skip to content

IBM Cloud CLI Cheatsheet

Terminal tricks and commands for the IBM Cloud command line.

Overview

Classic Infrastructure

This includes a mix of the classic slcli as well as the ibmcloud sl module for interacting with classic IaaS resources.

Get OS of all deployed classic instances

I used this one when i was building some automation around port scanning our account. The idea was based on the OS returned the script would scan different ports.

for i in $(ibmcloud sl hardware list --output json | jq -r '.[].id'); do echo "${i}"; ibmcloud sl hardware detail "${i}" --output json | jq -r '.operatingSystem.softwareLicense.softwareDescription.manufacturer'; done

Ordering and billing examples

Handy if you need to pull Terraform as outlined in: [[What IBM Classic package and process keys do I need?]]

Find available packages for Bare metal servers

This should return all normal bare metal packages (aka not preset configs). Unfortunately you have to sift a little bit, but looking for things like 2U or DUAL will steer you in the right direction.

ibmcloud sl order package-list --output json | jq -r '.[] | select(.type.keyName=="BARE_METAL_CPU") | .keyName,.id'

Find available packages for Network Gateways

ibmcloud sl order package-list --output json | jq -r '.[] | select(.type.keyName=="BARE_METAL_GATEWAY") | .keyName,.id'

Find package_key_name

Once you have the package ID, in this case I am using package 1057 , you can get the package_key_name with the following call:

ibmcloud sl order package-list --output json | jq -r '.[] | select(.type.keyName=="BARE_METAL_GATEWAY") | select(.id==1057) | .keyName'
VIRTUAL_ROUTER_APPLIANCE_10_GPBS

List available Operating systems for VIRTUAL_ROUTER_APPLIANCE offering

ibmcloud sl order item-list VIRTUAL_ROUTER_APPLIANCE_10_GPBS --output json | jq -r '.[] | select(.itemCategory.categoryCode=="os") | .keyName'

Add permission to classic user

ibmcloud sl user permission-edit USER_ID --enable true --permission SERVER_ADD

Get bare metal server frontend network components

slcli call-api SoftLayer_Hardware_Server getFrontendNetworkComponents --id SERVER_ID

Get bare metal server backend network components

slcli call-api SoftLayer_Hardware_Server getBackendNetworkComponents --id SERVER_ID

Container Registry

Get currently set container registry endpoint

ibmcloud cr info | sed "3q;d" | awk '{for(i=1;i<=NF;i++) if ($i=="Registry") print $(i+1)}'

Identity and Access Management (IAM)

Get IAM Token using API Key

Get an IAM Token using your IBM Cloud API key and export it as environment variable TOKEN

curl -s -X POST "https://iam.cloud.ibm.com/identity/token" \
	--header "Content-Type: application/x-www-form-urlencoded" \
	--header "Accept: application/json" \
	--data-urlencode "grant_type=urn:ibm:params:oauth:grant-type:apikey" \
	--data-urlencode "apikey=${IBMCLOUD_API_KEY}" \
	| jq -r '.access_token'

Create api key and save to file

ibmcloud iam api-key-create KEY_NAME -d "Description of API key for easier tracking" --file "$HOME/apikey.json"

Simple name search

ibmcloud resource search 'name:devcluster'

Return CRN of a resource named devcluster

ibmcloud resource search 'name:devcluster' --output json | jq -r '.items[].crn'

*earch for resources by cloud tag

ibmcloud resource search 'tags:ryantiffany' --output json | jq -r '.items[].name'

If you have key:value style tags, simply wrap them in double quotes

ibmcloud resource search 'tags:"owner:ryantiffany"' --output json | jq -r '.items[].name'

Search by cloud tag and return resource CRNs

ibmcloud resource search 'tags:ryantiffany' --output json | jq -r  '.items[].crn'

Search by cloud tag and return resource types

ibmcloud resource search 'tags:ryantiffany' --output json | jq -r  '.items[].type'

Using the AND operator to target a region and tag for search

ibmcloud resource search "region:us-south AND tags:\"owner:ryantiffany\"" --output json | jq -r '.items[].crn'

Search classic infrastructure objects

ibmcloud resource search -p classic-infrastructure --output json

Search classic infrastructure by tag

ibmcloud resource search "tagReferences.tag.name:ryantiffany" -p classic-infrastructure --output json

Search by classic tag and return resource types

ibmcloud resource search "tagReferences.tag.name:ryantiffany" -p classic-infrastructure --output json | jq -r '.items[].resourceType'

Search classic infrastructure for virtual instances filtered by a specific tag

ibmcloud resource search "tagReferences.tag.name:ryantiffany _objectType:SoftLayer_Virtual_Guest" -p classic-infrastructure --output json 

Search classic virtual servers by classic tag and return FQDNs

ibmcloud resource search "tagReferences.tag.name:ryantiffany _objectType:SoftLayer_Virtual_Guest" -p classic-infrastructure --output json | jq -r '.items[].resource.fullyQualifiedDomainName'

VPC

Compute Images

Get all public x86 Ubuntu images in a region

ibmcloud is images --visibility public --output json | jq -r '.[] | select(.status=="available") | select(.operating_system.architecture=="amd64") | select(.name | startswith("ibm-ubuntu")) | .name,.id'

Other filtering options for operating systems:

  • ibm-debian
  • ibm-centos-stream
  • ibm-fedora
  • ibm-redhat
  • ibm-rocky-linux
  • ibm-sles
  • ibm-windows-server
  • ibm-esxi

List all available private images

ibmcloud is images --visibility private --output json | jq -r '.[] | select(.status=="available") | .name,.id'

VPC import image from ICOS

ibmcloud is image-create IMAGE_NAME --file cos://REGION/BUCKET/IMAGE.qcow2 --os-name ubuntu-18-04-amd64 --resource-group-id RESOURCE_GROUP_ID

Find available x86 OS families

ibmcloud is images --visibility public --json | jq -r '.[] | select(.status=="available") | select(.operating_system.architecture=="amd64") \
	| select(.operating_system.family) | .operating_system.family' | sort -u

VPNs

Scan all regions for VPN servers and gateways

for i in $(ibmcloud is regions --output json | jq -r '.[].name'); do echo "checking region ${i}"; ibmcloud target -r "${i}" -q > /dev/null 2>&1; ibmcloud is vpns --output json; ibmcloud is vpn-svs --output json; echo""; done

Subnets

Find all subnets for a specific VPC and return names and ids

ibmcloud is subnets --output json | jq -r '.[] | select(.vpc.name=="VPCNAME") | .name,.id'

If you have the VPC set as an environment variable, i.e. VPC_NAME use this command instead:

export VPC_NAME="YOUR_VPC_NAME"
ibmcloud is subnets --output json | jq -r '.[] | select(.vpc.name=='env.VPC_NAME') | .name,.id'

Network Interfaces and IPs

Get secondary interfaces for a virtual instance

ibmcloud is instance INSTANCE_NAME/ID --output json | jq -r '.network_interfaces[] | select(.type=="secondary") | .name,.id'   

List all floating IPs

This will list the floating IPs in the currently targeted region

ibmcloud is ips --output json | jq -r '.[].address'

To scan all the regions, run the following

for i in $(ibmcloud is regions --output json | jq -r '.[].name'); do echo "checking region ${i}"; ibmcloud target -r "${i}" -q > /dev/null 2>&1; ibmcloud ibmcloud ips --output json | jq -r '.[].address'; done

Get Windows administrator password

In VPC Windows server passwords are encrypted using an SSH key that is attached to the server when it is provisioned. To retrieve the password run the following command.

ibmcloud is instance-initialization-values VPC_INSTANCE_ID --private-key @~/.ssh/path_to_private_pem

If you need to generate a Windows compatible SSH key, run this command:

ssh-keygen -m PEM -t rsa -C "user_ID"