Elastic Compute Service:Operating system O&M FAQ

General issues for Alibaba Cloud Linux

• Enabling the CONFIG_PARAVIRT_SPINLOCK kernel option may cause performance issues

• A printk deadlock in an Alibaba Cloud Linux system causes the system to go down

• How to disable CPU vulnerability fixes in an Alibaba Cloud Linux system

• Known issues that may exist in NFS v4.x

• What should I do if SysAK 2.2.0 causes a segmentation fault when I run the DNF command?

• How do I avoid application performance fluctuations caused by cgroups?

• What should I do if an operation fails due to a lack of read permissions for the Overlayfs file system in an Alibaba Cloud Linux system?

• Causes and solutions for OOM Killer

• How do I troubleshoot the cause of high slab_unreclaimable memory usage?

• Measures to cope with Linux memory fragmentation

• How to customize DNS configuration in an Alibaba Cloud Linux instance through the "/etc/resolv.conf" file

• An application in an ECS instance occasionally experiences packet loss, and the kernel log (dmesg) contains the error message "kernel: nf_conntrack: table full, dropping packet"

• Is there a fee for running Alibaba Cloud Linux in Alibaba Cloud ECS?

• Which Alibaba Cloud ECS instance types does Alibaba Cloud Linux support?

• Does Alibaba Cloud Linux support 32-bit applications and libraries?

• Does Alibaba Cloud Linux support a graphical user interface (GUI)?

Alibaba Cloud Linux 3

• The sch_netem module is missing in the Alibaba Cloud Linux 3 system

• Method and impact of configuring XPS in an Alibaba Cloud Linux 3 system

• Solution to the kernel upgrade error in the Alibaba Cloud Linux 3.8 image

• How to disable CPU vulnerability fixes in an Alibaba Cloud Linux system

• Solution to the issue where the load is greater than 1 under no-load conditions in an Alibaba Cloud Linux 3 system

• What should I do if the file read performance of the NFS file system in an Alibaba Cloud Linux 3 system does not meet expectations?

Alibaba Cloud Linux 2

• Performance tuning methods related to Transparent Enormous Pages (THP) in an Alibaba Cloud Linux 2 system

• How do I fix the polkit memory leak issue in Alibaba Cloud Linux 2?

• Description of abnormal systemd service issues in an Alibaba Cloud Linux 2 system

• How to enable or disable IPv6 in Alibaba Cloud Linux 2

• How do I install and enable a later version of curl in Alibaba Cloud Linux 2?

• What should I do if I cannot query and configure routing information in an ECS instance that runs Alibaba Cloud Linux 2?

• What should I do if an ECS instance that runs Alibaba Cloud Linux 2 fails to create many processes?

• What should I do if the TCP BBR congestion control algorithm affects network performance in an Alibaba Cloud Linux 2 system?

• Solution to the issue where the Buffer I/O write performance of the ext4 file system does not meet expectations in an ECS instance that uses an Alibaba Cloud Linux 2 image

• Solution to the issue where the Send-Q field returns a value of 0 when the ss command is run in an ECS instance that runs Alibaba Cloud Linux 2

• Performance tuning methods related to Transparent Enormous Pages (THP) in an Alibaba Cloud Linux system

• Attaching Overlayfs fails in an ECS instance that runs Alibaba Cloud Linux 2 because the attach directory is shared

• What should I do if the kernel log of an ECS instance that runs Alibaba Cloud Linux 2 contains the message "integrity: Unable to open file"?

• Can I view the source code of Alibaba Cloud Linux 2 components?

• Is Alibaba Cloud Linux 2 backward compatible with previous versions of Aliyun Linux?

• Which third-party applications can run on Alibaba Cloud Linux 2?

• How does Alibaba Cloud Linux 2 ensure data security?

• Does Alibaba Cloud Linux 2 support data encryption?

• How do I set permissions for Alibaba Cloud Linux 2?

FAQ and solutions for Linux operating systems (GuestOS)

Startup failures

• Check whether block device information exists in the fstab file

• Check whether block devices are correctly attached in the fstab file

• Check whether the content format of the fstab file is correct

• Use the fsck command to check system files

Logon failures

• Check whether the limits settings are correct

• Check whether a password exists for the critical system user (the root account)

• Check the format of critical system files

• Check whether the SSH access permission configuration is correct

• Check whether critical files or directories required for SSH access exist

• Check whether the enormous page memory setting is too large

• Check whether the operating system is out of memory (OOM)

• Check whether the system firewall is enabled

• Check whether TCP SACK is enabled

• Check whether the UDP cache has overflowed

• Check whether SELinux is enabled

• Unable to log on to an instance using SSH or VNC

• An error is reported when connecting to an instance

Instance access failures

• Check whether the kernel parameters for the NAT environment are correct

• Check whether processes are started and whether common service ports are in the listening state

Network connection failures

• Check whether the DHCP configuration is correct

• Check whether network-related processes exist

• Check whether multi-queue for network interface cards is enabled

Performance issues

• Check whether the TCP backlog has overflowed

• Is the CPU usage too high?

• Files cannot be written to the disk

FAQ and solutions for Windows operating systems (GuestOS)

Logon failures

• Check whether port 3389 of the Windows system is open

  You can use the Remote Desktop Protocol (RDP) service to easily manage and operate Windows instances. If you do not enable the RDP service, you cannot establish a remote desktop connection. For more information, see How to start the RDP service for a Windows instance.

• Check whether the virtio driver version is too old

  If the virtio driver version is too old, you may not be able to log on to the instance. For more information, see Update the virtio driver of a Windows instance.

• Check whether the firewall is set correctly

  Improper firewall settings may prevent you from logging on to the instance. For more information, see Windows system firewall policy configuration guide.

Performance issues

• Is the CPU usage too high?

  If the CPU usage remains high, the system stability and business operations are affected. For more information, see Troubleshoot and resolve high CPU usage on a Windows instance.

• Check the version of the Windows operating system

  Microsoft stopped providing support for Windows Server 2008 and Windows Server 2008 R2 on January 14, 2020. Therefore, Alibaba Cloud no longer provides technical support for ECS instances that run these operating systems. If you have ECS instances that run these operating systems, update them to Windows Server 2012 or later as soon as possible. For information about currently supported images, see Public images. You can also view them on the purchase page.

• Check the disk capacity

  Sometimes, the disk space of the C drive in a Windows system continuously decreases, which prevents the system from operating normally. For more information, see Troubleshooting ideas for reduced free space on the C drive of a Windows instance.

How do I change the operating system (system disk)?

You can change the operating system of a system disk by changing the image of an ECS instance.

Can I use a custom image created from a server under Account A to change the operating system for a server under Account B?

Yes. First, Account A must share a custom image with Account B. Then, Account B can use the shared image to replace the operating system of the system disk.

If an image contains data disks, can I use it to change the operating system?

You can use an image that contains data disks to change the operating system. Only the system disk of the original instance is replaced. The data disks of the original instance are not affected.

What is the difference between changing the operating system and re-initializing the system disk?

What do I do if scaling out the system disk by changing the operating system fails?

When you scale out a system disk by changing the operating system, the partition may fail to be scaled out due to a timeout. For systems that failed to scale out, you must manually extend the partition. For more information, see Extend partitions and file systems (Linux). This method only extends the system disk partition and does not affect the system version.

What do I do if I cannot select the destination image and a message indicates that the instance is not I/O optimized when I change the operating system?

How do I reset the system time zone to the local time zone

For a single instance, you can run the timedatectl set-timezone local_timezone_xxx/xxx command in the system to change the time zone to your local time zone.

For multiple instances, you can use the batch modification feature of Cloud Assistant.

What type of container runtime is included in the Windows Server with Container image?

Due to changes in Microsoft's support policy for container runtimes (for more information, see Supported Container Runtime on Windows Server), the Windows Server with Container images updated by Alibaba Cloud ECS since 2024 no longer have the Mirantis Container Runtime (MCR) pre-installed. It is replaced with the open source containerd container runtime library. If you require MCR, you must purchase and install Mirantis Container Runtime from Mirantis.

Starting from March 1, 2024, the Windows Server with Container images provided by Alibaba Cloud ECS include the following container-related components:

• Windows Server container feature component, which does not support Hyper-V isolation. For more information, see Windows and containers.

• Containerd runtime library, version 1.7.13. For more information, see containerd.

• nerdctl.exe, a command-line interface for managing containers, version 1.7.13. For more information, see nerdctl.

• nat.exe, a Container Network Interface (CNI) plugin for Windows container networking, version 1.0.0. For more information, see windows-container-networking.

Why does a Windows system fail to write data when executing userdata?

Description

Executing user data to write data to the C:\Users\Administrator\Desktop\userData_test.txt path fails, and a message indicates that the path could not be found.

Cause

In a Windows system, C:\Users and its subdirectories are the default storage locations for user profiles and data. They can be accessed only after you log on to the system. During the system initialization phase when user data is executed, you have not yet logged on to the system. Therefore, writing data to the C:\Users directory fails.

Solution

Change the path for writing data in the user data to another path, for example:

[bat]
echo "userData" > C:\userData_test.txt

For more information, see Customize instance initialization configurations.

What are the limits of the Windows Server 2025 image?

• vCPU: 1 to 640

• Memory: 2 GiB to 48 TiB

• ECS instance types

  Due to compatibility issues, the following ECS instance types do not currently support this image:

  • All ECS Bare Metal Instance families

  • 6th generation AMD instance types (general-purpose instance family g6a, compute-optimized instance family c6a, and memory-optimized instance family r6a)

On Windows Server 2008, frequent calls to the system API `timeBeginPeriod` cause the Windows system time to slow down or speed up. You can perform the following operations to resolve this issue:

1. Remotely log on to the ECS instance.

   For more information, see Log on to a Windows instance using Workbench.

2. Download the tool.

3. Decompress CheckTimeBeginPeriod.zip.

4. Decompress bin.zip, go to the bin directory, and then double-click the .exe file.

   • For a 64-bit operating system, double-click InjectDllx64.exe.

   • For a 32-bit operating system, double-click InjectDllx86.exe.

   The printed process is the one that calls `timeBeginPeriod`.

5. Stop or update the program that calls `timeBeginPeriod`, as needed.

If the issue persists, you can submit a ticket for technical support.

How do I get technical support if I encounter problems when using Red Hat Enterprise Linux?

Unlike the traditional method of logging in to the Red Hat system to submit a support request, you can directly submit a ticket for technical support. Alibaba Cloud after-sales engineers will help you resolve the problems you encounter. If the problem involves a Red Hat Enterprise Linux issue that Alibaba Cloud cannot resolve, Alibaba Cloud submits the issue to Red Hat, which is responsible for providing the final technical support.

Which official Red Hat subscriptions are included in the Red Hat Enterprise Linux images provided by Alibaba Cloud?

The Red Hat images provided by Alibaba Cloud include Red Hat Enterprise Linux (RHEL) product subscriptions. The related software repository sources are as follows:

• RHEL 7

  • Red Hat Enterprise Linux 7 Server - Extras from RHUI (RPMs)

  • Red Hat Enterprise Linux 7 Server - Optional from RHUI (RPMs)

  • Red Hat Enterprise Linux 7 Server from RHUI (RPMs)

• RHEL 8 & RHEL 9

  • BaseOS

  • AppStream

  The latest RHEL 8 & RHEL 9 images also have the CodeReady Linux Builder and Supplementary repositories pre-configured by default. To use these two software repositories in your purchased RHEL 8 & 9 instances, contact Alibaba Cloud after-sales support to obtain them.

  For more information about the software repository sources and package lists for RHEL 8 & RHEL 9, see the RHEL 8 Package Manifest and the RHEL 9 Package Manifest.

Alibaba Cloud Red Hat images provide only RHEL product packages. To install packages for products other than RHEL, such as Red Hat Satellite or Red Hat Ceph Storage, you need to purchase a Red Hat subscription yourself, register the host, and subscribe to the relevant products.

Why is a Red Hat operating system purchased on Alibaba Cloud displayed as unsubscribed (Unknown)?

This is normal. When you purchase a Red Hat Enterprise Linux image, you can obtain updates from Red Hat from the update sources provided by Alibaba Cloud. The difference from the traditional model is that you do not receive a separate Red Hat account to obtain updates from the update sources provided by Red Hat. Therefore, when you run the subscription-manager command inside the instance to view the subscription status, the system is in an unsubscribed state, as shown in the following output.

+-------------------------------------------+
 System Status Details
+-------------------------------------------+
Overall Status: Unknown

System Purpose Status: Unknown

What service support is provided for SUSE operating systems?

The SUSE Linux Enterprise Server (SLES) operating systems sold online by Alibaba Cloud are regularly synchronized with SUSE update sources. For instances created from SLES public images, the operating system support service is included in Alibaba Cloud's enterprise-level support services. If you have purchased an enterprise-level support service, you can submit a ticket to obtain technical support. The Alibaba Cloud engineer team will assist you in resolving issues that occur on the SLES operating system.

What do I do if a "command not found" error is reported when I run the wget command in a Linux ECS instance?

What do I do if a "Permission denied" error is reported when I use the wget command to download files in a Linux ECS instance?

wget bash: /usr/bin/wget: Permission denied

Symptoms

In a Windows ECS instance, the installation of the AD domain controller fails with an "Installation of Active Directory Domain Services binaries failed" error.

Cause

Opening the Event Viewer reveals an error. The Remote Registry service is disabled and cannot be started.

Solution

Follow these steps to start the Remote Registry service.

1. Remotely connect to the Windows instance.

   For more information, see Log on to a Windows instance using a password or key.

2. Choose Start > Run, enter services.msc, and then click OK.

3. In the Services window, double-click the Remote Registry service to open the Remote Registry Properties window, and set the following options.

   • In the Startup type section, select Automatic.

   • In the Service status section, click Start to make sure that the Remote Registry service is running normally.

4. Click OK to save the settings.

Symptoms

When installing an AD domain controller on a Windows ECS instance, a message "This computer has dynamically assigned IP addresses" is displayed.

Cause

At least one physical network adapter on the Windows ECS instance does not have a static IP address assigned to its IP properties.

Solution

1. Remotely connect to the Windows instance.

   For more information, see Log on to a Windows instance using a password or key.

2. Install the AD domain controller.

3. In the Static IP Assignment dialog box that appears during the AD domain installation, click Yes.

Symptoms

When installing an AD domain controller on a Windows ECS instance, an "0x0000232B RCODE_NAME_ERROR" error code is displayed.

Cause

This may be due to an incorrect IP address configuration in the DNS server.

Solution

Follow these steps to change the DNS server for both the internal and external network adapters of the Slave to the private endpoint of the Master.

1. Remotely connect to the Windows instance.

   For more information, see Log on to a Windows instance using a password or key.

2. Go to the Internet Protocol Version 4 (TCP/IPv4) Properties window, change the DNS server address, and then click OK.

   Note

   Change the DNS server address to the actual private endpoint of the Master.

   

3. Check if you can ping the DNS server IP address.

Symptoms

When installing an AD domain controller on a Windows ECS instance, a "The Network Path Was Not Found" error is displayed.

Cause

The possible causes are as follows:

• The TCP/IP NetBIOS Helper and Remote Registry services on the AD domain controller and the client are not started.

• The DNS configuration of the client and the AD domain controller is incorrect.

• The SIDs of the client and the AD domain controller conflict.

• The firewall and security software are blocking the connection.

Solution

Follow these steps to troubleshoot.

• Change the client SID

  Follow these steps to change the client SID.

  1. Remotely connect to the Windows instance.

     For more information, see Log on to a Windows instance using a password or key.

  2. Download the PowerShell script to change the client SID.

     • Download address: AutoSysprep.ps1

     • Script source: Alibaba Cloud official

  3. Open CMD and enter PowerShell to switch to the Windows PowerShell interface.

     Note

     If your instance is running a 64-bit operating system, you cannot use 32-bit PowerShell (that is, Windows PowerShell (x86)). Otherwise, an error is reported.

  4. Switch to the path where the script is stored and run the following command to view the script tool description.

     .\AutoSysprep.ps1 -help

  5. Run the following command to re-initialize the server's SID.

     .\AutoSysprep.ps1 -ReserveHostname -ReserveNetwork -SkipRearm -PostAction "reboot"

     After initialization is complete, the instance restarts. Note the following:

     • The method for obtaining the IP address changes from DHCP to a fixed IP address. Make sure that this fixed IP address is the same as the IP address of the ECS instance before the settings were changed. You can also change the acquisition method back to DHCP to automatically obtain the primary private IP address assigned to the ECS instance in the console.

       Note

       Do not change the primary private IP address of the ECS instance in the console. Otherwise, the IP address change causes access exceptions.

     • After you initialize the SID, the cloud server's firewall configuration is changed to Microsoft's default configuration, which prevents the cloud server from being pinged. You need to turn off the firewall for the Guest Or Public Network, or allow the ports that need to be opened. The following figure shows that the status of the firewall for the Guest Or Public Network is connected.

  6. Open the Control Panel to change the firewall settings and turn off the Guest or public network firewall.

     After it is turned off, you can ping the server.

• Allow the client through the firewall and other security software

  Allow the client through. For more information, see Windows system firewall policy configuration guide.

How do I handle CentOS DNS resolution timeouts?

Cause

Due to changes in the DNS resolution mechanism of CentOS 6 and CentOS 7, ECS instances created before February 22, 2017, or CentOS 6 and CentOS 7 instances created from custom images from before February 22, 2017, may experience DNS resolution timeouts.

Solution

The function and logic of the script are described as follows:

• Script function

  Determines whether the DNS resolution file /etc/resolv.conf contains the options>single-request-reopen configuration. For more information, see the resolv.conf file description.

  The DNS resolution mechanism of CentOS 6 and CentOS 7 uses the same network 5-tuple to send IPv4 DNS requests and IPv6 DNS requests. In this case, the single-request-reopen configuration should be enabled. After this configuration is enabled, once two requests sent from the same socket need to be processed, the resolver closes the socket after sending the first request and opens a new socket before sending the second request. After the configuration is successful, it takes effect without restarting the instance.

• Script logic

  1. Determines whether the instance system is CentOS.

     • If the instance is not a CentOS system, such as Ubuntu or Debian, the script stops working.

     • If the instance is a CentOS system, the script continues to work.

  2. Queries the configuration of options in the resolution file /etc/resolv.conf.

     • If the options configuration does not exist:

       The Alibaba Cloud options configuration options timeout:2 attempts:3 rotate single-request-reopen is used by default.

     • If an options configuration exists:

       • If the single-request-reopen configuration does not exist, this item is appended to the options configuration.

       • If the single-request-reopen configuration exists, the script stops working and does not change the DNS nameserver configuration.

How do I check for and fix missing IP addresses in CentOS 7 and Windows instances?

For the cause and solution, see Check for and fix missing IP addresses in CentOS 7 and Windows instances.

What do I do if a CentOS 7.9 ARM system fails to generate a dump file?

Symptoms

After a CentOS 7.9 ARM system goes down, when you query the dump file using ls /var/crash, no vmcore file is generated.

Cause

The CentOS 7.9 ARM system has a kernel with the CONFIG_ARM64_USER_VA_BITS_52=y feature. The version of the makedumpfile software that comes with the system does not match the kernel version, so a dump file cannot be generated.

Solution

1. Run the following command to download the corresponding kexec-tools package.

   wget http://mirrors.aliyun.com/centos-vault/7.9.2009/os/Source/SPackages/kexec-tools-2.0.15-51.el7.src.rpm

2. Run the following command to install the RPM package.

   rpm -ivh kexec-tools-2.0.15-51.el7.src.rpm

3. Run the following command to download the patch file.

   cd /root/rpmbuild/SOURCES
   wget https://ecs-image-tools.oss-cn-hangzhou.aliyuncs.com/patch/rhelonly-kexec-tools-2.0.20-makedumpfile-arm64-Add-support-for-ARMv8.2-LVA-52-bi.patch

4. Run the following command to modify the kexec-tools.spec file.

   1. Open the kexec-tools.spec file.

      cd /root/rpmbuild/SPECS/
      vi kexec-tools.spec

   2. Press the i key to enter edit mode, and add the following two lines to the appropriate location in the file.

      Patch999: rhelonly-kexec-tools-2.0.20-makedumpfile-arm64-Add-support-for-ARMv8.2-LVA-52-bi.patch
      %patch999 -p1

      Add them in the following locations:

      

      

   3. Press the Esc key to exit edit mode, and enter :wq to save and exit.

5. Run the following command to check for installation dependencies.

   yum-builddep kexec-tools.spec 

6. Run the following command to build the RPM package.

   yum -y install rpm-build
   rpmbuild -ba kexec-tools.spec

7. Run the following command to install the modified RPM package.

   cd /root/rpmbuild/RPMS/aarch64
   rpm -ivh kexec-tools-2.0.15-51.el7.aarch64.rpm

If the system goes down again, you can query the dump file using ls -lh /var/crash. If a vmcore file is generated normally, the problem is resolved.

• How do I fix the slow startup of Red Hat 8.1/8.2 images on ECS instances of the ECS Bare Metal Instance family?

  In ECS instances of the ECS Bare Metal Instance family, Red Hat 8.1/8.2 images take 1 to 2 minutes longer to start up than Red Hat 7 images. To resolve this issue, in the /boot/grub2/grubenv file of the Red Hat 8.1/8.2 system, change the kernel boot parameter console=ttyS0 console=ttyS0,115200n8 to console=tty0 console=ttyS0,115200n8, and then restart the server for the configuration to take effect.

Why is the system load high after the Server Guard process is started in ECS instances of certain Ubuntu versions?

In ECS instances of certain Ubuntu versions, such as Ubuntu 18.04, the average system load is high after the Server Guard process (AliYunDun) is started.

For the specific cause and solution, see High system load after starting the Server Guard process in an Ubuntu 18.04 ECS instance.

How do I apply patches and compile the kernel in a FreeBSD system?

Alibaba Cloud FreeBSD public images already have their kernels patched to meet the startup requirements for instance families in Generation V or later. The specific instance families can be queried using the Generation parameter of the DescribeInstanceTypeFamilies operation.

FreeBSD 13 and later do not require patches. This example uses FreeBSD 12.3 to show how to apply patches to the FreeBSD kernel source code and compile the kernel.

1. Download and decompress the FreeBSD kernel source code.

   wget https://mirrors.aliyun.com/freebsd/releases/amd64/12.3-RELEASE/src.txz -O /src.txz
   cd /
   tar -zxvf /src.txz

2. Download the patch package.

   In this example, the patch package 0001-virtio.patch is applied to the virtio driver.

   cd /usr/src/sys/dev/virtio/
   wget https://ecs-image-tools.oss-cn-hangzhou.aliyuncs.com/0001-virtio.patch
   patch -p4 < 0001-virtio.patch

3. Copy the kernel file, and compile and install the kernel.

   make -j<N> specifies the number of parallel compilations, which needs to be determined based on the configuration of the environment where you are performing the compilation. For example, for a 1 vCPU environment, it is recommended to set -j2, meaning the ratio of vCPU cores to the variable N is 1:2.

   cd /usr/src/
   cp ./sys/amd64/conf/GENERIC .
   make -j2 buildworld KERNCONF=GENERIC
   make -j2 buildkernel KERNCONF=GENERIC
   make -j2 installkernel KERNCONF=GENERIC

4. After the compilation is complete, delete the source code.

   rm -rf /usr/src/*
   rm -rf /usr/src/.*

What do I do if a FreeBSD system cannot find the system disk in a KVM environment?

Symptoms

• Why can't I use an SSH key pair with the ssh-rsa signature algorithm to remotely connect to an instance that runs a 64-bit Fedora 33 system?

  When you use an ECS instance with a 64-bit Fedora 33 operating system, if the logon credential is set to an SSH key pair with the ssh-rsa signature algorithm, you may not be able to successfully use SSH to remotely connect to the instance. You can resolve this issue in either of the following ways:

  • Replace the SSH key pair with the ssh-rsa signature algorithm with an SSH key pair with another signature algorithm, such as ECDSA.

  • Run the update-crypto-policies --set LEGACY command in the system to switch the encryption policy POLICY to LEGACY. You can then continue to use the SSH key pair with the ssh-rsa signature algorithm.

• Why is the CPU information only half of the instance type specification after some instances are created using a Fedora CoreOS image?

  After you create some instances, such as general-purpose instance family g5, using a Fedora CoreOS image, when you run the lscpu command to view CPU information, the total number of CPUs in the On-line CPU(s) list is only half of the actual specification of the instance. For example, if you selected 2 CPU cores when you created the instance, the number of CPUs in the On-line CPU(s) list is only 1. The following figure shows an example.

  Note

  The value of the On-line CPU(s) list parameter represents the CPU number. The example in the figure indicates that only CPU 0 is available.

  This is because the kernel of the Fedora CoreOS image is configured with the mitigations=auto,nosmt boot parameter by default, which automatically disables Simultaneous Multi-Threading (SMT) for systems with vulnerabilities. This results in a halving of available CPUs. The mitigations=auto,nosmt parameter can be viewed by running the cat /proc/cmdline command.

  For more information about SMT, see Automatically disable SMT when needed to address vulnerabilities and Policy for disabling SMT.

• How do I fix the issue where an ECS instance of an ECS Bare Metal Instance type fails to generate a crash dump file?

  For the cause and solution, see How do I fix the issue where some ECS instances fail to generate a crash dump file?.

• How do I fix the softlockup exception that occurs during kernel writeback in a Linux operating system?

  Some older versions of the Linux operating system kernel experience a softlockup exception during the writeback of file caches. For the specific solution, see Solution to the softlockup exception that occurs during kernel writeback in a Linux operating system.

• How do I fix the softlockup exception that occurs when deleting a cgroup in an ECS instance?

  For the specific solution, see Solution to the softlockup exception that occurs when deleting a cgroup in an ECS instance.

• Solutions for ECS instance downtime

  • What should I do if an ECS instance goes down and reports an "Out of memory and no killable processes" error?

  • What should I do if an ECS instance goes down and generates an "Objects remaining in kmalloc" alert log?

  • What should I do if an ECS instance goes down and generates a "RIP:get_target_pstate_use_performance" log?

  • What should I do if an ECS instance goes down and generates a "VFS: Unable to mount root fs on unknown-block" log?

• Do public images come with FTP upload capabilities?

  No, you need to install and configure it yourself. For more information, see Build an FTP site (Windows) and Build an FTP site (Linux).

• Why is virtual memory or Swap not enabled by default in ECS?

  A Swap partition or virtual memory file is a mechanism where the system memory management program temporarily saves memory data that has not been operated on for a long time to the Swap partition or virtual memory file when the system's physical memory is insufficient. This increases the amount of available memory.

  However, if the memory usage is already very high and the I/O performance is not good, this mechanism has the opposite effect. Alibaba Cloud ECS disks use a distributed file system as the storage for cloud servers and make multiple strongly consistent copies of each piece of data. While this mechanism ensures the security of user data, the 3x increase in I/O operations reduces the storage performance and I/O performance of local disks.

  In summary, to avoid further reducing the I/O performance of ECS cloud disks when system resources are insufficient, virtual memory is not enabled by default in Windows system instances, and Swap partitions are not configured by default in Linux system instances.

• How do I enable kdump in a public image?

  The kdump service is not enabled by default in public images. If you need an instance to generate a core file when it goes down so that you can analyze the cause of the downtime, follow these steps to enable the kdump service. This example uses the public image CentOS 7.2. When you perform the actual operation, please refer to your operating system.

  1. Set the directory for generating the core file.

     1. Run vim /etc/kdump.conf to open the kdump configuration file.

     2. Set path to the directory where the core file is generated. In this example, the core file is generated in the /var/crash directory, so the path is set as follows.

        path /var/crash

     3. Save and close the /etc/kdump.conf file.

  2. Enable the kdump service.

     Choose the method based on your operating system's command support.

     • Method 1: Run the following commands to enable the kdump service.

       systemctl enable kdump.service

       systemctlstartkdump.service

     • Method 2: Run the following commands to enable the kdump service.

       chkconfig kdump on

       service kdump start

     • Method 3: If your server has Cloud Assistant installed, you can enable the kdump service. For more information, see How do I resolve instance downtime after migration?.

• What do I do if the server time cannot be synchronized after an IPv6 address is configured for a Linux operating system with an NTP service installed?

  Symptoms

  When you run ntpq -p on the server to synchronize the time, a timeout is returned, as shown in the following figure.

  Solution

  Note

  This method applies to CentOS 7 and earlier, Ubuntu 20.04 and earlier, Anolis OS (ANCK\RHCK), Alibaba Cloud Linux, Debian, and other series of operating systems.

  1. Remotely connect to the Linux instance.

     For more information, see Log on to a Linux instance using Workbench.

  2. Run the following command to modify the /etc/ntp.conf configuration file.

     vi /etc/ntp.conf

  3. Press the i key to enter edit mode.

  4. Add restrict -6 ::1 to the file, as shown in the following figure.

  5. After you make the changes, press the Esc key, enter :wq, and press the Enter key to save and exit.

  6. Run the following command to restart the NTP service.

     systemctl restart ntp 

• Why does hot-plugging a disk/network interface card fail for an instance created from a custom image?

  Symptoms

  Hot-plugging a disk refers to attaching or detaching a disk while the instance is in the Running state. Hot-plugging a network card refers to associating or disassociating a network interface card (NIC) while the instance is in the Running state.

  Alibaba Cloud supports hot-plugging of disks and network cards, but whether the hot-plugging is successful depends on the support of the operating system kernel. If the operating system kernel does not support it, the following problems occur:

  • After you attach a disk or associate a NIC, the corresponding device cannot be seen inside the operating system.

  • Detaching a disk or disassociating a NIC fails.

  Solution

  Hot-plugging for regular cloud servers and bare metal servers requires different kernel-supported features. We recommend that the kernel supports both Peripheral Component Interconnect (PCI) and Advanced Configuration and Power Interface (ACPI) hot-plugging features. These features are generally enabled by default, except for older systems such as CentOS 5. You can follow these steps to check whether the kernel has PCI/ACPI hot-plugging enabled.

  1. Remotely connect to the Linux instance.

     For more information, see Log on to a Linux instance using Workbench.

  2. Run the following command to view the current instance's kernel version.

     uname -r

     The following information is returned, which indicates that the current system kernel version is 3.10.0-1127.19.1.el7.x86_64.

     

  3. Run the following command to view the files in the /boot directory.

     ll /boot

     The following information is returned. config-3.10.0-1127.19.1.el7.x86_64 is the system kernel's configuration file.

     

  4. Run the following command to view the system kernel's configuration file.

     cat /boot/config-3.10.0-1127.19.1.el7.x86_64

     • If the following configuration items are all y, it means the feature has been compiled into the kernel, and the operating system supports the corresponding hot-plugging.

       CONFIG_HOTPLUG_PCI_PCIE=y
       CONFIG_HOTPLUG_PCI=y
       CONFIG_HOTPLUG_PCI_ACPI=y

     • If a configuration item is is not set, it means the kernel has not compiled this feature, and you need to recompile the kernel to support it.

     • If a configuration item is m, it means it is compiled as a module. For example, the following CONFIG_HOTPLUG_PCI_ACPI is compiled as a module, and you need to load the corresponding module.

       CONFIG_HOTPLUG_PCI_PCIE=y
       CONFIG_HOTPLUG_PCI=y
       CONFIG_HOTPLUG_PCI_ACPI=m

       Taking the 2.6 kernel of a CentOS 5.x operating system as an example, the module corresponding to CONFIG_HOTPLUG_PCI_ACPI is acpiphp.ko. To load it, you need to run the modprobe acpiphp command. If the loading fails, you can upgrade to a higher version of the kernel or stop the instance and perform a cold-plug.

       Important

       We do not recommend that you upgrade the kernel and operating system version of your cloud server yourself. To upgrade the kernel, see How to prevent a Linux instance from failing to start after a kernel upgrade.

• What do I do if an instance shuts down due to an operating system kernel error?

  Symptoms

  When an unexpected kernel panic occurs in the operating system, the second kernel (capture kernel) is loaded to perform a memory dump and generate a Kdump log. Due to compatibility issues with bare metal instance types, disk recognition fails during the startup of the second kernel. This causes the Kdump log collection to fail and the second kernel to fail to start. The instance is then in a shutdown state and needs to be restarted from the console.

  For more information about bare metal instance types, see Instance families.

  Cause

  A bare metal instance may fail to generate a dump file using the operating system's built-in Kdump service.

  • This issue occurs on ebm*6 series bare metal instances when the following images are selected.

    • CentOS 8.3 and earlier CentOS versions

    • Ubuntu 16/18

    • Debian 10

    • Alibaba Cloud Linux 2 kernel versions earlier than 4.19.91-24.al7 (4.19.91-24.al7 has been fixed)

  • This issue occurs on ebm*7 series bare metal instances when the Debian 10 image is selected.

  Solution

  • CentOS and other images

    We recommend that you change to a higher version of the operating system. For more information, see Change the operating system (replace the system disk).

  • Alibaba Cloud Linux 2 image

    We recommend that you follow these steps to upgrade the kernel version to 4.19.91-24.al7 or later.

    1. Remotely log on to the ECS instance.

       For more information, see Use Workbench to log on to a Linux instance.

    2. Run the following command to query the kernel version.

       uname -r

    3. Run the following command to upgrade the kernel version.

       sudo yum update kernel

    4. Run the following command to restart the ECS instance for the new kernel version to take effect.

       sudo reboot