Chapter 59. Servers and Services

Rsyslog cannot proceed if the default maximum of open files is exceeded

Rsyslog sometimes runs over the default limits for maximum number of open files. Consequently, rsyslog cannot open new files.
To work around this problem, modify the rsyslog configuration by increasing this limit to align with systemd-journald. To do so, create a drop-in file named /etc/systemd/system/rsyslog.service.d/increase_nofile_limit.conf with the following content:

Upgrading a RHEL 7.5 node to RHEL 7.6 in RHOSP 10 breaks virtual machines on the node

Currently, upgrading a Red Hat Enterprise Linux 7.5 node to Red Hat Enterprise Linux 7.6 in Red Hat OpenStack Plaform 10 causes virtual machines hosted on that node to become unable to start.
To work around this problem, edit the /etc/modprobe.d/kvm.rt.tuned.conf file on the compute node, remove the following line, and reboot the node:
options kvm_intel ple_gap=0
For this to work reliably, perform the changes before upgrading the node from RHEL 7.5 to RHEL 7.6. (BZ#1649408)

FTP-based logins are unavailable for a common vsftpd configuration

This update removes the /sbin/nologin and /usr/sbin/nologin login shells from the /etc/shells file due to security reasons. Consequently, when the configuration of the Very Secure File Transfer Protocol Daemon, vsftpd, is modified to enable the chroot_local_user, FTP logins are impossible.
To work around this problem, add /sbin/nologin or /usr/sbin/nologin, respectively, to the /etc/shells file. As a result, a login shell for users that are allowed to use FTP, but not SSH, is available again. However, note that this workaround exposes vsftpd to the security risk described at (BZ#1647485, BZ#1571104)

Teaming might not work correctly in the rescue system after applying RHBA-2019:0498

Updates provided by advisory RHBA-2019:0498 fixed several problems in ReaR affecting complex network configurations. These bugs previously made it impossible to restore backups accessed over the network without manual intervention. However, in case of teaming, this update might introduce another problem. If the team has multiple member interfaces, the team device might not be configured correctly in the rescue system. To work around this problem, preserve the previous behavior by adding the following line in the /etc/rear/local.conf file :
For the newly added LACP support, temporarily remove all interfaces but one from the team during the rescue image creation process as a workaround. (BZ#1685166)