Items we will be discussing:
- Review ACTION points from previous meeting.
- Bacula status
- Agree on next meeting date and time.
Review ACTION points from previous meeting.
mathiaz sent an email about the ServerTestingTeam wiki pages.
nijaba reported that hosting the production version of the survey is waiting on an audit from Limesurvey.
soren and dendrobates decided it was worth adding root fs on iscsi support to the installer. soren sent an email to steve about this and is waiting for feedback.
ACTION: soren to talk with slangasek about iSCSI support for root fs.
ivoks was sick the last two weeks and hasn't been able to work on bacula. Now that he is back, he'll finish up the remaining packaging bits for bacula. zul will then review his diff. mathiaz also suggested to ask for a FFexception to the motu-release team as there are a lot of changes.
ACTION: ivoks to post an updated debdiff for bacula
ACTION: zul to review the bacula debdiff and figure out if a FFexception is needed.
jdstrand has been preparing a security update for mysql. There are several issues that are addressed, 2 required a rather substantial patch. All of this is documented in bug #201009 . He has uploaded the packages to -proposed for wider testing. mathiaz suggested to ask for testing feedback on the forums.
ACTION: jdstrand to coordinate with faulkes- about mysql testing in the forums.
LSB compliant init script
kirkland and owh extracted a list of packages that have init scripts and no 'status' action implemented. This brought up to question of LSB compliant init scripts. ScottK mentioned that it may not be the appropriate time in the release cycle to undertake that kind of work. The scope of the work has been redefined to add a status action to init scripts for daemons shipped on the ubuntu-server iso. This work would need a FFexception.
ACTION: kirkland to update the Roadmap outlining the scope of the work - just add status action.
ACTION: kirkland to ask ubuntu-release for a FFe for each of the packages.
zul and mruiz did some work on dropping libdb4.3 in a couple of universe packages. mathiaz asked what was the status on libdb4.5 and libdb4.4. ScottK hasn't looked into that yet.
Server Guide documentation
sommer added a section on ebox and requested feedback on it. mathiaz asked which sections most needed to be reviewed. sommer said the virtualization section needed some attention.
ACTION: sommer to update the roadmap section with a list of sections from the server guide that need reviews.
nealmcb sent an email to ubuntu-server about a new factoid named servergui. He is waiting for feedback before adding it to the list of factoids.
ACTION: nealmcb to add an entry for the servergui factoid.
soren mentioned jdstrand's script  that takes care of converting vmware images to kvm.
Dovecot-Postfix Sasl integration
ScottK asked about the status of sasl integration. Bug 164837  has a patch for tasksel. ScottK will look into getting a FFexception for it.
Agree on next meeting date and time
Next meeting will be on Wednesday, March 19th at 21:00 UTC in #ubuntu-meeting.
Started logging meeting in #ubuntu-meeting [21:01:15] <sommer> nealmcb: cool [21:01:22] <dendrobates> o/ [21:01:43] <mathiaz> Today's agenda: https://wiki.ubuntu.com/ServerTeam/Meeting [21:02:15] <mathiaz> [TOPIC] Review ACTION points from previous meeting. [21:02:30] <mathiaz> https://wiki.ubuntu.com/MeetingLogs/Server/20080305 [21:03:02] <mathiaz> So I've sent an email about the ServerTestingTeam [21:03:14] <mathiaz> And I've noticed that some new pages were created in the wiki [21:03:42] <mathiaz> Again - anyone that has some server hardware available is welcome to test drive hardy. [21:04:09] <mathiaz> [TOPIC] Server survey [21:04:25] <mathiaz> The reportingpage has been updated [21:04:40] <mathiaz> https://wiki.ubuntu.com/ServerTeam/ReportingPage [21:04:49] * soren blushes as he realises he hasn't sent anything for that page :( [21:05:14] <mathiaz> nijaba: any news on the hosting front ? [21:05:32] <owh> soren: You could have updated it and blamed it on "caching" :) [21:05:36] <nijaba> we are waiting for an audit from kees [21:05:45] <nijaba> it should be done soon [21:06:10] <soren> owh: Encouraging dishonesty? Tsk, tsk :) [21:06:23] <mathiaz> [TOPIC] iSCSI support [21:06:41] <soren> I talked to Rick. [21:06:43] <mathiaz> soren: did you have a change to talk with steve about root fs support ? [21:06:49] <soren> We decided we wanted to do it. [21:06:53] * keescook ran out of time last friday. [21:07:00] <soren> I e-mailed slangasek asking if it was ok. I haven't heard back. [21:07:03] <nijaba> \o/ [21:07:04] <faulkes-> evening [21:07:23] <soren> This was Friday, I believe. I should poke him some more. [21:07:36] <mathiaz> soren: that would be post-beta work I guess [21:08:25] <mathiaz> [ACTION] soren to talk with slangasek about iSCSI support for root fs. [21:09:13] <mathiaz> [TOPIC] Bacula status [21:09:19] <ivoks> hi [21:09:23] <mathiaz> ivoks: what's the state of your work on that ? [21:09:40] <ivoks> it needs one day of work [21:10:04] <ivoks> tomorrow it will be ready for inspection [21:10:50] <mathiaz> ivoks: great [21:10:59] <mathiaz> who can do the inspection ? [21:11:00] <ivoks> if someone want to see debdiff, http://www.grad.hr/~ivoks/bacula.diff [21:11:04] <nijaba> beta freeze starts tomorrow [21:11:16] <sommer> so is bacula going to make it into main? [21:11:30] <mathiaz> probably not before beta [21:11:39] <ivoks> ok, then it will be finished in couple of hours [21:11:48] <nijaba> we have yet to file a mir, though... [21:11:52] <sommer> for hardy release? [21:12:24] <ivoks> debdiff is already over 1000 lines [21:12:40] * zul cries [21:12:42] <sommer> either way I was just wondering if we should add a section to the docs or not? [21:12:59] <ivoks> zul: it's not that bad :) [21:13:23] <mathiaz> considering that we're changing a lot of the packaging, we should ask for FFexception [21:13:50] <mathiaz> or should it be considered as just bug fixes ? [21:14:22] <nijaba> these are mainly bug fixes to match requirements, IIRC [21:14:34] <ivoks> there are also new features [21:14:44] <ivoks> like new catalog_backup script [21:15:13] <mathiaz> isn't that a fix for the security issues raised ? [21:15:35] <ivoks> it is [21:15:53] <ivoks> anyway... i'll finish it in couple of hours [21:16:00] <nijaba> so it is a bug fix ;) [21:16:10] <mathiaz> anyway - since the diff seems large, it may worth asking for a FFe to the motu-release team [21:16:17] <mathiaz> zul: can you review the bacula diff ? [21:16:29] <zul> mathiaz: sure.. [21:16:52] <mathiaz> zul: and figure out whether a FFe is needed or not [21:17:06] <zul> I can do it tomorrow [21:17:16] <mathiaz> [ACTION] ivoks to post an updated debdiff for bacula [21:17:25] <mathiaz> [ACTION] zul to review the bacula debdiff [21:17:38] <mathiaz> [TOPIC] mysql testing [21:17:50] <mathiaz> jdstrand: what did you do to mysql ? [21:18:03] <ivoks> zul: i'll be online, so contact me if you have questions [21:18:06] <jdstrand> I have been preparing a security update for mysql [21:18:15] <zul> ivoks: sure thanks [21:18:16] <jdstrand> there are several issues that are addressed [21:18:44] <jdstrand> 2 required a rather substantial patch [21:19:03] <jdstrand> all of this is documented in bug #201009 [21:19:04] <ubotu> Launchpad bug 201009 in mysql-dfsg-5.0 "[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed" [High,Fix committed] https://launchpad.net/bugs/201009 [21:19:35] <jdstrand> the short summary is that CVE-2007-6303 and CVE-2007-2692 required quite a bit of work to fix dapper - feisty [21:19:36] <ubotu> MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303) [21:19:37] <ubotu> The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692) [21:19:58] <jdstrand> as such, I have uploaded the packages to -proposed for wider testing [21:20:15] <jdstrand> they have received a good bit of testing already, and they look good here [21:20:50] <jdstrand> I'd really appreciate it if people could test these packages and report 'works here' in that bug report, so I can push the update out next week [21:21:33] <mathiaz> jdstrand: great [21:21:50] <nijaba> jdstrand: there is a version for dapper? [21:22:02] <jdstrand> because gutsy is so close to upstream, its patches weren't significant [21:22:05] <mathiaz> jdstrand: You've already sent a couple emails on different mailing lists [21:22:13] <mathiaz> jdstrand: could you post something to the forums ? [21:22:19] <jdstrand> really looking for dapper (and edgy and feisty if possible) [21:22:22] <mathiaz> jdstrand: or ask faulkes- about it ? [21:22:24] <jdstrand> nijaba: 5.0.22 [21:22:43] <jdstrand> is faulkes- around? [21:22:56] <mathiaz> jdstrand: I think there is developer forum that is targeted at that [21:22:57] <jdstrand> mathiaz: but to answer your question-- sure [21:23:32] <mathiaz> jdstrand: altought I'm not sure if the people reading the developer forums would be able to test your updates [21:23:48] <jdstrand> nijaba: oh heh, I read your question to quickly-- yes dapper has updates and I'd really like testing there [21:24:03] <jdstrand> mathiaz: couldn't hurt [21:24:06] <nijaba> ok, I'll test it on my prod server [21:24:13] <mathiaz> jdstrand: could you coordinate with faulkes- about requesting feedback in the forums ? [21:24:14] <nijaba> and blame you if it blows up ;) [21:24:33] <jdstrand> nijaba: yes, you would be within your rights on that [21:25:09] <mathiaz> [ACTION] jdstrand to coordinate with faulkes- about mysql testing in the forums [21:25:17] * jdstrand won't mention testing updtes on a production server, as he really wants as much testing as possible [21:25:26] <jdstrand> ;) [21:26:01] <mathiaz> [TOPIC] LSB compliant init script [21:26:17] <mathiaz> kirkland: owh: you've started to look into that [21:26:25] <mathiaz> what is the outcome ? [21:26:31] <owh> We started creating some code to get output. [21:26:56] <kirkland> mathiaz: we have a list of all packages in Main, and Universe that install something in /etc/init.d [21:26:59] <owh> We've created an initial list of the hardy .iso: https://wiki.ubuntu.com/OnnoBenschop/ubuntu-server/init.d-status [21:27:24] <owh> Next step is testing what they output :) [21:27:36] <ScottK2> Is this really a project we ought to be starting a day before beta freeze? [21:27:39] <mathiaz> LSB compliant means a lot of things - what are you trying to fix first ? [21:28:13] <mathiaz> I think trying to get the status action for the daemons makes sense [21:28:23] <kirkland> mathiaz: a "status" action by init scripts is one of the things required for LSB [21:28:33] <kirkland> mathiaz: in most cases, it's a trivial patch [21:28:40] <mathiaz> having a fully compliant init script may require too much work though [21:28:55] <owh> We start small and work our way up. [21:29:01] <mathiaz> kirkland: well - there is also the headers for startup sequence [21:29:02] <kirkland> mathiaz: for services (and mainly those in ubuntu-server), i think it's important enough to have in Hardy, and minor enough code changes [21:29:10] <owh> We started with the packages installed by tasksel on the ubuntu-server install. [21:29:36] <ScottK2> Personally I think adding features to inits is adding features and should be done at the appropriate point in the development cycle for feature development. [21:29:47] <kirkland> mathiaz: full compliance is beyond the scope I'm suggesting [21:29:56] <owh> It's a fair point ScottK2 [21:30:23] <mathiaz> ScottK2: right. OTOH not having a status action for init script is really annoying [21:30:49] <owh> And I figure if we're serious with ebox, it will need to know if stuff is working - no? [21:31:00] <mathiaz> so trying to add a status action for packages that are on the ubuntu-server iso seems to be a good compromise [21:31:13] <kirkland> mathiaz: i agree with that [21:31:34] <owh> All of them, or only the ones that are installed by a tasksel server selection? [21:31:38] <ScottK2> It's not nearly annoying as having a broken init script on release day. [21:32:15] <mathiaz> ScottK2: I'd say that testing an init script is easy. [21:32:17] <ScottK2> mathiaz: I think if you want to pursue this you should ask ubuntu-release for an FFe. [21:32:22] <owh> There's only 7 that don't have a status that are installed by a tasksel *server selection [21:32:25] <mathiaz> ScottK2: aggreed. [21:32:37] <mathiaz> ScottK2: I was about to suggest that we should talk to ubuntu-release about this. [21:32:43] <ScottK2> It all depends on the init. [21:32:44] <kirkland> ScottK2: the risk is having an init script with a broken 'status' action on release day [21:32:58] <ScottK2> kirkland: We have lots on unimplemented features. [21:32:59] <kirkland> we should not be affecting the start/stop/(other) actions [21:33:08] <mathiaz> kirkland: could you update the Roadmap with a clear scope on what we aim at ? [21:33:10] <ScottK2> kirkland: Agree with should not. [21:33:15] <owh> There are only 4 that have a status option so far. [21:33:15] <nealmcb> I'd suggest taking it one package as a time - if the patch is trivial and fixes the "non-lsb-compliant" bug, then it is worthwhile given the 5 year lifespan of hardy. but I know it is also risky [21:33:36] <mathiaz> kirkland: and also list the packages targeted for hardy ? [21:33:44] <kirkland> mathiaz: will do [21:33:58] <mathiaz> kirkland: once the list is there, we can ask ubuntu-release to have a look at it and get a FFe for it. [21:34:15] <kirkland> nealmcb: I agree with your LTS comment, plus the fact that this is "catch-up" for many key services on ubuntu-server [21:34:58] <mathiaz> kirkland: however we won't have this ready by beta. [21:35:07] <nealmcb> at any rate, thanks for gathering the data, folks.... [21:35:35] <mathiaz> kirkland: the archive freeze is tomorrow - and these are patches that are not show-stoppers for the beta release [21:35:54] <owh> That gives us 24 hours :) [21:36:03] <kirkland> owh: with 2/7 done [21:36:13] <zul> uh...no it gives you less than that [21:36:21] <mathiaz> [ACTION] kirkland to update the Roadmap outlining the scope of the work - just add status action [21:36:23] * nealmcb would love to have status-getting documentation that doesn't have to say "except on hardy" for a long time [21:36:24] <owh> Seriously, the packages on the CD, there are really not that many if we limit ourselves to tasksel only stuff. [21:36:45] <mathiaz> [ACTION] kirkland to ask ubuntu-release for a FFe for each of the packages. [21:38:01] <mathiaz> [TOPIC] libdb4.x transition [21:38:12] <mathiaz> there has been some work done on this. [21:39:04] <mathiaz> mruiz has been working on a couple of them - and contacted some upstream about the transition. Some of the upstream added a check in the configure script for a specific version of libdb. [21:39:37] <mathiaz> zul: is the Roadmap updated wrt to the package you've uploaded ? [21:39:48] <zul> mathiaz: afaik yes [21:40:16] <zul> yes it is...mruiz is doing the rest of them [21:40:26] <mathiaz> ScottK2: is there any packages for libdb4.4 and libdb4.5 ? [21:41:18] <ScottK2> mathiaz: There are, but I haven't had time to look [21:41:44] <mathiaz> ScottK2: ok - so may be we should concentrate on libdb4.3 [21:41:58] <ScottK2> Yes. [21:42:01] <mathiaz> ScottK2: and then jump to libdb4.4 and 4.5 [21:42:05] <ScottK2> Yes [21:42:28] <ScottK2> lidbd4.2 will be sticking around, so no point worrying about that one right now. [21:42:34] <mathiaz> [TOPIC] Server Guide documentation [21:42:44] <mathiaz> ScottK2: yeah - related to openldap [21:42:50] <ScottK2> Exactly [21:42:56] <mathiaz> sommer: so how is the string freeze going ? [21:43:05] <sommer> getting there [21:43:26] <sommer> added an ebox section if people would like to review [21:43:31] <mathiaz> sommer: do you have section that needs focus for review ? [21:43:53] <sommer> probably the virt section... working with nijaba and soren on it [21:44:25] <sommer> I should have an update for it this evening... the current version isn't quite accurate [21:44:50] <mathiaz> sommer: ok - I'll look into also as I'm still setting up my new vm environement. [21:45:07] <sommer> mathiaz: cool, the more the marrier [21:45:13] <mathiaz> keescook and jdstrand have also migrated to kvm IIRC [21:45:41] <jdstrand> yep [21:45:44] <jdstrand> loving it [21:45:47] <nealmcb> :-) [21:45:55] <sommer> other than that just working through the rest of the sections and updating minor adjustments for hardy [21:45:55] <jdstrand> much less resource intensive than vmware [21:46:08] <nijaba> at least sommer does it in real condition: remotely [21:46:22] <sommer> heh... attempts to :-) [21:46:23] <mathiaz> sommer: could you update the Roadmap with a list of the section you'd ask for review ? [21:46:31] <dendrobates> sommer: I should get the likewise-open man pages by tomorrow. [21:46:34] <soren> I had 10 vm's running at the same time a few days ago. Worked fine. [21:46:37] <mathiaz> sommer: so that we can point people to it and focus our efforts on that. [21:46:47] <sommer> mathiaz: sure [21:47:09] <mathiaz> [TOPIC] sommer to update the roadmap section with a list of section of the server guide that need reviews. [21:47:12] <sommer> dendrobates: that's cool, I noticed the ffe bug. [21:47:38] <mathiaz> nealmcb: could you update the factoids by adding a servergui entry ? [21:47:51] <nealmcb> I sent mail a little while ago [21:48:05] <mathiaz> !servergui [21:48:05] <ubotu> Sorry, I don't know anything about servergui - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi [21:48:15] <nealmcb> mail to the server team... [21:48:26] <nealmcb> if folks like what I wrote, and the servergui changes, I'll talk to the ops [21:48:56] <faulkes-> I now have hardware and a requirement for virtuals, so I'll be doing kvm stuff very soon [21:49:12] <nealmcb> https://help.ubuntu.com/community/ServerGUI [21:49:43] <nealmcb> (that's mostly sommer's work of course - just a few edits by me) [21:49:50] <mathiaz> nealmcb: I think it looks good [21:49:52] <jdstrand> I should mention that while I have been loving kvm [21:49:55] <mathiaz> nealmcb: and should be added [21:50:02] <jdstrand> and have moved all my vmware machines to it [21:50:07] <nealmcb> will do [21:50:19] <mathiaz> nealmcb: I can't seem to find your email to the server team about the servergui entry [21:50:22] <jdstrand> there is some adjustments that need to be made on pre-hardy vms [21:50:32] <nealmcb> just half an hour ago [21:50:36] <mathiaz> [ACTION] nealmcb to add an entry for the servergui factoid [21:50:39] <jdstrand> I will update the wiki accordingly (probably tomorrow) [21:51:07] <jdstrand> additionally, there is s script available to help migrate [21:51:10] <mathiaz> nealmcb: ah ok - I haven't checked my email [21:51:16] <jdstrand> vmware images to kvm: [21:51:19] <jdstrand> http://people.ubuntu.com/~soren/vmware2libvirt [21:51:46] * owh hugs jdstrand [21:51:56] * owh thanks soren for the code. [21:52:09] <nealmcb> I did change one part of the recommend apt-get commands... [21:52:15] <mathiaz> [TOPIC] LTS upgrades [21:52:24] <mathiaz> so what are our current efforts in that area ? [21:53:11] <soren> owh: Oh, it's jdstrand's doing. All of it. [21:53:24] <soren> owh: I just stole it and threw it on people.ubuntu.com :) [21:53:30] <owh> ROTFL [21:54:39] <mathiaz> so I guess we're doing really good on LTS upgrade testing if noone has anything to report [21:55:06] <jdstrand> mathiaz: I would not assume that [21:55:11] <jdstrand> :) [21:55:26] <jdstrand> mathiaz: I was until a moment ago silent because I haven't done it [21:55:32] <ScottK2> I can unequivicably (or however that's spelled) say that I have not encountered any errors in LTS to LTS upgrade testing. [21:55:50] * jdstrand could say the same [21:56:17] <mathiaz> well - my question then is: what was LTS-to-LTS-upgrade-tested ? [21:56:28] * sommer needs to make time for testing LTS on LTS action [21:56:34] <nealmcb> ScottK2: but what fractions of the upgrades have been successful? Any singularities encountered? [21:56:37] <nealmcb> :-) [21:56:39] <mathiaz> ScottK2: I guess you've tested postfix and mail daemon [21:57:16] <ScottK2> Actually I haven't directly, but I've tested direct upgrades of Postfix to modern versions on Dapper with no trouble for backports [21:58:25] <mathiaz> well - we still need to focus on LTS-to-LTS upgrades [21:58:48] <mathiaz> especially now that we're about to release beta [21:58:57] <mathiaz> [TOPIC] Any Other Business [21:59:04] <mathiaz> anyone wants to add something ? [21:59:21] <mathiaz> soren: could you update the ReportingPage with a virtualization section ? [21:59:34] <ScottK2> mathiaz: Any chance now for tasksel changes? [21:59:35] <owh> And a migration guide :) [21:59:38] <mathiaz> dendrobates: same thing for likewise-open ? [22:00:01] <mathiaz> ScottK2: you mean the dovecot+postfix integration ? [22:00:41] <ScottK2> mathiaz: Yes. [22:00:55] <soren> mathiaz: Will do. [22:01:01] <ScottK2> I wanted to see about integrating amavisd-new since we finally got it in Main [22:01:16] <mathiaz> ScottK2: I think that ivoks updated the patch for the new version of tasksel [22:01:30] <mathiaz> ScottK2: now it needs a FFe and then a core-dev can upload it [22:01:34] <soren> "unequivocably", I think, by the way. [22:02:00] * kirkland quivs with soren [22:02:08] <ScottK2> soren: That looks right [22:02:30] <ScottK2> mathiaz: Do you have a bug number? If there's a patch, I'll look into FFe. [22:03:02] <mathiaz> ScottK2: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/164837 [22:03:07] <ubotu> Launchpad bug 164837 in dovecot "Dovecot SASL for postfix" [Low,In progress] [22:03:10] * ScottK2 looks [22:03:47] <mathiaz> [TOPIC] Agree on next meeting date and time. [22:03:57] <mathiaz> Same time, same place, next week ? [22:04:28] <nealmcb> yes - utc-wise :-) [22:04:40] <mathiaz> well - 21:00 UTC [22:04:49] <nxvl> meeting is already over? [22:05:08] <mathiaz> the time hasn't changed - only the some part of the world decided to move forward in time [22:05:17] <ivoks> mathiaz: yes, i've updated it [22:05:46] <ivoks> ScottK2: no, i didn't put amavis in it; and i'm not big fan of doing amavis filtering by default [22:06:17] <ivoks> ScottK2: i think we should leave that to people who know what it is for [22:06:44] <ivoks> otherwise, we'll have angry users complaining that their ubuntu mail server kills mail [22:07:04] <ScottK2> ivoks: Fair enough [22:07:34] <ScottK2> It's certain not something we should shove in at the last minute if there's no consensus. [22:07:36] <ivoks> ScottK2: amavis bounces mail with exe attachments by default, so... i don't know... [22:07:49] <mathiaz> Ok - so next meeting: next week, same time same place [22:07:51] <ScottK2> We'd need to come up with a do no harm config [22:08:08] <mathiaz> Thanks all for attending ! :) [22:08:16] <ivoks> ScottK2: yeah... i'm still in a quest for ideal amavis config :) [22:08:18] <mathiaz> #endmeeting Meeting ended.