MPU Meeting Tuesday 4th December 2012

Server Upgrades

Package Master

Chris is testing refreshpkgs on SL6. This is roughly what to do:

• Touch an rpmlist to trigger refreshpkgs.
• If that worked, try a package submission.
• Check the contents of rpmlist.
• Check yum. yum clean all should be run first to clear the local machine's cache.
• There may be a missing dependency on createrepo.
• Expect failures involving perl-AFS.
• Create a new test bucket and check that that works.

LCFG Export

The new host for these websites will be polecat.

• Stephen reports that the main LCFG website just works on SL6. It would be good to revamp its tech to some extent (for instance it still uses CVS) but it's not urgent.
• The wiki isn't working so well: the content works fine with TWiki 5.1 but the LCFG theme doesn't.

Security Enhancements

Not much this week.

Inventory

The project went forward for prioritisation.

It looks as if the most complex factor will be the need to store history in the inventory as well as the current situation.

Login Logs

Stephen has been exploring Python. Its OO facilities are better than the base Perl ones but rather basic compared to Moose.

Miscellaneous Development

LVM component

Alastair has tested and shipped the latest LVM component. He'll change the kernel component to be more informative.

updaterpms

Chris will tackle bug 629, could updaterpms warn when deleting RPMs?.

sleep component

Chris has added a nosleep command to accompany the sleep component but hasn't yet shipped it.

Operational

Archiving Logs

Stephen has been looking at how we might archive the various security logs. It's a complicated problem as we want to guard against overwriting original logs with edited/hacked ones while still taking regular copies.

Process accounting

is straightforward: copy new files and shout if gzipped files differ.

Audit logs

are more awkward. They're rotated when they get to a certain size. The number suffix on each file is increased with each rotation. auditd doesn't support datestamps or logrotate. These files are currently being manually synced.

Firmware Checks

Chris checked for new HP DL180 firmware updates.

QLogic SAN problem

Richard upgraded phantom. It's like telford except that it has ten SAN volumes rather than one. telford boots fine but phantom can't boot. The QLogic driver seems too slow, or something? Alastair will investigate.

Package Forge, adding a builder

Chris had difficulty adding a builder to Package Forge while Stephen was away. The documentation should cover most of it but also check that the Postgres ACLs in the live header are sufficient to give you personal permissions to do things.

R710 Firmware

Chris will check for critical firmware updates for northern and piccadilly.

Innovative Learning Week

Paul suggests running a tutorial course to teach students about LCFG.

This Week

• Chris
  • Carry on with refreshpkgs upgrade
  • Help Stephen with twiki theming
  • Document ssh keys mgmt - macos
  • Check R710 patches for critical fixes (so can decide whether need to do before SL6.3 upgrades of KVM servers)

• Alastair
  • Investigate fibre problems
  • Look for new libvirt-client (sl testing or rebuild rhel) .. is in fastbugs
  • Try subscribing to more Dell models to see whether do get mail re firmware
  • Systems blog article on the KVM Service
  • Report libvirt empty LVM group issue to Redhat, unless fixed in 6.3
  • create an MPU KVM server header
  • Document ssh keys mgmt - windows
  • Stargaze
  • What jobs can we give to our CSO?
  • Reboot metropolitan

• Stephen
  • wiki.lcfg.org upgrade
  • security enhancements
  • login logs project (learning python)
  • Document ssh keys mgmt - linux

-- AlastairScobie - 04 Dec 2012