Resizing not working with gnome display manager?
vi /etc/gdm/custom.conf
Comment in/enable the line under [daemon]:
WaylandEnable=false
When upgrading the kernel plus modules and you are using ZFS you must rebuild the ZFS modules for the new kernel after it’s installed using the following commands:
dkms install spl/0.6.5.2 -k 3.10.0-229.14.1.el7.x86_64 dkms install zfs/0.6.5.2 -k 3.10.0-229.14.1.el7.x86_64
Where 0.6.5.2 is the version of the SPL and ZFS modules and 3.10.0-229.14.1.el7.x86_64 is the version of your new kernel. I suspect you would need to do this if you recompile the kernel as well.
Couldn’t use pct enter <lxcid> to get to a shell on the container. The container needs to have it’s security configuration updated.
Add the following lines to /etc/securetty
# LXC (Linux Containers) lxc/console lxc/tty1 lxc/tty2 lxc/tty3 lxc/tty4
Problem: Can’t bring up network in container. CentOS scripts would fail with error that IP address is already in use. The OS scripts on this distribution do some checking which might be environment specific to me but regardless i’m smart enough to assign IP addresses that are not already in use so this is not something want an OS failing to bring up an interface on a false positive.
I don’t know if this helps anyone else but hopefully it does. If it’s recommended that I file a bug report let me know i’m happy to do so.
Container Type: LXC
ProxMox Version 4 updated to latest w/ apt-get update && upgrade
The site (because i’m new) won’t let me post the patch file i made to fix the problem. But I can describe it so if someone else has this problem you will know what you need to do.
Solution: add 2 $data .= “ARPCHECK=no\n”; lines to /usr/share/perl5/PVE/LXC/Setup/Redhat.pm. One is for the IPV4 check, the other for IPV6. with the container OS not doing the ARP check the interfaces come up as normal and there are no problems. This was important as now I fixed the GUI/<ID>.conf network settings they would overwrite my custom config and it wouldn’t come up without this check disabled. the line was added after setting the manual IPV4/6 addresses.
Here’s the PATCH!
root@pve:~# cat Redhat.pm.patch
--- /root/Redhat.pm.old 2015-11-15 17:03:12.833740826 -0600
+++ /usr/share/perl5/PVE/LXC/Setup/Redhat.pm 2015-11-15 17:05:26.877381088 -0600
@@ -210,6 +210,7 @@
my $ipinfo = PVE::LXC::parse_ipv4_cidr($d->{ip});
$data .= "IPADDR=$ipinfo->{address}\n";
$data .= "NETMASK=$ipinfo->{netmask}\n";
+ $data .= "ARPCHECK=no\n";
if (defined($d->{gw})) {
$data .= "GATEWAY=$d->{gw}\n";
if (!PVE::Network::is_ip_in_cidr($d->{gw}, $d->{ip}, 4)) {
@@ -232,6 +233,7 @@
$data .= "DHCPV6C=yes\n";
} else {
$data .= "IPV6ADDR=$d->{ip6}\n";
+ $data .= "ARPCHECK=no\n";
if (defined($d->{gw6})) {
$data .= "IPV6_DEFAULTGW=$d->{gw6}\n";
if (!PVE::Network::is_ip_in_cidr($d->{gw6}, $d->{ip6}, 6)) {
Spent a couple hours today working on testing a couple restores of openvz/lxc containers and ran into some network trouble. I was able to figure out the cause and hope the below helps others as well.
Symptoms were network config would not be written to the container but you could manually configure CentOS 7.
Cause: Undefined subroutine &PVE::Network::is_ip_in_cidr
Solution: manually update perl package PVE::Network in /usr/share/perl5/PVE/Network.pm from GIT at https://git.proxmox.com/?p=pve-common.git;a=blob_plain;f=src/PVE/Network.pm.
Why: It appears there were some changes made to the /usr/share/perl5/PVE/LXC/Setup/Redhat.pm perl module which depended on an updated /usr/share/perl5/PVE/Network.pm that were not yet available via apt-get update & upgrade, specifically the is_ip_in_cidr function and was causing an error on lxc container start. Once this was updated that worked – mostly. But that was another problem (maybe with something specific to my environemnt)
Version: ProxMox V4 updated to latest via apt-get update & upgrade.
This was pretty much a fresh install to which then I did an update on and had this issue. If there is a place I should file a bug report to let me know. It’s working fine on my system after this quick fix which took a bit to track down.
I generated a patch to save some people some digging – hope it helps.
root@pve:~# cat Network.pm.patch
--- /root/Network.pm.old 2015-10-05 05:32:34.000000000 -0500
+++ /usr/share/perl5/PVE/Network.pm 2015-11-15 16:58:52.402398047 -0600
@@ -9,6 +9,8 @@
use IO::Socket::IP;
use POSIX qw(ECONNREFUSED);
+use Net::IP;
+
# host network related utility functions
our $ipv4_reverse_mask = [
@@ -467,4 +469,35 @@
return $result;
}
+sub IP_from_cidr {
+ my ($cidr, $version) = @_;
+
+ return if $cidr !~ m!^(\S+?)/(\S+)$!;
+ my ($ip, $prefix) = ($1, $2);
+
+ my $ipobj = Net::IP->new($ip, $version);
+ return if !$ipobj;
+
+ $version = $ipobj->version();
+
+ my $binmask = Net::IP::ip_get_mask($prefix, $version);
+ return if !$binmask;
+
+ my $masked_binip = $ipobj->binip() & $binmask;
+ my $masked_ip = Net::IP::ip_bintoip($masked_binip, $version);
+ return Net::IP->new("$masked_ip/$prefix");
+}
+
+sub is_ip_in_cidr {
+ my ($ip, $cidr, $version) = @_;
+
+ my $cidr_obj = IP_from_cidr($cidr, $version);
+ return undef if !$cidr_obj;
+
+ my $ip_obj = Net::IP->new($ip, $version);
+ return undef if !$ip_obj;
+
+ return $cidr_obj->overlaps($ip_obj) == $Net::IP::IP_B_IN_A_OVERLAP;
+}
+
1;
So yes – it is a royal PITA. Why? Not sure, IPv6 has been around for some time but it just doesn’t work out of the box. Here’s my notes incase I’ve got to do this again.
#auto load ipv6 to prevent errors with sysctl on boot echo ipv6 >> /etc/modules #if new bridges are not getting copied correctly (vlans) then check this out #for a patch to /usr/share/perl5/PVE/Network.pm - copy_bridge_config http://forum.proxmox.com/threads/17895-Disable-Multicast-Snooping #The big Big BIg BIG problem i had was multicast_snooping was enabled on the bridge causing local IPV6 traffic to be blocked. Solution was to create the following network up script root@pve-00:/etc/network/if-up.d# cat vmbr0 #!/bin/bash sysctl -w net.ipv6.conf.eth0.autoconf=0 sysctl -w net.ipv6.conf.eth0.accept_ra=0 sysctl -w net.ipv6.conf.all.accept_redirects=0 sysctl -w net.ipv6.conf.all.router_solicitations=1 sysctl -w net.ipv6.conf.default.forwarding=1 sysctl -w net.ipv6.conf.all.forwarding=1 sysctl -w net.ipv6.conf.default.proxy_ndp=1 sysctl -w net.ipv6.conf.all.proxy_ndp=1 echo 0 > /sys/devices/virtual/net/vmbr0/bridge/multicast_snooping Then my network configuration was updated as follows: root@pve-00:/etc/network# cat interfaces # network interface settings auto lo iface lo inet loopback iface lo inet6 loopback iface eth0 inet manual iface eth1 inet manual iface eth2 inet manual iface eth3 inet manual auto vmbr0 iface vmbr0 inet static address xxx.xx.xx.xx netmask 255.255.xxx.0 gateway xxx.xx.xx.xxx bridge_ports eth0 bridge_stp off bridge_fd 0 iface vmbr0 inet6 static address 2001:xxxx:xxxx:xxxx::xxxx netmask 64 gateway 2001:xxxx:xxxx:xxxx::xxxx post-up /etc/network/if-up.d/vmbr0 #I also applied this kernel patch: http://forum.proxmox.com/threads/21218-SOLVED-Proxmox-VE-IPv6-Problems wget ftp://download1.proxmox.com/debian/dists/wheezy/pvetest/binary-amd64/pve-kernel-2.6.32-37-pve_2.6.32-148_amd64.deb dpkg -i pve-kernel-2.6.32-37-pve_2.6.32-148_amd64.deb ## The actual patch for reference: diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c index ef66365..8ccc0bf 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c @@ -1562,8 +1562,8 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br, return 0; /* Prevent flooding this packet if there is no listener present */ - if (!ipv6_addr_is_ll_all_nodes(&ip6h->daddr)) - BR_INPUT_SKB_CB(skb)->mrouters_only = 1; +/* if (!ipv6_addr_is_ll_all_nodes(&ip6h->daddr)) + BR_INPUT_SKB_CB(skb)->mrouters_only = 1;*/ if (ip6h->nexthdr != IPPROTO_HOPOPTS || ip6h->payload_len == 0)
Create a backup:
sudo cp /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage.original
Patch file:
sudo perl -pi -e 's|(^\x00{1,20})[^\x00]{9}(\x00{1,20}\x54)|$1\x00\x00\x00\x00\x00\x00\x00\x00\x00$2|sg' /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage
Flush/Update OS Caches:
sudo touch /System/Library/Extensions/ sudo kextcache -system-prelinked-kernel sudo kextcache -system-caches
As time marches on I am in the process of upgrading my Vmware ESXi installations and the systems I keep running had some excellent uptime statistics… Here they are 🙂
Server 1: 11:22:25 up 442 days, 11:41, 1 user, load average: 2.05, 1.43, 1.80
Server 2: 11:24:30 up 442 days, 9:41, 1 user, load average: 1.02, 1.50, 1.33
Just some fun statistics.
After compiling openldap with kerberos support, you get the following error message when starting it
bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/openldap-data: (2)
Expect poor performance for suffix dc=****,dc=****.
smbk5pwd: unable to initialize krb5 admin context: unable to find realm of host ****** (-1765328167).
backend_startup_one: bi_db_open failed! (-1)
slapd stopped.
connections_destroy: nothing to destroy.
This is because you have not created a configuration for kerberos yet.
cp /etc/krb5.conf.sample /etc/krb5.conf