Installing and configuring Crash utility for kernel dumps analysis on RHEL OR CentOS 7

Installing and configuring Crash utility for kernel dumps analysis on RHEL OR CentOS 7


What is Crash utility?

Crash is a linux utility which analyses the core dump file created by kdump. Crash utility depends on the kdump and kexec utilities to obtain its input file. A linux kernel, when boots with the crashkernel argument, it reserves some memory space to capture kernel dump in panic conditions. In case kernel panic's, the kexec utility triggers a warm reboot into a dump kernel, where the memory contents of the panicked kernel get's backed up. Once the core dump copied to the configured location then system does cold reboot and loads up standard default kernel.


Step 1. Install Crash utility and Kernel-debug package:

# yum install crash

OR You can download "Crash" source, compile it and install:

# wget http://people.redhat.com/anderson/crash-7.2.5.tar.gz
# tar -zxvf crash-7.2.5.tar.gz
# cd crash-7.2.5
# make && make install

You can get more information on Crash utility from it's whitepaper "http://people.redhat.com/anderson/crash_whitepaper/#BUILD_PROCEDURE"


Step 2. Once Crash is installed, install kernel-debuginfo package:

In my case i am running CentOS 7 so we will have to enable "CentOS-Debuginfo.repo" first,

# vi /etc/yum.repos.d/CentOS-Debuginfo.repo
[base-debuginfo]
name=CentOS-7 - Debuginfo
baseurl=http://debuginfo.centos.org/7/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Debug-7
enabled=1

save and exit.

If you are running RHEL 7 follow instructions from below link,
https://access.redhat.com/solutions/9907


# yum install kernel-debuginfo*


Step 3. Enable cump of the vmcore file:

Set "crashkernel=auto" option in GRUB_CMDLINE_LINUX variable.

# vi /etc/default/grub
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet"


Regenerate "grub.cfg" configuration file:

# grub2-mkconfig -o /boot/grub2/grub.cfg


Step 4. Set and verify default location to capture kernel crash core files:

Note: the core dump can be stored in a local filesystem or directly on a device, or sent via NFS or SSH. If unset, will use the default "/var/crash" directory.

# vi /etc/kdump.conf

path /var/crash

Now we are done with Crash configuration. Once above procedure is done reboot the server.


To test if this configuration is working let's initiate kernel panic :)

Before you inject kernel panic verify if: 

kdump is active and running

# systemctl is-active kdump
active


if not active use below command -

# systemctl enable kdump.service

# systemctl start kdump.service


Once kdump is running run below two commands to initiate kernel panic with sysrq, also make sure you have enough space in core directory "/var/crash" to store core dump:

# echo 1 > /proc/sys/kernel/sysrq

# echo c > /proc/sysrq-trigger

running last command will initiate kernel panic > store core file and the reboots system. So once host is up after reboot run crash utility to analyse vmcore:

# crash /usr/lib/debug/lib/modules/3.10.0-957.10.1.el7.x86_64/vmlinux /var/crash/127.0.0.1-2019-04-06-21\:12\:55/vmcore

crash>

Comments

  1. John OdomAugust 11, 2021 at 5:25 PM

    I think this is one of the most significant information for me.
    John Odom

    ReplyDelete

Post a Comment

Popular posts from this blog

Recover or restore initramfs file in RHEL or CentOS 7

Image
What if "initramfs" file is deleted or corrupted on your RHEL or CentOS 7 ? Lets know what is initramfs image ? The INITial RAM Disk (initrd) is an initial root file system that usually get mounted prior to when the real root file system gets available. The "initrd" image is also known as "initramfs (Initial RAM FileSystem)" from RHEL 6.x onwards. The initrd/initramfs gets bound to the kernel and loaded as part of the kernel boot procedure. The kernel then mounts this initrd/initramfs as part of the two-stage boot process to load the modules to make the real file systems available and mount's the real root file system. Initrd/Initramfs image provides the capability to load a RAM disk by the boot loader. This RAM disk can then be mounted as the root filesystem and programs can be run from it. Afterwards, a new root file system can be mounted from a different device. The previous root filesystem which was mounted from initrd/initramfs is then
Read more

Space reclamation / UNMAP on RHEL or CentOS 7

What is Space Reclamation? This feature supports Thin Provisioned environment, and it is the process of freeing space from the storage system that has already been freed from the host file system. A host file system contains metadata to keep track to know which blocks are available to store new data and which blocks contain actual data and must not be overwritten. This metadata is stored within the LUN. When a file is deleted in the host file system, the file system metadata is updated to mark that file's blocks as free space. Total file system free space is then recalculated to include the newly-freed blocks. To the storage system, these metadata updates appear no different than any other writes being performed by the host. Therefore, the storage system is unaware that any deletions have occurred. What is Unmapping? Unmapping is a process which de-allocates relationship between LBA and a physical block in a logical unit. Reclamation within RHEL and CentOS: RHEL / Ce
Read more

How to recover /boot partition on RHEL or CentOS 7?

Image
What if mistakenly you delete all the files from /boot partition or files got corrupted due to some reason ! You will see below error on the screen at the time of system boot. But there is a way to recover /boot partition files :) Follow these steps to recover /boot partition : Step 1 :  Mount RHEL or CentOS 7 ISO image on your physical server and boot from it. In case you are using HPE Prolient server you can mount this ISO image on iLO, if this is virtual environment then mount it accordingly and reboot server or VM from ISO. Once rebooted you will see below options: Step 2 :  Scroll down and select "Troubleshooting" option from menu and PRESS "Enter" Step 3 :  Select "Rescue a CentOS system" and press ENTER: Step 4 :  Press ENTER key again to continue: Step 5 :  To continue, Type "1" and press ENTER, this will bring you to rescue mode, chroot sysimage filesystem using below command:
Read more