How to Reset the Root Password for a Xen DomU Guest Virtual Machine Through Booting in Single User Mode

Posted by: | Published: February 23, 2017| Updated: February 24, 2017

undefined

In this mini post, I’ll show you how to reset a Xen DomU virtual machine “guest” forgotten root password using either xl or xm management tools. suppose for any reason you forgot the root password of your guest VM or you accidentally changed it to unknown password, and  you want to reset it. This post will guide you to different options you’ve to reset the guest vm root password by login to it in single-user/rescue mode or using either xl or xm CLI. Here you’ll find the best answer for the following two questions:

  1. How can I boot a XEN domU guest into safe mode /single user mode ?
  2. How to Reset/Recover Root Password in XEN Virtual Machine?

I spent a lot of time searching the internet and trying the methods I found to recover the root password of my vm, but all of them didn’t work with me so I checked my previously posts about resetting the root password of different Linux OSes and built a full image for the solution of this issue, and I’m happy to share it with you.

Here’s the links for our previously posts related to resetting root passwords for different Linux OSes, and it deserves a look to build a clear image about the solution I’m using here:

We’ve two options to solve this annoying problem and I’ll list them in order.

Lets’ share my experience with you.

Prerequisites

  • The man prerequisite is a root access to the Xen host machine “the physical machine”.
  • If possible knowing the Linux distribution of the guest virtual machine.

Option 1: Unknown Guest Virtual Machine OS.

This is our first option, if you don’t know the guest vm OS for any reason, then this is the option you’ll use. For using the other two options you must know the guest vm OS, also, you can use this option in case of knowing the guest vm OS. This is a general option for resetting the forgotten Linus root password for a Xen DomU virtual machines.

Here’s our steps:

  • Find the guest’s disk path

We need to know the guest disk path by looking at the guest xen config file found in /etc/xen/<your_guest_name.cfg>, run the following:

# cat /etc/xen/<your_guest_name.cfg>

Then you’ll see lines like these

disk = [
          'phy:/dev/storage-pool/sites.damlag.com-disk,xvda2,w',
          'phy:/dev/storage-pool/sites.damlag.com-swap,xvda1,w',
       ]

Here, our guest vm consists of a disk and a swap, we are looking for the disk which is  “/dev/storage-pool/sites.damlag.com-disk"

  • Mounting disk file and resetting the root password

Once we get the disk path, we need to mount it in a rw and use passwd command to reset the root password, run the following commands:

# mount -o loop /dev/storage-pool/sites.damlag.com-disk /mnt
# chroot /mnt
# mount -o remount,rw /
Hints:

1. If mounting the disk file is failed due to unknown filesystem type, you can search for a solution for this problem OR skip this option and use option 2.
2. For using option 2, you must know the guest vm OS.

Upon the successful of the above commands, we are ready to use the passwd command to reset the root password and revert back the changes we previously made, run the following commands:

# passwd
# mount -o remount,ro /
# exit
# umount /mnt
  • Rebooting the guest vm

Now, it’s time to test our new password, according to your Xen host version, run one of the following commands to reboot the guest vm and then try login  to it using the new root password:

# xl reboot your_guest_name

OR

# xm reboot your_guest_name

Hooray, we completed our task without knowing the guest vm OS.

Option 2: Known Guest Virtual Machine OS.

If you know the guest vm Linux OS, then you can EITHER use option 1 “as I mentioned earlier” , but option 1 is a bit long and need more work from your side OR use any method in this option 2.

For using option 2, you must know the guest OS, but why I must know the guest Linux OS before resetting the forgotten root password?

The answer is simply, because we pass extra argument to the guest vm kernel at boot time to force it to boot in the single-user mode. Each Linux OS/distro has it’s own way/argument to boot into the single user mode.

I totally recommend checking our posts for resetting the root password for different Linux OS, again here their links:

Once we knew the guest vm OS, we can use two ways to reset the forgotten root password, the first way by passing the extra argument when we start the vm “the simple way”, the second way is temporary add this argument to the guest vm config file and start it, reset the root password, and then remove our modification from the guest vm config file. Let’s show you the ways we’ve:

  • Passing Extra Argument in CLI

You can force the guest vm into the single user mode by adding any of these arguments when creating it, you can add:

  • extra="1" or extra="s" or extra="single"                        for CentOS/RHEL 6/5
  • extra="init=/bin/bash"                                                      for Debian/Ubuntu
  • extra="init=/sysroot/bin/sh"                                         for CentOS/RHEL 7

Then remount the / in rw and change the password with passwd then reboot.

Here’s our example, we are using Debian guest Linux vm, so we did the following:

# xm create -c /etc/xen/mimastech.com.cfg extra="init=/bin/bash"

You can use either xm or xl according to your Xen host version, and we added -c for console, here’s the booting output:

Using config file "/etc/xen/mimastech.com.cfg".
Started domain mimastech.com (id=63)
 [ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Linux version 2.6.32-5-amd64 (Debian 2.6.32-48squeeze6) (jmm@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Tue May 13 16:34:35 UTC 2014
[ 0.000000] Command line: root=/dev/xvda2 ro init=/bin/bash
[ 0.000000] KERNEL supported cpus:
[ 0.000000] Intel GenuineIntel
[ 0.000000] AMD AuthenticAMD
[ 0.000000] Centaur CentaurHauls
.........
Begin: Running /scripts/init-bottom ... done.
bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell
root@(none):/#

Hooray, we in the single user mode, but the root filesystem is mounted ro, so we need to make it rw before using password, run the following commands:

# mount -rw -o remount /
# passwd
# reboot -f

Once the guest vm is rebooted, it’ll start in the default runlevel and you can access it with the new root password.

  • Passing Extra Argument by Temporary Modify the Guest vm Config File.

Actually, this way is longer than the above and also harder, but I list it here for giving you some ideas about how to modify the guest vm configuration files.

All you need is edit the guest vm config file using vim command:

# vim /etc/xen/mimastech.com.cfg

Then find the following line:

root = '/dev/xvda2 ro'

And replace it with the following line then save and exit

root = '/dev/xvda2 rw init=/bin/bash'

Now, start the guest vm normally, only append -c for console, run the following:

# xm create -c /etc/xen/mimastech.com.cfg

You can use either xm or xl according to your Xen host version, Now use passwd command to change the password and shutdown the machine:

# passwd
# shutdown -H

Now, remove the temporary modification you did above from the guest vm config file then start the guest vm.

Conclusion

Knowing the guest vm Os will save your time, also it’s very easy to reset the root password on Xen host for a Linux guests “it’s two simple commands”. What happen if you passed a wrong  extra argument to the guest VM at booting? for example I’m using Debian in this post, what happen if I passed extra="1"  instead of extra="init=/bin/bash" . Simply the guest vm will ask you about the root password or press CTRL+D keys for passing this step and login to the default runlevel as the following:

INIT: Entering runlevel: 1
Using makefile-style concurrent boot in runlevel 1.
Asking all remaining processes to terminate...done.
All processes ended within 1 seconds....done.
Will now switch to single-user mode.
INIT: Going single user
INIT: Sending processes the TERM signal
INIT: Sending processes the KILL signal
Give root password for maintenance
(or type Control-D to continue): 
INIT: Entering runlevel: 2
Using makefile-style concurrent boot in runlevel 2.
Starting enhanced syslogd: rsyslogd.

I saw many many users complain about the OS is asking for the root password when they try to reset it in a single user mode. Don’t be one of them.

Finally, I hope this article is helpful for you AND SUPPORT US

If You Appreciate What We Do Here On Mimastech, You Should Consider:

  1. Stay Connected to: Facebook | Twitter | Google+
  2. Support us via PayPal Donation
  3. Subscribe to our email newsletters.
  4. Tell other sysadmins / friends about Us - Share and Like our posts and services

We are thankful for your never ending support.

Posted in Virtualization | No Comments »

(Previous Post)
(Next Post)

Leave a Reply

Your email address will not be published. Required fields are marked *