From 4f4362736de7a8d75ad31c158e7964e65cc4b1bd Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Wed, 13 Jan 2021 21:40:36 +0100
Subject: ssh: T3212: do not make /run/sshd directory disappear on failure

(cherry picked from commit 57fca79636b783dc4be2df1bc1ff12a0ce79d988)
---
 data/templates/ntp/override.conf.tmpl  | 4 ++--
 data/templates/snmp/override.conf.tmpl | 4 ++--
 data/templates/ssh/override.conf.tmpl  | 5 +++--
 data/templates/ssh/sshd_config.tmpl    | 1 +
 interface-definitions/ntp.xml.in       | 2 +-
 interface-definitions/snmp.xml.in      | 2 +-
 interface-definitions/ssh.xml.in       | 2 +-
 interface-definitions/vrf.xml.in       | 2 +-
 src/conf_mode/ssh.py                   | 5 ++---
 9 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/data/templates/ntp/override.conf.tmpl b/data/templates/ntp/override.conf.tmpl
index 466638e5a..e0b947686 100644
--- a/data/templates/ntp/override.conf.tmpl
+++ b/data/templates/ntp/override.conf.tmpl
@@ -1,4 +1,4 @@
-{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
 [Unit]
 StartLimitIntervalSec=0
 After=vyos-router.service
@@ -6,6 +6,6 @@ After=vyos-router.service
 [Service]
 ExecStart=
 ExecStart={{vrf_command}}/usr/lib/ntp/ntp-systemd-wrapper
-Restart=on-failure
+Restart=always
 RestartSec=10
 
diff --git a/data/templates/snmp/override.conf.tmpl b/data/templates/snmp/override.conf.tmpl
index e6302a9e1..68f5fd931 100644
--- a/data/templates/snmp/override.conf.tmpl
+++ b/data/templates/snmp/override.conf.tmpl
@@ -1,4 +1,4 @@
-{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
 [Unit]
 StartLimitIntervalSec=0
 After=vyos-router.service
@@ -8,6 +8,6 @@ Environment=
 Environment="MIBSDIR=/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp"
 ExecStart=
 ExecStart={{vrf_command}}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -ipCidrRouteTable,inetCidrRouteTable -f -p /run/snmpd.pid
-Restart=on-failure
+Restart=always
 RestartSec=10
 
diff --git a/data/templates/ssh/override.conf.tmpl b/data/templates/ssh/override.conf.tmpl
index 843aa927b..0abde6248 100644
--- a/data/templates/ssh/override.conf.tmpl
+++ b/data/templates/ssh/override.conf.tmpl
@@ -1,4 +1,4 @@
-{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
 [Unit]
 StartLimitIntervalSec=0
 After=vyos-router.service
@@ -7,5 +7,6 @@ ConditionPathExists={{config_file}}
 [Service]
 ExecStart=
 ExecStart={{vrf_command}}/usr/sbin/sshd -f {{config_file}} -D $SSHD_OPTS
+Restart=always
 RestartSec=10
-
+RuntimeDirectoryPreserve=yes
diff --git a/data/templates/ssh/sshd_config.tmpl b/data/templates/ssh/sshd_config.tmpl
index 7d7257cae..2f2b78a66 100644
--- a/data/templates/ssh/sshd_config.tmpl
+++ b/data/templates/ssh/sshd_config.tmpl
@@ -28,6 +28,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
 UsePAM yes
 PermitRootLogin no
 PidFile /run/sshd/sshd.pid
+AddressFamily any
 
 #
 # User configurable section
diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/ntp.xml.in
index b939d9dc6..d244b56bb 100644
--- a/interface-definitions/ntp.xml.in
+++ b/interface-definitions/ntp.xml.in
@@ -5,8 +5,8 @@
     <children>
       <node name="ntp" owner="${vyos_conf_scripts_dir}/ntp.py">
         <properties>
-          <priority>400</priority>
           <help>Network Time Protocol (NTP) configuration</help>
+          <priority>900</priority>
         </properties>
         <children>
           <tagNode name="server">
diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in
index 0a0a29f4d..3a993ec9c 100644
--- a/interface-definitions/snmp.xml.in
+++ b/interface-definitions/snmp.xml.in
@@ -6,7 +6,7 @@
       <node name="snmp" owner="${vyos_conf_scripts_dir}/snmp.py">
         <properties>
           <help>Simple Network Management Protocol (SNMP)</help>
-          <priority>980</priority>
+          <priority>900</priority>
         </properties>
         <children>
           <tagNode name="community">
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in
index d94e29427..a2ce3c1c9 100644
--- a/interface-definitions/ssh.xml.in
+++ b/interface-definitions/ssh.xml.in
@@ -6,7 +6,7 @@
       <node name="ssh" owner="${vyos_conf_scripts_dir}/ssh.py">
         <properties>
           <help>Secure Shell (SSH)</help>
-          <priority>500</priority>
+          <priority>1000</priority>
         </properties>
         <children>
           <node name="access-control">
diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in
index 159f4ea3e..06923971d 100644
--- a/interface-definitions/vrf.xml.in
+++ b/interface-definitions/vrf.xml.in
@@ -4,7 +4,7 @@
     <properties>
       <help>Virtual Routing and Forwarding</help>
       <!-- must be before any interface creation -->
-      <priority>60</priority>
+      <priority>10</priority>
     </properties>
     <children>
       <leafNode name="bind-to-all">
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index 28e606663..8eeb0a7c1 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -77,10 +77,9 @@ def apply(ssh):
     if not ssh:
         # SSH access is removed in the commit
         call('systemctl stop ssh.service')
+        return None
 
-    if ssh:
-        call('systemctl restart ssh.service')
-
+    call('systemctl restart ssh.service')
     return None
 
 if __name__ == '__main__':
-- 
cgit v1.2.3