Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

LCFG Project

LCFG Project

Recent Activity for the LCFG project

  1. LCFG Project
  2. Uncategorised
  3. Weekly Changes – 11/10/2021

Weekly Changes – 11/10/2021

This week sees quite a few changes, in particular, following from discussions at the recent LCFG monthly meeting, various configuration has been moved from the DICE to LCFG headers so that it may be shared and reused.

Network Manager

After discussion at the LCFG monthly meeting on 7th October it was decided that we should remove the network-manager packages from the standard package lists for Ubuntu. Having network-manager packages installed when it is not being used can cause problems for various applications which confuse network-manager status with the network online status. The package removals are unlikely to cause problems as the LCFG network component is designed to use systemd-networkd via netplan. The only situation where network-manager is more suitable on Ubuntu is for laptops where wireless access is needed. If we need to use network-manager packages at some point we will add a suitable package option. Note that this only affects external users of LCFG, network-manager packages were removed from DICE profiles in August 2020, we have not experienced any related problems.

localhome component

On Ubuntu, a bug in the way the localhome component handles netgroups has been fixed. Previously it required netgroup names to be alphanumeric.

hardware monitoring

The lcfg-hwmon tools used for checking hardware status (e.g. RAID controllers, IPMI sensors) and notifying nagios of problems has been packaged for Ubuntu. This had previously been missed due to the header being restricted by LINUX_REDHAT rather than OS_LINUX.

Rootkit Hunter

The default settings for the rkhunter component resources have been updated so they are more suitable for Ubuntu.

XScreensaver

To avoid XScreensaver clashing with the MATE screensaver the packages are now removed when the lcfg/options/xscreensaver.h header is included. This has been the standard procedure on DICE machines for a long time, this change just moves it to the LCFG header so it is more likely to work for external sites.

One problem with running XScreensaver rather than the standard screen locking provided in gdm is that the standard Gnome lock features do not work. It doesn’t appear to be possible to override the behaviour of the standard screen lock so to work around this a new DICE lock feature has been added for the Gnome desktop.

lightdm

In response to discussions at the recent LCFG monthly meeting support has been added for specifying the default desktop session. This avoids the session for the next user being whatever the previous user wanted. The lcfg/options/lightdm.h now supports the LIGHTDM_DEFAULT_SESSION macro. For example this feature can be used like:

#define LIGHTDM_DEFAULT_SESSION gnome
#include <lcfg/options/lightdm.h>

As well as configuring lightdm appropriately this uses the file component to attempt to hardwire the /var/lib/lightdm/.cache/lightdm-gtk-greeter/state state file so that it does not get overwritten after each user login. This is based on a strategy that has been used on DICE machines since SL7.

DICE XRDP Service

As a consequence to the rebuild of the XScreensaver package (see change notes for last week) the screensaver on the DICE XRDP service could not be unlocked after the stable release was updated.

The PAM configuration on the XRDP service is slightly more complicated than usual with 2 configuration files for pam_access being used. The default one controls access to most services, including SSH, and is thus quite restricted. The alternative configuration permits remote login access to the XRDP service. The change in how XScreensaver handles the result from the account section of the PAM stack revealed it had previously been using (and ignoring) the wrong configuration for pam_access.

DICE server room desktops

Login access to the DICE server room desktops is now controlled using the @login/serverroomdesktop/local and @login/serverroomdesktop/remote netgroups. All users who previously had access have been given those entitlements.

Schemas

Some versions of component schemas which have been actively used on DICE for a long time but only listed in the live_testing_defaults.rpms package list have been moved to the release-managed package lists. For all LCFG sites this updates the arpwatch schema to 2.1.8. For DICE this updates the schemas for dice-netman to 1.2.23 and openvpn to 1.3.24.

Weekly Changes – 11/10/2021 / LCFG Project by blogadmin is licensed under a Creative Commons Attribution CC BY 3.0

Posted by

Categories

Uncategorised

Tags

No tags have been added to this post.

Previous post

Next post

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel