When dumping to ssh via link local ipv6 address, the ssh parameter in kdump.conf is supposed to have the form like:
ssh user@fe80::cc1:8bff:fe90:b95f%eth0
where "%eth0" is an existing network interface supporting ipv6.
However, there are 4 problems in enabling link local ipv6:
1) The get_remote_host function in kdump-lib.sh currently doesn't remove the network interface in the ipv6 address, causing the ip command in kdump_install_net function to fail, leading to a "Bad kdump location" message.
2) The logic in kdump_install_net and kdump_setup_iscsi_device will find the network interface to use by "ip route" command, which might be different from what user specified in kdump.conf in link local ipv6 cases.
3) The kdump_setup_ifname function in dracut-module-setup.sh would add 'kdump-' prefix to network interfaces with name like 'eth*', causing ssh target specified in kdump.conf invalid while dumping process.
4) ssh target with 'kdump-' prefixed interface name is not in known_hosts while dumping, leading to ssh connection failure.
This patch series handles the problems above.
Ziyue Yang (3): dracut-module-setup.sh: change route finding logic in link local ipv6 cases dracut-module-setup.sh: add 'kdump-' prefix in kdump.conf for link local ipv6 dracut-kdump.sh: cancel StrictHostKeyChecking for ssh in link local ipv6
dracut-kdump.sh | 10 ++++++++- dracut-module-setup.sh | 60 ++++++++++++++++++++++++++++++++++++++++++-------- kdump-lib.sh | 13 +++++++++++ 3 files changed, 73 insertions(+), 10 deletions(-)
When dumping to ssh via local ipv6 address, the ssh parameter in kdump.conf is supposed to have the form like
ssh user@fe80::cc1:8bff:fe90:b95f%eth0
where "%eth0" is an existing network interface supporting ipv6.
The get_remote_host function in kdump-lib.sh currently doesn't remove the network interface in the link local ipv6 addresses, causing the ip command in kdump_install_net function to fail, leading to a "Bad kdump location" message.
Meanwhile, current logic in kdump_install_net and kdump_setup_iscsi_device will find the network interface to use by "ip route" command, which might be different from what user specified in kdump.conf in link local ipv6 cases.
This commit 1) adds a helper function is_ipv6_link_local to find out whether a host is a link local ipv6 address. 2) changes logic in kdump_install_net and kdump_setup_iscsi_device to get rid of ifname for link local ipv6 before ip command, and use network interface specified in link local ipv6 cases.
Signed-off-by: Ziyue Yang ziyang@redhat.com --- dracut-module-setup.sh | 33 ++++++++++++++++++++++++--------- kdump-lib.sh | 5 +++++ 2 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/dracut-module-setup.sh b/dracut-module-setup.sh index ae13337..70fd572 100755 --- a/dracut-module-setup.sh +++ b/dracut-module-setup.sh @@ -341,12 +341,19 @@ kdump_install_net() { _server=`echo $_serv_tmp | cut -d' ' -f1` fi
- _route=`/sbin/ip -o route get to $_server 2>&1` - [ $? != 0 ] && echo "Bad kdump location: $config_val" && exit 1 - - #the field in the ip output changes if we go to another subnet + if is_ipv6_link_local $_server; then + # use network interface specified by link local address + _netdev=${_server##*%} + _server=${_server%%*} + _route=$(/sbin/ip -o route get to $_server dev $_netdev 2>&1) + [ $? != 0 ] && echo "Bad kdump location: $config_val" && exit 1 + else + _route=$(/sbin/ip -o route get to $_server 2>&1) + [ $? != 0 ] && echo "Bad kdump location: $config_val" && exit 1 + # the field in the ip output changes if we go to another subnet + _netdev=$(get_ip_route_field "$_route" "dev") + fi _srcaddr=$(get_ip_route_field "$_route" "src") - _netdev=$(get_ip_route_field "$_route" "dev")
kdump_setup_netdev "${_netdev}" "${_srcaddr}"
@@ -573,10 +580,18 @@ kdump_setup_iscsi_device() {
[ -n "$username_in" ] && userpwd_in_str=":$username_in:$password_in"
- netdev=$(/sbin/ip route get to ${tgt_ipaddr} | \ - sed 's|.*dev (.*).*|\1|g') - srcaddr=$(echo $netdev | awk '{ print $3; exit }') - netdev=$(echo $netdev | awk '{ print $1; exit }') + if is_ipv6_link_local $tgt_ipaddr; then + # use network interface specified by link local address + netdev=${tgt_ipaddr##*%} + tgt_ipaddr_no_ifname=${tgt_ipaddr%%*} + route=$(/sbin/ip -o route get to $tgt_ipaddr_no_ifname dev $netdev 2>&1) + [ $? != 0 ] && echo "Bad iSCSI address: $tgt_ipaddr" && exit 1 + else + route=$(/sbin/ip -o route get to $tgt_ipaddr 2>&1) + [ $? != 0 ] && echo "Bad iSCSI address: $tgt_ipaddr" && exit 1 + netdev=$(get_ip_route_field "$route" "dev") + fi + srcaddr=$(get_ip_route_field "$route" "src")
kdump_setup_netdev $netdev $srcaddr
diff --git a/kdump-lib.sh b/kdump-lib.sh index 3f0af91..fb3e354 100755 --- a/kdump-lib.sh +++ b/kdump-lib.sh @@ -312,6 +312,11 @@ is_ipv6_address() echo $1 | grep -q ":" }
+is_ipv6_link_local() +{ + echo $1 | grep -q "^fe80::" +} + # get ip address or hostname from nfs/ssh config value get_remote_host() {
Currently the kdump_setup_ifname function would not add 'kdump-' prefix to ssh target specified in link local ipv6 cases, causing ssh dumping failed.
This commit makes kdump_setup_ifname add 'kdump-' prefix to the ssh target specified in kdump.conf in link local ipv6 address cases.
Signed-off-by: Ziyue Yang ziyang@redhat.com --- dracut-module-setup.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
diff --git a/dracut-module-setup.sh b/dracut-module-setup.sh index 70fd572..75ca395 100755 --- a/dracut-module-setup.sh +++ b/dracut-module-setup.sh @@ -167,6 +167,7 @@ kdump_setup_ifname() { # 'kdump-' is already persistent, this should be fine. if [[ $1 =~ eth* ]] && [[ ! $1 =~ ^kdump-* ]]; then _ifname="kdump-$1" + kdump_setup_ipv6_link_local_ifname "ssh" $1 $_ifname else _ifname="$1" fi @@ -174,6 +175,32 @@ kdump_setup_ifname() { echo "$_ifname" }
+# Set ifname in network dumping targets to a specified one +# in link local ipv6 cases +# $1: kdump.conf's config item name +# $2: interface name to change +# $3: interface name to assign +kdump_setup_ipv6_link_local_ifname() +{ + local _config_item=$1 + local _ifname=$2 + local _new_ifname=$3 + + local _target=$(get_option_value $_config_item) + [[ -n $_target ]] && { + local _host=$(get_remote_host $_target) + if is_ipv6_link_local "$_host"; then + local _target_prefix=${_target%%*} + local _target_postfix=${_target##*%} + if [[ $_target_postfix == $_ifname ]]; then + _new_target="$_target_prefix%$_new_ifname" + sed -i "/^$_config_item\ /d" ${initdir}/tmp/$$-kdump.conf + echo "$_config_item $_new_target" >> ${initdir}/tmp/$$-kdump.conf + fi + fi + } +} + kdump_setup_bridge() { local _netdev=$1 local _brif _dev _mac _kdumpdev
ssh target of link local ipv6 might have network interface name prefixed by 'kdump-', which is not in known_hosts while dumping, leading to failure in dump_ssh.
This commit 1) adds a helper function is_ipv6_link_local_ifname_prefixed to find out whether a host is a link local ipv6 address with 'kdump-' prefixed ifname; 2) makes dump_ssh cancel 'StrictHostKeyChecking' for link local ipv6 address cases in order to bypass the known_hosts, for it's not possible to add 'kdump-' variants in hashed known_hosts if there is any need.
Signed-off-by: Ziyue Yang ziyang@redhat.com --- dracut-kdump.sh | 10 +++++++++- kdump-lib.sh | 8 ++++++++ 2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/dracut-kdump.sh b/dracut-kdump.sh index b75c2a5..2c32e4e 100755 --- a/dracut-kdump.sh +++ b/dracut-kdump.sh @@ -71,10 +71,18 @@ dump_raw()
dump_ssh() { - local _opt="-i $1 -o BatchMode=yes -o StrictHostKeyChecking=yes" + local _opt="-i $1 -o BatchMode=yes" local _dir="$KDUMP_PATH/$HOST_IP-$DATEDIR" local _host=$2
+ # cancel HostKeyChecking for link-local ipv6 address + # with "kdump-" prefixed interface name + if is_ipv6_link_local_ifname_prefixed $(get_remote_host $_host); then + _opt+=" -o StrictHostKeyChecking=no" + else + _opt+=" -o StrictHostKeyChecking=yes" + fi + echo "kdump: saving to $_host:$_dir"
cat /var/lib/random-seed > /dev/urandom diff --git a/kdump-lib.sh b/kdump-lib.sh index fb3e354..06548fe 100755 --- a/kdump-lib.sh +++ b/kdump-lib.sh @@ -317,6 +317,14 @@ is_ipv6_link_local() echo $1 | grep -q "^fe80::" }
+is_ipv6_link_local_ifname_prefixed() +{ + is_ipv6_link_local $1 && { + local _postfix=${1##*%} + echo $_postfix | grep -q "^kdump-" + } +} + # get ip address or hostname from nfs/ssh config value get_remote_host() {
On 09/05/17 at 11:35am, Ziyue Yang wrote:
When dumping to ssh via link local ipv6 address, the ssh parameter in kdump.conf is supposed to have the form like:
ssh user@fe80::cc1:8bff:fe90:b95f%eth0
where "%eth0" is an existing network interface supporting ipv6.
However, there are 4 problems in enabling link local ipv6:
- The get_remote_host function in kdump-lib.sh currently
doesn't remove the network interface in the ipv6 address, causing the ip command in kdump_install_net function to fail, leading to a "Bad kdump location" message.
- The logic in kdump_install_net and kdump_setup_iscsi_device
will find the network interface to use by "ip route" command, which might be different from what user specified in kdump.conf in link local ipv6 cases.
- The kdump_setup_ifname function in dracut-module-setup.sh
would add 'kdump-' prefix to network interfaces with name like 'eth*', causing ssh target specified in kdump.conf invalid while dumping process.
- ssh target with 'kdump-' prefixed interface name is not
in known_hosts while dumping, leading to ssh connection failure.
This patch series handles the problems above.
Ziyue Yang (3): dracut-module-setup.sh: change route finding logic in link local ipv6 cases dracut-module-setup.sh: add 'kdump-' prefix in kdump.conf for link local ipv6 dracut-kdump.sh: cancel StrictHostKeyChecking for ssh in link local ipv6
dracut-kdump.sh | 10 ++++++++- dracut-module-setup.sh | 60 ++++++++++++++++++++++++++++++++++++++++++-------- kdump-lib.sh | 13 +++++++++++ 3 files changed, 73 insertions(+), 10 deletions(-)
-- 2.9.3 _______________________________________________ kexec mailing list -- kexec@lists.fedoraproject.org To unsubscribe send an email to kexec-leave@lists.fedoraproject.org
Hi, Ziyue
Thanks for your patches, since it needs modify the network interface name, so we need re-evaluate the "kdump-" prefix approach, let's defer this series after that investigation.
Thanks Dave