[CentOS] How to blacklist a device driver (sysemd)

Fri Nov 17 14:51:40 UTC 2017
Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS <todd.denniston at navy.mil>

> -----Original Message-----
> From: James Pearson [mailto:james-p at moving-picture.com]
> Sent: Friday, November 17, 2017 5:21 AM
> To: CentOS mailing list; Frank Thommen
> Subject: Re: [CentOS] How to blacklist a device driver (sysemd)
> Frank Thommen wrote:
> > Hi,
> >
> > how can a specific device driver in CentOS 7 be blacklisted, so that it
> > doesn't load at boot time?  We have Infiniband adapters which are not
> > completely supported by CentOS and we want to silence the error messages
> > for the time being.
> >
> > I tried with the files
> >
> >    /etc/modprobe.d/blacklist
> >    /etc/modprobe.d/blacklist.conf
<SNIP reasonable blacklist changes>
> >
> > None of these entries helps.  mlx5_core and mlx5_ib are still loaded and
> > the system is flooded with error messages.
> They are probably being loaded via the initramfs at boot time - i.e.
> before the real root is mounted (where the blacklist entries exist)
Having had to blacklist things like this in the past, it has been my experience that James is correct.
If the driver is available in the existing initrd (created before the updates to the blacklists), then the driver WILL be loaded prior to the blacklists being read.
For me I found two solutions that worked:
1) (re)install a new kernel after blacklist creation (which causes an dracut run with all the correct parameters)
2) create the blacklists, then workout the correct dracut parameters and run it.

obviously from the point of avoiding research time, doing a boot into an _older_ kernel, 
'yum remove kernel-currentversion; yum update kernel' is easier, but once you figure out how to tell Dracut to use it's usual parameters for each machine you can avoid the time of doing the extra reboot on a bunch of machines.  It has been ~4 years since I looked at this so I don't remember how to automate using the right options per machine.
Or you could wait for the next CentOS 7 kernel update...Unfortunately the CVE's for the 6 kernel that just came out were all fixed in the 7 kernel back in October, so I have no expectation of a new 7 kernel anytime soon.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the terms of any contract.