MPU Meeting Tuesday 7th May 2019


  • Alastair looked at decommissioning ordershost but it still hosts the "kvmreport" KVM servers status page. This needs to be replicated using Tartarus. It could also be linked from
  • There's no need for a snapshot of ordershost since it can always be regenerated from orders files.
  • Alastair has made more tests. These ones cover the newer functionality, for example checking for correct authorisation.
  • Templates have been hardened.
  • The code has had a minor tidy-up.
  • You can now edit the os data. Previously it was assumed that this would be filled in by clientreport, but it needs to be changeable from the command line, for example to cater for self-managed machines whose Windows version is changed.
  • Diagrams and documentation have been updated (see TartarusManual; Alastair will link to this from ManagedPlatformUnit).
  • Still to do: the code review.

LCFG Profile Security

Nothing to report.

SL 7.6 Update

Stephen has started updating the DICE level. The headers and most packages have been done.

He's started updating python to 3.6. Basic python has been updated. Scientific python, which is considerably more complex, has been started.

Packages and package lists in LCFG profiles will need to be checked.

7.6 should be ready to roll out in June.

Alternate Desktop Platform

There will be no Scientific Linux version of RHEL 8. See the announcement from Fermilab for more details.

Miscellaneous Development

The latest test Virtual DICE image is 25GB. This is a ridiculously large amount to download, so Chris plans to ship Virtual DICE without those large packages which are excluded from machines with small disks. This may reduce the image size to about 10GB. He's working with RAT on a way for Virtual DICE users to install the excluded packages on their own Virtual DICE installations, should they want to. Alastair suggested excluding large software needed only by courses with very few students. (Student course numbers can be found on portal.theon.)


BIOS and firmware updates: mandolin and banjo have had theirs applied. Still to do: the KVM servers azul, gaivota and girassol, and the packages master deneb.

We need to find out which of our services depend on the staff role or on the linux group (27/3/19 Operational meeting).

Spending plans

For the replacement offsite KVM servers at KB, Alastair suggested 4 x 1.2GB disks and 256GB of memory, and he'd like to try putting the root disk and VM suspend space on SSDs. After discussion we agreed to think further about whether to go for many cores or fast cores.

We agreed to replace the LCFG master rather than extending its warranty for an extra year.

This Week

  • Alastair
    • Inventory project
      • Documentation - end user
      • Documentation - code
        • clientreport (eg how to add modules)
        • order sync code
        • HPreport processing script
        • link in from MPU top page
      • Start work on final report!
      • Provide details on how Tartarus tables are accessed to Ian D for inclusion in his privileged access discussion paper
      • Add requirement to project stuff to reimplement new computing help form using REST API
      • Produce an Legitimate Interest Declaration and Privacy Statement
        • records machine to user allocation (with their UUN, cname, sname, user category)
        • records who requests which order (usually just uun, but can be cname+sname)
        • records who makes a change in inventory (just uun)
        • consider what can be removed once a user has left the University
          • any rows in the 'person' table where 'upstream' is false and where there isn't an 'item' row with a matching 'allocated_to' field should be deleted by a periodic script. Arguably 'category' should be set to NULL where 'upstream' is false?
      • Decommission ordershost
        • need to replicate kvmreport mechanism on Tartarus (or somewhere)
          • submit data via clientreport mechanism
        • take snapshot of files (no need to take snapshot of SQL as this is automatically recreated from orders files)
        • power off for 3 months prior to deleting to see if anything breaks
      • Document Tim's theon old inv snapshot and what its purpose now is. Also modify invquery to remark that data is historical only.
    • Take a look at RT #78875
    • Look at Stephen's 'Thoughts on shell components'
    • Investigate systemd reboot bug on gaivota and add some more debugging (store tree diff somewhere)
    • drupal username collection re GDPR
      • Perioidically run user expiry script every month until August 2019 and if no problems configure to run automatically
    • Check with Tim / George about capability for login to student machines - where are we
      • Tim says that we should create a capability that is given to the base cohort and set that capability to no-grace
    • Move IBM disk array to B.03 and mark as junk
    • Meet Tim with Chris to review RAT involvement
    • Look at what needs ticked off for XRDP project to close
    • Look at using php-5.6 on
    • Replace lcfg master
    • Order KB KVM replacement servers

  • Chris
    • Inventory project
      • Continue work on clientreport modules for replacing firmwarereport
    • Look at MPUActivitiesList
    • Look at RT
    • Continue work on SL7 coordination final project report
    • User training materials project #403
    • Continue with RT ticket clearout as discussed in October
    • Produce a 'guest only' version of Virtual DICE
    • With Stephen remove hammersmith
    • Meet Tim with Alastair to review RAT involvement
    • Firmware upgrade KVM servers in Forum

  • Stephen
    • submit polkit bug to redhat - with Alastair (still exists under 7.3)
    • Produce some text for systemd mount bug (to submit to RH)
    • Take issue of disable per user journald logs on certain servers to OPS
    • Consider PD work for after LCFG client ...
      • looking at Ceph
    • Look at where we're using ALL in access.conf
    • Finish off NX replacement project (#389)
    • Continue with RT ticket clearout as discussed in October
    • Read George's mail of 8th November wrt DPIA
    • Firmware update - deneb and steen
    • Reboot staff.ssh (hare)
    • clientreport
      • Complete module errors report
      • Add a 'df' module
      • Add an 'old locks' report
    • Update Pandemic pages - LCFG
    • Move afsbuild server (juice) from Forum to AT
    • Produce an Legitimate Interest Declaration and Privacy Statement for svn history and LCFG profile history
    • Manage change to systemd.defaultstdout being journal
    • Continue with nagios wrt LCFG profile security
    • With Chris remove hammersmith
    • Check staff role and linux group usage

-- AlastairScobie - 07 May 2019

Topic revision: r9 - 23 Sep 2019 - 13:33:42 - AlastairScobie
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies