mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-21 22:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
45b7f1736b64e9f0741e21e5a9d83a837bd863bf
libguestfs/rescue/virt-rescue.pod
Richard W.M. Jones 0e17236d7d Update copyright dates to 2020.
2020-03-06 19:32:32 +00:00

513 lines
13 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
=head1 NAME
virt-rescue - Run a rescue shell on a virtual machine
=head1 SYNOPSIS
virt-rescue [--options] -d domname
virt-rescue [--options] -a disk.img [-a disk.img ...] [-i]
Old style:
virt-rescue [--options] domname
virt-rescue [--options] disk.img [disk.img ...]
=head1 DESCRIPTION
virt-rescue is like a Rescue CD, but for virtual machines, and without
the need for a CD. virt-rescue gives you a rescue shell and some
simple recovery tools which you can use to examine or rescue a virtual
machine or disk image.
You can run virt-rescue on any virtual machine known to libvirt, or
directly on disk image(s):
virt-rescue -d GuestName -i
virt-rescue --ro -a /path/to/disk.img -i
virt-rescue -a /dev/sdc
For live VMs you I<must> use the I<--ro> option.
When you run virt-rescue on a virtual machine or disk image, you are
placed in an interactive bash shell where you can use many ordinary
Linux commands. What you see in F</> (F</bin>, F</lib> etc) is the
rescue appliance. You must mount the virtual machines filesystems.
There is an empty directory called F</sysroot> where you can mount
filesystems.
To automatically mount the virtual machines filesystems under
F</sysroot> use the I<-i> option. This uses libguestfs inspection to
find the filesystems and mount them in the right place. You can also
mount filesystems individually using the I<-m> option.
Another way is to list the logical volumes (with L<lvs(8)>) and
partitions (with L<parted(8)>) and mount them by hand:
><rescue> lvs
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
lv_root vg_f15x32 -wi-a- 8.83G
lv_swap vg_f15x32 -wi-a- 992.00M
><rescue> mount /dev/vg_f15x32/lv_root /sysroot
><rescue> mount /dev/vda1 /sysroot/boot
><rescue> ls /sysroot
Another command to list available filesystems is
L<virt-filesystems(1)>.
To run commands in a Linux guest (for example, grub), you should
chroot into the /sysroot directory first:
><rescue> chroot /sysroot
=head2 NOTES
Virt-rescue can be used on I<any> disk image file or device, not just
a virtual machine. For example you can use it on a blank file if you
want to partition that file (although we would recommend using
L<guestfish(1)> instead as it is more suitable for this purpose). You
can even use virt-rescue on things like USB drives, SD cards and hard
disks.
You can get virt-rescue to give you scratch disk(s) to play with.
This is useful for testing out Linux utilities (see I<--scratch>).
Virt-rescue does not require root. You only need to run it as root if
you need root to open the disk image.
This tool is just designed for quick interactive hacking on a virtual
machine. For more structured access to a virtual machine disk image,
you should use L<guestfs(3)>. To get a structured shell that you can
use to make scripted changes to guests, use L<guestfish(1)>.
=head1 OPTIONS
=over 4
=item B<--help>
Display brief help.
=item B<-a> FILE
=item B<--add> FILE
Add C<FILE> which should be a disk image from a virtual machine. If
the virtual machine has multiple block devices, you must supply all of
them with separate I<-a> options.
The format of the disk image is auto-detected. To override this and
force a particular format use the I<--format=..> option.
=item B<-a> URI
=item B<--add> URI
Add a remote disk. See L<guestfish(1)/ADDING REMOTE STORAGE>.
=item B<--append> KERNELOPTS
Pass additional options to the rescue kernel.
__INCLUDE:blocksize-option.pod__
=item B<-c> URI
=item B<--connect> URI
If using libvirt, connect to the given I<URI>. If omitted, then we
connect to the default libvirt hypervisor.
If you specify guest block devices directly (I<-a>), then libvirt is
not used at all.
=item B<-d> guest
=item B<--domain> guest
Add all the disks from the named libvirt guest. Domain UUIDs can be
used instead of names.
=item B<-e none>
Disable the escape key.
=item B<-e> KEY
Set the escape key to the given key sequence. The default is C<^]>.
To specify the escape key you can use:
=over 4
=item C<^x>
Control key + C<x> key.
=item C<none>
I<-e none> means there is no escape key, escapes are disabled.
=back
See L</ESCAPE KEY> below for further information.
=item B<--format=raw|qcow2|..>
=item B<--format>
The default for the I<-a> option is to auto-detect the format of the
disk image. Using this forces the disk format for I<-a> options which
follow on the command line. Using I<--format> with no argument
switches back to auto-detection for subsequent I<-a> options.
For example:
virt-rescue --format=raw -a disk.img
forces raw format (no auto-detection) for F<disk.img>.
virt-rescue --format=raw -a disk.img --format -a another.img
forces raw format (no auto-detection) for F<disk.img> and reverts to
auto-detection for F<another.img>.
If you have untrusted raw-format guest disk images, you should use
this option to specify the disk format. This avoids a possible
security problem with malicious guests (CVE-2010-3851).
=item B<-i>
=item B<--inspector>
Using L<virt-inspector(1)> code, inspect the disks looking for
an operating system and mount filesystems as they would be
mounted on the real virtual machine.
The filesystems are mounted on F</sysroot> in the rescue environment.
=item B<--memsize> MB
Change the amount of memory allocated to the rescue system. The
default is set by libguestfs and is small but adequate for running
system tools. The occasional program might need more memory. The
parameter is specified in megabytes.
=item B<-m> dev[:mountpoint[:options[:fstype]]]
=item B<--mount> dev[:mountpoint[:options[:fstype]]]
Mount the named partition or logical volume on the given mountpoint
B<in the guest> (this has nothing to do with mountpoints in the host).
If the mountpoint is omitted, it defaults to F</>. You have to mount
something on F</>.
The filesystems are mounted under F</sysroot> in the rescue environment.
The third (and rarely used) part of the mount parameter is the list of
mount options used to mount the underlying filesystem. If this is not
given, then the mount options are either the empty string or C<ro>
(the latter if the I<--ro> flag is used). By specifying the mount
options, you override this default choice. Probably the only time you
would use this is to enable ACLs and/or extended attributes if the
filesystem can support them:
-m /dev/sda1:/:acl,user_xattr
The fourth part of the parameter is the filesystem driver to use, such
as C<ext3> or C<ntfs>. This is rarely needed, but can be useful if
multiple drivers are valid for a filesystem (eg: C<ext2> and C<ext3>),
or if libguestfs misidentifies a filesystem.
=item B<--network>
Enable QEMU user networking in the guest. See L</NETWORK>.
=item B<-r>
=item B<--ro>
Open the image read-only.
The option must always be used if the disk image or virtual machine
might be running, and is generally recommended in cases where you
don't need write access to the disk.
See also L<guestfish(1)/OPENING DISKS FOR READ AND WRITE>.
=item B<--scratch>
=item B<--scratch=N>
The I<--scratch> option adds a large scratch disk to the rescue
appliance. I<--scratch=N> adds C<N> scratch disks. The scratch
disk(s) are deleted automatically when virt-rescue exits.
You can also mix I<-a>, I<-d> and I<--scratch> options. The scratch
disk(s) are added to the appliance in the order they appear on the
command line.
=item B<--selinux>
This option is provided for backwards compatibility and does nothing.
=item B<--smp> N
Enable N E<ge> 2 virtual CPUs in the rescue appliance.
=item B<--suggest>
This option was used in older versions of virt-rescue to suggest what
commands you could use to mount filesystems under F</sysroot>. For
the current version of virt-rescue, it is easier to use the I<-i>
option instead.
This option implies I<--ro> and is safe to use even if the guest is up
or if another virt-rescue is running.
=item B<-v>
=item B<--verbose>
Enable verbose messages for debugging.
=item B<-V>
=item B<--version>
Display version number and exit.
=item B<-w>
=item B<--rw>
This changes the I<-a>, I<-d> and I<-m> options so that disks are
added and mounts are done read-write.
See L<guestfish(1)/OPENING DISKS FOR READ AND WRITE>.
=item B<-x>
Enable tracing of libguestfs API calls.
=back
=head1 OLD-STYLE COMMAND LINE ARGUMENTS
Previous versions of virt-rescue allowed you to write either:
virt-rescue disk.img [disk.img ...]
or
virt-rescue guestname
whereas in this version you should use I<-a> or I<-d> respectively
to avoid the confusing case where a disk image might have the same
name as a guest.
For compatibility the old style is still supported.
=head1 NETWORK
Adding the I<--network> option enables QEMU user networking
in the rescue appliance. There are some differences between
user networking and ordinary networking:
=over 4
=item ping does not work
Because the ICMP ECHO_REQUEST protocol generally requires root in
order to send the ping packets, and because virt-rescue must be able
to run as non-root, QEMU user networking is not able to emulate the
L<ping(8)> command. The ping command will appear to resolve addresses
but will not be able to send or receive any packets. This does not
mean that the network is not working.
=item cannot receive connections
QEMU user networking cannot receive incoming connections.
=item making TCP connections
The virt-rescue appliance needs to be small and so does not include
many network tools. In particular there is no L<telnet(1)> command.
You can make TCP connections from the shell using the magical
F</dev/tcp/E<lt>hostnameE<gt>/E<lt>portE<gt>> syntax:
exec 3<>/dev/tcp/redhat.com/80
echo "GET /" >&3
cat <&3
See L<bash(1)> for more details.
=back
=head1 ESCAPE KEY
Virt-rescue supports various keyboard escape sequences which are
entered by pressing C<^]> (Control key + C<]> key).
You can change the escape key using the I<-e> option on the command
line (see above), and you can disable escapes completely using
I<-e none>. The rest of this section assumes the default escape key.
The following escapes can be used:
=over 4
=item C<^] ?>
=item C<^] h>
Prints a brief help text about escape sequences.
=item C<^] i>
Prints brief libguestfs inspection information for the guest. This
only works if you used I<-i> on the virt-rescue command line.
=item C<^] q>
=item C<^] x>
Quits virt-rescue immediately.
=item C<^] s>
Synchronize the filesystems (sync).
=item C<^] u>
Unmounts all the filesystems, except for the root (appliance)
filesystems.
=item C<^] z>
Suspend virt-rescue (like pressing C<^Z> except that it affects
virt-rescue rather than the program inside the rescue shell).
=item C<^] ^]>
Sends the literal character C<^]> (ASCII 0x1d) through to the rescue
shell.
=back
=head1 CAPTURING CORE DUMPS
If you are testing a tool inside virt-rescue and the tool (B<not>
virt-rescue) segfaults, it can be tricky to capture the core dump
outside virt-rescue for later analysis. This section describes one
way to do this.
=over 4
=item 1.
Create a scratch disk for core dumps:
truncate -s 4G /tmp/corefiles
virt-format --partition=mbr --filesystem=ext2 -a /tmp/corefiles
virt-filesystems -a /tmp/corefiles --all --long -h
=item 2.
When starting virt-rescue, attach the core files disk last:
virt-rescue --rw [-a ...] -a /tmp/corefiles
B<NB.> If you use the I<--ro> option, then virt-rescue will silently
not write any core files to F</tmp/corefiles>.
=item 3.
Inside virt-rescue, mount the core files disk. Note replace
F</dev/sdb1> with the last disk index. For example if the core files
disk is the last of four disks, you would use F</dev/sdd1>.
><rescue> mkdir /tmp/mnt
><rescue> mount /dev/sdb1 /tmp/mnt
=item 4.
Enable core dumps in the rescue kernel:
><rescue> echo '/tmp/mnt/core.%p' > /proc/sys/kernel/core_pattern
><rescue> ulimit -Hc unlimited
><rescue> ulimit -Sc unlimited
=item 5.
Run the tool that caused the core dump. The core dump will be written
to F</tmp/mnt/core.I<PID>>.
><rescue> ls -l /tmp/mnt
total 1628
-rw------- 1 root root 1941504 Dec 7 13:13 core.130
drwx------ 2 root root 16384 Dec 7 13:00 lost+found
=item 6.
Before exiting virt-rescue, unmount (or at least sync) the disks:
><rescue> umount /tmp/mnt
><rescue> exit
=item 7.
Outside virt-rescue, the core dump(s) can be removed from the disk
using L<guestfish(1)>. For example:
guestfish --ro -a /tmp/corefiles -m /dev/sda1
><fs> ll /
><fs> download /core.NNN /tmp/core.NNN
=back
=head1 ENVIRONMENT VARIABLES
Several environment variables affect virt-rescue. See
L<guestfs(3)/ENVIRONMENT VARIABLES> for the complete list.
=head1 FILES
=over 4
=item $XDG_CONFIG_HOME/libguestfs/libguestfs-tools.conf
=item $HOME/.libguestfs-tools.rc
=item $XDG_CONFIG_DIRS/libguestfs/libguestfs-tools.conf
=item /etc/libguestfs-tools.conf
This configuration file controls the default read-only or read-write
mode (I<--ro> or I<--rw>).
See L<libguestfs-tools.conf(5)>.
=back
=head1 SEE ALSO
L<guestfs(3)>,
L<guestfish(1)>,
L<virt-cat(1)>,
L<virt-edit(1)>,
L<virt-filesystems(1)>,
L<libguestfs-tools.conf(5)>,
L<http://libguestfs.org/>.
=head1 AUTHOR
Richard W.M. Jones L<http://people.redhat.com/~rjones/>
=head1 COPYRIGHT
Copyright (C) 2009-2020 Red Hat Inc.
Reference in New Issue View Git Blame Copy Permalink