MPU Meeting Tuesday 26th March 2013

SL6 Server Upgrades

The last VMware client has been shut down and the last VMware server has been switched off!

We've finished the final report for this project. Stephen has added a useful summary of our thoughts on which upgrades were essential and which could have been done over a longer timescale as part of the normal operational lifecycle of a service. Chris has mailed out the request for sign-off.

Security Enhancements

Stephen's talk (Do bad guys work weekends? at the FLOSS UK Spring Conference) went well. Other than that there's been no activity on this project since the last meeting.


No activity.

Login Logs Viewer

No activity.

Sleep Enhancements

David Sterratt has kindly agreed to help with the final roll-out of the latest lcfg-sleep. Meanwhile Chris is on the point of mailing out a request for more beta testers.

Virtual DICE Image

Chris got a DIY DICE client installed using VirtualBox. He had to install it from a CD image as PXE installs for DIY DICE weren't working.

Stephen has now fixed PXE installs for DIY DICE. Stub profiles now get all supported platforms added to them.

Alastair will alter the PXE installer to make it inherit the NFS PXE root from the kernel command line.

Misc Devel

Following the FLOSS Spring 2013 conference, Stephen took a quick look at Icinga and in particular at the possibility of using it here. It's an active open source project with an enthusiastic community of developers, and seems to avoid odd or questionable licence conditions found in some other products. As might be expected the configuration is very similar to that of Nagios. However some of our current Nagios configuration seems a little over the top - for instance we use a custom mechanism for starting it rather than just using an rc script - so it would be more than a trivial few minutes' work to change over. However Icinga would still be well worth looking at when we have time.

According to Wikipedia, The name Icinga is a Zulu word meaning "it looks for", "it browses" or "it examines" and is pronounced with a click consonant.


ATI/fglrx graphics driver
The latest version (13.1) of the ATI/AMD "Catalyst" graphics driver, a.k.a. fglrx, does not support the graphics cards in the HP 7900s and will not even build when it spots an unsupported card. The old version (12.4) we have been using does not work with the latest xorg packages in develop - X will not start. The latest xorg packages have come as dependencies to security fixes back-ported from SL6.4 to 6.3. Webots needs features in Catalyst which are not in the open source driver. We now need to either find a way to make webots work without the Catalyst driver or we have to hold back the xorg update along with the updates to any packages which have dependencies on the latest xorg packages. Holding back that many updates is probably our only viable option but is going to be a maintenance nightmare.
xfree component fix
Related to the ATI problem above, the xfree component has now been fixed to cleanly withdraw its configuration from a machine when no longer needed. It now keeps a checksum of its xorg.conf file, and when it is no longer managing the X configuration it will now delete xorg.conf if the checksum matches the version of the file which it created. In this way it will delete its own unwanted configuration file but files which have been changed by other means will be left intact.
kernel component problem
Also related to the ATI problem above, it has become evident that the kernel component has a bug. It does not remove recorded trigger dependencies when a module is removed from kernel.srcmodules. This means that if the module is subsequently re-instated, its install method will not be run if its RPM version and the kernel version are the same as they were prior to removal. This is LCFG Bug 648.
the latest Xorg update doesn't work with VirtualBox 4.1 guest additions, but it seems that version 4.2 of the guest additions works well enough with version 4.1 of the application.
Alastair has been revising the DIY DICE docs and moving them to their new home on
gconf component
Alastair has got the gconf component ready to ship to DICE. We can now use it to do such things as reduce the 30 minute default for the inactivity screen blank, and make screen locks on student lab machines sprout a Logout button after a period of inactivity.
KVM Server Header
Alastair's been working on a kvm server header. However we're going to need site-specific headers so he'll leave the completion of that until later.
It turns out that the IPMI installation isn't compatible with the latest develop release kernel, 2.6.32-358.2.1. Chris has added a local fix to lcfg/options/ipmi-sensors.h to tide us over until an upstream fix appears.
Old Servers
We have some old machines which are going to the skip. Some of them will need their disks wiped first. Chris will sort out what needs doing and farm out the work.
student.ssh replacement
We need to replace dunlin with kubelik. Note that we'll need to be careful to retain the current dunlin ssh host key on kubelik and to make this OK with the Wallet system too. Stephen suggested two new methods for lcfg-openssh: "rekey" which destroys old ssh host keys, creates new ones and then stores new ones in wallet and then also "savekeys" which stores current ssh host keys into wallet, potentially overwriting anything previously stored.


Alastair has added another project suggestion, 277: Use LCFG to pre-configure Apple Macs.

Chris will mail COs to ask for any requests for MPU development for T2.

This Week

  • Alastair
    • Discuss adding virtualbox additions by default
    • read source/trunk/BuzzSaw/docs
    • Ship gconf ? (after discuss at ops meeting)
    • Complete DIYDICE docs
    • Educate individuals about inappropriate KVM guest sizes
    • Reload inventory project into brain

  • Chris
    • Poll for some more sleeping volunteers
    • Work on virtual DICE image project
    • Fix DIYDICE to be SL6.3 -> check with Paul's HP machines first
    • RT tickets
    • Identify which of our servers need disk wiping and farm out work
    • Figures up to 29th March

  • Stephen
    • complete buzzsaw documentation
    • fix kernel component re forgetting old src module dependencies
    • fix up virtualbox additions and catalyst headers
    • RT tickets
    • Some innovation
    • Figures up to 29th March

  • Carol
    • carry out an audit to make sure that all guests are still required
      • to free up resources for new guests,
      • shouldn't leave unused, half-managed machines lying around

-- AlastairScobie - 26 Mar 2013

Topic revision: r8 - 02 Apr 2013 - 08:07:15 - ChrisCooke
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies