Configuring SystemRescue


Overview

SystemRescue comes with options which allows users to change the way it runs. For example, there are options for controlling which keyboard of layout to use, whether the system must be run from memory or from the boot device, whether or not to automatically start the graphical environment, and so on. You can follow the link to see the list of boot options which are supported on the command line.

These options are set on the boot command line. To change these options, you can either manually edit the boot command line from the boot loader at run time, or you can make the changes persistent by editing the configuration file of the boot loaders, which are either isolinux if you start in BIOS mode or Grub if you start in UEFI mode.

Configuration features

Since SystemRescue version 9.00 there is another way to configure SystemRescue. You can now edit YAML files on the boot device in order to configure it. This way of configuration has been introduced to make it easy to make persistent configuration changes, and these options are effective for both the BIOS mode and UEFI mode.

The SystemRescue configuration YAML files are located in the sysrescue.d folder located on the boot device.

SystemRescue comes with a default YAML configuration file, so it provides a good example of such a file, which you can use as a starting point. You can edit it to replace the options with your own preferences.

Scopes

These yaml configuration files support multiple scopes. The main scope is called global and is contains general configuration entries. Nearly all entries in the global scope have boot commandline options of the same name and are documented in Boot options.

The autorun scope is used to define configuration entries which are used by autorun and are documented there.

The autoterminal scope is used to define configuration entries which are used by autoterminal and are documented there.

The sysconfig scope is used to define certain aspects of system configuration. You can find more information about the entries at sysconfig.

Configuration entries

Below is an example of a valid yaml configuration file. In this example there are entries in both the global, autorun, and sysconfig scopes. The copytoram option is enabled so the system is fully copied to memory at boot time, the checksum option is also enabled so the system checks its integrity at boot time, as well as the dostartx option in order to automatically start the graphical environment. Both the nofirewall and loadsrm options are left disabled, so the firewall will not be turned off and SRM modules will not be loaded. The setkmap option is used to configure a french keyboard layout. All these general options belong to the global scope.

---
global:
    copytoram: true
    checksum: true
    nofirewall: false
    loadsrm: false
    late_load_srm: "https://example.com/myconfig.srm"
    setkmap: "fr-latin1"
    dostartx: true
    dovnc: false
    rootshell: "/bin/bash"
    rootcryptpass: "$6$Y.AolXkpG/Js2Zqx$z7J893qtB7jKn3z39ucbgvpkJ6wTrJ8N0CBVr5cJ.uXugGTMTSjMI7qsSTu4UTFGGKpGyEG/BnYNRE6oZFO4b0"
    rootpass: "MyRootPassword123"
    vncpass: "MyVncPassword456"

autorun:
    ar_disable: false
    ar_nowait: false
    ar_nodel: false
    ar_attempts: 1
    ar_ignorefail: false
    ar_suffixes: "0,1,2,3,4,5"

autoterminal:
    tty2: "/usr/bin/tmux"
    
sysconfig:
    ca-trust:
        example-ca: |
            -----BEGIN CERTIFICATE-----
            MIIDlTCCAn2gAwIBAgIUbB4K7H53E3spHfMtSb0To+Fyb3wwDQYJKoZIhvcNAQEL
            BQAwWjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE
            [...]
            VtbLuXNBNjfcAk1xqTb1j9dMeHDZKV4Imr0W3qfsHnWFqihxGyKJ79Qb2bL1Kquc
            vgI/6+yHyDlw
            -----END CERTIFICATE-----

Status of this feature

At this stage only some options are supported in the configuration file. The plan is to add support for more options or services in the future. Also you can take advantage of this mechanism and use these yaml configuration files to configure your own scripts that are executed from SystemRescue. You should create new scopes in your configuration files if you plan to do so.

These features are relatively recent, so it is recommended you use the very latest version of SystemRescue in order to benefit from the latest features and bug fixes related to the way support for the configuration is implemented.

The way YAML configuration files are loaded changed with SystemRescue Version 9.03. Versions 9.00 to 9.02 did only implement partial merging and when the sysrescuecfg option was used, only the files given were loaded.

Configuration file merging and order

To be able to configure SystemRescue using YAML configuration files, you either edit the existing YAML file located in sysrescue.d on the boot device, or create additional YAML files in the same location. Files must have a .yaml extension (not .yml), otherwise the file will be ignored. Also make sure you follow the yaml syntax correctly. Key and values are separated by colons, not equal signs, and the indentation is very important.

The system reads all files with a .yaml extension located in the sysrescue.d folder on the boot device in lexicographic order. Files loaded later are merged with the previous ones, overwriting already configured individual options. When a later loaded file contains an empty option, it is removed from the final config and not just overwritten with an empty value.

Files provided by SystemRescue have a name starting with a number to make ordering more explicit. It is recommended to follow that practise for additional files too.

For example if you have the file 100-defaults.yaml:

---
global:
    nofirewall: false
    dovnc: false
    setkmap: "fr-latin1"

and the file 200-my-options.yaml:

---
global:
    nofirewall: true
    setkmap:

the nofirewall option will be true, dovnc will be false and no config entry will exist for setkmap.

After all files in the sysrescue.d dir are read and merged, the system looks for the sysrescuecfg option on the boot command line. You can add more YAML files to be loaded and merged with that option.

The sysrescuecfg option allows using HTTP and HTTPS URLs for loading remote files. When using HTTPS, no certificate check is done, as the CA trust database is not set up yet during the initramfs boot phase when the YAML files are evaluated.

Alternatively you can specify absolute and relative paths. Relative paths are relative to the sysrescue.d dir on the boot device. If a given path points to a directory, all .yaml files in this directory are loaded and merged in lexicographic order. This could be used for example to load YAML files from different subdirectories of sysrescue.d. You can specify the sysrescuecfg option multiple times on the boot command line.

After the YAML files are loaded and merged, options on the boot command line are evaluated. See boot options. The options on the boot command line take precedence over what is configured in the YAML files.

Storing YAML configuration files

The simplest way to create or edit the configuration file is to install SystemRescue on a writable device (such as a USB memory stick) with a writable file system (such as FAT32). If you install SystemRescue on a USB stick using either dd or any other tool which performs a physical copy of the ISO image, it will not produce a writable file system, and you will not be able to edit the configuration file on the device. Hence it is highly recommended to install SystemRescue on a USB memory stick using rufus, and you must choose to use the ISO mode rather than the DD mode when prompted.

You can also use sysrescue-customize to create a custom version of the SystemRescue ISO image. The customization process allows you to add your own yaml configuration files (along with other additional files if you want to) to the ISO image. You can then write your custom ISO image on any type of boot device, it does not need to contain a writable file system.

Implementation details

Support for options located in the YAML configuration file are implemented in multiple places:

The bulk of the processing of the configuration is implemented in the following script: sysrescue-configuration.lua. This script is run during the initramfs boot phase and processes the yaml configuration files available on the local boot device, as well as the options specified on the boot command line, and it determines the “effective” configuration. This is a single JSON file, stored in /run/archiso/config/sysrescue-effective-config.json, which contains a single definition of each supported option and allows various programs to determine which value is applicable for a particular option, without having to process all possible sources of configuration. Multiple scripts such as sysrescue-initialize and sysrescue-autorun use the effective configuration file to determine what to do. Python scripts have built-in support for reading JSON files. Shell script can use the standard jq command to read values from this JSON file.

The lua library used to read the YAML files and process them into a JSON file puts some restrictions on the supported YAML syntax and types. For example all numeric values are converted to floating point by lua and written out that way into the JSON.

When adding new values it is recommended to use list structures very carefully, because there is no obvious semantics to merge them. New list values currently overwrite values at the same position when merging multiple files. Using dictionary structures that are then evaluated with their keys in lexicographic order is the preferred way instead. This allows full merging and targeted removal of previous entries.

Some archiso hooks read the effective configuration to determine the values for options such as copytoram, checksum and loadsrm which must be used at an early stage during the boot process, as part of the initramfs.

The sysrescue-initialize.py script also uses the effective configuration to determine how the system should be initialized, in the later stage of the boot process.