Universal SSHD restart

From Cfwiki

Jump to: navigation, search

A question came up on the Cfengine help mailing list about restarting SSHD. A lot of people posted a response. Most of which performed some sort of /etc/init.d/sshd restart. The trick with SSHD is you can HUP the parent process to reread the config. Unfortunately if you hup a child process it kills the session. So it is important to get the right process. The best way to do that is grab /var/run/sshd.pid. Then we run a filter on that exact pid. This is important you don't want to use that pid in any other way ssince it should be a PPID of a child process. So you wouldn't want to HUP them. 

groups:

    pid_file_exists = ( FileExists(/var/run/sshd.pid) )

control:

    actionsequence = ( processes )

    pid_file_exists::
        sshd_pid = ( ExecResult(/bin/cat /var/run/sshd.pid) )

[Insert favorite method for updating the file with a define=sshd_config_modified]

filters:

    {
        rootsshd

        PID:    "${sshd_pid}"
        Result: "PID"

    }

processes:

    sshd_config_modified.pid_file_exists::

        "sshd"
            filter=rootsshd
            signal=HUP

alerts:

    !pid_file_exists.sshd_config_modified::
        "/var/run/sshd.pid is missing.  The sshd_config file was modified, but sshd was not restarted."

Example output: 

[root@dhcp-5010-191 root]# cfagent -f ./cf.sshrestart  -I -D sshd_config_modified -K
cfengine:: Signalled process 24202 (sshd) with SIGHUP
[root@dhcp-5010-191 root]# cfagent -f ./cf.sshrestart  -I -D sshd_config_modified -K
cfengine:: Signalled process 24208 (sshd) with SIGHUP
[root@dhcp-5010-191 root]# cfagent -f ./cf.sshrestart  -I -D sshd_config_modified -K
cfengine:: Signalled process 24214 (sshd) with SIGHUP
Retrieved from "http://www.cfwiki.org/cfwiki/index.php/Universal_SSHD_restart"
Personal tools