Jeremy Davis's picture

A recent issue with my headless PVE server at work (which required me to manually connect a video card, moniter, mouse and keyboard to access and repair it) have prompted an idea:

This first part isn't a new idea; I'd like to create a TKLPatch for a TKL Rescue liveCD/USB. The ISO could be downloaded and burned straight to CD/USB as per usual (for commandline rescue of any system).

But (wait for it, this is the exciting bit... at least in my mind) what would be even more awesome would be if it had an accompanying script which could leverage TKLPatch to prepopulate network configuration info, root password, etc so that headless servers could be fully accessed really easily via SSH (no need for me to open the box and fit a vid card etc).

I was going to start having a play with this idea but I have hit a stumbling block straight off the bat :( The CD defaults to install on boot rather than run live (which I know I assisted in suggesting it to be that way, way back when... but...). Is there an easy way I could change that back?

Another question; normally a LiveCD doesn't have/need a password, but for SSH connection to work I'm assuming that you'd need to have one wouldn't you? How would one go about doing that? I haven't done much research yet but happy to be pointed to links if you have anything relevant.

Forum: 
Liraz Siri's picture

You know, a TurnKey-based rescue live CD sounds like an awesome idea for a new project. And a really good way to learn more about TurnKey internals/Linux to boot.

Regarding the technical questions:

  1. You can change the order of the options in the bootloader by editing cdroot/isolinux/isolinux.cfg. The cdroot can be extracted from the ISO with the tklpatch-extract-iso command (then reassemble with tklpatch-geniso).
  2. You're right that usually you wouldn't be able to log in via SSH without a password. But in live mode a script is run inside initramfs (/usr/share/initramfs-tools/scripts/casper-bottom/25ssh_emptypw) which allows empty SSH passwords.

Take a look at /usr/share/initramfs-tools/casper-bottom to see what kind of environment is setup when in "live mode". Casper is what Ubuntu calls the set of scripts that sets up the live cd environment.

Initramfs is the temporary RAM filesystem from which the rest of the system is bootstrap by the kernel. It contains basic drivers (e.g., for accessing storage devices where the operating system might reside) for example.

If you patch/add a script to the /usr/share/initramfs-tools directory you can create a new initramfs by running this command inside the chroot environment:

update-initramfs -u

The new initramfs is stored to /boot/initrd.img which you have to copy to the cdroot/casper/initrd.gz for it to be run by the ISO/CD bootloader in Live CD mode.

You'll probably have to experiment a bit to understand the exact details but this should get you started.

Jeremy Davis's picture

Thanks Liraz, that'll get me started! I found a post on the Ubuntu forums from a guy trying to do something similar but it was getting me nowhere so thanks for posting back so quick! :)

PS Wondering why I was only getting 500kB ISO then realised I'd neglected to run prepare-cdroot first! Doh!

tklpatch-prepare-cdroot $rootfs $cdroot

Then:

tklpatch-geniso $cdroot

I love open source software! (I worked that out by having a look at TKLPatch)!

Jeremy Davis's picture

Feeling pretty pleased with myself at the moment! I'm almost there! :)

I have created an ISO which does everything I want it to (for now, although perhaps I'll add more later). And it works sweet! It auto boots and allows root SSH login with no password. It took a few goes making the ISO but I got there in the end. I tested the ISO in VBox and all went well.

I burned the ISO (which burned and verified fine). Only thing is that when I tested it (in a KVM VM on the PVE host) it came up with lots of buffer I/O errors as it was loading. But it ended up loading anyway (although took a loooong time to boot). So I tested on the (headless) PVE host and it's been a full 15 minutes now and still not getting anywhere with the SSH connection (just times out) and no response from ping either. :( I tested on VBox on another machine to see if it was a hardware issue but same errors so something obviously went wrong in the copying/burning process I assume (as I don't get those errors when I run the original ISO).

Regardless, I'll post a patch and script sometime soon (when I tie up a few more loose ends).

Also one more question - for now :) How do I change the cd label name? The ISO burns as 'tunkey-patched' and I'd like to make it something like 'turnkey-liverescue-v01' or similar...

Liraz Siri's picture

You might want to try burning a bit more slowly. The faster you burn the less distinct the pits your CD's laser burns in, so on some readers if you burn too quickly the drive may have a hard time reading back what you burned. Worth a shot.

Regarding the label, set the TKLPATCH_ISOLABEL environment variable before you run tklpatch-geniso. See the usage for reference:

Syntax: $(basename $0) cdroot-dir [newimage.iso]
Generate an ISO from the cdroot.

Environment variables:

    TKLPATCH_DEBUG       Turn on debugging. Increases verbosity.
    TKLPATCH_ISOLABEL    ISO label (default: turnkey-patched
Jeremy Davis's picture

I burned it as slow as the software would allow (8x) but perhaps I'll use something else next time, something that can burn even slower still.

Thanks for the other pointer too about the label. Looks like I should've been able to find that myself if I'd looked a bit harder! :)

Jeremy Davis's picture

Unfortunately I seem to have misplaced my notes for this. :( It should really have been in my GitHub repo but it didn't make it. As it turned out I needed to fix the server and had already spent too much time on this, so had to just had to rob a vid card and open the box...

I still think this idea is a real winner. I think that there could be potential for this as a commandline version as well as a GUI version too?

I have just created a Blueprint. :)

Add new comment