From owner-freebsd-questions@FreeBSD.ORG Thu Dec 10 22:16:40 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F2F251065672 for ; Thu, 10 Dec 2009 22:16:39 +0000 (UTC) (envelope-from 232747@gmail.com) Received: from mail-yw0-f197.google.com (mail-yw0-f197.google.com [209.85.211.197]) by mx1.freebsd.org (Postfix) with ESMTP id A87D18FC16 for ; Thu, 10 Dec 2009 22:16:39 +0000 (UTC) Received: by ywh35 with SMTP id 35so270748ywh.7 for ; Thu, 10 Dec 2009 14:16:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=+ZhUd0od7vk6oDIk5+b8CROo0ca3q93ScxpONSC53IU=; b=YCHZIpYFUrusNf339tdTmrBVJrBQFQWX1E4MN8hJqYawEWC3yUePGiRMFneB7tZNGr el/0aY6i/OD/yMiiqwhHtyfg0hZjgM5AdfhaXUSI97SpFccQkSa5RKwlTWHMOWSyqPJL EM76yfR+CXYZ0uvaMEaJchOUR6+pDN89BiWVU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=xQRl7a/2h8bf5LMEO/kL06+Xes53YdbOMUHWjlnhW+cCLR/kBrIvqH0mDTOkkDV1DL lRBgOJLm/sYXSUMFrkHXHA4Gt8D6KIQlT1hJwBWZDDMPathrAIpUyIY0CqOgeoIfz8kl 34VClhermeY8p5eBc4rnu4iEmsXSxKuyKud/w= Received: by 10.150.4.14 with SMTP id 14mr1173273ybd.168.1260483398715; Thu, 10 Dec 2009 14:16:38 -0800 (PST) Received: from ?192.168.0.250? (173-16-22-10.client.mchsi.com [173.16.22.10]) by mx.google.com with ESMTPS id 21sm766241iwn.14.2009.12.10.14.16.37 (version=SSLv3 cipher=RC4-MD5); Thu, 10 Dec 2009 14:16:37 -0800 (PST) Sender: 23 23 <232747@gmail.com> Message-ID: <4B217344.6050109@mail.ru> Date: Thu, 10 Dec 2009 16:16:36 -0600 From: "Corey J. Bukolt" <0.23@mail.ru> User-Agent: Thunderbird 2.0.0.23 (X11/20091024) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4B1F5263.1060907@mail.ru> <20091210145411.279939ad@gumby.homeunix.com> In-Reply-To: <20091210145411.279939ad@gumby.homeunix.com> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: Temporarily halt boot process to enter encryption keys? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2009 22:16:40 -0000 RW wrote: > On Wed, 09 Dec 2009 01:31:47 -0600 > "Corey J. Bukolt" <0.23@mail.ru> wrote: > > >> Hello list, >> >> I have a FreeNAS box with a CF card for root, and 3 drives (soon to be >> 4) set up with encryption and raidz on top of them. >> A less than excellent detailed report of what I did is here: >> http://bit.ly/5BeZq8 >> This setup is a bit hackish as after the system boots I need to attach >> each drive using geli, run "zpool import -f primary", and then restart >> all my services (nfs, samba, etc). >> >> It's become a bit of a chore (especially when doing it all from a >> N810), so I'm looking for a way to temporary halt the boot process so >> that I can ssh in, attach the drives, and then allow the system to >> continue to boot. >> >> > > It's fairly trivial to write an rc.d script that pauses the boot > process and waits for devices, but sshd runs after LOGIN, and nfs runs > before, so you can't easily reorder then without maintaining modified > rc.d scripts. > > > I don't see the point though. Why not just write a script to do > what you are doing now? > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > You are right that I could very well just write a script and be done with it, but I'm trying to find a more elegant approch. Starting up a whole bunch of services that are going to error, killing them, then restarting seems to me as a messy approch. Perhaps if I put a rc.d script before nfs that calls a lightweight sshd, such as dropbear, and waits for all the drives to be attached with geli. Once they are, the script kills sshd and the boot continues as normal. Think that would work?