Changes to DICE Password Policy

We have introduced a new password policy for DICE accounts:

http://computing.help.inf.ed.ac.uk/password-policy

The significant changes made to the previous policy are:

  • We now have a more flexible approach to the number of character
    classes required in any password – specifically that the longer the
    password, the fewer number of distinct character classes is required.

  • All password checking is now undertaken on the server-side – prior to
    these changes, we had a mixture of client and server side checks.

Posted in Uncategorized | Leave a comment

IPv6

The “IPv6 investigation” project has made good progress since my previous post in January.  We have had global connectivity since February, and have been testing on a variety of subnets since then, including all of our “server” subnets, and most recently the “Appleton Tower” (including Forrest Hill and Wilkie) managed DICE desktop subnet.

We have seen few issues with these, so will be rolling IPv6 out to the Forum DICE subnet on Tuesday of next week (6th September).  All SL7 machines on that subnet will then acquire IPv6 addresses, which they will start to use, often in preference to their IPv4 addresses.  DNS entries will also be created for all of these machines.

(Servers are being given IPv6 addresses individually as their managers deem the services on them to be IPv6-ready, particularly as regards access control.)

Unfortunately we won’t be able to roll out IPv6 to self-managed machines for a while yet.  Many of our network switches are currently lacking some security features which are required before it would be safe to open these subnets to the variety of systems we have on them.  We had hoped that these switches would have been upgraded by now, but the process was blocked by IS’s ongoing EdLAN review.  We’ll post again once we’re in a position to begin IPv6 tests with self-managed machines.

Managed Windows desktops will also be IPv4-only for now.  We identified a few issues with these in testing, which we have passed back to IS for evaluation, and await their response.

The project’s working documentation, including useful links, can be found here.

Posted in Uncategorized | Leave a comment

SSH Server Upgrade

We need to upgrade the general access SSH server (schiff) to SL7. We plan to start this work at 9am on Tuesday 16th August. We expect the service to be unavailable for approximately 2 hours, we will send out another message when the work has been completed.

During the period of downtime an alternative SSH server – staff.ssh.inf.ed.ac.uk – will be available for those with permission to access that server (all staff and postgrad students).

If you have any queries regarding this please use the User Support form.

Posted in Uncategorized | Leave a comment

Git in the School of Informatics

Git is a version control system which has become very popular within Informatics. In fact it has become so popular that we are now offering no less that three different Git related services within the School! At this point, if you are familiar with Git, you may be wondering why we bother since it is trivial for any user to set up a Git repository in their home directory with a couple of simple commands. This is true, and indeed may be all you need if you are the only person using that repository. Setting up a Git repository to be used by others is trickier and it is this need which the School Git services aim to meet.

First up, we have git.inf.ed.ac.uk and its close associate https://gerrit.inf.ed.ac.uk, the longest running of the three service and the closest to a “classic” Git service. This supports Git over the git:// and ssh:// protocols. So far, so nothing special but as the second URL suggests, this Git service is run in conjunction with a Gerrit instance. Gerrit is a web based code collaboration tool. Because it is web based, it means that external collaborators can access repositories by creating an iFriend account and, after visiting the gerrit URL (which automatically creates an account for them), register one or more ssh public keys allowing them to contribute to the Gerrit repositorys if they have the necessary permissions. This last condition is necessary because Gerrit provides fine grained control over what access registered users have to a project. Finally, Gerrit provides code review which may be important for some projects. You can find out more about the Git/Gerrit service here.

One issue with Gerrit is that it can be tricking to configure and manage permissions for, and contributions to, a project. In an effort to provide a multi-user Git service which would offer many of the advantages of Gerrit without all the complexities, we have introduced git2.inf.ed.ac.uk. The main feature which makes the git2 service stand out is that the Git repositories are located on AFS file space. When a repository is set up (and another advantage of git2 is that repositories can be set up by users, there is no need to request Computing Support to set up a repository), two AFS groups are set up, one giving read access to the repository and the other write access. The repository owner can therefore control access to the repository by putting users in the appropriate groups. Access is via the file:// protocol (though repositories may also be made readable via the git:// protocol if desired). It will be seen therefore that for a user to be able to access a repository, they must have AFS access. iFriend accounts can be given AFS credentials allowing external collaborators to access repositories though they can do so only through an AFS client. Find out more about this service here.

Finally, we have gitlab.inf.ed.ac.uk, a local Gitlab-CE instance and intended as a short term stand in until a mooted college-wide Gitlab service comes along. This is very much a test service at the moment and as such does not feature some aspects which would normally be expected of a DICE service such as integrated sign-in via Cosign. Instead, you must currently create your own account when you first connect to the service and will have to set up a password which is unconnected to any other School or University password (and please don’t reuse an existing password!). Access to the Gitlab Git repositories is currently only available via the http:// protocol. External users can make use of this service but will also need to create an account. As mentioned, this is a test service which will continue to be developed and is subject to withdrawal at very short notice if necessary (for example if there are security concerns). This Gitlab service can be found at gitlab.inf.ed.ac.uk

So which Git service should you use? If you absolutely must have code review, then Git/Gerrit is the one to use. If you want a straightforward self-service Git service and all your external collaborators who will need to contribute to the repository have access to an AFS client, then git2 may be a good fit for your needs. And if you would like to try a web based development environment and can live with the possibility that it may disappear at short notice, then why not give Gitlab a try?

Questions and suggestions about how these services might be improved are welcome. Please use the support form to make contact.

Posted in Uncategorized | Leave a comment

Staff SSH server upgrade

We need to upgrade the staff SSH server (brendel) to SL7. We plan to do this at 9am on Tuesday 9th August. We expect the service to be unavailable for most of that morning, we will send out another message when the work has been completed.

During the period of downtime the alternative SSH server – ssh.inf.ed.ac.uk – will be available.

If you have any queries regarding this please use the User Support form.

Posted in Uncategorized | Leave a comment

New smtp.inf.ed.ac.uk certificate

The x509 certificate used to secure communications with smtp.inf.ed.ac.uk changed this morning.

The authenticated SMTP service uses an automatically generated certificated, ultimately signed by the University’s root CA. The service certificates only last a year, and this morning it was automatically replaced with a new certificate.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3811 (0xee3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Scotland, O=The University of Edinburgh, OU=Informatics, CN=Automated Server Key CA
        Validity
            Not Before: Jun 28 02:49:21 2016 GMT
            Not After : Jun 28 02:49:21 2017 GMT
        Subject: CN=smtp.inf.ed.ac.uk, OU=Informatics, O=The University of Edinburgh, L=Edinburgh, ST=Scotland, C=GB

If you have previously had to accept a warning from your mailer indicating that you trust the smtp.inf.ed.ac.uk certificate, you will probably have to do so again for this updated certificate.

Our apologies for not warning you in advance.

Neil

Posted in Uncategorized | Leave a comment

SL7 Software Collections

We have recently added support for the Redhat Software Collections (2.1) on SL7 DICE machines. Redhat describes these as:

For certain applications, more recent versions of some software components are often needed in order to use their latest new features. Red Hat Software Collections is a Red Hat offering that provides a set of dynamic programming languages, database servers, and various related packages that are either more recent than their equivalent versions included in the base Red Hat Enterprise Linux system, or are available for this system for the first time.”

By default we have added gcc 5.2.1 from the Developer Toolset (4.0), others are available and can be added on request. Full details of the software collections are available and the details for the Developer Toolset are also available.

Redhat have recently announced Software Collections version 2.2 and Developer Toolset 4.1. Once that becomes available for Scientific Linux we will update DICE.

Information is available for this topic on the Computing Help site. Any questions or requests for additional software should be submitted via the usual support form.

Posted in Uncategorized | Leave a comment

blog.inf.ed.ac.uk to be updated to 4.5.2

Our blog service, blog.inf.ed.ac.uk, is overdue an update. It is currently running 4.2.7 of WordPress, the current version is 4.5.2.

The plan is to update blog.inf.ed.ac.uk to 4.5.2 (Coleman release) next Thursday 19th May at 9am.

We’re not expecting any problems, but you can try out a test update of a clone of blog.inf taken on 10/5/2016 at http://wobleg.inf.ed.ac.uk/. Note that this site is not accessible outside of the Informatics firewall, and any changes you make to it will be lost, on or around the 19th.

Neil

Posted in News, Service Update | Tagged , | 1 Comment

Scientific Linux 7.2 Update

The 2nd minor update to ScientificLinux 7 (which is based on RHEL7) is now ready for deployment to the Informatics SL7 DICE office machines. At this point the update will NOT be deployed in the student labs, they will remain on SL7.1 until after exams have finished at the end of May. A minor update like this provides us with the opportunity to update important software and fix any bugs which are not security issues (we apply security updates as soon as they are available) in a controlled manner.

To complete this upgrade a reboot is required. A delayed reboot will be scheduled for all DICE office desktops. The delay will be 5 days, although the reboots are delayed it would be greatly appreciated if people could manually reboot their machines at their earliest convenience; the delayed reboot would then be cancelled. Upgrades for individual servers will be scheduled over the next few weeks and users affected will be contacted as necessary.

SL7.2 was released on February 5th 2016 and since then it has been thoroughly tested in our DICE environment so we are confident that this update will not cause any issues for users.

For many users the most noticeable significant change is likely to be the update to version 3.14 of the Gnome desktop (which is our default desktop environment). In particular, this has altered the location of the “Log Out” menu item, see our computing.help page for details.

Full details of the package updates are available on the LCFG wiki. For further, in depth information, there are also release notes from ScientificLinux and Redhat.

If you have any questions or problems with the upgrade please contact our User Support team through the support form.

Posted in Uncategorized | Leave a comment

Informatics Network “Requirements”

As input to a review which Information Services are conducting into EdLAN, the network which ties the University together, I have written a document which describes the Informatics network and the various “requirements” that guide its design and management.

Please feel free to read it!  I hope you don’t find the style too offputting; it was written for a specific purpose, and as a result is a bit dense in places.  If you prefer, just skip to the descriptive appendix, which starts about half way through. I’m happy to answer questions you might have, whether through the support form, inf-general or indeed in person.

The “requirements” document itself is here, and you might also find the following pages helpful:

Many thanks to the members of the Computing team who commented on previous drafts.

Posted in Uncategorized | Leave a comment