Re: [DRBD-user] secundary not finish synchronizing

2018-02-08 Thread Lars Ellenberg 
On Mon, Feb 05, 2018 at 04:38:21PM -0600, Ricky Gutierrez wrote:
> Hi list , I have a problem, I have two mail servers that replicate a
> secondary disk between them, there I have the mailboxes, they are as
> primary and secondary with centos 7, the problem is that there was a
> power cut twice, the primary server finished synchronizing with the
> secundary , and then there was another power cut and the secondary
> shutdown too, after this the power was restored and both power  on.
> 
> The problem is that I have lost data yesterday and today 

And your config is?
And you logs say?

As is, I can only take an (educated) wild guess:

Do you have no (or improperly configured) fencing,
and funky auto-resolve policies configured,
after-split-brain ... discard-secondary maybe?

Configuring automatic after-split-brain recovery policies
is configuring automatic data loss.

So if you don't mean that, don't do it.

-- 
: Lars Ellenberg
: LINBIT | Keeping the Digital World Running
: DRBD -- Heartbeat -- Corosync -- Pacemaker

DRBD® and LINBIT® are registered trademarks of LINBIT
__
please don't Cc me, but send to list -- I'm subscribed
___
drbd-user mailing list
drbd-user@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/drbd-user

Re: [DRBD-user] Proxmox repo release.gpg expired

2018-02-08 Thread Christoph Lechleitner 
Am 8. Februar 2018 11:43:17 MEZ schrieb Lars Ellenberg 
:
>On Thu, Feb 08, 2018 at 10:06:00AM +0100, Christoph Lechleitner wrote:
>> Am 08.02.18 um 09:38 schrieb Yannis Milios:
>> > Can you please renew proxmox repo Release.gpg file ?
>
>The signature is fine.
>You need to refresh your keyring.
>How? See below.
>
>> > W: An error occurred during the signature verification. The
>repository
>> > is not updated and the previous index files will be used. GPG
>error:
>> > http://packages.linbit.com/proxmox proxmox-5 Release: The following
>> > signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT Package
>and
>> > Repository Signing Key (2017)
>> > W: Failed to fetch
>> > http://packages.linbit.com/proxmox/dists/proxmox-5/Release.gpg  The
>> > following signatures were invalid: EXPKEYSIG 53B3B037282B6E23
>LINBIT
>> > Package and Repository Signing Key (2017)
>> > W: Some index files failed to download. They have been ignored, or
>old
>> > ones used instead.
>> 
>> Just in case this might help:
>>
>> Debian Stretch introduced 2 new requirements for signing keys and
>> signatures:
>
>Why would you think it would?
>Both requirements are fullfilled, and not being complained about.
>(Also someone would have noticed that before,
>stretch was not released yesterday).
>
>It complains about an *EXPKEYSIG*
>And there is also the "2017" as a hint.
>so: key expiry. Which the subject already says as well.
>
>We usually do not create a new key,
>but simply extend the validity for an other year,
>and also add the "current year" uid.
>
>Your system apparently did not notice the extended validity.
>You can help:
>
>apt-key list --verbose LINBIT
>| pub   dsa1024 2008-11-13 [SC] [expired: 2018-02-01]
>|32A7 46AD 3ACF B7EB 9A18  8D19 53B3 B037 282B 6E23
>| uid   [ expired] LINBIT Package and Repository Signing Key
>(2017)
>| ...
>| sub   elg2048 2008-11-13 [E] [expired: 2018-02-01]
>| gpg: Note: signature key 53B3B037282B6E23 expired Don 01 Feb 2018
>11:49:14 CET
>
>
>apt-key adv --keyserver keyserver.ubuntu.com --recv-keys
>0x53B3B037282B6E23
>(or your keyserver of choice)
>| gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key
>(2018)" 1 new user ID
>| gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key
>(2018)" 11 new signatures
>...
>
>apt-key list --verbose LINBIT
>| pub   dsa1024 2008-11-13 [SC] [expires: 2019-02-01]
>|   32A7 46AD 3ACF B7EB 9A18  8D19 53B3 B037 282B 6E23
>| uid   [ unknown] LINBIT Package and Repository Signing Key
>(2018)
>| ...
>| sub   elg2048 2008-11-13 [E] [expires: 2019-02-01]
>
>Yay.

I have seen those exact error messages due to those exact requirements.

Considering Linbit's focus seemed to have been on RedHat for years it *could* 
have been relevant. I wrote "in case", btw.

Sorry I tried to help.

Regards Christoph





mfg in aller Kürze vom Hand-Androiden
___
drbd-user mailing list
drbd-user@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/drbd-user

Re: [DRBD-user] Proxmox repo release.gpg expired

2018-02-08 Thread Yannis Milios 
Thanks for the hint, works now ...


Y

On Thu, Feb 8, 2018 at 10:43 AM, Lars Ellenberg 
wrote:

> On Thu, Feb 08, 2018 at 10:06:00AM +0100, Christoph Lechleitner wrote:
> > Am 08.02.18 um 09:38 schrieb Yannis Milios:
> > > Can you please renew proxmox repo Release.gpg file ?
>
> The signature is fine.
> You need to refresh your keyring.
> How? See below.
>
> > > W: An error occurred during the signature verification. The repository
> > > is not updated and the previous index files will be used. GPG error:
> > > http://packages.linbit.com/proxmox proxmox-5 Release: The following
> > > signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT Package and
> > > Repository Signing Key (2017)
> > > W: Failed to fetch
> > > http://packages.linbit.com/proxmox/dists/proxmox-5/Release.gpg  The
> > > following signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT
> > > Package and Repository Signing Key (2017)
> > > W: Some index files failed to download. They have been ignored, or old
> > > ones used instead.
> >
> > Just in case this might help:
> >
> > Debian Stretch introduced 2 new requirements for signing keys and
> > signatures:
>
> Why would you think it would?
> Both requirements are fullfilled, and not being complained about.
> (Also someone would have noticed that before,
> stretch was not released yesterday).
>
> It complains about an *EXPKEYSIG*
> And there is also the "2017" as a hint.
> so: key expiry. Which the subject already says as well.
>
> We usually do not create a new key,
> but simply extend the validity for an other year,
> and also add the "current year" uid.
>
> Your system apparently did not notice the extended validity.
> You can help:
>
> apt-key list --verbose LINBIT
> | pub   dsa1024 2008-11-13 [SC] [expired: 2018-02-01]
> |32A7 46AD 3ACF B7EB 9A18  8D19 53B3 B037 282B 6E23
> | uid   [ expired] LINBIT Package and Repository Signing Key (2017)
> | ...
> | sub   elg2048 2008-11-13 [E] [expired: 2018-02-01]
> | gpg: Note: signature key 53B3B037282B6E23 expired Don 01 Feb 2018
> 11:49:14 CET
>
>
> apt-key adv --keyserver keyserver.ubuntu.com --recv-keys
> 0x53B3B037282B6E23
> (or your keyserver of choice)
> | gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key
> (2018)" 1 new user ID
> | gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key
> (2018)" 11 new signatures
> ...
>
> apt-key list --verbose LINBIT
> | pub   dsa1024 2008-11-13 [SC] [expires: 2019-02-01]
> |   32A7 46AD 3ACF B7EB 9A18  8D19 53B3 B037 282B 6E23
> | uid   [ unknown] LINBIT Package and Repository Signing Key (2018)
> | ...
> | sub   elg2048 2008-11-13 [E] [expires: 2019-02-01]
>
> Yay.
>
> --
> : Lars Ellenberg
> : LINBIT | Keeping the Digital World Running
> : DRBD -- Heartbeat -- Corosync -- Pacemaker
>
> DRBD® and LINBIT® are registered trademarks of LINBIT
> __
> please don't Cc me, but send to list -- I'm subscribed
> ___
> drbd-user mailing list
> drbd-user@lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/drbd-user
>
___
drbd-user mailing list
drbd-user@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/drbd-user

Re: [DRBD-user] frequent wrong magic value with kernel >4.9

2018-02-08 Thread Andreas Pflug 
Am 01.02.18 um 13:34 schrieb Lars Ellenberg:
> On Tue, Jan 23, 2018 at 07:14:13PM +0100, Andreas Pflug wrote:
>> Am 15.01.18 um 16:37 schrieb Andreas Pflug:
>>> Am 09.01.18 um 16:24 schrieb Lars Ellenberg:
 On Tue, Jan 09, 2018 at 03:36:34PM +0100, Lars Ellenberg wrote:
> On Mon, Dec 25, 2017 at 03:19:42PM +0100, Andreas Pflug wrote:
>> Running two Debian 9.3 machines, directly connected via 10GBit on-board
>>
>> X540 10GBit, with 15 drbd devices.
>>
>> When running a 4.14.2 kernel (from sid) or a 4.13.13 kernel (from
>> stretch-backports), I see several "Wrong magic value 0x4c414245 in
>> protocol version 101" per day issued by the secondary, with subsequent
>> termination of the connection, reconnect and resync. The magic value
>> logged differs, quite often 0x00.
>>
>> Using the current 4.9.65 kernel (or older) from stretch didn't show
>> these aborts in the past, and after going back they're gone again. It
>> seems to be some problem introduced after 4.9 kernels, since both 4.9
>> and 4.13 include drbd 8.4.7. Maybe some interference with the nic driver?
>>
>> Kernel    drbd   ixgbe     errors
>> 4.9.65   8.4.7  4.4.0-k    no
>> 4.13.13  8.4.7  5.1.0-k    yes
>> 4.14.2   8.4.10 5.1.0-k    yes
> "strange".
>
> What does "lsblk -D" and "lsblk -t" say?
>
> Do you have a scratch volume you can play with?
> As a datapoint, you try to "blkdiscard /dev/drbdX" it?
> dd if=/dev/zero of=/dev/drbdX bs=1G oflag=direct count=1?
>
> Something like that?
> Any "easy" reproducer?
 Maybe while preparing the pull requests for upstream,
 we missed/mangled/broke something.

 Can you also reproduce with "out-of-tree" drbd 8.4.10?

>>> So I have currently kernel 4.9.65 with drbd 8.3.7 on the primary server,
>>> with the second server (4.14.7 with drbd 8.3.11-rc1) having all drbd
>>> devices secondary.
>>>
>>> Llogged in kern.log on the secondary:
>>> Jan 15 15:13:22 xen2 kernel: [451977.741177] drbd monitor.opt: Wrong
>>> magic value 0x64656772 in protocol version 101
>> Any news on this issue, anything to test?
>> Still getting that message 20 times a day, system not really busy.
> Nothing I can make any sense of, yet.
> And as of now, afaics, you are "the only one" reporting this.
> Can be a lot of things.
>
> Maybe you can setup a tcpdump capture in ringbuffer mode,
> wait for this to happen (watching the kernel log),
> and make me the pcap containing the event available somehow?
>
> something like this (please double check the man page yourself):
> tcpdump  -s 0 -i $NIC -w drbd.pcap. -W 100 -C 1 [possible port filter here]
> (keep in mind that pcap will contain raw block device data,
> which you may not want to show to "the internet").
>

After the tcpdump analysis showed that the problem must be located below
DRBD, I played around with eth settings. Cutting down the former MTU of
9710 to default 1500 did fix the problem, as well as disabling
scatter-gather. So apparently big MTU and scatter-gather don't play
nicely on later kernels (or the updated nic driver)

I posted a kernel bug on this,
https://bugzilla.kernel.org/show_bug.cgi?id=198723

Thanks for your help!

Regards

Andreas

___
drbd-user mailing list
drbd-user@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/drbd-user

Re: [DRBD-user] Proxmox repo release.gpg expired

2018-02-08 Thread Christoph Lechleitner 
Am 08.02.18 um 09:38 schrieb Yannis Milios:
> Can you please renew proxmox repo Release.gpg file ?
> 
> Thanks
> 
> W: An error occurred during the signature verification. The repository
> is not updated and the previous index files will be used. GPG error:
> http://packages.linbit.com/proxmox proxmox-5 Release: The following
> signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT Package and
> Repository Signing Key (2017)
> W: Failed to fetch
> http://packages.linbit.com/proxmox/dists/proxmox-5/Release.gpg  The
> following signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT
> Package and Repository Signing Key (2017)
> W: Some index files failed to download. They have been ignored, or old
> ones used instead.

Just in case this might help:

Debian Stretch introduced 2 new requirements for signing keys and
signatures:

1. The GPG keys need to bei 2048 bit long. Longer probably OK too.

2. SHA1 signatures are not accepted any more, the signatures need to be
done using at least SHA256 now. For legacy GnuPG setups this can be
enforced by adding a line
  digest-algo sha256
to gpg.conf (and re-signing everything).

Regards,

Christoph
___
drbd-user mailing list
drbd-user@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/drbd-user

[DRBD-user] Proxmox repo release.gpg expired

2018-02-08 Thread Yannis Milios 
Can you please renew proxmox repo Release.gpg file ?

Thanks

W: An error occurred during the signature verification. The repository is
not updated and the previous index files will be used. GPG error:
http://packages.linbit.com/proxmox proxmox-5 Release: The following
signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT Package and
Repository Signing Key (2017)
W: Failed to fetch
http://packages.linbit.com/proxmox/dists/proxmox-5/Release.gpg  The
following signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT
Package and Repository Signing Key (2017)
W: Some index files failed to download. They have been ignored, or old ones
used instead.


Y
___
drbd-user mailing list
drbd-user@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/drbd-user

Re: [DRBD-user] Repositories

2018-02-08 Thread Peter Schwindt 
Hi,

On 2018-02-08 08:56, Jean-Daniel TISSOT wrote:

> I will switching to three Proxmox V5.1 nodes for HA with DRBD.
> Since V5, drbdmanage and drbd-utils are no more available as debian
> packages on Proxmox repositories.
> 
> Does Linbit provide repositories for Debian stretch for theses packages ?

deb http://packages.linbit.com/proxmox/ proxmox-5 drbd-9.0


Cheers,
Peter

-- 
: Peter Schwindt
: LINBIT | Keeping the Digital World Running
: DRBD — Heartbeat — Corosync — Pacemaker

DRBD® and LINBIT® are registered trademarks of LINBIT, Austria.



smime.p7s
Description: S/MIME Cryptographic Signature
___
drbd-user mailing list
drbd-user@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/drbd-user

[DRBD-user] Repositories

2018-02-08 Thread Jean-Daniel TISSOT 
Hi,

I will switching to three Proxmox V5.1 nodes for HA with DRBD.
Since V5, drbdmanage and drbd-utils are no more available as debian
packages on Proxmox repositories.

Does Linbit provide repositories for Debian stretch for theses packages ?

Thanks in advance.

-- 
Best regards, Jean-Daniel TISSOT


___
drbd-user mailing list
drbd-user@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/drbd-user