We want you!
Recently two Grml developers sadly left our development team. Christian Hofstaedtler and Gerfried Fuchs, we wish you all the best - thanks for all your work within the Grml community!
Now you might be wondering how you could become a Grml developer. We’re happy to announce grml.github.com, a place which should get interested people ready to contribute without much headaches. Please help us making Grml an even better kick ass solution!
10 reasons why you should use Grml instead of …
With the release of Grml 2011.12 we were regularly asked what distinguishes Grml from other Live-CDs. The following items lists some reasons why you should consider using Grml instead of another Distribution for Installation&Rescue :
- handy scripts, like grml-chroot, a wrapper around chroot which will automatically bind /dev, /sys and /proc to the chroot
- the
netscript
boot option. This option will download an executable from the network and execute as root - grml-debootstrap, a tool for automated Debian installations
- grml2usb simple but powerful tools to create customized Grml images within minutes
- ZSH as default shell with a very good and comfortable zshrc
- the
netconfig
boot option. This option will download an archive from the network and unpack it on top of the current root filesystem - automatically start the ssh server with the
ssh
boot-parameter - Boot your Grml ISO-image directly from your existing GRUB setup with loopback.cfg
- Create your own customized Grml Distribution with the same tool we release our ISO-images: grml-live
- start arbitrary services without remastering the squashfs, just specify the the
service
boot option - EFI support, we arrived late with it but we support it now out of the box even with grml2usb
What are your reasons using Grml instead of other Live CDs? What are you missing from Grml?
Grml - new stable release 2011.12 available
I am proud to announce our Christmas Gift to the community. We just released Grml 2011.12 - Knecht Rootrecht, just in time to put it under the Christmas tree. Download the latest Grml ISO and spread the word.
There were quite a lot of changes between RC1 and the new stable release. The most important ones are:
- Update to Kernel 3.1.6
- Easier remastering with grml-live and existing Grml ISO images
- New GRUB boot theme
- SYSLINUX will indicate its boot menu with one beep
- GRUB will indicate its boot menu with three beeps
- Enable all mixer controls at startup and set volume to 75%
- Reworked and more flexible GRUB config file handling
- grml2usb - use the GRUB configuration from the ISO image instead of creating a new one
- Additional keybindings for fluxbox
- Fix keyboard layout bug
You can get Grml now in 3 options - grml32, grml64 and grml96 (32+64, featuring both Grml versions).
One flavour, two architectures, three options (grml32, grml64, and grml96).
I want to thank all the people involved in this magnificent and awesome release. The Grml Developers, our Contributors and all the other people involved in this release.
Create a Grml ISO image with your own ssh keys for password less login
In this article we will show you how you can leverage grml-autoconfig to create a Grml ISO which will automatically start an ssh server and use your own ssh keys instead of the traditional password based login. This allows Grml to be used not only for interactive rescue operations but also for remote or automated setups.
Starting with Grml 2009.05 we streamlined the support of hooking into our boot-process in grml-autoconfig thanks to the patches from Marc ‘Zugschlus’ Haber. Now it is possible to execute arbitrary scripts, unpack archives or install packages at startup not only directly from the Live CD but also from partitions. This allows you to create customized Grml Images with ease without the need to modify the squashfs image (usually known as remastering). In this example we will add the necessary files directly onto the ISO image but you can also use a USB stick instead. Please make sure you read the grml-autoconfig manpage
The first step is to create a directory which will contain all the additional files to be copied onto the ISO image. In this example we use /tmp/grml_overlay/
mkdir /tmp/grml_overlay
The next step is to create an archive containing the ssh keys. For this step you need either fakeroot or run the commands as root.
TMPDIR="/tmp/grml_config"
cd "$TMPDIR" || mkdir "$TMPDIR" && cd "$TMPDIR"
fakeroot
mkdir --parent root/.ssh home/grml/.ssh
chmod 0700 root/.ssh home/grml/.ssh
cp /home/uli/.ssh/id_rsa.pub root/.ssh/authorized_keys
cp /home/uli/.ssh/id_rsa.pub home/grml/.ssh/authorized_keys
chown -R 1000:1000 home/grml
tar --numeric-owner -j -c -f /tmp/grml_overlay/config.tbz .
This will create an archive named /tmp/grml_overlay/config.tbz containing all the files we created in our directory. Please make sure to replace the cp command with your own ssh keys. As we used fakeroot in this example you can manipulate file permissions without the need to run these commands as root.
Now we have everything what’s needed prepared and can just run grml2iso and specify the additional boot parameters as well as the overlay directory.
grml2iso -b "config ssh" -c /tmp/grml_overlay -o my-grml.iso ./grml64_2011.12.iso
This will create a modified Grml ISO named my_grml.iso and add the bootparameters config ssh to all the existing boot-entries and copy all files from the /tmp/grml_overlay directory onto your modified ISO image. With the config parameter grml-autoconfig will automatically unpack config.tbz at bootup which contains our ssh keys. The ssh parameter will automatically start the ssh server and set a random password for the grml user. But as we deployed our ssh keys we don’t care about the password anyway. For a list of all boot parameters have a look at the Grml cheatcodes.
During startup of Grml you will notice some additional log messages indicating the unpacking of your created archive. This shows that everything works like intended.
Combining different boot parameters in Grml like config and ssh allows you to create customized and tailored distributions for your own needs without having to dig into the remastering process. With the availability of tools like grml2usb and grml2iso you can easily create customized tools based on Grml without the need to develop everything from scratch. We showed how you can leverage grml2iso to create a Rescue CD based on Grml with ssh keys for remote login.
Upcoming accessibility changes for Grml 2011.12
The upcoming Grml 2011.12 will have some changes in the accessibility features shipped with Grml. Until Grml 2011.12 it was possible to start brltty automatically via the bootoption brltty. The problem with this approach was that it was never clear when you had to enter the bootoptions as there was no sound to indicate boot menu. We also do not have the necessary hardware to test the releases with brltty. With that in mind and the integration of speakup in the kernel we decided to remove the additional accessibility boot-parameters for Grml 2011.12 as we never tested them anyway.
But we added some important changes to improve the accessibility. Starting with Grml 2011.12 the bootloader will either beep once (if you use the default syslinux one) or will play 3 beeps (grub) to indicate the boot menu. Afterwards you can easily change the boot parameters if you press TAB (syslinux) or e (Grub). After the bootup Grml will play some tunes to indicate the finished boot. As per default Grml starts a text based menu you will have to press enter after the beep to enter the commandline
We think with the additional sound indicators in the boot-menu as well as the default sound to indicate the finished boot-process, Grml 2011.12 will be more accessible then ever.
I would like to thank Richard Hartmann for creating the different sound indicators for the upcoming Release
Setup of the grml infrastructure: Part 1 - IPMI
Back in August 2011 the Grml Team received a new Server & Hosting furnished by Hostway. The Server is hosted in their DataCenter in Hannover. As the new Server is dedicated for the Grml Infrastructure we chose to create a new system from scratch. The new infrastructure contains many pieces like puppet, libvirt, ldap and many more. In the next few weeks we will provide some insights into our current Server Setup. So expect some interesting posts about system administration.
We start off with IPMI (Intelligent Platform Management Interface). IPMI is the interface to the BMC (Baseboard management controller), which let’s you read sensor data or just shutdown or reboot you server. IPMI may be used over lan or directly (in-band) with the help of a kernel module (ipmi_si) that implements the ipmi driver. In newer servers you may find a virtual usb to eth interface (e.g. IBM IMM in contrast to IBM RSA). First of all we need to setup a new user/admin account instead of the default one. To list all users run:
ipmitool user list 1
The digit 1 indicates channel 1.
Create user jimmy:
ipmitool user set name 2 jimmy
ipmitool user set password 2 mysecret
2 is for userid 2 which was the first free id in my case. Next we need to setup networking:
ipmitool lan set 1 ipaddr 192.168.2.6
ipmitool lan set 1 defgw ipaddr 192.168.2.1
ipmitool lan print 1
Digit 1 is again for channel 1.
Now you can test your ipmi setup over the network:
ipmitool -I lan -H 192.168.1.6 -U jimmy bmc info
You’ll be prompted for the password and receive some infos of the bmc controller.
Here are some more examples:
ipmitool -I lan -H 192.168.1.6 -U jimmy chassis power status
ipmitool -I lan -H 192.168.1.6 -U jimmy chassis power off
ipmitool sensor get "BB Ambient Temp"
ipmitool sensor get "CPU Fan"
The first one checks the power status of the server, e.g. on or off and the second one powers the server off. The last two read some sensor data. Read the man page of ipmitool to find out more ;-)
There’s a lot more about IPMI but this should help you to get started.
Remastering Grml without modifying the squashfs or create your own customized Grml CDs
In our last Blog entry about remastering Grml 2011.12 we described a method remastering Grml with grml-live, the tool used to generate the official Grml ISOs.
Often you don’t need all the power and flexibility of grml-live but just want to add or change some default boot parameters and use this as your default image. For example you may want to have an ISO image which automatically starts sshd and sets the password to a specific value or downloads an executable and run it at startup. This can easily be done with grml2iso a tool based on grml2usb which allows you to create customized iso images.
Grml will automatically start sshd and set the password for the grml user if you specify the ssh boot-parameter. This allows you to remotely control your Grml CD. To create such a CD just run:
grml2iso -b “ssh=grml-password” -o my_grml.iso ./grml64_2011.12.iso
This will create a modified Grml ISO named my_grml.iso and add the bootparameter ssh=grml-password to all the existing boot-entries.
grml2usb does not offer the same flexibility as grml-live but grml2usb/grml2iso is often good enough to help you to achieve what you want without the need to modify the squashfs file.
Remastering Grml 2011.12 will be as easy as never before
For the final release of Grml 2011.12 we will no longer ship the so called “release-chroots” - and this will not make it harder for you to remaster, but only easier!
grml-live, the build tool for Grml, has gained a new feature: it can now extract ISOs and use their contents as the base for your remastering needs. This feature will be released with the next grml-live release, but it’s available today in grml-live git.
How you’d use this:
- Download grml64_2011.12.iso
- Install the new grml-live (git rev. 11baa336b55 and newer)
- Edit config in /etc/grml/fai/*
- Build:
sudo grml-live -A -V -u -e ~/Downloads/grml64_2011.12.iso -s testing \
-c DEBORPHAN,GRMLBASE,GRML_FULL,RELEASE,AMD64,IGNORE \
-r “Remastered” -g grml64 -o /tmp/grml64 - Enjoy your new ISO in /tmp/grml64/grml_isos/
Customize grml-debootstrap with scripts
In our latest blog entry about grml-debootstrap we described how to leverage grml-debootstrap
for automated installations of Debian into virtualized systems. Unfortunately sometimes this is not enough and you need to run commands after the installation. This post will describe some customization methods of grml-debootstrap
. For more information on this topic also look at the manpage of grml-debootstrap
One quite common task is to execute scripts after the installation like for example gathering the ssh host key or adding your own CA to the host. grml-debootstrap
supports the execution of scripts after the machine is successfully installed.
To execute scripts after the installation we first need a directory containing all the scripts. This directory will be afterwards specified as a parameter to grml-debootstrap
. In this example we are using ./scripts
as the directory name.
mkdir ./scripts
After we create the directory we also need to create a script for our post-processing task. For this example we’ll create a script which will examine the fingerprints of the ssh hosts keys. To be able to access and modify the image all the scripts executed by grml-debootstrap
will have an environment variable specified called MNTPOINT
which will point to the directory used for installing the system. Then we have to create a script inside the directory and make it executable:
$ cat >./scripts/89_print_sshkeys <<EOF
#!/bin/bash
set -e
if [ -z "$MNTPOINT" ] ; then
echo "Please run $0 inside grml-debootstrap or export MNTPOINT" >&2
exit 1
fi
for key in "$MNTPOINT"/etc/ssh/ssh_host_*_key.pub ; do
chroot "$MNTPOINT" ssh-keygen -l -f ${key##$MNTPOINT}
done
EOF
$ chmod +x ./scripts/89_print_sshkeys
This script will iterate over all ssh host keys and print the fingerprint of them.
After we created the directory and the script we can now point grml-debootstrap
to the directory and it will run all executable files in it. If we extend the command-line from our last example we have to specify the --scripts
parameter and point it to the created directory:
$ sudo grml-debootstrap --scripts ./scripts/ --password root-pw --vmsize 3G --vmfile --target ./qemu.img
....
Finished chroot installation, exiting.
* Executing script ./scripts/89_print_sshkeys
1024 9e:d9:18:1d:47:ae:26:9f:53:5e:63:3c:bd:37:ea:2b /etc/ssh/ssh_host_dsa_key.pub (DSA)
2048 c1:5e:27:a3:2f:7d:30:a0:ab:75:a2:86:e7:bb:8a:e2 /etc/ssh/ssh_host_rsa_key.pub (RSA)
....
This shows how easy it is to customize and extend grml-debootstrap
to your own needs. You can easily create customized scripts and run arbitrary commands on the target to do whatever you want. grml-debootstrap
is of course available within Grml but also in Debian.
Deploy Virtual Machines with Grml 2011.12 or Debian
The upcoming Grml release 2011.12 as well as Debian/testing and unstable ship an updated grml-debootstrap version supporting the installation of Debian not only into directories or hardisks but also into virtual images.
grml-debootstrap is designed to help you install complete Debian Systems. Typically if you install a Debian system with debootstrap you have to install the kernel, bootloader, /etc/fstab, ssh server, … yourself. grml-debootstrap
automates this boring tasks and allows you to install Debian systems from within a running system within minutes.
Nowadays physical installations get less and less important but virtual installation gain importance. New servers are often run inside virtual environments like Xen, KVM or VMware. grml-debootstrap supports the automated installation of Debian into a virtualized environment without the need to use a preseeded installation medium. You can create a raw image with grml-debootstrap
which boots per default with KVM and Xen. To boot the image file with other virtualization solutions you may have to convert the generated image with qemu-img
To install a plain Debian System into a raw image you can just run:
grml-debootstrap --password root-pw --vmfile --vmsize 3G --target ./squeeze.img
This will set the root pasword to root-pw
, install openssh and the latest kernel package, create /etc/fstab with the necessary entries and configure the bootloader for your virtualized system.
If you want to customize or extend grml-debootstrap have a look at the manpage or look at the scripts and package definitions in /etc/debootstrap
.
ATA over Ethernet and Grml
Update on 2011-12-20 by Grml team: while iscsitarget isn’t available any longer on Grml the new iSCSI implementation of the Linux kernel 3.1 is available and open-iscsi, targetcli and tgt are shipped with Grml. We don’t have any finished documentation for that yet, but if you know how to use targetcli (or optionally open-iscsi and tgt) you should have everything you need to provide a iscsi target with Grml 2011.12.
The upcoming Grml Release 2011.12 (check the changelog for our new Grml 2011.12-rc1) will not have any iSCSI support integrated due to build issues with dkms. Instead Grml 2011.12 will provide all the necessary tools to provide and access a ATA over Ethernet Device.
ATA over Ethernet, also known as AoE, is a protocol designed to access Block devices via Ethernet. Compared to iSCSI it does not work with IP but with Ethernet. Unfortunately this means that AoE is error-prone against Ethernet attacks like ARP spoofing. Do not use it in hostile enviornments. That being said AoE is quite simple to use.
Export a blockdevice
On the server side use vblade to export a block device:
vblade -m 11:22:33:44:55:66 160 2 eth0 /dev/sdb1
This will allow the host with the MAC 11:22:33:44:55:66 to access /dev/sdb1 via eth0, using the shelf and slot numbers 160
and 2.
These numbers are arbitrary but should be unique within the network.
Access a blockdevice
On the client load the module “aoe”, or do
aoe-discover
You should find the device shared above as /dev/etherd/e160.2
I would like to thank to Christoph Biedl for providing this short and comprehensive documentation
First Release candidate of Grml version 2011.12 released
We are proud to announce the first release candidate of the upcoming version 2011.12, code-named “Knecht Rootrecht”!
For detailed information about the changes between 2011.05 and 2011.12 have a look at the official release announcement .
This release brings a downsizing and cleanup: one flavour, two architectures. The new, smaller flavour has a 350MB ISO size target, while still delivering over 1.1GB of open source software relevant for system administrators!
Give it a try and download grml 2011.12-rc and report back to us.
Please test the ISOs and everything you usually use and report back, so we can complete the stable release soon. If no major problems come up, the next iteration will be the stable release, which is scheduled for end of December.
Grml packages in Debian
The first fruits of our push packages to Debian effort are now available in Debian. Three often used packages from the Grml Team have arrived in unstable:
Packages overview for Grml Team
Note that these packages are no longer part of the grml-testing distribution.
To get the current version of any of these packages you must get them from Debian unstable instead. If this is a problem for you, please come to the grml mailing list.
Grml - new stable release 2011.05 available
Grml 2011.05 with codename “Just Mari”, available in flavours grml, grml-medium and grml-small and all of them as 32bit and 64bit version has been released. The official release announcements providing all the relevant news are available at grml.org/changelogs/README-grml-2011.05.
Issues regarding the releases can be found in the grml-wiki. Grab the ISOs from grml.org/download/.
First Release candidate of Grml version 2011.05 released
We are proud to announce the first release canidate of the upcoming version 2011.05, code-named “Just Mari”!
For detailed information about the changes between 2010.12 and 2011.05 have a look at: https://grml.org/changelogs/README-grml-2011.05-rc1/
As usual we have different flavours available: the 32bit versions grml, grml-medium and grml-small as well as the 64bit versions grml64, grml64-medium and grml64-small.
Known issues can be found at: http://wiki.grml.org/doku.php?id=release_candidate
Please test the ISOs and everything you usually use and report back, so we can complete the stable release soon. If no major problems come up, the next iteration will be the stable release, which is scheduled for end of May.