MPU Meeting Tuesday 29th October 2013


Alastair met with the CSOs (slides, notes) and the feeling was very much that every host needs a name, even self-managed ones with dynamic IP. As a result the inventory will have to be the authoritative master source of host names.

At some point we may want to derive DNS data from the inventory, and generally rethink our DNS infrastructure. (The DNS is currently one of our several smile authoritative master sources of hostnames.)

InventoryProject269Home links to more project details.

The next steps will be to finalise and publicise the schema, then flesh out how procedures would work.

Virtual DICE

There hasn't been much feedback from students, and nobody has volunteered to test anything. Chris will mail out a reminder asking for feedback.

LCFG Client Refactoring

Stephen has put together a header which installs the new client software for testing. More details can be found at LCFG Client V3 Update.

Kenny tested the new client on Mac OS X 10.9, uncovering bugs 685 and 688 in the process. Bug 689 has also been found and fixed.

You can now download a profile for any host in any domain (where the profile is made by your local LCFG server) and query its resources with qxprof. At some point this will work from a normal user account but for the moment it requires privilege.

The new client will go into the develop release soon.

Stephen is now thinking about the next stage (project 274, LCFG client - remove dependency on obsolete modules). One idea is that we might replace the current profile data structure - a hash of hashes of hashes - with an object-oriented format with a standardised API. We could then decouple the data structure from whatever mechanism might be used to handle the data, making it far easier to change that mechanism at will.

Miscellaneous Development



  • Stephen has implemented resource limits. He used pam_limits, which seemed like using a sledgehammer to crack a nut. It would seem that cgroups would be a better mechanism. Stephen looked into their configuration and found that it would be a nasty job, so he suggests a wee project to provide a component to manage cgroups. Currently cgroups are in flux - changing from a free-for-all multiple-hierarchy model to just one hierarchy - but if our component used just one hierarchy then it ought to be future-compatible.
  • Stephen's looked into resource monitoring - system acticity accounting statistics are collected every ten minutes, summarised every day and thrown away after ten days or so. It would be good to keep them for longer than that. Their file format is not portable, not even from machine to machine, but the data can be translated into other formats. Stephen has found a tool which graphs this data. With a bit of Python hacking it would be perfect for us.
  • Several problems keep cropping up - some Windows 8 users can't complete the NX installation, though others can; some users have terrible (and apparently irreversible) problems with GNOME, making NX unusable for them unless they choose another session manager; and file managers such as Nautilus can be left behind by incorrectly terminated sessions and can busily use CPU to no good purpose.
Stephen fixed up our backup and mirroring macros to the Services Unit's latest standard.
Stephen will introduce a DIYDICE_STICK_WITH_SL63 macro on DIY DICE.
Stephen fixed the problem in the inf bucket. It seems to have been a combination of factors. Roger noticed that createrepo was creating fresh metadata every time for each package rather than just creating new metadata where it didn't already exist. The pkglist option to createrepo didn't seem to be working properly: RPM header files in hdrs directories were being examined. They've now been excluded from createrepo. Also, createrepo cross-indexes the RPM ownership of files, so the presence of 1500 or so very large and quite similar Theon conduit RPMs in the one bucket must have given it a bit of a headache: with Graham's blessing Stephen deleted most of these RPMs, and their header files, from the bucket. The result of all this activity is that refreshpkgs now takes a few seconds to process the bucket instead of some hours.
A new major version, 4.4, has been released. Chris will see how much work it would be for us to upgrade to it.

Personal Development

Stephen has been working with Python. Along the way he's discovered that Python would be far more suitable for filtering auditd data than Perl would, since Python can access the underlying C API whereas Perl can just launch command line tools at the shell level. This discovery should allow us to significantly improve our security reports, in particular using whitelists to filter out harmless events leaving us with more readable and useful summaries of genuinely questionable events.

Chris has been learning about git and gerrit.

This Week

  • Alastair
    • Start Inventory project diary
    • Inventory project
      • Submit bug/enh to App::Cmd author wrt option to die on unspecified options
      • Pester George about location API
      • Publish revised schema (and document)
      • Flesh out processes
    • Order a spare 600GB disk for waterloo (hot spare)
    • Ask George - what does the TXretransmit value mean for switch connections?
    • Consider how to make metropolitan usable by users
      • ISOs
      • minimal docs (mostly manual)
      • they'll use virt-manager, but not create machines or change config
    • circulate table of LCFG bugs
    • Consider dhcpd component changes Just network component and install system for me. Propose adding a new resource to network component which understands the new tuple - this can be used in place of hwaddr_eth0 and, perhaps, ipaddr_eth0. Not sure about hostname_eth0.
    • Consider activities list
    • Look at whether we can source another NX server.central would be ok, but has same limited disk capacity as bakerloo
    • Ask Ian D to present his dhclient proposals to the next LCFG deployers meeting.
    • Cost up servers for Spending Plan
    • Add DIYDICE_STICK_WITH_SL63 to my DIYDICE box profiles
    • Look at gnome issue with NX
    • Tidy up RT tickets

  • Chris
    • Ask students if they've tried Virtual DICE yet, and if so what problems did they encounter.
    • Consider dhcpd component changes
    • Consider activities list
    • Start looking at LCFG -> git project - learn git (under PDP time). Start project.
    • Respond to Nigel's NX ticket.
    • Look at Bugzilla 4.4 to determine how much work upgrade will be
    • Tidy up RT tickets

  • Stephen
    • NX
      • Finish tidying up NX config
      • Will continue looking at monitoring
      • Complete script to kill orphaned processes
    • LCFG client refactor
      • deploy to develop release
      • report
    • Consider dhcpd component changes
    • Consider activities list
    • Continue python PDP
    • Start project LCFG client - remove obsolete module dependencies - project 274
    • Stephen will email Paul and Herry about SL6.4 -DIYDICE_STICK_WITH_SL63
    • Tidy up RT tickets

  • Carol
-- AlastairScobie - 29 Oct 2013
Topic revision: r8 - 12 Nov 2013 - 13:51:31 - ChrisCooke
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies