Weekly Changes – 04/05/2022
This week sees a range of small changes, notably there are tweaks to the standard DICE Apache configuration which might be noticed by users. Here are the full details…
HP EliteDesk G8
Informatics has recently acquired an HP EliteDesk G8 desktop for testing. We have discovered that it is not possible to install Ubuntu Focal on this machine using our current installer technology. This is due to the installer being based on the rather old 5.4 series Linux kernel. That installer is something of a black box and, as such, we can’t easily upgrade the kernel. The expectation is that the HP EliteDesk G6 model will remain available until sometime in the Autumn so we recommend that sites which want to run LCFG-managed Ubuntu desktops stay with the G6 for now. Our prototype for a new installer does boot on the G8 and we hope that it will be available before we are forced to switch to the G8 (or possibly G9).
LCFG Client
The LCFG client has been updated to version 4.8.1 on Ubuntu to fix a few minor issues. In particular, the error handling and logging in the lcfginit script has been fixed, thankfully we rarely encounter problems with initialising the LCFG client environment at boot time. This update also sets a value for the OOMScoreAdjust
option in the rdxprof systemd service file in the hope that it will discourage the OOM killer.
Virtualisation software
On DICE we now try a bit harder to avoid unnecessarily including virtualisation software on virtualised systems. This also adds support for a new DICE_OPTIONS_NO_VIRTUAL
macro which can be checked in package lists.
DHCP Client configuration
At the lcfg-level the dhclient
component configuration has been tweaked so that the lack of a value for the _DHCLIENT_HOSTROOTPATH
macro is only an error on Redhat systems. Any platform where it is specified will now get the value applied to the dhclient.hostrootpath
resource.
On DICE systems we now set a value for the _DHCLIENT_HOSTROOTPATH
macro for all managed Linux environments. This means that Ubuntu now has a value of 129.215.202.179:/export/linux/installroot/ubu2004
for the dhclient.hostrootpath
resource. This is required for our new prototype installer but has no effect on the current installer technology.
Apache Configuration
On DICE we no longer include the Apache auth_digest
module in the standard list of modules in the apacheconf.modules
resource. We never actually use this module so to avoid a small security risk – CVE-2020-35452 – it has been removed.
Also on DICE we have tightened the security of our SSL CipherSuite setting by removing support for the MEDIUM
collection of ciphers.
New Software
An LCFG_OPTIONS_CRYPTSETUP
option has been added which can be used to include the cryptsetup – disk encryption support – and all of its dependencies. That option can be enabled by adding the option name to the profile.pkgcppopts
resource, for example:
!profile.pkgcppopts mADD(LCFG_OPTIONS_CRYPTSETUP)
Changes to headers and package lists
Members of the Informatics Computing team can browse all the changes to the headers and package lists.
Recent comments