Work with host system in Hetzner Rescue Mode
The Hetzner Rescue System is a Linux live environment that gives administrative access to you for your server. It helps to repair an installed system, to check file systems or to install a new operating system.
Problem
I show you an example. There is a host with installed CentOS 7 with SWRAID 1 and LVM.
I can’t get a remote access by ssh (because I’ve forgotten the root
password):
$ ssh root@xxx.xxx.xxx.xxx
root@xxx.xxx.xxx.xxx's password:
Permission denied, please try again.
root@xxx.xxx.xxx.xxx's password:
Permission denied, please try again.
root@xxx.xxx.xxx.xxx's password:
Permission denied (publickey,password).
The string xxx.xxx.xxx.xxx
is a public IP of the remote server.
Let’s see what I do in this situation.
Instructions
- Activating a rescue mode for selected server in Hetzner web panel. Choose your ssh key for connecting to the rescue server without password.
- Reset the server: select first or second option
The rescue system will be loaded after the server reboot. And we can connects to it with our ssh key (the key that we inserted on step 1)
- Connect to the server by ssh.
Where is xxx.xxx.xxx.xxx
public IP of the server
(you can find it in the web panel)
$ ssh root@xxx.xxx.xxx.xxx
The server will return some information
-------------------------------------------------------------------
Welcome to the Hetzner Rescue System.
This Rescue System is based on Debian 8.0 (jessie) with a newer
kernel. You can install software as in a normal system.
To install a new operating system from one of our prebuilt
images, run 'installimage' and follow the instructions.
More information at http://wiki.hetzner.de
-------------------------------------------------------------------
Hardware data:
CPU1: AMD Ryzen 7 1700X Eight-Core Processor (Cores 16)
Memory: 64370 MB
Disk /dev/sda: 512 GB (=> 476 GiB)
Disk /dev/sdb: 512 GB (=> 476 GiB)
Total capacity 953 GiB with 2 Disks
Network data:
eth0 LINK: yes
MAC: 00:00:00:00:00:00
IP: xxx.xxx.xxx.xxx
IPv6: 1001:1001:1001:1001::2/64
RealTek RTL-8169 Gigabit Ethernet driver
- Because I use LVM in the host system, I run commands to scan disk for Volume Groups and Physical Volumes.
root@rescue ~ # vgscan
Reading all physical volumes. This may take a while...
Found volume group "vg0" using metadata type lvm2
root@rescue ~ # pvscan
PV /dev/md1 VG vg0 lvm2 [476,31 GiB / 341,31 GiB free]
Total: 1 [476,31 GiB] / in use: 1 [476,31 GiB] / in no VG: 0 [0 ]
- Fine. Was founded a group named
vg0
. It is a group that I want to mount. Activate it.
root@rescue ~ # lvm vgchange -a y
4 logical volume(s) in volume group "vg0" now active
And view a result of it.
root@rescue ~ # lvscan
ACTIVE '/dev/vg0/root' [10,00 GiB] inherit
ACTIVE '/dev/vg0/tmp' [5,00 GiB] inherit
ACTIVE '/dev/vg0/home' [20,00 GiB] inherit
We see the a familiar file structure, don’t it?
- Now display the devices that you can mount.
root@rescue ~ # ls -l /dev/mapper/vg*
lrwxrwxrwx 1 root root 7 Sep 11 07:26 /dev/mapper/vg0-home -> ../dm-2
lrwxrwxrwx 1 root root 7 Sep 11 07:26 /dev/mapper/vg0-root -> ../dm-0
lrwxrwxrwx 1 root root 7 Sep 11 07:26 /dev/mapper/vg0-tmp -> ../dm-1
- Then, mount the desired MD device of the host server.
I will mount /
in the host server as /mnt
in the rescue server (current session)
root@rescue ~ # mount /dev/mapper/vg0-root /mnt
Now we can work with files as usual
root@rescue ~ # ls -l /mnt
total 1,2M
lrwxrwxrwx 1 root root 7 May 14 08:39 bin -> usr/bin
drwxr-xr-x 2 root root 4,0K Sep 10 16:08 boot
drwxr-xr-x 2 root root 4,0K Sep 10 16:08 dev
drwxr-xr-x 71 root root 4,0K Sep 10 16:09 etc
drwxr-xr-x 2 root root 4,0K Sep 10 16:08 home
-rw-r----- 1 root root 733 Sep 10 16:09 installimage.conf
-rw-r----- 1 root root 1,2M Sep 10 16:09 installimage.debug
lrwxrwxrwx 1 root root 7 May 14 08:39 lib -> usr/lib
lrwxrwxrwx 1 root root 9 May 14 08:39 lib64 -> usr/lib64
drwx------ 2 root root 16K Sep 10 16:07 lost+found
drwxr-xr-x 2 root root 4,0K Apr 11 06:59 media
drwxr-xr-x 2 root root 4,0K Apr 11 06:59 mnt
drwxr-xr-x 2 root root 4,0K Apr 11 06:59 opt
drwxr-xr-x 2 root root 4,0K Sep 10 16:08 proc
dr-xr-x--- 4 root root 4,0K Sep 10 16:08 root
drwxr-xr-x 3 root root 4,0K Sep 10 16:08 run
lrwxrwxrwx 1 root root 8 May 14 08:39 sbin -> usr/sbin
drwxr-xr-x 2 root root 4,0K Apr 11 06:59 srv
drwxr-xr-x 2 root root 4,0K Sep 10 16:08 sys
drwxr-xr-x 2 root root 4,0K Sep 10 16:08 tmp
drwxr-xr-x 13 root root 4,0K May 14 08:39 usr
drwxr-xr-x 19 root root 4,0K May 14 08:39 var
- Make some actions with host files.
As I said I’ve lost a control to the server. Now I want to add the ssh-key for access without password to the host.
Edit a file .ssh/authorized_keys
, and add our public key in it.
root@rescue ~ # vi /mnt/root/.ssh/authorized_keys
root@rescue ~ # ls -l /mnt/root/.ssh/authorized_keys
-rw-r--r-- 1 root root 747 Sep 11 07:28 /mnt/root/.ssh/authorized_keys
root@rescue ~ # chmod 600 /mnt/root/.ssh/authorized_keys
root@rescue ~ # ls -l /mnt/root/.ssh/authorized_keys
-rw------- 1 root root 747 Sep 11 07:28 /mnt/root/.ssh/authorized_keys
- In the finish of work with the host files unmount the root device.
root@rescue ~ # umount /dev/mapper/vg0-root
And deactivate volume group vg0
root@rescue ~ # lvm vgchange -a n vg0
0 logical volume(s) in volume group "vg0" now active
- Now you can exit from rescue mode. Just run a reboot command.
root@rescue ~ # reboot
Broadcast message from root@rescue on pts/0 (Tue 2018-09-11 08:58:23 CEST):
The system is going down for reboot NOW!
- That’s all. The server will reboot and the host system will start.
Try to connect.
$ ssh root@xxx.xxx.xxx.xxx
Last failed login: Mon Sep 10 16:10:44 CEST 2018 from yyy.yyy.yyy.yyy on ssh:notty
There was 1 failed login attempt since the last successful login.
[root@CentOS-75-64-minimal ~]# hostname
CentOS-75-64-minimal
Conclusion
In my practice I often repair system in rescue mode. With rescue I monitor the logs when system didn’t start. It’s very useful tool for fix mistakes with network and firewall settings.
Additional information
lvm(8) - Linux man page Hetzner Rescue System - Official Information Hetzner Rescue System/en - Official Manual