after this latest centos 5 kernel update, i am seeing 40 second delays on automount points. nothing in the rpm changelog looks obviously related to autofs and the autofs module seems to be the same as the previous kernel. i'm starting to do some strace'ing and other debugging, but nothing has jumped out at me yet. i'm hoping someone else has seen it so i know i'm not alone :-).
On Sat, May 24, 2008 12:47 pm, Joe Pruett wrote:
after this latest centos 5 kernel update, i am seeing 40 second delays on automount points. nothing in the rpm changelog looks obviously related to autofs and the autofs module seems to be the same as the previous kernel. i'm starting to do some strace'ing and other debugging, but nothing has jumped out at me yet. i'm hoping someone else has seen it so i know i'm not alone :-).
What type(s) of filesystems are you experiencing this with? I am seeing no additional delays with CIFS filesystems after the upgrade.
On Sat, 24 May 2008, Marko A. Jennings wrote:
What type(s) of filesystems are you experiencing this with? I am seeing no additional delays with CIFS filesystems after the upgrade.
for nfs mounts. i am using a centos 4 nfs server, but from running strace and enabling -d for automount, the delay seems to be before it unvokes mount so i think it is just client side.
i have found the underlying cause of this. it is dns resolution taking too long. and this is because my primary dns server is over an ipsec tunnel and the ipsec tunnel doesn't seem to want to work. i am getting a session established, but traffic doesn't flow. i have reset both ends and still no joy. i do have some firewalling in place and will be testing that next.
so, has anyone seen ipsec get messed up with the latest kernel?
On Tue, 27 May 2008, Joe Pruett wrote:
so, has anyone seen ipsec get messed up with the latest kernel?
i have verified that dropping back to the 53.1.19 kernel makes ipsec function again. with the new 5.2 kernel coming soon, i'm not sure if it makes sense to try and figure this out or not.
Joe Pruett wrote:
On Tue, 27 May 2008, Joe Pruett wrote:
so, has anyone seen ipsec get messed up with the latest kernel?
i have verified that dropping back to the 53.1.19 kernel makes ipsec function again. with the new 5.2 kernel coming soon, i'm not sure if it makes sense to try and figure this out or not.
This is already solved on another thread ... but for closure on this one, there is a known bug here with that kernel and ipsec:
On Thu, 29 May 2008, Johnny Hughes wrote:
This is already solved on another thread ... but for closure on this one, there is a known bug here with that kernel and ipsec:
that bug entry does say to use the upstream bug for info about a workaround, but the upstream bug is blocked to mere mortals. is there a workaround other than just using the older kernel?
Joe Pruett wrote:
On Thu, 29 May 2008, Johnny Hughes wrote:
This is already solved on another thread ... but for closure on this one, there is a known bug here with that kernel and ipsec:
that bug entry does say to use the upstream bug for info about a workaround, but the upstream bug is blocked to mere mortals. is there a workaround other than just using the older kernel?
Did you see the added note?
I quote:
"For the benefit of those who do not have access to the upstream bugzilla report, this bug has been fixed in the updated 5.2 kernel (version number 2.6.18-92.el5), and this kernel also contains the CVE-2007-6282 patch. I would recommend that people affected by this bug upgrade to 2.6.18-92.el5."
on 5-29-2008 12:42 PM Ned Slider spake the following:
Joe Pruett wrote:
On Thu, 29 May 2008, Johnny Hughes wrote:
This is already solved on another thread ... but for closure on this one, there is a known bug here with that kernel and ipsec:
that bug entry does say to use the upstream bug for info about a workaround, but the upstream bug is blocked to mere mortals. is there a workaround other than just using the older kernel?
Did you see the added note?
I quote:
"For the benefit of those who do not have access to the upstream bugzilla report, this bug has been fixed in the updated 5.2 kernel (version number 2.6.18-92.el5), and this kernel also contains the CVE-2007-6282 patch. I would recommend that people affected by this bug upgrade to 2.6.18-92.el5."
Is that the kernel to be released with 5.2?
Scott Silva wrote:
on 5-29-2008 12:42 PM Ned Slider spake the following:
Joe Pruett wrote:
On Thu, 29 May 2008, Johnny Hughes wrote:
This is already solved on another thread ... but for closure on this one, there is a known bug here with that kernel and ipsec:
that bug entry does say to use the upstream bug for info about a workaround, but the upstream bug is blocked to mere mortals. is there a workaround other than just using the older kernel?
Did you see the added note?
I quote:
"For the benefit of those who do not have access to the upstream bugzilla report, this bug has been fixed in the updated 5.2 kernel (version number 2.6.18-92.el5), and this kernel also contains the CVE-2007-6282 patch. I would recommend that people affected by this bug upgrade to 2.6.18-92.el5."
Is that the kernel to be released with 5.2?
yes ... and we have it built already ... but I am not sure everything else that might need to go with it. module-init-tools and mkinitrd are also upgrades so those for sure
But rather than releasing pieces, I would think that using the older kernels on ipsec machines would be best for a couple weeks.
----- Original message ----- From: "Joe Pruett" joey@clean.q7.com To: centos@lists.centos.org Date: Sat, 24 May 2008 09:47:43 -0700 (PDT) Subject: [CentOS] 40 second delay on automounts with 2.6.18-53.1.21.el5 kernel
after this latest centos 5 kernel update, i am seeing 40 second delays on automount points. nothing in the rpm changelog looks obviously related to autofs and the autofs module seems to be the same as the previous kernel. i'm starting to do some strace'ing and other debugging, but nothing has jumped out at me yet. i'm hoping someone else has seen it so i know i'm not alone :-). _______________________________________________ I am not seeing any delay on automount. I upgraded both NFS client and server to the 2.6.18-53.1.21.el5 kernel.
- Fred
-
Fred Noz -
Joe Pruett -
Johnny Hughes -
Marko A. Jennings -
Ned Slider -
Scott Silva