Kernel Crash Dumps

This article explains how to capture the kernel crash dumps (kdump). Kdumps are produced by kernel panic or lockup. To be simple, just a single kernel is used both for the ordinary system and recovery. The described method is almost distro independent. This article is based on KDump on Gentoo by rich0, and the first version is posted by the author.

Preparation
Check your kernel configuration for the following settings:

To the kernel boot option, add  for up to around 12GB of system RAM.

Create /etc/local.d/kdump.start containing: /etc/local.d/kdump.start

Now make this file executable:

Note that your kernel has to be readable. (A typical gentoo config leaves /boot unmounted, so you'll either need to remove noauto from your fstab or place a copy of your kernel elsewhere. )

Initramfs?
It's not yet known how to do it sucessfully with an initramfs.

Usage
First, run the above script.

It loads the rescue kernel image which is run after kernel crash.

Whenever you get a kernel panic or lockup (hard/soft if the kernel is set to detect them), kexec runs the kernel in crash mode, relocated to a reserved area of memory. The rest of RAM will be untouched. When the system boots up log in and copy /proc/vmcore to a file - this is your crash dump. Then reboot your system to get back to a normal configuration; you shouldn't continue to operate in this state.

External resources

 * Kernel documentation on kdump