op-mode: T7527: move assorted embedded shel snippets to script files

dmbaturin · dmbaturin · commit 1d3242006cca · 2025-06-10T14:57:14.000+01:00
diff --git a/op-mode-definitions/install-mok.xml.in b/op-mode-definitions/install-mok.xml.in
@@ -6,7 +6,7 @@
         <properties>
           <help>Install Secure Boot MOK (Machine Owner Key)</help>
         </properties>
-        <command>if test -f /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; then mokutil --ignore-keyring --import /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; else echo "Secure Boot Machine Owner Key not found"; fi</command>
+        <command>${vyos_op_scripts_dir}/install_mok.sh</command>
       </leafNode>
     </children>
   </node>
diff --git a/op-mode-definitions/show-interfaces-bonding.xml.in b/op-mode-definitions/show-interfaces-bonding.xml.in
@@ -23,7 +23,7 @@
                 <properties>
                   <help>Show detailed interface information</help>
                 </properties>
-                <command>if [ -f "/proc/net/bonding/$4" ]; then cat "/proc/net/bonding/$4"; else echo "Interface $4 does not exist!"; fi</command>
+                <command>${vyos_op_scripts_dir}/show_bonding_detail.sh "$4"</command>
               </leafNode>
               <node name="lacp">
                 <properties>
diff --git a/op-mode-definitions/show-interfaces-pppoe.xml.in b/op-mode-definitions/show-interfaces-pppoe.xml.in
@@ -26,7 +26,7 @@
                     <path>interfaces pppoe</path>
                   </completionHelp>
                 </properties>
-                <command>if [ -d "/sys/class/net/$4" ]; then /usr/sbin/pppstats "$4"; fi</command>
+                <command>${vyos_op_scripts_dir}/show_ppp_stats.sh "$4"</command>
               </leafNode>
               #include <include/show-interface-type-event-log.xml.i>
             </children>
diff --git a/op-mode-definitions/show-interfaces-sstpc.xml.in b/op-mode-definitions/show-interfaces-sstpc.xml.in
@@ -26,7 +26,7 @@
                     <path>interfaces sstpc</path>
                   </completionHelp>
                 </properties>
-                <command>if [ -d "/sys/class/net/$4" ]; then /usr/sbin/pppstats "$4"; fi</command>
+                <command>${vyos_op_scripts_dir}/show_ppp_stats.sh "$4"</command>
               </leafNode>
               #include <include/show-interface-type-event-log.xml.i>
             </children>
diff --git a/op-mode-definitions/suricata.xml.in b/op-mode-definitions/suricata.xml.in
@@ -6,7 +6,7 @@
         <properties>
           <help>Update Suricata</help>
         </properties>
-        <command>if test -f /run/suricata/suricata.yaml; then suricata-update --suricata-conf /run/suricata/suricata.yaml; systemctl restart suricata; else echo "Service Suricata not configured"; fi </command>
+        <command>${vyos_op_scripts_dir}/update_suricata.sh</command>
       </node>
     </children>
   </node>
diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in
@@ -183,7 +183,7 @@
                 <properties>
                   <help>Show summary of IKE process information</help>
                 </properties>
-                <command>if systemctl is-active --quiet strongswan ; then systemctl status strongswan ; else echo "Process is not running" ; fi</command>
+                <command>systemctl status strongswan</command>
               </node>
             </children>
           </node>
@@ -213,25 +213,25 @@
                     <properties>
                       <help>Show detail active IKEv2 RA sessions</help>
                     </properties>
-                    <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_ra_detail; else echo "IPsec process not running" ; fi</command>
+                    <command>${vyos_op_scripts_dir}/ipsec.py show_ra_detail</command>
                   </node>
                   <tagNode name="connection-id">
                     <properties>
                       <help>Show detail active IKEv2 RA sessions by connection-id</help>
                     </properties>
-                    <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --conn-id="$6"; else echo "IPsec process not running" ; fi</command>
+                    <command>${vyos_op_scripts_dir}/ipsec.py show_ra_detail --conn-id="$6"</command>
                   </tagNode>
                   <node name="summary">
                     <properties>
                       <help>Show active IKEv2 RA sessions summary</help>
                     </properties>
-                    <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_ra_summary; else echo "IPsec process not running" ; fi</command>
+                    <command>${vyos_op_scripts_dir}/ipsec.py show_ra_summary; else echo "IPsec process not running"</command>
                   </node>
                   <tagNode name="username">
                     <properties>
                       <help>Show detail active IKEv2 RA sessions by username</help>
                     </properties>
-                    <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --username="$6"; else echo "IPsec process not running" ; fi</command>
+                    <command>${vyos_op_scripts_dir}/ipsec.py show_ra_detail --username="$6"</command>
                   </tagNode>
                 </children>
               </node>
@@ -268,12 +268,12 @@
                   -->
                   <node name="detail">
                     <properties>
-                      <help>Show Verbose Detail on all active IPsec Security Associations (SA)</help>
+                      <help>Show verbose details on all active IPsec security associations (SA)</help>
                     </properties>
-                    <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_sa_detail ; else echo "IPsec process not running" ; fi</command>
+                    <command>${vyos_op_scripts_dir}/ipsec.py show_sa_detail</command>
                   </node>
                 </children>
-                <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command>
+                <command>${vyos_op_scripts_dir}/ipsec.py show_sa</command>
               </node>
               <node name="state">
                 <properties>
@@ -285,7 +285,7 @@
                 <properties>
                   <help>Show status of IPsec process</help>
                 </properties>
-                <command>if systemctl is-active --quiet strongswan >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(/usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command>
+                <command>/usr/sbin/ipsec status</command>
               </node>
             </children>
           </node>
diff --git a/src/op_mode/install_mok.sh b/src/op_mode/install_mok.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if test -f /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; then
+    mokutil --ignore-keyring --import /var/lib/shim-signed/mok/vyos-dev-2025-shim.der;
+else
+    echo "Secure Boot Machine Owner Key not found";
+fi
diff --git a/src/op_mode/show_bonding_detail.sh b/src/op_mode/show_bonding_detail.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -f "/proc/net/bonding/$1" ]; then
+  cat "/proc/net/bonding/$1";
+else
+  echo "Interface $1 does not exist!";
+fi
diff --git a/src/op_mode/show_ppp_stats.sh b/src/op_mode/show_ppp_stats.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+if [ -d "/sys/class/net/$1" ]; then
+  /usr/sbin/pppstats "$1";
+fi
diff --git a/src/op_mode/update_suricata.sh b/src/op_mode/update_suricata.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if test -f /run/suricata/suricata.yaml; then
+  suricata-update --suricata-conf /run/suricata/suricata.yaml;
+  systemctl restart suricata;
+else
+  echo "Service Suricata not configured";
+fi
