Catch any sshd config failures & reload (#52)

kislyuk · Sep 30, 2019 · 4af3a64 · 4af3a64
1 parent 18becfc
commit 4af3a64
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/keymaker/__init__.py b/keymaker/__init__.py
@@ -237,8 +237,10 @@ def install(args):
         for line in sshd_config_lines:
             print(line, file=fh)
 
-    # TODO: print explanation if errors occur
-    subprocess.check_call(["sshd", "-t"])
+    try:
+        subprocess.check_call(["sshd", "-t"])
+    except subprocess.CalledProcessError as err:
+        err_exit("sshd configuration checks failed")
 
     pam_config_line = "auth optional pam_exec.so stdout " + find_executable("keymaker-create-account-for-iam-user")
     with open("/etc/pam.d/sshd") as fh:
@@ -249,6 +251,11 @@ def install(args):
         for line in pam_config_lines:
             print(line, file=fh)
 
+    try:
+        subprocess.check_call(["service", "sshd", "reload"])
+    except subprocess.CalledProcessError as err:
+        err_exit("Unable to reload sshd service")
+
     with open("/etc/cron.d/keymaker-group-sync", "w") as fh:
         print("*/5 * * * * root " + find_executable("keymaker") + " sync_groups", file=fh)