Renames FENCE_KDUMP_CONFIG variable to FENCE_KDUMP_CONFIG_FILE to
distinguish it from values read from fence_kdump_args option in
kdump.conf (introduced in following patches).
Bug-Url: https://bugzilla.redhat.com/1078134
Signed-off-by: Martin Perina <mperina@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
== Version 2 ==
Addresses Vivek's review comments:
1. Don't force numeric in awk script snipet.
2. Command line processing is moved from load_kernel to new function
"prepare_cmdline." This new function is responsible for
setting up the command line passed to KEXEC.
3. New function "append_cmdline" is added to append {argument,value}
pair to command line if argument is not already present.
== Version 1 ==
A recent patch (https://lkml.org/lkml/2014/1/15/42) enables multiple
processors in the crash kernel.
To do this safely the crash kernel needs to know which CPU was the 1st
kernel BSP (bootstrap processor) so that the crash kernel will NOT send
the BSP an INIT. If the crash kernel sends an INIT to the 1st kernel
BSP, some systems may reset or hang.
The EFI spec doesn't require that any particular processor is chosen
as the BSP and the CPU (and its apic id) can change from one boot to
the next. Hence automating the selection of CPU to disable if the
system would panic is desired.
This patch updates the kdumpctl script to get the "initial apicid"
of CPU 0 in the first kernel and will pass this as the
"disable_cpu_apicid=" arguement to kexec if it wasn't explicitly
set in /etc/sysconfig/kdump KDUMP_COMMANDLINE_APPEND.
CPU 0 is chosen as it is the processor thats execute the OS
initialization
code and hence was the BSP as per x86 SDM (Vol 3a Section 8.4.)
See associated Red Hat Bugzilla(s) for additional background material:
https://bugzilla.redhat.com/show_bug.cgi?id=1059031https://bugzilla.redhat.com/show_bug.cgi?id=980621
Signed-off-by: Jerry Hoemann <jerry.hoemann@hp.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Description of problem:
Previously with selinux in enforcing mode, could prevent ssh-keygen from
generating keys. Support for selinux policy for allowing applications to
access ssh-keygen for generating ssh keys was added in
selinux-policy-3.7.19-126.el6_2.6.
Solutions:
Because of the context was added for ssh key generation, so the keys were
generated without fliping from enforcing mode to permissive mode for ssh
key generation. This patch removes selinux code which switches between
enforcing and permissive modes.
Signed-off-by: arthur <zzou@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Move the code to check /sys/kernel/kexec_crash_loaded to function
check_kdump_feasibility(). And rename status() to check_current_kdump_status()
so these two functions become clearer.
cleanup kdumpctl status path as well.
Tested with kernel without CONFIG_KEXEC
Tested with run kdumpctl start two times.
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Kdump does not support secure boot yet, so let's claim it is not supported
at the begginning of service start function.
In this patch for checking secure boot status I'm checking the efivars per
suggestion from pjones. see in code comments for the details.
Tested in Fedora 19 + qemu ovmf with secure boot enabled.
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
If the system is configured fence kdump, we need to update kdump
initramfs if cluster or fence_kdump config is newer.
In RHEL7, cluster config is no longer keeping locally but stored
remotely. Fortunately we can use a pcs tool to retrieve the xml based
config and parse the last changed time from that.
/etc/sysconfig/fence_kdump is used to configure runtime arguments to
fence_kdump_send. So We have to pass the arguments to 2nd kernel.
When cluster config or /etc/sysconfig/fence_kdump is newer than local
kdump initramfs, we must rebuild initramfs to adapt changes in cluster.
For example:
Detected change(s) the following file(s):
cluster-cib /etc/sysconfig/fence_kdump
Rebuilding /boot/initramfs-xxxkdump.img
[..]
Signed-off-by: WANG Chao <chaowang@redhat.com>
Tested-by: Zhi Zou <zzou@redhat.com>
Tested-by: Marek Grac <mgrac@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
We only allow one instance of kdump service running at each time by
flock /var/lock/kdump which is opened as fd 9 in kdumpctl script.
However a leaking fd issue has been discovered by SELinux:
When executing a specific shell command (not the shell built-in but
provided by other packages, in this case - restorecon) in kdumpctl,
current shell will fork a new subshell for executing and
the subshell will inherit open fd 9 from parent shell. And SELinux
detects that subshell is holding the open fd and consider fd 9 is
leaked.
To avoid this kind of leaking, the most easy way seems to be breaking our
kdumpctl code out into two parts:
- A top level parent shell, which is only used to deal with the lock and
invoking the subshell below.
- A 2nd tier level subshell, which is closing the inherited open fd at
very first and doing the rest of the kdumpctl job. So that it isn't
leaking fd to its subshell when executing like restorecon, etc.
To be easy to understand, the callgraph is roughly like below:
[..]
--> open(9)
--> flock(9)
--> fork
--> close(9) <-- we close 9 right here
--> main() <-- we're now doing the real job
--> [..]
--> fork()
--> restorecon <-- we don't leak fd 9 to child process
--> [..]
--> [..]
As shown above, a wrapper main() is added as the 2nd tier level shell in
this kind of call model. So we can completely avoid leaking fd to
subshell.
Signed-off-by: WANG Chao <chaowang@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
From: Wade Mealing <wmealing@redhat.com>
The RHEL 5 release of mkdumprd allowed for comments in the kdump config
file as shown below:
net 192.168.1.1 # this is the comment part
This patch strips them out during processing, but leaves the configuration
file in original condition.
Signed-off-by: Wade Mealing <wmealing@redhat.com>
Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
There will be a race condition if multiple kdumpctl instances are
running at the same time.
By introducing a global mutex lock, only one instance can acquire this
lock and run, others will be waiting for the lock in queue. Now each
kdump instance will be run in serial order and there won't any race
condition.
This is a patch backported from RHEL6.
Signed-off-by: WANG Chao <chaowang@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
2nd kernel has very limited memory. Allocating huge pages will probably
trigger OOM. So let's remove hugepages and hugepagesz kernel parameters
for 2nd kernel when 1st kernel are using them.
If user wants huge pages cmdline in 2nd kernel, he/she can still specify
it through KERNEL_COMMANDLINE_APPEND in /etc/sysconfig/kdump.
This patch adds a new function remove_cmdline_param(). It takes a list
of kernel parameters as its arguments and remove them from given kernel
cmdline.
update:
1. Add description of remove_cmdline_param() per Vivek.
2. Remove_cmdline_param() will take kernel cmdline as $1, then strip it
and print the result.
Signed-off-by: WANG Chao <chaowang@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Dracut root fs is always mounted, but it's not guaranteed to success
because we are in crash/kdump context. So selinux policy can not only
depends on chroot load_policy.
Per discussion with Vivek and Selinux people, relabel kdump files
when the service restart.
Currently only below cases are considerd:
1. target mounted in 1st kernel
2. target mounted as rw, if user mount it as 'ro' they will have to
relabel the files by themselves.
3. save path is not masked, this means if /var/crash is mount to another
disk which is different from dump target it will not visible to user
so user need manually relabel them.
4. only local filesystem based targets.
Tested on F19 machine.
Tested local fs dump and network dump along with different save path
to address above mentioned cases.
Vivek: use function name is_dump_target_configured
use getfattr -m "security.selinux" instead of ".*"
Daniel: use restorecon instead of chcon.
dyoung: keep minix in local fs list since it has not been deperacated yet.
Vivek: wrap is_dump_target_configured checking in function path_to_be_relabeled
dyoung: use awk instead of cut to print config value for different
space delimeters
dyoung: mute df error message: `df $_mnt/$_path 2>/dev/null`
For nfs restorecon, since it will be in 3.11 kernel, we can add it when it's
ok in Fedora.
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
mkdumprd call dracut to rebuilding kdump initrd, sometimes passing extra
dracut args is helpful. For example user can enable debug output with
--debug, --printsize to print roughly increased initramfs size by each module,
--omit-drivers to omit kernel modules, etc.
This patch enables dracut_args option for passing extra args to dracut.
Also it modifies add_dracut_arg() to treat a string with-in quote as single
string because for dracut options which has its own args, the args need to be
quoted and space seperated.
If add_dracut_arg() gets an string read from kdump.conf and if that string
contains double quotes, then while converting to positional parameters
those double quotes are not interpreted. Hence if /etc/kdump.conf contains
following.
dracut_args --add-drivers "driver1 driver2"
then add_dracut_args() sees following positional parameters
$1= --add-drivers
$2= "driver1
$3= driver2"
Notice, double quotes have been ignored and parameters have been broken
based on white space.
Modify add_dracut_arg() to look for parameters starting with " and
if one is found, it tries to merge all the next parameters till one
is found with ending double quote. Hence effectively simulating
following behavior.
$1= --add-drivers
$2= "driver1 driver2"
[v1->v2]: address quoted substring in dracut_args, also handle the leading
and ending spaces in substring.
[v2->v3]: fix dracut arguments seperator in kdump.conf.
[v3->v4]: improve changelog, thanks vivek.
[v4->v5]: make the manpage more verbose [vivek].
Tested with below dracut_args test cases:
1. dracut_args --add-drivers "pcspkr virtio_net" --omit-drivers "sdhci-pci hid-logitech-dj e1000"
2. dracut_args --add-drivers " pcspkr virtio_net " --omit-drivers "sdhci-pci hid-logitech-dj e1000"
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Current blacklist option is different from the option in rhel6. In current
implementation blacklist just means omit the driver, but it should really
be preventing it being loaded in initramfs.
To keep consistent, just make the option as deprecated. User is suggested
to user dracut kernel cmdline rd.driver.blacklist instead.
[v1->v2]: improve man page description, thanks Vivek.
Tested in kvm guest with rd.driver.blacklist in kdump sysconfig
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Add a function check_config to check kdump config file.
1. move multi dump target checking into this function
2. check invalid config options and obsolete config options
3. check null config value.
[v2->v3]: add detail doc about deprecated options in kdump.conf manpage.
[v3->v4]: print out the bad config option in case it is not valid.
[v4->v5]: improve documentation according to comments from Vivek.
[v5->v6]: s/Deprecated/Invalid for invalid config options.
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Marc Milgram <mmilgram@redhat.com>
check_config is actually checking the files timestamp and rebuilding initrd.
Rename it to check_rebuild instead thus check_config can be used for checking
config file valid or not.
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
In old code, kdumpctl program exit directly when check_ssh_target failed
without printing "Starting kdump: FAILED". Then when manually invoke
"kdumpctl restart", only print "Stopping kdump: OK", but no "Starting
kdump: FAILED". That is unreasonable.
In this patch change check_ssh_target() to return when it failed. Then
check the returned value in start() function and print status if the
returned value is not 0.
Meanwhile change "space" to "tab" in function check_ssh_target(), make
those be consistent with the whole script file.
Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
In kdumpctl, some printings are incomplete, like "Starting kdump:" or
"Stopping kdump:". Now add the service status to the end of such kind
of printing.
Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
In fedora, systemd take control of services. During bootup and manually
invoke "systemctl restart kdump.service", the standard Output/Error
are all redirected to journal/syslog. Then particular LOGGER is useless
in kdumpctl.
In this patch, remove codes related to LOGGER. But for noticing user,
trying to add substituted printing to Standard Output/Err.
Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
Resolves: bz866357
MEM_RESERVED is for checking if crash memory is reserved or not.
Originally it use /proc/iomem for x86, parsing /proc/cmdline for ppc.
This cause problems for crashkernel=auto, because it does not fit for
the regular expression of [0-9]\+[MmKkGg]@[0-9]\+[MmGgKk]
Fix this by use /sys/kernel/kexec_crash_size for all arches.
After the fix the code is more clear than before.
[v1->v2] vivek: add space between "crash kernel"; remove misleading warning.
Tested-by: Chao Wang <chaowang@redhat.com>
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
We can use not only space but also tab as whitespace,
so s/\ /[[:blank:]] for checking the whitespace
The last commit is intend for checking multiple dump target,
and differentiate ssh and sshkey options. This issue is only
for ssh, so no need to add [[:blank:]] for other dump types to
create a very long code line.
[v1->v2]: use [[:blank:]] instead of [[:space:]]
see expanation in below doc:
http://en.wikipedia.org/wiki/Regular_expression#POSIX_character_classes
[:blank:] [ \t] Space and tab
[:space:] [ \t\r\n\v\f] Whitespace characters
Tested the [:blank:] works well as [:space:]
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
CC: Cong Wang <amwang@redhat.com>
Resolves: bz867703
For both ssh and sshkey specified in kdump.conf, we will error out:
[..]
+ start
+ local nr
++ awk 'BEGIN{cnt=0} /^raw|^ssh|^nfs|^ext[234]|^xfs|^btrfs|^minix/{cnt++} END{print cnt}' /etc/kdump.conf
+ nr=2
+ '[' 2 -gt 1 ']'
+ echo -n 'Error: More than one dump targets specified'
Error: More than one dump targets specified+ echo
Fix this by Improving the patterns for multi dump targes checking
with one more space.
Thanks ChaoWang for catching this and providing the fix.
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Add force_rebuild option in kdump.conf
Some user need always force rebuild the dumprd, add an kdump.conf
option force_rebuild here. If force_rebuild is set to 1
kdump initrd will be rebuilt every time then the service starts.
Testing:
Tested below cases:
force_rebuild
force_rebuild 0
force_rebuild 1
force_rebuild 2
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Currently net options means either nfs or ssh dump.
Better to split these two into standalone options. That's more clear to user.
after the split, ssh dump need user specify "ssh user@host"
nfs dump need user specify "nfs host:nfsshare"
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
we now switched to systemd, 'service kdump propagate' does not work anymore.
update the alert message to use 'kdumpctl propagate'
vivek: update kexec-kdump-howto.txt as well.
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
exit the saved $? instead of the wrong one after echo line
v1->v2: vivek, save the return value instead of exit 1
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Original patch is from Amerigo, but it has changed a lot:
remove multi dump
refreshed with latest git for the dump instruction function restructure
fixed the behavior of do_kdump_pre, if kdump_pre fails it will reboot
update the docs
check the existance and executable of kdump_pre/post files,
also check the timestamp of them for rebuilding.
refresh patch,
Address comments from vivek:
s/hush/bash in docs
fix the copy-paste error in kdump post error message
s/reboot\/halt/reboot in kexec-kdump-howto.txt
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Resolves: bz805778
Simply the logic and optimize the code
Move check_exist, check_executable, rebuild_initrd to functions
remove BOOTDIR which is not used
Note: There might be modules which are newer than last built initramfs,
we always rebuild the initramfs when extra_moduels= is specified.
Signed-off-by: Dave Young <dyoung@redhat.com>
-d option is not implemented and unused, remove it from mkdumprd
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Resolves: bz805783
kdumpctl: save_raw if found vmcore
mkdumprd: checking available size of raw disk
dracut module: do the dumping
Note, add a dir /kdumpscripts for monitor_dd_progress and future
kdump scripts
[v1->v2]: monitor_dd_process become a script instead of a function
add missed utils
use pipe with dc
[v2->v3]: Don: fix dd_progress_file typo
Vivek: move [ -f $conf_file ] earlier
don't split keyfile= and [ -f keyfile ]
move default core_collector earlier
move non-makedumpfile warnings to mkdumprd
make check available size a common function
Amerigo: use less pipe for grep then awk print
use shell (( )) instead of dc
use cut instead of awk
no need install dc and awk
make DD_BLKSIZE a variable
don't add 0755 file in git, chmod in module-setup.sh
[v3->v4]: vivek: kdumpctl multi raw target handling
monitor_dd_progress- fix wrong size calculation:
the tail -1 of dd pregress file is in bytes instead of blocks
only print the whole dd src file size for non-filtered case
check [ -b raw target device ] before dump
[v4->v5]: vivek: move check [ -b $1 ] before monitor_dd_progress
remove multi target function
[v5->v6]: vivek: only warning for raw dump of non-makedumpfile core_collector
[v6->v7]: kdumpctl should return 0 when there's no raw target
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
remove multi dump
Resolves: bz816859
multi dump was not written as a failsafe dump. Also it was not really tested.
It introduced more complexity in the early phase of porting plenty of rhel6
functions, so we'd remove it and concentrate on the base functionalities.
[v1->v2]: vivek: better error message
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Resolve: bug 807521
The fix is easy.
Command sed should be called with option -n to remain slience when DUMP_TARGET
is a nfs server like 'nfs.server:/mnt/testarea/nfs'.
Then nfs function check_ssh_config will return 1 to not to config nfs like a
ssh dump
Signed-off-by: Chao Wang <chaowang@redhat.com>
Add ssh dump support
changes including below items:
1. sshkey option
2. sshkey propagate
3. fix a bug of _server ip calculation for dump target string
4. change the prefix of kdump hook from 93 to 01 to avoid dhclient and
other cleanups happening before us
5. enable network with dracut cmdline rd.neednet=1 when there's network
target config
[v1 - v2]:
Only check_ssh_target when there's ssh dump target in kdump config file
[v2 -> v3]
style fixes: trailing spaces and space before tab indent
remove set -x
simply check_ssh_target
use awk to get sshkey option value
change pivot hook order to 0000
Signed-off-by: Dave Young <dyoung@redhat.com>