Weekly Changes – 11/10/2021
This week sees quite a few changes, in particular, following from discussions at the recent LCFG monthly meeting, various configuration has been moved from the DICE to LCFG headers so that it may be shared and reused.
Network Manager
After discussion at the LCFG monthly meeting on 7th October it was decided that we should remove the network-manager packages from the standard package lists for Ubuntu. Having network-manager packages installed when it is not being used can cause problems for various applications which confuse network-manager status with the network online status. The package removals are unlikely to cause problems as the LCFG network component is designed to use systemd-networkd via netplan. The only situation where network-manager is more suitable on Ubuntu is for laptops where wireless access is needed. If we need to use network-manager packages at some point we will add a suitable package option. Note that this only affects external users of LCFG, network-manager packages were removed from DICE profiles in August 2020, we have not experienced any related problems.
localhome component
On Ubuntu, a bug in the way the localhome component handles netgroups has been fixed. Previously it required netgroup names to be alphanumeric.
hardware monitoring
The lcfg-hwmon tools used for checking hardware status (e.g. RAID controllers, IPMI sensors) and notifying nagios of problems has been packaged for Ubuntu. This had previously been missed due to the header being restricted by LINUX_REDHAT
rather than OS_LINUX
.
Rootkit Hunter
The default settings for the rkhunter component resources have been updated so they are more suitable for Ubuntu.
XScreensaver
To avoid XScreensaver clashing with the MATE screensaver the packages are now removed when the lcfg/options/xscreensaver.h
header is included. This has been the standard procedure on DICE machines for a long time, this change just moves it to the LCFG header so it is more likely to work for external sites.
One problem with running XScreensaver rather than the standard screen locking provided in gdm is that the standard Gnome lock features do not work. It doesn’t appear to be possible to override the behaviour of the standard screen lock so to work around this a new DICE lock feature has been added for the Gnome desktop.
lightdm
In response to discussions at the recent LCFG monthly meeting support has been added for specifying the default desktop session. This avoids the session for the next user being whatever the previous user wanted. The lcfg/options/lightdm.h
now supports the LIGHTDM_DEFAULT_SESSION
macro. For example this feature can be used like:
#define LIGHTDM_DEFAULT_SESSION gnome #include <lcfg/options/lightdm.h>
As well as configuring lightdm appropriately this uses the file component to attempt to hardwire the /var/lib/lightdm/.cache/lightdm-gtk-greeter/state
state file so that it does not get overwritten after each user login. This is based on a strategy that has been used on DICE machines since SL7.
DICE XRDP Service
As a consequence to the rebuild of the XScreensaver package (see change notes for last week) the screensaver on the DICE XRDP service could not be unlocked after the stable release was updated.
The PAM configuration on the XRDP service is slightly more complicated than usual with 2 configuration files for pam_access being used. The default one controls access to most services, including SSH, and is thus quite restricted. The alternative configuration permits remote login access to the XRDP service. The change in how XScreensaver handles the result from the account
section of the PAM stack revealed it had previously been using (and ignoring) the wrong configuration for pam_access.
DICE server room desktops
Login access to the DICE server room desktops is now controlled using the @login/serverroomdesktop/local
and @login/serverroomdesktop/remote
netgroups. All users who previously had access have been given those entitlements.
Schemas
Some versions of component schemas which have been actively used on DICE for a long time but only listed in the live_testing_defaults.rpms package list have been moved to the release-managed package lists. For all LCFG sites this updates the arpwatch schema to 2.1.8. For DICE this updates the schemas for dice-netman to 1.2.23 and openvpn to 1.3.24.
Recent comments