rpms/kexec-tools
5
0
Fork 0
Code Issues Pull Requests Releases Activity
cc58b51210
kexec-tools/dracut-module-setup.sh
Coiby Xu bf947239de Support setting up Open vSwitch (Ovs) Bridge network 
Resolves: https://issues.redhat.com/browse/RHEL-33465
Conflict: C9S misses the following two commits,
          - 1397006 ("dracut-module-setup: Remove remove_cpu_online_rule() since PowerPC uses nr_cpus")
          - 73c9eb7 ("dracut-module-setup: remove old s390 network device config (#1937048)")

Upstream Status: git@github.com:rhkdump/kdump-utils.git

commit 224d3102c54749eae98bfa1af8932aade8e4d2da
Author: Coiby Xu <coxu@redhat.com>
Date:   Mon Apr 22 15:02:42 2024 +0800

    Support setting up Open vSwitch (Ovs) Bridge network

    Resolves: https://issues.redhat.com/browse/RHEL-33465

    This patch supports setting up an Ovs bridge in kdump initrd. An Ovs
    bridge is similar to a classic Linux bridge but we use ovs-vsctl to find
    out the Ethernet device (having the MAC address as the bridge) added to
    an Ovs bridge. Once we copy all the needed NetworkManager (NM) connection
    profiles to kdump initrd and all the necessary files, NM will create an Ovs bridge
    automatically in kdump initrd.

    In the case of OpenShift Container Platform (OCP),
    ovs-configuration.service [1] is responsible for setting up an Ovs bridge.
    In theory, we can also try to bring up the original physical network
    interface before ovs-configuration.service. But this approach is
    cumbersome because it breaks our assumption that we should bring up the
    same network in kdump intrd as in 1st kernel (establishing the same network
    in kdump initrd only needs to copy the needed NM connection profiles
    thus we don't need to learn how different network setup work under the
    hood).

    How to test this patch with the help of configure-ovs.sh?
    =========================================================

    1. Extract configure-ovs.sh from [2]

    2. Install necessary packages for configure-ovs.sh
        dnf install openvswitch -yq
        dnf install NetworkManager-ovs nmap-ncat -yq

        systemctl enable --now openvswitch

        # restart NM so the ovs plugin can be activated
        systemctl restart NetworkManager

    3. Assume the network interface used for creating an Ovs bridge is
       "ens2", use configure-ovs.sh to create an Ovs bridge,

        interface=ens2
        mkdir -p /etc/ovnk
        echo $interface > /etc/ovnk/iface_default_hint
        bash configure-ovs.sh OVNKubernetes

    4. (Optional) If you want to make the created Ovs bridge survive a
       reboot, simply make the created NM connections created by
       configure-ovs.sh persist,

        cp /run/NetworkManager/system-connections/ovs-* /etc/NetworkManager/system-connections/

    If you need to create an Ovs bridge on top of a bonding network, use the
    following commands for step 3,

        nmcli con add type bond ifname bond0
        nmcli con add type ethernet ifname eth0 master bond0
        nmcli con add type ethernet ifname eth1 master bond0

        echo bond0 > /etc/ovnk/iface_default_hint
        bash configure-ovs.sh OVNKubernetes

    Note
    1. For RHEL, openvswitch3.3 may be installed so we need to get the
       package name by "rpm -qf /usr/lib/systemd/system/openvswitch.service"

    2. For RHEL9, openvswitch package needs to installed from another repo,
        cat << 'EOF' > /etc/yum.repos.d/ovs.repo
        [rhosp-rhel-9-fdp-cdn]
        name=Red Hat Enterprise Linux Fast Datapath $releasever - $basearch cdn
        baseurl=http://rhsm-pulp.corp.redhat.com/content/dist/layered/rhel9/$basearch/fast-datapath/os/
        enabled=1
        gpgcheck=0
        EOF

        dnf install openvswitch3.3 -yq

    3.  We instruct ovsdb-server to ignore NM connection files changes by
        "--ovsdb-server-options='--disable-file-column-diff'". In the
        future, this may not be needed if we simply copy all active NM
        connection profiles to kdump initrd without changing them after
        coming up with different solutions for the following cases,
        1. Some environments like some Azure machine doesn't use persistent
           NIC name. Current solution is to modify a NM connection
           profile to match a device by MAC address, for details check
           commit 568623e)

        2. If a NIC has an IPv4 or IPv6 address, set the corresponding
           may-fail property to no. Otherwise, dumping vmcore over IPv6
           could fail because only IPv4 network is ready or vice versa. Current
           solution is to disable IPv6 if only IPv4 is used and vice versa,
           for details check commit 9dfcacf,

        3. Some NICs need longer connection.wait-device-timeout otherwise
           the connection will fail to be established (commit 6b586a9).

    [1] https://github.com/openshift/machine-config-operator/blob/master/templates/common/_base/units/ovs-configuration.service.yaml
    [2] https://github.com/openshift/machine-config-operator/blob/master/templates/common/_base/files/configure-ovs-network.yaml

    Signed-off-by: Coiby Xu <coxu@redhat.com>

Signed-off-by: Coiby Xu <coxu@redhat.com>
2024-07-29 17:25:44 +08:00

1196 lines
37 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
_DRACUT_KDUMP_NM_TMP_DIR="$DRACUT_TMPDIR/$$-DRACUT_KDUMP_NM"
_save_kdump_netifs() {
unique_netifs[$1]=1
}
_get_kdump_netifs() {
echo -n "${!unique_netifs[@]}"
}
kdump_module_init() {
if ! [[ -d "${initdir}/tmp" ]]; then
mkdir -p "${initdir}/tmp"
fi
mkdir -p "$_DRACUT_KDUMP_NM_TMP_DIR"
. /lib/kdump/kdump-lib.sh
}
check() {
[[ $debug ]] && set -x
#kdumpctl sets this explicitly
if [[ -z $IN_KDUMP ]] || [[ ! -f /etc/kdump.conf ]]; then
return 1
fi
return 0
}
depends() {
local _dep="base shutdown"
kdump_module_init
add_opt_module() {
[[ " $omit_dracutmodules " != *\ $1\ * ]] && _dep="$_dep $1"
}
if is_squash_available; then
add_opt_module squash
else
dwarning "Required modules to build a squashed kdump image is missing!"
fi
if is_wdt_active; then
add_opt_module watchdog
fi
if is_ssh_dump_target; then
_dep="$_dep ssh-client"
fi
if is_lvm2_thinp_dump_target; then
if grep -q lvmthinpool-monitor <<< $(dracut --list-modules); then
add_opt_module lvmthinpool-monitor
else
dwarning "Required lvmthinpool-monitor modules is missing! Please upgrade dracut >= 057."
fi
fi
if [[ "$(uname -m)" == "s390x" ]]; then
_dep="$_dep znet"
fi
if [[ -n "$(ls -A /sys/class/drm 2> /dev/null)" ]] || [[ -d /sys/module/hyperv_fb ]]; then
add_opt_module drm
fi
if is_generic_fence_kdump || is_pcs_fence_kdump; then
_dep="$_dep network"
fi
echo "$_dep"
}
kdump_is_bridge() {
[[ -d /sys/class/net/"$1"/bridge ]]
}
kdump_is_bond() {
[[ -d /sys/class/net/"$1"/bonding ]]
}
kdump_is_team() {
[[ -f /usr/bin/teamnl ]] && teamnl "$1" ports &> /dev/null
}
kdump_is_vlan() {
[[ -f /proc/net/vlan/"$1" ]]
}
# $1: netdev name
source_ifcfg_file() {
local ifcfg_file
dwarning "Network Scripts are deprecated. You are encouraged to set up network by NetworkManager."
ifcfg_file=$(get_ifcfg_filename "$1")
if [[ -f ${ifcfg_file} ]]; then
. "${ifcfg_file}"
else
dwarning "The ifcfg file of $1 is not found!"
fi
}
# $1: repeat times
# $2: string to be repeated
# $3: separator
repeatedly_join_str() {
local _count="$1"
local _str="$2"
local _separator="$3"
local i _res
if [[ $_count -le 0 ]]; then
echo -n ""
return
fi
i=0
_res="$_str"
((_count--))
while [[ $i -lt $_count ]]; do
((i++))
_res="${_res}${_separator}${_str}"
done
echo -n "$_res"
}
# $1: prefix
# $2: ipv6_flag="-6" indicates it's IPv6
# Given a prefix, calculate the netmask (equivalent of "ipcalc -m")
# by concatenating three parts,
# 1) the groups with all bits set 1
# 2) a group with partial bits set to 0
# 3) the groups with all bits set to 0
cal_netmask_by_prefix() {
local _prefix="$1"
local _ipv6_flag="$2" _ipv6
local _bits_per_octet=8
local _count _res _octets_per_group _octets_total _seperator _total_groups
local _max_group_value _max_group_value_repr _bits_per_group _tmp _zero_bits
if [[ $_ipv6_flag == "-6" ]]; then
_ipv6=1
else
_ipv6=0
fi
if [[ $_prefix -lt 0 || $_prefix -gt 128 ]] \
|| ( ((!_ipv6)) && [[ $_prefix -gt 32 ]]); then
derror "Bad prefix:$_prefix for calculating netmask"
exit 1
fi
if ((_ipv6)); then
_octets_per_group=2
_octets_total=16
_seperator=":"
else
_octets_per_group=1
_octets_total=4
_seperator="."
fi
_total_groups=$((_octets_total / _octets_per_group))
_bits_per_group=$((_octets_per_group * _bits_per_octet))
_max_group_value=$(((1 << _bits_per_group) - 1))
if ((_ipv6)); then
_max_group_value_repr=$(printf "%x" $_max_group_value)
else
_max_group_value_repr="$_max_group_value"
fi
_count=$((_prefix / _octets_per_group / _bits_per_octet))
_first_part=$(repeatedly_join_str "$_count" "$_max_group_value_repr" "$_seperator")
_res="$_first_part"
_tmp=$((_octets_total * _bits_per_octet - _prefix))
_zero_bits=$((_tmp % _bits_per_group))
if [[ $_zero_bits -ne 0 ]]; then
_second_part=$((_max_group_value >> _zero_bits << _zero_bits))
if ((_ipv6)); then
_second_part=$(printf "%x" $_second_part)
fi
((_count++))
if [[ -z $_first_part ]]; then
_res="$_second_part"
else
_res="${_first_part}${_seperator}${_second_part}"
fi
fi
_count=$((_total_groups - _count))
if [[ $_count -eq 0 ]]; then
echo -n "$_res"
return
fi
if ((_ipv6)) && [[ $_count -gt 1 ]]; then
# use condensed notion for IPv6
_third_part=":"
else
_third_part=$(repeatedly_join_str "$_count" "0" "$_seperator")
fi
if [[ -z $_res ]] && ((!_ipv6)); then
echo -n "${_third_part}"
else
echo -n "${_res}${_seperator}${_third_part}"
fi
}
kdump_get_mac_addr() {
cat "/sys/class/net/$1/address"
}
#Bonding or team master modifies the mac address
#of its slaves, we should use perm address
kdump_get_perm_addr() {
local addr
addr=$(ethtool -P "$1" | sed -e 's/Permanent address: //')
if [[ -z $addr ]] || [[ $addr == "00:00:00:00:00:00" ]]; then
derror "Can't get the permanent address of $1"
else
echo "$addr"
fi
}
apply_nm_initrd_generator_timeouts() {
local _timeout_conf
_timeout_conf=$_DRACUT_KDUMP_NM_TMP_DIR/timeout_conf
cat << EOF > "$_timeout_conf"
[device-95-kdump]
carrier-wait-timeout=30000
[connection-95-kdump]
ipv4.dhcp-timeout=90
ipv6.dhcp-timeout=90
EOF
inst "$_timeout_conf" "/etc/NetworkManager/conf.d/95-kdump-timeouts.conf"
}
use_ipv4_or_ipv6() {
local _netif=$1 _uuid=$2
if [[ -v "ipv4_usage[$_netif]" ]]; then
nmcli connection modify --temporary "$_uuid" ipv4.may-fail no &> >(ddebug)
fi
if [[ -v "ipv6_usage[$_netif]" ]]; then
nmcli connection modify --temporary "$_uuid" ipv6.may-fail no &> >(ddebug)
fi
if [[ -v "ipv4_usage[$_netif]" ]] && [[ ! -v "ipv6_usage[$_netif]" ]]; then
nmcli connection modify --temporary "$_uuid" ipv6.method disabled &> >(ddebug)
elif [[ ! -v "ipv4_usage[$_netif]" ]] && [[ -v "ipv6_usage[$_netif]" ]]; then
nmcli connection modify --temporary "$_uuid" ipv4.method disabled &> >(ddebug)
fi
}
_clone_nmconnection() {
local _clone_output _name _unique_id
_unique_id=$1
_name=$(nmcli --get-values connection.id connection show "$_unique_id")
if _clone_output=$(nmcli connection clone --temporary uuid "$_unique_id" "$_name"); then
sed -E -n "s/.* \(.*\) cloned as.*\((.*)\)\.$/\1/p" <<< "$_clone_output"
return 0
fi
return 1
}
_match_nmconnection_by_mac() {
local _unique_id _dev _mac _mac_field
_unique_id=$1
_dev=$2
_mac=$(kdump_get_perm_addr "$_dev")
[[ $_mac != 'not set' ]] || return
_mac_field=$(nmcli --get-values connection.type connection show "$_unique_id").mac-address
nmcli connection modify --temporary "$_unique_id" "$_mac_field" "$_mac" &> >(ddebug)
nmcli connection modify --temporary "$_unique_id" "connection.interface-name" "" &> >(ddebug)
}
# Clone and modify NM connection profiles
#
# This function makes use of "nmcli clone" to automatically convert ifcfg-*
# files to Networkmanager .nmconnection connection profiles and also modify the
# properties of .nmconnection if necessary.
clone_and_modify_nmconnection() {
local _dev _cloned_nmconnection_file_path _tmp_nmconnection_file_path _old_uuid _uuid
_dev=$1
_nmconnection_file_path=$2
_old_uuid=$(nmcli --get-values connection.uuid connection show filename "$_nmconnection_file_path")
if ! _uuid=$(_clone_nmconnection "$_old_uuid"); then
derror "Failed to clone $_old_uuid"
exit 1
fi
use_ipv4_or_ipv6 "$_dev" "$_uuid"
nmcli connection modify --temporary uuid "$_uuid" connection.wait-device-timeout 60000 &> >(ddebug)
# For physical NIC i.e. non-user created NIC, ask NM to match a
# connection profile based on MAC address
_match_nmconnection_by_mac "$_uuid" "$_dev"
# If a value contain ":", nmcli by default escape it with "\:" because it
# also uses ":" as the delimiter to separate values. In our case, escaping is not needed.
_cloned_nmconnection_file_path=$(nmcli --escape no --get-values UUID,FILENAME connection show | sed -n "s/^${_uuid}://p")
_tmp_nmconnection_file_path=$_DRACUT_KDUMP_NM_TMP_DIR/$(basename "$_nmconnection_file_path")
cp "$_cloned_nmconnection_file_path" "$_tmp_nmconnection_file_path"
# change uuid back to old value in case it's refered by other connection
# profile e.g. connection.master could be interface name of the master
# device or UUID of the master connection.
sed -i -E "s/(^uuid=).*$/\1${_old_uuid}/g" "$_tmp_nmconnection_file_path"
nmcli connection del "$_uuid" &> >(ddebug)
echo -n "$_tmp_nmconnection_file_path"
}
_install_nmconnection() {
local _src _nmconnection_name _dst
_src=$1
_nmconnection_name=$(basename "$_src")
_dst="/etc/NetworkManager/system-connections/$_nmconnection_name"
inst "$_src" "$_dst"
}
kdump_install_nmconnections() {
local _netif _nm_conn_path _cloned_nm_path
while IFS=: read -r _netif _nm_conn_path; do
[[ -v "unique_netifs[$_netif]" ]] || continue
if _cloned_nm_path=$(clone_and_modify_nmconnection "$_netif" "$_nm_conn_path"); then
_install_nmconnection "$_cloned_nm_path"
else
derror "Failed to install the .nmconnection for $_netif"
exit 1
fi
done <<< "$(nmcli -t -f device,filename connection show --active)"
# Stop dracut 35network-manger to calling nm-initrd-generator.
# Note this line of code can be removed after NetworkManager >= 1.35.2
# gets released.
echo > "${initdir}/usr/libexec/nm-initrd-generator"
}
kdump_install_nm_netif_allowlist() {
local _netif _except_netif _netif_allowlist _netif_allowlist_nm_conf
for _netif in $1; do
_per_mac=$(kdump_get_perm_addr "$_netif")
if [[ "$_per_mac" != 'not set' ]]; then
_except_netif="mac:$_per_mac"
else
_except_netif="interface-name:$_netif"
fi
_netif_allowlist="${_netif_allowlist}except:${_except_netif};"
done
_netif_allowlist_nm_conf=$_DRACUT_KDUMP_NM_TMP_DIR/netif_allowlist_nm_conf
cat << EOF > "$_netif_allowlist_nm_conf"
[device-others]
match-device=${_netif_allowlist}
managed=false
EOF
inst "$_netif_allowlist_nm_conf" "/etc/NetworkManager/conf.d/10-kdump-netif_allowlist.conf"
}
_get_nic_driver() {
ethtool -i "$1" | sed -n -E "s/driver: (.*)/\1/p"
}
_get_hpyerv_physical_driver() {
local _physical_nic
_physical_nic=$(find /sys/class/net/"$1"/ -name 'lower_*' | sed -En "s/\/.*lower_(.*)/\1/p")
[[ -n $_physical_nic ]] || return
_get_nic_driver "$_physical_nic"
}
_get_physical_function_driver() {
local _physfn_dir=/sys/class/net/"$1"/device/physfn
if [[ -e "$_physfn_dir" ]]; then
basename "$(readlink -f "$_physfn_dir"/driver)"
fi
}
kdump_install_nic_driver() {
local _netif _driver _drivers
_drivers=('=drivers/net/phy' '=drivers/net/mdio')
for _netif in $1; do
[[ $_netif == lo ]] && continue
_driver=$(_get_nic_driver "$_netif")
if [[ -z $_driver ]]; then
derror "Failed to get the driver of $_netif"
exit 1
fi
if [[ $_driver == "802.1Q VLAN Support" ]]; then
# ethtool somehow doesn't return the driver name for a VLAN NIC
_driver=8021q
elif [[ $_driver == "team" ]]; then
# install the team mode drivers like team_mode_roundrobin.ko as well
_driver='=drivers/net/team'
elif [[ $_driver == "hv_netvsc" ]]; then
# A Hyper-V VM may have accelerated networking
# https://learn.microsoft.com/en-us/azure/virtual-network/accelerated-networking-overview
# Install the driver of physical NIC as well
_drivers+=("$(_get_hpyerv_physical_driver "$_netif")")
fi
_drivers+=("$_driver")
# For a Single Root I/O Virtualization (SR-IOV) virtual device,
# the driver of physical device needs to be installed as well
_drivers+=("$(_get_physical_function_driver "$_netif")")
done
[[ -n ${_drivers[*]} ]] || return
instmods "${_drivers[@]}"
}
kdump_setup_bridge() {
local _netdev=$1
local _dev
for _dev in "/sys/class/net/$_netdev/brif/"*; do
[[ -e $_dev ]] || continue
_dev=${_dev##*/}
if kdump_is_bond "$_dev"; then
kdump_setup_bond "$_dev" || return 1
elif kdump_is_team "$_dev"; then
kdump_setup_team "$_dev"
elif kdump_is_vlan "$_dev"; then
kdump_setup_vlan "$_dev"
fi
_save_kdump_netifs "$_dev"
done
}
kdump_setup_bond() {
local _netdev="$1"
local _dev
for _dev in $(< "/sys/class/net/$_netdev/bonding/slaves"); do
_save_kdump_netifs "$_dev"
done
}
kdump_setup_team() {
local _netdev=$1
local _dev
for _dev in $(teamnl "$_netdev" ports | awk -F':' '{print $2}'); do
_save_kdump_netifs "$_dev"
done
}
kdump_setup_vlan() {
local _netdev=$1
local _parent_netif
_parent_netif="$(awk '/^Device:/{print $2}' /proc/net/vlan/"$_netdev")"
#Just support vlan over bond and team
if kdump_is_bridge "$_parent_netif"; then
derror "Vlan over bridge is not supported!"
exit 1
elif kdump_is_bond "$_parent_netif"; then
kdump_setup_bond "$_parent_netif" || return 1
elif kdump_is_team "$_parent_netif"; then
kdump_setup_team "$_parent_netif" || return 1
fi
_save_kdump_netifs "$_parent_netif"
}
_find_znet_nmconnection() {
LANG=C grep -s -E -i -l \
"^s390-subchannels=([0-9]\.[0-9]\.[a-f0-9]+;){0,2}" \
"$1"/*.nmconnection | LC_ALL=C sed -e "$2"
}
kdump_setup_ovs() {
local _netdev="$1"
local _dev _phy_if
_phy_if=$(ovs_find_phy_if "$_netdev")
if kdump_is_bridge "$_phy_if"; then
kdump_setup_vlan "$_phy_if"
elif kdump_is_bond "$_phy_if"; then
kdump_setup_bond "$_phy_if" || return 1
elif kdump_is_team "$_phy_if"; then
derror "Ovs bridge over team is not supported!"
exit 1
fi
_save_kdump_netifs "$_phy_if"
}
# setup s390 znet
#
# Note part of code is extracted from ccw_init provided by s390utils
kdump_setup_znet() {
local _config_file _unique_name _NM_conf_dir
local __sed_discard_ignored_files='/\(~\|\.bak\|\.old\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d'
if [[ "$(uname -m)" != "s390x" ]]; then
return
fi
_NM_conf_dir="/etc/NetworkManager/system-connections"
_config_file=$(_find_znet_nmconnection "$initdir/$_NM_conf_dir" "$__sed_discard_ignored_files")
if [[ -n "$_config_file" ]]; then
ddebug "$_config_file has already contained the znet config"
return
fi
_config_file=$(LANG=C grep -s -E -i -l \
"^[[:space:]]*SUBCHANNELS=['\"]?([0-9]\.[0-9]\.[a-f0-9]+,){0,2}" \
/etc/sysconfig/network-scripts/ifcfg-* \
| LC_ALL=C sed -e "$__sed_discard_ignored_files")
if [[ -z "$_config_file" ]]; then
_config_file=$(_find_znet_nmconnection "$_NM_conf_dir" "$__sed_discard_ignored_files")
fi
if [[ -n "$_config_file" ]]; then
_unique_name=$(cat /proc/sys/kernel/random/uuid)
nmcli connection clone --temporary "$_config_file" "$_unique_name" &> >(ddebug)
nmcli connection modify --temporary "$_unique_name" connection.autoconnect false
inst "/run/NetworkManager/system-connections/${_unique_name}.nmconnection" "${_NM_conf_dir}/${_unique_name}.nmconnection"
nmcli connection del "$_unique_name" &> >(ddebug)
fi
}
kdump_get_remote_ip() {
local _remote _remote_temp
_remote=$(get_remote_host "$1")
if is_hostname "$_remote"; then
_remote_temp=$(getent ahosts "$_remote" | grep -v : | head -n 1)
if [[ -z $_remote_temp ]]; then
_remote_temp=$(getent ahosts "$_remote" | head -n 1)
fi
_remote=$(echo "$_remote_temp" | awk '{print $1}')
fi
echo "$_remote"
}
# Find the physical interface of Open vSwitch (Ovs) bridge
#
# The physical network interface has the same MAC address as the Ovs bridge
ovs_find_phy_if() {
local _mac _dev
_mac=$(kdump_get_mac_addr $1)
for _dev in $(ovs-vsctl list-ifaces $1); do
if [[ $_mac == $(</sys/class/net/$_dev/address) ]]; then
echo -n "$_dev"
return
fi
done
return 1
}
# Tell if a network interface is an Open vSwitch (Ovs) bridge
kdump_is_ovs_bridge() {
[[ $(_get_nic_driver $1) == openvswitch ]]
}
# Collect netifs needed by kdump
# $1: destination host
kdump_collect_netif_usage() {
local _destaddr _srcaddr _route _netdev
_destaddr=$(kdump_get_remote_ip "$1")
if ! _route=$(kdump_get_ip_route "$_destaddr"); then
derror "Bad kdump network destination: $_destaddr"
exit 1
fi
_srcaddr=$(kdump_get_ip_route_field "$_route" "src")
_netdev=$(kdump_get_ip_route_field "$_route" "dev")
if kdump_is_bridge "$_netdev"; then
kdump_setup_bridge "$_netdev"
elif kdump_is_bond "$_netdev"; then
kdump_setup_bond "$_netdev" || return 1
elif kdump_is_team "$_netdev"; then
kdump_setup_team "$_netdev"
elif kdump_is_vlan "$_netdev"; then
kdump_setup_vlan "$_netdev"
elif kdump_is_ovs_bridge "$_netdev"; then
has_ovs_bridge=yes
kdump_setup_ovs "$_netdev"
fi
_save_kdump_netifs "$_netdev"
if [[ ! -f ${initdir}/etc/cmdline.d/50neednet.conf ]]; then
# network-manager module needs this parameter
echo "rd.neednet" >> "${initdir}/etc/cmdline.d/50neednet.conf"
fi
if [[ ! -f ${initdir}/etc/cmdline.d/60kdumpip.conf ]]; then
echo "kdump_remote_ip=$_destaddr" > "${initdir}/etc/cmdline.d/60kdumpip.conf"
fi
if is_ipv6_address "$_srcaddr"; then
ipv6_usage[$_netdev]=1
else
ipv4_usage[$_netdev]=1
fi
}
kdump_install_resolv_conf() {
local _resolv_conf=/etc/resolv.conf _nm_conf_dir=/etc/NetworkManager/conf.d
# Some users may choose to manage /etc/resolve.conf manually [1]
# by setting dns=none or use a symbolic link resolve.conf [2].
# So resolve.conf should be installed to kdump initrd as well. To prevent
# NM frome overwritting the user-configured resolve.conf in kdump initrd,
# also set dns=none for NM.
#
# Note:
# 1. When resolv.conf is managed by systemd-resolved.service, it could also be a
# symbolic link. So exclude this case by teling if systemd-resolved is enabled.
#
# 2. It's harmless to blindly copy /etc/resolve.conf to the initrd because
# by default in initramfs this file will be overwritten by
# NetworkManager. If user manages it via a symbolic link, it's still
# preserved because NM won't touch a symbolic link file.
#
# [1] https://bugzilla.gnome.org/show_bug.cgi?id=690404
# [2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/manually-configuring-the-etc-resolv-conf-file_configuring-and-managing-networking
systemctl -q is-enabled systemd-resolved 2> /dev/null && return 0
inst "$_resolv_conf"
if NetworkManager --print-config | grep -qs "^dns=none"; then
printf "[main]\ndns=none\n" > "${initdir}/${_nm_conf_dir}"/90-dns-none.conf
fi
}
kdump_install_ovs_deps() {
[[ $has_ovs_bridge == yes ]] || return 0
inst_multiple -o $(rpm -ql NetworkManager-ovs) $(rpm -ql $(rpm -qf /usr/lib/systemd/system/openvswitch.service)) /sbin/sysctl /usr/bin/uuidgen /usr/bin/hostname /usr/bin/touch /usr/bin/expr /usr/bin/id /usr/bin/install /usr/bin/setpriv /usr/bin/nice /usr/bin/df
# 1. Overwrite the copied /etc/sysconfig/openvswitch so
# ovsdb-server.service can run as the default user root.
# /etc/sysconfig/openvswitch by default intructs ovsdb-server.service to
# run as USER=openvswitch, However openvswitch doesn't have the permission
# to write to /tmp in kdump initrd and ovsdb-server.servie will fail
# with the error "ovs-ctl[1190]: ovsdb-server: failed to create temporary
# file (Permission denied)". So run ovsdb-server.service as root instead
#
# 2. Bypass the error "referential integrity violation: Table Port column
# interfaces row" caused by we changing the connection profiles
echo "OPTIONS=\"--ovsdb-server-options='--disable-file-column-diff'\"" >"${initdir}/etc/sysconfig/openvswitch"
KDUMP_DROP_IN_DIR="${initdir}/etc/systemd/system/nm-initrd.service.d"
mkdir -p "$KDUMP_DROP_IN_DIR"
printf "[Unit]\nAfter=openvswitch.service\n" >$KDUMP_DROP_IN_DIR/01-after-ovs.conf
$SYSTEMCTL -q --root "$initdir" enable openvswitch.service
$SYSTEMCTL -q --root "$initdir" add-wants basic.target openvswitch.service
}
# Setup dracut to bring up network interface that enable
# initramfs accessing giving destination
kdump_install_net() {
local _netifs
_netifs=$(_get_kdump_netifs)
if [[ -n "$_netifs" ]]; then
kdump_install_nmconnections
apply_nm_initrd_generator_timeouts
kdump_setup_znet
kdump_install_nm_netif_allowlist "$_netifs"
kdump_install_nic_driver "$_netifs"
kdump_install_resolv_conf
kdump_install_ovs_deps
fi
}
# install etc/kdump/pre.d and /etc/kdump/post.d
kdump_install_pre_post_conf() {
if [[ -d /etc/kdump/pre.d ]]; then
for file in /etc/kdump/pre.d/*; do
if [[ -x $file ]]; then
dracut_install "$file"
elif [[ $file != "/etc/kdump/pre.d/*" ]]; then
echo "$file is not executable"
fi
done
fi
if [[ -d /etc/kdump/post.d ]]; then
for file in /etc/kdump/post.d/*; do
if [[ -x $file ]]; then
dracut_install "$file"
elif [[ $file != "/etc/kdump/post.d/*" ]]; then
echo "$file is not executable"
fi
done
fi
}
default_dump_target_install_conf() {
local _target _fstype
local _mntpoint _save_path
is_user_configured_dump_target && return
_save_path=$(get_bind_mount_source "$(get_save_path)")
_target=$(get_target_from_path "$_save_path")
_mntpoint=$(get_mntpoint_from_target "$_target")
_fstype=$(get_fs_type_from_target "$_target")
if is_fs_type_nfs "$_fstype"; then
kdump_collect_netif_usage "$_target"
_fstype="nfs"
else
_target=$(kdump_get_persistent_dev "$_target")
fi
echo "$_fstype $_target" >> "${initdir}/tmp/$$-kdump.conf"
# don't touch the path under root mount
if [[ $_mntpoint != "/" ]]; then
_save_path=${_save_path##"$_mntpoint"}
fi
#erase the old path line, then insert the parsed path
sed -i "/^path/d" "${initdir}/tmp/$$-kdump.conf"
echo "path $_save_path" >> "${initdir}/tmp/$$-kdump.conf"
}
#install kdump.conf and what user specifies in kdump.conf
kdump_install_conf() {
local _opt _val _pdev
kdump_read_conf > "${initdir}/tmp/$$-kdump.conf"
while read -r _opt _val; do
# remove inline comments after the end of a directive.
case "$_opt" in
raw)
_pdev=$(persistent_policy="by-id" kdump_get_persistent_dev "$_val")
sed -i -e "s#^${_opt}[[:space:]]\+$_val#$_opt $_pdev#" "${initdir}/tmp/$$-kdump.conf"
;;
ext[234] | xfs | btrfs | minix | virtiofs)
_pdev=$(kdump_get_persistent_dev "$_val")
sed -i -e "s#^${_opt}[[:space:]]\+$_val#$_opt $_pdev#" "${initdir}/tmp/$$-kdump.conf"
;;
ssh | nfs)
kdump_collect_netif_usage "$_val"
;;
dracut_args)
if [[ $(get_dracut_args_fstype "$_val") == nfs* ]]; then
kdump_collect_netif_usage "$(get_dracut_args_target "$_val")"
fi
;;
kdump_pre | kdump_post | extra_bins)
# shellcheck disable=SC2086
dracut_install $_val
;;
core_collector)
dracut_install "${_val%%[[:blank:]]*}"
;;
esac
done <<< "$(kdump_read_conf)"
kdump_install_pre_post_conf
default_dump_target_install_conf
kdump_configure_fence_kdump "${initdir}/tmp/$$-kdump.conf"
inst "${initdir}/tmp/$$-kdump.conf" "/etc/kdump.conf"
rm -f "${initdir}/tmp/$$-kdump.conf"
}
# Default sysctl parameters should suffice for kdump kernel.
# Remove custom configurations sysctl.conf & sysctl.d/*
remove_sysctl_conf() {
# As custom configurations like vm.min_free_kbytes can lead
# to OOM issues in kdump kernel, avoid them
rm -f "${initdir}/etc/sysctl.conf"
rm -rf "${initdir}/etc/sysctl.d"
rm -rf "${initdir}/run/sysctl.d"
rm -rf "${initdir}/usr/lib/sysctl.d"
}
kdump_iscsi_get_rec_val() {
local result
# The open-iscsi 742 release changed to using flat files in
# /var/lib/iscsi.
result=$(/sbin/iscsiadm --show -m session -r "$1" | grep "^${2} = ")
result=${result##* = }
echo "$result"
}
kdump_get_iscsi_initiator() {
local _initiator
local initiator_conf="/etc/iscsi/initiatorname.iscsi"
[[ -f $initiator_conf ]] || return 1
while read -r _initiator; do
[[ -z ${_initiator%%#*} ]] && continue # Skip comment lines
case $_initiator in
InitiatorName=*)
initiator=${_initiator#InitiatorName=}
echo "rd.iscsi.initiator=${initiator}"
return 0
;;
*) ;;
esac
done < ${initiator_conf}
return 1
}
# Figure out iBFT session according to session type
is_ibft() {
[[ "$(kdump_iscsi_get_rec_val "$1" "node.discovery_type")" == fw ]]
}
kdump_setup_iscsi_device() {
local path=$1
local tgt_name
local tgt_ipaddr
local username
local password
local userpwd_str
local username_in
local password_in
local userpwd_in_str
local netroot_str
local initiator_str
local netroot_conf="${initdir}/etc/cmdline.d/50iscsi.conf"
local initiator_conf="/etc/iscsi/initiatorname.iscsi"
dinfo "Found iscsi component $1"
# Check once before getting explicit values, so we can bail out early,
# e.g. in case of pure-hardware(all-offload) iscsi.
if ! /sbin/iscsiadm -m session -r "$path" &> /dev/null; then
return 1
fi
if is_ibft "$path"; then
return
fi
# Remove software iscsi cmdline generated by 95iscsi,
# and let kdump regenerate here.
rm -f "${initdir}/etc/cmdline.d/95iscsi.conf"
tgt_name=$(kdump_iscsi_get_rec_val "$path" "node.name")
tgt_ipaddr=$(kdump_iscsi_get_rec_val "$path" "node.conn\[0\].address")
# get and set username and password details
username=$(kdump_iscsi_get_rec_val "$path" "node.session.auth.username")
[[ $username == "<empty>" ]] && username=""
password=$(kdump_iscsi_get_rec_val "$path" "node.session.auth.password")
[[ $password == "<empty>" ]] && password=""
username_in=$(kdump_iscsi_get_rec_val "$path" "node.session.auth.username_in")
[[ -n $username ]] && userpwd_str="$username:$password"
# get and set incoming username and password details
[[ $username_in == "<empty>" ]] && username_in=""
password_in=$(kdump_iscsi_get_rec_val "$path" "node.session.auth.password_in")
[[ $password_in == "<empty>" ]] && password_in=""
[[ -n $username_in ]] && userpwd_in_str=":$username_in:$password_in"
kdump_collect_netif_usage "$tgt_ipaddr"
# prepare netroot= command line
# FIXME: Do we need to parse and set other parameters like protocol, port
# iscsi_iface_name, netdev_name, LUN etc.
if is_ipv6_address "$tgt_ipaddr"; then
tgt_ipaddr="[$tgt_ipaddr]"
fi
netroot_str="netroot=iscsi:${userpwd_str}${userpwd_in_str}@$tgt_ipaddr::::$tgt_name"
[[ -f $netroot_conf ]] || touch "$netroot_conf"
# If netroot target does not exist already, append.
if ! grep -q "$netroot_str" "$netroot_conf"; then
echo "$netroot_str" >> "$netroot_conf"
dinfo "Appended $netroot_str to $netroot_conf"
fi
# Setup initator
if ! initiator_str=$(kdump_get_iscsi_initiator); then
derror "Failed to get initiator name"
return 1
fi
# If initiator details do not exist already, append.
if ! grep -q "$initiator_str" "$netroot_conf"; then
echo "$initiator_str" >> "$netroot_conf"
dinfo "Appended $initiator_str to $netroot_conf"
fi
}
kdump_check_iscsi_targets() {
# If our prerequisites are not met, fail anyways.
type -P iscsistart > /dev/null || return 1
kdump_check_setup_iscsi() {
local _dev
_dev=$1
[[ -L /sys/dev/block/$_dev ]] || return
cd "$(readlink -f "/sys/dev/block/$_dev")" || return 1
until [[ -d sys || -d iscsi_session ]]; do
cd ..
done
[[ -d iscsi_session ]] && kdump_setup_iscsi_device "$PWD"
}
[[ $hostonly ]] || [[ $mount_needs ]] && {
for_each_host_dev_and_slaves_all kdump_check_setup_iscsi
}
}
# hostname -a is deprecated, do it by ourself
get_alias() {
local ips
local entries
local alias_set
ips=$(hostname -I)
for ip in $ips; do
# in /etc/hosts, alias can come at the 2nd column
if entries=$(grep "$ip" /etc/hosts | awk '{ $1=""; print $0 }'); then
alias_set="$alias_set $entries"
fi
done
echo "$alias_set"
}
is_localhost() {
local hostnames
local shortnames
local aliasname
local nodename=$1
hostnames=$(hostname -A)
shortnames=$(hostname -A -s)
aliasname=$(get_alias)
hostnames="$hostnames $shortnames $aliasname"
for name in ${hostnames}; do
if [[ $name == "$nodename" ]]; then
return 0
fi
done
return 1
}
# retrieves fence_kdump nodes from Pacemaker cluster configuration
get_pcs_fence_kdump_nodes() {
local nodes
pcs cluster sync > /dev/null 2>&1 && pcs cluster cib-upgrade > /dev/null 2>&1
# get cluster nodes from cluster cib, get interface and ip address
nodelist=$(pcs cluster cib | xmllint --xpath "/cib/status/node_state/@uname" -)
# nodelist is formed as 'uname="node1" uname="node2" ... uname="nodeX"'
# we need to convert each to node1, node2 ... nodeX in each iteration
for node in ${nodelist}; do
# convert $node from 'uname="nodeX"' to 'nodeX'
eval "$node"
nodename="$uname"
# Skip its own node name
if is_localhost "$nodename"; then
continue
fi
nodes="$nodes $nodename"
done
echo "$nodes"
}
# retrieves fence_kdump args from config file
get_pcs_fence_kdump_args() {
if [[ -f $FENCE_KDUMP_CONFIG_FILE ]]; then
. "$FENCE_KDUMP_CONFIG_FILE"
echo "$FENCE_KDUMP_OPTS"
fi
}
get_generic_fence_kdump_nodes() {
local filtered
local nodes
nodes=$(kdump_get_conf_val "fence_kdump_nodes")
for node in ${nodes}; do
# Skip its own node name
if is_localhost "$node"; then
continue
fi
filtered="$filtered $node"
done
echo "$filtered"
}
# setup fence_kdump in cluster
# setup proper network and install needed files
kdump_configure_fence_kdump() {
local kdump_cfg_file=$1
local nodes
local args
if is_generic_fence_kdump; then
nodes=$(get_generic_fence_kdump_nodes)
elif is_pcs_fence_kdump; then
nodes=$(get_pcs_fence_kdump_nodes)
# set appropriate options in kdump.conf
echo "fence_kdump_nodes $nodes" >> "${kdump_cfg_file}"
args=$(get_pcs_fence_kdump_args)
if [[ -n $args ]]; then
echo "fence_kdump_args $args" >> "${kdump_cfg_file}"
fi
else
# fence_kdump not configured
return 1
fi
# setup network for each node
for node in ${nodes}; do
kdump_collect_netif_usage "$node"
done
dracut_install /etc/hosts
dracut_install /etc/nsswitch.conf
dracut_install "$FENCE_KDUMP_SEND"
}
# Install a random seed used to feed /dev/urandom
# By the time kdump service starts, /dev/uramdom is already fed by systemd
kdump_install_random_seed() {
local poolsize
poolsize=$(< /proc/sys/kernel/random/poolsize)
if [[ ! -d "${initdir}/var/lib/" ]]; then
mkdir -p "${initdir}/var/lib/"
fi
dd if=/dev/urandom of="${initdir}/var/lib/random-seed" \
bs="$poolsize" count=1 2> /dev/null
}
kdump_install_systemd_conf() {
# Kdump turns out to require longer default systemd mount timeout
# than 1st kernel(90s by default), we use default 300s for kdump.
if ! grep -q -r "^[[:space:]]*DefaultTimeoutStartSec=" "${initdir}/etc/systemd/system.conf"*; then
mkdir -p "${initdir}/etc/systemd/system.conf.d"
echo "[Manager]" > "${initdir}/etc/systemd/system.conf.d/kdump.conf"
echo "DefaultTimeoutStartSec=300s" >> "${initdir}/etc/systemd/system.conf.d/kdump.conf"
fi
# Forward logs to console directly, and don't read Kmsg, this avoids
# unneccessary memory consumption and make console output more useful.
# Only do so for non fadump image.
mkdir -p "${initdir}/etc/systemd/journald.conf.d"
echo "[Journal]" > "${initdir}/etc/systemd/journald.conf.d/kdump.conf"
echo "Storage=volatile" >> "${initdir}/etc/systemd/journald.conf.d/kdump.conf"
echo "ReadKMsg=no" >> "${initdir}/etc/systemd/journald.conf.d/kdump.conf"
echo "ForwardToConsole=yes" >> "${initdir}/etc/systemd/journald.conf.d/kdump.conf"
}
remove_cpu_online_rule() {
local file=${initdir}/usr/lib/udev/rules.d/40-redhat.rules
sed -i '/SUBSYSTEM=="cpu"/d' "$file"
}
install() {
declare -A unique_netifs ipv4_usage ipv6_usage
local arch has_ovs_bridge
kdump_module_init
kdump_install_conf
remove_sysctl_conf
# Onlining secondary cpus breaks kdump completely on KVM on Power hosts
# Though we use maxcpus=1 by default but 40-redhat.rules will bring up all
# possible cpus by default. (rhbz1270174 rhbz1266322)
# Thus before we get the kernel fix and the systemd rule fix let's remove
# the cpu online rule in kdump initramfs.
arch=$(uname -m)
if [[ "$arch" = "ppc64le" ]] || [[ "$arch" = "ppc64" ]]; then
remove_cpu_online_rule
fi
if is_ssh_dump_target; then
kdump_install_random_seed
fi
dracut_install -o /etc/adjtime /etc/localtime
inst "$moddir/monitor_dd_progress" "/kdumpscripts/monitor_dd_progress"
chmod +x "${initdir}/kdumpscripts/monitor_dd_progress"
inst "/bin/dd" "/bin/dd"
inst "/bin/tail" "/bin/tail"
inst "/bin/date" "/bin/date"
inst "/bin/sync" "/bin/sync"
inst "/bin/cut" "/bin/cut"
inst "/bin/head" "/bin/head"
inst "/bin/awk" "/bin/awk"
inst "/bin/sed" "/bin/sed"
inst "/bin/stat" "/bin/stat"
inst "/sbin/makedumpfile" "/sbin/makedumpfile"
inst "/sbin/vmcore-dmesg" "/sbin/vmcore-dmesg"
inst "/usr/bin/printf" "/sbin/printf"
inst "/usr/bin/logger" "/sbin/logger"
inst "/usr/bin/chmod" "/sbin/chmod"
inst "/lib/kdump/kdump-lib-initramfs.sh" "/lib/kdump-lib-initramfs.sh"
inst "/lib/kdump/kdump-logger.sh" "/lib/kdump-logger.sh"
inst "$moddir/kdump.sh" "/usr/bin/kdump.sh"
inst "$moddir/kdump-capture.service" "$systemdsystemunitdir/kdump-capture.service"
systemctl -q --root "$initdir" add-wants initrd.target kdump-capture.service
# Replace existing emergency service and emergency target
cp "$moddir/kdump-emergency.service" "$initdir/$systemdsystemunitdir/emergency.service"
cp "$moddir/kdump-emergency.target" "$initdir/$systemdsystemunitdir/emergency.target"
# Also redirect dracut-emergency to kdump error handler
ln_r "$systemdsystemunitdir/emergency.service" "$systemdsystemunitdir/dracut-emergency.service"
# Disable ostree as we only need the physical root
systemctl -q --root "$initdir" mask ostree-prepare-root.service
# Check for all the devices and if any device is iscsi, bring up iscsi
# target. Ideally all this should be pushed into dracut iscsi module
# at some point of time.
kdump_check_iscsi_targets
kdump_install_systemd_conf
# nfs/ssh dump will need to get host ip in second kernel and need to call 'ip' tool, see get_host_ip for more detail
if is_nfs_dump_target || is_ssh_dump_target; then
inst "ip"
fi
kdump_install_net
# For the lvm type target under kdump, in /etc/lvm/lvm.conf we can
# safely replace "reserved_memory=XXXX"(default value is 8192) with
# "reserved_memory=1024" to lower memory pressure under kdump. We do
# it unconditionally here, if "/etc/lvm/lvm.conf" doesn't exist, it
# actually does nothing.
sed -i -e \
's/\(^[[:space:]]*reserved_memory[[:space:]]*=\)[[:space:]]*[[:digit:]]*/\1 1024/' \
"${initdir}/etc/lvm/lvm.conf" &> /dev/null
# Skip initrd-cleanup.service and initrd-parse-etc.service becasue we don't
# need to switch root. Instead of removing them, we use ConditionPathExists
# to check if /proc/vmcore exists to determine if we are in kdump.
sed -i '/\[Unit\]/a ConditionPathExists=!\/proc\/vmcore' \
"${initdir}/${systemdsystemunitdir}/initrd-cleanup.service" &> /dev/null
sed -i '/\[Unit\]/a ConditionPathExists=!\/proc\/vmcore' \
"${initdir}/${systemdsystemunitdir}/initrd-parse-etc.service" &> /dev/null
# Save more memory by dropping switch root capability
dracut_no_switch_root
}
Reference in New Issue View Git Blame Copy Permalink