From owner-freebsd-questions@FreeBSD.ORG Thu Dec 10 04:31:22 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BBA331065670 for ; Thu, 10 Dec 2009 04:31:22 +0000 (UTC) (envelope-from 232747@gmail.com) Received: from mail-yw0-f194.google.com (mail-yw0-f194.google.com [209.85.211.194]) by mx1.freebsd.org (Postfix) with ESMTP id 6FD348FC12 for ; Thu, 10 Dec 2009 04:31:22 +0000 (UTC) Received: by ywh32 with SMTP id 32so7703137ywh.14 for ; Wed, 09 Dec 2009 20:31:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=XmozyQeFJwB2CirJQo9CO1jUrnIDwZPxzvvJBrTveKI=; b=LiCnoWayI1M+w+9uvFIZWNMN4E2rCOeffjUWs8W7wUMN7R4dOlmXCXjhWgBA7fRQmM 50INx3kp6bUhzp7rXMLQsx6EGmRMU+XJRYbLVWnrAbTsYB4Bef7ThOYOOA5vdcQhkoVd hoG/SVdi+WyuauSufIJ0cO3vU4XsTCZ+ggPAw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=P8NPCpxJKy9KkBHvVOogiZfMB2w9Q7SlG7T0Nh/O3wSEKpejp2mlY/fssBTzqEn07j zMsz/Ej+aDqoR9STIvZQN9dBKbQgZRwDGqCIi9WmCVcvOif009uNJS79ol/hyhxXcYfs 4zglzlFPMYFZupUMD3VnXMYLiCLMtZasi1B4s= Received: by 10.150.26.36 with SMTP id 36mr11474565ybz.8.1260419481841; Wed, 09 Dec 2009 20:31:21 -0800 (PST) Received: from ?192.168.0.250? (173-16-22-10.client.mchsi.com [173.16.22.10]) by mx.google.com with ESMTPS id 20sm282626iwn.13.2009.12.09.20.31.20 (version=SSLv3 cipher=RC4-MD5); Wed, 09 Dec 2009 20:31:20 -0800 (PST) Sender: 23 23 <232747@gmail.com> Message-ID: <4B207997.9010609@mail.ru> Date: Wed, 09 Dec 2009 22:31:19 -0600 From: "Corey J. Bukolt" <0.23@mail.ru> User-Agent: Thunderbird 2.0.0.23 (X11/20091024) MIME-Version: 1.0 To: Modulok References: <4B1F5263.1060907@mail.ru> <4B2044DA.8030300@mail.ru> <64c038660912092001t300e8dd9id6c27a01c4b3c65d@mail.gmail.com> In-Reply-To: <64c038660912092001t300e8dd9id6c27a01c4b3c65d@mail.gmail.com> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Temporarily halt boot process to enter encryption keys? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2009 04:31:22 -0000 Modulok wrote: > Corey, > > Umm...write a script perhaps? > > Nobody else has taken a shot at this one yet, so I'll try. This is > just what I'd do. That said, it's probably not the best solution. > It's an idea. You may have to work out some bugs along the way. > > In regards to interrupting the boot process, I don't think this is > what you're after, unless you have console access. In which case > you'd use geli to set the boot flag on your providers. The boot > process will stop, ask for a password and then continue. The > problem is that this occurs before daemons like sshd are started; > Unless you have console access, you're screwed. Thus, your > problem... Exactly. > > You want the system to boot as usual, it's just you don't want it > to start any third party daemons such as samba ...yet! > > (This is why runlevels on SysV style startups are useful. It would > be a matter of switching to a custom runlevel.) > > You would first disable the various daemons by not having them in > your 'rc.conf' file. You'd then write a wrapper script, in your > language of choice. The wrapper simply calls the various > '/usr/local/etc/rc.d' scripts to start all of your third party > daemons as usual. ...and whatever else you need to do. Remember to > pass the 'onestart' argument, because the rc scripts are no longer > listed in /etc/rc.conf. With all that in place you'd ssh in and > execute the wrapper as the root user. > > (root)> engage > > Poof done. You can put the wrapper script anywhere you want. Name > it anything you like. Just make sure it's executable by the root > user. (Thus be careful when writing it!) An example of a python > wrapper might look something like the one below. Change to fit your > needs, obviously. Admittedly it's not he most pythonic code ever > written. It also probably has bugs to work out, but again, it's an > idea. > > #!/usr/local/bin/python """ Wrapper which executes a bunch of > files.""" > > import os import sys import subprocess as sp > > # Change this to suit your needs: SCRIPTS_TO_CALL = [ > '/usr/local/etc/rc.d/apache22', '/usr/local/etc/rc.d/samba', > '/etc/rc.d/ntpd' ] > > if os.geteuid() != 0: sys.stderr.write("This script must be > executed as the root user. Aborting.\n") > > for script in SCRIPTS_TO_CALL: if os.path.exists(script): command = > script + " onestart" p = sp.Popen(command, shell=True, > stdout=sp.PIPE, stderr=sp.PIPE) > > # Now write out any errors/output to their usual places: > sys.stdout.write(p.stdout.read()+"\n") > sys.stderr.write(p.stderr.read()+"\n") else: > sys.stderr.write("File, '%s' does not exist. Skipping...\n" % > script) > > > Hacky, perhaps buggy, but perhaps useful. Unless anyone has a > better idea? With a little more refinement you could probably even > convert your FreeBSD box into a sysV equivalent, making complex > custom startups easier in the future. Blasphemy, I know! > > -Modulok- > Oooo.....Not a bad idea at all. It might be even simpler just to disable the services in rc.conf, then use a simple shell script with something like: #!/bin/sh /etc/rc.d/nfsd start /etc/rc.d/samba start .....etc Then all that would have to be done is boot the system, ssh in, attach the drives using geli, then run engage.sh (or whatever). Thank you very much for the idea. :) ~Corey