Ibcli

The INFOBLOX CLI, a users guide

---

Synopsis

*A guide for commandline junkies*

---

Description

The Ibcli is a simple command line tool that lets you do some (mostly) powerful things. It leverages the Infoblox api but provides a wrapper to the more complex (and detailed) API calls that uses more simple command line type calls.

It also lets you create batch scripts that can configure an Infoblox SDB without actually writing any perl.

So why do this, what is this CLI for ? Well there were a few primary reasons:

Quick changes are now easy,

You don't need to wait for a GUI to start or get the right version of java functional, this allows you to quickly get into the database and make some simple and efficient changes

Abstract command set

Now you don't need to know the intricacies of the API, a few simple commands will achieve the same effect, if you are a user that doesn't know PERL you can still drive the CLI and get the results you need. This may not be an advantage if you are reading data from another system to import into an Infoblox unit (since you still need to write software to parse the data, eg PERL) but it may still help and end user that can convert this data in to the CLI command set but not know enough to write PERL.

Customers wanted it

Need I say more ?

Lastly, why is this called 'ibcli' and not 'DNScli' ? Well, this is just a wrapper to any API we like, it is not really DNS specific.

---

Quickstart

Simple example, adding a zone

  Start ibcli

    ibcli -s 10.0.1.114 -u admin -p infoblox

  Then run some commands

    admin@10.0.1.224 > conf zone add infoblox.com
    admin@10.0.1.224 > conf zone add sales.infoblox.com

A more detailed example

   admin@10.0.1.224 > conf zone add com
   admin@10.0.1.224 > conf zone add foo.com
   admin@10.0.1.224 > conf zone foo.com add host test 1.2.3.4
   admin@10.0.1.224 > conf zone delete bar.com

---

Installation

It should run 'as is' from a uniz machine.

If you have a windows OS then you will have a few hurdles to cross:

• Rename the script to 'ibcli.pl'.

  I still don't understand why Windows uses file suffix to type its data rather than doing something intelligent like looking at the contents of the file, but then, we are dealing with people who thought 8.3 was all you'd ever need as a file namespace and 640K for ram...

• Make sure you have the necessary libraries installed,

  you'll need:

     o Getopt::Long

     o Text::Abbrev

     o Term::EditLine (good luck with that)

---

Getting started

Run the ibcli - it is a perl script, you will get a prompt

    % ./ibcli
    server ? >

Ideally, you should now connect the CLI to a server somewhere, to do this you give it the server and a user and a password, you can do these in either order, it just tries to eventually connect when it has enough data.

    server ? > conf server 10.0.1.224 user admin password infoblox
    admin@10.0.1.224 >

Or you can also do this from the initial invocation:

    % ./ibcli -s 10.0.1.230 -u admin -p infoblox

"HOLD ON A SEC", I hear you ask, "Why am i connecting to a server, isn't this CLI running on a console somewhere ?". No, Grasshopper, the CLI is just a wrapper to the Infoblox.pm so you can run it from anywhere in the world. This gives you the added advantage of being able to work on MANY servers from the one CLI.

---

Setting the debug level

    server ? > conf debug 3
    server ? >

Or you can also do this from the initial invocation:

    % ./ibcli -d 3

---

Command line options

-s <server>

Connect to this server

-u <username>

Connect as this user

-p <password>

Connect with this password

'-w'

Print a CGI header instead of the normal header

-e <command>

Run a single command and exit. The command must be quoted (for obvious reasons). For example

  % ./ibcli -e 'show zone'

-b|f <file>

load a database backup file for browsing

config file

If ibcli finds a file in the current working dircetory called '.ibcli.cf' it will silently load and run the commands in that file. This is useful for doing things like auto connection to a server (in CGI mode).

---

Other Gritty Details

OK, so what can I do from here ?

Members and secondaries

By default all stuff is added to just the Grid Master, the API guesses this from the SERVER setting. If you explicitly want to add stuff to certain members you need to append the members to the command arg :

   conf zone add foo.com member 1.2.3.4
   conf zone add foo.com member 1.2.3.4 member 1.2.3.5

Laziness

The command parser accepts abbreviations

    co z a foo.com

is the same as

    conf zone add foo.com

TAB completion and other commands

The cli uses a full line editor with history and the usual bells and whistles. Command completion can be achieved by pressing <tab>

To clear the line press '<ctrl>-u' or '\'

To exit the cli, press '<ctrl>-D' (not <ctrl>-c)

BATCH processing

You can process command in batch by just writing them to a file and adding it to the command line thus :

   ibcli -s 10.64.128.50 -u admin -p infoblox demo.cf

---

GENERAL COMMAND REFERENCE

The syntax mostly matches the API syntax. Also, since this is based on the API (duh), the same restrictions about required arguments applies. Don't expect the cli to work around requiring dumb extra arguments. When you look deep into the API you realise why they are there.

---

DNS Configuration

Add a view to dns

   conf zone add view internal

Add a view disabled :

   conf zone add view internal disabled

You can also modify views

   conf zone modify view internal set match_clients=[1.1.1.1,2.2.2.2]

Remove a view from dns

   conf zone delete view internal

Add a shared record group

   conf zone add shared_record_group my_group

   conf zone delete shared_record_group my_group

Add a Zone

Zones can be added as either forward or reverse. If you add a zone of the form n.n.n.n/mm it will assume it is a reverse zone

Add a forward zone

   conf zone add foo.com

Add a reverse zone

   conf zone add 10.0.1.0/24
   conf zone add 10.in-addr.arpa

Add a zone to specific members

   conf zone add foo.com primary 1.2.3.4 secondary 1.2.3.5 sec 1.2.3.6

Add a zone with extensible attributes

You can add multiple attributes by having multiple 'info' pairs

   conf zone add foo.com ... info <name>=<value>

Add a zone with external primary

   conf zone add foo.com ext_primary ns1.foo.com,1.2.3.4

Add a zone with stealth primary or secondary

   conf zone add foo.com stealth_secondary 1.2.3.20 
   conf zone add foo.com stealth_ext_secondary ns1.foo.com,1.2.3.4 
   conf zone add foo.com stealth_ext_primary ns0.foo.com,1.2.3.4

Add a zone with an nsgroup

   conf zone add foo.com ns_group mygroup

Add a shared record group to a zone

   conf zone modify foo.com shared_record_group mygroup
   conf zone add foo.com shared_record_group mygroup

Add a forwarding zone (and assign it to members)

   conf zone add fwd.foo.com forward_to ns1.x.com,2.2.2.2 forward_to ns2.x.com,3.3.3.3 member 10.0.0.20

Add a delegated zone

   configure zone add deleg.foo.com delegate_to ns1.s.foo.com,1.2.3.4

Add a stub zone (and assign it to members)

   conf zone add foo.com stub_from ns0.foo.com,1.2.3.4 mem 2.2.2.2
    
=head2 Import a zone

Zones can be imported as either forward or reverse. You just add an extra argument of the import source

Import a forward zone

   conf zone add foo.com import 45.0.1.220

Import a reverse zone

   conf zone add 10.0.1.0/24 import 45.0.1.220

Auto Generate hosts

You can also just post process a zone and create host records

   conf zone mod foo.com generate_hosts

Set a random API method on a zone

   conf zone add foo set <method>=<value>

   conf zone add foo set disable_forwarding=FALSE

When setting arrays you need special syntax "[ ]" and seperate your values by a ',' (This mostly seems to work)

   ... set allow_update="[10.0.0.0/8,168.147.0.0/24,192.168.114.0/24]"

Remove a zone

Forward or reverse, the syntax follows the same logic as add zone

Remove a forward zone

   conf zone del foo.com

Remove a reverse zone

   conf zone del 10.0.1.0/24

Copy a zone to another view

you need the source and destination zone and views

    conf zone copy <zone> view <src_view> to <dst_zone> dest_view <dst_view> 
    conf zone copy zone.com view int to newzone.com dest_view external

Add a NS group

    conf zone add ns_group internal primary 45.0.12.20 secondary 45.0.128.20

You can also call this as a grid command

    conf grid Infoblox dns add ns_group internal ...

Delete a NS group

    conf zone del ns_group internal

You can also call this as a grid command

    conf grid Infoblox dns del ns_group internal

Add a host to a zone

   conf zone foo.com add host test 1.2.3.4

   conf zone foo.com add host test 1.2.3.4 comment "this is a comment"

Don't know the zones ? Then just leave it NULL

   conf zone "" add host test.foo.com 1.2.3.4

Add hosts with multiple ip addresses. seperate the values with a ','

   conf zone foo.com add host test 1.2.3.4,1.2.3.5

Add hosts with multiple ip addresses and mac addresses, append the mac address with ':<mac>' to the ipaddress

   conf zone foo.com add host test 1.2.3.4:00:FE:00:01:02:03,1.2.3.5

To add hosts with fixed addresses, and a fixed addr template

   conf zone foo.com add host test 1.2.3.4:00:FE:00:01:02:03 template mytemp

Add hosts with aliases (CNAMES)

   conf zone foo.com add host test 1.2.3.4 alias www alias ftp

Adding hosts with IPAM or Extensible Attributes You add multiple fields with additional 'info <name=value>' pairs

   conf zone info.com add host pc1 2.3.3.3 info Asset=23456-06

Quotes are required of your value has spaces in it :

   conf zone info.com add host pc2 2.3.3.3 info Custom1="Room 207"

configuring a host for no dns (disable for dns)

   conf zone info.com add host pc2 2.3.3.3 ... nodns

Modifying hosts

You cannot rename a host, only modify the contents of it

   conf zone foo.com modify host test 1.2.3.4

   conf zone foo.com modify host test 1.2.3.4 comment "this is a comment"

Remove a host from a zone

   conf zone foo.com delete host test

Add an A record to a zone

   conf zone foo.com add a_record test 1.2.3.4

Add it to a view :

   conf zone foo.com add a_record test 1.2.3.4 view my_view

To add the record to a shared record group (zone must be blank)

   conf zone "" add a_record test 1.2.3.4 shared_record_group mygroup

Remove An A record from a zone

   conf zone foo.com delete A test 1.2.3.4

Add an AAAA record to a zone

   conf zone foo.com add AAAA test fe80::0001

To add the record to a shared record group (zone must be blank)

   conf zone "" add AAAA test ad::2007 shared_record_group mygroup

Remove An AAAA record from a zone

   conf zone foo.com delete AAAA test fe80::0001

Add an MX record to a zone

   conf zone foo.com add mx mail 10 mail.bar.com

To add the record to a shared record group (zone must be blank)

   conf zone "" add mx mail 10 mail.bar.com shared_record_group mygroup

Remove An MX record from a zone

   conf zone foo.com del mx mail 10 mail.bar.com

Add an SRV record to a zone

   conf zone foo.com add SRV <name> <pri> <weight> <port> <target>

   conf zone foo.com add SRV _ldap._tcp 0 100 3268 dc01.foo.com

To add the record to a shared record group (zone must be blank)

   conf zone "" add srv ... shared_record_group mygroup

Add a bulk host to a zone

   conf zone foo.com add bulkhost my_prefix 1.2.3.10 1.2.3.20

   conf zone foo.com add bulkhost my_prefix 1.2.3.10 1.2.3.20 addreverse

   conf zone foo.com add bulkhost my_prefix 1.2.3.10 1.2.3.20 view foo

   conf zone foo.com add bulkhost my_prefix 1.2.3.10 1.2.3.20 comment "bah"

Remove a bulk host from a zone

   conf zone foo.com del bulkhost my_prefix 1.2.3.10 1.2.3.20

Add a CNAME to a zone

   conf zone foo.com add CNAME alias real.foo.com

Remove a CNAME from a zone

   conf zone foo.com delete CNAME alias

Add a TXT record to a zone

   conf zone foo.com add TXT alias real.foo.com

Remove a TXT Record from a zone

   conf zone foo.com delete txt name

Add a PTR to a zone

   conf zone 10.0.0.0/24 add PTR 10.0.0.20 ns2.foo.com

Add a PTR with comments

   conf zone 10.0.0.0/24 add PTR 10.0.0.20 ns2.foo.com comment "string"

Remove a PTR from a zone

   conf zone 10.0.0.0/24 del PTR 10.0.0.20 ns2.foo.com

---

DHCP Configuration

Add a network view

  conf net add view internal

You can also modify existing views

  conf net modify view internal set external_ddns_primaries=1.1.1.1,2.2.2.2

Add a network

   conf network add 1.1.1.0/24

Add a network witwith a reverse zone

   conf network add 1.1.1.0/24 addreverse

Add a network to a network_view

   conf network add 1.1.1.0/24 view default

Add a network with members

   conf network add 1.1.1.0/24 member 10.1.1.20 member 10.1.1.40

If no members are specified, the network will be added to the Grid master. If you don't want to assign any members use '0.0.0.0'

   conf network add 1.1.1.0/24 member 0.0.0.0

Add a network using a template

   conf network add 1.1.1.0/24 template MyTemplate

Add a network with options

   conf network add 1.1.1.0/24 option 82="some data"

Add a network with vendor class options (class.option)

   conf network add 1.1.1.0/24 option SunW.bootsvr="some data"

Add a network with comments (comments must come last)

   conf network add 1.1.1.0/24 comment "comment string"

Add a network with IPAM info

   conf network add 1.1.1.0/24 info <field>="<Value>"

Add a network and set any additional parameters. (the setting must match a method in the API)

   conf network add 1.1.1.0/24 set <method=value>
   conf network add 1.1.1.0/24 set enable_ddns=FALSE

If the method requires an ARRAY you have to specify this in the value by putting the values onside '[]' :

   conf network ... set domain-name-servers="[10.216.2.8,10.204.3.162]"

even if you only have a single value, you still need to pass the value as an array :

   conf network ... set routers="[10.216.2.8]"

Modifying Networks

You cannot renumber a network, only modify the contents of it.

   conf network modify 1.1.1.0/24 set <method=value>

   conf network modify 1.1.1.0/24 option 82="some data"

You also can't change the network_view, but you will have to specify the view to find the network to modify

   conf network modify 1.1.1.0/24 view default

If you change things like options arrays, ALL the existing values will be replaced by the new list. See 'addoption' below if you want to just append new options to the list :

If you want to just append a new option to an existing list, (or change one of the current options you can use 'addoption'. This will KEEP the current options array intact.

   conf network modify 1.1.1.0/24 addoption 82="some data"

Add a network container

   conf network add container 1.1.1.0/24
   conf network modify container 1.1.1.0/24 comment "new comment"

Network containers can only have a view, comment, Extensible Attributes, or be disabled.

You probably only need this function when you want to add a container OVER some existing networks. In most other cases (with NIOS 5x) you can just add networks and the right thing will happen.

Remove a network

   conf network del 1.1.1.0/24

Remove a network Template

   conf template del network my_template

Move Networks

Move a network to a different member, or move a network onto members to match a failover association. The ranges inside the network will also be moved.

Moving a network to a single member :

   configure network move 45.0.0.0/24 member 2.2.2.2

Moving a network to a multiple members :

   configure network move 45.0.0.0/24 member 2.2.2.2 member 3.3.3.3

Moving a network to use DHCP failover :

   configure network move 45.0.0.0/24 failover box1-boxb

Join Networks

   ** This feature will soon change, use with caution **

   conf network 1.1.1.0/23 join /23 net 1.1.2.0/24

   # this will copy all the ranges etc from the network
   # and create a new network

Add a shared network

   conf network add shared my_shared child_network 1.1.1.0/24 child 1.1.2.0/24

Add a shared network with options

   conf network add shared foo option 82="some data"

Add a shared network with comments

   conf network add shared my_shared ... comment "comment string"

Remove a shared network

   conf network del shared my_shared

Split a network

You need to specify the netmaks of the children networks when you are doing a split. So to split a /16 into /20 networks :

   conf network 1.1.0.0/16 split /24

Split a network and add all children

   conf network 1.1.0.0/16 split /24 all

Adding network to parents

When you split a network and want to add children you just add them to the parent network. All other options are the same as for adding networks

   conf network 1.1.0.0/16 add 1.1.4.0/22

Add a failover association

   conf net add failover AtoB primary 45.0.12.20 secondary 45.0.128.30

Add a fixed address

   conf network 10.0.1.0/24 add fixed 10.0.1.4 aa:bb:cc:11:22:33

The 'network' is actually optional, this syntax also works :

   conf network add fixed 10.0.1.4 aa:bb:cc:11:22:33

To add the fixed addr with specific options

   conf network add fixed ... option <name>=<value> [opt <name>=value>]
   conf network add fixed 10.0.1.4 .. option 82="some data"

To add the fixed addr to a specific view

   conf network add fixed 10.0.1.4 aa:bb:cc:11:22:33 view default

Add a fixed address with a Fixed Address Template

   conf network 10.0.1.0/24 add fixed 10.0.1.4 aa:bb:cc:11:22:33 template mytemp

Add a fixed address with comments

   conf net 10.0.1.0/24 add fixed 10.0.1042 aa:bb:cc:11:22:33 comment "comment string"

Add a roaming address (that has no IP addr)

You will need to specify the name instad of the IP address

   conf network add fixed myroamer aa:bb:cc:11:22:33

Modify a fixed address

You can also modify existing addresses with the same syntax

   conf network 10.0.1.0/24 modify fixed 10.0.1.4 aa:bb:cc:11:22:33 ...

You also can't change the network_view, but you will have to specify the view to find the range to modify

   conf network modify fixed 10.0.1.4 view default

Add a fixed address Template

   conf template add fixed <name> offset <value> ...
   conf template add fixed router-a offset 1

Add a fixed address with comments

   conf template add fixed ... comment "use this for routers"

Modify a fixed address

You can also modify existing addresses with the same syntax

   conf template modify fixed ...

Add a dhcp range to a network

Dhcp ranges, by default, will get added to the Grid master unless you override that setting with the 'member <ip>' syntax

   conf network add range 10.1.1.20 10.1.1.40

Add a range to a network view

   conf network add range 10.1.1.20 10.1.1.40 view default

Failover associations are an additional argument

   conf net add range 10... failover "my_peering"

As are adding the member

   conf net add range 10... member 1.1.1.2

If no members are specified, the range will be added to the Grid master. If you don't want to assign any members use '0.0.0.0'

   conf net add range 10... member 0.0.0.0

You can also add exclusions

   conf net add range 10... exclude 1.1.1.2,1.1.2.5

You can also add filters to a range (multiples are allowed)

   conf net add range 10... macfilter <name>=<permission>

And add new filters to an existing range, you only have to specify start addr

   conf net mod range 10.1.1.20 macfilter <name>=<permission>

   conf net add range 10.1.1.20 10.1.1.40 optfilter <name>=<permission>

Modifying Ranges

You cannot renumber a range, only modify the contents of it.

   conf network modify range 10.. set <method=value>

   conf network modify range 10.. option 82="some data"

You also can't change the network_view, but you will have to specify the view to find the range to modify

   conf network modify range 10.. view default ...

If you change things like options arrays, ALL the existing values will be replaced by the new list. 'modify' does not append to existing lists, it does a complete replacement of it.

Remove a dhcp range

   conf net delete range 1.1.1.20 1.1.1.40

Add a DHCP filter

Filters can take many forms, so you need to be specific

    conf network add macfilter my_filter

Remove a DHCP filter

    conf network del macfilter my_filter

Add a mac address to a filter

    conf network filter my_filter add macaddress aa:bb:cc:11:22:33

Add a mac address to a filter with comments

    conf network filter my_filter add mac aa:bb:cc:11:22:33 comment "my comment"

Modify a filter entry

    conf network filter my_filter modify mac aa:bb:cc:11:22:33 comment "my comment"

remove a mac address from a filter

    conf network filter my_filter delete macaddress aa:bb:cc:11:22:33

---

IPAM Configuration

Show information about an IP address

  show ipam address 1.2.3.4

Add a network to a discovery job

Each network gets added to the current discovery job

  configure ipam discovery add network 1.2.3.0/24

Show a discovery job

  show ipam discovery

Adding custom metadata fields

Add a device type

   configure grid add device_type <name>

Add a device type with new custom labels

   configure grid add device_type <name> label <orig>=<new-name>

Add a device type with multiple custom labels

   ... device_type <name> label <orig2>=<new-name2> label <orig2>=<new-name2>

For 4.3 or later you have to add and define Extensible attributes

   configure grid add attribute <name>

Set Values and type

   configure grid add attribute <name> value <value> [ value <value ]

   configure grid add attribute <name> type <type>

create a list of elements

   configure grid add attribute <name> type list value one value two

Set the attribute to be a multiple or a required item

   configure grid add attribute <name> required

   configure grid add attribute <name> multiple

Showing attributes types

   show grid attribute

   show grid attribute <name>

Showing device types

   show grid device_type

   show grid device_type <name>

Showing definitions for a device type

    [ ] TBD

Showing scheduled updates

    show grid schedule

---

RADIUS Configuration

Adding Radius users

   configure radius add user bob password changeme

Deleting Radius users

   configure radius del user bob

Showing Radius users

   show radius user bob

Adding Radius devices

You MUST specify a member and a Shared secret

   conf radius add device <name> <ip> member 1.2.3.4 shared_secret xxxx
   
You can also add a comment

   conf radius add device <name> <ip> ... comment "Test AP"

Deleting Radius devices

   conf radius del device <name> <ip> member 1.2.3.4 shared_secret xxxx

Showing Radius users

   show radius device bob

   show radius device <name>

---

Grid Configuration

Adding Administrator groups

   configure admin add admin_group locals

make them superuser

   configure admin add admin_group locals superuser

Add roles to the group

   configure admin add admin_group locals role "DNS Admin"

You can also modify admin groups (to add roles or perms) This will ADD to the current list(s), not replace it

   configure admin modify admin_group locals role "DNS Admin"

Adding Administrator Roles

   configure admin add role locals

Adding users

You need the admin group name and a password

   configure admin add user bob group locals password changeme

Adding permissions

Permissions can be any of 'read' 'write' or 'deny', and are applied to an admin group or an admin or an admin_role

  conf admin add permission <perm> <type> <name> group <group_name>

  conf admin add perm write zone foo.com group dns_admins
  conf admin add perm read network 45.0.0.0/24 group dhcp_guys

  conf admin add perm read range 45.0.0.10-45.0.0.20 group dhcp_guys
(ranges actually only need the 'start_addr' )
  conf admin add perm read range 45.0.0.10 group dhcp_guys

Add permissions to a role

  conf admin add perm write zone foo.com role "AAA Admin"

You can also add resource_types :

  conf admin add perm write type "All DHCP Templates" group dhcp_guys
  conf admin add perm write type "All DHCP Templates" role "DHCP Admin"

In some cases you can also do this when configuring the object :

  conf zone <zone> add permission <perm> group <name>

  conf zone test.com add permission read group ops

  conf net 45.0.0.0/24 add permission read group ops

  conf member ns1.test.com add permission read group ops

Deleting or Changing permissions

Permissions can be any of 'read' 'write' or 'deny', and ar applied to an admin group or an admin.

If you want to change a permission, you have to delete it, then add a new permission (yes, there should be a better way)

  conf zone <zone> del permission <perm> group <name>

  conf zone test.com del permission read group ops

  conf net 45.0.0.0/24 del permission read group ops

Modifying permissions

you need enough unique information to find the correct permission and them modify it, thus you need : - resource object - admin group

The CLI will then try to get the current permission and modify it

  conf zone <zone> mod permission <perm> group <name>

To change a zone permision to 'read-only' :

  conf zone test.com mod permission read group ops

configure global Grid settings

Add or remove access methods

   conf grid <name> add remote_console_access
   conf grid <name> delete  remote_console_access
   conf grid <name> add support_access
   conf grid <name> add lcd_input

Modify some basic grid values

   configure grid Infoblox modify grid_name My_Grid

   configure grid Infoblox modify vpn_port 1194
   configure grid Infoblox modify shared_secret test
   configure grid Infoblox modify session_timeout 14400
   configure grid Infoblox modify prefer_resolver 127.0.0.1

Add ntp servers ( and enable NTP at the same time )

   configure grid Infoblox add ntp_server 1.1.1.1 ntp_server 2.2.2.2

Disable the NTP service

   configure grid Infoblox disable ntp

or set a random API method

   configure grid Infoblox set <method>=<value>
   configure grid Infoblox set query_comm_string=public

configure Member settings

Enable or Disable the NTP service

   configure grid Infoblox modify member 1.2.3.20 enable ntp
   configure grid Infoblox modify member 1.2.3.20 disable ntp

Change the IP address

    conf grid Infoblox modify member infoblox.localdomain ipaddress 10.64.128.40/24

change the name

    conf grid Infoblox modify member infoblox.localdomain ipaddress 10.64.128.40/24 name dns1.myzone.com

Make this an HA pair

    conf grid blox modify member foo.com hapair 10.64.128.41,10.64.128.42,10.64.128.43,10.64.128.44 routerid 40

Configure Member DNS settings

Set a value

   conf member ns1.lab.com dns set ...

   conf member ns1.lab.com dns set forwarders="[1.1.1.1,4.2.2.2]"

Show Member DNS settings

   show member <name> dns

   show member ns1.lab.com dns

You can also get there from the zone command

   show zone member ns1.lab.com

Configure Member DHCP settings

Set an option

   conf member ns1.lab.com dhcp option 82="some data"

Set a value

   conf member ns1.lab.com dhcp set ...

   conf member ns1.lab.com dhcp set forwarders="[1.1.1.1,4.2.2.2]"

Adding members

   configure grid Infoblox add member ns1.foo.com ipaddress 1.2.3.20/24

Add a member as an HA pair

   configure grid Infoblox add member ns1.foo.com \
      ipaddress 192.168.1.100/24 gateway 192.168.1.1 \
      hapair 192.168.1.101,192.168.1.102,192.168.1.103,192.168.1.104 \
      routerid 100

Members can have a LOT of options...

To add a mgmt port :

     mgmt_ip 5.195.156.52/25 mgmt_gate 5.195.156.1

To add mgmt ports to HA pairs ( 'hapair' must be defined ) :

    mgmt_ip 5.195.156.52/25 mgmt_gate 5.195.156.1 mgmt_ip_2 5.195.156.53/25

Removing members

   configure grid Infoblox delete member ns1.foo.com ipaddress 1.2.3.20/24

add global DNS settings

   conf grid <name> dns add default_ttl <num>
   conf grid <name> dns add recursion

   conf grid <name> dns add ns_group <name>

DNS ACLs

   conf grid <name> dns add acl allow transfer x.x.x.x/nn
   conf grid <name> dns add acl deny update x.x.x.x/nn

add global DHCP option definitions

Create a Vendor space

  conf network add space <name>

  conf network add space SUNW

Create a DHCP network option

  conf network add optiondef <name> code <num> type <type>

  conf network add optiondef voip 150 type string

If you want to add them to vendor spaces..

  conf network add optiondef server 150 type string space SUNW
  conf network add optiondef boot 270 type string space Cisco-ap

add global DHCP options

Add a network option to the grid level

   conf grid <name> dhcp add option <num>=<value>

   conf grid Infoblox dhcp add option 82="some data"

Remove a custom option

   conf grid <name> delete network option 82

Remove a custom option

   conf network global delete custom_option 82
   conf network global delete lease_time

Show global DNS options

   show grid <name> dns

Show global DHCP options

   show grid <name> dhcp

---

SHOW commands

Showing Zones

Show all zones

    show zone

Show all zones with details

    show zone detailed

Show all forward zones

    show zone forward

Show all reverse zones

    show zone reverse

Show all secondary (external_primary) zones

    show zone secondary

Show just 1 zone

    show zone foo.com

Show NameServer Groups

    show zone ns_group

    show zone ns_group <name>

Show Shared Record Groups

    show zone shared_record_group

    show zone shared_record_group <name>

Showing Views

Show all views

    show views

    or

    show zone view

Show just One view

    show views default

    or

    show zone view default

Showing hosts

    show host www.foo.com

Showing records

    show record cname www.foo.com
    show record a_record test.foo.com

Showing leases

   show network lease 1.1.1.1

   shoe network lease aa:bb:cc:11:22:33

Show ALL leases

   show network lease

Showing networks

   show network

   show network 45.200.100.128/25

Showing networks templates

   show template network

   show template network <name>

Showing Network Views

Show all views

    show network view

Show just One view

    show network view default

Showing network failover

   show network failover

Showing network option definitions

   show network options

Showing network statistics

   show network statistics

   show network 45.200.100.128/25 statistics

Showing network IPAM

List ALL the used and unused addresses in a subnet

   show network 45.200.100.128/25 ipam

Show just the used addresses

   show network 45.200.100.128/25 ipam used

Show just the used or free addresses

   show network 45.200.100.128/25 ipam unused

Show just the next available IP address

   show network 45.200.100.128/25 ipam next_available

Showing ranges

Show all ranges in a network

   show network 45.200.100.128/25 range

Show just a specific range

   show network 45.200.100.128/25 range 161.245.254.130

Showing fixed addresses

Show all fixed addresses

   show network 45.200.100.128/25 fixed

Show all fixed addresses in a network.

   show network 45.200.100.128/25 fixed

The Network is optional unless you want to limit your search to just that network. (The network was required in some older versions of NIOS)

Show just a specific fixed address

   show network fixed 161.245.254.130

You can also show fidex addresses by mac address

   show network fixed aa:bb:cc:11:22:33

Show a fixed address(s) in a network view. (the IP or mac must come before the view statement)

   shoe network fixed view internal
   shoe network fixed 1.2.3.4 view internal
   shoe network 1.2.3.0/24 fixed view internal

Showing fixed addresses templates

Show all fixed addresses in a network

   show template fixed

Show just a specific fixed address

   show template fixed <name>

Show global Grid settings

   show grid Infoblox

Show global Member settings

Get a list of all grid members

   show grid infoblox member

Get a list of all grid members matching a REGEX

   show grid infoblox member <regex>

Get detailed info about a member

   show grid Infoblox member ns1.test.com detailed

Get service status or licenses for a member

   show grid Infoblox member ns1.test.com status
   show grid Infoblox member ns1.test.com licenses

You can also filter this for a particular value (the value has to match something reported by the API)

   show grid Infoblox member ns1.test.com status memory
   show grid Infoblox member ns1.test.com license KeystoneDVS

You can also use this to get a single status from ALL the grid members

   show grid Infoblox license KeystoneDVS
   show grid Infoblox status KeystoneDVS

Showing users and groups

   show admin user <name>

   show admin admin_group <name>

   show admin role <name>

---

Server Management

Connect to a server

    conf server <SERVER> user <USERNAME> password <PASSWD>

Select a server to talk to

    server ? > conf server 10.0.1.230 
    10.0.1.20 >

Supply the username and or password

    server ? > conf server 10.0.1.230 user admin pass infoblox
    admin@10.0.1.20 >

connecting to the MGMT (management) port

If you are connecting to the MGMT port, you need to define the GRID MASTER IP address. This is because it is different from the MGMT port and it is autoassigned to any zones, networks or ranges that do not specifically have a member assignment

    configure master <ip>

Alternatively, you can add it as a keyword to the 'conf server' command :

    conf server 10.0.1.230 user admin pass infoblox master 45.0.12.20

You can also do this from the command line :

    ibcli -m <ip>

Show server details

    show server version

    show server error

    show server message

Restarting services

the cli will not restart services, you have to do that manually

   restart dns
   restart dhcp

IF you want to delay the restart you can do that also

   restart dns delay 10

Export log files

    download merge_log <file>

Download the database

    download database <file>

Restore the database

This will always force a restore and KEEP the current IP settings (the API and GUI has other options, but I can't see why you'd need them)

    upload database <file>

Upload lease data

    upload leases <file>

Download the DHCP configuration

    download dhcp_conf <file>

Upload the DHCP expert mode configuration

    upload expert_dhcp_conf <file>

Or you can push the conf file to a specific member :

    upload expert_dhcp_conf <file> member <menber>

Browse and load a datbase backup

    configure file load <file>

show the contents of a file

To get the database summary

    show file summary

to lost all the nodes in a path

    show file path <path>

To show the details of a path

    show file properties
    show file properties <path>

Change the path of the current node

    conf file path /path/to/node

Debugging :

  configure debug <level>

The higher the debug level, the more junk gets spat to the tty. You probably don't want anything higher than (2) unless you are debugging the completion control parser.