== Agenda == Items we will be discussing: * Review ACTION points from previous meeting. * Review progress made on the specification listed on the [[ServerTeam/Roadmap| Roadmap]]. * Discussion about community QA improvements for Intrepid - ScottKitterman * Call for user experiences on WBEM/CIM Servers - ThierryCarrez * Open Discussion. * Agree on next meeting date and time. == Minutes == ## Use title4 (ie ==== ) for each section of the minutes ## Only topics discussed during the meetings should be put in the minutes. ## Status reporting is done via another channel. ==== Updated Server Team Roadmap ==== mathiaz updated the Server Team [[ServerTeam/Roadmap|Roadmap]] with a list of specs targeted for Intrepid. He reminded everyone to add missing blueprints and update existing ones. ACTION: kirkland to update the lsb section on the roadmap. ACTION: nxvl to add a section about augeas. ==== Ubuntu Server Guide bzr branch ==== mathiaz looked into splitting the Ubuntu server guide into its own bzr branch in order to make it easier and faster for new contributors to submit updates. He asked how translations were integrated in the package. LaserJock gave some details. The discussion was defer to #ubuntu-server after the meeting. ==== Migrate openldap configuration to cn=config ==== mathiaz made some progress on supporting the config backend in the openldap package. He scheduled some time next week with slangasek to talk about his changes. ==== Encrypted ~/Private Directory in Each User's Home ==== kirkland reported that this spec is in great shape for intrepid. Two modifications to /etc/pam.d/common-auth and /etc/pam.d/common-session still need to be done manually. ACTION: kirkland to update the testing instructions in the Spec and send an email out to the server mailing list about ecrypts fs. ACTION: kirkland to ask for feedback on how to add the pam_ecryptfs module to the pam stack. ==== Migrate new installs and upgrades of client and server packages to use SSL v3 or TLS ==== ivoks started to make a list of services that need their configuration updated to provide SSL v3/TLS by default. ACTION: ivoks to update the MigrateOffSSL2 wiki page with a list of services that needs to be checked and fixed. ==== Integration of Dovecot SASL and Postfix ==== mathiaz noted that there are currently two sasl implementations in main: cyrus and dovecot. While writing one of his spec, he found that most of the services in main use the Cyrus SASL implementation - only two services (exim and postfix) support the dovecot implementation. He wondered why use the dovecot implementation instead of cyrus. ACTION: ivoks to evaluate what needs to be done for cyrus sasl/postfix integration. ACTION: mathiaz to update the Roadmap wrt postfix sasl integration. ==== Ubuntu Manpage Repository ==== elmo has agreed to provide hosting for it. The code is awaiting kees' security audit. There's a [[https://launchpad.net/ubuntu-manpage-repository|Launchpad project]] if anyone else wants to review it. kirkland may add the dman command line which provides instant access from a command line to any man page in any Ubuntu release dapper - intrepid, main/universe/multiverse/restricted. This shell script can be found in the same LP project as the repository code. ==== Call for user experiences on WBEM/CIM Servers ==== Koon has been investigating options for integrating a WBEM/CIM server in Ubuntu server. He was wondering if anyone in the team had any experience to share (OpenWBEM, SBLIM, OpenPegasus, others ). nealmcb offered to forward Koon's requests and questions to folks that should know more about this subject. ==== Intrepid alpha 2 ==== mathiaz reminded that Alpha 2 is targeted for Thursday and that there is a soft freeze in effect. This also means that some -server isos will require testing in the next days. As usual coordination takes place in #ubuntu-testing and on the [[http://iso.qa.ubuntu.com/|Iso testing tracker]]. sommer wondered if the isos were working with kvm. nijaba reported that soren said he would upload a patch to fix that shortly. mathiaz added that he successfully booted an intrepid guest with the latest kernel upload (-3), but that the system would produce a lot of oopses. ==== Augeas almost in Intrepid ==== nxvl reported that his augeas package had been uploaded to the archive and was waiting for a review by an archive admin. The next step is to write more lenses for the services that we'd like to support: he created [[https://wiki.ubuntu.com/UbuntuCentralizedServiceAdministrator/Augeas|such a list]] and is looking for [[http://nvalcarcel.aureal.com.pe/?p=199|help to write lenses]]. ==== Agree on next meeting date and time ==== Next meeting will be on Tuesday, July 15th at 15:00 UTC in #ubuntu-meeting. == Log == {{{ [16:01] #startmeeting [16:01] Meeting started at 10:02. The chair is mathiaz. [16:01] Commands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE] [16:01] Today's agenda: https://wiki.ubuntu.com/ServerTeam/Meeting [16:02] last meeting logs: https://wiki.ubuntu.com/MeetingLogs/Server/20080701 [16:02] I've updated the Roadmap [16:03] so that we knwo what's we're working on during this release cycle [16:03] if things are missing there, add them to the wiki page [16:03] https://wiki.ubuntu.com/ServerTeam/Roadmap [16:03] mathiaz: i still owe you an update to the Roadmap on the LSB init script stuff [16:03] mathiaz: I'll do that today [16:03] kirkland: great - thanks [16:04] [ACTION] kirkland to update the lsb section on the roadmap [16:04] ACTION received: kirkland to update the lsb section on the roadmap [16:04] need to add the augeas thing also [16:04] kirkland: do you know what you wanna add there ? [16:04] i will try to do it tonight [16:05] mathiaz: yeah, so the status_of_proc() function is in Ubuntu's lsb, and has been pushed to Debian, where the maintainer says he likes it, and will integrate after the Debian freeze is over [16:05] mathiaz: there's a list of package in this bug: https://bugs.edge.launchpad.net/debian/+source/lsb/+bug/203169 [16:05] Launchpad bug 203169 in samba ""status" function for init scripts" [Wishlist,Confirmed] [16:05] kirkland: ok - so now we need to update the package to use this lsb function [16:05] mathiaz: those are the key server packages where I'd like to submit a stack of very small patches to use this function [16:06] mathiaz: I'm going to try and knock all of those out today [16:06] kirkland: ok - great ! [16:06] mathiaz: should only take a few hours [16:06] kirkland: so finally the DM accepted the patch? Awesome! [16:06] mathiaz: I will need sponsorship, of course [16:06] kirkland: feel free to bug me [16:06] kirkland: and me [16:06] zul: awesome! [16:07] nxvl: cool! [16:07] i have some time this weekend [16:07] kirkland: I'd advise you to go through the sponsorship queue [16:07] mathiaz: right, i will certainly do that [16:07] great - let's move on [16:08] [TOPIC] # [16:08] Review progress made on the specification listed on the Roadmap. [16:08] New Topic: # [16:08] [TOPIC] Review progress made on the specification listed on the Roadmap. [16:08] New Topic: Review progress made on the specification listed on the Roadmap. [16:08] nealmcb: any new factoids ? [16:09] sommer: I've looked into the splitting the server guide from the big ubuntu-doc branch [16:10] sommer: It seems really easy to achieve [16:10] sommer: so one option we could do is to push our own branch - and then you could merge it the ubuntu-doc branch [16:10] sommer: I'm not sure if that would work well, but we could give it a try [16:11] mathiaz: yep, and the more I think about it the more I'm all for it :) [16:12] sommer: the ubuntu-doc bzr branch uses a format that support sub-tree, so it's really easy to split a sub-directory in its own branch [16:12] mathiaz: do you know what needs to happen as far as the current LP branch? I guess I'm not too familiar with the branching process [16:12] sommer: however I haven't figured out how to deal with translations [16:12] sommer: no yet - I'm still experimenting with it [16:13] mathiaz: translations, are really one of the biggest issues when dealing with the docs... for me it's easy to forget about them [16:13] i have some workaround on a bzr branch on how to do translations [16:13] mathiaz: great, just let me know how I can help :) [16:13] the script is ubuntu-course specific, but it won't be hard to change it [16:13] sommer: well - what I don't understand is where/when the translations are included [16:14] sommer: IIUC they're done in rosetta - but how do they end up in the bzr tree ? [16:14] mathiaz: the when is after string freeze, the new strings are translated and the packages are created [16:14] https://code.edge.launchpad.net/~nvalcarcel/ubuntu-desktop-course/ubuntu-desktop-course-translation [16:14] this a po maker script [16:14] sommer: right - so there is not point in having the .po files in the bzr branch ? [16:15] mathiaz: I think they're synced sometime after SF [16:15] this is* [16:15] mathiaz: I don't think so, at least not right away [16:15] .pot files are created from the docbook, put in the source package, and they get extracted to Rosetta, then the .po files are downloaded, converted back into docbook [16:15] sommer: hm - ok - I think I'll ask about that on the ubuntu-doc ml or IRC channel [16:15] mathiaz: rosette generates .pot files [16:16] mathiaz: so at some point you only need to download them and include in your release [16:16] rosetta* [16:16] LaserJock: ah, thanks that makes more sense :) [16:16] nxvl: rosetta generates .po files, you send it .pot files [16:17] LaserJock: well - can I ask more detailed questions about the process after the meeting ? [16:17] LaserJock: :D I'm not a translation expert, thanks for clearing it [16:17] mathiaz: sure [16:17] LaserJock: thanks - let's move on [16:17] mathiaz: I'm not a translation expert but I do it for edubuntu-docs [16:17] [TOPIC] Migrate openldap configuration to cn=config [16:17] New Topic: Migrate openldap configuration to cn=config [16:17] so I've started to work on that spec - and got some preliminary code [16:18] I've finally understood the packaging bits and have a plan now [16:19] I'd like to talk with slangasek about it and get some if his input on this [16:19] [TOPIC] Boot Support for Degraded RAID [16:19] New Topic: Boot Support for Degraded RAID [16:19] kirkland: anything new ? [16:19] mathiaz: nope, not yet [16:19] kirkland: ok [16:20] kirkland: are you blocked on something ? [16:20] mathiaz: the Ecryptfs work is pretty much done, i'm turning my focus now to Degraded RAID and ISCSI [16:20] kirkland: or just not enough time ? [16:20] mathiaz: time ;-) [16:20] [TOPIC] Encrypted ~/Private Directory in Each User's Home [16:20] New Topic: Encrypted ~/Private Directory in Each User's Home [16:20] kirkland: anything to test ? [16:20] mathiaz: I think I'm going to tackle Degraded RAID first [16:20] mathiaz: yes, this stuff is in pretty good shape in Intrepid now [16:21] mathiaz: sorry - was distracted - we have a new kvm factoid and an updated virtualization factoid [16:21] kirkland: so it's uploaded - can we ask for more widespread testing ? [16:21] !kvm [16:21] kvm is the preferred virtualization approach in Ubuntu. For more information see https://help.ubuntu.com/community/KVM [16:21] !virtualization [16:21] There are several solutions for running other operating systems (or their programs) inside Ubuntu, while using the native CPU as much as possible: !kvm is the preferred approach in Ubuntu. See also !QEmu (with !KQemu), !VirtualBox, !VMWare, as well as !WINE and !Cedega for Windows applications [16:21] mathiaz: I'll update the testing instructions in the Spec and send an email out to the server mailing list [16:21] kirkland: great - could you also add an item to the Testing section on the Roadmap ? [16:21] mathiaz: there's one thing that has to be done manually still.... [16:22] nealmcb: great - thanks [16:22] mathiaz: one line has to be added to /etc/pam.d/common-auth, and one line to /etc/pam.d/common-session [16:22] kirkland: does this need to be documented somewhere ? [16:22] mathiaz: i need some advice from slangasek on how to do this automatically or on install [16:22] mathiaz: it's documented in the Spec [16:22] mathiaz: basically, the pam_ecryptfs.so module needs to be added to the stack [16:22] mathiaz: I don't understand how we can do this automatically and within Debian policy [16:23] mathiaz: any help here would be much appreciated [16:23] [ACTION] kirkland to update the testing instructions in the Spec and send an email out to the server mailing list about ecrypts fs [16:23] ACTION received: kirkland to update the testing instructions in the Spec and send an email out to the server mailing list about ecrypts fs [16:23] kirkland: I'd suggest to send an email to ubuntu-devel@ [16:23] mathiaz: okay, will do [16:23] kirkland: I have some ideas as well. [16:23] dendrobates: yeah? [16:24] dendrobates: let's talk offline, then [16:24] kirkland: ok [16:24] [ACTION]: kirkland to ask for feedback on how to add the pam_ecryptfs module to the pam stack [16:24] ACTION received: : kirkland to ask for feedback on how to add the pam_ecryptfs module to the pam stack [16:25] [TOPIC] Migrate new installs and upgrades of client and server packages to use SSL v3 or TLS [16:25] New Topic: Migrate new installs and upgrades of client and server packages to use SSL v3 or TLS [16:25] ivoks: ? [16:25] hi [16:25] sorry for being late [16:25] this is just configuration change [16:25] ivoks: np - just in time for your spec :) [16:25] for all services, so only patches needed are for config files [16:26] this is a no brainer, and will be done at the end of this week [16:26] ivoks: do you have a list of services that needs to be updated ? [16:26] (i'm just busy these days with exams on faculty; tomorrow is the last one) [16:26] ivoks: I don't see it on the wiki page [16:26] ivoks: https://wiki.ubuntu.com/MigrateOffSSL2 [16:26] apache2, dovecot, postfix [16:27] i'll finish wiki after tomorrow [16:27] ivoks: these are the only services ? [16:27] only that come to my mind atm [16:27] [ACTION]: ivoks to update the MigrateOffSSL2 wiki page with a list of services that needs to be checked and fixed [16:27] ACTION received: : ivoks to update the MigrateOffSSL2 wiki page with a list of services that needs to be checked and fixed [16:28] i'll take a look at openldap also [16:28] ivoks: great - thanks. [16:28] [TOPIC] Integration of Dovecot SASL and Postfix [16:28] New Topic: Integration of Dovecot SASL and Postfix [16:28] ivoks: while you're around - ^^ [16:28] shoot :) [16:28] ivoks: one question I have is why use dovecot sasl ? [16:29] yes, openldap is a config change too [16:29] TLSCipherSuite HIGH:MEDIUM:-SSLv2 [16:29] ivoks: while doing some prep work for the kerberos spec, I quickly looked at sasl [16:29] mathiaz: saslauthd? [16:29] ivoks: there are indeed two implementations of sasl in main, cyrus an dovecot [16:30] right [16:30] ivoks: unfortunately support for dovecot sasl is almost inexistent (only exim and postfix) [16:30] ivoks: so we need to keep cyrus-sasl in main for the other services [16:30] mathiaz: i have deploy dovecot with sasl before, is painful but it can be done [16:31] so... basicaly, why not do postfix and cyrus too? [16:31] s/cyrus/dovecot [16:31] ivoks: https://wiki.ubuntu.com/NetworkAuthentication/KerberizeServices [16:31] ivoks: ^^ there is a list of services in main that support sasl [16:32] ok [16:32] ivoks: so the aim is to provide an easy way to enable sasl auth in postfix - why not choose cyrus ? [16:33] mathiaz: don't you have to change the cyrus socket location if using postfix in chroot? which could cause an issue if running those other services on the same box? [16:33] sommer: well - you'd have the same problem with dovecot [16:33] with dovecot you have to change the location as well, but since less services can use it less are affected [16:33] well... there is no special reason, except the chrooted postfix, but that's the same problem with dovecot [16:33] doh.. :) [16:34] heh [16:34] it just feels to me that dovecot and postfix make a good match... plus they're both mail related so they might be more likely to be installed on the same box [16:34] i don't recall what were the reasons to move to dovecot [16:34] well - my main argument is that most of services in main use cyrus sasl [16:34] except that setting dovecot's sasl is easy and all packages are already there [16:35] and it seems that it will be the case for quite some time as supporting dovecot sasl require hacking the src code IIUC [16:35] and postfix is by default in chroot [16:35] fwiw, we will have the same packaging problems with both variants [16:35] ivoks: aggreed [16:36] would un-chrooting postfix alleviate some of the pain? [16:36] ivoks: so it may worth looking into improving cyrus sasl experience [16:36] sure [16:37] if cyrus is way to go for everything else... well, it would be silly not to go there with postfix and dovecot, too [16:37] ivoks: so - should we retarget to integrate cyrus sasl instead of dovecot sasl for postfix ? [16:38] * ivoks cries... [16:38] ah well, ok :D [16:38] ivoks: could you look into that and report back what needs to be done to integrate postfix and cyrus sasl ? [16:38] life would be much easier if postfix wouldn't be chrooted :/ [16:39] mathiaz: simple: get postfix out of jail or add another 'meta' package that would delete cyrus socket, create it in postfix chroot, and then link old location [16:40] [ACTION] ivoks to look into cyrus sasl/postfix integration [16:40] ACTION received: ivoks to look into cyrus sasl/postfix integration [16:40] ivoks: I'll update the roadmap then. [16:40] ok [16:40] [ACTION]: mathiaz to update the Roadmap wrt postfix sasl integration [16:40] ACTION received: : mathiaz to update the Roadmap wrt postfix sasl integration [16:40] [TOPIC] Ubuntu Manpage Repository [16:40] New Topic: Ubuntu Manpage Repository [16:40] kirkland: ? [16:41] mathiaz: awaiting Kees' security audit [16:41] mathiaz: elmo has agreed to provide hosting for it [16:41] mathiaz: elmo just asked kees to sign off on the code [16:41] kirkland: ok - great [16:41] mathiaz: there's a Launchpad project if anyone else wants to review [16:41] * nealmcb cheers [16:41] kirkland: where ? [16:42] kirkland: i can make a security audit on it, did you have some branch or link i can break? [16:42] :D [16:42] mathiaz: nxvl: https://edge.launchpad.net/ubuntu-manpage-repository [16:42] (just to make things faster on kees revition) [16:42] mathiaz: i might add that the command line interface, "dman" absolutely kicks arse! [16:43] kirkland: could add a reference to dman to the spec somewhere ? [16:43] mathiaz: instant access from a command line to any man page in any ubuntu release dapper - intrepid, main/universe/multiverse/restricted [16:43] kirkland: so that we can keep track of it ? [16:44] mathiaz: well, i'd like to actually submit that to the "man" package once the backend repo is up on it's permanent ubuntu.com home [16:44] mathiaz: it's only about 20 lines that does a wget and pipes to man [16:44] mathiaz: just a shell wrapper [16:44] kirkland: sure [16:44] http://ubuntu.dustinkirkland.com/dman [16:44] LINK received: http://ubuntu.dustinkirkland.com/dman [16:44] mathiaz: it's temporarily housed in the same LP project as the repository code [16:45] kirkland: seems great to me [16:45] let's move on [16:45] mathiaz: I'm going to send it to cjwatson eventually [16:45] [TOPIC] Call for user experiences on WBEM/CIM Servers [16:45] New Topic: Call for user experiences on WBEM/CIM Servers [16:45] Koon: ^ ? [16:45] I've been investigating possibilities we have for integrating a WBEM/CIM server in Ubuntu server [16:46] I was wondering if anyone in the team had any experience with that he would like to share [16:46] the possibilities are : OpenWBEM, SBLIM, OpenPegasus (others ?) [16:46] anyone uses them, or has an opinion on them ? [16:47] guess not :) [16:47] * sommer hasn't used any [16:48] ivoks: heh ;) [16:48] ok, let's move on then :) [16:48] * nxvl doesn't even know what they are or do [16:48] [TOPIC] Intrepid alpha 2 [16:48] New Topic: Intrepid alpha 2 [16:48] A reminder that we're gearing up for Alpha2 to be released this thursday [16:48] nxvl: something blabla enterprise blabla :D [16:49] already?! [16:49] there is a soft freezr in effect as announced by pitti: [16:49] doh... [16:49] https://lists.ubuntu.com/archives/ubuntu-devel-announce/2008-July/000445.html [16:49] ivoks: that's what i thought [16:49] that means we'll some -server isos to be tested in the next few days [16:49] we'll *have* [16:50] #ubuntu-testing and the iso qa tracker are the place to keep track of that [16:50] do the isos work with kvm? [16:50] yeah, the kvm business is really hurting my testing [16:50] i always download them on my class of thursday and start testing them [16:50] soren said he would upload a patch to fix that shortly [16:51] sommer: I don't know - I'm not sure :/ [16:51] Yay! [16:51] sommer: i always test them using KVM [16:51] sommer: with virt-manaer [16:51] manager* [16:51] sommer: a new kernel has been uploaded - I was able to boot an intrepid guest [16:51] sommer: but there were tons of oopses [16:52] mathiaz: oh cool, I checked a while back and wasn't able to boot... will try again :) [16:52] sommer: yes - 2.4.26-2 wasn't working at all [16:52] sommer: 2.6.26-3 should work [16:52] i have some intrepid guest generated by u-vm-builder without problems [16:53] u just needed to create them as a hardy and then upgrade [16:53] Koon: if you have a version of your request for wbem/cim info that is a bit more expanded and in context I'd be happy to forward it to folks that should know.... [16:53] nealmcb: great, will send that to you [16:53] [TOPIC] Open Discussion [16:53] New Topic: Open Discussion [16:53] anything else to add ? [16:54] o/ [16:54] I was wondering if we could get a serverguide factiod? [16:54] at least that's a url I copy and paste a lot :) [16:54] nealmcb: ^^ could you take care of that ? [16:54] yes please! [16:55] nxvl: you wanted to add something ? [16:55] yep [16:56] Augeas is about to reach the archive [16:56] i have already worked on a list of suggested/needed services [16:56] and i have already get some lenses [16:56] i talked to raphink earlier today and he said he has some and he will mail them to me [16:56] https://wiki.ubuntu.com/UbuntuCentralizedServiceAdministrator/Augeas [16:57] this is the list [16:57] if you have some suggestions on it, or want to add/remove something [16:57] i will be really grateful [16:57] (if you want to write some lenses better) [16:57] i also wrote a call for lensers [16:58] but i thing i do it on a bad time (sunday) [16:58] @schedule [16:58] mathiaz: Schedule for Etc/UTC: Current meeting: Server Team | 09 Jul 17:00: QA Team | 09 Jul 22:00: Platform Team | 10 Jul 13:00: Desktop Team | 10 Jul 16:00: Ubuntu Mobile | 11 Jul 12:00: MOTU [16:58] mathiaz: so if you make echo on the ubuntu server blog it would be really cool [16:59] original post can be found here: http://nvalcarcel.aureal.com.pe/?p=199 [16:59] nxvl: I'll write something up - it will be in the minutes anyway :) [16:59] anything else to add ? [16:59] not from me [16:59] that's all i wanted to add [17:00] [TOPIC] Agree on next meeting date and time [17:00] New Topic: Agree on next meeting date and time [17:00] same place, same time, next week ? [17:00] works for me [17:01] yes, sound good... [17:01] excellent than - see you all next week here at the same time [17:02] thanks for coming and happy iso testing ! [17:02] #endmeeting }}}