20080715

Agenda

Items we will be discussing:

  • Review ACTION points from previous meeting.
  • Review progress made on the specification listed on the Roadmap.

  • Open Discussion.
  • Agree on next meeting date and time.

Minutes

Add 'status' action to server init scripts

kirkland created a wiki page to keep track of the different packages that should implement a status action in their init script. He also added a recipe explaining how to implement a status action in an init script.

ACTION: kirkland to update the init script wiki page with a list of packages that should be fixed.

Augeas

nxvl reported that the augeas package was published in the ubuntu archive. It was also accepted in Debian. The next step is to write more lenses. nxvl setup a wiki page to keep track of the lenses writing effort.

He also looked into the Model:Config project. He plans to package it once Augeas is supported.

Encrypted ~/Private Directory in Each User's Home

kirkland reported that most of the MIRs had been written. He is also using an auth-client-config profile to setup the pam configuration correctly. He updated the testing instructions and is looking for more testers.

Migrate new installs and upgrades of client and server packages to use SSL v3 or TLS

ivoks made a list of packages that need their configuration updated. He added it to the wiki page.

There was some discussion about dropping support for sslv2 in the openssl package, rather than modifying each package. mathiaz suggested that it may be worth having a session about this proposal during next UDS or at least start a conversation on the ubuntu-devel mailing list.

Integration of SASL and Postfix

ivoks looked briefly into it: since postfix is jailed, giving access to the sasl daemon socket is the main issue (which is the same problem with Dovecot SASL).

ACTION: ivoks to discuss cyrus socket integration with lamont.

Review ServerGuide for Intrepid

sommer updated the samba section in the Ubuntu Server Guide. mathiaz looked into creating a bzr branch of the server guide after discussing with LaserJock about handling translations. He is still working on figuring out a simple workflow for new contributors.

Agree on next meeting date and time

Next meeting will be on Tuesday, July 22nd at 15:00 UTC in #ubuntu-meeting.

Log

[16:01] <MootBot> Commands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE]
[16:01] <dendrobates> \o/
[16:01] <dendrobates> _/\_
[16:01] <Koon> ___ ?
[16:01] <kirkland> dendrobates: scoliosis?
[16:01] <zul> hello
[16:02] <nealmcb> ´╗┐https://wiki.ubuntu.com/ServerTeam/Meeting
[16:02] <dendrobates>  \o/
[16:02] <dendrobates> _/\_
[16:02] <nijaba>  /o\
[16:02] <mathiaz> nealmcb: thanks for the meeting agenda
[16:02] <nealmcb> :)
[16:02] <mathiaz> last meeting minutes: https://wiki.ubuntu.com/MeetingLogs/Server/20080708
[16:02] <mathiaz> kirkland: updated the lsb section
[16:03] <kirkland> mathiaz: i certainly did, big progress there
[16:03] <kirkland> mathiaz: actually, broke it out to its own wiki page
[16:04] <kirkland> mathiaz: just waiting on one more change to the library function to make it upstream
[16:04] <kirkland> mathiaz: could i perhaps call for volunteers from the community to help with other init scripts?
[16:04] <mathiaz> the new page to track all of this: https://wiki.ubuntu.com/InitScriptStatusActions
[16:04] <kirkland> mathiaz: the changes are pretty simple
[16:04] <emgent> hello
[16:04] <kirkland> mathiaz: good patch practice
[16:04] <kirkland> mathiaz: while still being very useful functionality
[16:05] <kirkland> all: there's a recipe on the page mathiaz mentioned
[16:05] <sommer> cool
[16:05] <mathiaz> kirkland: do you have a list of other services that need to be updated ?
[16:05] <kirkland> mathiaz: I'll grab that by next week.  owh created that list for hardy some time ago
[16:06] <mathiaz> kirkland: I see only references to bugs that have already been fixed
[16:06] <nxvl> kirkland: i will, i'm a little busy this days so i have just a little time at nights for contributing, and init scripts take me just little time
[16:06] <nxvl> :D
[16:06] <kirkland> mathiaz: see the link to Onno Benshop's page
[16:06] <nxvl> but i thing a list of pendients will be really usefull
[16:06] <kirkland> https://wiki.ubuntu.com/OnnoBenschop/ubuntu-server/init.d-status
[16:07] <nxvl> on a quick look
[16:07] <nxvl> i don't understand that page
[16:07] <kirkland> i'll nail down a good list
[16:07] <kirkland> by the next meeting
[16:08] <mathiaz> kirkland: awesome
[16:08] <mathiaz> [ACTION] kirkland to update the init script wiki page with a list of packages that should be fixed.
[16:08] <MootBot> ACTION received:  kirkland to update the init script wiki page with a list of packages that should be fixed.
[16:08] <mathiaz> nxvl: any news on the augeas front ?
[16:08] <nxvl> and i'm going on holidays the week after the next one so i will have more time
[16:08] <nxvl> mathiaz: a lot
[16:09] <nxvl> ok
[16:09] <nxvl> augeas is already on the archives
[16:09] <nxvl> it has been acepted an included already
[16:09] <nxvl> also i got it accepted on debian
[16:09] <zul> thee is a session about augeas at OLS that I will go to
[16:09] <nxvl> and it reched the archives on sunday IIRC
[16:09] <nxvl> or yesterday maybe
[16:10] <nxvl> raphink has been working on some lenses
[16:10] <mathiaz> nxvl: great - so the next step is to write more lenses
[16:10] <nealmcb> any more feedback from ebox on augeas?
[16:10] <nxvl> and he's reviewing them with lutter (the upstream PL)
[16:10] <nxvl> mathiaz: yes it is
[16:10] <nealmcb> debian too - great!
[16:10] <nxvl> nealmcb: there are still to few lenses
[16:10] <mathiaz> nxvl: great !
[16:11] <nxvl> nealmcb: i think it will better to write more of them, and then ping the eBox team again
[16:11] <nxvl> also
[16:11] <nxvl> i have been mailed about Model:Config
[16:11] <mathiaz> nxvl: could you add a point to the roadmap about augeas integration ?
[16:11] <nxvl> http://config-model.wiki.sourceforge.net/
[16:11] <MootBot> LINK received:  http://config-model.wiki.sourceforge.net/
[16:11] <nxvl> https://sourceforge.net/project/screenshots.php?group_id=155650
[16:11] <nxvl> and they said it will support augeas soon
[16:12] <nxvl> so i'm waiting for it to start palying
[16:12] <nxvl> if they made it soon, i think we can have UCSA for intrepid+1
[16:12] <nxvl> at least the first version
[16:12] <nxvl> mathiaz: doing it right now
[16:12] <mathiaz> nxvl: could config-model be integrated with augeas ?
[16:12] <mathiaz> nxvl: it seems that both would fit well
[16:13] <mathiaz> nxvl: the blue section could use augeas and its lenses
[16:13] <mathiaz> nxvl: I'm refering to the picture at http://config-model.wiki.sourceforge.net/
[16:14] <mathiaz> hm - nm - I've just noticed that augeas is being integrated in Config::Model
[16:14] <nealmcb> great minds thinking alike :)
[16:15] <mathiaz> nxvl: do you think about packaging config-model ?
[16:16] <nxvl> sorry, needed to minimize the window
[16:16]  * nxvl read the questions
[16:17] <nxvl> mathiaz: yes, they said they are planning on supporting augeas
[16:17] <nxvl> for me that's really important since augeas will let us manage the config files AND let the sysadmins edit them by hand
[16:17] <nxvl> without breaking anything
=== gnomefre1k is now known as gnomefreak
[16:18] <nxvl> i'm in contact with config-model upstream, so i'm waiting for them to support augeas and keeping an eye on it
[16:18] <nxvl> and yes
[16:18] <nxvl> i have planned on packaging it BUT after having a good amount on lenses
[16:18] <nxvl> and after it supports augeas
[16:18] <mathiaz> nxvl: waiting for support augeas may be a good thing
[16:19] <mathiaz> nxvl: I wouldn't wait for a lot of lenses
[16:19] <nxvl> yes, that's true since we can start playing with just few lenses
[16:19] <nxvl> but
[16:19] <mathiaz> nxvl: having config available would show case what can be done with augeas
[16:19] <nxvl> also i have an exchange of mails with them
[16:19] <mathiaz> nxvl: and thus trigger more interest in writing lenses
[16:20] <nxvl> and lenses will not be the only think needed, it will also need a model on config-model, which keeps the logic behind the config files managment
[16:20] <nxvl> which seems pretty fair to me
[16:20] <nxvl> since just config files managment isn't enought
[16:20] <mathiaz> nxvl: sure
[16:21] <nxvl> oh! ok
[16:21] <nxvl> i understand what you mean
[16:21] <nxvl> yes, it sounds awesome for me
[16:21] <nxvl> but still we need to wait until it support augeas
[16:21] <nxvl> which i hope will be soon
[16:22] <mathiaz> nxvl: yes - I'd suggest to wait for augeas support and then package for ubuntu
[16:22] <nxvl> ep
[16:22] <nxvl> will do
[16:22] <nxvl> :D
[16:22] <nxvl> i wil keep track of it next week
[16:22] <nxvl> since this week i'm in final exams
[16:22] <mathiaz> nxvl: great - thanks
[16:22] <mathiaz> let's move on
[16:23] <nxvl> so next week with one think lees to care about i will give ucsa the time i was giving to the university
[16:23] <mathiaz> [TOPIC] Encrypted ~/Private Directory in Each User's Home
[16:23] <MootBot> New Topic:  Encrypted ~/Private Directory in Each User's Home
[16:23] <mathiaz> kirkland: ^ ?
[16:23] <kirkland> mathiaz: in good shape
[16:23] <kirkland> mathiaz: MIRs nearly done
[16:23] <kirkland> mathiaz: ie, nearly approved
[16:23] <mathiaz> kirkland: testing instructions are up-to-date ?
[16:23] <mathiaz> kirkland: did you resolve the pam stack issue ?
[16:23] <kirkland> mathiaz: need to clean up some sprintf's in one of the the libraries, other than that, all approved
[16:24] <kirkland> mathiaz: we're using jdstrand's auth-client-config as a temporary work around for now
[16:24] <kirkland> mathiaz: slangasek has a comprehensive pam stack configurator in his head, he's trying to put together for intrepid
[16:24] <kirkland> mathiaz: wiki testing instructions are most definitely up to date
[16:24] <kirkland> mathiaz: i would very much appreciate any intrepid server users out there using/testing it!!!
[16:25] <mathiaz> kirkland: ok - so thre is a workaround even if the pam integration doesn't make it for intrepid
[16:25] <sommer> kirkland: is there a link for the testing?
[16:25] <kirkland> sommer: https://wiki.ubuntu.com/EncryptedPrivateDirectory#head-4a2aa7460fdca18bfe78bb1283becff406bbc13c
[16:25] <sommer> kirkland: thx
[16:25] <kirkland> mathiaz: hmm, there's a one liner that the sysadmin has to run, specifically:
[16:25] <mathiaz> kirkland: I plan to write a blog post on ubuntuserver asking for testing
[16:25] <kirkland> mathiaz: sudo auth-client-config -p ecryptfs_standard -t pam-auth,pam-session
[16:25] <kirkland> mathiaz: it's a one time deal
[16:26] <kirkland> mathiaz: i think we're running into debian policy problems, with one package needing to modify another package's config files
[16:26] <mathiaz> kirkland: can't you call that from the posting ?
[16:26] <mathiaz> kirkland: *postinst*
[16:26] <kirkland> mathiaz: i'm under the impression that Debian Policy says no
[16:27] <kirkland> mathiaz: libecryptfs0 package provides pam_ecryptfs.so
[16:27] <nijaba> kirkland: it is a command line, not a change to the conf
[16:27] <mathiaz> kirkland: IIRC, since it's a command you could use it
[16:27] <kirkland> mathiaz: it needs to make two modifications, to /etc/pam.d/common-auth, and common-session to make the unwrap passphrase work correctly
[16:27] <mathiaz> kirkland: you may wanna ask slangasek about it though
[16:27] <ivoks> only if you could revert the change from pre/post-rm, right?
[16:27] <kirkland> mathiaz: slangasek would not like it done that way
[16:27] <mathiaz> kirkland: ok
[16:27] <kirkland> mathiaz: it will be our fall back for intrepid
[16:28] <mathiaz> right - let's move on
[16:28] <mathiaz> [TOPIC] Migrate new installs and upgrades of client and server packages to use SSL v3 or TLS
[16:28] <MootBot> New Topic:  Migrate new installs and upgrades of client and server packages to use SSL v3 or TLS
[16:28] <mathiaz> ivoks: you made the list
[16:28] <ivoks> yay
[16:29] <ivoks> so, basicaly, this can be done per package or in openssl
[16:29] <mathiaz> ivoks: there are only a couple of packages
[16:29] <mathiaz> ivoks: what would be required in openssl ?
[16:29] <ivoks> if we would drop sslv2 from openssl, we would solve all problems
[16:29] <Daviey> surely except for upgrades?
[16:29] <ivoks> openssl can be compiled without SSLv2
[16:29] <ivoks> and this is the problem
[16:30] <ivoks> we cant go with openssl compile changes cause of upgrade
[16:30] <ivoks> but we can do per package configuration change on fresh install
[16:31] <ivoks> mathiaz: right, only couple of them; if you think of any other that provides SSL, please add it to the list :)
[16:31] <Daviey> sslv3 would have to conflict with sslv2?
[16:31] <ivoks> no
[16:31] <nijaba> what if I have a client that only speaks v2?
[16:31] <ivoks> most of the services provide sslv2 and sslv3
[16:31] <nijaba> I would not like to be locked out at openssl level
[16:31] <ivoks> in most of the cases, clients asks for sslv2
[16:31] <mathiaz> ivoks: right - dropping sslv2 from openssl should definitely be discussed on ubuntu-devel
[16:32] <ivoks> nijaba: then that client is very broken
[16:32] <mathiaz> ivoks: I think the path you suggest is safer and more reasonable for intrepid
[16:32] <ivoks> sslv3 is here for a decade
[16:32] <nijaba> ivoks: right, but there are a lot of very broken thing in the enterprise
[16:32] <mathiaz> ivoks: ie do it on a per-package basis
[16:32] <kees> I kind of like the idea of just dropping v2 from openssl.  It does make me cringe a little about breaking people, but it's a sure way to make sure it's off.  :P
[16:33] <mathiaz> dropping sslv2 may be worth discussing at next uds
[16:33] <ivoks> mathiaz: and i would go only with service providing packages; ie, not with clients
[16:33] <mathiaz> for the intrepid timeframe, we'd better focus the per-package approach
[16:34] <ivoks> right... in most cases, changes are trivial...
[16:34] <mathiaz> ivoks: excellent - the list of package is there.
[16:34] <ivoks> some packages will require code changes; uw-imapd
[16:34] <Brazen> What about providing two openssl packages?  One with and one without v2.
[16:34] <kees> it seems like per-package would be more accepted by Debian upstreams too
[16:34] <mathiaz> Brazen: that seems too complicated
[16:34] <Brazen> ok
[16:35] <ivoks> i'll provide patches for all packages on the list by the end of the week
[16:35] <mathiaz> ivoks: do you know which packages are easier to do ? like the one that don't require src code changes ?
[16:35] <ivoks> and then i'll examine what else we have in universe :/
[16:35] <mathiaz> ivoks: great - thanks for this work
[16:35] <ivoks> mathiaz: all packages listed on wiki need 1-2 lines in config
[16:36] <mathiaz> let's move on
[16:36] <ivoks> :)
[16:36] <mathiaz> [TOPIC] Integration of Dovecot SASL and Postfix
[16:36] <MootBot> New Topic:  Integration of Dovecot SASL and Postfix
[16:36] <mathiaz> ivoks: have you looked into cyrus sasl integration ?
[16:36] <ivoks> i tought we decided to replace that with Cyrus SASL
[16:36] <ivoks> mathiaz: i have couple of cyrus sasl production enviroments
[16:36] <ivoks> and i think everybody who played with email servers know how to set it up
[16:37] <mathiaz> ivoks: correct - I've renamed the task to :Integration of SASL and Postfix
[16:37] <nxvl> i need to run, read you all guys!
[16:37]  * nxvl HUGS everyone
[16:37] <ivoks> only 'issue' is to package it right
[16:37] <ivoks> nxvl: bye; good work ;)
[16:37] <ivoks> since our postifx is jailed, we'll have to bind mount cyrus socket
[16:38] <ivoks> and that brings us back to the core of dovecot's sasl 'problem' :D
[16:38] <ivoks> with one exception; cyrus sasl is configured for sasl out of the box
[16:38] <mathiaz> ivoks: right - could you discuss this issue with lamont ?
[16:38] <ivoks> so, we should just bind it's socket to postfix
[16:38] <ivoks> sure
[16:39] <mathiaz> ivoks: great - thanks
[16:39] <ivoks> it was my pleasure ;)
[16:39] <mathiaz> [ACTION] ivoks to discuss cyrus socket integration with lamont
[16:39] <MootBot> ACTION received:  ivoks to discuss cyrus socket integration with lamont
[16:40] <mathiaz> that's all there is on the Last meeting minutes
[16:40] <mathiaz> let's move on to review progress made on the specification listed on the  Roadmap.
[16:40] <mathiaz> https://wiki.ubuntu.com/ServerTeam/Roadmap
[16:41] <mathiaz> [TOPIC] Track pages on help.ubuntu.com that need to be updated
[16:41] <MootBot> New Topic:  Track pages on help.ubuntu.com that need to be updated
[16:41] <mathiaz> sommer: ?
[16:41] <sommer> err, not much progress with the wiki
[16:42] <sommer> the samba sections of the serverguide are updated though :)
[16:42] <sommer> except for integrating with AD, but that's coming soon
[16:42] <mathiaz> sommer: awesome - I discussed with LaserJock about bzr branch
[16:42] <mathiaz> sommer: I haven't done more work on that front
[16:42] <mathiaz> sommer: but we don't need to keep the .po files in the bzr branch
[16:43] <sommer> mathiaz: that's cool, I briefly looked at it and didn't get too far either
[16:43] <mathiaz> sommer: we'd just had to pull them from lp when releasing a new package
[16:43] <mathiaz> sommer: I'd put that in the release process rather then working on the package itself
[16:43] <sommer> mathiaz: gotcha, seems pretty straight forward
[16:44] <mathiaz> sommer: the difference between an upstream write (just using the bzr branch to update the server guide content)
[16:44] <mathiaz> sommer: and the package maintainer that is responsible for pulling all the things together (with the translateion)
[16:45] <mathiaz> sommer: dropping the po files would make the bzr branch a few 100k
[16:45] <mathiaz> sommer: making branching super-fast
[16:45] <sommer> super fast is good
[16:46] <sommer> mathiaz: do you have time to do the packaging or are were you looking for help with that... because I'm very willing to help
[16:46] <mathiaz> sommer: I'll make more experiments about branches to see how we can organize the branches
[16:46] <sommer> mathiaz: sounds good, I'll keep at updating the content
[16:46] <mathiaz> sommer: I could figure out the packaging bits, but I'd aim at someelse to do the package maintainance
[16:47] <mathiaz> sommer: I'll work on the whole workflow
[16:47] <sommer> mathiaz: very cool, just let me know how I can help
[16:48] <mathiaz> sommer: sure
[16:49] <mathiaz> [TOPIC] Boot Support for Degraded RAID
[16:49] <MootBot> New Topic:  Boot Support for Degraded RAID
[16:49] <mathiaz> kirkland: ?
[16:49] <kirkland> mathiaz: working on it at the moment
[16:49]  * nijaba hugs kirkland
[16:49] <kirkland> mathiaz: it looks relatively containable
[16:49] <kirkland> mathiaz: I'm hoping for patches this week
[16:49] <kirkland> mathiaz: hoping to have patches for review by this week, i mean
[16:50] <kirkland> mathiaz: there's been some misinformation in the bug/wiki
[16:50] <kirkland> mathiaz: I'm trying to wheedle through that
[16:50] <mathiaz> kirkland: ok - great
[16:50] <mathiaz> let's move on
[16:50] <mathiaz> [TOPIC] #
[16:50] <mathiaz> Open Discussion.
[16:50] <MootBot> New Topic:  #
[16:50] <mathiaz> [TOPIC] Open Discussion.
[16:50] <MootBot> New Topic:  Open Discussion.
[16:50] <mathiaz> anyone wants to add something ?
[16:51] <sommer> I had a question about kerberos... are we recommending heimdal for intrepid?
[16:51] <mathiaz> sommer: nope - MIT is in main
[16:51] <mathiaz> sommer: that's the version that is supported
[16:51] <mathiaz> sommer: heimdal is in universe
[16:52] <sommer> mathiaz: cool, answers that quesiton, thanks
[16:52] <sommer> that's all I had
[16:55] <mathiaz> [TOPIC] Agree on next meeting date and time
[16:55] <MootBot> New Topic:  Agree on next meeting date and time
[16:55] <mathiaz> next week, same time, same place ?
[16:55]  * nealmcb will be at oscon next week
[16:56] <sommer> this time works for me :)
[16:57]  * nijaba at oscon too
[16:57] <mathiaz> all right - so same place, same time, next week
[16:57] <lukehasnoname> who wants to compensate me for hours lost at work and fly me to Oregon?
[16:57] <nealmcb> nijaba: see you there :)
[16:57] <nealmcb> lukehasnoname: where do you live?
[16:58] <lukehasnoname> TX
[16:58] <Brazen> ooh, drive up to Wichita, KS and we can carpool :D
[16:58] <mathiaz> #endmeeting

MeetingLogs/Server/20080715 (last edited 2008-08-06 16:59:44 by localhost)