MCC client command line usage (mcc)

General options

-s /tmp/.mcc-socket
--unix /tmp/.mcc-socket

The daemon's UNIX socket path. The client uses this socket to talk to the daemon.

Commands

mcc --help

Print help.

mcc --version

Print MCC version.

mcc id

Get current node's ID.

mcc parent

Get parent node's socket address (ip:port).

mcc health

Get MCC daemon health status. Exit code 0 means success, otherwise failure.

mcc resolve [options] address

Resolve between node IDs, IPv4/IPv6 addresses, and MAC addresses.

-t format
--target-format format

The address format into which you want to resolve node ID. Possible values: ipv4, ipv6, mac6, node-id. The default is ipv4.

address

The IPv4/IPv6/MAC address or node ID that you want to resolve.

mcc route destination [source]

Get the route to the specified node. The nodes are defined by their IDs.

destination

Destination node ID.

source

Source node ID.

mcc init [options] [network-certificate-base64]

Initialize the current node, i.e. generate node certificate, private key, and setup the parent node if any.

-p
--parents

Parents node or nodes. Comma-separated list of ip:port or ip items.

--stdin

Read network private key from standard input.

-y
--force

Overwrite existing files without asking.

-C /etc/mcc
--config-dir /etc/mcc

MCC configuration directory. Default is /etc/mcc

mcc generate-node-certificate [options] [output-directory]

Generate node certificate and private key. This is alternative way of provisioning the nodes that does not require using self-service portal. Easy to automate with IaC tools.

-p /etc/mcc/network-certificate.txt
--parent /etc/mcc/network-certificate.txt

Path to your network certificate.

--stdin

Read network private key from standard input.

output-directory

Output directory (default is /etc/mcc).

mcc generate-dependent-node-certificate [options] ipv4-address [output-directory]

⚠️ This command was deprecated in MCC v2. Please use mcc create-tunnel instead.
Generate dependent node certificate and private key.

-p /etc/mcc/network-certificate.txt
--parent /etc/mcc/network-certificate.txt

Path to your network certificate.

--stdin

Read network private key from standard input.

--dns-names

Comma-separated list of DNS names associated with the node.

--static-address 10.115.0.0/16

Static IP address of this node in overlay network.

ip-address

IPv4 address outside MCC network to which the traffic will be directed. Only addresses from private networks (RFC 1918) are allowed here.

output-directory

Output directory (default is /etc/mcc/dependent-nodes).

mcc create-tunnel [options] --targets targets --remote-node remote-node [output-directory]

Create a network tunnel between two endpoints with unique encryption keys on both sides. There are client and server endpoints. The tunnel can only be created on the server side. Both the client and the server nodes have to trust each other (see trusted-networks and trusted-nodes). Currently tunnels support tcp and udp protocols only.

You can assign DNS names and static IP addresses to the tunnels and use their public keys to address specific server endpoints. Please note, the server endpoint can only be addressed from the corresponding client node. On other nodes the endpoint public key will not resolve into a dynamic IP address. This is in contrast to network nodes public keys of which are always resolved into dynamic IP addresses.

-p /etc/mcc/network-certificate.txt
--parent /etc/mcc/network-certificate.txt

Path to your network certificate.

--stdin

Read network private key from standard input.

--targets

Comma-separated list of server endpoints specified as protocol:port pairs. Example: tcp:80,udp:2222. Mandatory argument.

--remote-node

Remote node id. Mandatory argument.

--dns-names

Comma-separated list of DNS names associated with the server endpoint.

--static-ip-address 10.115.0.0/16

Static IP address of the server endpoint in overlay network. 10.115.0.0/16 means no static address.

--external-ip-address 0.0.0.0

IPv4 address outside MCC network to which the traffic will be directed. Only addresses from private networks (RFC 1918) are allowed here. 0.0.0.0 means no external address. If this address is specified the packet that reached the server is forwarded to the specified address, and the reply is forwarded back to the client.

output-directory

Output directory (default is /etc/mcc/tunnels).

mcc certificates [configuration-file]

Show the current certificates.

configuration file

Configuration file (default is /etc/mcc/mcc.conf).

mcc nodes [options]

Show known nodes in table or graph format.

-f table
--output-format table

Output format. Possible values: table, graphviz. Default is table.

mcc apply-forwarding-rules [options] file

Safely replace existing rules with forwarding rules from the specified file. This command interactively asks for the confirmation after the new rules are applied. If the answer is not received (because your SSH connection dropped), the rules are reverted after a timeout.

mcc help [subcommand]

Print help of the given subcommand.

See also