The INFOBLOX CLI, a users guide
*A guide for commandline junkies*
The Ibcli is a simple command line tool that lets you do some (mostly) powerful things. It leverages the Infoblox api but provides a wrapper to the more complex (and detailed) API calls that uses more simple command line type calls.
It also lets you create batch scripts that can configure an Infoblox SDB without actually writing any perl.
So why do this, what is this CLI for ? Well there were a few primary reasons:
You don't need to wait for a GUI to start or get the right version of java functional, this allows you to quickly get into the database and make some simple and efficient changes
Now you don't need to know the intricacies of the API, a few simple commands will achieve the same effect, if you are a user that doesn't know PERL you can still drive the CLI and get the results you need. This may not be an advantage if you are reading data from another system to import into an Infoblox unit (since you still need to write software to parse the data, eg PERL) but it may still help and end user that can convert this data in to the CLI command set but not know enough to write PERL.
Need I say more ?
Lastly, why is this called 'ibcli' and not 'DNScli' ? Well, this is just a wrapper to any API we like, it is not really DNS specific.
Simple example, adding a zone
Start ibcli
ibcli -s 10.0.1.114 -u admin -p infoblox
Then run some commands
admin@10.0.1.224 > conf zone add infoblox.com
admin@10.0.1.224 > conf zone add sales.infoblox.com
A more detailed example
admin@10.0.1.224 > conf zone add com admin@10.0.1.224 > conf zone add foo.com admin@10.0.1.224 > conf zone foo.com add host test 1.2.3.4 admin@10.0.1.224 > conf zone delete bar.com
It should run 'as is' from a uniz machine.
If you have a windows OS then you will have a few hurdles to cross:
I still don't understand why Windows uses file suffix to type its data rather than doing something intelligent like looking at the contents of the file, but then, we are dealing with people who thought 8.3 was all you'd ever need as a file namespace and 640K for ram...
you'll need:
o Getopt::Long
o Text::Abbrev
o Term::EditLine (good luck with that)
Run the ibcli - it is a perl script, you will get a prompt
% ./ibcli
server ? >
Ideally, you should now connect the CLI to a server somewhere, to do this you give it the server and a user and a password, you can do these in either order, it just tries to eventually connect when it has enough data.
server ? > conf server 10.0.1.224 user admin password infoblox
admin@10.0.1.224 >
Or you can also do this from the initial invocation:
% ./ibcli -s 10.0.1.230 -u admin -p infoblox
"HOLD ON A SEC", I hear you ask, "Why am i connecting to a server, isn't this CLI running on a console somewhere ?". No, Grasshopper, the CLI is just a wrapper to the Infoblox.pm so you can run it from anywhere in the world. This gives you the added advantage of being able to work on MANY servers from the one CLI.
server ? > conf debug 3
server ? >
Or you can also do this from the initial invocation:
% ./ibcli -d 3
Connect to this server
Connect as this user
Connect with this password
Print a CGI header instead of the normal header
Run a single command and exit. The command must be quoted (for obvious reasons). For example
% ./ibcli -e 'show zone'
load a database backup file for browsing
If ibcli finds a file in the current working dircetory called '.ibcli.cf' it will silently load and run the commands in that file. This is useful for doing things like auto connection to a server (in CGI mode).
OK, so what can I do from here ?
By default all stuff is added to just the Grid Master, the API guesses this from the SERVER setting. If you explicitly want to add stuff to certain members you need to append the members to the command arg :
conf zone add foo.com member 1.2.3.4 conf zone add foo.com member 1.2.3.4 member 1.2.3.5
The command parser accepts abbreviations
co z a foo.com
is the same as
conf zone add foo.com
The cli uses a full line editor with history and the usual bells and whistles. Command completion can be achieved by pressing <tab>
To clear the line press '<ctrl>-u' or '\'
To exit the cli, press '<ctrl>-D' (not <ctrl>-c)
You can process command in batch by just writing them to a file and adding it to the command line thus :
ibcli -s 10.64.128.50 -u admin -p infoblox demo.cf
The syntax mostly matches the API syntax. Also, since this is based on the API (duh), the same restrictions about required arguments applies. Don't expect the cli to work around requiring dumb extra arguments. When you look deep into the API you realise why they are there.
conf zone add view internal
Add a view disabled :
conf zone add view internal disabled
You can also modify views
conf zone modify view internal set match_clients=[1.1.1.1,2.2.2.2]
And enable/disable it
conf zone modify view internal enabled conf zone modify view internal disabled
conf zone delete view internal
conf zone add shared_record_group my_group
conf zone delete shared_record_group my_group
Zones can be added as either forward or reverse. If you add a zone of the form n.n.n.n/mm it will assume it is a reverse zone
Add a forward zone
conf zone add foo.com
Add a reverse zone
conf zone add 10.0.1.0/24 conf zone add 10.in-addr.arpa
Add a zone to specific members
conf zone add foo.com primary 1.2.3.4 secondary 1.2.3.5 sec 1.2.3.6
Add a zone to a specific view
conf zone add foo.com view internal
Add a zone with extensible attributes
You can add multiple attributes by having multiple 'info' pairs
conf zone add foo.com ... info <name>=<value>
Add a zone with external primary
conf zone add foo.com ext_primary ns1.foo.com,1.2.3.4
Add a zone with stealth primary or secondary
conf zone add foo.com stealth_secondary 1.2.3.20 conf zone add foo.com stealth_ext_secondary ns1.foo.com,1.2.3.4 conf zone add foo.com stealth_ext_primary ns0.foo.com,1.2.3.4
Add a zone with an nsgroup
conf zone add foo.com ns_group mygroup
Add a shared record group to a zone
conf zone modify foo.com shared_record_group mygroup conf zone add foo.com shared_record_group mygroup
Add a forwarding zone (and assign it to members)
conf zone add fwd.foo.com forward_to ns1.x.com,2.2.2.2 forward_to ns2.x.com,3.3.3.3 member 10.0.0.20
Add a delegated zone
configure zone add deleg.foo.com delegate_to ns1.s.foo.com,1.2.3.4
Add a stub zone (and assign it to members)
conf zone add foo.com stub_from ns0.foo.com,1.2.3.4 mem 2.2.2.2
=head2 Import a zone
Zones can be imported as either forward or reverse. You just add an extra argument of the import source
Import a forward zone
conf zone add foo.com import 45.0.1.220
Import a reverse zone
conf zone add 10.0.1.0/24 import 45.0.1.220
Auto Generate hosts
You can also just post process a zone and create host records
conf zone mod foo.com generate_hosts
Set a random API method on a zone
conf zone add foo set <method>=<value> conf zone add foo set disable_forwarding=FALSE
When setting arrays you need special syntax "[ ]" and seperate your values by a ',' (This mostly seems to work)
... set allow_update="[10.0.0.0/8,168.147.0.0/24,192.168.114.0/24]"
Forward or reverse, the syntax follows the same logic as add zone
Remove a forward zone
conf zone del foo.com
Remove a reverse zone
conf zone del 10.0.1.0/24
you need the source and destination zone and views
conf zone copy <zone> view <src_view> to <dst_zone> dest_view <dst_view>
conf zone copy zone.com view int to newzone.com dest_view external
conf zone add ns_group internal primary 45.0.12.20 secondary 45.0.128.20
You can also call this as a grid command
conf grid Infoblox dns add ns_group internal ...
If you want to modify a ns_group, secondaries and external_secondaries
will get ADDED to the current list, (instead of replacing the current
list)
conf zone mod ns_group Internal secondary 45.0.128.20
conf zone del ns_group internal
You can also call this as a grid command
conf grid Infoblox dns del ns_group internal
conf zone foo.com add host test 1.2.3.4
conf zone foo.com add host test 1.2.3.4 comment "this is a comment"
If you don't know the zone, then just put in a blank and use a FQDN
conf zone "" add host test.foo.com 1.2.3.4
Add a host to a specific view
conf zone "" add host test.foo.com 1.2.3.4 view internal
Add hosts with multiple ip addresses. seperate the values with a ','
conf zone foo.com add host test 1.2.3.4,1.2.3.5
Add hosts with multiple ip addresses and mac addresses, append the mac address with ':<mac>' to the ipaddress
conf zone foo.com add host test 1.2.3.4:00:FE:00:01:02:03,1.2.3.5
To add hosts with fixed addresses, and a fixed addr template
conf zone foo.com add host test 1.2.3.4:00:FE:00:01:02:03 template mytemp
Add Hosts with Fixed addreses and settings, The settings could be on the fixed address, or the host itself. So you have 2 directives
- to set something on the Fixed Address : conf zone add host ... set <method>=<value>
- to set something on the Host Address : conf zone add host ... set_host <method>=<value>
Add hosts with fixed addresses and options. only the fixed addr can take options, so use the option directive
conf zone add host ... option <num>=<value>
Add hosts with aliases (CNAMES)
conf zone foo.com add host test 1.2.3.4 alias www alias ftp
Adding hosts with IPAM or Extensible Attributes You add multiple fields with additional 'info <name=value>' pairs
conf zone info.com add host pc1 2.3.3.3 info Asset=23456-06
Quotes are required of your value has spaces in it :
conf zone info.com add host pc2 2.3.3.3 info Custom1="Room 207"
configuring a host for no dns (disable for dns)
conf zone info.com add host pc2 2.3.3.3 ... nodns
conf zone foo.com modify host test 1.2.3.4
conf zone foo.com modify host test 1.2.3.4 name test2
conf zone foo.com modify host test 1.2.3.4 comment "this is a comment"
conf zone foo.com delete host test
conf zone foo.com add a_record test 1.2.3.4
Add it to a view :
conf zone foo.com add a_record test 1.2.3.4 view my_view
To add the record to a shared record group (zone must be blank)
conf zone "" add a_record test 1.2.3.4 shared_record_group mygroup
You can also set values ... set param=val
And EAs
... info EA=value
conf zone foo.com delete a_rec test 1.2.3.4
conf zone foo.com add AAAA test fe80::0001
To add the record to a shared record group (zone must be blank)
conf zone "" add AAAA test ad::2007 shared_record_group mygroup
conf zone foo.com delete AAAA test fe80::0001
conf zone foo.com add mx mail 10 mail.bar.com
To add the record to a shared record group (zone must be blank)
conf zone "" add mx mail 10 mail.bar.com shared_record_group mygroup
conf zone foo.com del mx mail 10 mail.bar.com
conf zone foo.com add SRV <name> <pri> <weight> <port> <target> conf zone foo.com add SRV _ldap._tcp 0 100 3268 dc01.foo.com
To add the record to a shared record group (zone must be blank)
conf zone "" add srv ... shared_record_group mygroup
conf zone foo.com add bulkhost my_prefix 1.2.3.10 1.2.3.20
conf zone foo.com add bulkhost my_prefix 1.2.3.10 1.2.3.20 addreverse
conf zone foo.com add bulkhost my_prefix 1.2.3.10 1.2.3.20 view foo
conf zone foo.com add bulkhost my_prefix 1.2.3.10 1.2.3.20 comment "bah"
conf zone foo.com del bulkhost my_prefix 1.2.3.10 1.2.3.20
conf zone foo.com add CNAME alias real.foo.com
conf zone foo.com delete CNAME alias
conf zone foo.com add TXT alias real.foo.com
When adding SPF refords or other things with quotes in them, you have to protect the quotes by using ('') instead of (")
conf zone foo.com add TXT spf "''v=spf1'' ''+ip4:1.2.3.4''"
conf zone foo.com delete txt name
conf zone 10.0.0.0/24 add PTR 10.0.0.20 ns2.foo.com
Add a PTR with comments
conf zone 10.0.0.0/24 add PTR 10.0.0.20 ns2.foo.com comment "string"
conf zone 10.0.0.0/24 del PTR 10.0.0.20 ns2.foo.com
conf net add view internal
You can also modify existing views
conf net modify view internal set external_ddns_primaries=1.1.1.1,2.2.2.2
conf network add 1.1.1.0/24
Add a network witwith a reverse zone
conf network add 1.1.1.0/24 addreverse
Add a network to a network_view
conf network add 1.1.1.0/24 view default
Add a network with members
conf network add 1.1.1.0/24 member 10.1.1.20 member 10.1.1.40
If no members are specified, the network will be added to the Grid master. If you don't want to assign any members use '0.0.0.0'
conf network add 1.1.1.0/24 member 0.0.0.0
Add a network using a template
conf network add 1.1.1.0/24 template MyTemplate
Add a network with options
conf network add 1.1.1.0/24 option 82="some data"
Add a network with vendor class options (class.option)
conf network add 1.1.1.0/24 option SunW.bootsvr="some data"
Add a network with comments (comments must come last)
conf network add 1.1.1.0/24 comment "comment string"
Add a network with IPAM info
conf network add 1.1.1.0/24 info <field>="<Value>"
Add a network and set any additional parameters. (the setting must match a method in the API)
conf network add 1.1.1.0/24 set <method=value> conf network add 1.1.1.0/24 set enable_ddns=FALSE
If the method requires an ARRAY you have to specify this in the value by putting the values onside '[]' :
conf network ... set some-method="[10.216.2.8,10.204.3.162]"
even if you only have a single value, you still need to pass the value as an array :
conf network ... set some-method="[10.216.2.8]"
You cannot renumber a network, only modify the contents of it.
conf network modify 1.1.1.0/24 set <method=value>
conf network modify 1.1.1.0/24 option 82="some data"
You also can't change the network_view, but you will have to specify the view to find the network to modify
conf network modify 1.1.1.0/24 view default
If you change things like options arrays, ALL the existing values will be replaced by the new list.
So if you want to just append a new option to an existing list, (or change one of the current options you can use 'addoption'. This will KEEP the current options array intact.
conf network modify 1.1.1.0/24 addoption 82="some data"
conf network add container 1.1.1.0/24 conf network modify container 1.1.1.0/24 comment "new comment"
Network containers can only have a view, comment, Extensible Attributes, or be disabled.
You probably only need this function when you want to add a container OVER some existing networks. In most other cases (with NIOS 5x) you can just add networks and the right thing will happen.
conf network del 1.1.1.0/24
conf template del network my_template
Move a network to a different member, or move a network onto members to match a failover association. The ranges inside the network will also be moved.
Moving a network to a single member :
configure network move 45.0.0.0/24 member 2.2.2.2
Moving a network to a multiple members :
configure network move 45.0.0.0/24 member 2.2.2.2 member 3.3.3.3
Moving a network to use DHCP failover :
configure network move 45.0.0.0/24 failover box1-boxb
** This feature will soon change, use with caution **
conf network 1.1.1.0/23 join /23 net 1.1.2.0/24
# this will copy all the ranges etc from the network # and create a new network
conf network add shared my_shared child_network 1.1.1.0/24 child 1.1.2.0/24
Add a shared network with options
conf network add shared foo option 82="some data"
Add a shared network with comments
conf network add shared my_shared ... comment "comment string"
conf network del shared my_shared
You need to specify the netmaks of the children networks when you are doing a split. So to split a /16 into /20 networks :
conf network 1.1.0.0/16 split /24
Split a network and add all children
conf network 1.1.0.0/16 split /24 all
When you split a network and want to add children you just add them to the parent network. All other options are the same as for adding networks
conf network 1.1.0.0/16 add 1.1.4.0/22
conf net add failover AtoB primary 45.0.12.20 secondary 45.0.128.30
conf network 10.0.1.0/24 add fixed 10.0.1.4 aa:bb:cc:11:22:33
The 'network' is actually optional, this syntax also works :
conf network add fixed 10.0.1.4 aa:bb:cc:11:22:33
To add the fixed addr with specific options
conf network add fixed ... option <name>=<value> [opt <name>=value>] conf network add fixed 10.0.1.4 .. option 82="some data"
To add the fixed addr to a specific view
conf network add fixed 10.0.1.4 aa:bb:cc:11:22:33 view default
Add a fixed address with a Fixed Address Template
conf network 10.0.1.0/24 add fixed 10.0.1.4 aa:bb:cc:11:22:33 template mytemp
Add a fixed address with comments
conf net 10.0.1.0/24 add fixed 10.0.1042 aa:bb:cc:11:22:33 comment "comment string"
You will need to specify the name instead of the IP address
conf network add fixed myroamer aa:bb:cc:11:22:33
You can also modify existing addresses with the same syntax
conf network 10.0.1.0/24 modify fixed 10.0.1.4 aa:bb:cc:11:22:33 ...
You also can't change the network_view, but you will have to specify the view to find the range to modify
conf network modify fixed 10.0.1.4 view default
conf template add fixed <name> offset <value> ... conf template add fixed router-a offset 1
Add a fixed address with comments
conf template add fixed ... comment "use this for routers"
You can also modify existing addresses with the same syntax
conf template modify fixed ...
Dhcp ranges, by default, will get added to the Grid master unless you override that setting with the 'member <ip>' syntax
conf network add range 10.1.1.20 10.1.1.40
Add a range to a network view
conf network add range 10.1.1.20 10.1.1.40 view default
Failover associations are an additional argument
conf net add range 10... failover "my_peering"
As are adding the member
conf net add range 10... member 1.1.1.2
If no members are specified, the range will be added to the Grid master. If you don't want to assign any members use '0.0.0.0'
conf net add range 10... member 0.0.0.0
You can also add exclusions
conf net add range 10... exclude 1.1.1.2,1.1.2.5
You can also add filters to a range (multiples are allowed)
conf net add range 10... macfilter <name>=<permission>
And add new filters to an existing range, you only have to specify start addr
conf net mod range 10.1.1.20 macfilter <name>=<permission>
conf net add range 10.1.1.20 10.1.1.40 filter_option <name>=<permission>
You cannot renumber a range, only modify the contents of it.
conf network modify range 10.. set <method=value>
conf network modify range 10.. option 82="some data"
You also can't change the network_view, but you will have to specify the view to find the range to modify
conf network modify range 10.. view default ...
If you change things like options arrays, ALL the existing values will be replaced by the new list. 'modify' does not append to existing lists, it does a complete replacement of it.
conf net delete range 1.1.1.20 1.1.1.40
Filters can take many forms, so you need to be specific
conf network add macfilter my_filter
conf network del macfilter my_filter
conf network filter my_filter add macaddress aa:bb:cc:11:22:33
Add a mac address to a filter with comments
conf network filter my_filter add mac aa:bb:cc:11:22:33 comment "my comment"
Modify a filter entry
conf network filter my_filter modify mac aa:bb:cc:11:22:33 comment "my comment"
conf network filter my_filter delete macaddress aa:bb:cc:11:22:33
show ipam address 1.2.3.4
Each network gets added to the current discovery job
configure ipam discovery add network 1.2.3.0/24
And you also need to set the discovery member (you can only do this once, each member will overwrite the last one)
configure ipam discovery add member 192.168.1.2
show ipam discovery
Add a device type
configure grid add device_type <name>
Add a device type with new custom labels
configure grid add device_type <name> label <orig>=<new-name>
Add a device type with multiple custom labels
... device_type <name> label <orig2>=<new-name2> label <orig2>=<new-name2>
For 4.3 or later you have to add and define Extensible attributes
configure grid add attribute <name>
Set Values and type
configure grid add attribute <name> value <value> [ value <value ]
configure grid add attribute <name> type <type>
create a list of elements
configure grid add attribute <name> type list value one value two
Set the attribute to be a multiple or a required item
configure grid add attribute <name> required
configure grid add attribute <name> multiple
show grid attribute
show grid attribute <name>
show grid device_type
show grid device_type <name>
[ ] TBD
show grid schedule
conf grid schedule delete <taskid>
configure radius add user bob password changeme
configure radius del user bob
show radius user bob
You MUST specify a member and a Shared secret
conf radius add device <name> <ip> member 1.2.3.4 shared_secret xxxx You can also add a comment
conf radius add device <name> <ip> ... comment "Test AP"
conf radius del device <name> <ip> member 1.2.3.4 shared_secret xxxx
show radius device bob
show radius device <name>
configure admin add admin_group locals
make them superuser
configure admin add admin_group locals superuser
Add roles to the group
configure admin add admin_group locals role "DNS Admin"
You can also modify admin groups (to add roles or perms) This will ADD to the current list(s), not replace it
configure admin modify admin_group locals role "DNS Admin"
configure admin add role locals
You need the admin group name and a password
configure admin add user bob group locals password changeme
Permissions can be any of 'read' 'write' or 'deny', and are applied to an admin group or an admin or an admin_role
conf admin add permission <perm> <type> <name> group <group_name>
conf admin add perm write zone foo.com group dns_admins conf admin add perm read network 45.0.0.0/24 group dhcp_guys
conf admin add perm read range 45.0.0.10-45.0.0.20 group dhcp_guys (ranges actually only need the 'start_addr' ) conf admin add perm read range 45.0.0.10 group dhcp_guys
Add permissions to a role
conf admin add perm write zone foo.com role "AAA Admin"
You can also add resource_types :
conf admin add perm write type "All DHCP Templates" group dhcp_guys conf admin add perm write type "All DHCP Templates" role "DHCP Admin"
In some cases you can also do this when configuring the object :
conf zone <zone> add permission <perm> group <name>
conf zone test.com add permission read group ops
conf net 45.0.0.0/24 add permission read group ops
conf member ns1.test.com add permission read group ops
Permissions can be any of 'read' 'write' or 'deny', and ar applied to an admin group or an admin.
If you want to change a permission, you have to delete it, then add a new permission (yes, there should be a better way)
conf zone <zone> del permission <perm> group <name>
conf zone test.com del permission read group ops
conf net 45.0.0.0/24 del permission read group ops
you need enough unique information to find the correct permission and them modify it, thus you need : - resource object - admin group
The CLI will then try to get the current permission and modify it
conf zone <zone> mod permission <perm> group <name>
To change a zone permision to 'read-only' :
conf zone test.com mod permission read group ops
Add or remove access methods
conf grid <name> add remote_console_access conf grid <name> delete remote_console_access conf grid <name> add support_access conf grid <name> add lcd_input
Modify some basic grid values
configure grid Infoblox modify grid_name My_Grid
configure grid Infoblox modify vpn_port 1194 configure grid Infoblox modify shared_secret test configure grid Infoblox modify session_timeout 14400 configure grid Infoblox modify prefer_resolver 127.0.0.1
Add ntp servers ( and enable NTP at the same time )
configure grid Infoblox add ntp_server 1.1.1.1 ntp_server 2.2.2.2
Disable the NTP service
configure grid Infoblox disable ntp
or set a random API method
configure grid Infoblox set <method>=<value> configure grid Infoblox set query_comm_string=public
Enable or Disable the NTP service
configure grid Infoblox modify member 1.2.3.20 enable ntp configure grid Infoblox modify member 1.2.3.20 disable ntp
Change the IP address
conf grid Infoblox modify member infoblox.localdomain ipaddress 10.64.128.40/24
change the name
conf grid Infoblox modify member infoblox.localdomain ipaddress 10.64.128.40/24 name dns1.myzone.com
Make this an HA pair
conf grid blox modify member foo.com hapair 10.64.128.41,10.64.128.42,10.64.128.43,10.64.128.44 routerid 40
Set a value
conf member ns1.lab.com dns set ...
conf member ns1.lab.com dns set forwarders="[1.1.1.1,4.2.2.2]"
show member <name> dns
show member ns1.lab.com dns
You can also get there from the zone command
show zone member ns1.lab.com
Set an option
conf member ns1.lab.com dhcp option 82="some data"
Set a value
conf member ns1.lab.com dhcp set ...
conf member ns1.lab.com dhcp set forwarders="[1.1.1.1,4.2.2.2]"
configure grid Infoblox add member ns1.foo.com ipaddress 1.2.3.20/24
Add a member as an HA pair
configure grid Infoblox add member ns1.foo.com \
ipaddress 192.168.1.100/24 gateway 192.168.1.1 \
hapair 192.168.1.101,192.168.1.102,192.168.1.103,192.168.1.104 \
routerid 100
Members can have a LOT of options...
To add a mgmt port :
mgmt_ip 5.195.156.52/25 mgmt_gate 5.195.156.1
To add mgmt ports to HA pairs ( 'hapair' must be defined ) :
mgmt_ip 5.195.156.52/25 mgmt_gate 5.195.156.1 mgmt_ip_2 5.195.156.53/25
configure grid Infoblox delete member ns1.foo.com ipaddress 1.2.3.20/24
conf grid <name> dns add default_ttl <num> conf grid <name> dns add recursion
conf grid <name> dns add ns_group <name>
DNS ACLs
These will ADD the addresses to the acl, not replace the list
conf grid <name> dns add acl allow transfer x.x.x.x/nn conf grid <name> dns add acl deny update x.x.x.x/nn
Create a Vendor space
conf network add space <name>
conf network add space SUNW
Create a DHCP network option
conf network add optiondef <name> code <num> type <type>
conf network add optiondef voip 150 type string
If you want to add them to vendor spaces..
conf network add optiondef server 150 type string space SUNW conf network add optiondef boot 270 type string space Cisco-ap
Add a network option to the grid level
conf grid <name> dhcp add option <num>=<value>
conf grid Infoblox dhcp add option 82="some data"
Remove a custom option
conf grid <name> delete network option 82
conf network global delete custom_option 82 conf network global delete lease_time
show grid <name> dns
show grid <name> dhcp
Show all zones
show zone
Show all zones with details
show zone detailed
Show all forward zones
show zone forward
Show all reverse zones
show zone reverse
Show all secondary (external_primary) zones
show zone secondary
Show just 1 zone
show zone foo.com
Show NameServer Groups
show zone ns_group
show zone ns_group <name>
Show Shared Record Groups
show zone shared_record_group
show zone shared_record_group <name>
Show all views
show views
or
show zone view
Show just One view
show views default
or
show zone view default
show host www.foo.com
show record cname www.foo.com
show record a_record test.foo.com
show record a_record test.foo.com view internal
Searching by EA is tricky because of the parser, you have to give a name, but it will be ignored
show record a_record anyname info Site=west
show network lease 1.1.1.1
shoe network lease aa:bb:cc:11:22:33
Show ALL leases
show network lease
show network
show network 45.200.100.128/25
Show all the networks that have a common network_container
show network 45.0.0.0/16 subnets
Show networks with their details
show network details
Show networks matching an Extensible Attribute, you can use multiple 'info' arguments
show network info Site=west
show network info Site=west info Closet=24
And show the detailed version of the above searches
show network info Site=west details
Show All shared networks
show network shared
Show a specifc shared network
show network shared myShared
show template network <name>
show template network
show template network <name>
Show all views
show network view
Show just One view
show network view default
show network failover
show network options
show network statistics
show network 45.200.100.128/25 statistics
List ALL the used and unused addresses in a subnet
show network 45.200.100.128/25 ipam
Show just the used addresses
show network 45.200.100.128/25 ipam used
Show just the used or free addresses
show network 45.200.100.128/25 ipam unused
Show just the next available IP address
show network 45.200.100.128/25 ipam next_available
OR the next N addresses
show network 45.200.100.128/25 ipam next_available 5
Show just the next available network
show network 45.200.100.128/25 ipam next_network
Show all ranges in a network
show network 45.200.100.128/25 range
Show just a specific range
show network 45.200.100.128/25 range 161.245.254.130
Show all fixed addresses
show network 45.200.100.128/25 fixed
Show all fixed addresses in a network.
show network 45.200.100.128/25 fixed
The Network is optional unless you want to limit your search to just that network. (The network was required in some older versions of NIOS)
Show just a specific fixed address
show network fixed 161.245.254.130
You can also show fidex addresses by mac address
show network fixed aa:bb:cc:11:22:33
Show a fixed address(s) in a network view. (the IP or mac must come before the view statement)
show network fixed view internal show network fixed 1.2.3.4 view internal show network 1.2.3.0/24 fixed view internal
Show all fixed addresses in a network
show template fixed
Show just a specific fixed address
show template fixed <name>
show grid Infoblox
Get a list of all grid members
show grid infoblox member
Get a list of all grid members matching a REGEX
show grid infoblox member <regex>
Get detailed info about a member
show grid Infoblox member ns1.test.com detailed
Get service status or licenses for a member
show grid Infoblox member ns1.test.com status show grid Infoblox member ns1.test.com licenses
You can also filter this for a particular value (the value has to match something reported by the API)
show grid Infoblox member ns1.test.com status memory show grid Infoblox member ns1.test.com license KeystoneDVS
You can also use this to get a single status from ALL the grid members
show grid Infoblox license KeystoneDVS show grid Infoblox status KeystoneDVS
show admin user <name>
show admin admin_group <name>
show admin role <name>
conf server <SERVER> user <USERNAME> password <PASSWD>
Select a server to talk to
server ? > conf server 10.0.1.230
10.0.1.20 >
Supply the username and or password
server ? > conf server 10.0.1.230 user admin pass infoblox
admin@10.0.1.20 >
If you are connecting to the MGMT port, you need to define the GRID MASTER IP address. This is because it is different from the MGMT port and it is autoassigned to any zones, networks or ranges that do not specifically have a member assignment
configure master <ip>
Alternatively, you can add it as a keyword to the 'conf server' command :
conf server 10.0.1.230 user admin pass infoblox master 45.0.12.20
You can also do this from the command line :
ibcli -m <ip>
show server version
show server error
show server message
the cli will not restart services, you have to do that manually
restart dns restart dhcp
IF you want to delay the restart you can do that also
restart dns delay 10
This will just start a discovery job if one is not already running
restart discovery
You can't control the member from a restart, you have to do that from the discovery job
download csv <file> object <object>
download csv zonelist.csv object Infoblox::DNS::Zone
download merge_log <file>
download log_files <file> <log_type> member <ip>
download database <file>
This will always force a restore and KEEP the current IP settings (the API and GUI has other options, but I can't see why you'd need them)
upload database <file>
upload leases <file>
download dhcp_conf <file>
upload expert_dhcp_conf <file>
Or you can push the conf file to a specific member :
upload expert_dhcp_conf <file> member <menber>
configure file load <file>
To get the database summary
show file summary
to lost all the nodes in a path
show file path <path>
To show the details of a path
show file properties
show file properties <path>
conf file path /path/to/node
configure debug <level>
The higher the debug level, the more junk gets spat to the tty. You probably don't want anything higher than (2) unless you are debugging the completion control parser.