MPU Meeting Tuesday 28th May 2019

Inventory

Nothing happened.

LCFG Profile Security

Nothing happened. Still waiting on SL7.6 roll out. Need to start writing up the final report.

SL7.6 Update

Stephen has spent a lot of time rebuilding all the packages for python 3.6 support. Also all the "scientific python" packages have been updated to the latest upstream versions.

The devel packages lists for the various standard dice environments (common, user and graphical) have been finalised, this has involved quite a lot of untangling of dependencies.

The systemd logging config has been changed for 7.6 so that it matches with the upstream (Redhat) defaults.

For clarity SL6 support has been removed from many headers.

Alternate Desktop Platform

Nothing happened

Miscellaneous Development

clientreport df information
Stephen has improved the view of the disk and partition information on the clientreport web interface. We should consider improving others in the future, particularly where we have lists of hashes the JSON serialisation is quite hard to read.

LCFG::Profile xml loader
The new_from_xml method can now take a URL to allow loading profiles directly from the web. This is done using LWP::Simple and is intended to be a very simple and easy to use alternative to the full fetching support provided by the client. This was added for Kenny who needs to fetch profiles from the web and then generate the associated rpmcfg files.

autobuild
The lcfg autobuilder stopped working some time ago. Stephen spent a while investigating the problem and eventually discovered it was related to the PATH variable not being set correctly.

package mirror tools
The package site mirroring script was failing badly due to problems with generating the metadata for packages. The script has been altered to catch these problems and warn about them but not actually bail out before all other sites have been mirrored. Some ancient sites (related to SL6 and older versions of postgresql) have been removed.

Operational

Firmware upgrades
The firmware for the KVM servers azul and girassol have been upgraded. Both still need the hyperthreading disabling in the BIOS, maybe do it when upgrading to SL7.6? The package server - deneb - has also been upgraded, Stephen noted that updating the idrac via the lifecycle controller didn't work, doing it using dsu over SSH with the serial console disabled did work just fine though.

New servers
The new KVM and LCFG master servers have been ordered.

Old IBM array
This has been moved into the junk room.

Kernel Samepage Merging
Should/could we enable KSM on the KVM servers? Chris will experiment to see if it offers any real benefits for us.

This Week

  • Alastair
    • Inventory project
      • Documentation - end user
      • Documentation - code
        • clientreport (eg how to add modules)
        • order sync code
        • HPreport processing script
        • link in from MPU top page
      • Start work on final report!
      • Provide details on how Tartarus tables are accessed to Ian D for inclusion in his privileged access discussion paper
      • Add requirement to computing.help project stuff to reimplement new computing help form using REST API
      • Produce an Legitimate Interest Declaration and Privacy Statement
        • records machine to user allocation (with their UUN, cname, sname, user category)
        • records who requests which order (usually just uun, but can be cname+sname)
        • records who makes a change in inventory (just uun)
        • consider what can be removed once a user has left the University
          • any rows in the 'person' table where 'upstream' is false and where there isn't an 'item' row with a matching 'allocated_to' field should be deleted by a periodic script. Arguably 'category' should be set to NULL where 'upstream' is false?
      • Decommission ordershost
        • need to replicate kvmreport mechanism on Tartarus (or somewhere)
          • submit data via clientreport mechanism
        • take snapshot of files (no need to take snapshot of SQL as this is automatically recreated from orders files)
        • power off for 3 months prior to deleting to see if anything breaks
      • Document Tim's theon old inv snapshot and what its purpose now is. Also modify invquery to remark that data is historical only.
    • Take a look at RT #78875
      • WON'T LOOK UNLESS A BIG ISSUE (Ask Tom)
    • Look at Stephen's 'Thoughts on shell components'
    • Investigate systemd reboot bug on gaivota and add some more debugging (store tree diff somewhere)
    • drupal username collection re GDPR
      • Perioidically run user expiry script every month until August 2019 and if no problems configure to run automatically
    • Check with Tim / George about capability for login to student machines - where are we
      • Tim says that we should create a capability that is given to the base cohort and set that capability to no-grace
    • Meet Tim with Chris to review RAT involvement
    • Look at what needs ticked off for XRDP project to close
    • Look at using php-5.6 on computing.help
    • Check Stephen's mail re staff role/linux group
    • Think about a separate XRDP server for Distance learning students

  • Chris
    • Inventory project
      • Continue work on clientreport modules for replacing firmwarereport
    • Look at MPUActivitiesList
    • Look at RT
    • Continue work on SL7 coordination final project report
    • User training materials project #403
    • Continue with RT ticket clearout as discussed in October
    • Produce a 'guest only' version of Virtual DICE based on SL7.6
    • With Stephen remove hammersmith
    • Meet Tim with Alastair to review RAT involvement
    • Complete Firmware upgrade KVM servers in Forum (gaivota)
    • Investigate whether small Virtual DICE image is sufficient for 1st and 2nd year teaching
      • Check whether yum is configured to use all our repositories
      • investigate whether we could use yum groups to install additional software for each class (at least for the big classes)
    • Investigate KSM

  • Stephen
    • submit polkit bug to redhat - with Alastair (still exists under 7.3)
    • Produce some text for systemd mount bug (to submit to RH)
    • Take issue of disable per user journald logs on certain servers to OPS
    • Consider PD work for after LCFG client ...
      • looking at Ceph
    • Look at where we're using ALL in access.conf
    • Finish off NX replacement project (#389)
    • Continue with RT ticket clearout as discussed in October
    • Read George's mail of 8th November wrt DPIA
    • Firmware update - deneb and steen
    • Reboot staff.ssh (hare)
    • clientreport
      • Complete module errors report
      • Add an 'old locks' report
    • Move afsbuild server (juice) from Forum to AT
    • Produce an Legitimate Interest Declaration and Privacy Statement for svn history and LCFG profile history
    • With Chris remove hammersmith
    • SL7.6 blog article and details of differences + announce Python 3 upgrades

-- AlastairScobie - 28 May 2019

Topic revision: r7 - 23 Sep 2019 - 13:33:42 - AlastairScobie
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies