Overview of the climanager Service
Procedure Requirements
To enable easy access to the Sensor Management CLI, run the following command to create the file with the necessary content and make it executable.
echo 'sudo /usr/local/bin/k0s kubectl -n pca exec -it $(sudo /usr/local/bin/k0s kubectl -n pca get pod | grep climgr | cut -f1 -d" ") -- smcli.sh' | sudo tee /usr/bin/smcli.sh > /dev/null && sudo chmod +x /usr/bin/smcli.sh
Command Line Interface
The commands described in this article are executed within the Sensor Management Command Line Interface (CLI).
Accessing climanager Service to Manage Sensor Management
- Using an SSH client, log in to the replicated system as a user with root privileges and execute:
smcli.sh
- Upon first use, you will be asked to confirm the connection to localhost on port 2200. For example:
The authenticity of host '[localhost]:2200 ([127.0.0.1]:2200)'
can't be established.
RSA key fingerprint is SHA256:FYQGJ....
Are you sure you want to continue connecting
(yes/no/[fingerprint])?
- Type yes to confirm.
Note: For added security, idle sessions timeout after 5 minutes of inactivity.
Configuration Commands
config show
Syntax:
config show
Command Description:
This command displays volume location.
Example:
sm-cli: config show
Containers' storage path '/volume' is mounted on the host at '/var/lib/embedded-cluster/openebs-local/pvc-d5a0779a-a637-447f-a4b0-f7a8fdbda27a'
Input Parameters:
None
Output Attributes:
None
Service Control Commands
Services Status
Syntax:
services status
Command Description:
This command displays the status and uptime of all Sensor Management Replicated services and their pods.
Example:
sm-cli: services status
sm-bizdb - Service is running
sm-bizdb-0 - Running (Ready 1/1, Up 22h)
sm-bizn1 - Service is running
sm-bizn1-64c94bb589-xllcx - Running (Ready 1/1, Up 22h)
sm-medn1 - Service is running
sm-medn1-ccddf6c88-fbxx7 - Running (Ready 1/1, Up 22h)
sm-nbin1 - Service is running
sm-nbin1-7497cd75f8-4gh6j - Running (Ready 1/1, Up 22h)
sm-climgr - Service is running
sm-climgr-76467f6d86-84gl7 - Running (Ready 1/1, Up 22h)
=================
5/5 service(s) are running
Input Parameters:
None
Output Attributes:
None
Services Restart
Syntax:
services restart
Command Description:
This command restarts the Sensor Management Services.
Note: Restarting services will delete and recreate all pods. Any data saved to a container's local file system (inside the pod) will be lost, but data on mounted volumes will remain.
CAUTION: Do not store important data in a container's local file system.
Example:
sm-cli: services restart
Proceed ? (y/N)
y
Restarting Sensor management services ...
statefulset.apps/sm-bizdb restarted
deployment.apps/sm-bizn1 restarted
deployment.apps/sm-medn1 restarted
deployment.apps/sm-nbin1 restarted
Sensor management services are restarted
Input Parameters:
None
Output Attributes:
None
Syslog Commands
syslog edit
Syntax:
syslog edit <parameter> <value>
Command Description
This command is used to edit the syslog configuration.
Example:
sm-cli: syslog edit disk-space 50
Input Parameters
| Parameter | Value | Description |
|---|---|---|
| disk-space | A numeric value between 1 and 2147483647 | Amount of disk space storage for temporary storage during the disconnection between Sensor Management and the server. The unit is Gibibytes. Default value is 5GB. |
| remote | disable or enable | Enable or disable the process to transfer log to server. Default values is disable. |
| transfer-protocol | TCP or TLS | Configuring the transfer protocol. Default values is TLS. |
Output Attributes
None
Configure server attributes
Syntax:
syslog edit <server1|server2> <parameter> <value>
Command Description
Configure primary (server1) and secondary (server2) server attributes.
Example:
sm-cli: syslog edit server1 host visionems
Input Parameters
| Parameter | Value | Description |
|---|---|---|
| host | string | Configure the domain name or IP address of the remote server. |
| none | Clear the configuration of the remote server. | |
| permitted-peer | string | Configure the Common Name (CN) of the remote server's certificate. |
| port | A numeric value between 1 and 65535. | Configure the network port of the remote server. |
Output Attributes
None
syslog import
Syntax:
Command Description
This command imports certificate files to enable TLS transfer.
Example:
sm-cli: syslog import ca-file ca-file.pem
Input Parameters:
| Parameter | Value | Description |
|---|---|---|
| ca-file | string | Import ca file |
| cert-file | string | Import cert file |
| key-file | string | Import key file |
Output Attributes
None
syslog show configuration
Syntax:
syslog show configuration
Command Description
This command displays the syslog configuration.
Example:
sm-cli: syslog show configuration
[ Syslog configuration ]
Syslog transfer status : Disabled
Remote server configurations :
Primary server :
Host : 10.220.0.40
Port : 514
Permitted peer : external.example.com
Disk space : 5g
Secondary server :
Host : 10.220.0.41
Port : 10514
Permitted peer : internal.example.com
Disk space : 5g
Transfer protocol : TLS
Input Parameters
None
Output Attributes
None
syslog show status
Syntax:
syslog show status
Command Description
This command displays the syslog configuration.
Example:
sm-cli: syslog show status
[ Syslog status ]
Remote server status :
Primary server :
Host : 10.220.0.40
Port : 514
Connection status : Up
Secondary server :
Host : 10.220.0.41
Port : 10514
Connection status : Up
Input Parameters
None
Output Attributes
None
Utility Commands
Version
Syntax:
version
Command Description:
This command displays the current Sensor Management version.
Example:
sm-cli: version
Sensor Management version: 25.07 (build: 2866-1f3e98c8)
Input Parameters:
None
Output Attributes:
None
Exit
Syntax:
exit
Command Description:
This command exits the Climanager Service session.
Example:
sm-cli: exit
logout in progress
Connection to localhost closed.
Input Parameters:
None
Output Attributes:
None
Backup and Restore Database Commands
Backup Database
Syntax:
database backup
Command Description:
This command creates a backup of the MySQL database, generating a tar.gz file in the backups folder at the following Sensor Management volume location: /var/lib/embedded-cluster/openebs-local/<pvc volume location>/mysql/backups.
Requirement:
Sensor Management services must be started.
Example:
sm-cli: database backup
Please wait ... This could take several minutes.
Xtrabackup operating ...
Preparing files ...
Synchronised.
Verifying if there is enough space...
Compressing the backup folder ...
Archived in DB_BAK_2025-07-18_07-25-34.tar.gz
*** DATABASE BACKUP LOCAL END TIME 2025-07-18_07:25:43 ***
Input Parameters:
None
Output Attributes:
None
Restore Database
Syntax:
database restore <filename_of_the_backup_archive> key <key_file>
Command Description:
This command is used to restore the MySQL database.
CAUTION: Do not delete the private key file.
The default private key location is: /var/lib/embedded-cluster/openebs-local/<pvc volume location>/config/key/private_db_backup_key.pem.
Note: If restoring the database from another system, please provide the private key file of that system.
Requirements:
Ensure the backup file is readable and copied to the data folder: /var/lib/embedded-cluster/openebs-local/<pvc volume location>/data.
Sensor Management services must be started.
Example:
sm-cli: database restore DB_BAK_2025-07-21_06-42-15.tar.gz
Key location: /volume/config/key/private_db_backup_key.pem
This action will stop all sensor management services
Continue y/N?
y
Stoping Sensor management services ...
statefulset.apps/sm-bizdb scaled
deployment.apps/sm-bizn1 scaled
deployment.apps/sm-medn1 scaled
deployment.apps/sm-nbin1 scaled
Sensor management services are stopped
Creating temporary bizdb-restore pod...
pod/bizdb-restore created
Waiting for bizdb-restore pod is running...
The file was decrypted successfully: /tmp/DB_BAK_2025-07-21_06-42-15.tar.gz
***** RESTORE Orchestrator DATABASE FROM BACKUP *****
WARNING - This process will wipe the current visiondata database
You are about to REPLACE the Orchestrator database (visiondata) with backup /tmp/DB_BAK_2025-07-21_06-42-15.tar.gz.
Continue y/N?
y
Please wait ... This could take several minutes.
Deleting previous ibdata ...
Copying files ...
Restore complete
Cleaning up...
pod "bizdb-restore" deleted
Clean up done!
Starting Sensor management services ...
statefulset.apps/sm-bizdb scaled
deployment.apps/sm-bizn1 scaled
deployment.apps/sm-medn1 scaled
deployment.apps/sm-nbin1 scaled
Sensor management services are started
Input Parameters:
| Parameter | Mandatory | Value | Description |
|---|---|---|---|
| restore | Y | Filename | This is the name of the backup archive file. |
| key | N | key file | This is the name or path of the key file required to decrypt or access the backup archive. Note: Ensure the private key file is located in the data folder. |
Performance Session Commands
mgr-command
Syntax:
mgr-commands
Command Description:
This command grants access to the mgr-commands mode within Sensor Management. This mode provides a dedicated set of commands for managing sender endpoints, reflector endpoints, and performance sessions.
Requirement:
Sensor Management services must be started.
Example:
sm-cli: mgr-commands
Defaulted container "bizn1" out of: bizn1, init (init)
username: admin
password: ************
mgr/mgr#
Input Parameters:
None
Output Attributes:
None
Generate and Import the SSH Key for Rsync Destination Using the Rsync Password
Syntax:
admin rsync-keys user <user> ip <ip>
Command Description:
This command is used to generate and import the SSH key for the Rsync destination.
Requirement:
Sensor Management services must be started.
Example:
sm-cli: admin rsync-keys user visionems ip 10.220.0.101
Defaulted container "bizn1" out of: bizn1, init (init)
Exchanging SSH keys with visionems@10.220.0.101 ...
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/visionems/.ssh/id_rsa.pub"
The authenticity of host '10.220.0.101 (10.220.0.101)' can't be established.
ECDSA key fingerprint is SHA256:vTXh96YensRAxJ6zGeWlJqvpMSPvq017njiYZqUf+20.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
visionems@10.220.0.101's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'visionems@10.220.0.101'"
and check to make sure that only the key(s) you wanted were added.
SSH keys exchange with 'visionems@10.220.0.101' is complete.
Input Parameters:
| Parameter | Type | Description |
|---|---|---|
| user | String | This is the username for the Rsync destination. |
| ip | IPv4 or IPv6 address | This is the IP address for the Rsync destination. |
Import a Trusted Certificate
Syntax:
certificate import trusted-file <cert_file_name>
Command Description:
This command imports the Zitadel certificate file into the application.
Requirements:
Ensure the certificate file is readable and present in /var/lib/embedded-cluster/openebs-local/<pvc volume location>/data on the replicated system.
Sensor Management services must be started.
Example:
sm-cli: certificate import trusted-file
A string value. Should be specified between quotes.
sm-cli: certificate import trusted-file server.crt
Proceed ? (y/N)
y
Defaulted container "bizn1" out of: bizn1, init (init)
Certificate was added to keystore
[Storing /volume/config/domain/cacerts.jks]
Certificate was added to keystore
[Storing /volume/config/domain/cacerts.bcfks]
Import Done.
Please restart application services to take affect.
Input Parameters:
| Parameter | Value | Description |
|---|---|---|
| trusted-file | File name | Certificate file name |
Import Application Server Certificate
Syntax:
certificate import server-cert-file <cert_file_name> [storepass <storepass>]
Command Description:
Imports an application server certificate into the keystore.
Requirements:
Ensure the application server certificate is in p12 format or follow the Getting a Signed Certificate for Skylight orchestrator procedure to create a standard JKS file.
Ensure the certificate file is readable and present in /var/lib/embedded-cluster/openebs-local/<pvc volume location>/data on the replicated system.
Example:
certificate import server-cert-file server.p12 storepass changeit
Input Parameters:
| Parameter | Value | Description |
|---|---|---|
| server-cert-file | File name | Certificate file name |
| storepass | changeit | Password for the keystore certificate. If not provided, the default password is used. |
Export Trusted Certificate File
Syntax:
certificate export trusted-cert-file alias <alias> [format <pem|der>]
Command Description:
Exports a trusted certificate from the trust store using its alias, in the specified format.
Example:
certificate export trusted-cert-file alias zitadel format pem
Input Parameters:
| Parameter | Value | Description |
|---|---|---|
| alias | alias | The alias of the certificate to export |
| format | pem/der | Defaults to PEM if not specified. |
Export Application Server Certificate File
Syntax:
certificate export server-cert-file [format <pem|der>]
Command Description:
Exports the application server certificate in the desired format.
Example:
certificate export server-cert-file format der
Input Parameters:
| Parameter | Value | Description |
|---|---|---|
| format | pem/der | Defaults to PEM if not specified. |
Renew Local Certificate
Syntax:
certificate renew-local
Command Description:
Renews the local self-signed certificate for the application, extending its validity and updating the keystore.
Example:
certificate renew-local
Notes:
- The certificate renew-local command only supports renewal of self-signed certificates.
- If the certificate is signed by a Certificate Authority (CA), renewal is not supported via CLI. You must renew through your CA.
- If the certificate is self-signed, the renewal will proceed. If the certificate is CA-signed, an error message will be shown and the process will stop.
Generate Local Self-Signed Certificate
Syntax:
certificate generate-local country-name <country> state <state> locality <locality> organization <org> organizational-unit <org-unit> common-name <common-name> subject-alternative-names <san>
Command Description:
Creates a new self-signed certificate for the application, suitable for development, testing, or internal use. This certificate is stored in the keystore and can be used for secure communications.
Example:
certificate generate-local country-name US state California locality "San Jose" organization "Cisco" organizational-unit "IT" common-name "myapp.cisco.com" subject-alternative-names "myapp.cisco.com,comtest.example.com"
Input Parameters:
| Parameter | Value | Description |
|---|---|---|
| country-name | country | Two-letter country code (e.g., US, FR). |
| state | state | State or province name |
| locality | locality | City or locality name |
| organization | org | Organization name |
| organizational-unit | org-unit | Organizational unit |
| common-name | common-name | Fully qualified domain name (FQDN) or application name |
| subject-alternative-names | san | Comma-separated list of SANs. e.g.,myapp.cisco.com, test.example.com |
Show Trusted Certificate File
Syntax:
certificate show trusted-cert-file alias <alias>
Command Description:
Displays detailed information about a trusted certificate, including subject, issuer, validity period, and SANs.
Example:
certificate show trusted-cert-file alias zitadel
Input Parameters:
| Parameter | Value | Description |
|---|---|---|
| alias | alias | The alias of the certificate to inspect. |
Show Application Server Certificate File
Syntax:
certificate show server-cert-file
Command Description:
Shows information about the current application server certificate, including subject, issuer, validity, and SANs.
Example:
certificate show server-cert-file
Transport Layer Security​ Commands
TLS configuration
Syntax:
tls <enable|disable> <parameter> <value>
Command Description:
​This command enables or disables ciphers, named_groups and Transport Layer Security (TLS) 1.0 or 1.1 configuration for reverse proxy.​​
Requirement:
Sensor Management Services must be started.
Example with cipher:
sm-cli: tls disable cipher TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Command executed successfully.
Please restart Skylight orchestrator services to apply this configuration.
Example with named_group:
sm-cli: tls disable named_group X25519
Command executed successfully.
Please restart Skylight orchestrator services to apply this configuration.
Example with version:
sm-cli: tls enable version TLSv1
Command executed successfully.
Please restart Skylight orchestrator services to apply this configuration.
Note: After running this command, you must restart Sensor Management Services to apply the new configuration.
Input Parameters:
| Parameter | Value | Description |
|---|---|---|
| cipher | string | Name of ciphers to disable or enable |
| named_group | string | Name of named_group to disable or enable |
| version | TLSv1 or TLSv1.1 | TLS version to be enabled or disabled. Notes: TLSv1 value: TLS v1.0 and later. TLSv1.1 value: TLS v1.1 and later. |
Output Attributes:
None
TLS show
Syntax:
tls show <parameter>
Command Description:
This command displays the list of enabled TLS ciphers, the TLS named group, and the TLS version.
Requirement:
Sensor Management Services must be started.
Example:
sm-cli: tls show version
The supported TLS versions for reverse proxy: TLSv1.0 and later
| Parameter | Description |
|---|---|
| cipher | Displays a list of the ciphers enabled on Sensor Management. |
| named_group | Displays a list of the name-groups are enabled on Sensor Management. |
| version | Displays a list of the supported Transport Layer Security (TLS) versions for reverse proxy on the Sensor Management. |
Output Attributes:
None
Generate a File Logs Folder
Syntax:
tech-support generate
Command Description:
This command generates a compress file for the application logs folder.
Example:
sm-cli: tech-support generate
Compressing /volume/logs to /volume/data/tech_support/sm_logs_20250718_092639.tar.gz ...
Logs compressed to /volume/data/tech_support/sm_logs_20250718_092639.tar.gz
Input Parameters:
None
Output Attributes:
Logs are compressed to /var/lib/embedded-cluster/openebs-local/<pvc volume location>/data/tech_support/.
© 2026 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and trademarks