From 8c4221083d8898bf478e2aeec04dd135e4993cb1 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 4 Jul 2020 21:34:37 +0200 Subject: ssh: vrf: T2682: support restart on failure indefinitely Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5). --- data/templates/ssh/override.conf.tmpl | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'data/templates') diff --git a/data/templates/ssh/override.conf.tmpl b/data/templates/ssh/override.conf.tmpl index d2d500f21..4276366ae 100644 --- a/data/templates/ssh/override.conf.tmpl +++ b/data/templates/ssh/override.conf.tmpl @@ -1,5 +1,10 @@ {% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} +[Unit] +StartLimitIntervalSec=0 +After=vyos-router.service + [Service] ExecStart= ExecStart={{vrf_command}}/usr/sbin/sshd -D $SSHD_OPTS +RestartSec=10 -- cgit v1.2.3