8 Jan 2005:

Over the break, Institute lab staff and student lab assistant Peter Paquette were busy preparing the labs for the Winter quarter and beyond. Since we now have 35 servers (about 30 active), 220 workstations (180 active), and scores of removable hard drives to update, this is no small task.

The task of applying application updates (or installing new ones) was made much easier by work that Peter was assigned over the summer and that we employed over the last two breaks. Peter investigated and implemented an Apache ant-based system that helps us organize, specify and apply updates using a system of application- or update-specific directories and ant build.xml files. Just by specifying a list of applications or updates, one can reliably apply all of them to the current system. We hope to extend this in the future to allow better checking of whether or not an application or update is installed, and to allow uninstalling. We use ant in the hopes that we can easily port this technique to Linux application installations and updates.

We do more patching during the longer autumn/winter break than the half-sized winter/spring break in case we don't have time to cover every computer during the next break. Note that we will apply critical security patches immediately (i.e., during the quarter) if they are deemed to be a vulnerability we feel we must fix. Not all "critical" security patches meet our criteria.

Here is what happened over the break:

1. General Development (GenDev) Labs
   1. Workstations
      • applied all current Windows critical patches and pertinent driver updates

      • installed Java 2 SDK 1.4.2_06 to fix a security problem (and removed the old Java 2 SDK 1.4.2_05)

      • removed VNC 3.3.7 and installed VNC 4.0

      • upgraded Adobe Reader to 6.0.2 to patch a security problem

      • permanently added the ability to power off computers to save energy

      • created a logoff script that attempts to warn you when you leave formatted removable media in a drive (thanks, Peter!)

2. Student-Administered Labs

   The Windows and Linux partitions of the SCI113 removable hard drives were updated with Windows critical security patches and regular Linux updates.

3. Repository Server Changes
   1. Software upgrades

      There is no way to easily identify critical security patches on Linux, so we typically apply (and did apply) all patches for the kernel and all standard applications over a break. Comparing some performance data from last quarter to this one, it looks like the unreproducible but frequent performance problem we had last quarter has been fixed; we will know more when the load increases as the quarter progresses.

      Applications installed for our purposes only, such as MySQL 4.0 and tomcat 5.0, will only be updated if there are critical security patches; other upgrades occur only once per year, in the summer.

      That said, we installed Java 2 SDK 1.4.2_06 to fix a security problem and removed the old Java 2 SDK 1.4.2_05.

   2. Cluster

      We are now much more confident of the cluster's ability to handle a failover properly. Improvements were made over Autumn 2004 that synchronize important configuration and script changes to both nodes, so that if we forget to make the primary node change on the secondary node, the system will make it for us.

4. Teaching and Research Labs (TARLs)

   The same changes that were applied to the General Development Labs' workstations were applied to the workstations in the TARLs (except for the Graduate and Directed Research Lab's removable hard disks). However, while we overwrote the disk image in the GenDev Labs, we manually changed each workstation in the TARLs to preserve any content on the C: drive that we were not made aware of. An exception to this is the Linux partition in nearly all labs (except the ADC Lab), which we overwrote with an updated version of Linux.

   In addition, we applied critical security patches and driver updates to all Windows servers and upgraded all Linux servers.