MPU Meeting Tuesday 19th April 2016


Chris has been looking into creating modules for the new client report which will provide details of the various hardware firmware. He is wondering what information we should report for the FC cards, he noted that scli has changed on SL7. He has been looking at the current BMC/IPMI and firmware reports, the code isn't that great but it will be sufficient for now.

LCFG Client Refactoring

Finished standardising the API of the packages library. Updated the Perl packages modules for all changes to the core libraries and re-enabled lots of tests which had previously been broken. Working on reducing unnecessary memory usage in the Perl modules for resources and components.

SL7 Server Base

Stephen has done the SL7 support for the single Dell R520 server vetinari

Neil had a problem with SL7 network bonding on gorgon which is an HP DL180 G6 with an additional network card. It turned out that the extra card is in a different PCI slot from those we have so the interface is named p3p1.


Roll out of MPU SL7 services is still waiting on the LCFG dns component being updated. Stephen will check whether the pidfile path change has fixed the boot-time issues.

Chris has been talking to Matthew Richardson from SEE about how to run the NX service. He has provided useful advice on how to configure the server and clients along with some changes to the headers and component code.

Miscellaneous Development

screen lock
Alastair has written a Gnome 3 extension which provides a screen lock button. The API is barely documented and many of the examples don't work so it's a tricky process. As suggested by Graham he is using kdialog to display a progress message to the user. For some reason the use of this new lock button leaves the screensaver in an odd state where wiggling the mouse does not have any effect, pressing a key still works fine though. He has also added in the "Applications" menu which should help users find things. It appears we can't change settings for users if they have already tweaked the interface, we will have to provide some documentation for anyone who needs to do that for themselves.

Stephen has added support for Apache 2.2 on SL6 to the new version of the apacheconf component. This should make the transition easier. The httpd.conf template for 2.2 is based on the default config file provided by Redhat on SL6, this has a number of important differences from the previous template which hadn't been properly updated since Apache 2.0. Stephen also applied a patch provided by Kenny MacDonald to improve the layout of the virtual host config files, (see bug#951). The headers have been altered to be conditional on schema version (3 or 4) rather than differing on platform.


SL7.1 updates
SL have backported the entirety of Gnome 3.14 and dependencies from 7.2 to 7.1, this means updating something like 500 packages. We feel this change is far too large for us to test properly and the potential for disruption to student lab machines at this point is too great. At this point we will effectively "freeze" SL7.1 and will not provide any further updates unless something critical appears. Stephen will inform LCFG users at other sites.

SL7.2 upgrade
The office desktops will be upgraded to SL7.2 after the stable release this week. Stephen will send out the usual blog and sys-announce messages.

eject on SSH server
There was an odd problem with the eject command being called on one of the SSH servers. As this is a setuid root binary which uses consolehelper a large quantity of audit log entries were generated. It doesn't appear that the user was trying to do anything malicious and they did not succeed in running the command. To avoid the problem recurring Chris has removed the package from the SSH servers since it is not required.

Barry O'Rourke from Physics has reported a problem with booting the LCFG ISO on an SL7 KVM server. We need to investigate and see if we need to change anything.

firmware upgrades
The KVM server upgrades have been finished. At some point we will need to look at our other servers.

Alastair has the HP EliteDesk G2 desktop machine working reliably with SL7. It relies on the intel_pstate kernel module being disabled at boot time. We will need to add that change to the installer kernel command line so that installs are reliable. The power consumption still looks fine without that module, the unloaded base is about 18W which is better than the G1.

Disk encryption
The lab machines now have disk encryption enabled. Will do the office machines soon.

KVM guest survey
Carol has finished surveying the KVM guests and has removed any which are no longer required. Chris will now look into whether we can separate out "important" VMs from the user-accessible ones.

This Week

  • Alastair
    • Inventory project
      • continue working through TartarusWorkFlow
      • consider what next can be integrated into existing system, if anything
      • Document clientreport (eg how to add modules)
      • Document order sync code
      • Polish off and document hpreport processing script
    • Remove default pool if ops meeting agrees
    • Dump 'atom'
    • Deploy encrypted /tmp and swap conversion script
      • Deploy on office desktops and labs in week commencing 11th April - deployed on labs (19th April)
      • Need to warn users that Gnome3 may pop up a window about /tmp being full (when script is run)
    • Schedule MPU meeting to discuss systemd ordering
    • Continue building honeypot
    • package up ILW stuff and document process
    • Read through SL7.2 release notes
    • submit polkit bug to redhat - with Stephen
    • Work on RT tickets - only 1 !
    • MPU SL7
      • Look at tickets and mark done where appropriate - waiting on stable release of 27th to check various things work fine under stable, before marking them done
      • Start work on KVM stuff
    • Let other schools know that HP 800 G2 now appears to be working

  • Chris
    • Inventory project
      • continue working through TartarusWorkFlow
      • Look at clientreport modules for replacing firmwarereport
    • pkgsearch for SL7
      • reimplement as a yum web front end (yum search for keyword produce an html file of links to cgi to do yum info)
      • Need support multiple platforms
    • Mark up with servers
    • MPU SL7
      • Identify what could be done once lcfg-dns is ready
    • Consider Matthew Richardson's advice on NX for SL7
    • Look at KVM guest lists and work out whether it would be practical to segregate end users/web services from critical services
    • Feedback on new project framework (to Alastair) (14/03/16 mail)

  • Stephen
    • LCFG client refactor stage 1
      • schedule debrief meeting
    • LCFG client refactor stage 2
      • polishing
      • blog article (once documentation complete)
    • apacheconf
      • produce some recipes
      • talk at devel meeting
    • Investigate kernel component pipe moan by using shell commands instead of RPM module => waiting on 7.2 => activities list
    • LCFG server symlink to exam branches - produce reporting script and discuss with Graham
    • Circulate dmesg proposal
    • Apply firmware patches - circle
    • submit polkit bug to redhat - with Alastair
    • SL7 MPU
      • put SL7 ssh service onto stable and open up firewall hole (ensure restrict to sysmans)
      • Identify what could be done once lcfg-dns is ready
    • Work on RT tickets
    • Check MPU server ether bonding
    • Announce 21st April for 7.2 for office machines
    • Announce that we're dropping i686 support as from 6.7 onwards
    • Mark up with servers
    • Feedback on new project framework (to Alastair) (14/03/16 mail)

-- AlastairScobie - 19 Apr 2016

Topic revision: r7 - 23 Sep 2019 - 13:33:38 - AlastairScobie
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies