Bug 2185043

Summary: [RHEL-9] Kdump fail to generate the vmcore over nfs or ssh when fips enabled on a vm running on ESXI/Hyper-V
Product: Red Hat Enterprise Linux 9 Reporter: rcheerla
Component: kexec-toolsAssignee: Coiby <coxu>
Status: CLOSED MIGRATED QA Contact: ldu <ldu>
Severity: unspecified Docs Contact:
Priority: high    
Version: 9.2CC: boyang, coxu, dracut-maint, ldu, litian, minl, ruyang, xiawu, xuli, xxiong, yacao, yiyan, yuxisun
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2185794 (view as bug list) Environment:
Last Closed: 2023-05-24 06:29:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2185794    

Comment 9 ldu 2023-04-11 08:43:19 UTC 
Hi all,
Clone one bug 2185794 to RHEL8 as could reproduce on RHEL8.
Thanks,
Lili Du
Comment 10 Coiby 2023-04-17 03:12:49 UTC 
Hi Dracut team,

The cause of this bug is the previous fix [1] only installed the fs driver (e.g. xfs) but not the block device drivers (e.g. hv_vmbus sd_mod sg scsi_transport_fc hv_storvsc for the case of hyper-v). Personally, I think it's better to fix it in kexec-tools by using the "--add-device" option,
1) kexec-tools calls dracut with "--no-hostonly-default-device" and we are supposed to use "--add-device" to explicitly add devices as needed. Quoting the man page of dracut,
> --no-hostonly-default-device
>    Do not generate implicit host devices like root, swap, fstab, etc. Use "--mount" or "--add-device" to explicitly add devices as needed.

2) It's more robust and cleaner to fix it in kexec-tools than in dracut's fips module.


Do you have any comment? Thanks!


And also thanks Xiaoqiang (xxiong) for preparing the hyper-v and Azure machines and the provided help so I was able to debug this bug and test the fixes.


[1] https://github.com/dracutdevs/dracut/pull/553/commits/8b6b3efab39a0ccbe918c92a208b86c06680f7f0


## The fix in dracut's fips module

```diff
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 8860159d..ef681158 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -51,9 +51,12 @@ installkernel() {
 
     # with hostonly_default_device fs module for /boot is not installed by default
     if [[ $hostonly ]] && [[ $hostonly_default_device == "no" ]]; then
-        _bootfstype=$(find_mp_fstype /boot)
-        if [[ -n $_bootfstype ]]; then
-            hostonly='' instmods "$_bootfstype"
+        _dev=$(find_block_device "/boot")
+        _bdev=$(readlink -f "/dev/block/$_dev")
+        if [[ -b $_bdev ]]; then
+            push_host_devs "$_bdev"
+            _get_fs_type "$_bdev"
+            check_block_and_slaves_all _get_fs_type "$(get_maj_min "$_bdev")"
         else
             dwarning "Can't determine fs type for /boot, FIPS check may fail."
         fi
```

## The fix in kexec-tools

```diff
diff --git a/mkdumprd b/mkdumprd
index a3e59384..9e6c78ad 100644
--- a/mkdumprd
+++ b/mkdumprd
@@ -463,6 +463,10 @@ if ! is_fadump_capable; then
        is_dump_to_rootfs && add_mount "$(to_dev_name "$(get_root_fs_device)")"
 
        add_dracut_arg "--no-hostonly-default-device"
+
+       if fips-mode-setup --is-enabled; then
+               add_dracut_arg --add-device "$(findmnt -n -o SOURCE --target /boot)"
+       fi
 fi

```
Comment 11 minl 2023-05-08 02:32:58 UTC 
Can also reproducible on Nutanix.