Using the CLI¶
Every function of Krill can be controlled from the command line interface (CLI). The Krill CLI is a wrapper around the Krill API which is based on JSON over HTTPS.
It’s convenient to set up the following environment variables so that you can easily use the Krill CLI on the same machine where Krill is running:
export KRILL_CLI_TOKEN="correct-horse-battery-staple" export KRILL_CLI_SERVER="https://localhost:3000/" export KRILL_CLI_MY_CA="Acme-Corp-Intl"
For your CA name, you can use alphanumeric characters, dashes and underscores,
Note that you can use the CLI from another machine, but then you will need to set up a proxy server in front of Krill and make sure that it has a real TLS certificate.
To use the CLI you need to invoke krillc followed by one or more subcommands, and some arguments. Help is built-in:
krillc help [subcommand..]
The following arguments are expected by most subcommands:
krillc subcommand [subcommand..] [-s, --server https://<yourhost:port>/ ] \ [-t, --token <token> ] [-f, --format text|json|none] (default text) [-c, --ca <ca_name>] (for ca specific subcommands)
You can set default values for these arguments in environment variables, to make it a bit easier to use the CLI:
|KRILL_CLI_FORMAT||-f, –format (defaults to text)|
export KRILL_CLI_TOKEN="correct-horse-battery-staple" export KRILL_CLI_MY_CA="Acme-Corp-Intl"
If you do use the command line argument equivalents, you will override whatever value you set in the ENV. Krill will give you a friendly error message if you did not set the applicable ENV variable, and don’t include the command line argument equivalent.
You can show the history of all the things that happened to your CA using the history command.
$ krillc history id: ca version: 0 details: Initialised with ID key hash: 69ee7ef4dae43cd1dcd9ee65b8a1c7fd0c2499c3 id: ca version: 1 details: added RFC6492 parent 'ripencc' id: ca version: 2 details: added resource class with name '0' id: ca version: 3 details: requested certificate for key (hash) 'D5EE85EF047010771547FE3ACFE4316503B8EC6F' under resource class '0' id: ca version: 4 details: activating pending key 'D5EE85EF047010771547FE3ACFE4316503B8EC6F' under resource class '0' id: ca version: 5 details: added route authorization: '192.0.2.0/24 => 64496' id: ca version: 6 details: added route authorization: '2001:db8::/32 => 64496'