vyatta-cfg-cmd-wrapper

General questions
1

Hello Everyone:

I’m trying to make some configuration changes with a script, using the

/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper

And it works good, until I get to some configuration changes the standard VyOS way using the “Configure” command. I always get:

Set failed

or

Configuration path: … is not valid

Has anyone encountered this? I would greatly appreciate any info…

2

Hello llgomezg

Please tell me more detail.

Here is example.

It seems work well.

#!/bin/bash

/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper begin
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set system host-name foo
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper commit
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper end


Hiroyuki Sato

3

Hello Hiroysato:

Thanks for your interest in my problem. Here’s what I’m trying to do, I run a script that downloads the spam networks from spamhaus.org, and I incorporate them in a network group in my VyOS configuration. Here’s the sample code:

#!/bin/sh
strUrl="http://www.spamhaus.org/drop/drop.txt"
strVyOSCmd="/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper"
strTmpFile="/tmp/.spamhauslist.$$"
strVyOSNwName="ngSpamHaus-Ntws"
# ---------------------------------
fnExecVyOSConfig()
{
  if [ -n "$1" ]; then
    strCmd="$strVyOSCmd ${@:1}"
    $strCmd
  else
    return 1
  fi
}
# ---------------------------------
wget -q $strUrl -O - | grep ^[0-9] | sed 's/;.*//' >> $strTmpFile

fnExecVyOSConfig "begin"
fnExecVyOSConfig "delete firewall group network-group $strVyOSNwName"
intCount=0
while read -r strLine
do
  fnExecVyOSConfig "set firewall group network-group $strVyOSNwName network $strLine"
  let intCount++
done < $strTmpFile
fnExecVyOSConfig "commit"
fnExecVyOSConfig "save
fnExecVyOSConfig "end"
rm -rf $strTmpFile >/dev/null 2>&1

This script is scheduled to run with crontab every day at 3:00 am.
I was trying some options and found out that when the crontab is scheduled for the root user, using[quote]sudo crontab -e[/quote] I get the errors, but when I schedule the script to run with the vyos user, I don’t get errors, So I guess it most be user or group related, even though the ‘root’ is in the VyattaCfg group.

The other thing that I’m missing is when I try to use the following command:/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set firewall group network-group ngSpamHaus-Ntws description "This is a description"
The command fails stating only:

Again, thanks for your interest…

4

Hello llgomezg

Do you want execute ‘set …’ command from cron?, right?
If so, Please check my example bellow URL.
post #2

http://forum.vyos.net/showthread.php?tid=7464

Maybe you should execute this script as vyos user not root,

And also maybe you can use ‘set system task-schedler’

system
    task-scheduler
        task <name>
            crontab-spec <UNIX cron time spec>
            executable
                arguments <arguments string>
                path <path to executable>
            interval
                <int32>[mhd]
5

Hello Hiroysato:

Thank you very much for your suggestions, It’s nice to learn something new about VyOS, as I did not know about the

system
  task-scheduler
    task <name>

I believe it’s great to have that inside the VyOS Configuration. I will give it a try later, and let you know how it all went.

Many Thanks Again,

Luis

6

Finally Nailed-it:

If you enclose the vyatta-cfg-cmd-wrapper parameters inside double quotes, it doesn’t work as expected because it recognizes all the parameters as a single big string, and the vyatta-cfg-cmd-wrapper scripts parses each parameter at a time, that’s why it sometimes gives an error. The correct way for calling the vyatta-cfg-cmd-wrapper inside another script is:

$strVyOSCmd="/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper"
$strNGDesc="This is a Network Group Description"
$strNGName="ngNetworkGroupName"

$strVyOSCmd begin
$strVyOSCmd set firewall group network $strNGName network 128.128.128.0/24
$strVyOSCmd set firewall group network $strNGName description "$strNGDesc"
$strVyOSCmd commit
$strVyOSCmd end

Using the vyatta-cfg-cmd-wrapper command just as you would in the VyOS Configuration mode.
Also the script should not be run by any other user.

Thanks to all…

7

llgomezg – I’m actually running into a similar problem while trying to run a script that leverages the ‘vyatta-cfg-cmd-wrapper’. I was interested in this thread but was hoping you can clarify something for me.

You say “Also the script should not be run by any other user.” – What does that mean exactly? Was it able to run as the root user or did you have to run it as the vyos user?

Thanks!

8

Hello Dups:

Exactly, the script should be run by the vyos user, not escalated to the root user for the script to work.

To clarify, when I run my script using:

sudo ./script-name

I get the error, but when I run the script without the sudo command, it works perfectly.

Hope this clarifies the point.

9

That’s perfect! Thank you for the clarification!

10