MPU Meeting Wednesday 22nd August 2018

Inventory

The HP machine data feeds (both old and new) appear to be incomplete which means we cannot always map the MAC address to the serial number. The data held by IS is better so Alastair plans to update the tools to use that feed.

Virtual Desktop

The staff XRDP service has moved to waterloo, that just leaves the reinstallation of hammersmith as the general access service.

LCFG Profile Security

Stalled.

UEFI Boot

Stephen has written the final report.

SL7.5

All office and lab machines have been upgraded to SL7.5.

Misc Development

powertool
This has been rewritten to use Python 3 and also updated to query the new inventory REST API rather than the old postgresql DB.

office machine check scripts
Stephen has been working on converting the other various check scripts to use the new inventory API.

sudoers config
When the sysinfo.allocated resource was not set for a machine the sudoers config generated by the LCFG component was invalid. sudo doesn't like an empty list of users, to solve this simply an empty unix group has been added into the list.

Operational

ruby 2.5 software collection
Stephen has added this software collection for one of Phil Wadler's courses

k5login
The k5login component has been added to all DICE machines. This involved adding some new lcfg-level headers which will hopefully be shared with MDP users to avoid duplication.

facebook machine
Stephen has spent quite a bit of time learning about the "facebook" machine

SL6.6
All support for SL6.6 and also 32bit SL6.8 has been removed.

This Week

  • Alastair
    • Inventory project
      • continue working through TartarusWorkFlow
      • Document clientreport (eg how to add modules)
      • Document order sync code
      • Document hpreport processing script
      • Start work on final report!
      • Consider what else needs done other than docs and tidying and backups
      • Blog something....take dev meeting talks
      • and give details on how Tartarus tables are accessed to Ian D for inclusion in his privileged access discussion paper
      • Look at postgresql replication (do after shipping)
      • Add tartarus info to SwitchToSelfManaged
      • Complete removal of non authenticated access to API and web
      • Need tests for API /orders and need new tests to check for correct authorisation
      • Make lcfg header generation live (need to check what will be deleted when we do this - big discrepancy between old inventory and new)
      • Look at user support form - how does that lookup hostname?
      • Produce a python library to provide people with a programmatic equivalent of ii query
      • Look at whether there is an easy library way for Chris to grab the macaddr of a machine given the hostname
    • Schedule MPU meeting to discuss systemd ordering
    • Take a look at RT #78875
    • Look at /etc/hosts - dns issue (IPV6?)
      • work out what we need to fix current problem
    • Circulate info on RH7.3 systemd changes we may wish to consider
    • RT actions (as agreed)
    • Implement change to kvmtool to allow KVMs to be marked as disabled
      • looked at this - looks like the metadata tag isn't passed through libvirt (prior to 4.0.0), so can't be read/written by kvmtool
      • put on activities list to do once upgrade to libvirt-4.0.0
    • Look at Stephen's 'Thoughts on shell components'
    • Look at MPUActivitiesList
    • Start looking at https and computing.help (remove assumption that https means want cosign login)
      • wait on Neil's efforts with EdWeb
    • Chase Alison about LCFG check monitoring ( start doing again )
    • Investigate systemd reboot bug on gaivota and add some more debugging (store tree diff somewhere)
    • Report on this at next ops meeting that have changed journald configuration (MPU report)
    • Discuss with Neil - drupal username collection re GDPR
      • write a script to remove users who haven't used computing.help in, say 30 days (except COs) - and fix the email address issue (currently defaults to umich.edu)
      • Ask George whether this is covered by legitimate business interest.
    • Inventory stuff re GDPR
    • Check with Tim / George about capability for login to student machines - where are we
    • Add %slaac to hulp and lagun after 21/02/18
    • Useful? - a script which checks how fast a machine's console log is growing (eg huge number of dbus problems on hammersmith)
      • suggest to Ian D
    • Blog on projects
    • KVM pcid
      • Created MPUSpectreMeltdown
      • Put detection script somewhere for people to use
      • Which CPU is needed for each group..
Following config worked on 'brent' (hosted on vermelha). We might need to consider whether we want "match='exact'" wrt migrations.
<cpu mode='host-model' match='exact'>
<model fallback='allow'>IvyBridge</model>
<vendor>Intel</vendor>
<feature policy='require' name='pcid' />
</cpu>
    • Look at why kvmtool doesn't work on circle (running libvirt 4.0.0)
    • Read and comment on Stephen's notes on the LCFG security project
    • Remove IBM disk array from stack
    • Read Chris's blog on ThoughtsOn403
    • Look at moving stuff from the immediate todo back to the main Todo list and then we can prioritise that list
    • Think about spending
    • Look through the entitlements / no grace period issue
      • look through access.conf and work out how the entitlements are constructed
    • Look at final report for UEFI project

  • Chris
    • Inventory project
      • Continue work on clientreport modules for replacing firmwarereport
    • Look at MPUActivitiesList
    • Look at RT
    • Continue work on SL7 coordination final project report (currently pending other units completing)
    • User training materials project #403
    • Complete SL7.5 Virtual DICE

  • Stephen
    • RT actions (as agreed)
    • submit polkit bug to redhat - with Alastair (still exists under 7.3)
    • Produce some text for systemd mount bug (to submit to RH)
    • Take issue of disable per user journald logs on certain servers to OPS
    • Consider PD work for after LCFG client ...
      • looking at Ceph
    • Look at MPUActivitiesList
    • Look at where we're using ALL in access.conf
    • Agree with RAT how software package requests are handled - waiting on Graham documenting
    • Finish off NX replacement project (#389)
      • Fix the keyboard mapping issue
      • Roll out (hammersmith left to do)
    • Create a new header for 800 G3 DM (with UEFI / NVME as default)
    • Code which uses inventory and needs updating:
    • facebook server: HardwareHPProliantXL270

-- AlastairScobie - 22 Aug 2018

Topic revision: r6 - 23 Sep 2019 - 13:33:41 - AlastairScobie
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies