Server Team 20080826 meeting minutes

Posted in Ubuntu Server meeting minutes, Uncategorized on August 28th, 2008 by Dave Walker

Here are the minutes of the meeting. They can also be found online
with the irc logs here.

Ubuntu VM builder

soren is preparing a new upload of his python rewrite of ubuntu-vm-builder. nijaba offered to write a short tutorial about ubuntu-vm-builder once it’s available in the archive. sommer mentionned that the virtualization section of the server guide should also be updated.

ACTION: nijaba to write a tutorial about the new ubuntu-vm-builder.

ACTION: sommer to update the virtualization section of the server guide with references to the new ubuntu-vm-builder.

Review ServerGuide for Intrepid

sommer updated the openldap section to cover cn=config. Sections that have been updated are marked with “Ready for Review” on the wiki page. sommer also mentioned that is up-to-date. He added that reading through all the sections and update any path names, package names, etc that may have changed with intrepid would be helpful.

ACTION: jjesse to update the apache section of the server guide.

Tomcat6 server stack support

Koon announced that tomcat 6.0.18 had been uploaded to fix a few security issues that were disclosed a few weeks ago. He is waiting for feedback. He has written all relevant MIRs to get tomcat6 moved to main and then have a task added to tasksel.

mathiaz asked about dependencies pulled in by tomcat6. Koon has been working on reducing them and filed bugs for most of them. He is asking for sponsoring. Some of them may be controversial and he’d like to ask doko about it.

ACTION: Koon to write a post about tomcat6 for ubuntuserver blog.

ACTION: mathiaz to sponsor Koon patches for non-controversial packages.

UFW Package Integration

jdstrand reported that the ufw portion was basically done. The Roadmap has been updated with a list of packages to be integrated with ufw. Help in that area is welcomed.

Rails and Rubygems

macd said that the passenger package on REVU was in good shape. He also started a discussion about the rubygems changes. If the passenger changes are made and the rubygems changes that were spoken of are made rails will be in good shape for intrepid.

Agree on next meeting date and time

Next meeting will be on Tuesday, September 2nd at 15:00 UTC in #ubuntu-meeting.

cn=config is the default configuration backend in openldap

Posted in Uncategorized on August 14th, 2008 by Dave Walker

The release of Intrepid Alpha4 comes amongst other things with the latest version of openldap – 2.4.11. One of the most important change is in the packaging: cn=config is now the default configuration backend. Migration from slapd.conf to cn=config is automatically done on upgrades.

As explained in the Openldap Administrator Guide:

the slapd runtime configuration in 2.3 (and later) is fully LDAP-enabled and can be managed using the standard LDAP operations with data in LDIF. The LDAP configuration engine allows all of slapd’s configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect.

The old-style configuration using slapd.conf is still enabled, however the openldap package won’t maintain it anymore. Upgrade actions (such as migrating unsupported options, dumping database when necessary) will only be taken if the system uses cn=config.

From a packaging point of view one of the benefit of using the cn=config backend is the ability to add extra schemas to the ldap server (which was impossible without breaking the Debian Policy). That opens the door for better integration of ldap-aware applications. Packages will be able to automatically load the application schema into the ldap tree. There is still more work to be done in that area, but using cn=config as the default configuration backend is the first step in that direction.

The Ubuntu Server Team is looking for testers: if you’re running an ldap server you can help out. Clone your ldap system and try to upgrade to intrepid to see if things break. If so don’t forget to report bugs !

Server Team 20080812 meeting minutes

Posted in Ubuntu Server meeting minutes, Uncategorized on August 13th, 2008 by Dave Walker

Here are the minutes of the meeting. They can also be found online
with the irc logs here.

Remove multiuser options and updating init scripts

zul reminded that the multiuser option is no longer supported in Ubuntu. james_w filed bugs to keep track of the packages that need to be fixed. They’re pretty easy to fix, and any help will be appreciated. mathiaz suggested to write up a blog post about it.

ACTION: james_w to write a blog post about removing multiuser options.

New eBox packages

foolano gave an update on the ebox packages: ebox-mail, ebox-mailfilter, ebox-trafficshaping and ebox-webserver are good candidate to be included in intrepid. These packages are available in the ebox-unstable PPA. He asked for sponsoring to get them in universe before FeatureFreeze. soren suggested to check if the per-package upload ACL system could be used to grant foolano upload privileges just of the ebox packages.

ACTION: foolano to send an email to the MC to get upload rights to the ebox package

ISV’s – VMware on Gutsy and Hardy

owh asked about the state of the vmware-server package available from Canonical’s partner archive. A version for hardy hasn’t been released yet. dendrobates stated that kernel abi changes are problematic and we are trying to reduce them to make it easier.

Ubuntu VM builder

soren finally got it to build a Xen based image. He’ll put out an e-mail when it’s ready for actual use. Developers are very welcome to pitch in. The “–help” option is quite verbose and should be a good starting point. The code can be found in the python-rewrite branch.

Migrate openldap configuration to cn=config

mathiaz uploaded version 2.4.11 to intrepid. The default configuration backend has been switched to the cn=config tree. Migration from slapd.conf to cn=config is being done during the upgrade.

Tomcat6 server stack support

Koon announced that tomcat6 had been uploaded to intrepid. It’s currently sitting in the NEW queue. Testing is welcome.

He’s also working on reducing openjdk-6-jre-headless dependencies so that it doesn’t pull half of a desktop install in servers just to run tomcat6. He filed bugs and attached debdiffs to it. He is waiting for sponsoring.

Boot Support for Degraded RAID

kirkland has been working on adding RAID support to grub-install. His patch is waiting for sponsoring. He hopes it will make it for alpha4 scheduled to be released on Thursday. If so mathiaz suggested that this new feature should be documented in the Release Notes in order to get more testing.

The last item he’s working on is adding a question during the installation on whether the system should be set to boot from a degraded array (defaulting to No, which matches the current behaviour).

ACTION: kirkland to document BootDegradedRaid in the release notes if it’s included in alpha4.

Agree on next meeting date and time

nealmcb aggreed to run the meeting next week as mathiaz and Koon won’t be available.

Next meeting will be on Tuesday, August 19th at 15:00 UTC in #ubuntu-meeting.

Server Team 20080805 meeting minutes

Posted in Ubuntu Server meeting minutes, Uncategorized on August 9th, 2008 by Dave Walker

Here are the minutes of the meeting. They can also be found online
with the irc logs here.

Review ACTION points from previous meeting

kirkland will publish the blog post about testing booting from a degraded raid array today, on his own wordpress account linked to planet.ubuntu.

nijaba waits for some input from Intel before writing up the server survey question related to hw and submitting it for review to the rest of the server team.

Ubuntu VM builder

soren works on some parted issues but is now very close to having KVM as well as Xen support in VMBuilder. That delayed the publication of some very basic doc on how to get it / test it / run it.

Mail server improvements

ScottK still needs help for writing up the MIRs for having ClamAV and Spamassassin in main for Intrepid. Anyone interested in that endeavor should step up and contact him.

jdstrand noticed it would be great to have a clamd and freshclam enforcing apparmor profile, which would definitely help in having ClamAV approved for main. He offered his help to ScottK or anyone else wanting to implement this.

Boot Support for Degraded RAID

In addition to the aforementioned blog post, kirkland is going to work on a grub patch this week.

Encrypted ~/Private Directory in Each User’s Home

kirkland will be publishing a blog post calling for testers, now that this feature has been promoted to main.

Ubuntu Manpage Repository

The manpage repository software has now fully passed kees audit, it’s just waiting on Canonical IS to take over hosting it. kirkland hopes it will be available by the end of the month.

Review ServerGuide for Intrepid

sommer finished the Kerberos section, which should be the last of the big updates for Intrepid. Like the rest of the server guide, it’s waiting on reviewers !

Call for likewise-open update testing

Koon has been working on likewise-open updates for Intrepid, based on the Likewise test branch that should become the next version. This important update needs some widespread testing before it can be pushed to main. The version is available in Koon’s PPA, waiting on testers to find potential regressions from the hardy version. sommer offered to help, and anyone else is welcome to join him.

Agree on next meeting date and time

Next meeting will be on Tuesday, August 12th at 15:00 UTC in #ubuntu-meeting.

July in the archive – a view from the Ubuntu Server Team

Posted in Uncategorized on August 1st, 2008 by Dave Walker

Another month passed on the road to the Intrepid Ibex. Two alpha releases have been pushed out the door and the Debian Import Freeze has been in effect for one month. Does this mean that the intrepid archive has been quiet ? Not really… Here are some highlights for the month of July:

DKIM verification is on by default

For those of you that deploy mail servers we’ve added another component for your spam fighting toolbox: DomainKeys Identified Mail. As mentioned earlier this month more testing of this new feature is welcome.

Default ssl virtual host in apache2

Amongst other things the apache2 package comes now with a default ssl virtual host. One more step closer to add support for SNI.

Improved autochanger support in Bacula

The new version of Bacula – 2.4.1 – comes with a major rewrite of the storage daemon autochanger and reservation code. Those of you using multiple drive autochangers should see more reliable operations.

Openldap update

The new upload saw an update to 2.4.10 and also the package renamed from openldap23 to openldap. It should bring in more stability (especially in the replication sub-system) and less confusion for the end user as to which version of openldap they’re running.

Smartcard support in Openvpn

The new package reenables PKCS#11 support.

Samba 3.2

At the begining of the month the Samba team released version 3.2. Shortly after it was uploaded to the archive. Lots of new features have been added: clustered file server support, encrypted network transport, ipv6 support and better integration with the latest version of Microsoft Windows© clients and servers. It should also be noted that Samba 3.2 is licensed under the GPLv3.