mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
docs: mention tmpfiles.d in CREDENTIALS.md and add example
This commit is contained in:
parent
87d1886346
commit
b60d3016eb
@ -342,6 +342,10 @@ Various services shipped with `systemd` consume credentials for tweaking behavio
|
||||
`firstboot.keymap`, `firstboot.timezone`, that configure locale, keymap or
|
||||
timezone settings in case the data is not yet set in `/etc/`.
|
||||
|
||||
* [`tmpfiles.d(5)`](https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html)
|
||||
will look for the credentials `tmpfiles.extra` with arbitrary tmpfiles.d lines.
|
||||
Can be encoded in base64 to allow easily passing it on the command line.
|
||||
|
||||
In future more services are likely to gain support for consuming credentials.
|
||||
|
||||
Example:
|
||||
@ -377,6 +381,23 @@ qemu-system-x86_64 \
|
||||
-smbios type=11,value=io.systemd.credential:firstboot.locale=C.UTF-8
|
||||
```
|
||||
|
||||
This boots the specified disk image via qemu, provisioning public key SSH access
|
||||
for the root user from the caller's key:
|
||||
|
||||
```
|
||||
qemu-system-x86_64 \
|
||||
-machine type=q35,accel=kvm,smm=on \
|
||||
-smp 2 \
|
||||
-m 1G \
|
||||
-cpu host \
|
||||
-nographic \
|
||||
-nodefaults \
|
||||
-serial mon:stdio \
|
||||
-drive if=none,id=hd,file=test.raw,format=raw \
|
||||
-device virtio-scsi-pci,id=scsi \
|
||||
-device scsi-hd,drive=hd,bootindex=1 \
|
||||
-smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=$(echo "f~ /root/.ssh/authorized_keys 700 root root - $(ssh-add -L | base64 -w 0)" | base64 -w 0)
|
||||
```
|
||||
## Relevant Paths
|
||||
|
||||
From *service* perspective the runtime path to find loaded credentials in is
|
||||
|
Loading…
Reference in New Issue
Block a user