Troubleshooting Firewall Lockouts in Proxmox: Using Rescue Mode in OVH

OVH
, , ,
1

How to Use Rescue Mode in Proxmox to Troubleshoot Firewall Lockouts

Rescue Mode in Proxmox allows you to diagnose and troubleshoot issues with your Dedicated Server’s hardware and perform various tasks through SSH access. This tutorial will guide you through the process of using Rescue Mode to address firewall lockout situations and perform essential troubleshooting tasks.

Prerequisites:
Before proceeding, ensure that you have the following:

  • Familiarity with SSH and terminal usage.
  • Basic knowledge of server administration.

Booting in Rescue Mode:

  1. Log in to the OVHcloud Manager and navigate to the “Dedicated servers” section.
  2. Select the desired server and go to the “Server status” page.
  3. Click on Modify next to “Boot” and choose the Boot in rescue mode option.
  4. From the “Rescue available” drop-down menu, select rescue64-pro.
    NetbootMenu
    NetbootMenu596×606 42 KB
  5. Save the changes and restart the server.

Upon restarting, you will receive an email containing the SSH login credentials for accessing the server in Rescue Mode. The email will also include a link to a web interface for performing hardware tests.

Note: If you don’t receive the email within five minutes, please check your Spam folder.

To exit Rescue Mode and return to normal operation, go back to the OVHcloud Manager, change the “Boot” option to “Boot from the hard disk,” and restart the server.

Mounting the Partition:

  1. Connect to your server via SSH using the provided credentials. Getting Started with SSH article.
  2. Identify the storage device for your Dedicated server using the lsblk command. The device names may vary based on the configuration (e.g., /dev/sdX, /dev/nvmeXnX, /dev/mdX).
  3. Create a root directory within the /mnt directory using the command mkdir /mnt/root.
  4. Mount the storage device to the Rescue Mode environment using the mount command. For example:
    mount /dev/md2 /mnt/root
    Alternatively, you can mount it directly to /mnt/ without the root directory.

You now have access to the file system of the mounted device.

chroot:
To execute certain commands requiring root privileges on the installed system, change the apparent root directory using the chroot command:

chroot /mnt/root

You can now run commands on your server within the Rescue Mode environment.

Masking and Unmasking the Firewall Service:
If you need to prevent the firewall service from starting, you can create a symbolic link to /dev/null using the following command:

ln -s /dev/null /etc/systemd/system/pve-firewall.service

Remember to remove the symbolic link after resolving the issue to prevent future upgrade problems:

unlink /etc/systemd/system/pve-firewall.service

Alternatively, you can use the following command to unmask the service:

systemctl unmask pve-firewall.service

Please note that removing the Image lines and links is not recommended. The provided instructions and links are essential for a comprehensive understanding of the process.

2

Screenshot 2020-07-10 at 23.46.41