This topic describes known issues of Alibaba Cloud images on different platforms, the scope of these issues, and their corresponding solutions.

Debian 9.6: Classic network configuration

The following section describes the issue details, involved images, and solution.
  • Problem description: Classic network-type instances created from Debian 9 public images cannot be pinged.
  • Cause: Instances in classic networks cannot automatically obtain IP addresses through the Dynamic Host Configuration Protocol (DHCP) because Debian 9 disables the systemd-networkd service by default.
  • Image: debian_9_06_64_20G_alibase_20181212.vhd
  • Solution: Run the following commands:
    systemctl enable systemd-networkd 
    systemctl start systemd-networkd

CentOS 6.8: An instance installed with the NFS client fails to respond

The following section describes the issue details, involved images, and solution.
  • Problem description: An instance that is running CentOS 6.8 and has an installed NFS client fails to respond and must be restarted.
  • Cause: When you use the NFS service, the NFS client attempts to end a TCP connection if a glitch occurs due to communication latency. Specifically, if the NFS server is delayed in sending a response to the NFS client, the connection initiated by the NFS client may be stalled in the FIN_WAIT2 state. Normally, a connection expires and closes one minute after the connection enters the FIN_WAIT2 state, and the NFS client will initiate another connection. However, kernel versions 2.6.32-696 to 2.6.32-696.10 have issues with establishing TCP connections. As a result, the connection will remain in the FIN_WAIT2 state, the NFS client is unable to recover the TCP connection, and a new TCP connection cannot be initiated.
  • Images: centos_6_08_32_40G_alibase_20170710.vhd and centos_6_08_64_20G_alibase_20170824.vhd
  • Solution: Run the yum update command to upgrade the kernel to versions 2.6.32-696.11 or later.
    Notice Before you perform any operations on the instance, you must Create a snapshot to back up your data.

CentOS 7: The hostname changes from uppercase to lowercase letters after the instance is restarted

The following section describes the issue details, involved images, and solution.
  • Problem description: After ECS instances are restarted for the first time, the hostnames of some instances that run CentOS 7 change from uppercase to lowercase letters. The following table describes some examples.
    Hostname Hostname after the instance is restarted for the first time Does the hostname remain in lowercase after the restart?
    iZm5e1qe*****sxx1ps5zX izm5e1qe*****sxx1ps5zx Yes
    ZZHost zzhost Yes
    NetworkNode networknode Yes
  • Images: The following CentOS public images and custom images created from these public images are affected:
    • centos_7_2_64_40G_base_20170222.vhd
    • centos_7_3_64_40G_base_20170322.vhd
    • centos_7_03_64_40G_alibase_20170503.vhd
    • centos_7_03_64_40G_alibase_20170523.vhd
    • centos_7_03_64_40G_alibase_20170625.vhd
    • centos_7_03_64_40G_alibase_20170710.vhd
    • centos_7_02_64_20G_alibase_20170818.vhd
    • centos_7_03_64_20G_alibase_20170818.vhd
    • centos_7_04_64_20G_alibase_201701015.vhd
  • Hostname: If the hostnames of your applications are case-sensitive, restarting such instances may affect the availability of corresponding services. The following table describes whether the hostname will change after an instance is restarted.
    Current state of hostname Will the hostname change after an instance restart? When will the change take effect? Continue reading this section?
    The hostname contains uppercase letters at the time of instance creation (either in the ECS console or through ECS API operations). Yes When the instance is restarted for the first time. Yes
    The hostname contains no uppercase letters at the time of instance creation (either in the ECS console or through ECS API operations). No N/A No
    You log on to the instance and modify its hostname so that the hostname contains uppercase letters. No N/A Yes
  • Solution: To retain uppercase letters in a hostname after you restart an instance, follow these steps:
    1. Connect to the instance. For more information, see Overview.
    2. View the existing hostname.
      [root@izbp193*****3i161uynzzx ~]# hostname
      izbp193*****3i161uynzzx
    3. Run the following command to staticize the hostname.
      hostnamectl set-hostname --static iZbp193*****3i161uynzzX
    4. Run the following commands to view the updated hostname.
      [root@izbp193*****3i161uynzzx ~]# hostname
      iZbp193*****3i161uynzzX
  • Additional actions: If you are using a custom image, we recommend that you update cloud-init to the latest version and create a custom image again to prevent the previous issue from occurring to the image. For more information, see Install cloud-init for Linux images and Create a custom image by using an instance.

Linux: Pip requests time out

The following section describes the issue details, involved images, and solution.
  • Problem description: Pip requests occasionally time out or fail.
  • Images: CentOS, Debian, Ubuntu, SUSE, openSUSE, and Aliyun Linux.
  • Cause: Alibaba Cloud provides three pip source addresses. The default address is mirrors.aliyun.com. To access this address, instances must be able to access the Internet. If your instance has no public IP address assigned, a pip request will time out.
    • (Default) Public network: mirrors.aliyun.com
    • VPCs: mirrors.cloud.aliyuncs.com
    • Classic networks: mirrors.aliyuncs.com
  • Solution: You can solve the problem through one of the following methods:
    • Method 1

      Assign a public IP address to your instance by associating an Elastic IP Address (EIP) with your instance. For more information, see Associate an EIP with an ECS instance.

      A subscription instance can also be reassigned a public IP address by changing its specifications. For more information, see Upgrade configurations of Subscription instances.

    • Method 2
      If a pip request fails, you can run the fix_pypi.sh script in your ECS instance and retry the pip operation. The procedure is as follows:
      1. Connect to the instance. For more information, see Connect to a Linux instance by using the Management Terminal.
      2. Run the following command to obtain the script file.
        wget http://image-offline.oss-cn-hangzhou.aliyuncs.com/fix/fix_pypi.sh
      3. Run the script based on the network type of your instance.
        • For instances in VPCs, run the bash fix_pypi.sh "mirrors.cloud.aliyuncs.com" command.
        • For instances in classic networks, run the bash fix_pypi.sh "mirrors.aliyuncs.com" command.
      4. Retry the pip operation.
      The content of fix_pypi.sh is as follows:
      #! /bin/bash
      
      function config_pip() {
          pypi_source=$1
      
          if [[ ! -f ~/.pydistutils.cfg ]]; then
      cat > ~/.pydistutils.cfg << EOF
      [easy_install]
      index-url=http://$pypi_source/pypi/simple/
      EOF
          else
              sed -i "s#index-url.*#index-url=http://$pypi_source/pypi/simple/#" ~/.pydistutils.cfg
          fi
      
          if [[ ! -f ~/.pip/pip.conf ]]; then
          mkdir -p ~/.pip
      cat > ~/.pip/pip.conf << EOF
      [global]
      index-url=http://$pypi_source/pypi/simple/
      [install]
      trusted-host=$pypi_source
      EOF
          else
              sed -i "s#index-url.*#index-url=http://$pypi_source/pypi/simple/#" ~/.pip/pip.conf
              sed -i "s#trusted-host.*#trusted-host=$pypi_source#" ~/.pip/pip.conf
          fi
      }
      
      config_pip $1

Aliyun Linux 2: Enabling the CONFIG_PARAVIRT_SPINLOCK kernel feature causes performance issues

The following section describes the issue details, involved images, and solution.
  • Problem description: After you enable the CONFIG_PARAVIRT_SPINLOCK kernel feature, application performance is significantly affected when an ECS instance has a large number of vCPUs and a large number of lock contentions exist in applications. For example, timed-out connections deteriorate the performance of an NGINX application.
  • Image: Aliyun Linux 2
  • Solution: We recommend that you keep the CONFIG_PARAVIRT_SPINLOCK kernel feature disabled for Aliyun Linux 2 (disabled by default). And if you are not sure how to resolve the kernel problem, do not enable the CONFIG_PARAVIRT_SPINLOCK feature.

Aliyun Linux 2: Setting the THP switch to always affects system stability and causes performance issues

The following section describes the issue details, involved images, and solution.
  • Problem description: After you set the Transparent Hugepage (THP) switch in your production environment to always, the system becomes unstable and performance is deteriorated.
  • Image: Aliyun Linux 2
  • Solution: Set the THP switch to madvise. In scenarios such as when running performance benchmark testing by using test suites, system performance is deteriorated if this switch is set to madvise compared with always. However, these testing results might not be reliable or match real-world conditions. Therefore, we recommend that you retain the madvise setting to prevent the system from being affected by other contentions.

Aliyun Linux 2: A delegation conflict occurred in NFS V4.0

The following section describes the issue details, involved images, and solution.

Aliyun Linux 2: NFS V4.1 or V4.2 has a defect that can prevent applications from logging out

The following section describes the issue details, involved images, and solution.
  • Problem description: In NFS V4.1 or V4.2, if you use Asynchronous I/O (AIO) in applications to distribute requests and close the corresponding file descriptors before all I/O operations are returned, a livelock may be triggered and the corresponding process cannot be ended.
  • Image: Aliyun Linux 2
  • Solution: This problem has been fixed in kernel versions 4.19.30-10.al7 and later. Application exit failure is not likely to occur. Decide whether you need to upgrade the kernel to fix this issue. To upgrade the kernel version, run the sudo yum update kernel -y command.
    Notice
    • Upgrading the kernel may result in system boot failure. Exercise caution when performing this action.
    • Before you upgrade the kernel, make sure you have created a snapshot or custom image to back up data. For more information, see Create a snapshot or Create a custom image by using an instance.

Aliyun Linux 2: System performance is affected when important security vulnerabilities such as Spectre or Meltdown are fixed

The following section describes the issue details, involved images, and solution.
  • Problem description: In the kernel of Aliyun Linux 2, the repair of important security vulnerabilities such as Meltdown or Spectre in processors is enabled by default, which affects system performance. As a result, performance may be deteriorated during performance benchmark testing.
  • Image: Aliyun Linux 2
  • Solution: Meltdown and Spectre are two important vulnerabilities in Intel chips. These vulnerabilities allow attackers to steal sensitive application data from the system memory. We recommend that in normal circumstances you do not disable the repair function. However, if you need to maximize system performance, you can run the following commands to disable the repair function:
    1. Run the following commands to add nopti nospectre_v2 to the kernel startup parameters.
      sudo sed -i 's/\(GRUB_CMDLINE_LINUX=".*\)"/\1 nopti nospectre_v2"/' /etc/default/grub
      sudo grub2-mkconfig -o /boot/grub2/grub.cfg
    2. Run the following command to restart the system.
      sudo reboot