System recovery (202.2)
System recovery (202.2)¶
Objectives¶
Candidates should be able to properly manipulate a Linux system during both the boot process and during recovery mode. This objective includes using both the init utility and init-related kernel options. Candidates should be able to determine the cause of errors in loading and usage of bootloaders. GRUB version 2 and GRUB Legacy are the bootloaders of interest.
Key Knowledge Areas¶
-
GRUB version 2 and Legacy
-
Grub shell
-
Boot loader start and hand off to kernel
-
Kernel loading
-
Hardware initialisation and setup
-
Daemon/service initialisation and setup
-
Know the different boot loader install locations on a hard disk or removable device
-
Overwriting standard boot loader options and using boot loader shells
-
Awareness of UEFI
-
UEFI and NVMe booting
Terms and Utilities¶
-
mount
-
fsck
-
inittab
,telinit
andinit
with SysV init -
The contents of
/boot/
and/boot/grub/
-
GRUB
-
grub-install
-
initrd
,initramfs
-
Master boot record
GRUB explained¶
GRUB (short for GRand Unified Bootloader) loads the operating system kernel and transfers execution control to it.
Two major versions of GRUB exist. The current version is known as GRUB but is in fact GRUB 2. GRUB has been developed around 2011. The older version was developed back in 1999 and is now referred to as GRUB Legacy. GRUB Legacy is still in use but its development has been frozen.
GRUB 2¶
GRUB is a modular bootloader and supports booting from PC UEFI, PC BIOS and other platforms. The advantage of its modular design is that as new filesystems and/or storage solutions are added to the kernel, boot support can easily be added to GRUB 2 in separate modules.
Examples of boot support added by such modules are modules for filesystem support (like ext4, NTFS, btrf and zfs), and LVM and software RAID devices.
GRUB is able to boot many operating systems, both free and proprietary ones. Open operating systems, like FreeBSD, NetBSD, OpenBSD, and Linux, are supported by GRUB directly. Proprietary kernels (e.g. DOS, Windows and OS/2) are supported using GRUB's chain-loading function. Chain-loading implies that GRUB will be used to boot the system, and in turn will load and run the proprietary systems bootloader, which then boots the operating system.
The GRUB boot process features both a menu interface and a command-line
interface (CLI). The CLI called is called the GRUB shell and allows you
to execute commands to select a root device (root
command), load a
kernel from it (linux
command) and, if necessary load some additional
kernel modules (insmod
) and subsequently boot the kernel (boot
command). The menu interface offers a quick selection method of the
desired runtime environment. While booting, both interfaces are
available. On boot the menu is displayed, and the user can simply choose
one of the menu entries. Without user interaction, the system will boot
the default entry after a pre-defined time value has passed.
Alternatively, the user can hit e to edit the current entry before booting, or hit c to enter the CLI. Some Linux distributions hide the GRUB screen during boot. Pressing the SHIFT key right after BIOS/UEFI initialization will unhide the GRUB screen.
After invoking the GRUB shell, the user can type commands from the list
below. The list of commands may vary, and depends on which modules are
present on the system. The help
command will produce a list of
available commands.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
|
GRUB uses its own syntax to describe hard disks. Device names need to be enclosed in brackets, e.g
1 |
|
denotes the floppy disk, and
1 |
|
denotes the first partition on the first hard disk. Note that while disk numbers start at zero, partition numbers start at one, so the last example references the first disk and the first partition.
GRUB uses the computer BIOS to find out which hard drives are available.
But it can not always figure out the relation between Linux device
filenames and the BIOS drives. The special file /boot/grub/device.map
can be created to map these, e.g.:
1 2 |
|
Note that when you are using software RAID-1 (mirroring), you need to set up GRUB on both disks. Upon boot, the system will not be able to use the software RAID system yet, so booting can only be done from one disk. If you only set up GRUB on the first disk and that disk would be damaged, the system would not be able to boot.
GRUB Configuration File¶
The configuration file for GRUB 2 is /boot/grub/grub.cfg
. The GRUB
configuration file is written in a shell-like scripting language with
conditional statements and functions.
It is not recommended to modify grub.cfg
directly; the configuration
file is updated whenever a kernel is added, updated, or removed using
the package manager of the distribution or when the user runs the
update-grub
script. The update-grub
is a wrapper around
grub-mkconfig
, specifying grub.cfg
as its output file. The behaviour
of grub-mkconfig
is controlled by files in the directory /etc/grub.d
and keywords in the /etc/default/grub
file.
Examples keywords: the default menu entry to boot (GRUB_DEFAULT) or the timeout in seconds to boot the default menu entry after the menu is displayed (GRUB_TIMEOUT).
Operating systems, including foreign operating systems like Windows are
automatically detected by the /etc/grub.d/30_os_prober
script. A
custom file (by default 40_custom
) can be modified by the user to
create custom entries.
GRUB 2 menu entries start with the menuentry
keyword. The menu
entry's title can be found within quotation marks on the menuentry
line. The menuentry
line ends with an opening curly brace ({). The
menu entry ends with a closing curly brace (}).
A very simple example:
Differences with GRUB Legacy¶
At first glance, the two versions do not differ much. However, there are some obvious differences:
-
The GRUB configuration file is now called
/boot/grub/menu.list
, while Red Hat based distributions favor the/boot/grub/grub.conf
filename. Besides the slightly different name, the configuration file also has a different syntax. The grub.cfg file is now generated during grub-install, and is not supposed to be edited by hand. -
The core GRUB engine is smaller and less platform dependent. Support for many different filesystems and platforms is now available in separate modules. As a consequence, the platform, and filesystem(s) in use determine the modules loaded during the boot sequence. In contrast, GRUB Legacy has a fixed boot sequence with critical components hardcoded, making it less flexible.
-
Partition numbering starts at 1 in GRUB 2, rather than 0. Disks are still numbered from 0. This can be a bit confusing.
-
GRUB 2 kernel specification is done with the
linux
command, while in GRUB Legacy, we use thekernel
command instead. -
The root device can be selected with
set root
in stead of theroot
command. The root device can also be set from thesearch
command which can find devices by disk label or UUID. -
GRUB 2 uses
insmod
to load modules. In GRUB Legacy modules are loaded withmodule
ormodulenounzip
.
GRUB Legacy¶
The GRUB Legacy definitions for the menu-entries are stored in
/boot/grub/menu.lst
. On some systems you may find a grub.conf
(not to be confused with GRUB 2 grub.cfg
config file)
link in the /etc
or /boot/grub
directory. Because GRUB accesses the
file directly, any changes in that file will impact the bootloader
immediately.
On systems with the Legacy bootloader, GRUB shell is available to
install and emulate it. This shell emulates the boot loader and can be
used to install the boot loader. It also comes in handy to inspect your
current set up and modify it. To start it up (as root
) simply type
grub
. In the following example we display the help screen:
# grub
grub> help
blocklist FILE boot
cat FILE chainloader [--force] FILE
color NORMAL [HIGHLIGHT] configfile FILE
device DRIVE DEVICE displayapm
displaymem find FILENAME
geometry DRIVE [CYLINDER HEAD SECTOR [ halt [--no-apm]
help [--all] [PATTERN ...] hide PARTITION
initrd FILE [ARG ...] kernel [--no-mem-option] [--type=TYPE]
makeactive map TO_DRIVE FROM_DRIVE
md5crypt module FILE [ARG ...]
modulenounzip FILE [ARG ...] pager [FLAG]
partnew PART TYPE START LEN parttype PART TYPE
quit reboot
root [DEVICE [HDBIAS]] rootnoverify [DEVICE [HDBIAS]]
serial [--unit=UNIT] [--port=PORT] [-- setkey [TO_KEY FROM_KEY]
setup [--prefix=DIR] [--stage2=STAGE2_ terminal [--dumb] [--timeout=SECS] [--
testvbe MODE unhide PARTITION
uppermem KBYTES vbeprobe [MODE]
grub >_
**Note*
Note that the grub shell is not available for GRUB 2. Instead, you can
install the Grub Emulator, grub-emu
.
Other GRUB Legacy commands include the blocklist
command, which
can be used to find out on which disk blocks a file is stored, or the
geometry
command, which can be used to find out the disk geometry. You
can create new (primary) partitions using the partnew
command, load an
initrd
image using the initrd
command, and many more. All options
are described in the GRUB documentation. GRUB is part of the GNU
software library and as such is documented using the info
system. On
most systems there is a limited man
page available as well.
The initial boot process , upon boot, the BIOS accesses the initial sector of the hard disk, the so-called MBR (Master Boot Record), loads the data found there in memory and transfers execution to it. If GRUB is used, the MBR contains a copy of the first stage of GRUB, which tries to load stage 2.
To be able to load stage 2, GRUB needs to have access to code to handle
the filesystem(s). There are many filesystem types and the code to
handle them will not fit within the 512 byte MBR, even less so since the
MBR also contains the partitioning table. The GRUB parts that deal with
filesystems are therefore stored in the so-called DOS compatibility
region. That region consists of sectors on the same cylinder where the
MBR resides (cylinder 0). In the old days, when disks were adressed
using the CHS (Cylinder/Head/Sector) specification, the MBR typically
would load DOS. DOS requires that its image is on the same cylinder.
Therefore, by tradition, the first cylinder on a disk is reserved and it
is this space that GRUB uses to store the filesystem code. That section
is referred to as stage 1.5. Stage 1.5 is commonly referred to as the
core.img
; it is constructed from several files by the installer, based
on the filesystem(s) grub needs to support during boot.
Stage 2 contains most of the boot-logic. It presents a menu to the end-user and an additional command prompt, where the user can manually specify boot-parameters. GRUB is typically configured to automatically load a particular kernel after a timeout period. Once the end-user made his/her selection, GRUB loads the selected kernel into memory and passes control on to the kernel. At this stage GRUB can pass control of the boot process to another loader using chain loading if required by the operating system.
grub-install In Linux, the grub-install
command is used to install
stage 1 to either the MBR or within a partition.
Influencing the regular boot process¶
The regular boot process is the process that normally takes place when GRUB (re)booting the system. This process can be influenced by the GRUB prompt. What can be influenced will be discussed in the following sections, but first we must activate the prompt.
Choosing another kernel¶
If you have just compiled a new kernel and you are experiencing difficulties with the new kernel, chances are that you would like to revert to the old kernel.
For GRUB, once you see the boot screen, use the cursor keys to select the kernel you would like to boot, and press Enter to boot it.
Booting into single user mode or a specific runlevel¶
This can be useful if, for instance, you have installed a graphical environment which is not functioning properly. You either do not see anything at all or the system does not reach a finite state because is keeps trying to start X over and over again.
Booting into single user mode or into another runlevel where the single user mode graphical environment is not running will give you access to the system so you can correct the problem.
To boot into single user mode in GRUB, point the cursor to the kernel entry you would like to boot and press e. Then select the line starting with "linux" (for GRUB 2) or "kernel" in GRUB Legacy. Go to the end of the line, and add "single". After that, press Enter to exit the editing mode and then press [CTRL+x]{.keycombo} (GRUB 2), or b in GRUB Legacy to exit the editor and boot that entry.
Switching runlevels¶
telinit It is possible in Linux to switch to a different runlevel than
the currently active one. This is done through the telinit
command.
It's syntax is simple: telinit [OPTION] RUNLEVEL where RUNLEVEL is
the number of the runlevel.
The only option which telinit
supports is -e KEY=VALUE
. It is used
to specify an additional environment variable to be included in the
event along with RUNLEVEL and PREVLEVEL. Usually you will not use this
option.
You will find you use telinit
mostly to switch to single-user mode
(runlevel 1), for example to be able to umount a filesystem and fsck
it. In that case you can use:
1 |
|
telinit Note that telinit
on most systems is a symbolic link to the
init
command.
init Use of the command /sbin/init q
forces init to reload
/etc/inittab
.
inittab
Passing parameters to the kernel¶
If a device doesn't work:
A possible cause can be that the device driver in the kernel has to be told to use another irq and/or another I/O port. This is only applicable if support for the device has been compiled into the kernel, not if you are using a loadable module.
As an example, let us pretend we have got a system with two identical ethernet-cards for which support is compiled into the kernel. By default only one card will be detected, so we need to tell the driver in the kernel to probe for both cards. Suppose the first card is to become eth0 with an address of 0x300 and an irq of 5 and the second card is to become eth1 with an irq of 11 and an address ether= of 0x340. For GRUB, you can add the additions the same way as booting into single-user mode, replacing the keyword "single" by the parameters you need pass.
For the example above, the keywords to pass to the kernel would be:
1 |
|
The Rescue Boot process¶
When fsck
is started but fails¶
During boot file systems are checked. On a Debian system this is done by
fsck /etc/rcS.d/S30check.fs
. All filesystems are checked based on the
contents of /etc/fstab
.
If the command fsck
returns an exit status larger than 1, the command
has failed. The exit status is the result of one or more of the
following conditions:
1 2 3 4 5 6 7 |
|
If the command has failed you wil get a message:
1 2 3 4 |
|
If you do not press [Ctrl+D]{.keycombo} but enter the root password, you
will get a shell, in fact /sbin/sulogin
is launched, and you should be
/sbin/sulogin able to run fsck
and fix the problem if the root
filesystem is mounted read-only.
Alternatively (see next section) you can boot from boot media.
If your root (/) filesystem is corrupt¶
Using the distribution's bootmedia¶
A lot of distributions come with one or more CD's or boot images which can be put on a USB stick. One of these CD's usually contains a "rescue" option to boot Linux in core. This allows you to fix things.
Remember to set the boot-order in the BIOS to boot from CD-ROM or USB stick first and then HDD. In the case of a USB stick it may also be necessary to enable "USB Legacy Support" in the bios.
What the rescue mode entails is distribution specific. But it should
allow you to open a shell with root-privileges. There you can run fsck
on the unmounted corrupt filesystem.
Let's assume your root partition was /dev/sda2
. You can then run a
filesystem check on the root filesystem by typing fsck -y
/dev/sda2
. The "-y" flag prevents fsck
from
asking questions which you must answer (this can result in a lot of
Enters) and causes fsck
to use "yes" as an answer to all questions.
mount Although the root (/) filesystem of a rescue image is completely
in RAM, you can mount
a filesystem from harddisk on an existing
mountpoint in RAM, such as /target
. Or, you can create a directory
first and then mount
a harddisk partition there.
After you corrected the errors, do not forget to umount
the
filesystems you have mounted before you reboot the system, otherwise you
will get a message during boot that one or more filesystems have not
been cleanly umounted and fsck
will try to fix it again.
UEFI and NVMe boot considerations¶
For many decades, the system BIOS (Basic Input Output System) took care of hardware and software initialization during the boot process. Early BIOS versions required manual configuration of physical jumpers on the motherboard. Later versions replaced the manual jumper routine by a software menu, capable of providing an interface to configure the most elementary computer settings. As convenient as this may sound, the constant evolution of computer systems evolved to a point where even the most sophisticated BIOS software proved to have its limitations. To combat these limitations, Intel developed the EFI (Extensible Firmware Interface) system in 1998 as a BIOS replacement. The EFI system dit not catch on, until the standard was adopted by the UEFI Forum around 2005. The standard was then (re)branded from EFI to UEFI (Universal Extensible Firmware Interface). UEFI is sometimes also referred to as (U)EFI. Linux kernel 3.15 and newer should be able to use the UEFI advantages.
What are these advantages you may ask? To answer that question we have to look at the BIOS limitations first. One of the limitations of BIOS systems is noticable when booting operating systems. Traditionally, a BIOS can be configured to use one or more boot devices in a specific order. A boot device can be an optical drive, a harddrive, a portable USB volume or a network interface card. After the BIOS has performed the POST (Power On Self Test), each configured boot device will be checked for the existence of a boot loader. The first bootloader detected will be loaded. In case of a harddrive, the BIOS expects the bootloader to be located at sector 0 or the MBR*(Master Boot Record). Since the MBR only allows for a small amount of data (446 bytes) to be stored, the MBR usually contains instructions that point to another piece of code on disk. This two stage approach is known as *chainloading. This other piece of code could then consist of a boot manager. A boot manager is capable of loading operating systems located at various locations on the storage volumes. Both the first and second stage of the boot code have to be stored within the first MegaByte of available storage on the harddrive.
UEFI uses a different approach. Instead of being limited to the MBR
contents of one specific drive, UEFI reads boot data from an ESP
partition. ESP stands for EFI System Partition. The ESP is a
designated boot partition. The filesystem is usually of the type FAT ,
and it can hold any size of bootloader, or even multiple ones. On Linux
systems, the ESP is usually mounted as /boot/efi
. Underneath that
mountpoint will be a directory structure that depends on the Operating
System in use. The boot files located within those directories carry a
.efi
extension. With UEFI, the UEFI software acts as a mini-bootloader
looking for filenames ending in .efi
within pre-defined locations. On
a Fedora based system, the contents of the ESP may look as follows:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
|
In the example above, every file ending in .efi
can add functionality
to the UEFI system. So, whereas BIOS based systems depend on harddrive
metadata to boot up a system, UEFI based systems are capable of reading
files within the ESP portion of the harddrive. UEFI offers backwards
compatibility towards legacy BIOS functions, while at the same time
offering more advanced functions for modern computers. Computers using
BIOS software have trouble dealing with todays 8TB harddrives. UEFI
based computers are able to use GPT disk layouts that defeat the 2TB
partition limit of their BIOS counterparts. The UEFI software comes with
network support for IPv4 and IPv6. TCP and UDP are supported, and
booting remote boot media is supported using TFTP and even HTTP. Booting
over HTTP does require UEFI 2.5 or newer. Version 2.5 was released in
Januari 2016.
LPIC-2 exam candidates should be aware of the possibility to switch
between UEFI and Legacy BIOS boot modes on modern computers. Despite the
advantages that UEFI may have, there are also requirements that should
be met. The .efi
boot files are expected to be located beneath a
certain path. When Secure Boot is enabled, the boot code has to be
digitally signed. Otherwise, systems may encounter boot issues. When
troubleshooting boot issues on a modern Linux computer, try to
distinguish MBR from GPT disk layouts. When using the UEFI boot mode,
confirm that the Linux distribution in use can also handle UEFI boot.
When Secure Boot is enabled, confirm that the required conditions are
met. When in doubt, switch back to "Legacy BIOS" or equivalent within
the UEFI interface. When booting from USB, it may be necessary to enable
'Legacy USB' settings for Mass Storage Devices in the UEFI interface.
NVM¶
In the previous chapter, 8TB harddrives are mentioned as a result of recent computer storage evolution. These conventional SATA (Serial Advanced Technology Attachmenti) harddrives have moving parts, and are controlled using a protocol called AHCI (Advanced Host Configuration Interface). In recent years, SSD (Solid State Disk) harddrives have become more popular. One of the advantages of these drives is the lack of moving parts. This makes SSD harddrives not only more energy efficient but also faster than mechanical harddrives. Because the SSD drives have to be compatible with existing computers, they are connected with the same SATA connector mechanical harddrives use. And they also use the same AHCI protocol. This protocol was initially designed with mechanical harddrives in mind. AHCI uses 1 queue with 32 commands to control the harddrive. This poses a bottleneck for the newer generation of SSD harddrives. To combat this bottleneck, a new technology called NVMe (Non Volatile Memory Express) has been developed. NVMe allows SSD harddrives to connect to a NVMe controller that is connected to the PCI-E bus on the motherboard. The SSD harddisk is then controlled using the NVMHCI (Non Volatile Memory Host Configuration Interface) protocol. Instead of 1 queue holding 32 commands at a time, the SSD can now be controlled using 65.000 queues holding up to 65.000 commands each. This is possible because the PCI-E bus is much faster than the SATA bus. The latest generation of fast SSD harddrives can achieve throughput speeds up to seven times faster using NVMe when compared to PCI-E connected AHCI harddrives.
Just as traditional harddrives connected to a Linux computer are
represented by /dev/hda*
or /dev/sda*
references, NVMe harddrives
are represented by /dev/nvme*
within the Linux filesystem tree. When
working with these harddrives, be aware that the disk notation starts at
0
, but the namespace and partition on disk start at 1
. Therefore,
the first partition on the first namespace on the first NVMe harddrive
of a system is represented by /dev/nvme0n1p1
. More about UEFI and NVMe
booting at 204.2