Using Your
Knoppix CD as a Rescue CD
Copyright (C) 2003 by Steve Litt
[ Linux Library | Knoppix
Knowhow | Troubleshooters.Com
| Email Steve Litt | Copyright Notice ]
Contents:
Executive Summary
The worst has happened. Your Linux box won't boot, and your data sits
there unreachable. Luckily, you have your trusty Knoppix CD, so you can
bust into the most locked up system, as long as the filesystems are
still intact. Armed with your Knoppix disk, you can probably re-enable
booting. But even if that's not possible, you can copy your data to a
spare partition and send it, via the network, to another machine.
This document discusses the various ways you can use your Knoppix CD to
bust back into a zapped machine, take control, and either re-enable
booting or move your data to safety.
Disclaimer
Obviously, you use this document at your own risk. I am not responsible
for any damage or injury caused by your use of this document, or caused
by errors and/or omissions in this document. If that's not acceptable to
you, you may not use this document. By using this document you are
accepting this disclaimer.
What is Knoppix
Knoppix is a Linux distro that can run completely off a bootable CD,
with no need for a hard disk. Its primary use is as a Linux advocacy
tool. Give a Knoppix CD to a Windows user, tell him to boot to that CD
(most Windows users are smart enough to know how to set the bios to boot
a CD), and watch the fun. Within a minute Knoppix has found all his
hardware, and has even mounted all his partitions read-only, in a nice,
easy KDE environment. The Windows user can experiment with OpenOffice,
Evolution, Mozilla, Gimp, and many other wonderful pieces of Linux
software.
Like all Linux distros, when you boot to the Knoppix CD you come to a
boot prompt. On high quality hardware you'd typically press Enter, but
in some situations you'll need to pass boot parameters (Knoppix calls
them "cheat codes") to the kernel. The most frequently needed parameters
involve video, because Knoppix's default resolution might produce
too-small fonts on a small monitor, or it might overdrive the monitor.
For an overdriven monitor you can either set the vertical refresh rate
(knoppix xvrefresh=) or the geometry (knoppix screen=). To see a list of
all the possible boot parameters, press the F2 button at the boot
prompt. The following is a list of the boot parameters on my Knoppix CD:
Boot
param
|
Purpose
|
knoppix lang=
|
Choose language/keyboard
|
knoppix desktop=
|
Use window manager other than KDE
|
knoppix screen=
|
1280x1024, 1024x768,
800x600,640x480 etc
|
knoppix xserver=
|
Use X server other than default
XFree86
|
knoppix wheelmouse
|
Use IMPS/2-compatible wheelmouse
|
knoppix xvrefresh=60
|
Use 60Hz vertical refresh. Try
this or lower values if your monitor overdrives
|
knoppix 2
|
Textmode only (runlevel 2)
|
knoppix 1
|
Single user mode (runlevel 1).
Use this to perform rescue operations
|
knoppix floppyconfig
|
Run "knoppix.sh" from a floppy.
|
knoppix no <hardware>
|
Disable hardware detection on a
device
|
knoppix blind brltty=
|
Use Braille-Terminal, no X
|
failsafe
|
(Almost) no hardware detection
|
expert
|
Interactive startup/setup
|
You can combine boot parameters. For instance, you could do this:
knoppix wheelmouse xvrefresh=60 lang=us
Once you press enter on the boot prompt (whether or not you input boot
parameters), a rather long boot process takes place. The process is long
because Knoppix is detecting all your hardware, and readonly mounting
all your partitions.
Knoppix as an
Investigational Tool
Before your repair a non-booting system, you need to understand it.
Rescue CD's such as the Red Hat Installer and the old Linuxcare CD's
don't make such investigation easy. Knoppix does.
Knoppix' default boot is GUI mode. The desktop contains an icon for
every partition in the machine. Single-clicking any of these partitions
brings up its contents in a file manager so you can instantly deduce its
normal mountpoint. Write down each partition device and its mountpoint
so that you have the necessary information when you do the actual repair.
You might want to look at some configuration files. And naturally
you'll want to browse the logs. Finally, check out the "files" in the
/proc directory, especially /proc/meminfo
and /proc/partitions.
If there was a question about features like sound and video, check
whether they work in Knoppix. If so, copy their configuration files to a
place on one of the system's partitions.
Once your investigation's complete, it's time to bust in and take
control of the machine.
Backing Up
from the Knoppix Environment
In many cases, your first responsibility is to protect the data on a
no-boot computer. Boot to your Knoppix CD. and take measures to copy
the data off the computer.
By far the easiest way is to copy the data to a CD. This is a great
alternative, but there are several requirements:
- The computer must have a CD burner (or you must be willing to
install one)
- The computer must have a partition, that can be mounted
read/write, that has enough space to hold image files
Backing Up to CD
To back up to a CD, follow these instructions:
- Place a blank, writeable CD in the CD writer drive
- StartButton->system->system
- Do not launch it from the command prompt -- it will not work
- Click button labeled "Launch X-CD-Roast
- Click the OK button on the "No root configuration file found"
warning window
- Click the Setup button
- Configure as you would in any X-CD-Roast setup
- Be sure to enable a writeable directory for the temporary
storage directory in the HD Settings tab
- Click the Save Configuration button when done
- Click the Create CD button
- Click the Master Tracks button
- Add whatever directories you want to back up. Note the maximum of
650MB on normal CDs
- Click the "Create session/image" tab
- BE SURE the "Write Device" near the top is correct
- Make sure the CD-R/RW Type" field is correct for the CD you're
using
- Make sure the Speed spinner is set to the correct value for the
burner and media
- Click the "Calculate Size" button to calculate the size
- Click the "Master and write on-the-fly" button
- When the CD ejects, eyeball its contents (on another computer) to
see if it looks like it got all the necessary data
Assuming you have a partition you can mount writeable, you can use tar,
gzip, mkisofs and cdrecord to record the CD. This has the advantage of
better verification and also compression, meaning you can get more on a
single CD. But it involves more thinking, and in tense situations, you
might want to go the brainless route.
Network Backups
If you can't back up to CDROM, back up via the network. If necessary,
install a network card in the no-boot computer, and Knoppix will find
and use it. The network card should be fast (minimum 100Mbps) because
of the huge data amounts. Likewise, all wiring, hubs or switches, and
the network card on the destination computer should support the high
speed.
There's no reason why the no-boot computer or the destination computer
should be on the LAN. You could hook them together with two network
cables and a hub, or even a crossover network cable (although that
reduces troubleshooting test points).
The destination computer must have a partition with enough room to hold
the backup, and it must have a DHCP server to give the Knoppix booted
computer an address. Of course, if you're connecting to the destination
computer through the LAN, any DHCP server on the LAN can give the
Knoppix booted computer an address, but take care that it's in the same
subnet as the destination computer.
The destination computer must have an ssh server. Or, if you're doing
an NFS transfer, it must have an NFS server and a properly configured /etc/exports file.
Backing Up Via ssh
The easiest way I've found is by using ssh. Assuming the following:
- You want to back up the downed computer's /home directory
- The /home directory
was mounted to /dev/hda4
- Under Knoppix, /dev/hda4
is mounted to /mnt/hda4
- A computer at 192.168.100.4 has the following attributes:
- A DHCP server
- A directory called /scratch
with enough space to store the backup
- A user called myuid
who has write access to /scratch
In the preceding circumstances, the following command will back up the
former home directory will be backed up to emergency.tgz in the /scratch directory on
192.168.100.4:
tar czf - /mnt/hda4 | ssh myuid@192.168.100.4 'cat > /scratch/emergency.tgz'
The emergency.tgz file
will extract files to a mnt/hda4/
directory instead of a /home
directory. If it's necessary to restore this data, a mv command can be used to put
the data in the right place after extraction.
The preceding example backs up an entire partition. To back up a
directory within a partition, just append the directory. For instance,
had you wanted to back up /home/myuid
only, the argument to the tar
command would have been /mnt/hda4/myuid.
Backing Up Via NFS
So far I've not found a way, from a Knoppix booted machine, to
successfully mount an exported directory, but I'll continue trying to
find one. When I do, network backups will be trivial -- something like
this:
tar czf emergency.tgz /mnt/nfs
Huge Backups
The backups mentioned in this article fit on a CD or a spare partition.
Sometimes that isn't realistic. In such cases, I imagine the ssh method could be used to
write directly to tape. I don't know how to do that, but it's probably
not too difficult.
Summary
When a computer becomes unbootable, often your first responsibility is
to protect the data on that computer. By booting Knoppix on the
unbootable computer, you gain access to its partitions and can copy its
data either to CD's, or over the network for disposition on another
computer. It's often best to perform this backup action before
attempting to restore the computer to bootability.
Busting Back Into a
Locked Up Machine
You told yourself not to mess with lilo.conf! But nooooooo, you
had to mess with it, run lilo,
and reboot. And now you get nothing.
Don't worry, Knoppix to the rescue.
First step is to investigate, as described in Knoppix as an
Investigational Tool. Once fully armed with information, use your
Knoppix CD to bust back in to even the most locked up systems.
Place the Knoppix CD in the CD drive, shut down the system, set the
bios to boot from the CD, and bring the system back up. Now, obtain a
root prompt by pressing Ctrl+Alt+F2. Actually, the F2 could be anything
between F1 and F4, because those are the four virtual terminals.
Ctrl+Alt+F5 houses the GUI, which cannot give you a root prompt. Unlike
most distributions, Ctrl+Alt+F2 in Knoppix gives you a root prompt
without requiring a password.
At the root prompt, you are the root user, with full access to the
system.
First, mount the root partition by its device number. For instance, if
the partition mounted as the root directory was /dev/hda2, perform the
following command:
mount /dev/hda2 /mnt/hda2
Note that Knoppix creates directories for each partition, under the /mnt directory, so there's no
need to create /mnt/hda8.
What you do next depends on whether you want to use the Knoppix programs
to achieve the repairs, or whether you'd prefer to use the programs of
the computer under repair. Your choice depends on many factors:
Use the Knoppix Utilities when...
|
Use the underlying system's
utilities when...
|
- You believe the underlying system's utilities have been
compromised (rootkit, etc).
- You're performing repairs requiring the underlying system's
root partition or /usr directory or other important partitions to be
unmounted.
- The Knoppix utilities are easier to use.
- The underlying system's partitions are so damaged as to be
useless in restoring bootability.
|
- You find it less confusing to work within the original
system's directory structure.
- You're trying to fix a lilo problem.
- The underlying utilities are easier to use than the Knoppix
utilities.
|
Using the underlying System's Utilities
Assume the following mounts in the original system:
/dev/hda1
|
/boot
|
/dev/hda2 |
/ |
/dev/hda3 |
/usr |
Do the following:
mount /dev/hda2 /mnt/hda2
chroot /mnt/hda2
mount /dev/hda1 /boot
mount /dev/hda3 /usr
You now have a replica of the original filesystem, making creation and
modification of config files MUCH easier. This is especially important
when configuring lilo.conf,
because many aspects of lilo.conf
configuration depend on the filesystem structure when lilo is run, not when the system
is subsequently booted. In other words, if, in the Knoppix world, your
system had completely different mountpoints, you'd need to change those
mountpoints within lilo.conf,
and then change them back once the system was repaired. Ughhh!
When possible, it's often, but not always easiest using your system's
native filesystem to accomplish the repairs.
Always remember to unmount everything before rebooting and attempting
to boot the original system. Unmounting guarantees that everything will
be written to disk. Do the following:
umount /dev/hda3
umount /dev/hda1
exit
umount /dev/hda2
The exit command undoes
the chroot performed
earlier.
With the partitions unmounted, from the Knoppix command prompt, type reboot. The CD will pop out.
Remove it, press Enter, and the system will attempt to boot its original
operating system.
Using the Knoppix Utilities
Unfortunately, it's not always advisable or even possible to use the
native system's utilities. For instance, one or more of the native
system's partitions might be so damaged as to be unusable. Or maybe you
suspect that you've been rootkitted and don't trust the native system's
utilities.
The real showstopper is that if you boot to Knoppix and then chroot to
the underlying system's root partition, the functional /proc and /dev special directories are
unavailable. You might find contents in the /dev directory, but they're not
real devices. Sometimes you can perform /proc and dependent tasks
before chrooting. Other times it's better to byte the bullet and decline
to chroot. Except in special cases such as lilo.conf,
it's not difficult.
Once again, assume the following mounts in the original system:
/dev/hda1
|
/boot
|
/dev/hda2 |
/ |
/dev/hda3 |
/usr |
First, perform actions requiring unmounted partitions. The tune2fs, fsck and e2fsck commands come to mind.
Then mount the drives:
mount /dev/hda1 /mnt/hda1
mount /dev/hda2 /mnt/hda2
mount /dev/hda3 /mnt/hda3
Now you can work on individual files and run programs. Perhaps you
need to copy files onto the computer. This is particularly true if you
blew a computer compile and now must get it back. Don't forget that with
modular kernels, the original /lib/modules/version_number directory
must be restored. Perhaps the best bet is to compile a monolithic
kernel on another machine, place it and its associated initrd file on
the blown machine, modify grub.conf,
run grub_install, and
reboot.
Always remember to unmount everything before rebooting and attempting
to boot the original system. Unmounting guarantees that everything will
be written to disk. Do the following:
umount /dev/hda3
umount /dev/hda2
umount /dev/hda1
With the partitions unmounted, from the Knoppix command prompt, type reboot. The CD will pop out.
Remove it, press Enter, and the system will attempt to boot its original
operating system.
When Things Go Wrong
"Does not boot" problems are seldom simple. They're usually caused by
system level problems -- often arcane ones. Here are some
troubleshooting tips:
- Damage control: back up data not previously backed up.
- Read error messages very carefully. First understand the literal
meaning, and then find a way to apply that literal meaning to the
situation.
- Place parts of the error message in a search engine. Probably
others have had this problem before.
- While on the Internet, find out as much as possible about the
subject.
- Experiment.
- Remember to read error messages very carefully. For instance, if
the error message gripes about "device not found", look at /dev/hda1 before examining /boot.
Summary
When things go wrong, you need Knoppix. A Knoppix CD can allow you to
boot an unbootable computer, salvage and transfer its data, and then
fix whatever is preventing bootup.
See also: [ Linux Library | Knoppix Knowhow | Troubleshooters.Com | Email Steve Litt | Copyright Notice ]
Copyright (C)2003
by Steve Litt. -- Legal