Weekly Changes – 05/08/2024
This week sees a big update to the network configuration support for complex systems running Ubuntu. There are also some helpful changes to the LCFG component log permissions. Here are the details of all the notable changes…
network component
The LCFG network component for Ubuntu has been substantially refactored to improve maintainability. There is also improved support for specifying addresses on VLAN and bridge interfaces. The permissions on the configuration file in /etc/netplan
have been tightened, this is to silence netplan which now moans a lot if anyone other than root has read access.
Log Permissions
On older platforms including SL7 the default permissions on some component log files (found in /var/log/lcfg
) restrict access to root only. This is because syslog is configured to store certain information in those files (e.g. auth and cron) along with any output from the LCFG component. On Ubuntu platforms syslog is configured in the standard way to log to files in the /var/log
, only the output from LCFG components will end up in /var/log/lcfg
. To make it easier for administrators to read the component log files the default permissions have been tweaked to allow group read access for auth, auditd, cron and rkhunter components. Some others still need to be done, once SL7 support is dropped we will ensure all default permissions are 0640
.
nodejs
There is a new header – ed/options/nodejs.h – which may be used to include nodejs software on a system. The latest long-term-support (LTS) version may be selected by defining the ED_OPTIONS_NODE_LTS
macro before including the header. The LTS version is currently 20.16.0
which comes from the NodeSource repository.
iptables
On SL7 the LCFG iptables component has been updated to fix a couple of minor helper scripts that were not being correctly configured when the package was built, it is likely those scripts are only used in Informatics.
On Ubuntu the component code has been updated to use the ipcalc-ng utility which is compatible with the version of ipcalc provided on SL7, note that, somewhat confusingly, ipcalc on Ubuntu is a totally different thing. Also, a number of helper scripts have been fixed to use the correct directory locations for Ubuntu. Similarly, the helper scripts provided in the dice-iptables package have also been tweaked to use the correct ipcalc utility and fix some paths.
There are new headers to allow other sites to use the LCFG ipfilter component to configure their iptables using spanning maps. These are: lcfg/options/ipfilter.h for publishing to a spanning map and lcfg/options/ipfilter-server.h for subscribing to the spanning map. The DICE ipfilter headers have been refactored accordingly to include the new LCFG headers.
aptly
The aptly-keyrings package has gained keyrings for openafs and ghc repositories and some repository configs have been updated to use them. That fixes some recent mirroring failures due to key changes.
Changes to headers and package lists
Members of the Informatics Computing team can browse all the changes to the headers and package lists.
Recent comments