Name

confd_cli — Frontend to the ConfD CLI engine

Synopsis

confd_cli [options] [File]

confd_cli [ --help ] [ --host Host ] [ --ip IpAddress | IpAddress/Port ] [ --address Address ] [ --port PortNumber ] [ --cwd Directory ] [ --proto tcp> | ssh | console ] [ --interactive ] [ --noninteractive ] [ -J | -C | -I ] [ --user Username ] [ --uid UidInt ] [ --groups Groups ] [ --gids GidList ] [ --gid Gid ] [ --opaque Opaque ] [ --noaaa ]

DESCRIPTION

The confd_cli program is a C frontend to the ConfD CLI engine. The confd_cli program connects to ConfD and basically passes data back and forth from the user to ConfD.

confd_cli can be invoked from the command line. If so, no authentication is done. The archetypical usage of confd_cli is to use it as a login shell in /etc/passwd, in which case authentication is done by the login program.

The source code for confd_cli resides in $CONFD_DIR/src/confd/cli and can be modified if required.

OPTIONS

-h, --help

Display help text.

-H, --host HostName

Gives the name of the current host. The confd_cli program will use the value of the system call gethostbyname() by default. The host name is used in the CLI prompt.

-i, --ip IpAddress | IpAddress/Port

Set the IP (or IP address and port) which ConfD reports that the user is coming from. The confd_cli program by default tries to determine this automatically by reading the SSH_CONNECTION environment variable.

-A, --address Address

CLI address to connect to. The default is 127.0.0.1. This can be controlled by either this flag, or the UNIX environment variable CONFD_IPC_ADDR. The -A flag takes precedence.

-P, --port PortNumber

CLI port to connect to. The default is the ConfD IPC port, which is 4565 This can be controlled by either this flag, or the UNIX environment variable CONFD_IPC_PORT. The -P flag takes precedence.

-c, --cwd Directory

The current working directory for the user once in the CLI. All file references from the CLI will be relative to the cwd. By default the value will be the actual cwd where confd_cli is invoked.

-p, --proto ssh | tcp | console

The protocol the user is using. If SSH_CONNECTION is set, this defaults to "ssh", otherwise "console".

-n, --interactive

This forces the CLI to run in interactive mode. In non interactive mode, the CLI never prompts the user for any input. This flag can sometimes be useful in certain CLI scripting scenarios.

-N, --noninteractive

This forces the CLI to run in non interactive mode. See Section 16.4.1, “Starting the CLI” for further info.

-J, -C, -I

This flag sets the mode of the CLI. -J is Juniper style CLI, -C is Cisco XR style CLI and -I is Cisco IOS style CLI.

-u, --user User

Indicates to ConfD which username the user has. This defaults to the username of the invoker.

-U, --uid Uid

Indicates to ConfD which uid the user has.

-g, --groups GroupList

Indicates to ConfD which groups the user are a member of. The parameter is a comma separated string. This defaults to the actual UNIX groups the user is a member of. The group names are used by the AAA system in ConfD to authorize data and command access.

-D, --gids GidList

Indicates to ConfD which secondary group ids the user shall have. The parameter is a comma separated string of integers. This defaults to the actual secondary UNIX group ids the user has. The gids are used by ConfD when ConfD executes commands on behalf of the user.

-G, --gid Gid

Indicates to ConfD which group id the user shall have. This defaults to the actual UNIX group id the user has. The gid is used by ConfD when ConfD executes commands on behalf of the user.

-O, --opaque Opaque

Pass an opaque string to ConfD. The string is not interpreted by ConfD, only made available to application code. See "built-in variables" in clispec(5) and maapi_get_user_session_opaque() in confd_lib_maapi(3). The string can be given either via this flag, or via the UNIX environment variable CONFD_CLI_OPAQUE. The -O flag takes precedence.

--noaaa

Completely disables all AAA checks for this CLI. This can be used as a disaster recovery mechanism if the AAA rules in ConfD have somehow become corrupted.

ENVIRONMENT VARIABLES

CONFD_IPC_ADDR

Which IP address to connect to.

CONFD_IPC_PORT

Which TCP port to connect to.

SSH_CONNECTION

Set by openssh and used by confd_cli to determine client IP address etc.

TERM

Passed on to terminal aware programs invoked by ConfD.

EXIT CODES

0

Normal exit

1

Failed to read user data for initial handshake.

2

Close timeout, client side closed, session inactive.

3

Idle timeout triggered.

4

Tcp level error detected on daemon side.

5

Internal error occurred in daemon.

5

User interrupted clistart using special escape char.

6

User interrupted clistart using special escape char.

7

Daemon abruptly closed socket.

SCRIPTING

It is very easy to use confd_cli from /bin/sh scripts. confd_cli reads stdin and can then also be run in non interactive mode. This is the default if stdin is not a tty (as reported by isatty())

Here is example of invoking confd_cli from a shell script.

#!/bin/sh

confd_cli << EOF
configure
set foo bar 13
set funky stuff 44
commit
exit no-confirm
exit
EOF

And here is en example capturing the output of confd_cli:

#!/bin/sh
{ confd_cli << EOF;
configure
set trap-manager t2 ip-address 10.0.0.1 port 162 snmp-version 2
commit
exit no-confirm
exit
EOF
} | grep 'Aborted:.*not unique.*'
if [ $? != 0 ]; then
  echo 'test2: commit did not fail'; exit 1;
fi

The above type of CLI scripting is a very efficient and easy way to test various aspects of the CLI.