Configuration management

Edge Gateway has set of configuration management daemons running in the background. Those daemons can be instructed to perform actions using various ways — command line interface, web interface, centralized configuration management service. As of now only command line interface is available to the user and described in this document.

Command line interface

Following commands are available:

device
docker
docker-config
nm
fw
ovpn
generic configuration (not put into any of the specific
commands or affecting multiple of the specific domains
at the same time)
container management
global docker configuration related actions (like
exporting config of all containers in EG)
network management in general
firewall configuration
vpn tunnels management

Each of the commands has multiple subcommands and parameters described in this document.

Runtime help

Each command provides -h option which can be used at both: command level and subcommand level for quick refresh of what commands do and what parameters they take. Note that a lot of this document is shared with the runtime help system.

Autocompletion

For ease of working with parameters commands support bash autocompletion. To trigger auto- completion in bash use ‘Tab’ key. Note that bash autocompletion sometimes falls back to the file names even if file name is not really expected by the command syntax.

Presets

Some of the commands deal with complicated sets of rules which work as intended only if they properly cooperate — good example of such area are firewall rules. Composing working firewall step by step, each applied immediately can easily lead to erratic and invalid behaviour of firewall. Additionally, potentially more than one person can have access rights allowing for management of EG and there needs to be a way to prevent one of them doing changes incompatible with other person’s changes accidentally. For such areas preset system is provided, where each preset is independent working config, but only one of the presets can be applied to the whole device at the same time. Moreover, preset can be modified only when marked as being edited, which prevents accidental applying of non-finished preset.

Editing presets

  • Subcommands “preset_edit” and “preset_create” leave preset in state of being edited.

  • Only preset being edited can be modified.

  • There are some factory prepared presets which cannot be put into edition state.

  • If there is more than one preset being edited at the same time then modification commands need to be given additional optional argument with name of preset intended for modifica- tion (usually ‘-n’).

Confirmation of connectivity

EG is intended to be managed remotely, but some of the configuration commands can easily break connectivity to the device. Such commands after being applied require additional verifica- tion if the person who executed them still can access the device. For CLI this verification is done by displaying message — if connectivity is not lost, user will see it and will be able to respond. If there is no confirmation, changes will be rolled back. Unfortunately, in some cases rollback may not be ideal — there are multiple subsystems, so user is encouraged to always verify that configuration is as expected after such automatic rollback.

Exporting and importing configuration

Configuration for whole EG or only for one of the domains can be exported to files used for external backup or for transferring config between devices — see get_config and set_config subcommands of various commands.