Enabling the Solace CLI for Event Broker Services in PubSub+ Cloud

Although Solace recommends performing event broker service configuration using Broker Manager, you can alternatively use the Solace CLI (command-line interface) to configure and manage event broker services if they are running in Kubernetes. If you are already familiar with the Solace Software Event Broker CLI Commands , you may find it faster, more precise, and more efficient to use CLI commands. Access to the CLI is performed via SSH, ensuring secure access.

CLI access in PubSub+ Cloud has these limitations:

• CLI access is scoped to the message VPN with permissions limited to the options available in PubSub+ Broker Manager.
• System-level and system-wide CLI commands aren't available.
• You can't use CLI to access the VM image or host OS.

Enabling CLI comes with some security issues you may want to consider. Due to the elevated privileges inherent with CLI, Solace recommends keeping the CLI port for public internet endpoints disabled. Solace also recommends that if you consider it necessary to manage your event broker service via public internet, that you do so using SEMP. For more information, see SEMP . Furthermore, Solace also recommends leaving CLI access disabled in customer-controlled environments for public endpoints or those that have public connectivity.

If you want to temporarily enable CLI access (especially for public endpoints), we recommend you use these steps:

1. Enabling CLI Access for an Event Broker Service

2. Accessing the CLI for Event Broker Services

3. Disabling CLI Access for an Event Broker Service

Enabling CLI Access for an Event Broker Service

You can enable CLI access for both private and public endpoints. To enable access on a specific event broker service, follow these steps:

1. In the PubSub+ Cloud Console, select Cluster Manager from the navigation bar and then select your service.
2. Click Manage then Advanced Options.



3. On the Port Configuration pane, click the icon in the Manage column for the endpoints for which you want to enable CLI access and then select Edit.

4. On the Edit Endpoint dialog box, expand the Management section beneath Protocols and Management, and then select the check box for Enable Secured CLI Host (SSH), use port. The default port is 22, but you can set a different port as required.



5. Click Save

Accessing the CLI for Event Broker Services

After the port is enabled to allow SSH connections, as described in Enabling CLI Access for an Event Broker Service, you can connect using an SSH client like PuTTY. To log in, you require the necessary credentials including the hostname for your service, username, and password for the event broker service.

1. In the PubSub+ Cloud Console, select Cluster Manager from the navigation bar and then select your service.
2. The log in credentials are located in the DMR Cluster section of Status screen in the following fields:
• Hostname
• Management Username
• Management Password



3. Using a terminal like PuTTY, enter the hostname and the port number, as defined when you enabled Secure CLI Host Access for the event broker service that you want to connect to via SSH.



4. Once the connection is established, enter your the username and password to complete the login to the CLI.

After you are done running your commands, Solace recommends that you disable CLI access. For more information, see Disabling CLI Access for an Event Broker Service.

Disabling CLI Access for an Event Broker Service

1. In the PubSub+ Cloud Console, select Cluster Manager from the navigation bar and then select your service.
2. Click Manage then Advanced Options.



3. On the Port Configuration pane, click the icon in the Manage column for the endpoints for which you want to enable CLI access and then select Edit.

4. On the Edit Endpoint dialog box expand the Management section beneath Protocols and Management, and then deselect the check box for Enable Secured CLI Host (SSH), use port.



5. Click Save.