MPU Meeting Tuesday 5th March 2013

SL6 Server Upgrades

The last VMware VM, rendall aka forumtracker, still seems to be up and running. Alison will be killing it.

The project's final report is being written. When it's complete Chris will take the project for sign-off.

Security Enhancements

Stephen has been writing a lot of documentation:

• Using the LCFG rkhunter component
• Using the LCFG auditd component

Some configuration details have been tidied up:

• The auditd configuration is now locked in: any changes will need a reboot.
• We can configure auremote which sets up communication between auditd instances on separate hosts, but currently it seems too fragile so we won't use it.
• The pacct and auditd logs are currently backed up by hand from time to time. We would prefer regular automatic backups. Log rotation and the need to trap malicious changes make this more tricky than the usual simple rsync based setup.

Inventory

Nothing to note this week.

Login Logs Viewer

Nothing to note this week.

Sleep Enhancements

Testing of the session activity sensing version of lcfg-sleep has continued. Bug reports have come in and adjustments have been made. Chris will expand the testing somewhat.

The first fledgling sleep activity report has been produced using BuzzSaw::Filter and BuzzSaw::Report. It needs some fine tuning.

Misc Devel

Nothing to note this week.

Operational

OpenAFS 1.6.2

It's now out. The team expects to produce more regular releases from now on; 1.6.3 may appear in 6-8 weeks.

KVM

Carol will be doing an audit to make sure that all guests are still required, to free up resources for new guests, and ensure that no unused, half-managed machines are left lying around. She will also be asking people to power-cycle those migrated VMs which don't know where their storage really is.

KVM console trouble

Stephen found that the console for pinemarten was not available through conserver today. Ian Durkacz is looking at the problem.

libvirtd

Alastair and Chris have both occasionally had to restart libvirtd on one or other of the KVM servers.

KVMOddities

Prompted by the above points we now have a KVMOddities page to be used for noting down and keeping track of any peculiar or wrong behaviour associated with KVM.

Student ssh gateway replacement

kubelik is going to replace dunlin as the student ssh gateway. We'll want it to be in AT. The inventory says it's there but it's not in ATServerRoomMainServerRacksPopulation so perhaps it's not. We'll hunt it down.

New FreeNX service

bakerloo is going to become a FreeNX server. It'll be managed by MPU.

New KVM Servers

At some point soon we'll be getting a couple of new KVM servers. These ones will live in AT.

This Week

• Alastair
  • Read rkhunter and auditd documentation
  • Sort out RT bugs
  • Educate individuals about inappropriate KVM guest sizes
  • Look at gconf component for reducing default time for monitor display turnoff
  • Create an MPU KVM server header - finish off and deploy
  • Reload inventory project into brain
  • Review action list

• Chris
  • Create a wiki page for us to log kvm incidents
  • Finish off sleep -> harvesting data for David Sterratt, and further sleep testing
  • Take SL6 project for signoff
  • Start off DICE-ish virtual image project (flesh out new project plan and take to development)
  • Review action list

• Stephen
  • flesh out SL6 project report
  • write UKUUG talk
  • Review action list

• Carol
  • carry out an audit to make sure that all guests are still required
    • to free up resources for new guests,
    • shouldn't leave unused, half-managed machines lying around

-- AlastairScobie - 05 Mar 2013