<?xml version="1.0"?> <interfaceDefinition> <node name="generate"> <children> <node name="pki"> <properties> <help>Generate PKI certificates and keys</help> </properties> <children> <node name="ca"> <properties> <help>Generate CA certificate</help> </properties> <children> <tagNode name="sign"> <properties> <help>Sign generated CA certificate with another specified CA certificate</help> <completionHelp> <path>pki ca</path> </completionHelp> </properties> <children> <tagNode name="file"> <properties> <help>Write generated CA certificate into the specified filename</help> <completionHelp> <list><filename></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$7" --sign "$5" --file</command> </tagNode> <tagNode name="install"> <properties> <help>Commands for installing generated CA certificate into running configuration</help> <completionHelp> <list><certificate name></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$7" --sign "$5" --install</command> </tagNode> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "noname" --sign "$5"</command> </tagNode> <tagNode name="file"> <properties> <help>Write generated CA certificate into the specified filename</help> <completionHelp> <list><filename></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --file</command> </tagNode> <tagNode name="install"> <properties> <help>Commands for installing generated CA certificate into running configuration</help> <completionHelp> <list><CA name></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --install</command> </tagNode> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "noname"</command> </node> <node name="certificate"> <properties> <help>Generate certificate request</help> </properties> <children> <node name="self-signed"> <properties> <help>Generate self-signed certificate</help> </properties> <children> <tagNode name="file"> <properties> <help>Write generated self-signed certificate into the specified filename</help> <completionHelp> <list><filename></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --file</command> </tagNode> <tagNode name="install"> <properties> <help>Commands for installing generated self-signed certificate into running configuration</help> <completionHelp> <list><certificate name></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --install</command> </tagNode> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --self-sign</command> </node> <tagNode name="sign"> <properties> <help>Sign generated certificate with specified CA certificate</help> <completionHelp> <path>pki ca</path> </completionHelp> </properties> <children> <tagNode name="file"> <properties> <help>Write generated signed certificate into the specified filename</help> <completionHelp> <list><filename></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --file</command> </tagNode> <tagNode name="install"> <properties> <help>Commands for installing generated signed certificate into running configuration</help> <completionHelp> <list><certificate name></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --install</command> </tagNode> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --sign "$5"</command> </tagNode> <tagNode name="file"> <properties> <help>Write generated certificate request and key into the specified filename</help> <completionHelp> <list><filename></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --file</command> </tagNode> <tagNode name="install"> <properties> <help>Commands for installing generated certificate private key into running configuration</help> <completionHelp> <list><certificate name></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --install</command> </tagNode> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname"</command> </node> <tagNode name="crl"> <properties> <help>Generate CRL for specified CA certificate</help> <completionHelp> <path>pki ca</path> </completionHelp> </properties> <children> <tagNode name="file"> <properties> <help>Write generated CRL into the specified filename</help> <completionHelp> <list><filename></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --file</command> </tagNode> <leafNode name="install"> <properties> <help>Commands for installing generated CRL into running configuration</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --install</command> </leafNode> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4"</command> </tagNode> <node name="dh"> <properties> <help>Generate DH parameters</help> </properties> <children> <tagNode name="file"> <properties> <help>Write generated DH parameters into the specified filename</help> <completionHelp> <list><filename></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --file</command> </tagNode> <tagNode name="install"> <properties> <help>Commands for installing generated DH parameters into running configuration</help> <completionHelp> <list><DH name></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --install</command> </tagNode> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "noname"</command> </node> <node name="key-pair"> <properties> <help>Generate a key pair</help> </properties> <children> <tagNode name="file"> <properties> <help>Write generated key pair into the specified filename</help> <completionHelp> <list><filename></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --file</command> </tagNode> <tagNode name="install"> <properties> <help>Commands for installing generated key pair into running configuration</help> <completionHelp> <list><key name></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --install</command> </tagNode> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "noname"</command> </node> <node name="openvpn"> <properties> <help>Generate OpenVPN keys</help> </properties> <children> <node name="shared-secret"> <properties> <help>Generate OpenVPN shared secret key</help> </properties> <children> <tagNode name="file"> <properties> <help>Write generated OpenVPN shared secret key into the specified filename</help> <completionHelp> <list><filename></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --file</command> </tagNode> <tagNode name="install"> <properties> <help>Commands for installing generated OpenVPN shared secret key into running configuration</help> <completionHelp> <list><key name></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --install</command> </tagNode> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "noname"</command> </node> </children> </node> <node name="ssh-key"> <properties> <help>Generate SSH key</help> </properties> <children> <tagNode name="file"> <properties> <help>Write generated SSH keys into the specified filename</help> <completionHelp> <list><filename></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --file</command> </tagNode> <tagNode name="install"> <properties> <help>Commands for installing generated SSH key into running configuration</help> <completionHelp> <list><key name></list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --install</command> </tagNode> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "noname"</command> </node> <node name="wireguard"> <properties> <help>Generate WireGuard keys</help> </properties> <children> <node name="key-pair"> <properties> <help>Generate WireGuard public/private key-pair</help> </properties> <children> <node name="install"> <properties> <help>Generate CLI commands to install WireGuard key to configuration</help> </properties> <children> <tagNode name="interface"> <properties> <help>WireGuard Interface used in install command</help> <completionHelp> <path>interfaces wireguard</path> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key --interface "$7" --install</command> </tagNode> </children> </node> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key</command> </node> <node name="preshared-key"> <properties> <help>Generate WireGuard pre-shared key</help> </properties> <children> <node name="install"> <properties> <help>Generate CLI commands to install WireGuard key to configuration</help> </properties> <children> <tagNode name="interface"> <properties> <help>WireGuard Interface used in install command</help> <completionHelp> <path>interfaces wireguard</path> </completionHelp> </properties> <children> <tagNode name="peer"> <properties> <help>Interface used for install command</help> <completionHelp> <path>interfaces wireguard ${COMP_WORDS[COMP_CWORD-2]} peer</path> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk --interface "$7" --peer "$9" --install</command> </tagNode> </children> </tagNode> </children> </node> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk</command> </node> </children> </node> </children> </node> </children> </node> <node name="import"> <properties> <help>Import an object</help> </properties> <children> <node name="pki"> <properties> <help>Import file into PKI configuration</help> </properties> <children> <tagNode name="ca"> <properties> <help>Import CA certificate into PKI</help> <completionHelp> <list><name></list> </completionHelp> </properties> <children> <tagNode name="file"> <properties> <help>Path to CA certificate file</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --ca "$4" --filename "$6"</command> </tagNode> <tagNode name="key-file"> <properties> <help>Path to private key file</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --ca "$4" --key-filename "$6"</command> </tagNode> </children> </tagNode> <tagNode name="certificate"> <properties> <help>Import certificate into PKI</help> <completionHelp> <list><name></list> </completionHelp> </properties> <children> <tagNode name="file"> <properties> <help>Path to certificate file</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --certificate "$4" --filename "$6"</command> </tagNode> <tagNode name="key-file"> <properties> <help>Path to private key file</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --certificate "$4" --key-filename "$6"</command> </tagNode> </children> </tagNode> <tagNode name="crl"> <properties> <help>Import certificate revocation list into PKI</help> <completionHelp> <list><CA name></list> </completionHelp> </properties> <children> <tagNode name="file"> <properties> <help>Path to CRL file</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --crl "$4" --filename "$6"</command> </tagNode> </children> </tagNode> <tagNode name="dh"> <properties> <help>Import DH parameters into PKI</help> <completionHelp> <list><name></list> </completionHelp> </properties> <children> <tagNode name="file"> <properties> <help>Path to DH parameters file</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --dh "$4" --filename "$6"</command> </tagNode> </children> </tagNode> <tagNode name="key-pair"> <properties> <help>Import key pair into PKI</help> <completionHelp> <list><name></list> </completionHelp> </properties> <children> <tagNode name="public-file"> <properties> <help>Path to public key file</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --keypair "$4" --filename "$6"</command> </tagNode> <tagNode name="private-file"> <properties> <help>Path to private key file</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --keypair "$4" --key-filename "$6"</command> </tagNode> </children> </tagNode> <node name="openvpn"> <properties> <help>Import OpenVPN keys into PKI</help> </properties> <children> <tagNode name="shared-secret"> <properties> <help>Import OpenVPN shared secret key into PKI</help> <completionHelp> <list><name></list> </completionHelp> </properties> <children> <tagNode name="file"> <properties> <help>Path to shared secret key file</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --openvpn "$5" --filename "$7"</command> </tagNode> </children> </tagNode> </children> </node> </children> </node> </children> </node> <node name="show"> <children> <node name="pki"> <properties> <help>Show PKI x509 certificates</help> </properties> <children> <leafNode name="ca"> <properties> <help>Show x509 CA certificates</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "all"</command> </leafNode> <tagNode name="ca"> <properties> <help>Show x509 CA certificate by name</help> <completionHelp> <path>pki ca</path> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "$4"</command> <children> <leafNode name="pem"> <properties> <help>Show x509 CA certificate in PEM format</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "$4" --pem</command> </leafNode> </children> </tagNode> <leafNode name="certificate"> <properties> <help>Show x509 certificates</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "all"</command> </leafNode> <tagNode name="certificate"> <properties> <help>Show x509 certificate by name</help> <completionHelp> <path>pki certificate</path> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$4"</command> <children> <leafNode name="pem"> <properties> <help>Show x509 certificate in PEM format</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$4" --pem</command> </leafNode> <tagNode name="fingerprint"> <properties> <help>Show x509 certificate fingerprint</help> <completionHelp> <list>sha256 sha384 sha512</list> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$4" --fingerprint "$6"</command> </tagNode> </children> </tagNode> <leafNode name="crl"> <properties> <help>Show x509 certificate revocation lists</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "all"</command> </leafNode> <tagNode name="crl"> <properties> <help>Show x509 certificate revocation lists by CA name</help> <completionHelp> <path>pki ca</path> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "$4"</command> <children> <leafNode name="pem"> <properties> <help>Show x509 certificate revocation lists by CA name in PEM format</help> </properties> <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "$4" --pem</command> </leafNode> </children> </tagNode> </children> <command>sudo ${vyos_op_scripts_dir}/pki.py --action show</command> </node> </children> </node> <node name="renew"> <children> <leafNode name="certbot"> <properties> <help>Start manual certbot renewal</help> </properties> <command>sudo systemctl start certbot.service</command> </leafNode> </children> </node> </interfaceDefinition>