Vbash script argument ends up being '1' when passed


Im trying to run a script which basically resets a site-to-site vpn connection, from a Nagios event handler, and also locally on the vyos in the form of a task scheduler.
Version is 1.4-rolling-202106131819.

Every time I pass an argument to the script, regardless of whatever it is, the script sees it as ‘1’. (I am echoing the argument)
Any ideas why this is happening?

What I’ve tried (remotely):

Last login: Sun Jul 11 01:29:18 UTC 2021 on pts/5
-bash-4.2$ ssh -i /var/spool/nagios/.ssh/sina_id_rsa vyos@ 'sg vyattacfg /config/scripts/restart-ipsec-services a'
Welcome to VyOS

argument is 1
ssh -i /var/spool/nagios/.ssh/sina_id_rsa vyos@ 'exec sg vyattacfg "/config/scripts/restart-ipsec-services a"'
Welcome to VyOS

argument is 1
ssh -i /var/spool/nagios/.ssh/sina_id_rsa vyos@ "vbash -ic 'sg vyattacfg -c "/config/scripts/restart-ipsec-services mtn"'"
Welcome to VyOS

vbash: cannot set terminal process group (-1): Inappropriate ioctl for device
vbash: no job control in this shell
argument is 1


root@edge01:/home/vyos# sg vyattacfg -c "/config/scripts/restart-ipsec-services a"
argument is 1

Script is basically:

source /opt/vyatta/etc/functions/script-template


if [ "$(id -g -n)" != 'vyattacfg' ] ; then
    exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
    echo "argument is $@"
    local result=$(vpn-reset "$TUNNEL")
    echo "$result"
    send_mail "$result" | nc 25 > /dev/null 2>&1

main "$@"

Just a simple example how you can use remote operational-mode commands:

#!/usr/bin/env bash
ssh vyos@ "/opt/vyatta/bin/vyatta-op-cmd-wrapper show version"


$ ./show_ver.sh 

Welcome to VyOS
Version:          VyOS 1.2.8
Release Train:    crux
Copyright:        VyOS maintainers and contributors

It looks like /opt/vyatta/etc/functions/script-template is overwriting $@. Workaround:

  1. Add ARGS="$@" above the source line.
  2. Change main "$@" to main "$ARGS".

Thanks a lot, @Stepler, @Viacheslav !
Im curious, is it possible to reset just individual VPN SAs, and not the entire peer, without needing to look behind the curtain?

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.