Hi folks, been a bit since I’ve written up a post, I know, I’m sorry. I’ve been busy. As a part of one of the projects I’ve been working on, I’ve decided to target SmartOS specifically. This isn’t anything new, as I have quite a fixation on it.
Create an Instance
Create your instance however you do that, mine followed a route like so:
List Triton networks:
$ triton networks SHORTID NAME SUBNET GATEWAY FABRIC VLAN PUBLIC 429ae81e My-Fabric-Network 192.168.128.0/22 192.168.128.1 true 2 false c9158b8d barr0wnet-kararou-pop - - - - true 2a306b7c dmz - - - - true dd047ad4 external - - - - true 8c7adcaf hacks 192.168.137.0/24 192.168.137.1 true 666 false 7b56a4b1 sdc_nat - - - - true e24f5e94 server - - - - true
We simply need to know which network to use, and I have a few of them setup and available to me. I’m going to pick “server” because its the network used for non-dmz servers.
Next, look at the available packages:
$ triton pkgs SHORTID NAME MEMORY SWAP DISK VCPUS b6690689 teeny 64M 256M 10G 1 418650a9 smol 256M 1G 10G 1 cd55c0c5 nyarmal 512M 2G 20G 2 f6a99059 lorge 1G 4G 20G 2 186d623b insanyanty 2G 6G 20G 4 d1bf309d herculenyan 3G 8G 20G 5 eefa2bc1 gignyantic 4G 10G 20G 6 1509016f considerable-chonker 6G 12G 20G 7 2de9db76 aaaaaaa 8G 16G 40G 8 edfb4ba3 aaaaaaa 10G 20G 40G 10
These are the packages I have available. I’m going to pick a nyarmal sized instance because I can dynamically resize these as I need to.
The last thing we have to do is ask Triton to let us know what images we have available.
$ triton imgs SHORTID NAME VERSION FLAGS OS TYPE PUBDATE 7b5981c4 ubuntu-16.04 20170403 P linux lx-dataset 2017-04-03 c193a558 base-64-lts 18.4.0 P smartos zone-dataset 2019-01-21 4feac886 ubuntu-certified-18.04 20190514.1 P linux zvol 2019-05-22 616c7421 ubuntu-certified-16.04 20190628.1 P linux zvol 2019-07-03 9aa48095 ubuntu-certified-18.04 20190627.1.1 P linux zvol 2019-07-03 e75c9d82 base-64-lts 19.4.0 P smartos zone-dataset 2020-01-07 9bcfe5cc debian-10 20200508 P linux zvol 2020-05-08 9ad5a702 minimal-64-trunk 20201019 P smartos zone-dataset 2020-10-19 2d8225e4 base-64-trunk 20201019 P smartos zone-dataset 2020-10-19 1f538e62 pkgbuild-trunk 20201019 P smartos zone-dataset 2020-10-19 800db35c minimal-64-lts 20.4.0 P smartos zone-dataset 2021-01-11 1d05e788 base-64-lts 20.4.0 P smartos zone-dataset 2021-01-11 0bf06d4d ubuntu-20.04 20210413 P linux lx-dataset 2021-04-13 f9d127e8 void 20210413 P linux lx-dataset 2021-04-13 62aa54b0 barrow-base 1.0.0 P smartos zone-dataset 2021-10-31 108ee646 barrow-bind 1.0.0 P smartos zone-dataset 2021-10-31 74b6fe0c rust-stable 1.56.1 PS smartos zone-dataset 2021-11-03 ea7da286 rust-stable 1.57.0 P smartos zone-dataset 2021-12-20 088acaa4 rust-stable 1.58.0 P smartos zone-dataset 2022-01-13
I’m going to use base-64-trunk, as that affords me the latest pkgsrc packages; however, during installation, I noticed that base-64-trunk doesn’t have clang, while firstname.lastname@example.org does. So if you need clang, use that one instead. We also have rust-specific packages thanks to our good friend, barrow.
Now we can create the instance itself:
$ triton create -n devbox -N server base-64-trunk nyarmal Creating instance devbox (b10998b8-97d1-4a2f-9914-6cd47dd61f7e, base-64-trunk@20201019)
Go ahead and do something for a few minutes, typical spinup time is around 46
seconds and run
triton ls to see if its running yet. You could also set
triton to wait for the instance to spinup by using the
Login and Setup
UNIX is fun. I love it a lot. Lets login.
$ triton ssh devbox The authenticity of host 'devbox (X.X.X.X)' can't be established. ECDSA key fingerprint is SHA256:YPSriDziNSbmsT/oCkgNitx9EWxV+mXlmgVv6YO2saY. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'devbox' (ECDSA) to the list of known hosts. __ . . _| |_ | .-. . . .-. :--. |- |_ _| ;| || |(.-' | | | |__| `--' `-' `;-| `-' ' ' `-' / ; Instance (base-64-trunk 20201019) `-' https://docs.joyent.com/images/smartos/base [root@devbox ~]#
Now lets get to setting up some fancy stuff, like a brand new user account that
has access to
pfexec, and zsh, and the rest of our devtools.
First thing we want to do is update everything.
# pkgin up reading local summary... processing local summary... processing remote summary (https://pkgsrc.joyent.com/packages/SmartOS/trunk/x86_64/All)... pkg_summary.xz 100% 2326KB 581.6KB/s 00:04 # pkgin upgrade -y
The last command will proabably generate a lot of output, but don’t worry. Its updating.
I like zsh, so I’m going to install it, along with the build-essential metapackage and git, which isn’t included in build-essential. This might have something to do with the fact that git-scm was the previous name of the package. Another little gem I’m going to install is mosh. Its an addition to ssh that makes things much nicer on mobile connections that cutout a lot.
# pkgin in -y zsh git build-essential mosh
This will also generate a lot of output. Don’t worry. Its all going according to plan. Next we’ll be setting up a non-root user. To make things a little more friendly, though, we will first create a primary group for that user.
# groupadd spicywolf UX: groupadd: spicywolf name too long.
Oof. Maybe it worked anyway, right? (It did, of course). Check /etc/group to ensure you didn’t get lolnope’d into oblivion.
# cat /etc/group root::0: other::1:root bin::2:root,daemon sys::3:root,bin,adm adm::4:root,daemon uucp::5:root mail::6:root,postfix tty::7:root,adm nuucp::9:root staff::10: daemon::12:root sysadmin::14: games::20: smmsp::25: upnp::52: xvm::60: netadm::65: slocate::95: unknown::96: nobody::60001: noaccess::60002: nogroup::65534: maildrop::934: postfix::901: _pkgsrc::999: spicywolf::1000:
Looks like it worked just fine. Now lets create that user. I want to have the
pfexec (in place of sudo), so we’ll be taking advantage of the
profiles built into SmartOS for RBAC. To see a full list of roles, you can
cat /etc/security/exec_attr, but the one we care about here is
# which zsh /opt/local/bin/zsh # useradd -g spicywolf -G staff,games,sysadmin,netadm -d /home/spicywolf -m \ -s /opt/local/bin/zsh -c "Ren Kararou" -P "Primary Administrator" spicywolf UX: useradd: spicywolf name too long. UX: useradd: spicywolf name too long. 144 blocks # passwd spicywolf New Password: Re-enter new Password: passwd: password successfully changed for spicywolf
So that’s basically just figuring out where zsh is installed to, creating user spicywolf with primary group spicywolf and additional groups staff, games, sysadmin, and netadm (no I don’t know why they are named inconsistently, and I don’t care), setting a home directory of /home/spicywolf and creating it if it doesn’t exist (-m), then adding a comment of the user’s name (it me lol) and giving the user the “Primary Administrator” profile. Again, the UX failures are bogus hold overs from times long past. It all still works.
The last command is setting the initial password for the user.
Now we get to test the user. We are going to do this by pulling down ssh keys from github.
# su - spicywolf This is the Z Shell configuration function for new users, zsh-newuser-install. You are seeing this message because you have no zsh startup files (the files .zshenv, .zprofile, .zshrc, .zlogin in the directory ~). This function can help you with a few settings that should make your use of the shell easier. You can: (q) Quit and do nothing. The function will be run again next time. (0) Exit, creating the file ~/.zshrc containing just a comment. That will prevent this function being run again. (1) Continue to the main menu. --- Type one of the keys in parentheses --- q devbox%
The user works. That’s good. I pressed q to exit the zsh configuration menu and have it launch next time.
$ cd .ssh $ wget -O authorized_keys https://github.com/karaiwulf.keys
Finally, lets test pfexec:
$ pfexec whoami root
Perfect. That works, and everything looks fancy. Exit the user and root shells, then login to test mosh.
$ mosh devbox
You should be all set now to go forth and write some code no matter where you are.