Node Serviceability Commands Reference

Published April 5, 2023 | Last modified February 25, 2026

Objective

This document provides reference information on the execcli command-line interface tool. This CLI tool enables you to service your customer edge (CE) site nodes as well as provide features to debug and troubleshoot network issues, file operations, process operations, container troubleshooting, resource monitoring, and kubectl admin operations.

Note: If additional system tuning is needed for your use cases using execcli, contact the F5 Distributed Cloud Support Team.

Access Command

  • To access the execcli command, log into your node using SSH. For cloud sites running on CentOS, use centos as the username. For cloud sites running on RHEL, use cloud-user as the username.

  • Enter execcli.

Terminal window
>>> execcli
Exec cli commands to debug CE


Usage:
   execcli [command]


Examples:
execcli journalctl -u vpm -f


Available Commands:
  atomic-host-deploy                     Upgrade base OS before node provisioning
  check-mem                              return `free`, `vmstat` command
  chronyc-sources                        check if ntp is synced
  crictl-images                          check crio images
  crictl-inspect                         check crio container
  crictl-logs                            check crio container log
  crictl-ps                              list crio containers
  crictl-ps-a                            list crio containers with -a option
  curl-host                              curl on host OS
  curl-vega                              curl in kubernetes cluster
  docker-images                          check docker images
  docker-inspect                         check docker container
  docker-logs                            check docker container log
  docker-prune                           prune docker all unused objects
  docker-ps                              list docker containers
  docker-ps-a                            list docker containers with -a option
  dropstats                              dump argo dropstats
  dropstats-non-zero                     dump argo dropstats (skip zero packet counter)
  edit-azure-client-id-secret            update azure client id and secret for this CE when it had expired
  edit-certified-hardware                edit ceritifed-hardware config (please do not use this unless F5 XC support requested)
  edit-etc-hosts                         edit /etc/hosts
  edit-sysctl-conf                       edit sysctl.conf
  edit-udev-10-nic-name                  edit /etc/udev/rules.d/10-nic-names.rules to update nicname
  envoy-clusters                         show installed envoy clusters
  envoy-config-dump                      show envoy config-dump
  envoy-hc-config-dump                   show envoy healthcheck config-dump
  envoy-listeners                        show installed envoy listeners
  etcdctl-cluster-member-status          From etcd pod on this node, check etcd member cluster status 'etcdctl -w table member status --cluster'
  files                                  files <commands> perform file operations on node, saving to file output is allowed but only under /tmp directory
  firewall-cmd                           calls firewall-cmd command on node
  flow-l                                 dump argo flow info
  flow-l-match                           dump argo flow info with ip or ip:port pair
  ip                                     calls ip command
  ip-link-set                            bring a network interface up or down
  ip-link-show                           see link-layer information of all available devices
  ipsec-status                           Show ipsec status
  ipsec-statusall                        Show ipsec status for all targets
  journalctl                             check system log
  kubectl                                calls kubectl command on node
  load-sysctl-conf                       load sysctl.conf
  lsof                                   calls lsof command on node
  mpls                                   invoke argo mpls command
  netstat                                netstat command on node
  nh                                     invoke argo nh command
  nmcli                                  configure NetworkManager profile
  ping                                   calls ping command on node
  rpm-ostree                             calls rpm-ostree command on node
  rt                                     invoke argo rt command
  show-ip-bgp                            Show bgp with more detail
  show-ip-bgp-neighbors                  Show bgp neighbor info
  show-ip-bgp-neighbors-advertised-route Show advertised routes to bgp neighbors
  show-ip-bgp-summary                    Show bgp summary
  sysctl                                 calls sysctl command on node
  systemctl-restart-crio                 restart crio service
  systemctl-restart-docker               restart docker service
  systemctl-restart-iscsid               restart iscsid service
  systemctl-restart-kubelet              restart kubelet service
  systemctl-restart-multipathd           restart multipathd service
  systemctl-restart-vpm                  restart vpm service
  systemctl-status-crio                  check crio service
  systemctl-status-docker                check docker service
  systemctl-status-iscsid                check iscsid service
  systemctl-status-kubelet               check kubelet service
  systemctl-status-multipathd            check multipathd service
  systemctl-status-vpm                   check vpm service
  top                                    top command to check resource usage
  traceroute                             calls traceroute command on node
  vegactl-configuration-list             vegactl configuration list
  vegactl-introspect-dump-table          vegactl introspect dump-table
  vegactl-introspect-get                 vegactl introspect get
  vegactl-introspect-list-tracebuffers   list vega tracebuffer
  vegactl-introspect-show-election       check vegactl cluster primary election status
  vegactl-introspect-show-tracebuffer    show vega tracebuffer
  vif                                    invoke argo vif command
  vifdump                                Capture packets on specified vif
  vifdump-d                              Capture dropped packets on specified vif id or all vif
  vifdump-file-cp                        docker cp $(argo):/tmp/. /tmp/vifdump/
  vifdump-file-rm                        rm argo /tmp/*.pcap file
  vifdump-stop                           stop vifdump command if previous run abnormally ended


Flags:
  -h, --help   help for execcli


Use " execcli [command] --help" for more information about a command.

Note: For more information, see How to collect debug-info for cloud and on-prem Customer Edge (CE) site.

Debugging Commands

The following general Linux commands are supported:

  • File operations: You can execute cat and grep commands with an ability to use additional operations like pipe (|) and redirect (>). These operations will allow you to collect necessary debug information when requested by F5 Distributed Cloud Support and engineering teams during a maintenance window or other service windows.

  • Network troubleshooting: You can execute ip <xyz> commands to troubleshoot interfaces, check IP neighbors, or set a different maximum transmission unit (MTU) if needed. Additionally, you can also invoke ping and traceroute commands from execcli for troubleshooting purposes.

  • Kubernetes/container troubleshooting: Upon direction from F5 Distributed Cloud Support and engineering teams, you can execute docker/crictl <xyz> commands to troubleshoot container status, get logs, or set parameters.

  • Resource monitoring: Upon direction from F5 Distributed Cloud Support and engineering teams, you can monitor resources by CLI using the lsof and netstat commands. These commands must be executed by shell script, because the logs may be required when network connectivity is down.

  • Applying workarounds: Upon direction from F5 Distributed Cloud Support and engineering teams, you can modify files by executing commands like vi /etc/xxx or echo “workaround file” >> /etc/xxx. These operations will allow you to fix issues temporarily.

  • Kubectl administrator operations: You can execute kubectl admin command for managing F5 App Stack clusters. For example, kubectl delete node.

On this page: