MPU Meeting Tuesday 2nd September 2014

Virtual DICE

Oustanding actions before project completion:
  • poster/media display
  • project homepage snapshot
  • school wide announcement
  • user support sign-off
Chris has produced a possible poster to display in the labs, but publicity for Virtual DICE - posters and announcements - would probably be best done when the new session's Virtual DICE release has been done. That will be done once the usual last minute teaching software requests have made it into the stable release - hopefully in the week starting 22 September. A project homepage snapshot would include everything written in connection with the project, including blog posts. In general it's probably an idea to blog about your projects about once a week - if you've done work on the project that week. In this case the Virtual DICE reports from the MPUnitMeetings would probably serve.

systemd

Alastair has added support for zapping presets (by creating links to /dev/null in /etc to override systemd files in /usr/lib).

The component can now restart the machine if the systemd configuration changes. This is configurable.

The component now only rebuilds the configuration if resources have changed.

Components are not yet restarted on relevant systemd configuration change.

Alastair has found a limitation of systemd - seemingly systemd dependencies cannot be altered, only added to. The problem he was investigating at the time was of getty - we want to delay its start until after LCFG is ready. Stephen suggested that we work around this by creating /etc/nologin at the start of the boot process and deleting it at the end.

SL7 LCFG port

Alastair's next task will be to work out the systemd ordering and dependencies between LCFG components.

Chris is going to try out the gdm pam files with lcfg-pam.

Stephen has collected lots of disk usage data. He's still analysing it but two things are starting to emerge:

  1. /var seems tiny on most machines.
  2. There are probably going to be two distinct populations: desktops and servers. The servers have a lot more in /var but far less in /.

EPEL 7 is out of Beta. Stephen will swap mirrors so we can use the real EPEL 7 rather than the Beta. On the topic of mirrors, IS is planning to mirror SL and EPEL.

Miscellaneous Development

At Kenny's suggestion Stephen has added kdcregister to the installroot so that sites can register with the KDC early in the install process. In addition the eucs-sslcerts RPM was added to the EL7 Edinburgh environment package list. It was already in the SL6 list.

Stephen is working on improved security reports.

Operational

Stephen has moved [student.]ssh.inf.ed.ac.uk to schiff and staff.ssh.inf.ed.ac.uk to brendel. The former ssh hosts hogwood and kubelik are now powered down.

Chris will reboot waterloo and oyster on Thursday 4th and 11th respectively.

northern and piccadilly are ready to be unracked and moved downtown.

The DL180 MSI fix seems to solve the BondingProblems. Alastair is going to try out the DL180 BIOS update, which is installed via USB key.

Chris will circulate his LCFG resources to combat clickjacking using X-Frame-Options.

Chris will move the Documentation section to the top of the ManagedPlatformUnit page to make it more noticeable.

Our KVM servers are configured with either dice/options/kvm-server.h or live/mpu-kvm-server.h. The latter was intended to replace the former in MPU KVM server LCFG files. Chris will move the remaining MPU KVM servers to the live header.

We'll have a projects prioritisation meeting later this week.

This Week

  • Alastair
    • Order a spare 600GB disk for waterloo (hot spare) We have 4 spare 600GB disks in northern/piccadilly we can deploy or keep as spares.
    • systemd project
      • start writing in blog
        • document the debugging including stuff about disabling graphical boot
      • Modify lcfg components/rc scripts list as a result of COs talk.
      • Consider how components will work with systemd
      • Start designing a systemd target structure for LCFG components
      • Add support to start/stop service units at Configure (not Start) time.
    • EL7 project
      • consider dependencies between components and ordering
    • Add more memory to Forum KVM servers? - 700 per server to upgrade 64GB -> 128GB- (which ones?)
    • Look at iplimit for computing.help
    • RT tidy
    • Projects blogs - start populating
    • Look at extending remaining deadlines for Virtual DICE project (eg poster etc - want to wait until RAT packages stable)
    • Try to build DL180 USB stick to try latest firmware.

  • Chris
    • Virtual DICE (not this week)
      • publish poster
      • school announcement
    • EL7
      • look at gdm, including pam config
    • url shortener (once gdm solved)
    • Reboot waterloo and oyster
    • Will circulate apache resources wrt click-jacking (to MPU)
    • Schedule a meeting to discuss MPU spending
    • Projects blogs - start populating
    • Update activity page
    • Tidy up KVM servers so all use mpu-kvm-server.h

  • Stephen
    • LCFG client refactor stage 1
      • schedule debrief meeting
    • EL7
      • Analysis of disk usage data
      • PXE install
      • openssh patches - bug#779, bug#780, bug#781, bug#782
      • Continue thinking about boot.run functionality - following week
      • Swap to real Epel 7 mirror
    • Update PXE to RH6.5
    • List MPU reboots (incorporate required firmware updates)
    • Write up daily security checks
      • Finish off tidying up scripts
    • Think about PD
    • Look at scanner reports
    • Projects blogs - start populating

-- AlastairScobie - 02 Sep 2014

Topic revision: r8 - 08 Sep 2014 - 13:57:08 - ChrisCooke
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies