MPU Meeting Wednesday 17th April 2019

Inventory

The clientreport is now reporting on GPU cards.

Alastair has been tidying the code and going through perlcritic reports.

The firmware report needs to be moved to Tartarus so we can shut down the old ordershost. Before decommissioning we should take dumps/backups of the data, will delete the VM later if really not needed.

The historical orders data in theon, used by invquery, has been extracted. This change needs to be documented, in particular so that invquery makes it clear that the data is static and for historical interest only.

Alastair has made a note that any new implementation of the user support form should use the REST API instead of the special inventory profile.

Not going to bother with adding serial number retrieval support to the installroot.

LCFG Profile Security

The lcfg-monitor code (part of our nagios infrastructure) has been modified to use the new LCFG client profile fetcher module.

SL 7.6 Update

Stephen has begun work on the DICE-level support for SL7.6

Alternate Desktop Platform

Stephen has been doing a lot of work on configuring reprepro for managing local package repositories. Our standard packaging templates for LCFG components continue to evolve. There are now LCFG OS headers for various flavours of Debian and Ubuntu.

Miscellaneous Development

virtual dice
Chris has been working on a new version which does not use kerberos/ldap for authentication, it's guest-login only. He has also removed the dns slave which relies on being on the Informatics network.

ngeneric
This has gained an ng_umask resource. When set to a suitable value the umask will be initialised before a component method is called. This is needed before we change the default umask to something more secure.

updaterpms and https
Another patch from Kenny MacDonald was applied to properly fix https support (See bug#1120).

build tools and Centos
Support for Centos in the LCFG build tools was fixed. There was an issue related to the lack of a "minor" release value (See bug#1129).

pxeserver and tftpdir
The tftpdir default location and docs were updated to reflect the modern layout (See bug#1078)

Operational

Dell R340
There's a new dice/hw/dell_poweredge_r340.h header.

Firmware updates
There are various servers needing firmware updates. We should also disable hyperthreading on the KVM servers.

computing.help
A drupal security update has been applied. We decided that when we move to edweb and drupal 8 we will improve the https support.

xrdp
All users who set cookies will now be sent to lute, hopefully this will improve the balancing of user sessions across the two machines.

PHP SCL
Some errors in the package lists for PHP7.2 software collection were fixed. For details, see bug#1131 and bug#1132

This Week

  • Alastair
    • Inventory project
      • Documentation - end user
      • Documentation - code
        • clientreport (eg how to add modules)
        • order sync code
        • HPreport processing script
      • Start work on final report!
      • Provide details on how Tartarus tables are accessed to Ian D for inclusion in his privileged access discussion paper
      • Need tests for API /orders and need new tests to check for correct authorisation
      • Add requirement to computing.help project stuff to reimplement new computing help form using REST API
      • Produce an Legitimate Interest Declaration and Privacy Statement
        • records machine to user allocation (with their UUN, cname, sname, user category)
        • records who requests which order (usually just uun, but can be cname+sname)
        • records who makes a change in inventory (just uun)
        • consider what can be removed once a user has left the University
          • any rows in the 'person' table where 'upstream' is false and where there isn't an 'item' row with a matching 'allocated_to' field should be deleted by a periodic script. Arguably 'category' should be set to NULL where 'upstream' is false?
      • Decommission ordershost
        • need to replicate kvmreport mechanism on Tartarus (or somewhere)
        • take snapshot of files (no need to take snapshot of SQL as this is automatically recreated from orders files)
        • power off for 3 months prior to deleting to see if anything breaks
      • Document Tim's theon old inv snapshot and what its purpose now is. Also modify invquery to remark that data is historical only.
    • Take a look at RT #78875
      • WON'T LOOK UNLESS A BIG ISSUE (Ask Tom)
    • Look at Stephen's 'Thoughts on shell components'
    • Investigate systemd reboot bug on gaivota and add some more debugging (store tree diff somewhere)
    • drupal username collection re GDPR
      • Perioidically run user expiry script every month until August 2019 and if no problems configure to run automatically
    • Check with Tim / George about capability for login to student machines - where are we
      • Tim says that we should create a capability that is given to the base cohort and set that capability to no-grace
    • Move IBM disk array to B.03 and mark as junk
    • Meet Tim with Chris to review RAT involvement
    • Look at what needs ticked off for XRDP project to close

  • Chris
    • Inventory project
      • Continue work on clientreport modules for replacing firmwarereport
    • Look at MPUActivitiesList
    • Look at RT
    • Continue work on SL7 coordination final project report
    • User training materials project #403
    • Continue with RT ticket clearout as discussed in October
    • Produce a 'guest only' version of Virtual DICE
    • With Stephen remove hammersmith
    • Meet Tim with Alastair to review RAT involvement

  • Stephen
    • submit polkit bug to redhat - with Alastair (still exists under 7.3)
    • Produce some text for systemd mount bug (to submit to RH)
    • Take issue of disable per user journald logs on certain servers to OPS
    • Consider PD work for after LCFG client ...
      • looking at Ceph
    • Look at where we're using ALL in access.conf
    • Finish off NX replacement project (#389)
    • Continue with RT ticket clearout as discussed in October
    • Read George's mail of 8th November wrt DPIA
    • Firmware update - deneb and steen
    • Reboot staff.ssh (hare)
    • clientreport
      • Complete module errors report
      • Add a 'df' module
      • Add an 'old locks' report
    • Update Pandemic pages - LCFG
    • Move afsbuild server (juice) from Forum to AT
    • Produce an Legitimate Interest Declaration and Privacy Statement for svn history and LCFG profile history
    • Manage change to systemd.defaultstdout being journal
      • Apply from 7.6 onwards
    • Continue with nagios wrt LCFG profile security
      • Check with Ian that all now live
    • With Chris remove hammersmith
    • Look at what needs ticked off for XRDP project to close

-- AlastairScobie - 17 Apr 2019

Topic revision: r5 - 23 Sep 2019 - 13:33:42 - AlastairScobie
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies