MPU Meeting Friday 20th June 2014

Virtual DICE

Chris has tested the LDAP changes. It is now possible to login using DICE credentials from edlan without using a VPN. Chris has revamped the documentation to reflect this change. It was agreed that the notes on how to use the VM with a local user (i.e. for when without network access) would be moved into a separate page to avoid the potential for confusion.

LCFG Client Refactoring

Nothing happened.

Systemd

Alastair now has a better understanding of how to debug systemd, the LCFG component has gained resources which can be used to control the destination of log output. He has also worked out how to disable graphical booting by using the text theme for plymouth, we need to add support for configuring plymouth somewhere as this is no longer done via the kernel command line.

Alastair has been trying to make the getty start at the end of the boot sequence rather than in the middle so that users are not tempted to login before the boot has completed. Stephen suggested we could touch /etc/nologin and then remove it at the end of booting to prevent early logins.

Stephen noted that various parts of the LCFG client infrastructure look at the timestamp on the "boot stamp" file to see when the machine last booted, this is managed by the lcfginit script, is that still the best place for it to be done? We also need to move the boot.run functionality to somewhere else, Stephen suggested moving it to the cron component. Stephen will check if there is anything else in the old boot component which will require porting.

systemd is now properly handling the starting LCFG components, Alastair will now put it into the EL7 core. The inclusion of lcfg/defaults/systemd.h will have to be before any other component that has to be started at boot time so the CPP macros can be used.

There seems to be a problem with the systemd oneshot mode and LCFG components which start daemons (e.g. the LCFG client) where the daemon fails to persist. We should check what other components would be affected in the desktop list.

LCFG Port to RHEL7 or compatible

  • The handling of access.conf files has been transferred from the auth to the accessconf component.
  • The ed/dice flavour inf-level headers are finished
  • Stephen is working on the /run transition
  • The defetc package is mostly done, we will need to check epel for fixed UID/GIDs when it has been completely built
  • The mail component has some weird build problems, Stephen will investigate
  • Stephen will start work on the LCFG build tools soon
  • Chris has added XFS support to the fstab component
  • Stephen noted that tmpfs partitions are not listed in /etc/fstab, where are they configured now? What does the mounting? Is this a systemd thing?
  • We need to think about default partition layouts for both LCFG and DICE

Miscellaneous Development

logserver
A bug was discovered in the LCFG logserver which caused it to crash when the configure method was called. This has been present since the end of February so it's surprising we haven't hit it sooner. A fix has gone in and Stephen has added a cron job to ensure it is running on all DICE machines.

diskfull
The diskfull script now honours the MAILTO environment variable setting. By default it sends mail to root@inf.ed.ac.uk which meant that we missed the report that sauce had a full disk. MPU relies on mail to root being sent to the mpu mailing list, that is done using an alias which doesn't match the fully-qualifed mail address.

Operational

Full root partitions
Some partitions have full root partitions due to users putting large files into /tmp. Stephen suggested we should make this a separate partition for EL7.

New KVM servers
Chris has installed the new KVM servers at KB. Still needs LVM configuring and some other work before we can start moving VMs. We should also ensure they are both running the latest firmware before they go into service.

LCFG master move
We will move the LCFG master from schiff to steen on Monday 30th June. We will announce an at-risk period of 10am to 12noon although it should be done much quicker than that.

staff.nx
Chris would like Stephen to check over the access controls before we announce the service.

kernel upgrade
A kernel upgrade has gone out to DICE machines along with a minor security update for openafs

This Week

* Alastair

    • Order a spare 600GB disk for waterloo (hot spare)
    • Double check latest web security reports
    • systemd project
      • start writing in blog
        • document the debugging including stuff about disabling graphical boot
      • Modify lcfg components/rc scripts list as a result of COs talk.
      • Complete lcfg-systemd component - install method
      • Consider how components will work with systemd
      • Consider journald
      • Look at how component triggered reboots will work
    • EL7 project
      • continue process of managing components using systemd component
      • put systemd config into el7 level
    • Add more memory to Forum KVM servers? - 700 per server to upgrade 64GB -> 128GB
    • RT tidy

  • Chris
    • EL7
      • Continue looking at systemd
      • Resubmit failed auto build packages
      • lcfg-mail component
      • lcfg-fstab - continue work on adding xfs support
      • pkgsubmit
      • installbase package list
    • open up staff.nx and announce (check identical to existing nx service)
    • Continue work on new LCFG master
      • migrate on 30th June
    • Deploy new KB based KVM servers (check latest firmware)
    • Think about PD
    • RT tidy

  • Stephen
    • LCFG client refactor stage 1 -> activity page
      • schedule debrief meeting
    • Check with SEE what they did to improve NX performance -> activity page
      • make any easy changes
    • EL7
      • continue work on relocating /var/lcfg/status and /var/lcfg/lock -> /run
      • Will look at boot component functionality that will need replicating
    • Reboot hare to test firmware update
    • Double check staff.nx config (roles?)
    • Write up daily security checks
    • Think about PD
    • RT tidy

-- AlastairScobie - 20 Jun 2014

Topic revision: r2 - 30 Jun 2014 - 08:48:01 - StephenQuinney
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies