Ubuntu Wiki

Agenda

Minutes

Log

{{{Started logging meeting in #ubuntu-meeting [21:01:15] <sommer> nealmcb: cool [21:01:22] <dendrobates> o/ [21:01:43] <mathiaz> Today's agenda: https://wiki.ubuntu.com/ServerTeam/Meeting [21:02:15] <mathiaz> [TOPIC] Review ACTION points from previous meeting. [21:02:30] <mathiaz> https://wiki.ubuntu.com/MeetingLogs/Server/20080305 [21:03:02] <mathiaz> So I've sent an email about the ServerTestingTeam [21:03:14] <mathiaz> And I've noticed that some new pages were created in the wiki [21:03:42] <mathiaz> Again - anyone that has some server hardware available is welcome to test drive hardy. [21:04:09] <mathiaz> [TOPIC] Server survey [21:04:25] <mathiaz> The reportingpage has been updated [21:04:40] <mathiaz> https://wiki.ubuntu.com/ServerTeam/ReportingPage [21:04:49] * soren blushes as he realises he hasn't sent anything for that page [21:05:14] <mathiaz> nijaba: any news on the hosting front ? [21:05:32] <owh> soren: You could have updated it and blamed it on "caching" [21:05:36] <nijaba> we are waiting for an audit from kees [21:05:45] <nijaba> it should be done soon [21:06:10] <soren> owh: Encouraging dishonesty? Tsk, tsk [21:06:23] <mathiaz> [TOPIC] iSCSI support [21:06:41] <soren> I talked to Rick. [21:06:43] <mathiaz> soren: did you have a change to talk with steve about root fs support ? [21:06:49] <soren> We decided we wanted to do it. [21:06:53] * keescook ran out of time last friday. [21:07:00] <soren> I e-mailed slangasek asking if it was ok. I haven't heard back. [21:07:03] <nijaba> \o/ [21:07:04] <faulkes-> evening [21:07:23] <soren> This was Friday, I believe. I should poke him some more. [21:07:36] <mathiaz> soren: that would be post-beta work I guess [21:08:25] <mathiaz> [ACTION] soren to talk with slangasek about iSCSI support for root fs. [21:09:13] <mathiaz> [TOPIC] Bacula status [21:09:19] <ivoks> hi [21:09:23] <mathiaz> ivoks: what's the state of your work on that ? [21:09:40] <ivoks> it needs one day of work [21:10:04] <ivoks> tomorrow it will be ready for inspection [21:10:50] <mathiaz> ivoks: great [21:10:59] <mathiaz> who can do the inspection ? [21:11:00] <ivoks> if someone want to see debdiff, http://www.grad.hr/~ivoks/bacula.diff [21:11:04] <nijaba> beta freeze starts tomorrow [21:11:16] <sommer> so is bacula going to make it into main? [21:11:30] <mathiaz> probably not before beta [21:11:39] <ivoks> ok, then it will be finished in couple of hours [21:11:48] <nijaba> we have yet to file a mir, though... [21:11:52] <sommer> for hardy release? [21:12:24] <ivoks> debdiff is already over 1000 lines [21:12:40] * zul cries [21:12:42] <sommer> either way I was just wondering if we should add a section to the docs or not? [21:12:59] <ivoks> zul: it's not that bad [21:13:23] <mathiaz> considering that we're changing a lot of the packaging, we should ask for FFexception [21:13:50] <mathiaz> or should it be considered as just bug fixes ? [21:14:22] <nijaba> these are mainly bug fixes to match requirements, IIRC [21:14:34] <ivoks> there are also new features [21:14:44] <ivoks> like new catalog_backup script [21:15:13] <mathiaz> isn't that a fix for the security issues raised ? [21:15:35] <ivoks> it is [21:15:53] <ivoks> anyway... i'll finish it in couple of hours [21:16:00] <nijaba> so it is a bug fix [21:16:10] <mathiaz> anyway - since the diff seems large, it may worth asking for a FFe to the motu-release team [21:16:17] <mathiaz> zul: can you review the bacula diff ? [21:16:29] <zul> mathiaz: sure.. [21:16:52] <mathiaz> zul: and figure out whether a FFe is needed or not [21:17:06] <zul> I can do it tomorrow [21:17:16] <mathiaz> [ACTION] ivoks to post an updated debdiff for bacula [21:17:25] <mathiaz> [ACTION] zul to review the bacula debdiff [21:17:38] <mathiaz> [TOPIC] mysql testing [21:17:50] <mathiaz> jdstrand: what did you do to mysql ? [21:18:03] <ivoks> zul: i'll be online, so contact me if you have questions [21:18:06] <jdstrand> I have been preparing a security update for mysql [21:18:15] <zul> ivoks: sure thanks [21:18:16] <jdstrand> there are several issues that are addressed [21:18:44] <jdstrand> 2 required a rather substantial patch [21:19:03] <jdstrand> all of this is documented in bug #201009 [21:19:04] <ubotu> Launchpad bug 201009 in mysql-dfsg-5.0 "[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed" [High,Fix committed] https://launchpad.net/bugs/201009 [21:19:35] <jdstrand> the short summary is that CVE-2007-6303 and CVE-2007-2692 required quite a bit of work to fix dapper - feisty [21:19:36] <ubotu> MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303) [21:19:37] <ubotu> The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692) [21:19:58] <jdstrand> as such, I have uploaded the packages to -proposed for wider testing [21:20:15] <jdstrand> they have received a good bit of testing already, and they look good here [21:20:50] <jdstrand> I'd really appreciate it if people could test these packages and report 'works here' in that bug report, so I can push the update out next week [21:21:33] <mathiaz> jdstrand: great [21:21:50] <nijaba> jdstrand: there is a version for dapper? [21:22:02] <jdstrand> because gutsy is so close to upstream, its patches weren't significant [21:22:05] <mathiaz> jdstrand: You've already sent a couple emails on different mailing lists [21:22:13] <mathiaz> jdstrand: could you post something to the forums ? [21:22:19] <jdstrand> really looking for dapper (and edgy and feisty if possible) [21:22:22] <mathiaz> jdstrand: or ask faulkes- about it ? [21:22:24] <jdstrand> nijaba: 5.0.22 [21:22:43] <jdstrand> is faulkes- around? [21:22:56] <mathiaz> jdstrand: I think there is developer forum that is targeted at that [21:22:57] <jdstrand> mathiaz: but to answer your question-- sure [21:23:32] <mathiaz> jdstrand: altought I'm not sure if the people reading the developer forums would be able to test your updates [21:23:48] <jdstrand> nijaba: oh heh, I read your question to quickly-- yes dapper has updates and I'd really like testing there [21:24:03] <jdstrand> mathiaz: couldn't hurt [21:24:06] <nijaba> ok, I'll test it on my prod server [21:24:13] <mathiaz> jdstrand: could you coordinate with faulkes- about requesting feedback in the forums ? [21:24:14] <nijaba> and blame you if it blows up [21:24:33] <jdstrand> nijaba: yes, you would be within your rights on that [21:25:09] <mathiaz> [ACTION] jdstrand to coordinate with faulkes- about mysql testing in the forums [21:25:17] * jdstrand won't mention testing updtes on a production server, as he really wants as much testing as possible [21:25:26] <jdstrand> [21:26:01] <mathiaz> [TOPIC] LSB compliant init script [21:26:17] <mathiaz> kirkland: owh: you've started to look into that [21:26:25] <mathiaz> what is the outcome ? [21:26:31] <owh> We started creating some code to get output. [21:26:56] <kirkland> mathiaz: we have a list of all packages in Main, and Universe that install something in /etc/init.d [21:26:59] <owh> We've created an initial list of the hardy .iso: https://wiki.ubuntu.com/OnnoBenschop/ubuntu-server/init.d-status [21:27:24] <owh> Next step is testing what they output [21:27:36] <ScottK2> Is this really a project we ought to be starting a day before beta freeze? [21:27:39] <mathiaz> LSB compliant means a lot of things - what are you trying to fix first ? [21:28:13] <mathiaz> I think trying to get the status action for the daemons makes sense [21:28:23] <kirkland> mathiaz: a "status" action by init scripts is one of the things required for LSB [21:28:33] <kirkland> mathiaz: in most cases, it's a trivial patch [21:28:40] <mathiaz> having a fully compliant init script may require too much work though [21:28:55] <owh> We start small and work our way up. [21:29:01] <mathiaz> kirkland: well - there is also the headers for startup sequence [21:29:02] <kirkland> mathiaz: for services (and mainly those in ubuntu-server), i think it's important enough to have in Hardy, and minor enough code changes [21:29:10] <owh> We started with the packages installed by tasksel on the ubuntu-server install. [21:29:36] <ScottK2> Personally I think adding features to inits is adding features and should be done at the appropriate point in the development cycle for feature development. [21:29:47] <kirkland> mathiaz: full compliance is beyond the scope I'm suggesting [21:29:56] <owh> It's a fair point ScottK2 [21:30:23] <mathiaz> ScottK2: right. OTOH not having a status action for init script is really annoying [21:30:49] <owh> And I figure if we're serious with ebox, it will need to know if stuff is working - no? [21:31:00] <mathiaz> so trying to add a status action for packages that are on the ubuntu-server iso seems to be a good compromise [21:31:13] <kirkland> mathiaz: i agree with that [21:31:34] <owh> All of them, or only the ones that are installed by a tasksel server selection? [21:31:38] <ScottK2> It's not nearly annoying as having a broken init script on release day. [21:32:15] <mathiaz> ScottK2: I'd say that testing an init script is easy. [21:32:17] <ScottK2> mathiaz: I think if you want to pursue this you should ask ubuntu-release for an FFe. [21:32:22] <owh> There's only 7 that don't have a status that are installed by a tasksel *server selection [21:32:25] <mathiaz> ScottK2: aggreed. [21:32:37] <mathiaz> ScottK2: I was about to suggest that we should talk to ubuntu-release about this. [21:32:43] <ScottK2> It all depends on the init. [21:32:44] <kirkland> ScottK2: the risk is having an init script with a broken 'status' action on release day [21:32:58] <ScottK2> kirkland: We have lots on unimplemented features. [21:32:59] <kirkland> we should not be affecting the start/stop/(other) actions [21:33:08] <mathiaz> kirkland: could you update the Roadmap with a clear scope on what we aim at ? [21:33:10] <ScottK2> kirkland: Agree with should not. [21:33:15] <owh> There are only 4 that have a status option so far. [21:33:15] <nealmcb> I'd suggest taking it one package as a time - if the patch is trivial and fixes the "non-lsb-compliant" bug, then it is worthwhile given the 5 year lifespan of hardy. but I know it is also risky [21:33:36] <mathiaz> kirkland: and also list the packages targeted for hardy ? [21:33:44] <kirkland> mathiaz: will do [21:33:58] <mathiaz> kirkland: once the list is there, we can ask ubuntu-release to have a look at it and get a FFe for it. [21:34:15] <kirkland> nealmcb: I agree with your LTS comment, plus the fact that this is "catch-up" for many key services on ubuntu-server [21:34:58] <mathiaz> kirkland: however we won't have this ready by beta. [21:35:07] <nealmcb> at any rate, thanks for gathering the data, folks.... [21:35:35] <mathiaz> kirkland: the archive freeze is tomorrow - and these are patches that are not show-stoppers for the beta release [21:35:54] <owh> That gives us 24 hours [21:36:03] <kirkland> owh: with 2/7 done [21:36:13] <zul> uh...no it gives you less than that [21:36:21] <mathiaz> [ACTION] kirkland to update the Roadmap outlining the scope of the work - just add status action [21:36:23] * nealmcb would love to have status-getting documentation that doesn't have to say "except on hardy" for a long time [21:36:24] <owh> Seriously, the packages on the CD, there are really not that many if we limit ourselves to tasksel only stuff. [21:36:45] <mathiaz> [ACTION] kirkland to ask ubuntu-release for a FFe for each of the packages. [21:38:01] <mathiaz> [TOPIC] libdb4.x transition [21:38:12] <mathiaz> there has been some work done on this. [21:39:04] <mathiaz> mruiz has been working on a couple of them - and contacted some upstream about the transition. Some of the upstream added a check in the configure script for a specific version of libdb. [21:39:37] <mathiaz> zul: is the Roadmap updated wrt to the package you've uploaded ? [21:39:48] <zul> mathiaz: afaik yes [21:40:16] <zul> yes it is...mruiz is doing the rest of them [21:40:26] <mathiaz> ScottK2: is there any packages for libdb4.4 and libdb4.5 ? [21:41:18] <ScottK2> mathiaz: There are, but I haven't had time to look [21:41:44] <mathiaz> ScottK2: ok - so may be we should concentrate on libdb4.3 [21:41:58] <ScottK2> Yes. [21:42:01] <mathiaz> ScottK2: and then jump to libdb4.4 and 4.5 [21:42:05] <ScottK2> Yes [21:42:28] <ScottK2> lidbd4.2 will be sticking around, so no point worrying about that one right now. [21:42:34] <mathiaz> [TOPIC] Server Guide documentation [21:42:44] <mathiaz> ScottK2: yeah - related to openldap [21:42:50] <ScottK2> Exactly [21:42:56] <mathiaz> sommer: so how is the string freeze going ? [21:43:05] <sommer> getting there [21:43:26] <sommer> added an ebox section if people would like to review [21:43:31] <mathiaz> sommer: do you have section that needs focus for review ? [21:43:53] <sommer> probably the virt section... working with nijaba and soren on it [21:44:25] <sommer> I should have an update for it this evening... the current version isn't quite accurate [21:44:50] <mathiaz> sommer: ok - I'll look into also as I'm still setting up my new vm environement. [21:45:07] <sommer> mathiaz: cool, the more the marrier [21:45:13] <mathiaz> keescook and jdstrand have also migrated to kvm IIRC [21:45:41] <jdstrand> yep [21:45:44] <jdstrand> loving it [21:45:47] <nealmcb> [21:45:55] <sommer> other than that just working through the rest of the sections and updating minor adjustments for hardy [21:45:55] <jdstrand> much less resource intensive than vmware [21:46:08] <nijaba> at least sommer does it in real condition: remotely [21:46:22] <sommer> heh... attempts to [21:46:23] <mathiaz> sommer: could you update the Roadmap with a list of the section you'd ask for review ? [21:46:31] <dendrobates> sommer: I should get the likewise-open man pages by tomorrow. [21:46:34] <soren> I had 10 vm's running at the same time a few days ago. Worked fine. [21:46:37] <mathiaz> sommer: so that we can point people to it and focus our efforts on that. [21:46:47] <sommer> mathiaz: sure [21:47:09] <mathiaz> [TOPIC] sommer to update the roadmap section with a list of section of the server guide that need reviews. [21:47:12] <sommer> dendrobates: that's cool, I noticed the ffe bug. [21:47:38] <mathiaz> nealmcb: could you update the factoids by adding a servergui entry ? [21:47:51] <nealmcb> I sent mail a little while ago [21:48:05] <mathiaz> !servergui [21:48:05] <ubotu> Sorry, I don't know anything about servergui - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi [21:48:15] <nealmcb> mail to the server team... [21:48:26] <nealmcb> if folks like what I wrote, and the servergui changes, I'll talk to the ops [21:48:56] <faulkes-> I now have hardware and a requirement for virtuals, so I'll be doing kvm stuff very soon [21:49:12] <nealmcb> https://help.ubuntu.com/community/ServerGUI [21:49:43] <nealmcb> (that's mostly sommer's work of course - just a few edits by me) [21:49:50] <mathiaz> nealmcb: I think it looks good [21:49:52] <jdstrand> I should mention that while I have been loving kvm [21:49:55] <mathiaz> nealmcb: and should be added [21:50:02] <jdstrand> and have moved all my vmware machines to it [21:50:07] <nealmcb> will do [21:50:19] <mathiaz> nealmcb: I can't seem to find your email to the server team about the servergui entry [21:50:22] <jdstrand> there is some adjustments that need to be made on pre-hardy vms [21:50:32] <nealmcb> just half an hour ago [21:50:36] <mathiaz> [ACTION] nealmcb to add an entry for the servergui factoid [21:50:39] <jdstrand> I will update the wiki accordingly (probably tomorrow) [21:51:07] <jdstrand> additionally, there is s script available to help migrate [21:51:10] <mathiaz> nealmcb: ah ok - I haven't checked my email [21:51:16] <jdstrand> vmware images to kvm: [21:51:19] <jdstrand> http://people.ubuntu.com/~soren/vmware2libvirt [21:51:46] * owh hugs jdstrand [21:51:56] * owh thanks soren for the code. [21:52:09] <nealmcb> I did change one part of the recommend apt-get commands... [21:52:15] <mathiaz> [TOPIC] LTS upgrades [21:52:24] <mathiaz> so what are our current efforts in that area ? [21:53:11] <soren> owh: Oh, it's jdstrand's doing. All of it. [21:53:24] <soren> owh: I just stole it and threw it on people.ubuntu.com [21:53:30] <owh> ROTFL [21:54:39] <mathiaz> so I guess we're doing really good on LTS upgrade testing if noone has anything to report [21:55:06] <jdstrand> mathiaz: I would not assume that [21:55:11] <jdstrand> [21:55:26] <jdstrand> mathiaz: I was until a moment ago silent because I haven't done it [21:55:32] <ScottK2> I can unequivicably (or however that's spelled) say that I have not encountered any errors in LTS to LTS upgrade testing. [21:55:50] * jdstrand could say the same [21:56:17] <mathiaz> well - my question then is: what was LTS-to-LTS-upgrade-tested ? [21:56:28] * sommer needs to make time for testing LTS on LTS action [21:56:34] <nealmcb> ScottK2: but what fractions of the upgrades have been successful? Any singularities encountered? [21:56:37] <nealmcb> [21:56:39] <mathiaz> ScottK2: I guess you've tested postfix and mail daemon [21:57:16] <ScottK2> Actually I haven't directly, but I've tested direct upgrades of Postfix to modern versions on Dapper with no trouble for backports [21:58:25] <mathiaz> well - we still need to focus on LTS-to-LTS upgrades [21:58:48] <mathiaz> especially now that we're about to release beta [21:58:57] <mathiaz> [TOPIC] Any Other Business [21:59:04] <mathiaz> anyone wants to add something ? [21:59:21] <mathiaz> soren: could you update the ReportingPage with a virtualization section ? [21:59:34] <ScottK2> mathiaz: Any chance now for tasksel changes? [21:59:35] <owh> And a migration guide [21:59:38] <mathiaz> dendrobates: same thing for likewise-open ? [22:00:01] <mathiaz> ScottK2: you mean the dovecot+postfix integration ? [22:00:41] <ScottK2> mathiaz: Yes. [22:00:55] <soren> mathiaz: Will do. [22:01:01] <ScottK2> I wanted to see about integrating amavisd-new since we finally got it in Main [22:01:16] <mathiaz> ScottK2: I think that ivoks updated the patch for the new version of tasksel [22:01:30] <mathiaz> ScottK2: now it needs a FFe and then a core-dev can upload it [22:01:34] <soren> "unequivocably", I think, by the way. [22:02:00] * kirkland quivs with soren [22:02:08] <ScottK2> soren: That looks right [22:02:30] <ScottK2> mathiaz: Do you have a bug number? If there's a patch, I'll look into FFe. [22:03:02] <mathiaz> ScottK2: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/164837 [22:03:07] <ubotu> Launchpad bug 164837 in dovecot "Dovecot SASL for postfix" [Low,In progress] [22:03:10] * ScottK2 looks [22:03:47] <mathiaz> [TOPIC] Agree on next meeting date and time. [22:03:57] <mathiaz> Same time, same place, next week ? [22:04:28] <nealmcb> yes - utc-wise [22:04:40] <mathiaz> well - 21:00 UTC [22:04:49] <nxvl> meeting is already over? [22:05:08] <mathiaz> the time hasn't changed - only the some part of the world decided to move forward in time [22:05:17] <ivoks> mathiaz: yes, i've updated it [22:05:46] <ivoks> ScottK2: no, i didn't put amavis in it; and i'm not big fan of doing amavis filtering by default [22:06:17] <ivoks> ScottK2: i think we should leave that to people who know what it is for [22:06:44] <ivoks> otherwise, we'll have angry users complaining that their ubuntu mail server kills mail [22:07:04] <ScottK2> ivoks: Fair enough [22:07:34] <ScottK2> It's certain not something we should shove in at the last minute if there's no consensus. [22:07:36] <ivoks> ScottK2: amavis bounces mail with exe attachments by default, so... i don't know... [22:07:49] <mathiaz> Ok - so next meeting: next week, same time same place [22:07:51] <ScottK2> We'd need to come up with a do no harm config [22:08:08] <mathiaz> Thanks all for attending ! [22:08:16] <ivoks> ScottK2: yeah... i'm still in a quest for ideal amavis config [22:08:18] <mathiaz> #endmeeting Meeting ended. }}}