Friday, January 17, 2014

Root into a virtual machine (KVM)

Scenario: I have a KVM virtualization server with a number of VMs defined. Suddenly, I cannot log in as root to one of the VMs. I will need to reset the root password. The "normal" methods like adding single or init=/bin/bash to the kernel boot line in GRUB do not work. The only option left is to boot from a rescue disc, but this is a virtual machine -- there is no DVD drive. Oh, no -- what to do?

NEWS FLASH: I just learned from a colleague that there is a much easier method. It is possible to chroot directly into the VM from the virtualization host. Will post detailed instructions as soon as I get them. Until then, there is always the "long route" described below.

Fortunately, it's not as difficult as it might seem. I already published a related blog entry entitled "KVM: boot VM from PXE or ISO image", but it doesn't quite do the trick. Here is a more complete description of the entire process:
  1. Obtain an ISO image of my preferred Rescue CD/DVD (pretty much any one will do for this operation)
  2. On the KVM virtualization server, put this ISO into a directory such as /var/tmp
  3. Find the XML file with the definition of your VM -- let's say it's /home/smithfarm/kvm/host.xml
  4. Open that file in your favorite editor
    • In the <os> section, add a boot stanza immediately above the existing boot stanzas:
      <boot dev='cdrom'/>
    • In the <devices> section, add a disk stanza for the ISO:
      <disk type 'file' device='cdrom'>
          <source file='/var/tmp/[FILENAME].iso'/>
          <target dev='hdc' bus='ide'/>
  5. Make sure the VM is down -- virsh shutdown [host] or, failing that, virsh destroy [host]
  6. Now, at this point, I will need a way to watch the machine boot up. For this, I use "Virtual Machine Manager powered by libvirt". It has a website: -- this needs to be installed, configured, and running
  7. Power it on:
    # virsh create /home/smithfarm/kvm/host.xml
  8. As soon as the VM appears in Virt Manager, open it quickly. At this point I should see the rescue CD booting.
  9. When the rescue system boots, I will have a root prompt.
  10. Next step: determine on which device the root filesystem resides. The blkid command can be helpful. If there are multiple candidates, just mount them one by one and look for the telltale signs of a root filesystem.
  11. Now I know the device name of the root filesystem -- let's say it's /dev/sda2
  12. Mount and chroot into the root filesystem like so:
    # mount -o rw /dev/sda2 /mnt
    # mount --bind /dev /mnt/dev/
    # mount --bind /proc /mnt/proc/
    # mount --bind /sys /mnt/sys/
    # chroot /mnt
  13. Now I should have a root shell in the target system. From here, resetting the root password is a simple matter of executing the passwd command.
  14. Exit from the target system and unmount the root filesystem:
    target# exit
    # umount /mnt/sys
    # umount /mnt/proc
    # umount /mnt/dev
    # umount /mnt
  15. Shut down the rescue system:
    # shutdown -h now
  16. Back on the KVM virtualization server, remove the lines we added to the XML file.
  17. Power on the VM using virsh create and enjoy logging in with new root password.

No comments:

Post a Comment