Merge pull request #1646 from mkorobeinikov/4767py

T4767: Rewrite generate ipsec archive to python

3 files changed, 91 insertions, 37 deletions

diff --git a/op-mode-definitions/generate-ipsec-debug-archive.xml.in b/op-mode-definitions/generate-ipsec-debug-archive.xml.in
index f268d5ae5..dcbed0c42 100644
--- a/op-mode-definitions/generate-ipsec-debug-archive.xml.in
+++ b/op-mode-definitions/generate-ipsec-debug-archive.xml.in
@@ -8,7 +8,7 @@
             <properties>
               <help>Generate IPSec debug-archive</help>
             </properties>
-            <command>${vyos_op_scripts_dir}/generate_ipsec_debug_archive.sh</command>
+            <command>${vyos_op_scripts_dir}/generate_ipsec_debug_archive.py</command>
           </node>
         </children>
       </node>
diff --git a/src/op_mode/generate_ipsec_debug_archive.py b/src/op_mode/generate_ipsec_debug_archive.py
new file mode 100755
index 000000000..933dd4e1a
--- /dev/null
+++ b/src/op_mode/generate_ipsec_debug_archive.py
@@ -0,0 +1,90 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from datetime import datetime
+from pathlib import Path
+from shutil import rmtree
+from socket import gethostname
+from sys import exit
+from tarfile import open as tar_open
+from vyos.util import rc_cmd
+
+# define a list of commands that needs to be executed
+CMD_LIST: list[str] = [
+    'sudo ipsec status',
+    'sudo swanctl -L',
+    'sudo swanctl -l',
+    'sudo swanctl -P',
+    'sudo ip x sa show',
+    'sudo ip x policy show',
+    'sudo ip tunnel show',
+    'sudo ip address',
+    'sudo ip rule show',
+    'sudo ip route | head -100',
+    'sudo ip route show table 220'
+]
+JOURNALCTL_CMD: str = 'sudo journalctl -b -n 10000 /usr/lib/ipsec/charon'
+
+
+# execute a command and save the output to a file
+def save_stdout(command: str, file: Path) -> None:
+    rc, stdout = rc_cmd(command)
+    body: str = f'''### {command} ###
+Command: {command}
+Exit code: {rc}
+Stdout:
+{stdout}
+
+'''
+    with file.open(mode='a') as f:
+        f.write(body)
+
+
+# get local host name
+hostname: str = gethostname()
+# get current time
+time_now: str = datetime.now().isoformat(timespec='seconds')
+
+# define a temporary directory for logs and collected data
+tmp_dir: Path = Path(f'/tmp/ipsec_debug_{time_now}')
+# set file paths
+ipsec_status_file: Path = Path(f'{tmp_dir}/ipsec_status.txt')
+journalctl_charon_file: Path = Path(f'{tmp_dir}/journalctl_charon.txt')
+archive_file: str = f'/tmp/ipsec_debug_{time_now}.tar.bz2'
+
+# create files
+tmp_dir.mkdir()
+ipsec_status_file.touch()
+journalctl_charon_file.touch()
+
+try:
+    # execute all commands
+    for command in CMD_LIST:
+        save_stdout(command, ipsec_status_file)
+    save_stdout(JOURNALCTL_CMD, journalctl_charon_file)
+
+    # create an archive
+    with tar_open(name=archive_file, mode='x:bz2') as tar_file:
+        tar_file.add(tmp_dir)
+
+    # inform user about success
+    print(f'Debug file is generated and located in {archive_file}')
+except Exception as err:
+    print(f'Error during generating a debug file: {err}')
+finally:
+    # cleanup
+    rmtree(tmp_dir)
+    exit()
diff --git a/src/op_mode/generate_ipsec_debug_archive.sh b/src/op_mode/generate_ipsec_debug_archive.sh
deleted file mode 100755
index 53d0a6eaa..000000000
--- a/src/op_mode/generate_ipsec_debug_archive.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-
-# Collecting IPSec Debug Information
-
-DATE=`date +%d-%m-%Y`
-
-a_CMD=(
-       "sudo ipsec status"
-       "sudo swanctl -L"
-       "sudo swanctl -l"
-       "sudo swanctl -P"
-       "sudo ip x sa show"
-       "sudo ip x policy show"
-       "sudo ip tunnel show"
-       "sudo ip address"
-       "sudo ip rule show"
-       "sudo ip route"
-       "sudo ip route show table 220"
-      )
-
-
-echo "DEBUG: ${DATE} on host \"$(hostname)\"" > /tmp/ipsec-status-${DATE}.txt
-date >> /tmp/ipsec-status-${DATE}.txt
-
-# Execute all DEBUG commands and save it to file
-for cmd in "${a_CMD[@]}"; do
-    echo -e "\n### ${cmd} ###" >> /tmp/ipsec-status-${DATE}.txt
-    ${cmd} >> /tmp/ipsec-status-${DATE}.txt 2>/dev/null
-done
-
-# Collect charon logs, build .tgz archive
-sudo journalctl /usr/lib/ipsec/charon > /tmp/journalctl-charon-${DATE}.txt && \
-sudo tar -zcvf /tmp/ipsec-debug-${DATE}.tgz /tmp/journalctl-charon-${DATE}.txt /tmp/ipsec-status-${DATE}.txt >& /dev/null
-sudo rm -f /tmp/journalctl-charon-${DATE}.txt /tmp/ipsec-status-${DATE}.txt
-
-echo "Debug file is generated and located in /tmp/ipsec-debug-${DATE}.tgz"