#!/bin/ksh93 # # Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved. # . /lib/svc/share/smf_include.sh . /lib/svc/share/fs_include.sh # # mksavedir # Make sure that $DUMPADM_SAVDIR is set and exists. # mksavedir () { [ -z "$DUMPADM_SAVDIR" ] && DUMPADM_SAVDIR=/var/crash [ -d "$DUMPADM_SAVDIR" ] || /usr/bin/mkdir -m 0700 -p "$DUMPADM_SAVDIR" } encrypted_dump() { # # Check for encrypted dump ZVOL and load key if neccessary, and possible. # Noting that we can't prompt for a passphrase or key here. # zvol=${DUMPADM_DEVICE##*/dev/zvol/dsk/} keystatus=`zfs get -H -o value keystatus $zvol 2>/dev/null` if [ "$keystatus" == "unavailable" ]; then keysource=`zfs get -H -o value keysource $zvol` locator=${keysource##*,} if [ "$locator" == "prompt" ]; then echo "Encryption key required for $DUMPADM_DEVICE" exit $SMF_EXIT_ERR_PERM fi zfs key -l $zvol if [ $? != 0 ]; then echo "Encryption key load failed for $DUMPADM_DEVICE" exit $SMF_EXIT_ERR_PERM else zfs key -K $zvol fi fi } # # We haven't run savecore on a dump device yet # savedev=none # # If we previously crashed early in boot before dumpadm was used to configure # an alternate dump device, then the dump is in the primary swap partition, # which was configured as the dump device by the first swapadd early in boot. # Thus before we run dumpadm to configure the dump device, we first run # savecore to check the swap partition for a dump; this is run in the # foreground to reduce the chances of overwriting the dump. # # This does not apply for zfs root systems that use a zvol for dump; # for such systems the dedicated dump device is appointed during startup # of the filesystem/usr:default instance before any swap is added. # Therefore we must check that the dump device is a swap device here - # if not then we'll run savecore here in the foreground and prevent # our dependent services coming online until we're done. # rootiszfs=0 alreadydedicated=0 diag_reboot=`svcprop -p config/diag_reboot $SMF_FMRI` readmnttab / /dev/null \ | /usr/bin/awk -F: '$1=="DUMP_DEVICE_TYPE" { print $2; }' \ | grep "^dedicated" >/dev/null 2>&1; then alreadydedicated=1 fi fi fi if [ -x /usr/bin/savecore -a \ \( $rootiszfs -eq 0 -o $alreadydedicated -eq 0 \) ]; then [ -r /etc/dumpadm.conf ] && . /etc/dumpadm.conf encrypted_dump if [ "x$DUMPADM_ENABLE" != "xno" ] && mksavedir; then # Capture whether a deferred dump is present prior to extraction dumpadm -C defdump_valid=$? if [ $defdump_valid -eq 0 ]; then if dumpadm -R; then reboot_needed="yes" fi # We don't want people logging in to the system and # trying to use it while the crash dump is being # extracted. Set /etc/nologin so that only users with # the root role or the solaris.system.maintenance # authorization can log in. echo "Crash dump image is being extracted, system " \ "will become available shortly" >> /etc/nologin fi # Run in foreground in order not to intermingle with # possible second run down below. "savecore -e" extracts any # pending ereports and writes them to the dump device for fmd. /usr/bin/savecore -e /usr/bin/savecore -F -D $DUMPADM_SAVDIR shift $# savedev=`/usr/sbin/dumpadm -p 2>/dev/null | \ /usr/bin/awk -F: '$1=="DUMP_DEVICE" {print $2}'` if [ $defdump_valid -eq 0 ]; then if [ "x$diag_reboot" == "xtrue" ]; then if [ "x$reboot_needed" == "xyes" ]; then reboot -f fi fi rm -f /etc/nologin 2> /dev/null fi else # # dumpadm -n is in effect, but we can still run savecore # to raise an event with initial panic detail extracted # from the dump header. "savecore -e" extracts any # pending ereports and writes them to the dump device for fmd. # /usr/bin/savecore -c /usr/bin/savecore -e fi fi # # Now run dumpadm to configure the dump device based on the settings # previously saved by dumpadm. See dumpadm(1m) for instructions on # how to modify the dump settings. # if [ -x /usr/sbin/dumpadm ]; then /usr/sbin/dumpadm -u || exit $SMF_EXIT_ERR_CONFIG else echo "WARNING: /usr/sbin/dumpadm is missing or not executable" >& 2 exit $SMF_EXIT_ERR_CONFIG fi if [ -r /etc/dumpadm.conf ]; then . /etc/dumpadm.conf encrypted_dump else echo "WARNING: /etc/dumpadm.conf is missing or unreadable" >& 2 exit $SMF_EXIT_ERR_CONFIG fi # # If the savecore executable is absent then we're done # if [ ! -x /usr/bin/savecore ]; then echo "WARNING: /usr/bin/savecore is missing or not executable" >& 2 exit $SMF_EXIT_ERR_CONFIG fi # # Extract any ereports from deferred dump and write them to the dump device # for fmd to find later. # /usr/bin/savecore -e # # Attempt to extract a deferred dump in the foreground. # Reboot if needed # if dumpadm -C; then # Check how fragmented dump memory is and decide if second # reboot would be required. if dumpadm -R; then reboot_needed="yes" fi echo "Crash dump image is being extracted, system will " \ "become available shortly" >> /etc/nologin # We don't want people logging in to the system and trying to # use it while the crash dump is being extracted. Set /etc/nologin # so that only users with the root role or the # solaris.system.maintenance authorization can log in. if [ "x$DUMPADM_ENABLE" != xno ] && mksavedir; then /usr/bin/savecore -F -f /dev/defdump -D $DUMPADM_SAVDIR else /usr/bin/savecore -c -f /dev/defdump fi if [ "x$diag_reboot" == "xtrue" ]; then if [ "x$reboot_needed" == "xyes" ]; then /usr/sbin/reboot -f fi fi rm -f /etc/nologin 2> /dev/null fi if [ "x$DUMPADM_DEFERRED" == "xon" ]; then # Wait for defdump initialization to finish. dumpadm -w fi # # Now that dumpadm has reconfigured /dev/dump, we need to run savecore again # because the dump device may have changed. If the earlier savecore had # saved the dump, savecore will just exit immediately. # isswap=0 swapchanged=0 if /usr/sbin/swap -l 2>/dev/null | grep "^${DUMPADM_DEVICE} " \ >/dev/null 2>&1; then isswap=1 if [ "x$savedev" != "x$DUMPADM_DEVICE" ]; then swapchanged=1 fi fi if [ "x$DUMPADM_ENABLE" != "xno" ]; then if [ $isswap -eq 1 ]; then # # If the dump device is part of swap, we only need to run # savecore a second time if the device is different from the # swap device on which we initially ran savecore. # if [ $swapchanged -eq 1 ]; then mksavedir && /usr/bin/savecore -D $DUMPADM_SAVDIR fi else # # The dump device couldn't have been dedicated before we # ran dumpadm, so we must execute savecore again. # mksavedir && /usr/bin/savecore -D $DUMPADM_SAVDIR fi else # # savecore not enabled. Check whether a valid dump is # present on the device and raise an event to signal that, # but avoid sending a duplicate event from the savecore -c # earlier. # if [ $isswap -eq 0 -o $swapchanged -eq 1 ]; then /usr/bin/savecore -c fi fi exit $SMF_EXIT_OK