4 files changed, 107 insertions, 39 deletions

diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py
index be80613c6..6328294c1 100755
--- a/src/conf_mode/http-api.py
+++ b/src/conf_mode/http-api.py
@@ -25,6 +25,7 @@ import vyos.defaults
 
 from vyos.config import Config
 from vyos.configdict import dict_merge
+from vyos.configdep import set_dependents, call_dependents
 from vyos.template import render
 from vyos.util import cmd
 from vyos.util import call
@@ -61,6 +62,11 @@ def get_config(config=None):
     else:
         conf = Config()
 
+    # reset on creation/deletion of 'api' node
+    https_base = ['service', 'https']
+    if conf.exists(https_base):
+        set_dependents("https", conf)
+
     base = ['service', 'https', 'api']
     if not conf.exists(base):
         return None
@@ -132,7 +138,7 @@ def apply(http_api):
     # Let uvicorn settle before restarting Nginx
     sleep(1)
 
-    cmd(f'{vyos_conf_scripts_dir}/https.py', raising=ConfigError)
+    call_dependents()
 
 if __name__ == '__main__':
     try:
diff --git a/src/conf_mode/interfaces-virtual-ethernet.py b/src/conf_mode/interfaces-virtual-ethernet.py
index 53422ad2d..8efe89c41 100755
--- a/src/conf_mode/interfaces-virtual-ethernet.py
+++ b/src/conf_mode/interfaces-virtual-ethernet.py
@@ -68,12 +68,21 @@ def verify(veth):
     if 'peer_name' not in veth:
         raise ConfigError(f'Remote peer name must be set for "{veth["ifname"]}"!')
 
+    peer_name = veth['peer_name']
+    ifname = veth['ifname']
+
     if veth['peer_name'] not in veth['other_interfaces']:
-        peer_name = veth['peer_name']
-        ifname = veth['ifname']
         raise ConfigError(f'Used peer-name "{peer_name}" on interface "{ifname}" ' \
                           'is not configured!')
 
+    if veth['other_interfaces'][peer_name]['peer_name'] != ifname:
+        raise ConfigError(
+            f'Configuration mismatch between "{ifname}" and "{peer_name}"!')
+
+    if peer_name == ifname:
+        raise ConfigError(
+            f'Peer-name "{peer_name}" cannot be the same as interface "{ifname}"!')
+
     return None
 
 
diff --git a/src/op_mode/generate_ipsec_debug_archive.py b/src/op_mode/generate_ipsec_debug_archive.py
new file mode 100755
index 000000000..1422559a8
--- /dev/null
+++ b/src/op_mode/generate_ipsec_debug_archive.py
@@ -0,0 +1,89 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from datetime import datetime
+from pathlib import Path
+from shutil import rmtree
+from socket import gethostname
+from sys import exit
+from tarfile import open as tar_open
+from vyos.util import rc_cmd
+
+# define a list of commands that needs to be executed
+CMD_LIST: list[str] = [
+    'ipsec status',
+    'swanctl -L',
+    'swanctl -l',
+    'swanctl -P',
+    'ip x sa show',
+    'ip x policy show',
+    'ip tunnel show',
+    'ip address',
+    'ip rule show',
+    'ip route | head -100',
+    'ip route show table 220'
+]
+JOURNALCTL_CMD: str = 'journalctl -b -n 10000 /usr/lib/ipsec/charon'
+
+# execute a command and save the output to a file
+def save_stdout(command: str, file: Path) -> None:
+    rc, stdout = rc_cmd(command)
+    body: str = f'''### {command} ###
+Command: {command}
+Exit code: {rc}
+Stdout:
+{stdout}
+
+'''
+    with file.open(mode='a') as f:
+        f.write(body)
+
+
+# get local host name
+hostname: str = gethostname()
+# get current time
+time_now: str = datetime.now().isoformat(timespec='seconds')
+
+# define a temporary directory for logs and collected data
+tmp_dir: Path = Path(f'/tmp/ipsec_debug_{time_now}')
+# set file paths
+ipsec_status_file: Path = Path(f'{tmp_dir}/ipsec_status.txt')
+journalctl_charon_file: Path = Path(f'{tmp_dir}/journalctl_charon.txt')
+archive_file: str = f'/tmp/ipsec_debug_{time_now}.tar.bz2'
+
+# create files
+tmp_dir.mkdir()
+ipsec_status_file.touch()
+journalctl_charon_file.touch()
+
+try:
+    # execute all commands
+    for command in CMD_LIST:
+        save_stdout(command, ipsec_status_file)
+    save_stdout(JOURNALCTL_CMD, journalctl_charon_file)
+
+    # create an archive
+    with tar_open(name=archive_file, mode='x:bz2') as tar_file:
+        tar_file.add(tmp_dir)
+
+    # inform user about success
+    print(f'Debug file is generated and located in {archive_file}')
+except Exception as err:
+    print(f'Error during generating a debug file: {err}')
+finally:
+    # cleanup
+    rmtree(tmp_dir)
+    exit()
diff --git a/src/op_mode/generate_ipsec_debug_archive.sh b/src/op_mode/generate_ipsec_debug_archive.sh
deleted file mode 100755
index 53d0a6eaa..000000000
--- a/src/op_mode/generate_ipsec_debug_archive.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-
-# Collecting IPSec Debug Information
-
-DATE=`date +%d-%m-%Y`
-
-a_CMD=(
-       "sudo ipsec status"
-       "sudo swanctl -L"
-       "sudo swanctl -l"
-       "sudo swanctl -P"
-       "sudo ip x sa show"
-       "sudo ip x policy show"
-       "sudo ip tunnel show"
-       "sudo ip address"
-       "sudo ip rule show"
-       "sudo ip route"
-       "sudo ip route show table 220"
-      )
-
-
-echo "DEBUG: ${DATE} on host \"$(hostname)\"" > /tmp/ipsec-status-${DATE}.txt
-date >> /tmp/ipsec-status-${DATE}.txt
-
-# Execute all DEBUG commands and save it to file
-for cmd in "${a_CMD[@]}"; do
-    echo -e "\n### ${cmd} ###" >> /tmp/ipsec-status-${DATE}.txt
-    ${cmd} >> /tmp/ipsec-status-${DATE}.txt 2>/dev/null
-done
-
-# Collect charon logs, build .tgz archive
-sudo journalctl /usr/lib/ipsec/charon > /tmp/journalctl-charon-${DATE}.txt && \
-sudo tar -zcvf /tmp/ipsec-debug-${DATE}.tgz /tmp/journalctl-charon-${DATE}.txt /tmp/ipsec-status-${DATE}.txt >& /dev/null
-sudo rm -f /tmp/journalctl-charon-${DATE}.txt /tmp/ipsec-status-${DATE}.txt
-
-echo "Debug file is generated and located in /tmp/ipsec-debug-${DATE}.tgz"