Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 6. Making temporary changes to the GRUB menu

You can modify GRUB menu entries or pass arguments to the kernel, which applies only to the current boot. On a selected menu entry in the boot loader menu, you can:

  • display the menu entry editor interface by pressing the e key.
  • discard any changes and reload the standard menu interface by pressing the Esc key.
  • load the command-line interface by pressing the c key.
  • type any relevant GRUB commands and enter them by pressing the Enter key.
  • complete a command based on context by pressing the Tab key.
  • move to the beginning of a line by pressing the Ctrl+a key combination.
  • move to the end of a line by pressing the Ctrl+e key combination.
Important

The following procedures provide instruction on making changes to a GRUB Menu during a single boot process.

6.1. Introduction to GRUB

GRUB stands for the GNU GRand Unified Bootloader. With GRUB, you can select an operating system or kernel to be loaded at system boot time. Also, you can pass arguments to the kernel.

When booting with GRUB, you can use either a menu interface or a command-line interface (the GRUB command shell). When you start the system, the menu interface appears.

GRUB menu interface

You can switch to the command-line interface by pressing the c key.

GRUB command shell

You can return to the menu interface by typing exit and pressing the Enter key.

GRUB BLS files

The boot loader menu entries are defined as Boot Loader Specification (BLS) files. This file format manages boot loader configuration for each boot option in a drop-in directory, without manipulating boot loader configuration files. The grubby utility can edit these BLS files.

GRUB configuration file

The /boot/grub2/grub.cfg configuration file does not define the menu entries.

6.2. Introduction to bootloader specification

The BootLoader Specification (BLS) defines a scheme and the file format to manage the bootloader configuration for each boot option in the drop-in directory without the need to manipulate the bootloader configuration files. Unlike earlier approaches, each boot entry is now represented by a separate configuration file in the drop-in directory. The drop-in directory extends its configuration without having the need to edit or regenerate the configuration files. The BLS extends this concept for the boot menu entries.

Using BLS, you can manage the bootloader menu options by adding, removing, or editing individual boot entry files in a directory. This makes the kernel installation process significantly simpler and consistent across the different architectures.

The grubby tool is a thin wrapper script around the BLS and it supports the same grubby arguments and options. It runs the dracut to create an initial ramdisk image. With this setup, the core bootloader configuration files are static and are not modified after kernel installation.

This premise is particularly relevant in RHEL 8, because the same bootloader is not used in all architectures. GRUB is used in most of them such as the 64-bit ARM, but little-endian variants of IBM Power Systems with Open Power Abstraction Layer (OPAL) uses Petitboot and the IBM Z architecture uses zipl.

Additional Resources

6.3. Booting to rescue mode

Rescue mode provides a convenient single-user environment in which you can repair your system in situations when it is unable to complete a normal booting process. In rescue mode, the system attempts to mount all local file systems and start some important system services. However, it does not activate network interfaces or allow more users to be logged into the system at the same time.

Procedure

  1. On the GRUB boot screen, press the e key for edit.
  2. Add the following parameter at the end of the linux line:

    systemd.unit=rescue.target
    Booting to Rescue Mode
  3. Press Ctrl+x to boot to rescue mode.

    Booting to Rescue Mode

6.4. Booting to emergency mode

Emergency mode provides the most minimal environment possible in which you can repair your system even in situations when the system is unable to enter rescue mode.

In emergency mode, the system:

  • mounts the root file system only for reading
  • starts a few essential services

However, the system does not:

  • attempt to mount any other local file systems
  • activate network interfaces

Procedure

  1. On the GRUB boot screen, press the e key for edit.
  2. Add the following parameter at the end of the linux line:

    systemd.unit=emergency.target
    Booting to Emergency Mode
  3. Press Ctrl+x to boot to emergency mode.

    Booting to Emergency Mode

6.5. Booting to the debug shell

The systemd debug shell provides a shell very early in the start-up process. Once in the debug shell, you can use the systemctl commands, such as systemctl list-jobs and systemctl list-units, to search for the cause of systemd related boot-up problems.

Procedure

  1. On the GRUB boot screen, press the e key for edit.
  2. Add the following parameter at the end of the linux line:

    systemd.debug-shell
    Booting to Rescue Mode
  3. Optionally add the debug option.

    Note

    Adding the debug option to the kernel command line increases the number of log messages. For systemd, the kernel command-line option debug is now a shortcut for systemd.log_level=debug.

  4. Press Ctrl+x to boot to the debug shell.
Warning

Permanently enabling the debug shell is a security risk because no authentication is required to use it. Disable it when the debugging session has ended.

6.6. Connecting to the debug shell

During the boot process, the systemd-debug-generator configures the debug shell on TTY9.

Prerequisites

Procedure

  1. Press Ctrl+Alt+F9 to connect to the debug shell.

    If you work with a virtual machine, sending this key combination requires support from the virtualization application. For example, if you use Virtual Machine Manager, select Send KeyCtrl+Alt+F9 from the menu.

  2. The debug shell does not require authentication, therefore you can see a prompt similar to the following on TTY9:
sh-4.4#

Verification steps

  • Enter a command as follows:

    sh-4.4# systemctl status $$
    Connecting to the Debug Shell
  • To return to the default shell, if the boot succeeded, press Ctrl+Alt+F1.

Additional resources

  • The systemd-debug-generator(8) manual page

6.7. Resetting the root password using an installation disk

In case you forget or lose the root password, you can reset it.

Procedure

  1. Boot the host from an installation source.
  2. In the boot menu for the installation media, select the Troubleshooting option.

    RHEL Anaconda Installer screen with the Troubleshooting option selected
  3. In the Troubleshooting menu, select the Rescue a Red Hat Enterprise Linux system option.

    Troubleshooting screen with the Rescue option selected
  4. At the Rescue menu, select 1 and press the Enter key to continue.

    Rescue screen prompting you to continue and mount the target host under /mnt/sysimage
  5. Change the file system root as follows:

    sh-4.4# chroot /mnt/sysimage
    Change the file system root
  6. Enter the passwd command and follow the instructions displayed on the command line to change the root password.

    Resetting the Root Password
  7. Remove the autorelable file to prevent a time consuming SELinux relabel of the disk:

    sh-4.4# rm -f /.autorelabel
  8. Enter the exit command to exit the chroot environment.
  9. Enter the exit command again to resume the initialization and finish the system boot.

6.8. Resetting the root password using rd.break

In case you forget or lose the root password, you can reset it.

Procedure

  1. Start the system and, on the GRUB boot screen, press the e key for edit.
  2. Add the rd.break parameter at the end of the linux line:

    Resetting the Root Password
  3. Press Ctrl+x to boot the system with the changed parameters.

    Resetting the Root Password
  4. Remount the file system as writable.

    switch_root:/# mount -o remount,rw /sysroot
  5. Change the file system’s root.

    switch_root:/# chroot /sysroot
  6. Enter the passwd command and follow the instructions displayed on the command line.

    Resetting the Root Password
  7. Relabel all files on the next system boot.

    sh-4.4# touch /.autorelabel
  8. Remount the file system as read only:

    sh-4.4# mount -o remount,ro /
  9. Enter the exit command to exit the chroot environment.
  10. Enter the exit command again to resume the initialization and finish the system boot.

    Note

    The SELinux relabeling process can take a long time. A system reboot occurs automatically when the process is complete.

Tip

You can omit the time consuming SELinux relabeling process by adding the enforcing=0 option.

Procedure

  1. When adding the rd.break parameter at the end of the linux line, append enforcing=0 as well.

    rd.break enforcing=0
  2. Restore the /etc/shadow file’s SELinux security context.

    # restorecon /etc/shadow
  3. Turn SELinux policy enforcement back on and verify that it is on.

    # setenforce 1
    # getenforce
    Enforcing

Note that if you added the enforcing=0 option in step 3 you can omit entering the touch /.autorelabel command in step 8.

6.9. Additional resources

  • The /usr/share/doc/grub2-common directory.
  • The info grub2 command.