MPU Meeting Tuesday 26th April 2016

Inventory

Alastair has added transactions to ordersync. He's now looking at adding timeouts to prevent multiple syncs running at the same time. He's also going to increase the amount of logging. On the web side he's coming up with a RESTful API which he will make available for comment.

LCFG Client Refactoring

Stephen has recently been working mainly on the Perl parts of the client code, including the top level wrappers. He'll next look at diffing profiles. He's been hunting and fixing bugs. The code needs more logging added for debugging purposes, then comprehensive testing. Duplication of code and of function have been eliminated; using the new version with unified code will give us big gains.

SL7 Server Base

Stephen has added the known tested server models to the SL7 Hardware Support wiki page.

MPU SL7

• Chris has configured the (utterly broken) GNOME and CDE session types on sl7.nx.inf.ed.ac.uk to start a MATE session instead. This behaviour will be added to the header.
• We discussed the dns component. We'll raise it at the development meeting.
• There was a problem with kvmtool: following a recent change to the sl7 template, VMs could not be created with flavour sl7 on an SL6 server. The VMs in question were left in an inconsistent state which blocked further attempts to create them. This was clearable by both deleting their disk images (with lvremove) and unregistering them from libvirt (with virsh vol-list and virsh vol-del). Alastair will look into the problem.

Miscellaneous Development

Support for HP EliteDesk 800 G2 in the installer

We need some. Normal booting now works properly on the G2 but the installer doesn't yet have the fix. The problem is that the fix would need the installer to know what model of hardware it's working with, and at the moment it does not. For PXE, Stephen will follow a hunch that this is in fact possible. For CD, we're not yet sure what to do.

Support for new ed25519 host key type

Ian has accepted Stephen's patches to lcfg-openssh (and lcfg-wallet) to add (use) an openssh.key_types resource to both add support for the new ed25519 host key type and to make it easier to add new key types in future. See Bug:952 for details.

IPv6 support for ssh service

Stephen and Graham added an AAAA DNS record for rabbit (the SL7 ssh test machine). Thanks to this one can now ssh to it using IPv6. The tcpwrappers check for ed.ac.uk hosts didn't necessarily work with IPv6 as most don't map back to ed.ac.uk so for now they've added the University's allocated IPv6 block. Before deployment we should come up with a static IPv6 address for the ssh service.

Operational

swap and tmp encryption

Alastair has added this to the student lab machines. It hasn't yet been added to office desktops.

SL7.2 upgrade

it has gone out. There was a minor sound issue which is fixable by an extra reboot.

SL7.1 updates

it has been agreed that there will be no new updates to SL7.1, save for critical security fixes.

SL6 32 bit support

Support for this is being downgraded. Existing machines will continue to get updates for now but new installations will not be supported.

NICs on KVM servers

It is MPU policy to use NIC1 and NIC3 on servers with four NICs, to spread the network traffic across both of the underlying network controllers. hammersmith, jubilee and oyster are using NIC1 and NIC2 instead. We should fix them. The easiest way to do this would probably be to redefine the MAC address of eth1 (and to move the cable!).

Next meeting

This Week

• Alastair
  • Inventory project
    • continue working through TartarusWorkFlow
    • consider what next can be integrated into existing system, if anything
    • Document clientreport (eg how to add modules)
    • Document order sync code
    • Polish off and document hpreport processing script
  • Remove default pool if ops meeting agrees
  • Dump 'atom'
  • Deploy encrypted /tmp and swap conversion script
    • Deploy on office desktops
    • Need to warn users that Gnome3 may pop up a window about /tmp being full (when script is run)
  • Schedule MPU meeting to discuss systemd ordering
  • Reschedule MPU futures meeting
  • Continue building computing.help honeypot
  • package up ILW stuff and document process
  • Read through SL7.2 release notes
  • submit polkit bug to redhat - with Stephen
  • Work on RT tickets - only 1 !
  • MPU SL7
    • Look at tickets and mark done where appropriate - waiting on stable release of 27th to check various things work fine under stable, before marking them done
    • Start work on KVM stuff - not much more can do until get a new KVM server
  • Raise issue of DNS servers on SL7 servers - at next week's development meeting.
  • Look at KVM issue (Richard's problem with creating VM for release testing)Caused by new sl7 flavour (not supported on SL6 host)
  • Create an LCFG bug to add IPV6 support to network component (if there's not already one there) - LCFG #897

• Chris
  • Inventory project
    • continue working through TartarusWorkFlow
    • Look at clientreport modules for replacing firmwarereport
  • pkgsearch for SL7
    • reimplement as a yum web front end (yum search for keyword produce an html file of links to cgi to do yum info)
    • Need support multiple platforms
  • MPU SL7
    • Identify what could be done once lcfg-dns is ready
  • Consider Matthew Richardson's advice on NX for SL7
  • Look at KVM guest lists and work out whether it would be practical to segregate end users/web services from critical services
    • take thoughts to an operational meeting for wider discussion
  • Feedback on new project framework (to Alastair) (14/03/16 mail)

• Stephen
  • LCFG client refactor stage 1
    • schedule debrief meeting
  • LCFG client refactor stage 2
    • polishing
    • blog article (once documentation complete)
  • apacheconf
    • produce some recipes
    • talk at devel meeting
  • Investigate kernel component pipe moan by using shell commands instead of RPM module => waiting on 7.2 => activities list
  • LCFG server symlink to exam branches - produce reporting script and discuss with Graham
  • Circulate dmesg proposal
  • Apply firmware patches - circle
  • submit polkit bug to redhat - with Alastair
  • SL7 MPU
    • put SL7 ssh service onto stable and open up firewall hole (ensure restrict to sysmans)
    • Identify what could be done once lcfg-dns is ready
  • Work on RT tickets
  • Mark up https://wiki.lcfg.org/bin/view/LCFG/SL7ProjectHardwareSupport with servers - separate tables for desktops / servers
  • Look at how we'll use PXE to support 800 G2.
  • Network bonding - hammersmith, jubilee and oyster are bonding over NICS 1 and 2 - Mark in LCFG profiles that these need done

-- AlastairScobie - 26 Apr 2016