Weekly Changes – 30/11/2020
This week there are important changes to the Ubuntu network configuration. There is also a modification to the Ubuntu installer configuration which will have a, hopefully short-lived, effect on our use of IPv6. Here’s a summary…
Network Configuration
The new LCFG network component – version 2.1.12 – is now enabled by default on the Ubuntu platform. Previously all machines had the default configuration which is to use a single network interface and to get the configuration via DHCP. Now the default will be for static addresses, to use DHCP the lcfg/options/dhcp.h
header must be included in the LCFG profile. Servers which are configured in LCFG to use bonded interfaces will now have that enabled, if nagios monitoring is enabled then this might mean warnings start being produced until the machine is restarted to apply the new configuration.
As part of this work the LCFG network component has been added to the list of those which are monitored by the autoreboot component on DICE machines. Once the network component has been activated any changes will trigger an automatic reboot on all Ubuntu desktops, including those in the student labs.
Systemd logind configuration
The LCFG systemd component on Ubuntu (version 0.9.5) has gained support for configuring the logind.conf
file. A new systemd.logind
tag list resource along with associated systemd.logind_opt_$
and systemd.logind_val_$
resources for each tag have been added to the component schema.
The simplest way to set an option is by using the LCFG_SYSTEMD_LOGIND_OPT
macro. For example:
LCFG_SYSTEMD_LOGIND_OPT(HandlePowerKey,reboot)
To immediately apply any changes to logind would require the service to be restarted. Annoyingly, restarting the logind service causes it to lose track of existing sessions and there’s no support for a lower-impact reload method. For that reason we do not restart logind, consequently any changes will only be applied automatically at the next reboot.
Ubuntu PXE installs
For reasons which are not still understood, enabling IPv6 support in the Ubuntu installer now breaks the install process so we have had to append ipv6.disable=1
to the Linux kernel command line arguments.
In Informatics we have IPv6 support enabled on nearly all parts of our network, generally this works well and up until about a week ago had not caused us any problems. Now when IPv6 is configured on the network interface using DHCP in the install process the fetching of files from an upstream Ubuntu package server hangs for a long time (often more than an hour) and sometimes never succeeds. It is not dependent on the choice of upstream mirror, it seems likely that some external network configuration has changed or become broken, it’s not clear why other things are not being affected in the same way.
We are reliant on using an upstream mirror for the first part of the install because the minimal installer cannot cope with our local repository having a multitude of versions for some important packages. What we are doing is permitted but typically repositories only provide one version for each package and the installer has been written with that in mind. We were already aware that before Ubuntu 22.04 we will need to switch to an alternative installer so we’re reluctant to put too much effort into diagnosing the issue. The main downside to this solution is that the ipv6.disable=1
is inherited from the PXE kernel command line into the installed system configuration. To take control of the kernel command line for the target machine the LCFG grub2 component will need to be revived.
PostgreSQL 13
Support for PostgreSQL version 13 has been added, this is still being tested so is probably not ready for active service just yet.
DICE Ubuntu package service
Our local Ubuntu package service has been running on old hardware for some time now. Although not ideal this was a pragmatic choice made during the project so that we could get the service running as quickly and easily as possible. Work is now ongoing to move it onto the main package server where the RPMs for SL7 are also handled. Along with this we now have support for Ubuntu packages in our squid cache service and on the offsite disaster recovery server at Kings Buildings. More testing is required before we can move all machines over to using the squid cache service, machines following the develop release will be reconfigured to use it some time in the near future.
SL7.9
The security updates packages list for SL7.9 is now being generated. We are not planning to add any support for the final minor release of SL7 just yet.
DICE software changes
Other than the weekly security updates no new software packages were added this week.
PostgreSQL 13 itself is untested on LCFG, but stable, now 13.1 and contains no major structural changes from v12 – so I’d encourage anyone who hugs the bleeding edge to upgrade.
That said – we’ve realised rather late that PostgreSQL 12 brought major changes to the authentication configuration (as a byproduct of the introduction of GSSAPI encryption support) so look out for a new version of the lcfg-postgresql component in the coming weeks, supporting GSSAPI auth once again on 12+ servers.