MPU Meeting Tuesday 15th September 2015


Alastair's looking into PostgreSQL 9.4.

LCFG Client refactoring

Stephen has spent quite a lot of time learning about XS, which can be used to make an interface between C and Perl code. He's found a way of specifying Perl module dependencies. He has now documented the API of his new LCFG::PkgSpec library. He intends to get it tested on a Mac next week.

Misc development

  • Stephen has made dice/options/desktop-ssh.h safe to use with SL7:
    • Last week's confusion with the firewalld package being both added and removed has been solved: the LCFG layer now no longer installs it in the first place, so it can safely be added where needed. (That's also the case for anaconda, firstboot and pcp.)
    • He's updated the fail2ban version. This brought a configuration change, from a configuration file to the usual drop-in directory style. Of course the fail2ban component has to change to match this. For now Stephen has done the minimum necessary to get it to produce a working configuration for the new version of fail2ban. However the component will need further work to adapt it cleanly to the new configuration style. Another change in the new fail2ban version is its support for reload rather than restart after a configuration change. This is far faster, so there's no longer a coverage gap of a few seconds while the software restarts. The component now supports this change.
  • Stephen has been looking into network bonding on SL7. We'll need to explicity disable Network Manager in interface configuration files of masters and slaves, so that the old network scripts can take control. He realised while looking at this that we have been setting options on individual bonds incorrectly: interface configuration should be specific rather than global. Bonding has been working nevertheless, but only because we have so far needed a maximum of one bond per machine.
  • Alastair has been looking into a problem with the systemd component: it was signalling the daemon when shutting down. It was also calling the Fail method when it shouldn't have been, leading to a situation from which recovery was impossible without outside intervention. (This is why the Fail method is almost never the right one to use in an LCFG component.) He's also improved lcfg-checkreboot logging of reboot requests from the systemd component, to produce a record that's easily searchable using journalctl. The man page will say how to get journalctl to report such component-requested reboots. It would also be desirable to report the reboot request to the console, but so far there seems to be no meaningful way to do this. It's easy enough to get the warning to the console, but it could easily be swamped by messages from other system components.
  • Toby has fixed LDAP on maipo, the stock SL7 machine. It now uses sssd.
  • Alastair is still investigating encrypted tmp and swap for DICE.
  • A problem with USB disk mounting on SL7 was solved by the installation of caja, the desktop manager software for the MATE project. This seems to have improved the performance of MATE in general.
  • Virtual DICE SL7 local logins are now working. The changes needed over SL6 were to use SHA512 encryption for passwords and to spot and override a prohibition (in dice/options/office.h) against local logins in DIY DICE.


  • Chris is updating the DICE SL7 release notes and the DICE SL7 window managers doc page.
  • Stephen has the kernel and AFS versions up to date on SL6 now. Barring sudden security fixes they should stay up to date for the rest of the year, we hope.
  • Alastair and Chris have been working on encryption documentation which will be published soon.
  • A desktop upgrade to SL7 turned up a few odd problems:
    • bash localfuns was missing. It turned out to be entirely broken and unnecessary so we've tidied it up.
    • XEmacs was requested. We will install it when requested on particular machines, but it now seems clear that Gnu Emacs is the preferred option for DICE in general.
    • A problem was encountered with sound. It's been mentioned in the DICE SL7 release notes.

This week

  • Alastair
    • Inventory project
      • continue working through TartarusWorkFlow
      • finish deploying new order file processing code - just a matter of removing an override in steen's profile
      • consider what next can be integrated into existing system, if anything
      • Consider macaddr discovery tool (use same code as used for clientreport)
      • Continue with clientreport
        • look at running PG 9.4, with a 'reports' staging table with key-value host->jsonb records. CGI checks for simple things like structure, size, binary data before entering into table. Perhaps whitelisted keys ?
          • PG9.4 - looks like issues with support in DBIx::Class and DBICDUMP. Stick with 8.4 and TEXT for now
      • Blog article about storing in 'reports' staging table.
    • @home - look at using rsync from site.pkgs instead of mirroring from upstream
    • Remove default pool if ops meeting agrees
    • Experiment with different window managers under VNC (making the assumption that performance under NX will be similar)
    • Think of a use for 'atom'
    • Understand how NetworkManager works wrt init scripts
    • Flesh out Base SL7 server project
    • Investigate network-online hangs at boot time on circlevm12 - hangs on desktops on vbox too
      • probably because the is only reached once a one-stop service that calls nm-online has been called. The nm-online command attempts to ask NetworkManager whether the connection is up, but we've configured NM to die once it has finished configuring the network - so nm-online has no NM to speak to.Have added NM_CONTROLLED=NO as default (using new network component) and removed the configuration that instructs NM to die.
    • Continue with investigating encrypted /tmp and swaplcfg-fstab and lcfg-hackparts now have support. Need to deploy. Need to develop script to modify existing machines
    • Look at RT tickets to close

  • Chris
    • Inventory project
      • continue working through TartarusWorkFlow
      • Look at clientreport modules for replacing firmwarereport
    • pkgsearch for SL7
      • reimplement as a yum web front end (yum search for keyword produce an html file of links to cgi to do yum info)
      • Need support multiple platforms
    • Flesh out Base SL7 server project
    • Continue work on Virtual DICE for SL7
    • Continue work on bugzilla upgrade
    • Liaise with George over iDRAC documentation
    • RT tickets close

  • Stephen
    • LCFG client refactor stage 1
      • schedule debrief meeting
    • LCFG client refactor stage 2
      • document C libraries
      • work on C -> perl interface (XS)
      • finish off new whererpms
    • Think about PD - Interested in ZeroMQ
    • Finish off window manager selector code - prio soon
    • Flesh out Base SL7 server project
    • Ask Graham where he got to with bonding on SL7
    • RT tickets close

-- AlastairScobie - 15 Sep 2015

Topic revision: r10 - 23 Sep 2019 - 13:33:38 - AlastairScobie
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies