Command Line Interface#

One of the most powerful configuration interfaces in the Curity Identity Server is the Command Line Interface (CLI). This is accessible directly from the Admin node using the bin/idsh command.

The CLI mimics a Juniper CLI, which is a model driven style of CLI’s, which makes it very easy to navigate and work with. Administrators who are familiar with the XML structure of the Curity configuration model, will recognize the hierarchy in the CLI easily.

The CLI also works with standard Emacs commands as normal bash terminals do, such as Ctrl+A or Ctrl-E to reach beginning or end of line, as well as a command history using the up-arrow or Ctrl+R to do reverse search.

Scripting and automation#

Using the bin/idsh command it’s possible to script against the CLI. This is very useful when working with automatic deployment tools, that can use the command to update the configuration of a running system.

A CLI script for changing configuration:

#!/bin/sh

PORT=9876
SERVER=TestServer1

/opt/idsvr/bin/idsh << EOF
configure
set environments environment services service-role $SERVER listening-port $PORT
commit
exit no-confirm
exit
EOF

A more common use-case is to apply a base configuration first with common configuration for all environments. Then apply changes needed for the specific environment.

The benefit of doing this in a CLI script is that all changes will take place in the same transaction. I.e. the system will never be in an inconsistent or insecure state.

CLI script for loading a default config and overriding with specifics:

#!/bin/sh

LABEL=some-label
COMMENT="Set node config with specific port"

PORT=9876
SERVICE=TestServer1

/opt/idsvr/bin/idsh << EOF
configure
load replace conf.xml
set environments environment services service-role $SERVICE listening-port $PORT
commit label $LABEL comment "$COMMENT"
exit no-confirm
exit
EOF

As the highlighted line shows, the command loads conf.xml first, which can be a dump of the configuration from another environment (idsvr -d or in the cli save conf.xml xml). After the initial configuration is loaded, the script updates the listening-port of the node TestServer1. Then it applies the configuration with a label and a comment so it can be referenced later.

Was this helpful?