Contents
Status
SL7, CentOS7 installable, the rest is more or less unknown to me.
Target systems are:
- Servers
- WGS
- Farm nodes
NO desktops
AFS client is optional.
Completed
- AFS client works
- sue/CfEngine works
- VAMOS client works
- ssh GSSAPI authentication works
- UGE batch nodes basically work
- including a native systemd unit file for sge_execd
- UGE batch system client on WGS nodes
- arcx client
- Heimdal packages (currently only installed on test batch farm nodes via dependency)
- Ganglia monitoring (gmond) works (with EPEL packages)
- CVMFS client works (active on sl7-wgs-def, sl7-farm-def)
- PNFS client (incl. GSSAPI authentication) works
- configuration mostly handled by rpm DL_nfs-client
- Lustre client (version 2.7.0) works
- mainly untested, though
- Nagios monitoring works
- KVM Host works
but there's a strong suspicion that shutting down the host will not properly shutdown the guests
Next Steps
- provide a public "SL7 preview" system
test wgs with cname sl7 exists but not announced, yet
Known issues
- DELL firmware updates basically work
- BIOS updates are still broken!
- Update March 2016: latest BIOS updates seem to work on EL7, finally!
Open Questions
Finally remove ini before going public?
- most existing targets are nonsense anyway
Really keep the symlink /etc/yum.conf -> yum.conf.user?
- no. done.
- Make aaru.yum.create.v2 default?
- sw: no
- Default to install Registry accounts on non-AFS nodes? They won't have $HOME directory anyway.
- Deinstall tuned?
- Keep on Heimdal as default Kerberos5 client software?
- Automatically creating/renewing AFS tokens still only works with Heimdal without additional modifications
- Use Heimdal EPEL packages?
- Make /etc/sudoers modular (/etc/sudoers.d/...)?
- How to deal with IPv6 - it does not seem to be completely disabled:
[wgs1d] /root # netstat -ltnp | grep ::: tcp6 0 0 :::111 :::* LISTEN 5221/rpcbind tcp6 0 0 :::53239 :::* LISTEN 5903/rpc.statd
- This is expected, normal and harmless. IPv6 is disabled to the extent possible.
yumsel configuration
file |
installed on |
comment |
default.ys |
all nodes |
|
interactive.ys |
all nodes with user access (farm nodes, wgs) |
please keep it clean from graphics applications that not needed on farm nodes - put these into graphical.ys |
development.ys |
(probably) all nodes with user access (farm nodes, wgs) |
might be merged with interactive.ys but let's keep the development stuff separately for now |
graphical.ys |
all nodes providing "real" user logins (wgs) |
|
desktop.ys |
desktops only (if they ever exist ...) |
desktops will install everything from interactive.ys, development.ys & graphical.ys, additionally |
SUE feature status
Feature |
finished? |
comment |
aaru |
|
|
afs_client |
|
|
arcx |
|
|
cfengine |
|
|
cups |
|
|
group |
|
|
hosts |
|
|
iptables |
|
|
kerberos |
|
|
kernel |
|
|
klogin |
|
|
linux |
|
|
motd |
|
|
nagios |
|
|
name_srv |
|
client only, currently |
netgroup |
|
|
nsswitch |
|
|
pam |
|
|
passwd_prog |
|
Packaged into rpm, rest to go soon |
passwd |
|
|
scout |
|
obsolete? |
security |
|
|
ssh |
|
|
sudo |
|
Make /etc/sudoers less monolithic (/etc/sudoers.d)? Only install configuration needed on this host? |
sue |
|
Obsolete this feature completely and put everything into the DL_sue rpm? |
syslog |
|
|
tcp_wrapper |
|
|
tidy_up |
|
|
vamos |
|
|
xntp |
|
SL7 comes with chrony |
zzz |
|
|