LCFG Annual Review 2015
On Thursday 3rd December 2015 instead of our normal monthly Deployers Meeting we will be holding an Annual Review session.
All users of LCFG are encouraged to attend this meeting to hear about what has been happening over the last year and what developments they can look forwards to in the next year. This is also an excellent opportunity to raise issues that are important to you, put forward ideas for future developments you would like to see and chat about all things LCFG!
If you have any topics you are particularly keen to have discussed then please edit this page and add them to the General Discussion section below with a brief summary.
This will start at 2pm and we aim to be finished by 5pm. It will be held in room 2.33 of the Informatics Forum (note that this is NOT the usual room).
The rough outline agenda is:
14:00 - 14:30 |
Upstream review from Informatics |
14:30 - 14:50 |
Downstream review from IS |
14:50 - 15:15 |
The challenges of managing MacOSX using LCFG |
15:15 - 15:45 |
Tea break (mince pies if you're lucky!) |
15:45 - 17:00 |
General Discussion |
After the meeting there will be an informal gathering in a local pub (some IS folk might wish to go to Teviot for the second half of the IS Festive Celebration), followed by some food, everyone is welcome to come along.
Upstream
Component Changes
New components:
- lcfg-sssd
- sub-class of inifile component for managing the System Security Services Daemon
- lcfg-runner
- replaces boot.run facility in SL7 for running daily jobs. See TaskRunner for full details.
- lcfg-baseinstall
- Supports calling install methods from within the newly installed system immediately prior to the first reboot. This is used in Informatics for running kdcregister and restoring ssh keys from our wallet server. See BaseInstall for full details.
Notable changes:
- ngeneric environment plugins
- The ngeneric framework now provides an environment initialisation system for component methods with support for plugins which mean it is fully extensible. The default plugins support setting environment variables and acquiring Kerberos credentials. See EnvInit for details.
- sysinfo features
- The sysinfo component now supports a features list which can be used to associate arbitrary labels with a profile. This is useful for describing particular aspects of a system. See SysInfoDevel for details on how to query this information.
- Component sub-classing
- It is now possible to sub-class a component written in Perl (e.g. sssd sub-classes inifile) to allow code reuse.
- fstab disk encryption support
- The fstab component now supports the encryption of tmp and swap partitions.
- kernel component
- The kernel component has improved support for rebuilding initramfs files.
SL7
We finally got the SL7 desktop platform ready for deployment. Informatics have now deployed approx 580 SL7 machines. We have also upgraded to SL7.1. Work is progressing on the server platform.
So far have verified support for:
- Networking - Old-style scripts still work for bonding (issues with anything other than NIC1/NIC2 pairs), bridging and VLANs. Still need to begin looking at native networkmanager support.
- IPMI
- Monitoring with nagios
- LVM
Ongoing:
- RAID - common hardware controllers done
- apacheconf - fairly high priority, needs overhaul and support for 2.4
- DNS server - gets killed at startup, further investigation required
- Multipath support
LCFG Client Update
Work to improve the long-term maintainability is still ongoing. We are working on creating a new set of platform-independent libraries, written in C, which can be used to handle the processing of resources, contexts and package specifications along with the reading of XML profiles. Built on top of this will be a set of Perl libraries which represent the profile, components, resources and packages as objects. This will provide a new API which can be used in the client, individual components and other utilities such as qxprof and qxpack.
General Discussion
- Thoughts on how the apacheconf component can be improved, and cosign client. See ApacheConfIdeas for current ideas.
- Standard paths, now that osx11 has denied us our current ones.
- Release management - use of git?
- Priorities in package specs and updaterpms - getting OS security fixes out quickly. Cron job running high priority updaterpms frequently. There's a bug
with more details.
- Managing cgroups. In particular, restricting the amount of memory individual users can use on shared compute systems.
- Lightweight client
- Improving security.
- Enhancing the client status feedback process.
-- Main.squinney - 2015-11-13
Topic revision: r15 - 2015-12-03
- kenny