CLI Confirmation Support

About this task

A user confirmation request can optionally be used to safeguard critical operations performed via the CLI. When the user CLI confirmation request is enabled, CLI users are prompted to explicitly confirm a potentially critical or destructive CLI command, before proceeding with the execution of the CLI command.

This interactive safeguard helps prevent unintentional or irreversible changes made to the system.

The user CLI confirmation request is disabled by default and you must explicitly enable it. When this feature is enabled, a CLI user when executing a potentially critical of destructive CLI command will see a confirmation request message such as the following:

system ca-certificate-install cert-file

WARNING: This is a high-risk operation that may cause a service interruption or remove critical resources
Do you want to continue? (yes/No):

This prompt has a timeout of 10 seconds before timing out and not executing the CLI command. Therefore, you must provide the input within this time limit to proceed with the operation.

Enable CLI Confirmation

Procedure

You can enable the user CLI confirmation request feature, for all the local CLI users (users SSH’d or logged into the local console of the active controller) by using one of the following methods:

  • Before installation, specify the cli_confirmations service parameter to enabled in the deployment configuration file.

    serviceParameters:
  - service: platform
    section: client
    paramname:cli_confirmations
    paramvalue: ``enabled``

  • After installation, modify the cli_confirmations service parameter using the following commands:

    system service-parameter-modify platform client cli_confirmations=enabled
system service-parameter-apply platform
source /etc/profile.d/cli_env.sh

Disable CLI Confirmation

To disable CLI confirmation, run the following commands:

system service-parameter-modify platform client cli_confirmations=disabled
system service-parameter-apply platform
source /etc/profile.d/cli_env.sh

Commands that Require Confirmation

When the user runs any of the following commands, a confirmation request message is prompted if the user CLI confirmation request feature is enabled.

System Commands

  • ca-certificate-install

  • ca-certificate-uninstall

  • host-lock

  • host-power-off

  • host-reboot

  • host-reinstall

  • host-reset

  • host-swact

  • host-disk-wipe

  • host-patch-reboot

  • host-downgrade

  • host-upgraded

  • kube-host-cordon

  • kube-host-upgrade

  • kube-root-ca-host-update

  • registry-image-delete

  • application-delete

  • application-remove

  • host-label-remove

  • interface-network-remove

  • interface-datanetwork-remove

  • device-image-remove

  • host-device-label-remove

  • host-fs-delete

  • service-parameter-delete

  • helm-override-delete

  • host-delete

  • host-if-delete

  • network-delete

  • host-addr-delete

  • addrpool-delete

  • host-route-delete

  • datanetwork-delete

  • host-lvg-delete

  • host-pv-delete

  • host-disk-partition-delete

  • ceph-mon-delete

  • host-stor-delete

  • storage-backend-delete

  • storage-tier-delete

  • load-delete

  • device-image-delete

  • kube-upgrade-delete

DCManager Commands

  • dcmanager fw-update-strategy apply

  • dcmanager kube-rootca-update-strategy apply

  • dcmanager kube-upgrade-strategy apply

  • dcmanager patch-strategy apply

  • dcmanager prestage-strategy apply

  • dcmanager sw-deploy-strategy apply

  • dcmanager fw-update-strategy delete

  • dcmanager kube-rootca-update-strategy delete

  • dcmanager kube-upgrade-strategy delete

  • dcmanager patch-strategy delete

  • dcmanager prestage-strategy delete

  • dcmanager strategy-config delete

  • dcmanager patch-strategy-config delete

  • dcmanager subcloud delete

  • dcmanager subcloud deploy delete

  • dcmanager subcloud-group delete

  • dcmanager subcloud-peer-group delete

  • dcmanager system-peer delete

  • dcmanager subcloud unmanage

  • dcmanager subcloud reconfig

  • dcmanager subcloud reinstall

  • dcmanager subcloud update

  • dcmanager subcloud-backup restore

  • dcmanager subcloud-backup delete

  • dcmanager subcloud redeploy

  • dcmanager subcloud deploy config

SW-Manager Commands

  • sw-manager sw-deploy-strategy apply

  • sw-manager fw-update-strategy apply

  • sw-manager kube-upgrade-strategy apply

  • sw-manager kube-rootca-update-strategy apply

  • sw-manager system-config-update-strategy apply

  • sw-manager sw-deploy-strategy abort

  • sw-manager fw-update-strategy abort

  • sw-manager kube-upgrade-strategy abort

  • sw-manager kube-rootca-update-strategy abort

  • sw-manager system-config-update-strategy abort

Fault Management Commands

  • alarm-delete

  • event-suppress

  • event-unsuppress

  • event-unsuppress-all