From 8bc4c453b1d237bdb3477c3f490435c659a34336 Mon Sep 17 00:00:00 2001
From: Viacheslav <v.gletenko@vyos.io>
Date: Mon, 25 Oct 2021 21:11:49 +0000
Subject: op-mode: T3942: Add feature Generate IPSec debug-archive

---
 .../generate-ipsec-debug-archive.xml.in            | 17 ++++++++++
 op-mode-definitions/generate-ipsec-profile.xml.in  |  2 +-
 src/op_mode/generate_ipsec_debug_archive.sh        | 36 ++++++++++++++++++++++
 3 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 op-mode-definitions/generate-ipsec-debug-archive.xml.in
 create mode 100755 src/op_mode/generate_ipsec_debug_archive.sh

diff --git a/op-mode-definitions/generate-ipsec-debug-archive.xml.in b/op-mode-definitions/generate-ipsec-debug-archive.xml.in
new file mode 100644
index 000000000..f268d5ae5
--- /dev/null
+++ b/op-mode-definitions/generate-ipsec-debug-archive.xml.in
@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="generate">
+    <children>
+      <node name="ipsec">
+        <children>
+          <node name="debug-archive">
+            <properties>
+              <help>Generate IPSec debug-archive</help>
+            </properties>
+            <command>${vyos_op_scripts_dir}/generate_ipsec_debug_archive.sh</command>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/op-mode-definitions/generate-ipsec-profile.xml.in b/op-mode-definitions/generate-ipsec-profile.xml.in
index 8d1051b94..b7203d7d1 100644
--- a/op-mode-definitions/generate-ipsec-profile.xml.in
+++ b/op-mode-definitions/generate-ipsec-profile.xml.in
@@ -4,7 +4,7 @@
     <children>
       <node name="ipsec">
         <properties>
-          <help>Generate IPsec related configurations</help>
+          <help>Generate IPsec related configurations and archives</help>
         </properties>
         <children>
           <node name="profile">
diff --git a/src/op_mode/generate_ipsec_debug_archive.sh b/src/op_mode/generate_ipsec_debug_archive.sh
new file mode 100755
index 000000000..53d0a6eaa
--- /dev/null
+++ b/src/op_mode/generate_ipsec_debug_archive.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+# Collecting IPSec Debug Information
+
+DATE=`date +%d-%m-%Y`
+
+a_CMD=(
+       "sudo ipsec status"
+       "sudo swanctl -L"
+       "sudo swanctl -l"
+       "sudo swanctl -P"
+       "sudo ip x sa show"
+       "sudo ip x policy show"
+       "sudo ip tunnel show"
+       "sudo ip address"
+       "sudo ip rule show"
+       "sudo ip route"
+       "sudo ip route show table 220"
+      )
+
+
+echo "DEBUG: ${DATE} on host \"$(hostname)\"" > /tmp/ipsec-status-${DATE}.txt
+date >> /tmp/ipsec-status-${DATE}.txt
+
+# Execute all DEBUG commands and save it to file
+for cmd in "${a_CMD[@]}"; do
+    echo -e "\n### ${cmd} ###" >> /tmp/ipsec-status-${DATE}.txt
+    ${cmd} >> /tmp/ipsec-status-${DATE}.txt 2>/dev/null
+done
+
+# Collect charon logs, build .tgz archive
+sudo journalctl /usr/lib/ipsec/charon > /tmp/journalctl-charon-${DATE}.txt && \
+sudo tar -zcvf /tmp/ipsec-debug-${DATE}.tgz /tmp/journalctl-charon-${DATE}.txt /tmp/ipsec-status-${DATE}.txt >& /dev/null
+sudo rm -f /tmp/journalctl-charon-${DATE}.txt /tmp/ipsec-status-${DATE}.txt
+
+echo "Debug file is generated and located in /tmp/ipsec-debug-${DATE}.tgz"
-- 
cgit v1.2.3