Overview

The UDMG Command Line Interface (CLI) is implemented by the udmg-client client.

Usage

udmg-client -h

Usage:
  udmg-client [GLOBAL-OPTIONS] <command>

Connection Options:
  -a, --address=    The address of the UDMG Server [$UDMG_SERVER_ADDRESS]
  -i, --insecure=   Skip certificate verification [$UDMG_SERVER_INSECURE]
  -l, --legacy=     Use legacy API version [$UDMG_SERVER_LEGACY]
  -t, --timeout=    Client Connection Timeout (default: 30) [$UDMG_CLIENT_TIMEOUT]

Output Options:
  --color=[always|auto|never] Control color output (default: auto) [$UDMG_COLOR]

Help Options:
  -h, --help      Show this help message

Available commands:
  account         Manage the accounts
  adhoc_share     Manage the adhoc shares
  healthcheck     Show the status of the UDMG Server healthcheck
  history         Manage the transfer history [DEPRECATED: merged with the 'transfer' command]
  license         Manage licenses
  node            Manage nodes
  override        Manage the node's setting overrides
  partner         Manage the remote partners
  rule            Manage the transfer rules
  sb_audit        Manage the auditing
  sb_biz          Manage the business services (aliases: sb_businessservice)
  sb_cert         Manage the certificates (aliases: sb_certificate)
  sb_pgp          Manage PGP records
  sb_usr          Manage the user groups (aliases: sb_usergroup)
  server          Manage the local servers
  session         Manage sessions
  status          Show the status of the UDMG Server services
  token           Manage the user's tokens
  transfer        Manage the running transfers
  user            Manage the UDMG Server users
  version         Print the program version and exit

Further usage information can be displayed for each sub command:

Usage

$ udmg-client account -h
Usage:
  udmg-client [GLOBAL-OPTIONS] account <local | remote | share>

Available commands:
  local        Manage a server's accounts
  remote       Manage a partner's accounts
  share        Manage a server's accounts


$ udmg-client account share -h
Usage:
  udmg-client [GLOBAL-OPTIONS] account share <command>

Available commands:
  add         Add a new shared account
  allow       Allow a shared account to use a Local Agent
  authorize   Authorize a shared account to use a rule
  cert        Manage a share account's certificates
  delete      Delete a shared account
  disable     Disable shared account
  disallow    Disallow a shared account's permission to use a local Agent
  enable      Enable shared account
  get         Retrieve a shared account's information
  list        List shared accounts
  revoke      Revoke a shared account permission to use a rule
  update      Update a shared account


$ udmg-client account share add -h
Usage:
  udmg-client [GLOBAL-OPTIONS] account share add [add-OPTIONS]

[add command options]
  -n, --name=             The account's name
  -l, --login=            The account's login
  -p, --password=         The account's password
      --business-service= The account's business service

Authentication

Only Local User Account authentication is supported for the CLI.

The TOTP, Single Sign-On, and LDAP authentication methods are only used for the Graphical User Interface.

Authentication options:

-a <ADDRESS>, --address=<ADDRESS>

The address of the UDMG Server instance to query. If the parameter is absent, the address is retrieved from the environment variable UDMG_SERVER_ADDRESS (see below).

This address must be provided as a DSN (Data Source Name): [http|https]://<login>:<password>@<host>:<port>`

The protocol can be http or https depending on the configuration of the REST interface of the gateway.
The host is the hostname or the IP address for the node where the UDMG Server instance is running
The port is the REST API port as defined in the configuration file (18080 or 8080 by default)
admin]
; The address used by the admin interface.
Host = 0.0.0.0
; The port used by the admin interface. If the port is 0, a free port will automatically be chosen.
Port = 18080
The required login and password are the identifiers of a user. The user and password can be omitted, in which case they are requested via a terminal prompt.

Note

Beware that the port for the UDMG Server API is different from the port for the UDMG Admin UI.

-i, --insecure

Disables certificate validation of the Gateway service REST interface. It can be used for self-signed certificates and testing.

Note

The client blindly trusts the server since server certificate validation is no longer done. This can be a security risk if you are unsure of the server when using this option.

Environment variables

The options can be set with environment variables. Note that the command line option takes precedence over the environment variable.

UDMG_SERVER_ADDRESS

If the Gateway address is not provided in the command via the -a option, the address is retrieved from this environment variable. The syntax of the address remains identical to that described above.

UDMG_SERVER_INSECURED

Disables certificate validation of the Gateway service REST interface (equivalent to option -i).

PGP Key Management

PGP key records can be stored in the UDMG database and retrieved with the CLI or the REST API. The PGP key records can be used by scripts or by Universal Controller tasks without having to be stored in a local keyring.

Both private and public PGP keys can be stored in the database with AES encryption.

Add Key

udmg-client sb_pgp add

Adds a new PGP key with the given parameters.

short option	long option	description
-n	--name=	The name of the key; must be unique.
-u	--pgp-name=	The key username.
-e	--pgp-email=	The associated email.
-a	--pgp-algo=	The algorithm that was used for creating the key (free text, for reference).
-f	--valid-from=	The valid from date.
-t	--valid-to=	The expiration date.
-k	--private-key=	The private key. It must be in ASCII armored format.
-K	--public-key=	The public key. It must be in ASCII armored format.
-p	--passphrase=	The passphrase of the private key.
-c	--comment=	An additional comment to describe the PGP key.

Example

To create a public PGP key from a file containing the key that was given by a partner, the syntax is as follows:

udmg-client sb_pgp add --name=rhelsec --pgp-name="Red Hat, Inc. (Product Security)" --pgp-email="secalert@redhat.com" --pgp-algo="4096R" --comment="https://access.redhat.com/security/team/contact" --public-key="$(cat dce3823597f5eac4.txt)"

List Keys

udmg-client sb_pgp list

Displays a list of all PGP keys meeting the criteria below.

short option long option description

-l --limit= The maximum number of keys allowed in the response. Set to 20 by default.

-o --offset= Index of the first returned entry. Set to 0 by default.

-s

--sort=[name+|name-]

The setting and order in which keys are displayed. The possible choices are:

By key name (name+&name-)

Example

udmg-client sb_pgp list -l 10 -o 5 -s 'name+'

Get a Key

udmg-client sb_pgp <key_name>

Retrieves PGP key details. The private key content is not output on screen.

short option	long option	description
-x	--export=	Export PGP Key to a file.

Example

To get the details of a PGP key:

udmg-client sb_pgp get test1.key

To get the details of a PGP key and extract the key contents:

udmg-client sb_pgp get -x test1.txt test1.key

With this example, two output files are produced:

test1.txt: content of the private key field
test1.txt.pub: content of the public key field

Delete a Key

udmg-client sb_pgp delete <key_name>

Deletes the given PGP key.

Example

udmg-client sb_pgp delete test1.key

Audit Management

Audit records are automatically stored in the UDMG database after updates are made about a configuration item: user, server, partner, rule, and accounts.

List Audit Records

udmg-client sb_audit list

Displays a list of all audit records meeting the criteria below.

short option long option description

-l --limit= The maximum number of records allowed in the response. Set to 20 by default.

-o --offset= Index of the first returned entry. Set to 0 by default.

-s

--sort=[id+|id-]

The setting and order in which records are displayed. The possible choices are:

by record id (id+&id-)

Example

udmg-client sb_audit list -l 10 -o 5 -s 'id+'

Get an Audit Record

udmg-client sb_audit get <id>

Retrieves an audit records detail.

Example

To get the details of a PGP key:

udmg-client sb_audit get 12

Browser not supported