From 1d3242006cca9d78009667f06ad4d73b1bb2ef54 Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Mon, 9 Jun 2025 19:34:00 +0100
Subject: op-mode: T7527: move assorted embedded shel snippets to script files

---
 op-mode-definitions/install-mok.xml.in             |  2 +-
 op-mode-definitions/show-interfaces-bonding.xml.in |  2 +-
 op-mode-definitions/show-interfaces-pppoe.xml.in   |  2 +-
 op-mode-definitions/show-interfaces-sstpc.xml.in   |  2 +-
 op-mode-definitions/suricata.xml.in                |  2 +-
 op-mode-definitions/vpn-ipsec.xml.in               | 18 +++++++++---------
 src/op_mode/install_mok.sh                         |  7 +++++++
 src/op_mode/show_bonding_detail.sh                 |  7 +++++++
 src/op_mode/show_ppp_stats.sh                      |  5 +++++
 src/op_mode/update_suricata.sh                     |  8 ++++++++
 10 files changed, 41 insertions(+), 14 deletions(-)
 create mode 100755 src/op_mode/install_mok.sh
 create mode 100755 src/op_mode/show_bonding_detail.sh
 create mode 100755 src/op_mode/show_ppp_stats.sh
 create mode 100755 src/op_mode/update_suricata.sh

diff --git a/op-mode-definitions/install-mok.xml.in b/op-mode-definitions/install-mok.xml.in
index 906c34d8d..ab8e5d3db 100644
--- a/op-mode-definitions/install-mok.xml.in
+++ b/op-mode-definitions/install-mok.xml.in
@@ -6,7 +6,7 @@
         <properties>
           <help>Install Secure Boot MOK (Machine Owner Key)</help>
         </properties>
-        <command>if test -f /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; then mokutil --ignore-keyring --import /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; else echo "Secure Boot Machine Owner Key not found"; fi</command>
+        <command>${vyos_op_scripts_dir}/install_mok.sh</command>
       </leafNode>
     </children>
   </node>
diff --git a/op-mode-definitions/show-interfaces-bonding.xml.in b/op-mode-definitions/show-interfaces-bonding.xml.in
index a9af13145..839a4cd91 100644
--- a/op-mode-definitions/show-interfaces-bonding.xml.in
+++ b/op-mode-definitions/show-interfaces-bonding.xml.in
@@ -23,7 +23,7 @@
                 <properties>
                   <help>Show detailed interface information</help>
                 </properties>
-                <command>if [ -f "/proc/net/bonding/$4" ]; then cat "/proc/net/bonding/$4"; else echo "Interface $4 does not exist!"; fi</command>
+                <command>${vyos_op_scripts_dir}/show_bonding_detail.sh "$4"</command>
               </leafNode>
               <node name="lacp">
                 <properties>
diff --git a/op-mode-definitions/show-interfaces-pppoe.xml.in b/op-mode-definitions/show-interfaces-pppoe.xml.in
index c1f502cb3..0904418bf 100644
--- a/op-mode-definitions/show-interfaces-pppoe.xml.in
+++ b/op-mode-definitions/show-interfaces-pppoe.xml.in
@@ -26,7 +26,7 @@
                     <path>interfaces pppoe</path>
                   </completionHelp>
                 </properties>
-                <command>if [ -d "/sys/class/net/$4" ]; then /usr/sbin/pppstats "$4"; fi</command>
+                <command>${vyos_op_scripts_dir}/show_ppp_stats.sh "$4"</command>
               </leafNode>
               #include <include/show-interface-type-event-log.xml.i>
             </children>
diff --git a/op-mode-definitions/show-interfaces-sstpc.xml.in b/op-mode-definitions/show-interfaces-sstpc.xml.in
index 3bd7a8247..61451db93 100644
--- a/op-mode-definitions/show-interfaces-sstpc.xml.in
+++ b/op-mode-definitions/show-interfaces-sstpc.xml.in
@@ -26,7 +26,7 @@
                     <path>interfaces sstpc</path>
                   </completionHelp>
                 </properties>
-                <command>if [ -d "/sys/class/net/$4" ]; then /usr/sbin/pppstats "$4"; fi</command>
+                <command>${vyos_op_scripts_dir}/show_ppp_stats.sh "$4"</command>
               </leafNode>
               #include <include/show-interface-type-event-log.xml.i>
             </children>
diff --git a/op-mode-definitions/suricata.xml.in b/op-mode-definitions/suricata.xml.in
index 493aef08b..74e54fb9c 100644
--- a/op-mode-definitions/suricata.xml.in
+++ b/op-mode-definitions/suricata.xml.in
@@ -6,7 +6,7 @@
         <properties>
           <help>Update Suricata</help>
         </properties>
-        <command>if test -f /run/suricata/suricata.yaml; then suricata-update --suricata-conf /run/suricata/suricata.yaml; systemctl restart suricata; else echo "Service Suricata not configured"; fi </command>
+        <command>${vyos_op_scripts_dir}/update_suricata.sh</command>
       </node>
     </children>
   </node>
diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in
index 2c0827b20..af7f12ba8 100644
--- a/op-mode-definitions/vpn-ipsec.xml.in
+++ b/op-mode-definitions/vpn-ipsec.xml.in
@@ -183,7 +183,7 @@
                 <properties>
                   <help>Show summary of IKE process information</help>
                 </properties>
-                <command>if systemctl is-active --quiet strongswan ; then systemctl status strongswan ; else echo "Process is not running" ; fi</command>
+                <command>systemctl status strongswan</command>
               </node>
             </children>
           </node>
@@ -213,25 +213,25 @@
                     <properties>
                       <help>Show detail active IKEv2 RA sessions</help>
                     </properties>
-                    <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_ra_detail; else echo "IPsec process not running" ; fi</command>
+                    <command>${vyos_op_scripts_dir}/ipsec.py show_ra_detail</command>
                   </node>
                   <tagNode name="connection-id">
                     <properties>
                       <help>Show detail active IKEv2 RA sessions by connection-id</help>
                     </properties>
-                    <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --conn-id="$6"; else echo "IPsec process not running" ; fi</command>
+                    <command>${vyos_op_scripts_dir}/ipsec.py show_ra_detail --conn-id="$6"</command>
                   </tagNode>
                   <node name="summary">
                     <properties>
                       <help>Show active IKEv2 RA sessions summary</help>
                     </properties>
-                    <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_ra_summary; else echo "IPsec process not running" ; fi</command>
+                    <command>${vyos_op_scripts_dir}/ipsec.py show_ra_summary; else echo "IPsec process not running"</command>
                   </node>
                   <tagNode name="username">
                     <properties>
                       <help>Show detail active IKEv2 RA sessions by username</help>
                     </properties>
-                    <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --username="$6"; else echo "IPsec process not running" ; fi</command>
+                    <command>${vyos_op_scripts_dir}/ipsec.py show_ra_detail --username="$6"</command>
                   </tagNode>
                 </children>
               </node>
@@ -268,12 +268,12 @@
                   -->
                   <node name="detail">
                     <properties>
-                      <help>Show Verbose Detail on all active IPsec Security Associations (SA)</help>
+                      <help>Show verbose details on all active IPsec security associations (SA)</help>
                     </properties>
-                    <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_sa_detail ; else echo "IPsec process not running" ; fi</command>
+                    <command>${vyos_op_scripts_dir}/ipsec.py show_sa_detail</command>
                   </node>
                 </children>
-                <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command>
+                <command>${vyos_op_scripts_dir}/ipsec.py show_sa</command>
               </node>
               <node name="state">
                 <properties>
@@ -285,7 +285,7 @@
                 <properties>
                   <help>Show status of IPsec process</help>
                 </properties>
-                <command>if systemctl is-active --quiet strongswan >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(/usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command>
+                <command>/usr/sbin/ipsec status</command>
               </node>
             </children>
           </node>
diff --git a/src/op_mode/install_mok.sh b/src/op_mode/install_mok.sh
new file mode 100755
index 000000000..29f78cd1f
--- /dev/null
+++ b/src/op_mode/install_mok.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if test -f /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; then
+    mokutil --ignore-keyring --import /var/lib/shim-signed/mok/vyos-dev-2025-shim.der;
+else
+    echo "Secure Boot Machine Owner Key not found";
+fi
diff --git a/src/op_mode/show_bonding_detail.sh b/src/op_mode/show_bonding_detail.sh
new file mode 100755
index 000000000..62265daa2
--- /dev/null
+++ b/src/op_mode/show_bonding_detail.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -f "/proc/net/bonding/$1" ]; then
+  cat "/proc/net/bonding/$1";
+else
+  echo "Interface $1 does not exist!";
+fi
diff --git a/src/op_mode/show_ppp_stats.sh b/src/op_mode/show_ppp_stats.sh
new file mode 100755
index 000000000..d9c17f966
--- /dev/null
+++ b/src/op_mode/show_ppp_stats.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+if [ -d "/sys/class/net/$1" ]; then
+  /usr/sbin/pppstats "$1";
+fi
diff --git a/src/op_mode/update_suricata.sh b/src/op_mode/update_suricata.sh
new file mode 100755
index 000000000..6e4e605f4
--- /dev/null
+++ b/src/op_mode/update_suricata.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if test -f /run/suricata/suricata.yaml; then
+  suricata-update --suricata-conf /run/suricata/suricata.yaml;
+  systemctl restart suricata;
+else
+  echo "Service Suricata not configured";
+fi
-- 
cgit v1.2.3