openafs project work

February 25, 2010

This month has seen a flurry of finishing touches added to the LCFG openafs component to make it even more useful and robust and it finally reached the point where it was ready for full service. This morning I took great satisfaction in ripping out the heart of the final manually-configured AFS DB server which was still running on an ancient desktop machine. All 3 of the Informatics AFS DB servers have now been moved onto modern server hardware and are fully LCFG managed. This basically brings to an end my involvement with the current AFS project. Over the last few days nearly all our AFS clients have switched to the new component and half of the file servers have now been done. Some time soon I’ll write up a full report on the work I have done over the last 10 months to deliver a new LCFG openafs component. I love it when a plan comes together…

F12 network configuration

February 17, 2010

I’ve been struggling to get an F12 machine installed and working with network logins enabled for a couple of days. I think I have finally worked out what is causing my troubles. F12 uses networkmanager to start networking but that only happens after a user has logged in. That is clearly going to cause problems when you need the network up first to authenticate/authorize the user… You would think that when an installer offers the opportunity to configure network logins it would have the intelligence to switch to starting networking in the boot process. The solution is to boot single-user and run system-config-network and configure eth0 to use dhcp. This means hitting the tab key as soon as grub starts and then editting the boot command to add a -s to the boot prompt. You might also want to remove some of the graphical boot gubbins to see what is happening. A quick reboot and it should all be working.

List::MoreUtils unexpected behaviour

February 16, 2010

I’ve long been a fan of the List::MoreUtils perl module so I don’t know why this “feature” has never bitten me before. The module provides a number of functions for manipulating lists, in particular I was using any() and none().

any() returns a true value if any item in LIST meets the criterion given through BLOCK, for example:

 print "At least one value undefined"
               if any { !defined($_) } @list;

none() is logically the negation of any. It returns a true value if no item in LIST meets the criterion given through BLOCK, for example:

 print "No value defined"
               if none { defined($_) } @list;

The gotcha here is that both of them will return an undef value when the list is empty. It’s not such an issue with any() but this particularly caught me out when using none() as I was expecting it to return true when the list was empty. To my mind it really should return true as an empty list definitely doesn’t contain any elements which match the condition. Surely other people have had the same experience. In future I think I will stick to using the standard grep() and just get the size of the list returned.


February 10, 2010

I guess a lot of people have gmail accounts and thus nearly everyone now has access to Google Buzz. At a first glance it seems quite nice and involves a lot less rubbish than Facebook. The question is whether yet another social interaction time-waster is going to get people particularly excited.

openssh and kerberos

February 9, 2010

At home I use Ubuntu for my various machines and I’ve now hit this problem a couple of times so it is probably worth detailing it here in case it affects anyone else. Before logging in to an Informatics machine with ssh I prefer to kinit to get my INF.ED.AC.UK principal into the ticket cache. Amongst other things this means I don’t need to keep typing in my password whenever I use ssh. This all works nicely but if you do not have an ssh client configuration file (.ssh/config) you can login but then will have no kerberos tickets or AFS tokens on the Informatics machine. This results in a very weird experience where you think the server is bust but everyone else can use it just fine. The solution is to add something like this:

Host *
  User squinney
  GSSAPIAuthentication yes
  GSSAPIDelegateCredentials yes

Obviously you will need to change your username appropriately.

LCFG Server updates

February 8, 2010

It’s been a while since I touched the stable release of the LCFG server code but we’ve accumulated a few bug reports that need some attention so I’ve taken the chance to deal with them. In particular, "Allow dumpdeps to be run by non-root" is fixed and "servername resource not reliable" is partially fixed. I’ve also taken the chance to backport a patch from the development tree which improves the release name handling, previously if a source profile did not have a release specified then it would be set to "default" but that value did not make it into the XML profile. This didn’t seem to cause any major problems but it resulted in odd resource values as any resource mapping (e.g. <%profile.release%>) did not get the required value embedded. The test suite also needed a bit of attention as it turned out that the profile.def schema being used for the tests hadn’t been updated since before the profile.release resource was added. If all goes well with the testing there will be a new release – 2.2.55 – out fairly soon. As well as the old test suite being used this will be the first stable release which also has to pass the XML profile comparison tests from the new development tree.