| #! /bin/sh |
| KEXEC=/sbin/kexec |
| |
| KDUMP_KERNELVER="" |
| KDUMP_COMMANDLINE="" |
| KEXEC_ARGS="" |
| KDUMP_CONFIG_FILE="/etc/kdump.conf" |
| MKDUMPRD="/sbin/mkdumprd -f" |
| SAVE_PATH=/var/crash |
| SSH_KEY_LOCATION="/root/.ssh/kdump_id_rsa" |
| DUMP_TARGET="" |
| TARGET_INITRD="" |
| FADUMP_ENABLED_SYS_NODE="/sys/kernel/fadump_enabled" |
| FADUMP_REGISTER_SYS_NODE="/sys/kernel/fadump_registered" |
| #kdump shall be the default dump mode |
| DEFAULT_DUMP_MODE="kdump" |
| |
| . /lib/kdump/kdump-lib.sh |
| |
| standard_kexec_args="-p" |
| |
| if [ -f /etc/sysconfig/kdump ]; then |
| . /etc/sysconfig/kdump |
| fi |
| |
| single_instance_lock() |
| { |
| local rc timeout=5 |
| |
| exec 9>/var/lock/kdump |
| |
| flock -n 9 |
| rc=$? |
| |
| while [ $rc -ne 0 ]; do |
| echo "Another app is currently holding the kdump lock; waiting for it to exit..." |
| flock -w $timeout 9 |
| rc=$? |
| done |
| } |
| |
| determine_dump_mode() |
| { |
| # Check if firmware-assisted dump is enabled |
| # if yes, set the dump mode as fadump |
| if is_fadump_capable; then |
| echo "Dump mode is fadump" |
| DEFAULT_DUMP_MODE="fadump" |
| fi |
| } |
| |
| # remove_cmdline_param <kernel cmdline> <param1> [<param2>] ... [<paramN>] |
| # Remove a list of kernel parameters from a given kernel cmdline and print the result. |
| # For each "arg" in the removing params list, "arg" and "arg=xxx" will be removed if exists. |
| remove_cmdline_param() |
| { |
| local cmdline=$1 |
| shift |
| |
| for arg in $@; do |
| cmdline=`echo $cmdline | \ |
| sed -e "s/\b$arg=[^ ]*\b//g" \ |
| -e "s/\b$arg\b//g" \ |
| -e "s/\s\+/ /g"` |
| done |
| echo $cmdline |
| } |
| |
| # |
| # This function returns the "initial apicid" of the |
| # boot cpu (cpu 0) if present. |
| # |
| get_bootcpu_initial_apicid() |
| { |
| awk ' \ |
| BEGIN { CPU = "-1"; } \ |
| $1=="processor" && $2==":" { CPU = $NF; } \ |
| CPU=="0" && /initial apicid/ { print $NF; } \ |
| ' \ |
| /proc/cpuinfo |
| } |
| |
| # |
| # This function appends argument "$2=$3" to string ($1) if not already present. |
| # |
| append_cmdline() |
| { |
| local cmdline=$1 |
| local newstr=${cmdline/$2/""} |
| |
| # unchanged str implies argument wasn't there |
| if [ "$cmdline" == "$newstr" ]; then |
| cmdline="${cmdline} ${2}=${3}" |
| fi |
| |
| echo $cmdline |
| } |
| |
| # This function performs a series of edits on the command line |
| prepare_cmdline() |
| { |
| local cmdline; |
| if [ -z "$KDUMP_COMMANDLINE" ]; then |
| cmdline=`cat /proc/cmdline` |
| else |
| cmdline=${KDUMP_COMMANDLINE} |
| fi |
| cmdline=`remove_cmdline_param "$cmdline" crashkernel hugepages hugepagesz` |
| |
| |
| cmdline="${cmdline} ${KDUMP_COMMANDLINE_APPEND}" |
| |
| local id=`get_bootcpu_initial_apicid` |
| if [ ! -z ${id} ] ; then |
| cmdline=`append_cmdline "${cmdline}" disable_cpu_apicid ${id}` |
| fi |
| |
| echo $cmdline |
| } |
| |
| |
| save_core() |
| { |
| coredir="/var/crash/`date +"%Y-%m-%d-%H:%M"`" |
| |
| mkdir -p $coredir |
| cp --sparse=always /proc/vmcore $coredir/vmcore-incomplete |
| if [ $? == 0 ]; then |
| mv $coredir/vmcore-incomplete $coredir/vmcore |
| echo "saved a vmcore to $coredir" |
| else |
| echo "failed to save a vmcore to $coredir" >&2 |
| fi |
| |
| # pass the dmesg to Abrt tool if exists, in order |
| # to collect the kernel oops message. |
| # https://fedorahosted.org/abrt/ |
| if [ -x /usr/bin/dumpoops ]; then |
| makedumpfile --dump-dmesg $coredir/vmcore $coredir/dmesg >/dev/null 2>&1 |
| dumpoops -d $coredir/dmesg >/dev/null 2>&1 |
| if [ $? == 0 ]; then |
| echo "kernel oops has been collected by abrt tool" |
| fi |
| fi |
| } |
| |
| rebuild_fadump_initrd() |
| { |
| local target_initrd_tmp |
| |
| # backup fadump initrd for reference before replacing it |
| backup_initrd |
| |
| # this file tells the initrd is fadump enabled |
| touch /tmp/fadump.initramfs |
| target_initrd_tmp="$TARGET_INITRD.tmp" |
| $MKDUMPRD $target_initrd_tmp --rebuild $TARGET_INITRD --kver $kdump_kver \ |
| -i /tmp/fadump.initramfs /etc/fadump.initramfs |
| if [ $? != 0 ]; then |
| echo "mkdumprd: failed to rebuild initrd with fadump support" >&2 |
| rm -f /tmp/fadump.initramfs |
| return 1 |
| fi |
| rm -f /tmp/fadump.initramfs |
| |
| # updating fadump initrd |
| mv $target_initrd_tmp $TARGET_INITRD |
| sync |
| |
| return 0 |
| } |
| |
| rebuild_kdump_initrd() |
| { |
| $MKDUMPRD $TARGET_INITRD $kdump_kver |
| if [ $? != 0 ]; then |
| echo "mkdumprd: failed to make kdump initrd" >&2 |
| return 1 |
| fi |
| |
| return 0 |
| } |
| |
| rebuild_initrd() |
| { |
| if [ $DEFAULT_DUMP_MODE == "fadump" ]; then |
| rebuild_fadump_initrd |
| else |
| rebuild_kdump_initrd |
| fi |
| |
| return $? |
| } |
| |
| #$1: the files to be checked with IFS=' ' |
| check_exist() |
| { |
| for file in $1; do |
| if [ ! -f "$file" ]; then |
| echo -n "Error: $file not found."; echo |
| return 1 |
| fi |
| done |
| } |
| |
| #$1: the files to be checked with IFS=' ' |
| check_executable() |
| { |
| for file in $1; do |
| if [ ! -x "$file" ]; then |
| echo -n "Error: $file is not executable."; echo |
| return 1 |
| fi |
| done |
| } |
| |
| backup_initrd() |
| { |
| local target_initrd_bak |
| |
| # Check if backup initrd is already present. |
| target_initrd_bak="$TARGET_INITRD.bak" |
| if [ ! -e $target_initrd_bak ];then |
| echo "Backing up $TARGET_INITRD" |
| cp $TARGET_INITRD $target_initrd_bak |
| fi |
| } |
| |
| check_config() |
| { |
| local nr |
| |
| nr=$(awk 'BEGIN{cnt=0} /^raw|^ssh[[:blank:]]|^nfs|^ext[234]|^xfs|^btrfs|^minix/{cnt++} END{print cnt}' $KDUMP_CONFIG_FILE) |
| [ $nr -gt 1 ] && { |
| echo "More than one dump targets specified." |
| return 1 |
| } |
| |
| while read config_opt config_val; do |
| # remove inline comments after the end of a directive. |
| config_val=$(strip_comments $config_val) |
| case "$config_opt" in |
| \#* | "") |
| ;; |
| raw|ext2|ext3|ext4|minix|btrfs|xfs|nfs|ssh|sshkey|path|core_collector|kdump_post|kdump_pre|extra_bins|extra_modules|default|force_rebuild|dracut_args|fence_kdump_args|fence_kdump_nodes) |
| [ -z "$config_val" ] && { |
| echo "Invalid kdump config value for option $config_opt." |
| return 1; |
| } |
| ;; |
| net|options|link_delay|disk_timeout|debug_mem_level|blacklist) |
| echo "Deprecated kdump config option: $config_opt. Refer to kdump.conf manpage for alternatives." |
| return 1 |
| ;; |
| *) |
| echo "Invalid kdump config option $config_opt" |
| return 1; |
| ;; |
| esac |
| done < $KDUMP_CONFIG_FILE |
| |
| check_fence_kdump_config || return 1 |
| |
| return 0 |
| } |
| |
| # get_pcs_cluster_modified_files <image timestamp> |
| # return list of modified file for fence_kdump modified in Pacemaker cluster |
| get_pcs_cluster_modified_files() |
| { |
| local image_time=$1 |
| local time_stamp |
| local modified_files |
| |
| is_generic_fence_kdump && return 1 |
| is_pcs_fence_kdump || return 1 |
| |
| time_stamp=`pcs cluster cib | xmllint --xpath 'string(/cib/@cib-last-written)' - | \ |
| xargs -0 date +%s --date` |
| |
| if [ -n $time_stamp -a $time_stamp -gt $image_time ]; then |
| modified_files="cluster-cib" |
| fi |
| |
| if [ -f $FENCE_KDUMP_CONFIG_FILE ]; then |
| time_stamp=`stat -c "%Y" $FENCE_KDUMP_CONFIG_FILE` |
| if [ "$time_stamp" -gt "$image_time" ]; then |
| modified_files="$modified_files $FENCE_KDUMP_CONFIG_FILE" |
| fi |
| fi |
| |
| echo $modified_files |
| } |
| |
| setup_target_initrd() |
| { |
| if [ $DEFAULT_DUMP_MODE == "fadump" ]; then |
| TARGET_INITRD="${KDUMP_BOOTDIR}/initramfs-${kdump_kver}.img" |
| if [ ! -s "$TARGET_INITRD" ]; then |
| echo "Error: No initrd found to rebuild!" |
| return 1 |
| fi |
| else |
| TARGET_INITRD="${KDUMP_BOOTDIR}/initramfs-${kdump_kver}kdump.img" |
| fi |
| } |
| |
| check_rebuild() |
| { |
| local extra_modules modified_files="" |
| local _force_rebuild force_rebuild="0" |
| local initramfs_has_fadump |
| |
| if [ -z "$KDUMP_KERNELVER" ]; then |
| kdump_kver=`uname -r` |
| else |
| kdump_kver=$KDUMP_KERNELVER |
| fi |
| |
| kdump_kernel="${KDUMP_BOOTDIR}/${KDUMP_IMG}-${kdump_kver}${KDUMP_IMG_EXT}" |
| setup_target_initrd |
| if [ $? -ne 0 ]; then |
| return 1 |
| fi |
| |
| _force_rebuild=`grep ^force_rebuild $KDUMP_CONFIG_FILE 2>/dev/null` |
| if [ $? -eq 0 ]; then |
| force_rebuild=`echo $_force_rebuild | cut -d' ' -f2` |
| if [ "$force_rebuild" != "0" ] && [ "$force_rebuild" != "1" ];then |
| echo "Error: force_rebuild value is invalid" |
| return 1 |
| fi |
| fi |
| |
| #will rebuild every time if extra_modules are specified |
| extra_modules=`grep ^extra_modules $KDUMP_CONFIG_FILE` |
| [ -n "$extra_modules" ] && force_rebuild="1" |
| |
| #check to see if dependent files has been modified |
| #since last build of the image file |
| if [ -f $TARGET_INITRD ]; then |
| image_time=`stat -c "%Y" $TARGET_INITRD 2>/dev/null` |
| else |
| image_time=0 |
| fi |
| |
| #also rebuild when Pacemaker cluster conf is changed and fence kdump is enabled. |
| modified_files=$(get_pcs_cluster_modified_files $image_time) |
| |
| EXTRA_BINS=`grep ^kdump_post $KDUMP_CONFIG_FILE | cut -d\ -f2` |
| CHECK_FILES=`grep ^kdump_pre $KDUMP_CONFIG_FILE | cut -d\ -f2` |
| EXTRA_BINS="$EXTRA_BINS $CHECK_FILES" |
| CHECK_FILES=`grep ^extra_bins $KDUMP_CONFIG_FILE | cut -d\ -f2-` |
| EXTRA_BINS="$EXTRA_BINS $CHECK_FILES" |
| files="$KDUMP_CONFIG_FILE $kdump_kernel $EXTRA_BINS /etc/fstab" |
| |
| check_exist "$files" && check_executable "$EXTRA_BINS" |
| [ $? -ne 0 ] && return 1 |
| |
| for file in $files; do |
| time_stamp=`stat -c "%Y" $file` |
| if [ "$time_stamp" -gt "$image_time" ]; then |
| modified_files="$modified_files $file" |
| fi |
| done |
| |
| #check if target initrd has fadump support |
| if [ "$DEFAULT_DUMP_MODE" = "fadump" ] && [ -f "$TARGET_INITRD" ]; then |
| initramfs_has_fadump=`lsinitrd -m $TARGET_INITRD | grep ^kdumpbase$ | wc -l` |
| fi |
| |
| if [ $image_time -eq 0 ]; then |
| echo -n "No kdump initial ramdisk found."; echo |
| elif [ $DEFAULT_DUMP_MODE == "fadump" ] && [ "$initramfs_has_fadump" -eq "0" ]; then |
| echo "$TARGET_INITRD has no fadump support" |
| elif [ "$force_rebuild" != "0" ]; then |
| echo -n "Force rebuild $TARGET_INITRD"; echo |
| elif [ -n "$modified_files" ]; then |
| echo "Detected change(s) in the following file(s):" |
| echo -n " "; echo "$modified_files" | sed 's/\s/\n /g' |
| else |
| return 0 |
| fi |
| |
| echo "Rebuilding $TARGET_INITRD" |
| rebuild_initrd |
| return $? |
| } |
| |
| # This function check iomem and determines if we have more than |
| # 4GB of ram available. Returns 1 if we do, 0 if we dont |
| need_64bit_headers() |
| { |
| return `tail -n 1 /proc/iomem | awk '{ split ($1, r, "-"); \ |
| print (strtonum("0x" r[2]) > strtonum("0xffffffff")); }'` |
| } |
| |
| # Load the kdump kerel specified in /etc/sysconfig/kdump |
| # If none is specified, try to load a kdump kernel with the same version |
| # as the currently running kernel. |
| load_kdump() |
| { |
| MEM_RESERVED=$(cat /sys/kernel/kexec_crash_size) |
| if [ $MEM_RESERVED -eq 0 ] |
| then |
| echo "No memory reserved for crash kernel." >&2 |
| return 1 |
| fi |
| |
| ARCH=`uname -m` |
| if [ "$ARCH" == "i686" -o "$ARCH" == "i386" ] |
| then |
| |
| need_64bit_headers |
| if [ $? == 1 ] |
| then |
| FOUND_ELF_ARGS=`echo $KEXEC_ARGS | grep elf32-core-headers` |
| if [ -n "$FOUND_ELF_ARGS" ] |
| then |
| echo -n "Warning: elf32-core-headers overrides correct elf64 setting" |
| echo |
| else |
| KEXEC_ARGS="$KEXEC_ARGS --elf64-core-headers" |
| fi |
| else |
| FOUND_ELF_ARGS=`echo $KEXEC_ARGS | grep elf64-core-headers` |
| if [ -z "$FOUND_ELF_ARGS" ] |
| then |
| KEXEC_ARGS="$KEXEC_ARGS --elf32-core-headers" |
| fi |
| fi |
| fi |
| |
| KDUMP_COMMANDLINE=`prepare_cmdline` |
| |
| # For secureboot enabled machines, use new kexec file based syscall. |
| # Old syscall will always fail as it does not have capability to |
| # to kernel signature verification. |
| if is_secure_boot_enforced; then |
| echo "Secure Boot is enabled. Using kexec file based syscall." |
| KEXEC_ARGS="$KEXEC_ARGS -s" |
| elif is_secure_mode_enforced; then |
| echo "securelevel is set to 1 (Secure Mode). Using kexec file based syscall." |
| KEXEC_ARGS="$KEXEC_ARGS -s" |
| fi |
| |
| $KEXEC $KEXEC_ARGS $standard_kexec_args \ |
| --command-line="$KDUMP_COMMANDLINE" \ |
| --initrd=$TARGET_INITRD $kdump_kernel |
| if [ $? == 0 ]; then |
| echo "kexec: loaded kdump kernel" |
| return 0 |
| else |
| echo "kexec: failed to load kdump kernel" >&2 |
| return 1 |
| fi |
| } |
| |
| check_ssh_config() |
| { |
| while read config_opt config_val; do |
| # remove inline comments after the end of a directive. |
| config_val=$(strip_comments $config_val) |
| case "$config_opt" in |
| sshkey) |
| if [ -f "$config_val" ]; then |
| # canonicalize the path |
| SSH_KEY_LOCATION=$(/usr/bin/readlink -m $config_val) |
| else |
| echo "WARNING: '$config_val' doesn't exist, using default value '$SSH_KEY_LOCATION'" |
| fi |
| ;; |
| path) |
| SAVE_PATH=$config_val |
| ;; |
| ssh) |
| DUMP_TARGET=$config_val |
| ;; |
| *) |
| ;; |
| esac |
| done < $KDUMP_CONFIG_FILE |
| |
| #make sure they've configured kdump.conf for ssh dumps |
| local SSH_TARGET=`echo -n $DUMP_TARGET | sed -n '/.*@/p'` |
| if [ -z "$SSH_TARGET" ]; then |
| return 1 |
| fi |
| return 0 |
| } |
| |
| check_ssh_target() |
| { |
| local _ret |
| ssh -q -i $SSH_KEY_LOCATION -o BatchMode=yes $DUMP_TARGET mkdir -p $SAVE_PATH |
| _ret=$? |
| if [ $_ret -ne 0 ]; then |
| echo "Could not create $DUMP_TARGET:$SAVE_PATH, you probably need to run \"kdumpctl propagate\"" >&2 |
| return 1 |
| fi |
| return 0 |
| } |
| |
| propagate_ssh_key() |
| { |
| check_ssh_config |
| if [ $? -ne 0 ]; then |
| echo "No ssh config specified in $KDUMP_CONFIG_FILE. Can't propagate" >&2 |
| exit 1 |
| fi |
| |
| local KEYFILE=$SSH_KEY_LOCATION |
| local errmsg="Failed to propagate ssh key" |
| |
| #Check to see if we already created key, if not, create it. |
| if [ -f $KEYFILE ]; then |
| echo "Using existing keys..." |
| else |
| echo -n "Generating new ssh keys... " |
| /usr/bin/ssh-keygen -t rsa -f $KEYFILE -N "" 2>&1 > /dev/null |
| echo "done." |
| fi |
| |
| #now find the target ssh user and server to contact. |
| SSH_USER=`echo $DUMP_TARGET | cut -d\ -f2 | cut -d@ -f1` |
| SSH_SERVER=`echo $DUMP_TARGET | sed -e's/\(.*@\)\(.*$\)/\2/'` |
| |
| #now send the found key to the found server |
| ssh-copy-id -i $KEYFILE $SSH_USER@$SSH_SERVER |
| RET=$? |
| if [ $RET == 0 ]; then |
| echo $KEYFILE has been added to ~$SSH_USER/.ssh/authorized_keys on $SSH_SERVER |
| return 0 |
| else |
| echo $errmsg, $KEYFILE failed in transfer to $SSH_SERVER >&2 |
| exit 1 |
| fi |
| } |
| |
| is_fadump_capable() |
| { |
| # Check if firmware-assisted dump is enabled |
| # if no, fallback to kdump check |
| if [ -f $FADUMP_ENABLED_SYS_NODE ]; then |
| rc=`cat $FADUMP_ENABLED_SYS_NODE` |
| [ $rc -eq 1 ] && return 0 |
| fi |
| return 1 |
| } |
| |
| check_current_fadump_status() |
| { |
| # Check if firmware-assisted dump has been registered. |
| rc=`cat $FADUMP_REGISTER_SYS_NODE` |
| [ $rc -eq 1 ] && return 0 |
| return 1 |
| } |
| |
| check_current_kdump_status() |
| { |
| rc=`cat /sys/kernel/kexec_crash_loaded` |
| if [ $rc == 1 ]; then |
| return 0 |
| else |
| return 1 |
| fi |
| } |
| |
| check_current_status() |
| { |
| if [ $DEFAULT_DUMP_MODE == "fadump" ]; then |
| check_current_fadump_status |
| else |
| check_current_kdump_status |
| fi |
| |
| return $? |
| } |
| |
| save_raw() |
| { |
| local kdump_dir |
| local raw_target |
| |
| raw_target=$(awk '$1 ~ /^raw$/ { print $2; }' $KDUMP_CONFIG_FILE) |
| [ -z "$raw_target" ] && return 0 |
| [ -b "$raw_target" ] || { |
| echo "raw partition $raw_target not found" |
| return 1 |
| } |
| kdump_dir=`grep ^path $KDUMP_CONFIG_FILE | cut -d' ' -f2-` |
| if [ -z "${kdump_dir}" ]; then |
| coredir="/var/crash/`date +"%Y-%m-%d-%H:%M"`" |
| else |
| coredir="${kdump_dir}/`date +"%Y-%m-%d-%H:%M"`" |
| fi |
| |
| mkdir -p "$coredir" |
| [ -d "$coredir" ] || { |
| echo "failed to create $coredir" |
| return 1 |
| } |
| if makedumpfile -R $coredir/vmcore <$raw_target >/dev/null 2>&1; then |
| # dump found |
| echo "Dump saved to $coredir/vmcore" |
| # wipe makedumpfile header |
| dd if=/dev/zero of=$raw_target bs=1b count=1 2>/dev/null |
| else |
| rm -rf "$coredir" |
| fi |
| |
| return 0 |
| } |
| |
| get_save_path() |
| { |
| local _save_path=$(grep "^path" /etc/kdump.conf|awk '{print $2}') |
| if [ -z "$_save_path" ]; then |
| _save_path="/var/crash" |
| fi |
| |
| echo $_save_path |
| } |
| |
| is_dump_target_configured() |
| { |
| local _target |
| |
| _target=$(egrep "^ext[234]|^xfs|^btrfs|^minix|^raw|^ssh|^nfs" /etc/kdump.conf) |
| |
| [ -n "$_target" ] |
| } |
| |
| local_fs_dump_target() |
| { |
| local _target |
| |
| _target=$(egrep "^ext[234]|^xfs|^btrfs|^minix" /etc/kdump.conf) |
| if [ $? -eq 0 ]; then |
| echo $_target|awk '{print $2}' |
| fi |
| } |
| |
| path_to_be_relabeled() |
| { |
| local _path _target _mnt="/" _rmnt |
| |
| if is_dump_target_configured; then |
| _target=$(local_fs_dump_target) |
| if [[ -n "$_target" ]]; then |
| _mnt=$(findmnt -k -f -n -r -o TARGET $_target) |
| if [ -z "$_mnt" ]; then |
| return |
| fi |
| else |
| return |
| fi |
| fi |
| |
| _path=$(get_save_path) |
| # if $_path is masked by other mount, we will not relabel it. |
| _rmnt=$(df $_mnt/$_path 2>/dev/null | tail -1 | awk '{ print $NF }') |
| if [ "$_rmnt" == "$_mnt" ]; then |
| echo $_mnt/$_path |
| fi |
| } |
| |
| selinux_relabel() |
| { |
| local _path _i _attr |
| |
| _path=$(path_to_be_relabeled) |
| if [ -z "$_path" ] || ! [ -d "$_path" ] ; then |
| return |
| fi |
| |
| for _i in $(find $_path); do |
| _attr=$(getfattr -m "security.selinux" $_i 2>/dev/null) |
| if [ -z "$_attr" ]; then |
| restorecon $_i; |
| fi |
| done |
| } |
| |
| # Check if secure boot is being enforced. |
| # |
| # Per Peter Jones, we need check efivar SecureBoot-$(the UUID) and |
| # SetupMode-$(the UUID), they are both 5 bytes binary data. The first four |
| # bytes are the attributes associated with the variable and can safely be |
| # ignored, the last bytes are one-byte true-or-false variables. If SecureBoot |
| # is 1 and SetupMode is 0, then secure boot is being enforced. |
| # |
| # SecureBoot-UUID won't always be set when securelevel is 1. For legacy-mode |
| # and uefi-without-seucre-enabled system, we can manually enable secure mode |
| # by writing "1" to securelevel. So check both efi var and secure mode is a |
| # more sane way. |
| # |
| # Assume efivars is mounted at /sys/firmware/efi/efivars. |
| is_secure_boot_enforced() |
| { |
| local secure_boot_file setup_mode_file |
| local secure_boot_byte setup_mode_byte |
| |
| secure_boot_file=$(find /sys/firmware/efi/efivars -name SecureBoot-* 2>/dev/null) |
| setup_mode_file=$(find /sys/firmware/efi/efivars -name SetupMode-* 2>/dev/null) |
| |
| if [ -f "$secure_boot_file" ] && [ -f "$setup_mode_file" ]; then |
| secure_boot_byte=$(hexdump -v -e '/1 "%d\ "' $secure_boot_file|cut -d' ' -f 5) |
| setup_mode_byte=$(hexdump -v -e '/1 "%d\ "' $setup_mode_file|cut -d' ' -f 5) |
| |
| if [ "$secure_boot_byte" = "1" ] && [ "$setup_mode_byte" = "0" ]; then |
| return 0 |
| fi |
| fi |
| |
| return 1 |
| } |
| |
| # Check if secure mode is being enforced (securelevel =? 1) |
| is_secure_mode_enforced() |
| { |
| local secure_mode_byte |
| |
| secure_mode_byte=$(cat /sys/kernel/security/securelevel) |
| |
| if [ "$secure_mode_byte" = "1" ]; then |
| return 0 |
| fi |
| |
| return 1 |
| } |
| |
| check_kdump_feasibility() |
| { |
| if [ ! -e /sys/kernel/kexec_crash_loaded ]; then |
| echo "Kdump is not supported on this kernel" |
| return 1 |
| fi |
| } |
| |
| check_fence_kdump_config() |
| { |
| local hostname=`hostname` |
| local nodes=$(get_option_value "fence_kdump_nodes") |
| |
| for node in $nodes; do |
| if [ "$node" = "$hostname" ]; then |
| echo "Option fence_kdump_nodes cannot contain $hostname" |
| return 1 |
| fi |
| done |
| |
| return 0 |
| } |
| |
| check_dump_feasibility() |
| { |
| if [ $DEFAULT_DUMP_MODE == "fadump" ]; then |
| return 0 |
| fi |
| |
| check_kdump_feasibility |
| return $? |
| } |
| |
| start_fadump() |
| { |
| echo 1 > $FADUMP_REGISTER_SYS_NODE |
| if ! check_current_fadump_status; then |
| echo "fadump: failed to register" |
| return 1 |
| fi |
| |
| echo "fadump: registered successfully" |
| return 0 |
| } |
| |
| start_dump() |
| { |
| if [ $DEFAULT_DUMP_MODE == "fadump" ]; then |
| start_fadump |
| else |
| load_kdump |
| fi |
| |
| return $? |
| } |
| |
| start() |
| { |
| check_config |
| if [ $? -ne 0 ]; then |
| echo "Starting kdump: [FAILED]" |
| return 1 |
| fi |
| |
| if sestatus 2>/dev/null | grep -q "SELinux status.*enabled"; then |
| selinux_relabel |
| fi |
| save_raw |
| if [ $? -ne 0 ]; then |
| echo "Starting kdump: [FAILED]" |
| return 1 |
| fi |
| |
| check_dump_feasibility |
| if [ $? -ne 0 ]; then |
| echo "Starting kdump: [FAILED]" |
| return 1 |
| fi |
| |
| check_current_status |
| if [ $? == 0 ]; then |
| echo "Kdump already running: [WARNING]" |
| return 0 |
| fi |
| |
| if check_ssh_config; then |
| if ! check_ssh_target; then |
| echo "Starting kdump: [FAILED]" |
| return 1 |
| fi |
| fi |
| |
| check_rebuild |
| if [ $? != 0 ]; then |
| echo "Starting kdump: [FAILED]" |
| return 1 |
| fi |
| |
| start_dump |
| if [ $? != 0 ]; then |
| echo "Starting kdump: [FAILED]" |
| return 1 |
| fi |
| |
| echo "Starting kdump: [OK]" |
| } |
| |
| stop_fadump() |
| { |
| echo 0 > $FADUMP_REGISTER_SYS_NODE |
| if check_current_fadump_status; then |
| echo "fadump: failed to unregister" |
| return 1 |
| fi |
| |
| echo "fadump: unregistered successfully" |
| return 0 |
| } |
| |
| stop_kdump() |
| { |
| if is_secure_boot_enforced; then |
| $KEXEC -s -p -u |
| else |
| $KEXEC -p -u |
| fi |
| |
| if [ $? != 0 ]; then |
| echo "kexec: failed to unload kdump kernel" |
| return 1 |
| fi |
| |
| echo "kexec: unloaded kdump kernel" |
| return 0 |
| } |
| |
| stop() |
| { |
| if [ $DEFAULT_DUMP_MODE == "fadump" ]; then |
| stop_fadump |
| else |
| stop_kdump |
| fi |
| |
| if [ $? != 0 ]; then |
| echo "Stopping kdump: [FAILED]" |
| return 1 |
| fi |
| |
| echo "Stopping kdump: [OK]" |
| return 0 |
| } |
| |
| if [ ! -f "$KDUMP_CONFIG_FILE" ]; then |
| echo "Error: No kdump config file found!" >&2 |
| exit 1 |
| fi |
| |
| main () |
| { |
| # Determine if the dump mode is kdump or fadump |
| determine_dump_mode |
| |
| case "$1" in |
| start) |
| if [ -s /proc/vmcore ]; then |
| save_core |
| reboot |
| else |
| start |
| fi |
| ;; |
| stop) |
| stop |
| ;; |
| status) |
| EXIT_CODE=0 |
| check_current_status |
| case "$?" in |
| 0) |
| echo "Kdump is operational" |
| EXIT_CODE=0 |
| ;; |
| 1) |
| echo "Kdump is not operational" |
| EXIT_CODE=3 |
| ;; |
| esac |
| exit $EXIT_CODE |
| ;; |
| restart) |
| stop |
| start |
| ;; |
| condrestart) |
| ;; |
| propagate) |
| propagate_ssh_key |
| ;; |
| *) |
| echo $"Usage: $0 {start|stop|status|restart|propagate}" |
| exit 1 |
| esac |
| } |
| |
| # Other kdumpctl instances will block in queue, until this one exits |
| single_instance_lock |
| |
| # To avoid fd 9 leaking, we invoke a subshell, close fd 9 and call main. |
| # So that fd isn't leaking when main is invoking a subshell. |
| (exec 9<&-; main $1) |
| |
| exit $? |