Kdump是一種基於kexec的Linux內核崩潰捕獲機制,簡單來說系統啟動時會預留一塊內存,當系統崩潰調用命令kexec(kdump kernel)在預留的內存中啟動kdump內核,
該內核會將此時內存中的所有運行狀態和數據信息收集到一個coredump文件中以便后續分析調試。
本文介紹如何在Centos7/RHEL7 開啟kdump。
步驟1 安裝kexec-tools
[vagrant@localhost ~]$ yum install kexec-tools
步驟2 設置crashkernel預留內存大小
[vagrant@localhost ~]$ cat /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="crashkernel=256M rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet" GRUB_DISABLE_RECOVERY="true"
修改crashkernel的大小,我的系統內存是1G,保留了256M,
注意預留內存大小,過小會導致生成coredump文件失敗(不知道設置多少時,可以嘗試每次增加128M)
修改后還需重新生成grub配置文件,重啟系統才能生效
[vagrant@localhost ~]$ grub2-mkconfig -o /boot/grub2/grub.cfg
[vagrant@localhost ~]$ reboot
步驟3 修改kdump默認配置/etc/kdump.conf
centos7 默認已安裝kdump,根據需要修改默認配置
[vagrant@localhost ~]$ vi /etc/kdump.conf #指定coredump文件存儲位置 path /var/crash #增加-c參數,代表壓縮coredump文件 core_collector makedumpfile -c -l --message-level 1 -d 31 #生成coredump后,重啟系統, default reboot
步驟4 開啟kdump服務
[vagrant@localhost ~]$ systemctl start kdump.service //啟動kdump [vagrant@localhost ~]$ systemctl enable kdump.service //設置開機啟動
步驟5 測試kdump功能
檢查kdump是否開啟成功
[vagrant@localhost ~]$ service kdump status Redirecting to /bin/systemctl status kdump.service ● kdump.service - Crash recovery kernel arming Loaded: loaded (/usr/lib/systemd/system/kdump.service; enabled; vendor preset: enabled) Active: active (exited) since Mon 2017-12-18 09:12:56 UTC; 43min ago Process: 913 ExecStart=/usr/bin/kdumpctl start (code=exited, status=0/SUCCESS) Main PID: 913 (code=exited, status=0/SUCCESS) CGroup: /system.slice/kdump.service [vagrant@localhost ~]$ systemctl is-active kdump.service active
手動觸發crush
[root@cloud ~]# echo 1 > /proc/sys/kernel/sysrq ; echo c > /proc/sysrq-trigger
如果沒有問題,系統會自動重啟,重啟后可以看到在/var/crash/目錄下生成了coredump文件
[vagrant@localhost ~]$ ls /var/crash/ 127.0.0.1-2017-12-18-08:25:11
步驟6 安裝crash,分析coredump文件
[vagrant@localhost ~]$ yum install crash [vagrant@localhost ~]$ crash /var/crash/127.0.0.1-2017-12-18-08\:25\:11/vmcore /usr/src/kernels/linux-`uname -r`/vmlinux
輸入問號”?“,查看crash支持的命令
crash> ?
* files mach repeat timer
alias foreach mod runq tree
ascii fuser mount search union
bt gdb net set vm
btop help p sig vtop
dev ipcs ps struct waitq
dis irq pte swap whatis
eval kmem ptob sym wr
exit list ptov sys q
extend log rd task
比如log命令,可以看到系統crash時的打印信息
[ 470.018926] CPU: 0 PID: 1490 Comm: iwconfig Tainted: GF O 3.10.69 #1 [ 470.019251] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 470.019603] task: ffff880039406ae0 ti: ffff880035d1c000 task.ti: ffff880035d1c000 [ 470.019931] RIP: 0010:[<ffffffff8129d3cd>] [<ffffffff8129d3cd>] memcpy+0xd/0x110 [ 470.020419] RSP: 0018:ffff880035d1dc38 EFLAGS: 00010206 [ 470.020697] RAX: ffff88003dba3508 RBX: ffff8800362eb400 RCX: 1ffffffffffffffc [ 470.021218] RDX: 0000000000000006 RSI: 000000000000001a RDI: ffff88003dba3508 [ 470.021735] RBP: ffff880035d1dc88 R08: 0000000000016320 R09: ffff88003dba34c0 [ 470.022917] R10: 0000000000000000 R11: ffff880035d1d9c6 R12: ffff8800341a3280 [ 470.023437] R13: ffffc90000226104 R14: ffffffffffffffe2 R15: ffff88003dba34c0 [ 470.023958] FS: 00007ff662ec1740(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000 [ 470.024725] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 470.025223] CR2: 000000000000001a CR3: 0000000038f6a000 CR4: 00000000000406f0 [ 470.025775] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 470.026334] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400