yp-shell – adding a CLI

Configure the optional yp-shell Command Line Interface (CLI).

Note

yp-shell is not available with YumaPro SDK Basic.

Pre-Requisites for Using yp-shell

Complete the YumaPro SDK installation steps first. If YumaPro SDK is installed with a binary package, then the CLI is included.

If the SDK is installed from source code then the EVERYTHING=1 or WITH_CLI=1 build variables need to be used.

Add yp-shell to the /etc/shells File

The file /etc/shells must be edited with root access. The line /usr/bin/yp-shell needs to be added anywhere.

sudo <your_editor> /etc/shells

The following example file shows yp-shell added at the end:

cat /etc/shells

Example output:

# /etc/shells: valid login shells
/bin/sh
/bin/dash
/bin/bash
/bin/rbash
/usr/bin/yp-shell

Change the Shell for the Login User to yp-shell

The user(s) that will be used to login to the OpenSSH server need to be created. In this example the user 'cli' is being created (the -m option creates a home folder for the new user):

sudo useradd -m --shell /usr/bin/yp-shell cli

Next create a password for the new user:

sudo passwd cli

Example output:

Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully

If the user account already exists, then use the chsh command instead:

Ubuntu version:

sudo chsh --shell /usr/bin/yp-shell cli

Fedora version:

sudo usermod -s /usr/bin/yp-shell cli

Note

"chsh" dictates that the user can ONLY use the specified shell. Therefore DO NOT perform this command on a user that needs to access a bash terminal or any other type of shell other than yp-shell.

Client Connect to yp-shell

The system may need to be rebooted to activate the new shell.

Start the netconfd-pro server. The CLI must be enabled (it is by default).

A normal SSH login will invoke the yp-shell program when the user logs into the system. The "motd" program may generate a welcome screen, or there may just be a prompt present. By default, no information is generated.

ssh cli@192.168.1.9

Example prompt:

cli@u16-vm>

At this point, only yp-shell commands are allowed. The user does not have access to any system commands.

The "tab" key will show all the commands available from both yp-shell and the server.

Press Tab.

Example output:

action                exit                  lock*                 show
alias                 gc                    merge                 shutdown*
aliases               get*                  mgrload               terminal
backup*               get-bulk*             no-op*                unload*
cancel-commit*        get-config*           nvsave                unload-bundle*
clear                 get-ha-status*        quit                  unlock*
clear-eventlog*       get-module-tags*      recall                unset
commit*               get-schema*           refresh-backup-dir*   update-config
config                get-support-save*     remove                validate*
copy-config*          get-walk              remove-all            xget
create                get2                  replace               xget-config
delete                gr                    restart*              xget-data
delete-all            help                  restore*              ypsys:load*
delete-backup*        history               save                  ypsys:set-log-level*
delete-config*        insert                sget                  ysys:load*
discard-changes*      kill-session*         sget-config           ysys:set-log-level*
edit-config*          load-bundle*          sget-data

Many yangcli-pro commands such as "sget" are available in yp-shell:

sget /netconf-state/sessions

Example output:

Filling container /netconf-state/sessions:
RPC Data Reply 3 for session 3 [default]:

rpc-reply {
 data {
   netconf-state {
     sessions {
       session  3 {
         session-id 3
         transport yid:netconf-cli
         username cli
         source-host 127.0.0.1
         login-time 2018-11-20T07:27:30Z
         in-rpcs 2
         in-bad-rpcs 0
         out-rpc-errors 0
         out-notifications 0
       }
     }
   }
 }
}

The two CLIs are very similar, the main difference is yp-shell is connected directly to the server it runs on and so does not have commands to create sessions to multiple servers.

yp-shell and yangcli-pro

Both yp-shell and yangcli-pro provide a command line interface to netconfd-pro, but there are some important differences.

yp-shell is the optional embedded CLI for the netconfd-pro server.
yangcli-pro is a NETCONF client that can connect to, manage, and configure multiple NETCONF servers.

yp-shell and yangcli-pro share many of the same commands and features. In addition, RPC operations supported by the server may be exposed as commands.

To display the full description of a command in yp-shell or yangcli-pro:

help full <command_name>

Command Availability

Some commands are only available in yangcli-pro because it is designed to manage multiple devices and sessions:

connect
session
group
device-cfg
devices-cfg
sessions-cfg

Both CLIs also share many command names. Some commands may be present in both CLIs, but behavior may differ depending on whether the command is executed in an embedded server CLI (yp-shell) or a standalone NETCONF client (yangcli-pro).

Command Comparison Table

The table below summarizes the commands available to each program. An asterisk (*) appended to a command name indicates a server operation (for example, backup*). The exact command set may vary by release or build options; use the help system and tab completion in the CLI for the authoritative list.

yangcli-pro	yp-shell	description
action	action	Invoke a YANG action.
alias	alias	Show or set a specific yangcli-pro command alias.
aliases	aliases	Manage the yangcli-pro command aliases.
auto-test		Run automatic edit testing on the specified object.
backup*	backup*	Backup the current running configuration to a file on the device.
cache*		Clear 1 or all entries from the YANG module cache.
cancel-commit*	cancel-commit*	Cancel an ongoing confirmed commit.
cancel-subscription*		Cancel a notification subscription for the session, if the session has an active subscription.
cd		Change the current working directory.
clear	clear	Clear the screen in interactive mode.
clear-eventlog*	clear-eventlog*	Delete any events stored in the eventlog for the specified event stream.
close-session*		Request graceful termination of a NETCONF session.
commit*	commit*	Commit the candidate configuration to the running configuration.
config	config	Enter configuration mode for the current session.
connect		Connect to a NETCONF server.
copy-config*	copy-config*	Create or replace a configuration datastore with the contents of another datastore.
create	create	Create NETCONF configuration data with the edit-config operation.
create-subscription*		Create a notification subscription.
delete	delete	Delete NETCONF configuration data with the edit-config operation. Delete all instances of a leaf-list.
delete-all	delete-all	Delete NETCONF configuration data with the edit-config operation. Delete all instances of a leaf-list or list object.
delete-backup*	delete-backup*	Delete the specified backup file on the device.
delete-config*	delete-config*	Delete a configuration datastore. The running configuration datastore cannot be deleted.
device-cfg		Access a device configuration.
devices-cfg		Control access to the saved devices file.
discard-changes*	discard-changes*	Revert the candidate configuration to the current running configuration.
edit-config*	edit-config*	Load all or part of a specified configuration to the specified target configuration.
elif		Start an intermediate block in a conditional statement.
else		Start the last block in a conditional statement.
enable	enable	Enter enable mode.
end		End an if or while command block.
eval		Evaluate an XPath expression locally on the manager.
event-handler-cfg		Access an event handler mapping configuration.
event-handlers-cfg		Control access to the saved event-handlers file.
eventlog		Access the notification event log.
exit	exit	Exit the current configuration level for the current session.
fill		Fill a value for reuse in a NETCONF PDU or other operation.
get*	get*	Retrieve running configuration and device state information.
get-bulk*	get-bulk*	Retrieve multiple list entries at a time.
get-config*	get-config*	Retrieve all or part of a specified configuration.
get-ha-status*	get-ha-status*	Get the YP-HA status information for the server.
get-locks		Get a lock for running, candidate, and startup configurations (all-or-nothing).
get-module-tags*	get-module-tags*	Get the list of configured module-tags.
get-schema*	get-schema*	Retrieve a schema from the NETCONF server.
get-support-save*	get-support-save*	Retrieve the support-save info from the server.
get-walk	get-walk	Walk the entries of a YANG list using the netconfd-pro get-bulk operation.
group		Manage yangcli-pro session groups.
help	help	Print the help text.
history	history	Access the command line history buffer.
if		Evaluate an XPath expression locally on the manager and execute a conditional block.
insert	insert	Insert NETCONF configuration data with the edit-config operation.
kill-session*	kill-session*	Force the termination of a NETCONF session.
list		List NETCONF information.
load*	load*	Load a module into the server, if it is not already loaded.
load-bundle*	load-bundle*	Load a SIL bundle into the server, if it is not already loaded.
lock*	lock*	Lock the configuration system of a device.
log-debug		Write a message to the output log if log-level is debug or higher.
log-error		Write a message to the output log if log-level is error or higher.
log-info		Write a message to the output log if log-level is info or higher.
log-warn		Write a message to the output log if log-level is warn or higher.
merge	merge	Merge NETCONF configuration data with the edit-config operation.
mgrload	mgrload	Load a module or other file into the client.
nvsave	nvsave	Save the running datastore to the startup datastore.
partial-lock*		Lock parts of the running datastore.
partial-unlock*		Release a previously acquired partial-lock.
pwd		Print the current working directory.
quit	quit	Quit the application.
recall	recall	Recall the specified command line history entry.
record-test		Use the unit test-suite automatic test recording feature.
refresh-backup-dir*	refresh-backup-dir*	Refresh the /netconf-state/backup-files subtree.
refresh-library		Refresh the module version list used to determine best-match for imports.
release-locks		Unlock all the server databases previously locked with the get-locks command.
remove	remove	Remove NETCONF configuration data with the edit-config operation. Remove all instances of a leaf-list.
remove-all	remove-all	Remove NETCONF configuration data with the edit-config operation. Remove all instances of a leaf-list or list object.
replace	replace	Replace NETCONF configuration data with the edit-config operation.
restore*	restore*	Restore a saved configuration on the device to the running configuration.
run		Internal command to run a script.
run-shell		Internal command to run a shell script.
save	save	Meta command to save configuration edits.
schema-server-cfg		Access a schema-server configuration.
schema-servers-cfg		Control access to the saved schema-servers file.
session		Access an active session.
session-cfg		Access a session configuration.
sessions-cfg		Control access to the saved sessions file.
set-log-level*	set-log-level*	Set the server log verbosity level.
sget	sget	Get NETCONF running config or state data with get using an optional subtree filter.
sget-config	sget-config	Get NETCONF configuration data with get-config using an optional subtree filter.
sget-data	sget-data	Get NETCONF datastore data with get-data using an optional subtree filter.
show	show	Local show command for session information.
sleep	sleep	Pause for a number of seconds.
start-rpc-timing		Start collecting RPC timing statistics for the current session.
start-session		Start an active session from the specified configured session.
start-timer		Start a timer for simple performance measurements.
stop-rpc-timing		Stop collecting RPC timing statistics for the current session.
stop-session		Terminate an active session.
stop-timer		Stop a timer and output the delta value.
terminal	terminal	Configure terminal settings.
test-suite		Use the unit test-suite feature.
unload*	unload*	Unload a module from the server and remove associated state.
unload-bundle*	unload-bundle*	Unload a SIL bundle from the server, if it is loaded.
unlock*	unlock*	Release a configuration lock obtained with lock.
unset	unset	Delete a specific command alias.
update-config	update-config	Update the configuration cache for the current session.
user-cfg		Access a user configuration.
users-cfg		Control access to the saved users file.
uservars		Manage user variables.
validate*	validate*	Validate the contents of the specified configuration.
while		Evaluate an XPath expression locally on the manager and execute a while loop block.
xget	xget	Get NETCONF running config or state data with get using an optional XPath filter.
xget-config	xget-config	Get NETCONF configuration data with get-config using an optional XPath filter.
xget-data	xget-data	Get NETCONF datastore data with get-data using an optional XPath filter.