Table of Contents
Useful NIOS Commands
set remote_console
set maintenancemode
set maintenancemode no
set expertmode
set expertmode no
set temp_license
Restart NIOS without rebooting entire appliance.
set maintenancemode restart_product
Show Hotfix
show upgrade_history
[Date] Reverted to: 8.4.4-386831 [Date] Upgraded to: 8.4.6-393507 [Date] Upgraded to: 8.5.3-417434 [Date] Upgraded to: 8.6.1-421683 [Date] Upgraded to: 8.6.2-49947-c076923293a0 [Date] Hotfix Hotfix-CHF-8.6.2.2_NIOS-88072_APPLY-607f5de05325e8e918bd2cc08c1500c2-Mon-Jan-23-17-23-41-2023.bin applied successfully [2023/01/01 01:01:01] Hotfix Hotfix-CHF-8.6.2.3-NIOS-11122-APPLY-f62d08c367229f13fc7d6d24400e57bc-Wed-Mar-15-09-51-18-2022.bin applied successfully
Uupgrade history from the GM and GMC's is the best bet because this will not show hotfixes that were released with (e.g.) an RMA or grid expansion.
SCP
The reasons why the scp failed will be found in logs file. Search for
/infoblox/one/bin/syslog_backup_daemon
Reset NIOS
Note that auto-provisioning can be enabled only on single appliances.
| Command | Clear NIOS DB and Logs | Clear Configuration | Clear Network Settings | Clear Licenses | Clear Network Automation Database |
|---|---|---|---|---|---|
| reset all | Yes | Yes | Set to 192.168.1.1/24 | No | N/A |
| reset all secure | Yes | Yes | Set to 192.168.1.1/24 | No | N/A |
| reset all auto_provision | Yes | Yes | Set to DHCP | Yes | N/A |
| reset all licenses | Yes | Yes | Yes | Yes | N/A |
| reset all licenses | Yes | Set to 192.168.1.1/24 | Set to DHCP | Yes | N/A |
| reset database | Yes | Yes | Prompts | No | Yes |
| reset database nios | Yes | No | Prompts | No | N/A |
| reset database net-automation | No | No | No | No | Yes |
the Network Automation only applies if the appliance has the Network Insight licence installed.
The following clears the NIOS appliance of database, configuration, and network settings. It then re-establishes the factory settings with the default IP address, gateway, and subnet mask.
reset all
The following command clears database, configuration, and network settings. It also clears all licensing information from the appliance before re-establishing the factory settings.
reset all licenses
The following command removes configuration files and DNS and DHCP data from the NIOS appliance database. However, the network and licensing information remains intact. The network settings of the appliance include the IP address and subnet mask for the appliance, the IP address of the gateway, the host name, and the remote access setting.
reset database
HTTPS Speed
If HTTPS UI takes longer set a higher value like 1000 using the command “set connection_limit https 1000”. The maximum allowed value for the limit is 2147483647 .
HTTP Keepalive, also referred to as HTTP persistent connection, instructs the server to maintain a single TCP connection for multiple HTTP requests and responses between the client and server. Without HTTP Keepalive, the server closes the TCP connection (not the session) after each request.
Also please enable keep alive for httpd_client using the below steps.
- Execute the command
set httpd_client keepalive onin the Grid Master CLI. - Wait for a few minutes to allow the UI to restart.
- After the UI restart, you can confirm the current keepalive status using the following command:
- Infoblox >
show httpd_client
Current settings:
keepalive=off (default) keepalivetime=150 (default) minspare=5 (default) maxspare=5 (default) maxserver=150 (default) maxrequest=100 (default) maxkeepaliverequests=0 (default)
General
| Command | Description |
|---|---|
| show arp | Display system ARP cache |
| show capacity | Display DB usage for this member |
| show check_ssl_certificate | Display current check ssl certificate status |
| show config | Display dns, dhcp, dtc, healthd configuration file |
| show connection_limit | Display the per client IP address protocol maximum connection limit |
| show connections | Display all TCP/UDP connections |
| show cpu | Display the processor and memory statistics |
| show date | Display the date, time and time zone of the appliance |
| show debug | Display the status of debugging |
| show disk | Display the disk space used |
| show file | Display the content(s) of a file(s) |
| show hardware-type | Display hardware type |
| show hardware_status | Display the hardware status |
| show hwid | Display the hardware ID |
| show interface | Display network interface details |
| show license | Display product and maintenance licenses |
| show license_uid | Display the grid-wide license unique ID (must have Grid and NIOS licence installed) |
| show log | Display the specified system log |
| show lom | Display LOM network/user settings |
| show memory | Display the memory statistics |
| show monitor | Display current network monitor settings |
| show network | Display current network settings |
| show ntp | Display NTP associations and statistics |
| show remote_console | Display remote console access settings |
| show scheduled | Display number of automatic restarts per hour for scheduled tasks |
| show security | Display current security settings |
| show snmp | Display SNMP information such as contents of variables |
| show status | Display Grid and HA status |
| show subscriber_secure_data | Displays subscriber secure records |
| show support_access | Display support access settings |
| show tech-support | Display output for all show commands |
| show temperature | Display the temperature |
| show test_promote_master | Display status of the Master Candidate communication test |
| show upgrade_history | Display upgrade history |
| show uptime | Display the uptime of the appliance |
| show version | Display the product version |
Editing NIOS Backup Files
Backup files which get manipulated in any way, including Infoblox's own scripts to reset passwords MUST NOT be restored in production under any circumstances.
Manipulating backup files automatically voids any assistance you can get from Engineering.
The Grid Backup file (.bak) is a tar.gz file that can be opened with 7-Zip. This file contains an XML file called onedb.xml.
XPad64 can edit this file. Search for the following
NAME="name" VALUE="admin"
The following value is for the password 'infoblox'.
value VALUE="{ssha}_HAAAADt7bFVX+JJh4KXe8lzuVi5D9VRTShr1CkajRRI="
<PROPERTY NAME="password" VALUE="theactualpassword"/>
<PROPERTY NAME="name" VALUE="admin"/><PROPERTY NAME="password" VALUE="{ssha}_SAAAAAAddddddddddddddddddddddddddddddddddddddddddddddddd"/>
NIOS can be very picky about what backup files it will restore onto a version of code. You must always make sure you are running the same version of NIOS that was used to make the Grid backup. However, in a LAB environment, you can edit the first line of the onedb.xml file. This is for LABBING only. NEVER use this in production. Your configuration will not be supported by Infoblox.
You can script this with
import tarfile
import xml.etree.ElementTree as ET
import io
import shutil
import argparse
def modify_password_in_tar(tar_path, username, new_password):
# Open tar file
with tarfile.open(tar_path, "r:gz") as tar:
# Extract onedb.xml into memory
xml_member = tar.getmember("onedb.xml")
xml_content = tar.extractfile(xml_member).read()
# Parse XML
root = ET.fromstring(xml_content)
# Extract VERSION and print first 3 parts
version_value = root.attrib.get("VERSION")
if version_value:
version_parts = version_value.split("-")[0] # take only x.y.z before the dash
version_trimmed = ".".join(version_parts.split(".")[:3])
print(f"Database VERSION: {version_trimmed}")
# Iterate through OBJECT elements
for obj in root.findall(".//OBJECT"):
type_node = obj.find('./PROPERTY[@NAME="__type"]')
name_node = obj.find('./PROPERTY[@NAME="name"]')
if (type_node is not None and type_node.attrib.get("VALUE") == ".com.infoblox.one.admin" and
name_node is not None and name_node.attrib.get("VALUE") == username):
# Find password property
pwd_node = obj.find('./PROPERTY[@NAME="password"]')
if pwd_node is not None:
pwd_node.set("VALUE", new_password)
print(f"Password updated successfully for user: {username}")
# Convert back to string
new_xml_bytes = ET.tostring(root, encoding="utf-8", xml_declaration=True)
# Create a temporary tar
temp_tar_path = tar_path + ".tmp"
with tarfile.open(temp_tar_path, "w:gz") as new_tar:
with tarfile.open(tar_path, "r:gz") as old_tar:
for member in old_tar.getmembers():
if member.name == "onedb.xml":
# Add modified XML
info = tarfile.TarInfo(name="onedb.xml")
info.size = len(new_xml_bytes)
new_tar.addfile(info, io.BytesIO(new_xml_bytes))
else:
# Copy other files unchanged
new_tar.addfile(member, old_tar.extractfile(member) if member.isfile() else None)
# Replace old tar with new tar
shutil.move(temp_tar_path, tar_path)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Modify password inside onedb.xml in a tar.gz archive")
parser.add_argument("-f", "--file", required=True, help="Path to the tar.gz file")
parser.add_argument("-u", "--username", required=True, help="Username to modify")
parser.add_argument("-p", "--password", required=True, help="New password value")
args = parser.parse_args()
modify_password_in_tar(args.file, args.username, args.password)
In this example, we are making a Grid Backup from 8.6.0 early access NIOS compatible with 8.6.0 GA NIOS. NOTE: We are not actually making it compatible, we are simply tricking NIOS 8.6.0 GA into loading the configuration as best as it can.
<DATABASE NAME="onedb" VERSION="8.6.0-403398" MD5="73c15d7365c6eb9cca9ee2dbeca4001e" SCHEMA-MD5="c8e8877ba8e8da62feb8663e29f83aef" INT-VERSION="8.6.6000-403398">
to
<DATABASE NAME="onedb" VERSION="8.6.0-412613" MD5="a38a4f0e5f50eea4dd78f7897678a0b4" SCHEMA-MD5="0773358b1f81a6df4231095bbf702d05" INT-VERSION="8.6.6000-412613">
You may also need to edit the UI ACL (if it is set). Search for
<PROPERTY NAME="function_type" VALUE="SECURITY_ACCESS"/>
This is set on the CLI using set security (docs)