MPU Meeting Tuesday 10th March 2015

systemd

A draft of the final report has been written.

SL7

Screenlocking works fine on MATE with xscreensaver.

The problems with shutdown hanging waiting for the LCFG openssh component to stop have been fixed by adding a --no-block option in the ngeneric Service function for systemctl stop calls.

The DICE partition layout has been altered for SL7.

The new LCFG runner component has been deployed, will move the updaterpms component over to using it this week.

Whilst working on the runner component Stephen noticed that the mail component is not starting correctly. It has a bad assumption about the daemon having been started when the ngeneric IsStarted method returns true. Neil will look into the problem.

There are still some logrotate templates which are broken because they do not contain the necessary "su" directive for SL7.

There is now an internet-online.target in place which requires the routing component. Anything which really relies on being able to talk to external services at start time should be made to require this target. Alastair will add some documentation on this new target.

The openssh daemon will now start after openafs to ensure that the filesystem is available before users are able to login.

lightdm is now all finished.

The grub2 password still needs to be set system-wide in the inf-site.h header. That will cause a big profile rebuild so Stephen will do it out-of-hours.

There is a problem with journald and persistent user-specific logs, Alastair will investigate. It appears that journald and rsyslog are both watching the /dev/log device file. rsyslog should be reconfigured to load the journald module and stop watching /dev/log. The changes need to be made in the LCFG level as well as DICE.

Chris had problems with running virt-manager on SL7. It seems to require that libvirtd be active on localhost.

Chris will build the kvmtools package.

New Projects

Stephen will reawaken the LCFG v4 client project at the start of April.

Chris will finish his personal development then get up to speed on the inventory project so that he can help Alastair.

Miscellaneous Development

It looks like "skip sections" in the old LCFG-style templates are fundamentally broken. We should take a quick look at the problem but Stephen reckons there is not going to be an easy fix. Thankfully there are very few instances where this feature is used (the mail component did but not anymore). The recommendation is that "skip sections" should not be used, the LCFG-style templates are considered deprecated and they are not supported by the Template Toolkit templating systems.

The network component now has ethtool support. Alastair has added support for verbatim lines for any interface.

We should all read the KVM enhancement project proposal.

Stephen has done some work to make the LCFG::Om::Command module and the Service function properly close file descriptors 11 and 12 when necessary. Any shell component which calls the om command directly still needs to close the file descriptors explicitly. Stephen will do an audit to find all affected components and file bugs. This should stop the client rdxprof process becoming hung.

Operational

virtual dice

Chris has updated the virtual dice image for Semester 2

DR server

Alastair has worked out a spec for the new DR server based on the Dell R320

Security scans

Alastair has checked the recent web security scans. There are a number of high impact issues for computing.help, is this due to the use of particular drupal modules? devproj doesn't show the same issues but is a much simpler site. We could try using a test site without any modules and add each one back individually.

This Week

• Alastair
  • systemd project
    • Submit for signoff
  • EL7 project
    • Cook book entry
      • component need to start after daemon in certain cases ..... eg ssh where component will start daemon if daemon isn't already started..
    • what sort of level of space is required by systemd journald logging (for desktop /var sizing)
      • (By default journald logs to /run/log. Have to mkdir /var/log/journal to keep data). Have enabled on one machine
      • identify default retention policyDefault retention is to use up to 10% of partition. Can use either space or time as a constraint on space. Logs are per user + system, so users can read their own data. Each log file starts at 8MB, so a popular machine will have lots of log data.
      • Blog about journald retention policy - and document how to set...
      • Blog about decision to keep journald and /var/lcfg/log/syslog duplication - and resulting configuration change.
    • fix up lcfg-rsyslog configuration (re systemd-journald) for LCFG and DICE and blog
    • check installroot stuff same version across SL6 and EL7
      • and pull out old SL5 stuff
    • document internet-online.target in systemd documentation and cookbook
    • Try a DIYDICE SL6_64 install
  • Ship gso/tso fix at LCFG level (with network component) - ?? gso/tso not required if tx off and rx off removed - but tx off and rx off may still be needed when running virtualbox ??
  • RT 65774 - try two identical monitors on my machineIainR has two identical monitors on his SL6 box and doesn't encounter the problem
  • Need to remove default bridge from kvmtool create
  • Consider more cores as default for KVM guests
  • Look at KVM server loading
  • Schedule firmware upgrade for DS3254
  • Check scans - computing.help loads of high impact/high likely. (devproj and www.lcfg.org are ok)
    • Discuss with Neil
    • Look at creating another similar computing.help server and add in extra modules to tickle the problem
  • Look at SL6 KVM guest reboot hangs - tried reboot of brent and hjaelpe (both have local homedir) with no problems, but zipvm1 (AFS homedir, virtualbox) did hang for a couple of minutes
  • Read KVM enhancement project proposal

• Chris
  • EL7
    • investigate virt-manager See computing.help/virt-manager
    • try out kvmtools
    • start off final report See FinalProjectReport296
  • url shortener
  • Check DR server spec
  • Comodo certificate for wake.inf and computing.help

• Stephen
  • LCFG client refactor stage 1
    • schedule debrief meeting
  • EL7
    • document lcfg-runner
    • Need to put grub2 password into place
  • Look at 32 bit libraries mock issue (LCFG deployer)
  • Test northern's SAS disks in metropolitan
  • Junk central
  • Think about PD - Interested in ZeroMQ
  • Add extra memory to waterloo (and if those work, order up more memory for hammersmith)
  • Review last reviewed date for documentation and MPUhelpReview by 1st March
  • Read KVM enhancement project proposal
  • Check DR server spec

-- AlastairScobie - 10 Mar 2015