MPU Meeting Tuesday 16th September 2014

Virtual DICE

Chris expects to make this semester's images next week. He will accompany their release with posters or notices in the labs, mail to sys-announce, maybe a systems blog post.

Systemd

Alastair has committed his schema changes.

SL7 LCFG Port

Alastair has reworked the dependencies so that:

• getty does not start until the system has become stable
• updaterpms starts early on.
• auth and file components start before updaterpms
• Most other components including kernel depend on updaterpms starting before they do.

Chris has reproduced the EL7 GDM pam files using the pam component, but GDM still doesn't start. He'll replace all references to password-auth with system-auth as we use the latter.

Stephen has sorted out the mirroring of EPEL7 and site packages. There was no room in telford for any more disks so we're using a chunk of (Services Unit) SAN space mounted on telford. The layout is as described last week.

Currently all RPMs reach the packages master http.pkgs.inf.ed.ac.uk via AFS and are served by it over HTTP. This will change:

• Site mirrors will be served from sites.pkgs.inf.ed.ac.uk instead, starting initially just with the EPEL7 mirror.
• We will not be able to use AFS (too many files in the directories) so files will be served from both sites.pkgs and http.pkgs, each serving from local (or locally accessible) storage.
• The new version of the rpmaccel component (see Miscellaneous Development below) will allow the cache.pkgs servers to be configured to use one or other of these as the upstream master according to the path requested - so it will be easy to move mirrors from one server to the other.
• Both servers will also serve their repositories via rsync for backups.

PXE installs now work for EL7: Stephen found that the SL6 configuration more or less just worked.

Installs using the inf level will now default to a small root partition, the same size as in small-server.h.

Miscellaneous Development

rpmaccel

Until now the rpmaccel component has assumed just one upstream source, but for EL7 we need it to be able to configure the squid caches to have multiple sources. Stephen has rewritten it in Perl and Template Toolkit, and has extended it to add support for multiple repositories. This includes the ability to control which path goes to which upstream source using regular expressions. The new rpmaccel has not yet been deployed to the squid cache servers.

Stephen has written up our system security checks.

Stephen wrote up some project proposals. Chris also wrote up a project but encountered an interesting WebMark feature. On the subject of project proposals: Tim is going to add a pending status to computing.projects so that we can add projects there without them immediately going out for review (possibly months before the proposals are ready).

Operational

Server reboots

Chris updated the BIOS on oyster and took its OS to SL6.5. Stephen upgraded steen and bruegel to SL6.5.

R720 memory upgrades

Alastair has been looking into the nuts and bolts of upgrading our four 64GB Dell PowerEdge R720 KVM servers to 128GB memory. This is more complicated than expected as they turn out to have a variety of memory configurations with differing size, speed, voltage, dual/single dimm, and so on.

Old SSH servers

Stephen has wiped the disks on kubelik and hogwood and put both machines in the "spares" rack. Their former IP addresses now point to northern and piccadilly.

More consistent KVM server configuration

Chris has moved all the MPU KVM servers to live/mpu-kvm-server.h. As a result the servers at each site now carry consistent sets of subnets:

		Servers
		Forum	Tower	King's Buildings
Subnets	Forum
	Tower
	King's Buildings
	Intersite

NX server memory limit

The NX servers have a 1GB process memory limit. This breaks most GUI software (thunderbird, firefox, pidgin, etc.). Since staff.nx.inf.ed.ac.uk has less users we can afford to raise its memory limit to 2GB. The limit on nx.inf.ed.ac.uk will not be raised.

This Week

• Alastair
  • systemd project
    • start writing in blog
    • document the debugging including stuff about disabling graphical boot
    • Modify lcfg components/rc scripts list as a result of COs talk.
    • Consider how components will work with systemd
    • Add support to start/stop service units at Configure (not Start) time.
    • Start producing some documentation
    • Check systemd.wants etc are space delimited so can have multiple dependencies in LCFG macroYes, this works.
  • EL7 project
    • consider dependencies between components and ordering
  • Look at iplimit for computing.help
  • Projects blogs - start populating
  • Upgrade bakerloo,hilfe,jubilee to 6.5
  • Read Stephen's security notes
  • RT 65774
  • Check whether a standard piece of XML config is safe for adding a "boot from iso" - for documenting (or scripting later)
  • Raise ulimit on central to 2GB.Done for @staff on both NX servers
  • Need to remove default bridge from kvmtool create

• Chris
  • Virtual DICE (not this week)
    • publish poster
    • school announcement
  • EL7
    • continue looking at gdm, including pam config
  • url shortener (once gdm solved)
  • Projects EL7 blog - start populating
  • Update activity page
  • Upgrade amarela, vermelha to 6.5
  • Create Project entries - for KVM refinement project
  • RT 64049, 61762
  • Experiment with adding an extra bridge to circle with same number as br0

• Stephen
  • LCFG client refactor stage 1
    • schedule debrief meeting
  • EL7
    • Analysis of disk usage data
    • Continue thinking about boot.run functionality
    • Deploy new rpmaccel component and config
  • Reboot hammersmith,
  • Think about PD - Interested in ZeroMQ
  • Look at scanner reports
  • Projects blogs - start populating (eg EPEL 7 restructure)
  • Take RT 68269, RT 67577
  • Arrange for northern and piccadilly to move back to Forum/AT

-- AlastairScobie - 16 Sep 2014