Copying/renaming, node comments, and other little known features of the VyOS CLI
I promised not to write about either IPsec or NAT this time, so we'll discuss something else: the little known features of the VyOS CLI. Many people only ever use set/delete and commit, but there's more to it, and those features can save quite a bit of time.
The edit level (never write long node paths again)
You might have noticed that after every command, the CLI outputs a mysterious "[edit]" line. This is a side effect of the system that allows editing the config at any level.
By default, you are at the top level, so you have to specify the full path, such as "set firewall name Foo rule 10 action accept". However, to avoid writing or pasting long paths, you can set the edit level to any node with the "edit" command, such as "edit firewall name Foo". Once you are at some level, you can use relative node paths, such as "set rule 10 action accept" in this case.
To move between levels, you can use the "up" command to move one level up, or the "top" command to instantly move back to the top level.
Look at this session transcript:
dmbaturin@reki# edit firewall name Foo
[edit firewall name Foo]dmbaturin@reki# set rule 10 protocol tcp
[edit firewall name Foo]dmbaturin@reki# edit rule 10
[edit firewall name Foo rule 10]dmbaturin@reki# set destination port 22
[edit firewall name Foo rule 10]dmbaturin@reki# up
[edit firewall name Foo]dmbaturin@reki# set rule 10 description "Allow SSH"
[edit firewall name Foo]dmbaturin@reki# top
[edit]
Node copying and renaming
If you are making a number of similar policy rules that differ in small details, or rearranging a ruleset, copy and rename commands can save a lot of time. The only issue with them is somewhat fragile and unwieldy syntax.
First, to be able to use them, you need to switch to the level just above the nodes you want to copy or rename. For example, if you want to do something to rules of a firewall named Foo, you need to do "edit firewall name Foo" first. Second, you need to use the complete relative path to the node in both left and right hand sides of the command.
It's perhaps something that is easier to show than explain:
dmbaturin@reki# edit firewall name Foo
[edit firewall name Foo]dmbaturin@reki# copy rule 10 to rule 20
[edit firewall name Foo]dmbaturin@reki# rename rule 20 to rule 30
[edit firewall name Foo]
Node comments
Node comments allows one to add notes to any node even if it doesn't have a built-in description option. It's also very simple to use, just "comment $nodePath $commentText" and commit.
dmbaturin@reki# comment system config-management commit-revisions "Ought to be enough for everyone"
[edit]dmbaturin@reki# commit
[edit]dmbaturin@reki# show system config-management
/* Ought to be enough for everyone */
commit-revisions 1000
[edit]
If you want to remove the comment, just set it to an empty string ("") and commit, and it will disappear. In this example that would be 'comment system config-management commit-revisions ""'.
Comments