Chapter 59. Servers and Services
Rsyslog
cannot proceed if the default maximum of open files is exceeded
Rsyslog
sometimes runs over the default limits for maximum number of open files. Consequently, rsyslog
cannot open new files.
To work around this problem, modify the rsyslog configuration by increasing this limit to align with systemd-journald. To do so, create a drop-in file named
/etc/systemd/system/rsyslog.service.d/increase_nofile_limit.conf
with the following content:
[Service] LimitNOFILE=16384
(BZ#1553700)
Upgrading a RHEL 7.5 node to RHEL 7.6 in RHOSP 10 breaks virtual machines on the node
Currently, upgrading a Red Hat Enterprise Linux 7.5 node to Red Hat Enterprise Linux 7.6 in Red Hat OpenStack Plaform 10 causes virtual machines hosted on that node to become unable to start.
To work around this problem, edit the
/etc/modprobe.d/kvm.rt.tuned.conf
file on the compute node, remove the following line, and reboot the node:
options kvm_intel ple_gap=0
For this to work reliably, perform the changes before upgrading the node from RHEL 7.5 to RHEL 7.6. (BZ#1649408)
FTP-based logins are unavailable for a common vsftpd
configuration
This update removes the
/sbin/nologin
and /usr/sbin/nologin
login shells from the /etc/shells
file due to security reasons. Consequently, when the configuration of the Very Secure File Transfer Protocol Daemon, vsftpd
, is modified to enable the chroot_local_user
, FTP logins are impossible.
To work around this problem, add
/sbin/nologin
or /usr/sbin/nologin
, respectively, to the /etc/shells
file. As a result, a login shell for users that are allowed to use FTP, but not SSH, is available again. However, note that this workaround exposes vsftpd
to the security risk described at https://access.redhat.com/security/cve/cve-2018-1113. (BZ#1647485, BZ#1571104)
Teaming might not work correctly in the rescue system after applying RHBA-2019:0498
Updates provided by advisory RHBA-2019:0498 fixed several problems in
ReaR
affecting complex network configurations. These bugs previously made it impossible to restore backups accessed over the network without manual intervention. However, in case of teaming, this update might introduce another problem. If the team has multiple member interfaces, the team device might not be configured correctly in the rescue system. To work around this problem, preserve the previous behavior by adding the following line in the /etc/rear/local.conf file :
SIMPLIFY_TEAMING=y
For the newly added LACP support, temporarily remove all interfaces but one from the team during the rescue image creation process as a workaround. (BZ#1685166)