summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-01-13 21:40:36 +0100
committerChristian Poessinger <christian@poessinger.com>2021-01-13 21:43:16 +0100
commit4f4362736de7a8d75ad31c158e7964e65cc4b1bd (patch)
tree529233b2fcc9168187c5a33b8d2bd6105bd055ba
parent65f66d73d56006779d4bd698b2ce039374614548 (diff)
downloadvyos-1x-4f4362736de7a8d75ad31c158e7964e65cc4b1bd.tar.gz
vyos-1x-4f4362736de7a8d75ad31c158e7964e65cc4b1bd.zip
ssh: T3212: do not make /run/sshd directory disappear on failure
(cherry picked from commit 57fca79636b783dc4be2df1bc1ff12a0ce79d988)
-rw-r--r--data/templates/ntp/override.conf.tmpl4
-rw-r--r--data/templates/snmp/override.conf.tmpl4
-rw-r--r--data/templates/ssh/override.conf.tmpl5
-rw-r--r--data/templates/ssh/sshd_config.tmpl1
-rw-r--r--interface-definitions/ntp.xml.in2
-rw-r--r--interface-definitions/snmp.xml.in2
-rw-r--r--interface-definitions/ssh.xml.in2
-rw-r--r--interface-definitions/vrf.xml.in2
-rwxr-xr-xsrc/conf_mode/ssh.py5
9 files changed, 14 insertions, 13 deletions
diff --git a/data/templates/ntp/override.conf.tmpl b/data/templates/ntp/override.conf.tmpl
index 466638e5a..e0b947686 100644
--- a/data/templates/ntp/override.conf.tmpl
+++ b/data/templates/ntp/override.conf.tmpl
@@ -1,4 +1,4 @@
-{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
[Unit]
StartLimitIntervalSec=0
After=vyos-router.service
@@ -6,6 +6,6 @@ After=vyos-router.service
[Service]
ExecStart=
ExecStart={{vrf_command}}/usr/lib/ntp/ntp-systemd-wrapper
-Restart=on-failure
+Restart=always
RestartSec=10
diff --git a/data/templates/snmp/override.conf.tmpl b/data/templates/snmp/override.conf.tmpl
index e6302a9e1..68f5fd931 100644
--- a/data/templates/snmp/override.conf.tmpl
+++ b/data/templates/snmp/override.conf.tmpl
@@ -1,4 +1,4 @@
-{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
[Unit]
StartLimitIntervalSec=0
After=vyos-router.service
@@ -8,6 +8,6 @@ Environment=
Environment="MIBSDIR=/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp"
ExecStart=
ExecStart={{vrf_command}}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -ipCidrRouteTable,inetCidrRouteTable -f -p /run/snmpd.pid
-Restart=on-failure
+Restart=always
RestartSec=10
diff --git a/data/templates/ssh/override.conf.tmpl b/data/templates/ssh/override.conf.tmpl
index 843aa927b..0abde6248 100644
--- a/data/templates/ssh/override.conf.tmpl
+++ b/data/templates/ssh/override.conf.tmpl
@@ -1,4 +1,4 @@
-{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
[Unit]
StartLimitIntervalSec=0
After=vyos-router.service
@@ -7,5 +7,6 @@ ConditionPathExists={{config_file}}
[Service]
ExecStart=
ExecStart={{vrf_command}}/usr/sbin/sshd -f {{config_file}} -D $SSHD_OPTS
+Restart=always
RestartSec=10
-
+RuntimeDirectoryPreserve=yes
diff --git a/data/templates/ssh/sshd_config.tmpl b/data/templates/ssh/sshd_config.tmpl
index 7d7257cae..2f2b78a66 100644
--- a/data/templates/ssh/sshd_config.tmpl
+++ b/data/templates/ssh/sshd_config.tmpl
@@ -28,6 +28,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
PermitRootLogin no
PidFile /run/sshd/sshd.pid
+AddressFamily any
#
# User configurable section
diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/ntp.xml.in
index b939d9dc6..d244b56bb 100644
--- a/interface-definitions/ntp.xml.in
+++ b/interface-definitions/ntp.xml.in
@@ -5,8 +5,8 @@
<children>
<node name="ntp" owner="${vyos_conf_scripts_dir}/ntp.py">
<properties>
- <priority>400</priority>
<help>Network Time Protocol (NTP) configuration</help>
+ <priority>900</priority>
</properties>
<children>
<tagNode name="server">
diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in
index 0a0a29f4d..3a993ec9c 100644
--- a/interface-definitions/snmp.xml.in
+++ b/interface-definitions/snmp.xml.in
@@ -6,7 +6,7 @@
<node name="snmp" owner="${vyos_conf_scripts_dir}/snmp.py">
<properties>
<help>Simple Network Management Protocol (SNMP)</help>
- <priority>980</priority>
+ <priority>900</priority>
</properties>
<children>
<tagNode name="community">
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in
index d94e29427..a2ce3c1c9 100644
--- a/interface-definitions/ssh.xml.in
+++ b/interface-definitions/ssh.xml.in
@@ -6,7 +6,7 @@
<node name="ssh" owner="${vyos_conf_scripts_dir}/ssh.py">
<properties>
<help>Secure Shell (SSH)</help>
- <priority>500</priority>
+ <priority>1000</priority>
</properties>
<children>
<node name="access-control">
diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in
index 159f4ea3e..06923971d 100644
--- a/interface-definitions/vrf.xml.in
+++ b/interface-definitions/vrf.xml.in
@@ -4,7 +4,7 @@
<properties>
<help>Virtual Routing and Forwarding</help>
<!-- must be before any interface creation -->
- <priority>60</priority>
+ <priority>10</priority>
</properties>
<children>
<leafNode name="bind-to-all">
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index 28e606663..8eeb0a7c1 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -77,10 +77,9 @@ def apply(ssh):
if not ssh:
# SSH access is removed in the commit
call('systemctl stop ssh.service')
+ return None
- if ssh:
- call('systemctl restart ssh.service')
-
+ call('systemctl restart ssh.service')
return None
if __name__ == '__main__':