diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-01-13 21:40:36 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-01-13 21:40:36 +0100 |
| commit | 57fca79636b783dc4be2df1bc1ff12a0ce79d988 (patch) | |
| tree | 5486dfa517bf26333c937bb75b2bab08a1cd5842 | |
| parent | b0c8bb556352d5953e22cc3db90fac5fdf699004 (diff) | |
| download | vyos-1x-57fca79636b783dc4be2df1bc1ff12a0ce79d988.tar.gz vyos-1x-57fca79636b783dc4be2df1bc1ff12a0ce79d988.zip | |
ssh: T3212: do not make /run/sshd directory disappear on failure
| -rw-r--r-- | data/templates/ntp/override.conf.tmpl | 4 | ||||
| -rw-r--r-- | data/templates/snmp/override.conf.tmpl | 4 | ||||
| -rw-r--r-- | data/templates/ssh/override.conf.tmpl | 5 | ||||
| -rw-r--r-- | data/templates/ssh/sshd_config.tmpl | 1 | ||||
| -rw-r--r-- | interface-definitions/ntp.xml.in | 2 | ||||
| -rw-r--r-- | interface-definitions/snmp.xml.in | 2 | ||||
| -rw-r--r-- | interface-definitions/ssh.xml.in | 2 | ||||
| -rw-r--r-- | interface-definitions/vrf.xml.in | 2 | ||||
| -rwxr-xr-x | src/conf_mode/ssh.py | 5 |
9 files changed, 14 insertions, 13 deletions
diff --git a/data/templates/ntp/override.conf.tmpl b/data/templates/ntp/override.conf.tmpl index 466638e5a..e0b947686 100644 --- a/data/templates/ntp/override.conf.tmpl +++ b/data/templates/ntp/override.conf.tmpl @@ -1,4 +1,4 @@ -{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} +{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} [Unit] StartLimitIntervalSec=0 After=vyos-router.service @@ -6,6 +6,6 @@ After=vyos-router.service [Service] ExecStart= ExecStart={{vrf_command}}/usr/lib/ntp/ntp-systemd-wrapper -Restart=on-failure +Restart=always RestartSec=10 diff --git a/data/templates/snmp/override.conf.tmpl b/data/templates/snmp/override.conf.tmpl index e6302a9e1..68f5fd931 100644 --- a/data/templates/snmp/override.conf.tmpl +++ b/data/templates/snmp/override.conf.tmpl @@ -1,4 +1,4 @@ -{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} +{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} [Unit] StartLimitIntervalSec=0 After=vyos-router.service @@ -8,6 +8,6 @@ Environment= Environment="MIBSDIR=/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp" ExecStart= ExecStart={{vrf_command}}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -ipCidrRouteTable,inetCidrRouteTable -f -p /run/snmpd.pid -Restart=on-failure +Restart=always RestartSec=10 diff --git a/data/templates/ssh/override.conf.tmpl b/data/templates/ssh/override.conf.tmpl index 843aa927b..0abde6248 100644 --- a/data/templates/ssh/override.conf.tmpl +++ b/data/templates/ssh/override.conf.tmpl @@ -1,4 +1,4 @@ -{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} +{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} [Unit] StartLimitIntervalSec=0 After=vyos-router.service @@ -7,5 +7,6 @@ ConditionPathExists={{config_file}} [Service] ExecStart= ExecStart={{vrf_command}}/usr/sbin/sshd -f {{config_file}} -D $SSHD_OPTS +Restart=always RestartSec=10 - +RuntimeDirectoryPreserve=yes diff --git a/data/templates/ssh/sshd_config.tmpl b/data/templates/ssh/sshd_config.tmpl index 7d7257cae..2f2b78a66 100644 --- a/data/templates/ssh/sshd_config.tmpl +++ b/data/templates/ssh/sshd_config.tmpl @@ -28,6 +28,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes PermitRootLogin no PidFile /run/sshd/sshd.pid +AddressFamily any # # User configurable section diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/ntp.xml.in index b939d9dc6..d244b56bb 100644 --- a/interface-definitions/ntp.xml.in +++ b/interface-definitions/ntp.xml.in @@ -5,8 +5,8 @@ <children> <node name="ntp" owner="${vyos_conf_scripts_dir}/ntp.py"> <properties> - <priority>400</priority> <help>Network Time Protocol (NTP) configuration</help> + <priority>900</priority> </properties> <children> <tagNode name="server"> diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in index 0a0a29f4d..3a993ec9c 100644 --- a/interface-definitions/snmp.xml.in +++ b/interface-definitions/snmp.xml.in @@ -6,7 +6,7 @@ <node name="snmp" owner="${vyos_conf_scripts_dir}/snmp.py"> <properties> <help>Simple Network Management Protocol (SNMP)</help> - <priority>980</priority> + <priority>900</priority> </properties> <children> <tagNode name="community"> diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in index d94e29427..a2ce3c1c9 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/ssh.xml.in @@ -6,7 +6,7 @@ <node name="ssh" owner="${vyos_conf_scripts_dir}/ssh.py"> <properties> <help>Secure Shell (SSH)</help> - <priority>500</priority> + <priority>1000</priority> </properties> <children> <node name="access-control"> diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in index 159f4ea3e..06923971d 100644 --- a/interface-definitions/vrf.xml.in +++ b/interface-definitions/vrf.xml.in @@ -4,7 +4,7 @@ <properties> <help>Virtual Routing and Forwarding</help> <!-- must be before any interface creation --> - <priority>60</priority> + <priority>10</priority> </properties> <children> <leafNode name="bind-to-all"> diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index 28e606663..8eeb0a7c1 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -77,10 +77,9 @@ def apply(ssh): if not ssh: # SSH access is removed in the commit call('systemctl stop ssh.service') + return None - if ssh: - call('systemctl restart ssh.service') - + call('systemctl restart ssh.service') return None if __name__ == '__main__': |