Configuration Management¶

The Edge Gateway provides the following options for device configuration:

A Command Line Interface (CLI) including exporting and importing of full device configuration JSON
Web Interface (disabled in factory default settings) for configuring device connectivity and supporting import of a full device configuration JSON
Central device management solution SMART EMS - please visit our homepage for further information.

Command line interface¶

Following general commands are available:

device              generic configuration (not put into any of the specific commands or affecting multiple of the specific domains at the same time)
docker              container management
docker-config       global docker configuration related actions (like exporting config of all containers in EG)
nm                  network management in general
fw                  firewall configuration
ovpn                vpn tunnels management

Each of the commands has multiple subcommands and parameters described in this document.

Runtime help¶

Each command provides -h option which can be used at both: command level and subcommand level for quick refresh of what commands do and what parameters they take. Note that CLI command descriptions in this document are based mostly on runtime help system (so whenever you execute a CLI command with option –help the output will be identical to part of this document).

Autocompletion¶

For ease of working with parameters commands support bash autocompletion. To trigger autocompletion in bash use ‘Tab’ key. Note that bash autocompletion sometimes falls back to the file names even if file name is not really expected by the command syntax.

Argument globbing¶

Because of daemon based approach in some cases it is not trivial to provide autocompletion of dynamically changable values (like names of firewall rules), but globbing may be often used instead — when documentation of command says that globbing is allowed, patterns may be used instead of exact values. An asterisk (*) matches any string (including no characters at all), a question mark (?) matches any single character. Note that this is identical with shell globbing and shell may match a file name if a pattern is used. To prevent it, whole argument needs to be quoted or just special characters need to be prepended with backslash (\).

Compare below sequence of commands:

admin@eg ~> ls
admin@eg ~> fw preset list di*    # no files matching so di* is forwarded to daemon
{
    "saved": [
        "disabled"
    ],
    "being_edited": []
}
admin@eg ~> touch di.txt
admin@eg ~> fw preset list di*    # di* matches di.txt so daemon sees di.txt
{
    "saved": [],
    "being_edited": []
}
admin@eg ~> fw preset list 'di*'  # prevent file matching manually, daemon sees di*
{
    "saved": [
        "disabled"
    ],
    "being_edited": []
}
admin@eg ~>

Presets¶

Some of the commands deal with complicated sets of rules which work as intended only if they properly cooperate — good example of such area are firewall rules. Composing working firewall step by step, each applied immediately can easily lead to erratic and invalid behaviour of firewall. Additionally, potentially more than one person can have access rights allowing for management of EG and there needs to be a way to prevent one of them doing changes incompatible with other person’s changes accidentally. For such areas preset system is provided, where each preset is independent working config, but only one of the presets can be applied to the whole device at the same time. Moreover, preset can be modified only when marked as being edited, which prevents accidental applying of non-finished preset.

Editing presets¶

Subcommands “preset_edit” and “preset_create” leave preset in state of being edited
Only preset being edited can be modified
There are some factory prepared presets which cannot be put into edition state
If there is more than one preset being edited at the same time then modification commands need to be given additional optional argument with name of preset intended for modification (usually ‘-n’).

Confirmation of connectivity¶

EG is intended to be managed remotely, but some of the configuration commands can easily break connectivity to the device. Such commands after being applied require additional verification if the person who executed them still can access the device. For CLI this verification is done by displaying message — if connectivity is not lost, user will see it and will be able to respond. If there is no confirmation, changes will be rolled back. Unfortunately, in some cases rollback may not be ideal — there are multiple subsystems, so user is encouraged to always verify that configuration is as expected after such automatic rollback.

Exporting and importing configuration¶

The whole device configuration (or specific parts) can be exported to a JSON-File.

This file can be imported into other devices or deployed via SMART EMS — see get_config and set_config subcommands of various commands.