The Alpine Rescue Mode provides a lightweight, network-bootable Linux environment with SSH access for system recovery, debugging, and maintenance operations.
- Zero-touch boot: Automatically boots via PXE into Alpine Linux
- SSH ready: OpenSSH installed and configured automatically
- Customizable access: Configure SSH keys and root password externally
- Network configured: DHCP networking set up automatically
- Rescue tools: Common disk and filesystem utilities pre-installed
- Lightweight: Alpine Linux minimal footprint (~300MB RAM)
- Machine PXE boots and selects "Alpine Rescue" from menu
- iPXE loads Alpine Linux kernel and initrd from HTTP server
- Alpine boots with custom apkovl overlay
- Overlay automatically:
- Installs OpenSSH
- Configures SSH for root login
- Sets root password (if configured)
- Installs SSH keys (if configured)
- Displays IP address and instructions
- System is ready for SSH access
- Boot into rescue mode from PXE menu
- System displays IP address on console
- Login as root (no password)
- Set password:
passwd - SSH from another machine:
ssh root@<IP>
-
Configure SSH access before generating apkovl:
# Set root password echo "YourSecurePassword" > config/alpine-rescue/root_password chmod 600 config/alpine-rescue/root_password # Add SSH keys cp ~/.ssh/id_ed25519.pub config/alpine-rescue/authorized_keys chmod 644 config/alpine-rescue/authorized_keys
-
Generate the rescue apkovl:
./scripts/create-alpine-rescue-apkovl.sh
-
Boot into rescue mode
-
SSH is immediately available:
ssh root@<IP>
The rescue mode can be customized by placing configuration files in the config directory:
Default location: config/alpine-rescue/
This directory is created automatically when you run the script. Files placed here are included in the apkovl overlay.
Purpose: Set root password automatically on boot
Format: Plain text file containing the password
Example:
echo "MySecurePassword123!" > config/alpine-rescue/root_password
chmod 600 config/alpine-rescue/root_passwordSecurity:
- File should have 600 permissions (read/write for owner only)
- Use a strong password
- Don't commit this file to version control
Purpose: Enable SSH key-based authentication
Format: Standard SSH authorized_keys format (one key per line)
Example:
# Copy your public key
cp ~/.ssh/id_ed25519.pub config/alpine-rescue/authorized_keys
chmod 644 config/alpine-rescue/authorized_keys
# Or add multiple keys
cat ~/.ssh/id_ed25519.pub >> config/alpine-rescue/authorized_keys
cat ~/.ssh/id_rsa.pub >> config/alpine-rescue/authorized_keysSecurity:
- File should have 644 permissions
- Only include trusted public keys
- Keys are installed to
/root/.ssh/authorized_keysin the rescue environment
After modifying any configuration files, regenerate the apkovl:
./scripts/create-alpine-rescue-apkovl.shThe updated apkovl will be deployed automatically on the next boot.
The Alpine rescue environment includes common system recovery tools:
fdisk- Partition table manipulationparted- Advanced partitioninge2fsck- ext2/ext3/ext4 filesystem checkresize2fs- Resize ext2/ext3/ext4 filesystems
mount/umount- Mount filesystemsmkfs.*- Create filesystemsblkid- Identify block devices
wget/curl- Download filesping- Network connectivity testingip- Network configurationnetstat- Network statistics
apk- Alpine package managerapk add <package>- Install packagesapk search <term>- Search packagesapk update- Update package index
# List all disks and partitions
fdisk -l
# Mount a partition
mkdir -p /mnt/root
mount /dev/sda1 /mnt/root
# Chroot into the system
mount --bind /dev /mnt/root/dev
mount --bind /proc /mnt/root/proc
mount --bind /sys /mnt/root/sys
chroot /mnt/root
# Exit chroot and unmount
exit
umount /mnt/root/sys /mnt/root/proc /mnt/root/dev
umount /mnt/root# Check filesystem first
e2fsck -f /dev/sda1
# Resize filesystem to maximum available space
resize2fs /dev/sda1# Update package index
apk update
# Install additional tools
apk add vim nano htop# Download with wget
wget http://example.com/file.tar.gz
# Download with curl
curl -O http://example.com/file.tar.gzThe rescue mode is configured via iPXE boot parameters:
# Alpine kernel parameters
set kernel_params initrd=initrd
set kernel_params ${kernel_params} console=tty0 console=ttyS0,115200
set kernel_params ${kernel_params} ip=dhcp
set kernel_params ${kernel_params} modloop=http://${http_server}/boot/alpine/amd64/modloop
set kernel_params ${kernel_params} alpine_repo=http://dl-cdn.alpinelinux.org/alpine/latest-stable/main
set kernel_params ${kernel_params} modules=loop,squashfs,sd-mod,usb-storage
# Load rescue configuration overlay
set kernel_params ${kernel_params} apkovl=http://${http_server}/boot/alpine/alpine-rescue.apkovl.tar.gz
# Boot Alpine
kernel http://${http_server}/boot/alpine/amd64/vmlinuz ${kernel_params}
initrd http://${http_server}/boot/alpine/amd64/initrd
boot
The apkovl (Alpine overlay) is a tar.gz archive containing configuration files that Alpine loads on boot:
alpine-rescue.apkovl.tar.gz
├── etc/
│ ├── local.d/
│ │ └── rescue-setup.start # Auto-start script
│ └── runlevels/
│ └── default/
│ └── local -> /etc/init.d/local
└── root/
├── .profile # Shell profile
└── .ssh/
└── authorized_keys # SSH keys (if configured)
The rescue-setup.start script runs automatically on boot:
- Sets root password (if configured)
- Installs OpenSSH:
apk add openssh - Configures SSH for root login
- Starts SSH service
- Displays welcome message with IP address
- Minimum: 1GB RAM
- Recommended: 2GB RAM
- Alpine runs entirely in RAM (tmpfs = 50% of total RAM)
- Base system: ~100MB
- With tools and SSH: ~300MB total
Problem: Cannot connect via SSH after boot
Possible causes:
- Root password not set (if not using authorized_keys)
- Solution: Login on console and run
passwd
- Solution: Login on console and run
- Network connectivity issues
- Solution: Check DHCP, verify IP with
ip addr
- Solution: Check DHCP, verify IP with
- SSH service not started
- Solution:
rc-service sshd start
- Solution:
Problem: fdisk -l shows no disks
Possible causes:
- Driver not loaded
- Solution:
modprobe <driver>(e.g.,modprobe nvme)
- Solution:
- Disk not connected
- Solution: Check physical connections
Problem: No IP address or cannot reach network
Possible causes:
- DHCP not working
- Solution: Manual IP:
ip addr add 10.1.21.100/23 dev eth0
- Solution: Manual IP:
- Wrong interface
- Solution: Check with
ip linkand configure correct interface
- Solution: Check with
Problem: "No space left on device" errors
Possible causes:
- Downloaded large files to tmpfs
- Solution: Use external storage:
mount /dev/sda1 /mnt && cd /mnt
- Solution: Use external storage:
- Insufficient RAM
- Solution: Add more RAM to machine (2GB recommended)
- Temporary environment: Rescue mode runs in RAM - all changes are lost on reboot
- Root access: Full root access is provided for recovery operations
- Network accessible: SSH is open to network - use strong passwords/keys
- Password storage: Config files contain plaintext passwords - protect them
- Boot server security: Apkovl is downloaded via HTTP - secure your boot server
- Use SSH keys instead of passwords when possible
- Set strong root passwords
- Protect config directory with proper permissions (chmod 700)
- Don't commit sensitive config files to version control
- Use network segmentation to limit rescue mode access
- Review SSH logs after rescue operations
- Automated Installation - Zero-touch Debian installation
- Installation Guide - Boot server setup
- Alpine Linux documentation: https://docs.alpinelinux.org/