Re: [CentOS-virt] centos7.6 nvme support

[Johnny Hughes]

On 6/4/19 2:28 AM, jack.chen wrote:
> Hello:
>    I create a  centos7.6 virtual machine which use 3.10.0-957
> kernel，using pci passthrough  to support nvme device； and I found
> interrupt can not distribute to target CPU which in smp_affinity
> set，the problem solved when I update kernel to 5.0.20,is anyone can
> tell me how to solve this problem without updating kernel??
> 

There is an NVMe bug that impacts some machines that should be fixed
soon.  Others have been fixed.

You can first try the latest c7 kernel (currently
kernel-3.10.0-957.21.3.el7.x86_64.rpm)

You could also use one of our experimental kernels:

http://mirror.centos.org/altarch/7/experimental/x86_64/




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen 4.6.6-9 (with XPTI meltdown mitigation) packages making their way to centos-virt-xen-testing

[Johnny Hughes]

On 01/24/2018 01:01 AM, Pasi Kärkkäinen wrote:
> On Tue, Jan 23, 2018 at 06:20:39PM -0600, Kevin Stange wrote:
>> On 01/23/2018 05:57 PM, Karl Johnson wrote:
>>>
>>>
>>> On Tue, Jan 23, 2018 at 4:50 PM, Nathan March >> > wrote:
>>>
>>> Hi,
>>>
>>> > Hmm.. isn't this the ldisc bug that was discussed a few months ago on 
>>> this
>>> list,
>>> > and a patch was applied to virt-sig kernel aswell?
>>> >
>>> > Call trace looks similar..
>>>
>>> Good memory! I'd forgotten about that despite being the one who ran
>>> into it.
>>>
>>> Looks like that patch was just removed in 4.9.75-30 which I just
>>> upgraded
>>> this system to: http://cbs.centos.org/koji/buildinfo?buildID=21122
>>> 
>>> Previously I was on 4.9.63-29 which does not have this problem, and does
>>> have the ldisc patch. So I guess the question is for Johnny, why was it
>>> removed?
>>>
>>> In the meantime, I'll revert the kernel and follow up if I see any
>>> further
>>> problems.
>>>
>>>
>>> IIRC the patch has been removed from the spec file because it has been
>>> merged upstream in 4.9.71.
>>
>> The IRC discussion I found in my log indicates that it was removed
>> because it didn't apply cleanly due to changes when updating to 4.9.75,
>> yet I don't think anyone independently validated that the changes made
>> are equivalent to the patch that was removed.  I was never able to
>> reproduce this issue, so I didn't investigate it myself.
>>
> 
> Sounds like the patch is still needed :)
> 
> Anyone up to re-porting it to 4.9.75+ ?

It looked, at first glance, like 4.9.71 fixed it .. I guess not in all cases





signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen 4.4 Immediate EOL

[Johnny Hughes]

On 01/18/2018 02:29 PM, Sarah Newman wrote:
> On 01/18/2018 09:56 AM, Kevin Stange wrote:
>> Apparently I failed to do proper due diligence before making this
>> recommendation.  The Xen 4.4 repo does not have vixen build because of a
>> dependency upon grub2 which isn't available under CentOS 6.  Your best
>> bet would be to use Vixen for PV domains, so if you think that's
>> something you want to do, we need some volunteers to help with packaging
>> and testing.  Otherwise, use HVM domains or upgrade to a newer version
>> of Xen.  Sorry for this error on my part.
>>
> 
> We have a SPEC file available for grub2: https://github.com/prgmrcom/grub2 
> you will need epel installed.
> 

Kevin was nice enough to maintain xen-4.4 for a while after the EOL.

If there is anyone who wants to maintain the xen-4.4 tree then they are
welcome to do the work and I would be happy to push the updates.

If someone is interested in maintaining the tree ... you need to read
and understand the README here:

https://github.com/hughesjr/xen/tree/xen-44

The Xen patchqueue and stg info is there as well.

Anyone want to maintain the xen-44 tree for c6?

There does seem to be a couple people maintaining / Backporting patches
now (OpenSUSE and Oracle seem to be).  If you get onto the Xen security
mailing list (if you are not already on it) .. you can work with those 2
and maybe others to maintain the xen-44 tree.

If not, we will move the xen-4.4 tree to vault at the next point release
time (CentOS 6.10) .. or maybe moved to vault sooner.

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot in Xen PV mode

[Johnny Hughes]

On 01/17/2018 05:00 AM, Dan wrote:
> Is this now fixed in the latest release by updating the hypervisor, the
> same as CentOS 7? Or does this require something further?
> 
> I came across https://access.redhat.com/solutions/3312501 which seems to
> suggest Redhat are working on resolving the issue, so if that's the case
> then maybe the solution implemented by CentOS is not the best option?
> 

You basically have a couple choices:

1. Do not use a PV DomU.  The kernel in question boots fine in HVM mode
or PVHVM mode.

2.  Do not use the new kernel (don't update).  Wait for Red Hat to
release the updated kernel source patches and CentOS will pick them up.
You can update after that.

3.  Upgrade the kernel to the latest 4.9.x kernel that is in the xen
repo for Dom0's .. it will also run on the quest in PV mode.

4.  I think the elrepo centos-6 ml kernel will boot on xen PV as well.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Centos 7 Kernel 3.10.0-693.11.6.el7.x86_64 does not boot PV

[Johnny Hughes]

8e/0x250
> [  587.145018]  [] ? ima_bprm_check+0x49/0x50
> [  587.145018]  [] ? load_elf_library+0x230/0x230
> [  587.145018]  [] ? search_binary_handler+0xf5/0x310
> [  587.145018]  [] ? do_execve_common.isra.22+0x559/0x650
> [  587.145018]  [] ? SyS_execve+0x36/0x50
> [  587.145018]  [] ? stub_execve+0x69/0xa0
> [  587.145018] Code: 8d 55 f0 48 8d 4d f4 e8 b4 8e a2 ff 66 90 48 8b 55
> f8 65 48 33 14 25 28 00 00 00 8b 45 e8 74 05 e8 ab 3a a8 ff c9 c3 55 48
> 89 e5 <0f> 0b 66 66 66 66 90 55 48 89 e5 0f 0b 55 48 89 e5 0f 0b 66 66
> [  587.145018] RIP  [] enter_lazy.part.0+0x4/0x6
> [  587.145018]  RSP 
> [  587.145018] ---[ end trace 8566ed161f106c20 ]---
> [  587.145018] Kernel panic - not syncing: Fatal exception in interrupt
> 
> 
> 
> 
> --
> Shaun Reitan
> NDCHost.com
> 
> -- Original Message --
> From: "Johnny Hughes" <joh...@centos.org <mailto:joh...@centos.org>>
> To: centos-virt@centos.org <mailto:centos-virt@centos.org>
> Sent: 2018-01-06 05:34:22 AM
> Subject: Re: [CentOS-virt] Centos 7 Kernel 3.10.0-693.11.6.el7.x86_64
> does not boot PV
> 
>> On 01/06/2018 03:16 AM, Dmitry Melekhov wrote:
>>> The same problem with latest centos 6 kernel,i.e. with meltdown fix.
>>>  
>>> I can't see console output, because I have it on "cloud" provider
>>> hosting :-)
>>>  
>>>  
>>>  
>>> 06.01.2018 05:13, Shaun Reitan пишет:
>>>> Broken!
>>>>  
>>>>  
>>  
>>  
>> For those of you looking for a PV enabled client Kernel for CentOS Linux
>> 7 DomU VMs, you can use our Experimental kernel from here:
>>  
>> http://mirror.centos.org/altarch/7/experimental/x86_64/
>>  
>> There is a repo file at the BOTTOM of this wiki page that you can use to
>> enable the experimental repo:
>>  
>> https://wiki.centos.org/SpecialInterestGroup/AltArch/i386
>>  
>> That experimental repo file will work for x86_64 or i386 installs and
>> the latest released kernel (kernel-4.9.75-204.el7.centos). This kernel
>> has the CONFIG_PAGE_TABLE_ISOLATION=y security fixes (used to be
>> CONFIG_KAISER .. and still is in the Red Hat released kernels).
>>  
>> You could also use the Dom0 kernels from the Xen repo as DomU kernels
>> for your PV VMs if you want. Currently the 4.9.75 Xen kernels are in
>> the testing repo and waiting for tests to release.
>>  
>> Thanks,
>> Johnny Hughes
>>  
>>  
> 
> 
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
> 




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Centos 7 Kernel 3.10.0-693.11.6.el7.x86_64 does not boot PV

[Johnny Hughes]

On 01/06/2018 03:16 AM, Dmitry Melekhov wrote:
> The same problem with latest centos 6 kernel,i.e. with meltdown fix.
> 
> I can't see console output, because I have it on "cloud" provider
> hosting :-)
> 
> 
> 
> 06.01.2018 05:13, Shaun Reitan пишет:
>> Broken!
>>
>>


For those of you looking for a PV enabled client Kernel for CentOS Linux
7 DomU VMs, you can use our Experimental kernel from here:

http://mirror.centos.org/altarch/7/experimental/x86_64/

There is a repo file at the BOTTOM of this wiki page that you can use to
enable the experimental repo:

https://wiki.centos.org/SpecialInterestGroup/AltArch/i386

That experimental repo file will work for x86_64 or i386 installs and
the latest released kernel (kernel-4.9.75-204.el7.centos).  This kernel
has the CONFIG_PAGE_TABLE_ISOLATION=y security fixes (used to be
CONFIG_KAISER .. and still is in the Red Hat released kernels).

You could also use the Dom0 kernels from the Xen repo as DomU kernels
for your PV VMs if you want.  Currently the 4.9.75 Xen kernels are in
the testing repo and waiting for tests to release.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS-virt - Kernel Side-Channel Attacks

[Johnny Hughes]

On 01/05/2018 06:33 AM, George Dunlap wrote:
> On Thu, Jan 4, 2018 at 7:12 PM, Sarah Newman  wrote:
>> On 01/04/2018 10:49 AM, Akemi Yagi wrote:
>>> On Thu, Jan 4, 2018 at 9:51 AM,  wrote:
>>>
 Please patch the CentOS-virt Kernel to fix the
 Kernel Side-Channel Attacks vulnerabilities.

 The latest CentOS-virt kernel was released in November, as seen below.

 kernel-4.9.63-29.el7.x86_64.rpm 2017-11-21 13:30

 https://access.redhat.com/security/vulnerabilities/speculativeexecution
 http://mirror.centos.org/centos/7/virt/x86_64/xen/

>>>
>>> As far as I can see, the patches for
>>> KAISER (Kernel Address
>>> Isolation to have Side-channels Efficiently Removed) will appear in
>>> kernel 4.9.75. Looks like it will be released soon upstream (kernel.org).
>>>
>>
>> To my best knowledge KAISER doesn't matter for Xen Dom0's given they run in 
>> PV mode, and KAISER isn't enabled for PV guests.
> 
> But it will be important if anyone is running the CentOS kernel in
> their HVM domUs (as guest kernels can be attacked using SP3 by guest
> user space without the KPTI patches).
> 
> I'm sure Johnny will get to it as soon as he has the opportunity.

I have just pushed the 4.9.75-29.el7 and 4.9.75-30.el6 kernels to the
testing repositories.


https://buildlogs.centos.org/centos/7/virt/x86_64/xen/

and

https://buildlogs.centos.org/centos/6/virt/x86_64/xen/

xen, xen-44, xen-46, xen-48 repos should all get the rpms (not just xen)
.. el6 has yet to post there, but it is tagged and should show up in a
couple hours.  The kernel is already there in the el7 trees.

We need lots of testing .. the configuration name is now:

CONFIG_PAGE_TABLE_ISOLATION=y

(instead of CONFIG_KAISER)

Please test these kernels so we can release them .. it boots for me as a
Dom0 kernel and I can start PVHVM and HVM CentOS DomU machines .. which
is how I test before I move the kernels to the testing repos.




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen PV DomU running Kernel 4.14.5-1.el7.elrepo.x86_64: xl -v vcpu-set triggers domU kernel WARNING, then domU becomes unresponsive

[Johnny Hughes]

On 12/19/2017 09:12 AM, Johnny Hughes wrote:
> There are a couple of xen updates in the 4.9.66 and 4.9.68 kernels:
> 
> https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.66
> https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.68
> 
> Let me build a newer Dom0 kernel and see if that helps.
> 
> Thanks,
> Johnny Hughes
> 
> 

OK .. I have built and pushed to the testing tag the following dom0 kernels:

kernel-4.9.70-29.el7
kernel-4.9.70-29.el6

they will show up in a couple hours here:

https://buildlogs.centos.org/centos/6/virt/x86_64/xen/

https://buildlogs.centos.org/centos/7/virt/x86_64/xen/



> On 12/11/2017 06:52 PM, Adi Pircalabu wrote:
>> Has anyone seen this recently? I couldn't replicate it on:
>> - CentOS 6 running kernel-2.6.32-696.16.1.el6.x86_64,
>> kernel-lt-4.4.105-1.el6.elrepo.x86_64
>> - CentOS 7 running 4.9.67-1.el7.centos.x86_64
>>
>> But I can replicate it consistently running "xl -v vcpu-set 
>> " on:
>> - CentOS 6 running 4.14.5-1.el6.elrepo.x86_64
>> - CentOS 7 running 4.14.5-1.el7.elrepo.x86_64
>>
>> dom0 versions tested with similar results in the domU:
>> - 4.6.6-6.el7 on kernel 4.9.63-29.el7.x86_64
>> - 4.6.3-15.el6 on kernel 4.9.37-29.el6.x86_64
>>
>> Noticed behaviour:
>> - These commands stall:
>> top
>> ls -l /var/tmp
>> ls -l /tmp
>> - Stuck in D state on the CentOS 7 domU:
>> root 5  0.0  0.0  0 0 ?    D    11:20   0:00
>> [kworker/u8:0]
>> root   316  0.0  0.0  0 0 ?    D    11:20   0:00
>> [jbd2/xvda1-8]
>> root  1145  0.0  0.2 116636  4776 ?    Ds   11:20   0:00 -bash
>> root  1289  0.0  0.1  25852  2420 ?    Ds   11:35   0:00
>> /usr/bin/systemd-tmpfiles --clean
>> root  1290  0.0  0.1 125248  2696 pts/1    D+   11:44   0:00 ls
>> --color=auto -l /tmp/
>> root  1293  0.0  0.1 125248  2568 pts/2    D+   11:44   0:00 ls
>> --color=auto -l /var/tmp
>> root  1296  0.0  0.2 116636  4908 pts/3    Ds+  11:44   0:00 -bash
>> root  1358  0.0  0.1 125248  2612 pts/4    D+   11:47   0:00 ls
>> --color=auto -l /var/tmp
>>
>> At a first glance it appears the issue is in 4.14.5 kernel. Stack traces
>> follow:
>>
>> -CentOS 6 kernel-ml-4.14.5-1.el6.elrepo.x86_64 start here-
>> [ cut here ]
>> WARNING: CPU: 4 PID: 60 at block/blk-mq.c:1144
>> __blk_mq_run_hw_queue+0x9e/0xc0
>> Modules linked in: intel_cstate(-) ipt_REJECT nf_reject_ipv4
>> nf_conntrack_ipv4 nf_defrag_ipv4 xt_multiport iptable_filter ip_tables
>> ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 xt_state
>> nf_conntrack libcrc32c ip6table_filter ip6_tables dm_mod dax
>> xen_netfront crc32_pclmul crct10dif_pclmul ghash_clmulni_intel
>> crc32c_intel pcbc aesni_intel glue_helper crypto_simd cryptd aes_x86_64
>> coretemp hwmon x86_pkg_temp_thermal sb_edac intel_rapl_perf pcspkr ext4
>> jbd2 mbcache xen_blkfront
>> CPU: 4 PID: 60 Comm: kworker/4:1H Not tainted 4.14.5-1.el6.elrepo.x86_64 #1
>> Workqueue: kblockd blk_mq_run_work_fn
>> task: 8802711a2780 task.stack: c90041af4000
>> RIP: e030:__blk_mq_run_hw_queue+0x9e/0xc0
>> RSP: e02b:c90041af7c48 EFLAGS: 00010202
>> RAX: 0001 RBX: 88027117fa80 RCX: 0001
>> RDX: 88026b053ee0 RSI: 88027351bca0 RDI: 88026b072800
>> RBP: c90041af7c68 R08: c90041af7eb8 R09: 8802711a2810
>> R10: 7ff0 R11: 0001 R12: 88026b072800
>> R13: e8d04d00 R14:  R15: e8d04d05
>> FS:  2b7b7c89b700() GS:88027350()
>> knlGS:
>> CS:  e033 DS:  ES:  CR0: 80050033
>> CR2: ff600400 CR3: 00026d953000 CR4: 00042660
>> Call Trace:
>>  blk_mq_run_work_fn+0x31/0x40
>>  process_one_work+0x174/0x440
>>  ? xen_mc_flush+0xad/0x1b0
>>  ? schedule+0x3a/0xa0
>>  worker_thread+0x6b/0x410
>>  ? default_wake_function+0x12/0x20
>>  ? __wake_up_common+0x84/0x130
>>  ? maybe_create_worker+0x120/0x120
>>  ? schedule+0x3a/0xa0
>>  ? _raw_spin_unlock_irqrestore+0x16/0x20
>>  ? maybe_create_worker+0x120/0x120
>>  kthread+0x111/0x150
>>  ? __kthread_init_worker+0x40/0x40
>>  ret_from_fork+0x25/0x30
>> Code: 89 df e8 06 2f d9 ff 4c 89 e7 41 89 c5 e8 0b 6e 00 00 44 89 ee 48
>> 89 df e8 20 2f d9 ff 48 8b 5d e8 4c 8b 65 f0 4c 8b 6d f8 c9 c3 <0f> ff
>> eb aa 4c 89 e7 e8 e6 6d 00 00 48 8b 5d e8 4c 8b 65 f0 4c
>> ---[ end trace fe2aaf4e723042fd ]---
>> -CentOS 6 kernel-ml-4

Re: [CentOS-virt] Xen PV DomU running Kernel 4.14.5-1.el7.elrepo.x86_64: xl -v vcpu-set triggers domU kernel WARNING, then domU becomes unresponsive

[Johnny Hughes]

There are a couple of xen updates in the 4.9.66 and 4.9.68 kernels:

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.66
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.68

Let me build a newer Dom0 kernel and see if that helps.

Thanks,
Johnny Hughes


On 12/11/2017 06:52 PM, Adi Pircalabu wrote:
> Has anyone seen this recently? I couldn't replicate it on:
> - CentOS 6 running kernel-2.6.32-696.16.1.el6.x86_64,
> kernel-lt-4.4.105-1.el6.elrepo.x86_64
> - CentOS 7 running 4.9.67-1.el7.centos.x86_64
> 
> But I can replicate it consistently running "xl -v vcpu-set 
> " on:
> - CentOS 6 running 4.14.5-1.el6.elrepo.x86_64
> - CentOS 7 running 4.14.5-1.el7.elrepo.x86_64
> 
> dom0 versions tested with similar results in the domU:
> - 4.6.6-6.el7 on kernel 4.9.63-29.el7.x86_64
> - 4.6.3-15.el6 on kernel 4.9.37-29.el6.x86_64
> 
> Noticed behaviour:
> - These commands stall:
> top
> ls -l /var/tmp
> ls -l /tmp
> - Stuck in D state on the CentOS 7 domU:
> root 5  0.0  0.0  0 0 ?    D    11:20   0:00
> [kworker/u8:0]
> root   316  0.0  0.0  0 0 ?    D    11:20   0:00
> [jbd2/xvda1-8]
> root  1145  0.0  0.2 116636  4776 ?    Ds   11:20   0:00 -bash
> root  1289  0.0  0.1  25852  2420 ?    Ds   11:35   0:00
> /usr/bin/systemd-tmpfiles --clean
> root  1290  0.0  0.1 125248  2696 pts/1    D+   11:44   0:00 ls
> --color=auto -l /tmp/
> root  1293  0.0  0.1 125248  2568 pts/2    D+   11:44   0:00 ls
> --color=auto -l /var/tmp
> root  1296  0.0  0.2 116636  4908 pts/3    Ds+  11:44   0:00 -bash
> root  1358  0.0  0.1 125248  2612 pts/4    D+   11:47   0:00 ls
> --color=auto -l /var/tmp
> 
> At a first glance it appears the issue is in 4.14.5 kernel. Stack traces
> follow:
> 
> -CentOS 6 kernel-ml-4.14.5-1.el6.elrepo.x86_64 start here-
> [ cut here ]
> WARNING: CPU: 4 PID: 60 at block/blk-mq.c:1144
> __blk_mq_run_hw_queue+0x9e/0xc0
> Modules linked in: intel_cstate(-) ipt_REJECT nf_reject_ipv4
> nf_conntrack_ipv4 nf_defrag_ipv4 xt_multiport iptable_filter ip_tables
> ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 xt_state
> nf_conntrack libcrc32c ip6table_filter ip6_tables dm_mod dax
> xen_netfront crc32_pclmul crct10dif_pclmul ghash_clmulni_intel
> crc32c_intel pcbc aesni_intel glue_helper crypto_simd cryptd aes_x86_64
> coretemp hwmon x86_pkg_temp_thermal sb_edac intel_rapl_perf pcspkr ext4
> jbd2 mbcache xen_blkfront
> CPU: 4 PID: 60 Comm: kworker/4:1H Not tainted 4.14.5-1.el6.elrepo.x86_64 #1
> Workqueue: kblockd blk_mq_run_work_fn
> task: 8802711a2780 task.stack: c90041af4000
> RIP: e030:__blk_mq_run_hw_queue+0x9e/0xc0
> RSP: e02b:c90041af7c48 EFLAGS: 00010202
> RAX: 0001 RBX: 88027117fa80 RCX: 0001
> RDX: 88026b053ee0 RSI: 88027351bca0 RDI: 88026b072800
> RBP: c90041af7c68 R08: c90041af7eb8 R09: 8802711a2810
> R10: 7ff0 R11: 0001 R12: 88026b072800
> R13: e8d04d00 R14:  R15: e8d04d05
> FS:  2b7b7c89b700() GS:88027350()
> knlGS:
> CS:  e033 DS:  ES:  CR0: 80050033
> CR2: ff600400 CR3: 00026d953000 CR4: 00042660
> Call Trace:
>  blk_mq_run_work_fn+0x31/0x40
>  process_one_work+0x174/0x440
>  ? xen_mc_flush+0xad/0x1b0
>  ? schedule+0x3a/0xa0
>  worker_thread+0x6b/0x410
>  ? default_wake_function+0x12/0x20
>  ? __wake_up_common+0x84/0x130
>  ? maybe_create_worker+0x120/0x120
>  ? schedule+0x3a/0xa0
>  ? _raw_spin_unlock_irqrestore+0x16/0x20
>  ? maybe_create_worker+0x120/0x120
>  kthread+0x111/0x150
>  ? __kthread_init_worker+0x40/0x40
>  ret_from_fork+0x25/0x30
> Code: 89 df e8 06 2f d9 ff 4c 89 e7 41 89 c5 e8 0b 6e 00 00 44 89 ee 48
> 89 df e8 20 2f d9 ff 48 8b 5d e8 4c 8b 65 f0 4c 8b 6d f8 c9 c3 <0f> ff
> eb aa 4c 89 e7 e8 e6 6d 00 00 48 8b 5d e8 4c 8b 65 f0 4c
> ---[ end trace fe2aaf4e723042fd ]---
> -CentOS 6 kernel-ml-4.14.5-1.el6.elrepo.x86_64 end here-
> 
> -CentOS 7 kernel-ml-4.14.5-1.el7.elrepo.x86_64 start here-
> [  116.528885] [ cut here ]
> [  116.528894] WARNING: CPU: 3 PID: 38 at block/blk-mq.c:1144
> __blk_mq_run_hw_queue+0x89/0xa0
> [  116.528898] Modules linked in: intel_cstate(-) ip_set_hash_ip ip_set
> nfnetlink x86_pkg_temp_thermal coretemp crct10dif_pclmul crc32_pclmul
> ghash_clmulni_intel pcbc aesni_intel crypto_simd glue_helper cryptd
> intel_rapl_perf pcspkr nfsd auth_rpcgss nfs_acl lockd grace sunrpc
> ip_tables ext4 mbcache jbd2 xen_netfront xen_blkfront crc32c_intel
> [  116.528919] CPU: 3 PID: 38 Comm: kworker/3:1H Not tainted

Re: [CentOS-virt] Xen 4.6.6-8 in virt-testing

[Johnny Hughes]

George,

This version of xen updates and allows both a CentOS 6 and CentOS 7 DomU
to start and run in both HVM and PVHVM modes.  So it 'works for me'.

Thanks,
Johnny Hughes

On 12/12/2017 08:34 AM, George Dunlap wrote:
> Xen 4.6.6-8 has been tagged in virt-testing.  It contains XSAs
> 248-251, as well as an additional fix to XSA 240.  Please test it if
> you get a chance and report any bugs; I'll probably push it to mirrors
> tomorrow if I don't hear anything.



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] 4.4.4-26 with XSA-226, 227, 230 in centos-virt-testing

[Johnny Hughes]

On 11/28/2017 11:24 AM, Kevin Stange wrote:
> On 11/28/2017 10:11 AM, Johnny Hughes wrote:
>> Kevin has been rolling back the security updates to the 4.4 branch.  He
>> has been working with some of the other distros (debian for sure, and
>> some others on the xen security list).
>>
>> I think it is his intention to continue this for as long as he is able
>> to. (Kevin, chime in if you have a schedule lifetime or EOL in mind)
>>
>> As long as Kevin (or anyone else) maintains the tree, I am happy to
>> build them into the repos.
>>
>> On 11/28/2017 07:38 AM, Pasi Kärkkäinen wrote:
>>> Hi,
>>>
>>> On Wed, Aug 23, 2017 at 04:02:46PM -0500, Kevin Stange wrote:
>>>> Xen 4.4.4 along with kernel 4.9.44 containing patches for XSAs (226 -
>>>> 230) from August 15th are now available in centos-virt-testing.  If
>>>> possible, please test and provide feedback here so we can move these to
>>>> release soon.
>>>>
>>>> XSA-228 did not affect Xen 4.4
>>>> XSA-229 only applies to the kernel
>>>>
>>>> XSA-235 disclosed today only affects ARM and isn't going to be added to
>>>> these packages.
>>>>
>>>
>>> Thanks for updating the Xen 4.4 branch! Are you still planning for 
>>> additional updates there? 
> 
> I will be continuing to attempt to support 4.4 backports as long as I
> still have Xen 4.4 running in my own production environment, which will
> be until at least early 2018, but probably longer.  I am currently in
> early testing for migrating to newer Xen, but it's not close to ready
> yet.  I should have a release containing XSA-246 and XSA-247 in the
> testing repo later today, which will come up as version 4.4.4-32.
> 
> I wish I could provide more concrete EOL for planning purposes.
> Obviously, if you have the option to migrate to Xen 4.6 or later (4.5 is
> EOL in a few months) that's a good plan for a number of reasons.  I
> expect we'll see Xen 4.8 in the SIG repos before too long as well.
> 

I would suggest that if there is anyone out there who wants to keep
using Xen-4.4 on CentOS-6 that, and you have the ability to backport the
4.5 or 4.6 patches to xen-4.4, you get with Kevin and learn the process
so that you can keep the 4.4 branch going .. otherwise it will go EOL
when Kevin stops maintaining it.



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] kernel-plus PXE virt-install with Xen?

[Johnny Hughes]

On 10/10/2017 01:46 PM, PJ Welsh wrote:
> I'm trying to figure out how to replace the vmlinuz and initrd.img from
> CentOS 7.4 with "fixed" kernel-plus versions in order create CentOS 7.4
> VM's. So far I'm stuck booting via 7.3 install, adding new kernel-plus
> and upgrading to 7.4. I've not found any complete Google answers and was
> looking for help making sure I choose the correct approach.
> 
> I've tried to build an initrd.img from a kernel-plus booting system via
> "mkinitrd -f -v /boot/initrd.img $(uname -r)", but the file size is less
> than half the one from CentOS 7.4 (17MB -vs- 47MB). I'm not even sure I
> can just replace those files yet either.
> 
> Any help going the correct path?

I have not had time to do this yet .. BUT .. you can edit the lorax
template to to use kernel-plus instead of kernel (and new repodata)..
then rerun lorax to get a bootable tree and boot.iso

You would then need a tree with the new kernel-plus* packages instead of
the kernel-* packages

This bug kind of explains the process:

https://bugs.centos.org/view.php?id=13763

(look for lorax in the bug)

I do want to create a process and tree somewhere for this (likely on
buildlogs.centos.org).  Sometime soon after I finish the i386 distro
release (hopefully that is this week .. next week for some kind of
bootable x86_64 Xen PV solution).

The good news is, the 7.5 RHEL kernel Source RPMs should have Kevin's
patch in it and it should work as released on Xen PV.





signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Status of reverted Linux patch "tty: Fix ldisc crash on reopened tty", Linux 4.9 kernel frequent crashes

[Johnny Hughes]

On 09/20/2017 03:10 AM, Pasi Kärkkäinen wrote:
> On Tue, Sep 05, 2017 at 10:49:13AM -0700, Nathan March wrote:
 I have no issues rolling this patch in , while we wait on upstream, if
 it makes our tree more stable.

>>>
>>> I think we should do that.. What do others think?
>>>
>>
>> I've had the patch deployed to a group of 32 hosts (with hundreds of vms)
>> for about 10 days now and no sign of any issues.
>>
>> So I support it =)
>>
> 
> Thanks Nathan.
> 
> Johnny: Can you please add the patch to next Linux 4.9 kernel build? 
> 
> 
> Thanks,
> 
> -- Pasi
> 
>> Cheers,
>> Nathan
> 
> 

It has already been built into the latest test kernel .. 4.9.48-29.el7




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen CentOS 7.3 server + CentOS 7.3 VM fails to boot after CR updates (applied to VM)!

[Johnny Hughes]

On 09/07/2017 03:17 PM, Kevin Stange wrote:
> On 09/06/2017 05:21 PM, Kevin Stange wrote:
>> On 09/06/2017 08:40 AM, Johnny Hughes wrote:
>>> On 09/05/2017 02:26 PM, Kevin Stange wrote:
>>>> On 09/04/2017 05:27 PM, Johnny Hughes wrote:
>>>>> On 09/04/2017 03:59 PM, Kevin Stange wrote:
>>>>>> On 09/02/2017 08:11 AM, Johnny Hughes wrote:
>>>>>>> On 09/01/2017 02:41 PM, Kevin Stange wrote:
>>>>>>>> On 08/31/2017 07:50 AM, PJ Welsh wrote:
>>>>>>>>> A recently created and fully functional CentOS 7.3 VM fails to boot
>>>>>>>>> after applying CR updates:
>>>>>>>> 
>>>>>>>>> Server OS is CentOS 7.3 using Xen (no CR updates):
>>>>>>>>> rpm -qa xen\*
>>>>>>>>> xen-hypervisor-4.6.3-15.el7.x86_64
>>>>>>>>> xen-4.6.3-15.el7.x86_64
>>>>>>>>> xen-licenses-4.6.3-15.el7.x86_64
>>>>>>>>> xen-libs-4.6.3-15.el7.x86_64
>>>>>>>>> xen-runtime-4.6.3-15.el7.x86_64
>>>>>>>>>
>>>>>>>>> uname -a
>>>>>>>>> Linux tsxen2.xx.com <http://tsxen2.xx.com> 4.9.39-29.el7.x86_64 #1 SMP
>>>>>>>>> Fri Jul 21 15:09:00 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>>>>>>>>>
>>>>>>>>> Sadly, the other issue is that the grub menu will not display for me 
>>>>>>>>> to
>>>>>>>>> select another kernel to see if it is just a kernel issue.
>>>>>>>>>
>>>>>>>>> The dracut prompt does not show any /dev/disk folder either.
>>>>>>>>>
>>>>>>>>
>>>>>>>> I'm seeing this as well.  My host is 4.9.44-29 and Xen 4.4.4-26 from
>>>>>>>> testing repo, my guest is 3.10.0-693.1.1.  Guest boots fine with
>>>>>>>> 514.26.2.  The kernel messages that appear to kick off the failure for
>>>>>>>> me start with a page allocation failure.  It eventually reaches dracut
>>>>>>>> failures due to systemd/udev not setting up properly, but I think the
>>>>>>>> root is this:
>>>>>>>>
>> 
>>>>>>>
>>>>>>> Do any of you guys have access to RHEL to try the RHEL 7.4 Kernel?
>>>>>>
>>>>>> I think I may.  I haven't tried yet, but I'll see if I can get my hands
>>>>>> on one and test it tomorrow when I'm back at the office tomorrow.
>>>>>>
>>>>>> RH closed my bug as "WONTFIX" so far, saying Red Hat Quality Engineering
>>>>>> Management declined the request.  I started to look at the Red Hat
>>>>>> source browser to see the list of patches from 693 to 514, but getting
>>>>>> the full list seems impossible because the change log only goes back to
>>>>>> 644 and there doesn't seem to be a way to obtain full builds of
>>>>>> unreleased kernels.  Unless I'm mistaken.
>>>>>>
>>>>>> I will also do some digging via RH support if I can.
>>>>>>
>>>>> I would think that RH would want AWS support for RHEL 7.4 and I thought
>>>>> AWS was run on Xen // Note:  I could be wrong about that.
>>>>>
>>>>> In any event, at the very least, we can make a kernel that boots PV for
>>>>> 7.4 at some point.
>>>>
>>>> AWS does run on Xen, but the modifications they make to Xen are not
>>>> known to me nor which version of Xen they use.  They may also run the
>>>> domains as HVM, which seems to mitigate the issue here.
>>>>
>>>> I just verified this kernel issue exists on a RHEL 7.3 system image
>>>> under the same conditions, when it's updated to RHEL 7.4 and kernel
>>>> 3.10.0-693.2.1.el7.x86_64.
>>>>
>>>
>>> One other option is to run the DomU's as PVHVM:
>>> https://wiki.xen.org/wiki/Xen_Linux_PV_on_HVM_drivers
>>>
>>> That should be much better performance than HVM and may be a workable
>>> solution for people who don't want to modify their VM kernel.
>>>
>>> Here is more info on PVHVM:
>>> https://wiki.xen.org/wiki/PV_on_HVM
>>>
>>> 
>>> Also heard from someone to try this Config file change to the base
>>> kernel and rebuild:
>>>
>>> CONFIG_RANDOMIZE_BASE=n
>>
>> This suggestion was mirrored in the RH bugzilla as well, it worked, but
>> the same issue does not exist in newer kernels which have the option on.
>>  I've posted updated findings in the CentOS bug, which includes a patch
>> that I found which seems to fix the issue:
>>
>> https://bugs.centos.org/view.php?id=13763#c30014
> 
> With many thanks to hughesjr and toracat, I was able to find a patch
> that seems to resolve this issue and get it into CentOS Plus
> 3.10.0-693.2.1.  I've asked Red Hat to apply it to some future kernel
> update, but that is only a dream for now.
> 
> In the meantime, if anyone who has been experiencing the issue with PV
> domains can try out the CentOS Plus kernel here and provide feedback,
> I'd appreciate it!
> 
> https://buildlogs.centos.org/c7-plus/kernel-plus/20170907163005/3.10.0-693.2.1.el7.centos.plus.x86_64/
> 

I can verify that PV-on-HVM mode works with the regular kernel as well
if that is an option for you.  Many public clouds (like AWS) require HVM
or PV-on-HVM.

See these for more information on PV-on-HVM:

https://wiki.xen.org/wiki/PV_on_HVM

https://wiki.xen.org/wiki/Xen_Linux_PV_on_HVM_drivers



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] updating qemu-img-ev 2.6

[Johnny Hughes]

On 09/07/2017 04:09 AM, Johan Guldmyr wrote:
> Hello!
> 
> http://mirror.centos.org/centos/7/virt/x86_64/kvm-common
> 
> Latest is now qemu-kvm-ev-2.6.0-28.el7.10.1.x86_64.rpm 
> 
> while http://ftp.redhat.com/redhat/linux/enterprise/7Server/en/RHEV/SRPMS/
> 
> has qemu-kvm-rhev-2.6.0-28.el7_3.12.src.rpm
> 
> A few questions:  
>  A) Does kvm-common have RPM builds from RHEV's SRPMS?
>  B) Is the plan to keep kvm-common up to date with RHEV?

I am not sure of the answer to your question (the SIG chairman might be
able to answer the policy question) .. However

We will be moving to 7.4 soon(ish), at which time the older tree (centos
7.3.1611) moves into vault .. and the 'qemu-kvm-rhev-2.9.0 el7_4' branch
will likely start being built.



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen CentOS 7.3 server + CentOS 7.3 VM fails to boot after CR updates (applied to VM)!

[Johnny Hughes]

On 09/05/2017 02:26 PM, Kevin Stange wrote:
> On 09/04/2017 05:27 PM, Johnny Hughes wrote:
>> On 09/04/2017 03:59 PM, Kevin Stange wrote:
>>> On 09/02/2017 08:11 AM, Johnny Hughes wrote:
>>>> On 09/01/2017 02:41 PM, Kevin Stange wrote:
>>>>> On 08/31/2017 07:50 AM, PJ Welsh wrote:
>>>>>> A recently created and fully functional CentOS 7.3 VM fails to boot
>>>>>> after applying CR updates:
>>>>> 
>>>>>> Server OS is CentOS 7.3 using Xen (no CR updates):
>>>>>> rpm -qa xen\*
>>>>>> xen-hypervisor-4.6.3-15.el7.x86_64
>>>>>> xen-4.6.3-15.el7.x86_64
>>>>>> xen-licenses-4.6.3-15.el7.x86_64
>>>>>> xen-libs-4.6.3-15.el7.x86_64
>>>>>> xen-runtime-4.6.3-15.el7.x86_64
>>>>>>
>>>>>> uname -a
>>>>>> Linux tsxen2.xx.com <http://tsxen2.xx.com> 4.9.39-29.el7.x86_64 #1 SMP
>>>>>> Fri Jul 21 15:09:00 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>>>>>>
>>>>>> Sadly, the other issue is that the grub menu will not display for me to
>>>>>> select another kernel to see if it is just a kernel issue.
>>>>>>
>>>>>> The dracut prompt does not show any /dev/disk folder either.
>>>>>>
>>>>>
>>>>> I'm seeing this as well.  My host is 4.9.44-29 and Xen 4.4.4-26 from
>>>>> testing repo, my guest is 3.10.0-693.1.1.  Guest boots fine with
>>>>> 514.26.2.  The kernel messages that appear to kick off the failure for
>>>>> me start with a page allocation failure.  It eventually reaches dracut
>>>>> failures due to systemd/udev not setting up properly, but I think the
>>>>> root is this:
>>>>>
>>>>> [1.970630] [ cut here ]
>>>>> [1.970651] WARNING: CPU: 2 PID: 225 at mm/vmalloc.c:131
>>>>> vmap_page_range_noflush+0x2c1/0x350
>>>>> [1.970660] Modules linked in:
>>>>> [1.970668] CPU: 2 PID: 225 Comm: systemd-udevd Not tainted
>>>>> 3.10.0-693.1.1.el7.x86_64 #1
>>>>> [1.970677]   8cddc75d 8803e8587bd8
>>>>> 816a3d91
>>>>> [1.970688]  8803e8587c18 810879c8 0083811c14e8
>>>>> 8800066eb000
>>>>> [1.970698]  0001 8803e86d6940 c000
>>>>> 
>>>>> [1.970708] Call Trace:
>>>>> [1.970725]  [] dump_stack+0x19/0x1b
>>>>> [1.970736]  [] __warn+0xd8/0x100
>>>>> [1.970742]  [] warn_slowpath_null+0x1d/0x20
>>>>> [1.970748]  [] vmap_page_range_noflush+0x2c1/0x350
>>>>> [1.970758]  [] map_vm_area+0x2e/0x40
>>>>> [1.970765]  [] __vmalloc_node_range+0x170/0x270
>>>>> [1.970774]  [] ? 
>>>>> module_alloc_update_bounds+0x14/0x70
>>>>> [1.970781]  [] ? 
>>>>> module_alloc_update_bounds+0x14/0x70
>>>>> [1.970792]  [] module_alloc+0x73/0xd0
>>>>> [1.970798]  [] ? 
>>>>> module_alloc_update_bounds+0x14/0x70
>>>>> [1.970804]  [] module_alloc_update_bounds+0x14/0x70
>>>>> [1.970811]  [] load_module+0xb02/0x29e0
>>>>> [1.970817]  [] ? vmap_page_range_noflush+0x257/0x350
>>>>> [1.970823]  [] ? map_vm_area+0x2e/0x40
>>>>> [1.970829]  [] ? __vmalloc_node_range+0x170/0x270
>>>>> [1.970838]  [] ? SyS_init_module+0x99/0x110
>>>>> [1.970846]  [] SyS_init_module+0xc5/0x110
>>>>> [1.970856]  [] system_call_fastpath+0x16/0x1b
>>>>> [1.970862] ---[ end trace 2117480876ed90d2 ]---
>>>>> [1.970869] vmalloc: allocation failure, allocated 24576 of 28672 bytes
>>>>> [1.970874] systemd-udevd: page allocation failure: order:0, mode:0xd2
>>>>> [1.970883] CPU: 2 PID: 225 Comm: systemd-udevd Tainted: GW
>>>>>   3.10.0-693.1.1.el7.x86_64 #1
>>>>> [1.970894]  00d2 8cddc75d 8803e8587c48
>>>>> 816a3d91
>>>>> [1.970910]  8803e8587cd8 81188810 8190ea38
>>>>> 8803e8587c68
>>>>> [1.970923]  0018 8803e8587ce8 8803e8587c88
>>>>> 8cddc75d
>>>>> [1.970939]

Re: [CentOS-virt] Xen CentOS 7.3 server + CentOS 7.3 VM fails to boot after CR updates (applied to VM)!

[Johnny Hughes]

On 09/04/2017 03:59 PM, Kevin Stange wrote:
> On 09/02/2017 08:11 AM, Johnny Hughes wrote:
>> On 09/01/2017 02:41 PM, Kevin Stange wrote:
>>> On 08/31/2017 07:50 AM, PJ Welsh wrote:
>>>> A recently created and fully functional CentOS 7.3 VM fails to boot
>>>> after applying CR updates:
>>> 
>>>> Server OS is CentOS 7.3 using Xen (no CR updates):
>>>> rpm -qa xen\*
>>>> xen-hypervisor-4.6.3-15.el7.x86_64
>>>> xen-4.6.3-15.el7.x86_64
>>>> xen-licenses-4.6.3-15.el7.x86_64
>>>> xen-libs-4.6.3-15.el7.x86_64
>>>> xen-runtime-4.6.3-15.el7.x86_64
>>>>
>>>> uname -a
>>>> Linux tsxen2.xx.com <http://tsxen2.xx.com> 4.9.39-29.el7.x86_64 #1 SMP
>>>> Fri Jul 21 15:09:00 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>>>>
>>>> Sadly, the other issue is that the grub menu will not display for me to
>>>> select another kernel to see if it is just a kernel issue.
>>>>
>>>> The dracut prompt does not show any /dev/disk folder either.
>>>>
>>>
>>> I'm seeing this as well.  My host is 4.9.44-29 and Xen 4.4.4-26 from
>>> testing repo, my guest is 3.10.0-693.1.1.  Guest boots fine with
>>> 514.26.2.  The kernel messages that appear to kick off the failure for
>>> me start with a page allocation failure.  It eventually reaches dracut
>>> failures due to systemd/udev not setting up properly, but I think the
>>> root is this:
>>>
>>> [1.970630] [ cut here ]
>>> [1.970651] WARNING: CPU: 2 PID: 225 at mm/vmalloc.c:131
>>> vmap_page_range_noflush+0x2c1/0x350
>>> [1.970660] Modules linked in:
>>> [1.970668] CPU: 2 PID: 225 Comm: systemd-udevd Not tainted
>>> 3.10.0-693.1.1.el7.x86_64 #1
>>> [1.970677]   8cddc75d 8803e8587bd8
>>> 816a3d91
>>> [1.970688]  8803e8587c18 810879c8 0083811c14e8
>>> 8800066eb000
>>> [1.970698]  0001 8803e86d6940 c000
>>> 
>>> [1.970708] Call Trace:
>>> [1.970725]  [] dump_stack+0x19/0x1b
>>> [1.970736]  [] __warn+0xd8/0x100
>>> [1.970742]  [] warn_slowpath_null+0x1d/0x20
>>> [1.970748]  [] vmap_page_range_noflush+0x2c1/0x350
>>> [1.970758]  [] map_vm_area+0x2e/0x40
>>> [1.970765]  [] __vmalloc_node_range+0x170/0x270
>>> [1.970774]  [] ? module_alloc_update_bounds+0x14/0x70
>>> [1.970781]  [] ? module_alloc_update_bounds+0x14/0x70
>>> [1.970792]  [] module_alloc+0x73/0xd0
>>> [1.970798]  [] ? module_alloc_update_bounds+0x14/0x70
>>> [1.970804]  [] module_alloc_update_bounds+0x14/0x70
>>> [1.970811]  [] load_module+0xb02/0x29e0
>>> [1.970817]  [] ? vmap_page_range_noflush+0x257/0x350
>>> [1.970823]  [] ? map_vm_area+0x2e/0x40
>>> [1.970829]  [] ? __vmalloc_node_range+0x170/0x270
>>> [1.970838]  [] ? SyS_init_module+0x99/0x110
>>> [1.970846]  [] SyS_init_module+0xc5/0x110
>>> [1.970856]  [] system_call_fastpath+0x16/0x1b
>>> [1.970862] ---[ end trace 2117480876ed90d2 ]---
>>> [1.970869] vmalloc: allocation failure, allocated 24576 of 28672 bytes
>>> [1.970874] systemd-udevd: page allocation failure: order:0, mode:0xd2
>>> [1.970883] CPU: 2 PID: 225 Comm: systemd-udevd Tainted: GW
>>>   3.10.0-693.1.1.el7.x86_64 #1
>>> [1.970894]  00d2 8cddc75d 8803e8587c48
>>> 816a3d91
>>> [1.970910]  8803e8587cd8 81188810 8190ea38
>>> 8803e8587c68
>>> [1.970923]  0018 8803e8587ce8 8803e8587c88
>>> 8cddc75d
>>> [1.970939] Call Trace:
>>> [1.970946]  [] dump_stack+0x19/0x1b
>>> [1.970961]  [] warn_alloc_failed+0x110/0x180
>>> [1.970971]  [] __vmalloc_node_range+0x234/0x270
>>> [1.970981]  [] ? module_alloc_update_bounds+0x14/0x70
>>> [1.970989]  [] ? module_alloc_update_bounds+0x14/0x70
>>> [1.970999]  [] module_alloc+0x73/0xd0
>>> [1.971031]  [] ? module_alloc_update_bounds+0x14/0x70
>>> [1.971038]  [] module_alloc_update_bounds+0x14/0x70
>>> [1.971046]  [] load_module+0xb02/0x29e0
>>> [1.971052]  [] ? vmap_page_range_noflush+0x257/0x350
>>> [1.971061]  [] ? map_vm_area+0x2e/0x40
>>> [1.971067]  [] ? __vmalloc_node

Re: [CentOS-virt] Status of reverted Linux patch "tty: Fix ldisc crash on reopened tty", Linux 4.9 kernel frequent crashes

[Johnny Hughes]

On 08/30/2017 03:10 PM, Pasi Kärkkäinen wrote:
> Hello everyone,
> 
> Recently Nathan March reported on centos-virt list he's getting frequent 
> Linux kernel crashes with Linux 4.9 LTS kernel because of the missing patch 
> "tty: Fix ldisc crash on reopened tty".
> 
> The patch was already merged upstream here:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71472fa9c52b1da27663c275d416d8654b905f05
> 
> but then reverted here:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=896d81fefe5d1919537db2c2150ab6384e4a6610
> 
> Nathan confirmed if he applies the patch from 
> 71472fa9c52b1da27663c275d416d8654b905f05 to his Linux 4.9 LTS kernel the 
> bug/problem goes away, so the patch (or similar fix) is still needed, at 
> least for 4.9 LTS kernel.
> 
> 
> Mikulas reported he's able to trigger the same crash on Linux 4.10:
> https://www.spinics.net/lists/kernel/msg2440637.html
> https://lists.gt.net/linux/kernel/2664604?search_string=ldisc%20reopened;#2664604
> 
> Michael Neuling reported he's able to trigger the bug on PowerPC:
> https://lkml.org/lkml/2017/3/10/1582
> 
> 
> So now the question is.. is anyone currently working on getting this patch 
> fixed and applied upstream? I think one of the problems earlier was being 
> able to reliable reproduce the crash.. Nathan says he's able to reproduce it 
> many times per week on his environment on x86_64.
> 

I have no issues rolling this patch in , while we wait on upstream, if
it makes our tree more stable.




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen CentOS 7.3 server + CentOS 7.3 VM fails to boot after CR updates (applied to VM)!

[Johnny Hughes]

On 09/01/2017 02:41 PM, Kevin Stange wrote:
> On 08/31/2017 07:50 AM, PJ Welsh wrote:
>> A recently created and fully functional CentOS 7.3 VM fails to boot
>> after applying CR updates:
> 
>> Server OS is CentOS 7.3 using Xen (no CR updates):
>> rpm -qa xen\*
>> xen-hypervisor-4.6.3-15.el7.x86_64
>> xen-4.6.3-15.el7.x86_64
>> xen-licenses-4.6.3-15.el7.x86_64
>> xen-libs-4.6.3-15.el7.x86_64
>> xen-runtime-4.6.3-15.el7.x86_64
>>
>> uname -a
>> Linux tsxen2.xx.com  4.9.39-29.el7.x86_64 #1 SMP
>> Fri Jul 21 15:09:00 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>>
>> Sadly, the other issue is that the grub menu will not display for me to
>> select another kernel to see if it is just a kernel issue.
>>
>> The dracut prompt does not show any /dev/disk folder either.
>>
> 
> I'm seeing this as well.  My host is 4.9.44-29 and Xen 4.4.4-26 from
> testing repo, my guest is 3.10.0-693.1.1.  Guest boots fine with
> 514.26.2.  The kernel messages that appear to kick off the failure for
> me start with a page allocation failure.  It eventually reaches dracut
> failures due to systemd/udev not setting up properly, but I think the
> root is this:
> 
> [1.970630] [ cut here ]
> [1.970651] WARNING: CPU: 2 PID: 225 at mm/vmalloc.c:131
> vmap_page_range_noflush+0x2c1/0x350
> [1.970660] Modules linked in:
> [1.970668] CPU: 2 PID: 225 Comm: systemd-udevd Not tainted
> 3.10.0-693.1.1.el7.x86_64 #1
> [1.970677]   8cddc75d 8803e8587bd8
> 816a3d91
> [1.970688]  8803e8587c18 810879c8 0083811c14e8
> 8800066eb000
> [1.970698]  0001 8803e86d6940 c000
> 
> [1.970708] Call Trace:
> [1.970725]  [] dump_stack+0x19/0x1b
> [1.970736]  [] __warn+0xd8/0x100
> [1.970742]  [] warn_slowpath_null+0x1d/0x20
> [1.970748]  [] vmap_page_range_noflush+0x2c1/0x350
> [1.970758]  [] map_vm_area+0x2e/0x40
> [1.970765]  [] __vmalloc_node_range+0x170/0x270
> [1.970774]  [] ? module_alloc_update_bounds+0x14/0x70
> [1.970781]  [] ? module_alloc_update_bounds+0x14/0x70
> [1.970792]  [] module_alloc+0x73/0xd0
> [1.970798]  [] ? module_alloc_update_bounds+0x14/0x70
> [1.970804]  [] module_alloc_update_bounds+0x14/0x70
> [1.970811]  [] load_module+0xb02/0x29e0
> [1.970817]  [] ? vmap_page_range_noflush+0x257/0x350
> [1.970823]  [] ? map_vm_area+0x2e/0x40
> [1.970829]  [] ? __vmalloc_node_range+0x170/0x270
> [1.970838]  [] ? SyS_init_module+0x99/0x110
> [1.970846]  [] SyS_init_module+0xc5/0x110
> [1.970856]  [] system_call_fastpath+0x16/0x1b
> [1.970862] ---[ end trace 2117480876ed90d2 ]---
> [1.970869] vmalloc: allocation failure, allocated 24576 of 28672 bytes
> [1.970874] systemd-udevd: page allocation failure: order:0, mode:0xd2
> [1.970883] CPU: 2 PID: 225 Comm: systemd-udevd Tainted: GW
>   3.10.0-693.1.1.el7.x86_64 #1
> [1.970894]  00d2 8cddc75d 8803e8587c48
> 816a3d91
> [1.970910]  8803e8587cd8 81188810 8190ea38
> 8803e8587c68
> [1.970923]  0018 8803e8587ce8 8803e8587c88
> 8cddc75d
> [1.970939] Call Trace:
> [1.970946]  [] dump_stack+0x19/0x1b
> [1.970961]  [] warn_alloc_failed+0x110/0x180
> [1.970971]  [] __vmalloc_node_range+0x234/0x270
> [1.970981]  [] ? module_alloc_update_bounds+0x14/0x70
> [1.970989]  [] ? module_alloc_update_bounds+0x14/0x70
> [1.970999]  [] module_alloc+0x73/0xd0
> [1.971031]  [] ? module_alloc_update_bounds+0x14/0x70
> [1.971038]  [] module_alloc_update_bounds+0x14/0x70
> [1.971046]  [] load_module+0xb02/0x29e0
> [1.971052]  [] ? vmap_page_range_noflush+0x257/0x350
> [1.971061]  [] ? map_vm_area+0x2e/0x40
> [1.971067]  [] ? __vmalloc_node_range+0x170/0x270
> [1.971075]  [] ? SyS_init_module+0x99/0x110
> [1.971081]  [] SyS_init_module+0xc5/0x110
> [1.971088]  [] system_call_fastpath+0x16/0x1b
> [1.971094] Mem-Info:
> [1.971103] active_anon:875 inactive_anon:2049 isolated_anon:0
> [1.971103]  active_file:791 inactive_file:8841 isolated_file:0
> [1.971103]  unevictable:0 dirty:0 writeback:0 unstable:0
> [1.971103]  slab_reclaimable:1732 slab_unreclaimable:1629
> [1.971103]  mapped:1464 shmem:2053 pagetables:480 bounce:0
> [1.971103]  free:4065966 free_pcp:763 free_cma:0
> [1.971131] Node 0 DMA free:15912kB min:12kB low:12kB high:16kB
> active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB
> unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15996kB
> managed:15912kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB
> slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB
> pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
> free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
> [1.971217] 

Re: [CentOS-virt] New xen-4.6.6 rpms for CentOS-6 and CentOS-7

[Johnny Hughes]

On 07/28/2017 07:55 AM, Piotr Gackiewicz wrote:
> On Fri, 28 Jul 2017, Johnny Hughes wrote:
> 
>> On 07/18/2017 04:48 PM, Johnny Hughes wrote:
>>> There are new xen-4.6.6 rpms for CentOS-6 and CentOS-7 in the testing
>>> repository on buildlogs.centos.org.
>>>
>>> Can we please get some testing of these RPMs and feedback to this list.
>>>
>>
>>
>> Any testing or feedback on these 4.6.6 rpms?  It would suck if I was the
>> only tester and they don't work on other hardware AND they get into the
>> release stream.
> 
> Hello,
> 
> it works for me on HP(Intel Xeon) and AMD (K8).
> 

I have installed the xen-4.6.6 and kernel-4.9.39-29 from testing on a
thinkpad t520 with 16GB ram as a test server.

I was able to follow the steps here to create 2 HVM vms (one centos-6,
one centos-7):

https://wiki.centos.org/HowTos/Xen/Xen4QuickStart/Xen4Cli

So it also 'works for me' with intel 64bit CPU.

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] New xen-4.6.6 rpms for CentOS-6 and CentOS-7

[Johnny Hughes]

On 07/18/2017 04:48 PM, Johnny Hughes wrote:
> There are new xen-4.6.6 rpms for CentOS-6 and CentOS-7 in the testing
> repository on buildlogs.centos.org.
> 
> Can we please get some testing of these RPMs and feedback to this list.
> 


Any testing or feedback on these 4.6.6 rpms?  It would suck if I was the
only tester and they don't work on other hardware AND they get into the
release stream.



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] AWS EC2 - CentOS 6 + 7 AMIs for new g3.* instance types?

[Johnny Hughes]

On 07/26/2017 09:29 AM, Stephan Koledin wrote:
> Some additional info...
> 
> AFAIK, the AMIs I'm referring to are owned/maintained by the CentOS
> team, not by AWS. Details and suggestions to contact this list for
> assistance are published at both https://wiki.centos.org/Cloud/AWS and
> https://wiki.centos.org/Cloud/AWS
> 
> Basically, the maintainer of the Centos.org AWS account just needs to
> add/approve the current AMIs for the g3.* instance types. Should be a
> purely administrative action.
> 

AWS is under instruction to 'enable all instance types and enable all
zones, as they come up'.  Basically, we create the images for AWS and
they should be enabled everywhere.  We will take a look and see if we
can see anything, but they should already have permission to add to
every type.


> On 7/25/2017 3:16 PM, Stephan Koledin wrote:
>> Hello-
>>
>> Does anyone one this list maintain the official CentOS 6 + 7 AMIs in AWS?
>>
>> If so, could you please enable those images for use with the new g3.*
>> instance types?
>>
>> If this list is the wrong place for this request, please point me in
>> the right direction.
>>



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] kernel-4.9.37-29.el7 (and el6)

[Johnny Hughes]

On 07/24/2017 03:05 PM, Kevin Stange wrote:
> On 07/20/2017 03:14 PM, Piotr Gackiewicz wrote:
>> On Thu, 20 Jul 2017, Kevin Stange wrote:
>>
>>> On 07/20/2017 05:31 AM, Piotr Gackiewicz wrote:
>>>> On Wed, 19 Jul 2017, Johnny Hughes wrote:
>>>>
>>>>> On 07/19/2017 09:23 AM, Johnny Hughes wrote:
>>>>>> On 07/19/2017 04:27 AM, Piotr Gackiewicz wrote:
>>>>>>> On Mon, 17 Jul 2017, Johnny Hughes wrote:
>>>>>>>
>>>>>>>> Are the testing kernels (kernel-4.9.37-29.el7 and
>>>>>>>> kernel-4.9.37-29.el6,
>>>>>>>> with the one config file change) working for everyone:
>>>>>>>>
>>>>>>>> (turn off: CONFIG_IO_STRICT_DEVMEM)
>>>>>>>
>>>>>>> Hello.
>>>>>>> Maybe it's not the most appropriate thread or time, but I have been
>>>>>>> signalling it before:
>>>>>>>
>>>>>>> 4.9.* kernels do not work well for me any more (and for other people
>>>>>>> neither, as I know). Last stable kernel was 4.9.13-22.
>>>>
>>>> I think I have nailed down the faulty combo.
>>>> My tests showed, that SLUB allocator does not work well in Xen Dom0, on
>>>> top of Xen Hypervisor.
>>>> Id does not work at least on one of my testing servers (old AMD K8 (1
>>>> proc,
>>>> 1 core), only 1 paravirt guest).
>>>> If kernel with SLUB booted as main (w/o Xen hypervisor), it works well.
>>>> If booted as Xen hypervisor module - it almost instantly gets page
>>>> allocation failure.
>>>>
>>>>
>>>> SLAB=>SLUB was changed in kernel config, starting from 4.9.25. Then
>>>> problems
>>>> started to explode in my production environment, and on testing server
>>>> mentioned
>>>> above.
>>>>
>>>> After recompiling recent 4.9.34 with SLAB - everything works well on
>>>> that testing machine.
>>>> A will try to test 4.9.38 with the same config on my production servers.
>>>
>>> I was having page allocation failures on 4.9.25 with SLUB, but these
>>> problems seem to be gone with 4.9.34 (still with SLUB).   Have you
>>> checked this build?  It was moved to the stable repo on July 4th.
>>
>> Yes, 4.9.34 was failing too. And this was actually the worst case, with
>> I/O error on guest:
> 
> I did find one server running 4.9.34 that was still throwing SLUB page
> allocation errors, but oddly, the only servers ever to have this issue
> for me are spares that are running no domains.  I've just tried booting
> that box up on 4.9.39, but I may not know if the switch back to SLAB
> fixes anything for several weeks.
> 
> Otherwise, the other server I'm running 4.9.39 on for the past 72 hours
> has been stable with running domains.
> 

Cool,

We have several good reports .. I'll wait until Wednesday and push this
kernel to "release" if we don't get any bad reports.



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] kernel-4.9.37-29.el7 (and el6)

[Johnny Hughes]

On 07/21/2017 06:06 AM, Piotr Gackiewicz wrote:
> On Fri, 21 Jul 2017, Johnny Hughes wrote:
> 
>>>
>>
>> I will happily create a test kernel with SLAB .. what is your config
>> file diff?
> 
> I have just choosed SLAB allocator in menuconfig.
> It has implied several other internal configurations changes.
> 
> Overall differencess (config file patch) is in attachment.
> 
> But my considerations about compiled in PATA etc., instead of modules,
> remain actual ;-).
> 


OK .. I have built:

kernel-4.9.39-29.el6 and kernel-4.9.39-29.el7

They have been tagged to the testing repository

They should show up in a couple of hours into the testing repo.

Everyone who was having memory issues, give those a try.

Also, please test the iscsi configs as well.




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] kernel-4.9.37-29.el7 (and el6)

[Johnny Hughes]

On 07/21/2017 06:06 AM, Piotr Gackiewicz wrote:
> On Fri, 21 Jul 2017, Johnny Hughes wrote:
> 
>>>
>>
>> I will happily create a test kernel with SLAB .. what is your config
>> file diff?
> 
> I have just choosed SLAB allocator in menuconfig.
> It has implied several other internal configurations changes.
> 
> Overall differencess (config file patch) is in attachment.
> 
> But my considerations about compiled in PATA etc., instead of modules,
> remain actual ;-).
> 

OK .. I will create a 4.9.39 kernel with slub off and slab on later
today.  The only change I will make is to also turn slab_debug on (it
will add things to the debuginfo file that Sarah created for the kernels).

WRT the other items in the kernel (modules or compiled directly), I
would rather leave everything else alone as it is how the Red Hat
kernels seem to be done .. unless someone has them actually causing a
problem.



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] kernel-4.9.37-29.el7 (and el6)

[Johnny Hughes]

On 07/20/2017 03:14 PM, Piotr Gackiewicz wrote:
> On Thu, 20 Jul 2017, Kevin Stange wrote:
> 
>> On 07/20/2017 05:31 AM, Piotr Gackiewicz wrote:
>>> On Wed, 19 Jul 2017, Johnny Hughes wrote:
>>>
>>>> On 07/19/2017 09:23 AM, Johnny Hughes wrote:
>>>>> On 07/19/2017 04:27 AM, Piotr Gackiewicz wrote:
>>>>>> On Mon, 17 Jul 2017, Johnny Hughes wrote:
>>>>>>
>>>>>>> Are the testing kernels (kernel-4.9.37-29.el7 and
>>>>>>> kernel-4.9.37-29.el6,
>>>>>>> with the one config file change) working for everyone:
>>>>>>>
>>>>>>> (turn off: CONFIG_IO_STRICT_DEVMEM)
>>>>>>
>>>>>> Hello.
>>>>>> Maybe it's not the most appropriate thread or time, but I have been
>>>>>> signalling it before:
>>>>>>
>>>>>> 4.9.* kernels do not work well for me any more (and for other people
>>>>>> neither, as I know). Last stable kernel was 4.9.13-22.
>>>
>>> I think I have nailed down the faulty combo.
>>> My tests showed, that SLUB allocator does not work well in Xen Dom0, on
>>> top of Xen Hypervisor.
>>> Id does not work at least on one of my testing servers (old AMD K8 (1
>>> proc,
>>> 1 core), only 1 paravirt guest).
>>> If kernel with SLUB booted as main (w/o Xen hypervisor), it works well.
>>> If booted as Xen hypervisor module - it almost instantly gets page
>>> allocation failure.
>>>
>>>
>>> SLAB=>SLUB was changed in kernel config, starting from 4.9.25. Then
>>> problems
>>> started to explode in my production environment, and on testing server
>>> mentioned
>>> above.
>>>
>>> After recompiling recent 4.9.34 with SLAB - everything works well on
>>> that testing machine.
>>> A will try to test 4.9.38 with the same config on my production servers.
>>
>> I was having page allocation failures on 4.9.25 with SLUB, but these
>> problems seem to be gone with 4.9.34 (still with SLUB).   Have you
>> checked this build?  It was moved to the stable repo on July 4th.
> 
> Yes, 4.9.34 was failing too. And this was actually the worst case, with
> I/O error on guest:
> 
> Jul 16 06:01:03 dom0 kernel: [452360.743312] CPU: 0 PID: 28450 Comm:
> 12.xvda3-0 Tainted: G   O4.9.34-29.el6.x86_64 #1
> Jul 16 06:01:03 guest kernel: end_request: I/O error, dev xvda3, sector
> 9200640
> Jul 16 06:01:03 dom0 kernel: [452360.758931] SLUB: Unable to allocate
> memory on node -1, gfp=0x200(GFP_NOWAIT)
> Jul 16 06:01:03 guest kernel: Buffer I/O error on device xvda3, logical
> block 1150080
> Jul 16 06:01:03 guest kernel: lost page write due to I/O error on xvda3
> Jul 16 06:01:03 guest kernel: Buffer I/O error on device xvda3, logical
> block 1150081
> Jul 16 06:01:03 guest kernel: lost page write due to I/O error on xvda3
> Jul 16 06:01:03 guest kernel: Buffer I/O error on device xvda3, logical
> block 1150082
> Jul 16 06:01:03 guest kernel: lost page write due to I/O error on xvda3
> Jul 16 06:01:03 guest kernel: Buffer I/O error on device xvda3, logical
> block 1150083
> Jul 16 06:01:03 guest kernel: lost page write due to I/O error on xvda3
> Jul 16 06:01:03 guest kernel: Buffer I/O error on device xvda3, logical
> block 1150084
> Jul 16 06:01:03 guest kernel: lost page write due to I/O error on xvda3
> Jul 16 06:01:03 dom0 kernel: [452361.449389] 12.xvda3-0: page allocation
> failure: order:0, mode:0x220(GFP_NOWAIT|__GFP_NOTRACK)
> Jul 16 06:01:03 dom0 kernel: [452361.449685] CPU: 1 PID: 28450 Comm:
> 12.xvda3-0 Tainted: G   O4.9.34-29.el6.x86_64 #1
> Jul 16 06:01:03 dom0 kernel: [452361.449934] Hardware name: Supermicro
> X8SIL/X8SIL, BIOS 1.0c 02/25/2010
> Jul 16 06:01:03 guest kernel: end_request: I/O error, dev xvda3, sector
> 6102784
> Jul 16 06:01:03 dom0 kernel: [452361.462103] SLUB: Unable to allocate
> memory on node -1, gfp=0x200(GFP_NOWAIT)
> Jul 16 06:01:03 dom0 kernel: [452361.676257] 12.xvda3-0: page allocation
> failure: order:0, mode:0x220(GFP_NOWAIT|__GFP_NOTRACK)
> Jul 16 06:01:03 dom0 kernel: [452361.676531] CPU: 0 PID: 28450 Comm:
> 12.xvda3-0 Tainted: G   O4.9.34-29.el6.x86_64 #1
> Jul 16 06:01:03 guest kernel: end_request: I/O error, dev xvda3, sector
> 6127872
> Jul 16 06:01:03 dom0 kernel: [452361.692171] SLUB: Unable to allocate
> memory on node -1, gfp=0x200(GFP_NOWAIT)
> Jul 16 06:01:07 dom0 kernel: [452365.438565] 12.xvda3-0: page allocation
> failure: order:0, mode:0x220(GFP_NOWAIT|__GFP_NOTRACK)
>

Re: [CentOS-virt] kernel-4.9.37-29.el7 (and el6)

[Johnny Hughes]

On 07/19/2017 09:23 AM, Johnny Hughes wrote:
> On 07/19/2017 04:27 AM, Piotr Gackiewicz wrote:
>> On Mon, 17 Jul 2017, Johnny Hughes wrote:
>>
>>> Are the testing kernels (kernel-4.9.37-29.el7 and kernel-4.9.37-29.el6,
>>> with the one config file change) working for everyone:
>>>
>>> (turn off: CONFIG_IO_STRICT_DEVMEM)
>>
>> Hello.
>> Maybe it's not the most appropriate thread or time, but I have been
>> signalling it before:
>>
>> 4.9.* kernels do not work well for me any more (and for other people
>> neither, as I know). Last stable kernel was 4.9.13-22.
>>
>> Since 4.9.25-26 I do often get:
>> on 3 supermicro servers (different generations):
>> - memory allocation errors on Dom0 and corresponding lost lost page writes
>> due to buffer I/O error on PV guests
>> - after such memory allocation error od dom0 I have spotted also:
>> - NFS client hangups on guests (server not responding, still trying
>> => server OK)
>> - iptables lockups on PV guest reboot
>>
>> on 1 supermicro server:
>> - memory allocation errors on Dom0 and SATA lockups (many, if not SATA
>> channels at
>> - once):
>> exception Emask 0x0 SAct 0x20 SErr 0x0 action 0x6 frozen
>> hard resetting link
>> failed to IDENTIFY (I/O error, err_mask=0x4)
>> then: blk_update_request: I/O error, dev sd., sector 
>>
>>
>> All of these machines have been tested with memtest, no detected memory
>> problems.
>> No such things occur, when I boot 4.9.13-22
>> Most of my guests are centos 6 x86_64, bridged.
>>
>> Do anyone had such problems, dealt with it somehow?
>>
>>
>> Since spotting these errors I have done many tests, compiled and tested to
>> point out single code change (kernel version, patch) - no conclusions yet.
>>
>> But one has changed much between 4.9.13 and 4.9.25: kernel size and
>> configuration.
>> 4.9.13 size was 6MB and 4.9.24 is 7.1MB. Many modules have been
>> compiled into kernel, here is shortened, but significant list:
>> - iptables (NETFILTER_XTABLES, IP_NF_FILTER, IP_NF_TARGET_REJECT)
>> - SATA_AHCI
>> - ATA_AHCI (PATA, what a heck?)
>> - FBDEV_FRONTEND
>> - HID_MAGICKMOUSE
>> - HID_NTRIG
>> - USB_XHCI
>> - INTEL_SMARTCONNECT
>>
> Modules that are not loaded are not used.  It has no impact at all on
> performance or compatibility unless it is used.  If you take an lsmod of
> the kernel that works and one of the kernel with issues, we can see if
> there are LOADED modules that might cause issues.
> 
> The modules that are built are the same as Fedora and if in the RHEL 7
> kernel, RHEL 7.
> 
> We did troubleshoot and turn off some things recently, one thing in
> particular was CONFIG_IO_STRICT_DEVMEM , which is on in fedora, but
> which is off in some other distros and causes issues with ISCSI and some
> other things.
> 
> We also added some specific xen patches, one for netback queue, one for
> apic, one for nested dom0.  Also upstream has added in several xen
> patches since 4.9.13.

There are several very important patches in this kernel for xen (for
example):

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] kernel-4.9.37-29.el7 (and el6)

[Johnny Hughes]

On 07/19/2017 04:27 AM, Piotr Gackiewicz wrote:
> On Mon, 17 Jul 2017, Johnny Hughes wrote:
> 
>> Are the testing kernels (kernel-4.9.37-29.el7 and kernel-4.9.37-29.el6,
>> with the one config file change) working for everyone:
>>
>> (turn off: CONFIG_IO_STRICT_DEVMEM)
> 
> Hello.
> Maybe it's not the most appropriate thread or time, but I have been
> signalling it before:
> 
> 4.9.* kernels do not work well for me any more (and for other people
> neither, as I know). Last stable kernel was 4.9.13-22.
> 
> Since 4.9.25-26 I do often get:
> on 3 supermicro servers (different generations):
> - memory allocation errors on Dom0 and corresponding lost lost page writes
> due to buffer I/O error on PV guests
> - after such memory allocation error od dom0 I have spotted also:
> - NFS client hangups on guests (server not responding, still trying
> => server OK)
> - iptables lockups on PV guest reboot
> 
> on 1 supermicro server:
> - memory allocation errors on Dom0 and SATA lockups (many, if not SATA
> channels at
> - once):
> exception Emask 0x0 SAct 0x20 SErr 0x0 action 0x6 frozen
> hard resetting link
> failed to IDENTIFY (I/O error, err_mask=0x4)
> then: blk_update_request: I/O error, dev sd., sector 
> 
> 
> All of these machines have been tested with memtest, no detected memory
> problems.
> No such things occur, when I boot 4.9.13-22
> Most of my guests are centos 6 x86_64, bridged.
> 
> Do anyone had such problems, dealt with it somehow?
> 
> 
> Since spotting these errors I have done many tests, compiled and tested to
> point out single code change (kernel version, patch) - no conclusions yet.
> 
> But one has changed much between 4.9.13 and 4.9.25: kernel size and
> configuration.
> 4.9.13 size was 6MB and 4.9.24 is 7.1MB. Many modules have been
> compiled into kernel, here is shortened, but significant list:
> - iptables (NETFILTER_XTABLES, IP_NF_FILTER, IP_NF_TARGET_REJECT)
> - SATA_AHCI
> - ATA_AHCI (PATA, what a heck?)
> - FBDEV_FRONTEND
> - HID_MAGICKMOUSE
> - HID_NTRIG
> - USB_XHCI
> - INTEL_SMARTCONNECT
> 
Modules that are not loaded are not used.  It has no impact at all on
performance or compatibility unless it is used.  If you take an lsmod of
the kernel that works and one of the kernel with issues, we can see if
there are LOADED modules that might cause issues.

The modules that are built are the same as Fedora and if in the RHEL 7
kernel, RHEL 7.

We did troubleshoot and turn off some things recently, one thing in
particular was CONFIG_IO_STRICT_DEVMEM , which is on in fedora, but
which is off in some other distros and causes issues with ISCSI and some
other things.

We also added some specific xen patches, one for netback queue, one for
apic, one for nested dom0.  Also upstream has added in several xen
patches since 4.9.13.

And yes, we did change the kernel configs specifically to add in
iptables as many people want them.

If you can point to problems with a specific module, we can discuss it
here and turn it off if necessary.



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] New xen-4.6.6 rpms for CentOS-6 and CentOS-7

[Johnny Hughes]

There are new xen-4.6.6 rpms for CentOS-6 and CentOS-7 in the testing
repository on buildlogs.centos.org.

Can we please get some testing of these RPMs and feedback to this list.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] kernel-4.9.37-29.el7 (and el6)

[Johnny Hughes]

On 07/17/2017 09:47 AM, Kristián Feldsam wrote:
> Hello, is this kernel usable also for KVM or is only for XEN?
> 
>

It certainly will work with KVM (I use it on my KVM test server and my
xen test server.

But a better kernel probably for KVm is here:

http://mirror.centos.org/altarch/7/experimental/x86_64/


>> On 17 Jul 2017, at 16:45, Johnny Hughes <joh...@centos.org
>> <mailto:joh...@centos.org>> wrote:
>>
>> Are the testing kernels (kernel-4.9.37-29.el7 and kernel-4.9.37-29.el6,
>> with the one config file change) working for everyone:
>>
>> (turn off: CONFIG_IO_STRICT_DEVMEM)
>>
>> If we don't hear any negative comments by Wednesday July 19th, 2017 then
>> we are going to push those to updates as they solve iscsi issues with
>> some hardware and don't seem to impact anything else based on limited
>> testing.
>>
>> BTW .. to test, edit the xen repo config file in /etc/yum.repos.d/ and
>> turn on the testing repository  .. or
>>
>> yum --enablerepo=centos-virt-xen-testing upgrade kernel*
>>



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] kernel-4.9.37-29.el7 (and el6)

[Johnny Hughes]

Are the testing kernels (kernel-4.9.37-29.el7 and kernel-4.9.37-29.el6,
with the one config file change) working for everyone:

(turn off: CONFIG_IO_STRICT_DEVMEM)

If we don't hear any negative comments by Wednesday July 19th, 2017 then
we are going to push those to updates as they solve iscsi issues with
some hardware and don't seem to impact anything else based on limited
testing.

BTW .. to test, edit the xen repo config file in /etc/yum.repos.d/ and
turn on the testing repository  .. or

yum --enablerepo=centos-virt-xen-testing upgrade kernel*

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] 4.9.34-29 EL6 and EL7 kernels

[Johnny Hughes]

OK, thanks to Giuseppe's troubleshooting and help, I think we have
gotten this iscsi issue fixed.

There is now a new kernel-4.9.37-29.el7 (and el6) kernel in the testing
repo.

Please test this kernel and provide feedback so we can release it.

The only change is to turn off:  CONFIG_IO_STRICT_DEVMEM  (and of course
the upgrade to 4.9.37).

Thanks,
Johnny Hughes

On 06/30/2017 11:03 AM, Giuseppe Tanzilli - Serverplan wrote:
> Hi,
> I tried this new kernel on out xen testbed with centos 6 and iscsi over
> qlog 57810 is not working,
> tried replacing drivers from manufacturer but does not work either.
> 
> tried 4.9.23 from repo and is not working
> 
> finally the old 4.9.13-22.el6.x86_64 is the only one from 4.9.x taht is
> working with hw iscsi on this cards.
> 
> I will be happy to help debug the issue and get a latest kernel working
> with iscsi .
> 
> thanks,
>   Giuseppe
> 
> 
> On 27/06/2017 16:40, Johnny Hughes wrote:
>> OK Guys and Gals,
>>
>> We have just kicked off a build of the 4.9.34-29 xen kernel on the
>> Community Build Service for both EL6 and EL7.
>>
>> This kernel has some important things in it.
>>
>> 1.  It has a patch for the stack guard issue (CVE-2017-1000364). Also
>> the patch for Xen Security fix XSA-216.
>>
>> See these upstream changelogs for ALL kernel commits from 4.9.31 to 4.9.34:
>>
>> https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.32
>> https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.33
>> https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.34
>>
>> 2.  It has a fix for the xen-netback rate limit queues
>> (http://www.spinics.net/lists/netdev/msg441578.html)  (Thanks very much
>> to Kevin Stange and Jean-Louis Dupond for finding a fix for this issue)
>>
>> 3.  It now contains debuginfo files (thanks to Sarah Newman for this
>> amazing addition!).
>>
>> =
>>
>> The kernels are currently building, it will likely take 4 to 6 hours for
>> them to make their way to the applicable testing repos:
>>
>> CentOS-7:
>> https://buildlogs.centos.org/centos/7/virt/x86_64/xen-46/
>>
>> or
>>
>> CentOS-6:
>> https://buildlogs.centos.org/centos/6/virt/x86_64/xen-44/
>> https://buildlogs.centos.org/centos/6/virt/x86_64/xen-46/
>>
>> =
>>
>> If you actually need the debuginfo files, they will be here (also in 4
>> or so hours):
>>
>> CentOS-7:
>> http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/debug/
>>
>> CentOS-6:
>> http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/debug/
>>
>> =
>>
>> Let's do some real testing of these and see if we can solve the issues
>> people are having .. this should already solve server and the debuginfo
>> files should help solve others. 
>>
>> I think Kevin and Jean-Louis also know how to solve the Windows BSOD
>> when run on a Xen 4.9.x dom0 server .. they can comment here.  Hopefully
>> whoever maintains the newer Windows drivers will fix the ACPI / APIC
>> issues and no work around will be necessary soon(ish).
>>
>> I also want to personally (and publicly) thank Kevin, Jean-Louis, and
>> Sarah for the substantial work and the community collaboration.  This is
>> EXACTLY what we need for the Virt SIG .. people solving problems and
>> doing github pull requests so we can, together as a group, get these
>> projects working much better. 
>>
>> If someone else wants to help us with the Kernel .. or Xen .. here are
>> our github branches:
>>
>> https://github.com/CentOS-virt7/xen-kernel
>>
>> https://github.com/CentOS-virt7/xen
>>
>> Fork them .. work on them .. talk to us on #centos-virt in freenode or
>> on this mailing list .. then once we are all happy, you can submit a
>> pull request and we'll get your issues fixed.
>>
>> Thanks,
>> Johnny Hughes
>>
>>
>>
>>
>> ___
>> CentOS-virt mailing list
>> CentOS-virt@centos.org
>> https://lists.centos.org/mailman/listinfo/centos-virt
> 
> 
> -- 
> --
> Giuseppe Tanzilli
> Serverplan 
> 
> 
> 
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
> 




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] 4.9.34-29 EL6 and EL7 kernels

[Johnny Hughes]

OK Guys and Gals,

We have just kicked off a build of the 4.9.34-29 xen kernel on the
Community Build Service for both EL6 and EL7.

This kernel has some important things in it.

1.  It has a patch for the stack guard issue (CVE-2017-1000364). Also
the patch for Xen Security fix XSA-216.

See these upstream changelogs for ALL kernel commits from 4.9.31 to 4.9.34:

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.32
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.33
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.34

2.  It has a fix for the xen-netback rate limit queues
(http://www.spinics.net/lists/netdev/msg441578.html)  (Thanks very much
to Kevin Stange and Jean-Louis Dupond for finding a fix for this issue)

3.  It now contains debuginfo files (thanks to Sarah Newman for this
amazing addition!).

=

The kernels are currently building, it will likely take 4 to 6 hours for
them to make their way to the applicable testing repos:

CentOS-7:
https://buildlogs.centos.org/centos/7/virt/x86_64/xen-46/

or

CentOS-6:
https://buildlogs.centos.org/centos/6/virt/x86_64/xen-44/
https://buildlogs.centos.org/centos/6/virt/x86_64/xen-46/

=

If you actually need the debuginfo files, they will be here (also in 4
or so hours):

CentOS-7:
http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/debug/

CentOS-6:
http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/debug/

=

Let's do some real testing of these and see if we can solve the issues
people are having .. this should already solve server and the debuginfo
files should help solve others. 

I think Kevin and Jean-Louis also know how to solve the Windows BSOD
when run on a Xen 4.9.x dom0 server .. they can comment here.  Hopefully
whoever maintains the newer Windows drivers will fix the ACPI / APIC
issues and no work around will be necessary soon(ish).

I also want to personally (and publicly) thank Kevin, Jean-Louis, and
Sarah for the substantial work and the community collaboration.  This is
EXACTLY what we need for the Virt SIG .. people solving problems and
doing github pull requests so we can, together as a group, get these
projects working much better. 

If someone else wants to help us with the Kernel .. or Xen .. here are
our github branches:

https://github.com/CentOS-virt7/xen-kernel

https://github.com/CentOS-virt7/xen

Fork them .. work on them .. talk to us on #centos-virt in freenode or
on this mailing list .. then once we are all happy, you can submit a
pull request and we'll get your issues fixed.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen 4.6.3-15 packages, including XSAs 216-219, 221-225 on their way through the build system

[Johnny Hughes]

Yes EL6 and EL7.

I am writing up an email right now for 4.9.34-29

It should be in both testing repos in 4-6 hours from now (hopefully)

Thanks,
Johnny Hughes

On 06/26/2017 06:59 AM, Giuseppe Tanzilli - Serverplan wrote:
> Hi,
> that kernel fix will be released on 6.x repo also ?
> I see it only on 7.x repo   kernel-4.9.31-27.el7.x86_64.rpm
> 
> 
> thanks
> 
> 
> On 20/06/2017 20:15, Sarah Newman wrote:
>> On 06/20/2017 05:06 AM, George Dunlap wrote:
>>> Xen 4.6.3-15 packages for CentOS 6 and CentOS 7 are on their way
>>> through the build system.  They should show up in centos-virt-testing
>>> in a few hours, and in the main mirrors tomorrow morning (God
>>> willing).
>>>
>>> These contain several critical updates; users are encouraged to update
>>> as soon as possible.
>>>
>> There are also Linux kernel changes in XSA-216. They apply cleanly to
>> 4.9.31 and presumably also 4.9.25.
>>
>> --Sarah



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] xen-4.6.3-14.el6.x86_64

[Johnny Hughes]

On 05/22/2017 03:38 AM, Piotr Gackiewicz wrote:
> 
> Hello,
> 
> xen-4.6.3-14.el6.x86_64 is in testing since 5th of May.
> Isn't it production ready yet?
> It fixes 3 XSAs...
> 

Did you test it, does it work?



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen C6 kernel 4.9.13 and testing 4.9.15 only reboots.

[Johnny Hughes]

On 04/19/2017 12:18 PM, PJ Welsh wrote:
> 
> On Wed, Apr 19, 2017 at 5:40 AM, Johnny Hughes <joh...@centos.org
> <mailto:joh...@centos.org>> wrote:
> 
> On 04/18/2017 12:39 PM, PJ Welsh wrote:
> > Here is something interesting... I went through the BIOS options and
> > found that one R710 that *is* functioning only differed in that "Logical
> > Processor"/Hyperthreading was *enabled* while the one that is *not*
> > functioning had HT *disabled*. Enabled Logical Processor and the system
> > starts without issue! I've rebooted 3 times now without issue.
> > Dell R710 BIOS version 6.4.0
> > 2x Intel(R) Xeon(R) CPU L5639  @ 2.13GHz
> > 4.9.20-26.el7.x86_64 #1 SMP Tue Apr 4 11:19:26 CDT 2017 x86_64 x86_64
> > x86_64 GNU/Linux
> >
> 
> Outstanding .. I have now released a 4.9.23-26.el6 and .el7 to the
> system as normal updates.  It should be available later today.
> 
> 
> 
>  
> I've verified with a second Dell R710 that disabling
> Hyperthreading/Logical Processor causes the primary xen booting kernel
> to fail and reboot. Consequently, enabling allows for the system to
> start as expected and without any issue:
> Current tested kernel was: 4.9.13-22.el7.x86_64 #1 SMP Sun Feb 26
> 22:15:59 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
> 
> I just attempted an update and the 4.9.23-26 is not yet up. Does this
> update address the Hyperthreading issue in any way?
> 

I don't think so .. at least I did not specifically add anything to do so.

You can get it here for testing:

https://buildlogs.centos.org/centos/7/virt/x86_64/xen/

(or from /6/ as well for CentOS-6)

Not sure why it did not go out on the signing run .. will check that server.





signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] virsh error: driver is not whitelisted

[Johnny Hughes]

On 04/19/2017 10:00 AM, Marco Aurelio L. Gomes wrote:
> Hi,
> 
> I'm using virsh to instance a VM in my environment, but I'm running on
> some issues. 


> I got the following error:
> 
> error: Failed to create domain from domain.xml
> error: internal error: qemu unexpectedly closed the monitor:
> 2017-04-17T17:00:37.012369Z qemu-kvm: -drive
> file=fat:/usr/src/dpdk-stable-16.11.1,if=none,id=drive-virtio-disk1,readonly=on:
> Driver 'vvfat' is not whitelisted
> 
> If I comment the disk that cause this error, the instance starts without
> error. Is there a way to whitelist this vvfat driver to instance this VM?
> 
> And the strange thing about this error is that when I check the
> available drives, there is vvfat in the list:
> 
> /usr/libexec/qemu-kvm -drive format=?
> Supported formats: ftps http null-aio null-co file quorum blkverify
> vvfat blkreplay qed raw qcow2 bochs dmg vmdk parallels vhdx vpc https
> sheepdog host_cdrom ssh host_device nbd gluster qcow iscsi rbd tftp ftp
> vdi blkdebug luks cloop
> 
> Here some information about the environment:
> 
> cat /etc/redhat-release
> CentOS Linux release 7.3.1611 (Core)
> 
> virsh --version
> 2.0.0
> 
> /usr/libexec/qemu-kvm --version
> QEMU emulator version 2.6.0 (qemu-kvm-ev-2.6.0-28.el7_3.6.1), Copyright
> (c) 2003-2008 Fabrice Bellard
> 
> Thanks in advance for the help
> 


If you look here:

https://rwmj.wordpress.com/2015/09/25/virt-v2v-libguestfs-and-qemu-remote-drivers-in-rhel-7/

The things supported by qemu-img and qemu are not necessarily the same.

If you look at the last qemu-kvm.spec file, you can see what is set to
rw and ro:

https://git.centos.org/raw/rpms!qemu-kvm/976a86fff9adb9a2a6968b9f73fe9a615266f59b/SPECS!qemu-kvm.spec

--block-drv-rw-whitelist=qcow2,raw,file,host_device,blkdebug,nbd,iscsi,gluster,rbd


--block-drv-ro-whitelist=vmdk,vhdx,vpc,ssh,https

So, those listed files are the only ones that will work.

You would need to recompile the qemu-kvm RPMs after modifying those
whitelist lines in the spec file if you want to add things to the whitelist.





signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen C6 kernel 4.9.13 and testing 4.9.15 only reboots.

[Johnny Hughes]

On 04/14/2017 03:26 PM, Anderson, Dave wrote:
> Sad to say that I already tested 4.9.20-26 from your repo yesterday...it does 
> look a little cleaner before it dies, but still dies. I have not tested it 
> with the vcpu=4 wokaround, but I can tonight if you would like. Relevant bits 
> below:
> 
> Loading Xen 4.6.3-12.el7 ...
> Loading Linux 4.9.20-26.el7.x86_64 ...
> Loading initial ramdisk ...
> [0.00] Linux version 4.9.20-26.el7.x86_64 (mockbuild@) (gcc version 
> 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Tue Apr 4 11:19:26 CDT 2017
> 
> 
> 
> [6.195089] smpboot: Max logical packages: 1
> [6.199549] VPMU disabled by hypervisor.
> [6.203663] Performance Events: SandyBridge events, PMU not available due 
> to virtualization, using software events only.
> [6.215436] NMI watchdog: disabled (cpu0): hardware events not enabled
> [6.222139] NMI watchdog: Shutting down hard lockup detector on all cpus
> [6.229165] installing Xen timer for CPU 1
> [6.233849] installing Xen timer for CPU 2
> [6.238504] installing Xen timer for CPU 3
> [6.243139] installing Xen timer for CPU 4
> [6.247836] installing Xen timer for CPU 5
> [6.252478] installing Xen timer for CPU 6
> [6.257155] installing Xen timer for CPU 7
> [6.261795] installing Xen timer for CPU 8
> [6.266358] smpboot: Package 1 of CPU 8 exceeds BIOS package data 1.
> [6.272736] [ cut here ]
> [6.277358] kernel BUG at arch/x86/kernel/cpu/common.c:997!
> [6.280104] random: fast init done
> [6.286333] invalid opcode:  [#1] SMP
> [6.290343] Modules linked in:
> [6.293430] CPU: 8 PID: 0 Comm: swapper/8 Not tainted 4.9.20-26.el7.x86_64 
> #1
> [6.300568] Hardware name: Supermicro X9DRT/X9DRT, BIOS 3.2a 08/04/2015
> [6.307183] task: 880058a68000 task.stack: c900400c
> [6.313103] RIP: e030:[]  [] 
> identify_secondary_cpu+0x57/0x80
> [6.322019] RSP: e02b:c900400c3f08  EFLAGS: 00010086
> [6.327333] RAX: ffe4 RBX: 88005d80a020 RCX: 
> 81e5ffc8
> [6.334473] RDX: 0001 RSI: 0005 RDI: 
> 0005
> [6.341607] RBP: c900400c3f18 R08: 00ce R09: 
> 
> [6.348738] R10: 0005 R11: 0006 R12: 
> 0008
> [6.355873] R13:  R14:  R15: 
> 
> [6.363006] FS:  () GS:88005d80() 
> knlGS:
> [6.371090] CS:  e033 DS: 002b ES: 002b CR0: 80050033
> [6.376837] CR2:  CR3: 01e07000 CR4: 
> 00042660
> [6.383970] Stack:
> [6.386004]  0008  c900400c3f28 
> 8104ebce
> [6.393483]  c900400c3f40 81029855  
> c900400c3f50
> [6.400963]  810298d0   
> 
> [6.408450] Call Trace:
> [6.410907]  [] smp_store_cpu_info+0x3e/0x40
> [6.416753]  [] cpu_bringup+0x35/0x90
> [6.421981]  [] cpu_bringup_and_idle+0x20/0x40
> [6.427987] Code: 44 89 e7 ff 50 68 0f b7 93 d2 00 00 00 39 d0 75 1c 0f b7 
> bb da 00 00 00 44 89 e6 e8 e4 02 01 00 85 c0 75 07 5b 41 5c 5d c3 0f 0b <0f> 
> 0b 0f b7 8b d4 00 00 00 89 c2 44 89 e6 48 c7 c7 e8 ce ca 81 
> [6.448249] RIP  [] identify_secondary_cpu+0x57/0x80
> [6.454801]  RSP 
> [6.458305] ---[ end trace 2f9b62c5c7050204 ]---
> 
> 
> So basically, it removes the "[Firmware Bug]: CPU1: APIC id mismatch. 
> Firmware: 0 APIC: 1"  lines, but otherwise dies the same way. I included a 
> few extra lines up from the panic because the "[6.195089] smpboot: Max 
> logical packages: 1" could possibly be relevant, I need to go look at a clean 
> boot to see if that was in there on this machine.
> 
> 
> Even more strangely, in addition to the machine I'm talking about which 
> panics and reboots, I had a second nearly identical machine (different 
> CPU/ram config, everything else the same) which booted but had some kind of 
> hw conflict with 4.9.x that I never had before. It appears to be between 
> Intel SCU and an intel PCIe NVMe SSD (luckily I wasn't using SCU, so I 
> disabled that). Had that other machine not booted I would have just assumed 
> 4.9.X was totally broken and sat on 3.18...so I'm glad that one machine 
> booted at least :)
> 
> Thanks,
> -Dave

Dave,

Just for testing purposes, can you try booting the kernel in the normal
way on the machine does does not work (a normal grub entry on the kernel
with no xen.gz line)

That way, we can hopefully narrow the issue down to a h

Re: [CentOS-virt] Is Xen on CentOS 7 production ready?

[Johnny Hughes]

On 04/14/2017 03:47 PM, redundantl y wrote:
> I see the announcement from February that it's available, but is it
> considered to be safe for Production use?  The documentation in the SIG
> still only references CentOS 6.
> 
> https://wiki.centos.org/Manuals/ReleaseNotes/Xen4-01
> https://wiki.centos.org/HowTos/Xen/Xen4QuickStart
> 

Yes, xen-4.6.x on CentOS 7 is probably better than any version running
on CentOS 6.

You can not use Secure boot though, and even UEFI is also not well
supported.



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen C6 kernel 4.9.13 and testing 4.9.15 only reboots.

[Johnny Hughes]

Dave,

Take a look at this kernel as it is the one I think we are going to
release (or a slightly newer 4.9.2x from kernel.org LTS). This version
has some newer settings that are more redhat/fedora/centos base kernel
like WRT what is a module and what is built into the kernel, etc.

https://people.centos.org/hughesjr/4.9.x/

Thanks,
Johnny Hughes

On 04/14/2017 05:16 AM, Anderson, Dave wrote:
> List moderator: feel free to delete my previous large message with 
> attachments that's in the moderation queue...it's now obsolete anyway.
> 
> 
> I have found a fix/workaround for my reboot issues with Xen 4.6.3-12 + Kernel 
> 4.9.13:
> 
> Once I finally got serial output all the way through the boot process 
> (xen+dom0) I discovered the stack trace:
> 
> [Firmware Bug]: CPU7: APIC id mismatch. Firmware: 0 APIC: 7
> installing Xen timer for CPU 8
> [Firmware Bug]: CPU8: APIC id mismatch. Firmware: 0 APIC: 20
> smpboot: Package 1 of CPU 8 exceeds BIOS package data 1.
> [ cut here ]
> kernel BUG at arch/x86/kernel/cpu/common.c:997!
> invalid opcode:  [#1] SMP
> Modules linked in:
> CPU: 8 PID: 0 Comm: swapper/8 Not tainted 4.9.13-22.el7.x86_64 #1
> Hardware name: Supermicro X9DRT/X9DRT, BIOS 3.2a 08/04/2015
> random: fast init done
> task: 880058a8c4c0 task.stack: c900400b4000
> RIP: e030:[]  [] 
> identify_secondary_cpu+0x57/0x80
> RSP: e02b:c900400b7f08  EFLAGS: 00010086
> RAX: ffe4 RBX: 88005d80a020 RCX: 81c5be68
> RDX: 0001 RSI: 0005 RDI: 0005
> RBP: c900400b7f18 R08: 00cb R09: 0004
> R10:  R11: 0006 R12: 0008
> R13:  R14:  R15: 
> FS:  () GS:88005d80() knlGS:
> CS:  e033 DS: 002b ES: 002b CR0: 80050033
> CR2:  CR3: 01c07000 CR4: 00042660
> Stack:
>  0008  c900400b7f28 8104e94e
>  c900400b7f40 81029925  c900400b7f50
>  810299a0   
> Call Trace:
>  [] smp_store_cpu_info+0x3e/0x40
>  [] cpu_bringup+0x35/0x90
>  [] cpu_bringup_and_idle+0x20/0x40
> Code: 44 89 e7 ff 50 68 0f b7 93 d2 00 00 00 39 d0 75 1c 0f b7 bb da 00 00 00 
> 44 89 e6 e8 24 03 01 00 85 c0 75 07 5b 41 5c 5d c3 0f 0b <0f> 0b 0f b7 8b d4 
> 00 00 00 89 c2 44 89 e6 48 c7 c7 98 87 a6 81 
> RIP  [] identify_secondary_cpu+0x57/0x80
>  RSP 
> ---[ end trace dc5563100443876e ]---
> 
> I surmised that reducing the number of dom0 vcpu might solve this issue (they 
> were unbounded)
> 
> In testing adding "dom0_max_vcpus=4 dom0_vcpus_pin" to the 
> GRUB_CMDLINE_XEN_DEFAULT line in /etc/defaults/grub and re-running 
> grub2-mkconfig has resulted in the system I have that never booted Xen 
> 4.6.3-12 + Kernel 4.9.13, booting every single time out of 5-10 tests.
> 
> 
> So...I don't know if there's a race condition somewhere, or what...but...so 
> far this workaround has not failed me.
> 
> Thanks,
> -Dave
> 
> 
> 
>> On Fri, Apr 7, 2017 at 6:58 AM, PJ Welsh >> wrote:
>>> I've not gotten any bites from my posting on the xen-devel mailing list.
>>> Here is the only one to-date:
>>> https://lists.xen.org/archives/html/xen-devel/2017-04/msg01069.html
>>>
>>> From that email, there needs to be some hypervisor messages.
>>>
>>> Does anyone know how to produce the hypervisor messages? I've already
>>
>>> removed the rhgb and quiet options from the boot.
>>
>>>
>>> Thanks
>>> PJ
>>
>>
>> I spoke too soon. To get more information: Please see
>>
>> https://wiki.xenproject.org/wiki/Reporting_Bugs_against_Xen_Project
>>
>> and
>>
>> https://wiki.xenproject.org/wiki/Xen_Serial_Console
>>
>> or alternatively at least add "vga=keep".
>>
>> pjwelsh
> 
> 
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
> 




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen C6 kernel 4.9.13 and testing 4.9.15 only reboots.

[Johnny Hughes]

On 03/28/2017 04:55 PM, PJ Welsh wrote:
> The mystery gets more interesting... I now have a CentOS 7.3 Dell R710
> server doing the exact same thing of rebooting immediately after the Xen
> kernel load. Just to note this is a second system and not just the first
> system with an update. I hope I'm not introducing something odd. They
> only "interesting" thing I have done for historical reasons is to change
> the following /etc/sysconfig/grub line:
> GRUB_CMDLINE_XEN_DEFAULT="dom0_mem=6G,max:8G cpuinfo com1=115200,8n1
> console=com1,tty loglvl=all guest_loglvl=all"
> But I've done that on other servers without issue. In fact I have a Dell
> R710 that DOES work with CentOS 7 and the new kernel... so confused.
> 
> On Fri, Mar 24, 2017 at 1:44 PM, Sarah Newman <s...@prgmr.com
> <mailto:s...@prgmr.com>> wrote:
> 
> On 03/24/2017 11:35 AM, PJ Welsh wrote:
> > As a follow up I was able to test fresh install on Dell R710 and a Dell
> > R620 with success on CentOS 7.3 without issue on the new kernel.  My new
> > plan will be to just move this C6 to one of the C7 I just created.
> 
> That sounds like a compiler problem, since I think the C6 and C7
> kernels are built from the same source.
> 

OK, I have a new CentOS-6 4.9.20-26 kernel here for testing:

https://people.centos.org/hughesjr/4.9.16/6/x86_64/

I am building the el7 one right now as well, it will be at:

https://people.centos.org/hughesjr/4.9.16/7/x86_64/

George and I found some issues with the 4.9.x config files for the xen
kernel.  Hopefully this one is much more stable as it has many changes
from the fedora/rhel type configs now (what is built into the kernel,
what is loaded as a kernel module, etc.)

Please test these kernels so we can get them released.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen 4.6.3-9 release

[Johnny Hughes]

On 03/30/2017 12:36 PM, Brandon Shoemaker wrote:
> Hi list,
> 
>  
> 
> Xen 4.6.3-9 will be general release soon?
> 
> 
> 

Sorry, I am in the middle of the 6.9 general release and removal of
CentOS-5 due to EOL the last couple days.  Hopefully we can release all
the xen stuff as well by the end of the week.




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Clocksource boot issues 4.9.13

[Johnny Hughes]

On 04/03/2017 04:20 AM, George Dunlap wrote:
> On Sun, Apr 2, 2017 at 9:22 PM, Sarah Newman <s...@prgmr.com> wrote:
>> On 04/02/2017 02:49 AM, Chris Elliott wrote:
>>> Hi all
>>>
>>> I’ve got a few Intel Z87 chipset machines with Adaptec 5405 raid cards 
>>> (latest firmware), they work fine on 3.18 but during Dom0 boot using kernel
>>> 4.9.13 it hangs at “Using clocksource tsc” and the aacraid driver keeps 
>>> trying to reset
>>>
>>> Has anyone seen anything like this?
>>>
>>> I’ve tried specifying clocksource=xen in grub instead of the default of 
>>> tsc, and that has the same issue. HPET is enabled and Xen is seeing it:
>>>
>>> (XEN) ACPI: HPET D9649CB0, 0038 (r1 ALASKAA M I  1072009 AMI.5) 
>>> (XEN) Platform timer is 14.318MHz HPET
>>
>> I saw a hang at a similar place in the boot process when trying to boot 
>> xen-on-xen for our test system. On a hunch I was going to to try recompiling
>> without the PVHVM PCI related driver (pci-platform ? platform-pci ? ) before 
>> saying anything about it.
>>
>> Since you tried changing the clock source I'm wondering is that the boot 
>> issue is unrelated to the clock source, in which case you may get a better
>> idea of what's hanging by comparing the boot logs from 3.18 to 4.9 and 
>> seeing what's present in 3.18 but not in 4.9. Presumably the messages in the
>> 3.18 but not 4.9 logs are either removed from the kernel source or happen 
>> after whatever is hanging.
> 
> The Xen-on-xen thing is a specific problem with nested Xen; I asked on
> xen-devel and was pointed to this commit.
> 
> Unfortunately it's pretty unlikely this one will help Chris.
> 
> But perhaps, Chris, if you follow my example and post a bug report to
> xen-devel (with serial output from Xen and the guest kernel), someone
> may be able to find a patch which fixes the problem.
> 

I have a test kernel that fixes the xen on xen issue:

https://people.centos.org/hughesjr/4.9.16/

there are 6 and 7 4.9.20 kernels in there .. give them a try.  (I know,
the directory say 4.9.16 and the newest kernels are 4.9.20 .. but it is
going away once we build them for real :D)

Also for chris:  try these parameters on the vmlinux line:

clocksource=tsc tsc=reliable

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen C6 kernel 4.9.13 and testing 4.9.15 only reboots.

[Johnny Hughes]

Maybe the BIOS versions are different on the two machines if they are
the same models.  Different disc controllers or modes set up?  Different
NICs or other add on cards?

On 03/28/2017 04:55 PM, PJ Welsh wrote:
> The mystery gets more interesting... I now have a CentOS 7.3 Dell R710
> server doing the exact same thing of rebooting immediately after the Xen
> kernel load. Just to note this is a second system and not just the first
> system with an update. I hope I'm not introducing something odd. They
> only "interesting" thing I have done for historical reasons is to change
> the following /etc/sysconfig/grub line:
> GRUB_CMDLINE_XEN_DEFAULT="dom0_mem=6G,max:8G cpuinfo com1=115200,8n1
> console=com1,tty loglvl=all guest_loglvl=all"
> But I've done that on other servers without issue. In fact I have a Dell
> R710 that DOES work with CentOS 7 and the new kernel... so confused.
> 
> On Fri, Mar 24, 2017 at 1:44 PM, Sarah Newman  > wrote:
> 
> On 03/24/2017 11:35 AM, PJ Welsh wrote:
> > As a follow up I was able to test fresh install on Dell R710 and a Dell
> > R620 with success on CentOS 7.3 without issue on the new kernel.  My new
> > plan will be to just move this C6 to one of the C7 I just created.
> 
> That sounds like a compiler problem, since I think the C6 and C7
> kernels are built from the same source.
> 
> --Sarah





signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Upgrade to Xen 4.7

[Johnny Hughes]

On 03/28/2017 07:00 AM, Francis The Metman wrote:
> Dear All
> I am running CentOS 7 with Xen 4.6
> I see 4.7 is out now, and want to upgrade to see if the USB Passthrough will 
> work. I have not been able to get it to work in 4.6
> What is the best way to upgrade. I am using the centos-release-xen at the 
> moment.

The 4.7 xen on the CBS is not production ready.  At some point we will
have a xen 4.8 set of RPMs, which we will support.




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] grub-bootxen.sh

[Johnny Hughes]

On 03/22/2017 09:35 AM, Alvin Starr wrote:
> I actually move the default *.repo files and replace them with "".
> 
> The thing is that Katello turns all the downloaded yum content into a
> single redhat.repo file and I don't have to install any more *-release-*
> rpms any more.
> 
> I would argue that I should not need to install any *-release-* rpms at
> all to get all the required software.

The reason it exists that way is to allow you to not get duplicate
kernel entries.  If we don't get the script installed before you get the
kernel, then you get a normal kernel entry, then later a xen kernel entry.

> 
> 
> On 03/22/2017 09:34 AM, -=X.L.O.R.D=- wrote:
>> Maybe you just don't need to remove anything at all but just move them to
>> another folder that does the same goal.
>> For *-release-*.rpm, again it is explained itself.
>>
>> Xlord
>>
>> -Original Message-
>> From: CentOS-virt [mailto:centos-virt-boun...@centos.org] On Behalf Of
>> Alvin
>> Starr
>> Sent: Tuesday, March 21, 2017 1:45 AM
>> To: centos-virt@centos.org
>> Subject: [CentOS-virt] grub-bootxen.sh
>>
>> This is not abit issue just a minor annoyance.
>>
>> I use Foreman to provision my systems and to keep control I remove all
>> the
>> default *.repo files andkeep away from installing more *.repo files so
>> I can
>> control the content via the foreman(katello) provided redhat.repo.
>>
>> I would argue that the *-release-*.rpm should not contain any setup code
>> but just the stuff in /etc/yum.repos.d.
>>
>>
> 




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen C6 kernel 4.9.13 and testing 4.9.15 only reboots.

[Johnny Hughes]

On 03/20/2017 01:20 PM, PJ Welsh wrote:
> No warning, but still just reboots with no notice.
> Is there any other system info you need?
> Thanks
> PJ
> 



Try the new 4.9.16-24 packages there now.  (reworked the config based on
a fedora kernel)




> On Mon, Mar 20, 2017 at 11:47 AM, Johnny Hughes <joh...@centos.org
> <mailto:joh...@centos.org>> wrote:
> 
>     On 03/20/2017 11:21 AM, Johnny Hughes wrote:
> > On 03/20/2017 08:35 AM, PJ Welsh wrote:
> >> Updating my CentOS 6.8 Xen server with new 4.9.13 kernel yields a
> kernel
> >> boot message of a few like "APIC ID MISMATCH" and the system reboots
> >> immediately without any other bits of info. This is on a Dell
> R710 with
> >> 64GB RAM and 2x 6-core Intel CPU's.
> >> As an additional test, I installed and attempted to run the current
> >> "testing" kernel of 4.9.16 with the exact same results.
> >>
> >> Anyone have an idea? The 3.18.x series runs without issue of course.
> >>
> >
> > I think the APIC ID MISMATCH is an expected and ignorable error ..
> see:
> >
> > https://patchwork.kernel.org/patch/9539933/
> <https://patchwork.kernel.org/patch/9539933/>
> >
> > I applied that patch and I am building a 4.9.16-23 right now, I 'll
> > publish it when it finishes.  Maybe with the error gone we can get a
> > better error in the console.
> >
> >
> 
> OK, try the 4.9.16-23 packages here:
> 
> https://people.centos.org/hughesjr/4.9.16/x86_64/
> <https://people.centos.org/hughesjr/4.9.16/x86_64/>
>



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen C6 kernel 4.9.13 and testing 4.9.15 only reboots.

[Johnny Hughes]

On 03/20/2017 11:21 AM, Johnny Hughes wrote:
> On 03/20/2017 08:35 AM, PJ Welsh wrote:
>> Updating my CentOS 6.8 Xen server with new 4.9.13 kernel yields a kernel
>> boot message of a few like "APIC ID MISMATCH" and the system reboots
>> immediately without any other bits of info. This is on a Dell R710 with
>> 64GB RAM and 2x 6-core Intel CPU's.
>> As an additional test, I installed and attempted to run the current
>> "testing" kernel of 4.9.16 with the exact same results.
>>
>> Anyone have an idea? The 3.18.x series runs without issue of course.
>>
> 
> I think the APIC ID MISMATCH is an expected and ignorable error .. see:
> 
> https://patchwork.kernel.org/patch/9539933/
> 
> I applied that patch and I am building a 4.9.16-23 right now, I 'll
> publish it when it finishes.  Maybe with the error gone we can get a
> better error in the console.
> 
> 

OK, try the 4.9.16-23 packages here:

https://people.centos.org/hughesjr/4.9.16/x86_64/




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen C6 kernel 4.9.13 and testing 4.9.15 only reboots.

[Johnny Hughes]

On 03/20/2017 08:35 AM, PJ Welsh wrote:
> Updating my CentOS 6.8 Xen server with new 4.9.13 kernel yields a kernel
> boot message of a few like "APIC ID MISMATCH" and the system reboots
> immediately without any other bits of info. This is on a Dell R710 with
> 64GB RAM and 2x 6-core Intel CPU's.
> As an additional test, I installed and attempted to run the current
> "testing" kernel of 4.9.16 with the exact same results.
> 
> Anyone have an idea? The 3.18.x series runs without issue of course.
> 

I think the APIC ID MISMATCH is an expected and ignorable error .. see:

https://patchwork.kernel.org/patch/9539933/

I applied that patch and I am building a 4.9.16-23 right now, I 'll
publish it when it finishes.  Maybe with the error gone we can get a
better error in the console.




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen C6 kernel 4.9.13 and testing 4.9.15 only reboots.

[Johnny Hughes]

On 03/20/2017 08:35 AM, PJ Welsh wrote:
> Updating my CentOS 6.8 Xen server with new 4.9.13 kernel yields a kernel
> boot message of a few like "APIC ID MISMATCH" and the system reboots
> immediately without any other bits of info. This is on a Dell R710 with
> 64GB RAM and 2x 6-core Intel CPU's.
> As an additional test, I installed and attempted to run the current
> "testing" kernel of 4.9.16 with the exact same results.
> 
> Anyone have an idea? The 3.18.x series runs without issue of course.

Try this kernel (the noarch kernel-doc is not done yet), but that is not
a required package:

https://people.centos.org/hughesjr/4.9.16/x86_64/

Let me know if that works or not .. we can try adjusting some other
config settings.

Don't worry about the centos.plus dist tag .. that will change when we
subnit it via the regular process.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] qemu-kvm-ev-2.6.0-28.el7_3.3.1 miss source rpm

[Johnny Hughes]

On 03/02/2017 08:40 PM, Chen Fan wrote:
> Hi,
> 
>Now I can update the qemu-kvm-ev to the latest version
> 2.6.0-28.el7_3.3.1 provided by qemu-kvm-ev repo, but I couldn't find
> 
> the according source package in source repo. was forgot :)? where can I
> find it?
> 
> 
http://cbs.centos.org/koji/packageinfo?packageID=539

You can get any package from any link there (including the SRPMS).



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Xen-4.4 branch End of Life

[Johnny Hughes]

The CentOS VIrtualization Special Interest Group wants to remind
everyone that the End of Life for the Xen-4.4 branch (currently
4.4.4-19) will be March 31st, 2017.

This is because the Xen Project will no longer support Xen-4.4 after
that date, based on this link:

https://wiki.xenproject.org/wiki/Xen_Project_Release_Features

Xen-4.6 is still available and will be maintained until October 2018 (on
both CentOS-6 and CentOS-7) and Xen-4.8 will be available soon.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] New 4.9.11-22 kernels and linux-firmware packages to test in xen-testing for CentOS-6 and CentOS-7

[Johnny Hughes]

On 02/21/2017 11:40 AM, Johnny Hughes wrote:
> I have pushed some new kernels and linux-firmware packages to the
> xen-testing repos for both CentOS-6 and CentOS-7.  The CentOS-7 packages
> may take a few hours to make it to the repo.
> 
> The CentOS-6 repo also contains a newer xfsprogs as that is required
> with newer kernels (https://bugzilla.redhat.com/show_bug.cgi?id=1314605).
> 
> This kernel (and supplementary xfsprogs, linux-firmware) are scheduled
> to be the replacements for the 3.18.x LTS tree that has gone EOL from
> Kernel.org.  We can maintain the 4.9 LTS tree until January 2019
> (https://www.kernel.org/category/releases.html).
> 
> We have added in blktap2 support to this kernel, please test that
> functionality if you need it, it seems to be working to me.
> 
> We really need people to test this kernel and associated packages
> thoroughly so we can find and fix issues before release.
> 
> Please post any issues or questions on this list.


OK, just tagged 4.9.13-22.el7 (and .el6) to the testing repos for xen on
c6 and c7 as this fixes the new dccp kernel issue.

Only have one person reporting good tests so far.  We need more testing
or we risk to breaking people's systems when we release later.




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen updates in the Testing Repo for XSA-207 and XSA-208

[Johnny Hughes]

On 02/18/2017 08:14 AM, Johnny Hughes wrote:
> On 02/17/2017 02:32 PM, Kevin Stange wrote:
>> Given the circumstances, might it make sense to offer formal advisories
>> of some type for these to indicate when the packages going to live are
>> for security or other reasons?
>>
> 
> We release xen every 2nd (even numbered) release as a goal (4.4, 4.6, 4.8)
> 
> We don't normally release anything other than security updates.  This is
> a SIG that requires community participation .. so far, George Dunlap and
> I are really the only people contributing.

What I mean is .. other than the base release in a major version (so the
first 4.6 release), the follow on updates all happen as the result of an
XSA from the list.

It is certainly possible that we COULD release a bugfix update at some
point, but if you look at my git repo:

https://github.com/hughesjr/xen

There is a xen-44 and a xen-46 branch .. you can see all the change and
why from there.  If you look, almost all of them are for XSAs.








signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] xen 4.7 or 4.8

[Johnny Hughes]

On 02/18/2017 02:07 AM, Christoph wrote:
> 
> Hi
> 
> are there somewhere pkgs with xen 4.7 or 4.8 for centos7?
> 

The SIG has agreed to maintain every other release (even numbered
release) of Xen.  So there will be a 4.8 set of packages at some point.

There are currently no released 4.8 packages.

I do see that we have some testing packages here:

http://cbs.centos.org/repos/virt7-xen-48-testing/x86_64/os/Packages/

George Dunlap can talk to the planned schedule for 4.8 and if those
packages are really ready for testing.



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen updates in the Testing Repo for XSA-207 and XSA-208

[Johnny Hughes]

On 02/17/2017 02:32 PM, Kevin Stange wrote:
> Given the circumstances, might it make sense to offer formal advisories
> of some type for these to indicate when the packages going to live are
> for security or other reasons?
>

We release xen every 2nd (even numbered) release as a goal (4.4, 4.6, 4.8)

We don't normally release anything other than security updates.  This is
a SIG that requires community participation .. so far, George Dunlap and
I are really the only people contributing.

This is volunteer work for both of us.  We could stand some more volunteers.

In any event, the updates we release come from here:

https://xenbits.xen.org/xsa/

When they release an XSA, we incorporate it and do a new release.

Support for older releases will be done (currently by only me ..
volunteers welcome) based on this schedule:

https://wiki.xenproject.org/wiki/Xen_Project_Release_Features

So, we will support 4.4 on CentOS-6 until 'March 2017' and 4.6 on
CentOS-6 and CentOS-7 until 'Oct 2018 '.  When the xen project stops
supporting a version, we will also stop supporting it.







> On 02/17/2017 09:51 AM, Johnny Hughes wrote:
>> These updates have now been pushed to mirror.centos.org and you can get
>> them from the main repos.
>>
>> On 02/15/2017 08:27 AM, Johnny Hughes wrote:
>>> There are xen rpms in the testing repos for XSA 207 and 208 in the
>>> testing repos (xen-4.4.4-18.el6,  xen-4.6.3-7.el6, xen-4.6.3-7.el7).
>>>
>>> You can enable the applicable centos-virt-xen-testing repo in your
>>> /etc/yum.repos.d/CentOS-Xen.repo file.
>>>
>>> Please report positive and negative tests to this list so we can promote
>>> the updates to the main repos.
>>>
>>> Thanks,
>>> Johnny Hughes






signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen updates in the Testing Repo for XSA-207 and XSA-208

[Johnny Hughes]

These updates have now been pushed to mirror.centos.org and you can get
them from the main repos.

On 02/15/2017 08:27 AM, Johnny Hughes wrote:
> There are xen rpms in the testing repos for XSA 207 and 208 in the
> testing repos (xen-4.4.4-18.el6,  xen-4.6.3-7.el6, xen-4.6.3-7.el7).
> 
> You can enable the applicable centos-virt-xen-testing repo in your
> /etc/yum.repos.d/CentOS-Xen.repo file.
> 
> Please report positive and negative tests to this list so we can promote
> the updates to the main repos.
> 
> Thanks,
> Johnny Hughes
> 
> 
> 
> 
> 
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
> 




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Xen updates in the Testing Repo for XSA-207 and XSA-208

[Johnny Hughes]

There are xen rpms in the testing repos for XSA 207 and 208 in the
testing repos (xen-4.4.4-18.el6,  xen-4.6.3-7.el6, xen-4.6.3-7.el7).

You can enable the applicable centos-virt-xen-testing repo in your
/etc/yum.repos.d/CentOS-Xen.repo file.

Please report positive and negative tests to this list so we can promote
the updates to the main repos.

Thanks,
Johnny Hughes





signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] NIC Stability Problems Under Xen 4.4 / CentOS 6 / Linux 3.18

[Johnny Hughes]

On 01/30/2017 12:59 PM, Kevin Stange wrote:
> On 01/30/2017 03:18 AM, Jinesh Choksi wrote:
>>> Are there other kernel options that might be useful to try?
>>
>> pci=nomsi
>>
>> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1521173/comments/13
> 
> Incidentally, already found that one and I'm trying it currently on one
> of the boxes.  So far there's been no issues, but it's only been since
> Friday.
> 
> Also, I found this:
> 
> https://xen.crc.id.au/support/guides/install/
> 
> There's a 4.4 kernel here built for Xen Dom0, which I'm giving a whirl
> to see how stable it is, also only since Friday.  I'm not using anything
> else he's packaged from his repo.
> 
> On a related note, does the SIG have plans to replace the 3.18 kernel
> which is marked as projected EOL of January 2017
> (https://www.kernel.org/category/releases.html)?
> 

I am currently working on a 4.4 kernel as a replacement for the 3.18
kernel.  I have it working well no el7, but not yet working well on el6.
 I hope to have something to release in the first 2 weeks of Feb. for
testing.



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] qemu-kvm-ev-2.6.0-28.el7_3.3.1 tagged for testing

[Johnny Hughes]

On 01/26/2017 01:12 AM, Sandro Bonazzola wrote:
> 
> 
> On Wed, Jan 25, 2017 at 8:20 PM, Lamar Owen  > wrote:
> 
> On 01/24/2017 11:29 PM, Sandro Bonazzola wrote:
> 
> Hi,
> the latest qemu-kvm-ev has been tagged for testing.
> Please give it a run and provide feedback.
> If nothing against it shows up, we'll tag it for release on Friday.
> 
> Is it considered normal for the test RPMs to not be signed?
> 
> 
> I've no control over signing, Karanbir?
> 
>  

The testing RPMs are not signed .. they are straight from CBS.  Does the
testing repo not have 'gpgcheck=0'?




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Selinux Problem

[Johnny Hughes]

On 01/26/2017 10:06 AM, Günther J. Niederwimmer wrote:
> Hello,
> 
> CentOS 7.(3) Xen 4.4,
> 
> Can I find any Doc for selinux with XEN, I found many Problems with selinux 
> on 
> Dom0 ?
> 
> Or have I to disable selinux when I install XEN.
> 
> Thank's for a answer.
> 

We have not tried to make xen work with selinux on Dom0 .. in fact our
documentation:

https://wiki.centos.org/Manuals/ReleaseNotes/Xen4-01

 says:

SELinux support is disabled, and you might need to disable SELinux on
the dom0 for some operations; primarily when using qemu-xen and blktap
backed storage.



I would go as far as to say turn it off for all operations currently on
Dom0.




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] NIC Stability Problems Under Xen 4.4 / CentOS 6 / Linux 3.18

[Johnny Hughes]

On 01/26/2017 09:32 AM, Johnny Hughes wrote:
> On 01/25/2017 11:49 AM, Kevin Stange wrote:
>> On 01/24/2017 11:16 AM, Kevin Stange wrote:
>>> On 01/24/2017 09:10 AM, Konrad Rzeszutek Wilk wrote:
>>>> On Tue, Jan 24, 2017 at 09:29:39PM +0800, -=X.L.O.R.D=- wrote:
>>>>> Kevin Stange,
>>>>> It can be either kernel or update the NIC driver or firmware of the NIC
>>>>> card. Hope that helps!
>>>>>
>>>>> Xlord
>>>>> -Original Message-
>>>>> From: CentOS-virt [mailto:centos-virt-boun...@centos.org] On Behalf Of 
>>>>> Kevin
>>>>> Stange
>>>>> Sent: Tuesday, January 24, 2017 1:04 AM
>>>>> To: centos-virt@centos.org
>>>>> Subject: [CentOS-virt] NIC Stability Problems Under Xen 4.4 / CentOS 6 /
>>>>> Linux 3.18
>>>>>
>>> 
>>>>>
>>>>> Has anyone experienced similar issues with this configuration, and if so,
>>>>> does anyone have tips on how to resolve the issues?
>>>>
>>>> Honeslty I would email Intel and see if they can help. This looks like
>>>> the NIC decides something is wrong, throws off an PCIe error and
>>>> then resets itself.
>>>
>>> This happens for several different NICs.  Is there a good contact at
>>> Intel for this kind of thing, or should I just try to reach them through
>>> their web site?
>>>
>>>> It could also be an error in the Linux stack which would "eat" an
>>>> interrupt when migrating interrupts (which was fixed
>>>> upstream, see below). Are you running irqbalance? Could you try
>>>> turning it off?
>>>
>>> irqbalance is enabled on these servers.  I'll try disabling it.
>>
>> I had stopped irqbalance yesterday afternoon, but had a hypervisor's
>> NICs fail anyway in early morning this morning, so I'm pretty sure this
>> is not the right tree to bark up.
>>
> 
> Here is a set of drivers/fireware from Intel for those NICs:
> 
> https://downloadcenter.intel.com/download/15817/Intel-Network-Adapter-Driver-for-PCI-E-Gigabit-Network-Connections-under-Linux-
> 
> I will see if I can get a CentOS-6 build of the latest version of that
> from our older SRPM:
> 
> http://vault.centos.org/6.7/xen4/Source/SPackages/e1000e-2.5.4-3.10.68.2.el6.centos.alt.src.rpm
> 
> I am currently very busy with several c5, c6, c7 updates and the i686
> altarch c7 tree .. but I have this on my list.  In the meantime, maybe
> someone else could also see if those drivers help you (or you could try
> to compile / install it).
> 
> Do you have another machine that you can use to see if you can duplicate
> the issue NOT running the xen.gz hypervisor boot, but just the straight
> kernel?

Actually .. I think this is the driver for you:

https://downloadcenter.intel.com/download/13663

And this explains how to make it work:

http://www.intel.com/content/www/us/en/support/network-and-i-o/ethernet-products/05767.html




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] NIC Stability Problems Under Xen 4.4 / CentOS 6 / Linux 3.18

[Johnny Hughes]

On 01/25/2017 11:49 AM, Kevin Stange wrote:
> On 01/24/2017 11:16 AM, Kevin Stange wrote:
>> On 01/24/2017 09:10 AM, Konrad Rzeszutek Wilk wrote:
>>> On Tue, Jan 24, 2017 at 09:29:39PM +0800, -=X.L.O.R.D=- wrote:
>>>> Kevin Stange,
>>>> It can be either kernel or update the NIC driver or firmware of the NIC
>>>> card. Hope that helps!
>>>>
>>>> Xlord
>>>> -Original Message-
>>>> From: CentOS-virt [mailto:centos-virt-boun...@centos.org] On Behalf Of 
>>>> Kevin
>>>> Stange
>>>> Sent: Tuesday, January 24, 2017 1:04 AM
>>>> To: centos-virt@centos.org
>>>> Subject: [CentOS-virt] NIC Stability Problems Under Xen 4.4 / CentOS 6 /
>>>> Linux 3.18
>>>>
>> 
>>>>
>>>> Has anyone experienced similar issues with this configuration, and if so,
>>>> does anyone have tips on how to resolve the issues?
>>>
>>> Honeslty I would email Intel and see if they can help. This looks like
>>> the NIC decides something is wrong, throws off an PCIe error and
>>> then resets itself.
>>
>> This happens for several different NICs.  Is there a good contact at
>> Intel for this kind of thing, or should I just try to reach them through
>> their web site?
>>
>>> It could also be an error in the Linux stack which would "eat" an
>>> interrupt when migrating interrupts (which was fixed
>>> upstream, see below). Are you running irqbalance? Could you try
>>> turning it off?
>>
>> irqbalance is enabled on these servers.  I'll try disabling it.
> 
> I had stopped irqbalance yesterday afternoon, but had a hypervisor's
> NICs fail anyway in early morning this morning, so I'm pretty sure this
> is not the right tree to bark up.
> 

Here is a set of drivers/fireware from Intel for those NICs:

https://downloadcenter.intel.com/download/15817/Intel-Network-Adapter-Driver-for-PCI-E-Gigabit-Network-Connections-under-Linux-

I will see if I can get a CentOS-6 build of the latest version of that
from our older SRPM:

http://vault.centos.org/6.7/xen4/Source/SPackages/e1000e-2.5.4-3.10.68.2.el6.centos.alt.src.rpm

I am currently very busy with several c5, c6, c7 updates and the i686
altarch c7 tree .. but I have this on my list.  In the meantime, maybe
someone else could also see if those drivers help you (or you could try
to compile / install it).

Do you have another machine that you can use to see if you can duplicate
the issue NOT running the xen.gz hypervisor boot, but just the straight
kernel?

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] recent Xen XSA's (199-204)

[Johnny Hughes]

On 01/03/2017 02:29 AM, Johnny Hughes wrote:
> On 01/02/2017 11:05 AM, Brandon Shoemaker wrote:
>> Hi list,
>>
>>  
>>
>> Are the recent Xen XSA’s (199-204) updates going to be released soon?
>>
>>  
>>
>> http://xenbits.xen.org/xsa/
> 
> They are in the testing repo .. waiting on feedback that they work.
> 
> 
> http://buildlogs.centos.org/centos/7/virt/
> 
> (or /6/ as well)

These are now tagged as released .. should make it to the mirrors on the
daily run tomorrow morning.




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Libvirt packages update

[Johnny Hughes]

On 11/30/2016 08:51 AM, -=X.L.O.R.D=- wrote:
> Jean,
> Thanks for info!
> 
> Xlord
> -Original Message-
> From: CentOS-virt [mailto:centos-virt-boun...@centos.org] On Behalf Of
> Jean-Marc Liger
> Sent: Wednesday, November 30, 2016 5:15 PM
> To: Discussion about the virtualization on CentOS 
> Subject: [CentOS-virt] Libvirt packages update
> 
> Hi,
> 
> As libvirt provided in CR repo is now 2.0.0, libvirt packages for Xen need
> to be updated.
> 
> Regards,
> 
> Jean-Marc Liger


I am going to look at this later today.




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] recent Xen XSA's (199-204)

[Johnny Hughes]

On 01/02/2017 11:05 AM, Brandon Shoemaker wrote:
> Hi list,
> 
>  
> 
> Are the recent Xen XSA’s (199-204) updates going to be released soon?
> 
>  
> 
> http://xenbits.xen.org/xsa/

They are in the testing repo .. waiting on feedback that they work.


http://buildlogs.centos.org/centos/7/virt/

(or /6/ as well)



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Running i386 guests under CentOS7 amd64 kvm host

[Johnny Hughes]

On 11/25/2016 02:12 AM, C. L. Martinez wrote:
> Hi all,
> 
>  Maybe it is a stupid question, but I a totally lost. When I try to configure 
> an ubuntu i386 guest under CentOS7 amd64 kvm host (fully patched) using 
> virt-manager, I can't select what architecture I want to use. If I try to 
> change guest.xml using "virsh edit", I can do it, but guest doesn't starts ...
> 
>  Is it not possible to run i386 guests under CentOS7 amd64 kvm hosts??
> 
> Thanks.
> 

The i386 guest should run fine in a normal x86_64 setup, right?  You can
install 32bit Ubuntu on a physical x86_64 machine, right?



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen4CentOS kernel-debuginfo

[Johnny Hughes]

On 10/20/2016 09:47 PM, Sarah Newman wrote:
> I think this may have been asked before, but what would it take to get 
> debuginfo packages built for the Xen4CentOS kernels? If it's just a patch for
> kernel.spec file that nobody has gotten around to, what is the best starting 
> place for making that patch?
> 

We used a completely different SPEC file for the this kernel than the
standard CentOS kernels.  This is because we wanted to be able to build
the kernel using the vanilla kernels from kernel.org and do a much more
base kernel than one gets from those in RHEL.

There are positives and negatives to that decision, but we got the
original SPEC from the elrepo guys, and modified it from there to get
what we needed.

As Akemi suggested, the way to begin trying to do this would be to run
through the RHEL 7 kernel spec file and find anything pertaining to
with_debuginfo:

https://git.centos.org/blob/rpms!kernel/db34748777d20e8ac2bb2284d4847fc8f8c28cce/SPECS!kernel.spec

Those things would need to be rolled into the xen kernel.

As you can see, none of that is in the xen-kernel spec file:
https://github.com/hughesjr/xen-kernel/blob/master/SPECS/kernel.spec

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] xen 4.6.3-2 packages (with XSAs 185-188) making their way through CBS

[Johnny Hughes]

On 09/08/2016 07:03 AM, George Dunlap wrote:
> Just a heads-up -- 4.6.3-2, for both CentOS 7 and CentOS 6, are making
> their way through the build system now and should be in the mirrors
> hopefully sometime later this afternoon.
> 
> These contain patches for XSAs 185-188, one of which is a fairly
> critical update, so please update as soon as they're available.

The same XSA's are in xen-4.4.4-12.el6 which are also pushed and
available as an update.

Please note:  The 4.4.x xen branch on CentOS-6 will only get updates
while xenproject.org continues to release updates for it.  See this link
for more details:

https://wiki.xenproject.org/wiki/Xen_Project_Release_Features

So, for now, 4.4.x will get updates through March 2017.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Updating PXE documentation for CentOS wiki

[Johnny Hughes]

On 08/18/2016 05:57 PM, Nico Kadel-Garcia wrote:
> I was just looking at the CentOS Wiki at
> https://wiki.centos.org/HowTos/PXE/PXE_Setup, and it's pretty
> seriously out of date. It neglects the existence of the
> "syslinux-tftpboot" RPM, and the hand editing of xinetd config files
> for tftpd ignores the availability of "chkconfig" and "service" to
> manage that service.
> 
> For more sophisticated users, it doesn't mention "never, never, never
> set your default menu to install an OS by default, because you *will*
> accidentally wipe servers that select PXE boot first before local disk
> as their boot media". Nor does it mention the difficulties with PXE
> and NAT based virtual host, nor how to verify the TFTP service's basic
> operation, nor the difficulty of maintaining multiple PXE configs when
> the main rsync mirrors only publish the most recent CentOS.
> 
> I'm happy to add that sort of thing to the wiki, but I'm finding the
> "Set up an account" page confusing. Is "FirstnameLastname" supposed to
> be your mandated login name?

Yes, FirsnameLastname (CamelCase, no space) is the correct format.




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Centos 7 newer kernel needed

[Johnny Hughes]

On 08/04/2016 07:30 AM, Laurentiu Soica wrote:
> Hi Xlord, 
> 
> Yes,  the CPU has support for EPT. 
> 
> I wrongly thought that the nested EPT was first introduced in 3.12.
> Following your instructions I see that I have it enabled on my system as
> well. 
> 
> However,  checking the kernel commits from 3.12 on search string 'nested
> ept'  I found about 10 code changes/fixes for nested EPT. 
> 
> https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs%2Ftags%2Fv3.12.62=grep=Nested+ept
> 
> What options do I have to get this commits on a Centos 7 kernel? 

The Standard CentOS kernel is built from the source code and
configuration files of the released RHEL kernel.  The only way to get
things into the main CentOS kernel is for it to be in the RHEL source code.

Red Hat does backport changes into the RHEL kernel, so if they support
nested those changes or ones like it may be there.  See Backporting:

https://access.redhat.com/security/updates/backporting

We do have a CentOSPlus kernel, maintained by a volunteer (hi toracat).
She will take potential patches here if you have something that works:

https://bugs.centos.org/view.php?id=6828

Also, if you want to try a newer kernel, we do have 2 available.  I
manage both of these kernels, they are both based on an LTS version of
the kernel from kernel.org .. but neither gets nearly the attention (or
smart people looking at them) as the RHEL based kernel.  If you want to
try either of them, they are in:

3.18.x LTS:
http://mirror.centos.org/centos/7/virt/x86_64/xen-46/

4.4.x LTS:
http://mirror.centos.org/altarch/7.2.1511/experimental/x86_64/Packages/

Those kernels both work, I am running both on production machines .. but
I am not a kernel hacker, so I just build what the upstream LTS kernel
maintainer releases.  They may or may not do what you want.

The RHEL kernel team does a lot of work to make sure the RHEL kernel

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Downgrading from Xen 4.6 to 4.5

[Johnny Hughes]

On 08/03/2016 05:35 AM, Francis Greaves wrote:
> Dear All
> I have an up to date CentOS 7 with Xen 4.6
> I have noticed in some posts here and there that PCI Passthrough is not
> working in 4.6 for some people, but is working in 4.5
> How can I downgrade to Xen 4.5 so I can test this out?
> Many thanks

We do not provide a CentOS-7 version of Xen lower than 4.6.  At the time
we started Xen support on CentOS-7, 4.6 was already stable and that was
our first release for CentOS-7.

We do currently have both Xen-4.4 and Xen-4.6 for CentOS-6.

The Virt SIG produces 'even' versions of Xen (so 4.4, 4.6, 4.8) as well
as a newer libvirt and kernel.






signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] oVirt 3.6.7 packages available for testing

[Johnny Hughes]

On 07/18/2016 12:06 PM, Rafael Martins wrote:
> Hi,
> 
> after some delay, the oVirt 3.6.7 packages are available for testing in Virt 
> SIG. They are tagged virt7-ovirt-36-testing.
> 
> Please help us testing this release and submitting feedback!
> 

I think those test packages are available here (and all test packages
tagged to virt7-ovirt-36-testing should show up there from now on
automatically):

http://buildlogs.centos.org/centos/7/virt/x86_64/ovirt-3.6/


Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] New Xen-44 update for XSA-179

[Johnny Hughes]

There are new Xen-44 packages for XSA-179 in the testing repo based on
xen-4.4.4-4.el6.src.rpm

If you are using the xen-44 branch, please test and report issues to
this list.

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] New Packages in Testing for CentOS-7-Xen-46, CentOS-6-Xen-46, CentOS-6-Xen-44

[Johnny Hughes]

On 04/18/2016 02:19 PM, Johnny Hughes wrote:
> New Packages in Testing for CentOS-7-Xen-46, CentOS-6-Xen-46,
> CentOS-6-Xen-44.
> 
> CentOS-7-Xen46:
> - kernel-3.18.30-20.el7.src.rpm : XSA-174, upstream changelogs:
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.26
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.27
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.28
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.29
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.30
> 
> - xen-4.6.1-6.el7.src.rpm : XSA-173
> 
> =
> 
> CentOS-6-Xen-46:
> - kernel-3.18.30-20.el6.src.rpm : XSA-174, upstream changelogs:
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.26
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.27
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.28
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.29
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.30
> 
> - xen-4.6.1-6.el7.src.rpm : XSA-173
> 
> =
> 
> CentOS-6-Xen-44:
> - kernel-3.18.30-20.el6.src.rpm : XSA-174, upstream changelogs:
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.26
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.27
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.28
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.29
>   https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.30
> 
> - xen-4.4.4-3.el7.src.rpm : XSA-173
> 
> - libvirt-1.3.0-0.1.el6.src.rpm :  Move to the same major libvirt
> version as CentOS-6-Xen-46
> 
> - libvirt-python-1.3.0-1.el6.src.rpm : Move to the same major
> libvirt-python version as  CentOS-6-Xen-46
> 
> =
> 
> To test the above packages, enable your testing repo in
> /etc/yum.repo.d/CentOS-Xen-*.repo, then do:
> 
> yum clean all
> yum update
> 
> Please provide feedback to this list for working with no issue, or
> issues found.
> 
> Thanks,
> Johnny Hughes
> 




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] version(qemu-kvm) with parallel port support

[Johnny Hughes]

On 04/20/2016 04:06 AM, Subscriber wrote:
> 
> Whether  there  is a version of the qemu-kvm with support for parallel
> port  (passthrough).  I  need  parallel  port for Windows VM (security
> dongle LPT).
> 
> I use
> on one host
> # /usr/libexec/qemu-kvm -version
> QEMU emulator version 2.3.0 (qemu-kvm-ev-2.3.0-31.el7_2.10.1)
> 
> another host
>  /usr/libexec/qemu-kvm -version
> QEMU emulator version 1.5.3 (qemu-kvm-1.5.3-105.el7_2.3)
> 
> 
> Both versions do not support parallel port and generate error:
> 
> qemu-kvm: -device isa-parallel,chardev=char parallel 0,id=parallel
> 0: 'isa-parallel' is not a valid device model name

This says that parallel dongles don't work well in any hypervisor:
https://www.experts-exchange.com/questions/27877758/virtual-machine-to-support-parallel-dongle.html

recommends:
http://www.dongleservice.com/emulate-hasp.phtml





signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] XSA-172

[Johnny Hughes]

On 03/29/2016 07:45 AM, George Dunlap wrote:
> xen 4.6.1-5 has been build and should be available in buildlogs soon
> (available via the centos-virt-xen-testing repo).
> 
> More information can be found here:
> 
> http://xenbits.xen.org/xsa/advisory-172.html
> 
> A signed copy should hit the mirrors tomorrow.
> 
> Please report any problems on this list.
> 
> Thanks,
>  -George

I have said that I wills start maintaining the xen-44 branch for
security updates.  My first released package is xen-4.4.3-14.el6, which
is currently in the centos-virt6-xen-testing repo.

If there are no issues reported here, this version will be released to
CentOS-6.7 xen repo in a day or two.

The xenproject.org site says they will support xen-4.4 until March 2017
(http://bit.ly/1UAVsOX), so I will also roll in updates until then for
Xen-4.4.

As George stated in this post (http://bit.ly/1pZKE04), if you want to
stay on Xen-4.4 and not upgrade to Xen-4.6 (on CentOS-6) then you need
to install 'centos-release-xen-44' and then remove centos-release-xen.

Thanks,
Johnny Hughes






signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] installing xen on c7

[Johnny Hughes]

On 02/28/2016 04:47 AM, Karanbir Singh wrote:
> On 28/02/16 00:04, Peter wrote:
>>
>> The issue there is you can't expect every third-part kernel vendor to
>> add that provide.  
> 
> Everyone who cared to should have done in the last 8 odd years the xen
> stack has been available on CentOS - beyond that, we should build a good
> local story and ensure other vendors have the opportunity to come along.
> 
> You seem to be arguing for a broken story for some third party corner case,
> 
> We have a local kernel, built for purpose, tested for purpose, and used
> within the ecosystem by other efforts that require or provide a xen
> interface, lets just stick with trying to make that better.
> 
> besides, there is nothing stopping users from later installing whatever
> other keys they want. Pretty sure a majority of the userbase wont.
> 
> regards
> 

you would still need to do yum upgrade to get the new libvirt and
seabios bits to support xen, so I don't see why also relying on that for
the kernel is any more a problem.



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] XSAs 170 and 154, repository layouts, and centos-release-xen 8-1

[Johnny Hughes]

On 02/18/2016 07:57 AM, Johnny Hughes wrote:
> On 02/17/2016 06:30 AM, George Dunlap wrote:
> 
> 
> 
> For C6 users:
> 
>> * If you want to update to xen-46, and also get further updates 
>> automatically:
>>
>> yum install centos-release-xen-46
> 
> Would this be instead (to get latest and always stay one latest):
> 
> yum remove centos-release-xen44 centos-release-xen46
> yum install centos-release-xen
> 
> (instead of installing centos-release-xen46)
> 
> 


As discussed on this list in the past .. the SIG in general is going to
maintain 1 version of xen current for each CentOS version.  And the goal
currently (as I understand it) is to move to every even point release,
if that release works within the gcc/glibc parameters for that CentOS
Version.

So, xen 4.8 will be the one following 4.6, etc.

That means that the older versions (ie 4.4 on CentOS-6) will be orphaned
if someone from the community does not step up, join the SIG, and
maintain the packages.

Specifically for Xen-4.4.x on CentOS-6, I will maintain that so long as
upstream xenproject.org continues to produce XSA patches for Xen-4.4.
Once xenproject.org stops support for xen-4.4 then an announcement will
be made and that branch will stop being updated.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] XSAs 170 and 154, repository layouts, and centos-release-xen 8-1

[Johnny Hughes]

On 02/17/2016 06:30 AM, George Dunlap wrote:



For C6 users:

> * If you want to update to xen-46, and also get further updates automatically:
> 
> yum install centos-release-xen-46

Would this be instead (to get latest and always stay one latest):

yum remove centos-release-xen44 centos-release-xen46
yum install centos-release-xen

(instead of installing centos-release-xen46)





signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 6 Virt SIG Xen 4.6 packages available in centos-virt-xen-testing

[Johnny Hughes]

On 02/02/2016 08:47 AM, Manuel Wolfshant wrote:
> On 01/14/2016 06:57 PM, George Dunlap wrote:
>> As mentioned yesterday, Xen 4.6 packages are now available for
>> testing.  These also include an update to libvirt 1.3.0, in line with
>> what's available for CentOS 7.  Please test, particularly the upgrade
>> if you can, and report any problems here.
>>
>> To upgrade:
>>
>> yum update --enablerepo=centos-virt-xen-testing
>>
>> To install from scratch:
>>
>> * Install centos-release-xen from centos-extras
>>
>> yum install centos-release-xen
>>
>> * Update to get the new kernel:
>>
>> yum update
>>
>> * Install the Xen packages from the centos-virt-xen-testing repo:
>>
>> yum install --enablerepo=centos-virt-xen-testing xen
>>
>> Keep in mind that there is still a bug in the upstream CentOS
>> new-kernel script which for some people consistently fails to add an
>> "initird" line to the Xen boot stanza.  Check /boot/grub/grub.conf;
>> the Xen stanza should look something like this:
>>
>> title CentOS (3.18.21-17.el6.x86_64)
>>  root (hd0,0)
>>  kernel /xen.gz dom0_mem=1024M,max:1024M cpuinfo com1=115200,8n1
>> console=com1,tty loglvl=all guest_loglvl=all
>>  module /vmlinuz-3.18.21-17.el6.x86_64 ro
>> root=/dev/mapper/VolGroup-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD
>> rd_LVM_LV=VolGroup/lv_swap SYSFONT=latarcyrheb-sun16 crashkernel=auto
>> rd_LVM_LV=VolGroup/lv_root  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb
>> quiet
>>  module /initramfs-3.18.21-17.el6.x86_64.img
>>
>>
>>   -George
>> ___
>> CentOS-virt mailing list
>> CentOS-virt@centos.org
>> https://lists.centos.org/mailman/listinfo/centos-virt
> Hello
> 
> I've attempted to upgrade today to xen 4.6 ( because of something
> which seems to be a reincarnation of
> http://lists.xen.org/archives/html/xen-devel/2014-01/msg02259.html ) and
> I noticed that the new xen-runtime package tries to bring in a whole
> bunch of other packages:
> 
> 
> Installing for dependencies:
>  atk x86_64 1.30.0-1.el6 base 195 k
>  avahi-libs x86_64 0.6.25-15.el6 base 55 k
>  cairo x86_64 1.8.8-6.el6_6 base 309 k
>  cups-libs x86_64 1:1.4.2-72.el6 base 321 k
>  fontconfig x86_64 2.8.0-5.el6 base 186 k
>  freetype x86_64 2.3.11-15.el6_6.1 base 361 k
>  gdk-pixbuf2 x86_64 2.24.1-6.el6_7 updates 501 k
>  gtk2 x86_64 2.24.23-6.el6 base 3.2 M
>  hicolor-icon-theme noarch 0.11-1.1.el6 base 40 k
>  jasper-libs x86_64 1.900.1-16.el6_6.3 base 137 k
>  libXcomposite x86_64 0.4.3-4.el6 base 20 k
>  libXcursor x86_64 1.1.14-2.1.el6 base 28 k
>  libXft x86_64 2.3.1-2.el6 base 55 k
>  libXi x86_64 1.7.2-2.2.el6 base 37 k
>  libXinerama x86_64 1.1.3-2.1.el6 base 13 k
>  libXrandr x86_64 1.4.1-2.1.el6 base 23 k
>  libXrender x86_64 0.9.8-2.1.el6 base 24 k
>  libthai x86_64 0.1.12-3.el6 base 183 k
>  libtiff x86_64 3.9.4-10.el6_5 base 343 k
>  pango x86_64 1.28.1-10.el6 base 351 k
> 
> 
> Is this really needed ?
> 

The packages are built in mock (a clean buildroot with only required
packages) ... so only things called out as required by the spec file is
in the build root.

We can look at the build root log here:

http://bit.ly/1T4NGvy

Searching for this line in the log:

Getting requirements for xen-4.6.0-9.el6.src

It seems that SDL-devel, ghostscript, libX11-devel and gtk2-devel are
build requirements for xen-4.6 packages from that root.log .. so that
adds in all the X and gtk devel packages for linking against.

Looking at the spec file:

http://bit.ly/1SSRxu5

In Lines 105 to 108, those requires are there, so they are going to pull
in all the X and GNOME devel files that get linked against, so if those
spec file dependencies are requires, the links will be produced.

I don't see any way to get rid of those requires unless one redesigns
the packages.

Thanks,
Johnny Hughes







signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] When will CentOS 7.1 become available as an AWS AMI?

[Johnny Hughes]

On 01/28/2016 07:54 AM, Peter Weissbrod wrote:
> I am in need of some AWS instances of this version.
> 
>  
> 
> There are “community” instances of 7.1 but I would strongly prefer an
> official release from CentOS team over trusting my base image to an
> unknown publisher.
> 
> Is there any plan/projection of when CentOS will publish 7.1 to the AWS
> marketplace?

https://aws.amazon.com/marketplace/seller-profile?id=16cb8b03-256e-4dde-8f34-1b0f377efe89

CentOS 7 is the release.  There are point in time 'install collections',
like 7 (1406) (based on RHEL 7.0) .. 7 (1503) (based on RHEL 7.1), 7
(1511) (based on RHEL 7.2).

But these point releases, based on a point in time, are just a picture
of CentOS 7 at that exact point in time.  The only way we recommend
CentOS is all latest updates installed.  And no matter what version you
install, a yum update takes you to that version.  That is why we have
only one image listed.

A base 7.1 install would have several Critical security issues, and
updating to fix those issues brings you to 7.2.




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 6 Virt SIG Xen 4.6 packages available in centos-virt-xen-testing

[Johnny Hughes]

On 01/21/2016 08:02 AM, George Dunlap wrote:
> On Thu, Jan 21, 2016 at 1:28 PM, Phill Bandelow  wrote:
>> Well when the last upgrade 4.2 > 4.4 went live and XM was disabled by
>> default it took many hosts down without warning. 4.4 > 4.6  may cause the
>> same issues. It's a dangerous upgrade for sure. Why can't 4.4 be LTS for C6?
>> as it's the last build with XM. Any XSA patches should not be hard to
>> backport. and maybe the optional xen4.6 for C6.
> 

They started bringing this up before the 4.4 release .. that one had to
move from xm to xl.  They also gave instructions:

from the wiki:

Xen-4.4 and libxl

Note: All versions of Xen before version 4.4 had xm and xend enabled by
default. The xen-4.4.1 (and newer) rpms instead enable xl support and no
longer use xend. Please see /MigratingToXl for details on how to migrate
from em rpms older than 4.4.1 to the new version


Here is the link to /MigratingToXl

https://wiki.centos.org/HowTos/Xen/Xen4QuickStart/MigratingToXl

So, I would say people need to migrate to xl anyway.

> It's not a huge amount, but it is definitely time that I (and my
> employer) would prefer to spend on other things.
> 
> As I've said elsewhere, this is a community project -- so if someone
> wants to step up and maintain Xen 4.4 for CentOS 6, they are welcome.
> I do agree that it shouldn't be a huge amount of work for someone to
> pick this up, now that I've got the basic setup.  (And I'll definitely
> still be around to help.)
> 
> If someone wanted to step up and maintain the 4.4 xen packages, I'd be
> happy to hand that off, and just have xen46 for C6 and xen (v 4.6) for
> C7.
> 

Well, the problem with that is xenproject.org does not maintain their
old releases forever either.

How long will they release patches to 4.4?

It is already listed as unsupported, with 4.5 and 4.6 the only supported
versions.

They have been releasing 4.4 patches recently .. not sure how much
longer that will happen.  Once they stop putting out 4.4 patches for
XSAs, then it becomes difficult as the things they release for 4.5/4.6
will not necessarily work on 4.4 or below.

George, do you know?








signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 6 Virt SIG Xen 4.6 packages available in centos-virt-xen-testing

[Johnny Hughes]

On 01/21/2016 09:29 AM, Johnny Hughes wrote:
> This is a community SIG .. and xenproject.org does NOT release XSAs for
> 4.2.  The goal of Xen4centOS was to use an upstream LTS kernel and
> update those as required to stay on an LTS.  Also to do every second
> point release of xen (ie, 4.2, 4.4, 4.6).  All so we are longer term
> than upstream, BUT we have supported code from upstream.
> 
> So, the goal is to use supported code for the longest amount of time the
> upsreams support them.  For xenproject.org .. they support the two
> newest releases.  For kernel.org, they do a new kernel LTS about every 2
> years.
> 
> We don't have 5000 engineers to maintain community SIGs like they
> maintain the distro.  We have to have supported code from upstream projects.
> 
>

So what does this mean ..

xenproject.org supports 4.6 and 4.5 right now. (last 2 releases).

When they release 4.7 then they will support 4.7 and 4.6 and drop
support for 4.5 .. and we will keep 4.6 active.

When they release 4.8, they support 4.8 and 4.7 and drop support for
4.6.  At this point we will release 4.8 as an upgrade to 4.6.

If we want to get XSA patches, that is what we have to do.  And we
certainly want to continue doing security patches.

The alternative is we need dedicated engineers to figure out older
things differ from the supported versions and how to backport code.  As
you move further from the supported version this becomes harder and harder.

If there are people who want to do this .. and if we can be sure they
will do it for the long term, then maybe and older long term support can
be created .. however, it becomes harder to maintain as time goes on.

Xen Project 4.4.0 was released on March 10, 2014 .. so that is basically
2 years on a major version.  That also corresponds to the LTS kernel
time frame.  That is the best we can do and maintain supported upstream
code.



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 6 Virt SIG Xen 4.6 packages available in centos-virt-xen-testing

[Johnny Hughes]

This is a community SIG .. and xenproject.org does NOT release XSAs for
4.2.  The goal of Xen4centOS was to use an upstream LTS kernel and
update those as required to stay on an LTS.  Also to do every second
point release of xen (ie, 4.2, 4.4, 4.6).  All so we are longer term
than upstream, BUT we have supported code from upstream.

So, the goal is to use supported code for the longest amount of time the
upsreams support them.  For xenproject.org .. they support the two
newest releases.  For kernel.org, they do a new kernel LTS about every 2
years.

We don't have 5000 engineers to maintain community SIGs like they
maintain the distro.  We have to have supported code from upstream projects.

On 01/21/2016 07:46 AM, Alvin Starr wrote:
> Its my impression that as a general rule from RH once some software has
> been released into a major release any further release of that software
> does not change major version or fundamental features..
> 
> For C6 I would argue Xen 4.2 should stay packaged as xen and Xen 4.4 be
> packaged as xen44 ...
> I do not believe that Xen has been released for C7 yet so what ever
> package version is released should be xen and others should be xen4x.
> 
> It provides consistency for those who expect it and upgrading for those
> who need it.
> 
> Looking at a C7 with epel added.
> I can see python, python2 and python3.
> 
> On the other hand If your picking xen up from 
> http://someplace.org/riskey-development/xen.repo then your getting what
> you ask for.
> 
> 
> On 01/21/2016 08:09 AM, President wrote:
>> RE: [CentOS-virt] CentOS 6 Virt SIG Xen 4.6 packages available in
>> centos-virt-xen-testing
>>
>> My .02 is to stay the course.  As a server admin, I want to be able
>> to type things like:
>>
>>
>> yum upgrade php
>>
>> not
>>
>> yum upgrade php55-epel-rpmforge-fancy-package
>>
>>
>> Having to remember all the idiosyncrasies of a system is what causes
>> some type of major failure in the future whenever (1) you forget
>> something or (2) someone else has to pick up the box to adminster.
>>
>>
>>
>> --
>>
>> Craig Thompson, President
>>
>> Caldwell Global Communications, Inc.
>>
>> +1 (423) 559-5465
>>
>> caldwellglobal.com
>>
>>
>> -Original message-
>> *From:* George Dunlap 
>> *Sent:* Thursday 21st January 2016 7:32
>> *To:* Discussion about the virtualization on CentOS
>> 
>> *Subject:* Re: [CentOS-virt] CentOS 6 Virt SIG Xen 4.6 packages
>> available in centos-virt-xen-testing
>>
>> On Thu, Jan 21, 2016 at 12:01 PM, Peter  wrote:
>> > On 15/01/16 05:57, George Dunlap wrote:
>> >> As mentioned yesterday, Xen 4.6 packages are now available for
>> >> testing.  These also include an update to libvirt 1.3.0, in line with
>> >> what's available for CentOS 7.  Please test, particularly the upgrade
>> >> if you can, and report any problems here.
>> >
>> > Per conversation in IRC, Xen 4.6 no longer includes xend and therefore
>> > no longer has the "xm" command.  This is problematic for people who may
>> > be using xm in various scripts on their host (such as home-brewed 
>> backup
>> > scripts).
>> >
>> > I think it's a bad idea to break this functionality without warning by
>> > allowing a simple "yum update" to remove it.  You will take a lot of
>> > people by surprise and cause such scripts to stop working, if people 
>> are
>> > running yum cron the situation becomes even worse.
>>
>> Thanks, PJ, for your input.
>>
>> Just to be clear:
>>
>> 1. In the Xen 4.4 packages (first released October 2014), xend was
>> disabled by default; so anyone using xend at the moment has already
>> manually intervened to enable deprecated functionality
>>
>> 2. In 4.4, the first time xm was executed, it printed this warning:
>> ---
>> xend is deprecated and scheduled for removal. Please migrate to another
>> toolstack ASAP.
>>
>> See http://wiki.xen.org/wiki/Choice_of_Toolstacks for information on
>> other alternatives, including xl which is designed to be a drop in
>> replacement for xm (http://wiki.xen.org/wiki/XL).
>> ---
>>
>> 3. ...and on every subsequent invocation, it printed this warning:
>> "WARNING: xend/xm is deprecated"
>>
>> I think this constitutes "warning" that the functionality was going to
>> break at some point. :-)
>>
>> Also, in most cases "s/xm/xl/g;" Just Works; most people have reported
>> that changing from xm -> xl was pretty painless.  So this isn't like
>> upgrading from Python 2 to Python 3 (or QT 4 to 5, or...).
>>
>> > I think that due to this lack of backwards compatibility with Xen 4.4
>> > and earlier versions it would be a good idea to not force the upgrade 
>> on
>> > people who are not wary of it.  I propose that the new packages carry
>> > the name "xen46" and they purposefully conflict with the 

Re: [CentOS-virt] CentOS 6 Virt SIG Xen 4.6 packages available in centos-virt-xen-testing

[Johnny Hughes]

On 01/21/2016 09:52 AM, George Dunlap wrote:
> On Thu, Jan 21, 2016 at 3:39 PM, Johnny Hughes <joh...@centos.org> wrote:
>> On 01/21/2016 09:29 AM, Johnny Hughes wrote:
>>> This is a community SIG .. and xenproject.org does NOT release XSAs for
>>> 4.2.  The goal of Xen4centOS was to use an upstream LTS kernel and
>>> update those as required to stay on an LTS.  Also to do every second
>>> point release of xen (ie, 4.2, 4.4, 4.6).  All so we are longer term
>>> than upstream, BUT we have supported code from upstream.
>>>
>>> So, the goal is to use supported code for the longest amount of time the
>>> upsreams support them.  For xenproject.org .. they support the two
>>> newest releases.  For kernel.org, they do a new kernel LTS about every 2
>>> years.
>>>
>>> We don't have 5000 engineers to maintain community SIGs like they
>>> maintain the distro.  We have to have supported code from upstream projects.
>>>
>>>
>>
>> So what does this mean ..
>>
>> xenproject.org supports 4.6 and 4.5 right now. (last 2 releases).
> 
> This isn't exactly right.
> 
> Recent releases have 18 months of "support" (meaning, bug fixes are
> backported), and then another 18 months of "security backports", which
> means only XSAs are backported [1], regardless of when or how many
> releases have been made.  It just happens that most releases recently
> have ended up taking about 9 months, which means at any given time you
> have 2 in 'active support'; but that's mostly a coincidence. :-)
> 

Cool.  I do know that our target goal was every second release.

> So 4.4 won't be getting any more point releases, but it should
> continue to get XSAs through March 2017.  (This table [2] has it
> ending in March 2016, but I'm pretty sure that's a mistake.)

I would be for maintaining releases as long as there are XSAs for them
.. obviously as long as we have people to maintain them.

The 3.18.x LTS kernel has support until Jan 2017.  Then we will pick one
with the longest lifetime and shift.

> 
>  -George
> 
> [1] http://wiki.xenproject.org/wiki/Xen_Project_Maintenance_Releases
> 
> [2] http://wiki.xenproject.org/wiki/Xen_Project_Release_Features

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen kernel-3.18.25-17 EL6 and EL7 needs testing

[Johnny Hughes]

On 01/19/2016 03:27 PM, Phill Bandelow wrote:
> I presume this addresses CVE-2016-0728?
> 

Actually it does not .. they have not rolled that patch into the LTS
3.18 branch at kernel.org yet.

As soon as it hits the LTS tree I will build a new kernel though.





signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen kernel-3.18.25-17 EL6 and EL7 needs testing

[Johnny Hughes]

On 01/19/2016 03:37 PM, Johnny Hughes wrote:
> On 01/19/2016 03:27 PM, Phill Bandelow wrote:
>> I presume this addresses CVE-2016-0728?
>>
> 
> Actually it does not .. they have not rolled that patch into the LTS
> 3.18 branch at kernel.org yet.
> 
> As soon as it hits the LTS tree I will build a new kernel though.

OK .. supposedly, this patch fixes the issue:

http://bit.ly/1Sv1Llu

I have made this patch apply to the xen kernel sources:

http://bit.ly/23d5JmD

Let's verify that what I am applying is the only real meat to the first
patch.

I will build and test this locally to verify that we have the issue
before and not after applying that patch.

Then we can test it as a group.

SO .. hold off on testing kernel-3.18.25-17 and I will create a
kernel-3.18.25-18 if this fixes the CVE-2016-0728 issue.

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Xen kernel-3.18.25-17 EL6 and EL7 needs testing

[Johnny Hughes]

There is a new xen kernel for centos-6 and centos-7 the needs testing in:

http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/os/Packages/

and

http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/os/Packages/

Thanks,
Johnny Hughes





signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen kernel-3.18.25-18 for EL6 and EL7 (CVE-2016-0728)

[Johnny Hughes]

On 01/19/2016 05:22 PM, Johnny Hughes wrote:
> There is now a kernel-3.18.25-18 that fixes CVE-2016-0728 (and upgrades
> to the lastest 3.18  LTS kernel) for Xen4CentOS users.
> 
> This kernel can be tested from here:
> 
> http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/os/Packages/
> (CentOS-6)
> 
> and here:
> 
> http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/os/Packages/
> (CentOS-7)
> 

NOTE:

Those kernels will also end up in:


http://buildlogs.centos.org/centos/6/virt/x86_64/xen/

and

http://buildlogs.centos.org/centos/7/virt/x86_64/xen/

Soon

(the kernel-3.18.25-17 kernel, without the CVE fix, is already there)

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen kernel-3.18.25-18 for EL6 and EL7 (CVE-2016-0728)

[Johnny Hughes]

On 01/19/2016 05:28 PM, Johnny Hughes wrote:
> On 01/19/2016 05:22 PM, Johnny Hughes wrote:
>> There is now a kernel-3.18.25-18 that fixes CVE-2016-0728 (and upgrades
>> to the lastest 3.18  LTS kernel) for Xen4CentOS users.
>>
>> This kernel can be tested from here:
>>
>> http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/os/Packages/
>> (CentOS-6)
>>
>> and here:
>>
>> http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/os/Packages/
>> (CentOS-7)
>>
> 
> NOTE:
> 
> Those kernels will also end up in:
> 
> 
> http://buildlogs.centos.org/centos/6/virt/x86_64/xen/
> 
> and
> 
> http://buildlogs.centos.org/centos/7/virt/x86_64/xen/
> 
> Soon
> 
> (the kernel-3.18.25-17 kernel, without the CVE fix, is already there)
> 

OK, I can verify (for me), based on the 'leak' binary in compiled from

http://bit.ly/1nifPm4

That kernel-3.18.25-17 'DOES' have the CVE issue and that
kernel-3.18.25-18 DOES NOT have the CVE leak issue.

Feedback required from others.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Xen kernel-3.18.25-18 for EL6 and EL7 (CVE-2016-0728)

[Johnny Hughes]

There is now a kernel-3.18.25-18 that fixes CVE-2016-0728 (and upgrades
to the lastest 3.18  LTS kernel) for Xen4CentOS users.

This kernel can be tested from here:

http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/os/Packages/
(CentOS-6)

and here:

http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/os/Packages/
(CentOS-7)

Once we get several tested installs we can move this to released.  For
more info on CVE-2016-0728:

http://bit.ly/1nifPm4

There is info in the above link on testing the vulnerability is fixed ..
see the code under 'Triggering the bug from userspace is fairly
straightforward, as we can see in the following code snippet'.

Reports that the kernel works, and that the CVE-2016-0728 issue is
tested (before and after installing the new kernel) would be greatly
appreciated on this thread.

The following changelogs are also applicable in a upgrade from the
current 3.18.21-17 release and this 3.18.25-18 release:

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.25

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.24

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.23

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.22

Thanks.
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 7.2 libvirtd 1.2.17 bug

[Johnny Hughes]

On 12/21/2015 05:57 AM, Pulkit Gupta wrote:
> Hi,
> 
>  
> 
> There is a strange issue in the CentOS 7.2 libvirtd 1.2.17 service.
> 
> If there is a symlink in the "/etc/libvirt/qemu/autostart/" which is
> created before the libvirtd service is started, libvirtd wont start.
> 
> Deleting the symlink from the autostart folder, then starting the
> libvirtd service works.
> 
> Is this a know issue ?
> 
>  
> 
> We have found this on 4-5 servers.

Are you saying that you can not set any VMs to autostart at any time
(which is why an entry gets in there in the first place) .. or that this
is a problem only on the first start up after an upgrade?

I do not see the issue on bugzilla.redhat.com




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 6 Xen package update (including XSA-156)

[Johnny Hughes]

On 11/18/2015 07:31 AM, Pasi Kärkkäinen wrote:
> On Wed, Nov 18, 2015 at 02:20:49PM +0200, Manuel Wolfshant wrote:
>> On 11/18/2015 02:08 PM, Pasi Kärkkäinen wrote:
>>> Hello,
>>>
>>> On Sun, Nov 15, 2015 at 06:42:18PM +0200, Pasi Kärkkäinen wrote:
>>>> On Sun, Nov 15, 2015 at 02:04:58PM +0200, Pasi Kärkkäinen wrote:
>>>>> On Thu, Nov 12, 2015 at 02:00:27PM +, George Dunlap wrote:
>>>>>> So going forward, we're moving the CentOS 6 Xen packages from the
>>>>>> custom "xen4" repos that were introduced several years ago, to repos
>>>>>> based on its position as a sub-project of the Virt Sig.  That will
>>>>>> make things consistent between all the sigs, as well as between CentOS
>>>>>> 6 and 7 Xen packages.
>>>>>>
>>>>>> Unfortunately, XSA-156 came up rather suddenly and is a bit blocked by
>>>>>> this transition.
>>>>>>
>>>>>> So please help us test the new repository structure, so that we can
>>>>>> with conscience push the updates to xen4 users in general.
>>>>>>
>>>>> Seems to work for me!
>>>>>
>>>>>
>>>> Except now on another system I see this problem:
>>>>
>>> Anyone else seeing this libvirt-python problem with virt-manager and/or 
>>> virt-viewer ?
>>>
>>> (happens on a freshly installed system, so no earlier libvirt rpms 
>>> installed)
>>>
>> It tries to install half of the OS, but it works for me.  It seems
>> that your yum does not like that you already have
>> libvirt-client-1.2.15-3.el6.x86_64. Mine is happy to bring in
>> libvirt-{python,client}-0.10.2-54.el6_7.2.x86_64 from updates
>>
> 
> libvirt-{python,client}-0.10.2-54.el6_7.2.x86_64 are the centos core packages,
> while the libvirt-client-1.2.15-3.el6.x86_64 is the Virt SIG provided one,
> which has Xen support enabled.
> 
> So I need the 1.2.15-3 versions, but it seems libvirt-python is not included 
> in the Virt SIG built ones..
> 
> So that's an issue/problem..


It looks like either this needs to be tagged into the proper repo or a
new version built:

http://cbs.centos.org/koji/buildinfo?buildID=252

Pasi, that version exists here:

http://mirror.centos.org/centos/6.7/xen4/x86_64/Packages/

Can you see if it works with :

http://mirror.centos.org/centos/6.7/xen4/x86_64/Packages/libvirt-python-1.2.10-2.el6.x86_64.rpm


Thanks,
Johnny Hughes






signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Libvirt enhancement requests

[Johnny Hughes]

On 11/04/2015 04:31 AM, Jean-Marc LIGER wrote:
> 
> 
> Le 03/11/2015 00:49, Jean-Marc LIGER a écrit :
>>
>> Le 02/11/2015 18:28, Johnny Hughes a écrit :
>>> On 10/31/2015 04:34 PM, Jean-Marc LIGER wrote:
>>>> Hi Lucian,
>>>>
>>>> It seems to be upstream libvirt-1.2.15-2 with options with_xen and
>>>> with_libxl enabled.
>>>> http://cbs.centos.org/koji/buildinfo?buildID=1348
>>>>
>>> Right, and we can use that version, or a newer one and enable rbd as well.
>>
>> You might use this preview one :
>> http://people.redhat.com/~rjones/libguestfs-RHEL-7.2-preview/libvirt-1.2.17-3.el7.src.rpm
>>
>> I personally rebuild libvirt from last official releases which enable
>> ceph by default for el7 :
>> http://libvirt.org/sources/
>>
>> My dogfooding tests still **can be found here :
>> https://copr.fedoraproject.org/coprs/jmliger/virt7-upstream/
>>
>>> The next question is, is there a difference between the generic rbd and
>>> building against ceph-devel.  (As in, is one ceph only and the other
>>> generic only or can you use both when built against ceph-devel, etc)
>>>
>>> Since qemu-kvm-ev enables ceph, if we can also enable ceph in libvirt,
>>> seems like a win to me, if it also does rbd the same as building against
>>> librados2-devel and librbd1-devel.
>> Maybe I'm wrong but ceph-devel seems to have been replaced by 
>> librados2-devel and librbd1-devel in el7.
> 
> %package devel-compat
> Summary:Compatibility package for Ceph headers
> Group:  Development/Libraries
> License:LGPL-2.0
> Obsoletes:  ceph-devel
> Requires:   %{name} = %{epoch}:%{version}-%{release}
> Requires:   librados2-devel = %{epoch}:%{version}-%{release}
> Requires:   libradosstriper1-devel = %{epoch}:%{version}-%{release}
> Requires:   librbd1-devel = %{epoch}:%{version}-%{release}
> Requires:   libcephfs1-devel = %{epoch}:%{version}-%{release}
> Requires:   libcephfs_jni1-devel = %{epoch}:%{version}-%{release}
> Provides:   ceph-devel
> %description devel-compat
> This is a compatibility package to accommodate ceph-devel split into
> librados2-devel, librbd1-devel and libcephfs1-devel. Packages still
> depending
> on ceph-devel should be fixed to depend on librados2-devel, librbd1-devel,
> libcephfs1-devel or libradosstriper1-devel instead.
> 

I concur that the spec file uses that the way it is written.  What I
wonder is *IF* one wants to use ceph specifically, then are libvirt
packages built against librados2-devel and librbd1-devel going to work
then as well?

I do concur that it seems in the beta for rhel-7.2 this all gets
resolved for 7.2.  Since that should be happening soon(ish) .. based on
previous release history, we should wait and see exactly what is in 7.2
when released.

We also need to test that with ceph community packages to see if rbd
built that way actually works with ceph as well.

>>> These may only work with CentOS 7 as well .. have to look at if those
>>> build in CentOS 6.7.
>>
>> Which ceph release forCentOS 6.7Hammer or Firefly ?
>> Jean-Marc Liger
>>




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Resigning as lead of the Virt SIG

[Johnny Hughes]

On 11/03/2015 08:53 AM, Lars Kurth wrote:
> Hi all,
> 
> I wanted to let you know that I feel I need to step down as leader of the 
> Virtualisation SIG. When I originally was approached by KB to do this, it was 
> always clear that this would be a temporary thing until the SIG got going. At 
> the time, only Xen and CentOS folks were involved with the SIG. Since then, 
> we added oVirt and Docker maintainers, have a total of 5 maintainers and 
> built good momentum.
> 
> There are two reasons why I feel I should step down as leader of the Virt 
> SIG: a) I have been traveling too much and thus did not have the bandwidth to 
> do this job justice in recent months. b) In addition, it would also make more 
> sense for one of the Virt SIG maintainers who is more closely involved with 
> day-to-day activities to pick up this job. I will still be able to help with 
> PR and other items.  
> 
> When I was absent over the last few months, George Dunlap (gwd on irc) did 
> most of the groundwork and led SIG meetings on my behalf, so I wanted to 
> propose that George leads the SIG going forward. That is assuming that none 
> of the other SIG maintainers want to step up. George agreed in principle.
> 
> In the last Virt SIG meeting, not all maintainers were present, so we 
> couldn't make a formal decision. KB said the following:
> 
> kbsingh: I think if gwd is ok with it, and people are ok in the SIG, its good 
> for me
> 
> This means that succession either has to be settled in the next SIG meeting, 
> or by e-mail responding to this thread. I don't think there is any formal 
> process, but I would suggest that the maintainers listed on 
> https://wiki.centos.org/SpecialInterestGroup/Virtualization should have a say 
> either at the next IRC meeting or by replying to this email thread.
> 
> Best Regards
> Lars

Lars,

Slacker :)

George Dunlap is fine with me.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Plan to update to Xen 4.6

[Johnny Hughes]

On 11/03/2015 11:04 AM, George Dunlap wrote:
> When we started the Virt SIG, our stated goal was to support one
> recent version of Xen with a recent kernel.  We updated at that time
> to Xen 4.4, as the most recent stable release.  We skipped 4.5; but
> now with 4.6 out, I think it's about time to upgrade.
> 
> Moving to 4.6 has several distinct advantages for CentOS 7.  Xen 4.4
> has no systemd integration, while Xen 4.6 does.  Additionally, Xen 4.4
> has an insufficient level of ARM support, while Xen 4.6 does.
> 
> The Xen releases are heavily tested upstream, not only by the
> open-source team, but by the vendors who build their products on Xen.
> I'm fairly confident that moving forward to Xen 4.6 should be a
> relatively safe maneuver for most people.
> 
> So I shall be moving towards releasing Xen 4.6 for CentOS 6 in the not
> too distant future.
> 
> That said, the Virt SIG is a community effort -- if anyone in the
> community wants to step up and maintain the Xen 4.4 packages within
> the SIG, they would be welcome to do so.  The burden of doing the
> maintenance should not be too high.
> 
> Security updates will continue for 4.4 until the 4.6 packages are
> fully ready (and may continue for a month or  two afterwards,
> depending on severity, to provide a transition period).
> 

I agree with this.  The goal was always to do even numbered releases as
a general rule.  So moving from 4.4 to 4.6 is a great idea.  I concur
100% with this approach.  Obviously we will test the upgrade from 4.4.x
to 4.6.

>  -George




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Libvirt enhancement requests

[Johnny Hughes]

On 10/31/2015 04:34 PM, Jean-Marc LIGER wrote:
> Hi Lucian,
> 
> It seems to be upstream libvirt-1.2.15-2 with options with_xen and
> with_libxl enabled.
> http://cbs.centos.org/koji/buildinfo?buildID=1348
>

Right, and we can use that version, or a newer one and enable rbd as well.

The next question is, is there a difference between the generic rbd and
building against ceph-devel.  (As in, is one ceph only and the other
generic only or can you use both when built against ceph-devel, etc)

Since qemu-kvm-ev enables ceph, if we can also enable ceph in libvirt,
seems like a win to me, if it also does rbd the same as building against
librados2-devel and librbd1-devel.

These may only work with CentOS 7 as well .. have to look at if those
build in CentOS 6.7.

Thoughts?

Thanks,
Johnny Hughes


> Regards,
> Jean-Marc
> 
> Le 28/10/2015 09:38, Nux! a écrit :
>> Pasi,
>>
>> Where are these RPMs, how are they built, what exactly are the
>> differences vs the stock ones?
>>
>> Regards,
>> Lucian
>>
>> -- 
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro
>>
>> - Original Message -
>>> From: "Pasi Kärkkäinen" <pa...@iki.fi>
>>> To: "Discussion about the virtualization on CentOS"
>>> <centos-virt@centos.org>
>>> Sent: Wednesday, 28 October, 2015 08:36:18
>>> Subject: Re: [CentOS-virt] Libvirt enhancement requests
>>> On Tue, Oct 27, 2015 at 05:19:16PM +, Nux! wrote:
>>>> To clarify my own request:
>>>>
>>>> RBD (for CEPH) support is available in the version bundled in RHEL
>>>> 7.2 Beta, so
>>>> we'll have it in CentOS 7.2 (or whatever will be the identifying
>>>> number).
>>>>
>>>> The hooks seems just like a matter of creating files in the correct
>>>> location.
>>>>
>>>> ..So, all is good in the world once again.
>>>>
>>> Except the VirtSIG provides a different version/build of libvirt
>>> rpms, so we
>>> still need to enable RBD/Ceph support separately in VirtSIG provided
>>> version..
>>>
>>>
>>> -- Pasi
>>>
>>>> Regards,
>>>> Lucian
>>>>
>>>> -- 
>>>> Sent from the Delta quadrant using Borg technology!
>>>>
>>>> Nux!
>>>> www.nux.ro
>>>>
>>>> - Original Message -
>>>>> From: "Nux!" <n...@li.nux.ro>
>>>>> To: "Discussion about the virtualization on CentOS"
>>>>> <centos-virt@centos.org>
>>>>> Sent: Tuesday, 27 October, 2015 15:22:27
>>>>> Subject: Re: [CentOS-virt] Libvirt enhancement requests
>>>>> So... how exactly do we proceed?
>>>>>
>>>>> Anyone from the Virt SIG, please stand up?
>>>>>
>>>>> -- 
>>>>> Sent from the Delta quadrant using Borg technology!
>>>>>
>>>>> Nux!
>>>>> www.nux.ro
>>>>>
>>>>> - Original Message -
>>>>>> From: "Pasi Kärkkäinen" <pa...@iki.fi>
>>>>>> To: "Discussion about the virtualization on CentOS"
>>>>>> <centos-virt@centos.org>
>>>>>> Sent: Sunday, 25 October, 2015 11:02:22
>>>>>> Subject: Re: [CentOS-virt] Libvirt enhancement requests
>>>>>> On Wed, Oct 21, 2015 at 05:44:20PM +0100, Nux! wrote:
>>>>>>> Hi folks,
>>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>> I know you're rebuilding livbirt for the SIG. Would it be
>>>>>>> possible to enable RBD
>>>>>>> support in it?
>>>>>>>
>>>>>> Yes, we should definitely enable RBD / Ceph support in libvirt!
>>>>>>
>>>>>>
>>>>>>
>>>>>>> I know quite a few cases (in the Cloudstack community) that
>>>>>>> switched to Ubuntu
>>>>>>> particularly because CEPH support was missing.
>>>>>>> The recommendation is to rebuild the rpms, but this is not a
>>>>>>> viable thing for
>>>>>>> everyone. E.g.
>>>>>>> http://blog.widodh.nl/2015/04/rebuilding-libvirt-under-centos-7-1-with-rbd-storage-pool-support/
>>>>>>>
>>>>>>>
>>>>>>> Another thing that I noticed on the CentOS ml recently is an
>>>>>>> alleged lack of
>>>>>>> hooks, https://www.libvirt.org/hooks.html
>>>>>>>
>>>>>>> And last but not least, where could I find the libvirt (s)rpms
>>>>>>> that the SIG
>>>>>>> produces?
>>>>>>>
>>>>>>> Lucian
>>>>>>>
>>>>>>
>>>>>> -- Pasi




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Kernel 3.18.21-16 and Xen 4.4.3-3 released into Xen4CentOS repo for CentOS 6

[Johnny Hughes]

I have released to the master mirror the following packages for Xen4CentOS:

b518e3b0fd4f735b34d7784815793cb787283d9029776bd9794cedeb274b9204 
kernel-3.18.21-16.el6.x86_64.rpm

4b17373a0ef6806b26d02eb87fc299020beb60b6e31ed08a9c57d30a1410fbe7 
kernel-devel-3.18.21-16.el6.x86_64.rpm

cacedf6771849f7525145ad4ed7d36a2cad5b49b546173bb7c132b236cb7ac49 
kernel-doc-3.18.21-16.el6.noarch.rpm

22479ee9c2d3748edb08b410514d12c17ad966bcc2c067c48deedf732ae62aae 
kernel-firmware-3.18.21-16.el6.noarch.rpm

5d7cd57276f8755c8c312149888956f230ed356bc753117365b4ad7df7b1bf69 
kernel-headers-3.18.21-16.el6.x86_64.rpm

99f65bb828a4d1f9ee25c77d0c71b3d88eba93fcf3fb0babf6c10379d426e5b3 
perf-3.18.21-16.el6.x86_64.rpm

616a1fd6689f214f10dce7b70eb1984e60371edb8341140ddd0b4850fa9705de 
xen-4.4.3-3.el6.x86_64.rpm

2a9584266af525126e7b6a2fa2eeac3757aa63bc6636a8393e0b65e6f4694a42 
xen-devel-4.4.3-3.el6.x86_64.rpm

4ac658cd679ba54496ea82e018ec89156620b2e4c93ef93c3afcfd0956b22f9e 
xen-doc-4.4.3-3.el6.x86_64.rpm

ebfd368aa03a16a1c943afbda8795b631a88a800edcb0650903620928264ab48 
xen-hypervisor-4.4.3-3.el6.x86_64.rpm

c2fa54596923d000e32cd5e96982a06b95ac9a9d1c20655ea3371d44620a2f0e 
xen-libs-4.4.3-3.el6.x86_64.rpm

a2481c5a3e55d20028f90c1b44195cfb64f22a34f9956ee67ce3a7d1bd9a24ea 
xen-licenses-4.4.3-3.el6.x86_64.rpm

283a3052c17735103aef249b3c183b5d9781f76f110dff3d585425af276d0e50 
xen-ocaml-4.4.3-3.el6.x86_64.rpm

f2058a63167d3f0781ab71267b7c10132b18c836d7d4d8bd78214d88d930f5e3 
xen-ocaml-devel-4.4.3-3.el6.x86_64.rpm

43ed7df8e5fb1e836e84f3c517726a6f0512ac6afbbc2eec4af76a39a8cb9eae 
xen-runtime-4.4.3-3.el6.x86_64.rpm

These changelog entries are applicable for the new kernel compared to
the previously released version:
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.21
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.20
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.19
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.18

The xen updates roll in:

* Thu Oct 29 2015 George Dunlap <george.dun...@citrix.com> -
4.4.3-3.el6.centos
- Update fix for XSA-150

 * Thu Oct 22 2015 George Dunlap <george.dun...@citrix.com> -
4.4.3-2.el6.centos
 - Import XSAs 149-153

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CentOS 6 Xen virt* issues

[Johnny Hughes]

On 09/29/2015 07:55 AM, Pasi Kärkkäinen wrote:
> On Tue, Sep 29, 2015 at 12:37:25PM +0100, George Dunlap wrote:
>> On Sat, Sep 26, 2015 at 9:29 PM, Pasi Kärkkäinen  wrote:
>>> On Sat, Sep 26, 2015 at 09:04:23PM +0300, Pasi Kärkkäinen wrote:
 Hello,

 I just upgraded some of my el6xen boxes to latest CentOS 6.7, Xen 4.4.3 
 and dom0 3.18.17 rpms, and noticed these new problems:

>>>
>>> And third issue aswell:
>>>
>>> 3) Creating an HVM guest using virt-manager with file-based storage uses 
>>> loopback-mount, not blktap
>>>
>>> When I manually create a new Xen HVM guest using virt-manager, and choose 
>>> file-based image for storage of the VM, it seems to be set up to use file: 
>>> backend/driver with loopback-mounted image file:
>>>
>>> 
>>>   
>>>   
>>>   
>>>   
>>> 
>>>
>>> # losetup -a
>>> /dev/loop0: [fd00]:1709109 (/var/lib/libvirt/images/testvm2.img)
>>>
>>> With earlier versions of rpms similar setup used blktap2 backend.. (and 
>>> yes, I do have blktap module loaded in dom0 kernel).
>>
>> I remember having to patch some dependency of virt-manager to give it
>> the correct default driver name (something like, it got 'tap' but
>> needed to be 'tap2').  In all likelihood, someone has sussed that
>> 'tap' doesn't work and just replaced it with 'file'.  Actually, it's
>> fairly likely if they've updated stuff in CentOS that you're not
>> getting the re-build virt-manager stuff either -- I may have to respin
>> that one as well.
>>
> 
> I think it's specified at least in python-virtinst. See these emails from a 
> few years back about the tap/tap2-issue:
> 
> https://www.redhat.com/archives/virt-tools-list/2013-June/msg00037.html
> https://www.redhat.com/archives/virt-tools-list/2013-June/msg00039.html

This is indeed where it was patched before (as a stand alone program) ..
have they now rolled that into virt-manager?

> 
>  
>> While we're here, could you give me a couple of virt-install and
>> virt-viewer "smoketest" commands that I could add to my automated test
>> scripts?  ATM I'm testing libvirt by using virsh to import an xl .cfg
>> file, but it would be better to have something that created the config
>> end-to-end.  Using virt-manager directly is probably more work than
>> I'm up for in most cases, but hopefully if I can test the things it
>> depends on I can notice this sort of breakage.
>>
> 
> The problem with virt-viewer issue is that it gives the "error popup" in the 
> GUI,
> so there's no way to figure out it didn't work without looking at the GUI and 
> interacting with the gui..
> 
> Not easy to script/automate..
> 
> 
>> Thanks,
>>  -George
> 
> 
> -- Pasi
> 
> 




signature.asc
Description: OpenPGP digital signature
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt