MPU Meeting Tuesday 10th May 2016


Alastair has been working on moving the inventory code onto SL7 and upgrading to PostgreSQL 9.5. This has given him the opportunity to play with the new JSON support. This is basically just a case of changing a column type from text to jsonb. It's not yet clear how well this integrates into the DBIx::Class framework, for now the queries are being done with raw SQL which works well enough. A big group of DBIx-Class-Schema-Loader packages have been added as a PERL_DBIX_CLASS_WANT_LOADER option in the lcfg/options/perl-dbix-class.h header. Those packages are only required during the development phase for schema generation and thus are not necessary on a live service. Alastair noted that the REST API still needs to be finished.

Chris has been working on using the ipmi-fru tool to gather information on the hardware available in servers. This works well for Dell machines but not HP. He has written a perl wrapper to the tool which makes it easier to use. The next step is to create a Tartarus module which uses this tool.

LCFG Client Refactoring

Added Perl support for loading profiles from XML and Berkeley DB files. Removed a lot of old Perl modules which are no longer required. Began work on adding Perl support for diffing profiles, components and resources.

SL7 Server Base

Alastair has been doing some work on LVM support. It is clear that we can no longer rely on the /dev/sdX names being stable over reboots. This was always a risk on SL6 but now the names frequently change. We need to convert to using the /dev/disk/by-id/ paths which are reliable. Using the by-id versions causes a problem because these are symlinks to the /dev/sdX files. When these symlinks are passed to the LVM tools they are followed and resolved. To avoid this Alastair has come up with a slightly convoluted UUID naming scheme for physical volumes which relies on the md5 sum of the by-id path and a short tag to help with identifying the different volumes. See bug#957 for details.

Alastair and Stephen will discuss with George how to get the LCFG dns component working reliably with systemd.


The KVM support for SL7 is now done. The SL7 guest template changes have been reverted since they didn't work on SL6 servers. We will need a separate "SL7 guest on SL7 server" when we start upgrading the KVM service to SL7. We probably want to avoid migrating guests between SL6 and SL7 servers which could create a few logistical problems.

Chris has tweaked the config so that selecting either a gnome or cde session will give the user a mate session. This means they will get something suitable which actually works.

Miscellaneous Development

try_restart method
Stephen has added a new try_restart method to the ngeneric shell and Perl frameworks. This will only stop and start a component if it has previously been started. This is intended for components which need to prod other components after changes have been made (e.g. x509 and postgresql components). Stephen summarised the details on the LCFG Discuss mailing list. To finish the changes a new ACL must be added to the om component. Stephen will also do a search for other components which might need switching from calling restart.

PXE for HP G2
Stephen has added a special PXE installer for the HP EliteDesk 800 G2 which has the intel_pstate kernel module disabled. This still needs testing, Stephen will borrow the test machine and try it this week.


Security updates
There have recently been rather a lot of critical security updates, in particular for java.

firefox 45
The latest firefox ESR has been crashing for some people when left running over the weekend. Stephen will disable the automatic installation of updates for extensions to see if that resolves the issue.

Package mirror disk space
Stephen spent quite a while juggling disks to get more space for the package mirror server. Instead of 3 RAID-1 pairs we now have a RAID-10 volume with 917Gb and a RAID-1 volume with 459Gb which should, hopefully, be sufficient for a while. Thanks to Neil for organising some temporary SAN space to allow the data to be moved around so that we could avoid any downtime.

public access machines
The public access machines in the Forum are now configured to only permit logins to users with the login/forumpublic/console role (that is staff, visitors and PGR).

This Week

  • Alastair
    • Inventory project
      • continue working through TartarusWorkFlow
      • consider what next can be integrated into existing system, if anything
      • Document clientreport (eg how to add modules)
      • Document order sync code
      • Polish off and document hpreport processing script
      • Start work on RESTful API
    • Remove default pool if ops meeting agrees
    • Dump 'atom'
    • Deploy encrypted /tmp and swap conversion script
      • Deploy on office desktops
      • Need to warn users that Gnome3 may pop up a window about /tmp being full (when script is run)
    • Schedule MPU meeting to discuss systemd ordering
    • Reschedule MPU futures meeting
    • Continue building honeypot
    • package up ILW stuff and document process
    • Read through SL7.2 release notes
    • submit polkit bug to redhat - with Stephen
    • Work on RT tickets - only 1 !
    • MPU SL7
      • Identify what could be done once lcfg-dns is ready
    • Meet with George and Stephen to discuss DNS / systemd
    • page for HP 800 G2
    • Buy another 800 G2 so that we can compare settings with working G2

  • Chris
    • Inventory project
      • continue working through TartarusWorkFlow
      • Look at clientreport modules for replacing firmwarereport
    • pkgsearch for SL7
      • reimplement as a yum web front end (yum search for keyword produce an html file of links to cgi to do yum info)
      • Need support multiple platforms
    • MPU SL7
      • Identify what could be done once lcfg-dns is ready
    • Consider Matthew Richardson's advice on NX for SL7
    • Look at KVM guest lists and work out whether it would be practical to segregate end users/web services from critical services
      • take thoughts to an operational meeting for wider discussion
    • Feedback on new project framework (to Alastair) (14/03/16 mail)

  • Stephen
    • LCFG client refactor stage 1
      • schedule debrief meeting
    • LCFG client refactor stage 2
      • polishing
      • blog article (once documentation complete)
    • apacheconf
      • produce some recipes
      • talk at devel meeting
    • Investigate kernel component pipe moan by using shell commands instead of RPM module => waiting on 7.2 => activities list
    • LCFG server symlink to exam branches - produce reporting script and discuss with Graham
    • Circulate dmesg proposal
    • Apply firmware patches - circle
    • submit polkit bug to redhat - with Alastair
    • Meet with George and Alastair to discuss DNS / systemd
    • SL7 MPU
      • put SL7 ssh service onto stable and open up firewall hole (ensure restrict to sysmans)
      • Identify what could be done once lcfg-dns is ready
    • Work on RT tickets
    • Test 800 G2 install

-- AlastairScobie - 10 May 2016

Topic revision: r5 - 23 Sep 2019 - 13:33:38 - AlastairScobie
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies