Date: Wed, 09 Dec 2009 22:31:19 -0600 From: "Corey J. Bukolt" <0.23@mail.ru> To: Modulok <modulok@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Temporarily halt boot process to enter encryption keys? Message-ID: <4B207997.9010609@mail.ru> In-Reply-To: <64c038660912092001t300e8dd9id6c27a01c4b3c65d@mail.gmail.com> References: <4B1F5263.1060907@mail.ru> <4B2044DA.8030300@mail.ru> <64c038660912092001t300e8dd9id6c27a01c4b3c65d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Modulok wrote:
> Corey,
>
> Umm...write a script perhaps?
>
> Nobody else has taken a shot at this one yet, so I'll try. This is
> just what I'd do. That said, it's probably not the best solution.
> It's an idea. You may have to work out some bugs along the way.
>
> In regards to interrupting the boot process, I don't think this is
> what you're after, unless you have console access. In which case
> you'd use geli to set the boot flag on your providers. The boot
> process will stop, ask for a password and then continue. The
> problem is that this occurs before daemons like sshd are started;
> Unless you have console access, you're screwed. Thus, your
> problem...
Exactly.
>
> You want the system to boot as usual, it's just you don't want it
> to start any third party daemons such as samba ...yet!
>
> (This is why runlevels on SysV style startups are useful. It would
> be a matter of switching to a custom runlevel.)
>
> You would first disable the various daemons by not having them in
> your 'rc.conf' file. You'd then write a wrapper script, in your
> language of choice. The wrapper simply calls the various
> '/usr/local/etc/rc.d' scripts to start all of your third party
> daemons as usual. ...and whatever else you need to do. Remember to
> pass the 'onestart' argument, because the rc scripts are no longer
> listed in /etc/rc.conf. With all that in place you'd ssh in and
> execute the wrapper as the root user.
>
> (root)> engage
>
> Poof done. You can put the wrapper script anywhere you want. Name
> it anything you like. Just make sure it's executable by the root
> user. (Thus be careful when writing it!) An example of a python
> wrapper might look something like the one below. Change to fit your
> needs, obviously. Admittedly it's not he most pythonic code ever
> written. It also probably has bugs to work out, but again, it's an
> idea.
>
> #!/usr/local/bin/python """ Wrapper which executes a bunch of
> files."""
>
> import os import sys import subprocess as sp
>
> # Change this to suit your needs: SCRIPTS_TO_CALL = [
> '/usr/local/etc/rc.d/apache22', '/usr/local/etc/rc.d/samba',
> '/etc/rc.d/ntpd' ]
>
> if os.geteuid() != 0: sys.stderr.write("This script must be
> executed as the root user. Aborting.\n")
>
> for script in SCRIPTS_TO_CALL: if os.path.exists(script): command =
> script + " onestart" p = sp.Popen(command, shell=True,
> stdout=sp.PIPE, stderr=sp.PIPE)
>
> # Now write out any errors/output to their usual places:
> sys.stdout.write(p.stdout.read()+"\n")
> sys.stderr.write(p.stderr.read()+"\n") else:
> sys.stderr.write("File, '%s' does not exist. Skipping...\n" %
> script)
>
>
> Hacky, perhaps buggy, but perhaps useful. Unless anyone has a
> better idea? With a little more refinement you could probably even
> convert your FreeBSD box into a sysV equivalent, making complex
> custom startups easier in the future. Blasphemy, I know!
>
> -Modulok-
>
Oooo.....Not a bad idea at all.
It might be even simpler just to disable the services in rc.conf, then
use a simple shell script with something like:
#!/bin/sh
/etc/rc.d/nfsd start
/etc/rc.d/samba start
.....etc
Then all that would have to be done is boot the system, ssh in, attach
the drives using geli, then run engage.sh (or whatever).
Thank you very much for the idea. :)
~Corey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B207997.9010609>