1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
sysfsdefault values, boot parameters, kernel configuration options, or any noticeable behavior changes. For more details on the features added and bugs fixed in the Red Hat Enterprise Linux 6.3 kernel, refer to the Kernel chapter in the 6.3 Release Notes, or Section 5.93.1, “ RHSA-2012:0862 — Moderate: Red Hat Enterprise Linux 6.3 kernel security, bug fix, and enhancement update ” in this book.
pci=use_crsboot parameter no longer needs to be specified to force PCI resource allocations to correspond to a specific host bridge the device resides on. It is now the default behavior.
CONFIG_HPET_MMAPoption. Additionally, the
hpet_mmapkernel parameter has been added.
pcie_p=nomsikernel parameter has been added to allow users to disable MSI/MSI-X for PCI Express Native Hotplug (that is, the
pciehpdriver). When enabled all PCIe ports use INTx for hotplug services.
/sys/bus/pci/devices/. This subdirectory exports the set of MSI vectors allocated by a given PCI device, by creating a numbered subdirectory for each vector under
msi_irqs. For each vector, various attributes can be exported. Currently the only attribute, named
mode, tracks the operational mode of that vector (MSI versus MSI-X).
CONFIG_PCI_DEBUG=yoption is configured, the
-DDEBUGflag is automatically added to the
CONFIG_STRICT_DEVMEMoption is enabled by default for the PowerPC architecture. This option restricts access to the
/dev/memdevice. If this option is disabled, userspace access to all memory is allowed, including kernel and userspace memory, and accidental memory (write) access could potentially be harmful.
CONFIG_KEXEC_AUTO_RESERVE=y CONFIG_CRASH_DUMP=y CONFIG_PROC_VMCORE=y
KEXEC_AUTO_THRESHOLDoption has been lowered to 2 GB.
/proc/mountsfile now shows the following mount options for CIFS under the
nostrictsync noperm backupuid backupgid
/proc/sys/kernel/dmesg_restrictfile is only allowed for a root user that has the
printk.always_kmsg_dump, has been added to save the final kernel messages to the reboot, halt, poweroff, and emergency_restart paths. For usage information, refer to the
soft_panic, has been added. When
soft_panicis set to
1, it causes softdog to invoke kernel panic instead of a reboot when the softdog timer expires. By invoking kernel panic, the system executes kdump, if kdump is configured. Kdump then generates a vmcore which provides additional information on the reasons of the failure.
/usr/share/doc/perf-documentation file has been added to the perf package.
shm_rmid_forcedsysctl option has been added. When set to
1, all shared memory objects not referenced in current ipc namespace (with no tasks attached to it) will be automatically forced to use IPC_RMID. For more information refer to
/proc/sys/net/ipv4/conf/*/accept_localsysctl setting has been added to allow a system to receive packets it sent itself. This is needed in order to work with certain load balancing solutions that load balance to themselves.
CONFIG_VGA_SWITCHEROOconfiguration option is now enabled by default to allow switching between two graphics cards.
O_DIRECTflag for files in FUSE (File system in Userspace) has been added.
CONFIG_IP_MROUTE_MULTIPLE_TABLES=yhas been added to enable support for multiple independent multicast routing instances.
nfs.max_session_slotsmodule/kernel boot parameter has been added. This parameter sets the maximum number of session slots that an NFS client attempts to negotiate with the server.
/procduring boot up has been changed to:
mount -t proc -o nosuid,noexec,nodev proc /proc
procfs, please remount
procfswith the old option:
mount -t proc /proc /proc
-s/--snapshotoption in the
lvmetaddaemon is to eliminate the need for this scanning by dynamically aggregating metadata information each time the status of a device changes. These events are signaled to
lvmetadis not running, LVM performs a scan as it normally would.
use_lvmetadparameter in the
/etc/lvm/lvm.conffile, and enable the
lvmetaddaemon by configuring the
/etc/modprobe.d/dist-nfsv41.conffile with the following line and reboot the system:
alias nfs-layouttype4-1 nfs_layout_nfsv41_files
-o minorversion=1mount option is specified, and the server is pNFS-enabled, the pNFS client code is automatically enabled.
O_DIRECTI/O. These applications may use the raw block device, or the XFS file system in
O_DIRECTmode. (XFS is the only file system that does not fall back to buffered I/O when doing certain allocation operations.) Only applications designed for use with
O_DIRECTI/O and DIF/DIX hardware should enable this feature.
/etc/cluster.confconfiguration file to be used by pacemaker, rgmanager must be disabled. The risk of not doing this is high; after a successful conversion, it would be possible to start rgmanager and pacemaker on the same host, managing the same resources.
<rm disabled="1">flag in
<rm disabled="1">flag appears in
/etc/cluster.confduring a reconfiguration.
autofsdaemon is configured to look up automount maps via SSSD, only a single file has to be configured:
/etc/sssd/sssd.conf. Previously, the
/etc/sysconfig/autofsfile had to be configured to fetch autofs data.
be2netdriver is considered a Technology Preview in Red Hat Enterprise Linux 6.3. You must meet the following requirements to use the latest version of SR-IOV support:
bnx2fcBroadcom drivers, remain a Technology Preview until further notice.
mpt2sasdriver is fully supported. However, when used in the lockless mode, the driver is a Technology Preview.
thin-pool, provide a device mapper device with thin-provisioning and scalable snapshot capabilities. This feature is available as a Technology Preview.
..no such file or directory
/etc/kdump.conf, system-config-kdump, or firstboot.
auditsubsystem in the Linux 2.6 kernel. Within the audispd-plugins sub-package is a utility that allows for the transmission of audit events to a remote aggregating machine. This remote audit logging application, audisp-remote, is considered a Technology Preview in Red Hat Enterprise Linux 6.
fence_ipmilanagent. This new Technology Preview is used to force a kernel dump of a host if the host is configured to do so. Note that this feature is not a substitute for the
offoperation in a production cluster.
/usr/share/seabios/bios-pm.binfile for the VM bios instead of the default
numaddaemon for the best manual placement of an application. The numad package is introduced as a Technology Preview.
1may cause boot from SAN failures.
Bind targets to network interfaces; do not leave it unselected, as is the default. Additionally, you must use static IP addresses if using a network root device.
--iface=option to the iSCSI command, for example:
iscsi --ipaddr 10.34.39.46 --port 3260 --target iqn.2009-02.com.kvm:iscsibind --iface=eth0
/bootpartition is using the first partition of multipath, or use LVM (which is the default behavior).
zerombrkickstart command. The
--initlabeloption of the
clearpartcommand is not intended to serve this purpose.
Skip Boot Loader Configurationduring the installation process. Boot loader configuration will need to be completed manually after installation. This problem does not affect users running Anaconda in the graphical mode (graphical mode also includes VNC connectivity mode).
/bootvolume on an encrypted volume.
em1is used instead of
eth0on new Dell machines). However, the previously used network interface names are preserved on the system and the upgraded system will still use the previously used interfaces. This is not the case for Yum upgrades.
kdump default onfeature currently depends on Anaconda to insert the
crashkernel=parameter to the kernel parameter list in the boot loader's configuration file.
clearpart --initlabelkickstart command. Adding the
clearpart --initlabel --all—ensures disks are cleared correctly.
attempt to access beyond end of device loop0: rw=0, want=248626, limit=248624
subscription managercomponent, BZ#811771
gpgkey. To re-enable the repository, upload the GPG keys, and ensure that the correct URL is added to your custom content definition.
/sys/device/system/cpu/*/cpufreq. This is due to the firmware manipulating the CPU frequency without providing any notification to the operating system. To avoid this ensure that the
HP Power Regulatoroption in the BIOS is set to
OS Control. An alternative available on more recent systems is to set
Collaborative Power Controlto
bootx64to boot the installer due to case sensitivity issues.
[irs] nfs_mount_options = soft,nosharecache,vers=3
cgconfigservice is turned off, turn it on with the
chkconfig cgconfig oncommand and reboot. If you prefer not to reboot your system, restarting the
libvirtservice and vdsm should be sufficient.
libvirtdservice, which enables IP forwarding. The service causes a driver reset on both Ethernet ports which causes a loss of all paths to an OS disk. Under this condition, the system cannot load firmware files from the OS disk to initialize Ethernet ports, eventually never recovers paths to the OS disk, and fails to boot from SAN. To work around this issue add the
bnx2x.disable_tpa=1option to the kernel command line of the GRUB menu, or do not install virtualization related software and manually enable IP forwarding when needed.
/root/.ssh/directory is missing from a host when it is added to a Red Hat Enterprise Virtualization Manager data center, the directory is created with a wrong SELinux context, and SSH'ing into the host is denied. To work around this issue, manually create the
/root/.sshdirectory with the correct SELinux context:
chmod 0700 /root/.ssh~]#
/etc/libvirt/qemu.conffile, set the
relaxed_acs_check = 1parameter, and restart
service libvirtd restart). Note that this action will re-open possible security issues.
service libvirt reloadcommand to restore libvirt's additional iptables rules.
issue_discards=1is configured in the
/etc/lvm/lvm.conffile, moving physical volumes via the
pvmovecommand results in data loss. To work around this issue, ensure that
issue_discards=0is set in your
lvm.conffile before moving any physical volumes.
lvmetaddaemon (currently a Technology Preview), avoid passing the
--testargument to commands. The use of the
--testargument may lead to inconsistencies in the cache that
lvmetadmaintains. This issue will be fixed in a future release. If the
--testargument has been used, fix any problems by restarting the
lvrename Cannot rename <volume_name>: name format not recognized for internal LV <pool_name>This issue will be fixed in the next LVM2 release.
queue_without_daemon yesdefault option queues I/O even though all iSCSI links have been disconnected when the system is shut down, which causes LVM to become unresponsive when scanning all block devices. As a result, the system cannot be shut down. To work around this issue, add the following line into the
/bootpartitions by setting the sixth value of a
pvmovecommand cannot currently be used to move mirror devices. However, it is possible to move mirror devices by issuing a sequence of two commands. For mirror images, add a new image on the destination PV and then remove the mirror image on the source PV:
lvconvert -m +1 <vg/lv> <new PV>~]$
lvconvert -m -1 <vg/lv> <old PV>
lvconvert --mirrorlog core <vg/lv>~]$
lvconvert --mirrorlog disk <vg/lv> <new PV>
lvconvert --mirrorlog mirrored <vg/lv> <new PV>~]$
lvconvert --mirrorlog disk <vg/lv> <old PV>
ldapsam_compatback end. This back end was never designed to run a production LDAP and Samba environment for a long period of time. The
ldapsam_compatback end was created as a tool to ease migration from historical Samba releases (version 2.2.x) to Samba version 3 and greater using the new
ldapsamback end and the new LDAP schema. The
ldapsam_compatback end lack various important LDAP attributes and object classes in order to fully provide full user and group management. In particular, it cannot allocate user and group IDs. In the Red Hat Enterprise Linux Reference Guide, it is pointed out that this back end is likely to be deprecated in future releases. Refer to Samba's documentation for instructions on how to migrate existing setups to the new LDAP schema.
ldapsam_compatback end with their existing LDAP setup even when all the above restrictions apply.
luciwill not function with Red Hat Enterprise Linux 5 clusters unless each cluster node has
$REALMis the realm of the new Identity Management installation) is never pulled. Consequently, the second stage of the installation process always fails unless the
--subjectoption is specified. To work around this issue, add the following option for the second stage of the installation:
$REALMis the realm of the new Identity Management installation. If a custom subject was used for the first stage of the installation, use its value instead. Using this work around, the certificate subject validation procedure succeeds and the installation continues as expected.
ipa passwdcommand. When reset, user's Kerberos credentials in the Directory Server are properly generated and the user is able to log in using Kerberos authentication.
ipa-client-installsetup script. To work around this issue, install the policycoreutils package manually:
yum install policycoreutils
ipa-ldap-updaterfails with a traceback error when executed by a non-root user due to the SASL EXTERNAL bind requiring root privileges. To work around this issue, run the aforementioned command as the root user.
netgroup-findoption to search for external hosts.
subtree, and other options are used to target those entries which are writable. Attributes define which part(s) of those entries are writable. As a result, the list of attributes will be writable to members of the permission.
ldap_disable_pagingoption in the
sssd-ldapman page does not indicate that it accepts the boolean values True or False, and defaulting to False if it is not explicitly specified.
sudocommands are not case sensitive. For example, executing the following commands will result in the latter one failing due to the case insensitivity:
ipa sudocmd-add /usr/bin/X⋮ ~]$
ipa sudocmd-add /usr/bin/xipa: ERROR: sudo command with name "/usr/bin/x" already exists
mod_sslmodule should not be installed on the same system, otherwise Identity Management is unable to issue certificates because
mod_proxyhooks. To work around this issue, uninstall mod_ssl.
ipa-server-installcommand should add a record to the static hostname lookup table in
/etc/hostsand enable further configuration of Identity Management integrated services. However, a record is not added to
/etc/hostswhen an IP address is passed as an CLI option and not interactively. Consequently, Identity Management installation fails because integrated services that are being configured expect the Identity Management server hostname to be resolvable. To work around this issue, complete one of the following:
--ip-addressoption and pass the IP address interactively.
/etc/hostsbefore the installation is started. The record should contain the Identity Management server IP address and its full hostname (the
hosts(5)man page specifies the record format).
libldb. This failure occurs when the SSSD cache contains internal entries whose distinguished name contains the
\,character sequence. The most likely example of this is for an invalid
memberUIDentry to appear in an LDAP group of the form:
memberUIDis a multi-valued attribute and should not have multiple users in the same attribute.
(Wed Nov 2 15:18:21 2011) [sssd] [ldb] (0): A transaction is still active in ldb context [0xaa0460] on /var/lib/sss/db/cache_<DOMAIN>.ldb
/var/lib/sss/db/cache_<DOMAIN>.ldbfile and restart SSSD.
/var/lib/sss/db/cache_<DOMAIN>.ldbfile purges the cache of all entries (including cached credentials).
memberUIDvalues, SSSD fails to sanitize the values properly. The
memberUIDvalue should only contain one username. As a result, SSSD creates incorrect users, using the broken
memberUIDvalues as their usernames. This, for example, causes problems during cache indexing.
[domain/DOMAINNAME]section of the
ldap_referrals = false
-Noption when setting retransmission intervals of IPMI messages over the LAN or LANplus interface may cause various error messages to be returned. For example:
ipmitool -I lanplus -H $HOST -U root -P $PASS sensor listUnable to renew SDR reservation Close Session command failed: Reservation cancelled or invalid ~]#
ipmitool -I lanplus -H $HOST -U root -P $PASS delloem powermonitorError getting power management information, return code c1 Close Session command failed: Invalid command
ipmitool -I lanplus -H $HOST -U root -P wrongpass delloem powermonitorError: Unable to establish IPMI v2 / RMCP+ session Segmentation fault (core dumped)
be2netdriver with a Virtual Function (VF) attached to a virtual guest results in kernel panic.
sg_scancommand) or similar functionality. Please consult Brocade directly for a Brocade equivalent of this functionality.
bnx2fcBroadcom drivers, remain a Technology Preview until further notice.
UUID/LABELresolving is not functional. Avoid using the
UUID/LABELsyntax when dumping core to Btrfs file systems.
/etc/kdump.conf: Unsupported type btrfs
/sbin/btrfsckfile exists, and retry.
trace-cmdservice does start on 64-bit PowerPC and IBM System z systems because the
sys_exitevents do not get enabled on the aforementioned systems.
report, does not work on IBM System z systems. This is due to the fact that the
CONFIG_FTRACE_SYSCALLSparameter is not set on IBM System z systems.
intel_idle.max_cstate=0parameter, or at run time by using the cpu_dma_latency pm_qos interface.
lsusb -v -d 147e:2016 | grep bcdDevice
lpfc) does support DH-CHAP authentication on Red Hat Enterprise Linux 5, from version 5.4. Future Red Hat Enterprise Linux 6 releases may include DH-CHAP authentication.
mpt2sasdriver is "Phase 5 firmware" (that is, with version number in the form
05.xx.xx.xx). Note that following this recommendation is especially important on complex SAS configurations involving multiple SAS expanders.
iscsi_firmwareparameter to grub's kernel command line. This will signal to dracut to boot from the iSCSI HBA.
rss_xor) that were supported by older versions of the
mlx4_endriver have become obsolete and are no longer used. If you supply these parameters, the Red Hat Enterprise Linux 6.3 driver will ignore them and log a warning.
open(2)system call), then the device is closed (via the
close(2)system call), and the
/dev/disk/by-idlink for the device may be removed. When the problem on the device that caused the error is resolved, the
by-idlink is not re-created. To work around this issue, run the following command:
echo 'change' > /sys/class/block/sdX/uevent
mpt2sasdriver is connected to a storage using an SAS switch LSI SAS 6160, the driver may become unresponsive during Controller Fail Drive Fail (CFDF) testing. This is due to faulty firmware that is present on the switch. To fix this issue, use a newer version (14.00.00.00 or later) of firmware for the LSI SAS 6160 switch.
scsi_dhmodules) are not available when the storage driver (for example,
lpfc) is first loaded, I/O operations may be issued to SCSI multipath devices that are not ready for those I/O operations. This can result in significant delays during system boot and excessive I/O error messages in the kernel log.
multipathdis started (which is the default behavior), users can work around this issue by making sure the appropriate SCSI device handlers (
scsi_dhmodules) are available by specifying one of the following kernel command line parameters which dracut consumes:
scsi_dhmodules does not matter.
scsi_dhmodule(s) to load before the storage driver is loaded or multipath is started.
nohpetparameter or, alternatively, the
clocksource=jiffiesparameter to the kernel command line of the guest. Or, if running under Red Hat Enterprise Linux 5.7 or newer, locate the guest configuration file for the guest and add the
hpet=0parameter in it.
WARNING: BIOS bug: CPU MTRRs don't cover all of memory, losing <number>MB of RAM
disable_mtrr_trimkernel command line option.
perf recordcommand becomes unresponsive when specifying a tracepoint event and a hardware event at the same time.
./perf record -agT -e sched:sched_switch -F 100 -- sleep 3
select()call. However, it is safe to increase the default hard limit; that way, applications requiring a large amount of file descriptors can increase their soft limit without needing root privileges and without any user intervention.
sysctl vm.zone_reclaim_modeis now
0, whereas in Red Hat Enterprise Linux 6.1 it was
options snd-hda-intel model=thinkpad
bfa xxxx:xx:xx.x: Base port (WWN = xx:xx:xx:xx:xx:xx:xx:xx) lost fabric connectivity
lpfcdriver is deprecating the
mboxinterface as it is no longer used by the Emulex tools. Reads and writes are now stubbed out and only return the
-EPERM(Operation not permitted) symbol.
scsidevices. It is usually triggered when a large amounts of I/O operations are pending on the controller in the first kernel before performing a kdump.
/proc/modulesshow all zeros when accessed by a non-root user.
nomcekernel boot option, which disables machine check error reporting, or the
mce=ignore_cekernel boot option, which disables correctable machine check error reporting.
kernel: cciss0: <0x3230> at PCI 0000:1f:00.0 IRQ 71 using DAC … kernel: cciss1: <0x3230> at PCI 0000:02:00.0 IRQ 75 using DAC
pci=bfsortparameter to the kernel command line, and check again.
be2iscsidriver results in kernel panic. To work around this issue, disable CHAP on the iSCSI target.
tg3driver normally handles. As a result, some of the routines that operate on the VPD blocks may fail. For example, the
nvramtest fails when running the
ethtool –tcommand on BCM5719 and BCM5720 Ethernet Controllers.
ethtool -tcommand on BCM5720 Ethernet controllers causes a loopback test failure because the
tg3driver does not wait long enough for a link.
tg3driver in Red Hat Enterprise Linux 6.2 does not include support for Jumbo frames and TSO (TCP Segmentation Offloading) on BCM5719 Ethernet controllers. As a result, the following error message is returned when attempting to configure, for example, Jumbo frames:
SIOCSIFMTU: Invalid argument
lpfc_use_msimodule parameter (in
/sys/class/scsi_host/host#/lpfc_use_msi) being set to
2by default, instead of the previous
lpfcadapter may fail with mailbox errors. As a result, the
lpfcadapter is not configured on the system. The following message appear in
lpfc 0000:04:08.0: 0:0:0443 Adapter failed to set maximum DMA length mbxStatus x0 lpfc 0000:04:08.0: 0:0446 Adapter failed to init (255), mbxCmd x9 CFG_RING, mbxStatus x0, ring 0 lpfc 0000:04:08.0: 0:1477 Failed to set up hba ACPI: PCI interrupt for device 0000:04:08.0 disabled
lpfcadapter is operating, it may fail with mailbox errors, resulting in the inability to access certain devices. The following message appear in
lpfc 0000:0d:00.0: 0:0310 Mailbox command x5 timeout Data: x0 x700 xffff81039ddd0a00 lpfc 0000:0d:00.0: 0:0345 Resetting board due to mailbox timeout lpfc 0000:0d:00.0: 0:(0):2530 Mailbox command x23 cannot issue Data: xd00 x2
lpfcadapter. The system BIOS logs the following messages:
Installing Emulex BIOS ...... Bringing the Link up, Please wait... Bringing the Link up, Please wait...
netxen_nicis 4.0.550. This includes the boot firmware which is flashed in option ROM on the adapter itself.
vmcore. As a result, the second kernel is not loaded, and the system becomes unresponsive.
vmcorethrough the network using the Intel 82575EB ethernet device in a 32 bit environment causes the networking driver to not function properly in the kdump kernel, and prevent the
vmcorefrom being captured.
#!/bin/sh # Disable hyper-threading processor cores on suspend and hibernate, re-enable # on resume. # This file goes into /etc/pm/sleep.d/ case $1 in hibernate|suspend) echo 0 > /sys/devices/system/cpu/cpu1/online echo 0 > /sys/devices/system/cpu/cpu3/online ;; thaw|resume) echo 1 > /sys/devices/system/cpu/cpu1/online echo 1 > /sys/devices/system/cpu/cpu3/online ;; esac
nmi_watchdogregisters with the
perfsubsystem. Consequently, during boot, the
perfsubsystem grabs control of the performance counter registers, blocking OProfile from working. To resolve this, either boot with the
nmi_watchdog=0kernel parameter set, or run the following command to disable it at run time:
echo 0 > /proc/sys/kernel/nmi_watchdog
nmi-watchdog, use the following command
echo 1 > /proc/sys/kernel/nmi_watchdog
BUG: NMI Watchdog detected LOCKUPand have either
ipi_handlerin the backtrace. To work around this issue, disable NMI watchdog by setting the
nmi_watchdog=0kernel parameter, or using the following command at run time:
echo 0 > /proc/sys/kernel/nmi_watchdog
vmcorevia NFS. To work around this issue, utilize other kdump facilities, for example dumping to the local file system, or dumping over SSH.
nmi_watchdog=lapicparameters. The parameter
nmi_watchdog=1is not supported.
pci=noioapicquirk, is required when installing the 32-bit variant of Red Hat Enterprise Linux 6 on HP xw9300 workstations. Note that the parameter change is not required when installing the 64-bit variant.
qpiddrunning on port
49000) does not require authentication. However, the Matahari broker is not remotely accessible unless the firewall is disabled, or a rule is added to make it accessible. Given the capabilities exposed by Matahari agents, if Matahari is enabled, system administrators should be extremely cautious with the options that affect remote access to Matahari.
/bin/sh: line 4: reporter-bugzilla: command not found
abrt-action-analyze-backtrace && ( bug_id=$(reporter-bugzilla -h `cat duphash`) && if test -n "$bug_id"; then abrt-bodhi -r -b $bug_id fi )
irqbalance(1)man page does not contain documentation for the
IRQBALANCE_BANNED_INTERRUPTSenvironment variables. The following documentation will be added to this man page in a future release:
Provides a mask of cpus which irqbalance should ignore and never assign interrupts to. This is a hex mask without the leading '0x', on systems with large numbers of processors each group of eight hex digits is sepearated ba a comma ','. i.e. `export IRQBALANCE_BANNED_CPUS=fc0` would prevent irqbalance from assigning irqs to the 7th-12th cpus (cpu6-cpu11) or `export IRQBALANCE_BANNED_CPUS=ff000000,00000001` would prevent irqbalance from assigning irqs to the 1st (cpu0) and 57th-64th cpus (cpu56-cpu63).
Space seperated list of integer irq's which irqbalance should ignore and never change the affinity of. i.e. export IRQBALANCE_BANNED_INTERRUPTS="205 217 225"
SIGHUPsignal is issued. To reload the configuration, the
rsyslogdaemon needs to be restarted:
service rsyslog restart
acl_TestRights - cache overflownThis update increases the default ACI cache limit to 2000 and allows it to be configurable by means of the new parameter
nsslapd-aclpb-max-selected-aclsin the configuration file entry "cn=ACL Plugin,cn=plugins,cn=config". As a result, the aforementioned error message is not displayed unless the new limit is exceeded, and it is now possible to change the limit when needed.
ldapmodifyoperation to modify RUV (Replica Update Vector) entries was allowed. Consequently, 389 Directory Server became unresponsive when performing such operations. This update disallows direct modification of RUV entries. As a result, the server does not stop responding when performing such operations, and returns an error message advising usage of the
logconv.plscript searched server logs for the "conn=0 fd=" string. Consequently, the script reported a wrong number of server restarts. This update modifies the script to search for the "conn=1 fd=" string instead. As a result, the correct number of server restarts is now returned.
authzidattribute to be fully BER (Basic Encoding Rules) encoded. Consequently, the following error was returned when performing the
ldapsearchcommand with proxy authorization:
unable to parse proxied authorization control (2 (protocol error))This update modifies the underlying source code so that full BER encoding of the provided authzid value is not required. As a consequence, no error is returned in the scenario described above.
ldapsearchcommand on the "cn=config" object returned all attributes of the object, including attributes with empty values. This update ensures that attributes with empty values are not saved into "cn=config", and enhances the
ldapsearchcommand with a check for empty attributes. As a result, only attributes that have a value are returned in the aforementioned scenario.
.pidfiles. In some cases, however, the files remain present even if the associated processes have already been terminated. Consequently, the upgrade scripts sometimes assumed that the Directory Server was online and did not proceed with the database upgrade even if the server was actually offline. This update adds an explicit test to check if the processes referenced in the
.pidfiles are really running. As a result, the upgrade scripts now work as expected.
repl-monitorcommand used only the subdomain part of hostnames for host identification. Consequently, hostnames with the identical subdomain part (for example: "ldap.domain1", "ldap.domain2") were identified as a single host, and inaccurate output was produced. This update ensures that the entire hostname is used for host identification. As a result, all hostnames are identified as separate and output of the
repl-monitorcommand is accurate.
NSMMReplicationPlugin - repl_set_mtn_referrals: could not set referrals for replica dc=example,dc=com: 32This update ensures that DN strings are normalized before being used in modify operations. As a result, replication does not produce the error messages in the aforementioned scenario.
.mibfiles without copyright headers. Consequently, the files could not be included in certain Linux distributions due to copyright reasons. This update merges information from all such files into the
redhat-directory.mibfile, which contains the required copyright information, and ensures that it is the only file in the directory. As a result, no copyright issues block 389 Directory Server from being included in any Linux distribution.
strcmproutines for value comparison. Consequently, using extensible search filters with binary data returned incorrect results. This update modifies the underlying source code to use binary-aware functions. As a result, extensible search filters work with binary data correctly.
entryrdnindex failed with the following error message:
_entryrdn_insert_key: Getting "nsuniqueid=ca681083-69f011e0-8115a0d5-f42e0a24,ou=People,dc=example,dc=com" failedWith this update, 389 Directory Server handles tombstones of child entries correctly, and the
entryrdnindex can now be reindexed successfully with no errors.
entryrdnindex. Consequently, attempts to search for such entries were not successful. This update ensures correct indexing of RUV tombstone entries in the
entryrdnindex and search attempts for such entries are now successful.
Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failedWith this update, the default timeout for such replication requests has been set to 10 minutes. As a result, no errors are returned when using replication with DNA to add users, and the operation succeeds.
dse.ldiffile. This update modifies the error messages so that they include the name of and path to the file where the error was found.
attr_syntax_create - Error: the EQUALITY matching rule [caseIgnoreMatch] is not compatible with the syntax [184.108.40.206.4.1.14220.127.116.11.26] for the attribute [nisDomain]This update ensures that the server uses the latest version of the nisDomain schema. As a result, restarting the server after an upgrade does not show any errors.
connectionattribute when performing anonymous search on cn=monitor returned the
connectionattribute, even though it was denied by the default ACI. This update ensures that the ACI is processed even if the attribute is not in the schema. As a result, the
connectionattribute is not displayed if the ACI denies it.
tombstone_to_gluefunction, the Directory Server terminated unexpectedly. This update fixes the logic for getting ancestor tombstone entries and eliminates the chance to convert a tombstone entry into an orphaned entry. As a result, unexpected server termination no longer occurs in the aforementioned scenario.
ldapcomparecommand. Consequently, performing concurrent comparison operations on virtual attributes caused the Directory Server to become unresponsive. This update fixes the internal loop issue. As a result, the server performs concurrent comparison operations without any issues.
ldif2dbm - _get_and_add_parent_rdns: Failed to convert DN cn=TESTRELM.COM to RDNThis update ensures that the server does not start before the upgrade procedure finishes. As a result, the server boots up successfully after the upgrade.
ldap_initialize()function is not thread-safe. Consequently, 389 Directory Server terminated unexpectedly during startup when using replication with many replication agreements. This update ensures that calls of the
ldap_initialize()function are protected by a mutual exclusion. As a result, when using replication with many replication agreements, the server starts up correctly.
entryusn” attribute modified cache entries directly. Consequently under heavy loads, the server terminated unexpectedly when performing delete and search operations using the “
entryusn” and “
memberof” attributes with referential integrity enabled. This update ensures that the entries are never modified in the cache directly. As a result, the server performs searches in the previously described conditions without terminating unexpectedly.
ldap_delete: Server is unwilling to perform (53) additional info: Not a valid operation.This update modifies the underlying source code so that deletion of Managed Entry Config entries is allowed and can be performed successfully.
logconv.plscript was only able to produce a summary of operations for a file or for a requested period. This update introduces the
-moption for generation of per-second statistics, and the
-Moption for generation of per-minute statistics. The statistics are generated in CSV format suitable for further post-processing.
/var/spool/abrt-upload/via the reporter-upload utility, the ABRT daemon copied the dump directory to
/var/spool/abrt/and incremented the crash count which was already incremented before. Due to the crash count being incremented twice, the dump directory was marked as a duplicate of itself and removed. With this update, the crash count is no longer incremented for remotely uploaded dump directories, thus fixing the issue.
linevariable to be freed twice. This update fixes this bug, and kernel oopses are now properly analyzed.
mailxplug-in did not function properly due to a missing default configuration file for the
mailxplug-in. This update adds a default configuration file for the
/tmp/anaconda-tb-*files to be sometimes recognized as a binary file and sometimes as a text file.
bugzillaplug-in from working correctly. This update resolves this issue by modifying the source code to work with the new Bugzilla API.
noprobeargument in a kickstart file was not passed to the last known codepath. Consequently, the noprobe request was not properly honored by Anaconda. This update improves the code so that the argument is passed to the last known codepath. As a result, device drivers are loaded according to the
devicecommand in the kickstart file.
ifupcommand failed. This update sets the value of
dhcpin default network device configuration files. As a result, network devices can be activated successfully using the
ifupcommand after reboot in the scenario described.
/procfile. As a result, guests with one CPU can bring the boot device online so the CMS configuration file can be read and automated installations proceed as expected.
repocommands in kickstart generated by Anaconda contained base installation repository information but they should contain only additional repositories added either by the
repokickstart command or in the graphical user interface (GUI). Consequently, in media installations, the
repocommand generated for installation caused a failure when the kickstart file was used. With this update, Anaconda now generates
repocommands only for additional repositories. As a result, kickstart will not fail for media installations.
USBdevices used during installation are no longer automounted.
tty1was put under control of Anaconda, but was not returned when Anaconda exited. Consequently, init did not have permission to modify tty1's settings to enable Ctrl+C functionality when Anaconda exited, which resulted in Ctrl+C not working when the installer prompted the user to press the Ctrl+C or Ctrl+Alt+Delete key combination after Anaconda terminated unexpectedly. A code returning tty1 control back to init was added to Anaconda. As a result, Ctrl+C now works as expected if the user is prompted to press it when Anaconda crashes.
=~operator. This operator is used to check for the architecture when including files. Consequently, some binaries which provide the
grubcommand were present on x86_64 versions of the installer, but were missing from i686 media. The Bash code has been modified to prevent this bug. As a result, the binaries are now also present on i686 media and users can now use the grub command from installation media as expected.
127. This update fixes the ordering in the unmounting sequence and as a result, the dynamic linker and mdadm now work correctly.
stderrwere distinct. Consequently, if the stdout and stderr descriptors were the same, using them both for writing resulted in overwriting and the log file not containing all of the lines expected. With this update, if the stdout and stderr descriptors are the same then only one of them is used for both stdin and stderr. As a result, the log file contains all lines from both stdout and stderr.
\nbut the installer only checked for
\0. Consequently, the
develargument was not detected when it was the last argument on the command line and the installation failed. This update improves the code to also check for
\n. As a result, the
develargument is correctly parsed and installation proceeds as expected.
ECHOpackets will cause this test to fail, halting the installation and asking the user whether or not the provided nameserver address is valid. Consequently, automated installations using kickstart will stop if this test fails. With this update, in the event that the ping test fails, the
nslookupcommand is used to validate the provided nameserver address. If the
nslookuptest succeeds then kickstart will continue with the installation. As a result, automated network installations on IBM System z in non-interactive mode will complete as expected in the scenario described.
linkcommand was present, the
linkspecification was not used consistently for device activation and device configuration. Consequently, other network devices having link status were sometimes misconfigured using the settings targeted to the device activated by the installer. With this update, the code has been improved and now refers to the same device with
linkspecification both in case of device activation and device configuration. As a result, when multiple devices with link status are present during installation,
linkspecification of the device to be activated and used by the installer does not cause misconfiguration of another device having link status.
8 TB, but Ext3FS and Ext4FS inherited this value without overriding it. Consequently, when attempting to create an ext3 or ext4 file system of a size greater than
8Tbthe installer would not allow it. With this update, the installer's upper bound for new ext3 and ext4 filesystem size has been adjusted from
16TB. As a result, the installer now allows creation of ext3 and ext4 filesystems up to
DHCPtransaction timeout of 45 seconds without the possibility of configuring a different value. Consequently, in certain cases NetworkManager failed to obtain a network address. NetworkManager has been extended to read the timeout parameter from a DHCP configuration file and use that instead of the default value. Anaconda has been updated to write out the dhcptimeout value to the interface configuration file used for installation. As a result, the boot option
dhcptimeoutworks and NetworkManager now waits to obtain an address for the duration of the DHCP transaction period as specified in the DHCP client configuration file.
USB3modules were not in the Anaconda install image. Consequently, USB3 devices were not detected by Anaconda during installation. This update adds the USB3 modules to the install image and USB3 devices are now detected during installation.
clearpartcommand or the installer's automatic partitioning options to clear old data from the system's disks were used with complex storage devices such as logical volumes and software RAID, LVM tools caused the installation process to become unresponsive due to a deadlock. Consequently, the installer failed when trying to remove old metadata from complex storage devices. This update changes the LVM commands in the udev rules packaged with the installer to use a less restrictive method of locking and the installer was changed to explicitly remove partitions from a disk instead of simply creating a new partition table on top of the old contents when it initializes a disk. As a result, LVM no longer hangs in the scenario described.
/usr/lib/anaconda/textw/netconfig_text.pyfile tried to import a module from the wrong location. Consequently, Anaconda failed to start and the following error message was generated:
No module named textw.netconfig_textThe code has been corrected and the error no longer occurs in the scenario described.
PROXY_PASSWORDenvironmental variables. As a result, pre and post installation scripts now have access to the proxy setting used by Anaconda.
NUMBERoption for the kickstart
partcommand sometimes caused installation failures as Anaconda was not able to find the disk that matches the specified BIOS disk number. Users wishing to use BIOS disk numbering to control kickstart installations were not able to successfully install Red Hat Enterprise Linux. This update adjusts the comparison in Anaconda that matches the BIOS disk number to determine the Linux device name. As a result, users wishing to use BIOS disk numbering to control kickstart installations will now be able to successfully install Red Hat Enterprise Linux.
qla4xxx.ql4xdisablesysfsbootboot option. With this update, it is enabled by default.
iSCSIconnections to network interfaces, which is required for installations using multiple iSCSI connections to a target on a single subnet for Device Mapper Multipath (DM-Multipath) connectivity. Consequently, DM-Multipath connectivity could not be used on a single subnet as all devices used the default network interface. With this update, the
Bind targets to network interfacesoption has been added to the “Advanced Storage Options” dialog box. When turned on, targets discovered specifically for all active network interfaces are available for selection and login. For kickstart installations a new
--ifaceoption can be used to specify network interface to which a target should be bound. Once interface binding is used, all iSCSI connections have to be bound, that is to say the
--ifaceoption has to be specified for all iscsi commands in kickstart. Network devices required for iSCSI connections can be activated either using kickstart network command with the
--activateoption or in the graphical user interface (GUI) using the Configure Network button from the “Advanced Storage Options” dialog (“Connect Automatically” has to be checked when configuring the device so that the device is also activated in the installer). As a result, it is now possible to configure and use DM-Multipath connectivity for iSCSI devices using different network interfaces on a single subnet during installation.
%presection of kickstart. This update adds curl to the install image and curl can be used in the
%presection of kickstart.
InfiniBandnetwork using IPoIB network interfaces.
volgroupcommand to specify initially unused space in megabytes or as a percentage of the total volume group size. These options are only valid for volume groups being created during installation. As a result, users can effectively reserve space in a new volume group for snapshots while still using the
--growoption for logical volumes within the same volume group.
GPTdisk label is now used for disks of size 2.2 TB and larger. As a result, Anaconda now allows installation to disks of size 2.2 TB and larger, but the installed system will not always boot properly on non-
EFIsystems. Disks of size 2.2 TB and larger may be used during the installation process, but only as data disks; they should not be used as bootable disks.
IPv6support is set to be disabled by the installer using the
noipv6boot option, or the
--nopipv6kickstart command, or by using the “Configure TCP/IP” screen of the loader Text User Interface (TUI), and no network device is configured for
IPv6during installation, the IPv6 kernel modules on the installed system will now be disabled.
VLANdiscovery option for Fibre Channel over Ethernet (FCoE) devices added during installation using Anaconda's graphical user interface was required. All FCoE devices created in Anaconda installer were configured to perform VLAN discovery using the fcoemon daemon by setting the
AUTO_VLANvalue of its configuration file to
yes. A new “Use auto vlan” checkbox was added to the “Advanced Storage Options” dialog, which is invoked by the Add Advanced Target button in “Advanced Storage Devices” screen. As a result, when adding FCoE device in Anaconda, it is now possible to configure the VLAN discovery option of the device using “Use auto vlan” checkbox in “Advanced Storage Options” dialog. The value of
AUTO_VLANoption of FCoE device configuration file
/etc/fcoe/cfg-deviceis set accordingly.
/etc/fcoe/directory using biosdevname, which is the new style interface naming scheme, for all the available Ethernet interfaces for FCoE BFS. However, it did not add the ifname kernel command line argument for FCoE interface that stays offline after discovering FCoE targets during installation. Because of this, during subsequent reboot the system tried to find the old style
ethinterface name in
/etc/fcoe/, which does not match the file created by Anaconda using biosdevname. Therefore, due to the missing FCoE config file, FCoE interface is never created on this interface. Consequently, during FCoE BFS installation, when an Ethernet interface went offline after discovering the targets, FCoE links did not come up after reboot. This update adds dracut
ipparameters for all FCoE interfaces including those that went offline during installation. As a result, FCoE interfaces disconnected during installation will be activated after reboot.
--recommendedcommand in kickstart created a swap file of size 2 GB plus the installed RAM size regardless of the amount of RAM installed. Consequently, machines with a large amount of RAM had huge swap files prolonging the time before the oom_kill syscall was invoked even in malfunctioning cases. In this update, swap size calculations for
--recommendedwere changed to meet the values recommended in the documentation https://access.redhat.com/knowledge/solutions/15244 and the
--same-as-ramoption was added for the
swapkickstart command and as the default in GUI/TUI installations. As a result, machines with a lot of RAM have a reasonable swap size now if
--recommendedis used. However, hibernation might not work with this configuration. If users want to use hibernation they should use
ifcfgconfiguration file during installation for all network interfaces used by FCoE. As a result, all network devices used for installation to FCoE storage devices are activated automatically after reboot.
nc) networking utility to the install environment. Users can now use the
ncprogram in Rescue mode.
$prefix/lib/firmwarepaths on a Driver Update Disk (DUD). This update adds the
$prefix/lib/firmware/updatesdirectory to the path to be searched for firmware. RPM files containing firmware updates can now have firmware files in
DNS(Domain Name System) protocols. BIND includes a DNS server (
named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.
/etc/resolv.confcontained nameservers with disabled recursion, nslookup failed to resolve certain host names. With this update, a patch has been applied and nslookup now works as expected in the scenario described.
nameddaemon could become unresponsive on shutdown. With this update, the error handling has been improved and
namedexits on shutdown gracefully.
nameddaemon uses the atomic operations feature to speed-up access to shared data. This feature did not work correctly on 32-bit and 64-bit PowerPC architectures. Therefore,
namedsometimes became unresponsive on these architectures. This update disables the atomic operations feature on 32-bit and 64-bit PowerPC architectures, which ensures that
namedis now more stable and reliable and no longer hangs.
namedcould terminate unexpectedly. With this update, the underlying code has been fixed and the race condition no longer occurs.
nameddaemon, configured as the master server, sometimes failed to transfer an uncompressible zone. The following error message was logged:
transfer of './IN': sending zone data: ran out of spaceThe code which handles zone transfers has been fixed and this error no longer occurs in the scenario described.
namedsometimes terminated unexpectedly with an assertion failure. With this update, a patch has been applied to make the code more robust, and
namedno longer crashes in the scenario described.
rndc.keyfile was generated during package installation by the
rndc-confgen -acommand, but this feature was removed in Red Hat Enterprise Linux 6.1 because users reported that installation of bind package sometimes hung due to lack of entropy in
namedinitscript now generates
rndc.keyduring the service startup if it does not exist.
rndc reloadcommand was executed,
namedfailed to update DNSSEC trust anchors and emitted the following message to the log:
managed-keys-zone ./IN: Failed to create fetch for DNSKEY updateThis issue was fixed in the 9.8.2rc1 upstream version.
/dev/nulldevice. In addition, some empty directories were left behind after uninstalling bind. With this update, the bind-chroot packaging errors have been fixed.
named.conffile to override the configuration supplied by the plug-in. Consequently,
namedsometimes failed to start. With this update the
named.confis parsed before plug-in initialization and
namednow starts as expected.
/var/nameddirectory was mounted the
/etc/init.d/namedinitscript did not distinguish between situations when
chrootconfiguration was enabled and when
chrootwas not enabled. Consequently, when stopping the
/var/nameddirectory was always unmounted. The initscript has been fixed and now unmounts
chrootconfiguration is enabled. As a result,
/var/namedstays mounted after the
namedservice is stopped when
chrootconfiguration is not enabled.
rrset-orderoption now supports
fixedordering. When this option is set, the resource records for each domain name are always returned in the order they are loaded from the zone file.
namedlogged too many messages relating to external DNS queries. The severity of these error messages has been decreased from “notice” to “debug” so that the system log is not flooded with mostly unnecessary information.
nameddaemon now uses portreserve to reserve the Remote Name Daemon Control (RNDC) port to avoid conflicts with other services.
LDAPback end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers.
LDAPserver failed, the bind-dyndb-ldap plug-in did not try to connect again. Consequently, users had to execute the "rndc reload" command to make the plug-in work. With this update, the plug-in periodically retries to connect to an LDAP server. As a result, user intervention is no longer required and the plug-in works as expected.
zone_refreshperiod timed out and a zone was removed from the
LDAPserver, the plug-in continued to serve the removed zone. With this update, the plug-in no longer serves zones which have been deleted from LDAP when the
zone_refreshparameter is set.
rndc reloadcommand or a
SIGHUPsignal and the plug-in failed to connect to an LDAP server, the plug-in caused named to terminate unexpectedly when it received a query which belonged to a zone previously handled by the plug-in. This has been fixed, the plug-in no longer serves its zones when connection to LDAP fails during reload and no longer crashes in the scenario described.
LDAPserver for some time, then reconnected successfully, and some zones previously present had been removed from the LDAP server. The bug has been fixed and the plug-in no longer crashes in the scenario described.
DNSserver, the plug-in did not put A or AAAA glue records in the “additional section” of a DNS answer. Consequently, the delegated sub-domain was not accessible by other DNS servers. With this update, the plug-in has been fixed and now returns A or AAAA glue records of a delegated sub-domain in the “additional section”. As a result, delegated zones are correctly resolvable in the scenario described.
idnsAllowTransfer, which can be used to set ACLs for queries or transfers. Refer to
/usr/share/doc/bind-dyndb-ldap/READMEfor information on the attributes.
idnsForwardPolicywhich can be used to configure forwarding. Refer to
/usr/share/doc/bind-dyndb-ldap/READMEfor a detailed description.
sync_ptrthat can be used to keep A and AAAA records and their PTR records synchronized. Refer to
/usr/share/doc/bind-dyndb-ldap/READMEfor a detailed description.
LDAPand configuration was only taken from the
named.conffile. With this update, configuration information can be obtained from
idnsConfigObjectin LDAP. Note that options set in named.conf have lower priority than options set in LDAP. The priority will change in future updates. Refer to the README file for more details.
qdiskdinteraction timer has been improved.
pingcommand examples on the qdisk(5) manual page did not include the
-woption. If the
pingcommand is run without the option, the action can timeout. With this update, the
-woption has been added to those
GFS2file systems created with large numbers of journal metadata blocks now pass the fsck check cleanly.
totem.miss_count_constconstant as a valid option. As a consequence, users were not able to validate
cluster.confwhen this option was in use. This option is now recognized correctly by the RELAX NG schema, and the
cluster.conffile can be validated as expected.
cmannotifyddaemon is often started after the cman utility, which means that
cmannotifyddoes not receive or dispatch any notifications on the current cluster status at startup. This update modifies the cman connection loop to generate a notification that the configuration and membership have changed.
free()function in the gfs2_edit code could lead to memory leaks and so cause various problems. For example, when the user executed the
gfs2_edit savemetacommand, the gfs2_edit utility could become unresponsive or even terminate unexpectedly. This update applies multiple upstream patches so that the
free()function is now used correctly and memory leaks no longer occur. With this update, save statistics for the
gfs2_edit savemetacommand are now reported more often so that users know that the process is still running when saving a large dinode with a huge amount of metadata.
GFS1(which had different fields) that calculated distances between resource groups and did not work with only one resource group. This update adds the
rgrp_size()function in libgfs2, which calculates the size of the resource group instead of determining its distance from the previous resource group. A file system with only one resource group can now be expanded successfully.
GFS2file system. The messages also contained absolute build paths and source code references, which was unwanted. A patch has been applied to provide users with comprehensive error messages in the described scenario.
gfs_controlddaemon ignored an error returned by the
dlm_controlddaemon for the
dlmc_fs_register()function while mounting a file system. This resulted in a successful mount, but recovery of a
GFSfile system could not be coordinated using Distributed Lock Manager (DLM). With this update, mounting a file system is not successful under these circumstances and an error message is returned instead.
GFS1file system to convert a file system from
GFS2. However, the gfs2_convert utility required the user to run the gfs_fsck utility prior to conversion, but because this tool is not included in Red Hat Enterprise Linux 6, users had to use Red Hat Enterprise Linux 5 to run this utility. With this update, the gfs2_fsck utility now allows users to perform a complete
GFS2conversion on Red Hat Enterprise Linux 6 systems.
qdiskddaemon and the device-mapper-multipath utility is a very complex operation, and it was previously easy to misconfigure
qdiskdin this setup, which could consequently lead to a cluster nodes failure. Input and output operations of the
qdiskddaemon have been improved to automatically detect multipath-related timeouts without requiring manual configuration. Users can now easily deploy
multipathddaemon was not correctly stopping waiter threads during shutdown. The waiter threads could access freed memory and cause the daemon to terminate unexpectedly during shutdown. With this update, the
mutlipathddaemon now correctly stops the waiter threads before they can access any freed memory and no longer crashes during shutdown.
multipathddid not disable the
queue_if_no_pathoption on multipath devices by default. When
multipathdwas stopped during shutdown, I/O of the device was added to the queue if all paths to a device were lost, and the shutdown process became unresponsive. With this update, multipathd now sets the
noby default. As a result, all multipath devices stop queueing when
multipathdis stopped and multipath now shuts down as expected.
multipathdand udev to rename the new multipath device nodes. If udev renamed the device node first,
multipathdremoved the device created by udev and failed to create the new device node. With this update,
multipathdimmediately creates the new device nodes, and the race condition no longer occurs. As a result, the renamed device is now available as expected.
flush_on_last_devhandling code did not implement handling of the queue feature properly. Consequently, even though the
flush_on_last_delfeature was activated,
multipathdre-enabled queueing on multipath devices that could not be removed immediately after the last path device was deleted. With this update, the code has been fixed and when the user sets
flush_on_last_del, their multipath devices correctly disable queueing, even if the devices cannot be closed immediately.
multipathddid not set the
max_fdsoption by default, which sets the maximum number of file descriptors that
multipathdcan open. Also, the
user_friendly_namessetting could only be configured in the
/etc/multipath.conf. The user had to set
max_fdsmanually and override the
default user_friendly_namesvalue in their device-specific configurations. With this update, multipath now sets
max_fdsto the system maximum by default, and
user_friendly_namescan be configured in the
multipath.conf. Users no longer need to set max_fds for large setups, and they are able to select user_friendly_names per device type.
hwtable_regex_matchoption was added to the defaults section of
multipath.conf. If it is set to
yes, Multipath uses regular-expression matching to determine if the user's vendor and product strings match the built-in device configuration strings: the user can use the actual vendor and product information from their hardware in their device configuration, and it will modify the default configuration for that device. The option is set to
multipathdwas using a deprecated Out-of-Memory (OOM) adjustment interface. Consequently, the daemon was not protected from the OOM killer properly; the OOM killer could kill the daemon when memory was low and the user was unable to restore failed paths. With this update,
multipathdnow uses the new Out-of-Memory adjustment interface and can no longer be killed by the Out-of-Memory killer.
multipath.conffile now contains a comment which informs the user that the configuration must be reloaded for any changes to take effect.
multipathddaemon incorrectly exited with code
multipath -h(print usage) was run. With this update, the underlying code has been modified and
multipathdnow returns code
0as expected in the scenario described.
multipathdthreads did not check if
multipathdwas shutting down before they started their execution. Consequently, the
multipathddaemon could terminate unexpectedly with a segmentation fault on shutdown. With this update, the
multipathdthreads now check if
multipathdis shutting down before triggering their execution, and
multipathdno longer terminates with a segmentation fault on shutdown.
multipathddaemon did not have a failover method to handle switching of path groups when multiple nodes were using the same storage. Consequently, if one node lost access to the preferred paths to a logical unit, while the preferred path of the other node was preserved,
multipathdcould end up switching back and forth between path groups. This update adds the
followoverfailback method to device-mapper-multipath. If the
followoverfailback method is set,
multipathddoes not fail back to the preferred path group, unless it just came back online. When multiple nodes are using the same storage, a path failing on one machine now no longer causes the path groups to continually switch back and forth.
tur, the checks were not performed asynchronously. If a device failed and the checker was waiting for the SCSI layer to fail back, the checks on other paths were kept waiting. The checker has been rewritten so as to check the paths asynchronously, and the path checking on other paths continues as expected.
turpath checker by default. Also flush_on_last_del has been enabled, dev_loss_tmo has been set to
infinity, fast_io_fail_tmo has been set to
5, and pg_init_retries has been set to
OSError: [Errno 2] No such file or directory: '/sys/kernel/config/target
WARNING: Internal sanity check failed in event handler for request 6
nscddaemon received a CNAME (Canonical Name) record as a response to a DNS (Domain Name System) query, the cached DNS entry adopted the TTL (Time to Live) value of the underlying
AAAAresponse. This caused the nscd daemon to wait an unexpectedly long time before reloading the DNS entry. With this update, nscd uses the shortest TTL from the response as the TTL for the entire record. DNS entries are now reloaded as expected in this scenario.
memcpy()function, the optimized function variant was used. However, the optimized function variant copies the buffer backwards. As a result, if the source and target buffers were overlapping, the program behaved in an unexpected way. While such calling is a violation of ANSI/ISO standards and therefore considered an error, this update restores the prior memcpy() behavior and such programs now use the non-optimized variant of the function to allow applications to behave as before.
malloc()routines, glibc incorrectly allocated too much memory. This could cause a multi-threaded application to allocate more memory to the threads than expected. With this update, the race condition has been fixed, and malloc's behavior is now consistent with the documentation regarding the MALLOC_ARENA_TEST and MALLOC_ARENA_MAX environment variables.
gaih_getanswer()function. As a consequence, the
getaddrinfo()function could not properly return all addresses. This update fixes an incorrect error test condition in
gaih_getanswer()so that glibc now correctly parses the second response buffer. The
getaddrinfo()function now correctly returns all addresses.
htons()function with the
-Wconversionparameters caused bogus warnings similar to the following:
warning: conversion to \u2018short unsigned int\u2019 from \u2018int\u2019 may alter its value
fork()call. As a result, shared robust mutex locks were not cleaned up after the child process exited. This update ensures that the robust futex list is correctly initialized after a fork system call.
malloc()function could enter a deadlock while creating an error message string. As a result, the process could become unresponsive. With this update, the process uses the
mmap()function to allocate memory for the error message instead of the
malloc()function. The malloc() deadlock therefore no longer occurs and the process with a corrupted heap now aborts gracefully.
alloca()to allocate buffers in various routines. If such allocations applied large internal memory requests, stack overflows could occur and the application could terminate unexpectedly. This update applies several upstream patches so that glibc now uses
malloc()for these allocations and the problem no longer occurs.
pthread_create()function. Consequently, some programs incorrectly issued an error for a transient failure, such as a temporary out-of-memory condition. This update ensures that glibc returns the correct error code when memory allocation fails in the
getoptroutines changed and, as the respective Japanese translation was not adapted, the system failed to find the Japanese version of the message. As a result, the error message was displayed in English even if the system locale was set to Japanese. This update fixes the Japanese translation of the error string and the problem no longer occurs.
IO_flush_all_lockp()function was incorrect. This resulted in a race condition with occasional deadlocks when calling the
fork()function in multi-threaded applications. This update fixes the locking and avoids the race condition.
nscddaemon cached all transient results even if they were negative. This could result in erroneous nscd results. This update ensures that negative results of transient errors are not cached.
resolv.conffile contained only nameservers with IPv6 and
options rotatewas set, the search domain was always appended. However, this is not desired in the case of fully qualified domain names (FQDN) and if an FQDN was used, the resolution failed. With this update, the underlying code has been modified and if more than one IPv6 nameserver is defined in
resolv.conf, the FQDN is resolved correctly. Refer to bug 771204 for further information about this problem.
resolv.conffile, glibc did not handle the parsing of spaces in nameserver entries correctly. Consequently, correct DNS lookups failed. This update fixes the space parsing and the problem no longer occurs.
getaddrinfo()call could return an incorrect value. This happened because the query for getaddrinfo was more complex than necessary and getaddrinfo failed to handle the additional information returned by the query correctly. With this update, the query no longer returns the addition information and the problem is fixed.
ipcommands explicitly with the
-6flag in the
/etc/sysconfig/network-scripts/rule-configuration file where
DEVICE_NAMEis the name of the respective network interface. With this update, the related network scripts have been modified to provide support for IPv6-based policy routing and IPv6 routing is now configured separately in the
sshd. With this update, the entropy created by the disk activity during system installation is saved in the
/var/lib/random-seedfile and used for key generation. This provides enough randomness and allows generation of keys based on sufficient entropy.
/dev/ttydevice ended with an error and consequently, it was not possible to read from the
/dev/ttydevice. This happened because, when activating single-user mode, the rc.sysinit script called the sulogin application directly. However, sulogin needs to be the console owner to operate correctly. With this update, rc.sysinit starts the rcS-emergency job, which then runs sulogin with the correct console setting.
ifconfigcommands have been changed to aliases to the respective ip commands and ifconfig now handles 20-byte MAC addresses correctly.
sysfs()call did not remove the
arp_ip_targetcorrectly. As a consequence, the following error was reported when attempting to shut down a bonding device:
ifdown-eth: line 64: echo: write error: Invalid argument
arp_ip_targetis now removed correctly.
serial.conffile now contains improved comments on how to create an
/etc/init/tty<device>.conffile that corresponds to the active serial device.
networkservice showed error messages on service startup similar to the following:
Error: either "dev" is duplicate, or "20" is a garbage.
haltinitscript did not contain support for the
apcupsddaemon, the daemon for power mangement and controlling of APC's UPS (Uninterruptible Power Supply) supplies. Consequently, the supplies were not turned off on power failure. This update adds the support to the script and the UPS models are now turned off in power-failure situations as expected.
kernel.msgmaxwere incorrect. With this update, the comments have been fixed and the variables are now described correctly.
69: echo: write error: Invalid argument
/etc/sysconfig/netconsolefile. This happened because the address was resolved as two identical addresses and the script failed. This update modifies the netconsole script so that it handles the MAC address correctly and the device is discovered as expected.
ms_MY) locale, some services did not work properly. This happened due to a typographical mistake in the ms.po file. This update fixes the mistake and services in the ms_MY locale run as expected.
primaryoption for bonding in the ifup-eth tool had a timing issue when bonding NIC devices. Consequently, the bonding was configured, but it was the active interface that was enslaved first. With this update, the timing of bonding with the
primaryoption has been corrected and the device defined in the
primaryoption is enslaved first as expected.
NISDOMAINparameter in the /etc/sysconfig/network file, or other relevant configuration files.
ipa passwdCLI command was used to change user's password, it returned the following error message when the password change failed:
ipa: ERROR: Constraint violation: Password Fails to meet minimum strength criteria
ipa passwdcommand fails.
/etc/hostsfile so that the custom hostname is resolvable and the installation can continue. However, previously, the record was not added when the IP address was passed using the
--ip-addressoption. As a result, installation failed because subsequent steps could not resolve the machine's IP address. With this update, a host record is added to
/etc/hostseven when the IP address is passed via the
--ip-addressoption, and the installation process continues as expected.
636) are free. Users can combine an Identity Management server with custom LDAP server instances as long as they run on custom ports.
delsub-commands of the
ipa-replica-managecommand failed when used against a winsync agreement on an Active Directory machine, limiting the user's ability to control winsync replication agreements. With this update, the
ipa-replica-managewas fixed to manage both standard replication agreement and winsync agreements in a more robust way.
--no-host-dnsoption was passed. When a hostname was not resolvable and the
--no-host-dnsoption was used, the ipa-replica-install utility failed during the installation and did not amend the hostname resolution in the same way as the ipa-server-install utility does. With this update, ipa-server-install and ipa-replica-install now share host IP address processing, and both add a record to the
/etc/hostsfile when the server or replica hostname is not resolvable.
--external-caoption, the installation is divided in two stages. The second stage of the installation process reads configuration options from a file stored by the first stage. Previously, the installer did not properly store a value with the DNS forwarder IP address, which was then misread by the second stage of the installation process, and name server configuration in the second stage of the installation failed. With this update, the forwarder option is correctly stored, and installation works as expected.
memberOfattribute) were being replicated. This forced all Identity Management replicas' LDAP servers to re-process the
memberOfdata and increase the load on the LDAP servers. When many entries were added to a replica in a short period of time, or when a replica was being re-initialized from another master, all replicas were flooded with
memberOfchanges, which caused high load on all replica machines and caused performance issues. New replica agreements, added by the ipa-replica-install utility, no longer ignore lists of attributes excluded from replication. Re-initialization or a high number of added entries in an Identity Management LDAP server no longer causes performance issues caused by
memberOfprocessing. Old replica agreements have also been updated to contain the correct list of attributes excluded from replication.
ipa automountmap-add-indirectcommand creates a new map and adds a key to the parent map (
auto.masterby default) which references the new indirect map. Because map nesting is only allowed in the
auto.mastermap, a submount map referenced in other maps needs to follow a standard submount format (that is,
<mapname>) so that the referenced map is correctly loaded from LDAP. However, the
automountmap-add-indirectsub-command did not follow this distinction and the
<mapname>attributes were not filled correctly. Therefore, submount maps referenced in a non-
auto.mastermap were not recognized as automount maps by the
autofsclient software, and were not mounted. Submount maps referenced in a map that is not an
auto.mastermap now follow a standard submount format, with the correct
autofsclient software is now able to correctly process submount maps both in auto.master and in other maps, and mount them.
subjectKeyIdentifierfield even though it is marked with the SHOULD keyword in the RFC 3280 document. Because of this, certain applications processing these certificates could report errors. With this update, the certificate template for both current and new IPA server installations now contain the
pkiuserusers, which the Directory Server uses to run its instances. These users also own log files produced by the Directory Server. If an Identity Management server was installed again, and the newly added system users' UIDs changed, the Directory Server could fail to start because the Directory Server instance was not permitted to write to the log files owned by the old system users with different UIDs. With this update, system users generated by an Identity Management server installation are no longer removed during the uninstall process.
--rawoption were passed. An Internal Error was also returned when an invalid attribute was passed to the ACI attribute list option. Option processing is now more robust and more strict in validation. Proper errors are now returned when invalid or empty option values are passed.
nsslapd-minssfattribute in the Directory Server instance configuration to increase security demands on the connection to the instance, some applications (for example, SSSD) may have stopped working as they could no longer read RootDSE anonymously. To fix this issue, Identity Management now sets the
nsslapd-minssf-exclude-rootdseoption in the Directory Server instance configuration. Users and applications can access RootDSE in an Identity Management Directory Server instance anonymously even when the instance is configured with increased security demands on incoming connections.
alloptions. With this update, the entire Netgroup page has been redesigned to add this functionality.
ipa user-statuscommand that provides the number of failed login attempts on all configured replicas along with the time of the last successful or failed login attempt.
hostplug-in did not allow storing of machine MAC addresses. Administrators could not assign MAC addresses to host entries in Identity Management. With this update, a new attribute for MAC addresses was added to the Identity Management host plug-in. Administrators can now assign a MAC address to a host entry. The value can then be read from the Identity Management LDAP server with, for example, the following command:
Read DNS Entries. As a result, only permitted users can now access all DNS records in Identity Management Directory Server instances.
ERROR: kernel read fault at 0x0000000000000018 (addr) near identifier '@cast' at /usr/share/systemtap/tapset/x86_64/jstack.stp:362:29
PKCS #12 Creation Failed java.lang.IllegalArgumentException: bagType or bagContent is null
Shutting down interface breth0This happened after configuring the NetConsole functionality with no bridge on top of a bond due to a mistake in the linking to the device structure. With this update, the linking has been fixed and the device binding is processed correctly in this scenario.
5915: WARN_ON_ONCE(test_tsk_need_resched(next));An upstream patch has been provided to address this issue and the WARN_ON_ONCE() call is no longer present in schedule(), thus fixing this bug.
NFS: directory A/B/C contains a readdir loop.This update fixes the bug by turning off the loop detection and letting the NFS client try to recover in the described scenario and the messages are no longer returned.
xvd. Consider the example below:
|Red Hat Enterprise Linux 6.0||Red Hat Enterprise Linux 6.1 or later|
||hda -> xvda||unchanged|
||sda -> xvda||sda -> xvde, sdb -> xvdf, ...|
xen_blkfront.sda_is_xvda, that provides a seamless upgrade path from 6.0 to 6.3 kernel release. The default value of
0and it keeps the naming scheme consistent with 6.1 and later releases. When
xen_blkfront.sda_is_xvdais set to
1, the naming scheme reverts to the 6.0-compatible mode.
xvd[a-d], it is advised to add the
xen_blkfront.sda_is_xvda=1parameter to the kernel command line before performing the upgrade.
sysfsdefault values, boot parameters, kernel configuration options, or any noticeable behavior changes, refer to Chapter 1, Important Kernel Changes to Note.
ifcfgfiles when gaining the bridge member name for the dump kernel and kdump over network succeeds in this scenario.
BOOTPROTOproperty in the
ifcfgnetworking script of the bonding device was set to
none. This happened because the mkdumprd utility did not handle the
BOOTPROTOsetting correctly. With this update, mkdumprd handles the setting correctly and kdump succeeds when dumping remotely over a bonding device with the
crashkernelboot option is set to
autoto allow automatic reservation of memory for the kdump kernel, the threshold memory changes to 2 . However, the firstboot application was incorrectly using the 4 GB threshold. With this update, firstboot uses the same threshold value as the kernel.
/etc/kdump.conffile does not define a dump target. However, mkdumprd used the device name instead of its UUID (Universally Unique Identifier), which could cause kdump to fail. With this update, the device UUID is used instead of its device name by default and kdump over root device succeeds in the scenario described.
default_actionproperty was set to
kdump.conffile. With this update, the pipeline redirection fails as soon as makedumpfile fails and the shell is dropped immediately in the scenario described.
ext4file system, the kdump initrd (initial RAM disk) could have been created with zero-byte size. This happened because the system waits for several seconds before writing the changes to the disk on an ext4 file system. Consequently, the kdump initial root file system (rootfs) could not be mounted and kdump failed. This update modifies kexec-tools so that it perform the sync operations after creating initrd. This ensures that initrd is properly written to the disk before trying to mount rootfs, and kdump now successfully proceeds and captures the core dump on systems with an ext4 file system.
/lib/modules/directory) of a modprobe and did not cover other module directories. Consequently, mkdumprd failed if there were modules located in other that the default path directory. The mkdumprd utility now handles
/lib/modules/as well as the
/lib/modules/directory and mkdumprd succeeds under these circumstances.
/etc/init.d/kdump: line 281: /usr/sbin/sestatus: No such file or directory
selinux=0option to the kernel command line. A system with SELinux enabled and the policycoreutils package not installed is considered a broken environment in which kdump returns the aforementioned errors. When you remove the policycoreutils package, make sure you have also disabled SELinux with
selinux=0; otherwise, the problem will preserve.
rksh) does not allow redirections using a pipeline. Consequently, kdump failed if the remote user that was used when requesting the core dump was configured with a restricted shell. With this update, the
ddcommand is used instead of
catto copy vmcore, and kdump succeeds when a remote user uses the rksh shell.
iwlwifi(Intel Wireless WiFi Link) modules for interface devices were included in kdump initrd. With this update, the
iwlwifimodules are no longer loaded into kdump initrd.
PREFIXvariable setting and the ifconfig utility failed during core dumping over network. With this update, the mkdumprd utility handles the
PREFIXvariable setting in
ifcfg-<device>network scripts correctly.
/var/crash/directory. With this update, kdump checks the device header of the target device. If the header is invalid, kdump does not handle the situation as a crash and the redundant resources are no longer created on raw devices.
kdump.conffile. However, running init in user space to capture the core dump could cause an OOM (Out of Memory) state in the dump kernel. With this update, the kernel is now rebooted by default under these circumstances. Also, a new default option,
mount_root_run_init, has been added to kdump. With this option, the kernel mounts the root partition, and runs the init and kdump service to try to save the kernel core dump, which allows the user to apply the previous behavior of kdump.
libguestfsdaemon terminated unexpectedly when it attempted to mount a non-existent disk. This happened because libguestfs returned an unexpected error to any program that accidentally tried to mount a non-existent disk and all further operations intended to handle such a situation failed. With this update,
libguestfsreturns an appropriate error message and remains stable in the scenario described.
guestfs_launch()function at the same time, an unexpected error could be returned. The respective code in the libguestfs library has been modified to be thread-safe in this scenario and the library can be used from multi-threaded programs with more than one libguestfs handle.
/bindirectory is a symbolic link, while it was a directory in previous releases. Due to this change, libguestfs could not inspect a guest with Fedora 17 and newer. With this update, the libguestfs inspection has been changed so that it now recognizes such guests as expected.
ntldrfile in its root a candidate for a Windows root disk. If a guest had an HP recovery partition, libguestfs could not recognize the HP recovery partition and handled the system as being dual-boot. Consequently, some virt tools did not work as they do not support multi-boot guests. With this update, libguestfs investigates a potential Windows root disk properly and no longer recognizes the special HP recovery partition as a Windows root disk.
NULL, the binding process terminated unexpectedly with a segmentation fault when the
g.launch()function was called under some circumstances. With this update, the error string is now set properly on all failure paths in the described scenario and Python programs no longer terminate with a segmentation fault when calling the
g.launch()function under these circumstances.
:). Previously, libguestfs resolved the link to the disk image before sending it to qemu. If the resolved link contained the colon character, qemu failed to run. Also, libguestfs sometimes failed to open a disk image file under these circumstances due to incorrect handling of special characters. With this update, libguestfs no longer resolves a link to a disk image before sending it to qemu and is able to handle any filenames, except for filenames that contain a colon character. Also, libguestfs now returns correct diagnostic messages when presented with a filename that contains a colon character.
/etc/fstabfile. With this update, support for such RAID paths has been added and the virt-p2v tool is now able to successfully convert these guests.
error: Failed to start domain [domain name] error: Timed out during operation cannot acquire state change lockWith this update, libvirt handles this situation properly, and guests now start as expected.
error: Timed out during operation: cannot acquire state change lockThis update adds support for registering cleanup callbacks which are called for a domain when a connection is closed. The migration API is more robust to failures, and if a migration process is terminated, it can be restarted with a subsequent command.
warning : virDomainDiskDefForeachPath:7654 : Ignoring open failure on xxx.xxxThese messages were harmless and could be safely ignored. With this update, the messages are no longer reported unless a problem occurs.
.), luci failed to redirect the browser to the resource that was just created. As a result, error 500 was displayed, even though the resource was created correctly. This update corrects the code that handles redirection of the browser after creating such a resource and luci redirects the browser to a screen that displays the resource as expected.
force_unmountoption was not shown for file-system resources and the user could not change the configuration to enable or disable this option. A checkbox that displays its current state was added and the user can now view and change the force_unmount attribute of file-system resources.
tunneled, was added to the VM (Virtual Machine) resource agent script. This update adds a checkbox displaying the current value of the
tunneledattribute to the VM configuration screen so that the user can enable or disable the attribute.
Redundant Ringconfiguration tab is now available in the
Configuretab of clusters to allow RRP configuration from luci.
rebooticon was similar to the
refreshicon and the user could have mistakenly rebooted a cluster node instead of refreshing the status information. With this update, the
rebooticon has been changed. Also, a dialog box is now displayed before reboot so the user must confirm their reboot request.
lvm.conf. The code has been improved to temporarily copy the mirror's tags to the in-coming image so that it can be properly activated. As a result, high-availability (HA) LVM service relocation now works as expected.
lvremovecommand could fail with the error message “Can't remove open logical volume” despite the volume itself not being in use anymore. In most cases, such a situation was caused by the udev daemon that still processed events that preceded the removal and it kept the device open while lvremove tried to remove it at the same time. This update adds a retry loop to help to avoid this problem. The removal is tried several times before the command fails completely.
--virtualsize, is now properly activated exclusively only (on local node).
clvmdreceived an invalid request through its socket (for example an incomplete header was sent), the clvmd process could terminate unexpectedly or stay in an infinite loop. Additional checks have been added so that such invalid packets now cause a proper error reply to the client and clvmd no longer crashes in the scenario described.
dmeventd) is used, for example, for monitoring LVM based mirrors and snapshots. When attempting to create a snapshot using lvm2, the
lvcreate -scommand resulted in a
dlopenerror if dmeventd was upgraded after the last system restart. With this update, dmeventd is now restarted during a package update to fetch new versions of installed libraries to avoid any code divergence that could end up with a symbol lookup failure.
-Sshould preserve exclusive locks on a restarted cluster node. However the option
-E, which should pass such exclusive locks, had errors in its implementation. Consequently, exclusive locks were not preserved in a cluster after restart. This update implements proper support for option
-E. As a result, after restarting clvmd the locks will preserve a cluster's exclusive state.
dmsetup [--force] remove device_namecommand. The
--forceoption failed, reporting that the device was busy. Consequently, the underlying block device could not be detached from the system. With this update, dmsetup has a new command
wipe_tableto wipe the table of the device. Any subsequent I/O sent to the device returns errors and any devices used by the table, that is to say devices to which the I/O is forwarded, are closed. As a result, if a long-running process keeps a device open after it has finished using it, the underlying devices can be released before that process exits.
lvm.conf) caused the lvm2-monitor init script to fail to start monitoring for relevant VGs. The init script acquires the list of VGs first by calling the
vgscommand and then it uses its output for further processing. However, if the prefix or command name directive is used on output, the VG name was not correctly formatted. To solve this, the lvm2-monitor init script now overrides the log/prefix and log/command_names setting so the command's output is always suitable for use in the init script.
lvconvert --mergecommand did not check if the snapshot in question was invalid before proceeding. Consequently, the operation failed part-way through, leaving an invalid snapshot. This update disallows an invalid snapshot to be merged. In addition, it allows the removal of an invalid snapshot that was to be merged on next activation, or that was invalidated while merging (the user will be prompted for confirmation).
lvconvert --splitmirrorsfails to strip it off. This leads to an attempt to use a Logical Volume name that is invalid. This release detects and validates any supplied Volume Group name correctly.
pvmovewas used on a clustered VG, temporarily activated pvmove devices were improperly activated cluster-wide (that is to say, on all nodes). Consequently, in some situations, such as when using tags or HA-LVM configuration, pvmove failed. This update fixes the problem, pvmove now activates all such devices exclusively if the Logical Volumes to be moved are already exclusively activated.
vgreducecommand was executed with a non-existent VG, it unnecessarily tried to unlock the VG at command exit. However the VG was not locked at that time as it was unlocked as part of the error handling process. Consequently, the vgreduce command failed with the internal error “Attempt to unlock unlocked VG” when it was executed with a non-existent VG. This update improves the code to provide a proper check so that only locked VGs are unlocked at vgreduce command exit.
lvmetad) is to eliminate the need for this scanning by dynamically aggregating metadata information each time the status of a device changes. These events are signaled to
lvmetadby udev rules. If
lvmetadis not running, LVM performs a scan as it normally would. This feature is provided as a Technology Preview and is disabled by default in Red Hat Enterprise Linux 6.3. To enable it, refer to the
use_lvmetadparameter in the
/etc/lvm/lvm.conffile, and enable the
lvmetaddaemon by configuring the lvm2-lvmetad init script.
dmsetupcommand now supports displaying block device names for any devices listed in the “deps”, “ls” and “info” command output. For the dmsetup “deps” and “ls” command, it is possible to switch among “devno” (major and minor number, the default and the original behavior), “devname” (mapping name for a device-mapper device, block device name otherwise) and “blkdevname” (always display a block device name). For the dmsetup “info” command, it is possible to use the new “blkdevname” and “blkdevs_used” fields.
/deventries being created by udev. To solve this problem, the libdevmapper library together with the
dmsetupcommand now supports encoding of udev-blacklisted characters by using the “\xNN” format where NN is the hex value of the character. This format is supported by udev. There are three “mangling” modes in which libdevmapper can operate: “none” (no mangling), “hex” (always mangle any blacklisted character) and “auto” (use detection and mangle only if not mangled yet). The default mode used is “auto” and any libdevmapper user is affected unless this setting is changed by the respective libdevmapper call. To support this feature, the dmsetup command has a new
--manglename <mangling_mode>option to define the name mangling mode used while processing device-mapper names. The
dmsetup info -c -ocommand has new fields to display: “mangled_name” and “unmangled_name”. There is also a new
dmsetup manglecommand that renames any existing device-mapper names to its correct form automatically. It is strongly advised to issue this command after an update to correct any existing device-mapper names.
lvextendwill cause the initial synchronization to be skipped. This can save time and is acceptable if the user does not intend to read what they have not written.
activation/read_only_volume_list, makes it possible to activate particular volumes always in read-only mode, regardless of the actual permissions on the volumes concerned. This parameter overrides the
--permission rwoption stored in the metadata.
dmeventdwould log redundant informative messages in the form “Another thread is handling an event. Waiting...”. This needlessly flooded system log files. This behavior has been fixed in this update.
--snapshotoption in the
lvconvert --type raid1 <VG>/<mirrored LV>
mdadm --addcommand could fail when adding to an array a device similar to a recent member of the array. With this update, the code restricting device addition has been corrected to only apply to members of recent arrays which have failed and require manual assembly.
1.0. This happened because mdadm occasionally failed to calculate the bitmap location correctly. With this update, a write-intent bitmap can be added to such an MD array as expected.
mdadm --monitorcommand terminated unexpectedly after completing a resynchronization process due to buffer overflowing. This happened when there were more than 40 mismatches reported during the resync process as the respective buffer could hold only 40 mismatch reports. With this update, the buffer has been enlarged and can now hold up to 80 mismatch reports.
/etc/mdadm.conffile excluded automatic startup of version 0.90 RAID arrays (however, if such an array was needed on boot, dracut did start this array). The user could add
AUTOline in the
/etc/mdadm.conffile to have such RAID arrays come up on boot.
-1option when running the
mdadm --monitor --scan --oneshotcommand or its short equivalent. Consequenlty, mdadm was monitoring the respective device continuously. With this update, the underlying code has been modified and the
--oneshotoption is applied as expected.
idle. Consequently, the
mdmondaemon could detect this change, finish the rebuild process, and write the metadata of the unfinished rebuild process to disks before the restart. After restart, the RAID volume was in the
Normalstate in OROM and the rebuild seemed to be finished. However, the RAID volume was in the
auto-read-onlystate, metadata was in the
Dirtystate, and the data was inconsistent (out-of-sync). With this update, the appropriate test has been added and, when mdmon now detects the change of sync_action from
idle, it checks if the rebuild process has really finished.
--size maxoption has been added, allowing the administrator of an IMSM array to enlarge the last volume in the array to take up the remaining space in the array.
CMake Error at docs/api/cmake_install.cmake:31 (FILE): file INSTALL cannot find file "/usr/src/redhat/BUILD/qpid-cpp-0.12/build/docs/api/html" to install.
SNMPagents, tools for generating and handling SNMP traps, a version of the
netstatcommand which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.
/etc/snmp/snmpd.conf) could use this flaw to crash
snmpdvia a crafted SNMP GET request.
snmpdterminating unexpectedly when an AgentX subagent disconnected while processing a request. This fix, however, introduced a memory leak. With this update, this memory leak is fixed.
OIDs(object identifiers). With this update, conversion of interface indexes is fixed and BRIDGE-MIB reports correct ifIndex OIDs.
snmpderroneously enabled verbose logging when parsing the
proxyoption in the
snmpd.conffile. Consequently, unexpected debug messages were sometimes written to the system log. With this update,
snmpdno longer modifies logging settings when parsing the
proxyoption. As a result, no debug messages are sent to the system log unless explicitly enabled by the system administrator.
snmpddaemon strictly implemented RFC 2780. However, this specification no longer scales well with modern big storage devices with small allocation units. Consequently,
snmpdreported a wrong value for the “HOST-RESOURCES-MIB::hrStorageSize” object when working with a large file system (larger than 16TB), because the accurate value did not fit into Integer32 as specified in the RFC. To address this problem, this update adds a new option to the
/etc/snmp/snmpd.confconfiguration file, “realStorageUnits”. By changing the value of this option to
0, users can now enable recalculation of all values in “hrStorageTable” to ensure that the multiplication of “hrStorageSize” and “hrStorageAllocationUnits” always produces an accurate device size. The values of “hrStorageAllocationUnits” are then artificial in this case and no longer represent the real size of the allocation unit on the storage device.
snmpdproperly recognizes VxFS, ReiserFS, and OCFS2 devices and reports them in “HOST-RESOURCES-MIB::hrStorageTable”.
register()method in the “NetSNMP::agent” module and terminated unexpectedly when this method failed. With this update, the
register()method has been fixed and the updated Perl modules no longer crash on failure.
snmpd) did not properly fill a set of watched socket file descriptors. Therefore, the daemon sometimes terminated unexpectedly with the “select: bad file descriptor” error message when more than 32 AgentX subagents connected to
snmpdon 32-bit platforms or more than 64 subagents on 64-bit platforms. With this update,
snmpdproperly clears sets of watched file descriptors and no longer crashes when handling a large number of subagents.
snmpderroneously checked the length of “SNMP-TARGET-MIB::snmpTargetAddrRowStatus” value in incoming “SNMP-SET” requests on 64-bit platforms. Consequently,
snmpdsent an incorrect reply to the “SNMP-SET” request. With this update, the check of “SNMP-TARGET-MIB::snmpTargetAddrRowStatus” is fixed and it is possible to set it remotely using “SNMP-SET” messages.
snmpddid not check the permissions of its MIB index files stored in the
/var/lib/net-snmp/mib_indexesdirectory and assumed it could read them. If the read access was denied, for example due to incorrect SELinux contexts on these files,
snmpdcrashed. With this update,
snmpdchecks if its MIB index files were correctly opened and does not crash if they cannot be opened.
OIDparameter of “sysObjectID” (an
snmpd.confconfig file option) was not correctly stored in
snmpd, which resulted in “SNMPv2-MIB::sysObjectID” being truncated if the
OIDhad more than 10 components. In this update, handling of the
OIDlength is fixed and “SNMPv2-MIB::sysObjectID” is returned correctly.
snmpdwas started and did not find a network interface which had been present during the last
snmpdshutdown, the following error message was logged:
snmpd: error finding row index in _ifXTable_container_row_restore
snmpd, enumerated active
TCPconnections for “TCP-MIB::tcpConnectionTable” in an inefficient way with O(n^2) complexity. With many TCP connections, an
SNMPclient could time out before
snmpdprocessed a request regarding the “tcpConnectionTable”, and sent a response. This update improves the enumeration mechanism and
snmpdnow swiftly responds to SNMP requests in the “tcpConnectionTable”.
OID) was out of the subtree registered by the proxy statement in the
/etc/snmp/snmpd.confconfiguration file, the previous version of the
snmpddaemon failed to use a correct
OIDof proxied “GETNEXT” requests. With this update, snmpd now adjusts the
OIDsof proxied “GETNEXT” requests correctly and sends correct requests to the remote agent as expected.
/var/lib/net-snmpdirectory to store persistent data, for example the cache of parsed MIB files. This directory is created by the net-snmp package and when this package is not installed, Net-SNMP utilities and libraries create the directory with the wrong SELinux context, which results in an Access Vector Cache (AVC) error reported by SELinux. In this update, the
/var/lib/net-snmpdirectory is created by the net-snmp-lib package, therefore all Net-SNMP utilities and libraries do not need to create the directory and the directory will have the correct SELinux context.
snmptrapddaemons will be restarted automatically.
PPPoEdevices, and provides
VPNintegration with a variety of different VPN services.
DHCPtransaction timeout of 45 seconds without the possibility of configuring a different value. Consequently, in certain cases NetworkManager failed to obtain a network address. NetworkManager has been extended to read the timeout parameter from a DHCP configuration file and use that instead of the default value. As a result, NetworkManager will wait to obtain an address for the duration of the DHCP transaction period as specified in the DHCP client configuration file.
/var/log/messagesfile. An upstream patch has been applied to prevent NetworkManager from trying to initialize the user settings proxy if the user settings service does not exist. As a result, warning messages are no longer generated in the scenario described.
/var/log/messageslog file when changing the hostname. An upstream patch has been applied to the nm-dispatcher script and NetworkManager no longer generates unnecessary warnings during a hostname change.
WPA2 Enterprisewireless networks, which made it unusable in some wireless environments. NetworkManager has been enhanced to handle EAP-FAST authentication.
IP-over-InfiniBandinterfaces, which prevented installation in some situations. These interfaces are now recognized.
VLANand bonding interfaces were not supported by NetworkManager and required special configuration to ensure NetworkManager did not interfere with their operation. NetworkManager now recognizes and can configure VLAN and bonding interfaces but only if the
NM_BOND_VLAN_ENABLEDkey is set to
/etc/sysconfig/network. The default is that this option is set to
Wi-Finetworks, and a user tried to create a network using nm-applet, the setup silently failed. With this update, nm-applet now issues a notification providing the reason for the failure.
VPNconnection, the connection editor displayed an insensitive button without giving any indication of the cause. This update adds a tooltip to the button informing the user that editing a VPN connection is disabled due to missing VPN plug-ins.
pkcs11n.h:365:26: warning: "__GNUC_MINOR" is not defined
echo "RequiredAuthentications2 publickey,password" >> /etc/ssh/sshd_config
next payload type of ISAKMP Identification Payload has an unknown value:
sha2_truncbugparameter is set to
yes, Openswan now passes the correct key length to the kernel, which ensures interoperability between older and newer kernels.
ERROR: apc-fencing: required parameter port not defined
WARNING: apc-fencing: action start not advertised in meta-data, it may not be supported by the RA WARNING: apc-fencing: action stop not advertised in meta-data, it may not be supported by the RA
ERROR:pam_pkcs11.c:224: Remote login (from localhost:13.0) is not (yet) supported
Can't locate ExtUtils/MakeMaker.pm in @INC