Skip to content

Commit

Permalink
Merge pull request #29 from rebortg/improve/commandscripting
Browse files Browse the repository at this point in the history 
Improve/commandscripting
  • Loading branch information
@UnicronNL
UnicronNL committed Apr 8, 2019
2 parents c77c4df + ba3e5d2 commit 6d5be22
Showing 1 changed file with 57 additions and 1 deletion.
58 changes: 57 additions & 1 deletion docs/commandscripting.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,4 +48,60 @@ Unlike a normal configuration sessions, all operational commands must be prepend
run show interfaces
exit
exit
Other script language
---------------------

If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script.

Here is a simple example:

.. code-block:: python
#!/usr/bin/env python
print "delete firewall group address-group somehosts"
print "set firewall group address-group somehosts address '1.1.1.1'"
print "set firewall group address-group somehosts address '1.1.1.2'"
.. code-block:: sh
#!bin/vbash
source /opt/vyatta/etc/functions/script-template
configure
source <(/config/scripts/setfirewallgroup.py)
commit
Executing Configuration Scripts
-------------------------------

There is a pitfall when working with configuration scripts. It is tempting to call configuration scripts with "sudo" (i.e., temporary root permissions), because that's the common way on most Linux platforms to call system commands.

On VyOS this will cause the following problem: After modifying the configuration via script like this once, it is not possible to manually modify the config anymore:

.. code-block:: sh
sudo ./myscript.sh # Modifies config
configure
set ... # Any configuration parameter
| This will result in the following error message: ``Set failed``
| If this happens, a reboot is required to be able to edit the config manually again.
To avoid these problems, the proper way is to call a script with the ``vyattacfg`` group, e.g., by using the ``sg`` (switch group) command:

.. code-block:: sh
sg vyattacfg -c ./myscript.sh
To make sure that a script is not accidentally called without the ``vyattacfg`` group, the script can be safeguarded like this:

.. code-block:: sh
if [ "$(id -g -n)" != 'vyattacfg' ] ; then
exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
fi

0 comments on commit 6d5be22

Please sign in to comment.