kexec-tools/mkdumprd

491 lines
12 KiB
Plaintext
Raw Normal View History

#!/bin/bash --norc
# New mkdumprd
#
# Copyright 2011 Red Hat, Inc.
#
# Written by Cong Wang <amwang@redhat.com>
#
if [[ -f /etc/sysconfig/kdump ]]; then
. /etc/sysconfig/kdump
fi
[[ $dracutbasedir ]] || dracutbasedir=/usr/lib/dracut
. $dracutbasedir/dracut-functions.sh
. /lib/kdump/kdump-lib.sh
. /lib/kdump/kdump-logger.sh
export IN_KDUMP=1
#initiate the kdump logger
if ! dlog_init; then
echo "failed to initiate the kdump logger."
exit 1
fi
SSH_KEY_LOCATION="/root/.ssh/kdump_id_rsa"
SAVE_PATH=$(get_save_path)
OVERRIDE_RESETTABLE=0
extra_modules=""
Add kdump dracut config Resolves: RHEL-49590 Upstream: https://github.com/rhkdump/kdump-utils Conflict: Yes, kexec-tools is split into 3 parts upstream, some changes should be applied to kdump-utils Makefile, but RHEL-9 kexec-tools doesn't have that. Also missing upstream commits: - 1732a3b(mkdumprd: Omit rdma module) - 7fec2f56(mkdumprd: simplify handling of dracut arguments) commit dacb34341113fa925c15e28a7ce56a80dd370e2f Author: Lichen Liu <lichliu@redhat.com> Date: Tue Nov 5 12:07:42 2024 +0800 Add kdump dracut config In some cases, customizing the first kernel's initrd is necessary by modifying the dracut `omit_dracutmodules` options, such as in Bootc or CoreOS scenarios [1]. However, these changes can unintentionally break existing functionality in kdump. For instance, setting `omit_dracutmodules='nfs'` prevents the `nfs` module from being added. Additionally, some dracut configurations [2] use `dracutmodules+='some modules'` instead of `add_dracutmodules+='some modules'`. When `dracutmodules` is non-empty, dracut includes only the specified modules, which can result in an initrd that lacks necessary modules, causing kdump to fail. Dracut upstream support --add-confdir now, kdump can use this option when building kdump initramfs. This patch moved the hardcoded dracutmodules from mkdumprd to the new conf file /lib/kdump/dracut.conf.d/99-kdump.conf, it is easier to check and modify to omit or add certain modules. This patch also initialize dracutmodules to empty to avoid the influence of other configurations. See also: [1] https://github.com/rhkdump/kdump-utils/issues/11 [2] https://issues.redhat.com/browse/RHEL-49590?focusedId=25197134&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-25197134 Suggested-by: Dave Young <dyoung@redhat.com> Suggested-by: Colin Walters <walters@verbum.org> Signed-off-by: Lichen Liu <lichliu@redhat.com> Signed-off-by: Lichen Liu <lichliu@redhat.com>
2024-12-05 02:45:27 +00:00
dracut_args=(--quiet --hostonly --hostonly-cmdline --hostonly-i18n --hostonly-mode strict --hostonly-nics '')
MKDUMPRD_TMPDIR="$(mktemp -d -t mkdumprd.XXXXXX)"
[ -d "$MKDUMPRD_TMPDIR" ] || perror_exit "dracut: mktemp -p -d -t dracut.XXXXXX failed."
MKDUMPRD_TMPMNT="$MKDUMPRD_TMPDIR/target"
trap '
ret=$?;
is_mounted $MKDUMPRD_TMPMNT && umount -f $MKDUMPRD_TMPMNT;
[[ -d $MKDUMPRD_TMPDIR ]] && rm --one-file-system -rf -- "$MKDUMPRD_TMPDIR";
exit $ret;
' EXIT
# clean up after ourselves no matter how we die.
trap 'exit 1;' SIGINT
add_dracut_arg()
{
dracut_args+=("$@")
}
add_dracut_mount()
{
add_dracut_arg "--mount" "$1"
}
add_dracut_sshkey()
{
add_dracut_arg "--sshkey" "$1"
}
# caller should ensure $1 is valid and mounted in 1st kernel
to_mount()
{
local _target=$1 _fstype=$2 _options=$3 _sed_cmd _new_mntpoint _pdev
_new_mntpoint=$(get_kdump_mntpoint_from_target "$_target")
_fstype="${_fstype:-$(get_fs_type_from_target "$_target")}"
_options="${_options:-$(get_mntopt_from_target "$_target")}"
_options="${_options:-defaults}"
if [[ $_fstype == "nfs"* ]]; then
_pdev=$_target
_sed_cmd+='s/,\(mount\)\?addr=[^,]*//g;'
_sed_cmd+='s/,\(mount\)\?proto=[^,]*//g;'
_sed_cmd+='s/,clientaddr=[^,]*//;'
else
# for non-nfs _target converting to use udev persistent name
_pdev="$(kdump_get_persistent_dev "$_target")"
if [[ -z $_pdev ]]; then
return 1
fi
fi
# mount fs target as rw in 2nd kernel
_sed_cmd+='s/\(^\|,\)ro\($\|,\)/\1rw\2/g;'
# with 'noauto' in fstab nfs and non-root disk mount will fail in 2nd
# kernel, filter it out here.
_sed_cmd+='s/\(^\|,\)noauto\($\|,\)/\1/g;'
# drop nofail or nobootwait
_sed_cmd+='s/\(^\|,\)nofail\($\|,\)/\1/g;'
_sed_cmd+='s/\(^\|,\)nobootwait\($\|,\)/\1/g;'
_options=$(echo "$_options" | sed "$_sed_cmd")
echo "$_pdev $_new_mntpoint $_fstype $_options"
}
#Function: get_ssh_size
#$1=dump target
#called from while loop and shouldn't read from stdin, so we're using "ssh -n"
get_ssh_size()
{
local _out
local _opt=("-i" "$SSH_KEY_LOCATION" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=yes")
if ! _out=$(ssh -q -n "${_opt[@]}" "$1" "df" "--output=avail" "$SAVE_PATH"); then
perror_exit "checking remote ssh server available size failed."
fi
echo -n "$_out" | tail -1
}
#mkdir if save path does not exist on ssh dump target
#$1=ssh dump target
#caller should ensure write permission on $1:$SAVE_PATH
#called from while loop and shouldn't read from stdin, so we're using "ssh -n"
mkdir_save_path_ssh()
{
local _opt _dir
_opt=(-i "$SSH_KEY_LOCATION" -o BatchMode=yes -o StrictHostKeyChecking=yes)
ssh -qn "${_opt[@]}" "$1" mkdir -p "$SAVE_PATH" &> /dev/null ||
perror_exit "mkdir failed on $1:$SAVE_PATH"
# check whether user has write permission on $1:$SAVE_PATH
_dir=$(ssh -qn "${_opt[@]}" "$1" mktemp -dqp "$SAVE_PATH" 2> /dev/null) ||
perror_exit "Could not create temporary directory on $1:$SAVE_PATH. Make sure user has write permission on destination"
ssh -qn "${_opt[@]}" "$1" rmdir "$_dir"
return 0
}
#Function: get_fs_size
#$1=dump target
get_fs_size()
{
df --output=avail "$(get_mntpoint_from_target "$1")/$SAVE_PATH" | tail -1
}
#Function: get_raw_size
#$1=dump target
get_raw_size()
{
fdisk -s "$1"
}
#Function: check_size
#$1: dump type string ('raw', 'fs', 'ssh')
#$2: dump target
check_size()
{
local avail memtotal
memtotal=$(awk '/MemTotal/{print $2}' /proc/meminfo)
case "$1" in
raw)
avail=$(get_raw_size "$2")
;;
ssh)
avail=$(get_ssh_size "$2")
;;
fs)
avail=$(get_fs_size "$2")
;;
*)
return
;;
esac || perror_exit "Check dump target size failed"
if [[ $avail -lt $memtotal ]]; then
dwarn "Warning: There might not be enough space to save a vmcore."
dwarn " The size of $2 should be greater than $memtotal kilo bytes."
fi
}
check_save_path_fs()
{
local _path=$1
if [[ ! -d $_path ]]; then
perror_exit "Dump path $_path does not exist."
fi
}
mount_failure()
{
local _target=$1
local _mnt=$2
local _fstype=$3
local msg="Failed to mount $_target"
if [[ -n $_mnt ]]; then
msg="$msg on $_mnt"
fi
msg="$msg for kdump preflight check."
if [[ $_fstype == "nfs" ]]; then
msg="$msg Please make sure nfs-utils has been installed."
fi
perror_exit "$msg"
}
check_user_configured_target()
{
local _target=$1 _cfg_fs_type=$2 _mounted
local _mnt _opt _fstype
_mnt=$(get_mntpoint_from_target "$_target")
_opt=$(get_mntopt_from_target "$_target")
_fstype=$(get_fs_type_from_target "$_target")
if [[ -n $_fstype ]]; then
# In case of nfs4, nfs should be used instead, nfs* options is deprecated in kdump.conf
[[ $_fstype == "nfs"* ]] && _fstype=nfs
if [[ -n $_cfg_fs_type ]] && [[ $_fstype != "$_cfg_fs_type" ]]; then
perror_exit "\"$_target\" have a wrong type config \"$_cfg_fs_type\", expected \"$_fstype\""
fi
else
_fstype="$_cfg_fs_type"
_fstype="$_cfg_fs_type"
fi
# For noauto mount, mount it inplace with default value.
# Else use the temporary target directory
if [[ -n $_mnt ]]; then
if ! is_mounted "$_mnt"; then
if [[ $_opt == *",noauto"* ]]; then
mount "$_mnt" || mount_failure "$_target" "$_mnt" "$_fstype"
_mounted=$_mnt
else
perror_exit "Dump target \"$_target\" is neither mounted nor configured as \"noauto\""
fi
fi
else
_mnt=$MKDUMPRD_TMPMNT
mkdir -p "$_mnt"
mount "$_target" "$_mnt" -t "$_fstype" -o defaults || mount_failure "$_target" "" "$_fstype"
_mounted=$_mnt
fi
# For user configured target, use $SAVE_PATH as the dump path within the target
if [[ ! -d "$_mnt/$SAVE_PATH" ]]; then
perror_exit "Dump path \"$SAVE_PATH\" does not exist in dump target \"$_target\""
fi
check_size fs "$_target"
# Unmount it early, if function is interrupted and didn't reach here, the shell trap will clear it up anyway
if [[ -n $_mounted ]]; then
umount -f -- "$_mounted"
fi
}
# $1: core_collector config value
verify_core_collector()
{
local _cmd="${1%% *}"
2024-05-09 06:45:17 +00:00
local _params="${1#${_cmd}}"
if [[ $_cmd != "makedumpfile" ]]; then
if is_raw_dump_target; then
dwarn "Warning: specifying a non-makedumpfile core collector, you will have to recover the vmcore manually."
fi
return
fi
if is_ssh_dump_target || is_raw_dump_target; then
if ! strstr "$_params" "-F"; then
perror_exit 'The specified dump target needs makedumpfile "-F" option.'
fi
_params="$_params vmcore"
else
_params="$_params vmcore dumpfile"
fi
# shellcheck disable=SC2086
if ! $_cmd --check-params $_params; then
perror_exit "makedumpfile parameter check failed."
fi
}
add_mount()
{
local _mnt
_mnt=$(to_mount "$@") || exit 1
add_dracut_mount "$_mnt"
}
#handle the case user does not specify the dump target explicitly
handle_default_dump_target()
{
local _target
local _mntpoint
is_user_configured_dump_target && return
check_save_path_fs "$SAVE_PATH"
_save_path=$(get_bind_mount_source "$SAVE_PATH")
_target=$(get_target_from_path "$_save_path")
_mntpoint=$(get_mntpoint_from_target "$_target")
SAVE_PATH=${_save_path##"$_mntpoint"}
add_mount "$_target"
check_size fs "$_target"
}
# $1: function name
for_each_block_target()
{
local dev majmin
for dev in $(get_kdump_targets); do
[[ -b $dev ]] || continue
majmin=$(get_maj_min "$dev")
check_block_and_slaves "$1" "$majmin" && return 1
done
return 0
}
#judge if a specific device with $1 is unresettable
#return false if unresettable.
is_unresettable()
{
local path device resettable=1
path="/sys/$(udevadm info --query=all --path="/sys/dev/block/$1" | awk '/^P:/ {print $2}' | sed -e 's/\(cciss[0-9]\+\/\).*/\1/g' -e 's/\/block\/.*$//')/resettable"
if [[ -f $path ]]; then
resettable="$(< "$path")"
[[ $resettable -eq 0 ]] && [[ $OVERRIDE_RESETTABLE -eq 0 ]] && {
device=$(udevadm info --query=all --path="/sys/dev/block/$1" | awk -F= '/DEVNAME/{print $2}')
derror "Error: Can not save vmcore because device $device is unresettable"
return 0
}
fi
return 1
}
#check if machine is resettable.
#return true if resettable
check_resettable()
{
local _target _override_resettable
_override_resettable=$(kdump_get_conf_val override_resettable)
OVERRIDE_RESETTABLE=${_override_resettable:-$OVERRIDE_RESETTABLE}
if [ "$OVERRIDE_RESETTABLE" != "0" ] && [ "$OVERRIDE_RESETTABLE" != "1" ]; then
perror_exit "override_resettable value '$OVERRIDE_RESETTABLE' is invalid"
fi
for_each_block_target is_unresettable && return
return 1
}
check_crypt()
{
local _dev
for _dev in $(get_kdump_targets); do
if [[ -n $(get_luks_crypt_dev "$(get_maj_min "$_dev")") ]]; then
derror "Device $_dev is encrypted." && return 1
fi
done
}
if ! check_resettable; then
exit 1
fi
if ! check_crypt; then
dwarn "Warning: Encrypted device is in dump path, which is not recommended, see kexec-kdump-howto.txt for more details."
fi
# firstly get right SSH_KEY_LOCATION
keyfile=$(kdump_get_conf_val sshkey)
if [[ -f $keyfile ]]; then
# canonicalize the path
SSH_KEY_LOCATION=$(/usr/bin/readlink -m "$keyfile")
fi
while read -r config_opt config_val; do
# remove inline comments after the end of a directive.
case "$config_opt" in
extra_modules)
extra_modules="$extra_modules $config_val"
;;
ext[234] | xfs | btrfs | minix | nfs | virtiofs)
check_user_configured_target "$config_val" "$config_opt"
add_mount "$config_val" "$config_opt"
;;
raw)
# checking raw disk writable
dd if="$config_val" count=1 of=/dev/null > /dev/null 2>&1 || {
perror_exit "Bad raw disk $config_val"
}
_praw=$(persistent_policy="by-id" kdump_get_persistent_dev "$config_val")
if [[ -z $_praw ]]; then
exit 1
fi
add_dracut_arg "--device" "$_praw"
check_size raw "$config_val"
;;
ssh)
if strstr "$config_val" "@"; then
mkdir_save_path_ssh "$config_val"
check_size ssh "$config_val"
add_dracut_sshkey "$SSH_KEY_LOCATION"
else
perror_exit "Bad ssh dump target $config_val"
fi
;;
core_collector)
verify_core_collector "$config_val"
;;
dracut_args)
Install nfsv4-related drivers when users specify nfs dumping via dracut_args Resolves: bz2140721 Upstream: Fedora Conflict: None commit 70c7598ef03a1f611b3a00d8f2254fae1da5b0eb Author: Coiby Xu <coxu@redhat.com> Date: Fri Dec 23 16:03:38 2022 +0800 Install nfsv4-related drivers when users specify nfs dumping via dracut_args Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2140721 Currently, if users specify dumping to nfsv4 target via dracut_args --mount "<NFS-server-ip>:/var/crash /mnt nfs defaults" it fails with the following errors, [ 5.159760] mount[446]: mount.nfs: Protocol not supported [ 5.164502] systemd[1]: mnt.mount: Mount process exited, code=exited, status=32/n/a [ 5.167616] systemd[1]: mnt.mount: Failed with result 'exit-code'. [FAILED] Failed to mount /mnt. This is because nfsv4-releted drivers are not installed to kdump initrd. mkdumprd calls dracut with "--hostonly-mode strict". If nfsv4-related drivers aren't loaded before calling dracut, they won't be installed. When users specify nfs dumping via dracut_args, kexec-tools won't mount the nfs fs beforehand hence nfsv4-related drivers won't be installed. Note dracut only installs the nfs driver i.e. nfsv3 driver for "--mount ... nfs". So also install nfsv4-related drivers when users specify nfs dumping via dracut_args. Since nfs_layout_nfsv41_files depends on nfsv4, the nfsv4 driver will be installed automatically. As for the reason why we support nfs dumping via dracut_args instead of asking user to use the nfs directive, please refer to commit 74c6f464 ("Support special mount information via 'dracut_args'"). Fixes: 4eedcae5 ("dracut-module-setup.sh: don't include multipath-hostonly") Reported-by: rcheerla@redhat.com Signed-off-by: Coiby Xu <coxu@redhat.com> Reviewed-by: Philipp Rudo <prudo@redhat.com> Signed-off-by: Coiby Xu <coxu@redhat.com>
2023-03-21 08:01:22 +00:00
# When users specify nfs dumping via dracut_args, kexec-tools won't
# mount nfs fs beforehand thus nfsv4-related drivers won't be installed
# because we call dracut with --hostonly-mode strict. So manually install
# nfsv4-related drivers.
if [[ $(get_dracut_args_fstype "$config_val") == nfs* ]]; then
add_dracut_arg "--add-drivers" nfs_layout_nfsv41_files
fi
while read -r dracut_arg; do
add_dracut_arg "$dracut_arg"
done <<< "$(echo "$config_val" | xargs -n 1 echo)"
;;
*) ;;
esac
done <<< "$(kdump_read_conf)"
handle_default_dump_target
Set zstd as the default compression method for kdump initrd resolves: bz1896698 upstream: fedora conflict: none commit 0311f6e25bec9994de2c6b156b5a568583aa8aae Author: Tao Liu <ltao@redhat.com> Date: Wed Jan 5 17:42:12 2022 +0800 Set zstd as the default compression method for kdump initrd zstd has better compression ratio and time consumption balance. When no customized compression method specified in kdump.conf, we will use zstd as the default compression method. **The test method: I installed kexec-tools with and without the patch, executing the following command for 4 times, and calculate the averange time: $ rm -f /boot/initramfs-*kdump.img && time kdumpctl rebuild && \ ls -ail /boot/initramfs-*kdump.img **The test result: Bare metal x86_64 machine: dracut with squash module zlib lzo xz lz4 zstd real 10.6282 11.0398 11.395 8.6424 10.1676 user 9.8932 11.9072 14.2304 2.8286 8.6468 sys 3.523 3.4626 3.6028 3.5 3.4942 size of kdump.img 30575616 31419392 27102208 36666368 29236224 dracut without squash module zlib lzo xz lz4 zstd real 9.509 19.4876 11.6724 9.0338 10.267 user 10.6028 14.516 17.8662 4.0476 9.0936 sys 2.942 2.9184 3.0662 2.9232 3.0662 size of kdump.img 19247949 19958120 14505056 21112544 17007764 PowerVM hosted ppc64le VM: dracut with squash module | dracut without sqaush module zlib zstd | zlib zstd real 10.6742 10.7572 | 9.7676 10.5722 user 18.754 19.8338 | 20.7932 13.179 sys 1.8358 1.864 | 1.637 1.663 | size of | kdump.img 36917248 35467264 | 21441323 19007108 **discussion zstd has a better compression ratio and time consumption balance. Acked-by: Coiby Xu <coxu@redhat.com> Signed-off-by: Tao Liu <ltao@redhat.com> Signed-off-by: Tao Liu <ltao@redhat.com>
2022-01-06 06:23:41 +00:00
if ! have_compression_in_dracut_args; then
Seperate dracut and dracut-squash compressor for zstd Upstream: fedora Resolves: bz2045949 Resolves: bz2044804 Conflict: none commit fc1c79ffd21e7bcb3a710368cd7023c9a634258e Author: Tao Liu <ltao@redhat.com> Date: Sat Oct 8 12:09:08 2022 +0800 Seperate dracut and dracut-squash compressor for zstd Previously kexec-tools will pass "--compress zstd" to dracut. It will make dracut to decide whether: a) call mksquashfs to make a zstd format squash-root.img, b) call cmd zstd to make a initramfs. Since dracut(>= 057) has decoupled the compressor for dracut and dracut-squash, So in this patch, we will pass the compressor seperately. Note: The is_squash_available && !dracut_has_option --squash-compressor && !is_zsdt_command_available case is left unprocessed on purpose. Actually, the situation when we want to call zstd compression is: 1) If squash function OK, we want dracut to invoke mksquashfs to make a zstd format squash-root.img within initramfs. 2) If squash function is not OK, and cmd zstd presents, we want dracut to invoke cmd zstd to make a zstd format initramfs. is_zstd_command_available check can handle case 2 completely. However, for the is_squash_available check, it cannot handle case 1 completely. It only checks if the kernel supports squashfs, it doesn't check whether the squash module has been added by dracut when making initramfs. In fact, in kexec-tools we are unable to do the check, there are multiple ways to forbit dracut to load a module, such as "dracut -o module" and "omit_dracutmodules in dracut.conf". When squash dracut module is omitted, is_squash_available check will still pass, so "--compress zstd" will be appended to dracut cmdline, and it will call cmd zstd to do the compression. However cmd zstd may not exist, so it fails. The previous "--compress zstd" is ambiguous, after the intro of "--squash-compressor", "--squash-compressor" only effect for mksquashfs and "--compress" only effect for specific cmd. So for the is_squash_available && !dracut_has_option --squash-compressor && !is_zsdt_command_available case, we just leave it to be handled the default way. Reviewed-by: Philipp Rudo <prudo@redhat.com> Signed-off-by: Tao Liu <ltao@redhat.com> Signed-off-by: Tao Liu <ltao@redhat.com>
2022-10-26 02:16:16 +00:00
if is_squash_available && dracut_have_option "--squash-compressor"; then
add_dracut_arg "--squash-compressor" "zstd"
elif is_zstd_command_available; then
add_dracut_arg "--compress" "zstd"
fi
Set zstd as the default compression method for kdump initrd resolves: bz1896698 upstream: fedora conflict: none commit 0311f6e25bec9994de2c6b156b5a568583aa8aae Author: Tao Liu <ltao@redhat.com> Date: Wed Jan 5 17:42:12 2022 +0800 Set zstd as the default compression method for kdump initrd zstd has better compression ratio and time consumption balance. When no customized compression method specified in kdump.conf, we will use zstd as the default compression method. **The test method: I installed kexec-tools with and without the patch, executing the following command for 4 times, and calculate the averange time: $ rm -f /boot/initramfs-*kdump.img && time kdumpctl rebuild && \ ls -ail /boot/initramfs-*kdump.img **The test result: Bare metal x86_64 machine: dracut with squash module zlib lzo xz lz4 zstd real 10.6282 11.0398 11.395 8.6424 10.1676 user 9.8932 11.9072 14.2304 2.8286 8.6468 sys 3.523 3.4626 3.6028 3.5 3.4942 size of kdump.img 30575616 31419392 27102208 36666368 29236224 dracut without squash module zlib lzo xz lz4 zstd real 9.509 19.4876 11.6724 9.0338 10.267 user 10.6028 14.516 17.8662 4.0476 9.0936 sys 2.942 2.9184 3.0662 2.9232 3.0662 size of kdump.img 19247949 19958120 14505056 21112544 17007764 PowerVM hosted ppc64le VM: dracut with squash module | dracut without sqaush module zlib zstd | zlib zstd real 10.6742 10.7572 | 9.7676 10.5722 user 18.754 19.8338 | 20.7932 13.179 sys 1.8358 1.864 | 1.637 1.663 | size of | kdump.img 36917248 35467264 | 21441323 19007108 **discussion zstd has a better compression ratio and time consumption balance. Acked-by: Coiby Xu <coxu@redhat.com> Signed-off-by: Tao Liu <ltao@redhat.com> Signed-off-by: Tao Liu <ltao@redhat.com>
2022-01-06 06:23:41 +00:00
fi
if [[ -n $extra_modules ]]; then
add_dracut_arg "--add-drivers" "$extra_modules"
fi
2021-07-12 08:07:05 +00:00
# TODO: The below check is not needed anymore with the introduction of
# 'zz-fadumpinit' module, that isolates fadump's capture kernel initrd,
# but still sysroot.mount unit gets generated based on 'root=' kernel
# parameter available in fadump case. So, find a way to fix that first
# before removing this check.
if ! is_fadump_capable; then
# The 2nd rootfs mount stays behind the normal dump target mount,
# so it doesn't affect the logic of check_dump_fs_modified().
is_dump_to_rootfs && add_mount "$(to_dev_name "$(get_root_fs_device)")"
add_dracut_arg "--no-hostonly-default-device"
mkdumprd: call dracut with --add-device to install the drivers needed by /boot partition automatically for FIPS Resolves: https://issues.redhat.com/browse/RHEL-512 Upstream: Fedora Conflict: None commit 443a43e0750d14c8e3290ecf76535d1746bfac6a Author: Coiby Xu <coxu@redhat.com> Date: Wed May 24 12:01:45 2023 +0800 mkdumprd: call dracut with --add-device to install the drivers needed by /boot partition automatically for FIPS Currently, kdump doesn't work on many FIPS-enabled systems including Azure, ESXI, Hyper, POWER and etc. When FIPS is enabled, it needs to access /boot//.vmlinuz-xxx.hmac to verify the integrity of the kernel. However, on those systems, /boot fails to be mounted due to a lack of fs and block device drivers and the system just halted after failing to verify the integrity of the kernel. For example, on Hyper-V, sd_mod, sg, scsi_transport_fc, hv_storvsc and hv_vmbus need to be installed in order for /boot to be mounted. mkdumprd calls dracut with the --no-hostonly-default-device. Following the documentation (man dracut), --no-hostonly-default-device Do not generate implicit host devices like root, swap, fstab, etc. Use "--mount" or "--add-device" to explicitly add devices as needed this patch uses "--add-device" to explicitly add the device of /boot. Note there is already an attempt to fix it in dracut's 01fips module i.e. via the commit 83651776 ("fips: ensure fs module for /boot is installed"). Unfortunately it only installs the file system driver e.g. xfs. Reviewed-by: Philipp Rudo <prudo@redhat.com> Signed-off-by: Coiby Xu <coxu@redhat.com> Signed-off-by: Coiby Xu <coxu@redhat.com>
2023-05-29 02:43:57 +00:00
if fips-mode-setup --is-enabled 2> /dev/null; then
mkdumprd: call dracut with --add-device to install the drivers needed by /boot partition automatically for FIPS Resolves: https://issues.redhat.com/browse/RHEL-512 Upstream: Fedora Conflict: None commit 443a43e0750d14c8e3290ecf76535d1746bfac6a Author: Coiby Xu <coxu@redhat.com> Date: Wed May 24 12:01:45 2023 +0800 mkdumprd: call dracut with --add-device to install the drivers needed by /boot partition automatically for FIPS Currently, kdump doesn't work on many FIPS-enabled systems including Azure, ESXI, Hyper, POWER and etc. When FIPS is enabled, it needs to access /boot//.vmlinuz-xxx.hmac to verify the integrity of the kernel. However, on those systems, /boot fails to be mounted due to a lack of fs and block device drivers and the system just halted after failing to verify the integrity of the kernel. For example, on Hyper-V, sd_mod, sg, scsi_transport_fc, hv_storvsc and hv_vmbus need to be installed in order for /boot to be mounted. mkdumprd calls dracut with the --no-hostonly-default-device. Following the documentation (man dracut), --no-hostonly-default-device Do not generate implicit host devices like root, swap, fstab, etc. Use "--mount" or "--add-device" to explicitly add devices as needed this patch uses "--add-device" to explicitly add the device of /boot. Note there is already an attempt to fix it in dracut's 01fips module i.e. via the commit 83651776 ("fips: ensure fs module for /boot is installed"). Unfortunately it only installs the file system driver e.g. xfs. Reviewed-by: Philipp Rudo <prudo@redhat.com> Signed-off-by: Coiby Xu <coxu@redhat.com> Signed-off-by: Coiby Xu <coxu@redhat.com>
2023-05-29 02:43:57 +00:00
add_dracut_arg --add-device "$(findmnt -n -o SOURCE --target /boot)"
fi
fi
# This is RHEL-only to work around nvme problem, then real fix should go to dracut
if [[ -d /sys/module/nvme ]]; then
add_dracut_arg "--add-drivers" "nvme"
fi
Add kdump dracut config Resolves: RHEL-49590 Upstream: https://github.com/rhkdump/kdump-utils Conflict: Yes, kexec-tools is split into 3 parts upstream, some changes should be applied to kdump-utils Makefile, but RHEL-9 kexec-tools doesn't have that. Also missing upstream commits: - 1732a3b(mkdumprd: Omit rdma module) - 7fec2f56(mkdumprd: simplify handling of dracut arguments) commit dacb34341113fa925c15e28a7ce56a80dd370e2f Author: Lichen Liu <lichliu@redhat.com> Date: Tue Nov 5 12:07:42 2024 +0800 Add kdump dracut config In some cases, customizing the first kernel's initrd is necessary by modifying the dracut `omit_dracutmodules` options, such as in Bootc or CoreOS scenarios [1]. However, these changes can unintentionally break existing functionality in kdump. For instance, setting `omit_dracutmodules='nfs'` prevents the `nfs` module from being added. Additionally, some dracut configurations [2] use `dracutmodules+='some modules'` instead of `add_dracutmodules+='some modules'`. When `dracutmodules` is non-empty, dracut includes only the specified modules, which can result in an initrd that lacks necessary modules, causing kdump to fail. Dracut upstream support --add-confdir now, kdump can use this option when building kdump initramfs. This patch moved the hardcoded dracutmodules from mkdumprd to the new conf file /lib/kdump/dracut.conf.d/99-kdump.conf, it is easier to check and modify to omit or add certain modules. This patch also initialize dracutmodules to empty to avoid the influence of other configurations. See also: [1] https://github.com/rhkdump/kdump-utils/issues/11 [2] https://issues.redhat.com/browse/RHEL-49590?focusedId=25197134&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-25197134 Suggested-by: Dave Young <dyoung@redhat.com> Suggested-by: Colin Walters <walters@verbum.org> Signed-off-by: Lichen Liu <lichliu@redhat.com> Signed-off-by: Lichen Liu <lichliu@redhat.com>
2024-12-05 02:45:27 +00:00
# Use kdump managed dracut profile.
[[ $kdump_dracut_confdir ]] || kdump_dracut_confdir=/lib/kdump/dracut.conf.d
if [[ "$(dracut --help)" == *--add-confdir* ]] && [[ -d "$kdump_dracut_confdir" ]]; then
dracut_args+=("--add-confdir" "$kdump_dracut_confdir")
else
dracut_args+=(--add kdumpbase)
dracut_args+=(--omit "plymouth resume ifcfg earlykdump")
fi
dracut "${dracut_args[@]}" "$@"
_rc=$?
sync
exit $_rc