Add `postscript` key for running commands after installation is successful
User class
"Jamie", "River"
Desire
Ability to run a script inside the new environment after installation has completed successfully.
Intent
- Post-installation configuration, such as configuring Kerberos, SSH, or other remote services.
- Running initial configuration management commands, such as
puppet ssl bootstrap
or such. - Preparing the environment for first boot in some other way.
Impact
There should be no inter-dependency with other keys.
Requirements to add
Validation phase
Zero or more postscript
keys may be present. Each one must be either a full path which is resolvable in the installation environment, or a fetchable URL.
If any postscript
value is inaccessible, script validation shall fail.
Execution phase
Each postscript
key is executed in order. Inherited postscript
keys will be run in order of inheritance.
Proposed implementation
Each script will be copied to a tmpfs
which is read-only and bind-mounted to the target root at /var/horizon/postscripts
. The script will be executed with chroot
. At the end of execution of all postscript
keys, the scripts are copied to the target root at /var/horizon/postscripts
. This facilitates the user being able to inspect the scripts that were used to provision their system.
The directory will be owned by root:wheel
and have 0770
permissions, so that any sensitive material in the scripts cannot be read by non-privileged users.