CentOS 7 OpenVZ NetworkManager issues.

There is an issue with CentOS 7 containers on OpenVZ nodes, where NetworkManager service breaks the network, and only localhost 127.0.0.1 network interface is coming up.

When you try to check network interfaces, and IP address on the server, you will only see localhost interface.

root@server [/]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 9059 bytes 1539654 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9059 bytes 1539654 (1.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

When issuing service network restart you will and output like this:

Starting network (via systemctl): Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
[FAILED]

When you run journalctl -xe you will see errors like this:

-- Unit network.service has begun starting up.
 Feb 16 05:16:40 server network[2262]: Bringing up loopback interface: Could not load file '/etc/sysconfig/network-scripts/ifcfg-Feb 16 05:16:40 server network[2262]: Could not load file '/etc/sysconfig/network-scripts/ifcfg-lo'
 Feb 16 05:16:40 server network[2262]: Could not load file '/etc/sysconfig/network-scripts/ifcfg-lo'
 Feb 16 05:16:40 server network[2262]: Could not load file '/etc/sysconfig/network-scripts/ifcfg-lo'
 Feb 16 05:16:40 server network[2262]: [ OK ]
 Feb 16 05:16:40 server network[2262]: Bringing up interface venet0: Error: Connection activation failed: No suitable device founFeb 16 05:16:40 server network[2262]: [FAILED]
 Feb 16 05:16:40 server network[2262]: RTNETLINK answers: File exists
 Feb 16 05:16:40 server network[2262]: RTNETLINK answers: File exists
 Feb 16 05:16:40 server network[2262]: RTNETLINK answers: File exists
 Feb 16 05:16:40 server network[2262]: RTNETLINK answers: File exists
 Feb 16 05:16:40 server network[2262]: RTNETLINK answers: File exists
 Feb 16 05:16:40 server network[2262]: RTNETLINK answers: File exists
 Feb 16 05:16:40 server network[2262]: RTNETLINK answers: File exists
 Feb 16 05:16:40 server network[2262]: RTNETLINK answers: File exists
 Feb 16 05:16:40 server network[2262]: RTNETLINK answers: File exists
 Feb 16 05:16:40 server systemd[1]: network.service: control process exited, code=exited status=1
 Feb 16 05:16:40 server systemd[1]: Failed to start LSB: Bring up/down networking.
 -- Subject: Unit network.service has failed
 -- Defined-By: systemd
 -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
 --
 -- Unit network.service has failed.
 --
 -- The result is failed.
 Feb 16 05:16:40 server systemd[1]: Unit network.service entered failed state.
 Feb 16 05:16:40 server systemd[1]: network.service failed.
 Feb 16 05:16:40 server polkitd[226]: Unregistered Authentication Agent for unix-process:2257:65393 (system bus name :1.37, object

Issue can be resolved by stopping and disabling the NetworkManager service.

root@server [/]# service NetworkManager stop
Redirecting to /bin/systemctl stop NetworkManager.service
root@server [/]# chkconfig NetworkManager off

You can also uninstall NetworkManager completely.

References:

https://lists.openvz.org/pipermail/users/2015-December/006691.html

Openvz / CentOS 7 – Network Manager can break networking

 

How to enable Registry Editor, when it gets disabled

While checking the registry on my machine because of the issues I had with Task Manager, described in this post, I noticed that I was unable to start Registry Editor.

When trying to run regedit, I would get a message saying

“Registry editing has been disabled by your administrator”

Regedit Disabled
Disabled Registry Editor

Enable Registry Editor (regedit) in Local Group Policy with gpedit.msc

This can be changed by editing Local Group Policy with gpedit.msc.

Click Win+R keys to open Run dialog interface, and issue gpedit.msc command to open Local Group Policy Editor.

Navigate to:

User Configuration > Administrative Templates > System > Prevent access to registry editing tools.

Enable regedit in Group Policy
Enable Registry Editor in Group Policy

This should by default be set to Not Configured, which should not prevent you from starting Registry Editor.

It was set on Not Configured on my machine already, so I set it to Disabled, and this enabled back Registry Editor for me.

Interestingly, after returning the setting back to Not Configured, Registry Editor did not get disabled again.

This seems to have got disabled during installation of some drivers, and even do Local Group Policy was set on Not Configured, it seem some registry values were set to disable registry editing tools from running, and switching back between Enabled, and Not Configured seems to have return them to default values.

Alternate possible methods of enabling regedit.

Alternate method 1:

Click Start -> Run. Type this command in Run box and press Ok.

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0

A prompt should come up with this question:

Value DisableRegistryTools exists, overwrite (Y/N)?

Type yes and hit Enter.

After that, also type this command in the run box and hit enter.

REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0

Then a prompt should come up with this question:

Value DisableRegistryTools exists, overwrite (Y/N)?

Type yes and hit Enter.

Alternate method 2:

STEP1. Disable as much as you can from your startup. Remove programs from your startup folder and such, so as not to lag down the boot process.

STEP2.Create a new shortcut on your desktop, point it to “C:\Windows\regedit.exe”

STEP3.Log off, then log back on.

STEP4.As soon as you see your desktop, double-click on the shortcut. The system does not check for policies until a few seconds after it booted up. If you click on the icon fast enough, it should let you get in.

After you close it though, it will not open unless you redo step 3 and 4.

Alternate method 3:

Get into the registry editor by making a vbs script in notepad:

Open Notepad and copy this script into it. And save it as regtool.vbs on your desktop.

VBS SCRIPT(select everything and copy into notepad and save as regtool.vbs):

Option Explicit 
'Declare variables 
Dim WSHShell, rr, rr2, MyBox, val, val2, ttl, toggle 
Dim jobfunc, itemtype 
On Error Resume Next 
Set WSHShell = WScript.CreateObject("WScript.Shell") 
val = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools" 
val2 = "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools" 
itemtype = "REG_DWORD" 
jobfunc = "Registry Editing Tools are now " 
ttl = "Result" 
'reads the registry key value. 
rr = WSHShell.RegRead (val) 
rr2 = WSHShell.RegRead (val2) 
toggle=1 
If (rr=1 or rr2=1) Then toggle=0 
If toggle = 1 Then 
WSHShell.RegWrite val, 1, itemtype 
WSHShell.RegWrite val2, 1, itemtype 
Mybox = MsgBox(jobfunc & "disabled.", 4096, ttl) 
Else 
WSHShell.RegDelete val 
WSHShell.RegDelete val2 
Mybox = MsgBox(jobfunc & "enabled.", 4096, ttl) 
End If

Open regtool.vbs ,and you should be able to access Registry Editor then.

References:

http://ccm.net/forum/affich-8895-regedit-is-disabled-by-the-administrator

How to enable grayed out Task Manager

I was installing drivers for a gamepad on my Windows 10 machine, and after the install I noticed that I was no longer able to use Task Manager, right clicking on taskbar, would show Task Manager line grayed out.

GrayTaskManager
Grayed out Task Manager

Trying to run it manually, through Run interface with Win+R, using taskmgr command would return a notice saying

“Task Manager has been disabled by your administrator”

TaskManagerDisabled
Task Manager Disabled
Enable Task Manager through Local Group Policy editor (gpedit.msc)

To enable Task Manager again, you can use Local Group Policy editor (gpedit.msc).

Press Win+R to reach Run interface, and issue gpedit.msc command to start Local Group Policy editor.

Once you open Local Group Policy editor, navigate to:

User Configuration > Admistrative Templates > System > Ctrl+Alt+Del Options > Remove Task Manager.

By default this is set to Not Configured, and this should leave Task Manager enabled.

Setting was already on Not Configured on my machine, so I set it to Disabled, and this enabled back Task Manager on my machine.

Interestingly, once I returned the setting back to Not Configured, it did not disable Task Manager.

Enable Task Manager in Group Policy
Enable Task Manager in Group Policy
Enable Task Manager through Registry Editor (regedit)

Besides editing Local Group Policy, you should also be able to enable back Task Manager by editing Windows registry.

Open Registry Editor by pressing Win+R to launch Windows Run interface, and issue regedit command to open Registry Editor.

Navigate to following keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_USERS\.default\Software\Microsoft\Windows\CurrentVersion\Policies\System

And check if any of them has DisableTaskMgr DWORD in the right side panel.

If it exists, it should have one of two values:

1 – Disable task manager
0 – Enable task manager

Double click and change the value to one if the key exists, or delete the key completely, to enable Task Manager back.

Enable Registry Editor (regedit)

While checking the registry on my machine, I also noticed that I was unable to start Registry Editor.

When trying to run regedit, I would get a message saying

“Registry editing has been disabled by your administrator”

RegeditDisabled
Disabled Registry Editor

This can be changed by editing Local Group Policy with gpedit.msc.

Click Win+R keys to open Run dialog interface, and issue gpedit.msc command to open Local Group Policy Editor.

Navigate to:

User Configuration > Administrative Templates > System > Prevent access to registry editing tools.

Enable Registry Editor in Group Policy
Enable Registry Editor in Group Policy

This should by default be set to Not Configured, which should not prevent you from starting Registry Editor.

It was set on Not Configured on my machine already, so I set it to Disabled, and this enabled back Registry Editor for me.

Interestingly, after returning the setting back to Not Configured, Registry Editor did not get disabled again.

References:

How to fix Task Manager has been disabled by your Administrator issue in Windows

http://ccm.net/forum/affich-8895-regedit-is-disabled-by-the-administrator

CSF chattr and urlget warnings on restart

On most CentOS 7 machines you might be getting this type of warnings when restarting or updating ConfigServer Firewall (CSF), if you are missing certain commands or packages on your server.

*WARNING* Binary location for [CHATTR] [/usr/bin/chattr] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
*WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

You also might be getting notifications in mail from your Cron Daemon with subject /usr/sbin/csf -u and following message:

*WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

This warnings are showing because of missing packages not being installed on the server, and chattr command doesn’t exist.

[root@server ~]# type chattr
-bash: type: chattr: not found

To resolve CHATTR warning, you need to install e2fsprogs with

yum -y install e2fsprogs

To resolve URLGET warning you need to install perl-libwww-perl with

yum -y install perl-libwww-perl with

If you are getting following warning by mail notifications, or when running csf -u, you are missing perl-LWP-Protocol-https package.

[root@server ~]# csf -u
Oops: Unable to download: Protocol scheme 'https' is not supported (LWP::Protocol::https not installed)

Install perl-LWP-Protocol-https with:

yum -y install perl-LWP-Protocol-https

You might also be getting a following warning, if you don’t have host or unzip commands installed on your server.

*WARNING* Binary location for [UNZIP] [/usr/bin/unzip] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Binary location for [HOST] [/usr/bin/host] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable

To resolve HOST warning, you needs to install bind-utils package with

yum -y install bind-utils

To resolve UNZIP warning you need to install unzip package with

yum -y install unzip

tl;dr required packages for CSF

If you are getting any kind of warnings when doing csf -r on CentOS 7 server make sure you have following packages installed.

iptables-services
unzip
bind-utils
perl-libwww-perl
e2fsprogs
perl-LWP-Protocol-https

Needed packages can be installed with following commands:

yum -y install iptables-services
yum -y install unzip
yum -y install bind-utils
yum -y install perl-libwww-perl
yum -y install e2fsprogs
yum -y install perl-LWP-Protocol-https

References:

http://forum.configserver.com/viewtopic.php?t=8864

http://www.liquidweb.com/kb/csf-config-server-firewall-installation/

https://community.centminmod.com/threads/ensure-perl-crypt-ssleay-perl-net-ssleay-are-installed-for-csf-firewall.2183/

systemd conflicts with initscripts during yum update

When running yum update on CentOS 7 OpenVZ container you might get a following error:

--> Processing Conflict: systemd-219-19.el7.x86_64 conflicts initscripts < 9.49.28-1 
--> Finished Dependency Resolution
Error: systemd conflicts with initscripts-9.49.17-1.el7.x86_64
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

Exact version I was running on this server is CentOS Linux release 7.1.1503 (Core), and updates were failing due to them requiring a newer systemd version, which required a newer version, v9.49.28 at least,  of initscripts installed.

Reason why systemd was conflicting with current version of initscripts, instead of just updating them to newer version, was that initscripts were excluded from update in yum.conf file.

[root@server ~]# grep exclude /etc/yum.conf
exclude=initscripts*

There are no default exclude packages in default CentOS/RHEL installs, and it wasn’t put there by me, so question is why was initscripts excluded from updates.

Issues with initscripts v9.49.24 in CentOS 7 OpenVZ containers

It turns out there were some issues with initscripts v9.49.24, which seemed to introduce problems with network connectivity on CentOS 7 OpenVZ VPS machines.

https://vpsboard.com/topic/1908-creating-cpanel-openvz-template-wwhm-setup-wizard-fix/?page=2
https://forum.proxmox.com/threads/centos-7-openvz-template-in-pve-3-4-issues.21808/

I commented out exclude=initscripts* from yum.conf, and checked the currently available version.

[root@server ~]# grep exclude /etc/yum.conf
#exclude=initscripts*
[root@server ~]# yum check-updates initscripts
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.greenmountainaccess.net
 * epel: mirror.nexcess.net
 * extras: mirrors.lga7.us.voxel.net
 * updates: mirror.dattobackup.com
 * webtatic: us-east.repo.webtatic.com

initscripts.x86_64                                               9.49.30-1.el7                                                base

Current version is v9.49.30, so I presumed issues with v9.49.24 were corrected in this version, and proceeded with the update.

Update has completed successfully, and all packages including initscrips were updated to latest version, as was CentOS.

[root@server ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)

I haven’t noticed any network or any other issues on the VPS after the upgrade, so it seems any network issues from v9.49.24, don’t exist in v9.49.30.

[root@server ~]# rpm -qa | grep initscripts
initscripts-9.49.30-1.el7.x86_64