MPU Meeting Tuesday 20th November 2012
Server Upgrades
Following the bugs.lcfg.org upgrade Chris has documented some aspects of managing and upgrading a Bugzilla server in
ManagingBugzilla.
Next: Stephen will upgrade the LCFG website and Chris will upgrade
brendel. Some tips for the
brendel upgrade:
- Use AFS 1.4, not 1.6
- Use Toby's newer version of the Perl AFS module package. Make sure it's in the
world
bucket rather than in devel
.
- Test everything on an SL6 box first.
- Use a copy of the keytab from brendel rather than generating a new one as the new one would automatically invalidate the one currently in use!
Craig is very soon going to move our
git
not-a-service off
nelson. The only thing remaining on it will be
gerrit
. This is only being used by the Prometheus project at the moment. We'll suggest that Infrastructure take over
gerrit
.
Server Hardware
The BMC upgrades have appeared correctly on the
firmware report. Chris will add a query to expose the contents of the subunit table. He's half way through writing up the project.
Security Enhancements
Stephen has been working on the documentation for the various components produced as part of this project. He has documented the
auditd,
auremote and
rkhunter components and is working on the
aide and
buzzsaw components. After that he'll work on higher level documentation which describes how these components are being used and how to manage them.
While working on the docs Stephen had some insights into how to improve the remote logging setup and as a result he's added new methods
resumelogging
and
logstatus
. When the network connection is lost the machine will start backing up its logs safely and once the network comes back the
resumelogging
method will make it resume its usual remote logging. The
logstatus
method sends a status message to syslog.
There was some discussion of the error messages we've been seeing from
tycho :
Parse failure: Failed to parse RFC3339 timestamp in line: [try http://www.rsyslog.com/e/2144 ]
These are caused by the misplaced helpfulness of rsyslog. It's very difficult to weed out these messages and they're not an indication of anything badly wrong so we'll put up with them for now.
Inventory
Nothing happened this week. Alastair will rework the proposal in time for T1.
Absence Reporting
Chris has explored the possibilities and reported back to Liz. The option of an intelligent email address which could forward mail to the line manager has had to be rejected as we don't keep enough email addresses to do it reliably, and anyway it would be open to spoofing. By contrast the WebMark based web page option looks secure and easy to implement. There is one obstacle to achieving this though which is the availability of line manager data in the database. This is not going to be available for some months and Liz has influence over its prioritisation, so she's happy to draw a line under this project for now and revisit the idea once the line manager data has been made available. Chris will make a written report available then suspend the project.
Miscellaneous Development
There was none this week.
We talked about Chris's notion of easily tying X idleness detection to the sleep component by means of a small user-run C program which creates or destroys a temporary file in order to indicate idleness or its lack. Stephen suggested that it would be wise to provide some visual control over this, specifically to stop sleep temporarily during the current session (rather than stopping it totally). Menu items can be provided fairly simply by dropping a
.desktop
file into
/usr/share/applications
and RAT has done this already so has some experience to call on.
Stephen will take a look at adjusting the
remctl
access to
wake so that computing staff can wake anything and to provide a command line equivalent to the web page.
Operational
- Upgrade of circle
- Following an accidental AT server room power shutdown, Alastair upgraded circle to SL 6.3.
- PkgForge backups
- Chris spotted a problem with them which Stephen fixed. The postgresql component hadn't been doing the backups as we had been calling it in an obsolete way from cron. The errors from this had been logged at INFO level so hadn't made it to rootmail.
- Backup Check and Data Audit
- Chris is going to broaden his backup checks to a complete MPU data audit (where it all lives and whether or not it is or needs to be backed up). At the same time he will convert resources to use the proper rmirrorclient macros, which are documented here.
This Week
- Alastair
-
Rework and firm-up inventory project proposal
-
Create project for T1 for the wee project bundle
- Try subscribing to more Dell models to see whether do get mail re firmware
-
Ship new lcfg-lvm component
- Systems blog article on the KVM Service
- Report libvirt empty LVM group issue to Redhat, unless fixed in 6.3
- create an MPU KVM server header
- Document ssh keys mgmt - windows
- Stargaze
- What jobs can we give to our CSO?
- Reboot metropolitan
-
T3 figures so far
-
Speak with George/Toby re gerrit (on nelson)Toby happy to take on as not-a-service
- Chris
- Upgrade brendel -> SL6
-
Finish off server hardware final report
-
Convert MPU profiles to use RMIRROR spanning map macros
-
MPU Data audit
- Stephen
-
T3 figures so far
- LCFG site -> SL6
- Continue documentation for Security project
-
Think of top 6 weeproj projects for wee proj project
-
Redirect openafs2012.inf to the conference archive location
-
remctl access to the wake service for computing staff
--
AlastairScobie,
ChrisCooke - 20 Nov 2012