summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--data/templates/aws/override_aws_gwlbtun.conf.j24
-rw-r--r--data/templates/conntrack/sysctl.conf.j23
-rw-r--r--data/templates/conntrack/vyos_nf_conntrack.conf.j22
-rwxr-xr-xdata/templates/firewall/nftables.j22
-rw-r--r--data/templates/frr/ospfd.frr.j22
-rw-r--r--data/templates/frr/rpki.frr.j228
-rw-r--r--debian/vyos-1x.links2
-rw-r--r--interface-definitions/include/firewall/global-options.xml.i2
-rw-r--r--interface-definitions/include/rpki/protocol-common-config.xml.i87
-rw-r--r--interface-definitions/include/version/conntrack-version.xml.i2
-rw-r--r--interface-definitions/protocols_rpki.xml.in86
-rw-r--r--interface-definitions/system_conntrack.xml.in6
-rw-r--r--interface-definitions/vrf.xml.in9
m---------libvyosconfig0
-rw-r--r--op-mode-definitions/clear-interfaces.xml.in93
-rw-r--r--op-mode-definitions/clear-log.xml.in2
-rw-r--r--op-mode-definitions/connect.xml.in2
-rw-r--r--op-mode-definitions/conntrack-sync.xml.in22
-rw-r--r--op-mode-definitions/container.xml.in32
-rw-r--r--op-mode-definitions/crypt.xml.in6
-rw-r--r--op-mode-definitions/date.xml.in2
-rw-r--r--op-mode-definitions/dhcp.xml.in18
-rw-r--r--op-mode-definitions/disconnect.xml.in2
-rw-r--r--op-mode-definitions/disks.xml.in4
-rw-r--r--op-mode-definitions/dns-dynamic.xml.in8
-rw-r--r--op-mode-definitions/dns-forwarding.xml.in8
-rw-r--r--op-mode-definitions/execute-shell.xml.in4
-rw-r--r--op-mode-definitions/file.xml.in10
-rwxr-xr-xop-mode-definitions/firewall.xml.in146
-rw-r--r--op-mode-definitions/flow-accounting-op.xml.in2
-rw-r--r--op-mode-definitions/force-arp.xml.in10
-rw-r--r--op-mode-definitions/force-root-partition-auto-resize.xml.in2
-rw-r--r--op-mode-definitions/generate-ipsec-debug-archive.xml.in2
-rw-r--r--op-mode-definitions/generate-ipsec-profile.xml.in10
-rw-r--r--op-mode-definitions/generate-openconnect-user-key.xml.in10
-rw-r--r--op-mode-definitions/generate-openvpn-config-client.xml.in4
-rw-r--r--op-mode-definitions/generate-ssh-server-key.xml.in2
-rw-r--r--op-mode-definitions/generate-system-login-user.xml.in14
-rw-r--r--op-mode-definitions/generate-wireguard.xml.in6
-rw-r--r--op-mode-definitions/generate_tech-support_archive.xml.in8
-rw-r--r--op-mode-definitions/geoip.xml.in2
-rw-r--r--op-mode-definitions/igmp-proxy.xml.in2
-rw-r--r--op-mode-definitions/include/bgp/advertised-routes.xml.i12
-rw-r--r--op-mode-definitions/include/bgp/afi-ipv4-ipv6-common.xml.i63
-rw-r--r--op-mode-definitions/include/bgp/dampened-routes.xml.i8
-rw-r--r--op-mode-definitions/include/bgp/filtered-routes.xml.i8
-rw-r--r--op-mode-definitions/include/bgp/flap-statistics.xml.i8
-rw-r--r--op-mode-definitions/include/bgp/prefix-counts.xml.i8
-rw-r--r--op-mode-definitions/include/bgp/received-routes.xml.i12
-rw-r--r--op-mode-definitions/include/bgp/received.xml.i16
-rw-r--r--op-mode-definitions/include/bgp/routes.xml.i8
-rw-r--r--op-mode-definitions/include/bgp/show-bgp-common.xml.i14
-rw-r--r--op-mode-definitions/include/bgp/show-ip-bgp-common.xml.i38
-rw-r--r--op-mode-definitions/include/rpki/vrf.xml.i11
-rw-r--r--op-mode-definitions/include/vtysh-generic-detail-wide.xml.i11
-rw-r--r--op-mode-definitions/install-mok.xml.in2
-rw-r--r--op-mode-definitions/ipv4-route.xml.in10
-rw-r--r--op-mode-definitions/ipv6-route.xml.in8
-rw-r--r--op-mode-definitions/load-balancing_haproxy.xml.in4
-rw-r--r--op-mode-definitions/load-balancing_wan.xml.in4
-rw-r--r--op-mode-definitions/mdns-reflector.xml.in2
-rw-r--r--op-mode-definitions/monitor-bridge.xml.in8
-rw-r--r--op-mode-definitions/monitor-log.xml.in2
-rw-r--r--op-mode-definitions/monitor-ndp.xml.in8
-rw-r--r--op-mode-definitions/nat.xml.in22
-rw-r--r--op-mode-definitions/nat66.xml.in16
-rw-r--r--op-mode-definitions/ntp.xml.in12
-rw-r--r--op-mode-definitions/openconnect.xml.in2
-rw-r--r--op-mode-definitions/openvpn.xml.in16
-rw-r--r--op-mode-definitions/pki.xml.in56
-rw-r--r--op-mode-definitions/policy-route.xml.in12
-rw-r--r--op-mode-definitions/poweroff.xml.in12
-rw-r--r--op-mode-definitions/raid.xml.in8
-rw-r--r--op-mode-definitions/reboot.xml.in12
-rw-r--r--op-mode-definitions/reset-connection.xml.in18
-rw-r--r--op-mode-definitions/reset-conntrack.xml.in2
-rw-r--r--op-mode-definitions/reset-session.xml.in2
-rw-r--r--op-mode-definitions/reset-vpn.xml.in18
-rw-r--r--op-mode-definitions/reset-wireguard.xml.in4
-rw-r--r--op-mode-definitions/restart-frr.xml.in28
-rw-r--r--op-mode-definitions/restart-ntp.xml.in2
-rw-r--r--op-mode-definitions/restart-router-advert.xml.in2
-rw-r--r--op-mode-definitions/restart-serial.xml.in4
-rw-r--r--op-mode-definitions/restart-snmp.xml.in2
-rw-r--r--op-mode-definitions/restart-ssh.xml.in2
-rw-r--r--op-mode-definitions/rpki.xml.in57
-rw-r--r--op-mode-definitions/sflow.xml.in3
-rw-r--r--op-mode-definitions/show-acceleration.xml.in10
-rw-r--r--op-mode-definitions/show-conntrack.xml.in6
-rw-r--r--op-mode-definitions/show-environment.xml.in2
-rw-r--r--op-mode-definitions/show-hardware.xml.in6
-rw-r--r--op-mode-definitions/show-interfaces-bonding.xml.in8
-rw-r--r--op-mode-definitions/show-interfaces-pppoe.xml.in2
-rw-r--r--op-mode-definitions/show-interfaces-sstpc.xml.in2
-rw-r--r--op-mode-definitions/show-interfaces-wireguard.xml.in10
-rw-r--r--op-mode-definitions/show-interfaces-wireless.xml.in4
-rw-r--r--op-mode-definitions/show-interfaces-wwan.xml.in18
-rw-r--r--op-mode-definitions/show-ip-ports.xml.in2
-rw-r--r--op-mode-definitions/show-kernel-modules.xml.in2
-rwxr-xr-xop-mode-definitions/show-log.xml.in4
-rw-r--r--op-mode-definitions/show-login.xml.in6
-rw-r--r--op-mode-definitions/show-qos.xml.in14
-rw-r--r--op-mode-definitions/show-raid.xml.in2
-rw-r--r--op-mode-definitions/show-ssh.xml.in2
-rw-r--r--op-mode-definitions/show-system.xml.in14
-rw-r--r--op-mode-definitions/show-techsupport_report.xml.in2
-rw-r--r--op-mode-definitions/show-version.xml.in4
-rw-r--r--op-mode-definitions/suricata.xml.in4
-rw-r--r--op-mode-definitions/system-image.xml.in32
-rw-r--r--op-mode-definitions/terminal.xml.in2
-rw-r--r--op-mode-definitions/vpn-ipsec.xml.in56
-rw-r--r--op-mode-definitions/vrrp.xml.in12
-rw-r--r--op-mode-definitions/wake-on-lan.xml.in2
-rw-r--r--op-mode-definitions/webproxy.xml.in12
-rw-r--r--python/vyos/config_mgmt.py6
-rw-r--r--python/vyos/configsession.py27
-rw-r--r--python/vyos/defaults.py6
-rw-r--r--python/vyos/frrender.py17
-rw-r--r--python/vyos/utils/commit.py27
-rw-r--r--python/vyos/vyconf_session.py7
-rw-r--r--smoketest/config-tests/conntrack-basic35
-rw-r--r--smoketest/configs/conntrack-basic92
-rwxr-xr-xsmoketest/scripts/cli/test_firewall.py2
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_openvpn.py5
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_ospf.py18
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_rpki.py187
-rwxr-xr-xsmoketest/scripts/cli/test_qos.py12
-rwxr-xr-xsmoketest/scripts/cli/test_system_conntrack.py13
-rwxr-xr-xsmoketest/scripts/system/test_kernel_options.py18
-rwxr-xr-xsrc/conf_mode/container.py2
-rwxr-xr-xsrc/conf_mode/interfaces_bridge.py8
-rwxr-xr-xsrc/conf_mode/interfaces_wwan.py5
-rwxr-xr-xsrc/conf_mode/nat.py7
-rwxr-xr-xsrc/conf_mode/protocols_ospf.py13
-rwxr-xr-xsrc/conf_mode/protocols_rpki.py17
-rwxr-xr-xsrc/conf_mode/system_conntrack.py2
-rwxr-xr-xsrc/conf_mode/vpn_openconnect.py325
-rw-r--r--src/etc/default/vyatta1
-rwxr-xr-xsrc/helpers/reset_section.py124
-rwxr-xr-xsrc/helpers/set_vyconf_backend.py4
-rwxr-xr-xsrc/helpers/vyconf_cli.py47
-rwxr-xr-xsrc/helpers/vyos-sudo.py33
-rw-r--r--src/migration-scripts/conntrack/5-to-630
-rwxr-xr-xsrc/op_mode/install_mok.sh7
-rwxr-xr-xsrc/op_mode/show_bonding_detail.sh7
-rwxr-xr-xsrc/op_mode/show_ppp_stats.sh5
-rwxr-xr-xsrc/op_mode/update_suricata.sh8
-rw-r--r--src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run17
-rw-r--r--src/services/api/rest/models.py10
-rw-r--r--src/services/api/rest/routers.py76
-rwxr-xr-xsrc/services/vyos-configd14
-rw-r--r--src/shim/vyshim.c41
152 files changed, 1796 insertions, 964 deletions
diff --git a/data/templates/aws/override_aws_gwlbtun.conf.j2 b/data/templates/aws/override_aws_gwlbtun.conf.j2
index 4c566d852..e7e60dc95 100644
--- a/data/templates/aws/override_aws_gwlbtun.conf.j2
+++ b/data/templates/aws/override_aws_gwlbtun.conf.j2
@@ -30,7 +30,7 @@ After=vyos-router.service
[Service]
EnvironmentFile=
-ExecStart=/usr/bin/gwlbtun {{ args | join(' ') }}
-CapabilityBoundingSet=CAP_NET_ADMIN
+ExecStart=/usr/sbin/gwlbtun {{ args | join(' ') }}
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
Restart=always
RestartSec=10
diff --git a/data/templates/conntrack/sysctl.conf.j2 b/data/templates/conntrack/sysctl.conf.j2
index cd6c34ede..8d934db9c 100644
--- a/data/templates/conntrack/sysctl.conf.j2
+++ b/data/templates/conntrack/sysctl.conf.j2
@@ -1,10 +1,11 @@
# Autogenerated by system_conntrack.py
{# all values have defaults - thus no checking required #}
+net.netfilter.nf_conntrack_buckets = {{ hash_size }}
net.netfilter.nf_conntrack_expect_max = {{ expect_table_size }}
net.netfilter.nf_conntrack_max = {{ table_size }}
net.ipv4.tcp_max_syn_backlog = {{ tcp.half_open_connections }}
net.netfilter.nf_conntrack_tcp_loose = {{ '1' if tcp.loose is vyos_defined('enable') else '0' }}
net.netfilter.nf_conntrack_tcp_max_retrans = {{ tcp.max_retrans }}
net.netfilter.nf_conntrack_acct = {{ '1' if flow_accounting is vyos_defined else '0' }}
-net.netfilter.nf_conntrack_timestamp = {{ '1' if log.timestamp is vyos_defined else '0' }} \ No newline at end of file
+net.netfilter.nf_conntrack_timestamp = {{ '1' if log.timestamp is vyos_defined else '0' }}
diff --git a/data/templates/conntrack/vyos_nf_conntrack.conf.j2 b/data/templates/conntrack/vyos_nf_conntrack.conf.j2
deleted file mode 100644
index 1b12fec5f..000000000
--- a/data/templates/conntrack/vyos_nf_conntrack.conf.j2
+++ /dev/null
@@ -1,2 +0,0 @@
-# Autogenerated by system_conntrack.py
-options nf_conntrack hashsize={{ hash_size }}
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index f5cd801e4..bf051bb57 100755
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -416,7 +416,9 @@ table bridge vyos_filter {
ct state invalid ether type arp counter accept
ct state invalid ether type 8021q counter accept
ct state invalid ether type 8021ad counter accept
+ ct state invalid ether type 0x8863 counter accept
ct state invalid ether type 0x8864 counter accept
+ ct state invalid ether type 0x0842 counter accept
{% endif %}
{% endif %}
{% if global_options.state_policy is vyos_defined %}
diff --git a/data/templates/frr/ospfd.frr.j2 b/data/templates/frr/ospfd.frr.j2
index bc2c74b10..79824fb64 100644
--- a/data/templates/frr/ospfd.frr.j2
+++ b/data/templates/frr/ospfd.frr.j2
@@ -82,7 +82,7 @@ router ospf {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
{% for area_id, area_config in area.items() %}
{% if area_config.area_type is vyos_defined %}
{% for type, type_config in area_config.area_type.items() if type != 'normal' %}
- area {{ area_id }} {{ type }} {{ 'no-summary' if type_config.no_summary is vyos_defined }}
+ area {{ area_id }} {{ type }} {{ 'translate-' + type_config.translate if type_config.translate is vyos_defined }} {{ 'no-summary' if type_config.no_summary is vyos_defined }}
{% if type_config.default_cost is vyos_defined %}
area {{ area_id }} default-cost {{ type_config.default_cost }}
{% endif %}
diff --git a/data/templates/frr/rpki.frr.j2 b/data/templates/frr/rpki.frr.j2
index edf0ccaa2..e35f99766 100644
--- a/data/templates/frr/rpki.frr.j2
+++ b/data/templates/frr/rpki.frr.j2
@@ -1,8 +1,8 @@
-!
+{% macro rpki_config(rpki) %}
{# as FRR does not support deleting the entire rpki section we leave it in place even when it's empty #}
rpki
-{% if cache is vyos_defined %}
-{% for peer, peer_config in cache.items() %}
+{% if rpki.cache is vyos_defined %}
+{% for peer, peer_config in rpki.cache.items() %}
{# port is mandatory and preference uses a default value #}
{% if peer_config.ssh.username is vyos_defined %}
rpki cache ssh {{ peer | replace('_', '-') }} {{ peer_config.port }} {{ peer_config.ssh.username }} {{ peer_config.ssh.private_key_file }} {{ peer_config.ssh.public_key_file }}{{ ' source ' ~ peer_config.source_address if peer_config.source_address is vyos_defined }} preference {{ peer_config.preference }}
@@ -11,14 +11,24 @@ rpki
{% endif %}
{% endfor %}
{% endif %}
-{% if expire_interval is vyos_defined %}
- rpki expire_interval {{ expire_interval }}
+{% if rpki.expire_interval is vyos_defined %}
+ rpki expire_interval {{ rpki.expire_interval }}
{% endif %}
-{% if polling_period is vyos_defined %}
- rpki polling_period {{ polling_period }}
+{% if rpki.polling_period is vyos_defined %}
+ rpki polling_period {{ rpki.polling_period }}
{% endif %}
-{% if retry_interval is vyos_defined %}
- rpki retry_interval {{ retry_interval }}
+{% if rpki.retry_interval is vyos_defined %}
+ rpki retry_interval {{ rpki.retry_interval }}
{% endif %}
exit
+{# j2lint: disable=jinja-statements-delimeter #}
+{%- endmacro -%}
+!
+{% if rpki.vrf is vyos_defined %}
+vrf {{ rpki.vrf }}
+ {{ rpki_config(rpki) | indent(width=1) }}
+exit-vrf
+{% else %}
+{{ rpki_config(rpki) }}
+{% endif %}
!
diff --git a/debian/vyos-1x.links b/debian/vyos-1x.links
index 402c91306..aef22555c 100644
--- a/debian/vyos-1x.links
+++ b/debian/vyos-1x.links
@@ -1,2 +1,4 @@
/etc/netplug/linkup.d/vyos-python-helper /etc/netplug/linkdown.d/vyos-python-helper
/usr/libexec/vyos/system/standalone_root_pw_reset /opt/vyatta/sbin/standalone_root_pw_reset
+/usr/libexec/vyos/vyconf_cli.py /usr/libexec/vyos/vyconf/bin/vy_commit
+/usr/libexec/vyos/vyconf_cli.py /usr/libexec/vyos/vyconf/bin/vy_in_session
diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index 01ea16bc6..794da4f9d 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -51,7 +51,7 @@
<children>
<leafNode name="invalid-connections">
<properties>
- <help>Accept ARP, 802.1q, 802.1ad, DHCP and PPPoE despite being marked as invalid connections</help>
+ <help>Accept ARP, 802.1q, 802.1ad, DHCP, PPPoE and WoL despite being marked as invalid connections</help>
<valueless/>
</properties>
</leafNode>
diff --git a/interface-definitions/include/rpki/protocol-common-config.xml.i b/interface-definitions/include/rpki/protocol-common-config.xml.i
new file mode 100644
index 000000000..0b3356604
--- /dev/null
+++ b/interface-definitions/include/rpki/protocol-common-config.xml.i
@@ -0,0 +1,87 @@
+<!-- include start from rpki/protocol-common-config.xml.i -->
+<tagNode name="cache">
+ <properties>
+ <help>RPKI cache server address</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IP address of RPKI server</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of RPKI server</description>
+ </valueHelp>
+ <valueHelp>
+ <format>hostname</format>
+ <description>Fully qualified domain name of RPKI server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-address"/>
+ <validator name="fqdn"/>
+ </constraint>
+ </properties>
+ <children>
+ #include <include/port-number.xml.i>
+ <leafNode name="preference">
+ <properties>
+ <help>Preference of the cache server</help>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>Preference of the cache server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ #include <include/source-address-ipv4.xml.i>
+ <node name="ssh">
+ <properties>
+ <help>RPKI SSH connection settings</help>
+ </properties>
+ <children>
+ #include <include/pki/openssh-key.xml.i>
+ #include <include/generic-username.xml.i>
+ </children>
+ </node>
+ </children>
+</tagNode>
+<leafNode name="expire-interval">
+ <properties>
+ <help>Interval to wait before expiring the cache</help>
+ <valueHelp>
+ <format>u32:600-172800</format>
+ <description>Interval in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 600-172800"/>
+ </constraint>
+ </properties>
+ <defaultValue>7200</defaultValue>
+</leafNode>
+<leafNode name="polling-period">
+ <properties>
+ <help>Cache polling interval</help>
+ <valueHelp>
+ <format>u32:1-86400</format>
+ <description>Interval in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-86400"/>
+ </constraint>
+ </properties>
+ <defaultValue>300</defaultValue>
+</leafNode>
+<leafNode name="retry-interval">
+ <properties>
+ <help>Retry interval to connect to the cache server</help>
+ <valueHelp>
+ <format>u32:1-7200</format>
+ <description>Interval in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-7200"/>
+ </constraint>
+ </properties>
+ <defaultValue>600</defaultValue>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/version/conntrack-version.xml.i b/interface-definitions/include/version/conntrack-version.xml.i
index 6995ce119..517424034 100644
--- a/interface-definitions/include/version/conntrack-version.xml.i
+++ b/interface-definitions/include/version/conntrack-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/conntrack-version.xml.i -->
-<syntaxVersion component='conntrack' version='5'></syntaxVersion>
+<syntaxVersion component='conntrack' version='6'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/protocols_rpki.xml.in b/interface-definitions/protocols_rpki.xml.in
index 9e2e84717..a298cdbfd 100644
--- a/interface-definitions/protocols_rpki.xml.in
+++ b/interface-definitions/protocols_rpki.xml.in
@@ -8,91 +8,7 @@
<priority>819</priority>
</properties>
<children>
- <tagNode name="cache">
- <properties>
- <help>RPKI cache server address</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IP address of RPKI server</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address of RPKI server</description>
- </valueHelp>
- <valueHelp>
- <format>hostname</format>
- <description>Fully qualified domain name of RPKI server</description>
- </valueHelp>
- <constraint>
- <validator name="ip-address"/>
- <validator name="fqdn"/>
- </constraint>
- </properties>
- <children>
- #include <include/port-number.xml.i>
- <leafNode name="preference">
- <properties>
- <help>Preference of the cache server</help>
- <valueHelp>
- <format>u32:1-255</format>
- <description>Preference of the cache server</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-255"/>
- </constraint>
- </properties>
- </leafNode>
- #include <include/source-address-ipv4.xml.i>
- <node name="ssh">
- <properties>
- <help>RPKI SSH connection settings</help>
- </properties>
- <children>
- #include <include/pki/openssh-key.xml.i>
- #include <include/generic-username.xml.i>
- </children>
- </node>
- </children>
- </tagNode>
- <leafNode name="expire-interval">
- <properties>
- <help>Interval to wait before expiring the cache</help>
- <valueHelp>
- <format>u32:600-172800</format>
- <description>Interval in seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 600-172800"/>
- </constraint>
- </properties>
- <defaultValue>7200</defaultValue>
- </leafNode>
- <leafNode name="polling-period">
- <properties>
- <help>Cache polling interval</help>
- <valueHelp>
- <format>u32:1-86400</format>
- <description>Interval in seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-86400"/>
- </constraint>
- </properties>
- <defaultValue>300</defaultValue>
- </leafNode>
- <leafNode name="retry-interval">
- <properties>
- <help>Retry interval to connect to the cache server</help>
- <valueHelp>
- <format>u32:1-7200</format>
- <description>Interval in seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-7200"/>
- </constraint>
- </properties>
- <defaultValue>600</defaultValue>
- </leafNode>
+ #include <include/rpki/protocol-common-config.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/system_conntrack.xml.in b/interface-definitions/system_conntrack.xml.in
index 54610b625..92c4d24cf 100644
--- a/interface-definitions/system_conntrack.xml.in
+++ b/interface-definitions/system_conntrack.xml.in
@@ -32,14 +32,14 @@
<properties>
<help>Hash size for connection tracking table</help>
<valueHelp>
- <format>u32:1-50000000</format>
+ <format>u32:1024-50000000</format>
<description>Size of hash to use for connection tracking table</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1-50000000"/>
+ <validator name="numeric" argument="--range 1024-50000000"/>
</constraint>
</properties>
- <defaultValue>32768</defaultValue>
+ <defaultValue>65536</defaultValue>
</leafNode>
<node name="ignore">
<properties>
diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in
index a20be995a..03128cb99 100644
--- a/interface-definitions/vrf.xml.in
+++ b/interface-definitions/vrf.xml.in
@@ -95,6 +95,15 @@
#include <include/ospfv3/protocol-common-config.xml.i>
</children>
</node>
+ <node name="rpki" owner="${vyos_conf_scripts_dir}/protocols_rpki.py $VAR(../../@)">
+ <properties>
+ <help>Resource Public Key Infrastructure (RPKI)</help>
+ <priority>820</priority>
+ </properties>
+ <children>
+ #include <include/rpki/protocol-common-config.xml.i>
+ </children>
+ </node>
<node name="static" owner="${vyos_conf_scripts_dir}/protocols_static.py $VAR(../../@)">
<properties>
<help>Static Routing</help>
diff --git a/libvyosconfig b/libvyosconfig
-Subproject 3e295c0c0256746f0811a9cb90d2489fd76a465
+Subproject f632edbc947fbcda1916ababacc5f2659cf6cfb
diff --git a/op-mode-definitions/clear-interfaces.xml.in b/op-mode-definitions/clear-interfaces.xml.in
index de2c3443e..31348808a 100644
--- a/op-mode-definitions/clear-interfaces.xml.in
+++ b/op-mode-definitions/clear-interfaces.xml.in
@@ -14,19 +14,8 @@
<properties>
<help>Clear interface counters for all interfaces</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters</command>
</node>
- <tagNode name="connection">
- <properties>
- <help>Bring connection-oriented network interface down and up</help>
- <completionHelp>
- <path>interfaces pppoe</path>
- <path>interfaces sstpc</path>
- <path>interfaces wwan</path>
- </completionHelp>
- </properties>
- <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --connect --disconnect --interface "$3"</command>
- </tagNode>
<node name="bonding">
<properties>
<help>Clear Bonding interface information</help>
@@ -36,7 +25,7 @@
<properties>
<help>Clear all bonding interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -52,7 +41,7 @@
<properties>
<help>Clear interface counters for a given bonding interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -65,7 +54,7 @@
<properties>
<help>Clear all bridge interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -81,7 +70,7 @@
<properties>
<help>Clear interface counters for a given bridge interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -94,7 +83,7 @@
<properties>
<help>Clear all dummy interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -110,7 +99,7 @@
<properties>
<help>Clear interface counters for a given dummy interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -123,7 +112,7 @@
<properties>
<help>Clear all ethernet interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -139,7 +128,7 @@
<properties>
<help>Clear interface counters for a given ethernet interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -152,7 +141,7 @@
<properties>
<help>Clear all GENEVE interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -168,7 +157,7 @@
<properties>
<help>Clear interface counters for a given GENEVE interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -181,7 +170,7 @@
<properties>
<help>Clear all Input interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -197,7 +186,7 @@
<properties>
<help>Clear interface counters for a given Input interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -210,7 +199,7 @@
<properties>
<help>Clear all L2TPv3 interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -226,7 +215,7 @@
<properties>
<help>Clear interface counters for a given L2TPv3 interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -239,7 +228,7 @@
<properties>
<help>Clear all loopback interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -255,7 +244,7 @@
<properties>
<help>Clear interface counters for a given loopback interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -268,7 +257,7 @@
<properties>
<help>Clear all MACsec interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -284,7 +273,7 @@
<properties>
<help>Clear interface counters for a given MACsec interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -297,7 +286,7 @@
<properties>
<help>Clear all OpenVPN interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -313,7 +302,7 @@
<properties>
<help>Clear interface counters for a given OpenVPN interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -326,7 +315,7 @@
<properties>
<help>Clear all PPPoE interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -342,7 +331,7 @@
<properties>
<help>Clear interface counters for a given PPPoE interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -355,7 +344,7 @@
<properties>
<help>Clear all Pseudo-Ethernet interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -371,7 +360,7 @@
<properties>
<help>Clear interface counters for a given Pseudo-Ethernet interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -384,7 +373,7 @@
<properties>
<help>Clear all SSTP interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -400,7 +389,7 @@
<properties>
<help>Clear interface counters for a given SSTP interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -413,7 +402,7 @@
<properties>
<help>Clear all tunnel interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -429,7 +418,7 @@
<properties>
<help>Clear interface counters for a given tunnel interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -442,7 +431,7 @@
<properties>
<help>Clear all virtual-ethernet interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -458,7 +447,7 @@
<properties>
<help>Clear interface counters for a given virtual-ethernet interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -471,7 +460,7 @@
<properties>
<help>Clear all VTI interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -487,7 +476,7 @@
<properties>
<help>Clear interface counters for a given VTI interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -500,7 +489,7 @@
<properties>
<help>Clear all VXLAN interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -516,7 +505,7 @@
<properties>
<help>Clear interface counters for a given VXLAN interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -529,7 +518,7 @@
<properties>
<help>Clear all Wireguard interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</node>
</children>
</node>
@@ -545,7 +534,7 @@
<properties>
<help>Clear interface counters for a given Wireguard interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -558,7 +547,7 @@
<properties>
<help>Clear all wireless interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</leafNode>
</children>
</node>
@@ -574,7 +563,7 @@
<properties>
<help>Clear counters for a given wireless interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
@@ -587,7 +576,7 @@
<properties>
<help>Clear all WWAN interface counters</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-type "$3"</command>
</leafNode>
</children>
</node>
@@ -603,7 +592,7 @@
<properties>
<help>Clear counters for a given WWAN interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces.py clear_counters --intf-name "$4"</command>
</leafNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/clear-log.xml.in b/op-mode-definitions/clear-log.xml.in
index 1f4a1aacd..5457ce7d6 100644
--- a/op-mode-definitions/clear-log.xml.in
+++ b/op-mode-definitions/clear-log.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Clear contents of current master log file</help>
</properties>
- <command>sudo journalctl --rotate --vacuum-time=1s</command>
+ <command>journalctl --rotate --vacuum-time=1s</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/connect.xml.in b/op-mode-definitions/connect.xml.in
index 9027056a6..73bfb598a 100644
--- a/op-mode-definitions/connect.xml.in
+++ b/op-mode-definitions/connect.xml.in
@@ -24,7 +24,7 @@
<path>interfaces wwan</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --connect --interface "$3"</command>
+ <command>${vyos_op_scripts_dir}/connect_disconnect.py --connect --interface "$3"</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/conntrack-sync.xml.in b/op-mode-definitions/conntrack-sync.xml.in
index a66331f27..d52939bed 100644
--- a/op-mode-definitions/conntrack-sync.xml.in
+++ b/op-mode-definitions/conntrack-sync.xml.in
@@ -11,13 +11,13 @@
<properties>
<help>Reset external cache and request resync with other systems</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py reset_external_cache</command>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py reset_external_cache</command>
</leafNode>
<leafNode name="internal-cache">
<properties>
<help>Reset internal cache and request resync with other systems</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py reset_internal_cache</command>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py reset_internal_cache</command>
</leafNode>
</children>
</node>
@@ -29,7 +29,7 @@
<properties>
<help>Restart the connection tracking synchronization service</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py restart</command>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py restart</command>
</leafNode>
</children>
</node>
@@ -49,19 +49,19 @@
<properties>
<help>Show external connection tracking cache entries</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py show_external_cache</command>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py show_external_cache</command>
<children>
<leafNode name="main">
<properties>
<help>Show external main connection tracking cache entries</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py show_external_cache</command>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py show_external_cache</command>
</leafNode>
<leafNode name="expect">
<properties>
<help>Show external expect connection tracking cache entries</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py show_external_expect</command>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py show_external_expect</command>
</leafNode>
</children>
</node>
@@ -69,19 +69,19 @@
<properties>
<help>Show internal connection tracking cache entries</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py show_internal_cache</command>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py show_internal_cache</command>
<children>
<leafNode name="main">
<properties>
<help>Show internal main connection tracking cache entries</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py show_internal_cache</command>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py show_internal_cache</command>
</leafNode>
<leafNode name="expect">
<properties>
<help>Show internal expect connection tracking cache entries</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py show_internal_expect</command>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py show_internal_expect</command>
</leafNode>
</children>
</node>
@@ -91,13 +91,13 @@
<properties>
<help>Show connection syncing statistics</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py show_statistics</command>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py show_statistics</command>
</leafNode>
<leafNode name="status">
<properties>
<help>Show conntrack-sync status</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py show_status</command>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py show_status</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/container.xml.in b/op-mode-definitions/container.xml.in
index bb6f97b02..df28a792c 100644
--- a/op-mode-definitions/container.xml.in
+++ b/op-mode-definitions/container.xml.in
@@ -11,7 +11,7 @@
<properties>
<help>Pull a new image for container</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/container.py add_image --name "${4}"</command>
+ <command>${vyos_op_scripts_dir}/container.py add_image --name "${4}"</command>
</tagNode>
</children>
</node>
@@ -26,7 +26,7 @@
<path>container name</path>
</completionHelp>
</properties>
- <command>sudo podman exec --interactive --tty "$3" /bin/sh</command>
+ <command>podman exec --interactive --tty "$3" /bin/sh</command>
</tagNode>
</children>
</node>
@@ -42,10 +42,10 @@
<help>Delete container image</help>
<completionHelp>
<list>all</list>
- <script>sudo podman image ls -q</script>
+ <script>podman image ls -q</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/container.py delete_image --name "${4}"</command>
+ <command>${vyos_op_scripts_dir}/container.py delete_image --name "${4}"</command>
</tagNode>
</children>
</node>
@@ -70,7 +70,7 @@
<list>&lt;filename&gt;</list>
</completionHelp>
</properties>
- <command>sudo podman build --net host --layers --force-rm --tag "$4" $6</command>
+ <command>podman build --net host --layers --force-rm --tag "$4" $6</command>
</tagNode>
</children>
</tagNode>
@@ -89,7 +89,7 @@
<path>container name</path>
</completionHelp>
</properties>
- <command>sudo podman logs --follow --names "$4"</command>
+ <command>podman logs --follow --names "$4"</command>
</tagNode>
</children>
</node>
@@ -101,27 +101,27 @@
<properties>
<help>Show containers</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/container.py show_container</command>
+ <command>${vyos_op_scripts_dir}/container.py show_container</command>
<children>
<node name="json">
<properties>
<help>Show containers in JSON format</help>
</properties>
<!-- no admin check -->
- <command>sudo ${vyos_op_scripts_dir}/container.py show_container --raw</command>
+ <command>${vyos_op_scripts_dir}/container.py show_container --raw</command>
</node>
<node name="image">
<properties>
<help>Show container image</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/container.py show_image</command>
+ <command>${vyos_op_scripts_dir}/container.py show_image</command>
<children>
<node name="json">
<properties>
<help>Show container image in JSON format</help>
</properties>
<!-- no admin check -->
- <command>sudo ${vyos_op_scripts_dir}/container.py show_image --raw</command>
+ <command>${vyos_op_scripts_dir}/container.py show_image --raw</command>
</node>
</children>
</node>
@@ -133,21 +133,21 @@
</completionHelp>
</properties>
<!-- no admin check -->
- <command>sudo podman logs --names "$4"</command>
+ <command>podman logs --names "$4"</command>
</tagNode>
<node name="network">
<properties>
<help>Show available container networks</help>
</properties>
<!-- no admin check -->
- <command>sudo ${vyos_op_scripts_dir}/container.py show_network</command>
+ <command>${vyos_op_scripts_dir}/container.py show_network</command>
<children>
<node name="json">
<properties>
<help>Show available container networks in JSON format</help>
</properties>
<!-- no admin check -->
- <command>sudo ${vyos_op_scripts_dir}/container.py show_network --raw</command>
+ <command>${vyos_op_scripts_dir}/container.py show_network --raw</command>
</node>
</children>
</node>
@@ -162,7 +162,7 @@
<path>container name</path>
</completionHelp>
</properties>
- <command>sudo podman logs --names "$4"</command>
+ <command>podman logs --names "$4"</command>
</tagNode>
</children>
</node>
@@ -177,7 +177,7 @@
<path>container name</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/container.py restart --name="$3"</command>
+ <command>${vyos_op_scripts_dir}/container.py restart --name="$3"</command>
</tagNode>
</children>
</node>
@@ -198,7 +198,7 @@
<path>container name</path>
</completionHelp>
</properties>
- <command>if cli-shell-api existsActive container name "$4"; then sudo podman pull $(cli-shell-api returnActiveValue container name "$4" image); else echo "Container $4 does not exist"; fi</command>
+ <command>if cli-shell-api existsActive container name "$4"; then podman pull $(cli-shell-api returnActiveValue container name "$4" image); else echo "Container $4 does not exist"; fi</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/crypt.xml.in b/op-mode-definitions/crypt.xml.in
index 105592a1a..5a17cca12 100644
--- a/op-mode-definitions/crypt.xml.in
+++ b/op-mode-definitions/crypt.xml.in
@@ -9,19 +9,19 @@
<properties>
<help>Disable config encryption using TPM or recovery key</help>
</properties>
- <command>sudo ${vyos_libexec_dir}/vyos-config-encrypt.py --disable</command>
+ <command>${vyos_libexec_dir}/vyos-config-encrypt.py --disable</command>
</node>
<node name="enable">
<properties>
<help>Enable config encryption using TPM</help>
</properties>
- <command>sudo ${vyos_libexec_dir}/vyos-config-encrypt.py --enable</command>
+ <command>${vyos_libexec_dir}/vyos-config-encrypt.py --enable</command>
</node>
<node name="load">
<properties>
<help>Load encrypted config volume using TPM or recovery key</help>
</properties>
- <command>sudo ${vyos_libexec_dir}/vyos-config-encrypt.py --load</command>
+ <command>${vyos_libexec_dir}/vyos-config-encrypt.py --load</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/date.xml.in b/op-mode-definitions/date.xml.in
index 4e62a8335..90bddd7f3 100644
--- a/op-mode-definitions/date.xml.in
+++ b/op-mode-definitions/date.xml.in
@@ -35,7 +35,7 @@
<list>&lt;MMDDhhmm&gt; &lt;MMDDhhmmYY&gt; &lt;MMDDhhmmCCYY&gt; &lt;MMDDhhmmCCYY.ss&gt;</list>
</completionHelp>
</properties>
- <command>sudo bash -c "/bin/date '$3' &amp;&amp; hwclock --systohc --localtime"</command>
+ <command>bash -c "/bin/date '$3' &amp;&amp; hwclock --systohc --localtime"</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/dhcp.xml.in b/op-mode-definitions/dhcp.xml.in
index 4ee66a90c..2da3bb5dc 100644
--- a/op-mode-definitions/dhcp.xml.in
+++ b/op-mode-definitions/dhcp.xml.in
@@ -171,7 +171,7 @@
<properties>
<help>Show DHCPv6 server leases</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/dhcp.py show_server_leases --family inet6</command>
+ <command>${vyos_op_scripts_dir}/dhcp.py show_server_leases --family inet6</command>
<children>
<tagNode name="pool">
<properties>
@@ -262,13 +262,13 @@
<properties>
<help>Restart DHCP server</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name dhcp</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name dhcp</command>
</node>
<node name="relay-agent">
<properties>
<help>Restart DHCP relay-agent</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_dhcp_relay.py --ipv4</command>
+ <command>${vyos_op_scripts_dir}/restart_dhcp_relay.py --ipv4</command>
</node>
</children>
</node>
@@ -281,13 +281,13 @@
<properties>
<help>Restart DHCPv6 server</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name dhcpv6</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name dhcpv6</command>
</node>
<node name="relay-agent">
<properties>
<help>Restart DHCPv6 relay-agent</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_dhcp_relay.py --ipv6</command>
+ <command>${vyos_op_scripts_dir}/restart_dhcp_relay.py --ipv6</command>
</node>
</children>
</node>
@@ -310,7 +310,7 @@
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/dhcp.py renew_client_lease --family inet --interface "$4"</command>
+ <command>${vyos_op_scripts_dir}/dhcp.py renew_client_lease --family inet --interface "$4"</command>
</tagNode>
</children>
</node>
@@ -326,7 +326,7 @@
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/dhcp.py renew_client_lease --family inet6 --interface "$4"</command>
+ <command>${vyos_op_scripts_dir}/dhcp.py renew_client_lease --family inet6 --interface "$4"</command>
</tagNode>
</children>
</node>
@@ -349,7 +349,7 @@
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/dhcp.py release_client_lease --family inet --interface "$4"</command>
+ <command>${vyos_op_scripts_dir}/dhcp.py release_client_lease --family inet --interface "$4"</command>
</tagNode>
</children>
</node>
@@ -365,7 +365,7 @@
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/dhcp.py release_client_lease --family inet6 --interface "$4"</command>
+ <command>${vyos_op_scripts_dir}/dhcp.py release_client_lease --family inet6 --interface "$4"</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/disconnect.xml.in b/op-mode-definitions/disconnect.xml.in
index f0523d9b9..7891a6488 100644
--- a/op-mode-definitions/disconnect.xml.in
+++ b/op-mode-definitions/disconnect.xml.in
@@ -14,7 +14,7 @@
<path>interfaces wwan</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --disconnect --interface "$3"</command>
+ <command>${vyos_op_scripts_dir}/connect_disconnect.py --disconnect --interface "$3"</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/disks.xml.in b/op-mode-definitions/disks.xml.in
index 8a1e2c86f..e3ffe8da9 100644
--- a/op-mode-definitions/disks.xml.in
+++ b/op-mode-definitions/disks.xml.in
@@ -19,7 +19,7 @@
<properties>
<help>Format this disk the same as another disk</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/format_disk.py --by-id --target $4 --proto $6</command>
+ <command>${vyos_op_scripts_dir}/format_disk.py --by-id --target $4 --proto $6</command>
</tagNode>
</children>
</tagNode>
@@ -40,7 +40,7 @@
<script>${vyos_completion_dir}/list_disks.py --exclude ${COMP_WORDS[2]}</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/format_disk.py --target $3 --proto $5</command>
+ <command>${vyos_op_scripts_dir}/format_disk.py --target $3 --proto $5</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/dns-dynamic.xml.in b/op-mode-definitions/dns-dynamic.xml.in
index ef0f03988..1a1176835 100644
--- a/op-mode-definitions/dns-dynamic.xml.in
+++ b/op-mode-definitions/dns-dynamic.xml.in
@@ -16,7 +16,7 @@
<properties>
<help>Clear Dynamic DNS information cache (ddclient)</help>
</properties>
- <command>sudo rm -f /run/ddclient/ddclient.cache</command>
+ <command>rm -f /run/ddclient/ddclient.cache</command>
</leafNode>
</children>
</node>
@@ -78,7 +78,7 @@
<properties>
<help>Show Dynamic DNS status</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/dns.py show_dynamic_status</command>
+ <command>${vyos_op_scripts_dir}/dns.py show_dynamic_status</command>
</leafNode>
</children>
</node>
@@ -97,7 +97,7 @@
<properties>
<help>Restart Dynamic DNS service</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name dns_dynamic</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name dns_dynamic</command>
</node>
</children>
</node>
@@ -114,7 +114,7 @@
<properties>
<help>Reset Dynamic DNS information</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/dns.py reset_dynamic</command>
+ <command>${vyos_op_scripts_dir}/dns.py reset_dynamic</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/dns-forwarding.xml.in b/op-mode-definitions/dns-forwarding.xml.in
index fac3fc345..d25be6009 100644
--- a/op-mode-definitions/dns-forwarding.xml.in
+++ b/op-mode-definitions/dns-forwarding.xml.in
@@ -54,7 +54,7 @@
<properties>
<help>Show DNS Forwarding statistics</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/dns.py show_forwarding_statistics</command>
+ <command>${vyos_op_scripts_dir}/dns.py show_forwarding_statistics</command>
</leafNode>
</children>
</node>
@@ -73,7 +73,7 @@
<properties>
<help>Restart DNS Forwarding service</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name dns_forwarding</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name dns_forwarding</command>
</leafNode>
</children>
</node>
@@ -92,13 +92,13 @@
</properties>
<children>
<tagNode name="domain">
- <command>sudo ${vyos_op_scripts_dir}/dns.py reset_forwarding --domain $5</command>
+ <command>${vyos_op_scripts_dir}/dns.py reset_forwarding --domain $5</command>
<properties>
<help>Reset DNS Forwarding cache for a domain</help>
</properties>
</tagNode>
<leafNode name="all">
- <command>sudo ${vyos_op_scripts_dir}/dns.py reset_forwarding --all</command>
+ <command>${vyos_op_scripts_dir}/dns.py reset_forwarding --all</command>
<properties>
<help>Reset DNS Forwarding cache for all domains</help>
</properties>
diff --git a/op-mode-definitions/execute-shell.xml.in b/op-mode-definitions/execute-shell.xml.in
index dfdc1e371..241935607 100644
--- a/op-mode-definitions/execute-shell.xml.in
+++ b/op-mode-definitions/execute-shell.xml.in
@@ -14,7 +14,7 @@
<path>netns name</path>
</completionHelp>
</properties>
- <command>sudo ip netns exec $4 su - $(whoami)</command>
+ <command>ip netns exec $4 su - $(whoami)</command>
</tagNode>
<tagNode name="vrf">
<properties>
@@ -23,7 +23,7 @@
<path>vrf name</path>
</completionHelp>
</properties>
- <command>sudo ip vrf exec $4 su - $(whoami)</command>
+ <command>ip vrf exec $4 su - $(whoami)</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/file.xml.in b/op-mode-definitions/file.xml.in
index 549b9ad92..23c92f2b3 100644
--- a/op-mode-definitions/file.xml.in
+++ b/op-mode-definitions/file.xml.in
@@ -7,7 +7,7 @@
<help>Show the contents of a file, a directory or an image</help>
<completionHelp><imagePath/></completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/file.py --show $3</command>
+ <command>${vyos_op_scripts_dir}/file.py --show $3</command>
</tagNode>
</children>
</node>
@@ -27,7 +27,7 @@
<help>Destination path</help>
<completionHelp><imagePath/></completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/file.py --copy $3 $5
+ <command>${vyos_op_scripts_dir}/file.py --copy $3 $5
</command>
</tagNode>
</children>
@@ -44,7 +44,7 @@
<help>Delete a local file, possibly from an image</help>
<completionHelp><imagePath/></completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/file.py --delete $3</command>
+ <command>${vyos_op_scripts_dir}/file.py --delete $3</command>
</tagNode>
</children>
</node>
@@ -65,7 +65,7 @@
<script>${vyos_completion_dir}/list_images.py --no-running</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/file.py --clone $4</command>
+ <command>${vyos_op_scripts_dir}/file.py --clone $4</command>
<children>
<tagNode name="from">
<properties>
@@ -75,7 +75,7 @@
<script>${vyos_completion_dir}/list_images.py</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/file.py --clone-from $6 $4</command>
+ <command>${vyos_op_scripts_dir}/file.py --clone-from $6 $4</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/firewall.xml.in b/op-mode-definitions/firewall.xml.in
index 21159eb1b..f3f9d3ded 100755
--- a/op-mode-definitions/firewall.xml.in
+++ b/op-mode-definitions/firewall.xml.in
@@ -34,10 +34,10 @@
<path>firewall group detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_group --name $4 --detail $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show_group --name $4 --detail $5</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_group --name $4</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show_group --name $4</command>
</tagNode>
<node name="group">
<properties>
@@ -51,10 +51,10 @@
<path>firewall group detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_group --detail $4</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show_group --detail $4</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_group</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show_group</command>
</node>
<node name="bridge">
<properties>
@@ -78,7 +78,7 @@
<path>firewall bridge forward filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -95,13 +95,13 @@
<path>firewall bridge forward filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
@@ -122,7 +122,7 @@
<path>firewall bridge input filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -139,13 +139,13 @@
<path>firewall bridge input filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
@@ -166,7 +166,7 @@
<path>firewall bridge output filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -183,13 +183,13 @@
<path>firewall bridge output filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
@@ -210,7 +210,7 @@
<path>firewall bridge prerouting filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -227,13 +227,13 @@
<path>firewall bridge prerouting filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
@@ -252,7 +252,7 @@
<path>firewall bridge name detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -269,16 +269,16 @@
<path>firewall bridge name ${COMP_WORDS[4]} rule detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_family --family $3</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show_family --family $3</command>
</node>
<node name="ipv6">
<properties>
@@ -302,7 +302,7 @@
<path>firewall ipv6 forward filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -319,13 +319,13 @@
<path>firewall ipv6 forward filter rule detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
@@ -346,7 +346,7 @@
<path>firewall ipv6 input filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -363,13 +363,13 @@
<path>firewall ipv6 input filter rule detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
@@ -390,7 +390,7 @@
<path>firewall ipv6 output filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -407,13 +407,13 @@
<path>firewall ipv6 output filter rule detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
@@ -434,7 +434,7 @@
<path>firewall ipv6 prerouting raw detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -451,13 +451,13 @@
<path>firewall ipv6 prerouting raw rule detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
@@ -476,7 +476,7 @@
<path>firewall ipv6 name detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -493,16 +493,16 @@
<path>firewall ipv6 name ${COMP_WORDS[4]} rule detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_family --family $3</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show_family --family $3</command>
</node>
<node name="ipv4">
<properties>
@@ -526,7 +526,7 @@
<path>firewall ipv4 forward filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -543,13 +543,13 @@
<path>firewall ipv4 forward filter rule detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
@@ -570,7 +570,7 @@
<path>firewall ipv4 input filter detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -587,13 +587,13 @@
<path>firewall ipv4 input filter rule detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
@@ -614,7 +614,7 @@
<path>firewall ipv4 input output detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -631,13 +631,13 @@
<path>firewall ipv4 input output rule detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
@@ -658,7 +658,7 @@
<path>firewall ipv4 prerouting raw detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -675,13 +675,13 @@
<path>firewall ipv4 prerouting raw rule detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
@@ -700,7 +700,7 @@
<path>firewall ipv4 name detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
@@ -717,16 +717,16 @@
<path>firewall ipv4 name ${COMP_WORDS[4]} rule detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_family --family $3</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show_family --family $3</command>
</node>
<node name="statistics">
<properties>
@@ -740,16 +740,16 @@
<path>firewall statistics detail</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_statistics --detail $4</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show_statistics --detail $4</command>
</leafNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_statistics</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show_statistics</command>
</node>
<leafNode name="summary">
<properties>
<help>Show summary of firewall application</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_summary</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show_summary</command>
</leafNode>
<node name="zone-policy">
<properties>
@@ -763,13 +763,13 @@
<path>firewall zone</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/zone.py show --zone $5</command>
+ <command>${vyos_op_scripts_dir}/zone.py show --zone $5</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/zone.py show</command>
+ <command>${vyos_op_scripts_dir}/zone.py show</command>
</node>
</children>
- <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_all</command>
+ <command>${vyos_op_scripts_dir}/firewall.py --action show_all</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/flow-accounting-op.xml.in b/op-mode-definitions/flow-accounting-op.xml.in
index 46dc77d05..01686f0aa 100644
--- a/op-mode-definitions/flow-accounting-op.xml.in
+++ b/op-mode-definitions/flow-accounting-op.xml.in
@@ -57,7 +57,7 @@
<properties>
<help>Restart (net)flow accounting process</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/flow_accounting_op.py --action restart</command>
+ <command>${vyos_op_scripts_dir}/flow_accounting_op.py --action restart</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/force-arp.xml.in b/op-mode-definitions/force-arp.xml.in
index 05aa04e6b..368a08ac4 100644
--- a/op-mode-definitions/force-arp.xml.in
+++ b/op-mode-definitions/force-arp.xml.in
@@ -27,13 +27,13 @@
<properties>
<help>Send gratuitous ARP reply for specified address</help>
</properties>
- <command>sudo /usr/bin/arping -I $5 -c 1 -A $7</command>
+ <command>/usr/bin/arping -I $5 -c 1 -A $7</command>
<children>
<tagNode name="count">
<properties>
<help>Send specified number of ARP replies</help>
</properties>
- <command>sudo /usr/bin/arping -I $5 -c $9 -A $7</command>
+ <command>/usr/bin/arping -I $5 -c $9 -A $7</command>
</tagNode>
</children>
</tagNode>
@@ -58,13 +58,13 @@
<properties>
<help>Send gratuitous ARP request for specified address</help>
</properties>
- <command>sudo /usr/bin/arping -I $5 -c 1 -U $7</command>
+ <command>/usr/bin/arping -I $5 -c 1 -U $7</command>
<children>
<tagNode name="count">
<properties>
<help>Send specified number of ARP requests</help>
</properties>
- <command>sudo /usr/bin/arping -I $5 -c $9 -U $7</command>
+ <command>/usr/bin/arping -I $5 -c $9 -U $7</command>
</tagNode>
</children>
</tagNode>
@@ -89,7 +89,7 @@
<properties>
<help>Send ARP for DAD detection for specified address</help>
</properties>
- <command>sudo /usr/bin/arping -I $5 -c 1 -D $7</command>
+ <command>/usr/bin/arping -I $5 -c 1 -D $7</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/force-root-partition-auto-resize.xml.in b/op-mode-definitions/force-root-partition-auto-resize.xml.in
index f84c073b8..dc58a331d 100644
--- a/op-mode-definitions/force-root-partition-auto-resize.xml.in
+++ b/op-mode-definitions/force-root-partition-auto-resize.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Resize the VyOS partition</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/force_root-partition-auto-resize.sh</command>
+ <command>${vyos_op_scripts_dir}/force_root-partition-auto-resize.sh</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/generate-ipsec-debug-archive.xml.in b/op-mode-definitions/generate-ipsec-debug-archive.xml.in
index a9ce113d1..dcbed0c42 100644
--- a/op-mode-definitions/generate-ipsec-debug-archive.xml.in
+++ b/op-mode-definitions/generate-ipsec-debug-archive.xml.in
@@ -8,7 +8,7 @@
<properties>
<help>Generate IPSec debug-archive</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_ipsec_debug_archive.py</command>
+ <command>${vyos_op_scripts_dir}/generate_ipsec_debug_archive.py</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/generate-ipsec-profile.xml.in b/op-mode-definitions/generate-ipsec-profile.xml.in
index afa299da2..b7203d7d1 100644
--- a/op-mode-definitions/generate-ipsec-profile.xml.in
+++ b/op-mode-definitions/generate-ipsec-profile.xml.in
@@ -28,7 +28,7 @@
<script>${vyos_completion_dir}/list_local_ips.sh --both</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7"</command>
+ <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7"</command>
<children>
<tagNode name="name">
<properties>
@@ -37,7 +37,7 @@
<list>&lt;name&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7" --name "$9"</command>
+ <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7" --name "$9"</command>
<children>
<tagNode name="profile">
<properties>
@@ -46,7 +46,7 @@
<list>&lt;name&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7" --name "$9" --profile "${11}"</command>
+ <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7" --name "$9" --profile "${11}"</command>
</tagNode>
</children>
</tagNode>
@@ -57,7 +57,7 @@
<list>&lt;name&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7" --profile "$9"</command>
+ <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7" --profile "$9"</command>
<children>
<tagNode name="name">
<properties>
@@ -66,7 +66,7 @@
<list>&lt;name&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7" --profile "$9" --name "${11}"</command>
+ <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7" --profile "$9" --name "${11}"</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/generate-openconnect-user-key.xml.in b/op-mode-definitions/generate-openconnect-user-key.xml.in
index 80cdfb3d7..8a75b09dc 100644
--- a/op-mode-definitions/generate-openconnect-user-key.xml.in
+++ b/op-mode-definitions/generate-openconnect-user-key.xml.in
@@ -24,19 +24,19 @@
<properties>
<help>HOTP time-based token</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval 30 --digits 6</command>
+ <command>${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval 30 --digits 6</command>
<children>
<tagNode name="interval">
<properties>
<help>Duration of single time interval</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval "$8" --digits 6</command>
+ <command>${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval "$8" --digits 6</command>
<children>
<tagNode name="digits">
<properties>
<help>The number of digits in the one-time password</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval "$8" --digits "${10}"</command>
+ <command>${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval "$8" --digits "${10}"</command>
</tagNode>
</children>
</tagNode>
@@ -44,13 +44,13 @@
<properties>
<help>The number of digits in the one-time password</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval 30 --digits "$8"</command>
+ <command>${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval 30 --digits "$8"</command>
<children>
<tagNode name="interval">
<properties>
<help>Duration of single time interval</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval "${10}" --digits $8</command>
+ <command>${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval "${10}" --digits $8</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/generate-openvpn-config-client.xml.in b/op-mode-definitions/generate-openvpn-config-client.xml.in
index fc8bfa346..351742f1e 100644
--- a/op-mode-definitions/generate-openvpn-config-client.xml.in
+++ b/op-mode-definitions/generate-openvpn-config-client.xml.in
@@ -40,10 +40,10 @@
<properties>
<help>Certificate key used by client</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_ovpn_client_file.py --interface "$5" --ca "$7" --cert "$9" --key "${11}"</command>
+ <command>${vyos_op_scripts_dir}/generate_ovpn_client_file.py --interface "$5" --ca "$7" --cert "$9" --key "${11}"</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/generate_ovpn_client_file.py --interface "$5" --ca "$7" --cert "$9"</command>
+ <command>${vyos_op_scripts_dir}/generate_ovpn_client_file.py --interface "$5" --ca "$7" --cert "$9"</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/generate-ssh-server-key.xml.in b/op-mode-definitions/generate-ssh-server-key.xml.in
index ecea3e5d1..86bb1b1bd 100644
--- a/op-mode-definitions/generate-ssh-server-key.xml.in
+++ b/op-mode-definitions/generate-ssh-server-key.xml.in
@@ -14,7 +14,7 @@
<properties>
<help>Re-generate SSH host keys and restart SSH server</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_ssh_server_key.py</command>
+ <command>${vyos_op_scripts_dir}/generate_ssh_server_key.py</command>
</node>
<tagNode name="client-key">
<properties>
diff --git a/op-mode-definitions/generate-system-login-user.xml.in b/op-mode-definitions/generate-system-login-user.xml.in
index 6f65c12b3..b93cb8beb 100644
--- a/op-mode-definitions/generate-system-login-user.xml.in
+++ b/op-mode-definitions/generate-system-login-user.xml.in
@@ -29,25 +29,25 @@
<properties>
<help>HOTP time-based token</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5"</command>
+ <command>${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5"</command>
<children>
<tagNode name="rate-limit">
<properties>
<help>Duration of single time interval</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5" --rate_limit "$9"</command>
+ <command>${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5" --rate_limit "$9"</command>
<children>
<tagNode name="rate-time">
<properties>
<help>The number of digits in the one-time password</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5" --rate_limit "$9" --rate_time "${11}" </command>
+ <command>${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5" --rate_limit "$9" --rate_time "${11}" </command>
<children>
<tagNode name="window-size">
<properties>
<help>The number of digits in the one-time password</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5" --rate_limit "$9" --rate_time "${11}" --window_size "${13}"</command>
+ <command>${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5" --rate_limit "$9" --rate_time "${11}" --window_size "${13}"</command>
</tagNode>
</children>
</tagNode>
@@ -57,19 +57,19 @@
<properties>
<help>The number of digits in the one-time password</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5" --window_size "${9}"</command>
+ <command>${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5" --window_size "${9}"</command>
<children>
<tagNode name="rate-limit">
<properties>
<help>Duration of single time interval</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5" --rate_limit "${11}" --window_size "${9}"</command>
+ <command>${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5" --rate_limit "${11}" --window_size "${9}"</command>
<children>
<tagNode name="rate-time">
<properties>
<help>Duration of single time interval</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5" --rate_limit "${11}" --rate_time "${13}" --window_size "${9}"</command>
+ <command>${vyos_op_scripts_dir}/generate_system_login_user.py --username "$5" --rate_limit "${11}" --rate_time "${13}" --window_size "${9}"</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/generate-wireguard.xml.in b/op-mode-definitions/generate-wireguard.xml.in
index 5f2463d1a..0375e6324 100644
--- a/op-mode-definitions/generate-wireguard.xml.in
+++ b/op-mode-definitions/generate-wireguard.xml.in
@@ -31,7 +31,7 @@
<list>&lt;hostname&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8"</command>
+ <command>${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8"</command>
<children>
<tagNode name="address">
<properties>
@@ -40,7 +40,7 @@
<list>&lt;x.x.x.x&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8" --address "${10}"</command>
+ <command>${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8" --address "${10}"</command>
<children>
<tagNode name="address">
<properties>
@@ -49,7 +49,7 @@
<list>&lt;x.x.x.x&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8" --address "${10}" --address "${12}"</command>
+ <command>${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8" --address "${10}" --address "${12}"</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/generate_tech-support_archive.xml.in b/op-mode-definitions/generate_tech-support_archive.xml.in
index 65c93541e..b7e025a38 100644
--- a/op-mode-definitions/generate_tech-support_archive.xml.in
+++ b/op-mode-definitions/generate_tech-support_archive.xml.in
@@ -11,7 +11,7 @@
<properties>
<help>Generate tech support archive</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_tech-support_archive.py</command>
+ <command>${vyos_op_scripts_dir}/generate_tech-support_archive.py</command>
</node>
<tagNode name="archive">
<properties>
@@ -20,13 +20,13 @@
<list> &lt;file&gt; &lt;scp://user:passwd@host&gt; &lt;ftp://user:passwd@host&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/generate_tech-support_archive.py $4</command>
+ <command>${vyos_op_scripts_dir}/generate_tech-support_archive.py $4</command>
</tagNode>
<node name="machine-readable-archive">
<properties>
<help>Generate tech support archive</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/tech_support.py show --raw | gzip> $4.json.gz</command>
+ <command>${vyos_op_scripts_dir}/tech_support.py show --raw | gzip> $4.json.gz</command>
</node>
<tagNode name="machine-readable-archive">
<properties>
@@ -35,7 +35,7 @@
<list> &lt;file&gt; </list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/tech_support.py show --raw | gzip > $4.json.gz</command>
+ <command>${vyos_op_scripts_dir}/tech_support.py show --raw | gzip > $4.json.gz</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/geoip.xml.in b/op-mode-definitions/geoip.xml.in
index c1b6e87b9..66ebfccca 100644
--- a/op-mode-definitions/geoip.xml.in
+++ b/op-mode-definitions/geoip.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Update GeoIP database and firewall sets</help>
</properties>
- <command>sudo ${vyos_libexec_dir}/geoip-update.py --force</command>
+ <command>${vyos_libexec_dir}/geoip-update.py --force</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/igmp-proxy.xml.in b/op-mode-definitions/igmp-proxy.xml.in
index d6ad7ed7e..699d94b3b 100644
--- a/op-mode-definitions/igmp-proxy.xml.in
+++ b/op-mode-definitions/igmp-proxy.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Restart the IGMP proxy process</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name igmp_proxy</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name igmp_proxy</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/include/bgp/advertised-routes.xml.i b/op-mode-definitions/include/bgp/advertised-routes.xml.i
new file mode 100644
index 000000000..cc3f1f9b5
--- /dev/null
+++ b/op-mode-definitions/include/bgp/advertised-routes.xml.i
@@ -0,0 +1,12 @@
+<!-- included start from bgp/advertised-routes.xml.i -->
+<node name="advertised-routes">
+ <properties>
+ <help>Show routes advertised to a BGP neighbor</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ <children>
+ #include <include/vtysh-generic-detail-wide.xml.i>
+ #include <include/vtysh-generic-wide.xml.i>
+ </children>
+</node>
+<!-- included end -->
diff --git a/op-mode-definitions/include/bgp/afi-ipv4-ipv6-common.xml.i b/op-mode-definitions/include/bgp/afi-ipv4-ipv6-common.xml.i
index 820d507fd..d5fb7f5ee 100644
--- a/op-mode-definitions/include/bgp/afi-ipv4-ipv6-common.xml.i
+++ b/op-mode-definitions/include/bgp/afi-ipv4-ipv6-common.xml.i
@@ -158,61 +158,14 @@
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
<children>
- <leafNode name="advertised-routes">
- <properties>
- <help>Show routes advertised to a BGP neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
- <leafNode name="dampened-routes">
- <properties>
- <help>Show dampened routes received from BGP neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
- <leafNode name="flap-statistics">
- <properties>
- <help>Show flap statistics of the routes learned from BGP neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
- <leafNode name="prefix-counts">
- <properties>
- <help>Show detailed prefix count information for BGP neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
- <node name="received">
- <properties>
- <help>Show information received from BGP neighbor</help>
- </properties>
- <children>
- <leafNode name="prefix-filter">
- <properties>
- <help>Show prefixlist filter</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
- </children>
- </node>
- <leafNode name="filtered-routes">
- <properties>
- <help>Show filtered routes from BGP neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
- <leafNode name="received-routes">
- <properties>
- <help>Show received routes from BGP neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
- <leafNode name="routes">
- <properties>
- <help>Show routes learned from BGP neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
+ #include <include/bgp/advertised-routes.xml.i>
+ #include <include/bgp/dampened-routes.xml.i>
+ #include <include/bgp/filtered-routes.xml.i>
+ #include <include/bgp/flap-statistics.xml.i>
+ #include <include/bgp/prefix-counts.xml.i>
+ #include <include/bgp/received.xml.i>
+ #include <include/bgp/received-routes.xml.i>
+ #include <include/bgp/routes.xml.i>
</children>
</tagNode>
<tagNode name="prefix-list">
diff --git a/op-mode-definitions/include/bgp/dampened-routes.xml.i b/op-mode-definitions/include/bgp/dampened-routes.xml.i
new file mode 100644
index 000000000..073ca3325
--- /dev/null
+++ b/op-mode-definitions/include/bgp/dampened-routes.xml.i
@@ -0,0 +1,8 @@
+<!-- included start from bgp/dampened-routes.xml.i -->
+<leafNode name="dampened-routes">
+ <properties>
+ <help>Show dampened routes received from BGP neighbor</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+</leafNode>
+<!-- included end -->
diff --git a/op-mode-definitions/include/bgp/filtered-routes.xml.i b/op-mode-definitions/include/bgp/filtered-routes.xml.i
new file mode 100644
index 000000000..a33e8f28f
--- /dev/null
+++ b/op-mode-definitions/include/bgp/filtered-routes.xml.i
@@ -0,0 +1,8 @@
+<!-- included start from bgp/filtered-routes.xml.i -->
+<leafNode name="filtered-routes">
+ <properties>
+ <help>Show filtered routes from BGP neighbor</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+</leafNode>
+<!-- included end -->
diff --git a/op-mode-definitions/include/bgp/flap-statistics.xml.i b/op-mode-definitions/include/bgp/flap-statistics.xml.i
new file mode 100644
index 000000000..93ac110e0
--- /dev/null
+++ b/op-mode-definitions/include/bgp/flap-statistics.xml.i
@@ -0,0 +1,8 @@
+<!-- included start from bgp/flap-statistics.xml.i -->
+<leafNode name="flap-statistics">
+ <properties>
+ <help>Show flap statistics of the routes learned from BGP neighbor</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+</leafNode>
+<!-- included end -->
diff --git a/op-mode-definitions/include/bgp/prefix-counts.xml.i b/op-mode-definitions/include/bgp/prefix-counts.xml.i
new file mode 100644
index 000000000..a7131ebeb
--- /dev/null
+++ b/op-mode-definitions/include/bgp/prefix-counts.xml.i
@@ -0,0 +1,8 @@
+<!-- included start from bgp/prefix-counts.xml.i -->
+<leafNode name="prefix-counts">
+ <properties>
+ <help>Show detailed prefix count information</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+</leafNode>
+<!-- included end -->
diff --git a/op-mode-definitions/include/bgp/received-routes.xml.i b/op-mode-definitions/include/bgp/received-routes.xml.i
new file mode 100644
index 000000000..55bed7c77
--- /dev/null
+++ b/op-mode-definitions/include/bgp/received-routes.xml.i
@@ -0,0 +1,12 @@
+<!-- included start from bgp/received-routes.xml.i -->
+<node name="received-routes">
+ <properties>
+ <help>Show received routes from a BGP neighbor</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ <children>
+ #include <include/vtysh-generic-detail-wide.xml.i>
+ #include <include/vtysh-generic-wide.xml.i>
+ </children>
+</node>
+<!-- included end -->
diff --git a/op-mode-definitions/include/bgp/received.xml.i b/op-mode-definitions/include/bgp/received.xml.i
new file mode 100644
index 000000000..bb8dc6981
--- /dev/null
+++ b/op-mode-definitions/include/bgp/received.xml.i
@@ -0,0 +1,16 @@
+<!-- included start from bgp/received.xml.i -->
+<node name="received">
+ <properties>
+ <help>Show information received from BGP neighbor</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ <children>
+ <leafNode name="prefix-filter">
+ <properties>
+ <help>Show prefixlist filter</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ </leafNode>
+ </children>
+</node>
+<!-- included end -->
diff --git a/op-mode-definitions/include/bgp/routes.xml.i b/op-mode-definitions/include/bgp/routes.xml.i
new file mode 100644
index 000000000..248e8fc5c
--- /dev/null
+++ b/op-mode-definitions/include/bgp/routes.xml.i
@@ -0,0 +1,8 @@
+<!-- included start from bgp/routes.xml.i -->
+<leafNode name="routes">
+ <properties>
+ <help>Show routes learned from BGP neighbor</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+</leafNode>
+<!-- included end -->
diff --git a/op-mode-definitions/include/bgp/show-bgp-common.xml.i b/op-mode-definitions/include/bgp/show-bgp-common.xml.i
index d888bc3b0..003451a33 100644
--- a/op-mode-definitions/include/bgp/show-bgp-common.xml.i
+++ b/op-mode-definitions/include/bgp/show-bgp-common.xml.i
@@ -128,18 +128,8 @@
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
<children>
- <leafNode name="advertised-routes">
- <properties>
- <help>Show routes advertised to a BGP neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
- <leafNode name="routes">
- <properties>
- <help>Show routes learned from BGP neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
+ #include <include/bgp/advertised-routes.xml.i>
+ #include <include/bgp/routes.xml.i>
</children>
</tagNode>
<leafNode name="next-hops">
diff --git a/op-mode-definitions/include/bgp/show-ip-bgp-common.xml.i b/op-mode-definitions/include/bgp/show-ip-bgp-common.xml.i
index db9021f3e..48475e04e 100644
--- a/op-mode-definitions/include/bgp/show-ip-bgp-common.xml.i
+++ b/op-mode-definitions/include/bgp/show-ip-bgp-common.xml.i
@@ -81,36 +81,14 @@
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
<children>
- <leafNode name="advertised-routes">
- <properties>
- <help>Show routes advertised to a BGP neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
- <leafNode name="prefix-counts">
- <properties>
- <help>Show detailed prefix count information</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
- <leafNode name="filtered-routes">
- <properties>
- <help>Show the filtered routes from neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
- <leafNode name="received-routes">
- <properties>
- <help>Show the received routes from neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
- <leafNode name="routes">
- <properties>
- <help>Show routes learned from neighbor</help>
- </properties>
- <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
- </leafNode>
+ #include <include/bgp/advertised-routes.xml.i>
+ #include <include/bgp/dampened-routes.xml.i>
+ #include <include/bgp/filtered-routes.xml.i>
+ #include <include/bgp/flap-statistics.xml.i>
+ #include <include/bgp/prefix-counts.xml.i>
+ #include <include/bgp/received.xml.i>
+ #include <include/bgp/received-routes.xml.i>
+ #include <include/bgp/routes.xml.i>
</children>
</tagNode>
<leafNode name="paths">
diff --git a/op-mode-definitions/include/rpki/vrf.xml.i b/op-mode-definitions/include/rpki/vrf.xml.i
new file mode 100644
index 000000000..5b6518fee
--- /dev/null
+++ b/op-mode-definitions/include/rpki/vrf.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from rpki/vrf.xml.i -->
+<tagNode name="vrf">
+ <properties>
+ <help>Virtual Routing and Forwarding (VRF)</help>
+ <completionHelp>
+ <path>vrf name</path>
+ </completionHelp>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+</tagNode>
+<!-- include end -->
diff --git a/op-mode-definitions/include/vtysh-generic-detail-wide.xml.i b/op-mode-definitions/include/vtysh-generic-detail-wide.xml.i
new file mode 100644
index 000000000..98ce09948
--- /dev/null
+++ b/op-mode-definitions/include/vtysh-generic-detail-wide.xml.i
@@ -0,0 +1,11 @@
+<!-- included start from vtysh-generic-detail-wide.xml.i -->
+<node name="detail">
+ <properties>
+ <help>Detailed information</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ <children>
+ #include <include/vtysh-generic-wide.xml.i>
+ </children>
+</node>
+<!-- included end -->
diff --git a/op-mode-definitions/install-mok.xml.in b/op-mode-definitions/install-mok.xml.in
index c7e62349a..ab8e5d3db 100644
--- a/op-mode-definitions/install-mok.xml.in
+++ b/op-mode-definitions/install-mok.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Install Secure Boot MOK (Machine Owner Key)</help>
</properties>
- <command>if test -f /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; then sudo mokutil --ignore-keyring --import /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; else echo "Secure Boot Machine Owner Key not found"; fi</command>
+ <command>${vyos_op_scripts_dir}/install_mok.sh</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/ipv4-route.xml.in b/op-mode-definitions/ipv4-route.xml.in
index 17a0a4ad9..e4dda2851 100644
--- a/op-mode-definitions/ipv4-route.xml.in
+++ b/op-mode-definitions/ipv4-route.xml.in
@@ -39,7 +39,7 @@
<list>&lt;x.x.x.x&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/neighbor.py reset --family inet --address "$5"</command>
+ <command>${vyos_op_scripts_dir}/neighbor.py reset --family inet --address "$5"</command>
</tagNode>
<tagNode name="interface">
<properties>
@@ -48,13 +48,13 @@
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/neighbor.py reset --family inet --interface "$5"</command>
+ <command>${vyos_op_scripts_dir}/neighbor.py reset --family inet --interface "$5"</command>
</tagNode>
<node name="table">
<properties>
<help>Flush the ARP cache completely</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/neighbor.py reset --family inet</command>
+ <command>${vyos_op_scripts_dir}/neighbor.py reset --family inet</command>
</node>
</children>
</node>
@@ -67,7 +67,7 @@
<properties>
<help>Flush the kernel route cache</help>
</properties>
- <command>sudo ip route flush cache</command>
+ <command>ip route flush cache</command>
</leafNode>
<tagNode name="cache">
<properties>
@@ -76,7 +76,7 @@
<list>&lt;x.x.x.x&gt; &lt;x.x.x.x/x&gt;</list>
</completionHelp>
</properties>
- <command>sudo ip route flush cache "$5"</command>
+ <command>ip route flush cache "$5"</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/ipv6-route.xml.in b/op-mode-definitions/ipv6-route.xml.in
index 5ed0b9dba..311bc6de6 100644
--- a/op-mode-definitions/ipv6-route.xml.in
+++ b/op-mode-definitions/ipv6-route.xml.in
@@ -65,7 +65,7 @@
<list>&lt;h:h:h:h:h:h:h:h&gt;</list>
</completionHelp>
</properties>
- <command>sudo ip -f inet6 neigh flush to "$5"</command>
+ <command>ip -f inet6 neigh flush to "$5"</command>
</tagNode>
<tagNode name="interface">
<properties>
@@ -74,7 +74,7 @@
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
- <command>sudo ip -f inet6 neigh flush dev "$5"</command>
+ <command>ip -f inet6 neigh flush dev "$5"</command>
</tagNode>
</children>
</node>
@@ -87,7 +87,7 @@
<properties>
<help>Flush the kernel IPv6 route cache</help>
</properties>
- <command>sudo ip -f inet6 route flush cache</command>
+ <command>ip -f inet6 route flush cache</command>
</leafNode>
<tagNode name="cache">
<properties>
@@ -96,7 +96,7 @@
<list>&lt;h:h:h:h:h:h:h:h&gt; &lt;h:h:h:h:h:h:h:h/x&gt;</list>
</completionHelp>
</properties>
- <command>sudo ip -f inet6 route flush cache "$5"</command>
+ <command>ip -f inet6 route flush cache "$5"</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/load-balancing_haproxy.xml.in b/op-mode-definitions/load-balancing_haproxy.xml.in
index 8de7ae97f..8692a7367 100644
--- a/op-mode-definitions/load-balancing_haproxy.xml.in
+++ b/op-mode-definitions/load-balancing_haproxy.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Restart haproxy service</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name haproxy</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name haproxy</command>
</node>
</children>
</node>
@@ -16,7 +16,7 @@
<properties>
<help>Show load-balancing haproxy</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/load-balancing_haproxy.py show</command>
+ <command>${vyos_op_scripts_dir}/load-balancing_haproxy.py show</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/load-balancing_wan.xml.in b/op-mode-definitions/load-balancing_wan.xml.in
index 91c57c1f4..652b01eda 100644
--- a/op-mode-definitions/load-balancing_wan.xml.in
+++ b/op-mode-definitions/load-balancing_wan.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Restart Wide Area Network (WAN) load-balancing daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name load-balancing_wan</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name load-balancing_wan</command>
</node>
</children>
</node>
@@ -34,4 +34,4 @@
</node>
</children>
</node>
-</interfaceDefinition> \ No newline at end of file
+</interfaceDefinition>
diff --git a/op-mode-definitions/mdns-reflector.xml.in b/op-mode-definitions/mdns-reflector.xml.in
index 115b2858c..6fe412334 100644
--- a/op-mode-definitions/mdns-reflector.xml.in
+++ b/op-mode-definitions/mdns-reflector.xml.in
@@ -53,7 +53,7 @@
<properties>
<help>Restart mDNS repeater service</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name mdns_repeater</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name mdns_repeater</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/monitor-bridge.xml.in b/op-mode-definitions/monitor-bridge.xml.in
index a43fa6dd9..ae98ec3ea 100644
--- a/op-mode-definitions/monitor-bridge.xml.in
+++ b/op-mode-definitions/monitor-bridge.xml.in
@@ -6,22 +6,22 @@
<properties>
<help>Monitor bridge database changes</help>
</properties>
- <command>sudo bridge monitor all</command>
+ <command>bridge monitor all</command>
<children>
<node name="link">
- <command>sudo bridge monitor link</command>
+ <command>bridge monitor link</command>
<properties>
<help>Monitor bridge database generated connection interface changes</help>
</properties>
</node>
<node name="fdb">
- <command>sudo bridge monitor fdb</command>
+ <command>bridge monitor fdb</command>
<properties>
<help>Monitor the forwarding database changes generated by the bridge database</help>
</properties>
</node>
<node name="mdb">
- <command>sudo bridge monitor mdb</command>
+ <command>bridge monitor mdb</command>
<properties>
<help>Monitor the multicast database changes generated by the bridge database</help>
</properties>
diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in
index b6784d9ea..721460be5 100644
--- a/op-mode-definitions/monitor-log.xml.in
+++ b/op-mode-definitions/monitor-log.xml.in
@@ -21,7 +21,7 @@
<properties>
<help>Monitor last lines of certbot log</help>
</properties>
- <command>if sudo test -f /var/log/letsencrypt/letsencrypt.log; then sudo tail --follow=name /var/log/letsencrypt/letsencrypt.log; else echo "Cerbot log does not exist"; fi</command>
+ <command>if test -f /var/log/letsencrypt/letsencrypt.log; then tail --follow=name /var/log/letsencrypt/letsencrypt.log; else echo "Cerbot log does not exist"; fi</command>
</leafNode>
<leafNode name="conntrack-sync">
<properties>
diff --git a/op-mode-definitions/monitor-ndp.xml.in b/op-mode-definitions/monitor-ndp.xml.in
index 3b08f3d73..a40c4f25c 100644
--- a/op-mode-definitions/monitor-ndp.xml.in
+++ b/op-mode-definitions/monitor-ndp.xml.in
@@ -6,10 +6,10 @@
<properties>
<help>Monitor Neighbor Discovery Protocol (NDP) information</help>
</properties>
- <command>sudo ndptool monitor</command>
+ <command>ndptool monitor</command>
<children>
<tagNode name="interface">
- <command>sudo ndptool monitor --ifname=$4</command>
+ <command>ndptool monitor --ifname=$4</command>
<properties>
<help>Monitor Neighbor Discovery Protocol on specified interface</help>
<completionHelp>
@@ -18,7 +18,7 @@
</properties>
<children>
<tagNode name="type">
- <command>sudo ndptool monitor --ifname=$4 --msg-type=$6</command>
+ <command>ndptool monitor --ifname=$4 --msg-type=$6</command>
<properties>
<help>Monitor specific Neighbor Discovery Protocol type</help>
<completionHelp>
@@ -29,7 +29,7 @@
</children>
</tagNode>
<tagNode name="type">
- <command>sudo ndptool monitor --msg-type=$4</command>
+ <command>ndptool monitor --msg-type=$4</command>
<properties>
<help>Monitor specific Neighbor Discovery Protocol type</help>
<completionHelp>
diff --git a/op-mode-definitions/nat.xml.in b/op-mode-definitions/nat.xml.in
index 13e7fd81d..bdf6324b2 100644
--- a/op-mode-definitions/nat.xml.in
+++ b/op-mode-definitions/nat.xml.in
@@ -24,7 +24,7 @@
<list>&lt;x.x.x.x&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/cgnat.py show_allocation --external-address "$6"</command>
+ <command>${vyos_op_scripts_dir}/cgnat.py show_allocation --external-address "$6"</command>
</tagNode>
<tagNode name="internal-address">
<properties>
@@ -33,10 +33,10 @@
<list>&lt;x.x.x.x&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/cgnat.py show_allocation --internal-address "$6"</command>
+ <command>${vyos_op_scripts_dir}/cgnat.py show_allocation --internal-address "$6"</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/cgnat.py show_allocation</command>
+ <command>${vyos_op_scripts_dir}/cgnat.py show_allocation</command>
</node>
</children>
</node>
@@ -49,13 +49,13 @@
<properties>
<help>Show configured source NAT rules</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_rules --direction source --family inet</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_rules --direction source --family inet</command>
</node>
<node name="statistics">
<properties>
<help>Show statistics for configured source NAT rules</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_statistics --direction source --family inet</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_statistics --direction source --family inet</command>
</node>
<node name="translations">
<properties>
@@ -69,10 +69,10 @@
<list>&lt;x.x.x.x&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_translations --direction source --family inet --address "$6"</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_translations --direction source --family inet --address "$6"</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_translations --direction source --family inet</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_translations --direction source --family inet</command>
</node>
</children>
</node>
@@ -85,13 +85,13 @@
<properties>
<help>Show configured destination NAT rules</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_rules --direction destination --family inet</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_rules --direction destination --family inet</command>
</node>
<node name="statistics">
<properties>
<help>Show statistics for configured destination NAT rules</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_statistics --direction destination --family inet</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_statistics --direction destination --family inet</command>
</node>
<node name="translations">
<properties>
@@ -105,10 +105,10 @@
<list>&lt;x.x.x.x&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_translations --direction destination --family inet --address "$6"</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_translations --direction destination --family inet --address "$6"</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_translations --direction destination --family inet</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_translations --direction destination --family inet</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/nat66.xml.in b/op-mode-definitions/nat66.xml.in
index 4df20d847..435e041a3 100644
--- a/op-mode-definitions/nat66.xml.in
+++ b/op-mode-definitions/nat66.xml.in
@@ -16,13 +16,13 @@
<properties>
<help>Show configured source NAT66 rules</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_rules --direction source --family inet6</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_rules --direction source --family inet6</command>
</node>
<node name="statistics">
<properties>
<help>Show statistics for configured source NAT66 rules</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_statistics --direction source --family inet6</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_statistics --direction source --family inet6</command>
</node>
<node name="translations">
<properties>
@@ -36,10 +36,10 @@
<list>&lt;h:h:h:h:h:h:h:h&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_translations --direction source --family inet6 --address "$6"</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_translations --direction source --family inet6 --address "$6"</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_translations --direction source --family inet6</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_translations --direction source --family inet6</command>
</node>
</children>
</node>
@@ -52,13 +52,13 @@
<properties>
<help>Show configured destination NAT66 rules</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_rules --direction destination --family inet6</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_rules --direction destination --family inet6</command>
</node>
<node name="statistics">
<properties>
<help>Show statistics for configured destination NAT66 rules</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_statistics --direction destination --family inet6</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_statistics --direction destination --family inet6</command>
</node>
<node name="translations">
<properties>
@@ -72,10 +72,10 @@
<list>&lt;h:h:h:h:h:h:h:h&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_translations --direction destination --family inet6 --address "$6"</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_translations --direction destination --family inet6 --address "$6"</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/nat.py show_translations --direction destination --family inet6</command>
+ <command>${vyos_op_scripts_dir}/nat.py show_translations --direction destination --family inet6</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/ntp.xml.in b/op-mode-definitions/ntp.xml.in
index 565a5edb5..208df8259 100644
--- a/op-mode-definitions/ntp.xml.in
+++ b/op-mode-definitions/ntp.xml.in
@@ -6,25 +6,25 @@
<properties>
<help>Show peer status of NTP daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ntp.py show_sourcestats</command>
+ <command>${vyos_op_scripts_dir}/ntp.py show_sourcestats</command>
<children>
<node name="activity">
<properties>
<help>Report the number of servers and peers that are online and offline</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ntp.py show_activity</command>
+ <command>${vyos_op_scripts_dir}/ntp.py show_activity</command>
</node>
<node name="sources">
<properties>
<help>Show information about the current time sources being accessed</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ntp.py show_sources</command>
+ <command>${vyos_op_scripts_dir}/ntp.py show_sources</command>
</node>
<node name="system">
<properties>
<help>Show parameters about the system clock performance</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ntp.py show_tracking</command>
+ <command>${vyos_op_scripts_dir}/ntp.py show_tracking</command>
</node>
</children>
</node>
@@ -49,10 +49,10 @@
<path>vrf name</path>
</completionHelp>
</properties>
- <command>sudo ip vrf exec $5 chronyc makestep</command>
+ <command>ip vrf exec $5 chronyc makestep</command>
</tagNode>
</children>
- <command>sudo chronyc makestep</command>
+ <command>chronyc makestep</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/openconnect.xml.in b/op-mode-definitions/openconnect.xml.in
index 88e1f9f15..e2c94bacb 100644
--- a/op-mode-definitions/openconnect.xml.in
+++ b/op-mode-definitions/openconnect.xml.in
@@ -17,7 +17,7 @@
<properties>
<help>Show OpenConnect configured user settings</help>
<completionHelp>
- <script>sudo ${vyos_completion_dir}/list_openconnect_users.py</script>
+ <script>${vyos_completion_dir}/list_openconnect_users.py</script>
</completionHelp>
</properties>
<children>
diff --git a/op-mode-definitions/openvpn.xml.in b/op-mode-definitions/openvpn.xml.in
index f205b0026..63834a127 100644
--- a/op-mode-definitions/openvpn.xml.in
+++ b/op-mode-definitions/openvpn.xml.in
@@ -11,7 +11,7 @@
<properties>
<help>Reset specified OpenVPN client</help>
<completionHelp>
- <script>sudo ${vyos_completion_dir}/list_openvpn_clients.py --all</script>
+ <script>${vyos_completion_dir}/list_openvpn_clients.py --all</script>
</completionHelp>
</properties>
<command>echo kill $4 | socat - UNIX-CONNECT:/run/openvpn/openvpn-mgmt-intf &gt; /dev/null</command>
@@ -20,10 +20,10 @@
<properties>
<help>Reset OpenVPN process on interface</help>
<completionHelp>
- <script>sudo ${vyos_completion_dir}/list_interfaces --type openvpn</script>
+ <script>${vyos_completion_dir}/list_interfaces --type openvpn</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/openvpn.py reset --interface $4</command>
+ <command>${vyos_op_scripts_dir}/openvpn.py reset --interface $4</command>
</tagNode>
</children>
</node>
@@ -51,7 +51,7 @@
<properties>
<help>Show OpenVPN interface information</help>
<completionHelp>
- <script>sudo ${vyos_completion_dir}/list_interfaces --type openvpn</script>
+ <script>${vyos_completion_dir}/list_interfaces --type openvpn</script>
</completionHelp>
</properties>
<command>${vyos_op_scripts_dir}/interfaces.py show --intf-name=$4</command>
@@ -60,7 +60,7 @@
<properties>
<help>Show OpenVPN interface users</help>
<completionHelp>
- <script>sudo ${vyos_completion_dir}/list_openvpn_users.py --interface ${COMP_WORDS[3]}</script>
+ <script>${vyos_completion_dir}/list_openvpn_users.py --interface ${COMP_WORDS[3]}</script>
</completionHelp>
</properties>
<children>
@@ -110,19 +110,19 @@
<properties>
<help>Show tunnel status for OpenVPN client interfaces</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/openvpn.py show --mode client</command>
+ <command>${vyos_op_scripts_dir}/openvpn.py show --mode client</command>
</leafNode>
<leafNode name="server">
<properties>
<help>Show tunnel status for OpenVPN server interfaces</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/openvpn.py show --mode server</command>
+ <command>${vyos_op_scripts_dir}/openvpn.py show --mode server</command>
</leafNode>
<leafNode name="site-to-site">
<properties>
<help>Show tunnel status for OpenVPN site-to-site interfaces</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/openvpn.py show --mode site_to_site</command>
+ <command>${vyos_op_scripts_dir}/openvpn.py show --mode site_to_site</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/pki.xml.in b/op-mode-definitions/pki.xml.in
index 866f482bf..43fb1fe2b 100644
--- a/op-mode-definitions/pki.xml.in
+++ b/op-mode-definitions/pki.xml.in
@@ -27,7 +27,7 @@
<list>&lt;filename&gt;</list>
</completionHelp>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ca --name "$7" --sign "$5" --file</command>
+ <command>${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ca --name "$7" --sign "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
@@ -48,7 +48,7 @@
<list>&lt;filename&gt;</list>
</completionHelp>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ca --name "$5" --file</command>
+ <command>${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ca --name "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
@@ -79,7 +79,7 @@
<list>&lt;filename&gt;</list>
</completionHelp>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --name "$6" --self-sign --file</command>
+ <command>${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --name "$6" --self-sign --file</command>
</tagNode>
<tagNode name="install">
<properties>
@@ -108,7 +108,7 @@
<list>&lt;filename&gt;</list>
</completionHelp>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --name "$7" --sign "$5" --file</command>
+ <command>${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --name "$7" --sign "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
@@ -129,7 +129,7 @@
<list>&lt;filename&gt;</list>
</completionHelp>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --name "$5" --file</command>
+ <command>${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --name "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
@@ -158,7 +158,7 @@
<list>&lt;filename&gt;</list>
</completionHelp>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type crl --name "$4" --file</command>
+ <command>${vyos_op_scripts_dir}/pki.py generate_pki --pki-type crl --name "$4" --file</command>
</tagNode>
<leafNode name="install">
<properties>
@@ -181,7 +181,7 @@
<list>&lt;filename&gt;</list>
</completionHelp>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type dh --name "$5" --file</command>
+ <command>${vyos_op_scripts_dir}/pki.py generate_pki --pki-type dh --name "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
@@ -207,7 +207,7 @@
<list>&lt;filename&gt;</list>
</completionHelp>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type key-pair --name "$5" --file</command>
+ <command>${vyos_op_scripts_dir}/pki.py generate_pki --pki-type key-pair --name "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
@@ -238,7 +238,7 @@
<list>&lt;filename&gt;</list>
</completionHelp>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type openvpn --name "$6" --file</command>
+ <command>${vyos_op_scripts_dir}/pki.py generate_pki --pki-type openvpn --name "$6" --file</command>
</tagNode>
<tagNode name="install">
<properties>
@@ -266,7 +266,7 @@
<list>&lt;filename&gt;</list>
</completionHelp>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ssh --name "$5" --file</command>
+ <command>${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ssh --name "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
@@ -371,13 +371,13 @@
<properties>
<help>Path to CA certificate file</help>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type ca --name "$4" --filename "$6"</command>
+ <command>${vyos_op_scripts_dir}/pki.py import_pki --pki-type ca --name "$4" --filename "$6"</command>
</tagNode>
<tagNode name="key-file">
<properties>
<help>Path to private key file</help>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type ca --name "$4" --key-filename "$6"</command>
+ <command>${vyos_op_scripts_dir}/pki.py import_pki --pki-type ca --name "$4" --key-filename "$6"</command>
</tagNode>
</children>
</tagNode>
@@ -393,13 +393,13 @@
<properties>
<help>Path to certificate file</help>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type certificate --name "$4" --filename "$6"</command>
+ <command>${vyos_op_scripts_dir}/pki.py import_pki --pki-type certificate --name "$4" --filename "$6"</command>
</tagNode>
<tagNode name="key-file">
<properties>
<help>Path to private key file</help>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type certificate --name "$4" --key-filename "$6"</command>
+ <command>${vyos_op_scripts_dir}/pki.py import_pki --pki-type certificate --name "$4" --key-filename "$6"</command>
</tagNode>
</children>
</tagNode>
@@ -415,7 +415,7 @@
<properties>
<help>Path to CRL file</help>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type crl --name "$4" --filename "$6"</command>
+ <command>${vyos_op_scripts_dir}/pki.py import_pki --pki-type crl --name "$4" --filename "$6"</command>
</tagNode>
</children>
</tagNode>
@@ -431,7 +431,7 @@
<properties>
<help>Path to DH parameters file</help>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type dh --name "$4" --filename "$6"</command>
+ <command>${vyos_op_scripts_dir}/pki.py import_pki --pki-type dh --name "$4" --filename "$6"</command>
</tagNode>
</children>
</tagNode>
@@ -447,13 +447,13 @@
<properties>
<help>Path to public key file</help>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type key-pair --name "$4" --filename "$6"</command>
+ <command>${vyos_op_scripts_dir}/pki.py import_pki --pki-type key-pair --name "$4" --filename "$6"</command>
</tagNode>
<tagNode name="private-file">
<properties>
<help>Path to private key file</help>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type key-pair --name "$4" --key-filename "$6"</command>
+ <command>${vyos_op_scripts_dir}/pki.py import_pki --pki-type key-pair --name "$4" --key-filename "$6"</command>
</tagNode>
</children>
</tagNode>
@@ -474,7 +474,7 @@
<properties>
<help>Path to shared secret key file</help>
</properties>
- <command>sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type openvpn --name "$5" --filename "$7"</command>
+ <command>${vyos_op_scripts_dir}/pki.py import_pki --pki-type openvpn --name "$5" --filename "$7"</command>
</tagNode>
</children>
</tagNode>
@@ -490,13 +490,13 @@
<properties>
<help>Show PKI x509 certificates</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/pki.py show_all</command>
+ <command>${vyos_op_scripts_dir}/pki.py show_all</command>
<children>
<leafNode name="ca">
<properties>
<help>Show x509 CA certificates</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/pki.py show_certificate_authority</command>
+ <command>${vyos_op_scripts_dir}/pki.py show_certificate_authority</command>
</leafNode>
<tagNode name="ca">
<properties>
@@ -505,13 +505,13 @@
<path>pki ca</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/pki.py show_certificate_authority --name "$4"</command>
+ <command>${vyos_op_scripts_dir}/pki.py show_certificate_authority --name "$4"</command>
<children>
<leafNode name="pem">
<properties>
<help>Show x509 CA certificate in PEM format</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/pki.py show_certificate_authority --name "$4" --pem</command>
+ <command>${vyos_op_scripts_dir}/pki.py show_certificate_authority --name "$4" --pem</command>
</leafNode>
</children>
</tagNode>
@@ -519,7 +519,7 @@
<properties>
<help>Show x509 certificates</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/pki.py show_certificate</command>
+ <command>${vyos_op_scripts_dir}/pki.py show_certificate</command>
</leafNode>
<tagNode name="certificate">
<properties>
@@ -528,13 +528,13 @@
<path>pki certificate</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/pki.py show_certificate --name "$4"</command>
+ <command>${vyos_op_scripts_dir}/pki.py show_certificate --name "$4"</command>
<children>
<leafNode name="pem">
<properties>
<help>Show x509 certificate in PEM format</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/pki.py show_certificate --name "$4" --pem</command>
+ <command>${vyos_op_scripts_dir}/pki.py show_certificate --name "$4" --pem</command>
</leafNode>
<tagNode name="fingerprint">
<properties>
@@ -543,7 +543,7 @@
<list>sha256 sha384 sha512</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/pki.py show_certificate --name "$4" --fingerprint "$6"</command>
+ <command>${vyos_op_scripts_dir}/pki.py show_certificate --name "$4" --fingerprint "$6"</command>
</tagNode>
</children>
</tagNode>
@@ -580,7 +580,7 @@
<properties>
<help>Start manual certbot renewal</help>
</properties>
- <command>sudo systemctl start certbot.service</command>
+ <command>systemctl start certbot.service</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/policy-route.xml.in b/op-mode-definitions/policy-route.xml.in
index bd4a61dc9..6ddbb51a5 100644
--- a/op-mode-definitions/policy-route.xml.in
+++ b/op-mode-definitions/policy-route.xml.in
@@ -88,7 +88,7 @@
<properties>
<help>Show IPv6 policy chain</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/policy_route.py --action show_all --ipv6</command>
+ <command>${vyos_op_scripts_dir}/policy_route.py --action show_all --ipv6</command>
</node>
<tagNode name="route6">
<properties>
@@ -105,16 +105,16 @@
<path>policy route6 ${COMP_WORDS[4]} rule</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/policy_route.py --action show --name $4 --rule $6 --ipv6</command>
+ <command>${vyos_op_scripts_dir}/policy_route.py --action show --name $4 --rule $6 --ipv6</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/policy_route.py --action show --name $4 --ipv6</command>
+ <command>${vyos_op_scripts_dir}/policy_route.py --action show --name $4 --ipv6</command>
</tagNode>
<node name="route">
<properties>
<help>Show IPv4 policy chain</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/policy_route.py --action show_all</command>
+ <command>${vyos_op_scripts_dir}/policy_route.py --action show_all</command>
</node>
<tagNode name="route">
<properties>
@@ -131,10 +131,10 @@
<path>policy route ${COMP_WORDS[4]} rule</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/policy_route.py --action show --name $4 --rule $6</command>
+ <command>${vyos_op_scripts_dir}/policy_route.py --action show --name $4 --rule $6</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/policy_route.py --action show --name $4</command>
+ <command>${vyos_op_scripts_dir}/policy_route.py --action show --name $4</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/poweroff.xml.in b/op-mode-definitions/poweroff.xml.in
index b4163bcb9..e023e80be 100644
--- a/op-mode-definitions/poweroff.xml.in
+++ b/op-mode-definitions/poweroff.xml.in
@@ -4,19 +4,19 @@
<properties>
<help>Poweroff the system</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/powerctrl.py --poweroff</command>
+ <command>${vyos_op_scripts_dir}/powerctrl.py --poweroff</command>
<children>
<leafNode name="now">
<properties>
<help>Poweroff the system without confirmation</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff</command>
+ <command>${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff</command>
</leafNode>
<leafNode name="cancel">
<properties>
<help>Cancel a pending poweroff</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/powerctrl.py --cancel</command>
+ <command>${vyos_op_scripts_dir}/powerctrl.py --cancel</command>
</leafNode>
<tagNode name="in">
<properties>
@@ -25,7 +25,7 @@
<list>&lt;Minutes&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff $3 $4</command>
+ <command>${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff $3 $4</command>
</tagNode>
<tagNode name="at">
<properties>
@@ -34,7 +34,7 @@
<list>&lt;HH:MM&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff $3</command>
+ <command>${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff $3</command>
<children>
<tagNode name="date">
<properties>
@@ -43,7 +43,7 @@
<list>&lt;DDMMYYYY&gt; &lt;DD/MM/YYYY&gt; &lt;DD.MM.YYYY&gt; &lt;DD:MM:YYYY&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff $3 $5</command>
+ <command>${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff $3 $5</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/raid.xml.in b/op-mode-definitions/raid.xml.in
index 85fbf4566..0733b637d 100644
--- a/op-mode-definitions/raid.xml.in
+++ b/op-mode-definitions/raid.xml.in
@@ -19,7 +19,7 @@
<properties>
<help>Add a member to a RAID set</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/raid.py add --raid-set-name $3 --by-id --member $6</command>
+ <command>${vyos_op_scripts_dir}/raid.py add --raid-set-name $3 --by-id --member $6</command>
</tagNode>
</children>
</node>
@@ -27,7 +27,7 @@
<properties>
<help>Add a member to a RAID set</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/raid.py add --raid-set-name $3 --member $5</command>
+ <command>${vyos_op_scripts_dir}/raid.py add --raid-set-name $3 --member $5</command>
</tagNode>
</children>
</tagNode>
@@ -52,7 +52,7 @@
<properties>
<help>Delete a member from a RAID set</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/raid.py delete --raid-set-name $3 --by-id --member $6</command>
+ <command>${vyos_op_scripts_dir}/raid.py delete --raid-set-name $3 --by-id --member $6</command>
</tagNode>
</children>
</node>
@@ -60,7 +60,7 @@
<properties>
<help>Delete a member from a RAID set</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/raid.py delete --raid-set-name $3 --member $5</command>
+ <command>${vyos_op_scripts_dir}/raid.py delete --raid-set-name $3 --member $5</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/reboot.xml.in b/op-mode-definitions/reboot.xml.in
index d5a71f561..1fa79da7e 100644
--- a/op-mode-definitions/reboot.xml.in
+++ b/op-mode-definitions/reboot.xml.in
@@ -4,19 +4,19 @@
<properties>
<help>Reboot the system</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/powerctrl.py --reboot</command>
+ <command>${vyos_op_scripts_dir}/powerctrl.py --reboot</command>
<children>
<leafNode name="now">
<properties>
<help>Reboot the system without confirmation</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot</command>
+ <command>${vyos_op_scripts_dir}/powerctrl.py --yes --reboot</command>
</leafNode>
<leafNode name="cancel">
<properties>
<help>Cancel a pending reboot</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/powerctrl.py --cancel</command>
+ <command>${vyos_op_scripts_dir}/powerctrl.py --cancel</command>
</leafNode>
<tagNode name="in">
<properties>
@@ -25,7 +25,7 @@
<list>&lt;Minutes&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot-in $3 $4</command>
+ <command>${vyos_op_scripts_dir}/powerctrl.py --yes --reboot-in $3 $4</command>
</tagNode>
<tagNode name="at">
<properties>
@@ -34,7 +34,7 @@
<list>&lt;HH:MM&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot $3</command>
+ <command>${vyos_op_scripts_dir}/powerctrl.py --yes --reboot $3</command>
<children>
<tagNode name="date">
<properties>
@@ -43,7 +43,7 @@
<list>&lt;DD/MM/YYYY&gt; &lt;DD.MM.YYYY&gt; &lt;DD:MM:YYYY&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot $3 $5</command>
+ <command>${vyos_op_scripts_dir}/powerctrl.py --yes --reboot $3 $5</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/reset-connection.xml.in b/op-mode-definitions/reset-connection.xml.in
new file mode 100644
index 000000000..e41d8ed20
--- /dev/null
+++ b/op-mode-definitions/reset-connection.xml.in
@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="reset">
+ <children>
+ <tagNode name="connection">
+ <properties>
+ <help>Bring connection-oriented network interface down and up</help>
+ <completionHelp>
+ <path>interfaces pppoe</path>
+ <path>interfaces sstpc</path>
+ <path>interfaces wwan</path>
+ </completionHelp>
+ </properties>
+ <command>${vyos_op_scripts_dir}/connect_disconnect.py --connect --disconnect --interface "$3"</command>
+ </tagNode>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/op-mode-definitions/reset-conntrack.xml.in b/op-mode-definitions/reset-conntrack.xml.in
index 9c8265f77..e180b47a8 100644
--- a/op-mode-definitions/reset-conntrack.xml.in
+++ b/op-mode-definitions/reset-conntrack.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Reset all currently tracked connections</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/clear_conntrack.py</command>
+ <command>${vyos_op_scripts_dir}/clear_conntrack.py</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/reset-session.xml.in b/op-mode-definitions/reset-session.xml.in
index 1e52e278b..a1e8739c5 100644
--- a/op-mode-definitions/reset-session.xml.in
+++ b/op-mode-definitions/reset-session.xml.in
@@ -9,7 +9,7 @@
<script>who | awk '{print $2}'</script>
</completionHelp>
</properties>
- <command>sudo pkill -9 -t $3</command>
+ <command>pkill -9 -t $3</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/reset-vpn.xml.in b/op-mode-definitions/reset-vpn.xml.in
index 8de95d1cc..336fb1e02 100644
--- a/op-mode-definitions/reset-vpn.xml.in
+++ b/op-mode-definitions/reset-vpn.xml.in
@@ -16,19 +16,19 @@
<properties>
<help>Reset all L2TP server VPN sessions</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="l2tp"</command>
+ <command>${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="l2tp"</command>
</node>
<tagNode name="interface">
<properties>
<help>Reset specified interface on L2TP VPN server</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="l2tp" --interface="$5"</command>
+ <command>${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="l2tp" --interface="$5"</command>
</tagNode>
<tagNode name="user">
<properties>
<help>Reset specified user on L2TP VPN server</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="l2tp" --username="$5"</command>
+ <command>${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="l2tp" --username="$5"</command>
</tagNode>
</children>
</node>
@@ -41,19 +41,19 @@
<properties>
<help>Reset all PPTP server VPN sessions</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="pptp"</command>
+ <command>${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="pptp"</command>
</node>
<tagNode name="interface">
<properties>
<help>Reset specified interface on PPTP VPN server</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="pptp" --interface="$5"</command>
+ <command>${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="pptp" --interface="$5"</command>
</tagNode>
<tagNode name="user">
<properties>
<help>Reset specified user on PPTP VPN server</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="pptp" --username="$5"</command>
+ <command>${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="pptp" --username="$5"</command>
</tagNode>
</children>
</node>
@@ -66,19 +66,19 @@
<properties>
<help>Reset all SSTP server VPN sessions</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="sstp"</command>
+ <command>${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="sstp"</command>
</node>
<tagNode name="interface">
<properties>
<help>Reset specified interface on SSTP VPN server</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="sstp" --interface="$5"</command>
+ <command>${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="sstp" --interface="$5"</command>
</tagNode>
<tagNode name="user">
<properties>
<help>Reset specified user on SSTP VPN server</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="sstp" --username="$5"</command>
+ <command>${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="sstp" --username="$5"</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/reset-wireguard.xml.in b/op-mode-definitions/reset-wireguard.xml.in
index c2243f519..cb575c8c6 100644
--- a/op-mode-definitions/reset-wireguard.xml.in
+++ b/op-mode-definitions/reset-wireguard.xml.in
@@ -14,7 +14,7 @@
<path>interfaces wireguard</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/reset_wireguard.py reset_peer --interface="$4"</command>
+ <command>${vyos_op_scripts_dir}/reset_wireguard.py reset_peer --interface="$4"</command>
<children>
<tagNode name="peer">
<properties>
@@ -23,7 +23,7 @@
<path>interfaces wireguard ${COMP_WORDS[3]} peer</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/reset_wireguard.py reset_peer --interface="$4" --peer="$6"</command>
+ <command>${vyos_op_scripts_dir}/reset_wireguard.py reset_peer --interface="$4" --peer="$6"</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/restart-frr.xml.in b/op-mode-definitions/restart-frr.xml.in
index 4772e8dd2..950007a50 100644
--- a/op-mode-definitions/restart-frr.xml.in
+++ b/op-mode-definitions/restart-frr.xml.in
@@ -6,85 +6,85 @@
<properties>
<help>Restart all routing daemons</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart</command>
</leafNode>
<leafNode name="zebra">
<properties>
<help>Restart Routing Information Base (RIB) IP manager daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon zebra</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon zebra</command>
</leafNode>
<leafNode name="static">
<properties>
<help>Restart static routing daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon staticd</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon staticd</command>
</leafNode>
<leafNode name="bgp">
<properties>
<help>Restart Border Gateway Protocol (BGP) routing daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon bgpd</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon bgpd</command>
</leafNode>
<leafNode name="ospf">
<properties>
<help>Restart Open Shortest Path First (OSPF) routing daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon ospfd</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon ospfd</command>
</leafNode>
<leafNode name="ospfv3">
<properties>
<help>Restart IPv6 Open Shortest Path First (OSPFv3) routing daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon ospf6d</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon ospf6d</command>
</leafNode>
<leafNode name="rip">
<properties>
<help>Restart Routing Information Protocol (RIP) routing daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon ripd</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon ripd</command>
</leafNode>
<leafNode name="ripng">
<properties>
<help>Restart IPv6 Routing Information Protocol (RIPng) routing daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon ripngd</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon ripngd</command>
</leafNode>
<leafNode name="isis">
<properties>
<help>Restart Intermediate System to Intermediate System (IS-IS) routing daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon isisd</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon isisd</command>
</leafNode>
<leafNode name="openfabric">
<properties>
<help>Restart OpenFabric routing daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon fabricd</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon fabricd</command>
</leafNode>
<leafNode name="pim6">
<properties>
<help>Restart IPv6 Protocol Independent Multicast (PIM) daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon pim6d</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon pim6d</command>
</leafNode>
<leafNode name="ldp">
<properties>
<help>Restart Label Distribution Protocol (LDP) daemon used by MPLS</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon ldpd</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon ldpd</command>
</leafNode>
<leafNode name="babel">
<properties>
<help>Restart Babel routing daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon babeld</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon babeld</command>
</leafNode>
<leafNode name="bfd">
<properties>
<help>Restart Bidirectional Forwarding Detection (BFD) daemon</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon bfdd</command>
+ <command>${vyos_op_scripts_dir}/restart_frr.py --action restart --daemon bfdd</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/restart-ntp.xml.in b/op-mode-definitions/restart-ntp.xml.in
index 961fae252..8713dd147 100644
--- a/op-mode-definitions/restart-ntp.xml.in
+++ b/op-mode-definitions/restart-ntp.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Restart NTP service</help>
</properties>
- <command>if cli-shell-api existsActive service ntp; then sudo systemctl restart chrony.service; else echo "Service NTP not configured"; fi</command>
+ <command>if cli-shell-api existsActive service ntp; then systemctl restart chrony.service; else echo "Service NTP not configured"; fi</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/restart-router-advert.xml.in b/op-mode-definitions/restart-router-advert.xml.in
index 9eea3dfc4..82cde9892 100644
--- a/op-mode-definitions/restart-router-advert.xml.in
+++ b/op-mode-definitions/restart-router-advert.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Restart IPv6 Router Advertisement service</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name router_advert</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name router_advert</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/restart-serial.xml.in b/op-mode-definitions/restart-serial.xml.in
index 4d8a03633..27618b2f4 100644
--- a/op-mode-definitions/restart-serial.xml.in
+++ b/op-mode-definitions/restart-serial.xml.in
@@ -11,7 +11,7 @@
<properties>
<help>Restart serial console service for login TTYs</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/serial.py restart_console</command>
+ <command>${vyos_op_scripts_dir}/serial.py restart_console</command>
<children>
<tagNode name="device">
<properties>
@@ -20,7 +20,7 @@
<script>${vyos_completion_dir}/list_login_ttys.py</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/serial.py restart_console --device-name "$5"</command>
+ <command>${vyos_op_scripts_dir}/serial.py restart_console --device-name "$5"</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/restart-snmp.xml.in b/op-mode-definitions/restart-snmp.xml.in
index e9c43de01..0c1f1a2b7 100644
--- a/op-mode-definitions/restart-snmp.xml.in
+++ b/op-mode-definitions/restart-snmp.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Restart SNMP service</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name snmp</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name snmp</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/restart-ssh.xml.in b/op-mode-definitions/restart-ssh.xml.in
index 914586df8..daa046dd7 100644
--- a/op-mode-definitions/restart-ssh.xml.in
+++ b/op-mode-definitions/restart-ssh.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Restart SSH service</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name ssh --vrf "*"</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name ssh --vrf "*"</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/rpki.xml.in b/op-mode-definitions/rpki.xml.in
index 9e0f83e20..4753cfb93 100644
--- a/op-mode-definitions/rpki.xml.in
+++ b/op-mode-definitions/rpki.xml.in
@@ -15,19 +15,28 @@
</completionHelp>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ <children>
+ #include <include/rpki/vrf.xml.i>
+ </children>
</tagNode>
- <leafNode name="cache-connection">
+ <node name="cache-connection">
<properties>
<help>Show RPKI cache connections</help>
</properties>
- <command>vtysh -c "show rpki cache-connection"</command>
- </leafNode>
- <leafNode name="cache-server">
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ <children>
+ #include <include/rpki/vrf.xml.i>
+ </children>
+ </node>
+ <node name="cache-server">
<properties>
<help>Show RPKI cache servers information</help>
</properties>
- <command>vtysh -c "show rpki cache-server"</command>
- </leafNode>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ <children>
+ #include <include/rpki/vrf.xml.i>
+ </children>
+ </node>
<tagNode name="prefix">
<properties>
<help>Lookup IP prefix and optionally ASN in prefix table</help>
@@ -45,27 +54,53 @@
</completionHelp>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $(echo $@ | sed -e "s/as-number //g")</command>
+ <children>
+ <tagNode name="vrf">
+ <properties>
+ <help>Virtual Routing and Forwarding (VRF)</help>
+ <completionHelp>
+ <path>vrf name</path>
+ </completionHelp>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $(echo $@ | sed -e "s/as-number //g")</command>
+ </tagNode>
+ </children>
</tagNode>
+ #include <include/rpki/vrf.xml.i>
</children>
</tagNode>
- <leafNode name="prefix-table">
+ <node name="prefix-table">
<properties>
<help>Show RPKI-validated prefixes</help>
</properties>
- <command>vtysh -c "show rpki prefix-table"</command>
- </leafNode>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ <children>
+ #include <include/rpki/vrf.xml.i>
+ </children>
+ </node>
</children>
</node>
</children>
</node>
<node name="reset">
<children>
- <leafNode name="rpki">
+ <node name="rpki">
<properties>
<help>Reset RPKI</help>
</properties>
<command>vtysh -c "rpki reset"</command>
- </leafNode>
+ <children>
+ <tagNode name="vrf">
+ <properties>
+ <help>Reset RPKI in VRF</help>
+ <completionHelp>
+ <path>vrf name</path>
+ </completionHelp>
+ </properties>
+ <command>vtysh -c "rpki reset vrf $4"</command>
+ </tagNode>
+ </children>
+ </node>
</children>
</node>
</interfaceDefinition>
diff --git a/op-mode-definitions/sflow.xml.in b/op-mode-definitions/sflow.xml.in
index 9f02dacda..003550304 100644
--- a/op-mode-definitions/sflow.xml.in
+++ b/op-mode-definitions/sflow.xml.in
@@ -7,8 +7,7 @@
<properties>
<help>Show sFlow statistics</help>
</properties>
- <!-- requires sudo, do not remove it -->
- <command>sudo ${vyos_op_scripts_dir}/sflow.py show</command>
+ <command>${vyos_op_scripts_dir}/sflow.py show</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/show-acceleration.xml.in b/op-mode-definitions/show-acceleration.xml.in
index fccfba5e3..3f47bb1cd 100644
--- a/op-mode-definitions/show-acceleration.xml.in
+++ b/op-mode-definitions/show-acceleration.xml.in
@@ -29,13 +29,13 @@
<properties>
<help>Intel QAT flows</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_acceleration.py --flow --dev $6</command>
+ <command>${vyos_op_scripts_dir}/show_acceleration.py --flow --dev $6</command>
</node>
<node name="config">
<properties>
<help>Intel QAT configuration</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_acceleration.py --conf --dev $6</command>
+ <command>${vyos_op_scripts_dir}/show_acceleration.py --conf --dev $6</command>
</node>
</children>
</tagNode>
@@ -43,16 +43,16 @@
<properties>
<help>Intel QAT status</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_acceleration.py --status</command>
+ <command>${vyos_op_scripts_dir}/show_acceleration.py --status</command>
</node>
<node name="interrupts">
<properties>
<help>Intel QAT interrupts</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_acceleration.py --interrupts</command>
+ <command>${vyos_op_scripts_dir}/show_acceleration.py --interrupts</command>
</node>
</children>
- <command>sudo ${vyos_op_scripts_dir}/show_acceleration.py --hw</command>
+ <command>${vyos_op_scripts_dir}/show_acceleration.py --hw</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/show-conntrack.xml.in b/op-mode-definitions/show-conntrack.xml.in
index 4cdcffcdb..6212af4eb 100644
--- a/op-mode-definitions/show-conntrack.xml.in
+++ b/op-mode-definitions/show-conntrack.xml.in
@@ -11,7 +11,7 @@
<properties>
<help>Show conntrack statistics</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack.py show_statistics</command>
+ <command>${vyos_op_scripts_dir}/conntrack.py show_statistics</command>
</node>
<node name="table">
<properties>
@@ -22,13 +22,13 @@
<properties>
<help>Show conntrack entries for IPv4 protocol</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack.py show --family inet</command>
+ <command>${vyos_op_scripts_dir}/conntrack.py show --family inet</command>
</node>
<node name="ipv6">
<properties>
<help>Show conntrack entries for IPv6 protocol</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/conntrack.py show --family inet6</command>
+ <command>${vyos_op_scripts_dir}/conntrack.py show --family inet6</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/show-environment.xml.in b/op-mode-definitions/show-environment.xml.in
index 95b658785..7cc9fe822 100644
--- a/op-mode-definitions/show-environment.xml.in
+++ b/op-mode-definitions/show-environment.xml.in
@@ -12,7 +12,7 @@
<help>Show hardware monitoring results</help>
</properties>
<!-- Linux always adds "hypervisor" to CPU flags -->
- <command>if ! grep -q hypervisor /proc/cpuinfo; then ${vyos_libexec_dir}/vyos-sudo.py ${vyos_op_scripts_dir}/show_sensors.py; else echo "VyOS running under hypervisor, no sensors available"; fi</command>
+ <command>if ! grep -q hypervisor /proc/cpuinfo; then ${vyos_op_scripts_dir}/show_sensors.py; else echo "VyOS running under hypervisor, no sensors available"; fi</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/show-hardware.xml.in b/op-mode-definitions/show-hardware.xml.in
index 21079765a..84e46a22b 100644
--- a/op-mode-definitions/show-hardware.xml.in
+++ b/op-mode-definitions/show-hardware.xml.in
@@ -31,7 +31,7 @@
<properties>
<help>Show system DMI details</help>
</properties>
- <command>sudo dmidecode</command>
+ <command>dmidecode</command>
</node>
<node name="mem">
<properties>
@@ -62,7 +62,7 @@
<properties>
<help>Show NVMe device information</help>
</properties>
- <command>sudo nvme list</command>
+ <command>nvme list</command>
</leafNode>
<node name="scsi">
<properties>
@@ -85,7 +85,7 @@
<script>ls /dev | egrep '([hsv]d[a-z]|nvme[0-9]+n[0-9])$'</script>
</completionHelp>
</properties>
- <command>sudo smartctl -a "/dev/$5" | sed 1,3d</command>
+ <command>smartctl -a "/dev/$5" | sed 1,3d</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/show-interfaces-bonding.xml.in b/op-mode-definitions/show-interfaces-bonding.xml.in
index 0abb7cd5a..839a4cd91 100644
--- a/op-mode-definitions/show-interfaces-bonding.xml.in
+++ b/op-mode-definitions/show-interfaces-bonding.xml.in
@@ -23,7 +23,7 @@
<properties>
<help>Show detailed interface information</help>
</properties>
- <command>if [ -f "/proc/net/bonding/$4" ]; then sudo cat "/proc/net/bonding/$4"; else echo "Interface $4 does not exist!"; fi</command>
+ <command>${vyos_op_scripts_dir}/show_bonding_detail.sh "$4"</command>
</leafNode>
<node name="lacp">
<properties>
@@ -34,13 +34,13 @@
<properties>
<help>Show LACP details</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/bonding.py show_lacp_detail --interface="$4" </command>
+ <command>${vyos_op_scripts_dir}/bonding.py show_lacp_detail --interface="$4" </command>
</leafNode>
<leafNode name="neighbors">
<properties>
<help>Show LACP Neighbors</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/bonding.py show_lacp_neighbors --interface="$4"</command>
+ <command>${vyos_op_scripts_dir}/bonding.py show_lacp_neighbors --interface="$4"</command>
</leafNode>
</children>
</node>
@@ -91,7 +91,7 @@
<properties>
<help>Show LACP details</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/bonding.py show_lacp_detail</command>
+ <command>${vyos_op_scripts_dir}/bonding.py show_lacp_detail</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/show-interfaces-pppoe.xml.in b/op-mode-definitions/show-interfaces-pppoe.xml.in
index c1f502cb3..0904418bf 100644
--- a/op-mode-definitions/show-interfaces-pppoe.xml.in
+++ b/op-mode-definitions/show-interfaces-pppoe.xml.in
@@ -26,7 +26,7 @@
<path>interfaces pppoe</path>
</completionHelp>
</properties>
- <command>if [ -d "/sys/class/net/$4" ]; then /usr/sbin/pppstats "$4"; fi</command>
+ <command>${vyos_op_scripts_dir}/show_ppp_stats.sh "$4"</command>
</leafNode>
#include <include/show-interface-type-event-log.xml.i>
</children>
diff --git a/op-mode-definitions/show-interfaces-sstpc.xml.in b/op-mode-definitions/show-interfaces-sstpc.xml.in
index 3bd7a8247..61451db93 100644
--- a/op-mode-definitions/show-interfaces-sstpc.xml.in
+++ b/op-mode-definitions/show-interfaces-sstpc.xml.in
@@ -26,7 +26,7 @@
<path>interfaces sstpc</path>
</completionHelp>
</properties>
- <command>if [ -d "/sys/class/net/$4" ]; then /usr/sbin/pppstats "$4"; fi</command>
+ <command>${vyos_op_scripts_dir}/show_ppp_stats.sh "$4"</command>
</leafNode>
#include <include/show-interface-type-event-log.xml.i>
</children>
diff --git a/op-mode-definitions/show-interfaces-wireguard.xml.in b/op-mode-definitions/show-interfaces-wireguard.xml.in
index d86152a21..6abca3a27 100644
--- a/op-mode-definitions/show-interfaces-wireguard.xml.in
+++ b/op-mode-definitions/show-interfaces-wireguard.xml.in
@@ -17,31 +17,31 @@
<properties>
<help>Show all IP addresses allowed for the specified interface</help>
</properties>
- <command>sudo wg show "$4" allowed-ips</command>
+ <command>wg show "$4" allowed-ips</command>
</leafNode>
<leafNode name="endpoints">
<properties>
<help>Show all endpoints for the specified interface</help>
</properties>
- <command>sudo wg show "$4" endpoints</command>
+ <command>wg show "$4" endpoints</command>
</leafNode>
<leafNode name="peers">
<properties>
<help>Show all peer IDs for the specified interface</help>
</properties>
- <command>sudo wg show "$4" peers</command>
+ <command>wg show "$4" peers</command>
</leafNode>
<leafNode name="public-key">
<properties>
<help>Show interface public-key</help>
</properties>
- <command>sudo wg show "$4" public-key</command>
+ <command>wg show "$4" public-key</command>
</leafNode>
<leafNode name="summary">
<properties>
<help>Shows current configuration and device information</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces_wireguard.py show_summary --intf-name="$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces_wireguard.py show_summary --intf-name="$4"</command>
</leafNode>
#include <include/show-interface-type-event-log.xml.i>
</children>
diff --git a/op-mode-definitions/show-interfaces-wireless.xml.in b/op-mode-definitions/show-interfaces-wireless.xml.in
index b0a1502de..16ea33d82 100644
--- a/op-mode-definitions/show-interfaces-wireless.xml.in
+++ b/op-mode-definitions/show-interfaces-wireless.xml.in
@@ -43,13 +43,13 @@
<properties>
<help>Scan for networks via specified wireless interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/interfaces_wireless.py show_scan --intf-name="$4"</command>
+ <command>${vyos_op_scripts_dir}/interfaces_wireless.py show_scan --intf-name="$4"</command>
<children>
<leafNode name="detail">
<properties>
<help>Show detailed scan results</help>
</properties>
- <command>sudo /sbin/iw dev "$4" scan ap-force</command>
+ <command>/sbin/iw dev "$4" scan ap-force</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/show-interfaces-wwan.xml.in b/op-mode-definitions/show-interfaces-wwan.xml.in
index 2301b32d0..87301d6c9 100644
--- a/op-mode-definitions/show-interfaces-wwan.xml.in
+++ b/op-mode-definitions/show-interfaces-wwan.xml.in
@@ -18,55 +18,55 @@
<properties>
<help>Show WWAN module capabilities</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --capabilities</command>
+ <command>${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --capabilities</command>
</leafNode>
<leafNode name="firmware">
<properties>
<help>Show WWAN module firmware</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --firmware</command>
+ <command>${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --firmware</command>
</leafNode>
<leafNode name="imei">
<properties>
<help>Show WWAN module IMEI/ESN/MEID</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --imei</command>
+ <command>${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --imei</command>
</leafNode>
<leafNode name="imsi">
<properties>
<help>Show WWAN module IMSI</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --imsi</command>
+ <command>${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --imsi</command>
</leafNode>
<leafNode name="model">
<properties>
<help>Show WWAN module manufacturer</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --model</command>
+ <command>${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --model</command>
</leafNode>
<leafNode name="msisdn">
<properties>
<help>Show WWAN module MSISDN</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --msisdn</command>
+ <command>${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --msisdn</command>
</leafNode>
<leafNode name="revision">
<properties>
<help>Show WWAN module revision</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --revision</command>
+ <command>${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --revision</command>
</leafNode>
<leafNode name="signal">
<properties>
<help>Show WWAN module RF signal info</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --signal</command>
+ <command>${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --signal</command>
</leafNode>
<leafNode name="sim">
<properties>
<help>Show WWAN module connected SIM card information</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --sim</command>
+ <command>${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --sim</command>
</leafNode>
<leafNode name="detail">
<properties>
diff --git a/op-mode-definitions/show-ip-ports.xml.in b/op-mode-definitions/show-ip-ports.xml.in
index a74b68ffc..0d4eec351 100644
--- a/op-mode-definitions/show-ip-ports.xml.in
+++ b/op-mode-definitions/show-ip-ports.xml.in
@@ -8,7 +8,7 @@
<properties>
<help>Show IP ports in use by various system services</help>
</properties>
- <command>sudo /usr/bin/netstat -tulnp</command>
+ <command>/usr/bin/netstat -tulnp</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/show-kernel-modules.xml.in b/op-mode-definitions/show-kernel-modules.xml.in
index 28eb28212..67a0130fb 100644
--- a/op-mode-definitions/show-kernel-modules.xml.in
+++ b/op-mode-definitions/show-kernel-modules.xml.in
@@ -11,7 +11,7 @@
<properties>
<help>Show kernel modules</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/kernel_modules.py show</command>
+ <command>${vyos_op_scripts_dir}/kernel_modules.py show</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
index fcde76e60..d1320bc00 100755
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -30,7 +30,7 @@
<properties>
<help>Show contents of all master log files</help>
</properties>
- <command>sudo bash -c 'eval $(lesspipe); less $_vyatta_less_options --prompt=".logm, file %i of %m., page %dt of %D" -- `printf "%s\n" /var/log/messages* | sort -nr`'</command>
+ <command>bash -c 'eval $(lesspipe); less $_vyatta_less_options --prompt=".logm, file %i of %m., page %dt of %D" -- `printf "%s\n" /var/log/messages* | sort -nr`'</command>
</leafNode>
<leafNode name="authorization">
<properties>
@@ -42,7 +42,7 @@
<properties>
<help>Show log for certbot</help>
</properties>
- <command>if sudo test -f /var/log/letsencrypt/letsencrypt.log; then sudo cat /var/log/letsencrypt/letsencrypt.log; else echo "Cerbot log does not exist"; fi</command>
+ <command>if test -f /var/log/letsencrypt/letsencrypt.log; then cat /var/log/letsencrypt/letsencrypt.log; else echo "Cerbot log does not exist"; fi</command>
</leafNode>
<leafNode name="cluster">
<properties>
diff --git a/op-mode-definitions/show-login.xml.in b/op-mode-definitions/show-login.xml.in
index 6d8c782c4..664677bc6 100644
--- a/op-mode-definitions/show-login.xml.in
+++ b/op-mode-definitions/show-login.xml.in
@@ -14,12 +14,6 @@
</properties>
<command>/usr/bin/id -Gn</command>
</leafNode>
- <leafNode name="level">
- <properties>
- <help>Show current login level</help>
- </properties>
- <command>if [ -n "$VYATTA_USER_LEVEL_DIR" ]; then basename $VYATTA_USER_LEVEL_DIR; fi</command>
- </leafNode>
<leafNode name="user">
<properties>
<help>Show current login user id</help>
diff --git a/op-mode-definitions/show-qos.xml.in b/op-mode-definitions/show-qos.xml.in
index 8974e9541..12b215d8d 100644
--- a/op-mode-definitions/show-qos.xml.in
+++ b/op-mode-definitions/show-qos.xml.in
@@ -20,7 +20,7 @@
<list>&lt;interface&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/qos.py show_cake --ifname $5</command>
+ <command>${vyos_op_scripts_dir}/qos.py show_cake --ifname $5</command>
</tagNode>
</children>
</node>
@@ -28,13 +28,13 @@
<properties>
<help>Show QoS shaping information</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/qos.py show_shaper</command>
+ <command>${vyos_op_scripts_dir}/qos.py show_shaper</command>
<children>
<leafNode name="detail">
<properties>
<help>Show QoS detailed information</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/qos.py show_shaper --detail</command>
+ <command>${vyos_op_scripts_dir}/qos.py show_shaper --detail</command>
</leafNode>
<tagNode name="interface">
<properties>
@@ -44,7 +44,7 @@
<list>&lt;interface&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/qos.py show_shaper --ifname $5</command>
+ <command>${vyos_op_scripts_dir}/qos.py show_shaper --ifname $5</command>
<children>
<tagNode name="class">
<properties>
@@ -53,13 +53,13 @@
<list>&lt;class&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/qos.py show_shaper --ifname $5 --classn $7</command>
+ <command>${vyos_op_scripts_dir}/qos.py show_shaper --ifname $5 --classn $7</command>
<children>
<leafNode name="detail">
<properties>
<help>Show QoS detailed information for given class</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/qos.py show_shaper --ifname $5 --classn $7 --detail</command>
+ <command>${vyos_op_scripts_dir}/qos.py show_shaper --ifname $5 --classn $7 --detail</command>
</leafNode>
</children>
</tagNode>
@@ -67,7 +67,7 @@
<properties>
<help>Show QoS detailed information for given interface</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/qos.py show_shaper --ifname $5 --detail</command>
+ <command>${vyos_op_scripts_dir}/qos.py show_shaper --ifname $5 --detail</command>
</leafNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/show-raid.xml.in b/op-mode-definitions/show-raid.xml.in
index 2ae3fad6a..8bf394552 100644
--- a/op-mode-definitions/show-raid.xml.in
+++ b/op-mode-definitions/show-raid.xml.in
@@ -9,7 +9,7 @@
<script>${vyos_completion_dir}/list_raidset.sh</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/show_raid.sh $3</command>
+ <command>${vyos_op_scripts_dir}/show_raid.sh $3</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/show-ssh.xml.in b/op-mode-definitions/show-ssh.xml.in
index ca8e669b3..88faecada 100644
--- a/op-mode-definitions/show-ssh.xml.in
+++ b/op-mode-definitions/show-ssh.xml.in
@@ -11,7 +11,7 @@
<properties>
<help>Show SSH server dynamic-protection blocked attackers</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ssh.py show_dynamic_protection</command>
+ <command>${vyos_op_scripts_dir}/ssh.py show_dynamic_protection</command>
</node>
<node name="fingerprints">
<properties>
diff --git a/op-mode-definitions/show-system.xml.in b/op-mode-definitions/show-system.xml.in
index 6873b816b..c7b57893f 100644
--- a/op-mode-definitions/show-system.xml.in
+++ b/op-mode-definitions/show-system.xml.in
@@ -95,7 +95,7 @@
<properties>
<help>Show messages in kernel ring buffer</help>
</properties>
- <command>sudo dmesg</command>
+ <command>dmesg</command>
</leafNode>
<node name="login">
<properties>
@@ -155,31 +155,31 @@
<properties>
<help>Show user account information</help>
</properties>
- <command>${vyos_libexec_dir}/vyos-sudo.py ${vyos_op_scripts_dir}/show_users.py</command>
+ <command>${vyos_op_scripts_dir}/show_users.py</command>
<children>
<leafNode name="all">
<properties>
<help>Show information about all accounts</help>
</properties>
- <command>${vyos_libexec_dir}/vyos-sudo.py ${vyos_op_scripts_dir}/show_users.py all</command>
+ <command>${vyos_op_scripts_dir}/show_users.py all</command>
</leafNode>
<leafNode name="locked">
<properties>
<help>Show information about locked accounts</help>
</properties>
- <command>${vyos_libexec_dir}/vyos-sudo.py ${vyos_op_scripts_dir}/show_users.py locked</command>
+ <command>${vyos_op_scripts_dir}/show_users.py locked</command>
</leafNode>
<leafNode name="other">
<properties>
<help>Show information about non VyOS user accounts</help>
</properties>
- <command>${vyos_libexec_dir}/vyos-sudo.py ${vyos_op_scripts_dir}/show_users.py other</command>
+ <command>${vyos_op_scripts_dir}/show_users.py other</command>
</leafNode>
<leafNode name="vyos">
<properties>
<help>Show information about VyOS user accounts</help>
</properties>
- <command>${vyos_libexec_dir}/vyos-sudo.py ${vyos_op_scripts_dir}/show_users.py vyos</command>
+ <command>${vyos_op_scripts_dir}/show_users.py vyos</command>
</leafNode>
</children>
</node>
@@ -195,7 +195,7 @@
<properties>
<help>Show kernel cache information</help>
</properties>
- <command>sudo slabtop -o</command>
+ <command>slabtop -o</command>
</leafNode>
<leafNode name="detail">
<properties>
diff --git a/op-mode-definitions/show-techsupport_report.xml.in b/op-mode-definitions/show-techsupport_report.xml.in
index 4fd6e5d1e..c07cb3c7d 100644
--- a/op-mode-definitions/show-techsupport_report.xml.in
+++ b/op-mode-definitions/show-techsupport_report.xml.in
@@ -17,7 +17,7 @@
<properties>
<help>Show consolidated tech-support report in JSON</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/tech_support.py show --raw</command>
+ <command>${vyos_op_scripts_dir}/tech_support.py show --raw</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/show-version.xml.in b/op-mode-definitions/show-version.xml.in
index 36e68ff79..dc158673d 100644
--- a/op-mode-definitions/show-version.xml.in
+++ b/op-mode-definitions/show-version.xml.in
@@ -6,13 +6,13 @@
<properties>
<help>Show system version information</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/version.py show</command>
+ <command>${vyos_op_scripts_dir}/version.py show</command>
<children>
<leafNode name="funny">
<properties>
<help>Show system version and some fun stuff</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/version.py show --funny</command>
+ <command>${vyos_op_scripts_dir}/version.py show --funny</command>
</leafNode>
<leafNode name="all">
<properties>
diff --git a/op-mode-definitions/suricata.xml.in b/op-mode-definitions/suricata.xml.in
index ff1f84706..74e54fb9c 100644
--- a/op-mode-definitions/suricata.xml.in
+++ b/op-mode-definitions/suricata.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Update Suricata</help>
</properties>
- <command>if test -f /run/suricata/suricata.yaml; then sudo suricata-update --suricata-conf /run/suricata/suricata.yaml; sudo systemctl restart suricata; else echo "Service Suricata not configured"; fi </command>
+ <command>${vyos_op_scripts_dir}/update_suricata.sh</command>
</node>
</children>
</node>
@@ -16,7 +16,7 @@
<properties>
<help>Restart Suricata service</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name suricata</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name suricata</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/system-image.xml.in b/op-mode-definitions/system-image.xml.in
index 847029dcd..acd634286 100644
--- a/op-mode-definitions/system-image.xml.in
+++ b/op-mode-definitions/system-image.xml.in
@@ -17,7 +17,7 @@
<list>/path/to/vyos-image.iso "http://example.com/vyos-image.iso" latest</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/image_installer.py --action add --image-path "${4}"</command>
+ <command>${vyos_op_scripts_dir}/image_installer.py --action add --image-path "${4}"</command>
<children>
<tagNode name="vrf">
<properties>
@@ -26,7 +26,7 @@
<path>vrf name</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/image_installer.py --action add --image-path "${4}" --vrf "${6}"</command>
+ <command>${vyos_op_scripts_dir}/image_installer.py --action add --image-path "${4}" --vrf "${6}"</command>
<children>
<tagNode name="username">
<properties>
@@ -37,7 +37,7 @@
<properties>
<help>Password to use with authentication</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/image_installer.py --action add --image-path "${4}" --vrf "${6}" --username "${8}" --password "${10}"</command>
+ <command>${vyos_op_scripts_dir}/image_installer.py --action add --image-path "${4}" --vrf "${6}" --username "${8}" --password "${10}"</command>
</tagNode>
</children>
</tagNode>
@@ -52,7 +52,7 @@
<properties>
<help>Password to use with authentication</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/image_installer.py --action add --image-path "${4}" --username "${6}" --password "${8}"</command>
+ <command>${vyos_op_scripts_dir}/image_installer.py --action add --image-path "${4}" --username "${6}" --password "${8}"</command>
</tagNode>
</children>
</tagNode>
@@ -76,10 +76,10 @@
<properties>
<help>Set system console type at boot</help>
<completionHelp>
- <script>sudo ${vyos_op_scripts_dir}/image_manager.py --action list_console_types</script>
+ <script>${vyos_op_scripts_dir}/image_manager.py --action list_console_types</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/image_manager.py --action set_console_type --console-type "${4}"</command>
+ <command>${vyos_op_scripts_dir}/image_manager.py --action set_console_type --console-type "${4}"</command>
</tagNode>
<node name="image">
<properties>
@@ -90,16 +90,16 @@
<properties>
<help>Set default image to boot.</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/image_manager.py --action set</command>
+ <command>${vyos_op_scripts_dir}/image_manager.py --action set</command>
</node>
<tagNode name="default-boot">
<properties>
<help>Set default image to boot.</help>
<completionHelp>
- <script>sudo ${vyos_op_scripts_dir}/image_manager.py --action list</script>
+ <script>${vyos_op_scripts_dir}/image_manager.py --action list</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/image_manager.py --action set --image-name "${5}"</command>
+ <command>${vyos_op_scripts_dir}/image_manager.py --action set --image-name "${5}"</command>
</tagNode>
</children>
</node>
@@ -116,7 +116,7 @@
<properties>
<help>Install new system image to hard drive</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/image_installer.py --action install</command>
+ <command>${vyos_op_scripts_dir}/image_installer.py --action install</command>
</node>
</children>
</node>
@@ -134,16 +134,16 @@
<properties>
<help>Remove an installed image from the system</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/image_manager.py --action delete</command>
+ <command>${vyos_op_scripts_dir}/image_manager.py --action delete</command>
</node>
<tagNode name="image">
<properties>
<help>Remove an installed image from the system</help>
<completionHelp>
- <script>sudo ${vyos_op_scripts_dir}/image_manager.py --action list</script>
+ <script>${vyos_op_scripts_dir}/image_manager.py --action list</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/image_manager.py --action delete --image-name "${4}"</command>
+ <command>${vyos_op_scripts_dir}/image_manager.py --action delete --image-name "${4}"</command>
</tagNode>
</children>
</node>
@@ -163,7 +163,7 @@
<properties>
<help>System image to rename</help>
<completionHelp>
- <script>sudo ${vyos_op_scripts_dir}/image_manager.py --action list</script>
+ <script>${vyos_op_scripts_dir}/image_manager.py --action list</script>
</completionHelp>
</properties>
<children>
@@ -171,7 +171,7 @@
<properties>
<help>A new name for an image</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/image_manager.py --action rename --image-name "${4}" --image-new-name "${6}"</command>
+ <command>${vyos_op_scripts_dir}/image_manager.py --action rename --image-name "${4}" --image-new-name "${6}"</command>
</tagNode>
</children>
</tagNode>
@@ -199,7 +199,7 @@
<properties>
<help>Show details about installed VyOS images</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/image_info.py show_images_details</command>
+ <command>${vyos_op_scripts_dir}/image_info.py show_images_details</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/terminal.xml.in b/op-mode-definitions/terminal.xml.in
index 2a76de146..25b0dc046 100644
--- a/op-mode-definitions/terminal.xml.in
+++ b/op-mode-definitions/terminal.xml.in
@@ -49,7 +49,7 @@
<properties>
<help>Reconfigure console keyboard layout</help>
</properties>
- <command>sudo dpkg-reconfigure -f dialog keyboard-configuration &amp;&amp; sudo systemctl restart keyboard-setup</command>
+ <command>dpkg-reconfigure -f dialog keyboard-configuration &amp;&amp; systemctl restart keyboard-setup</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in
index 0a8671aeb..af7f12ba8 100644
--- a/op-mode-definitions/vpn-ipsec.xml.in
+++ b/op-mode-definitions/vpn-ipsec.xml.in
@@ -24,7 +24,7 @@
<properties>
<help>Reset a specific tunnel for given DMVPN profile</help>
<completionHelp>
- <script>sudo ${vyos_completion_dir}/list_ipsec_profile_tunnels.py --profile ${COMP_WORDS[4]}</script>
+ <script>${vyos_completion_dir}/list_ipsec_profile_tunnels.py --profile ${COMP_WORDS[4]}</script>
</completionHelp>
</properties>
<children>
@@ -35,10 +35,10 @@
<list>&lt;x.x.x.x&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_profile_dst --profile="$5" --tunnel="$7" --nbma-dst="$9"</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py reset_profile_dst --profile="$5" --tunnel="$7" --nbma-dst="$9"</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_profile_all --profile="$5" --tunnel="$7"</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py reset_profile_all --profile="$5" --tunnel="$7"</command>
</tagNode>
</children>
</tagNode>
@@ -51,13 +51,13 @@
<properties>
<help>Reset all users current remote access IPSec VPN sessions</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_ra</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py reset_ra</command>
</node>
<tagNode name="user">
<properties>
<help>Reset specified user current remote access IPsec VPN session(s)</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_ra --user="$6"</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py reset_ra --user="$6"</command>
</tagNode>
</children>
</node>
@@ -70,7 +70,7 @@
<properties>
<help>Reset all site-to-site IPSec VPN sessions</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_all_peers</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py reset_all_peers</command>
</node>
<tagNode name="peer">
<properties>
@@ -87,16 +87,16 @@
<path>vpn ipsec site-to-site peer ${COMP_WORDS[5]} tunnel</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" --tunnel="$8"</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" --tunnel="$8"</command>
</tagNode>
<node name="vti">
<properties>
<help>Reset the VTI tunnel for given peer</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" --tunnel="vti"</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" --tunnel="vti"</command>
</node>
</children>
- <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6"</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6"</command>
</tagNode>
</children>
</node>
@@ -112,7 +112,7 @@
<properties>
<help>Restart the IPsec VPN process</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name ipsec</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name ipsec</command>
</node>
</children>
</node>
@@ -140,13 +140,13 @@
<properties>
<help>Show debug information for peer tunnel</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="$7"</command>
+ <command>${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="$7"</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="all"</command>
+ <command>${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="all"</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="all"</command>
+ <command>${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="all"</command>
</node>
<node name="ike">
<properties>
@@ -162,16 +162,16 @@
<properties>
<help>Show all currently active IKE Security Associations (SA) that are using NAT Traversal</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --nat="yes"</command>
+ <command>${vyos_op_scripts_dir}/vpn_ike_sa.py --nat="yes"</command>
</node>
<tagNode name="peer">
<properties>
<help>Show all currently active IKE Security Associations (SA) for a peer</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --peer="$6"</command>
+ <command>${vyos_op_scripts_dir}/vpn_ike_sa.py --peer="$6"</command>
</tagNode>
</children>
- <command>sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py</command>
+ <command>${vyos_op_scripts_dir}/vpn_ike_sa.py</command>
</node>
<node name="secrets">
<properties>
@@ -183,7 +183,7 @@
<properties>
<help>Show summary of IKE process information</help>
</properties>
- <command>if systemctl is-active --quiet strongswan ; then systemctl status strongswan ; else echo "Process is not running" ; fi</command>
+ <command>systemctl status strongswan</command>
</node>
</children>
</node>
@@ -196,13 +196,13 @@
<properties>
<help>Show VPN connections</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ipsec.py show_connections</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py show_connections</command>
</node>
<node name="policy">
<properties>
<help>Show the in-kernel crypto policies</help>
</properties>
- <command>sudo ip xfrm policy list</command>
+ <command>ip xfrm policy list</command>
</node>
<node name="remote-access">
<properties>
@@ -213,25 +213,25 @@
<properties>
<help>Show detail active IKEv2 RA sessions</help>
</properties>
- <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_detail; else echo "IPsec process not running" ; fi</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py show_ra_detail</command>
</node>
<tagNode name="connection-id">
<properties>
<help>Show detail active IKEv2 RA sessions by connection-id</help>
</properties>
- <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --conn-id="$6"; else echo "IPsec process not running" ; fi</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py show_ra_detail --conn-id="$6"</command>
</tagNode>
<node name="summary">
<properties>
<help>Show active IKEv2 RA sessions summary</help>
</properties>
- <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_summary; else echo "IPsec process not running" ; fi</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py show_ra_summary; else echo "IPsec process not running"</command>
</node>
<tagNode name="username">
<properties>
<help>Show detail active IKEv2 RA sessions by username</help>
</properties>
- <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --username="$6"; else echo "IPsec process not running" ; fi</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py show_ra_detail --username="$6"</command>
</tagNode>
</children>
</node>
@@ -268,24 +268,24 @@
-->
<node name="detail">
<properties>
- <help>Show Verbose Detail on all active IPsec Security Associations (SA)</help>
+ <help>Show verbose details on all active IPsec security associations (SA)</help>
</properties>
- <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa_detail ; else echo "IPsec process not running" ; fi</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py show_sa_detail</command>
</node>
</children>
- <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py show_sa</command>
</node>
<node name="state">
<properties>
<help>Show the in-kernel crypto state</help>
</properties>
- <command>sudo ip xfrm state list</command>
+ <command>ip xfrm state list</command>
</node>
<node name="status">
<properties>
<help>Show status of IPsec process</help>
</properties>
- <command>if systemctl is-active --quiet strongswan >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command>
+ <command>/usr/sbin/ipsec status</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/vrrp.xml.in b/op-mode-definitions/vrrp.xml.in
index fb777b2e4..ae204602f 100644
--- a/op-mode-definitions/vrrp.xml.in
+++ b/op-mode-definitions/vrrp.xml.in
@@ -11,13 +11,13 @@
<properties>
<help>Show VRRP statistics</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/vrrp.py show_statistics --group-name="$3"</command>
+ <command>${vyos_op_scripts_dir}/vrrp.py show_statistics --group-name="$3"</command>
</node>
<node name="detail">
<properties>
<help>Show detailed VRRP state information</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/vrrp.py show_detail --group-name="$3"</command>
+ <command>${vyos_op_scripts_dir}/vrrp.py show_detail --group-name="$3"</command>
</node>
</children>
</tagNode>
@@ -25,19 +25,19 @@
<properties>
<help>Show VRRP (Virtual Router Redundancy Protocol) information</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/vrrp.py show_summary</command>
+ <command>${vyos_op_scripts_dir}/vrrp.py show_summary</command>
<children>
<node name="statistics">
<properties>
<help>Show VRRP statistics</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/vrrp.py show_statistics</command>
+ <command>${vyos_op_scripts_dir}/vrrp.py show_statistics</command>
</node>
<node name="detail">
<properties>
<help>Show detailed VRRP state information</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/vrrp.py show_detail</command>
+ <command>${vyos_op_scripts_dir}/vrrp.py show_detail</command>
</node>
</children>
</node>
@@ -49,7 +49,7 @@
<properties>
<help>Restart VRRP (Virtual Router Redundancy Protocol) process</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name vrrp</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name vrrp</command>
</node>
</children>
</node>
diff --git a/op-mode-definitions/wake-on-lan.xml.in b/op-mode-definitions/wake-on-lan.xml.in
index d4589c868..bec12dae6 100644
--- a/op-mode-definitions/wake-on-lan.xml.in
+++ b/op-mode-definitions/wake-on-lan.xml.in
@@ -19,7 +19,7 @@
<properties>
<help>Station (MAC) address to wake up</help>
</properties>
- <command>sudo /usr/sbin/etherwake -i "$4" "$6"</command>
+ <command>/usr/sbin/etherwake -i "$4" "$6"</command>
</tagNode>
</children>
</tagNode>
diff --git a/op-mode-definitions/webproxy.xml.in b/op-mode-definitions/webproxy.xml.in
index ba13907b8..76c348f9d 100644
--- a/op-mode-definitions/webproxy.xml.in
+++ b/op-mode-definitions/webproxy.xml.in
@@ -14,13 +14,13 @@
<properties>
<help>Monitor the last lines of the Webproxy access log</help>
</properties>
- <command>if [ -f /var/log/squid/access.log ]; then sudo tail --follow=name /var/log/squid/access.log; else echo "WebProxy access-log does not exist"; fi</command>
+ <command>if [ -f /var/log/squid/access.log ]; then tail --follow=name /var/log/squid/access.log; else echo "WebProxy access-log does not exist"; fi</command>
</leafNode>
<leafNode name="cache-log">
<properties>
<help>Monitor the last lines of the Webproxy cache log</help>
</properties>
- <command>if [ -f /var/log/squid/cache.log ]; then sudo tail --follow=name /var/log/squid/cache.log; else echo "WebProxy cache-log does not exist"; fi</command>
+ <command>if [ -f /var/log/squid/cache.log ]; then tail --follow=name /var/log/squid/cache.log; else echo "WebProxy cache-log does not exist"; fi</command>
</leafNode>
</children>
</node>
@@ -34,7 +34,7 @@
<properties>
<help>Restart WebProxy service</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name webproxy</command>
+ <command>${vyos_op_scripts_dir}/restart.py restart_service --name webproxy</command>
</node>
</children>
</node>
@@ -63,7 +63,7 @@
<properties>
<help>Show contents of WebProxy access log</help>
</properties>
- <command>if [ -e /var/log/squid/access.log ]; then sudo less $_vyatta_less_options --prompt="file %i of %m, page %dt of %D" -- `printf "%s\n" /var/log/squid/access.log* | sort -nr`; else echo "No WebProxy log"; fi</command>
+ <command>if [ -e /var/log/squid/access.log ]; then less $_vyatta_less_options --prompt="file %i of %m, page %dt of %D" -- `printf "%s\n" /var/log/squid/access.log* | sort -nr`; else echo "No WebProxy log"; fi</command>
</node>
<node name="update-log">
<properties>
@@ -86,7 +86,7 @@
<properties>
<help>Update the webproxy blacklist database</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/webproxy_update_blacklist.sh --update-blacklist</command>
+ <command>${vyos_op_scripts_dir}/webproxy_update_blacklist.sh --update-blacklist</command>
<children>
<tagNode name="vrf">
<properties>
@@ -95,7 +95,7 @@
<path>vrf name</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/webproxy_update_blacklist.sh --update-blacklist --vrf "${5}" </command>
+ <command>${vyos_op_scripts_dir}/webproxy_update_blacklist.sh --update-blacklist --vrf "${5}" </command>
</tagNode>
</children>
</node>
diff --git a/python/vyos/config_mgmt.py b/python/vyos/config_mgmt.py
index 186fdd223..23eb3666e 100644
--- a/python/vyos/config_mgmt.py
+++ b/python/vyos/config_mgmt.py
@@ -44,6 +44,7 @@ from vyos.utils.io import ask_yes_no
from vyos.utils.boot import boot_configuration_complete
from vyos.utils.process import is_systemd_service_active
from vyos.utils.process import rc_cmd
+from vyos.defaults import DEFAULT_COMMIT_CONFIRM_MINUTES
SAVE_CONFIG = '/usr/libexec/vyos/vyos-save-config.py'
config_json = '/run/vyatta/config/config.json'
@@ -56,7 +57,6 @@ commit_hooks = {
'commit_archive': '02vyos-commit-archive',
}
-DEFAULT_TIME_MINUTES = 10
timer_name = 'commit-confirm'
config_file = os.path.join(directories['config'], 'config.boot')
@@ -183,7 +183,7 @@ class ConfigMgmt:
# Console script functions
#
def commit_confirm(
- self, minutes: int = DEFAULT_TIME_MINUTES, no_prompt: bool = False
+ self, minutes: int = DEFAULT_COMMIT_CONFIRM_MINUTES, no_prompt: bool = False
) -> Tuple[str, int]:
"""Commit with reload/reboot to saved config in 'minutes' minutes if
'confirm' call is not issued.
@@ -807,7 +807,7 @@ def run():
'-t',
dest='minutes',
type=int,
- default=DEFAULT_TIME_MINUTES,
+ default=DEFAULT_COMMIT_CONFIRM_MINUTES,
help="Minutes until reboot, unless 'confirm'",
)
commit_confirm.add_argument(
diff --git a/python/vyos/configsession.py b/python/vyos/configsession.py
index 4e0dd23a4..7af2cb333 100644
--- a/python/vyos/configsession.py
+++ b/python/vyos/configsession.py
@@ -25,6 +25,7 @@ from vyos.utils.boot import boot_configuration_complete
from vyos.utils.backend import vyconf_backend
from vyos.vyconf_session import VyconfSession
from vyos.base import Warning as Warn
+from vyos.defaults import DEFAULT_COMMIT_CONFIRM_MINUTES
CLI_SHELL_API = '/bin/cli-shell-api'
@@ -32,6 +33,8 @@ SET = '/opt/vyatta/sbin/my_set'
DELETE = '/opt/vyatta/sbin/my_delete'
COMMENT = '/opt/vyatta/sbin/my_comment'
COMMIT = '/opt/vyatta/sbin/my_commit'
+COMMIT_CONFIRM = ['/usr/bin/config-mgmt', 'commit_confirm', '-y']
+CONFIRM = ['/usr/bin/config-mgmt', 'confirm']
DISCARD = '/opt/vyatta/sbin/my_discard'
SHOW_CONFIG = ['/bin/cli-shell-api', 'showConfig']
LOAD_CONFIG = ['/bin/cli-shell-api', 'loadFile']
@@ -143,7 +146,7 @@ class ConfigSession(object):
The write API of VyOS.
"""
- def __init__(self, session_id, app=APP):
+ def __init__(self, session_id, app=APP, shared=False):
"""
Creates a new config session.
@@ -184,7 +187,11 @@ class ConfigSession(object):
else:
self._vyconf_session = None
+ self.shared = shared
+
def __del__(self):
+ if self.shared:
+ return
if self._vyconf_session is None:
try:
output = (
@@ -300,6 +307,22 @@ class ConfigSession(object):
return out
+ def commit_confirm(self, minutes: int = DEFAULT_COMMIT_CONFIRM_MINUTES):
+ if self._vyconf_session is None:
+ out = self.__run_command(COMMIT_CONFIRM + [f'-t {minutes}'])
+ else:
+ out = 'unimplemented'
+
+ return out
+
+ def confirm(self):
+ if self._vyconf_session is None:
+ out = self.__run_command(CONFIRM)
+ else:
+ out = 'unimplemented'
+
+ return out
+
def discard(self):
if self._vyconf_session is None:
self.__run_command([DISCARD])
@@ -344,7 +367,7 @@ class ConfigSession(object):
if self._vyconf_session is None:
out = self.__run_command(MERGE_CONFIG + [file_path])
else:
- out, _ = 'unimplemented'
+ out = 'unimplemented'
return out
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index e42d92112..f84b14040 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -82,3 +82,9 @@ rt_global_vrf = rt_symbolic_names['main']
rt_global_table = rt_symbolic_names['main']
vyconfd_conf = '/etc/vyos/vyconfd.conf'
+
+DEFAULT_COMMIT_CONFIRM_MINUTES = 10
+
+commit_hooks = {'pre': '/etc/commit/pre-hooks.d',
+ 'post': '/etc/commit/post-hooks.d'
+ }
diff --git a/python/vyos/frrender.py b/python/vyos/frrender.py
index 73d6dd5f0..d9e409cb4 100644
--- a/python/vyos/frrender.py
+++ b/python/vyos/frrender.py
@@ -543,6 +543,21 @@ def get_frrender_dict(conf, argv=None) -> dict:
elif conf.exists_effective(ospfv3_vrf_path):
vrf['name'][vrf_name]['protocols'].update({'ospfv3' : {'deleted' : ''}})
+ # We need to check the CLI if the RPKI node is present and thus load in all the default
+ # values present on the CLI - that's why we have if conf.exists()
+ rpki_vrf_path = ['vrf', 'name', vrf_name, 'protocols', 'rpki']
+ if 'rpki' in vrf_config.get('protocols', []):
+ rpki = conf.get_config_dict(rpki_vrf_path, key_mangling=('-', '_'), get_first_key=True,
+ with_pki=True, with_recursive_defaults=True)
+ rpki_ssh_key_base = '/run/frr/id_rpki'
+ for cache, cache_config in rpki.get('cache',{}).items():
+ if 'ssh' in cache_config:
+ cache_config['ssh']['public_key_file'] = f'{rpki_ssh_key_base}_{cache}.pub'
+ cache_config['ssh']['private_key_file'] = f'{rpki_ssh_key_base}_{cache}'
+ vrf['name'][vrf_name]['protocols'].update({'rpki' : rpki})
+ elif conf.exists_effective(rpki_vrf_path):
+ vrf['name'][vrf_name]['protocols'].update({'rpki' : {'deleted' : ''}})
+
# We need to check the CLI if the static node is present and thus load in all the default
# values present on the CLI - that's why we have if conf.exists()
static_vrf_path = ['vrf', 'name', vrf_name, 'protocols', 'static']
@@ -675,7 +690,7 @@ class FRRender:
output += render_to_string('frr/ripngd.frr.j2', config_dict['ripng'])
output += '\n'
if 'rpki' in config_dict and 'deleted' not in config_dict['rpki']:
- output += render_to_string('frr/rpki.frr.j2', config_dict['rpki'])
+ output += render_to_string('frr/rpki.frr.j2', {'rpki': config_dict['rpki']})
output += '\n'
if 'segment_routing' in config_dict and 'deleted' not in config_dict['segment_routing']:
output += render_to_string('frr/zebra.segment_routing.frr.j2', config_dict['segment_routing'])
diff --git a/python/vyos/utils/commit.py b/python/vyos/utils/commit.py
index 9167c78d2..fc259dadb 100644
--- a/python/vyos/utils/commit.py
+++ b/python/vyos/utils/commit.py
@@ -101,3 +101,30 @@ def release_commit_lock_file(file_descr):
return
fcntl.lockf(file_descr, fcntl.LOCK_UN)
file_descr.close()
+
+
+def call_commit_hooks(which: str):
+ import re
+ import os
+ from pathlib import Path
+ from vyos.defaults import commit_hooks
+ from vyos.utils.process import rc_cmd
+
+ if which not in list(commit_hooks):
+ raise ValueError(f'no entry {which} in commit_hooks')
+
+ hook_dir = commit_hooks[which]
+ file_list = list(Path(hook_dir).glob('*'))
+ regex = re.compile('^[a-zA-Z0-9._-]+$')
+ hook_list = sorted([str(f) for f in file_list if regex.match(f.name)])
+ err = False
+ out = ''
+ for runf in hook_list:
+ try:
+ e, o = rc_cmd(runf)
+ except FileNotFoundError:
+ continue
+ err = err | bool(e)
+ out = out + o
+
+ return out, int(err)
diff --git a/python/vyos/vyconf_session.py b/python/vyos/vyconf_session.py
index 4250f0cfb..3cf847b6c 100644
--- a/python/vyos/vyconf_session.py
+++ b/python/vyos/vyconf_session.py
@@ -29,6 +29,7 @@ from vyos.utils.session import in_config_session
from vyos.proto.vyconf_proto import Errnum
from vyos.utils.commit import acquire_commit_lock_file
from vyos.utils.commit import release_commit_lock_file
+from vyos.utils.commit import call_commit_hooks
class VyconfSessionError(Exception):
@@ -145,10 +146,14 @@ class VyconfSession:
if lock_fd is None:
return out, Errnum.COMMIT_IN_PROGRESS
+ pre_out, _ = call_commit_hooks('pre')
out = vyconf_client.send_request('commit', token=self.__token)
+ os.environ['COMMIT_STATUS'] = 'FAILURE' if out.status else 'SUCCESS'
+ post_out, _ = call_commit_hooks('post')
+
release_commit_lock_file(lock_fd)
- return self.output(out), out.status
+ return pre_out + self.output(out) + post_out, out.status
@raise_exception
@config_mode
diff --git a/smoketest/config-tests/conntrack-basic b/smoketest/config-tests/conntrack-basic
new file mode 100644
index 000000000..8c375d244
--- /dev/null
+++ b/smoketest/config-tests/conntrack-basic
@@ -0,0 +1,35 @@
+set firewall global-options timeout icmp '30'
+set firewall global-options timeout other '600'
+set firewall global-options timeout udp other '300'
+set firewall global-options timeout udp stream '300'
+set interfaces ethernet eth0 vif 5 address '192.0.2.1/24'
+set interfaces ethernet eth1 vif 7 description 'FTTH-PPPoE'
+set nat source rule 100 log
+set nat source rule 100 outbound-interface name 'pppoe0'
+set nat source rule 100 source address '192.0.2.0/24'
+set nat source rule 100 translation address 'masquerade'
+set service ntp allow-client address '172.16.0.0/12'
+set service ntp server 0.pool.ntp.org
+set service ntp server 1.pool.ntp.org
+set service ntp server 2.pool.ntp.org
+set system config-management commit-revisions '200'
+set system conntrack expect-table-size '2048'
+set system conntrack hash-size '1024'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system conntrack table-size '262144'
+set system conntrack timeout
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.net'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
+set system login user vyos authentication plaintext-password ''
+set system name-server '172.16.254.30'
+set system syslog local facility all level 'debug'
+set system syslog local facility local7 level 'debug'
+set system syslog remote 172.16.100.1 facility all level 'warning'
diff --git a/smoketest/configs/conntrack-basic b/smoketest/configs/conntrack-basic
new file mode 100644
index 000000000..8ecb78aeb
--- /dev/null
+++ b/smoketest/configs/conntrack-basic
@@ -0,0 +1,92 @@
+interfaces {
+ ethernet eth0 {
+ duplex auto
+ speed auto
+ vif 5 {
+ address 192.0.2.1/24
+ }
+ }
+ ethernet eth1 {
+ vif 7 {
+ description FTTH-PPPoE
+ }
+ }
+}
+nat {
+ source {
+ rule 100 {
+ log
+ outbound-interface pppoe0
+ source {
+ address 192.0.2.0/24
+ }
+ translation {
+ address masquerade
+ }
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 200
+ }
+ conntrack {
+ expect-table-size 2048
+ hash-size 1023
+ table-size 262144
+ timeout {
+ icmp 30
+ other 600
+ udp {
+ other 300
+ stream 300
+ }
+ }
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ domain-name vyos.net
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
+ plaintext-password ""
+ }
+ }
+ }
+ name-server 172.16.254.30
+ ntp {
+ allow-clients {
+ address 172.16.0.0/12
+ }
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level debug
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ host 172.16.100.1 {
+ facility all {
+ level warning
+ }
+ }
+ }
+}
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3-beta-202101091250
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index 0b2287f74..2d850dfdf 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -785,7 +785,9 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
['ct state invalid', 'ether type arp', 'accept'],
['ct state invalid', 'ether type 8021q', 'accept'],
['ct state invalid', 'ether type 8021ad', 'accept'],
+ ['ct state invalid', 'ether type 0x8863', 'accept'],
['ct state invalid', 'ether type 0x8864', 'accept'],
+ ['ct state invalid', 'ether type 0x0842', 'accept'],
['chain VYOS_PREROUTING_filter'],
['type filter hook prerouting priority filter; policy accept;'],
['ip6 daddr @A6_AGV6', 'notrack'],
diff --git a/smoketest/scripts/cli/test_interfaces_openvpn.py b/smoketest/scripts/cli/test_interfaces_openvpn.py
index e087b8735..42c5ba848 100755
--- a/smoketest/scripts/cli/test_interfaces_openvpn.py
+++ b/smoketest/scripts/cli/test_interfaces_openvpn.py
@@ -826,7 +826,6 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
gw_subnet = "192.168.0.1"
self.cli_set(['interfaces', 'bridge', br_if, 'member', 'interface', vtun_if])
- self.cli_set(path + ['device-type', 'tap'])
self.cli_set(path + ['encryption', 'data-ciphers', 'aes192'])
self.cli_set(path + ['hash', auth_hash])
self.cli_set(path + ['mode', 'server'])
@@ -840,6 +839,10 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
self.cli_set(path + ['tls', 'certificate', 'ovpn_test'])
self.cli_set(path + ['tls', 'dh-params', 'ovpn_test'])
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+
+ self.cli_set(path + ['device-type', 'tap'])
self.cli_commit()
config_file = f'/run/openvpn/{vtun_if}.conf'
diff --git a/smoketest/scripts/cli/test_protocols_ospf.py b/smoketest/scripts/cli/test_protocols_ospf.py
index ea55fa031..fc59171e4 100755
--- a/smoketest/scripts/cli/test_protocols_ospf.py
+++ b/smoketest/scripts/cli/test_protocols_ospf.py
@@ -574,5 +574,23 @@ class TestProtocolsOSPF(VyOSUnitTestSHIM.TestCase):
self.assertIn(f'router ospf', frrconfig)
self.assertIn(f' network {network} area {area1}', frrconfig)
+ def test_ospf_18_area_translate_no_summary(self):
+ area = '11'
+ area_type = 'nssa'
+ network = '100.64.0.0/10'
+
+ self.cli_set(base_path + ['area', area, 'area-type', area_type, 'no-summary'])
+ self.cli_set(base_path + ['area', area, 'area-type', area_type, 'translate', 'never'])
+ self.cli_set(base_path + ['area', area, 'network', network])
+
+ # commit changes
+ self.cli_commit()
+
+ # Verify FRR ospfd configuration
+ frrconfig = self.getFRRconfig('router ospf', endsection='^exit')
+ self.assertIn(f'router ospf', frrconfig)
+ self.assertIn(f' area {area} {area_type} translate-never no-summary', frrconfig)
+ self.assertIn(f' network {network} area {area}', frrconfig)
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_protocols_rpki.py b/smoketest/scripts/cli/test_protocols_rpki.py
index 0addf7fee..5ea257088 100755
--- a/smoketest/scripts/cli/test_protocols_rpki.py
+++ b/smoketest/scripts/cli/test_protocols_rpki.py
@@ -25,6 +25,11 @@ from vyos.utils.file import read_file
from vyos.utils.process import process_named_running
base_path = ['protocols', 'rpki']
+base_frr_config_args = {'string': 'rpki', 'endsection': '^exit'}
+vrf = 'blue'
+vrf_path = ['vrf', 'name', vrf]
+vrf_frr_config_args = {'string': f'vrf {vrf}', 'endsection':'^exit-vrf',
+ 'substring': ' rpki', 'endsubsection': '^ exit'}
rpki_key_name = 'rpki-smoketest'
rpki_key_type = 'ssh-rsa'
@@ -112,14 +117,19 @@ class TestProtocolsRPKI(VyOSUnitTestSHIM.TestCase):
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
cls.cli_delete(cls, base_path)
+ cls.cli_delete(cls, vrf_path)
# Enable CSTORE guard time required by FRR related tests
cls._commit_guard_time = CSTORE_GUARD_TIME
def tearDown(self):
self.cli_delete(base_path)
+ self.cli_delete(vrf_path)
self.cli_commit()
- frrconfig = self.getFRRconfig('rpki', endsection='^exit')
+ frrconfig = self.getFRRconfig(**base_frr_config_args)
+ self.assertNotIn(f'rpki', frrconfig)
+
+ frrconfig = self.getFRRconfig(**vrf_frr_config_args)
self.assertNotIn(f'rpki', frrconfig)
# check process health and continuity
@@ -144,27 +154,33 @@ class TestProtocolsRPKI(VyOSUnitTestSHIM.TestCase):
},
}
- self.cli_set(base_path + ['expire-interval', expire_interval])
- self.cli_set(base_path + ['polling-period', polling_period])
- self.cli_set(base_path + ['retry-interval', retry_interval])
+ for test_set in [ {'path': base_path, 'frrargs': base_frr_config_args},
+ {'path': vrf_path + base_path, 'frrargs': vrf_frr_config_args} ]:
- for peer, peer_config in cache.items():
- self.cli_set(base_path + ['cache', peer, 'port', peer_config['port']])
- self.cli_set(base_path + ['cache', peer, 'preference', peer_config['preference']])
+ if 'vrf' in test_set['path']:
+ self.cli_set(vrf_path + ['table', '1000'])
- # commit changes
- self.cli_commit()
+ self.cli_set(test_set['path'] + ['expire-interval', expire_interval])
+ self.cli_set(test_set['path'] + ['polling-period', polling_period])
+ self.cli_set(test_set['path'] + ['retry-interval', retry_interval])
+
+ for peer, peer_config in cache.items():
+ self.cli_set(test_set['path'] + ['cache', peer, 'port', peer_config['port']])
+ self.cli_set(test_set['path'] + ['cache', peer, 'preference', peer_config['preference']])
+
+ # commit changes
+ self.cli_commit()
- # Verify FRR configuration
- frrconfig = self.getFRRconfig('rpki', endsection='^exit')
- self.assertIn(f'rpki expire_interval {expire_interval}', frrconfig)
- self.assertIn(f'rpki polling_period {polling_period}', frrconfig)
- self.assertIn(f'rpki retry_interval {retry_interval}', frrconfig)
+ # Verify FRR configuration
+ frrconfig = self.getFRRconfig(**test_set['frrargs'])
+ self.assertIn(f'rpki expire_interval {expire_interval}', frrconfig)
+ self.assertIn(f'rpki polling_period {polling_period}', frrconfig)
+ self.assertIn(f'rpki retry_interval {retry_interval}', frrconfig)
- for peer, peer_config in cache.items():
- port = peer_config['port']
- preference = peer_config['preference']
- self.assertIn(f'rpki cache tcp {peer} {port} preference {preference}', frrconfig)
+ for peer, peer_config in cache.items():
+ port = peer_config['port']
+ preference = peer_config['preference']
+ self.assertIn(f'rpki cache tcp {peer} {port} preference {preference}', frrconfig)
def test_rpki_ssh(self):
polling = '7200'
@@ -185,28 +201,34 @@ class TestProtocolsRPKI(VyOSUnitTestSHIM.TestCase):
self.cli_set(['pki', 'openssh', rpki_key_name, 'public', 'key', rpki_ssh_pub.replace('\n','')])
self.cli_set(['pki', 'openssh', rpki_key_name, 'public', 'type', rpki_key_type])
- for cache_name, cache_config in cache.items():
- self.cli_set(base_path + ['cache', cache_name, 'port', cache_config['port']])
- self.cli_set(base_path + ['cache', cache_name, 'preference', cache_config['preference']])
- self.cli_set(base_path + ['cache', cache_name, 'ssh', 'username', cache_config['username']])
- self.cli_set(base_path + ['cache', cache_name, 'ssh', 'key', rpki_key_name])
+ for test_set in [ {'path': base_path, 'frrargs': base_frr_config_args},
+ {'path': vrf_path + base_path, 'frrargs': vrf_frr_config_args} ]:
- # commit changes
- self.cli_commit()
+ if 'vrf' in test_set['path']:
+ self.cli_set(vrf_path + ['table', '1000'])
+
+ for cache_name, cache_config in cache.items():
+ self.cli_set(test_set['path'] + ['cache', cache_name, 'port', cache_config['port']])
+ self.cli_set(test_set['path'] + ['cache', cache_name, 'preference', cache_config['preference']])
+ self.cli_set(test_set['path'] + ['cache', cache_name, 'ssh', 'username', cache_config['username']])
+ self.cli_set(test_set['path'] + ['cache', cache_name, 'ssh', 'key', rpki_key_name])
+
+ # commit changes
+ self.cli_commit()
- # Verify FRR configuration
- frrconfig = self.getFRRconfig('rpki', endsection='^exit')
- for cache_name, cache_config in cache.items():
- port = cache_config['port']
- preference = cache_config['preference']
- username = cache_config['username']
- self.assertIn(f'rpki cache ssh {cache_name} {port} {username} /run/frr/id_rpki_{cache_name} /run/frr/id_rpki_{cache_name}.pub preference {preference}', frrconfig)
+ # Verify FRR configuration
+ frrconfig = self.getFRRconfig(**test_set['frrargs'])
+ for cache_name, cache_config in cache.items():
+ port = cache_config['port']
+ preference = cache_config['preference']
+ username = cache_config['username']
+ self.assertIn(f'rpki cache ssh {cache_name} {port} {username} /run/frr/id_rpki_{cache_name} /run/frr/id_rpki_{cache_name}.pub preference {preference}', frrconfig)
- # Verify content of SSH keys
- tmp = read_file(f'/run/frr/id_rpki_{cache_name}')
- self.assertIn(rpki_ssh_key.replace('\n',''), tmp)
- tmp = read_file(f'/run/frr/id_rpki_{cache_name}.pub')
- self.assertIn(rpki_ssh_pub.replace('\n',''), tmp)
+ # Verify content of SSH keys
+ tmp = read_file(f'/run/frr/id_rpki_{cache_name}')
+ self.assertIn(rpki_ssh_key.replace('\n',''), tmp)
+ tmp = read_file(f'/run/frr/id_rpki_{cache_name}.pub')
+ self.assertIn(rpki_ssh_pub.replace('\n',''), tmp)
# Change OpenSSH key and verify it was properly written to filesystem
self.cli_set(['pki', 'openssh', rpki_key_name, 'private', 'key', rpki_ssh_key_replacement.replace('\n','')])
@@ -214,17 +236,21 @@ class TestProtocolsRPKI(VyOSUnitTestSHIM.TestCase):
# commit changes
self.cli_commit()
- for cache_name, cache_config in cache.items():
- port = cache_config['port']
- preference = cache_config['preference']
- username = cache_config['username']
- self.assertIn(f'rpki cache ssh {cache_name} {port} {username} /run/frr/id_rpki_{cache_name} /run/frr/id_rpki_{cache_name}.pub preference {preference}', frrconfig)
+ for test_set in [ {'path': base_path, 'frrargs': base_frr_config_args},
+ {'path': vrf_path + base_path, 'frrargs': vrf_frr_config_args} ]:
- # Verify content of SSH keys
- tmp = read_file(f'/run/frr/id_rpki_{cache_name}')
- self.assertIn(rpki_ssh_key_replacement.replace('\n',''), tmp)
- tmp = read_file(f'/run/frr/id_rpki_{cache_name}.pub')
- self.assertIn(rpki_ssh_pub_replacement.replace('\n',''), tmp)
+ frrconfig = self.getFRRconfig(**test_set['frrargs'])
+ for cache_name, cache_config in cache.items():
+ port = cache_config['port']
+ preference = cache_config['preference']
+ username = cache_config['username']
+ self.assertIn(f'rpki cache ssh {cache_name} {port} {username} /run/frr/id_rpki_{cache_name} /run/frr/id_rpki_{cache_name}.pub preference {preference}', frrconfig)
+
+ # Verify content of SSH keys
+ tmp = read_file(f'/run/frr/id_rpki_{cache_name}')
+ self.assertIn(rpki_ssh_key_replacement.replace('\n',''), tmp)
+ tmp = read_file(f'/run/frr/id_rpki_{cache_name}.pub')
+ self.assertIn(rpki_ssh_pub_replacement.replace('\n',''), tmp)
self.cli_delete(['pki', 'openssh'])
@@ -240,13 +266,19 @@ class TestProtocolsRPKI(VyOSUnitTestSHIM.TestCase):
},
}
- for peer, peer_config in cache.items():
- self.cli_set(base_path + ['cache', peer, 'port', peer_config['port']])
- self.cli_set(base_path + ['cache', peer, 'preference', peer_config['preference']])
+ for test_set in [ {'path': base_path, 'frrargs': base_frr_config_args},
+ {'path': vrf_path + base_path, 'frrargs': vrf_frr_config_args} ]:
- # check validate() - preferences must be unique
- with self.assertRaises(ConfigSessionError):
- self.cli_commit()
+ if 'vrf' in test_set['path']:
+ self.cli_set(vrf_path + ['table', '1000'])
+
+ for peer, peer_config in cache.items():
+ self.cli_set(test_set['path'] + ['cache', peer, 'port', peer_config['port']])
+ self.cli_set(test_set['path'] + ['cache', peer, 'preference', peer_config['preference']])
+
+ # check validate() - preferences must be unique
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
def test_rpki_source_address(self):
peer = '192.0.2.1'
@@ -257,31 +289,38 @@ class TestProtocolsRPKI(VyOSUnitTestSHIM.TestCase):
self.cli_set(['interfaces', 'ethernet', 'eth0', 'address', f'{source_address}/24'])
- # Configure a TCP cache server
- self.cli_set(base_path + ['cache', peer, 'port', port])
- self.cli_set(base_path + ['cache', peer, 'preference', preference])
- self.cli_set(base_path + ['cache', peer, 'source-address', source_address])
- self.cli_commit()
- # Verify FRR configuration
- frrconfig = self.getFRRconfig('rpki')
- self.assertIn(f'rpki cache tcp {peer} {port} source {source_address} preference {preference}', frrconfig)
+ for test_set in [ {'path': base_path, 'frrargs': base_frr_config_args},
+ {'path': vrf_path + base_path, 'frrargs': vrf_frr_config_args} ]:
- self.cli_set(['pki', 'openssh', rpki_key_name, 'private', 'key', rpki_ssh_key.replace('\n', '')])
- self.cli_set(['pki', 'openssh', rpki_key_name, 'public', 'key', rpki_ssh_pub.replace('\n', '')])
- self.cli_set(['pki', 'openssh', rpki_key_name, 'public', 'type', rpki_key_type])
+ if 'vrf' in test_set['path']:
+ self.cli_set(vrf_path + ['table', '1000'])
- # Configure a SSH cache server
- self.cli_set(base_path + ['cache', peer, 'ssh', 'username', username])
- self.cli_set(base_path + ['cache', peer, 'ssh', 'key', rpki_key_name])
- self.cli_commit()
+ # Configure a TCP cache server
+ self.cli_set(test_set['path'] + ['cache', peer, 'port', port])
+ self.cli_set(test_set['path'] + ['cache', peer, 'preference', preference])
+ self.cli_set(test_set['path'] + ['cache', peer, 'source-address', source_address])
+ self.cli_commit()
+
+ # Verify FRR configuration
+ frrconfig = self.getFRRconfig(**test_set['frrargs'])
+ self.assertIn(f'rpki cache tcp {peer} {port} source {source_address} preference {preference}', frrconfig)
+
+ self.cli_set(['pki', 'openssh', rpki_key_name, 'private', 'key', rpki_ssh_key.replace('\n', '')])
+ self.cli_set(['pki', 'openssh', rpki_key_name, 'public', 'key', rpki_ssh_pub.replace('\n', '')])
+ self.cli_set(['pki', 'openssh', rpki_key_name, 'public', 'type', rpki_key_type])
+
+ # Configure a SSH cache server
+ self.cli_set(test_set['path'] + ['cache', peer, 'ssh', 'username', username])
+ self.cli_set(test_set['path'] + ['cache', peer, 'ssh', 'key', rpki_key_name])
+ self.cli_commit()
- # Verify FRR configuration
- frrconfig = self.getFRRconfig('rpki')
- self.assertIn(
- f'rpki cache ssh {peer} {port} {username} /run/frr/id_rpki_{peer} /run/frr/id_rpki_{peer}.pub source {source_address} preference {preference}',
- frrconfig,
- )
+ # Verify FRR configuration
+ frrconfig = self.getFRRconfig(**test_set['frrargs'])
+ self.assertIn(
+ f'rpki cache ssh {peer} {port} {username} /run/frr/id_rpki_{peer} /run/frr/id_rpki_{peer}.pub source {source_address} preference {preference}',
+ frrconfig,
+ )
if __name__ == '__main__':
diff --git a/smoketest/scripts/cli/test_qos.py b/smoketest/scripts/cli/test_qos.py
index 231743344..b3ed7f6dc 100755
--- a/smoketest/scripts/cli/test_qos.py
+++ b/smoketest/scripts/cli/test_qos.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2022-2023 VyOS maintainers and contributors
+# Copyright (C) 2022-2025 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -355,10 +355,10 @@ class TestQoS(VyOSUnitTestSHIM.TestCase):
tc_details = get_tc_filter_details(interface, 'ingress')
self.assertTrue('filter parent ffff: protocol all pref 20 u32 chain 0' in tc_details)
- self.assertTrue('rate 1Gbit burst 15125b mtu 2Kb action drop overhead 0b linklayer ethernet' in tc_details)
+ self.assertTrue('rate 1Gbit burst 15Kb mtu 2Kb action drop overhead 0b linklayer ethernet' in tc_details)
self.assertTrue('filter parent ffff: protocol all pref 15 u32 chain 0' in tc_details)
- self.assertTrue('rate 3Gbit burst 102000b mtu 1600b action pipe/continue overhead 0b linklayer ethernet' in tc_details)
- self.assertTrue('rate 500Mbit burst 204687b mtu 3000b action drop overhead 0b linklayer ethernet' in tc_details)
+ self.assertTrue('rate 3Gbit burst 100Kb mtu 1600b action pipe/continue overhead 0b linklayer ethernet' in tc_details)
+ self.assertTrue('rate 500Mbit burst 200Kb mtu 3000b action drop overhead 0b linklayer ethernet' in tc_details)
self.assertTrue('filter parent ffff: protocol all pref 255 basic chain 0' in tc_details)
def test_06_network_emulator(self):
@@ -773,7 +773,7 @@ class TestQoS(VyOSUnitTestSHIM.TestCase):
tc_filters = cmd(f'tc filter show dev {self._interfaces[0]} ingress')
# class 100
self.assertIn('filter parent ffff: protocol all pref 20 fw chain 0', tc_filters)
- self.assertIn('action order 1: police 0x1 rate 20Gbit burst 3847500b mtu 2Kb action drop overhead 0b', tc_filters)
+ self.assertIn('action order 1: police 0x1 rate 20Gbit burst 3760Kb mtu 2Kb action drop overhead 0b', tc_filters)
# default
self.assertIn('filter parent ffff: protocol all pref 255 basic chain 0', tc_filters)
self.assertIn('action order 1: police 0x2 rate 1Gbit burst 125000000b mtu 2Kb action drop overhead 0b', tc_filters)
@@ -1232,7 +1232,7 @@ class TestQoS(VyOSUnitTestSHIM.TestCase):
# class 100
self.assertIn('filter parent ffff: protocol all pref 20 basic chain 0', tc_filters)
self.assertIn(f'meta(rt_iif eq {iif})', tc_filters)
- self.assertIn('action order 1: police 0x1 rate 20Gbit burst 3847500b mtu 2Kb action drop overhead 0b', tc_filters)
+ self.assertIn('action order 1: police 0x1 rate 20Gbit burst 3760Kb mtu 2Kb action drop overhead 0b', tc_filters)
# default
self.assertIn('filter parent ffff: protocol all pref 255 basic chain 0', tc_filters)
self.assertIn('action order 1: police 0x2 rate 1Gbit burst 125000000b mtu 2Kb action drop overhead 0b', tc_filters)
diff --git a/smoketest/scripts/cli/test_system_conntrack.py b/smoketest/scripts/cli/test_system_conntrack.py
index f6bb3cf7c..27ca28298 100755
--- a/smoketest/scripts/cli/test_system_conntrack.py
+++ b/smoketest/scripts/cli/test_system_conntrack.py
@@ -20,7 +20,10 @@ import unittest
from base_vyostest_shim import VyOSUnitTestSHIM
from vyos.firewall import find_nftables_rule
-from vyos.utils.file import read_file, read_json
+from vyos.utils.file import read_file
+from vyos.utils.file import read_json
+from vyos.utils.system import sysctl_read
+from vyos.xml_ref import default_value
base_path = ['system', 'conntrack']
@@ -168,8 +171,8 @@ class TestSystemConntrack(VyOSUnitTestSHIM.TestCase):
self.assertTrue(find_nftables_rule('ip vyos_conntrack', 'VYOS_CT_HELPER', [rule]) == None)
def test_conntrack_hash_size(self):
- hash_size = '65536'
- hash_size_default = '32768'
+ hash_size = '8192'
+ hash_size_default = default_value(base_path + ['hash-size'])
self.cli_set(base_path + ['hash-size', hash_size])
@@ -178,7 +181,7 @@ class TestSystemConntrack(VyOSUnitTestSHIM.TestCase):
# verify new configuration - only effective after reboot, but
# a valid config file is sufficient
- tmp = read_file('/etc/modprobe.d/vyatta_nf_conntrack.conf')
+ tmp = sysctl_read('net.netfilter.nf_conntrack_buckets')
self.assertIn(hash_size, tmp)
# Test default value by deleting the configuration
@@ -189,7 +192,7 @@ class TestSystemConntrack(VyOSUnitTestSHIM.TestCase):
# verify new configuration - only effective after reboot, but
# a valid config file is sufficient
- tmp = read_file('/etc/modprobe.d/vyatta_nf_conntrack.conf')
+ tmp = sysctl_read('net.netfilter.nf_conntrack_buckets')
self.assertIn(hash_size_default, tmp)
def test_conntrack_ignore(self):
diff --git a/smoketest/scripts/system/test_kernel_options.py b/smoketest/scripts/system/test_kernel_options.py
index 84e9c145d..8188e7678 100755
--- a/smoketest/scripts/system/test_kernel_options.py
+++ b/smoketest/scripts/system/test_kernel_options.py
@@ -143,5 +143,23 @@ class TestKernelModules(unittest.TestCase):
tmp = re.findall(f'{option}=3', self._config_data)
self.assertTrue(tmp)
+ def test_inotify_stackfs(self):
+ for option in ['CONFIG_INOTIFY_USER', 'CONFIG_INOTIFY_STACKFS']:
+ tmp = re.findall(f'{option}=y', self._config_data)
+ self.assertTrue(tmp)
+
+ def test_wwan(self):
+ for option in ['CONFIG_USB_NET_DRIVERS', 'CONFIG_USB_USBNET',
+ 'CONFIG_USB_NET_CDCETHER', 'CONFIG_USB_NET_HUAWEI_CDC_NCM',
+ 'CONFIG_USB_NET_CDC_MBIM', 'CONFIG_USB_NET_QMI_WWAN',
+ 'CONFIG_USB_SIERRA_NET', 'CONFIG_WWAN',
+ 'CONFIG_USB_SERIAL', 'CONFIG_USB_SERIAL_WWAN']:
+ tmp = re.findall(f'{option}=y', self._config_data)
+ self.assertTrue(tmp)
+
+ for option in ['CONFIG_WWAN_HWSIM', 'CONFIG_IOSM', 'CONFIG_MTK_T7XX']:
+ tmp = re.findall(f'{option}=m', self._config_data)
+ self.assertTrue(tmp)
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 94882fc14..83e6dee11 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -315,7 +315,7 @@ def generate_run_arguments(name, container_config):
sysctl_opt = ''
if 'sysctl' in container_config and 'parameter' in container_config['sysctl']:
for k, v in container_config['sysctl']['parameter'].items():
- sysctl_opt += f" --sysctl {k}={v['value']}"
+ sysctl_opt += f" --sysctl \"{k}={v['value']}\""
# Add capability options. Should be in uppercase
capabilities = ''
diff --git a/src/conf_mode/interfaces_bridge.py b/src/conf_mode/interfaces_bridge.py
index c14e6a599..fce07ae0a 100755
--- a/src/conf_mode/interfaces_bridge.py
+++ b/src/conf_mode/interfaces_bridge.py
@@ -111,6 +111,11 @@ def get_config(config=None):
elif interface.startswith('wlan') and interface_exists(interface):
set_dependents('wlan', conf, interface)
+ if interface.startswith('vtun'):
+ _, tmp_config = get_interface_dict(conf, ['interfaces', 'openvpn'], interface)
+ tmp = tmp_config.get('device_type') == 'tap'
+ bridge['member']['interface'][interface].update({'valid_ovpn' : tmp})
+
# delete empty dictionary keys - no need to run code paths if nothing is there to do
if 'member' in bridge:
if 'interface' in bridge['member'] and len(bridge['member']['interface']) == 0:
@@ -178,6 +183,9 @@ def verify(bridge):
if option in interface_config:
raise ConfigError('Can not use VLAN options on non VLAN aware bridge')
+ if interface.startswith('vtun') and not interface_config['valid_ovpn']:
+ raise ConfigError(error_msg + 'OpenVPN device-type must be set to "tap"')
+
if 'enable_vlan' in bridge:
if dict_search('vif.1', bridge):
raise ConfigError(f'VLAN 1 sub interface cannot be set for VLAN aware bridge {ifname}, and VLAN 1 is always the parent interface')
diff --git a/src/conf_mode/interfaces_wwan.py b/src/conf_mode/interfaces_wwan.py
index ddbebfb4a..fb71731d8 100755
--- a/src/conf_mode/interfaces_wwan.py
+++ b/src/conf_mode/interfaces_wwan.py
@@ -29,6 +29,7 @@ from vyos.configverify import verify_vrf
from vyos.configverify import verify_mtu_ipv6
from vyos.ifconfig import WWANIf
from vyos.utils.dict import dict_search
+from vyos.utils.network import is_wwan_connected
from vyos.utils.process import cmd
from vyos.utils.process import call
from vyos.utils.process import DEVNULL
@@ -137,7 +138,7 @@ def apply(wwan):
break
sleep(0.250)
- if 'shutdown_required' in wwan:
+ if 'shutdown_required' in wwan or (not is_wwan_connected(wwan['ifname'])):
# we only need the modem number. wwan0 -> 0, wwan1 -> 1
modem = wwan['ifname'].lstrip('wwan')
base_cmd = f'mmcli --modem {modem}'
@@ -159,7 +160,7 @@ def apply(wwan):
return None
- if 'shutdown_required' in wwan:
+ if 'shutdown_required' in wwan or (not is_wwan_connected(wwan['ifname'])):
ip_type = 'ipv4'
slaac = dict_search('ipv6.address.autoconf', wwan) != None
if 'address' in wwan:
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index 6c88e5cfd..a938021ba 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -31,7 +31,6 @@ from vyos.utils.file import write_file
from vyos.utils.process import cmd
from vyos.utils.process import run
from vyos.utils.process import call
-from vyos.utils.network import is_addr_assigned
from vyos.utils.network import interface_exists
from vyos.firewall import fqdn_config_parse
from vyos import ConfigError
@@ -176,12 +175,6 @@ def verify(nat):
if 'exclude' not in config and 'backend' not in config['load_balance']:
raise ConfigError(f'{err_msg} translation requires address and/or port')
- addr = dict_search('translation.address', config)
- if addr != None and addr != 'masquerade' and not is_ip_network(addr):
- for ip in addr.split('-'):
- if not is_addr_assigned(ip):
- Warning(f'IP address {ip} does not exist on the system!')
-
# common rule verification
verify_rule(config, err_msg, nat['firewall_group'])
diff --git a/src/conf_mode/protocols_ospf.py b/src/conf_mode/protocols_ospf.py
index c06c0aafc..467c9611b 100755
--- a/src/conf_mode/protocols_ospf.py
+++ b/src/conf_mode/protocols_ospf.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2021-2024 VyOS maintainers and contributors
+# Copyright (C) 2021-2025 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -17,6 +17,7 @@
from sys import exit
from sys import argv
+from vyos.base import Warning
from vyos.config import Config
from vyos.configverify import verify_common_route_maps
from vyos.configverify import verify_route_map
@@ -62,6 +63,16 @@ def verify(config_dict):
if 'area' in ospf:
networks = []
for area, area_config in ospf['area'].items():
+ # Implemented as warning to not break existing configurations
+ if area == '0' and dict_search('area_type.nssa', area_config) != None:
+ Warning('You cannot configure NSSA to backbone!')
+ # Implemented as warning to not break existing configurations
+ if area == '0' and dict_search('area_type.stub', area_config) != None:
+ Warning('You cannot configure STUB to backbone!')
+ # Implemented as warning to not break existing configurations
+ if len(area_config['area_type']) > 1:
+ Warning(f'Only one area-type is supported for area "{area}"!')
+
if 'import_list' in area_config:
acl_import = area_config['import_list']
if acl_import: verify_access_list(acl_import, ospf)
diff --git a/src/conf_mode/protocols_rpki.py b/src/conf_mode/protocols_rpki.py
index ef0250e3d..054aa1c0e 100755
--- a/src/conf_mode/protocols_rpki.py
+++ b/src/conf_mode/protocols_rpki.py
@@ -18,6 +18,7 @@ import os
from glob import glob
from sys import exit
+from sys import argv
from vyos.config import Config
from vyos.configverify import has_frr_protocol_in_dict
@@ -39,13 +40,18 @@ def get_config(config=None):
conf = config
else:
conf = Config()
- return get_frrender_dict(conf)
+ return get_frrender_dict(conf, argv)
def verify(config_dict):
if not has_frr_protocol_in_dict(config_dict, 'rpki'):
return None
- rpki = config_dict['rpki']
+ vrf = None
+ if 'vrf_context' in config_dict:
+ vrf = config_dict['vrf_context']
+
+ # eqivalent of the C foo ? 'a' : 'b' statement
+ rpki = vrf and config_dict['vrf']['name'][vrf]['protocols']['rpki'] or config_dict['rpki']
if 'cache' in rpki:
preferences = []
@@ -79,7 +85,12 @@ def generate(config_dict):
if not has_frr_protocol_in_dict(config_dict, 'rpki'):
return None
- rpki = config_dict['rpki']
+ vrf = None
+ if 'vrf_context' in config_dict:
+ vrf = config_dict['vrf_context']
+
+ # eqivalent of the C foo ? 'a' : 'b' statement
+ rpki = vrf and config_dict['vrf']['name'][vrf]['protocols']['rpki'] or config_dict['rpki']
if 'cache' in rpki:
for cache, cache_config in rpki['cache'].items():
diff --git a/src/conf_mode/system_conntrack.py b/src/conf_mode/system_conntrack.py
index f25ed8d10..8909d9cba 100755
--- a/src/conf_mode/system_conntrack.py
+++ b/src/conf_mode/system_conntrack.py
@@ -32,7 +32,6 @@ from vyos import ConfigError
from vyos import airbag
airbag.enable()
-conntrack_config = r'/etc/modprobe.d/vyatta_nf_conntrack.conf'
sysctl_file = r'/run/sysctl/10-vyos-conntrack.conf'
nftables_ct_file = r'/run/nftables-ct.conf'
vyos_conntrack_logger_config = r'/run/vyos-conntrack-logger.conf'
@@ -204,7 +203,6 @@ def generate(conntrack):
elif path[0] == 'ipv6':
conntrack['ipv6_firewall_action'] = 'accept'
- render(conntrack_config, 'conntrack/vyos_nf_conntrack.conf.j2', conntrack)
render(sysctl_file, 'conntrack/sysctl.conf.j2', conntrack)
render(nftables_ct_file, 'conntrack/nftables-ct.j2', conntrack)
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index 0346c7819..1708b9d26 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -37,19 +37,22 @@ from passlib.hash import sha512_crypt
from time import sleep
from vyos import airbag
+
airbag.enable()
-cfg_dir = '/run/ocserv'
-ocserv_conf = cfg_dir + '/ocserv.conf'
-ocserv_passwd = cfg_dir + '/ocpasswd'
+cfg_dir = '/run/ocserv'
+ocserv_conf = cfg_dir + '/ocserv.conf'
+ocserv_passwd = cfg_dir + '/ocpasswd'
ocserv_otp_usr = cfg_dir + '/users.oath'
-radius_cfg = cfg_dir + '/radiusclient.conf'
+radius_cfg = cfg_dir + '/radiusclient.conf'
radius_servers = cfg_dir + '/radius_servers'
+
# Generate hash from user cleartext password
def get_hash(password):
return sha512_crypt.hash(password)
+
def get_config(config=None):
if config:
conf = config
@@ -59,78 +62,133 @@ def get_config(config=None):
if not conf.exists(base):
return None
- ocserv = conf.get_config_dict(base, key_mangling=('-', '_'),
- get_first_key=True,
- with_recursive_defaults=True,
- with_pki=True)
+ ocserv = conf.get_config_dict(
+ base,
+ key_mangling=('-', '_'),
+ get_first_key=True,
+ with_recursive_defaults=True,
+ with_pki=True,
+ )
return ocserv
+
def verify(ocserv):
if ocserv is None:
return None
# Check if listen-ports not binded other services
# It can be only listen by 'ocserv-main'
for proto, port in ocserv.get('listen_ports').items():
- if check_port_availability(ocserv['listen_address'], int(port), proto) is not True and \
- not is_listen_port_bind_service(int(port), 'ocserv-main'):
+ if check_port_availability(
+ ocserv['listen_address'], int(port), proto
+ ) is not True and not is_listen_port_bind_service(int(port), 'ocserv-main'):
raise ConfigError(f'"{proto}" port "{port}" is used by another service')
# Check accounting
- if "accounting" in ocserv:
- if "mode" in ocserv["accounting"] and "radius" in ocserv["accounting"]["mode"]:
- if not origin["accounting"]['radius']['server']:
- raise ConfigError('OpenConnect accounting mode radius requires at least one RADIUS server')
- if "authentication" not in ocserv or "mode" not in ocserv["authentication"]:
- raise ConfigError('Accounting depends on OpenConnect authentication configuration')
- elif "radius" not in ocserv["authentication"]["mode"]:
- raise ConfigError('RADIUS accounting must be used with RADIUS authentication')
+ if 'accounting' in ocserv:
+ if 'mode' in ocserv['accounting'] and 'radius' in ocserv['accounting']['mode']:
+ if not ocserv['accounting']['radius']['server']:
+ raise ConfigError(
+ 'OpenConnect accounting mode radius requires at least one RADIUS server'
+ )
+ if 'authentication' not in ocserv or 'mode' not in ocserv['authentication']:
+ raise ConfigError(
+ 'Accounting depends on OpenConnect authentication configuration'
+ )
+ elif 'radius' not in ocserv['authentication']['mode']:
+ raise ConfigError(
+ 'RADIUS accounting must be used with RADIUS authentication'
+ )
# Check authentication
- if "authentication" in ocserv:
- if "mode" in ocserv["authentication"]:
- if ("local" in ocserv["authentication"]["mode"] and
- "radius" in ocserv["authentication"]["mode"]):
- raise ConfigError('OpenConnect authentication modes are mutually-exclusive, remove either local or radius from your configuration')
- if "radius" in ocserv["authentication"]["mode"]:
+ if 'authentication' in ocserv:
+ if 'mode' in ocserv['authentication']:
+ if (
+ 'local' in ocserv['authentication']['mode']
+ and 'radius' in ocserv['authentication']['mode']
+ ):
+ raise ConfigError(
+ 'OpenConnect authentication modes are mutually-exclusive, remove either local or radius from your configuration'
+ )
+ if 'radius' in ocserv['authentication']['mode']:
if 'server' not in ocserv['authentication']['radius']:
- raise ConfigError('OpenConnect authentication mode radius requires at least one RADIUS server')
- if "local" in ocserv["authentication"]["mode"]:
- if not ocserv.get("authentication", {}).get("local_users"):
- raise ConfigError('OpenConnect mode local required at least one user')
- if not ocserv["authentication"]["local_users"]["username"]:
- raise ConfigError('OpenConnect mode local required at least one user')
+ raise ConfigError(
+ 'OpenConnect authentication mode radius requires at least one RADIUS server'
+ )
+ if 'local' in ocserv['authentication']['mode']:
+ if not ocserv.get('authentication', {}).get('local_users'):
+ raise ConfigError(
+ 'OpenConnect mode local required at least one user'
+ )
+ if not ocserv['authentication']['local_users']['username']:
+ raise ConfigError(
+ 'OpenConnect mode local required at least one user'
+ )
else:
# For OTP mode: verify that each local user has an OTP key
- if "otp" in ocserv["authentication"]["mode"]["local"]:
+ if 'otp' in ocserv['authentication']['mode']['local']:
users_wo_key = []
- for user, user_config in ocserv["authentication"]["local_users"]["username"].items():
+ for user, user_config in ocserv['authentication'][
+ 'local_users'
+ ]['username'].items():
# User has no OTP key defined
- if dict_search('otp.key', user_config) == None:
+ if dict_search('otp.key', user_config) is None:
users_wo_key.append(user)
if users_wo_key:
- raise ConfigError(f'OTP enabled, but no OTP key is configured for these users:\n{users_wo_key}')
+ raise ConfigError(
+ f'OTP enabled, but no OTP key is configured for these users:\n{users_wo_key}'
+ )
# For password (and default) mode: verify that each local user has password
- if "password" in ocserv["authentication"]["mode"]["local"] or "otp" not in ocserv["authentication"]["mode"]["local"]:
+ if (
+ 'password' in ocserv['authentication']['mode']['local']
+ or 'otp' not in ocserv['authentication']['mode']['local']
+ ):
users_wo_pswd = []
- for user in ocserv["authentication"]["local_users"]["username"]:
- if not "password" in ocserv["authentication"]["local_users"]["username"][user]:
+ for user in ocserv['authentication']['local_users']['username']:
+ if (
+ 'password'
+ not in ocserv['authentication']['local_users'][
+ 'username'
+ ][user]
+ ):
users_wo_pswd.append(user)
if users_wo_pswd:
- raise ConfigError(f'password required for users:\n{users_wo_pswd}')
+ raise ConfigError(
+ f'password required for users:\n{users_wo_pswd}'
+ )
# Validate that if identity-based-config is configured all child config nodes are set
- if 'identity_based_config' in ocserv["authentication"]:
- if 'disabled' not in ocserv["authentication"]["identity_based_config"]:
- Warning("Identity based configuration files is a 3rd party addition. Use at your own risk, this might break the ocserv daemon!")
- if 'mode' not in ocserv["authentication"]["identity_based_config"]:
- raise ConfigError('OpenConnect radius identity-based-config enabled but mode not selected')
- elif 'group' in ocserv["authentication"]["identity_based_config"]["mode"] and "radius" not in ocserv["authentication"]["mode"]:
- raise ConfigError('OpenConnect config-per-group must be used with radius authentication')
- if 'directory' not in ocserv["authentication"]["identity_based_config"]:
- raise ConfigError('OpenConnect identity-based-config enabled but directory not set')
- if 'default_config' not in ocserv["authentication"]["identity_based_config"]:
- raise ConfigError('OpenConnect identity-based-config enabled but default-config not set')
+ if 'identity_based_config' in ocserv['authentication']:
+ if 'disabled' not in ocserv['authentication']['identity_based_config']:
+ Warning(
+ 'Identity based configuration files is a 3rd party addition. Use at your own risk, this might break the ocserv daemon!'
+ )
+ if 'mode' not in ocserv['authentication']['identity_based_config']:
+ raise ConfigError(
+ 'OpenConnect radius identity-based-config enabled but mode not selected'
+ )
+ elif (
+ 'group'
+ in ocserv['authentication']['identity_based_config']['mode']
+ and 'radius' not in ocserv['authentication']['mode']
+ ):
+ raise ConfigError(
+ 'OpenConnect config-per-group must be used with radius authentication'
+ )
+ if (
+ 'directory'
+ not in ocserv['authentication']['identity_based_config']
+ ):
+ raise ConfigError(
+ 'OpenConnect identity-based-config enabled but directory not set'
+ )
+ if (
+ 'default_config'
+ not in ocserv['authentication']['identity_based_config']
+ ):
+ raise ConfigError(
+ 'OpenConnect identity-based-config enabled but default-config not set'
+ )
else:
raise ConfigError('OpenConnect authentication mode required')
else:
@@ -149,94 +207,162 @@ def verify(ocserv):
verify_pki_ca_certificate(ocserv, ca_cert)
# Check network settings
- if "network_settings" in ocserv:
- if "push_route" in ocserv["network_settings"]:
+ if 'network_settings' in ocserv:
+ if 'push_route' in ocserv['network_settings']:
# Replace default route
- if "0.0.0.0/0" in ocserv["network_settings"]["push_route"]:
- ocserv["network_settings"]["push_route"].remove("0.0.0.0/0")
- ocserv["network_settings"]["push_route"].append("default")
+ if '0.0.0.0/0' in ocserv['network_settings']['push_route']:
+ ocserv['network_settings']['push_route'].remove('0.0.0.0/0')
+ ocserv['network_settings']['push_route'].append('default')
else:
- ocserv["network_settings"]["push_route"] = ["default"]
+ ocserv['network_settings']['push_route'] = ['default']
else:
raise ConfigError('OpenConnect network settings required!')
+
def generate(ocserv):
if not ocserv:
return None
- if "radius" in ocserv["authentication"]["mode"]:
+ if 'radius' in ocserv['authentication']['mode']:
if dict_search(ocserv, 'accounting.mode.radius'):
# Render radius client configuration
render(radius_cfg, 'ocserv/radius_conf.j2', ocserv)
- merged_servers = ocserv["accounting"]["radius"]["server"] | ocserv["authentication"]["radius"]["server"]
+ merged_servers = (
+ ocserv['accounting']['radius']['server']
+ | ocserv['authentication']['radius']['server']
+ )
# Render radius servers
# Merge the accounting and authentication servers into a single dictionary
- render(radius_servers, 'ocserv/radius_servers.j2', {'server': merged_servers})
+ render(
+ radius_servers, 'ocserv/radius_servers.j2', {'server': merged_servers}
+ )
else:
# Render radius client configuration
render(radius_cfg, 'ocserv/radius_conf.j2', ocserv)
# Render radius servers
- render(radius_servers, 'ocserv/radius_servers.j2', ocserv["authentication"]["radius"])
- elif "local" in ocserv["authentication"]["mode"]:
+ render(
+ radius_servers,
+ 'ocserv/radius_servers.j2',
+ ocserv['authentication']['radius'],
+ )
+ elif 'local' in ocserv['authentication']['mode']:
# if mode "OTP", generate OTP users file parameters
- if "otp" in ocserv["authentication"]["mode"]["local"]:
- if "local_users" in ocserv["authentication"]:
- for user in ocserv["authentication"]["local_users"]["username"]:
+ if 'otp' in ocserv['authentication']['mode']['local']:
+ if 'local_users' in ocserv['authentication']:
+ for user in ocserv['authentication']['local_users']['username']:
# OTP token type from CLI parameters:
- otp_interval = str(ocserv["authentication"]["local_users"]["username"][user]["otp"].get("interval"))
- token_type = ocserv["authentication"]["local_users"]["username"][user]["otp"].get("token_type")
- otp_length = str(ocserv["authentication"]["local_users"]["username"][user]["otp"].get("otp_length"))
- if token_type == "hotp-time":
- otp_type = "HOTP/T" + otp_interval
- elif token_type == "hotp-event":
- otp_type = "HOTP/E"
+ otp_interval = str(
+ ocserv['authentication']['local_users']['username'][user][
+ 'otp'
+ ].get('interval')
+ )
+ token_type = ocserv['authentication']['local_users']['username'][
+ user
+ ]['otp'].get('token_type')
+ otp_length = str(
+ ocserv['authentication']['local_users']['username'][user][
+ 'otp'
+ ].get('otp_length')
+ )
+ if token_type == 'hotp-time':
+ otp_type = 'HOTP/T' + otp_interval
+ elif token_type == 'hotp-event':
+ otp_type = 'HOTP/E'
else:
- otp_type = "HOTP/T" + otp_interval
- ocserv["authentication"]["local_users"]["username"][user]["otp"]["token_tmpl"] = otp_type + "/" + otp_length
+ otp_type = 'HOTP/T' + otp_interval
+ ocserv['authentication']['local_users']['username'][user]['otp'][
+ 'token_tmpl'
+ ] = otp_type + '/' + otp_length
# if there is a password, generate hash
- if "password" in ocserv["authentication"]["mode"]["local"] or not "otp" in ocserv["authentication"]["mode"]["local"]:
- if "local_users" in ocserv["authentication"]:
- for user in ocserv["authentication"]["local_users"]["username"]:
- ocserv["authentication"]["local_users"]["username"][user]["hash"] = get_hash(ocserv["authentication"]["local_users"]["username"][user]["password"])
-
- if "password-otp" in ocserv["authentication"]["mode"]["local"]:
+ if (
+ 'password' in ocserv['authentication']['mode']['local']
+ or 'otp' not in ocserv['authentication']['mode']['local']
+ ):
+ if 'local_users' in ocserv['authentication']:
+ for user in ocserv['authentication']['local_users']['username']:
+ ocserv['authentication']['local_users']['username'][user][
+ 'hash'
+ ] = get_hash(
+ ocserv['authentication']['local_users']['username'][user][
+ 'password'
+ ]
+ )
+
+ if 'password-otp' in ocserv['authentication']['mode']['local']:
# Render local users ocpasswd
- render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"])
+ render(
+ ocserv_passwd,
+ 'ocserv/ocserv_passwd.j2',
+ ocserv['authentication']['local_users'],
+ )
# Render local users OTP keys
- render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.j2', ocserv["authentication"]["local_users"])
- elif "password" in ocserv["authentication"]["mode"]["local"]:
+ render(
+ ocserv_otp_usr,
+ 'ocserv/ocserv_otp_usr.j2',
+ ocserv['authentication']['local_users'],
+ )
+ elif 'password' in ocserv['authentication']['mode']['local']:
# Render local users ocpasswd
- render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"])
- elif "otp" in ocserv["authentication"]["mode"]["local"]:
+ render(
+ ocserv_passwd,
+ 'ocserv/ocserv_passwd.j2',
+ ocserv['authentication']['local_users'],
+ )
+ elif 'otp' in ocserv['authentication']['mode']['local']:
# Render local users OTP keys
- render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.j2', ocserv["authentication"]["local_users"])
+ render(
+ ocserv_otp_usr,
+ 'ocserv/ocserv_otp_usr.j2',
+ ocserv['authentication']['local_users'],
+ )
else:
# Render local users ocpasswd
- render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"])
+ render(
+ ocserv_passwd,
+ 'ocserv/ocserv_passwd.j2',
+ ocserv['authentication']['local_users'],
+ )
else:
- if "local_users" in ocserv["authentication"]:
- for user in ocserv["authentication"]["local_users"]["username"]:
- ocserv["authentication"]["local_users"]["username"][user]["hash"] = get_hash(ocserv["authentication"]["local_users"]["username"][user]["password"])
+ if 'local_users' in ocserv['authentication']:
+ for user in ocserv['authentication']['local_users']['username']:
+ ocserv['authentication']['local_users']['username'][user]['hash'] = (
+ get_hash(
+ ocserv['authentication']['local_users']['username'][user][
+ 'password'
+ ]
+ )
+ )
# Render local users
- render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"])
+ render(
+ ocserv_passwd,
+ 'ocserv/ocserv_passwd.j2',
+ ocserv['authentication']['local_users'],
+ )
- if "ssl" in ocserv:
+ if 'ssl' in ocserv:
cert_file_path = os.path.join(cfg_dir, 'cert.pem')
cert_key_path = os.path.join(cfg_dir, 'cert.key')
-
if 'certificate' in ocserv['ssl']:
cert_name = ocserv['ssl']['certificate']
pki_cert = ocserv['pki']['certificate'][cert_name]
loaded_pki_cert = load_certificate(pki_cert['certificate'])
- loaded_ca_certs = {load_certificate(c['certificate'])
- for c in ocserv['pki']['ca'].values()} if 'ca' in ocserv['pki'] else {}
+ loaded_ca_certs = (
+ {
+ load_certificate(c['certificate'])
+ for c in ocserv['pki']['ca'].values()
+ }
+ if 'ca' in ocserv['pki']
+ else {}
+ )
cert_full_chain = find_chain(loaded_pki_cert, loaded_ca_certs)
- write_file(cert_file_path,
- '\n'.join(encode_certificate(c) for c in cert_full_chain))
+ write_file(
+ cert_file_path,
+ '\n'.join(encode_certificate(c) for c in cert_full_chain),
+ )
if 'private' in pki_cert and 'key' in pki_cert['private']:
write_file(cert_key_path, wrap_private_key(pki_cert['private']['key']))
@@ -250,7 +376,8 @@ def generate(ocserv):
loaded_ca_cert = load_certificate(pki_ca_cert['certificate'])
ca_full_chain = find_chain(loaded_ca_cert, loaded_ca_certs)
ca_chains.append(
- '\n'.join(encode_certificate(c) for c in ca_full_chain))
+ '\n'.join(encode_certificate(c) for c in ca_full_chain)
+ )
write_file(ca_cert_file_path, '\n'.join(ca_chains))
@@ -269,11 +396,13 @@ def apply(ocserv):
counter = 0
while True:
# exit early when service runs
- if is_systemd_service_running("ocserv.service"):
+ if is_systemd_service_running('ocserv.service'):
break
sleep(0.250)
if counter > 5:
- raise ConfigError('OpenConnect failed to start, check the logs for details')
+ raise ConfigError(
+ 'OpenConnect failed to start, check the logs for details'
+ )
break
counter += 1
diff --git a/src/etc/default/vyatta b/src/etc/default/vyatta
index e5fa3bb30..0a5129e8b 100644
--- a/src/etc/default/vyatta
+++ b/src/etc/default/vyatta
@@ -173,6 +173,7 @@ unset _vyatta_extglob
declare -x -r vyos_bin_dir=/usr/bin
declare -x -r vyos_sbin_dir=/usr/sbin
declare -x -r vyos_share_dir=/usr/share
+ declare -x -r vyconf_bin_dir=/usr/libexec/vyos/vyconf/bin
if test -z "$vyos_conf_scripts_dir" ; then
declare -x -r vyos_conf_scripts_dir=$vyos_libexec_dir/conf_mode
diff --git a/src/helpers/reset_section.py b/src/helpers/reset_section.py
new file mode 100755
index 000000000..32857f650
--- /dev/null
+++ b/src/helpers/reset_section.py
@@ -0,0 +1,124 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2025 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+
+import argparse
+import sys
+import os
+import grp
+
+from vyos.configsession import ConfigSession
+from vyos.config import Config
+from vyos.configdiff import get_config_diff
+from vyos.xml_ref import is_leaf
+
+
+CFG_GROUP = 'vyattacfg'
+DEBUG = False
+
+
+def type_str_to_list(value):
+ if isinstance(value, str):
+ return value.split()
+ raise argparse.ArgumentTypeError('path must be a whitespace separated string')
+
+
+parser = argparse.ArgumentParser()
+parser.add_argument('path', type=type_str_to_list, help='section to reload/rollback')
+parser.add_argument('--pid', help='pid of config session')
+
+group = parser.add_mutually_exclusive_group()
+group.add_argument('--reload', action='store_true', help='retry proposed commit')
+group.add_argument(
+ '--rollback', action='store_true', default=True, help='rollback to stable commit'
+)
+
+args = parser.parse_args()
+
+path = args.path
+reload = args.reload
+rollback = args.rollback
+pid = args.pid
+
+try:
+ if is_leaf(path):
+ sys.exit('path is leaf node: neither allowed nor useful')
+except ValueError:
+ if DEBUG:
+ sys.exit('nonexistent path: neither allowed nor useful')
+ else:
+ sys.exit()
+
+test = Config()
+in_session = test.in_session()
+
+if in_session:
+ if reload:
+ sys.exit('reset_section reload not available inside of a config session')
+
+ diff = get_config_diff(test)
+ if not diff.is_node_changed(path):
+ # No discrepancies at path after commit, hence no error to revert.
+ sys.exit()
+
+ del diff
+else:
+ if not reload:
+ sys.exit('reset_section rollback not available outside of a config session')
+
+del test
+
+
+session_id = int(pid) if pid else os.getppid()
+
+if in_session:
+ # check hint left by vyshim when ConfigError is from apply stage
+ hint_name = f'/tmp/apply_{session_id}'
+ if not os.path.exists(hint_name):
+ # no apply error; exit
+ sys.exit()
+ else:
+ # cleanup hint and continue with reset
+ os.unlink(hint_name)
+
+cfg_group = grp.getgrnam(CFG_GROUP)
+os.setgid(cfg_group.gr_gid)
+os.umask(0o002)
+
+shared = not bool(reload)
+
+session = ConfigSession(session_id, shared=shared)
+
+session_env = session.get_session_env()
+config = Config(session_env)
+
+d = config.get_config_dict(path, effective=True, get_first_key=True)
+
+if in_session:
+ session.discard()
+
+session.delete(path)
+session.commit()
+
+if not d:
+ # nothing more to do in either case of reload/rollback
+ sys.exit()
+
+session.set_section(path, d)
+out = session.commit()
+print(out)
diff --git a/src/helpers/set_vyconf_backend.py b/src/helpers/set_vyconf_backend.py
index 6747e51c3..816452f3b 100755
--- a/src/helpers/set_vyconf_backend.py
+++ b/src/helpers/set_vyconf_backend.py
@@ -19,10 +19,14 @@
# N.B. only for use within testing framework; explicit invocation will leave
# system in inconsistent state.
+import os
+import sys
from argparse import ArgumentParser
from vyos.utils.backend import set_vyconf_backend
+if os.getuid() != 0:
+ sys.exit('Requires root privileges')
parser = ArgumentParser()
parser.add_argument('--disable', action='store_true',
diff --git a/src/helpers/vyconf_cli.py b/src/helpers/vyconf_cli.py
new file mode 100755
index 000000000..a159a2678
--- /dev/null
+++ b/src/helpers/vyconf_cli.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2025 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import os
+import sys
+
+from vyos.vyconf_session import VyconfSession
+
+
+pid = os.getppid()
+
+vs = VyconfSession(pid=pid)
+
+script_path = sys.argv[0]
+script_name = os.path.basename(script_path)
+# drop prefix 'vy_' if present
+if script_name.startswith('vy_'):
+ func_name = script_name[3:]
+else:
+ func_name = script_name
+
+if hasattr(vs, func_name):
+ func = getattr(vs, func_name)
+else:
+ sys.exit(f'Call unimplemented: {func_name}')
+
+out = func()
+if isinstance(out, bool):
+ # for use in shell scripts
+ sys.exit(int(not out))
+
+print(out)
diff --git a/src/helpers/vyos-sudo.py b/src/helpers/vyos-sudo.py
deleted file mode 100755
index 75dd7f29d..000000000
--- a/src/helpers/vyos-sudo.py
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/usr/bin/env python3
-
-# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io>
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library. If not, see <http://www.gnu.org/licenses/>.
-
-import os
-import sys
-
-from vyos.utils.permission import is_admin
-
-
-if __name__ == '__main__':
- if len(sys.argv) < 2:
- print('Missing command argument')
- sys.exit(1)
-
- if not is_admin():
- print('This account is not authorized to run this command')
- sys.exit(1)
-
- os.execvp('sudo', ['sudo'] + sys.argv[1:])
diff --git a/src/migration-scripts/conntrack/5-to-6 b/src/migration-scripts/conntrack/5-to-6
new file mode 100644
index 000000000..1db2e78b4
--- /dev/null
+++ b/src/migration-scripts/conntrack/5-to-6
@@ -0,0 +1,30 @@
+# Copyright 2025 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library. If not, see <http://www.gnu.org/licenses/>.
+
+# T7202: fix lower limit of supported conntrack hash-size to match Kernel
+# lower limit.
+
+from vyos.configtree import ConfigTree
+
+base = ['system', 'conntrack']
+def migrate(config: ConfigTree) -> None:
+ if not config.exists(base):
+ # Nothing to do
+ return
+
+ if config.exists(base + ['hash-size']):
+ tmp = config.return_value(base + ['hash-size'])
+ if int(tmp) < 1024:
+ config.set(base + ['hash-size'], value=1024)
diff --git a/src/op_mode/install_mok.sh b/src/op_mode/install_mok.sh
new file mode 100755
index 000000000..29f78cd1f
--- /dev/null
+++ b/src/op_mode/install_mok.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if test -f /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; then
+ mokutil --ignore-keyring --import /var/lib/shim-signed/mok/vyos-dev-2025-shim.der;
+else
+ echo "Secure Boot Machine Owner Key not found";
+fi
diff --git a/src/op_mode/show_bonding_detail.sh b/src/op_mode/show_bonding_detail.sh
new file mode 100755
index 000000000..62265daa2
--- /dev/null
+++ b/src/op_mode/show_bonding_detail.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -f "/proc/net/bonding/$1" ]; then
+ cat "/proc/net/bonding/$1";
+else
+ echo "Interface $1 does not exist!";
+fi
diff --git a/src/op_mode/show_ppp_stats.sh b/src/op_mode/show_ppp_stats.sh
new file mode 100755
index 000000000..d9c17f966
--- /dev/null
+++ b/src/op_mode/show_ppp_stats.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+if [ -d "/sys/class/net/$1" ]; then
+ /usr/sbin/pppstats "$1";
+fi
diff --git a/src/op_mode/update_suricata.sh b/src/op_mode/update_suricata.sh
new file mode 100755
index 000000000..6e4e605f4
--- /dev/null
+++ b/src/op_mode/update_suricata.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if test -f /run/suricata/suricata.yaml; then
+ suricata-update --suricata-conf /run/suricata/suricata.yaml;
+ systemctl restart suricata;
+else
+ echo "Service Suricata not configured";
+fi
diff --git a/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run b/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run
index f0479ae88..6bc77b61d 100644
--- a/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run
+++ b/src/opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run
@@ -222,10 +222,21 @@ _vyatta_op_run ()
local cmd_regex="^(LESSOPEN=|less|pager|tail|(sudo )?$file_cmd).*"
if [ -n "$run_cmd" ]; then
eval $restore_shopts
- if [[ -t 1 && "${args[1]}" == "show" && ! $run_cmd =~ $cmd_regex ]] ; then
- eval "($run_cmd) | ${VYATTA_PAGER:-cat}"
- else
+ if [[ "${args[1]}" == "configure" ]]; then
+ # The "configure" command modifies the shell environment
+ # and must run in the current shell.
+ eval "$run_cmd"
+ elif [[ "${args[1]} ${args[2]}" =~ ^set[[:space:]]+(builtin|terminal) ]]; then
+ # Some commands like "set terminal width"
+ # only affect the user shell
+ # (so they don't need special privileges)
+ # and must be executed directly in the current shell
+ # to be able to do their job.
eval "$run_cmd"
+ elif [[ -t 1 && "${args[1]}" == "show" && ! $run_cmd =~ $cmd_regex ]] ; then
+ eval "(sudo $run_cmd) | ${VYATTA_PAGER:-cat}"
+ else
+ eval "sudo $run_cmd"
fi
else
echo -ne "\n Incomplete command: ${args[@]}\n\n" >&2
diff --git a/src/services/api/rest/models.py b/src/services/api/rest/models.py
index 47c7a65b3..c5cb4af48 100644
--- a/src/services/api/rest/models.py
+++ b/src/services/api/rest/models.py
@@ -26,6 +26,7 @@ from typing import Self
from pydantic import BaseModel
from pydantic import StrictStr
+from pydantic import StrictInt
from pydantic import field_validator
from pydantic import model_validator
from fastapi.responses import HTMLResponse
@@ -71,6 +72,8 @@ class BaseConfigureModel(BasePathModel):
class ConfigureModel(ApiModel, BaseConfigureModel):
+ confirm_time: StrictInt = 0
+
class Config:
json_schema_extra = {
'example': {
@@ -81,8 +84,12 @@ class ConfigureModel(ApiModel, BaseConfigureModel):
}
+class ConfirmModel(ApiModel):
+ op: StrictStr
+
class ConfigureListModel(ApiModel):
commands: List[BaseConfigureModel]
+ confirm_time: StrictInt = 0
class Config:
json_schema_extra = {
@@ -135,12 +142,13 @@ class ConfigFileModel(ApiModel):
op: StrictStr
file: StrictStr = None
string: StrictStr = None
+ confirm_time: StrictInt = 0
class Config:
json_schema_extra = {
'example': {
'key': 'id_key',
- 'op': 'save | load | merge',
+ 'op': 'save | load | merge | confirm',
'file': 'filename',
'string': 'config_string'
}
diff --git a/src/services/api/rest/routers.py b/src/services/api/rest/routers.py
index 4866ec5d8..a2e6b4178 100644
--- a/src/services/api/rest/routers.py
+++ b/src/services/api/rest/routers.py
@@ -51,6 +51,7 @@ from .models import error
from .models import responses
from .models import ApiModel
from .models import ConfigureModel
+from .models import ConfirmModel
from .models import ConfigureListModel
from .models import ConfigSectionModel
from .models import ConfigSectionListModel
@@ -302,8 +303,24 @@ def call_commit(s: SessionState):
LOG.warning(f'ConfigSessionError: {e}')
+def call_commit_confirm(s: SessionState):
+ env = s.session.get_session_env()
+ env['IN_COMMIT_CONFIRM'] = 't'
+ try:
+ s.session.commit()
+ except ConfigSessionError as e:
+ s.session.discard()
+ if s.debug:
+ LOG.warning(f'ConfigSessionError:\n {traceback.format_exc()}')
+ else:
+ LOG.warning(f'ConfigSessionError: {e}')
+ finally:
+ del env['IN_COMMIT_CONFIRM']
+
+
def _configure_op(
data: Union[
+ ConfirmModel,
ConfigureModel,
ConfigureListModel,
ConfigSectionModel,
@@ -320,6 +337,11 @@ def _configure_op(
session = state.session
env = session.get_session_env()
+ # A non-zero confirm_time will start commit-confirm timer on commit
+ confirm_time = 0
+ if isinstance(data, (ConfigureModel, ConfigureListModel, ConfigFileModel)):
+ confirm_time = data.confirm_time
+
# Allow users to pass just one command
if not isinstance(data, (ConfigureListModel, ConfigSectionListModel)):
data = [data]
@@ -339,10 +361,16 @@ def _configure_op(
try:
for c in data:
op = c.op
- if not isinstance(c, BaseConfigSectionTreeModel):
+ if not isinstance(c, (ConfirmModel, BaseConfigSectionTreeModel)):
path = c.path
- if isinstance(c, BaseConfigureModel):
+ if isinstance(c, ConfirmModel):
+ if op == 'confirm':
+ msg = session.confirm()
+ else:
+ raise ConfigSessionError(f"'{op}' is not a valid operation")
+
+ elif isinstance(c, BaseConfigureModel):
if c.value:
value = c.value
else:
@@ -388,16 +416,26 @@ def _configure_op(
else:
raise ConfigSessionError(f"'{op}' is not a valid operation")
# end for
+
config = Config(session_env=env)
d = get_config_diff(config)
+ if confirm_time:
+ out = session.commit_confirm(minutes=confirm_time)
+ msg = msg + out if msg else out
+ env['IN_COMMIT_CONFIRM'] = 't'
+
if d.is_node_changed(['service', 'https']):
- background_tasks.add_task(call_commit, state)
- msg = self_ref_msg
+ if confirm_time:
+ background_tasks.add_task(call_commit_confirm, state)
+ else:
+ background_tasks.add_task(call_commit, state)
+ out = self_ref_msg
+ msg = msg + out if msg else out
else:
# capture non-fatal warnings
out = session.commit()
- msg = out if out else msg
+ msg = msg + out if msg else out
LOG.info(f"Configuration modified via HTTP API using key '{state.id}'")
except ConfigSessionError as e:
@@ -414,6 +452,8 @@ def _configure_op(
# Don't give the details away to the outer world
error_msg = 'An internal error occured. Check the logs for details.'
finally:
+ if 'IN_COMMIT_CONFIRM' in env:
+ del env['IN_COMMIT_CONFIRM']
lock.release()
if status != 200:
@@ -433,7 +473,7 @@ def create_path_import_pki_no_prompt(path):
@router.post('/configure')
def configure_op(
- data: Union[ConfigureModel, ConfigureListModel],
+ data: Union[ConfigureModel, ConfigureListModel, ConfirmModel],
request: Request,
background_tasks: BackgroundTasks,
):
@@ -501,6 +541,8 @@ def config_file_op(data: ConfigFileModel, background_tasks: BackgroundTasks):
op = data.op
msg = None
+ lock.acquire()
+
try:
if op == 'save':
if data.file:
@@ -527,11 +569,23 @@ def config_file_op(data: ConfigFileModel, background_tasks: BackgroundTasks):
config = Config(session_env=env)
d = get_config_diff(config)
+ if data.confirm_time:
+ out = session.commit_confirm(minutes=data.confirm_time)
+ msg = msg + out if msg else out
+ env['IN_COMMIT_CONFIRM'] = 't'
+
if d.is_node_changed(['service', 'https']):
- background_tasks.add_task(call_commit, state)
- msg = self_ref_msg
+ if data.confirm_time:
+ background_tasks.add_task(call_commit_confirm, state)
+ else:
+ background_tasks.add_task(call_commit, state)
+ out = self_ref_msg
+ msg = msg + out if msg else out
else:
- session.commit()
+ out = session.commit()
+ msg = msg + out if msg else out
+ elif op == 'confirm':
+ msg = session.confirm()
else:
return error(400, f"'{op}' is not a valid operation")
except ConfigSessionError as e:
@@ -539,6 +593,10 @@ def config_file_op(data: ConfigFileModel, background_tasks: BackgroundTasks):
except Exception:
LOG.critical(traceback.format_exc())
return error(500, 'An internal error occured. Check the logs for details.')
+ finally:
+ if 'IN_COMMIT_CONFIRM' in env:
+ del env['IN_COMMIT_CONFIRM']
+ lock.release()
return success(msg)
diff --git a/src/services/vyos-configd b/src/services/vyos-configd
index 28acccd2c..c45d492f9 100755
--- a/src/services/vyos-configd
+++ b/src/services/vyos-configd
@@ -68,6 +68,7 @@ class Response(Enum):
ERROR_COMMIT = 2
ERROR_DAEMON = 4
PASS = 8
+ ERROR_COMMIT_APPLY = 16
vyos_conf_scripts_dir = directories['conf_mode']
@@ -142,8 +143,6 @@ def run_script(script_name, config, args) -> tuple[Response, str]:
try:
c = script.get_config(config)
script.verify(c)
- script.generate(c)
- script.apply(c)
except ConfigError as e:
logger.error(e)
return Response.ERROR_COMMIT, str(e)
@@ -152,6 +151,17 @@ def run_script(script_name, config, args) -> tuple[Response, str]:
logger.error(tb)
return Response.ERROR_COMMIT, tb
+ try:
+ script.generate(c)
+ script.apply(c)
+ except ConfigError as e:
+ logger.error(e)
+ return Response.ERROR_COMMIT_APPLY, str(e)
+ except Exception:
+ tb = traceback.format_exc()
+ logger.error(tb)
+ return Response.ERROR_COMMIT_APPLY, tb
+
return Response.SUCCESS, ''
diff --git a/src/shim/vyshim.c b/src/shim/vyshim.c
index 1eb653cbf..35f995419 100644
--- a/src/shim/vyshim.c
+++ b/src/shim/vyshim.c
@@ -18,8 +18,10 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <fcntl.h>
#include <unistd.h>
#include <string.h>
+#include <sys/stat.h>
#include <sys/time.h>
#include <time.h>
#include <stdint.h>
@@ -55,15 +57,17 @@ enum {
SUCCESS = 1 << 0,
ERROR_COMMIT = 1 << 1,
ERROR_DAEMON = 1 << 2,
- PASS = 1 << 3
+ PASS = 1 << 3,
+ ERROR_COMMIT_APPLY = 1 << 4
};
volatile int init_alarm = 0;
volatile int timeout = 0;
-int initialization(void *);
+int initialization(void *, char *);
int pass_through(char **, int);
void timer_handler(int);
+void leave_hint(char *);
double get_posix_clock_time(void);
@@ -94,8 +98,17 @@ int main(int argc, char* argv[])
char *test = strstr(string_node_data, "VYOS_TAGNODE_VALUE");
ex_index = test ? 2 : 1;
+ char *env_tmp = getenv("VYATTA_CONFIG_TMP");
+ if (env_tmp == NULL) {
+ fprintf(stderr, "Error: Environment variable VYATTA_CONFIG_TMP is not set.\n");
+ exit(EXIT_FAILURE);
+ }
+ char *pid_str = strdup(env_tmp);
+ strsep(&pid_str, "_");
+ debug_print("config session pid: %s\n", pid_str);
+
if (access(COMMIT_MARKER, F_OK) != -1) {
- init_timeout = initialization(requester);
+ init_timeout = initialization(requester, pid_str);
if (!init_timeout) remove(COMMIT_MARKER);
}
@@ -151,13 +164,19 @@ int main(int argc, char* argv[])
ret = -1;
}
+ if (err & ERROR_COMMIT_APPLY) {
+ debug_print("Received ERROR_COMMIT_APPLY\n");
+ leave_hint(pid_str);
+ ret = -1;
+ }
+
zmq_close(requester);
zmq_ctx_destroy(context);
return ret;
}
-int initialization(void* Requester)
+int initialization(void* Requester, char* pid_val)
{
char *active_str = NULL;
size_t active_len = 0;
@@ -185,10 +204,6 @@ int initialization(void* Requester)
double prev_time_value, time_value;
double time_diff;
- char *pid_val = getenv("VYATTA_CONFIG_TMP");
- strsep(&pid_val, "_");
- debug_print("config session pid: %s\n", pid_val);
-
char *sudo_user = getenv("SUDO_USER");
if (!sudo_user) {
char nobody[] = "nobody";
@@ -338,6 +353,16 @@ void timer_handler(int signum)
return;
}
+void leave_hint(char *pid_val)
+{
+ char tmp_str[16];
+ mode_t omask = umask(0);
+ snprintf(tmp_str, sizeof(tmp_str), "/tmp/apply_%s", pid_val);
+ open(tmp_str, O_CREAT|O_RDWR|O_TRUNC, 0666);
+ chown(tmp_str, 1002, 102);
+ umask(omask);
+}
+
#ifdef _POSIX_MONOTONIC_CLOCK
double get_posix_clock_time(void)
{
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-14 15:42:58 +0000