From 4af3a64a8abbbca030208ce00c28917f36268c4e Mon Sep 17 00:00:00 2001
From: Ryan A <ryanall@users.noreply.github.com>
Date: Mon, 30 Sep 2019 19:06:38 +0100
Subject: [PATCH] Catch any sshd config failures & reload (#52)

---
 keymaker/__init__.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/keymaker/__init__.py b/keymaker/__init__.py
index 04fa6ba..3cacba1 100644
--- a/keymaker/__init__.py
+++ b/keymaker/__init__.py
@@ -237,8 +237,10 @@ def install(args):
         for line in sshd_config_lines:
             print(line, file=fh)
 
-    # TODO: print explanation if errors occur
-    subprocess.check_call(["sshd", "-t"])
+    try:
+        subprocess.check_call(["sshd", "-t"])
+    except subprocess.CalledProcessError as err:
+        err_exit("sshd configuration checks failed")
 
     pam_config_line = "auth optional pam_exec.so stdout " + find_executable("keymaker-create-account-for-iam-user")
     with open("/etc/pam.d/sshd") as fh:
@@ -249,6 +251,11 @@ def install(args):
         for line in pam_config_lines:
             print(line, file=fh)
 
+    try:
+        subprocess.check_call(["service", "sshd", "reload"])
+    except subprocess.CalledProcessError as err:
+        err_exit("Unable to reload sshd service")
+
     with open("/etc/cron.d/keymaker-group-sync", "w") as fh:
         print("*/5 * * * * root " + find_executable("keymaker") + " sync_groups", file=fh)