MPU Meeting Thursday 30th January 2020

Inventory

Alastair has improved the authorization as trailed in the last meeting.

He's working on the final report.

Profile Security

Still need to ask Toby to do the code review.

Alternative Desktop Platform

Stephen has been focussing on getting a completely automated install. The install does a kerberos authorisation and runs component install methods.

The components are logging to syslog; you can switch to tty4 to see these log messages go by during the install.

It's hard to find a good way to switch out of the installbase context. The SL7 installer has a shim package for this; something similar might be done here.

It's been a design aim to make it possible to login as root if package installation fails on the first boot.

A lot of components now work on Ubuntu, notably kerberos (Bug:1191) and rsyslog.

User Security Training Materials

ThoughtsOn403 elicited some useful feedback. Chris will now formulate some learning outcomes for the course.

Misc Development

Profile security
Stephen has simplified the headers now that 7.5 is no more. He'll keep checking logs for machines trying to get their profile over http. We've had the occasional machine try to do this when booted after a months-long power down.

Profile security
the PXE installer now has GSSAPI enabled by default.

Software Collections
Stephen has updated httpd24 and rh-python36 and introduced rh-php73. Neil will test wordpress with rh-php73.

LVM in installroot
Stephen found that although the lvm component was in the installroot, the lvm libraries weren't, so lvm tools didn't work. (This did work at one time ...) He fixed it.

Operational

waterloo kernel panic
... related to OpenAFS. The subsequent waterloo reboot upgraded OpenAFS to 1.8.4 so we don't expect a repeat of this, but if we get another we'll report it.

MPU Trello
Chris will add Carol.

computing.help
Alastair has upgraded its Drupal version.

LCFG server certificates
Stephen has fixed up letsencrypt certs for the LCFG servers. He fixed a problem with alt names (their config differs slightly between sixkts and letsencrypt).

How to junk machines
We'll check that we're happy with UnallocatedMachines.


This topic: DICE > WebHome > ManagedPlatformUnit > MPUnitMeetings > MPunitMeeting20200130
Topic revision: r1 - 03 Feb 2020 - 15:24:15 - ChrisCooke
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies