yp-shell – adding a CLI
Configure the optional yp-shell Command Line Interface (CLI).
Note
yp-shell is not available with YumaPro SDK Basic.
Pre-Requisites for Using yp-shell
You should have completed “3 Installing YumaPro SDK”. If you have installed YumaPro SDK with a binary package then the CLI is included.
If the SDK is installed from source code then the EVERYTHING=1 or WITH_CLI=1 build variables need to be used.
Add yp-shell to the /etc/shells File
The file /etc/shells must be edited with root access. The line
/usr/bin/yp-shell needs to be added anywhere.
mydir> sudo <your_editor> /etc/shells
The following example file shows yp-shell added at the end:
mydir> cat /etc/shells
# /etc/shells: valid login shells
/bin/sh
/bin/dash
/bin/bash
/bin/rbash
/usr/bin/yp-shell
Change the Shell for the Login User to yp-shell
The user(s) that will be used to login to the OpenSSH server need to be created. In this example the user 'cli' is being created (the -m option creates a home folder for the new user):
mydir> sudo useradd -m --shell /usr/bin/yp-shell cli
Next create a password for the new user:
mydir> sudo passwd cli
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
If the user account already exists, then use the chsh command instead:
Ubuntu version:
mydir> sudo chsh --shell /usr/bin/yp-shell cli
Fedora version:
mydir> sudo usermod -s /usr/bin/yp-shell cli
Note
"chsh" dictates that the user can ONLY use the specified shell. Therefore DO NOT perform this command on a user that needs to access a bash terminal or any other type of shell other than yp-shell.
Client Connect to yp-shell
The system may need to be rebooted to activate the new shell.
Start the netconfd-pro server, the CLI must be enabled (it is by default).
A normal SSH login will invoke the yp-shell program when the user logs into the system. The "motd" program may generate a welcome screen, or there may just be a prompt present. By default, no information is generated.
extdir> ssh [email protected]
cli@u16-vm>
At this point only yp-shell command are allowed. The user does not have access to any system commands.
The "tab" key will show all the commands available from both yp-shell and the server.
cli@lu16-vm>
action exit lock* show
alias gc merge shutdown*
aliases get* mgrload terminal
backup* get-bulk* no-op* unload*
cancel-commit* get-config* nvsave unload-bundle*
clear get-ha-status* quit unlock*
clear-eventlog* get-module-tags* recall unset
commit* get-schema* refresh-backup-dir* update-config
config get-support-save* remove validate*
copy-config* get-walk remove-all xget
create get2 replace xget-config
delete gr restart* xget-data
delete-all help restore* ypsys:load*
delete-backup* history save ypsys:set-log-level*
delete-config* insert sget ysys:load*
discard-changes* kill-session* sget-config ysys:set-log-level*
edit-config* load-bundle* sget-data
cli@lu16-vm>
Many yangcli-pro commands such as "sget" are available in yp-shell:
cli@lu16-vm> sget /netconf-state/sessions
Filling container /netconf-state/sessions:
RPC Data Reply 3 for session 3 [default]:
rpc-reply {
data {
netconf-state {
sessions {
session 3 {
session-id 3
transport yid:netconf-cli
username cli
source-host 127.0.0.1
login-time 2018-11-20T07:27:30Z
in-rpcs 2
in-bad-rpcs 0
out-rpc-errors 0
out-notifications 0
}
}
}
}
}
The two CLIs are very similar, the main difference is yp-shell is connected directly to the server it runs on and so does not have commands to create sessions to multiple servers.
To see the differences between yp-shell and yangcli-pro CLIs see the article: What is the difference between yp-shell in netconfd-pro and yangcli-pro?