From 5280d685c6f8828ed7fe59b3eb72d96003b7cced Mon Sep 17 00:00:00 2001
From: root <root@vtep01.usw1.wit.com>
Date: Thu, 2 Aug 2018 15:45:52 +0000
Subject: [PATCH] if we're not dealing with a datanode or hypervisor write the
 TIER_ID down into the environment so it's available next time, also cleanup
 interfaces and do not restart strongswan just like we don't restart frr to
 avoid service interruption after an upgrade

---
 debian/changelog                      |  2 +-
 debian/wit-hypervisor-config.postinst | 13 +++++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index a677d58..13b5d77 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-wit-hypervisor-config (1.0) unstable; urgency=low
+wit-hypervisor-config (1.1) unstable; urgency=low
 
   * Initial release.
 
diff --git a/debian/wit-hypervisor-config.postinst b/debian/wit-hypervisor-config.postinst
index ffc9432..6f3b6b8 100755
--- a/debian/wit-hypervisor-config.postinst
+++ b/debian/wit-hypervisor-config.postinst
@@ -44,6 +44,7 @@ case "$1" in
         [ $HOSTTYPE = datanode   -a $DOMAINNAME = .usw1.wit.com ] && export TIER_ID=4
         [ $HOSTTYPE = hypervisor -a $DOMAINNAME = .usw2.wit.com ] && export TIER_ID=18
         [ $HOSTTYPE = datanode   -a $DOMAINNAME = .usw2.wit.com ] && export TIER_ID=20
+	[ $HOSTTYPE != hypervisor -a $HOSTTYPE != datanode ] && sed -i -e '/TIER_ID/d' -e "$ s/$/\nTIER_ID=$TIER_ID/" /etc/environment
 
 
         if [ -z "$TIER_ID" ]; then
@@ -65,10 +66,14 @@ case "$1" in
      ## START writing config files
 
 
-        echo "auto lo:0" >/etc/network/interfaces.d/lo
-        echo "iface lo:0 inet static" >> /etc/network/interfaces.d/lo
+        sed -i -e '/#*PasswordAuthentication /d' /etc/ssh/sshd_config
+        echo "PasswordAuthentication no" >>/etc/ssh/sshd_config
+
+
+        echo "iface lo inet static" > /etc/network/interfaces.d/lo
 	echo "    address ${LOOPBACKv4}/32" >> /etc/network/interfaces.d/lo
-        echo "iface lo:0 inet6 static" >> /etc/network/interfaces.d/lo
+	echo "" >> /etc/network/interfaces.d/lo
+        echo "iface lo inet6 static" >> /etc/network/interfaces.d/lo
 	echo "    address ${LOOPBACKv6}/128" >> /etc/network/interfaces.d/lo 
 
 
@@ -109,7 +114,7 @@ case "$1" in
 
         systemctl enable firewall
         systemctl restart systemd-timesyncd
-        systemctl restart strongswan
+        systemctl restart ssh
         
         update-grub