MPU Meeting Thursday 30th January 2020
Inventory
Alastair has improved the authorization as trailed in
the last meeting.
He's working on the final report.
Profile Security
Still need to ask Toby to do the code review.
Alternative Desktop Platform
Stephen has been focussing on getting a completely automated install. The install does a kerberos authorisation and runs component install methods.
The components are logging to syslog; you can switch to tty4 to see these log messages go by during the install.
It's hard to find a good way to switch out of the installbase context. The SL7 installer has a shim package for this; something similar might be done here.
It's been a design aim to make it possible to login as root if package installation fails on the first boot.
A lot of components now work on Ubuntu, notably kerberos (
Bug:1191) and rsyslog.
User Security Training Materials
ThoughtsOn403 elicited some useful feedback. Chris will now formulate some learning outcomes for the course.
Misc Development
- Profile security
- Stephen has simplified the headers now that 7.5 is no more. He'll keep checking logs for machines trying to get their profile over http. We've had the occasional machine try to do this when booted after a months-long power down.
- Profile security
- the PXE installer now has GSSAPI enabled by default.
- Software Collections
- Stephen has updated
httpd24
and rh-python36
and introduced rh-php73
. Neil will test wordpress with rh-php73
.
- LVM in installroot
- Stephen found that although the lvm component was in the installroot, the lvm libraries weren't, so lvm tools didn't work. (This did work at one time ...) He fixed it.
Operational
- waterloo kernel panic
- ... related to OpenAFS. The subsequent waterloo reboot upgraded OpenAFS to 1.8.4 so we don't expect a repeat of this, but if we get another we'll report it.
- MPU Trello
- Chris will add Carol.
- computing.help
- Alastair has upgraded its Drupal version.
- LCFG server certificates
- Stephen has fixed up letsencrypt certs for the LCFG servers. He fixed a problem with alt names (their config differs slightly between sixkts and letsencrypt).
- How to junk machines
- We'll check that we're happy with UnallocatedMachines.
Topic revision: r1 - 03 Feb 2020 - 15:24:15 -
ChrisCooke