yp-shell – adding a CLI

Configure the optional yp-shell Command Line Interface (CLI).

Note

yp-shell is not available with YumaPro SDK Basic.

Pre-Requisites for Using yp-shell

You should have completed “3 Installing YumaPro SDK”. If you have installed YumaPro SDK with a binary package then the CLI is included.

If the SDK is installed from source code then the EVERYTHING=1 or WITH_CLI=1 build variables need to be used.

Add yp-shell to the /etc/shells File

The file /etc/shells must be edited with root access. The line /usr/bin/yp-shell needs to be added anywhere.

mydir> sudo <your_editor> /etc/shells

The following example file shows yp-shell added at the end:

mydir> cat /etc/shells
# /etc/shells: valid login shells
/bin/sh
/bin/dash
/bin/bash
/bin/rbash
/usr/bin/yp-shell

Change the Shell for the Login User to yp-shell

The user(s) that will be used to login to the OpenSSH server need to be created. In this example the user 'cli' is being created (the -m option creates a home folder for the new user):

mydir> sudo useradd -m --shell /usr/bin/yp-shell cli

Next create a password for the new user:

mydir> sudo passwd cli

Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully

If the user account already exists, then use the chsh command instead:

Ubuntu version:

mydir> sudo chsh --shell /usr/bin/yp-shell cli

Fedora version:

mydir> sudo usermod -s /usr/bin/yp-shell cli

Note

"chsh" dictates that the user can ONLY use the specified shell. Therefore DO NOT perform this command on a user that needs to access a bash terminal or any other type of shell other than yp-shell.

Client Connect to yp-shell

The system may need to be rebooted to activate the new shell.

Start the netconfd-pro server, the CLI must be enabled (it is by default).

A normal SSH login will invoke the yp-shell program when the user logs into the system. The "motd" program may generate a welcome screen, or there may just be a prompt present. By default, no information is generated.

extdir> ssh  [email protected]


cli@u16-vm>

At this point only yp-shell command are allowed. The user does not have access to any system commands.

The "tab" key will show all the commands available from both yp-shell and the server.

cli@lu16-vm>
action                exit                  lock*                 show
alias                 gc                    merge                 shutdown*
aliases               get*                  mgrload               terminal
backup*               get-bulk*             no-op*                unload*
cancel-commit*        get-config*           nvsave                unload-bundle*
clear                 get-ha-status*        quit                  unlock*
clear-eventlog*       get-module-tags*      recall                unset
commit*               get-schema*           refresh-backup-dir*   update-config
config                get-support-save*     remove                validate*
copy-config*          get-walk              remove-all            xget
create                get2                  replace               xget-config
delete                gr                    restart*              xget-data
delete-all            help                  restore*              ypsys:load*
delete-backup*        history               save                  ypsys:set-log-level*
delete-config*        insert                sget                  ysys:load*
discard-changes*      kill-session*         sget-config           ysys:set-log-level*
edit-config*          load-bundle*          sget-data
cli@lu16-vm>

Many yangcli-pro commands such as "sget" are available in yp-shell:

cli@lu16-vm> sget /netconf-state/sessions

Filling container /netconf-state/sessions:
RPC Data Reply 3 for session 3 [default]:

rpc-reply {
  data {
    netconf-state {
      sessions {
        session  3 {
          session-id 3
          transport yid:netconf-cli
          username cli
          source-host 127.0.0.1
          login-time 2018-11-20T07:27:30Z
          in-rpcs 2
          in-bad-rpcs 0
          out-rpc-errors 0
          out-notifications 0
        }
      }
    }
  }
}

The two CLIs are very similar, the main difference is yp-shell is connected directly to the server it runs on and so does not have commands to create sessions to multiple servers.

To see the differences between yp-shell and yangcli-pro CLIs see the article: What is the difference between yp-shell in netconfd-pro and yangcli-pro?