| | LCFG Annual Review 2019
On Friday 6th December 2018 instead of our normal monthly Deployers Meeting we will be holding our traditional Annual Review session. This will start at 2pm and we aim to be finished by 5pm. This year it will be held in room 7.14 of the Appleton Tower. Refreshments will be provided including some seasonal treats. |
| | Profile Security
|
|
<
< |
- LCFG server : file permissions tweaked on resources which are copied via rsync
|
>
> |
- LCFG server - file permissions tweaked on resources which are copied via rsync
- LCFG client - rdxprof now controlled via systemd, component rewritten into Perl
|
| |
- Improved support for fetching profiles using https
- GSSAPI authentication support for client profile fetching
|
| |
- Header improvements
- Any resources which relate to file paths in the lcfg headers have been updated to use macros or references to sysinfo resources so that they are platform-independent.
- LCFG client
- can now read and write a YAML packages list.
- Directory layout
- Altered to be closer to FHS guidelines
|
|
<
< |
- apt component and apteryx
- New support for the apt package manager.
|
>
> |
- apt component and apteryx
- New support for the apt package manager.
- Package repository management
- reprepro and dput
|
| |
- pkgforge
- Working on support for building packages using pbuilder
- Components
- Current status - UbuntuComponents
|
|
<
< | Component Changes |
>
> | Still need:
- installer
- network component replacement
- fstab component replacement
Major Changes |
| |
ngeneric |
|
<
< |
- Rewrite of locking code
- ng_umask resource
- ng_tmpldir resource
- ng_service resource
|
>
> |
- Rewrite of locking code - Less likely to leave stale lock files when an error occurs
-
 ng_umask resource - Can be used to improve default security of files generated by components. Currently optional, could we set a very secure default in the future?
- ng_tmpldir resource - No longer need to give full paths to templates if they are stored in the standard locations.
- ng_service resource - Can be used to specify the systemd service name (e.g. ssh v sshd depending on platform).
Build Tools
- Support for the GIT version control system - thanks to Kenny MacDonald and Justin Kasin.
|
| |
updaterpms |
|
<
< | |
>
> |
- https support - thanks to Kenny MacDonald
|
| |
pxeserver / pxeclient |
| |
x509 |
|
<
< |
- NEW: Let's Encrypt support
|
>
> |
- Let's Encrypt support improvements
|
| |
hardware |
|
<
< |
- NEW: Configures systemd to load kernel modules at boot time
|
>
> |
- Configures systemd to load kernel modules at boot time
|
| |
kernel |
|
<
< |
- NEW: Configures which kernel modules should be included in the initramfs
|
>
> |
- Configures which kernel modules should be included in the initramfs
|
| |
fstab |
|
<
< |
- FIXED: Resolved issue where the installer had be to run twice for the partitioning to work correctly
|
>
> |
-
 Resolved issue where the installer had to be run twice for the partitioning to work correctly
apacheconf
- Warn rather than Error for issues related to inactive vhosts/modules
|
| |
Platforms
EL7
- Platform was upgraded to SL7.6
|
|
<
< |
- We expect the next update to be SL7.8, we will aim to roll this out at the start of June but will, hopefully, make it available sometime in early Spring.
Future Developments |
>
> |
- We expect the next update to be SL7.8. We will aim to roll this out to Informatics machines at the start of June 2020 but will, hopefully, make it available for all LCFG users sometime in early Spring.
|
| |
General Discussion |
Copyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.