MPU Meeting Wednesday 31st January 2018


Nothing happened.

LCFG Client Refactoring

The new v4 client will go out to all office desktop machines as part of the stable release and will be installed over night.

User Security Training

Nothing happened.

Virtual Desktop

Stephen has imported the XRDP configuration from SEE. Most of it has been put into lcfg-level headers so that it can be shared. At the top level the service is configured using the dice/options/external-xrdp-server.h header. There is a test service accessible at which seems to work well. A quick survey of clients for Linux suggests that the best is remmina.

Stephen will be talking about the project at the next Development meeting so before then he will collect all his notes on a wiki page for the project.

Miscellaneous Development

Virtual DICE
This has been updated for Semester 2.

Stephen has fixed the problem with the new version of om in the installroot (bug#1035).

The deployment of the new version of the sudo component on MDP machines revealed some problems with backwards compatibility. (bug#1036, bug#1037, bug#1038).

nvme disks
Kenny has written a patch for the genparts script to add support for partitioning nvme disks (bug#1025). Stephen has added an lcfg/options/nvme-root.h header which has all the necessary macros for partitioning the primary disk when it's nvme-based. Alastair will review the changes.

We have had requests for bluetooth support in the labs. This turned out to be a fairly straightforward case of starting the relevant systemd services. The only issue was that the bluetooth.service file contains a ConditionPathIsDirectory requirement for /sys/class/bluetooth which had to be overridden. That directory only exists at boot time when bluetooth hardware is available (e.g. in a laptop), we are using USB dongles so it doesn't work.


PXE kernel
Stephen noticed that the SL7 PXE kernel package did not match with the latest installroot available. He updated both to the latest SL7.4 based package versions.

Disk failures
We had disk failures on oyster and amarela, they were dealt with quite efficiently by Dell. Stephen updated MPUFailedDisk to note the route to take through the Dell website.

matlab and gstreamer
Video support was not working properly in matlab. This needed the gstreamer-ffmpeg package to be installed and a library symlink to be updated (RT#86765).

Software collections
Some software collections were manually updated.

Stephen has been working on a standard BIOS configuration for the new G3 desktops.

nvidia 340
There was an update for this graphics driver to handle the Meltdown-related changes to the kernel.

This has been upgraded to SL7.4 and firmware has been updated (except for disk due to mismatch between lifecycle controller and dsu). We still need to work out how we should expose the pcid feature for the guest VMS.

KVM disk space
We will order 8 x 2TB disks for gaivota and girassol so that we can remove our dependency on the old IBM storage array.

We need a list of the MPU machines that do NOT currently have IPv6 slaac addreses. We can then work through the list and add the addresses in a controlled manner.

Personal data
Need to consider what personal data we have on MPU machines. In particular we discussed what might be exposed through the inventory and the current retention configuration for journald.

Web sites
Chris will investigate which MPU web sites are using the legacy allow/deny authorization syntax.

This Week

  • Alastair
    • Inventory project
      • continue working through TartarusWorkFlow
      • Document clientreport (eg how to add modules)
      • Document order sync code
      • Document hpreport processing script
      • Start work on final report!
      • Consider what else needs done other than docs and tidying and backups
      • Blog something....take dev meeting talks
      • and give details on how Tartarus tables are accessed to Ian D for inclusion in his privileged access discussion paper
      • Look at postgresql replication (do after shipping)
      • Move Tartarus to IPV6 before going live Required vhostaddr='*'
      • Add tartarus info to SwitchToSelfManaged
    • Schedule MPU meeting to discuss systemd ordering
    • Check sysmans (et al) have 'nograce'.
    • Take a look at RT #78875
    • Look at /etc/hosts - dns issue (IPV6?)
      • work out what we need to fix current problem
    • Circulate info on RH7.3 systemd changes we may wish to consider
    • RT actions (as agreed)
    • Implement change to kvmtool to allow KVMs to be marked as disabled
    • Look at Stephen's 'Thoughts on shell components'
    • Look at MPUActivitiesList
    • Start looking at https and (remove assumption that https means want cosign login)
      • wait on Neil's efforts with EdWeb
    • Chase Alison about LCFG check monitoring ( start doing again )
    • Investigate systemd reboot bug on gaivota and add some more debugging (store tree diff somewhere)
    • If in Forum server room, review MPU rack usage
    • Start upgrading MPU servers to 7.4
      • upgrade salamanca - remember to update firmware (Check whether this is needed)
    • Get costings for increasing storage space for Forum KVM servers (and get assertive in new year about tidying up old VMs)
      • Purchase 8 of 1.8TB disks for gaivota and girassol
    • Look at Kenny's patch for NVMe
    • Upgrading MPU servers to 7.4
      • NX servers
    • Check that our journald configuration correctly implements our retention policy
      • It doesn't. journalctl shows entries from last year (eg May 17 for jubilee).
      • Possible solution is to set MaxRetentionSec =1month in /etc/systemd/journald.conf - but not convinced setting this on existing machines clears up old per-user journals for non active users
    • Discuss with Neil - drupal username collection re GDPR
    • Inventory stuff re GDPR
    • Look at allowing host based access control to unauthenticated Tartarus API
    • Check with Tim / George about capability for login to student machines - where are we
    • Produce T3 report

  • Chris
    • Inventory project
      • Continue work on clientreport modules for replacing firmwarereport
    • Look at MPUActivitiesList
    • Look at RT
    • Continue work on SL7 coordination final project report (currently pending other units completing)
    • If in Forum server room, review MPU rack usage
    • libvirt - test for memory leaks (wrt console servers) Ian will test it for memory leaks after the 17 January stable release
    • consider where we might server up Virtual DICE using rsync
    • User training materials project #403
      • start work on fleshing out the aims and possible deliverables of the project
      • create project home page
    • KVM upgrades - oyster
    • Chris to consider what effect adding additional disks to Forum KVM servers would have on suspend disk space
    • Create a list of web servers so that we can record which servers have been checked for Allow/Deny configuration directives

  • Stephen
    • LCFG client refactor stage 2
    • RT actions (as agreed)
    • submit polkit bug to redhat - with Alastair (still exists under 7.3)
    • Produce some text for systemd mount bug (to submit to RH)
    • Take issue of disable per user journald logs on certain servers to OPS
    • Schedule jubilee downtime to move to SOL
    • Consider PD work for after LCFG client ...
      • looking at Ceph
    • Look at MPUActivitiesList
    • On metropolitan, find fast baud rate we can drive the real physical consoles. (This so we can decide whether to use physical consoles for KVM servers).
    • Look at where we're using ALL in access.conf
    • If in Forum server room, review MPU rack usage
    • Agree with RAT how software package requests are handled - waiting on Graham documenting
    • Start off NX replacement project (#389)
      • create a project home page - XRDPService
      • create more VMs to experiment with load balancing - mizar and alnilam
      • create a test service for COs -
    • Upgrading MPU servers to 7.4
      • NX servers
    • Complete Spectre proof microcode distribution
    • Produce a list of which MPU servers haven't got SLAAC - MPUServersIPv6
    • Decommission DL180s in AT previously used Ceph testing

-- AlastairScobie - 31 Jan 2018

Topic revision: r9 - 23 Sep 2019 - 13:33:40 - AlastairScobie
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies