venmigrate migrate Command
Migrate a VEN
This command handles the migration of a VEN from one PCE to another, either through unpairing/pairing or deactivate/activate, depending on the migration type setting.
migrate
~/pcemigrate/bin/venmigrate migrate --help
Handles the migration of a VEN from one PCE to another PCE
either through unpairing/pairing deactivate/activate based on the
migration type setting.
Settings specified with this command override settings saved in the
ven migration configuration file.
If no workload meta data JSON file exists, there will be an attempt
to retrieve the workload meta data from the source PCE if the workload
is still paired and the parameters to access the source PCE are provided.
If no metadata is found, the command defaults to the pairing profile
default settings.
If parameters to access the target PCE are provided and the workload
has custom labels, the command will apply the custom labels to
the managed workload after migrating the VEN.
If parameters to access the source PCE are provided, the command
will check that the associated migration unmanaged workload
exists on the source PCE.
If it does not, it will create it before migrating the VEN.
If it cannot create it, the failure will be ignored unless
--do-not-ignore-missing-umwl is specified.
If parameters to access the target PCE are specified,
after successfully migrating the VEN, the command will check
if the associated migration unmanaged workload still exists.
If it does, it will try to delete it as it is no longer useful.
The command will not fail if it cannot delete the associated
migration unmanaged workload.
The ven migration configuration yaml file and the encrypted VEN migration
configuration file can be specified by setting the following environment
variables, respectively:
ILLUMIO_VEN_MIGRATE_CONFIG, ILLUMIO_ENC_VEN_MIGRATE_CONFIG.
Usage:
venmigrate migrate [flags]
Flags:
--run-status Runs 'illumio-ven-ctl status'
and exits.
--do-not-ignore-missing-umwl string If set to yes, the command will
fail if the associated migration
unmanaged workload does
not exist and cannot be created
before the VEN migration.
--pce string The FQDN of the target PCE.
--port int The front-end port of the
target PCE.
--org-id int The API owner organization ID
--api-user string The API user.
--api-key string The API key.
--proxy string The proxy URL.
--fe-mgmt-port int The front-end management port
of the target PCE.
--src-pce string The FQDN of the source PCE.
--src-port int The front-end port of the source
PCE.
--src-org-id int The API owner organization ID
of the source PCE.
--src-api-user string The API user for the source PCE.
--src-api-key string The API key for the source PCE.
--src-proxy string The proxy URL to reach the
source PCE.
--src-fe-mgmt-port int The front-end management port
of the source PCE.
--pairing-profile-id int The pairing profile id.
--api-version string The API version.
--hostname string The workload hostname
--workload-meta-data-file string The workload meta data data
JSON file.
Default:
workload-meta-data.json.
(default
"workload-meta-data.json")
--activation-code string The activation code.
--enforcement-mode string The enforcement mode.
--migration-type string The type of VEN migration
planned: pair or activate.
--ven-dir string The path of the VEN directory.
Default: /opt/illumio_ven
(linux/mac),
C:\Program Files\Illumio
(Windows)
--ven-data-dir string The path of the VEN data directory.
Default: /opt/illumio_ven_data
(linux/mac),
C:\ProgramData\Illumio
(Windows)
--do-not-apply-custom-labels If set not attempt to apply
custom labels planned:
will be performed.
--no-label-assignment Do not specify a label when
pairing the VEN.
They will be inherited from
the profile.
--no-enforcement-mode Do not specify an enforcement
mode when pairing the VEN.
It will be inherited from the profile.
-h, --help The help for migrate
Global Flags (not relevant for all commands):
--debug Enables debug level logging for
troubleshooting.
--enc-ven-migrate-conf-file string The path of the encrypted ven
migration options file.
It has precedence over the
non-encrypted
option yaml file.
Default venmigrate.enc
--log-file string The path of the venmigrate log file.
(default "venmigrate.log")
--ven-migrate-conf-file string The path of the ven migration
non-encrypted options yaml file.
Default: venmigrate.yaml file.
--verbose When debug is enabled, includes
the raw API responses. venmigrate Script Limitation
Metadata for managed workloads is stored in a JSON file for VEN migration. With many managed workloads, loading this data into a hash structure and extracting host entry information for the VEN can be problematic.
venmigrate enc-ven-migrate-conf
Encrypt the VEN Migration File
This command generates an encrypted version of the venmigrate yaml file. The default migration yaml file name is venmigrate.yaml stored in the current directory.
enc-ven-migrate-conf
% venmigrate enc-ven-migrate-conf --help
Generates an encrypted version of the venmigrate yaml file.
The default migration yaml file name is venmigrate.yaml stored in
the current directory.
The default encrypted version file name is venmigrate.enc.
Use the --ven-migrate-config and --enc-ven-migrate-config flags
respectively to set custom file names.
You can also use ILLUMIO_VEN_MIGRATE_CONFIG and ILLUMIO_ENC_VEN_MIGRATE_CONFIG
environment variables.
The --update-pce and --no-prompt flags are ignored for this command.
Usage:
venmigrate enc-ven-migrate-conf [flags]
Flags:
--ven-migrate-config string The ven migration configuration
yaml file.
The default is venmigrate.yaml
--enc-ven-migrate-config string The encrypted ven migration
configuration file.
The default is venmigrate.enc
-h, --help The help for
enc-ven-migrate-conf
Global Flags (not relevant for all commands):
--debug Enables debug-level logging for
troubleshooting.
--enc-ven-migrate-conf-file string The path of the encrypted ven
migration options file.
It has precedence over the
non-encrypted option yaml file.
The default is venmigrate.enc
--log-file string The path of the venmigrate log
file.(default "venmigrate.log")
--ven-migrate-conf-file string The path of the ven migration
non-encrypted options yaml file.
The default is the
venmigrate.yaml file.
--verbose When debug is enabled, includes
the raw API responses.venmigrate Script Limitation
Metadata for managed workloads is stored in a JSON file for VEN migration. With many managed workloads, loading this data into a hash structure and extracting host entry information for the VEN can be problematic.
venmigrate apply-custom-label
Apply Custom Labels
This command applies custom labels to a managed workload.
apply-custom-label
% venmigrate apply-custom-label --help
Applies custom labels to a managed workload.
Usage:
venmigrate apply-custom-label [flags]
Flags:
--hostname string Workload hostname
--workload-meta-data-file string The workload meta data data
JSON file.
Default: workload-meta-data.json.
(default "workload-meta-data.json")
--pce string The FQDN of the target PCE.
--org-id int The API owner organization ID.
--fe-mgmt-port int The front-end management port
of the target PCE.
--proxy string The proxy URL.
--api-user string The API user.
--api-key string The API key.
-h, --help The help for apply-custom-label
Global Flags (not relevant for all commands):
--debug Enable debug level logging for
troubleshooting.
--enc-ven-migrate-conf-file string The path of the encrypted ven
migration options file.
It has precedence on non-
encrypted option yaml file.
Default venmigrate.enc
--log-file string The path of the venmigrate
log file.
(default "venmigrate.log")
--ven-migrate-conf-file string The path of the ven migration
non-encrypted options yaml file.
Default: venmigrate.yaml file.
--verbose When debug is enabled, includes
the raw API responses.venmigrate Script Limitation
Metadata for managed workloads is stored in a JSON file for VEN migration. With many managed workloads, loading this data into a hash structure and extracting host entry information for the VEN can be problematic.
Generate the VEN Migration Parameter File
You can run venmigrate ven-migrate-setting to generate the migration parameter file.
Most of the time, it is not necessary because the VEN migration file is generated with the pcemigrate tool and deployed on the host along with the venmigrate tool.
ven-migrate-setting
% venmigrate ven-migrate-setting --help
Set the VEN migration options.
Usage:
venmigrate ven-migrate-setting [flags]
Flags:
--hostname string The hostname of the VEN to migrate.
Specify only if you want to
overwrite the hostname of the
workload where the venmigrate
command is run from.
--do-not-ignore-missing-umwl string If set to 'yes', the 'venmigrate
migrate' command will fail if
the associated migration
unmanaged workload does not
exist or cannot be
created before the VEN migration.
--pce string The FQDN of the target PCE.
--port int The front-end port of the
target PCE.
--org-id int The API owner organization ID.
--fe-mgmt-port int The front-end management port
of the target PCE.
Defaults to the front-end port.
--proxy string The proxy URL.
--api-user string The API user.
--api-key string The API key.
--api-version string The API version.
--src-pce string The FQDN of the source PCE.
--src-port int The front-end port of the
source PCE.
--src-org-id int The API owner organization ID
of the source PCE.
--src-api-user string The API user for the source PCE.
--src-api-key string The API key for the source PCE.
--src-proxy string The proxy url to reach the
source PCE.
The default is the same proxy
to reach the target PCE.
--pairing-profile-id int The pairing profile id.
--activation-code string The activation code.
--migration-type string The type of VEN migration
planned: pair or activate.
--ven-dir string The path of the VEN directory.
--ven-data-dir string The path of VEN data directory.
-h, --help The help for ven-migrate-setting
Global Flags (not relevant for all commands):
--debug Enables debug-level logging for
troubleshooting.
--enc-ven-migrate-conf-file string The path of the encrypted ven
migration options file.
It has precedence over the
non-encrypted option yaml file.
The default file is venmigrate.enc.
--log-file string Path of the venmigrate log file.
(default "venmigrate.log")
--ven-migrate-conf-file string The path of the VEN migration
non-encrypted options yaml file.
The default is the venmigrate.yaml
file.
--verbose When debug is enabled, includes
the raw API responses.