Add restart flag to v-add-*-sftp-jail scripts and modify upgrade routine

Kristan Kenney · Kristan Kenney · commit 09975da687fa · 2019-06-19T15:52:31.000-03:00
This should help prevent service restart storm from issue hestiacp#370
diff --git a/bin/v-add-sys-sftp-jail b/bin/v-add-sys-sftp-jail
@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: add system sftp jail
-# options: NONE
+# options: [RESTART]
 #
 # The script enables sftp jailed environment
 
@@ -14,6 +14,7 @@ source /etc/profile
 source $HESTIA/func/main.sh
 source $HESTIA/conf/hestia.conf
 
+restart=$1
 
 #----------------------------------------------------------#
 #                    Verifications                         #
@@ -45,11 +46,12 @@ if [ -z "$sftp_i" ]; then
     echo "    X11Forwarding no" >> $config
     echo "    AllowTCPForwarding no" >> $config
     echo "    ForceCommand internal-sftp" >> $config
-    restart='yes'
 fi
 
 # Validating opensshd config
-if [ "$restart" = 'yes' ]; then
+if [ "$restart" = 'no' ]; then
+    # Skip restarting SSH daemon
+else
     subj="OpenSSH restart failed"
     email=$(grep CONTACT $HESTIA/data/users/admin/user.conf |cut -f 2 -d \')
     /usr/sbin/sshd -t >/dev/null 2>&1
@@ -59,7 +61,6 @@ if [ "$restart" = 'yes' ]; then
         echo -e "$mail_text" |$SENDMAIL -s "$subj" $email
     else
         service ssh restart >/dev/null 2>&1
-        service sshd restart >/dev/null 2>&1
     fi
 fi
 
diff --git a/bin/v-add-user-sftp-jail b/bin/v-add-user-sftp-jail
@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: add user sftp jail
-# options: USER
+# options: USER [RESTART]
 #
 # The script enables sftp jailed environment
 
@@ -11,6 +11,7 @@
 
 # Argument definition
 user=$1
+restart=$2
 
 # Includes
 source $HESTIA/func/main.sh
@@ -62,8 +63,11 @@ chown root:root /home/$user
 #----------------------------------------------------------#
 
 # Restart ssh service
-service ssh restart > /dev/null 2>&1
-service sshd restart > /dev/null 2>&1
+if [ "$restart" = 'no' ]; then
+    # Skip restart of SSH daemon
+else
+    service ssh restart > /dev/null 2>&1
+fi
 
 # Logging
 log_event "$OK" "$ARGUMENTS"
diff --git a/install/upgrade/1.00.0-190618.sh b/install/upgrade/1.00.0-190618.sh
@@ -323,14 +323,13 @@ if [ ! -z "$WEBALIZER_CHECK" ]; then
 fi
 
 # Run sftp jail once
-$HESTIA/bin/v-add-sys-sftp-jail
+$HESTIA/bin/v-add-sys-sftp-jail no
 
 # Enable SFTP subsystem for SSH
 sftp_subsys_enabled=$(grep -iE "^#?.*subsystem.+(sftp )?sftp-server" /etc/ssh/sshd_config)
 if [ ! -z "$sftp_subsys_enabled" ]; then
     echo "(*) Updating SFTP subsystem configuration..."
     sed -i -E "s/^#?.*Subsystem.+(sftp )?sftp-server/Subsystem sftp internal-sftp/g" /etc/ssh/sshd_config
-    systemctl restart ssh
 fi
 
 # Remove and migrate obsolete object keys
@@ -423,8 +422,9 @@ if [ ! -z $DNS_SYSTEM ]; then
 	$BIN/v-restart-dns $restart
 fi
 
-# restart Hestia services (nginx,php-fpm)
-systemctl restart hestia
+$BIN/v-restart-service ssh $restart
+$BIN/v-restart-service hestia $restart
+
 
 echo ""
 echo "    Upgrade complete! Please report any bugs or issues to"
