Agenda
- Review ACTION points from previous meeting.
- Move to mysql 5.1 for jaunty (chuck)
- Discuss KDE mysql needs for Jaunty (akonadi and amarok) and possible packaging changes to avoid need for code copies (apachelogger/ScottK)
Proposal to split https://help.ubuntu.com/community/KVM in multiple sub pages (nijaba/yann2)
Encrypted home: beta available (DustinKirkland)
Review progress made on the specification listed on the Roadmap.
- Open Discussion.
- Agree on next meeting date and time.
Minutes
MySQL 5.1 in Jaunty
ScottK mentioned that the next version of amarok (music player for KDE) would require MySQL 5.1 as it uses the embedded mysql library (which is not available in 5.0). He also added that akonadi (PIM manager for KDE) used MySQL 5.0 for now. zul and mathiaz reported that they had been working on merging 5.1 from experimental. However the test suite isn't successfully run during the build process. There was some discussion about supporting both 5.1 and 5.0 in main. jdstrand from the security team strongly suggested to not do that. mathiaz also mentioned that a senior MySQL developer blogged about the poor quality of MySQL 5.1 now that it has been declared stable for production use (GA) by upstream.
ACTION: zul to document the library transition requirement for mysql 5.1
ACTION: mathiaz to look into test build failures of mysql 5.1
split https://help.ubuntu.com/community/KVM in multiple sub pages
nijaba reported that the KVM wiki page in the community help site starts to get to big and suggested to split its content in multiple sub-pages.
ACTION: nijaba to add an item about KVM wiki page restructure on the Roadmap and list the new structure
Encrypted home: beta available
kirkland reported that encrypted home directory was working well. He asked for more testing and wrote a post covering how to setup a user with an encrypted home directory. nijaba asked about performances. kirkland said he had conducted some basic benchmarks and was interested in a more extensive performance test.
ACTION: kirkland to create a wiki page for encrypted home directories
UDS and beers
kirkland asked who was going to be at UDS. While this mini-survey was conducted mathiaz reminded that dendrobates would buy any server team member a beer if they found him at UDS. He also added that his LP account had a picture of him.
Agree on next meeting date and time
Because of UDS it was decided to cancel the meeting for next week.
Next meeting will be on Tuesday, December 16th at 16:00 UTC in #ubuntu-meeting.
Log
[16:01] <mathiaz> #startmeeting [16:01] <MootBot> Meeting started at 10:01. The chair is mathiaz. [16:01] <MootBot> Commands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE] [16:01] <mathiaz> welcome to the Server Team meeting! [16:01] <mathiaz> starring... well a lot of interesting people! :) [16:01] <nijaba> o/ [16:02] <mathiaz> today's agenda: https://wiki.ubuntu.com/ServerTeam/Meeting [16:02] <mathiaz> we've got plenty of things to cover this week! [16:02] <ScottK-laptop> mathiaz: Did you get my ping about going first? [16:02] <ScottK-laptop> I can make it quick. [16:02] <mathiaz> ScottK-laptop: hm - I didn't get your ping [16:03] <ScottK-laptop> I've only got about 20 minutes and then I need to go. [16:03] <mathiaz> ScottK-laptop: oh ok. [16:03] <mathiaz> [TOPIC] KDE mysql needs for Jaunty [16:03] <MootBot> New Topic: KDE mysql needs for Jaunty [16:03] <ScottK-laptop> KDE has two major packages that use mysql. [16:04] <ScottK-laptop> akonadi and amarok. [16:04] <ScottK-laptop> JontheEchidna is here also from the Kubuntu team to help me discuss [16:04] <JontheEchidna> \o [16:04] <mathiaz> ScottK-laptop: right - I ran into akonadi when I developer the apparmor profile [16:04] <mathiaz> ScottK-laptop: I had some dicussion with the upstream devs about it also. [16:05] <ScottK-laptop> Good. [16:05] <mathiaz> ScottK-laptop: IIRC you introduced me to them [16:05] <ScottK-laptop> I wanted to coordinate early to ensure that our mysql packages work with akonadi so we don't have code copies. [16:05] <mathiaz> ScottK-laptop: IIRC the current situation is that akonadi starts its own mysql process [16:05] <ScottK-laptop> Right. [16:05] <ScottK-laptop> http://paste.ubuntu.com:80/79351/ has some background. [16:05] <MootBot> LINK received: http://paste.ubuntu.com:80/79351/ has some background. [16:06] <ScottK-laptop> JontheEchidna: Jump in any time. [16:06] <JontheEchidna> ok, heh [16:06] <JontheEchidna> Amarok uses mysqle for music collection management [16:06] <JontheEchidna> I think for that we just basically need to ensure that we have mysql 5.1 for jaunty [16:06] <JontheEchidna> and it looks like that's on the agenda ;-) [16:06] <mathiaz> JontheEchidna: right - zul and I have been looking into that [16:06] <zul> heh we were just talking about that [16:07] <mathiaz> the issue we have for now is that mysql 5.1 doesn't build on jaunty [16:07] <mathiaz> or even 5.0 [16:07] <ScottK-laptop> One issue I see with amarok is that any time we do post-release updates on mysql, amarok might need rebuilding to get the benifit of the update. [16:07] <ScottK-laptop> Given that amarok is using the embedded approach, I don't think that's avoidable. [16:08] <mathiaz> ScottK-laptop: IIUC amarok uses the embedded mysql library that comes with 5.1 [16:08] <ScottK-laptop> Yes. [16:08] <ScottK-laptop> That's why it needs 5.1. [16:08] <zul> well once we get mysql to build then I dont see a problem with it [16:09] <mathiaz> ScottK-laptop: ok - what would be the consequence of not packaging 5.1 in jaunty? [16:09] <ScottK-laptop> So I think somewhere it needs to be written down "If you do a security update of mysql, rebuild amarok against it for Jaunty and follow" [16:09] <ScottK-laptop> We need 5.1 in some form for amarok2 (which is the KDE4 version). [16:09] <JontheEchidna> mathiaz: If we don't package 5.1 apachelogger sez that there's a set of two patches we can use to make it work with amarok [16:09] <mathiaz> ScottK-laptop: the reason I ask this is because there has been a blog post on planet.mysql.com stating the 5.1 wasn't ready for production [16:10] <mathiaz> JontheEchidna: patches for 5.0? [16:10] <ScottK-laptop> So either it's packaged by the distro, it's stuffed inside the amarok package, or we're stuck on the KDE3 version again (this is a very bad thing). [16:10] <JontheEchidna> I would assume so [16:10] <mathiaz> JontheEchidna: IIUC amarok requires mysql embeded and 5.0 doesn't have support for embededd. [16:10] <ScottK-laptop> JontheEchidna: That note he left is about patches to 5.1. [16:10] <JontheEchidna> oh [16:10] <JontheEchidna> nevermind then [16:10] <ScottK-laptop> Well amarok2 is at RC stage using it. [16:11] <ScottK-laptop> So it must be at least ok'ish. [16:11] <ScottK-laptop> Part of the trick here is that amarok is in Main, so this would need to be in Main. [16:12] <mathiaz> ScottK-laptop: right - I don't a personal opinion about the state of 5.1 - I've just been watching the MySQL community [16:12] <mathiaz> I don't *have* [16:12] <ScottK-laptop> One way or another we'll need 5.1. [16:12] * ScottK-laptop nods. [16:12] <JontheEchidna> We did package our own mysql bits for a PPA containing amarok2, so that's a possibility [16:12] <ScottK-laptop> Right. That's what we'd like to avoid. [16:12] <ScottK-laptop> Who is working on mysql for server team? [16:12] <mathiaz> yeah - packaging mysql 5.1 in amarok would make the security team cry [16:13] <mathiaz> ScottK-laptop: zul and me mainly [16:13] * jdstrand sniffles [16:13] <zul> is this embeded stuff jut a library? [16:13] <JontheEchidna> zul: libmysql is all that's needed at build time [16:13] <mathiaz> zul: yeah - it was in 4.0 or 4.1 IIRC [16:13] <mathiaz> zul: but 5.0 doesn't ship it. [16:13] <ScottK-laptop> JontheEchidna: Maybe you could coordinate with them to pass on what you did in the PPA so they have the advantage of that work. [16:13] <mathiaz> so it seems we have one application in main that requires 5.1 [16:13] <ScottK-laptop> Yes. [16:13] <jdstrand> so 5.1 isn't considered ready for production by mysql themselves? [16:14] <JontheEchidna> brb [16:14] <mathiaz> jdstrand: it is now. [16:14] <zul> couldnt we jut promote the library and keep everything else in universe for 5.1 if we decide that 5.1 is not stable enough [16:14] <mathiaz> jdstrand: 5.1.30 has been declare GA [16:14] <mathiaz> jdstrand: Nov 27th [16:14] <ScottK-laptop> zul: presumably. [16:14] <jdstrand> mathiaz: so our plan is to move to 5.1 whole hog and drop 5.0 support in jaunty? [16:14] <jdstrand> or support both? [16:14] <mathiaz> jdstrand: that would be one option [16:15] <zul> icky.. [16:15] <mathiaz> jdstrand: I'd go for 5.1 in main and 5.0 in universe [16:15] <jdstrand> mathiaz: that seems reasonable to me [16:15] <mathiaz> jdstrand: the same way we have 4.1 in universe [16:15] <ScottK-laptop> Does mysql support multiple versions alongside like postgresql does (I'm more familiar with that)? [16:15] <mathiaz> however moving 5.1 in main means we'd have to take of the library transition [16:15] <jdstrand> I don't want to be supporting two separate releases in main if at all possible [16:16] <mathiaz> ScottK-laptop: AFAICT no [16:16] <zul> it doesnt [16:16] <JontheEchidna> ScottK-laptop: we have the packaging in a bzr branch, so it should be fairly easy to share [16:16] <ScottK-laptop> Any standard Kubuntu install will use akonadi and amarok both. [16:16] <mathiaz> JontheEchidna: are you running the test suite during the build? [16:16] <ScottK-laptop> So it sounds like akonadi will have to migrate to 5.1 too then to be co-installable. [16:17] <JontheEchidna> mathiaz: I don't know (I've only done updates to the packaging), apachelogger probably would though [16:17] <JontheEchidna> ...but he's not here :( [16:17] <zul> is it somewhere now? [16:18] <mathiaz> the main issue now is that the test suite fails. [16:18] <ScottK-laptop> zul: Am I correct then that since amarok needs 5.1 and it needs to be co-installable with akonadi, that akonadi also needs to use 5.1? [16:18] <mathiaz> ScottK-laptop: yes - that's a reasonable assumption. [16:18] <JontheEchidna> oh, maybe he doesn't have it in a bzr branch... [16:19] <mathiaz> ScottK-laptop: we could try to support both libmysql 5.0 and 5.1 in main [16:19] <ScottK-laptop> mathiaz: OK, so it sounds like Kubuntu pretty well HAS to get 5.1 then. [16:19] <mathiaz> but that means the security would have to support two version of mysql [16:19] <ScottK-laptop> Once it's akonadi it's more than just the lib. [16:20] <mathiaz> Ok - so to summarize [16:20] <mathiaz> it seems we have a compeling use case to get 5.1 in jaunty [16:20] <mathiaz> zul and I have already been looking into merging 5.1 from experimental [16:20] <ScottK-laptop> Amarok2 will be one of Kubuntu's marquee features for Jaunty, so we REALLY need it. [16:21] * JontheEchidna would cry if we had to include JuK [16:21] <mathiaz> zul: could you look into the library transition? [16:21] <mathiaz> zul: ie have list of package that would need to be rebuild? [16:21] <zul> mathiaz: yeah I could [16:22] <mathiaz> [ACTION] zul to document the library transition requirement for mysql 5.1 [16:22] <MootBot> ACTION received: zul to document the library transition requirement for mysql 5.1 [16:22] <mathiaz> I'll try to get some input on the test failure while working on the 5.1 merge [16:22] <ScottK-laptop> mathiaz: How about some action to look into security team's position on supporting two versions in Main. [16:22] <mathiaz> [ACTION] mathiaz to look into test build failures of mysql 5.1 [16:22] <MootBot> ACTION received: mathiaz to look into test build failures of mysql 5.1 [16:23] <mathiaz> ScottK-laptop: well - jdstrand already expressed his view [16:23] <ScottK-laptop> mathiaz: He didn't say no. [16:23] <mathiaz> ScottK-laptop: they rarely say no... they always express concerns ;) [16:23] <zoopster1> are there any lp entries that I can get mysql engineers to look at to help the cause? I have a bi-montlhy call with a mysql liason [16:23] <jdstrand> I am confident in expressing that we do not want to do that if at all possible [16:24] <ScottK-laptop> jdstrand: ;-) [16:24] <ScottK-laptop> zoopster1: When's the next call? [16:24] <mathiaz> ScottK-laptop: having only 5.1 in main mean that akonadi should support 5.1 [16:24] <jdstrand> it is a very strong-- "please, please don't" [16:24] <jdstrand> :) [16:24] <ScottK-laptop> mathiaz: Having 5.0/5.1 not coinstallable means akonadi needs to be 5.1 [16:25] <mathiaz> ScottK-laptop: however I don't see why akonadi wouldn't work with 5.1 since it starts it's own mysql process [16:25] <mathiaz> ScottK-laptop: IIUC akonadi doesn't use a library [16:25] <ScottK-laptop> Agreed, to the extent 5.1 is stable, reliable, etc. [16:25] <zoopster1> thurs 1:30 et [16:25] <mathiaz> ScottK-laptop: so it just uses SQL [16:25] <ScottK-laptop> mathiaz: Well there's your deadline to get some help ^^^ [16:26] <ScottK-laptop> Akonadi carries user critical data, so it has to be reliable. [16:26] <mathiaz> zoopster1: I'll get in touch with you if I ran into issues. [16:26] <mathiaz> ok - let's move on. [16:26] <ScottK-laptop> mathiaz: How about an action to let Kubuntu developers know when 5.1 hits the archive and one for us to update akonadi to 5.1. [16:27] <ScottK-laptop> OK. Thanks. [16:27] <ScottK-laptop> JontheEchidna: Thanks. [16:27] <JontheEchidna> ScottK-laptop: You're welcome [16:27] <ScottK-laptop> apachelogger: Thanks (in abstentia). [16:27] <mathiaz> [TOPIC] split https://help.ubuntu.com/community/KVM in multiple sub pages [16:27] <MootBot> New Topic: split https://help.ubuntu.com/community/KVM in multiple sub pages [16:27] <zoopster1> mathiaz: deal [16:27] <ScottK-laptop> Have a nice meeting everyone. [16:27] <mathiaz> nijaba: what's your brilliant idea? [16:28] <nijaba> no that brillant [16:28] <nijaba> I just think the page is too bug [16:28] <nijaba> big [16:28] <nijaba> and that it could be splitted in sub pages [16:29] <nijaba> but wanted to see if people had objections before doing so [16:29] <mathiaz> nijaba: do you have an idea about the structure? [16:29] <kirkland> nijaba: multiple pages could definitely be more effective, done correctly [16:29] <nijaba> mathiaz: not yet, but that would be a theme structure. one sub section will be dedicated to windows guest, that's sure [16:30] <mathiaz> nijaba: ok - so the first step would be to come up with the structure [16:31] <mathiaz> nijaba: and then content can be moved from the main page to its sub-page [16:31] <nijaba> mathiaz: ok. you can action me on that [16:31] <mathiaz> nijaba: great. could you add an item in the roadmap and put up the new structure as bullet points there? [16:31] <nijaba> mathiaz: fine [16:31] <mathiaz> nijaba: I don't think we need a blueprint for that [16:32] <nijaba> hope not ;) [16:32] <mathiaz> [ACTION] nijaba to add an item about KVM wiki page restructure on the Roadmap and list the new structure [16:32] <MootBot> ACTION received: nijaba to add an item about KVM wiki page restructure on the Roadmap and list the new structure [16:32] <mathiaz> [TOPIC] Encrypted home: beta available [16:32] <MootBot> New Topic: Encrypted home: beta available [16:32] <mathiaz> kirkland: has an amazing news! [16:33] * jjesse waits exepenctantly [16:33] <kirkland> mathiaz, et al: encrypted home directory code is working well :-) [16:34] <kirkland> I just blogged about it here: http://blog.dustinkirkland.com/2008/12/ubuntu-jaunty-encrypted-home.html, hoping for some early testers [16:34] <kirkland> two packages affected, in my PPA, adduser, and ecryptfs-utils [16:34] <kirkland> assuming you upgrade those two packages, it's simply a matter of "adduser --encrypt-home foo" [16:34] <nijaba> kirkland: have you done any bench on perf impact? [16:34] <kirkland> and foo's home directory will be setup for total encryption [16:35] <kirkland> nijaba: i did a basic test [16:35] <kirkland> nijaba: i debuild compiled a sufficiently large package [16:35] <kirkland> nijaba: in my encrypted home dir, it took about 19 minutes [16:35] <kirkland> nijaba: in a non-encrypted /tmp dir, it took almost 18 minutes [16:35] <nijaba> hmmm; sounds good! [16:36] <kirkland> nijaba: not very scientific, i know [16:36] <kirkland> nijaba: do we have an filesystem performance testers out there? [16:36] <nijaba> enough for me to be convinced to give it a shot on my test machine [16:36] <kirkland> nijaba: someone that could help benchmark this? [16:36] <kirkland> nijaba: good point ... test machines only at this point [16:36] <kirkland> nijaba: in my PPA, and such [16:36] <kirkland> the file name encryption hasn't landed in the ubuntu kernel yet [16:37] <kirkland> though it is in Andrew Morton's -mm tree [16:37] <kirkland> so its well on its way to upstream adoption [16:37] <kirkland> i do think that should make jaunty's final kernel [16:37] <kirkland> i have a number of other things still to do... [16:37] <kirkland> integrating into the Server and Desktop installers [16:38] <kirkland> and modifying the graphical Users and Groups program to support the option [16:38] <kirkland> in any case, i think the hardest part is behind me ;-) [16:38] <kirkland> so if you have a VM lying around, running Jaunty, please give it a shot ;-) [16:38] <mathiaz> kirkland: is the list of TODO items tracked somewhere? [16:39] <kirkland> mathiaz: https://blueprints.edge.launchpad.net/ubuntu/+spec/encrypted-home-directory [16:39] <nijaba> kirkland: you could get in touch with the guys at phoronyx to give us an idea on the impact [16:39] <kirkland> mathiaz: in the whiteboard [16:39] <kirkland> mathiaz: i still need to make a full wiki spec for it, at which point i'll migrate those over there [16:39] <kirkland> nijaba: interesting, okay... do you have a contact over there? [16:39] <kirkland> nijaba: those were the guys who trashed Intrepid, though, right? [16:40] <nijaba> kirkland: will get you in touch with them [16:40] <kirkland> nijaba: thanks [16:40] <kirkland> mathiaz: i'll probably shift some focus to encrypted swap now [16:40] <mathiaz> kirkland: right - considering that you'll have to write something up for UDS you could start a wiki page now [16:41] <kirkland> mathiaz: as that's critically important to the security of the homedir's data, now, in that any cleartext homedir data *only* lives in memory, which could get swapped to disk [16:41] <mathiaz> kirkland: OTOH if these are just minor points, adding to the Roadmap would be enough IMO [16:41] <kirkland> mathiaz: okey doke [16:41] <kirkland> mathiaz: i plan on having a wiki page anyway [16:41] <mathiaz> [ACTION] kirkland to create a wiki page for encrypted home directories [16:41] <MootBot> ACTION received: kirkland to create a wiki page for encrypted home directories [16:42] <mathiaz> kirkland: anything else on the encrytped front? [16:43] <kirkland> mathiaz: don't think so [16:43] <Koon> kirkland: any way to have a non-encrypted foler inside an encrypted home directory ? [16:43] <Koon> (folder) [16:43] <kirkland> Koon: kind of ... [16:43] <kirkland> Koon: ecryptfs at the kernel layer supports something called "passthrough" [16:44] <kirkland> Koon: which would do what you suggest [16:44] <kirkland> Koon: however, there's a couple of bugs (or feature requests) in the kernel ecryptfs filesystem that are keeping this from being feature-complete [16:44] <Koon> kirkland: just asking :) [16:44] <kirkland> Koon: it's a great, fair question [16:44] <mathiaz> allright - let's move on [16:44] <kirkland> Koon: and it's something i hope we're close to fixing [16:44] <mathiaz> [TOPIC] likewise-open SRU [16:44] <MootBot> New Topic: likewise-open SRU [16:45] <mathiaz> Koon: ^^? [16:45] <Koon> Well ,testing is now done, thanks to sommer [16:45] <Koon> it's just waiting for -updates copy [16:46] <mathiaz> Koon: great - any other SRU that should be tested? [16:46] <Koon> mathiaz: nope, I do have a tomcat5.5 hardy SRU waiting for sponsoring though [16:46] <mathiaz> Koon: bug number? [16:47] <Koon> bug 179447 [16:47] <ubottu> Launchpad bug 179447 in tomcat5.5 "Installation of tomcat5.5 fails if openjdk-6 or a JRE is installed" [High,Confirmed] https://launchpad.net/bugs/179447 [16:47] <mathiaz> Koon: OTOH you'll be a MOTU soon [16:47] <mathiaz> Koon: that could be your first upload [16:47] <Koon> mathiaz: I hope so, so I figured I could do it myself [16:48] <mathiaz> [TOPIC] Open discussion [16:48] <MootBot> New Topic: Open discussion [16:48] <mathiaz> anything else to add?D [16:48] <james_w> Koon: I'm pretty sure I uploaded that [16:48] <nijaba> I guess there will be no meeting next week because of UDS, right? [16:48] <kirkland> show of hands, who's attending UDS? :-) [16:48] <kirkland> o/ [16:49] <nijaba> o/ [16:49] <mathiaz> nijaba: I was about to discuss that in the next topic [16:49] <mathiaz> o/ [16:49] <zul> \o\ [16:49] <zoopster1> o/ [16:49] <Koon> james_w: you uploaded the intrepid fix... bug not the hardy SRU [16:49] <sommer> o// [16:49] <james_w> Koon: Successfully uploaded tomcat5.5_5.5.25-5ubuntu1.2_source.changes to upload.ubuntu.com. [16:49] <Koon> ah.hm. [16:49] <james_w> Koon: I'm trying to work out where it went [16:50] <Koon> o\ [16:50] <mathiaz> Reminder: dendrobates will buy any server team member a beer if they find him at UDS [16:50] <james_w> Koon: Subject: [ubuntu/hardy-proposed] tomcat5.5 5.5.25-5ubuntu1.2 (Waiting for approval) [16:50] <james_w> Date: Wed, 26 Nov 2008 23:10:08 -0000 [16:50] <zul> mathiaz: it should be easier to corner him now [16:51] <mathiaz> a picture of him can be found in his LP account - https://launchpad.net/~dendrobates/ [16:52] <Koon> james_w: ok, so it's in the queue. Thanks, couldn't tell by looking at the bug [16:52] <james_w> Koon: yeah, I should have added a comment I now realise. You can see it at https://edge.launchpad.net/ubuntu/hardy/+queue?queue_state=1&queue_text= [16:53] <mathiaz> anything else to add? [16:53] <Koon> have a great time at UDS, guys, drink one or two beers in my name :) [16:53] <nijaba> Koon: will do! [16:53] * Koon still hopes to get private access to the robotic webcam [16:54] <mathiaz> [TOPIC] Agree on next meeting date and time [16:54] <MootBot> New Topic: Agree on next meeting date and time [16:54] <mathiaz> as nijaba mentioned earlier, UDS will be taking place next week [16:54] <mathiaz> and most of us will be there (sorry Koon :/ ) [16:55] <mathiaz> so my proposal is to not have a server team meeting next week [16:55] <mathiaz> and instead we'll meet again here on IRC in two weeks [16:55] <mathiaz> same time, same place, in two weeks? [16:55] <sommer> sounds good to me === zoopster1 is now known as zoopster [16:56] <nijaba> +1 [16:57] <mathiaz> great then [16:57] <mathiaz> next IRC meeting in two weeks, same time, same place [16:58] <mathiaz> and see most of you at UDS next week (or even earlier for those of you that attend Fosscamp [16:58] <mathiaz> thanks for attending! [16:58] <mathiaz> #endmeeting