Remote console setup

From OpenVZ Virtuozzo Containers Wiki
Revision as of 13:41, 26 January 2015 by Koct9i (talk | contribs) (Setting up rsyslogd)
Jump to: navigation, search

In case you are experiencing a kernel crash (oops) and have already tested your hardware, you should report what kernel says to the console (i.e. an oops text) to Bugzilla. Sometimes kernel crashes so badly that syslogd is not working and what kernel says is never written to a file. If this is the case, you have to catch what kernel says. There are several ways possible.

Manual/Photo

If kernel backtrace is not long enough there are chances that it can fit into a single screen. In that case, you can just make a photo of the kernel crash screen and attach it to the bug report. If you do not have a camera, you still can carefully write down (using a piece of paper and a pen, that is) what you see on the screen, and later type it into the bug report.

Serial console

Here is a description of a common routine that is necessary to set up a serial console.

Hardware setup

First of all you should make sure that your node has a serial port. If there is no such port then unfortunately this way is not for you.

Then you need to find a second machine with a serial port on it. This machine will be used to collect logs from your primary machine. Further you need to acquire so-called null modem cable (a.k.a. serial cable) and it must be long enough to connect these two machines.

Software setup

Sending side

In your boot loader add the following kernel parameters:

console=ttyS0,115200 console=tty0
Warning.svg Warning: make sure kernel command line does not contain the word quiet, otherwise most of the kernel messages will not be printed to console.

For example, in GRUB boot loader configuration file /boot/grub/grub.conf it looks like this:

title Fedora Core (2.6.16-026test014.1-smp)
        root (hd0,0)
        kernel /vmlinuz-2.6.16-026test014.1-smp ro root=LABEL=/ console=ttyS0,115200 console=tty debug silencelevel=8
        initrd /initrd-2.6.16-026test014.1-smp.img

Kernel loaded with such parameters will send all kernel messages to /dev/ttyS0 (first serial port, a.k.a. COM1). If you have several ports, make sure that your null modem cable is connected to the appropriate port.

Receiving side

On the second node you should run any software that can log from /dev/ttyS0.

It can be usual

cat /dev/ttyS0 > /var/log/serial.log &

or something more sophisticated: syslogd, watchtty etc.

Port setup

One more important thing. 115200 in the example above is the rate of emitting port. Receiving port must also work at the same rate. For example, to tune ttyS0 rate use stty program like this:

stty 115200  < /dev/ttyS0

Some other serial port parameters, like parity, number of stop bits etc. should also be the same on both sides.

Netconsole

Kernel recompilation

If you use binary kernel from openvz.org, it already has netconsole module compiled in, so just skip to next section.

If you build the kernel yourself, you might need to check if netconsole is compiled. To that effect, change to your kernel source directory and grep your kernel .config for NETCONSOLE:

# cd /usr/src/openvz/linux-2.6.16
# grep NETCONSOLE .config

If you see nothing or "# CONFIG_NETCONSOLE is not set" you need to recompile the kernel.

Edit your kernel configuration file .config with a text editor (nano .config or vi .config). Set netconsole to Y or M (depending on whether you want it as a module or built into the kernel; I have compiled it as a module):

CONFIG_NETCONSOLE=m

Save the file, then recompile the kernel:

# make bzImage && make modules && make modules_install

Update your bootloader for the new updated kernel. In my case I use LILO so I just type lilo at the prompt.

Reboot into new kernel.

Setting up OpenVZ side

Next you want your netconsole to send the request to somewhere. Load netconsole module, specifying the remote server parameters:

# modprobe netconsole netconsole=4444@10.0.2.1/eth0,6666@10.0.2.2/00:05:5D:34:11:AF

This will load the module with your settings. Replace your local IP address with where 10.0.2.1 is, eth0 with your network interface card device, 6666 with the remote netconsole port (UDP), and 10.0.2.2 with your remote netconsole server IP. Also add in the mac address of your remote netconsole server, which in my case was 00:05:5D:34:11:AF. You can get the MAC address using arp utility:

# ping -c 1 10.0.2.2
# /sbin/arp -n 10.0.2.2
Address                  HWtype  HWaddress           Flags Mask            Iface
10.0.2.2                 ether   00:05:5D:34:11:AF   C                     eth0

If the remote netconsole server is outside of local network area, use mac address of default gateway or router on local network area and IP address of remote netconsole server (loging via WAN). Mac address of default gateway or router you can get the same way (ping to gateway/router and see mac address via arp command).

Netconsole documentation is available from Documentation/networking/netconsole.txt file under your kernel source directory.

Setting from initrd

To durable logging boot process before root filesystem mounting network device driver and netconsole module must be loaded from initd.

RedHat 5/CentOS 5:

echo 'MODULES+="<network-driver-module> netconsole "' > /etc/sysconfig/mkinitrd/netconsole
chmod +x /etc/sysconfig/mkinitrd/netconsole
echo 'options netconsole netconsole=<sport>@<saddr>/<dev>,<dport>@<daddr>/<dmac>' >> /etc/modprobe.conf

Debian/Ubuntu:

echo '<network-driver-module>' >> /etc/initramfs-tools/modules
echo 'netconsole netconsole=<sport>@<saddr>/<dev>,<dport>@<daddr>/<dmac>' >> /etc/initramfs-tools/modules

and rebuild initrd

Setting up rsyslogd

/etc/rsyslog.d/netconsole.conf

$template NetconsoleFile,"/var/log/netconsole/%FROMHOST%-%$NOW%.log"
$template NetconsoleFormat,"%rawmsg%"

$EscapeControlCharactersOnReceive off
$DropTrailingLFOnReception off
$RepeatedMsgReduction off

$RuleSet NetconsoleRuleset
*.* ?NetconsoleFile;NetconsoleFormat
$RuleSet RSYSLOG_DefaultRuleset

$ModLoad imudp
$InputUDPServerBindRuleset NetconsoleRuleset
$UDPServerRun 6666

Setting up remote side

Setup netcat (nc on some Linux distributions) on your console server to listen on port 6666 UDP:

netcat -u -l -p6666

or

nc -lu 6666

or

socat  udp-listen:6666,reuseaddr -

When your kernel prints something on the console, the text will be also captured on this netconsole server.

Adding to inittab

For automatic care about capturing on console server you can use init respawn feature in this way:

echo "n1:23:respawn:/bin/netcat -u -l -p 6666 >> /var/log/netconsole" >> /etc/inittab
telinit q

Adding date/time to messages

If you want the log to contain date/time of each line, you can use awk like this:

netcat -u -l -p6666 | awk '{print strftime("%d %b %Y %H:%M:%S"), $0; fflush(stdout);}' >> /var/log/netconsole

See man strftime for info about how to tailor strftime() argument to your needs.

Note that if you want to add this to /etc/inittab, it should be done like this:

echo "netcat -u -l -p6666 | awk '{print \
  strftime("%d %b %Y %H:%M:%S"), \$0; fflush(stdout);}' \
  >> /var/log/netconsole" > /usr/local/sbin/netconsole
chmod a+x /usr/local/sbin/netconsole
echo "n1:23:respawn:/usr/local/sbin/netconsole" >> /etc/inittab
telinit q

Configuring logrotate

For long term capturing you would like to do log rotating some way. With logrotate you can do it by creating config file /etc/logrotate.d/netconsole:

/var/log/netconsole {
    weekly
    rotate 8
    missingok
    compress
    copytruncate
    notifempty
    # Need to restart logger after log file move
    postrotate
        # Below line assumes netcat will be restarted by init
        killall -TERM netcat > /dev/null 2>&1 || true
}

For more details, see man logrotate.

Testing netconsole

First check log level of console messages on OpenVZ side by:

cat /proc/sys/kernel/printk

First number should be 7 for testing. You can arrange it by:

sysctl -w kernel.printk="7 4 1 7"

After testing you can restore previous setting the same way.

Load netconsole module (see above) and on the console server run netcat (nc) command. On OpenVZ side provoke any console message, for example connect any USB hardware or try command:

modprobe tun

If you see any console message on OpenVZ side, you should see message on console server too. If not, something is wrong. When debugging a problem, do not use tcpdump on OpenVZ side — it is not able to show netconsole packets. Instead, use tcpdump on console server. Quite a common source of problems with netconsole are firewalls.

See also