Versions Compared

Old Version 117

changes.mady.by.user Naiming Shen

Saved on

compared with

New Version 118

changes.mady.by.user Naiming Shen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The rest of this document will have more detail detailed information on each of the EdgeView commandcommands.

Multi-Instances

When the EdgeView is started base based on the configuration on the controller, it can be a single instance or multiple instance session. The multi-instance case is used when there is a need for multiple users to access the device or applications at the same time. For the multi-instance session, the user needs to supply the 'instance ID' when issuing EdgeView command, for example with the above 'edgeview.sh' script, an instance number is needed:

...

if the '/<app-string>' is supplied in the command, it will display the specific user application with more detail information. The 'app-string>' is a subset of the App name string regardless of cases. For example, if the app name is 'cluster-k3s-2-agent1', one can use 'app/agent' to query. Besides the above information, it gets more networking information of from the application. It will try to ping the App IP address to see if it is 'Up', it will get the DHCP info of the application, and iptable rules related to the application.

...

This display can be used for troubleshooting network port issues when there is a configuration change. It displays the list of port configure configurations of the interfaces, and the current index in the list. When the EVE device can not connect to the controller, it will try to connect to the controller with a different port configure configuration on this list periodically.

...

The 'flow' command displays the content of the Linux Contrack Conntrack table. It contains the detail detailed network 5-tuple information for EVE device and user applications current network endpoints information. One can use filter filters to search for specific IP address addresses or port number numbers for display.

If

if[/intf-name] - display interface related information briefly

...

This command prints a brief device interface information. An interface name string can be entered as a filter. It also prints the proxy configuration if it exists.

Mdns

mdns[/intf-name][/service] - display zeroconfig zeroconf related information

  e.g. mdns/eth0 -- display mDNS for default service 'workstation' on interface 'eth0'

...

       mdns -- display mDNS for default service 'workstation' on all 'UP interafces' interfaces

The mDNS is a multicast protocol for auto discovery of services. It will send queries over all the 'UP' interfaces on the device to discover the service being advertised. By default it sends out for 'workstation._tcp' service which is a well-known mDNS service supported.

The EVE 'local datastore' implementation for App is based on the mDNS to bind the domain name with '.local'. This 'mdsnmdns' command can be used to query on the bridge where the App is located and to see if it replies with the service for datastore image download.

...

The 'ping' command if without any option, it will try to ping '8.8.8.8' and the controller of the EVE device from each of the interfaces. It can take a domain name or IP address option to send out the ICMP packets. It can be used on internal IP addresses such as App interface IP address, or on external server servers to see if the device can reach it.

...

The 'route' command displays the IP Rule tables in the Linux kernel and their IP routes. It also walks through all the 'UP' interfaces and display displays their associated routes.

Socket

socket - display all the ipv4 litening listening socket ports and established ports

The 'socket' command displays all the listening TCP and UDP sockets in the Linux kernel and the server information. It also displays the current currently established sockets 5-tuple information.

...

  e.g. speed/wlan0 -- run speed test on interface wlan0

The 'speed' command uses the 'speedtest' utility to measure the download and upload speed of the device. The outbound interface name can be supplied to run the speed test over that port. An example of the output:

...

The 'trace' command uses the 'traceroute' utility of the Linux and returns the hop-by-hop result if available. It uses two-queries per hop (useful in ECMP) and it is limited to a maximum of 10 hops. The option can be an IP address or domain name.

...

The 'url' command is for the statistics of different services to the controller and data-stores. The services includes include 'zedagent', 'zedrouter', 'loguploader', etc. This stats is kept from the device reboot time. The command also displays the management interface traffic send and receive stats. An example of a subset of output:

...

This example here is the part for EVE 'zedagent' service send/receive from different URLs for downloading device configure and upload device info messages. The stats contains the send and receive payload bytes, and number of messages (in 'SendMsg'). The 'TLS resume' indicates among all the TLS message exchanges, how many has have the 'TLS resumption' (defined in RFC-5247). The stats has also the total round-trip time it spends on all those messages with that URL.

...

The 'wireless' command displays the 'wlan' and 'wwan' interfaces (it if they exist on the EVE device) relation information, such as 'wpa_supplicant.conf' file content, the port configuration for the wireless interfaces and status.

...

The option can take a '-line <num>', and this is similar to Linux 'head' and 'tail' utility to only display the number of lines from the file depends depending on whether the <num> is a positive or negative value. For example to tail the last 5 lines of the current device log:

...

{"severity":"info","source":"edgeview","iid":"22761","content":"{\"level\":\"info\",\"msg\":\"recv[ep-inst-1:147.92.91.124] cmd: cat/persist/newlog/collect/current.device.log\",\"obj_name\":\"edgeview-cmd\",\"obj_type\":\"newlog-gen-event\",\"pid\":22761,\"source\":\"edgeview\",\"time\":\"2022-08-12T19:51:53.702389706Z\"}\n","msgid":2947,"timestamp":{"seconds":1660333913,"nanos":702389706}}

Cp

For the detail details of 'cp' command, see section Copy File Command.

Datastore

...

On EVE devices, it needs to be configured with datastore(s) for image downloading. The EVE image datastore is by default configured. The application image datastore is dynamically configured on the EVE device depends depending on the applications.

Download

...

hw - display the hardware from lshw information in json format

The 'hw' command uses the utility 'lshw' and it does not take options. It displays the device hardware information in JSON format.

...

The 'ls' command displays the files information in the directory. It can take a wildcard in the files file's name string to match a subset of files in the directory. For example:

...

The 'ps' command displays the 'pid', system times, 'vms', 'rss', CPU, memory and 'cmdline' information. It takes a string as a filter for the 'cmdline' of the process. E.g.:

...

The 'cipher' command displays the certificates in '/persist/certs' directory, the datastore configure configured cipher information, the TPM edge-node certs information, and controller certificate information.

...

The 'usb' command uses the 'lsusb' utility to display the device USB information.

Techsupport

For the detail details of 'techsupport' command, see section Tech-Support Command.

...

The 'log' command is used to search for log entries for the device and applications. Even though the logs are normally uploaded to the controller side, the users of the enterprise may not have the capability to search in the cloud. The application logs depends depending on the setting, it can be configured not to upload, then to the only way to view them is through this 'log search' in EdgeView if needed.

...

The floating point number unit is si represented in hour units. For example, 'log/container -time 0.1-0.3' will search all the logs from 0.1 hour to 0.3 hour ago for any string that matches 'container'. The RFC-3339 format can be used for any time range before, for example: 'log/container -time 2022-08-15T01:35:56Z-2022-08-15T02:00:00Z' for log search in that UTC time range. The starting and ending time is limited to a maximum of 5 hours.

Log Search with type

...

Another way to study the log entries from the EVE device is to upload the log files onto the user's laptop. Since the user may not know what to search and wants to save the complete log entries during the time frame for more careful examination now or later. Because there is no search string needed, EdgeView researves reserves the string 'copy-logfiles' for this purpose. The command 'log/copy-logfiles' is used to upload log entries onto the user's laptop. The time range format is the same as log searches described above, except that the maximum range is 30 minutes.

The files will be uploaded onto the user's EdgeView container directory '/download', and when use using the 'docker run' for EdgeView, it needs to mount the volume from your local directory onto the docker's '/download'.

...

In this example, since the user does not use time option, by default it is now to 30 minutes before. It creates a directory under the '/download' with the timestamp of current time in 'yyyymmddhhmmss' format. there are 6 device log gzip files, and 6 app files (belong to the same app). It is then decompressed to the gzip files and merge them merged into text files with JSON format for each log entry inside. There will only be one device log file, there can be zero or more application log files with the app UUID in the filename. The text log files keep the strict time order of the log entries from the earliest to the latest.

...

The 'pub' commands are meant for users who have extensive EVE internal knowledge. EVE-OS has many services, e.g. 'zedagent', 'zedrouter', etc. Each service publishes some configuration or status for other services to consume or to subscribe. All those publications reflect the current state of EVE operation. When troubleshooting a problem, sometimes one needs to know what a service is publishing to see if it is correct. The majority of the publications is are in the directory '/run/<service-name>/'. A service can publish one or more types of data, which locates in it's sub-directoriesare located in its subdirectories.

All the services supports 'pub' command:

...

The 'tcp' command is the most useful one in EdgeView. It sets up a TCP relay channel from the user's laptop through the Dispatcher into the EVE device and further relaying the TCP traffic to applications on the device or even external hosts. It allows multiple TCP channels to multiple remote endpoints at the same time.

...

The 'tcp' command is different from other EdgeView commands, the purpose of running the command is not to get back some query results or uploading files, but to setup a TCP (relay) service on the laptop with the mapped ports, and different client application(s) on the laptop will connect to the TCP service, but virtually to relay/connect to the remote TCP endpoints. Think of the TCP channel as a virtual TCP port mapping service with the user's laptop as the frontend, and the applications at remote as the backend. This virtual TCP port mapping service works across the Internet, firewall, proxy, etc.

Access/Log-in Application

If the user wants to log into the applictions applications on the EVE device. There are multiple ways to do that using EdgeView. If the application runs SSHd inside, the user can use SSH:

...

If the application is a VM on the EVE device, instead of using SSH, the user can use VNC to connect to the application's console using EdgeView. Assume the two applications as above:

  • first use 'edgeview.sh app' to find out the VNC display ID of the applications. for For example, they the VNC IDs are 4 and 5 for the applications.
  • setup TCP channel into applications consoles by: edgeview.sh tcp/localhost:5904/localhost:5905

...

The reason the 'tcp' command with has the option to 'localhost:590x' is that , the VNC service is maintained by the EVE Dom0 side 127.0.0.1 with port numbers 590x for application console access.

The above two mappings, on the left side of '→' is are the user laptop endpoints, and on the right side of '→' is are the EVE device side endpoints, or the endpoints reachable from the EVE device.

...

The applications may have TCP services other than SSH, for example, it may have normal HTTP service. EdgeView TCP channel can be used to access those services by specifying the related ports. Here is an example of 'fledge' IoT application. It services 3 different TCP ports, 80, 8081 and 4840. Port 80 is for initial browser connection; after connectconnecting, there is a page to setup browser to another port 8081 usually. The port 4840 is for access accessing the 'TCP binary' data for IoT applications, it requires a special OPC UA client software to access. Here is an example to access the 'fledge' application on EVE device:

...

  • open a web browser to 'http://localhost:9001', and setup set up the page for browser switching to endpoint 'localhost:9002' for HTTP service. To access the OPC data, on the MacOS, the user can download the 'prosys-opc-us-client' and set the remote endpoint to 'localhost:9003'.

...

This is also similar to the above appliction application access, but with Dom0 side of the IP addresses and ports. For example, TCP acces access to the 'meta data' services for internal bridges:

...

As mentioned above, the TCP channel sets up a virtual port mapping across the Internet with the frontend on the user's laptop and the backend being the remote endpoints from the EVE device. For many TCP services, that work just fine. But HTTPs is different, it has the certificates which defines define the domain name or service IP addresses. When a local web browser points to "https://localhost:9001", that application service will have issues of with this 'localhost' or any IP address it does not have. The browser will also have the problem of verifying the certificates the server passes over. See FAQ on proxy for detail.

...

For example, the application with interface IP address of 10.1.0.2 is listening on TCP port 6443 as a HTTPs service for kubenetes kubernetes API service.

  • setup TCP proxy command: edgeview.sh tcp/proxy

...

  • assume the user has downloaded the 'kubeConfig' file on a local laptop, a 'kubeneteskubernetes' management software can be used to point to the proxy server of 'localhost:9001'. The kubeConfig remote API server address in this case is the real remote IP address: 10.1.0.2, and that is inside the certificate the API server uses.

The reason this 'proxy' being is part of the TCP command is that , the 'proxy' service is only for one port 9001 here, the others can still be used for regular TCP channel channels for SSH service and others.

...

The above example is for HTTPs working with the IP address in the URL, but normally the URL contains the domain name instead of IP address. If the server's domain name can be acquired though through normal DNS lookup EVE uses, then this is not a problem. In the case where the server's domain name is private, only being served by internal DNS record, then the user needs to know about the internal DNS server IP address from some outband out-band mechanism. EdgeView supports the proxy service with explicit specifying the DNS server IP address (e.g. it is 192.168.1.100) by:

edgeview.sh tcp/proxy@192.168.1.100

The usage is the same as a normal EdgeView proxy, with the browser points pointing to an URL which has the server's domain name, and direct directing the proxy service to 'localhost:9001' in this case.

...

cp//persist/newlog/keepSentQueue/dev.log.1630451424116.gz -- copy file with path to local directory


The 'cp' command allows the user to copy a file from EVE device onto the laptop. This is for the Dom0 side of the files, not application files inside the VM. For application VM files, user users can use the above TCP command with SSH mapping, and use SCP to get the files. This 'cp' assumes the SCP or SSH is not available on the Dom0 side. The 'cp' copies the remote EVE device file onto the container's '/download' directory. When run issued the 'docker run', the volume needs to be mapping mapped locally.

The syntax is simple, only need to specify the path to the filename on the device, e.g.:

...

The 'techsupport' command is to gather most of the EdgeView other command output and save into a compressed file then uploading to the user's laptop. This is similar to some router vendor's "show tech-support" command on devices. The command includes the above mentioned EdgeView commands:

...

Similar to 'cp' and 'log/copy-logfiles', the 'techsupport' requires the docker volume of directory '/download' be mounted in the user's local system. This command takes a while to run (about 60 seconds). Here is an example of the output:

...

% ls -l /tmp/download/techsupport-20220816202445.gz

-rw-r--r-- 1 naiming <username> wheel 82317 Aug 16 13:25 /tmp/download/techsupport-20220816202445.gz

...