Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

LCFG Project

LCFG Project

Recent Activity for the LCFG project

  1. LCFG Project
  2. Uncategorised
  3. Weekly Changes – 05/08/2024

Weekly Changes – 05/08/2024

This week sees a big update to the network configuration support for complex systems running Ubuntu. There are also some helpful changes to the LCFG component log permissions. Here are the details of all the notable changes…

network component

The LCFG network component for Ubuntu has been substantially refactored to improve maintainability. There is also improved support for specifying addresses on VLAN and bridge interfaces. The permissions on the configuration file in /etc/netplan have been tightened, this is to silence netplan which now moans a lot if anyone other than root has read access.

Log Permissions

On older platforms including SL7 the default permissions on some component log files (found in /var/log/lcfg) restrict access to root only. This is because syslog is configured to store certain information in those files (e.g. auth and cron) along with any output from the LCFG component. On Ubuntu platforms syslog is configured in the standard way to log to files in the /var/log, only the output from LCFG components will end up in /var/log/lcfg. To make it easier for administrators to read the component log files the default permissions have been tweaked to allow group read access for auth, auditd, cron and rkhunter components. Some others still need to be done, once SL7 support is dropped we will ensure all default permissions are 0640.

nodejs

There is a new header – ed/options/nodejs.h – which may be used to include nodejs software on a system. The latest long-term-support (LTS) version may be selected by defining the ED_OPTIONS_NODE_LTS macro before including the header. The LTS version is currently 20.16.0 which comes from the NodeSource repository.

iptables

On SL7 the LCFG iptables component has been updated to fix a couple of minor helper scripts that were not being correctly configured when the package was built, it is likely those scripts are only used in Informatics.

On Ubuntu the component code has been updated to use the ipcalc-ng utility which is compatible with the version of ipcalc provided on SL7, note that, somewhat confusingly, ipcalc on Ubuntu is a totally different thing. Also, a number of helper scripts have been fixed to use the correct directory locations for Ubuntu. Similarly, the helper scripts provided in the dice-iptables package have also been tweaked to use the correct ipcalc utility and fix some paths.

There are new headers to allow other sites to use the LCFG ipfilter component to configure their iptables using spanning maps. These are: lcfg/options/ipfilter.h for publishing to a spanning map and lcfg/options/ipfilter-server.h for subscribing to the spanning map. The DICE ipfilter headers have been refactored accordingly to include the new LCFG headers.

aptly

The aptly-keyrings package has gained keyrings for openafs and ghc repositories and some repository configs have been updated to use them. That fixes some recent mirroring failures due to key changes.

Changes to headers and package lists

Members of the Informatics Computing team can browse all the changes to the headers and package lists.

Weekly Changes – 05/08/2024 / LCFG Project by blogadmin is licensed under a Creative Commons Attribution CC BY 3.0

Posted by

Categories

Uncategorised

Tags

No tags have been added to this post.

Previous post

Next post

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel