Configuration scripting

From VyOS Wiki
Revision as of 20:37, 1 July 2019 by Robert@sentrium.io (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Warning sign.png This page is migrated to Readthedocs .
Information found on this page is migrated to readthedocs and information found here could be outdated or misleading. https://vyos.readthedocs.io/en/latest/commandscripting.html

It's possible to use operational and configuration mode commands from scripts.

Script header

#!/bin/vbash
source /opt/vyatta/etc/functions/script-template

Script body

Once you source /opt/vyatta/etc/functions/script-template, you can use all configure/set/delete/commit commands. You also can use operational mode commands, but unlike normal CLI, they **always** must be prepended with "run", whether you started a configuration session or not.

Example

#!/bin/vbash
source /opt/vyatta/etc/functions/script-template

configure
set system host-name test1
commit

run show interfaces ethernet eth0

If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script. Here is a simple example

#!/usr/bin/env python
print "delete firewall group address-group somehosts"
print "set firewall group address-group somehosts address '1.1.1.1'"
print "set firewall group address-group somehosts address '1.1.1.2'"
#!bin/vbash
source /opt/vyatta/etc/functions/script-template

configure
source <(/config/scripts/setfirewallgroup.py)
commit

Executing Configuration Scripts

There is a pitfall when working with configuration scripts: It is tempting to call configuration scripts with "sudo" (i.e., temporary root permissions), because that's the common way on most Linux platforms to call system commands.

On VyOS this will cause the following problem: After modifying the configuration via script like this once, it is not possible to manually modify the config anymore:

sudo ./myscript.sh # Modifies config via API
configure
set ... # Any configuration parameter

This will result in the following error message: "Set failed"

If this happens, a reboot is required to be able to edit the config manually again.

To avoid these problems, the proper way is to call a script with the "vyattacfg" group, e.g., by using the "sg" (switch group) command:

sg vyattacfg -c ./myscript.sh

To make sure that a script is not accidentally called without the "vyattacfg" group, the script can be safeguarded like this:

if [ "$(id -g -n)" != 'vyattacfg' ] ; then
    exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
fi

If this is added to the beginning of a script, the script will call itself with the proper group and all arguments.