FortiAnalyzer-BigData cluster controller CLI

This section describes how to use fazbdctl, the FortiAnalyzer-BigData Command Line Interface (CLI), and contains references for all fazbdctl commands.

fazbdctl is available on the BigData Cluster controller (see Connect to the FortiAnalyzer-BigData CLI) and is the main command used to manage the Security Event Manager hosts of FortiAnalyzer-BigData.

Syntax

fazbdctl <command>

Commands

Command	Description
enable	Enable/disable cluster-wide features.
help	Help about any command.
init	Initialize k8s cluster.
reset	Factory-reset or re-install the OS of a single node or the whole cluster.
set	Set system parameters.
show	Display system or cluster information.
upgrade	Upgrade system components.

Option	Description
-h, --help	Help information.

Show version

fazbdctl show version

Shows the FortiAnalyzer-BigData version of the host.

Show members

fazbdctl show members

Lists all the Security Event Manager member hosts' information managed by the BigData Cluster controller.

Option	Description
{-o | --option} wide	Display additional columns such as MAC address and version information in wide format.

Example response

In this example:

• Management IP/Mask is 10.106.2.168/24

Field name	Chassis	Blade	Role	Address	Ext Address	Host Name
Value example	1	2	Controller	10.0.1.2	10.106.2.170	blade‑10‑0‑1‑2
	1	32	Member	10.0.1.32	10.106.2.174	blade‑10‑0‑1‑32

Field name	State	Status	Tips
Value example	Joined	Alive
	Upgrading	Alive	Need upgrade

Field descriptions

Field name	Description
Management IP/Mask	This is the main management IP address that is configured.
Chassis	By default, the Chassis ID is 1. If you want to designate an appliance as an extender appliance, change the Chassis ID to a range between 2-254.
Blade	Represents which slot the blade is located in. The order of the blade slots starts from the left side of the FortiAnalyzer-BigData appliance, starting from 1 to 14.
Role	Role is either controller or member.
Address	The internal IP address is immutable and is generated from blade’s Chassis ID and Blade ID. 10.0.{chass ID}.{blade ID}
Ext Address	The external IP address is set by users through fazbdctl set command.
Host Name	The host name.
State	The current status of the host. joined: The host has joined the cluster. upgrading: The host has joined this cluster and is running the upgrade process.
Status	The current status of the host. alive: The host is up and running. failed: The host fails to run.
Tips	Tips and notes about the host. Need upgrade: The host’s version does not match the controller's version.

Example response in wide format

In this example:

• Management IP/Mask is 10.106.2.168/24
• Gateway is 10.106.2.254

Field name	Chassis	Blade	Role	Address	Ext Address	Ext Gateway	Host Name
Value example	1	2	Controller	10.0.1.2	10.106.2.170	10.106.2.254	blade‑10‑0‑1‑2
	1	32	Member	10.0.1.32	10.106.2.174	10.106.2.254	blade‑10‑0‑1‑32

Field name	MAC	Version	State	Status	Tips
Value example	00:50:56:b2:7d:77	FortiAnalyzer-BigData-VM64 1.2.0	Joined	Alive
	00:50:56:b2:e2:7b	FortiAnalyzer-BigData-VM64 1.1.0	Upgrading	Alive	Need upgrade

Additional field descriptions for wide format

Field name	Description
Gateway	This is the main management gateway that is configured.
Ext Gateway	The gateway for each external IP address.
MAC	The MAC address of the internal interface.
Version	The FortiAnalyzer-BigData version number running on the host.

Upgrade

fazbdctl upgrade fazbd {bootloader | fazbd | faz | bd} [-U][-o][-p][-u]

Use this command to upgrade the system or components including bootloader, FortiAnalyzer (FAZ) OS and FortiAnalyzer-BigData OS combined or separately. For more information, see the FortiAnalyzer-BigData Administration Guide in the Fortinet Doc Library.

• This command should be executed only on the BigData Cluster controller. It has no effect if run on other hosts.
• This command is only allowed when all the FortiAnalyzer-BigData services are healthy, but you can use -f to force the upgrade to run.

  Extra options	Description
  {-U | --image-url} <URL>	URL for the image to be downloaded and installed.
  {-o | --option} <Option>	Re-run options when failed: skip | retry | restart.
  {-p | --password} [<password>]	Password for the download server if there is one.
  {-u | --username} [<user name>]	Username for the download server if there is one.

  Examples

  Command	Description
  fazbdctl upgrade fazbd	Interactively upgrade FortiAnalyzer-BigData.
  fazbdctl upgrade fazbd -o retry	If last upgrade fails, retry from the state where the upgrade fails.

Reset

ffazbdctl reset [<worker-ip> | cluster | members] [-A | -I | -S | -B] [-o]

Reset the entire OS of the blades and optionally format all the disks for a single host, the whole cluster, or the cluster except BigData Cluster controller. When there is no argument specified, the reset applies to local host.

. There are four available options in this command:

Extra options	Description
-{-A | --all-settings}	Resets all settings.
{-I | --all-except-ip}	Keeps the public IP constant.
{-S | --all-except-ssh}	Keeps the ssh public key constant.
{-B | --all-except-ip-ssh}	Keeps the ssh public key and public IP constant.
{-o | --option} <Option>	Re-run options when failed in soft reset: skip, retry, restart

If no option is set, a soft reset will be performed. Otherwise, a hard reset will be performed to additionally format all the disks.

Examples

Command	Description
fazbdctl reset	Re-install the BigData (BD) OS of this node (local).
fazbdctl reset 10.0.1.32	Re-install the BigData (BD) OS of node 10.0.1.32, from a controller.
fazbdctl reset 10.0.1.32 -A	Factory-reset and clears all settings and data from the specified node, from a controller.
fazbdctl reset cluster	Re-install the BigData (BD) OS of the whole cluster, from the controller.
fazbdctl reset cluster -I	Factory-reset the whole cluster from the controller, keeping external management IP address.
fazbdctl reset cluster -A	Factory-reset the whole cluster from the controller, clearing all settings and data.
fazbdctl reset members -A	Factory-reset all members except the controller, clearing all settings and data.

For instructions on how to reset your device, see the FortiAnalyzer-BigData Administration Guide in the Fortinet Doc Library.

Init

fazbdctl init cluster

Initialize the Security Event Manager after a hard reset. This command initializes and configures the Security Event Manager. The process takes approximately 30 to 40 minutes. For more information, see the FortiAnalyzer-BigData Administration Guide in the Fortinet Doc Library.

• This command should be executed only on the BigData Cluster controller. It has no effect if run on other hosts.

  Extra options	Description
  {-o | --option} <Option>	Re-run options when failed: skip | retry |restart

If you run this command on an existing BigData Cluster, it will reinitialize and cause you to lose all log data and configurations.

Set management and external addresses

fazbdctl {set | unset} addr {<external ip/mask> | dhcp} [<gateway>] [--management] \ [-H] [-A] [-Y]

Set management IP address on Security Event Manager controller and external IP addresses on Security Event Manager hosts to allow them to communicate with the outside world.

external ip/mask can be IP CIDR address or simply dhcp.

• The optional management flag indicates the data carried in the external ip/mask and gateway fields is used to set the main management IP address. This flag is not compatible with -H and -A and is only available on the Security Event Manager controller.
• The optional -H flag specifies the internal IP address of a Security Event Manager host where the external IP will be assigned. Without this flag, the external IP address is assigned to the local host.
• The optional -A flag sets external IP addresses on all Security Event Manager hosts from the Security Event Manager controller. In this case, the external ip/mask field specifies the starting external IP address to be assigned to the first Security Event Manager host. The remaining Security Event Manager hosts are assigned external IP addresses incrementally from the starting external IP address within the network subnet, wrapping around when reaching the boundary of the network subnet. This flag is not compatible if external ip/mask is dhcp.
• The optional -Y flag lets you skip interactive confirmation when the command is issued.

Examples

Command	Description
fazbdctl set addr 10.160.74.174/24 10.160.74.1	Set external IP CIDR address and gateway on local host.
fazbdctl set addr -H 10.0.1.3 10.160.74.175/24 10.160.74.1	Set external IP CIDR address and gateway for host 10.0.1.3
fazbdctl set addr dhcp	Set external IP CIDR address via DHCP on local host
fazbdctl set addr 10.160.74.174/24	Set external IP CIDR address on local host
fazbdctl set addr 10.160.74.174/24 10.160.74.1 --management	Set management IP CIDR address with gateway on controller host
fazbdctl unset addr -H 10.0.1.3	Unset external IP CIDR address on host 10.0.1.3
fazbdctl unset addr --management	Unset management IP CIDR address on controller
fazbdctl set addr 10.160.74.174/24 10.160.74.1 -A	Set external IP CIDR address on all members, starting from 10.160.74.174
fazbdctl unset addr -A	Unset external IP CIDR address on all members

Set appliance role

fazbdctl set appliance {extender-chassis-id}

Designate an appliance as an extender appliance so you can add it as an extender to the main appliance. For instructions on assigning a new chassis ID to the extender appliance, see the FortiAnalyzer-BigData Administration Guide in the Fortinet Doc Library.

• This command should be executed only on the BigData Cluster controller. It has no effect if run on other hosts.

Enable/Disable IP-Forward

fazbdctl [ enable | disable ] ip-forward

By default, all the BigData Cluster hosts except the BigData Cluster controller have no external network access. In some cases, you might want to allow external network access for all hosts, for example, to backup and restore data to external HDFS. This command allows you to forward packets from your internal network by enabling or disabling the NAT setup on the BigData Cluster controller.

• This command should be executed only on the BigData Cluster controller. It has no effect if run on other hosts.