Export/Import Migration Commands
These commands are not directly used in the migration process.
Notice
The listed additional commands allow exporting or importing individual policy objects and provisioning pending changes. They can be used for testing or recovery purposes.
AD Groups | |
Authorization Security Principals | |
Container Clusters | |
Container Workload Profile | |
IP Lists | |
Label Dimensions | |
Label Groups | |
Labels | |
Local Users | |
Pairing Profiles | |
Rules and Permissions | |
Services | |
Workloads |
Export and Import of Active Directory Groups
These commands export and import Active Directory Groups into JSON files.
Active Directory Groups
Export AD Groups
adgroup-export
% pcemigrate adgroup-export --help
Creates a JSON export of all AD groups in the PCE.
The update-pce and --no-prompt flags are ignored for this command.
Usage:
pcemigrate adgroup-export [flags]
Flags:
--output-file string Optionally specify the name of the output
file location.
default is current location with a
timestamped filename.
-h, --help The help for adgroup-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate
pce.yaml file.
--debug Enables debug-level logging
for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true,
the Import operation is interpreted
as a copy of objects from a different PCE
as part of a PCE migration operation.
--no-prompt Removes the user prompt when used with
update-pce.
--pce string The PCE to use in the command if not
using the default PCE.
--update-pce This command will update the PCE after
a single user prompt.
The default will just log potential
changes to workloads.
--verbose When verbose is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Import AD Groups
adgroup-import
% pcemigrate adgroup-import --help
Creates and updates AD groups from a JSON.
If migrate-op is set, performs the following additional actions:
-Generates a JSON file that provides the mapping between source hrefs
and hrefs of corresponding objects on the target PCE
-Generates a JSON file of AD Groups on the target PCE.
Recommended to run without --update-pce first to see a log of what
will change.
If --update-pce is used, pcemigrate will create and update the
AD groups with a user prompt.
To disable the prompt, use --no-prompt.
Usage:
pcemigrate adgroup-import [JSON file to import] [flags]
Flags: -h, --help The help for adgroup-import
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging
for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true,
the Import operation
is interpreted as a copy of objects
from a different PCE as part of a
PCE migration operation.
--no-prompt Remove the user prompt when used
with update-pce.
--pce string The PCE to use in the command if not
using the default PCE.
--update-pce This command will update the PCE
after a single user prompt.
The default will just log potential
changes to workloads.
--verbose When verbose is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Export and Import of Authorization Security Principals
These commands export/import Authorization Security Principles into JSON files.
Authorization Security Principals
Export Authorization Security Principals
auth-sec-principal-export
% pcemigrate auth-sec-principal-export --help
Creates a JSON export of all auth security principals.
The --update-pce and --no-prompt flags are ignored for this command.
Usage:
pcemigrate auth-sec-principal-export [flags]
Flags:
--groups-only Only export groups.
--output-file string Optionally specify the name of the output file
location. The default is the current location with
a timestamped filename.
-h, --help The help for auth-sec-principal-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true, the Import operation
is interpreted as a copy of objects from a different PCE
as part of a PCE migration operation.
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the default PCE.
--update-pce This command will update the PCE after a single user prompt.
The default will just log potential changes to workloads.
--verbose When verbose is enabled, includes the raw API responses.
This makes pcemigrate.log increase in size significantly.Import Authorization Security Principals
auth-sec-principal-import
% pcemigrate auth-sec-principal-import --help
Creates an auth security principal from a JSON file.
Usage:
pcemigrate auth-sec-principal-import [flags]
Flags: -h, --help The help for auth-sec-principal-import
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true, the Import operation
is interpreted as a copy of objects from a different PCE
as part of a PCE migration operation.
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the default PCE.
--update-pce This command will update the PCE after a single user prompt.
The default will just log potential changes to workloads.
--verbose When verbose is enabled, includes the raw API responses.
This makes pcemigrate.log increase in size significantly.Export and Import Container Clusters
These commands export container cluster objects to a JSON file.
Container Clusters
Export Container Clusters
container-cluster-export
% pcemigrate container-cluster-export --help
Creates a JSON export of all container clusters in the PCE.
Usage:
pcemigrate container-cluster-export [flags]
Flags:
--output-file string Optionally specify the name of the
output file location.
The default is the current location
with a timestamped filename.
-h, --help The help for container-cluster-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug level logging for
troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true,
the Import operation
is interpreted as a copy of objects
from a different PCE as part of a
PCE migration operation.
--no-prompt Removes the user prompt when used
with update-pce.
--pce string The PCE to use in the command if not
using the default PCE.
--update-pce This command will update the PCE
after a single user prompt.
The default will just log potential
changes to workloads.
--verbose When verbose is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Import Container Clusters
container-cluster-import
% pcemigrate container-cluster-import --help
Creates a container clusters from a JSON file.
Usage:
pcemigrate container-cluster-import [JSON file to import] [flags]
Flags:
-h, --help The help for container-cluster-import
Global Flags (not relevant for all commands):
--config-file string The path for pcemigrate
pce.yaml file.
--debug Enables debug-level logging
for troubleshooting.
--log-file string The path to the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true,
the Import operation is interpreted
as acopy of objects from a different
PCE as part of a PCE migration
operation.
--no-prompt Removes the user prompt when used
with update-pce.
--pce string The PCE to use in the command if not
using the default PCE.
--update-pce This command will update the PCE
after a single user prompt.
The default will just log potential
changes to workloads.
--verbose When verbose is enabled, include
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Export and Import Container Workload Profile
These commands export container cluster workload profiles to a JSON file.
Export Container Cluster Workload Profile
cwp-export
% pcemigrate cwp-export --help
Creates a JSON export of all container workloads profiles in the PCE.
Usage:
pcemigrate cwp-export [flags]
Flags:
--output-file string Optionally specify the name of the output
file location.
The default is the current location with a
timestamped filename.
-h, --help The help for cwp-export
Global Flags (not relevant for all commands):
--config-file string The path for pcemigrate pce.yaml file.
--debug Enables debug level logging
for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true,
the Import operation is interpreted as a
copy of objects from a different
PCE as part of a PCE migration operation.
--no-prompt Remove the user prompt when used
with update-pce.
--pce string The PCE to use in the command if
not using the default PCE.
--update-pce This command will update the PCE
after a single user prompt.
The default will just log potential
changes to workloads.
--verbose When verbose is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Import Container Workload Profile
cwp-export
% pcemigrate cwp-export --help
Creates a JSON export of all container workloads profiles in the PCE.
Usage: pcemigrate cwp-export [flags]
Flags:
--output-file string Optionally specify the name of the output
file location.
The default is the current location with a
timestamped filename.
-h, --help The help for cwp-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate
pce.yaml file.
--debug Enables debug-level logging for
troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true,
the Import operation is interpreted as a
copy of objects from a different PCE
as part of a PCE migration operation.
--no-prompt Removes the user prompt when used
with update-pce.
--pce string The PCE to use in the command if
not using the default PCE.
--update-pce This command will update PCE after
a single user prompt.
The default will just log potential
changes to workloads.
--verbose When verbose is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Export and Import IP Lists
These commands export IP Lists to a JSON file or create specific policy objects for a JSON file.
IP Lists
Export IP Lists
ipl-export
% pcemigrate ipl-export --help
Usage:
pcemigrate ipl-export [flags]
Flags:
--output-file string Optionally specify the name of the output file location.
The default is the current location with a
timestamped filename.
-h, --help The help for ipl-export
Global Flags (not relevant for all commands):
--config-file string The path for pcemigrate
pce.yaml file.
--debug Enables debug level logging for
troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true,
the Import operation is interpreted as a
copy of objects from a different
PCE as part of a PCE migration operation.
--no-prompt Removes the user prompt when used
with update-pce.
--pce string The PCE to use in the command if
not using the default PCE.
--update-pce This command will update the PCE
after a single user prompt.
Default will just log potential
changes to workloads.
--verbose When verbose is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly. Import IP Lists
ipl-import
% pcemigrate ipl-import --help
Create and update IP lists from a JSON file. If migrate-op is set,
performs the following additional action
- Generates a JSON file that provides the mapping between source hrefs and
hrefs of corresponding objects on the target PCE
- Generates a JSON file of IPlists on the target PCE
Usage:
pcemigrate ipl-import <JSON file to import> [flags]
Flags:
-p, --provision Provision IP Lists after creation.
--provision-comment string Optionally specify the provision
comment.
-h, --help The help for ipl-import
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate
pce.yaml file.
--debug Enables debug level logging
for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true,
the Import operation is interpreted as a
copy of objects from a different
PCE as part of a PCE migration operation.
--no-prompt Remove the user prompt when used
with update-pce.
--pce string The PCE to use in the command if not
using the default PCE.
--update-pce This command will update the PCE
after a singleuser prompt.
The default will just log potential
changes to workloads.
--verbose When verbose is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Export and Import of Label Dimensions
These commands export label dimensions to a JSON file.
Export Label Dimensions
label-dimension-export
% pcemigrate label-dimension-export --help
Creates a JSON export of all label dimensions in the PCE.
Usage:
pcemigrate label-dimension-export [flags]
Flags:
--output-file string Optionally specifies the name of
the output file location.
The default is the current location
with a timestamped filename.
-h, --help Help for the label-dimension-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate
pce.yaml file.
--debug Enables debug-level logging
for troubleshooting.
--log-file string The path for the pcemigrate
log file. (default "pcemigrate.log")
--migrate-op When migrate-op is set, the Import
operation is interpreted as a copy
of objects from a different PCE
as part of a PCE migration operation.
(default true)
--no-prompt Removes the user prompt when used
with update-pce.
--pce string The PCE to use in the command if
not using the default PCE.
--update-pce This command will update the PCE
after a single user prompt.
Default will just log potentially
changes to workloads.
--verbose When debug is enabled, include
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Import Label Dimensions
label-dimension-import
% pcemigrate label-dimension-import --help
Create label dimensions from a JSON file. If the migrate-op is set,
it performs the following addition actions:
- Generates a JSON file that provides the mapping between source hrefs and hrefs of
corresponding objects on the target PCE
- Generates a JSON file of label dimensions on the target PCE
Usage:
pcemigrate label-dimension-import [json file to import] [flags]
Flags: -h, --help help for label-dimension-import
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate
pce.yaml file.
--debug Enables debug-level logging
for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set, the Import
operation is interpreted as
a copy of objects from a different
PCE as part of a
PCE migration operation.
(default true)
--no-prompt Removes the user prompt when
used with update-pce.
--pce string PCE to use in command if not
using default PCE.
--update-pce This command will update the PCE
after a single user prompt.
Default will just log potential
changes to workloads.
--verbose When debug is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Export and Import Label Groups
These commands export label group objects to a JSON file.
Label Groups
Export Label Groups
label-group-export
% ~/pcemigrate/bin/pcemigrate labelgroup-export --help
Creates a JSON export of all label groups in the PCE.
Usage:
pcemigrate labelgroup-export [flags]
Flags: --active Use the active policy versus the
draft policy. Draft is the default.
--output-file string Optionally specify the name of the
output file location.
The default is the current location
with a timestamped filename.
-h, --help help for labelgroup-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate
pce.yaml file.
--debug Enables debug-level logging for
troubleshooting.
--log-file string The path for the pcemigrate
log file.(default "pcemigrate.log")
--migrate-op When migrate-op is set, the Import
operation is interpreted
as a copy of objects from a
different PCE as part of a
PCE migration operation.
(default true)
--no-prompt Removes the user prompt when
used with update-pce.
--pce string The PCE to use in the command
if not using the default PCE.
--update-pce This command will update the PCE
after a single user prompt.
The default will just log potential
changes to workloads.
--verbose When debug is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Import Label Groups
labelgroup-import
% pcemigrate labelgroup-import --help
Create label groups from a JSON file. If migrate-op is set to true,
performs the following additional actions:
- Generates a JSON file that provides the mapping between source hrefs
and hrefs of corresponding objects on the target PCE
- Generates a JSON file of label groups on the target PCE
Usage:
pcemigrate labelgroup-import [JSON file to import] [flags]
Flags:
-h, --help Help for labelgroup-import
-p, --provision Provision changes.
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate
pce.yaml file.
--debug Enables debug-level logging for
troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set, the
Import operation is interpreted as
a copy of objects from a different
PCE as part of a PCE migration operation.
(default true)
--no-prompt Removes the user prompt when used
with update-pce.
--pce string The PCE to use in the command if not
using the default PCE.
--update-pce This command will update the PCE
after a single user prompt.
The default will just log potential
changes to workloads.
--verbose When debug is enabled, includes
the raw API responses.
This makes pcemigrate.log
increase in size significantly.Export and Import Labels
These commands export labels to a JSON file.
Export Labels
label-export
% pcemigrate label-export --help
Creates a JSON export of all labels in the PCE.
Usage:
pcemigrate label-export [flags]
Flags: --output-file string
-h, --help
Optionally specify the name of the output file location.
The default is the current location with a timestamped filename.
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate
pce.yaml file.
--debug Enables debug-level logging for
troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set, the Import
operation is interpreted
as a copy of objects from a
different PCE as part of a
PCE migration operation.
(default true)
--no-prompt Removes the user prompt when
used with update-pce.
--pce string The PCE to use in the command if
not using the default PCE.
--update-pce This command will update the PCE
after a single user prompt.
The default will just log potential
changes to workloads.
--verbose When debug is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Import Labels
label-import
% pcemigrate label-import --help
Creates and updates labels from a JSON file. If migrate-op set,
it performs the following additional actions
- Generates a JSON file that provides the mapping between source hrefs and hrefs
of corresponding objects on the target PCE
- Generates a JSON file of labels on the target PCE
Usage:
pcemigrate label-import [JSON file to import] [flags]
Flags: -h, --help help for label-import
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate
pce.yaml file.
--debug Enables debug-level logging for
troubleshooting.
--log-file string The path for pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set, the Import
operation is interpreted as a copy
of objects from a different PCE
as part of a PCE migration operation.
(default true)
--no-prompt Removes the user prompt when used
with update-pce.
--pce string The PCE to use in the command if
not using the default PCE.
--update-pce This command will update the PCE
after a single user prompt.
The default will just log potential
changes to workloads.
--verbose When debug is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Export and Import Local Users
These commands import and export local users to a JSON file.
Local Users
Export Local Users
user-export
% pcemigrate user-export --help
Creates a JSON export of all users.
Usage:
pcemigrate user-export [flags]
Flags:
--output-file string Optionally specify the name of
the output file location.
The default is the current location
with a timestamped filename.
-h, --help The help for user-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate
pce.yaml file.
--debug Enables debug-level logging
for troubleshooting.
--log-file string The path for the pcemigrate
log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true,
the Import operation is
interpreted as a copy of objects
from a different PCE as part of
a PCE migration operation.
--no-prompt Removes the user prompt when used
with update-pce.
--pce string The PCE to use in the command if
not using the default PCE.
--update-pce This command will update the PCE after
a single user prompt.
The default will just log potential
changes to workloads.
--verbose When verbose is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Import Local Users
user-import
% pcemigrate user-import --help
Creates users from a JSON file.
Usage:
pcemigrate user-import [JSON file to import] [flags]
Flags:
-h, --help help for user-import
Global Flags (not relevant for all commands):
--config-file string The path for pcemigrate
pce.yaml file.
--debug Enables debug-level logging
for troubleshooting.
--log-file string The path for the pcemigrate
log file. (default "pcemigrate.log")
--migrate-op When migrate-op is set to true,
the Import operation
is interpreted as a copy of objects
from a different PCE as part of a
PCE migration operation.
--no-prompt Removes the user prompt when used
with update-pce.
--pce string The PCE to use in the command if
not using the default PCE.
--update-pce This command will update the PCE after
a single user prompt.
The default will just log potential
changes to workloads.
--verbose When verbose is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Export and Import Pairing Profiles
These commands import/export pairing profiles to a JSON file.
Pairing Profiles
Export Pairing Profiles
pairing-profile-export
% pcemigrate pairing-profile-export --help
Creates a JSON export of all pairing profiles in the PCE.
Usage:
pcemigrate pairing-profile-export [flags]
Flags:
--output-file string Optionally specify the name of the
output file location.
The default is the current location with
a timestamped filename.
-h, --help The help for pairing-profile-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate
pce.yaml file.
--debug Enables debug-level logging
for troubleshooting.
--log-file string The path for the pcemigrate
log file.(default "pcemigrate.log")
--migrate-op When migrate-op is set to true,
the Import operation is
interpreted as a copy of objects
from a different PCE as part of
a PCE migration operation.
--no-prompt Remove the user prompt when
used with update-pce.
--pce string The PCE to use in the command
if not using the
default PCE.
--update-pce This command will update the
PCE after a single
user prompt.
The default will just log potential
changes to workloads.
--verbose When verbose is enabled, includes
the raw API responses.
This makes pcemigrate.log increase
in size significantly.Import Pairing Profiles
pairing-profile-import
% pcemigrate pairing-profile-import --help
Creates pairing profiles from a JSON file.
Usage:
pcemigrate pairing-profile-import <json-file> [flags]
Flags:
-h --help The help for pairing-profile-import
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate
pce.yaml file.
--debug Enables debug-level logging
for troubleshooting.
--log-file string The path for the pcemigrate
log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true,
the Import operation is
interpreted as a copy of objects
from a different PCE as part of
a PCE migration operation.
--no-prompt Removes the user prompt when
used with update-pce.
--pce string The PCE to use in the command if
not using the default PCE.
--update-pce This command will update the PCE
after a single user prompt.
The default will just log potential
changes to workloads.
--verbose When verbose is enabled, includes
the raw API responses.
This makes pcemigrate.log
increase in size significantly.Export and Import Rules and Permissions
These commands export rules and permissions to a JSON file.
Export Enforcement Boundaries or Deny Rules
Export enforcement boundaries or deny rules
eb-export
Usage:
pcemigrate eb-export [flags]
Flags:
--output-file string Optionally specify the name of the output file location.
The default is the current location with a
timestamped filename.
-h, --help The help for eb-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set, the Import operation is interpreted
as a copy of objects from a different PCE as part of a
PCE migration operation. (default true)
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the default PCE.
--update-pce This command will update the PCE after a single user prompt.
The default will just log potentially changes to workloads.
--verbose When debug is enabled, include the raw API responses.
This makes pcemigrate.log increase in size significantly.Import Enforcement Boundaries or Deny Rules
eb-import
% pcemigrate eb-import --help
Creates Enforcement boundaries/deny rules in the PCE from a JSON file.
An easy way to get the input format is to run the pcemigrate eb-export command.
Recommended to run without --update-pce first to log of what will change.
If --update-pce is used, import will create enforcement boundaries/deny rules
without prompt, but it will not create/update workloads without user confirmation,
unless --no-prompt is used.
Usage:
pcemigrate eb-import [JSON file to import] [flags]
Flags:
--provision Provisions enfrocement boundary creations/changes.
--provision-comment string Use for comments for when provisioning changes.
--test-consistency Just perform consistency test
-h, --help The help for eb-import
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true, the Import operation
is interpreted as a copy of objects from a different PCE
as part of a PCE migration operation.
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the default PCE.
--update-pce This command will update the PCE after a single user prompt.
The default will just log potential changes to workloads.
--verbose When verbose is enabled, includes the raw API responses.
This makes pcemigrate.log increase in size significantly. Permissions
Export Permissions
permission-export
% pcemigrate permission-export --help
Creates a JSON export of all permissions.
The update-pce and --no-prompt flags are ignored for this command.
Usage:
pcemigrate permission-export [flags]
Flags:
--output-file string Optionally specify the name of the output file location.
The default is the current location with a
timestamped filename.
-h, --help The help for permission-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true, the Import operation
is interpreted as a copy of objects from a different
PCE as part of a PCE migration operation.
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the default PCE.
--update-pce This command will update the PCE after a single user prompt.
The default will just log potential changes to workloads.
--verbose When verbose is enabled, includes the raw API responses.
This makes pcemigrate.log increase in size significantly. Import Permissions
permission-import
% pcemigrate permission-import --help
Creates permissions from a JSON file.
Usage:
pcemigrate permission-import <json-file> [flags]
Flags:
-h, --help The help for permission-import
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true, the Import operation
is interpreted as a copy of objects from a different
PCE as part of a PCE migration operation.
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the default PCE.
--update-pce This command will update the PCE after a single user prompt.
The default will just log potential changes to workloads.
--verbose When verbose is enabled, includes the raw API responses.
This makes pcemigrate.log increase in size significantly.Export and Import Services
These commands export services to a JSON file or create specific policy objects for a JSON file.
Services
Export Services
svc-export
% pcemigrate svc-export --help
Creates a JSON export of all services in the PCE.
The update-pce and --no-prompt flags are ignored for this command.
Usage:
pcemigrate svc-export [flags]
Flags:
--output-file string Optionally specify the name of the output file location.
The default is the current location with a timestamped
filename.
-h, --help The help for svc-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set, the Import operation is
interpreted as a copy of objects from a different
PCE as part of a PCE migration operation.
(default true)
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the
default PCE.
--update-pce This command will update the PCE after a single
user prompt.
The default will just log potential changes
to workloads.
--verbose When debug is enabled, includes the raw API responses.
This makes pcemigrate.log increase in size significantly.Import Services
svc-import
% pcemigrate svc-import --help
Creates services from a JSON file.
Recommended to run without --update-pce first to log what will change.
If migrate-op set to true, performs the following additional actions:
- Generates a JSON file that provides the mapping between source hrefs
and hrefs of corresponding objects on the target PCE
- Generates a JSON file of services on the target PCE
Usage:
pcemigrate svc-import JSON file to import] [flags]
Flags: -p, --provision Provision services after creating.
--output-file string Provision comment.
-h, --help Help for svc-import
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set, the Import operation
is interpreted as a copy of objects from a
differentPCE as part of a PCE migration operation.
(default true)
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using
the default PCE.
--update-pce This command will update the PCE after a single
user prompt.
The default will just log potential changes
to workloads.
--verbose When debug is enabled, includes the raw
API responses.
This makes pcemigrate.log increase in size
significantly.Export and Import Workloads
These commands work with workload policy objects.
Workloads
Export Workloads
wkld-export
% pcemigrate wkld-export --help
Creates a JSON export of all workloads in the PCE.
Usage:
pcemigrate wkld-export [flags]
Flags:
--output-file string Optionally specify the name of the output file location.
The default is the current location with a
timestamped filename.
-m, --managed-only Only export managed workloads.
-u, --unmanaged-only Only export unmanaged workloads.
-o, --online-only Only export online workloads.
--perf-test-only Test workload export methods
--max-test int The maximum number of workloads to retrieve
through hrefs:
-1 is unlimited. (default -1)
--input-test-file string Optionally specify input file to get hrefs from.
-h, --help The help for wkld-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(Default "pcemigrate.log")
--migrate-op When migrate-op is set to true, the Import operation
is interpreted as a copy of objects from a different
PCE as part of a PCE migration operation.
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using
the default PCE.
--update-pce This command will update the PCE after a single
user prompt.
The default will just log potential changes to workloads.
--verbose When verbose is enabled, include the raw API responses.
This makes pcemigrate.log increase in size significantly.Workload Management Commands
Create Unmanaged Workloads
This command creates an unmanaged workload for each managed workload in the PCE.
create-unmanaged-workload
% pcemigrate create-unmanaged-workload --help
Creates unmanaged workloads for each matching managed workload on the system.
Recommended to run without --update-pce first to log what will change.
The managed workload filter file is a yaml file that specifies matching
criteria for managed workloads. You can filter based on the following criteria:
- hostnames: Only managed workloads with a hostname in the set of
hostnames specified.
- names: Only managed workloads with a name in the set of names specified
- hrefs: Only managed workloads with an href in the set of hrefs specified
- datasets: Only managed workloads with an external data set in the
sets specified
- labels: Only managed workloads with labels specified.
If more than one of the above criteria is specified, they will be
interpreted as an OR operation, except labels which are always
interpreted as an AND with the other criteria.
If the option filter-is-regexp is specified, hostnames, names,
and external data set are interpreted as a regular expression.
Sample of filter file content:
hostnames:
- '^perf-workload-((\d\d{0,1})|(1\d\d)|(200))$'
# hostnames: perf-workload-1, perf-workload-1, ...,
perf-workload-199, perf-workload-200
- vm2 # all hostname string with vm2
names:
- dev-vm1
- dev-vm2
hrefs:
- /orgs/1/workloads/3f976e2e-cd7a-4a63-9122-d184c5b663b8'
- /orgs/1/workloads/c9a35118-20da-4946-b3ad-9b87308a168f
- /orgs/1/workloads/85b00127-a257-42a0-a822-123287929ab7
datasets:
- com.illumio.ilo_pcemigrate
- com.illumio.CDMA
labels:
loc: sunnyvale
env: Test
app: ERP role: Database
'Cloud provider': aws
Usage:
pcemigrate create-unmanaged-workload [flags]
Flags:
--ignore-case Ignore case when matching name,
hostname or external data set and external
data reference
--max-create int The maximum number of unmanaged workloads
that can be created. -1 is unlimited.
(default -1)
--workload-filter-file string Optionally specify the name of the file
with managed workload matching criteria.
No file means all managed workloads.
--filter-is-regxp The hostnames, names and external data set
specifications in the managed workload filter
are regular expressions.
-h, --help The help for create-unmanaged-workload
Global Flags (not relevant for all commands):
--config-file string The path for pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true, the Import operation
is interpreted as a copy of objects from a different
PCE as part of a PCE migration operation.
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the default PCE.
--update-pce This command will update the PCE after a single user prompt.
The default will just log potential changes to workloads.
--verbose When verbose is enabled, includes the raw API responses.
This makes pcemigrate.log increase in size significantly.Identify Unmanaged Workloads for Deletion
unwl-cleanup
% pcemigrate umwl-cleanup --help
Creates a JSON file with hrefs of unmanaged workloads that meet criteria
specified in the unmanaged workload filter or that have the same IP addresses
and hostnames/names as the managed workloads specified.
This command will help in the situation where you have created and
labeled unmanaged workloads and later installed VENs on those workloads.
The unmanaged workload IP addresses are compared to managed workload's NIC
with the default gateway. If an unmanaged workload has multiple IP addresses,
the managed workload must contain all of them.
The managed workload filter file is a yaml file that specifies matching
criteria for managed workloads to consider.
The unmanaged workload filter file is a yaml file that specifies matching
criteria for unmanaged workloads.
If specified, managed workload criteria are ignored.
You can filter based on the following criteria:
- hostnames: Only managed workloads with a hostname in the set of
hostnames specified.
- names: only managed/unmanaged workloads with a name in the set of
names specified
- hrefs: Only managed/unmanaged workloads with an href in the set of
hrefs specified
- datasets: Only managed/unmanaged workloads with an external data set
in datasets specified
- labels: If more than one of the criteria is specified, they will be
interpreted as an OR operation, except labels, which are always interpreted
as AND with theother criteria.
If the option filter-is-regexp/umwl-filter-is-regexp is specified, hostnames,
names, and external data in yaml filter file are interpreted as
regular expressions.
Sample of filter file content:
hostnames:- '^perf-workload-((\d\d{0,1})|(1\d\d)|(200))$'
# hostnames: perf-workload-1, perf-workload-1, ..., perf-workload-199,
perf-workload-200
- vm2 # all hostname string with vm2
names:
- dev-vm1
- dev-vm2
hrefs:
- /orgs/1/workloads/3f976e2e-cd7a-4a63-9122-d184c5b663b8'
- /orgs/1/workloads/c9a35118-20da-4946-b3ad-9b87308a168f
- /orgs/1/workloads/85b00127-a257-42a0-a822-123287929ab7
datasets:
- com.illumio.ilo_pcemigrate
- com.illumio.CDMA
labels:
loc: sunnyvale
env: Test
app: ERP
role: Database
'Cloud provider': aws
Usage:
pcemigrate umwl-cleanup [flags]
Flags:
--ignore-case Ignore case when matching name, hostname
or external data set and external data reference.
--one-interface-match Consider a match if at least one interface matches.
The default requires all interfaces to match.
--input-file string Optionally specify the name of the input file
location where to load workloads.
If specified, workloads are not retrieved from
the PCE.
--output-file string Optionally specify the name of the output
file location. The default is the current location
with a
timestamped filename.
--wkld-filter-file string optionally specify the name of the file listing
matching criteria for the concerned
managed workloads.
--filter-is-regexp Consider names, hostnames and datasets in the
managed workloads filter as regular expressions.
--umwkld-filter-file string Optionally specify the name of the file listing
matching criteria for the unmanaged workloads
to delete.
--umwkld-filter-is-regexp Consider names, hostnames and datasets in unmanaged
workloads filter as regular expressions.
--all-unmanaged-workloads Apply to all unmanaged workloads.
All other options used to filter unmanaged
workloads are ignored.
-h, --help The help for umwl-cleanup
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true, the Import operation
is interpreted as a copy of objects from a different
PCE as part of a PCE migration operation.
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the
default PCE.
--update-pce This command will update the PCE after a single user prompt.
The default will just log potential changes to workloads.
--verbose When verbose is enabled, includes the raw API responses.
This makes pcemigrate.log increase in size significantly.Delete Unmanaged Workloads
umwl-delete
% pcemigrate umwl-delete --help
Deletes unmanaged workloads that have the same IP addresses and hostnames/names
as managed workloads specified or that meet the criteria specified in the unmanaged
workload filter file.
The unmanaged workload IP addresses are compared to managed workload's
NIC with the default gateway. If an unmanaged workload has multiple IP addresses,
the managed workload must contain all of them.
The managed workload filter file is a yaml file that specifies matching criteria
for managed workloads to consider.
The unmanaged workload filter file is a yaml file that specifies matching criteria
for unmanaged workloads. If specified, managed workload criteria are ignored.
You can filter based on the following criteria:
- hostnames: Only managed workloads with a hostname in the set of hostnames specified.
- names: Only managed/unmanaged workloads with a name in the set of names specified.
- hrefs: Only managed/unmanaged workloads with an href in the set of hrefs specified.
- datasets: Only managed/unmanaged workloads with an an external data set in
datasets specified.
- labels
If more than one of the criteria is specified, they will be interpreted as an OR
operation, except labels which are always interpreted as AND with the other criteria.
If the option filter-is-regexp/umwl-filter-is-regexp is specified, hostnames, names,
and external data in yaml filter file are interpreted as regular expressions.
Sample of filter file content:
hostnames:
- '^perf-workload-((\d\d{0,1})|(1\d\d)|(200))$' # hostnames: perf-workload-1,
perf-workload-1, ..., perf-workload-199, perf-workload-200
- vm2 # all hostname string with vm2
names:- dev-vm1- dev-vm2
hrefs:
- /orgs/1/workloads/3f976e2e-cd7a-4a63-9122-d184c5b663b8'
- /orgs/1/workloads/c9a35118-20da-4946-b3ad-9b87308a168f
- /orgs/1/workloads/85b00127-a257-42a0-a822-123287929ab7
datasets:
- com.illumio.ilo_pcemigrate
- com.illumio.CDMA
labels:
loc: sunnyvale
env: Test
app: ERP
role: Database
'Cloud provider': aws
Usage:
pcemigrate umwl-delete [flags]
Flags:
--ignore-case Ignore case when matching name, hostname
or external data set and external
data reference
--one-interface-match Consider a match if at least one
interface matches.
The default requires all interfaces
to match.
--input-file string Optionally specify the name of the
input file location where to load
workloads.If specified, workloads are
not retrieved from the PCE.
--output-file string Optionally specify the name of the
output file location where to save hrefs
of unmanaged workload matching criteria.
The default is the current location with
a timestamped filename.
--workload-filter-file string Optionally specify the name of the file
listing matching criteria for the
concerned managed workloads.
--filter-is-regexp Consider names, hostnames and datasets
in the managed workloads filter as
regular expressions.
--unmanaged-workload-filter-file string Optionally specify the name of the file
listing matching criteria for the
unmanaged workloads to delete.
--umwl-filter-is-regexp Consider names, hostnames and datasets
in unmanaged workloads filter as regular
expressions.
--all-unmanaged-workloads Apply to all unmanaged workloads.
All other options used to filter
unmanaged workloads are ignored.
--save-matching-hrefs Save hrefs of matching unmanaged workloads.
-h, --help The help for umwl-delete
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true, the Import operation is
interpreted as copy of objects from a different PCE as
part of a PCE migration operation.
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the
default PCE.
--update-pce This command will update the PCE after a single
user prompt.
The default will just log potential changes to workloads.
--verbose When verbose is enabled, includes the raw API responses.
This makes pcemigrate.log increase in size significantly. Exports the Metadata of Managed Workloads
wlkd-metadata-export
% pcemigrate wkld-metadata-export --help
Creates a JSON file of managed workloads metadata.
The managed workload filter file is a yaml file that specifies matching criteria
for managed workloads. You can filter based on the following criteria:
- hostnames: Only managed workloads with a hostname in the set of
hostnames specified.
- names: Only managed workloads with a name in the set of names specified.
- hrefs: Only managed workloads with an href in the set of hrefs specified.
- datasets: only managed workloads with an external data set in the sets
specified.
- labels: only managed workloads with labels specified are considered
If more than one of the above criteria is specified, they will be interpreted
as an OR operation except labels which are always interpreted as an AND with
the other criteria.
If the option filter-is-regexp is specified, hostnames, names, and external
data set are interpreted as regular expression.
Sample of filter file content:
hostnames:
- '^perf-workload-((\d\d{0,1})|(1\d\d)|(200))$' # hostnames in the set:
perf-workload-1, perf-workload-2, ..., perf-workload-199, perf-workload-200
- vm2 # all hostnames string with vm2
names:
- dev-vm1
- dev-vm2
hrefs:
- /orgs/1/workloads/3f976e2e-cd7a-4a63-9122-d184c5b663b8'
- /orgs/1/workloads/c9a35118-20da-4946-b3ad-9b87308a168f
- /orgs/1/workloads/85b00127-a257-42a0-a822-123287929ab7
datasets:
- com.illumio.ilo_pcemigrate
- com.illumio.CDMA
labels:
loc: sunnyvale
env: Test
app: ERP
role: Database
'Cloud provider': aws
Usage:
pcemigrate wkld-metadata-export [flags]
Flags:
--ignore-case Ignore case when matching name, hostname or
external data set and external data reference.
--metadata-json-file string Optionally specify the name of the metadata
The default is the current location with a
timestamped filename.
--workload-filter-file string Optionally specify the name of the file with
managed workload matching criteria.
No file means all managed workloads.
--filter-is-regxp Hostnames, names and external data set
specifications in the managed workload filter
are regular expressions.
-h, --help The help for wkld-metadata-export
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true, the Import operation
is interpreted as a copy of objects from a different
PCE as part of a PCE migration operation.
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the
default PCE.
--update-pce This command will update the PCE after a single
user prompt.
The default will just log potential changes to workloads.
--verbose When verbose is enabled, includes the raw API responses.
This makes pcemigrate.log increase in size significantly.Sync Managed Workload Labels
wkld-sync-label
% pcemigrate wkld-sync-label --help
Applies labels to managed workloads based on the metadata JSON file.
Usage:
pcemigrate wkld-sync-label wkld-metadata-json-file [flags]
Flags:
--ignore-case Ignore case when matching name, hostname or external
data set and external data reference
--input-file string Optionally specify the name of the input file location
where to load workloads. If specified, workloads are not
retrieved from the PCE.
--max-create int The maximum number of managed workloads you can update.
-1 is unlimited. (default -1)
-h, --help The help for wkld-sync-label
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true, the Import operation
is interpreted as a copy of objects from a different
PCE as part of a PCE migration operation.
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the
default PCE.
--update-pce This command will update the PCE after a single
user prompt.
The default will just log potential changes to workloads.
--verbose When verbose is enabled, includes the raw API responses.
This makes pcemigrate.log increase in size significantly.Unpair Managed Workloads
unpair
% pcemigrate unpair --help
Unpairs workloads through an input file with hrefs or a filter file with names,
hostnames, external datasets and labels.
Default output is a JSON file with managed workloads that would be unpaired.
Use the --update-pce command to run the unpair with a user prompt confirmation.
Use --update-pce and --no-prompt to run unpair with no prompts.
Usage:
pcemigrate unpair [flags]
Examples: # Unpair all workloads offline managed workloads with no user prompt
(such as a command to run on cron):
pcemigrate unpair --restore saved --update-pce --no-prompt
# Unpair workloads offline managed workloads in ERP application in Production
with no prompt (such as a command to run on cron).
pcemigrate unpair --app ERP --env PROD --restore saved --update-pce --no-prompt
# See what workloads would unpair:
workloader unpair --restore saved
The managed workload filter file is a yaml file that specifies matching criteria
for managed workloads. You can filter based on the following criteria:
- hostnames: Only managed workloads with a hostname in the set of
hostnames specified.
- names: Only managed workloads with a name in the set of names specified.
- hrefs: Only managed workloads with an href in the set of hrefs specified.
- datasets: Only managed workloads with an external data set in the
sets specified.
- labels: Managed workloads with specified label.
- hourssincelasthb: Managed workload whose last hearbeat received is older than
the number of hours specified.
If more than one of the above criteria is specified, they will be interpreted
as an OR operation, except labels andhourssincelasthb, which are always an AND
operation with the other criteria.
If the option filter-is-regexp is specified, hostnames, names, and external
data are interpreted as regular expressions.
Sample of filter file content:
hostnames:
- '^perf-workload-((\d\d{0,1})|(1\d\d)|(200))$'
# hostnames: perf-workload-1, perf-workload-1, ...,
perf-workload-199, perf-workload-200
- vm2 # all hostname string with vm2
names:
- dev-vm1
- dev-vm2
hrefs:
- /orgs/1/workloads/3f976e2e-cd7a-4a63-9122-d184c5b663b8'
- /orgs/1/workloads/c9a35118-20da-4946-b3ad-9b87308a168f
- /orgs/1/workloads/85b00127-a257-42a0-a822-123287929ab7
- com.illumio.ilo_pcemigrate
- com.illumio.CDMA
labels:
- env: TEST
- loc: Sunnyvale
- app: ERP
- role: Database
hourssincelasthb: 3
Flags:
--restore string Restore value. Must be saved, default, or disable.
(default "saved")
-f, --href string Location of file with HREFs to be used instead
of starting with all workloads.
--wkld-filter-file string Location of file with hostnames to filter
managed workloads.
--output-file string Location of output file. Default timestamp file
in current location.
--input-file string Location of JSON file of workloads.
In that case workloads are not fetched from the PCE
--single-get-wkld Get workloads in a host file by a single API call
vs. bulk API.
-x, --exclude-labels Use provided label filters as excludes.
--include-online Include workloads that are online.
By default only offline workloads that meet
criteria will be unpaired.
--single-unpair One API call per unpair versus one API call
per 1000 workloads. This will be significantly
slower but provide more details in the PCE's
syslog messages.
--filter-is-regexp Hostnames, names and external data set
specifications in the managed workload
filter are regular expressions.
--ignore-case Ignore case for hostnames, names, externaal data
set and external data reference.
-h, --help The help for unpair
Global Flags (not relevant for all commands):
--config-file string The path for the pcemigrate pce.yaml file.
--debug Enables debug-level logging for troubleshooting.
--log-file string The path for the pcemigrate log file.
(default "pcemigrate.log")
--migrate-op When migrate-op is set to true, the Import operation
is interpreted as a copy of objects from a different
PCE as part of a PCE migration operation.
--no-prompt Removes the user prompt when used with update-pce.
--pce string The PCE to use in the command if not using the default PCE.
--update-pce This command will update the PCE after a single user prompt.
The default will just log potential changes to workloads.
--verbose When verbose is enabled, includes the raw API responses.
This makes pcemigrate.log increase in size significantly.