# Accessing the system (Command line) ## Local access By default, the `migration-manager` CLI tool can be used to manage a Migration Manager service running on the same system. ## Network settings To enable `migration-manager` to communicate over the network, you can assign a network address and port. If no port is specified, Migration Manager will use `6443` ``` $ migration-manager system network edit ### This is a YAML representation of the system network configuration. ### Any line starting with a '# will be ignored. ### rest_server_address: '192.0.2.100:443' worker_endpoint: https://example.com ``` The `worker_endpoint` is used for connections from migrating instances back to the Migration Manager service. If unset, it will use the value of `rest_server_address`. ## Security settings Authentication and authorization settings can be configured from the command line as well. Migration Manager will only accept trusted connections. ``` $ migration-manager system security edit ### This is a YAML representation of the system security configuration. ### Any line starting with a '# will be ignored. ### trusted_tls_client_cert_fingerprints: - e385d0e91509d33f0a3ff2d5993bd1fc6e6265140b5f11b7e3d20801480e3fbf - a57be4e28ab1f1d315e9d3b174a54221b47dca44f2e5c7c436d9cf558e3f8b7e oidc: issuer: "" client_id: "" scopes: "" audience: "" claim: "" openfga: api_token: "" api_url: "" store_id: "" ``` ## Remote access The CLI tool can connect to a Migration Manager service over the network by registering a remote. Here is a sample registration of a remote named `m1` at address `https://192.0.2.100:443`: ``` $ migration-manager remote add "m1" "https://192.0.2.100:443" --auth-type "tls" Server presented an untrusted TLS certificate with SHA256 fingerprint 80d569e9244a421f3a3d60d46631eb717f8a0a480f2f23ee729a4c1c016875f7. Is this the correct fingerprint? (yes/no) [default=no]: yes $ migration-manager remote switch "m1" ``` Additionally, `--auth-type "oidc"` is available if configured on the Migration Manager service. The first time the remote CLI tool is used, a certificate keypair will be generated that must be trusted by the Migration Manager service: ``` Received authentication mismatch: got "untrusted", expected "tls". Ensure the server trusts the client fingerprint "653f014cbd7a7135c21414884283a50f2dd8e117943e4593638d72824596b268" ``` This certificate should be added to the `trusted_tls_client_cert_fingerprints` list with the local CLI tool using `migration-manager system security edit` for the remote CLI to properly function.