MPU Meeting Tuesday 9th September 2014

Virtual DICE

Nothing happened, waiting for a couple of weeks for RAT to have the teaching software finished for Semester 1.



  • Chris has started work on the gdm PAM configuration.

  • Stephen has been looking at the mirroring of epel7. He has come up with a new approach which keeps our mirror in sync with upstream (including deletions) but uses a top-level lcfg directory to store hardlinks to the packages and also the rpmlist, headers and local yum repodata files. This means that when upstream deletes packages we will keep a copy and also we don't have to mangle the upstream yum files. This will not work with AFS but we already knew it would be difficult to store epel7 in AFS given we ran out of space with epel6. Stephen will look into getting some more storage on telford so we can serve it up via the standard packages sites URL. We should not need as much space as epel6 since there is only x86_64 now.

  • Stephen has submitted all the patches - bug#779, bug#780, bug#781, bug#782 - for the openssh LCFG component and Ian Durkacz is now going through them.

Miscellaneous Development

Audit Reports
Stephen has completed the work on the new Audit Reports scripts and they are now installed on the test SSH server (shrew) alongside the old scripts so we can do some testing and comparisons. We will probably run them on the live servers for a couple of weeks to ensure we don't miss any important issues before removing the old scripts.

Security Checks
Stephen has made a start on writing up some notes on the daily System Security Checks.

There is now a standard DICE apacheconf header for anti-clickjacking. We think this should be part of the default DICE apacheconf configuration, we will raise this at the next Operational Meeting.


SL6 PXE installer
The PXE installer for SL6 has been upgraded to SL6.5

HP DL180 firmware
Alastair has tested the USB based firmware updater on the our HP DL180. The image is now available in the standard directory for other units. Neil tested this on cetus, it did not fix the bonding issues so we still need to disable MSI.

This Week

  • Alastair
    • systemd project
      • start writing in blog
        • document the debugging including stuff about disabling graphical boot
      • Modify lcfg components/rc scripts list as a result of COs talk.
      • Consider how components will work with systemd
      • Continue with new schema deploy and
      • Add support to start/stop service units at Configure (not Start) time.
    • EL7 project
      • consider dependencies between components and ordering
    • Add more memory to Forum KVM servers? - 700 per server to upgrade 64GB -> 128GB - jubilee, hammersmith, oyster, waterloo
    • Look at iplimit for
    • RT tidy
    • Projects blogs - start populating
    • Try to build DL180 USB stick to try latest firmware
      • report on in Ops report
    • Upgrade bakerloo,hilfe,jubilee to 6.5

  • Chris
    • Virtual DICE (not this week)
      • publish poster
      • school announcement
    • EL7
      • continue looking at gdm, including pam config
    • url shortener (once gdm solved)
    • Add topic to ops report - apache resources wrt click-jacking
    • Projects blogs - start populating
    • Update activity page
    • Tidy up KVM servers so all use mpu-kvm-server.h
    • Upgrade amarela, vermelha, oyster to 6.5
    • Create Project entries

  • Stephen
    • LCFG client refactor stage 1
      • schedule debrief meeting
    • EL7
      • Analysis of disk usage data
      • PXE install
      • Continue thinking about functionality - following week
      • Hunt for disks for telford to store EPEL 7 mirror
    • Reboot steen, bruegel, hammersmith,
    • Decommission old ssh servers
    • Write up daily security checks
    • Think about PD - Interested in ZeroMQ
    • Look at scanner reports
    • Projects blogs - start populating
    • Create project entries

-- AlastairScobie - 09 Sep 2014

Topic revision: r6 - 16 Sep 2014 - 10:43:27 - AlastairScobie
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies