In CARR script version 1.20, automated mode has been added, this mode allows the user to run the CARR script in an automated way without having to enter the IP and passwords interactively.

This may be useful for administrators that have a large number of NSX instances to manage and wish to script the process. Broadcom do not provide additional scripted support.

There is a strict requirement in automated mode, that all sites should have the same NSX manager admin and root passwords.

The following new arguments have been added to run CARR in automated mode:

--auto-mode : (Required) To enable the automated mode.

--admin-pwd : (Required) Admin password for the NSX manager, across all sites (when Federated).

--root-pwd : (Optional) Root password for the NSX manager. If the Root password is the same as the Admin password, then this argument is not required.

--ip-address : (Optional) IP address for the NSX manager. If the CARR script is being run from inside an NSX manager appliance, then this argument is not required.

All the existing short arguments are also supported in automated mode:

Usage: ./start.sh [-d] [-o] [-t days] [-r recovery_config_path] [--auto-mode --admin-pwd password [--root-pwd password] [--ip-address ip]]

-d : Dry run only. Default lead time in this mode is 825 days.

-o : Download dependencies from internet if connectivity is there.

-t : Lead time in days, between 31 and 825, to check for expiry of certificates. Default is 31 days.

-r : Path to recovery config file (absolute or relative). Takes precedence over auto-discovery.

-h : Prints this message, with above details on arguments.

Example of Automated Mode Usage

Download the CARR script from the Using Certificate Analyzer, Results and Recovery (CARR) Script to fix certificate related issues in NSX KB.

• Copy the latest CARR script to the client machine where it will be run, if the script is being run on the NSX manager, copy it to the /root directory.
• Extract the tar file and cd into the directory: 

> tar -zxvf carr-<x.x>.tar.gz

> cd carr-<x.x>

• To run the script in dry run mode, automated, with 825 days lead time:

$ ./start.sh -d -t 825 --auto-mode --admin-pwd "YOUR_ADMIN_PWD" --root-pwd "YOUR_ROOT_PWD" --ip-address "YOUR_NSX_IPV4_ADDRESS"

Note:

Replace YOUR_ADMIN_PWD with the admin account password.

Replace YOUR_ROOT_PWD with the root account password, if it differs from the admin account password.

Replace YOUR_NSX_IPV4_ADDRESS the NSX manager IP address, if not being run on the NSX manager.

• Run the script in apply mode (fix issues) with 100 lead days:

$ ./start.sh -t 100 --auto-mode --admin-pwd "YOUR_ADMIN_PWD" --root-pwd "YOUR_ROOT_PWD" --ip-address "YOUR_NSX_IPV4_ADDRESS"

Note: The -d argument is not added when in apply mode, -d is only for dry run mode. The APPLY FIX prompt will always be "YES" in automation mode, so this will show what fixes CARR will make, and immediately start applying those fixes.

For more details on the CARR script and supported version, please review the KB Using Certificate Analyzer, Results and Recovery (CARR) Script to fix certificate related issues in NSX