Proposed power supply work in the Forum self-managed server room IF-B.Z14

[Revised & updated, Tuesday 19th January 2021]

The information in this blog post is relevant to anybody who manages or uses a self-managed server located in the Informatics Forum self-managed server room IF-B.Z14.

It does not relate to equipment located in the smaller Forum self-managed server room IF-B.01 – so anybody who manages or uses equipment in that room only can safely ignore the rest of this post.


Background

Currently, all electrical circuits in IF-B.Z14 are rated at 20A – which is a limitation given that the power bars we use in the room are rated at 32A. We have recently had eight new 32A circuits installed in the room, and we would now like to swap the input power feeds of one of the two power bars fitted to each rack from their existing 20A circuits, to new 32A circuits.

In order to preempt the likelihood of 20A circuit breakers being blown (as has already happened over the past year, on account of usage patterns in the room) we would very much like to do this work before attempting to install any further equipment in the room.

Specifics

We intend to swap the the power feeds of the left-side PDUs (looking from the rear of the racks) in seven of the eight racks. (We’re currently excluding Rack 0 from the work, since we’ve been specifically asked to avoid a power loss to one of the machines in that rack for now.)

Arranging the swaps will necessarily mean a short loss of power to each of the power bars involved. As a knock-on effect, there will be a short loss of power to any server which is powered via a single power supply unit (PSU) fed from the power bar in question. Servers equipped with multiple PSUs shouldn’t be affected.

We currently propose doing this work in the afternoon of Thursday 21st January, starting at 1pm. Would all managers and users of self-managed servers located in the Informatics Forum self-managed server room IF-B.Z14 please consider the above proposal, and contact me if this date and time will cause them a particular problem? Thanks.

To emphasise: servers which are affected will completely lose power for a short period – so it would be best if they were not in active use at the time, and best of all if they had been shutdown in advance.

Within limits, we will be able to shutdown servers ourselves just ahead of the work, and restart them again afterwards, provided that the servers involved have been configured by their owners to perform an orderly shutdown when their physical power buttons are pressed.

What follows is a list of servers in each rack which will be affected:

Rack 1

  bob
  chilli
  dimsum
  imola
  monza
  tofu
  turingfpga

Rack 2

  helter
  tim

Rack 3

  vfbds0

Rack 4

  delrubio
  ideal4
  vali

Rack 5

(none)

Rack 6

  nsl000
  nsl002
  nsl003
  nsl005
  nsl007
  nsl009

Rack 7

  austin
  chicago
  indianapolis
  ottawa
  sanantonio
  toronto
  Mellanox-SX6012
Posted in Service Update | Tagged , | Leave a comment

Additional OpenVPN configurations

EdLAN is increasingly embracing site-local (“RFC1918“) addresses, and as a consequence we are beginning to see services being given such addresses. (A good argument could be made that the use of such addresses implies that they should never be accessible from elsewhere, but for at least some of these services it’s not obvious that that really was the intention.)

We have therefore pragmatically provided a few additional ad hoc OpenVPN configuration files to give access to these sites. These are named …EdLAN+10… or similar, and should generally be safe to use from home. You should download and use them in the usual way, being sure to select any platform-specific variants as appropriate.

We don’t guarantee that the use of these configurations will be trouble-free everywhere — indeed, we expect that the addresses will be used for something else entirely in some different contexts, causing local breakage — but we hope that some users may find them useful.

Posted in Uncategorized | Leave a comment

SL7 to Ubuntu Upgrade

Over the next few months all those with an existing SL7 DICE desktop will be contacted by the Computing Support Team to arrange for it to be upgraded to Ubuntu 20.04 (focal fossa) . We are aiming to upgrade all staff/PhD desktops by Easter 2021, but if you would like your machine upgraded sooner you should contact the Computing Support Team. If you receive an email, please respond, even if it’s to arrange a different time.

We are also taking this opportunity to ask you whether you still need a physical DICE desktop on your desk or whether our Remote Desktop Service (xrdp) meets your computing needs.

To contact the Computing Support team please full in the form at: https://www.inf.ed.ac.uk/systems/support/form/

For more about our xrdp service visit: http://computing.help.inf.ed.ac.uk/remote-desktop

Posted in Uncategorized | Leave a comment

Switch to EdPrint

As announced on sys-announce we will shortly be migrating all the existing Informatics cloud printers to the EdPrint system. The blurb from Information Services:

What’s happening and when?

Information Services is launching EdPrint over the next few months, a major update to the print, copy and scan service used in the University.

The cloud print devices in Informatics are scheduled to be updated on – Wednesday 11th November 2020

Devices will be unavailable during this update period, but it should be no longer than 15 minutes per device.

All updated devices will display the EdPrint log-on screen: https://www.ed.ac.uk/is/printingcopying-scanning

What do I need to do?

  1. Familiarise yourself with the new system: www.ed.ac.uk/is/edprint
  2. Install the print queue on your own non-managed device:
    www.ed.ac.uk/is/mobilityprint

The print queue is already installed on University-managed desktops.

What about print credit?

Your existing ‘free quota’ print credit has already been applied to EdPrint.

Regards
Personal Print, Copy and Scan Team
Information Services

Link to original PDF Version https://blog.inf.ed.ac.uk/systems/files/2020/11/Edprint-comms-Informatics.pdf

Posted in Information, News, Service Update | Leave a comment

New DICE Ubuntu Environment

We are very pleased to announce that the Informatics managed Linux desktop environment (DICE) has been ported to Ubuntu 20.04 (Focal Fossa).

After 5 years of service our Scientific Linux 7 (SL7) based desktop environment is showing its age. In particular, this has begun to make it difficult to provide the latest versions of software for teaching and research. SL7 is based on Redhat Enterprise Linux 7 which has now moved into a maintenance phase. This means that Redhat will now only be providing important security updates.

With the release of Redhat Enterprise Linux 8 the developers of Scientific Linux decided not to continue with their project. That change led us to investigate what alternative Linux distributions we might use for DICE. Although we have decades of experience with various Redhat-based distributions we concluded that the Debian-based Ubuntu distribution would be better suited to the needs of the school. In particular, Ubuntu provides a much larger collection of software packages. The 2-year long-term-support release cycle for Ubuntu also means that the software they provide is typically more up-to-date than that available for Redhat. Ubuntu is also a more desktop-oriented platform when compared with Redhat which should mean you have a better desktop user experience.

As those of you who are involved in teaching will already be aware, before the start of Semester 1 in September 2020 all the teaching lab machines were upgraded to Ubuntu 20.04. We have also already upgraded various user-facing services including the XRDP remote desktop cluster, the general access SSH service and the general purpose compute servers.

All newly deployed DICE desktop machines will now come with Ubuntu installed. Over the next few months all those with an existing SL7 DICE desktop will be contacted by the Computing Support Team to arrange for it to be upgraded. We are aiming to upgrade all staff/PhD desktops by Easter 2021, if you would like your machine upgraded sooner you should contact the Computing Support Team.

At this stage we are primarily targeting Ubuntu to our desktop environment, plans to upgrade servers are still being formulated and we will continue to provide support for SL7.

Further information regarding the new DICE environment is available on our computing help site. If you have any questions about the new Ubuntu environment please contact us via our Support Form.

Posted in Uncategorized | 1 Comment

MacOS 11 Big Sur and AuriStor AFS Client

Apple are expected to announce the availability of MacOS 11, Big Sur, shortly. Unfortunately this sees a change to kernel module loading that will stop the existing AuriStor AFS kernel modules loading and so AuriStor client version 0.198 (and earlier)  will no longer work.

If you require AFS your your Mac, we don’t recommend upgrading to MacOS 11 until AuriStor announce a compatible version of their AFS Client.

Update: In January 2021 Auristor published a blog article on how to install their updated client on to Big Sur (11.0). It is somewhat complicated by the increased security measures in Big Sur, particularly on Macs based on Apple ARM-based processors.

Neil

Posted in Information, News | Leave a comment

Staffmail moves

All Professional Services staff and a few other staff within Informatics have already successfully moved from staffmail to Office 365. With the retiral of the staffmail service, IS are now in a position to complete the move of all remaining staffmail accounts to office365.

They will commence the process at the end of this month, continuing into December. The plan is to move non teaching staff first. Academic staff will not be migrated during Semester, unless they so wish. The moves will take place overnight and will be scheduled twice a week (Tuesday and Thursday). This will mean a short period of time without email (from 5pm until around 11 am the following morning) but with ample prior notification, previous users have not found this a major issue. Support will also be available before and after the move to answer questions and help with any issues.

It is expected that Academic accounts will be moved between Semester 1 and Semester 2 but if anyone would prefer to move sooner, then please let me know.

We will schedule account moves over the 12 possible slots and you will receive an email from IS about 2 weeks prior to your date giving a little more information. You will also receive further confirmation from them a few days before the move.

All those who have already expressed an interest in moving as soon as possible will be included in the first batch on 27th October and will receive an email from IS shortly.

There is local documentation on our computing.help pages which will be updated regularly.

There is comprehensive documentation on office365 mail on the IS website.

If you have any questions regarding the move, please feel free to contact me.

Posted in Uncategorized | Leave a comment

Security of shared web services

As the likes of homepages.inf.ed.ac.uk and groups.inf.ed.ac.uk are shared user services, anyone using some sort of authentication/authorisation to restrict access, has to trust the other users of those web services.

A lot of the web’s security model relies on the “same origin policy”.

* https://en.wikipedia.org/wiki/Same-origin_policy

which limits the access scripts have to data (particularly authentication data) served to/from different sites. So if a potential victim is using homepages.inf, but is duped into executing a script from badguy.org, that script would not have access to browser data relating to homepages.inf.

However if the “badguy” script is served by a homepages URL, then it would have access to any other browser data associated with homepages.inf, eg authentication data, as it would be within the “same origin”.

All users of the computing systems are bound by the University’s Computing Regulations

* https://www.ed.ac.uk/information-services/about/policies-and-regulations/computing-regulations

and intercepting and impersonating someone else on a computing system is an offense

* https://www.legislation.gov.uk/ukpga/1990/18/contents

so none of that should be going on our servers, but users of a shared web service, like homepages.inf and groups.inf should be aware of this if they are relying on authentication to limit access to sensitive or important data.

In the future we will probably look at providing equivalent homepages.inf and groups.inf services, where the hostname is unique between users and groups, so each user/group have their own “origin”, but that’s unlikely to happen in the near future.

In the meantime if you are making use of authentication/authorisation on a shared web service and wish to discuss your options, please use the support form

* https://www.inf.ed.ac.uk/systems/support/form/

to contact us.

Neil

Posted in Information | Tagged , | Leave a comment

*.remote.inf.ed.ac.uk change

We’re changing the *.remote.inf.ed.ac.uk Remote Desktop service to remove some of the machines. However, everybody will still be able to use the service as before.

Back in the spring, we made ten machines available for remote desktop sessions under the name UUN.remote.inf.ed.ac.uk where UUN is your University username. (For instance, my username is cc so I can run a remote desktop session on cc.remote.inf.ed.ac.uk.)

The service is still being used, but we can now run it with fewer machines. We’ll go from ten machines to five.

If you use one of the machines we’re keeping (they’re called james17.inf.ed.ac.uk, james18.inf.ed.ac.uk, james19.inf.ed.ac.uk, james20.inf.ed.ac.uk and james21.inf.ed.ac.uk) then nothing will change for you.

If you use one of the machines we’re removing (these machines are james12.inf.ed.ac.uk, james13.inf.ed.ac.uk, james14.inf.ed.ac.uk, james15.inf.ed.ac.uk and james16.inf.ed.ac.uk) then your remote.inf.ed.ac.uk address will now point to one of the remaining machines. We’ll make that change at about 5pm today (Wednesday 15 July). After that you’ll be able to start a new session just as you did before, to the same address – it’ll just be on a different machine from before.

If you’ve left a remote session running on any of james12 to james16, it should still be there, and you can still connect to it up until noon on Friday, when these machines will be taken down for reconfiguration. However, you will have to connect to the machine by its real name, instead of by its remote.inf.ed.ac.uk name. See the remote desktop help pages to learn how to configure your remote desktop client to do this.

If you don’t know the name of the machine which you’ve been using, you can find it out in several ways:

  • For this week only, you can look it up here. Note that that page is only visible from Informatics hosts or those using OpenVPN (and there’s help with OpenVPN if you need it).
  • Just try the machines in turn (james12.inf.ed.ac.uk to james16.inf.ed.ac.uk) until you find the right one.
  • If you’re already logged in to the machine, then at a command prompt (to get one of these, start a terminal window) type hostname then press Return. That should return something like
    james13.inf.ed.ac.uk
    
  • From the command prompt on any other DICE machine, use the host command, and look at the first line of its output. For instance:

    % host cc.remote.inf.ed.ac.uk
    cc.remote.inf.ed.ac.uk is an alias for james17.inf.ed.ac.uk.
    

If you have any problems, please contact User Support using the form.

Posted in Uncategorized | Leave a comment

Update your MacOS AFS client!

Users of AFS on MacOS may be mildly perturbed to find out that the MacOS AFS client has until recently contained a couple of critical bugs which could result in permanent loss of data if triggered. For this reason, we are advising all MacOS AFS users to update to the latest version of the AFS client (currently 0.195) from the Auristor site as soon as possible. Further details on the bugs can also be found there. It’s our experience that the new client can be installed on top of the old one without any issue (but be sure to save your work first just in case).

Craig Strachan.

Posted in Uncategorized | Leave a comment