MPU Meeting Wednesday 28th January 2009

Buildtools Project

Kenny has produced patches to add Mac OS X package-building support, and Stephen will be integrating these.

The build farm part of the project will be split off into a separate project.

Power Management Project

Nothing much happened this week.

Miscellaneous Development

Alastair has updated the QLogic fibrechannel driver - we'd been using an old one which didn't support the latest hardware.

Stephen has enhanced apacheconf - it's now possible to specify a doc root, an access log and an error log for a virtual host. Logs specified in this way will be rotated automatically by logrotate.

Chris has set up products and categories for bugs.lcfg.org and is in the last throes of getting the email notifications working properly. Stephen is working on sorting the iFriend access but Chris doesn't need to wait for this to work before moving bugs, so he'll go ahead and move bugs from the bugzilla.inf.ed.ac.uk "LCFG Core and Components" category to bugs.lcfg.org.

Stephen has added a front page to his new LCFG websvn service svn.lcfg.org. The service is 99% finished.

Operational

desktop partition sizes
Stephen has changed the default root and swap partition sizes for desktops. All machines which did not have large enough disks now have the DICE_SMALL_MAIN_DISK macro set in the LCFG source profile.

new inventory benefit
self-managed machines which don't need a fixed IP address no longer need to have an LCFG profile at all. Stephen and Ian have been making a list of such machines. There appear to be about 600 of them. These machines' profiles are contributing errors to the DHCP map. Stephen is going to delete these LCFG source files.

ACLs
Stephen has added the acl option for the root partition as this will allow more flexible authorization controls. Due to the way the LCFG fstab component works this will only be applied for new installs so it will be quite a while before we can utilise it everywhere. It is also currently only applied to desktops, the LCFG headers for disk layout on servers need some attention.

Default mount options
To improve our basic security precautions we have changed some of the default filesystem mount options. The new options are listed below. These have been standard settings for most major Linux distributions for a while so they should not present us with any problems.

Filesystem New Options
/proc nodev, noexec, nosuid
/dev/pts noexec, nosuid
/dev/shm nodev, nosuid
/sys nodev, noexec, nosuid

This Week

Alastair will:

  • Document the interim virtualisation solution
  • Commission the other R805
  • Purchase another RHEL licence for Stephen DONE
  • Work on the mini-talk on virtualisation
  • Raise at CEG issue of servers needing rebooted DONE

Chris will:

  • be on RT duty next week
  • Decommission tarragona and dubrovnik as MPU servers DONE
  • Finish Alastair's new virtual build hosts DONE
  • Move bugs to bugs.lcfg.org DONE
  • Packaging guidelines DONE

Stephen will:

  • be on RT duty this week
  • bugs.lcfg.org - iFriend support
  • Look at LCFG profiles with explicit monitor resources
  • Document setting up unusual monitor and graphics card configurations
  • Integrate MacOS buildtools patches DONE
  • Split off the buildfarm proposal DONE
  • Get rid of unnecessary profiles DONE
  • Try out LCFG on RHEL 5.3 DONE

-- ChrisCooke - 29 Jan 2009

Topic revision: r6 - 13 Feb 2009 - 15:20:34 - ChrisCooke
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies