1006AM CET - yesterday we have noticed that the cloud linux kernel care updating is not working as expected so have been advised by cloudlinux.com to apply kernel.modules_disabled=0 to the /etc/sysctl.conf file and restart the server.

1009AM CET - Server is back online and are checking the update status of the kernel and appears to be a different issues now, so are going to revert back to the cloudlinux support team and get their feedback. In the meantime server is operating as normal.

1011AM CET - We have noticed an internal server error on all web sites on the server so are investigating. Another cpanel user here: https://forums.cpanel.net/threads/internal-server-error.454182/ had a similar issue, so are investigating.

1016AM CET - it seems the server booted into an unsupported cloudlinux kernel, so have changed the boot sequence to use an LVE kernel and are rebooting again to see if this resolves the issue. Rebooting on this server takes appx 2-3 minutes.

1020AM CET - Server is back again and checking sites and they are all working as expected however there is some conflicting feedback in kernel care update as its saying its updated but throwing a couple of errors.

[root@musk ~]# /usr/bin/kcarectl --update
Updates already downloaded
insmod: ERROR: could not insert module /lib/modules/3.10.0-427.36.1.lve1.4.47.el7.x86_64/extra/kcare.ko: Operation not permitted
Unable to load kmod (/lib/modules/3.10.0-427.36.1.lve1.4.47.el7.x86_64/extra/kcare.ko 1)

So we have reverted back to cloud linux support team to get their feedback and see if the errors are serious or not.

1042AM CET - The cloudlinux support team have requested access to the server to investigate the issue with kernel care errors. In the meantime server is runnig normally and no apparent issues. Hopefully their solution will not require any more reboots!

1257PM CET - We have heard back from cloudlinux support team and been told that due to have ASL firewall installed we need to take some extra steps and manually disable the ASL kernel.

from coudlinux support team

You still use the setting which disables the kernel modules, so kcare or lve modules are not loaded and this causes the issues with KernelCare, CageFS etc.
# sysctl -a| grep modules
sysctl: unable to open directory "/proc/sys/fs/binfmt_misc/"
kernel.modules_disabled = 1

Your sysctl config file looks fine, but I've found that you have also Atomic Secured Linux - please see #/etc/rc3.d/S99asl-mod status , so it switch on 'kernel.modules_disabled' during the restart, see # /etc/rc.d/init.d/asl-mod status for more information.

So you need to disable Atomic Secured Linux ( then it appears that one more reboot will be needed)  and this should resolve the issue.


So we will apply the above recomendations and also note the instructions here from ASL: https://wiki.atomicorp.com/wiki/index.php/Kernel#If_you_want_to_switch_to_a_different_kernel and then attemtp to reboot. We will not do this today, perhaps sunday 21st of May.


Saturday, May 20, 2017

« Back