MPU Meeting Wednesday 18th September 2019

Inventory

The manager of an item is now set from the sysinfo.manager LCFG resource for DICE machines. It might be better if this information was mastered in the inventory but pragmatically we're just going to use LCFG as the data source for now.

Alastair has started work on the DPIA statement for the inventory service.

Profile security

Finishing off the development work on nagios monitoring code so that it can go live in the next stable release. After that we can enable GSSAPI authentication for all develop machines.

SL 7.6 upgrade

Nothing this week.

Alternative DICE desktop

Stephen has been getting the package lists into better shape for Ubuntu so that it is possible to test the new prototype package manager.

In the continuing effort to learn about Debian packaging more local software has been ported. A minor issue with the LCFG build tools was uncovered and resolved.

The LCFG managed apt repository configuration was corrected.

Miscellaneous development

hardware component
This has new support for using systemd to load kernel modules early in the boot process.

kernel component
This has new support for configuring the kernel modules which are included in the initramfs. We will use this for the IPMI modules to silence the annoying warnings which occur at boot time.

fstab component
Stephen has discovered that calling the partprobe command after repartitioning a disk resolves all the issues with having to start the LCFG installer twice.

LCFG build tools
Stephen fixed an issue with POD to man conversion when using the lcfg_add_program macro.

virtual dice
This has been updated. Steve Reynolds reported a problem on Mac which caused his machine to crash. We wondered if this was a new issue caused by virtualbox 6.0.12. Stephen suggested checking the user forums and the changelog for the latest version for anything which might be related.

Operational

pxeserver
The PXE kernel and installroot have been updated to SL7.6

pkgforge website
This is now using locally signed certificates as we don't have any external users.

gaivota
Chris has upgraded this KVM server to SL7.6

Old KB KVM servers
Chris has removed all VMs from amarela and vermelha so they can now be reused.

dl.xrdp
Stephen has started work on a new XRDP service for distance learning students.

computing.help pages
All the virtual dice pages have been reviewed.

dhcp and dice installs
Alastair investigated the problem with dice installs failing for machines using dhcp. The failure was caused by the /etc/resolv.conf file not being copied into the baseinstall, Stephen suggested bind mounting the file.

tartarus timeouts
Alastair has added a timeout for the VM guest info report so it doesn't hang forever.

This Week

  • Alastair
    • Inventory project
      • Documentation - end user
      • Documentation - code
        • clientreport (eg how to add modules)
        • order sync code
        • HPreport processing script
        • link in from MPU top page
      • Start work on final report!
      • Provide details on how Tartarus tables are accessed to Ian D for inclusion in his privileged access discussion paper
      • Produce an Legitimate Interest Declaration and Privacy Statement
        • contains a list of every user and their status
        • records machine to user allocation (with their UUN, cname, sname, user category)
        • records who requests which order (usually just uun, but can be cname+sname)
        • records who makes a change in inventory (just uun)
        • records which informatics location a machine is observed (could track who is using which room, for wire-connected laptops)
        • consider what can be removed once a user has left the University
          • any rows in the 'person' table where 'upstream' is false and where there isn't an 'item' row with a matching 'allocated_to' field should be deleted by a periodic script. Arguably 'category' should be set to NULL where 'upstream' is false?
      • Decommission ordershost
        • need to replicate kvmreport mechanism on Tartarus (or somewhere) De-scoping as not used in last month
          • submit data via clientreport mechanism
        • take snapshot of files (no need to take snapshot of SQL as this is automatically recreated from orders files)Now in AFS mp-unit group space
        • 01/10/19 - poweroff old ordershost 'nerano' (ie once KVM servers have stopped submitting kvmreport data to the database)
        • Xmas 2019 - delete old ordershot 'nerano'
      • Document Tim's theon old inv snapshot and what its purpose now is. Also modify invquery to remark that data is historical only.
    • Additional Tartarus work - non project
      • Create an entry in the new Services register once that is in service
      • client report to flag when hyperthreading disabled or not (in CPU report)
      • client report to take 'ipfilter.export'
      • modularise kvmreport so that it can both be used to report by mail and be used as a clientreport module
    • Take a look at RT #78875
      • WON'T LOOK UNLESS A BIG ISSUE (Ask Tom) - Tom asked 16/09/19
    • Look at Stephen's 'Thoughts on shell components'
    • Investigate systemd reboot bug on gaivota and add some more debugging (store tree diff somewhere)
    • drupal username collection re GDPR
      • Perioidically run user expiry script every month until December 2019 and if no problems configure to run automatically
      • Run 16/09/19
    • Meet Tim with Chris to review RAT involvement
    • Look at using php-5.6 on computing.help
    • Have a look at how APT / DPKG works, particularly wrt API
    • Look at KVM / host-model issue on oyster (See my actions from 13/03/19)
    • Look at idea of marking KVM guests as disabled (See my actions from 13/03/19)
    • Upgrade girassol (remembering hyperthreading)
    • Continue with RT ticket tidy up as per 04/09/19
      • 90028

  • Chris
    • User training materials project #403
    • Meet Tim with Alastair to review RAT involvement
    • 'amarela' -> user KVM
    • Continue with RT ticket tidy up as per 04/09/19
    • Produce home snapshot of SL7 project
      • including pg_dump of SL7 RT instance and then can the SL7 RT VM

  • Stephen
    • Take issue of disable per user journald logs on certain servers to OPS
    • Look at where we're using ALL in access.conf
    • Read George's mail of 8th November wrt DPIA
    • clientreport
      • Complete module errors report
      • Add an 'old locks' report
      • 'Old kernels' report
      • Report on core files in / directory
    • Produce an Legitimate Interest Declaration and Privacy Statement for svn history and LCFG profile history
    • Write SL7.6 final report
    • Security week page
    • Upgrade banjo and mandolin (remembering hyperthreading)
    • Decommission hare
    • Force 'noht' on KVM servers in relevant header
    • 'vermelha' -> Distance Learning XRDP server
    • Continue with RT ticket tidy up as per 04/09/19
    • Finish off GSSAPI support in monitoring code
    • Review computing.help 'gnome logout' page

-- AlastairScobie - 18 Sep 2019

Topic revision: r7 - 25 Sep 2019 - 11:08:47 - AlastairScobie
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies