OPNSense CLI interface on Roadmap?

[ittchmh]

Hi!

Then MS closed TMG Server development I started searching alternatives, more then 2 years ago
I choesed Vyatta, after some time I falining love into CLI, but after a few months Vyatta was sold to Brocard and Open Source project was closed. I switched to pfSense.

Configuration with CLI is very fast and very easy to edit template config.
After open source project Vyatta was closed, community forked project, now it is VyOS, it based on PERL

If OPNsens has API will it be easy to add CLI?
Or CLI is somewere in roadmap?

[AdSchellevis]

Hi,

For configuration changes we focus on a restful api, which can easily be used by various scripting languages and automation tools. We're haven't planned a separate  control to set parameters from the CLI at the moment.

A lot of commands however will (are) also available from the cli by using our configd system.

Regards,

Ad

[interfaSys]

A lot of commands however will (are) also available from the cli by using our configd system.

Are these listed somewhere?

[AdSchellevis]

the command templates are installed in /usr/local/opnsense/service/conf/actions.d/

A list can be obtained by:

Code Select Expand

configctl configd actions


Which is also a defined command...

[interfaSys]

Thanks!

For reference, the list looks like this

Code Select Expand

# configctl configd actions
...
proxy fetchacls [ Fetch external Proxy (squid) ACLs ]
service reload all [  ]
proxy restart [  ]
proxy status [  ]
captiveportal restart [  ]
...

and listed actions are invoked like this:

Code Select Expand

# configctl proxy status
squid is running as pid 99218.

[prodriguezd]

Hi.

Are there any documentation about configctl?

TKS

[noname]

How to upgrade from CLI?

I tried configctl firmware upgrade, which returns OK
and then configctl firmware status, which returns Cannot update. Why?

And is it possible to add a firewall rule from CLI?

Thanks a lot in advance!

[fabian]

How to upgrade from CLI?

using the right number in the menu (12 if I remember correctly)

And is it possible to add a firewall rule from CLI?

Not with the default tools - you would have to edit /config/config.xml or write a service file and reload the filter afterwards. There is no command for that.

[noname]

Thanks a lot for your quick response!

I'm using rundeck, a job scheduler and playbook automation. I want to upgrade multiple OPNsense instances at the same time with a job that will execute a few lines to upgrade each instance. I access instances using ssh and executing commands on them. Therefore I have no visual access and cannot use the menu you above quoted. I thought configctl firmware upgrade could be exactly what I am looking for. Could you explain why it return a 'cannot upgrade' error even though updates are available (I checked it using GUI).

Thanks in advance!

[noname]

And one last question:
Is there a way to check whether ports are down/up and/or whether services are running/stopped through CLI, API or other?

Cheers!

[jeje1307]

I thought configctl firmware upgrade could be exactly what I am looking for. Could you explain why it return a 'cannot upgrade' error even though updates are available

And one last question:
Is there a way to check whether ports are down/up and/or whether services are running/stopped through CLI, API or other?

I've got the exact same questions as noname.

Did anyone find the answer ?

[jeje1307]

And one last question:
Is there a way to check whether ports are down/up and/or whether services are running/stopped through CLI, API or other?

if you just want to know if it's working Plugged or unplugged,
I did it, simply using shell command with regex. It's maybe not the best way to do it, but for now it work. And that's the best I can do.

I just started Linux a few days ago and i'm not a computer scientist neither a native english speaker, you have probably noticed that.

For exemple :

Code Select Expand

ifconfig igb2 | sed -n 's/.*status: \([^ ]*\).*/\1/gp'
Will result as : "Active" or if not active "no"

For the services i tried something probably unprofessionnal, but i've seen that a file with extension .pid was created when a services is running.

So i just create an if condition to see if yes or no the file is there.

Code Select Expand

if [ -e "/var/run/configd.pid" ];then
echo "configd active";
else
echo "configd not active"
fi

it doesn't work for all services, i'm trying to find another solution.

if you guys have a better idea, it would be great. Because i'm pretty sure what i did is like DIY.

HOW CAN I DELETE THIS MESSAGE ?

[jeje1307]

And one last question:
Is there a way to check whether ports are down/up and/or whether services are running/stopped through CLI, API or other?

if you just want to know if it's working Plugged or unplugged,
I did it, simply using shell command with regex. It's maybe not the best way to do it, but for now it work. And that's the best I can do.

I just started Linux a few days ago and i'm not a computer scientist neither a native english speaker, you have probably noticed that.

For exemple :

Code Select Expand

ifconfig igb2 | sed -n 's/.*status: \([^ ]*\).*/\1/gp'
Will result as : "Active" or if not active "no"

For the services i've seen that a file with extension .pid was created when a services is running.

Code Select Expand


#!/bin/sh
isvalidpid()
{
    /bin/pgrep -nF $1
}

is_process_running()
{
    /bin/pgrep -anx
}

if [ $(isvalidpid /var/run/ntpd.pid) > 1 ] && [ $(is_process_running) > 1 ]
then
    echo "Active"
else
    echo "Not"
fi