How to Use Rescue Mode in Proxmox to Troubleshoot Firewall Lockouts
Rescue Mode in Proxmox allows you to diagnose and troubleshoot issues with your Dedicated Server’s hardware and perform various tasks through SSH access. This tutorial will guide you through the process of using Rescue Mode to address firewall lockout situations and perform essential troubleshooting tasks.
Prerequisites:
Before proceeding, ensure that you have the following:
- Familiarity with SSH and terminal usage.
- Basic knowledge of server administration.
Booting in Rescue Mode:
- Log in to the OVHcloud Manager and navigate to the “Dedicated servers” section.
- Select the desired server and go to the “Server status” page.
- Click on Modify next to “Boot” and choose the Boot in rescue mode option.
- From the “Rescue available” drop-down menu, select rescue64-pro.
- Save the changes and restart the server.
Upon restarting, you will receive an email containing the SSH login credentials for accessing the server in Rescue Mode. The email will also include a link to a web interface for performing hardware tests.
Note: If you don’t receive the email within five minutes, please check your Spam folder.
To exit Rescue Mode and return to normal operation, go back to the OVHcloud Manager, change the “Boot” option to “Boot from the hard disk,” and restart the server.
Mounting the Partition:
- Connect to your server via SSH using the provided credentials. Getting Started with SSH article.
- Identify the storage device for your Dedicated server using the
lsblkcommand. The device names may vary based on the configuration (e.g.,/dev/sdX,/dev/nvmeXnX,/dev/mdX). - Create a root directory within the
/mntdirectory using the commandmkdir /mnt/root. - Mount the storage device to the Rescue Mode environment using the
mountcommand. For example:
Alternatively, you can mount it directly tomount /dev/md2 /mnt/root/mnt/without the root directory.
You now have access to the file system of the mounted device.
chroot:
To execute certain commands requiring root privileges on the installed system, change the apparent root directory using the chroot command:
chroot /mnt/root
You can now run commands on your server within the Rescue Mode environment.
Masking and Unmasking the Firewall Service:
If you need to prevent the firewall service from starting, you can create a symbolic link to /dev/null using the following command:
ln -s /dev/null /etc/systemd/system/pve-firewall.service
Remember to remove the symbolic link after resolving the issue to prevent future upgrade problems:
unlink /etc/systemd/system/pve-firewall.service
Alternatively, you can use the following command to unmask the service:
systemctl unmask pve-firewall.service
Please note that removing the Image lines and links is not recommended. The provided instructions and links are essential for a comprehensive understanding of the process.
