MPU Meeting Thursday 30th June 2016

Inventory

Alastair has finished packaging the Catalyst modules. He has also finished designing the RESTful API - see InvProjectRESTapi for details. At the moment it's simple. It can do reads and multi-level queries. He's sorted authentication: "puts" and "deletes" always have to be authenticated, but "gets" can either be authenticated or unauthenticated. The authentication configuration is at the Apache level.

The old inventory has multiple entries when one queries by serial number. Alastair is now further populating the new inventory, so that people will be able to try out the new API.

LCFG Client Refactoring

Stephen has branched the client code so that he can port it to use the new LCFG::Profile perl libraries. He has been making the LCFG::Profile libraries more usable and flexible. He's currently thinking about how to use them with rdxprof - a tricky problem.

Context handling had set support but it now also has activate support. There's now Perl support for contexts.

The client is close to being testable.

A lot of compiler warnings have been fixed. This has helped to locate and fix bugs. Multiple compilers have been used in testing - clang 3.9 and gcc 5, 6 and 7. clang errors are very impressive compared to less specific gcc errors - for example it gives very helpful messages when it encounters enum problems. sparse has also come in handy. It wraps gcc and gives useful extra analysis on top of the usual gcc output.

Stephen has also been adding ==attr==s to function definitions so that undefined values can be caught, spotted and fixed.

Our use of CMake turns out to be wrong - we should have been doing out-of-tree builds - rather than building in the source dir, thereby corrupting it, we should build in a separate build directory. Fixing this for LCFG software will make it easier to port to another platform (for example Debian) in future.

SL7 server base

The DNS changes are now on all stable machines (as of last week). However machines will still be potentially broken until they have been rebooted with the fix in place.

lcfg-lvm seems stable.

SL7 MPU servers

Stephen will soon start upgrading the following services to SL7: NX, SSH, squid/rpmcache.

Stephen will talk to Neil about mod_waklog.

Miscellaneous development

Stephen gave a talk on the Apacheconf component.

We spotted a problem with the fstab component: certain resources weren't boolean and should have been, so that values which weren't exactly "yes" - for example "yes " with a space character - would be interpreted as a false value. This was hastily fixed, and the fixed schema is now in the stable release.

Operational

Stephen closed firewall holes for the DR server. It's arranged so that all of its holes are closed unless it's acting as an active LCFG server.

The SL7 apache account had the wrong homedir, meaning that cron jobs couldn't be run as the =apache account. Stephen fixed this.

Stephen has got the automatic OpenAFS Centos builds going once again.

The PXE installer has been updated.

Toby spotted that fail2ban= didn't seem to be working on the ssh servers. It turned out that it was working but that journald had stopped logging. We still need to find a proper fix for this, but in the meantime the workaround is to restart journald (!). The failure seems to be related to log rotation at startup - possibly a race condition.

The new HP EliteDesk G2 desktops have a sleep problem - the display doesn't wake after sleep, and only a reboot brings it back. Chris has disabled sleep on this model until a solution has been found.

Alastair has talked to Toby about Perl Moose, and Toby is going to try it with Prometheus.

Ian has had a look at the iDRAC8 on one of the new Dell R730s. The findings so far are logged at IDRAC8Investigation.

Chris has tidied the pathfix PATH configuration - the suggested new one is in MpuFixingPathfix for comment.

This Week

• Alastair
  • Inventory project
    • continue working through InvProjectWorkFlow
    • Document clientreport (eg how to add modules)
    • Document order sync code
    • Document hpreport processing script
    • Continue work on RESTful API - InvProjectRESTapi
    • Continue populating new inventory so other folk can play with API
    • Start work on final report!
  • Remove default pool if ops meeting agrees
  • Dump 'atom'
  • Deploy encrypted /tmp and swap conversion script
    • Deploy on office desktops
    • Need to warn users that Gnome3 may pop up a window about /tmp being full (when script is run)
  • Schedule MPU meeting to discuss systemd ordering
  • Reschedule MPU futures meeting
  • Continue building computing.help honeypot
  • package up ILW stuff and document process
  • Read through SL7.2 release notes
  • submit polkit bug to redhat - with Stephen
  • Chase Toby about testing latest perl-Moose under prometheus (and then make live)

• Chris
  • Inventory project
    • Continue work on clientreport modules for replacing firmwarereport
  • pkgsearch for SL7
    • reimplement as a yum web front end (yum search for keyword produce an html file of links to cgi to do yum info)
    • Need support multiple platforms
  • MPU SL7
    • Identify what could be done once lcfg-dns is ready
  • Look at R430
  • Continue on SL7 server base platform final report
  • Look through MPU firewall list
  • Coordinate new KVM servers into racks
  • Investigate G2 sleep

• Stephen
  • LCFG client refactor stage 1
    • schedule debrief meeting
  • LCFG client refactor stage 2
    • polishing - work on context parser and logging
    • blog article (once documentation complete)
  • Investigate kernel component pipe moan by using shell commands instead of RPM module => waiting on 7.2 => activities list
  • LCFG server symlink to exam branches - produce reporting script and discuss with Graham
  • Circulate dmesg proposal
  • Apply firmware patches - circle
  • submit polkit bug to redhat - with Alastair
  • SL7 MPU
    • Upgrade NX servers to SL7
  • Work on RT tickets
  • Read MPUSegregationOfVMs.
  • Add something about DNS to FinalProjectReport356
  • Investigate journald logging problem (rabbit)

-- AlastairScobie - 30 Jun 2016