Topic: Disable microcode_ctl on SME VM guest

[guest22]

Hi,

with some SME8/9 test boxes installed as a VM guest, I saw some ' errors' during boor related to CPU0 (and CPU1 when enabled) thrown at me by the service microcode_ctl.

After some reading I learned that microcode_ctl is not required at all in a VM guest for the virtualization platform takes care of the things microcode_ctl normally does.

https://www.centos.org/docs/5/html/5.2/Virtualization/sect-Virtualization-Troubleshooting-Microcode_error_during_guest_boot.html

Next to that, I have found reading that microcode_ctl should be disabled by default for it may also lead to issues.

http://www.itsecdb.com/oval/definition/oval/gov.irs.rhel5/def/148/Service-microcode-ctl-should-be-disabled.html

Strangely enough, microcode_ctl does not seem to be a service on SME server, so I tried to ' yum remove' it. That did not work for the dependecies involved would also remove important SME packages such as ' base'

To disable microcode_ctl is edited the file '/lib/udev/rules.d/89-microcode.rules' and hashed out (#) the two lines and saved. Then did a post upgrade and a reboot and the change to the udev rule survives, and no more issues with microcode_ctl.

microcode_ctl rpm files are still there (did not remove anything) but it is no longer called. So this seems to be a good practice when using SME (both 8 and 9) as a VM guest..?

Any thoughts?

guest


 

[Stefano]

can you post the yum remove command you gave and the output you had?

thank you

[guest22]

Morning Stefano,

here you go: http://pastebin.com/ycQj20dq

(It's from a SME9 box, discarded the SME8 box already)

guest

[Stefano]

Code: [Select]

[root@sme9 ~]# yum remove microcode_ctl
Loaded plugins: fastestmirror, smeserver
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package microcode_ctl.x86_64 1:1.17-17.el6 will be erased
--> Processing Dependency: /sbin/microcode_ctl for package: e-smith-base-5.6.0-6.el6.sme.noarch
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package e-smith-base.noarch 0:5.6.0-6.el6.sme will be erased
--> Processing Dependency: e-smith-base for package: smeserver-yum-2.4.0-7.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.15.2 for package: smeserver-qpsmtpd-2.4.0-8.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-proxy-5.4.0-3.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.15.1 for package: e-smith-imp-5.4.0-2.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-portforwarding-2.4.0-1.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.9.129 for package: e-smith-quota-2.4.0-2.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-flexbackup-2.4.0-3.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-viewlogfiles-2.4.0-1.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.13.16-27 for package: e-smith-radiusd-2.4.0-10.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.9.44 for package: e-smith-horde-4.4.0-8.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-ldap-5.4.0-10.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.13.16-27 for package: e-smith-pptpd-2.4.0-2.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-tinydns-2.4.0-1.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.18.0 for package: e-smith-packetfilter-2.4.0-3.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.13.16 for package: smeserver-spamassassin-2.4.0-5.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.15.0-05 for package: e-smith-proftpd-2.4.0-3.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.13.15-76 for package: e-smith-ibays-2.4.0-8.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.15.1 for package: e-smith-ingo-2.4.0-1.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.0.12-48 for package: e-smith-oidentd-2.4.0-1.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.15.1 for package: e-smith-apache-2.4.0-8.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-dynamicdns-dyndns-2.4.0-1.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-ntp-2.4.0-5.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-dynamicdns-dyndns.org-2.4.0-1.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: smeserver-clamav-2.4.0-2.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-backup-2.4.0-37.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.13.15-76 for package: e-smith-domains-2.4.0-2.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-turba-3.4.0-1.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-dynamicdns-yi-2.4.0-1.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-php-2.4.0-2.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-dynamicdns-tzo-2.4.0-1.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-LPRng-2.4.0-1.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 5.2.0 for package: smeserver-dovecot-1.4.0-16.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-qmailanalog-2.4.0-1.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-hosts-2.4.0-3.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-starterwebsite-2.4.0-3.el6.sme.noarch
--> Processing Dependency: e-smith-base for package: e-smith-mysql-2.4.0-9.el6.sme.noarch
--> Processing Dependency: e-smith-base >= 4.15.0-39 for package: e-smith-email-5.4.0-8.el6.sme.noarch
--> Running transaction check
---> Package e-smith-LPRng.noarch 0:2.4.0-1.el6.sme will be erased
---> Package e-smith-apache.noarch 0:2.4.0-8.el6.sme will be erased
---> Package e-smith-backup.noarch 0:2.4.0-37.el6.sme will be erased
---> Package e-smith-domains.noarch 0:2.4.0-2.el6.sme will be erased
--> Processing Dependency: e-smith-domains for package: smeserver-support-2.6.0-1.el6.sme.noarch
---> Package e-smith-dynamicdns-dyndns.noarch 0:2.4.0-1.el6.sme will be erased
---> Package e-smith-dynamicdns-dyndns.org.noarch 0:2.4.0-1.el6.sme will be erased
---> Package e-smith-dynamicdns-tzo.noarch 0:2.4.0-1.el6.sme will be erased
---> Package e-smith-dynamicdns-yi.noarch 0:2.4.0-1.el6.sme will be erased
---> Package e-smith-email.noarch 0:5.4.0-8.el6.sme will be erased
--> Processing Dependency: e-smith-email for package: e-smith-qmail-2.4.0-6.el6.sme.noarch
--> Processing Dependency: e-smith-email for package: e-smith-pop3-2.4.0-1.el6.sme.noarch
---> Package e-smith-flexbackup.noarch 0:2.4.0-3.el6.sme will be erased
---> Package e-smith-horde.noarch 0:4.4.0-8.el6.sme will be erased
---> Package e-smith-hosts.noarch 0:2.4.0-3.el6.sme will be erased
---> Package e-smith-ibays.noarch 0:2.4.0-8.el6.sme will be erased
---> Package e-smith-imp.noarch 0:5.4.0-2.el6.sme will be erased
---> Package e-smith-ingo.noarch 0:2.4.0-1.el6.sme will be erased
---> Package e-smith-ldap.noarch 0:5.4.0-10.el6.sme will be erased
---> Package e-smith-mysql.noarch 0:2.4.0-9.el6.sme will be erased
---> Package e-smith-ntp.noarch 0:2.4.0-5.el6.sme will be erased
---> Package e-smith-oidentd.noarch 0:2.4.0-1.el6.sme will be erased
---> Package e-smith-packetfilter.noarch 0:2.4.0-3.el6.sme will be erased
---> Package e-smith-php.noarch 0:2.4.0-2.el6.sme will be erased
---> Package e-smith-portforwarding.noarch 0:2.4.0-1.el6.sme will be erased
---> Package e-smith-pptpd.noarch 0:2.4.0-2.el6.sme will be erased
---> Package e-smith-proftpd.noarch 0:2.4.0-3.el6.sme will be erased
---> Package e-smith-proxy.noarch 0:5.4.0-3.el6.sme will be erased
---> Package e-smith-qmailanalog.noarch 0:2.4.0-1.el6.sme will be erased
---> Package e-smith-quota.noarch 0:2.4.0-2.el6.sme will be erased
---> Package e-smith-radiusd.noarch 0:2.4.0-10.el6.sme will be erased
---> Package e-smith-starterwebsite.noarch 0:2.4.0-3.el6.sme will be erased
---> Package e-smith-tinydns.noarch 0:2.4.0-1.el6.sme will be erased
---> Package e-smith-turba.noarch 0:3.4.0-1.el6.sme will be erased
---> Package e-smith-viewlogfiles.noarch 0:2.4.0-1.el6.sme will be erased
---> Package smeserver-clamav.noarch 0:2.4.0-2.el6.sme will be erased
---> Package smeserver-dovecot.noarch 0:1.4.0-16.el6.sme will be erased
---> Package smeserver-qpsmtpd.noarch 0:2.4.0-8.el6.sme will be erased
---> Package smeserver-spamassassin.noarch 0:2.4.0-5.el6.sme will be erased
---> Package smeserver-yum.noarch 0:2.4.0-7.el6.sme will be erased
--> Running transaction check
---> Package e-smith-pop3.noarch 0:2.4.0-1.el6.sme will be erased
---> Package e-smith-qmail.noarch 0:2.4.0-6.el6.sme will be erased
---> Package smeserver-support.noarch 0:2.6.0-1.el6.sme will be erased
--> Finished Dependency Resolution
 
Dependencies Resolved

ok, please fill a bug in bugzilla.. IMVHO microcode_ctl should't have dependency in e-smith-base

[guest22]

thought so too.. . Will do.

Done: http://bugs.contribs.org/show_bug.cgi?id=8468

[Daniel B.]

No, I don't think there's any bug here. Just disable it:

Code: [Select]

db configuration setprop microcode_ctl status disabled

FYI, I virtualize a lot of SME Servers (using KVM) and never had any problem with it

[guest22]

microcode_ctl is not yet a predefined service in the db (again this is a SME9 box, messy post re 8/9). So the solution would be to create a service and expand?

[guest22]

FYI, I virtualize a lot of SME Servers (using KVM) and never had any problem with it

Yep. Reading the various articles about microcode_ctl, disabling/removing it may reduce risk/overhead and 'confusion' between VM guest and Virtualization layer?

[Daniel B.]

mm, right, the microcode_ctl DB entry only exists on SME8, not SME9 (for which there's no init script, so the db entry won't do anything). ON EL6 and above, microcode_ctl is handled by udev (see /lib/udev/rules.d/89-microcode.rules). You can probably disable it with something like (not tested)

Code: [Select]

echo "install microcode /bin/true" > /etc/modprobe.d/microcode
signal-event reboot


[guest22]

Maybe a moderator can move this topic to the SME9 forums please?

[CharlieBrady]

Any thoughts?

Yes, don't ever use 'yum remove'. Stick to 'rpm -e ...'.

[CharlieBrady]

Next to that, I have found reading that microcode_ctl should be disabled by default for it may also lead to issues.

http://www.itsecdb.com/oval/definition/oval/gov.irs.rhel5/def/148/Service-microcode-ctl-should-be-disabled.html

That refers to RHEL5, not RHEL6. And I don't see any justification or reasons for the recommendations given there. Don't believe everything that you read.

[guest22]

Yes, don't ever use 'yum remove'. Stick to 'rpm -e ...'.

Can you explain why please?

[guest22]

That refers to RHEL5, not RHEL6. And I don't see any justification or reasons for the recommendations given there. Don't believe everything that you read.

Can you explain why you don't see any justification on that part of the official Centos documentation please?

[CharlieBrady]

Can you explain why you don't see any justification on that part of the official Centos documentation please?

You were quoting from an itsecdb.com website, not from official CentOS documentation. Please re-read the webpage you referred to. If you can find any justification or reasons provided there, feel free to quote them.

Please followup via Bugzilla, not via this thread.