20070814

This is the 3rd meeting of the ServerTeam, starting at 15:00 UTC and finishing at 16:00 UTC

Agenda

  • Discuss example PHP home page and test case for LAMP install.
  • Brainstorm new server-related ubotu factoids, e.g. webmin, mail, mua, mta, pop, imap, nic, openssl, inetd.

  • Update server related pages on help.ubuntu.com - Documentors section.
  • Discuss new tasksel for openssh server.
  • Review each section of the ServerTeam/Roadmap, quickly.

  • Discuss community team

Minutes

Community building

jono enquired about the status of the community. He suggested to organise a doc day to fill out the Knowledge Base section of the Server Team website https://wiki.ubuntu.com/ServerTeam/KnowledgeBase. He clarified that this page should contain information about how-to contribute to the team.

ACTION: organise a doc day for Friday, August 24th.

Review action points from last meeting

mathiaz hasn't sent the announcement for UWN.

ACTION: mathiaz will send a modified version of the Ubuntu Server Team announcement to get it published in the UWN.

dendrobates and jdstrand discussed auth-client-config packaging issues.

tarvid wrote a short how-to for setting up the drupal5 package.

Default home page for the LAMP Install

dendrobates said that we need a php page example for the LAMP install. keescook suggested to have a checklist of "OK" items.

ACTION: jdstrand will take a first stab at an example php page for the LAMP tasksel.

nealmcb brought up the idea that people on #ubuntu-server should watch for FAQs, see if ubotu has related factoids and if not, propose new factoid text. mathiaz suggested that a webmin entry should be updated.

ACTION: mathiaz will write a factiod about webmin.

Discuss new tasksel for openssh server

dendrobates raised the idea of adding an openssh server task to the server install. There was some debate whether it should be a separate task or integrated into the LAMP task. No consensus emerged.

Documentor

Update server related pages on https://help.ubuntu.com

mathiaz suggested to have a list the wiki pages that are problematic according to the complains in the IRC channel so that people wanting to work on server related documentation have a starting point.

ACTION: sommer will listen for documentation complaints on #ubuntu-server and update the documentor section of https://wiki.ubuntu.com/ServerTeam/Roadmap.

Tester

AppArmor testing: tarvid and sommer offered some help to test AppArmor. mathiaz will get in touch with them.

Next meeting

The next meeting will be Tuesday 2007-08-28 at 15:00 UTC in #ubuntu-meeting.

IRC LOGS

  • before its mention

Started logging meeting in #ubuntu-meeting
[14:51:42] <dendrobates> Just making sure mootbot is working.
[14:51:54] <keescook> MootBot's clock is off...
[14:52:43] <jono> yo
[14:53:01] <jono> where is the agenda?
[14:53:19] <mathiaz> jono: https://wiki.ubuntu.com/ServerTeam/Meeting
[14:53:26] <dendrobates> and away we go.
[14:53:36] <nealmcb> current time is 15:00:39
[14:53:38] <nealmcb> UTC
[14:53:49] <jono> ok I would like to add an item to discuss the community team
[14:54:07] <dendrobates> jono would you like to start, so we make sure we fit ouy in?
[14:54:24] <jono> dendrobates: happy to if no one minds
[14:54:44] <dendrobates> jono: the floor is yours
[14:54:55] <jono> great stuff
[14:55:11] <jono> I just really wanted to get an update on how the community building is going and discuss the next steps
[14:55:17] <jono> from what I can tell, things are going great
[14:55:50] <jono> what is the progress with the team so far?
[14:55:52] <dendrobates> We are pretty happy, with the response.
[14:56:05] <jono> excellent
[14:56:16] <jono> and these meetings are regular?
[14:56:17] <dendrobates> We need to work on ways to give community members very concrete tasks to workon.
[14:56:29] <jono> right
[14:56:54] <jono> can I also suggest to have a docs day?
[14:57:00] <tarvid> good point, i made two promises and only partially kept one
[14:57:08] <dendrobates> sometimes it is just as easy to do something yourself as to define it well enough for someone else to work on it,
[14:57:12] <jono> the aim of the docs day is to fill out https://wiki.ubuntu.com/ServerTeam/KnowledgeBase with details of how to get involved in the team
[14:57:41] <jono> I would sugges that some focus goes into filling out the knowledge base - this will help drive in new contributors
[14:57:46] <tarvid> er make that 3
[14:58:04] <mathiaz> another thing that may be interesting is a mentoring program
[14:58:06] <nealmcb> [LINK] https://wiki.ubuntu.com/ServerTeam/KnowledgeBase
[14:58:13] <mathiaz> I've seen that on the ubuntu-doc mailing list.
[14:58:18] <jono> I would recommend that before you do the mentoring, get the docs in place
[14:58:30] <mathiaz> they've sent an anoucement about docuMentors
[14:58:39] <mathiaz> and people are signing up.
[14:58:43] <jono> think of the knowledge base as the content that new contributors will use to get up to speed - if they have no content to help them, they will get bored or lost and move on
[14:59:04] <jono> so I would recommend the team invests in creating this documentation first before mentoring and further outreach happens
[14:59:25] <dendrobates> [ACTION] Fill out https://wiki.ubuntu.com/ServerTeam/KnowledgeBase with details of how to get involved in the team
[14:59:38] <jono> :)
[14:59:54] <jono> I recommend you folks pick a day for your docs day and really spend much of that day doing docs
[15:00:03] <jono> and encourage the wider community to write docs on that day
[15:00:18] <jono> you will want to make a big deal of the docs day to encourage everyone to get involved and write docs
[15:00:32] <mathiaz> what about every other wednesday ?
[15:00:36] <nealmcb> (see more about mootbot commands you can use to structure the meeting minutes at https://wiki.ubuntu.com/ScribesTeam/MootBot)
[15:00:50] <mathiaz> alternating with the ubuntu-server meeting ?
[15:00:56] <jono> mathiaz: regular docs days tend to die a death - I would recommend you do just one for now
[15:01:33] <mathiaz> ok. next friday ?
[15:01:34] <jono> really focus this day on getting the docs sorted
[15:01:39] <jono> a week on friday?
[15:01:43] <mathiaz> so that we can announce it on the mailing list ?
[15:02:03] <dendrobates> I think the sever community is unique in that many members have Jobs at large corps, that limit the days/hours they can contribute. I think we might need to stagger the times of things like doc days and meetings to get the most involvement.
[15:02:04] <jono> fri 24th?
[15:02:19] <jono> dendrobates: agreed
[15:02:20] <nealmcb> works for me - sounds fun
[15:02:28] <jono> and much of the docs day work might happen in the evening
[15:02:33] <jono> fri 24th sounds great
[15:03:05] <jono> but you want to make everyone in the ubuntu community know about the docs day - get it on the fridge, everyone blog it, do a few podcast interviews, shout out the window - whatever :)
[15:03:23] <dendrobates> [ACTION] Organize Doc Day for July 24th.
[15:03:33] <dendrobates> oops.
[15:03:39] <nealmcb> :-)
[15:03:41] <mathiaz> dendrobates: hummm.. that's a bit far awya
[15:03:47] <jono> MootBot is way cool :)
[15:04:02] <dendrobates> [ACTION] Organize Doc Day for Aug 24th.
[15:04:15] <dendrobates> I have no idea how to remove an action.
[15:04:33] <sommer> just so I'm clear this is doc day for creating docs on getting involved in the server team? Not server howto type docs?
[15:04:47] <jono> sommer: yep, its all about how to contribute to the team
[15:04:56] <sommer> cool
[15:05:00] <jono> sommer: the plan is to make it as easy as possible for a new contributor to get involved
[15:05:01] <mathiaz> yes. It's about updating the knwoledge base.
[15:05:03] <jono> stuff like:
[15:05:08] <jono> * how to join the team
[15:05:11] <jono> * where resources
[15:05:14] <jono> are
[15:05:21] <jono> * technical processes
[15:05:22] <keescook> not that we should discourage people from writing howto docs, though!
[15:05:22] <jono> etc
[15:05:24] <penguim> hi all
[15:05:28] <jono> keescook: :)
[15:05:30] <jono> hey penguim
[15:05:34] <jono> ok, lets talk about the TODO
[15:05:44] <jono> is there a TODO that indicates what needs to be done?
[15:06:08] <mathiaz> yes. The Roadmap: https://wiki.ubuntu.com/ServerTeam/Roadmap
[15:07:09] <jono> cool stuff
[15:08:35] <mathiaz> should we go through the roadmap ?
[15:08:42] <dendrobates> not yet.
[15:08:46] <mathiaz> dendrobates: or you wanna discuss the other item first ?
[15:09:12] <dendrobates> [TOPIC] Review ACTION points from previous meeting.
[15:09:21] <tarvid> i have a short howto on getting the drupal5 package to work, where should I put it
[15:09:28] <dendrobates> Lets go through this quickly.
[15:09:29] <jono> right I am gonna look away and do other stuff, ping me if I am needed :)
[15:09:40] <dendrobates> thanks jono.
[15:09:53] <jono> np :)
[15:09:59] <nealmcb> see also https://help.ubuntu.com/community/Drupal
[15:10:15] <mathiaz> previous meeting log: https://wiki.ubuntu.com/MeetingLogs/Server/20070731
[15:10:19] <dendrobates> I know we are all busy getting ready for FF. So has anyone completed any action items?
[15:10:47] <mathiaz> I haven't sent the annoucement for UWN.
[15:11:13] <dendrobates> DONE. dendrobates and jdstrand should discuss auth-client-config packaging issues.
[15:11:16] <mathiaz> I still need to contact tarvid for AppArmor testing.
[15:11:31] <mathiaz> tarvid: can you still provide some help for that ?
[15:11:40] <dendrobates> That was about python-central, and jstrand fixed it.
[15:11:44] <tarvid> i will be at it shortly, just put up the sandbox at home
[15:11:54] <tarvid> did the drupal5 package first
[15:12:36] <dendrobates> [TOPIC] Discuss example PHP home page for LAMP install.
[15:12:37] <mathiaz> ok. That's all for me for my last actions.
[15:12:46] <jdstrand> dendrobates: have you thought more about our discussion regarding your packages and 'purge'?
[15:12:58] <tarvid> i am especially interested in seeing if AppArmor can be used to make shell commands safe on a shared server
[15:13:13] <dendrobates> jdstrand: I have not had time.
[15:13:18] <sommer> mathiaz: I'm also interested in helping test AppArmor.
[15:13:35] <jdstrand> dendrobates: ok-- we can talk more on #ubuntu-server later
[15:13:37] <mathiaz> sommer: cool. I'll get in touch with you also.
[15:13:58] <sommer> mathiaz: thanks
[15:14:11] <dendrobates> It has been stated as a goal that we need a php page example for the lamp install.
[15:14:11] <mathiaz> The idea about the php install page is to have the equivalent of the 'It works' page
[15:14:40] <tarvid> I always wind up adding a phpinfo.php page
[15:15:10] <mathiaz> we also want to make sure that the mysql database is running correctly.
[15:15:38] <keescook> how about a displayed checklist of "OK" items?
[15:15:45] <keescook> query the DB, "db OK", etc
[15:15:55] <keescook> (the PHP test page can use the "test" db)
[15:16:02] <sommer> can't you install PHP without MySQL though.
[15:16:13] <mathiaz> yes you can.
[15:16:14] <nealmcb> and many want to use postgresql
[15:16:25] <mathiaz> but we'd like to test the LAMP install.
[15:16:43] <sommer> ah...makes sense.
[15:16:58] <mathiaz> people can install a LAMP stack, and we'd like to have something to show that things are working correctly.
[15:17:20] <tarvid> phpinfo has been my best guide
[15:17:29] <jdstrand> I like keescook idea-- shows the different components of LAMP are working
[15:17:30] <mathiaz> Should we test that select is working from the database ?
[15:17:46] <mathiaz> tarvid: well... It doesn't test if the mysql database is working
[15:18:05] <tarvid> that is correct but at least it shows you which versions are installed
[15:18:17] <jdstrand> tarvid: not to mention, if the user doesn't update it, it gives out a *ton* of info
[15:18:25] <keescook> checking for postgresql ... skipped checking for mysql ... OK database found! etc
[15:18:37] <mathiaz> so we could have test page that shows that apache is running..
[15:18:44] <mathiaz> mysql is running
[15:18:49] <mathiaz> may be postgresql
[15:18:55] <dendrobates> network glitch. Sorry.
[15:18:56] <mathiaz> and which version of php is running.
[15:19:07] <mathiaz> whith a list of php modules loaded ?
[15:19:17] <tarvid> for example, a drupal install installs apache2-mpm-itk
[15:19:35] <nealmcb> Do we really want a test page that knows a db password?
[15:19:35] <tarvid> and postfix
[15:19:51] <sommer> Is there a "test" db setup with the install?
[15:20:07] <tarvid> on a shared server, mysql passwords can be read
[15:20:11] <jdstrand> mathiaz: personally, I am with you all the way to the modules. I just keep thinking of people not updating index.php (or whatever) for a while, and there being to omuch info given
[15:20:16] <tarvid> from configuration files
[15:20:18] <mathiaz> mysql_install_db installs some tests database.
[15:21:06] <sommer> I'd think that'd work then, the username/password is for test and you could include docs on how to remove after install.
[15:21:35] <nealmcb> but having a remotly-accessible way to log in to even a test database seems a bit risky
[15:21:43] <tarvid> we are headed towards regression testing and that is not a bad idea
[15:21:50] <dendrobates> it should not be remotely accessable.
[15:21:55] * nealmcb nods
[15:22:04] <dendrobates> you can grant local rights only.
[15:22:09] <dantalizing> what will you do if someone installs wordpress....lamp is a dependency, and wp tries to install a index.php too?
[15:22:17] <mathiaz> we'll probably face the same problem as the default apache website.
[15:22:40] <dendrobates> this would only be for the tasksel lamp task.
[15:22:57] <dendrobates> it should clobber nothing.
[15:23:33] <mathiaz> so what is needed is to write a simple php web page
[15:23:42] <mathiaz> that prints some information.
[15:23:43] <dantalizing> but wouldnt wp fail with "trying to overwrite file...in package lamp"?
[15:24:01] <dendrobates> It would have to be clobberable as well, just like ant index.html that ships.
[15:24:01] <tarvid> i think we should distinguish between a class of users who wants to get "something" running and a more experienced class that knows what they want
[15:24:14] <mathiaz> and then we need to add it to the tasksel task.
[15:25:13] <dendrobates> yes.
[15:25:17] <mathiaz> advanced users would reconfigure apache anyway
[15:25:21] <mathiaz> and remove the default web host.
[15:25:28] <mathiaz> defautl website.
[15:26:03] <dendrobates> are there any php programmers out there who would like to give it a try?
[15:26:29] <jdstrand> I can do it
[15:27:19] <dendrobates> [ACTION] jdstrand will take a first stab at an example php page for the LAMP tasksel.
[15:27:57] <dendrobates> [TOPIC] Brainstorm new server-related ubotu factoids, e.g. webmin, mail, mua, mta, pop, imap, nic, openssl, inetd.
[15:28:02] <nealmcb> [IDEA] people on #ubuntu-server should watch for FAQs, see if ubotu has related factoids and if not, propose new factoid text.
[15:28:25] <nealmcb> the ones I listed in the agenda don't exist for the most part
[15:28:30] <mathiaz> the first item that we should add is about webmin.
[15:28:36] * nealmcb nods
[15:28:52] <mathiaz> it's been asked a couple of times on the irc channel.
[15:29:07] <dantalizing> has anyone used ebox? i thought it was being added and is supposedly easier??
[15:29:13] <nealmcb> who knows the history, and can provide examples of config file mutilation?
[15:29:14] <dantalizing> i'll shut up now
[15:29:31] <infinity> soren's been working on cleaning up eBox, hasn't he?
[15:29:48] <tarvid> tasksel is in perl
[15:29:48] <dendrobates> I know nothing about ubotu factioids. Care to give a quick primer?
[15:29:58] <nealmcb> https://wiki.ubuntu.com/UbuntuBots
[15:30:03] <nealmcb> I
[15:30:24] <mathiaz> infinity: why webmin was dropped from the archive ?
[15:30:42] <dendrobates> OK so what actions do we have out of this topic?
[15:30:45] <nealmcb> That describes ways to add new factoids, but I think only certain folks like seveas can do so now
[15:30:56] <infinity> mathiaz: Because it doesn't play nicely with dpkg in any way, shape, or form. It takes over your config files, mangles them, and leaves the packaging system confused and upset.
[15:31:08] <infinity> mathiaz: And webmin users become completely unsupportable by us.
[15:31:40] <Mithrandir> mathiaz: "RoM; outdated; unmaintained"
[15:32:11] <nealmcb> infinity: can you put some text together and maybe give an example, contrast with ebox et al?
[15:32:58] <dendrobates> Before we move on do we have any action items for this topic?
[15:33:11] <mathiaz> I'll write some text on webmin
[15:33:18] <nealmcb> thanks!
[15:33:23] <mathiaz> send it to the ubuntu-server mailing list
[15:33:32] <mathiaz> and figure out how to update the bot.
[15:33:59] <dendrobates> [ACTION] mathiaz will write a factiod about webmin.
[15:34:34] <dendrobates> [TOPIC] Update server related pages on help.ubuntu.com - Documentors section.
[15:34:36] <nealmcb> s/iod/oid/
[15:34:53] <infinity> Uhm, okay, I just read the channel log.
[15:35:05] <infinity> What package are you proposing ships this "PHP Test Page"?
[15:35:09] <infinity> And, dear god, why?
[15:35:29] <dendrobates> This is a server team task from mdz.
[15:35:46] <mathiaz> There has been some request on the irc channel about help pages.
[15:35:55] <infinity> Seriously?
[15:35:57] <dendrobates> the php test page I mean.
[15:36:03] <mdz> infinity: as an example, to show that it works
[15:36:03] <mathiaz> and people were complaining about the lack of accuracy about the wiki pages
[15:36:07] <mathiaz> on help.ubuntu.com
[15:36:10] <infinity> Well, I could write it in about 5 minutes.
[15:37:02] <mathiaz> so what would be a list of pages on help.ubuntu.com that we should try to update ?
[15:37:06] <mdz> infinity: currently, you install the LAMP task, and the system should be able to run PHP pages, but there aren't any on the system to try. I'm suggesting we put one there.
[15:37:09] <dendrobates> There was nothing in the task that stated it had to be the default webpage, though.
[15:37:18] <mdz> infinity: make sense?
[15:37:43] <infinity> mdz: Yeah, makes a modicum of sense, just not entirely sure where to put it, so it's both visible, but not in the way.
[15:37:56] <mdz> infinity: same place as the default HTML one, I'd think
[15:38:05] <infinity> (And how to ship it... A .deb in the LAMP task to ship one file seems excessive)
[15:38:08] <mdz> infinity: or do you mean package-wise?
[15:39:20] <infinity> mdz: /var/www/lamp-test/index.php would seem an alright place to shove it, or something similar, but yeah, which package to shove it in is a fun one. PHP might make the most sense.
[15:39:42] <mdz> (I'm on a conference call, but hopefully I've clarified what I was looking for)
[15:39:51] <infinity> mdz: I could whip up a generic test page that shows if MySQL or PostsreSQL is up and running on localhost, status of some other random stuff, whatever.
[15:39:54] <jdstrand> infinity, mdz: there was discussion that this should test for mysql too
[15:39:55] <mathiaz> infinity: if we want to test for mysql, it may not be the best palce.
[15:40:06] <tarvid> we are talking about the webmin deb and not the raw package aren;t we?
[15:40:23] <infinity> mathiaz: Nothing wrong with it testing for a database and not finding one.
[15:40:37] <jdstrand> infinity: I had said that I would do it, but you are welcome to if you want it
[15:40:48] <dendrobates> ok lets get back on topic. Update server related pages on help.ubuntu.com - Documentors section.
[15:41:43] <mathiaz> I think we should list the wiki pages that are problematic according to the complains in the IRC channel.
[15:42:04] <mathiaz> and then we can point people wanting to work on server related documentation to it.
[15:42:34] <dendrobates> OK, is there someone who would like to do this?
[15:43:07] <sommer> I can help...not sure which ones are being complained about though.
[15:43:38] <dendrobates> mathiaz: have you heard specific complaints?
[15:43:53] <mathiaz> hum... dovecot+postfix
[15:43:59] <mathiaz> yesterday I think.
[15:44:04] <ScottK> Yes, yesterday
[15:44:18] <tarvid> i have a brief drupal5 article for the wiki, i would like to get it into the proper format and then find out what people think
[15:44:51] <mathiaz> tarvid: did you check out https://help.ubuntu.com/community/Drupal ?
[15:44:53] <tarvid> i also have an esmtp howto
[15:44:58] <dendrobates> So this would be an ongoing task, but should not be too much work.
[15:45:08] <mathiaz> dendrobates: correct.
[15:45:37] <tarvid> interesting, i search for drupal and this page was not returned
[15:45:47] <dendrobates> sommer: are you willing to do this on an ongoing basis?
[15:45:57] <sommer> dendrobates: sure.
[15:46:21] <nealmcb> tarvid: did you search via google? via the wiki?
[15:46:29] <sommer> I'm currently working on migrating from sendmail+dovecot to postfix so very topical for me.
[15:46:29] <tarvid> via the wiki
[15:46:51] <mathiaz> tarvid: wiki.ubuntu.con or help.ubuntu.com ?
[15:46:59] <tarvid> i found it this time, must have been a typo
[15:47:17] <tarvid> probably help.ubuntu.com
[15:47:22] <tarvid> i can work on an update
[15:47:50] <dendrobates> so is this the correct action: sommer will listen for documentation complaints on #ubuntu-server and update update them
[15:47:51] <mathiaz> tarvid: that would be excellent.
[15:48:01] <dendrobates> -1 update
[15:48:25] <sommer> I can also work on the dovecot+postfix doc.
[15:48:48] <mathiaz> sommer: is there a document on help.ubuntu.com ?
[15:49:06] <mathiaz> there are a couple of Mail related ressource on help.ubuntu.com
[15:49:08] <dendrobates> mathiaz: do you want him to update the server page so documentors can fix, or do you want him to fix the documentation?
[15:49:30] <dendrobates> I'm thinking the former.
[15:49:42] <mathiaz> dendrobates, sommer: update the server page.
[15:49:59] <nealmcb> which server page?
[15:50:04] <mathiaz> dendrobates, sommer: not fixing them. So that we have a list of things to work on.
[15:50:22] <mathiaz> https://wiki.ubuntu.com/ServerTeam/Roadmap
[15:50:28] <mathiaz> in the documentor section.
[15:50:44] <nealmcb> ahh - thanks
[15:50:55] <dendrobates> [ACTION] sommer will listen for documentation complaints on #ubuntu-server and update the documentor section of https://wiki.ubuntu.com/ServerTeam/Roadmap.
[15:51:20] <mathiaz> I'll add a task to the Roadmap so that sommer can list them there.
[15:51:26] <sommer> mathiaz: so I should submit drafts linked to that section?
[15:51:35] <dendrobates> We are running out of time. Do we need to schedule these more often?
[15:52:49] <mathiaz> hum.. we're almost done.
[15:52:49] <sommer> My thought is it may not be a bad idea.
[15:53:17] <sommer> at least until the Server Team contributing docs are ironed out.
[15:53:39] <dendrobates> [TOPIC] Discuss new tasksel for openssh server
[15:54:10] <dendrobates> What does everyone think of adding a tasksel for openssh-server?
[15:54:30] <tarvid> openssh-client is installed by default, it would be better to install openssh-server and not install client
[15:54:59] <lamont> server by default wouldn't be allowed to listen on other than loopback, except for LAMP....
[15:55:09] <lamont> it's that pesky security policy...
[15:55:48] <tarvid> client encourages users to work on the server without the benefit of cut and paste
[15:55:51] <dendrobates> If a user chooses a tasksel task it is not by default.
[15:56:05] <lamont> dendrobates: right
[15:56:12] <mathiaz> LAMP has an exception for the security policy - so why not openssh-server ?
[15:56:20] <nealmcb> the proposal is to have an option, "off" by default, during install to install openssh-server
[15:56:28] <lamont> in LAMP, it makes perfect sense to install openssh-server
[15:57:06] <mathiaz> I guess it would make sense to install it with every tasksel.
[15:57:10] <dendrobates> But it is certainly a commonly installed package, and we have been asked to look for new possible tasksel tasks. This seems like it would be a simple choice.
[15:57:20] <nealmcb> does someone have a link to the policy and this lamp exception?
[15:57:25] <tarvid> tasksel could use a mail section
[15:57:49] <tarvid> mail coices should include esmtp
[15:58:19] <mathiaz> so what about adding openssh-server to the LAMP tasksel ?
[15:58:27] <mathiaz> and also to the bind9 task ?
[15:58:44] <tarvid> bind9 has rndc
[15:58:50] <mathiaz> but not to the default server install
[15:59:00] <infinity> There is no "LAMP exception", when you install LAMP, you're specifically requesting a server with open ports.
[15:59:14] <dendrobates> I'm not sure we should do that, why not just have it as a separate task?
[15:59:14] <jdstrand> that is my feeling with openssh-server task
[15:59:17] <infinity> It's not the default choice, after all.
[15:59:21] <nealmcb> infinity: that is what I thought
[15:59:42] <jdstrand> right, create a separate openssh-server task, it is not default. It is a checkbox to install.
[15:59:48] <jdstrand> non-default, so ports are open
[16:00:13] <jdstrand> in the furture there will be a lot of tasks that are added that would benefit from openssh-server, having it separate makes sense to me.
[16:00:26] * nealmcb nods
[16:00:30] <dendrobates> I like it as a separate task, then the users knows they are opening the port
[16:00:31] <tarvid> you will far fewer broken server installs if users get off the server as soon as possible
[16:01:04] <dendrobates> anyone have any experience with tasksel?
[16:01:09] <jdstrand> tarvid: they need to check the lamp box anyway, they can check the ssh server box just as easily-- or am I missing something?
[16:01:34] <infinity> jdstrand: LAMP is selected from the boot screen, usually.
[16:01:39] <tarvid> nowhere do we encourage users to get off the server
[16:01:42] <infinity> jdstrand: We special-case it, as the "star task".
[16:02:11] <tarvid> users benefit from documentation and a lot of mine ask for a desktop on the server
[16:02:43] <infinity> tarvid: While I agree, in theory, the user can use whatever console they want, it's hardly my concern. And if they're going to install a local X and other things, they're just as likely to try remote X, or try to break their box remotely. :)
[16:02:59] <nealmcb> tarvid: by "get off the server" you mean stop using the local display, and that it is good to make it easy to ssh in?
[16:03:08] <tarvid> yes
[16:03:12] <jdstrand> infinity: ok-- so are you suggesting a separate task, that LAMP should pull in as well?
[16:03:30] <jdstrand> infinity: perhaps with a note stating it happened
[16:03:51] <tarvid> mandrake had a package called msec which is not a bad concept
[16:03:53] <infinity> jdstrand: No, I'm pretty much with anyone who thinks openssh-server should be part of the LAMP task.
[16:04:02] <infinity> jdstrand: If we also want it in its own task, that's fine.
[16:04:12] <tarvid> might put netstat into the test php page so users know which ports are open
[16:05:04] <tarvid> why would a new user think to try tasksel in the first place, it is far from obvious
[16:05:08] <infinity> tarvid: The test page will be available on a public interface, having it expose too much info about the machine isn't bright.
[16:05:11] <nealmcb> I like the idea of a separate task for openssh. adding it to lamp would be confusing
[16:05:20] <infinity> tarvid: The installer runs tasksel.
[16:05:21] <dantalizing> i dont get it...so a developer who wants lamp gets openssh-server too?
[16:05:31] <tarvid> ah security by obscurity
[16:05:33] <jdstrand> infinity: while I can't really think offhand why you would want LAMP without ssh, I think the extra port open needs to be documented somewhere. Least surprise and all
[16:05:47] <dendrobates> I think it should be available as a task to users who don't select LAMP. Perhaps the installer could automatically check the box when you select LAMP.
[16:06:00] <infinity> tarvid: "Don't show everyone your netstat output" isn't "security by obscurity".
[16:06:13] <Seveas> jdstrand, for servers that have an ILO card or are xen instances, an SSH server may be unneccessary
[16:06:19] <infinity> tarvid: It's privacy.
[16:06:26] <tarvid> it is to any hacker who has an nmap or equivalent
[16:06:30] <Seveas> (jdstrand: and I administer several of those ;))
[16:06:34] <jdstrand> Seveas: good point
[16:06:45] <dantalizing> if i'm a web developer of any kind, i want lamp and not necessarily ssh-server
[16:06:53] <jdstrand> (Seveas: I don't ;)
[16:07:15] <infinity> tarvid: netstat shows things nmap can't.
[16:07:24] * sommer agrees with dendrobates about auto checking a seperate box for openssh-server.
[16:07:26] <infinity> tarvid: Namely, who's connecting to you, and other fun stuff.
[16:07:27] <dendrobates> Ok so a separate openssh-server task seems to be the consensus.
[16:07:38] <jdstrand> why not have LAMP and LAMP+SSH?
[16:07:40] <Mithrandir> a task for a single package?
[16:07:48] <Mithrandir> sounds overkill to me..
[16:07:49] <tarvid> i wasn't suggest a raw dump of netstat simply a list of open ports
[16:07:50] <nealmcb> Seveas: good point about xen
[16:07:59] <infinity> A task for a single package does strike me as a bit silly.
[16:08:38] <tarvid> we are missing the objective to help new users get something running, hopefully what they want
[16:08:50] <dendrobates> it is a little, but I think some users would appreciate the ability to select sshd at startup.
[16:09:23] <tarvid> and some would prefer postgresql and some would prefer exim ...
[16:09:38] <tarvid> or postfix+courier
[16:10:20] <nealmcb> but this single package is pretty much the only non-default package you need to be able to admin a server remotely, so I vote for a visible task for it
[16:11:07] <dendrobates> does anyone want to work on this?
[16:11:22] <dantalizing> this is only in reference to an ubuntu-server install, correct? not ubuntu?
[16:11:37] <dendrobates> dantalizing: yes.
[16:11:38] <nealmcb> https://help.ubuntu.com/community/Tasksel
[16:11:51] <tarvid> some day we are going to have to address maintaining numerous workstations
[16:12:32] <nealmcb> dantalizing: I would want to see it as an option for non-server installs also
[16:12:50] <sommer> tarvid: there was a good presentation on clonezilla at Ubuntu Live.
[16:13:11] <infinity> Tasks are at the archive level, if it exists for one flavour, it exists for all of them.
[16:13:15] <tarvid> i will take a look at that
[16:13:54] <ScottK> Well courier is in Universe and the package for it isn't in great shape. I've given merging courier to prospective MOTUs as an "are you really ready to be a MOTU" exercise.
[16:13:56] <dendrobates> yes, but we are talking about installer integration.
[16:14:29] <dendrobates> we need to close the meeting. I suggest we continue on #ubuntu-server.
[16:14:29] <jdstrand> I am not sure a decision can be made of whether we should enable ssh by default with LAMP unless we know how many users want it and don't want it. The only other option is to offer choices.
[16:14:55] <jdstrand> By installing it by default, we will make another set of users say 'I need to uninstall this'
[16:14:58] <nealmcb> next meeting time?
[16:15:07] <nealmcb> do we want one next week?
[16:15:32] <mathiaz> next week is the kernel team meeting at this time.
[16:15:44] <dendrobates> mathiaz and I will look into another meeting, but at this time it is in two weeks.
[16:15:48] <mathiaz> so we'd have to move the meeting.
[16:16:12] <dendrobates> #endmeeting
Meeting ended.


CategoryScribesTeam CategoryTemplate

MeetingLogs/Server/20070814 (last edited 2008-08-06 17:01:26 by localhost)