MPU Meeting Wednesday 4th July 2018


No activity.

Virtual Desktop

A user has a weird problem with ps.

The plan is to move the staff server from NX to RDP soon, then move the general server in August.

LCFG Profile Security


Graham has tried UEFI booting with a new G3 desktop. An issue with VESA graphics made the machine boot with a completely blank screen. However this can be solved by downgrading to a basic menu. This change has been applied to all G3s via their hardware header.

SL 7.5

  • This is more or less done. We're almost ready to move the develop release to 7.5: that'll be done after the testing release has been made on Monday. The LCFG installer is also ready to be upgraded.
  • Our Python packages are also in a good state! In particular Jupyter Notebook is working. We'll need to redo the Python package lists every couple of months to keep on top of the circular package dependencies. This should be popular and it should be heavily promoted. It'll be easy to rebuild, and easy to have multiple versions installed simultaneously.

Misc Development

No activity.


  • Most desktops should have the new kernels by now.
  • Chris has installed and configured our two new KVM servers for AT (banjo and mandolin, replacing oyster and waterloo, one of which will then replace circle). Stephen or Alastair will double-check the configuration before the machines go seriously into service.
  • Stephen will have another check next week for SL6 VMs and delete any unclaimed ones.
  • Chris has had trouble migrating a few KVM guests from our production servers to our new servers, with migration attempts producing the message error: internal error: cannot precreate storage for disk type 'block'. The trouble seems to be that the more tightly defined XML schemas in libvirt 3.9.0 reject certain things which have been accepted by libvirt 3.2.0. The problem XML is in the definition of disks - most VMs have disk definitions of "type=file" and "io=threads" and "source file=" but a few have disk definitions of "type=block", "io=native" and "source dev=". These latter settings were traced to the kvmtool optional "sl7-sl7" flavour template. Chris successfully converted a VM of this type to one of the more normal type simply by powering it off, editing its XML disk definition, and starting it up again; after which it would be happily accepted by a KVM server running libvirt 3.9.0. (Note that the new servers were running libvirt 3.9.0 purely by virtue of being on the develop release; all MPU KVM servers on the stable release currently use libvirt 3.2.0. Our KVM servers' libvirt versions will be upgraded as part of their upgrade from SL 7.4 to 7.5.)

This Week

  • Alastair
    • Inventory project
      • continue working through TartarusWorkFlow
      • Document clientreport (eg how to add modules)
      • Document order sync code
      • Document hpreport processing script
      • Start work on final report!
      • Consider what else needs done other than docs and tidying and backups
      • Blog something....take dev meeting talks
      • and give details on how Tartarus tables are accessed to Ian D for inclusion in his privileged access discussion paper
      • Look at postgresql replication (do after shipping)
      • Add tartarus info to SwitchToSelfManaged
      • Complete removal of non authenticated access to API and web
      • Need tests for API /orders and need new tests to check for correct authorisation
      • Need to check that LCFG header generation is generating stuff for static self-managed machines (as need for DHCP)
      • Make lcfg header generation live (need to check what will be deleted when we do this - big discrepancy between old inventory and new)
      • Look at user support form - how does that lookup hostname?
      • Produce a python library to provide people with a programmatic equivalent of ii query
      • Look at whether there is an easy library way for Chris to grab the macaddr of a machine given the hostname
    • Schedule MPU meeting to discuss systemd ordering
    • Take a look at RT #78875
    • Look at /etc/hosts - dns issue (IPV6?)
      • work out what we need to fix current problem
    • Circulate info on RH7.3 systemd changes we may wish to consider
    • RT actions (as agreed)
    • Implement change to kvmtool to allow KVMs to be marked as disabled
      • looked at this - looks like the metadata tag isn't passed through libvirt (prior to 4.0.0), so can't be read/written by kvmtool
      • put on activities list to do once upgrade to libvirt-4.0.0
    • Look at Stephen's 'Thoughts on shell components'
    • Look at MPUActivitiesList
    • Start looking at https and (remove assumption that https means want cosign login)
      • wait on Neil's efforts with EdWeb
    • Chase Alison about LCFG check monitoring ( start doing again )
    • Investigate systemd reboot bug on gaivota and add some more debugging (store tree diff somewhere)
    • Report on this at next ops meeting that have changed journald configuration (MPU report)
    • Discuss with Neil - drupal username collection re GDPR
      • write a script to remove users who haven't used in, say 30 days (except COs) - and fix the email address issue (currently defaults to
      • Ask George whether this is covered by legitimate business interest.
    • Inventory stuff re GDPR
    • Check with Tim / George about capability for login to student machines - where are we
    • Add %slaac to hulp and lagun after 21/02/18
    • Useful? - a script which checks how fast a machine's console log is growing (eg huge number of dbus problems on hammersmith)
      • suggest to Ian D
    • Blog on projects
    • KVM pcid
      • Created MPUSpectreMeltdown
      • Put detection script somewhere for people to use
      • Which CPU is needed for each group..
Following config worked on 'brent' (hosted on vermelha). We might need to consider whether we want "match='exact'" wrt migrations.
<cpu mode='host-model' match='exact'>
<model fallback='allow'>IvyBridge</model>
<feature policy='require' name='pcid' />
    • Look at why kvmtool doesn't work on circle (running libvirt 4.0.0)
    • Read and comment on Stephen's notes on the LCFG security project
    • Remove IBM disk array from stack * First ask RAT whether they might find the array useful
    • Read Chris's blog on ThoughtsOn403
    • Look at moving stuff from the immediate todo back to the main Todo list and then we can prioritise that list

  • Stephen
    • RT actions (as agreed)
    • submit polkit bug to redhat - with Alastair (still exists under 7.3)
    • Produce some text for systemd mount bug (to submit to RH)
    • Take issue of disable per user journald logs on certain servers to OPS
    • Consider PD work for after LCFG client ...
      • looking at Ceph
    • Look at MPUActivitiesList
    • On metropolitan, find fastest baud rate we can drive the real physical consoles. (This so we can decide whether to use physical consoles for KVM servers).
    • Look at where we're using ALL in access.conf
    • Agree with RAT how software package requests are handled - waiting on Graham documenting
    • Finish off NX replacement project (#389)
      • Fix the keyboard mapping issue
      • Roll out

-- AlastairScobie - 04 Jul 2018

Topic revision: r3 - 23 Sep 2019 - 13:33:41 - AlastairScobie
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies