MPU Meeting Tuesday 9th February 2016

Inventory

Nothing happened this week.

LCFG Client Refactoring

Nothing happened this week.

SL7 Server Base

Stephen has changed the hw headers for the models we've been able to test (Dell PowerEdge r210, Dell PowerEdge r610, Dell PowerEdge r620, Dell PowerEdge r710, Dell PowerEdge r730, Dell PowerEdge r815, Dell PowerEdge sc1425, HP dl120 g6, HP dl180 g6) to make them use modern naming by default under SL7. See also Consistent network interface names and LCFG and Network interface naming.

Stephen noticed that VLAN support was not working properly on SL7. George traced this to Reverse Path Filtering having been enabled. Disabling it again fixed the problem. That was done by the following addition to lcfg/defaults/kernel.h :
LCFG_KERNEL_SYSCTL(ipv4rpfilterdefault,net.ipv4.conf.default.rp_filter,0)

Stephen then re-checked other SL7 networking and found it to be functioning properly.

LCFG apacheconf component

Stephen has rewritten the component. Templates have been updated. The general approach was to try to move the current provision closer to Red Hat's default and to update to Apache 2.4.

Most of the hard-wired defaults have been removed, making the configuration more flexible.

Module configuration has been split out so that each module has its own configuration file. These files will at minimum load the module, but can also pull in a standard bit of configuration for that module and can be used to declare some verbatim configuration for the module too.

Each virtual host has its own configuration file now too. Virtual hosts can now be marked "inactive". This means that the configuration file will be generated but it will not be used by Apache - giving an administrator a chance to visually check the generated configuration before putting it into service.

Configuration recipes will be added to http://wiki.lcfg.org.

As yet there is no working Cosign support.

MPU Services SL7 Upgrade

We came up with an almost complete project plan for moving the MPU's services to SL7, which Alastair presented to the Development Meeting.

Miscellaneous Development

SL 7.2

It's ready to use. It'll soon be the default version of SL7 on the develop release. See the release notes.

• The installer uses the latest kernel.
• lightdm has been updated.
• xscreensaver has been updated. By uninstalling all additional xscreensaver packages, it has been deliberately limited to locking and blanking screens: no graphical screensaver displays will be permitted.
• light-locker was tried but as yet it doesn't seem secure enough.
• mate-screensaver works, but only if you're using MATE.
• VirtualBox version 5 is the default on 7.2.

HP Elite 800 G2

Alastair has been trying to get this to work with DICE.

• The pmbr_boot property has to be toggled to "on" the first disk before DICE can boot from it. We will modify hackparts to do this automatically.
• So far it has been exceptionally unreliable when running DICE. X freezes regularly. The machine is fine when booted from the SL7.2 CD, or when running stock SL7.2 - but as soon as its packages are updated, it freezes on every subsequent boot. With a DICE install, it will work with the first "327" series kernel but not with updates such as 327.3 and 327.4.
• Booting in UEFI mode seems slightly less unreliable than in legacy BIOS mode - but only slightly.
• The machine uses the Skylake CPU family. The machine's chipset was only released in November.
• The previous SelectPC, the G1, is now no longer available.

Operational

Disk trouble on amarela, and firmware updates

One of the disks on amarela warned of imminent failure (RT 75992). Dell provided a replacement disk, but also told us that such warnings are very often caused by a firmware bug. Sure enough the firmware on amarela needs updating. Chris is going to do this on the morning of Friday 12 February. Once amarela is up and running, those firmware updates will be recommended for other applicable servers.

Package mirroring

Stephen found that the package mirroring script wasn't completely excluding unwanted architectures such as PowerPC. He's corrected the problem, thereby freeing up 14GB of space.

AMD Fire Pro GPU card

The purchasers of the Fire Pro card have decided to use it for graphical display as well as for programming, so Stephen has added xfree configuration for it to the video_amd_catalyst_pro.h header. (The configuration basically just says which HDMI port to use - there's a choice of 4.) We intend to experiment with IPMI temperature monitoring of the card.

LCFG workshop for Innovative Learning Week

It'll be on Wednesday 17 February. The VM and the slides need to be coordinated; those involved will meet later this week.

This Week

• Alastair
  • Inventory project
    • continue working through InvProjectWorkFlow
    • consider what next can be integrated into existing system, if anything
    • Check for systemic errors from clientreport
      • Look now that servers don't check monitors
    • Document clientreport
    • Document order sync code
    • Continue work on hpreport processing script
  • Remove default pool if ops meeting agrees
  • Think of a use for 'atom'
  • Deploy encrypted /tmp and swap conversion script
    • test revised version on another set of machines (on FH-3.D01)
    • Need to warn users that Gnome3 may pop up a window about /tmp being full (when script is run)
  • SL7 base server
    • Localhome functionality - use mkhome_dir instead?
    • check metropolitan USB and CD
    • Continue work with FC and LVM (awaiting 7.2)
      • investigate interaction between multipath and UDEV Multipath working fine (though need FC removal check). Awaiting Matthew to apply patch to lcfg-lvm
      • check nagios notices if FC cable removed
      • Blog about this... (draft article started)
    • network and bonding
      • • Update https://wiki.lcfg.org/bin/view/LCFG/NetworkComponent
  • Schedule MPU meeting to discuss systemd ordering
  • Continue building computing.help honeypot
  • Finish work on ILW virtualbox image
    • package up stuff and document process
  • Read through SL7.2 release notes
  • Consider milestones for inventory project
  • Continue work on HP 800 G2
    • Modify hackparts to support "parted disk_toggle pmbr_boot" on a per drive basis
    • Test new hackparts/fstab in installroot to build a G2

• Chris
  • Inventory project
    • continue working through InvProjectWorkFlow
    • Look at clientreport modules for replacing firmwarereport
  • pkgsearch for SL7
    • reimplement as a yum web front end (yum search for keyword produce an html file of links to cgi to do yum info)
    • Need support multiple platforms
  • Liaise with George over iDRAC documentation (look through ops reports to remind)
  • SL7 -
    • test out rsync / rmirror (both client and server ends) - liaise with Neil
  • SL7 MPU servers
    • update project plan
  • RT tickets close
  • Continue investigating SL6 sleep problem
  • Schedule MPU stargazing meeting
  • Try looking at ipmi-sensors on "theia" (suspected fan issue)

• Stephen
  • LCFG client refactor stage 1
    • schedule debrief meeting
  • LCFG client refactor stage 2
    • document API
    • blog article (once documentation complete)
  • apaceconf
    • continue working on
    • Consider milestones for apacheconf
  • Think about PD - Interested in ZeroMQ
  • Investigate kernel component pipe moan by using shell commands instead of RPM module => waiting on 7.2 => activities list
  • SL7 server
    • upgrade sauce to SL7.2
  • rkhunter config needs fixing
  • LCFG server symlink to exam branches - produce reporting script and discuss with Graham
  • Circulate dmesg proposal
  • Add new line terminator and mDEFAULT/mIFNULL/mIFUNDEF operator

-- AlastairScobie - 09 Feb 2016