Tags:
create new tag
view all tags

LCFG Annual Review 2018

On Thursday 6th December 2018 instead of our normal monthly Deployers Meeting we will be holding our traditional Annual Review session. This will start at 2pm and we aim to be finished by 5pm. This year it will be held in room 7.14 of the Appleton Tower. Refreshments will be provided including some seasonal treats.

All users of LCFG are encouraged to attend this meeting to hear about what has been happening over the last year and what developments they can look forwards to in the next year. This is also an excellent opportunity to raise issues that are important to you, put forward ideas for future developments you would like to see and chat about all things LCFG!

As is traditional the meeting will be followed by a social event and we will go for dinner somewhere. Even if you cannot attend the meeting in the afternoon you are very welcome to join us for the social event in the evening.

If you have any topics you are particularly keen to have discussed then please edit this page and add them to the General Discussion section below with a brief summary.

Core project

Developments continue...

Packages
Support for processing package lists including *.rpms files. Added basic support for categories.
Derivations
The handling of derivation information has been extensively reworked to improve performance when processing lists of packages (and to hopefully use less memory).
Resources
Reworked data structure used in components so that resources are hashed for much faster lookups.
nodename
Improved handling of the nodename in Perl with the introduction of the LCFG::Profile::NodeName class.

Component changes

apacheconf
New support for managing http groups. Improved support for listening on multiple addresses/ports.
fstab
New support for UEFI partition type.
grub2
New support for UEFI booting.
hackparts
New support for NVME drives and UEFI partition type.
kernel
Works harder to avoid unnecessary reboots.
ngeneric
Improved Kinit environment initialisation plugin. Now logs calling user for component methods when non-root. Better logrotate config generation.
om
New support for passing through (keeping) specific environment variables to the component.
pxeclient/pxeserver
New support for UEFI booting. Can now fetch kernel and initramfs files via http which should be much faster and more reliable.
x509
New support for SAN and letsencrypt.

Platforms

SL6

It's dead Jim...

EL7

This year has seen two minor releases - 7.5, 7.6. We are currently only supporting 7.5, we expect to add support for 7.6 in the LCFG layer sometime early next year.

Scientific Linux pushed out an enormous number of security updates, backported from 7.6, on Monday 26th November. Details are available in the scientific-linux-devel mailing list archive. This includes such delights as a rebase of Gnome to 3.28 and a major update for X.

The updates will be available for testing with the LCFG stable release on Wednesday 5th December. At that point, the updates can be enabled for individual machines using the lcfg/options/test_updates.h header which enables the LCFG_TEST_PACKAGES option. With the LCFG stable release on Wednesday 12th December they will be applied by default. MDP users will probably receive that release in early 2019.

EL8

The RHEL8 beta was released in November 2018 - https://access.redhat.com/products/red-hat-enterprise-linux/beta, it appears to be based on Fedora 28.

There is still the question of whether we use Centos or ScientificLinux for the next platform.

Thoughts are being collected at EL8PortHome

Upcoming Development

Work on improving the security of LCFG profile access is still ongoing. We now have support for GSSAPI authentication when fetching profiles from the server. We have also tightened up the permissions on the various files and directories used by the LCFG client, the main result of which is that users wanting to be able to run qxprof must be in the lcfg group. These features are ready for testing but not all are the default yet, they will be slowly introduced over the next few months.

General Discussion

Future Platform
We have been using Redhat-based distributions for over 20 years. Are they still a good fit for our needs? What is good about using RHEL? What problems do we have with RHEL? Would any other Linux distribution be better?

Pyngi - Python Components
Work on building a framework for building LCFG components in Python is under way. The intent is to allow natural Python coding to be used while respecting the historic LCFG approach. Further work is needed, opinions, advice and coding effort are welcome. Subversion repository is: https://svn.lcfg.org/svn/source/trunk/pyngi

Logging
IS have changed their LCFG managed servers to log closer to the native OS to reduce surprise and confusion for colleagues when they find /var/log/messages and so on empty, and /etc/rsyslog.conf the one deployed by the original RPM. The LCFG components are instructed to log via syslog, and the results are all harvested by FileBeat and sent to LogStash for processing and storing in ElasticSearch and viewing in Kibana. It's not perfect but has proven useful already.

Macos Support
Going, going ... almost gone! The IS Devolved LCFG infrastructure refresh (almost complete) will not have any support for Macos - no building, no compiling profiles, no distributing packages.

IS ITI Enterprise Services
We are continuing to bring exciting new services managed by LCFG - all our mail relays, eddir/smsdir servers, maildata server, MariaDB Galera cluster for EASE and soon ... Sympa mailing lists and half of Staffmail. Still waiting for our Puppet efforts to bring similar levels of value as LCFG.

XFS
All our servers (and team's desktops) are built with a single root XFS partition. This has been fine on servers, but desktops sometimes don't boot due to something preventing the filesystem cleanly.

Bugs
We really would like to see more bug reports! We all know about various bugs (whether trivial or important) or have features we would like to see. It would be very helpful if we could get these recorded. We can't promise they will get fixed but just having them in https://bugs.lcfg.org/ would be a great start. I propose that to make them more useful and improve response times at each monthly meeting we review all newly submitted bugs from the previous month.

-- squinney - 2018-10-31

Topic revision: r8 - 2018-12-06 - kenny
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback