RyanBlog:entry:Mar 21, 2012

Technically, I *am* root for the home team. Weird, huh?
(I need a new pun here, huh...)

entry:03/18/12 | Main | entry:03/21/12

March 21, 2012

SmartOS.org - run things at boot

Quickie blog post to answer some questions that i've gotten in the #smartos channel on irc:

... I'll turn this into a wiki post on smartos.org , but I needed to get a post in here for Forced March anyway:

The Challenge:

SmartOS boots from a ramdisk, but I want to customize things, and make something run in the global zone at boot.

The answer is, make a SMF service, and put it in /opt/custom/smf ... make that service do your extra commands.

My example here is "I can't edit stuff in root's home directory, since it's erased from ramdisk at every boot... but I want to put my ssh key in there!" I just make a new service definition, (I like the "manifold" program for this ... it's in Joyent's pkgsrc repo. ) ... that service just grabs my ssh_public_key from a place that's persistent on disk (in /zones, or /opt someplace safe) , and every time I reboot, it replaces it.

(It could just as easily "wget" it from someplace, or generate a new one, and email it to me, you know?)

Detailed example:

- fetch http://ryan.net/misc/custom-ssh-key-smf.tar.gz

- copy this file onto your SmartOS machine, into the /opt directory. /opt is not on ramdisk, and will persist through reboots.

- cd to /opt , then un-archive this file by running "tar -xvzf custom-ssh-key-smf.tar.gz"

- this should result in the following directory structure:


Then, edit the /opt/custom/authorized_keys file to contain the public key file you want to be copied to /root/.ssh/authorized_keys immediately after reboot. (that file contains my public key as a test. Please replace it!)

This mechanism allows solaris-style smf manifest definitions that are placed in /opt/custom/smf/ to be imported upon boot. I created a smf service manifest that simply runs /opt/custom/copy-in-ssh-key.sh , which copies the key file into root's home directory.

(this blog post'll probably get edited for correctness or verbosity soon, ... or, you know me, not.)

| Comments (1) - Posted by ryan at 06:36 PM