MPU Meeting Wednesday 15th November 2017


A checkhost command has been added to ii which can be used to check if a hostname is already being used.

Alastair has been working on the backups and DB ACLs. He is also considering a read-only replica for the sort of queries that Graham and Stephen need to do.

LCFG Client Refactoring

Kenny has tested the v4 client using all the MDP profiles. This revealed a bug with handling resources with a value that was only whitespace. Stephen has come up with a fix for the XML parser which will preserve significant whitespace when the resource is a string type. Any whitespace in the value will be ignored for booleans, integers and lists. We're waiting on Kenny doing another test with the fixed code to be sure that the problem is resolved.

The testing also revealed many uses of hyphens in tag names. This is not permitted with the new client as it means resource names cannot be safely converted into variables for shell or Template Toolkit. They will have to be fixed prior to deployment of the new client. Thankfully it looks like most cases are related to MacOSX machines which IS do not intend to support.

Stephen has added support for loading an LCFG package list from an RPM database. This was fairly straightforward which is an indicator that the API is reasonably well designed.

Miscellaneous Development

Chris has been working on resolving the LDAP issues with virtual dice, in particular the localfuns package has been removed which gets rid of the ldap lookups at login time. There is still a delay on login which appears to be related to various services being started (e.g. power management, network/wi-fi and bluez), it might be possible to remove some of those since they will never be required in a VM. The new VM is named sensa, Alastair will check it works for him and, if it's good, Chris will make it available to users. There was a question as to whether the dns component and local named could be removed since dhclient is probably overwriting the /etc/resolv.conf file anyway.

This is now more verbose and closely matches the output from the old version. It has now been put onto develop machines.

yum cache
The yum component has a new purgecache method which can be used to reclaim wasted disk space, see Stephen's blog for details.

auth component
The auth component can now create home directories for local users when required. This avoids the need to add extra file component resources.

The lldpd service will not start on SL7.4 unless the systemd ProtectSystem option is disabled. This appears to be related to the daemon not being able to write to a PID file even though the ReadWriteDirectories option is set to /var/run/lldpd, is this a bug in systemd?

sudo component
This has been rewritten into Perl and now uses TT to generate the configuration. The config has been split into /etc/sudoers for defaults and /etc/sudoers.d/lcfg for everything else, this should make it clearer as to what is being managed through LCFG.

Stephen has been playing with ceph. He is aiming to get a cluster up and running. He will write up his notes once the investigations are done.


Machines following the develop release are now on SL7.4. Stephen spent a while fixing various headers and profiles after the switch from 7.3 to 7.4.

7.2 packages
The SL7.2 package mirror has been dropped to save space.

package mirror apache
The apache configuration for the package mirror has been simplified to make it easier to add new repositories.

For all DICE office machines the allocated user is now added to the vboxusers group, this allows the user to access USB devices from VirtualBox. This saves Support the effort of having to do this separately for each user request.

vbox and xfree
Alastair has removed the xfree component from the virtualbox guest hardware config. This fixes problems with X and recent versions of VirtualBox.

This Week

  • Alastair
    • Inventory project
      • continue working through TartarusWorkFlow
      • Document clientreport (eg how to add modules)
      • Document order sync code
      • Document hpreport processing script
      • Continue work on RESTful API - TartarusRESTAPI
      • Document REST API
      • Write more of the ii commands and document as writing.
      • Start work on final report!
      • How represent VMs
      • Continue with REST API testing framework
      • Consider what else needs done other than docs and tidying and backups
      • Blog something....take dev meeting talks
      • Consider how non Tartarus code will have access to Tartarus tables (eg COs should have read only access to all tables)
        • and give details to Ian D for inclusion in his privileged access discussion paper
      • Convert apache config to use GSS not KRB5
      • Look at postgresql replication
    • Deploy encrypted /tmp and swap conversion script
      • Need to warn users that Gnome3 may pop up a window about /tmp being full (when script is run)
      • Now down to 3 user desktops
    • Schedule MPU meeting to discuss systemd ordering
    • Check sysmans (et al) have 'nograce'.
    • Take a look at RT #78875
    • Look at /etc/hosts - dns issue (IPV6?)
      • work out what we need to fix current problem
    • Circulate info on RH7.3 systemd changes we may wish to consider
    • RT actions (as agreed)
    • Implement change to kvmtool to allow KVMs to be marked as disabled
    • Look at Stephen's 'Thoughts on shell components'
    • Look at MPUActivitiesList
    • Start looking at https and (remove assumption that https means want cosign login)
      • wait on Neil's efforts with EdWeb
    • Chase Alison about LCFG check monitoring ( start doing again )
    • Look at RT
    • Investigate systemd reboot bug on gaivota and add some more debugging (store tree diff somewhere)
    • Try latest vdice.ova (sensa)

  • Chris
    • Inventory project
      • Continue work on clientreport modules for replacing firmwarereport
    • Look at MPUActivitiesList
    • RT actions (as agreed)
    • Look at RT
    • Start work on SL7 coordinational final project report
    • Ship latest VirtualDICE (once Alastair double checked at home on Windoze)

  • Stephen
    • LCFG client refactor stage 2
      • testing and documentation
      • put on develop once all clear from Kenny
    • RT actions (as agreed)
    • LCFG server symlink to exam branches - produce reporting script and discuss with Graham
    • submit polkit bug to redhat - with Alastair (still exists under 7.3)
    • Produce some text for systemd mount bug (to submit to RH)
    • Take issue of disable per user journald logs on certain servers to OPS
    • Schedule jubilee downtime to move to SOL
    • Consider PD work for after LCFG client ...
      • looking at Ceph
    • Look at MPUActivitiesList
    • On metropolitan, find fast baud rate we can drive the real physical consoles. (This so we can decide whether to use physical consoles for KVM servers).
    • Look at RT
    • Add mouse and keyboard presence checks to tartarus clientreport
    • Start work on LCFG client refactor final report
    • Pull framebuffer hack from desktop headers (where appropriate)
    • Look at where we're using ALL in access.conf
    • Add a REST API to get entire JSON blob of client report data for a specific host

-- AlastairScobie - 15 Nov 2017

Topic revision: r5 - 24 Sep 2019 - 13:50:24 - AlastairScobie
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies