Kexec: Difference between revisions

From Alpine Linux
m (→‎Usage: Added note about kexec unable to deal with multiple initrd)
(Explain the boot parameter kexec_load_disabled=0 which unlocks kexec in current (hardened) Alpine kernels.)
Line 16: Line 16:
# kexec -e}}
# kexec -e}}


There are no Alpine-specific considerations for Kexec. Please review the man page and existing references below for more details. This page is deliberately kept short in order to avoid duplicating existing documentation.
Current Alpine kernels have been [https://gitlab.alpinelinux.org/alpine/aports/-/commit/909d020b81c09bf0df649f8aa6b7da10377a0667 hardened] and return
<code>kexec_load failed: Operation not permitted</code>
if kexec is called without unlocking it with the kernel boot parameter
 
<code>kexec_load_disabled=0</code>.
 
Without it the [https://linux.die.net/man/8/sysctl sysctl setting] <code>kernel.kexec_load_disabled</code> defaults to 1 and it can't be turned off in the running kernel, so you need to add the parameter to your [[#Bootloaders|bootloader]] configuration and reboot.
 
There are no other Alpine-specific considerations for Kexec. Please review the man page and existing references below for more details. This page is deliberately kept short in order to avoid duplicating existing documentation.


===Automatically on every reboot/shutdown===
===Automatically on every reboot/shutdown===

Revision as of 14:03, 2 January 2024

kexec is a system call that enables loading and booting into another kernel. This is useful for faster reboots that skip the firmware initialisation process and the bootloader.

Installing kexec-tools

The userspace tools required to use it can be installed via

apk add kexec-tools kexec-tools-doc

The tools are not available on all flavors of Alpine, additionally not all kernels are compiled with the kexec syscall enabled. You will most likely want to check your /boot/config-* file for CONFIG_KEXEC=y

Usage

Manually

Note: Currently multiple initrd (e.g. for loading CPU microcode) is not supported

On a typical Alpine setup, it can be used via:

# kexec -l /boot/vmlinuz-edge --initrd \ /boot/initramfs-edge --reuse-cmdline \ && openrc shutdown # kexec -e

Current Alpine kernels have been hardened and return kexec_load failed: Operation not permitted if kexec is called without unlocking it with the kernel boot parameter

kexec_load_disabled=0.

Without it the sysctl setting kernel.kexec_load_disabled defaults to 1 and it can't be turned off in the running kernel, so you need to add the parameter to your bootloader configuration and reboot.

There are no other Alpine-specific considerations for Kexec. Please review the man page and existing references below for more details. This page is deliberately kept short in order to avoid duplicating existing documentation.

Automatically on every reboot/shutdown

kexec can be set to run automatically for faster rebooting. This is very useful on servers.

First create two openrc services and edit the BOOTPART, KERNEL, and INITRD variables if not using the defaults:

Contents of /etc/init.d/kexec-load

#!/sbin/openrc-run description="kexec for faster reboot" # Define defaults : "${BOOTPART:=/boot}" : "${KERNEL:=vmlinuz-edge}" : "${INITRD:=initramfs-edge}" depend() { need localmount } start() { : } stop() { if ! yesno ${RC_GOINGDOWN}; then einfo "kexec-load: Not rebooting or powering off; not loading kernel" exit fi ebegin "kexec-load: loading kernel for faster reboot" kexec -l "${BOOTPART}/${KERNEL}" \ --initrd "${BOOTPART}/${INITRD}" \ --reuse-cmdline ewend $? Failed. }

Contents of /etc/init.d/kexec-exec

#! /sbin/openrc-run description="kexec for faster reboot" depend() { after killprocs savecache mount-ro } start() { ebegin "kexec-exec: Using kexec for faster reboot" kexec -e ewend $? "kexec-exec No kernel loaded." return 0 }

Now give these services execute permission and assign them to the appropriate runlevels:

chmod a+x /etc/init.d/kexec-load chmod a+x /etc/init.d/kexec-exec rc-update add kexec-load default rc-update add kexec-exec shutdown rc-service kexec-load start

kexec will run on your next reboot or poweroff enjoy!

Note: With both of the above service enabled, the system will reboot via kexec even if you are attempting to poweroff. To temporarily restore default poweroff or reboot behavior, simply run rc-service kexec-load stop beforehand.

See also