MPU Meeting Thursday 20th June 2019

Inventory

Nothing happened.

LCFG Profile Security

All SL7.6 machines are now fetching LCFG profiles over https. The next step is to configure the clients in readiness for the switch to GSSAPI authentication.

SL7.6 Update

The SL7.6 desktop upgrade broke Adobe Acrobat. This only bothered a couple of users, we recommended that they switch to using evince. Stephen has added the necessary i386 packages so that it will work, we probably need those packages for other applications anyway.

There were some issues with the KVM server package version pinning on SL7.6, hopefully these are now all resolved.

Alternate Desktop Platform

More work has been done on a basic component for configuring the apt package installer.

All the packages which have Debian support have been rebuilt for Ubuntu disco (19.04).

The inclusion of package lists in the LCFG headers has been limited to just Redhat platforms as we don't yet know what package lists we will require on Ubuntu.

Stephen has done a manual install of Ubuntu disco and manually configured everything necessary for it to be accessible using a standard DICE account. There are some notes on the LCFG wiki - https://wiki.lcfg.org/bin/view/LCFG/UbuntuBasics

Miscellaneous Development

KSM
Chris has been doing more work on enabling KSM on the KVM servers. This is a useful protection against memory exhaustion, it will only become active when resources are getting tight. Should we enable it everywhere? Probably best to wait until any user VMs are elsewhere.

Operational

New KVM servers
The new KVM servers have arrived.

KVM review
We need to review the active VMs. Move any development VMs to oyster. Other less important VMs should move to KB, particularly once we have the new servers which have more space. If those machines become overcommitted we will just halt VMs for downtime rather than suspend.

G4 tower
We have a HP G4 tower with extra GPU. We should do some testing to see how much power it consumes.

Disk encryption
Stephen is working on encrypted partitions for Richard Tobin's new crypt server.

Staff role
Stephen has made some changes to the staff role.

This Week

  • Alastair
    • Inventory project
      • Documentation - end user
      • Documentation - code
        • clientreport (eg how to add modules)
        • order sync code
        • HPreport processing script
        • link in from MPU top page
      • Start work on final report!
      • Provide details on how Tartarus tables are accessed to Ian D for inclusion in his privileged access discussion paper
      • Add requirement to computing.help project stuff to reimplement new computing help form using REST API
      • Produce an Legitimate Interest Declaration and Privacy Statement
        • records machine to user allocation (with their UUN, cname, sname, user category)
        • records who requests which order (usually just uun, but can be cname+sname)
        • records who makes a change in inventory (just uun)
        • consider what can be removed once a user has left the University
          • any rows in the 'person' table where 'upstream' is false and where there isn't an 'item' row with a matching 'allocated_to' field should be deleted by a periodic script. Arguably 'category' should be set to NULL where 'upstream' is false?
      • Decommission ordershost
        • need to replicate kvmreport mechanism on Tartarus (or somewhere)
          • submit data via clientreport mechanism
        • take snapshot of files (no need to take snapshot of SQL as this is automatically recreated from orders files)
        • power off for 3 months prior to deleting to see if anything breaks
      • Document Tim's theon old inv snapshot and what its purpose now is. Also modify invquery to remark that data is historical only.
    • Take a look at RT #78875
      • WON'T LOOK UNLESS A BIG ISSUE (Ask Tom)
    • Look at Stephen's 'Thoughts on shell components'
    • Investigate systemd reboot bug on gaivota and add some more debugging (store tree diff somewhere)
    • drupal username collection re GDPR
      • Perioidically run user expiry script every month until August 2019 and if no problems configure to run automatically
    • Check with Tim / George about capability for login to student machines - where are we
      • Tim says that we should create a capability that is given to the base cohort and set that capability to no-grace
    • Meet Tim with Chris to review RAT involvement
    • Look at using php-5.6 on computing.help
    • Think about a separate XRDP server for Distance learning students
    • Check with Tim whether we still need service catalogue entry (eg for XRDP service) as part of project deliverables

  • Chris
    • Inventory project
      • Continue work on clientreport modules for replacing firmwarereport
    • Look at MPUActivitiesList
    • Look at RT
    • Continue work on SL7 coordination final project report
    • User training materials project #403
    • Produce a 'guest only' version of Virtual DICE based on SL7.6
    • With Stephen remove hammersmith
    • Meet Tim with Alastair to review RAT involvement
    • Investigate whether small Virtual DICE image is sufficient for 1st and 2nd year teaching
      • Check whether yum is configured to use all our repositories
      • investigate whether we could use yum groups to install additional software for each class (at least for the big classes)
    • arrange for new KB KVM servers to be transported to KB

  • Stephen
    • submit polkit bug to redhat - with Alastair (still exists under 7.3)
    • Produce some text for systemd mount bug (to submit to RH)
    • Take issue of disable per user journald logs on certain servers to OPS
    • Consider PD work for after LCFG client ...
      • looking at Ceph
    • Look at where we're using ALL in access.conf
    • Finish off NX replacement project (#389)
    • Continue with RT ticket clearout as discussed in October
    • Read George's mail of 8th November wrt DPIA
    • Firmware update - steen
    • Reboot staff.ssh (hare)
    • clientreport
      • Complete module errors report
      • Add an 'old locks' report
      • 'Old kernels' report
      • Report on core files in / directory
    • Move afsbuild server (juice) from Forum to AT
    • Produce an Legitimate Interest Declaration and Privacy Statement for svn history and LCFG profile history
    • With Chris remove hammersmith

-- AlastairScobie - 20 Jun 2019

Topic revision: r5 - 26 Jul 2019 - 08:39:38 - StephenQuinney
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies