Use the HTTP API instead of ssh where possible
Arnavion opened this issue · 0 comments
Sicne OPN provides an HTTP API for things, consider using it instead of ssh where possible.
Pros: HTTP requests can be made in parallel.
Cons: HTTP stack, more server CPU usage (PHP, python, shell processes).
-
batched_sysctls_{1,2}
No equivalent API.
-
clog_filter_log
/api/diagnostics/filter/log?limit=...&digest=...
This also abstracts over whether clog or syslog-ng is in use, at the cost of being more expensive (PHP -> Python -> ls -> sort -> seek to end -> read backwards until digest)
-
df
No equivalent API.
-
dpinger
No equivalent API.
-
ifconfig
No equivalent API.
There's
/usr/local/opnsense/scripts/interfaces/list_interfaces.php
but it's not hooked up to any API. -
netstat_bin
/api/diagnostics/traffic/interface/
- names and bytes only./api/diagnostics/interface/getInterfaceStatistics
- names, bytes and addresses; but requiresnetwork.starts_with
filtering as before for the bytes. -
netstat_m
/api/diagnostics/interface/getMemoryStatistics
-
opnconfig
No equivalent API. Might not be necessary any more.
-
pfctl_s_info
No equivalent API.
-
pgrep
No equivalent API.
-
smartctl_a
/api/smart/service/info
POST{ "device": "ada0", "type": "a" }
Blocked on opnsense/plugins#2283
-
smartctl_i
/api/smart/service/info
POST{ "device": "ada0", "type": "i" }
Blocked on opnsense/plugins#2283
-
sysctl_aN
No equivalent API.
-
sysctl_kern_disks
/api/smart/service/list
POST<empty body>
-
uname_sr
No equivalent API.
-
version
/api/core/firmware/status
Note: Dashboard user requires "Effective Privileges: All pages", because at least /api/diagnostics/interface/getInterfaceStatistics
is not made available by any of the built-in roles.
Ref: https://github.com/opnsense/core/blob/master/src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml