Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

LCFG Project

LCFG Project

Recent Activity for the LCFG project

Weekly Changes – 04/05/2022

This week sees a range of small changes, notably there are tweaks to the standard DICE Apache configuration which might be noticed by users. Here are the full details…

HP EliteDesk G8

Informatics has recently acquired an HP EliteDesk G8 desktop for testing. We have discovered that it is not possible to install Ubuntu Focal on this machine using our current installer technology. This is due to the installer being based on the rather old 5.4 series Linux kernel. That installer is something of a black box and, as such, we can’t easily upgrade the kernel. The expectation is that the HP EliteDesk G6 model will remain available until sometime in the Autumn so we recommend that sites which want to run LCFG-managed Ubuntu desktops stay with the G6 for now. Our prototype for a new installer does boot on the G8 and we hope that it will be available before we are forced to switch to the G8 (or possibly G9).

LCFG Client

The LCFG client has been updated to version 4.8.1 on Ubuntu to fix a few minor issues. In particular, the error handling and logging in the lcfginit script has been fixed, thankfully we rarely encounter problems with initialising the LCFG client environment at boot time. This update also sets a value for the OOMScoreAdjust option in the rdxprof systemd service file in the hope that it will discourage the OOM killer.

Virtualisation software

On DICE we now try a bit harder to avoid unnecessarily including virtualisation software on virtualised systems. This also adds support for a new DICE_OPTIONS_NO_VIRTUAL macro which can be checked in package lists.

DHCP Client configuration

At the lcfg-level the dhclient component configuration has been tweaked so that the lack of a value for the _DHCLIENT_HOSTROOTPATH macro is only an error on Redhat systems. Any platform where it is specified will now get the value applied to the dhclient.hostrootpath resource.

On DICE systems we now set a value for the _DHCLIENT_HOSTROOTPATH macro for all managed Linux environments. This means that Ubuntu now has a value of 129.215.202.179:/export/linux/installroot/ubu2004 for the dhclient.hostrootpath resource. This is required for our new prototype installer but has no effect on the current installer technology.

Apache Configuration

On DICE we no longer include the Apache auth_digest module in the standard list of modules in the apacheconf.modules resource. We never actually use this module so to avoid a small security risk – CVE-2020-35452 – it has been removed.

Also on DICE we have tightened the security of our SSL CipherSuite setting by removing support for the MEDIUM collection of ciphers.

New Software

An LCFG_OPTIONS_CRYPTSETUP option has been added which can be used to include the cryptsetupdisk encryption support – and all of its dependencies. That option can be enabled by adding the option name to the profile.pkgcppopts resource, for example:

!profile.pkgcppopts mADD(LCFG_OPTIONS_CRYPTSETUP)

Changes to headers and package lists

Members of the Informatics Computing team can browse all the changes to the headers and package lists.

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel