summaryrefslogtreecommitdiff
path: root/docs/automation/command-scripting.rst
blob: 98e97d3c6d7aaf6ef25951f30113ed40b02eeac0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
.. _commandscripting:


Command scripting
=================

VyOS supports executing configuration and operational commands non-interactively from shell scripts.

To include VyOS-specific functions and aliases you need to ``source /opt/vyatta/etc/functions/script-template`` files at the top of your script.

.. code-block:: none

  #!/bin/vbash
  source /opt/vyatta/etc/functions/script-template

  exit

Run configuration commands
--------------------------

Configuration commands are executed just like from a normal config session.

For example, if you want to disable a BGP peer on VRRP transition to backup:

.. code-block:: none

  #!/bin/vbash
  source /opt/vyatta/etc/functions/script-template

  configure

  set protocols bgp 65536 neighbor 192.168.2.1 shutdown

  commit

  exit


Run operational commands
------------------------

Unlike a normal configuration sessions, all operational commands must be prepended with ``run``, even if you haven't created a session with configure.

.. code-block:: none

  #!/bin/vbash
  source /opt/vyatta/etc/functions/script-template

  run show interfaces

  exit

Other script language
---------------------

If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script.

Here is a simple example:

.. code-block:: python

  #!/usr/bin/env python
  print "delete firewall group address-group somehosts"
  print "set firewall group address-group somehosts address '1.1.1.1'"
  print "set firewall group address-group somehosts address '1.1.1.2'"


.. code-block:: none

  #!/bin/vbash
  source /opt/vyatta/etc/functions/script-template
  
  configure 
  source <(/config/scripts/setfirewallgroup.py)
  commit


Executing Configuration Scripts
-------------------------------

There is a pitfall when working with configuration scripts. It is tempting to call configuration scripts with "sudo" (i.e., temporary root permissions), because that's the common way on most Linux platforms to call system commands.

On VyOS this will cause the following problem: After modifying the configuration via script like this once, it is not possible to manually modify the config anymore:

.. code-block:: none

  sudo ./myscript.sh # Modifies config
  configure
  set ... # Any configuration parameter

| This will result in the following error message: ``Set failed``
| If this happens, a reboot is required to be able to edit the config manually again.

To avoid these problems, the proper way is to call a script with the ``vyattacfg`` group, e.g., by using the ``sg`` (switch group) command:

.. code-block:: none

  sg vyattacfg -c ./myscript.sh


To make sure that a script is not accidentally called without the ``vyattacfg`` group, the script can be safeguarded like this:

.. code-block:: none

  if [ "$(id -g -n)" != 'vyattacfg' ] ; then
      exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
  fi

Postconfig on boot
------------------

The ``/config/scripts/vyos-postconfig-bootup.script`` script is called on boot after the VyOS configuration is fully applied.

Any modifications done to work around unfixed bugs and implement enhancements which are not complete in the VyOS system can be placed here.

The default file looks like this:

.. code-block:: none

  #!/bin/sh
  # This script is executed at boot time after VyOS configuration is fully applied.
  # Any modifications required to work around unfixed bugs
  # or use services not available through the VyOS CLI system can be placed here.

.. hint::
  For configuration/upgrade management issues, modification of this script should be the last option. Always try to find solutions based on CLI commands first.