14:20:56 <Smithx10> zlogin -C doesn't work with KVM?
14:22:26 <bahamat> Eh...it depends?
14:22:31 <Smithx10> udnerstood
14:22:40 <bahamat> The guest needs to have the console explicitly configured
14:23:16 <Smithx10> Someone left a team and no one has access to a bunch of their VMs,  is there a way to do a startup script assuming they have the smartos tools / cloud-init running in the instnace?
14:23:42 <bahamat> I'm pretty sure (though, now on reflection not 100%) that we do have zlogin -C wired up to the serial port so that if the guest also sets it up it would work.
14:24:01 <bahamat> Well, there's a couple of things.
14:24:24 <bahamat> There's some stuff for overwriting ssh keys, but I'm not sure that works with the cloud-init stuff anymore.
14:27:27 <Smithx10> What was the way to overwrite ssh keys without cloud-init
14:28:07 <bahamat> You could write a special metadata key that would signal our start up script to replace the authorized_keys file
14:28:17 <bahamat> I'm trying to find the code for it
14:28:28 <Smithx10> Thanks
14:31:27 <bahamat> Ok, here's where it used to be: https://github.com/TritonDataCenter/sdc-vmtools/blob/master/src/linux/lib/smartdc/set-root-authorized-keys
14:32:26 <Smithx10> so set overwrite_root_akeys to "OVERWRITE" yea?
14:32:31 <bahamat> Yeah
14:32:42 <bahamat> But I don't think we ship that on modern images.
14:32:52 <bahamat> I can't find it anywhere on any of my bhyve systems
14:33:24 <bahamat> We actually probably should, because it's a nice failsafe to have.
14:33:59 <bahamat> The other option is to get on the vnc console and interrupt grub, which is always a pain in the ass.
14:34:43 <Smithx10> yea
14:52:30 <Smithx10> the idea of smartlogin was cool
14:53:02 <Smithx10> but with VM i can see the pain 
17:52:29 <bahamat> Smithx10: With newer OpenSSH you can have AuthorizedKeysCommand, and have that mget the keys
17:52:33 <bahamat> But you have to set that up yourself.
17:53:27 <bahamat> I've considered several ways of putting that into images, but there's no clear way to do it "right" that won't be broken by the distro when upgrading the package.
17:56:40 <bahamat> Oh, actually, even newer ones have `Include /etc/ssh/sshd_config.d` by default.
18:10:01 <Smithx10> Yeah,  we <3 AuthorizedKeysCommand but the issue is the BUs are kinda on their own for this
18:10:08 <Smithx10> until we can be authorized to govern their instances 
18:10:24 <Smithx10> exactly,  we use it for all our stuff in our accounts for ops
18:10:49 <Smithx10> but....  its that line between them having freedom vs having to work with us
18:11:38 <Smithx10> maybe I should have had images always populate from mdata on bounce 
18:12:16 <Smithx10> Not sure if you saw things like "Boundary" or WarpGate 
18:12:29 <Smithx10> https://github.com/hashicorp/boundary
18:12:39 <Smithx10> https://github.com/warp-tech/warpgate
18:12:42 <Smithx10> seems pretty cool
19:27:26 <bahamat> Yeah, I've seen them, but like how much should we customize images for customers? I'm in favor of very little
19:54:37 <Smithx10> same