Kexec: Difference between revisions

From Alpine Linux
(Explain the boot parameter kexec_load_disabled=0 which unlocks kexec in current (hardened) Alpine kernels.)
m (fix wiki link)
Line 22: Line 22:
<code>kexec_load_disabled=0</code>.
<code>kexec_load_disabled=0</code>.


Without it the [https://linux.die.net/man/8/sysctl sysctl setting] <code>kernel.kexec_load_disabled</code> defaults to 1 and it can't be turned off in the running kernel, so you need to add the parameter to your [[#Bootloaders|bootloader]] configuration and reboot.
Without it the [https://linux.die.net/man/8/sysctl sysctl setting] <code>kernel.kexec_load_disabled</code> defaults to 1 and it can't be turned off in the running kernel, so you need to add the parameter to your [[Bootloaders|bootloader]] configuration and reboot.


There are no other Alpine-specific considerations for Kexec. Please review the man page and existing references below for more details. This page is deliberately kept short in order to avoid duplicating existing documentation.
There are no other Alpine-specific considerations for Kexec. Please review the man page and existing references below for more details. This page is deliberately kept short in order to avoid duplicating existing documentation.

Revision as of 14:10, 2 January 2024

kexec is a system call that enables loading and booting into another kernel. This is useful for faster reboots that skip the firmware initialisation process and the bootloader.

Installing kexec-tools

The userspace tools required to use it can be installed via

apk add kexec-tools kexec-tools-doc

The tools are not available on all flavors of Alpine, additionally not all kernels are compiled with the kexec syscall enabled. You will most likely want to check your /boot/config-* file for CONFIG_KEXEC=y

Usage

Manually

Note: Currently multiple initrd (e.g. for loading CPU microcode) is not supported

On a typical Alpine setup, it can be used via:

# kexec -l /boot/vmlinuz-edge --initrd \ /boot/initramfs-edge --reuse-cmdline \ && openrc shutdown # kexec -e

Current Alpine kernels have been hardened and return kexec_load failed: Operation not permitted if kexec is called without unlocking it with the kernel boot parameter

kexec_load_disabled=0.

Without it the sysctl setting kernel.kexec_load_disabled defaults to 1 and it can't be turned off in the running kernel, so you need to add the parameter to your bootloader configuration and reboot.

There are no other Alpine-specific considerations for Kexec. Please review the man page and existing references below for more details. This page is deliberately kept short in order to avoid duplicating existing documentation.

Automatically on every reboot/shutdown

kexec can be set to run automatically for faster rebooting. This is very useful on servers.

First create two openrc services and edit the BOOTPART, KERNEL, and INITRD variables if not using the defaults:

Contents of /etc/init.d/kexec-load

#!/sbin/openrc-run description="kexec for faster reboot" # Define defaults : "${BOOTPART:=/boot}" : "${KERNEL:=vmlinuz-edge}" : "${INITRD:=initramfs-edge}" depend() { need localmount } start() { : } stop() { if ! yesno ${RC_GOINGDOWN}; then einfo "kexec-load: Not rebooting or powering off; not loading kernel" exit fi ebegin "kexec-load: loading kernel for faster reboot" kexec -l "${BOOTPART}/${KERNEL}" \ --initrd "${BOOTPART}/${INITRD}" \ --reuse-cmdline ewend $? Failed. }

Contents of /etc/init.d/kexec-exec

#! /sbin/openrc-run description="kexec for faster reboot" depend() { after killprocs savecache mount-ro } start() { ebegin "kexec-exec: Using kexec for faster reboot" kexec -e ewend $? "kexec-exec No kernel loaded." return 0 }

Now give these services execute permission and assign them to the appropriate runlevels:

chmod a+x /etc/init.d/kexec-load chmod a+x /etc/init.d/kexec-exec rc-update add kexec-load default rc-update add kexec-exec shutdown rc-service kexec-load start

kexec will run on your next reboot or poweroff enjoy!

Note: With both of the above service enabled, the system will reboot via kexec even if you are attempting to poweroff. To temporarily restore default poweroff or reboot behavior, simply run rc-service kexec-load stop beforehand.

See also