SecurePlatform and grub

Posted on November 7, 2012

0



This post is a short story and a summary what grub means and how it is used under SPLAT.
After installing R70 Provider-1 on an Openserver and upgrading it to R70.40 I do not have experienced any problem.
After upgrading from R70.40 to R70.50 the server just booted again and again with kernel panic, there was no way to catch the boot option menü.
The following error messages could I only see (or something similar):

mount:could not find filesystem ‘/dev/root’
setuproot:moving /dev failed:No such file or directory
setuproot:error mounting /proc
setuproot:error mounting /sys
switchroot: mount farled: No such file or directory
kernel panic – not syncing: Attempt to kill init

The problem was that R70 Provider-1 for Openserver does not configure LVM, but the R70.50 upgrade package updates the grub.conf with not existing splat logical volume (/dev/mapper/vg_splat-lv_current)

Before upgrade to R70.50 (actual Version is R70.40):

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/hda2
#          initrd /initrd-version.img
#boot=/dev/cciss/c0d0
default=0
timeout=0
hiddenmenu
machine=ProLiant DL380 G5
menutitle=SecurePlatform R70.40
background 777777
serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
terminal --silent --timeout=5 console serial
password --md5 $1$PCZ_BBBB$CL7wok5dbNONQ3/dI7LVe.
splashimage=(hd0,0)/grub/splash.xpm.gz

title Start in normal mode
        root (hd0,0)
        kernel /vmlinuz ro   root=LABEL=/ vmalloc=128M panic=15 console=SERIAL 3 quiet
        initrd /initrd

title Start in maintenance mode
        lock
        root (hd0,0)
        kernel /vmlinuz ro  root=LABEL=/ panic=15 console=CURRENT debug 7 single
        initrd /initrd

After upgrade to R70.50:

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/hda2
#          initrd /initrd-version.img
#boot=/dev/cciss/c0d0
default=0
timeout=0
hiddenmenu
machine=ProLiant DL380 G5
menutitle=SecurePlatform R70.50
background 777777
serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
terminal --silent --timeout=5 console serial
password --md5 $1$PCZ_BBBB$CL7wok5dbNONQ3/dI7LVe.
splashimage=(hd0,0)/grub/splash.xpm.gz

title Start in normal mode
        root (hd0,0)
        kernel /vmlinuz ro   root=/dev/mapper/vg_splat-lv_current vmalloc=128M panic=15 console=SERIAL 3 quiet
        initrd /initrd

title Start in maintenance mode
        lock
        root (hd0,0)
        kernel /vmlinuz ro  root=/dev/mapper/vg_splat-lv_current panic=15 console=CURRENT debug 7 single
        initrd /initrd

After booting the server with an Ubuntu Rescue Remix Live CD (http://ubuntu-rescue-remix.org/),  I mounted the boot partition and changed back the grub configuration from

root=/dev/mapper/vg_splat-lv_current

to

root=LABEL=/

and started the server again it worked. Okay, but do you know what is a grub.conf contains?
No? Lets clear it with SPLAT grub.conf:

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/hda2
#          initrd /initrd-version.img
#boot=/dev/sda
default=0 ------>  The value default=0 indicates which default image will be loaded.
		   The list of loadable images begin with "title ..." below
timeout=0 ------>  The timeout in seconds specifies how long GRUB will wait before
		   automatically booting the default entry, normally the first defined entry,
		   if there is no user intervention. If it set to 0 the user has not change to choose.
		   Should be changed to 3
hiddenmenu ----->  Prevents the GRUB menu interface from being displayed, loading the default entry
		   when the timeout period expires. The user can see the standard GRUB menu by pressing
		   the Esc key.
machine=S-30-00  ----->  ???
lcd ----->  ???
menutitle=SecurePlatform Pro R70.40
background 777777 ----->  Set the color of the background (similar to foreground directive)
serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1 ----->  Serial Settings...
terminal --silent --timeout=5 console serial ----->  Set the terminal to serial
password --md5 $1blablabalbalbalbalbalbKwkV. ----->  Prevents a user who does not know the password from editing
							  the entries for this menu option.
splashimage=(hd0,0)/grub/splash.xpm.gz ----->  Specifies the location of the splash screen image to be used when GRUB boots.

title Start in normal mode ----->  The first loadable image with the printed title "Start in normal mode"
        root (hd0,0) ----->  	   Configures the root partition for GRUB (,).
        kernel /vmlinuz ro   root=/dev/mapper/vg_splat-lv_current vmalloc=256M panic=15 console=SERIAL 3 quiet
	----->  Specifies the kernel location and parameters*
        initrd /initrd ------>  Enables users to specify an initial RAM disk (.img image file)
				to use when booting.

kernel*
This specifies the kernel location and parameters:
"/vmlinuz"	 - Specifies the kernel filename found on the partition.
"ro"		 - Specifies that the root device is mounted as read only on boot.
"root=/dev/mapper/vg_splat-lv_current" - Tells the kernel what device is to be used as the root filesystem while booting.
"vmalloc=256M"   -
"panic=15"	 - Specifies the time in seconds that will cause the kernel to reboot if it panics.
"console=SERIAL" - Specifies the console.
"3"		 - The entry above would initiate a boot process into runlevel 3. Add 
		   at the end of the boot options line to boot to the desired runlevel**.
"quiet"		 - Disables the log messages during the boot process. Should be enabled for analysation.

Runlevels in Linux

Runlevel value 	Description
0		Halt
1		Single-user mode
2		Multiuser, with some network services
3		Multiuser, with networking
4		Unused
5		Full Multiuser mode with X Windows (GUI login screen)
6		Reboot

grub.conf, initd, device.map and fstab are just a small part of the Linux system. I would suggest for all Checkpoint Administrator to get a Linux Training (especially Red Hat) if those things are not clear.
Linux is like a dog, if you take care of it and teach it what to do, it can be a good friend :-) Ohh I feel myself like a geek, sorry!

GAIA is again something new, you can analyse how the same works (how can we see the boot logs instead of the fedora like blue line?).

Sources:
http://support.f5.com/kb/en-us/solutions/public/6000/600/sol6647.html
http://www.centos.org/docs/5/html/Installation_Guide-en-US/s1-grub-configfile.html
http://www.omnisecu.com/gnu-linux/redhat-certified-engineer-rhce/init-process-and-linux-runlevels.htm
http://www.datadisk.co.uk/html_docs/redhat/rh_lvm.htm

Tagged: , , ,
Posted in: Checkpoint, Provider1, Security, Troubleshootings