Cloud rescue update: automatic network configuration

    The news in one paragraph: rescue initrd (a special kit from the kernel and initrd) is now automatically configured for ipv4 / ipv6 addresses assigned to the cloud server and automatically starts the ssh server after boot.


    How does it work?


    Typically, loading a virtual machine looks like this: grub.cfg / grub.lst is read from the boot disk of the virtual machine (from its boot partition), the kernel and initrd are selected from it. Domain builder (a special application that creates a domain at the start of a virtual machine, puts the / initrd kernel there, forms a start page with settings and adds memory) this kernel loads and starts the domain.

    Further, the kernel is already loaded as in a regular server - the initrd init script is started, which prepares the root file system, makes pivot_root there (root directory switching) and the real init is started, which reads inittab, starts the initialization system system-v or upstart, systemd, who really like what.

    If a problem arises: a root file system is not available, a suspicion of hacking, an investigation of a problem, then it may be necessary to load an alternative kernel.

    In this case, the kernel, instead of being read from the disk of the guest virtual machine, is taken from the catalog of ready-made kernels. From there, initrd is taken. The guest machine starts up as is.

    In total, we have several sets of kernels and initrd - most of them allow you to start a regular system, but there are several specific initrd that do something useful, remaining “outside” the operating system.

    It:
    • Auto PTMAX is a specialized initrd that automatically expands the size of the PV, VG, and root partition file systems after resizing a block device (increasing disk size).
    • Auto FSCK - automatically checks the root filesystem
    • Vanilla Linux 3.2 - test version for checking the operation of pv_ops kernels (use at your own risk)
    • Rescue Initrd - the protagonist of our story

    What can rescue initrd do?


    We wrote more about him immediately after launch: habrahabr.ru/company/selectel/blog/122667
    In short:
    • Almost full shell (full busybox)
    • A set of utilities for fixing file systems and partitions
    • A set of network utilities for diagnostics
    • ssh server
    • General environment for comfortable work (editors, utilities)
    • supload (about it below)


    What has changed?


    Now rescue initrd itself determines the network settings. There is no magic here - when setting the kernel arguments, the current settings of the virtual machines are added to them, and the scripts in initrd receive these settings and configure the network in accordance with them.

    At the same time, now the ssh server starts automatically.

    There is one problem whose theoretical solution we do not know. This is a ssh server private key problem. If it changes (for the same ip-address), then the ssh-client will give an unpleasant warning about the “changed server key” (and on most ssh-clients it will not even let you connect until the key is changed / deleted in known_hosts).

    There are several options:
    • Copy the key from the file system of the virtual machine. If there are any problems with the file system, then its automatic mounting can be fraught (for example, a good xfs can put the file system in a "consistent" state by rolling back gigabytes that way a hundred recorded data at the time of mounting). For a rescue image, this is not an option.
    • Store the private server key in our database. Contradicts the idea of ​​private keys.
    • Set "your" private key during installation. Similarly.


    In other words, there are no beautiful solutions, so the only possible solution is to delete the old key from the known ones, connect, after completing the work, delete the stored key again.

    ... Or just use the console.

    Using supload


    The rescue initrd includes a script that allows you to upload data to any swift storage. For example, to our cloud storage.

    It looks like this: Due to the fact that the storage and server projects have some autonomy from each other, the username and password will have to be added manually. You can find them on the page "access settings" of cloud storage.

    supload.sh -u пользователь -k пароль контейнер file.tar.gz




    Immediate prospects


    Copy the public key of the user root to rescue-initrd. Will be implemented in the next 1-2 updates.

    Also popular now: