MPU Meeting Thursday 30th June 2016
Inventory
Alastair has finished packaging the Catalyst modules. He has also finished designing the RESTful API - see
TartarusRESTAPI for details. At the moment it's simple. It can do reads and multi-level queries. He's sorted authentication: "puts" and "deletes" always have to be authenticated, but "gets" can either be authenticated or unauthenticated. The authentication configuration is at the Apache level.
The old inventory has multiple entries when one queries by serial number. Alastair is now further populating the new inventory, so that people will be able to try out the new API.
LCFG Client Refactoring
Stephen has branched the client code so that he can port it to use the new LCFG::Profile perl libraries. He has been making the LCFG::Profile libraries more usable and flexible. He's currently thinking about how to use them with
rdxprof
- a tricky problem.
Context handling had
set
support but it now also has
activate
support. There's now Perl support for contexts.
The client is close to being testable.
A lot of compiler warnings have been fixed. This has helped to locate and fix bugs. Multiple compilers have been used in testing -
clang
3.9 and
gcc
5, 6 and 7.
clang
errors are very impressive compared to less specific
gcc
errors - for example it gives very helpful messages when it encounters
enum
problems.
sparse
has also come in handy. It wraps
gcc
and gives useful extra analysis on top of the usual
gcc
output.
Stephen has also been adding ==attr==s to function definitions so that undefined values can be caught, spotted and fixed.
Our use of CMake turns out to be wrong - we should have been doing out-of-tree builds - rather than building in the source dir, thereby corrupting it, we should build in a separate build directory. Fixing this for LCFG software will make it easier to port to another platform (for example Debian) in future.
SL7 server base
The DNS changes are now on all stable machines (as of last week). However machines will still be potentially broken until they have been rebooted with the fix in place.
lcfg-lvm
seems stable.
SL7 MPU servers
Stephen will soon start upgrading the following services to SL7: NX, SSH, squid/rpmcache.
Stephen will talk to Neil about
mod_waklog
.
Miscellaneous development
Stephen gave a talk on the Apacheconf component.
We spotted a problem with the
fstab
component: certain resources weren't boolean and should have been, so that values which weren't exactly "yes" - for example "yes " with a space character - would be interpreted as a false value. This was hastily fixed, and the fixed schema is now in the stable release.
Operational
Stephen closed firewall holes for the DR server. It's arranged so that
all of its holes are closed unless it's acting as an active LCFG server.
The SL7 apache account had the wrong homedir, meaning that
cron
jobs couldn't be run as the =apache account. Stephen fixed this.
Stephen has got the automatic OpenAFS Centos builds going once again.
The PXE installer has been updated.
Toby spotted that
fail2ban=
didn't seem to be working on the ssh servers. It turned out that it
was working but that
journald
had stopped logging. We still need to find a proper fix for this, but in the meantime the workaround is to restart journald (!). The failure seems to be related to log rotation at startup - possibly a race condition.
The new HP EliteDesk G2 desktops have a sleep problem - the display doesn't wake after sleep, and only a reboot brings it back. Chris has disabled sleep on this model until a solution has been found.
Alastair has talked to Toby about Perl Moose, and Toby is going to try it with Prometheus.
Ian has had a look at the iDRAC8 on one of the new Dell R730s. The findings so far are logged at
IDRAC8Investigation.
Chris has tidied the pathfix PATH configuration - the suggested new one is in
MpuFixingPathfix for comment.
This Week
- Alastair
- Inventory project
- continue working through TartarusWorkFlow
- Document clientreport (eg how to add modules)
- Document order sync code
- Document hpreport processing script
- Continue work on RESTful API - TartarusRESTAPI
- Continue populating new inventory so other folk can play with API
- Start work on final report!
- Remove default pool if ops meeting agrees
- Dump 'atom'
- Deploy encrypted /tmp and swap conversion script
- Deploy on office desktops
- Need to warn users that Gnome3 may pop up a window about /tmp being full (when script is run)
- Schedule MPU meeting to discuss systemd ordering
- Reschedule MPU futures meeting
- Continue building computing.help honeypot
- package up ILW stuff and document process
- Read through SL7.2 release notes
- submit polkit bug to redhat - with Stephen
- Chase Toby about testing latest perl-Moose under prometheus (and then make live)
- Chris
- Inventory project
- Continue work on clientreport modules for replacing firmwarereport
- pkgsearch for SL7
- reimplement as a yum web front end (yum search for keyword produce an html file of links to cgi to do yum info)
- Need support multiple platforms
- MPU SL7
- Identify what could be done once lcfg-dns is ready
-
Look at R430
- Continue on SL7 server base platform final report
-
Look through MPU firewall list
-
Coordinate new KVM servers into racks
-
Investigate G2 sleep
- Stephen
- LCFG client refactor stage 1
- LCFG client refactor stage 2
- polishing - work on context parser and logging
- blog article (once documentation complete)
- Investigate kernel component pipe moan by using shell commands instead of RPM module => waiting on 7.2 => activities list
- LCFG server symlink to exam branches - produce reporting script and discuss with Graham
- Circulate dmesg proposal
- Apply firmware patches - circle
- submit polkit bug to redhat - with Alastair
- SL7 MPU
- Upgrade NX servers to SL7
- Work on RT tickets
- Read MPUSegregationOfVMs.
- Add something about DNS to FinalProjectReport356
- Investigate journald logging problem (rabbit)
--
AlastairScobie - 30 Jun 2016