Tags:
view all tags

LCFG Annual Review 2015

On Thursday 3rd December 2015 instead of our normal monthly Deployers Meeting we will be holding an Annual Review session.

All users of LCFG are encouraged to attend this meeting to hear about what has been happening over the last year and what developments they can look forwards to in the next year. This is also an excellent opportunity to raise issues that are important to you, put forward ideas for future developments you would like to see and chat about all things LCFG!

If you have any topics you are particularly keen to have discussed then please edit this page and add them to the General Discussion section below with a brief summary.

This will start at 2pm and we aim to be finished by 5pm. It will be held in room 2.33 of the Informatics Forum (note that this is NOT the usual room).

The rough outline agenda is:

14:00 - 14:30 Upstream review from Informatics
14:30 - 14:50 Downstream review from IS
14:50 - 15:15 The challenges of managing MacOSX using LCFG
15:15 - 15:45 Tea break (mince pies if you're lucky!)
15:45 - 17:00 General Discussion

After the meeting there will be an informal gathering in a local pub (some IS folk might wish to go to Teviot for the second half of the IS Festive Celebration), followed by some food, everyone is welcome to come along.

Upstream

Component Changes

New components:

lcfg-sssd
sub-class of inifile component for managing the System Security Services Daemon
lcfg-runner
replaces boot.run facility in SL7 for running daily jobs. See TaskRunner for full details.
lcfg-baseinstall
Supports calling install methods from within the newly installed system immediately prior to the first reboot. This is used in Informatics for running kdcregister and restoring ssh keys from our wallet server. See BaseInstall for full details.

Notable changes:

ngeneric environment plugins
The ngeneric framework now provides an environment initialisation system for component methods with support for plugins which mean it is fully extensible. The default plugins support setting environment variables and acquiring Kerberos credentials. See EnvInit for details.
sysinfo features
The sysinfo component now supports a features list which can be used to associate arbitrary labels with a profile. This is useful for describing particular aspects of a system. See SysInfoDevel for details on how to query this information.
Component sub-classing
It is now possible to sub-class a component written in Perl (e.g. sssd sub-classes inifile) to allow code reuse.
fstab disk encryption support
The fstab component now supports the encryption of tmp and swap partitions.
kernel component
The kernel component has improved support for rebuilding initramfs files.

SL7

We finally got the SL7 desktop platform ready for deployment. Informatics have now deployed approx 580 SL7 machines. We have also upgraded to SL7.1. Work is progressing on the server platform.

So far have verified support for:

  • Networking - Old-style scripts still work for bonding (issues with anything other than NIC1/NIC2 pairs), bridging and VLANs. Still need to begin looking at native networkmanager support.
  • IPMI
  • Monitoring with nagios
  • LVM

Ongoing:

  • RAID - common hardware controllers done
  • apacheconf - fairly high priority, needs overhaul and support for 2.4
  • DNS server - gets killed at startup, further investigation required
  • Multipath support

LCFG Client Update

Work to improve the long-term maintainability is still ongoing. We are working on creating a new set of platform-independent libraries, written in C, which can be used to handle the processing of resources, contexts and package specifications along with the reading of XML profiles. Built on top of this will be a set of Perl libraries which represent the profile, components, resources and packages as objects. This will provide a new API which can be used in the client, individual components and other utilities such as qxprof and qxpack.

General Discussion

  • Thoughts on how the apacheconf component can be improved, and cosign client. See ApacheConfIdeas for current ideas.
  • Standard paths, now that osx11 has denied us our current ones.
  • Release management - use of git?
  • Priorities in package specs and updaterpms - getting OS security fixes out quickly. Cron job running high priority updaterpms frequently. There's a bug with more details.
  • Managing cgroups. In particular, restricting the amount of memory individual users can use on shared compute systems.
  • Lightweight client
  • Improving security.
  • Enhancing the client status feedback process.

-- Main.squinney - 2015-11-13

Attachments Attachments
Topic attachments
I Attachment History Action Size Date Who Comment
PDFpdf MDP_Review_and_Preview_2015.pdf r1 manage 574.5 K 2015-12-03 - 13:00 UnknownUser MDP Review 2015
Edit | Attach | Print version | History: r16 < r15 < r14 < r13 < r12 | Backlinks | Raw View | More topic actions...
Topic revision: r15 - 2015-12-03 - kenny
 
  • Edit
  • Attach
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback