MPU Meeting Wednesday 4th November 2020

Ubuntu Focal Port of LCFG Platform

Stephen has continued working on the new network component. He has added validation for the generated netplan configuration. The nagios check for bonding is also now working. He is currently investigating a problem with the bonding support which can leave machines in an endless reboot loop.

Move websites from HTTP to HTTPS

lcfg.org

Stephen has changed the config for www.lcfg.org so that the http site redirects to https.

computing.help

Chris will work on this co-operatively with Neil since Services need similar support.

tartarus

This has been moved over from local certificates to using Let's Encrypt.

Miscellaneous Development

New projects

Chris will revive the Consider User Security Training Materials project. Stephen is going to start work on a project to add full support to the new network component. Alastair is going to work on Provision of personal computing devices to research postgraduates from 2021.

xrdp and systemd

There were several problems with our systemd config for xrdp and xrdp-sesman. Previously these had been masked by our tweak to make xrdp start late after the lcfg-multi-user-stable target. The session manager is now configured to start after network-online.target and nss-user-lookup.target which matches with the default config for SL7. We also now enable the xrdp service which in turn requires xrdp-sesman, rather than the other way around which seems to have worked more by luck than anything else.

HP Z1 G5

Stephen has tested Ubuntu support for the Z1 tower workstation. This was only tested with an SSD and nvidia graphics but it's expected that any reasonable standard configuration will work.

IS VMs and dhcp

Alastair has got dhcp working on the IS VMs thanks to the new DDI. The resolv.conf needs to point to the local caching service. Once in the stable release this can go live, we need to think about how to add the new VM into the pool.

Operational

SL7 updates

There are a large number of security updates for SL7.8, mostly backports from SL7.9. There is an even larger number of updates for SL7.6 but we have no way of testing them so we've decided to avoid applying them unless anything critical turns up. We will continue to update the kernel on SL7.6 when necessary.

SL7 xrdp

There is now an sl7.xrdp service which is on vermelha. This clears the way for the staff.xrdp service to be upgraded to Ubuntu.

KVM servers

These have all been upgraded to SL7.8 and the latest firmware.

oyster

Chris has wiped all the disks so oyster is ready to be junked. Stephen will arrange to get it removed from the rack.

XRDP service resource usage

How do we ensure that the load on the XRDP service does not get too high? We really need to get the Support team involved. Chris has a script which can be used to limit the resources available to problematic users, he will check it still works.

vdice

Stephen tweaked the kernel and openafs headers so that the vdice images can include just the current kernel (not the previous one) which saves a lot of space. Graham also wonders if the firmware package is required.

EV3 bricks

Gary has started preparations for SDP next semester. That courses uses the EV3 bricks which require a slightly peculiar network configuration so that users can talk to them via USB. Stephen will need to work out how to get the new network component to manage that via netplan.

-- StephenQuinney - 09 Nov 2020