgrade checks
Default: /home/nutanix/ncc/config/pre_upgrade_check_list.json
--pre_upgrade_check_slave_run
The flag to specify if the current ncc run is that of a pre-upgrade slave run
Default: false
--preupgrade_log_path
The log path of all preupgrade checks.
Default: /home/nutanix/data/logs/preupgrade.out
--progress_timeout
Timeout for getting progress updates from plugins by progress monitor.
Default: 2500
--remote_site_ping_warn_threshold_ms
Threshold for ping latency to remote beyond which the remote will be labeled as warning.
Default: 300
--remote_site_socket_timeout_secs
Timeout for creating a socket to Stargate running on the remote site.
Default: 5
--remote_site_sync_critical_threshold_sec
Threshold for remote cluster time (in seconds) being out of sync with source cluster to be
labeled as critical.
Default: 300
--remote_site_sync_warn_threshold_sec
Threshold for remote cluster time (in seconds) being out of sync with source cluster to be
labeled as warning.
Default: 180
--replication_lag_critical_threshold
Maximum number of pending replications beyond which a protection domain will be
labeled as critical.

AOS | Controller VM Commands | 370

Default: 5
--replication_lag_warn_threshold
Maximum number of pending replications beyond which a protection domain will be
labeled as warning.
Default: 2
--root_nutanix_usage_threshold_pct_critical
Critical threshold for high disk usage on /(percentage).
Default: 90
--root_nutanix_usage_threshold_pct_warning
Warn threshold for high disk usage on /(percentage).
Default: 80
--rpc_timeouts_threshold
Threshold count for rpc timeout log warnings.
Default: 5
--run_using_gevent
Run scheduler using gevent
Default: true
--sampling_interval_secs
The length of sampling interval.
Default: 600
--scheduler_type_list
List of scheduler type.
--server_execution_token
Execution token for the task.
--server_global
If true, any local plugins invoked will be run across all nodes in the cluster.
Default: true
--server_global_install
Install server on all nodes.
Default: false
--server_log_file_name
file name of the server log.
Default: health_server.log
--server_logging_dir
Directory where script log files are stored.
Default: /home/nutanix/data/logs
--server_name
name of the server.
Default: ncc
--server_plugin_dir

AOS | Controller VM Commands | 371

Directory from where plugin should be loaded.
Default: /home/nutanix/ncc/bin/plugins
--server_plugin_output_file
File to which raw output of latest NCC run will be written (use '' to disable).
Default: /home/nutanix/data/logs/ncc-output-latest.log
--server_port
The base server directory
Default: 2700
--server_watch_client_name
name of the server.
Default: ClusterHealth
--shell_vdisk_count_threshold
Maximum number of shell vdisks in cluster.
Default: 4000000
--smart_alert_zk_node_path
flag for smart alert zk node to check if enabled
Default: /appliance/logical/analytics/smart_alert_enabled
--smtp_tunnel_port
Local port number for the SMTP tunnel on the zookeeper leader.
Default: 2525
--snapshot_chain_height_threshold
Default snapshot chain height threshold to determine if snapshot chains are not getting
severed.
Default: 35
--snapshot_usage_bytes_stat
Generic stat name to get the space used by snapshots of a protection domain
Default: dr.exclusive_snapshot_usage_bytes
--snapshot_usage_crit_threshold_pct
Default threshold for reporting size (percentage) occupied by snapshots as critical event
Default: 40
--snapshot_usage_warn_threshold_pct
Default threshold for reporting size (percentage) occupied by snapshots as warning event
Default: 30
--sstable_size_thresholds_bytes
Comma separated list of SSTable file size threshold.
Default: 2147483648
--stargate_retries_threshold
Threshold count for stargate retry log warnings.
Default: 5
--stargate_vars

AOS | Controller VM Commands | 372

List of stargate variables to store in arithmos (empty list returns all). Stats will only be
stored if they are supported by the relevant plugin.
--stargate_vars_url
Url where stargate stats can be queried.
Default: http://127.0.0.1:2009/h/vars
--start_time_secs
Start Point of time range.
Default: 0
--stats_collection_interval
Default stats collection gathering interval.
Default: 300
--stats_default_email_addresses
Default target email addresses for sending stats.
Default: [email protected]
--sudo_wrapper_path
Path for sudo wrapper.
Default: /home/nutanix/cluster/bin/sudo_wrapper
--switch_interface_name_map
Switch interface name map
--tmp_volume_usage_threshold_pct_critical
Critical threshold for high disk usage on /tmp
Default: 99
--tmp_volume_usage_threshold_pct_warning
Warn threshold for high disk usage on /tmp
Default: 75
--total_usage_discrepancy_critical_threshold_pct
Default threshold for reporting discrepancy of usage (percentage) between total container
utilization and total transformed usage as critical event. The discrepancy should be at-least
higher than -- total_usage_discrepancy_min_size_gib for the event to be triggered.
Default: 25
--total_usage_discrepancy_min_size_gib
Minimum size required for reporting a discrepancy of usage (gib) between total container
utilization and total transformed usage as any event.
Default: 10
--total_usage_discrepancy_warning_threshold_pct
Default threshold for reporting discrepancy of usage (percentage) between total container
utilization and total transformed usage as warning event. The discrepancy should be at-
least higher than -- total_usage_discrepancy_min_size_gib for the event to be triggered.
Default: 15
--transport_errors_threshold
Threshold count for transport error log warnings.
Default: 5

AOS | Controller VM Commands | 373

--update_plugin_config
Update the plugin configuration stored in Zookeeper with the default NCC plugin
configuration.
Default: true
--use_esxtop
Use esxtop to get stats. Otherwise use Arithmos
Default: false
--var_volume_usage_threshold_pct_critical
Critical threshold for high disk usage on /var
Default: 99
--var_volume_usage_threshold_pct_warning
Warn threshold for high disk usage on /var
Default: 75
--vdisk_count_threshold
Maximum number of vdisks in cluster.
Default: 80000
--vm_avg_cpu_util_threshold
Average utilization threshold (%) to determine VM CPU contention.
Default: 75
--vm_avg_mem_util_threshold_pct
VM memory average usage threshold (%) to determine memory contention.
Default: 80
--vm_balloon_reclaim_threshold_mb
Threshold to determine memory pressurefor a VM.
Default: 0
--vm_balloon_threshold
Balloon threshold to determine memory bottlenecks.
Default: 0
--vm_cpu_util_threshold
Utilization threshold (%) to determine VM CPU contention.
Default: 75
--vm_peak_cpu_util_threshold_pct
Peak utilization threshold (%) to determine VM CPU contention.
Default: 90
--vm_peak_mem_util_threshold
Peak utilization threshold (%) to determine VM memory bottlenecks.
Default: 90
--vm_rcv_drop_threshold
Receive packets drop threshold at a VM to determine network issues.
Default: 4096

AOS | Controller VM Commands | 374

--vm_swap_in_threshold
Swap in threshold (mbytes/sec) to determine memory bottlenecks.
Default: 0
--vm_swap_out_threshold
Swap out threshold (mbytes/sec) to determine memory bottlenecks.
Default: 0
--vm_swap_threshold_mbps
Swap out threshold (mbytes/sec) to determine memory bottlenecks.
Default: 0
--vm_tx_drop_threshold
Transmitted packets drop threshold at a VM to determine network issues.
Default: 0
--vm_vcpu_ready_time_threshold
Vcpu ready time threshold (%) to determine CPU contention.
Default: 10
--zeus_config_file
Path to the zeus config file. Default is to use the zeus config printer on the cluster.
--zeus_configuration_path
Zookeeper path where zeus configuration is stored.
Default: /appliance/physical/configuration
--zk_leader_path
The path to leader of the zk node.
Default: health_scheduler_master

ncc.util.plugins.firstimport
--ncc_base_dir
The base NCC directory
Default: /home/nutanix/ncc
--neuron_base_dir
The base NEURON directory
Default: /home/nutanix/neuron
--server_base_dir
The base server directory
Default: /home/nutanix/ncc
--use_infra_service_monitor
Use infra's service monitor.
Default: true

setup_hyperv.py

AOS | Controller VM Commands | 375

Usage
Usage: setup_hyperv.py [FLAGS] [command]

commands:
register_shares
setup_metro
setup_scvmm
teardown_metro

/usr/local/nutanix/bin/setup_hyperv.py
--configure_library_share
Whether a library share should be configured
Default: None
--default_host_group_path
The default SCVMM host group
Default: All Hosts
--help
Print detailed help
Default: false
--library_share_name
The name of the container that will be registered as a library share in SCVMM
--metro_smb_account_password
Password for the new metro cluster pair fqdn.
--metro_smb_name
This is the name that identifies a unique pair of AOS clusters. This name must be used for
the name of the SMB server when provisioning virtual machines and virtual hard disks on
any metro container stretched between the pair of AOS clusters.
--ncli_password
Password to be used when running ncli
--nutanix_management_share
The storage container for nutanix cluster management
Default: NutanixManagementShare
--password
Domain account password for the host
--scvmm_host_group_path
Host Group to which this cluster should be added
--scvmm_password
SCVMM account password - defaults to <password>
--scvmm_server_name
Name of the server running SCVMM
--scvmm_username
SCVMM account username (with the FQDN) - defaults to <host_fqdn>\<username>
--setup_metro_no_ad

AOS | Controller VM Commands | 376

Skips adding AD and DNS, but verifies it is added before proceeding further. This does not
require the domain username and password and requires manual AD and DNS setup prior
to running the script.
Default: false
--storage_pool_name
The name of the storage pool created if one doesn't already exist
Default: NTNX-SP-DEFAULT
--username
Domain account username (without domain name) which has/will have administrative
rights on the host
--verbose
Print verbose output
Default: false
--zknode
Zookeeper node for Secure Keys
Default: /appliance/logical/prismsecurekey

AOS | Controller VM Commands | 377

COPYRIGHT
Copyright 2024 Nutanix, Inc.
Nutanix, Inc.
1740 Technology Drive, Suite 150
San Jose, CA 95110
All rights reserved. This product is protected by U.S. and international copyright and intellectual property
laws. Nutanix and the Nutanix logo are registered trademarks of Nutanix, Inc. in the United States and/or
other jurisdictions. All other brand and product names mentioned herein are for identification purposes only
and may be trademarks of their respective holders.

AOS | Copyright | 378

TCS Vmware Interview Questions1
100% (1)
TCS Vmware Interview Questions1
19 pages
Command Ref AOS v7 - 0
No ratings yet
Command Ref AOS v7 - 0
381 pages
Unit 3 PLC Networking
No ratings yet
Unit 3 PLC Networking
22 pages
IP PBX Configuration Guide
No ratings yet
IP PBX Configuration Guide
12 pages
Command Ref AOS v510
No ratings yet
Command Ref AOS v510
281 pages
Command Ref AOS v6 5
No ratings yet
Command Ref AOS v6 5
358 pages
Centos VM in VPC To Join AD-20221213
No ratings yet
Centos VM in VPC To Join AD-20221213
17 pages
Configure Onboard Project - 20231005
No ratings yet
Configure Onboard Project - 20231005
16 pages
IoT Complete
No ratings yet
IoT Complete
383 pages
Computer Network Experiment 10
No ratings yet
Computer Network Experiment 10
12 pages
Linux For DevOps
No ratings yet
Linux For DevOps
3 pages
How To Configure Add User To Project
No ratings yet
How To Configure Add User To Project
4 pages
232-006218-00 RevA SonicOS 7.1.3 ReleaseNotes 1
No ratings yet
232-006218-00 RevA SonicOS 7.1.3 ReleaseNotes 1
6 pages
Ug TWG-431BR (V1)
No ratings yet
Ug TWG-431BR (V1)
93 pages
Network Layer - Control Plane
No ratings yet
Network Layer - Control Plane
107 pages
Guia de Acropolis Nutanix
No ratings yet
Guia de Acropolis Nutanix
105 pages
AY 2022 Sem 2 C326 ESE
No ratings yet
AY 2022 Sem 2 C326 ESE
18 pages
DCCN - Course Pack Sample For Lab
No ratings yet
DCCN - Course Pack Sample For Lab
7 pages
High Performence SDWLAN
No ratings yet
High Performence SDWLAN
21 pages
Devops Oracle
No ratings yet
Devops Oracle
7 pages
Grade - 2 Exercises Musicatics International
100% (1)
Grade - 2 Exercises Musicatics International
33 pages
Acli, Ncli Command Ref Aos v510
No ratings yet
Acli, Ncli Command Ref Aos v510
320 pages
Nutanix Cloud Manager Operations Guide
No ratings yet
Nutanix Cloud Manager Operations Guide
22 pages
This Set of Computer Networks Multiple Choice Questions
No ratings yet
This Set of Computer Networks Multiple Choice Questions
31 pages
Nutanix As-Built Doc Tool Guide
No ratings yet
Nutanix As-Built Doc Tool Guide
5 pages
7.linux Commands For DevOps Engineer
No ratings yet
7.linux Commands For DevOps Engineer
3 pages
Nutanix Migration Interview Guide
No ratings yet
Nutanix Migration Interview Guide
1 page
C Major Scale Exercises Kb1
No ratings yet
C Major Scale Exercises Kb1
1 page
Secure AWS EKS With SSL and Monitor Using InfluxDB
No ratings yet
Secure AWS EKS With SSL and Monitor Using InfluxDB
62 pages
CCH With Nutanix Intersight Standalone Installation v2.1
No ratings yet
CCH With Nutanix Intersight Standalone Installation v2.1
135 pages
Command Reference-NOS v4 0
No ratings yet
Command Reference-NOS v4 0
161 pages
Product Matrix: Fortigate Network Security Platform - Top Selling Models Matrix
No ratings yet
Product Matrix: Fortigate Network Security Platform - Top Selling Models Matrix
6 pages
Configuration Mediatrix
No ratings yet
Configuration Mediatrix
7 pages
DRYiCE Software - Bochure
No ratings yet
DRYiCE Software - Bochure
8 pages
Hybrid Cloud Management Solution
No ratings yet
Hybrid Cloud Management Solution
7 pages
Devops Project
No ratings yet
Devops Project
18 pages
Configure PPPoE on TP-LINK Modem
No ratings yet
Configure PPPoE on TP-LINK Modem
8 pages
ACOS CLI Guide for Network Admins
No ratings yet
ACOS CLI Guide for Network Admins
2,609 pages
Implementing DNS
No ratings yet
Implementing DNS
62 pages
Er605 (Un) 2.0 Cli
No ratings yet
Er605 (Un) 2.0 Cli
109 pages
Rssyop En-Us SG M08 Awscli - 2
No ratings yet
Rssyop En-Us SG M08 Awscli - 2
25 pages
DevOps Automation & Cloud Guide
No ratings yet
DevOps Automation & Cloud Guide
10 pages
MusicaMaths Achievers June 2023
No ratings yet
MusicaMaths Achievers June 2023
1 page
Command Ref AOS v5 10
No ratings yet
Command Ref AOS v5 10
322 pages
CLI Commands
No ratings yet
CLI Commands
9 pages
Juniper SRX CLI Commands Guide
No ratings yet
Juniper SRX CLI Commands Guide
1 page
Hybrid Cloud Solutions with Nutanix
No ratings yet
Hybrid Cloud Solutions with Nutanix
44 pages
How To Set Up The AES67 Flows: Quick Start Guide
No ratings yet
How To Set Up The AES67 Flows: Quick Start Guide
4 pages
Avocent Acs 6000 Command Reference Guide PDF
No ratings yet
Avocent Acs 6000 Command Reference Guide PDF
60 pages
NetApp ONTAP9 Use - The - ONTAP - Command - Line - Interface
No ratings yet
NetApp ONTAP9 Use - The - ONTAP - Command - Line - Interface
17 pages
Flowview Plugin For Cacti
100% (2)
Flowview Plugin For Cacti
7 pages
Configuring Etherchannel and Link State Tracking
No ratings yet
Configuring Etherchannel and Link State Tracking
22 pages
ECA 5 - 15 Course Guide VB
No ratings yet
ECA 5 - 15 Course Guide VB
202 pages
CCH With Nutanix Intersight Managed X-Series Field Guide v1.0
No ratings yet
CCH With Nutanix Intersight Managed X-Series Field Guide v1.0
141 pages
Lab # 11: Open Shortest Path First: Link-State Routing
No ratings yet
Lab # 11: Open Shortest Path First: Link-State Routing
9 pages
Data Communication Fundamentals
No ratings yet
Data Communication Fundamentals
1,399 pages
Sjzl20084045-ZXMSG 9000 (V1.0.05) Media Gateway Product Description Manual
100% (1)
Sjzl20084045-ZXMSG 9000 (V1.0.05) Media Gateway Product Description Manual
90 pages
VICIDIAL Setup & Troubleshooting Guide
No ratings yet
VICIDIAL Setup & Troubleshooting Guide
3 pages
Btech Ec 7 Sem Data Communication Networks Eec 702 2014 15
No ratings yet
Btech Ec 7 Sem Data Communication Networks Eec 702 2014 15
2 pages
ECA-5 - 15-Course-Guide A.1 PDF
100% (5)
ECA-5 - 15-Course-Guide A.1 PDF
195 pages
TELES Training Exercises
No ratings yet
TELES Training Exercises
16 pages
Advanced Admin-AOS v4 7
No ratings yet
Advanced Admin-AOS v4 7
63 pages
Nutanix - Command-Ref-AOS-v51
No ratings yet
Nutanix - Command-Ref-AOS-v51
276 pages
Nutanix AOS 6.6 Admin Guide
No ratings yet
Nutanix AOS 6.6 Admin Guide
87 pages
Atos-Nt Rev 5-6-10
100% (1)
Atos-Nt Rev 5-6-10
486 pages
ONTAP 9 Commands Manual Page Reference
No ratings yet
ONTAP 9 Commands Manual Page Reference
2,314 pages
Command Reference-NOS v3 5
No ratings yet
Command Reference-NOS v3 5
73 pages
Ansible Usecases
No ratings yet
Ansible Usecases
7 pages
Marks - 8
No ratings yet
Marks - 8
1 page
Marks - 11
No ratings yet
Marks - 11
1 page
Pan-Os Cli Command PDF
100% (1)
Pan-Os Cli Command PDF
48 pages
AnsibleNetworkAutomation PDF
100% (3)
AnsibleNetworkAutomation PDF
63 pages
Advanced Setup Guide AOS v5 - 19
No ratings yet
Advanced Setup Guide AOS v5 - 19
28 pages
Command Reference-NOS v4 0
No ratings yet
Command Reference-NOS v4 0
167 pages
SysAd 41 - C00 Slides
No ratings yet
SysAd 41 - C00 Slides
146 pages
Manual: LANTIME OS Version 6
No ratings yet
Manual: LANTIME OS Version 6
49 pages
Neptune NPT-: Hybrid Metro Access Transport
No ratings yet
Neptune NPT-: Hybrid Metro Access Transport
2 pages
Cisco ASR-903
100% (2)
Cisco ASR-903
62 pages
ACOS 4.1.4-GR1-P1 Command Line Reference: For A10 Thunder Series 9 April 2019
No ratings yet
ACOS 4.1.4-GR1-P1 Command Line Reference: For A10 Thunder Series 9 April 2019
510 pages
Upgrade Guide AOS v50
No ratings yet
Upgrade Guide AOS v50
17 pages
How To Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd
0% (1)
How To Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd
11 pages
Vsphere Admin6 AOS v6 - 6
No ratings yet
Vsphere Admin6 AOS v6 - 6
107 pages
Ccie DC Full Scale Labs PDF
100% (2)
Ccie DC Full Scale Labs PDF
185 pages
NSO 5.3 Manual Pages: Americas Headquarters
No ratings yet
NSO 5.3 Manual Pages: Americas Headquarters
552 pages
Advanced Admin AOS v50
100% (1)
Advanced Admin AOS v50
58 pages
Junos Cli PDF
No ratings yet
Junos Cli PDF
340 pages
Jatp Cli Reference Guide
No ratings yet
Jatp Cli Reference Guide
120 pages
Nutanix - Advanced-Admin-AOS-v51
No ratings yet
Nutanix - Advanced-Admin-AOS-v51
63 pages
IBM DS8000 Series User Guide
No ratings yet
IBM DS8000 Series User Guide
592 pages
ATOSNTUserManual 6.1.12
No ratings yet
ATOSNTUserManual 6.1.12
603 pages
Pan-Os Cli Quick Start
No ratings yet
Pan-Os Cli Quick Start
44 pages
SAOS 8700 Developer Guide
No ratings yet
SAOS 8700 Developer Guide
9 pages
Ent Cloud Platform Admin 50 Courseware Labmanual Ahv PDF
No ratings yet
Ent Cloud Platform Admin 50 Courseware Labmanual Ahv PDF
248 pages
ACS6048 Cli Guide
No ratings yet
ACS6048 Cli Guide
60 pages
CLI NCLI Commands
100% (2)
CLI NCLI Commands
8 pages
Field Installation Guide v3 7
No ratings yet
Field Installation Guide v3 7
102 pages
Pan Os 6.1 Cli Ref
No ratings yet
Pan Os 6.1 Cli Ref
778 pages
A10 - ADC-2 7v2 1-L-Presentation - 3 27 14
No ratings yet
A10 - ADC-2 7v2 1-L-Presentation - 3 27 14
157 pages
What Is MSRN? in Which Type of Call It
100% (3)
What Is MSRN? in Which Type of Call It
2 pages
SUSE Linux Enterprise Server 10 Installation and Administration
100% (1)
SUSE Linux Enterprise Server 10 Installation and Administration
982 pages
Nutanix - Advanced-Setup-Guide-AOS-v51
No ratings yet
Nutanix - Advanced-Setup-Guide-AOS-v51
29 pages
Junos Cli
No ratings yet
Junos Cli
422 pages