MPU Meeting Tuesday 8th September 2015
LCFG Client Refactoring
More work has been done on the new packagelib. There are now functions
for reading and searching rpmlist files. Also a new iterator-based
interface for scanning through linked-lists of packages has been
added. This is particularly convenient for working with package lists
using the library from other languages such as Perl.
The new XS-based LCFG::PkgSpec Perl API is now coming along
nicely. All the functionality of the C library has been mapped into
Perl object methods. The only downside of this approach is that it is
not possible to sub-class the opaque object that is created. Stephen
needs to look into how that can be improved.
A new version of the whererpms tool has been added which uses the new
library to search the repositories in the
updaterpms.rpmpath
resource for the required packages.
Inventory
The new orders parser is now live. Some tidying up of LCFG profiles is
required to finish off.
The new clientreport is now modular. Currently there are modules for
DMI, monitors, NICs and OS. Chris will look at creating modules for
disks and firmware/BIOS.
Each hash returned should contain a version so that it's possible to
move between different versions of the module output. Possibly the
field could have an underscore prefix to mark it as private and not to
be stored into the DB?
Stephen suggested lower-casing the top-level key names to make it
easier to work with the output.
Alastair will look at PostgreSQL 9.4 and using the jsonb format to
store the raw client reports. The aim is that the clientreport script
will submit the report via an authenticated CGI which validates the
data and then stores it into the DB. Various pieces of client report
data can then be extracted by other scripts and stored in other
inventory tables.
Miscellaneous Development
- virtual dice
- Chris is having some problems with local guest logins. It could be PAM, nsswitch or sssd.
- bugzilla
- Chris will look at moving the LCFG bugzilla to 4.4.9
- Disk encryption
- Alastair is looking at encrypting swap and /tmp. It is not possibly to use the UUID to reference partitions in the crypttab file as they change at boot when the partitions are reformatted. For now will have to just use the device name (e.g. /dev/sda3).
- systemd component
- The component attempts to trigger a reboot and signals systemd to reload after rebuilding the config during the component stop process. It should do neither...
- lcfg-checkreboot
- There are a number of TODOs for the lcfg-checkreboot script. It needs much clearer logging about why a reboot has been triggered.
- network-online
- The network-online service hangs for a while at boot time. We should work out what is causing this problem.
- desktop SSH
- Stephen needs to review the desktop SSH configuration for SL7.
- network bonding
- Stephen will investigate how to get network bonding working correctly on SL7.
Operational
- jubilee
- The upgrade and reboot of jubilee has been done.
- yum
- Chris has checked the yum configuration on the login servers.
- azul and br0
- Chris has reverted br33 to br0 so that VMs can be easily migrated onto azul.
- RT tickets
- We need to review all the MPU RT tickets. In particular we must follow-up on #73254 regarding problems with the finger command.
This Week
- Alastair
- Inventory project
- continue working through TartarusWorkFlow
- finish deploying new order file processing code
- consider what next can be integrated into existing system, if anything
- Consider macaddr discovery tool (use same code as used for clientreport)
- Continue with clientreport
- look at running PG 9.4, with a 'reports' staging table with key-value host->jsonb records. CGI checks for simple things like structure, size, binary data before entering into table. Perhaps whitelisted keys ?
- Blog article about storing in 'reports' staging table.
- @home - look at using rsync from site.pkgs instead of mirroring from upstream
- Remove default pool if ops meeting agrees
- Experiment with different window managers under VNC (making the assumption that performance under NX will be similar)
- Think of a use for 'atom'
- Understand how NetworkManager works wrt init scripts
- Flesh out Base SL7 server project
- Investigate request for two reboots after machine install
- Check whether lcfg-checkreboot man page exists - and if not, create it
- Investigate network-online hangs at boot time on circlevm12 - hangs on desktops on vbox too
- Continue with investigating encrypted /tmp and swap
- Look at RT tickets to close
- Chris
- Inventory project
- continue working through TartarusWorkFlow
- Look at clientreport modules for replacing firmwarereport
- pkgsearch for SL7
- reimplement as a yum web front end (yum search for keyword produce an html file of links to cgi to do yum info)
- Need support multiple platforms
- Flesh out Base SL7 server project
- Continue work on VirtualDICE for SL7
- Continue work on bugzilla upgrade
- Liaise with George over iDRAC documentation
- RT tickets close
- Create a known issues section in http://computing.help.inf.ed.ac.uk/sl7 (liaising with Graham)
- Stephen
- LCFG client refactor stage 1
- LCFG client refactor stage 2
- work on C -> perl interface (XS)
- test on MacOS. (package spec)
- finish off new whererpms
- Think about PD - Interested in ZeroMQ
- Finish off window manager selector code - high prio
- Flesh out Base SL7 server project
- Continue looking at bonding on SL7 - both adding NM_CONTROLLED and modern method for configuring bond interface
- RT tickets close
- Add to activity list - improve fail2ban component to support local "fail2ban.d" type config
- Remove DICE_STICK_SL65
--
AlastairScobie - 08 Sep 2015