Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

LCFG Project

LCFG Project

Recent Activity for the LCFG project

Weekly Changes – 06/04/2021

Not much in the way of changes this week but a few pieces of ongoing work which will appear in the next release. Note that, due to the Easter break, this release was created on a Tuesday rather than the usual Monday. Here are the details…

NFS configuration

Whilst debugging a problem with the sssd service on a couple of SL7 DICE machines we discovered a problem with the Kerberos credentials cache for the root user. It appears to be similar to this problem which is caused by the default NFS configuration having the gssproxy enabled by default (GSS_USE_PROXY="yes" in /etc/sysconfig/nfs). This happens because rpc.gssd uses our /etc/krb5.keytab and stores a GSSPROXY ticket in /tmp/krb5cc_0 (service principal Encrypted/Credentials/v1@X-GSSPROXY:). We don’t see this on all machines, it only happens when a user actually accesses a file via NFS.

The solution is fairly simple (just set GSS_USE_PROXY="no") but as that configuration file has not previously been managed a new nfsconfig LCFG component (a sub-class of the file component) has been added. This has resources which map onto all the main supported options, it has templates for both SL7 and Ubuntu which are, annoyingly, just a bit different. Note that, unlike Redhat, the gss proxy is disabled by default for all LCFG platforms.

This component is not included by default at the LCFG level, sites wanting to use it will need to include the lcfg/options/nfsconfig.h header. It will be enabled for all DICE machines in a subsequent release once it is fully tested.

PAM Stack

There is a fix for a problem in the Ubuntu PAM stack for sudo which was introduced in the last release.

Test Kernels

The INF_TEST kernel on Ubuntu has been updated to 5.4.0-70.78, this is expected to become the new INF in the next weekly release.

Default Python version

The default major version for Python on LCFG Ubuntu is now set to be 3 (currently specifically 3.8.5). This was already the case for DICE machines. This affects which binary the generic /usr/bin/python file is symlinked to and is managed via the python-is-python3 package. To switch to version 2 remove that package and install python-is-python2 instead.

samba server

The samba service name differs between SL7 and Ubuntu. In this release the samba.ng_service resource has been set appropriately for each platform. A change is also required to the LCFG component code, that will appear as version 1.2.0 in the next weekly release. See bug#1275 for full details.

New package options

Ubuntu has gained the following new package options:

  • LCFG_OPTIONS_XDOTOOL – Generate X11 keyboard/mouse input events

This can be enabled by adding the option name to the profile.pkgcppopts resource, for example:

!profile.pkgcppopts mADD(LCFG_OPTIONS_XDOTOOL)

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel