T4767: Rewrite generate ipsec archive to python

Made the following changes: 1) made changes to the "XML" file to replace the script from "sh" to "py" 2) changed the extension of the main script from "sh" to "py" 3) changed the script to "py"

3 files changed, 91 insertions, 37 deletions

diff --git a/op-mode-definitions/generate-ipsec-debug-archive.xml.in b/op-mode-definitions/generate-ipsec-debug-archive.xml.in
index f268d5ae5..dcbed0c42 100644
--- a/op-mode-definitions/generate-ipsec-debug-archive.xml.in
+++ b/op-mode-definitions/generate-ipsec-debug-archive.xml.in
@@ -8,7 +8,7 @@
             <properties>
               <help>Generate IPSec debug-archive</help>
             </properties>
-            <command>${vyos_op_scripts_dir}/generate_ipsec_debug_archive.sh</command>
+            <command>${vyos_op_scripts_dir}/generate_ipsec_debug_archive.py</command>
           </node>
         </children>
       </node>
diff --git a/src/op_mode/generate_ipsec_debug_archive.py b/src/op_mode/generate_ipsec_debug_archive.py
new file mode 100755
index 000000000..933dd4e1a
--- /dev/null
+++ b/src/op_mode/generate_ipsec_debug_archive.py
@@ -0,0 +1,90 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from datetime import datetime
+from pathlib import Path
+from shutil import rmtree
+from socket import gethostname
+from sys import exit
+from tarfile import open as tar_open
+from vyos.util import rc_cmd
+
+# define a list of commands that needs to be executed
+CMD_LIST: list[str] = [
+    'sudo ipsec status',
+    'sudo swanctl -L',
+    'sudo swanctl -l',
+    'sudo swanctl -P',
+    'sudo ip x sa show',
+    'sudo ip x policy show',
+    'sudo ip tunnel show',
+    'sudo ip address',
+    'sudo ip rule show',
+    'sudo ip route | head -100',
+    'sudo ip route show table 220'
+]
+JOURNALCTL_CMD: str = 'sudo journalctl -b -n 10000 /usr/lib/ipsec/charon'
+
+
+# execute a command and save the output to a file
+def save_stdout(command: str, file: Path) -> None:
+    rc, stdout = rc_cmd(command)
+    body: str = f'''### {command} ###
+Command: {command}
+Exit code: {rc}
+Stdout:
+{stdout}
+
+'''
+    with file.open(mode='a') as f:
+        f.write(body)
+
+
+# get local host name
+hostname: str = gethostname()
+# get current time
+time_now: str = datetime.now().isoformat(timespec='seconds')
+
+# define a temporary directory for logs and collected data
+tmp_dir: Path = Path(f'/tmp/ipsec_debug_{time_now}')
+# set file paths
+ipsec_status_file: Path = Path(f'{tmp_dir}/ipsec_status.txt')
+journalctl_charon_file: Path = Path(f'{tmp_dir}/journalctl_charon.txt')
+archive_file: str = f'/tmp/ipsec_debug_{time_now}.tar.bz2'
+
+# create files
+tmp_dir.mkdir()
+ipsec_status_file.touch()
+journalctl_charon_file.touch()
+
+try:
+    # execute all commands
+    for command in CMD_LIST:
+        save_stdout(command, ipsec_status_file)
+    save_stdout(JOURNALCTL_CMD, journalctl_charon_file)
+
+    # create an archive
+    with tar_open(name=archive_file, mode='x:bz2') as tar_file:
+        tar_file.add(tmp_dir)
+
+    # inform user about success
+    print(f'Debug file is generated and located in {archive_file}')
+except Exception as err:
+    print(f'Error during generating a debug file: {err}')
+finally:
+    # cleanup
+    rmtree(tmp_dir)
+    exit()
diff --git a/src/op_mode/generate_ipsec_debug_archive.sh b/src/op_mode/generate_ipsec_debug_archive.sh
deleted file mode 100755
index 53d0a6eaa..000000000
--- a/src/op_mode/generate_ipsec_debug_archive.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-
-# Collecting IPSec Debug Information
-
-DATE=`date +%d-%m-%Y`
-
-a_CMD=(
-       "sudo ipsec status"
-       "sudo swanctl -L"
-       "sudo swanctl -l"
-       "sudo swanctl -P"
-       "sudo ip x sa show"
-       "sudo ip x policy show"
-       "sudo ip tunnel show"
-       "sudo ip address"
-       "sudo ip rule show"
-       "sudo ip route"
-       "sudo ip route show table 220"
-      )
-
-
-echo "DEBUG: ${DATE} on host \"$(hostname)\"" > /tmp/ipsec-status-${DATE}.txt
-date >> /tmp/ipsec-status-${DATE}.txt
-
-# Execute all DEBUG commands and save it to file
-for cmd in "${a_CMD[@]}"; do
-    echo -e "\n### ${cmd} ###" >> /tmp/ipsec-status-${DATE}.txt
-    ${cmd} >> /tmp/ipsec-status-${DATE}.txt 2>/dev/null
-done
-
-# Collect charon logs, build .tgz archive
-sudo journalctl /usr/lib/ipsec/charon > /tmp/journalctl-charon-${DATE}.txt && \
-sudo tar -zcvf /tmp/ipsec-debug-${DATE}.tgz /tmp/journalctl-charon-${DATE}.txt /tmp/ipsec-status-${DATE}.txt >& /dev/null
-sudo rm -f /tmp/journalctl-charon-${DATE}.txt /tmp/ipsec-status-${DATE}.txt
-
-echo "Debug file is generated and located in /tmp/ipsec-debug-${DATE}.tgz"