Re: Wishes for +Xenial
Excerpts from Martinx - ジェームズ's message of 2016-01-25 09:20:02 -0800: > On 23 January 2016 at 22:56, Martinx - ジェームズ > wrote: > > Hey guys, > > > > I'm wondering here about what package versions we'll have on Xenial > > 16.04... > > > > So, I'm creating a wish list!:-P > > > > Upgrades: > > > > - Apt 1.2 > > - Linux 4.4 (long term) - confirmed > > - OpenShot 2.0 > > - Ansible 2.0 > > - Docker 1.10.X - better integrated with Ubuntu and with rolling upgrades > > during 16.04 life cycle (like Ubuntu Cloud archive) > > - QEmu 2.5 - Done - With 3D support (specially for Ubuntu Desktop on KVM)! > > - Mesa 11.1 - Done > > - Xen 4.6 - Done! > > - DPDK 2.2 or 2.3 (new 16.04) with Xen support (for ParaVirt DomUs) - > > confirmed! > > - Virt-Manager 1.3 and SPICE support (Python 3 deps already in) > > - Libvirt 1.2.21 - Done! > > - Samba 4.3 - Done! > > - SSSD 1.13 - Done! > > - Wireshark 2 (QT based, no GTK) > > - nmap 7 > > - InfluxDB 0.9.6 (or newer) - Done! > > - Prometheus Server 0.16 & Node Exporter (0.12) > > - MariaDB 10.1.10 plus better support for it (move it for Main Repo) > > - Vagrant 1.8 - Done - But fully integrated with both KVM/Libvirt and > > VirtualBox > > - Enlightenment 0.20 & LibEFL 1.16 - https://www.enlightenment.org/download > > with Wayland enabled ;-) > > - Terminology 0.9.1 > > > > - blivet-gui: http://blog.vojtechtrefny.cz/blivet-gui instead of GParted ? > > > > > > And why not, new packages (specially more Go projects)? Like: > > > > - Consul > > - Alertmanager (Prometheus) > > - PromDash (Prometheus) > > - Packer > > > > More: > > > > - KVM VirtIO Windows Drivers as ISO but, packaged as .deb > > - Xen GPLPV Windows Drivers as ISO but, packaged as .deb > > - Better NodeJS Integration and NPM management > > - More Ruby Gem as Deb packages > > > > - Bitcoin/Litecoin Electrum Wallet > > - Ethereum and IoT Devices? > > - Bitcoin/Litecoin/Etc integrated with Ubuntu App Store!? > > > > * systemd networkd - drop ifupdowd, please. > > > > LXD fully supported on OpenStack. > > > > ** OpenStack hybrid Compute Node that supports KVM and LXD side-by-side. > > > > Perfect IPv6 support! Especially for OpenStack... > > > > Dreaming: > > > > - All Microsoft Open Source projects, .NET (corefx, corectr, etc), Visual > > Studio, everything... Kidding... > > - Apple Swift available > > > > > > Bug fixes for: > > > > * Make Linux Kernel more modular (very important and an easy one): > > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1475078 > > > > > > * ecryptfs-utils does not work with Ubuntu 14.04.3: > > https://bugs.launchpad.net/ecryptfs/+bug/1328689 > > > > * ubuntu-desktop depends on iBus, which is totally broken: > > https://bugs.launchpad.net/baltix/+source/unity-control-center/+bug/1365752 > > > > * NM disables accept_ra for an IPv6 connection, where it should enable it: > > https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1455967 > > > > * Impossible to disable IPv6 auto, params "accept_ra & autoconf = 0" have no > > effect on VLAN interfaces: > > https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1345847 > > > > * memcached unable to bind to an ipv6 address: > > https://code.google.com/p/memcached/issues/detail?id=310 > > > > > > - Samba related bugs: > > > > * Samba4 AD DC randomly dies (4.3 might be better, need to put it in prod > > and see): > > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1357471 > > > > * Samba4, when with 2003 default level, dies when IPv6 is enabled: > > https://bugzilla.samba.org/show_bug.cgi?id=10730 > > > > * Samba has a wrong "Dual-Stack" implementation (I think) - (I'll help to > > prepare a reproducible procedure): > > https://bugzilla.samba.org/show_bug.cgi?id=10729 > > > > * Samba4 get stuck after a server reboot, if IPv6 is enabled: > > https://bugs.launchpad.net/samba/+bug/1339434/ > > > > > > - A elegant solution for this: > > > > * Ubuntu does not honor “ignore-hosts” proxy settings for IPv6: > > https://bugs.launchpad.net/ubuntu/+source/d-conf/+bug/1295003 > > > > This problem is interesting, I think that Ubuntu should provide a way to, > > if the proxy is enabled, do a DNS Look up locally, before querying local > > "ignore-hosts" table. This is specially useful, if for example, you have an > > IPv6-Only Ubuntu Desktop, but NEED a Proxy only to browse IPv4 networks. > > What I'm trying to do here is to put the Global IPv6 subnet (2000::/3) in my > > "ignore-hosts", because I don't need a proxy to reach IPv6 hosts, but, > > everything goes to the proxy (because the DNS look up occurs at the Proxy, > > and this sucks sometimes). If someone can point me a different solution to > > this problem, that would be great! > > > > Sorry about crossposting... =P > > > > Cheers! > > Thiago > > One more Bug that needs to get fixed for Xenial: > > Xenial Server daily ISO boot in text mode interface isn't working - > kind of loop: > https://bugs.launchpad.net/ubuntu/+so
Re: MRE request: mysql-5.5
Excerpts from Robie Basak's message of 2014-02-06 05:31:47 -0800: > Application drafted by MySQL upstream: > > I would like to apply for a micro release exception for MySQL > Server. > > Upstream: > > - Micro releases happen from low-volume stable branches, > approximately once every two months. > > - Stable branches are supported with bug fixes for 8 years. > > - Upstream commits are reviewed by members of the MySQL Server > Engineering team. > > - All commits to stable branches are evaluated wrt. potential > regressions and signed off by the MySQL Support team. > > - Unit tests and regression tests are run on multiple platforms per > push to the source code repository. In addition, there are more > extensive test suites run daily and weekly. > > - Unit and regression tests are run on both debug and optimized > builds. > > - Each micro release receives extensive testing between code freeze > and release. This includes the full functional test suite, > performance regression testing, load and stress testing and > compatibility and upgrade testing from previous micro and > minor/major releases. > > - Tests are run on all supported platforms. > > In Ubuntu: > > - Unit and regression tests are run as part of the package build > process, and the package FTBFS if tests fail. > > - Micro releases for MySQL Server 5.1 and 5.5 have routinely been > accepted as security updates since Ubuntu 12.04 without known > regressions. > > Additional notes (by rbasak): > > +1 from the Ubuntu Server team. We've been in regular contact with > upstream for a while now, including their attendance at a number of past > vUDSs. I met them last weekend at FOSDEM, and we discussed this > exception. > > Upstream do not make security patches publicly available, instead > releasing a new stable release each time security updates are required. > Thus, the security team have had no choice but to bump to the latest > release for mysql-5.5 security updates anyway. > Just to clarify.. the security patches are "available" .. they're just not documented as security patches, nor are the bug reports linking to them available. So it ranges from "tedious" to "nearly impossible" to extract the patches from the upstream code trees. > So users get a micro release bump that includes bugfixes when there is a > security update, but do not get bugfixes if there is an upstream stable > release that do not include any security updates. > > Given that this happens, it is an odd situation that users end up > effectively waiting for a security vulnerability to get any intermediate > bugfixes. > +1 from me. Oracle has committed to not breaking backward compatibility in these releases unless it is a security flaw to be backward compatible. They've delivered on that, and I think this MRE is a slam dunk. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: ubuntu server mirror errors bzip2 on fresh ubuntu-server-12.04
Excerpts from Stefan Fuhrmann's message of 2013-09-25 21:25:13 -0700: > Hello all, > Im having problems with a fresh installed ubuntu-server-12.04 and apt, > getting sum mismatch, not a bzip2 file and sometimes error 404 on a fresh > ubuntu-server-12.04: > > Get: 64 http://de.archive.ubuntu.com precise-backports/universe Sources [14 B] > 93% [Waiting for headers] >2037 kB/s 0sbzip2: (stdin) is > not a bzip2 file. > bzip2: (stdin) is not a bzip2 file. > bzip2: (stdin) is not a bzip2 file. > bzip2: (stdin) is not a bzip2 file. > Get: 65 http://de.archive.ubuntu.com precise-backports/multiverse Sources > [36.3 kB] > Get: 66 http://de.archive.ubuntu.com precise-backports/main amd64 Packages > [5178 B] > Get: 67 http://de.archive.ubuntu.com precise-backports/restricted amd64 > Packages [72 B] > 93% [Waiting for headers] >2037 kB/s 0sbzip2: (stdin) is > not a bzip2 file. > Get: 68 http://de.archive.ubuntu.com precise-backports/universe amd64 > Packages [72 B] > 93% [Waiting for headers] >2037 kB/s 0sbzip2: (stdin) is > not a bzip2 file. > Get: 69 http://de.archive.ubuntu.com precise-backports/multiverse amd64 > Packages [70 B] > 93% [Waiting for headers] >2037 kB/s 0sbzip2: (stdin) is > not a bzip2 file. > Get: 70 http://de.archive.ubuntu.com precise-backports/main i386 Packages [73 > B] > 93% [Waiting for headers] >2037 kB/s 0sbzip2: (stdin) is > not a bzip2 file. > Get: 71 http://de.archive.ubuntu.com precise-backports/restricted i386 > Packages [9098 B] > 93% [Waiting for headers] >2037 kB/s 0sbzip2: (stdin) is > not a bzip2 file. > Get: 72 http://de.archive.ubuntu.com precise-backports/universe i386 Packages > [152 kB] > 94% [Waiting for headers] >2037 kB/s 0sbzip2: (stdin) is > not a bzip2 file. > Get: 73 http://de.archive.ubuntu.com precise-backports/multiverse i386 > Packages [1641 kB] > Ign http://de.archive.ubuntu.com precise-backports/main TranslationIndex > 94% [Waiting for headers] >2037 kB/s 0sbzip2: (stdin) is > not a bzip2 file. > Ign http://de.archive.ubuntu.com precise-backports/multiverse TranslationIndex > Ign http://de.archive.ubuntu.com precise-backports/restricted TranslationIndex > Ign http://de.archive.ubuntu.com precise-backports/universe TranslationIndex > Err http://de.archive.ubuntu.com precise-updates/universe amd64 Packages > 404 Not Found > Err http://de.archive.ubuntu.com precise-updates/multiverse amd64 Packages > 404 Not Found > Err http://de.archive.ubuntu.com precise-backports/restricted amd64 Packages > 404 Not Found > Err http://de.archive.ubuntu.com precise-backports/restricted i386 Packages > 406 Not Acceptable > Err http://de.archive.ubuntu.com precise-backports/universe i386 Packages > 406 Not Acceptable > Err http://de.archive.ubuntu.com precise-backports/multiverse i386 Packages > 406 Not Acceptable > Get: 74 http://de.archive.ubuntu.com precise-backports/main Translation-en > [1882 B] > Get: 75 http://de.archive.ubuntu.com precise-backports/multiverse > Translation-en [4269 B] > Get: 76 http://de.archive.ubuntu.com precise-backports/restricted > Translation-en [20 B] > Get: 77 http://de.archive.ubuntu.com precise-backports/universe > Translation-en [28.7 kB] > Fetched 16.6 MB in 21s (787 kB/s) > W: Failed to fetch > bzip2:/var/lib/apt/lists/partial/de.archive.ubuntu.com_ubuntu_dists_precise_restricted_source_Sources > Hash Sum mismatch Disable any local caching proxies. apt is (still?) not atomic when it updates and caches often have slightly skewed files leading to "Hash sum mismatch". -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: how to apply these upgrades?
Excerpts from Rajeev Prasad's message of 2013-07-12 12:26:23 -0700: > hello, > > aptitude shows i have to upgrade: > mysql-client-5.5 > mysql-server-5.5 > mysql-server-core-5.5 > and java > > i want to upgrade all but java. > > how to do it? echo "java-package-foo hold" | dpkg --set-selections This will make java-package-foo somewhat invisible to dpkg and apt. Then when you are ready to upgrade it: echo "java-package-foo install" | dpkg --set-selections Doing this will let you simply use apt-get as usual (I do not know anything about aptitude, but would be surprised if it ignored holds). If you want a more permanent solution, you can use "pinning" to make sure apt only uses a certain version or source for a package. Google will help you with how to do "apt pinning". -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: errors.ubuntu.com: mechanism on Server
On 2013-06-06 03:51, Robie Basak wrote: [Daviey] ... *how* to do it... I thought I'd summarise the mechanism we've proposed here, so it's in one place for others to follow and discuss further if they wish. 1. d-i will prompt for automatic error uploads to errors.ubuntu.com. This will default to Yes. The installer will be able to select No, or preseed this answer. MAAS will be able to use this preseed according to its own global configuration. Turning this on without explicit user authorization would be a breach of confidence in Ubuntu Server. You and I know that these errors are not going to have sensitive information in them, but users will now be forced to audit this system or choose to turn it off. Either way, if they fail to notice, they may discover it later and be quite unhappy that data is leaving their systems that they weren't aware of. I like the approach of collecting crash reports locally by default and notifying users about them, but I think Ubuntu should only send them on user request. Also, you fail to mention what will be the default on the cloud images. 2. If enabled above, then there will be no further interaction. Crash reports will automatically be uploaded. We'll log this activity, of course. Perhaps we can even email root if an MTA is detected? 3. If disabled above, then the crash report will sit pending in /var/crash. We will then additionally: a. Note on the motd that there are pending reports. b. Note on the bash prompt that there are pending reports. Please do not put it on the bash prompt. Do you want to nag people enough to move to another OS? I like putting it in the MOTD though. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [vUDS Blueprint 13.10] MongoDB into Ubuntu main
On 2013-04-30 12:13, James Page wrote: Hi Clint On 30/04/13 18:38, Clint Byrum wrote: So, one could argue that the current Ubuntu packages, which do link mongodb to OpenSSL, are violating the AGPL license. There is of course the special exception for system libraries, but that requires that one prove OpenSSL is "a major essential component of the specific operating system on which the executable work runs". Not a huge stretch, but one that Debian has been reluctant to make. I raised this directly with 10gen last cycle; they granted Ubuntu a license exception so that we could enable SSL support with OpenSSL. I want to see if we can get this generically expanded to support *everyone*. Nice. Where are license exceptions documented? Seems like they should be at the very least distributed along with MongoDB's source code. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [vUDS Blueprint 13.10] MongoDB into Ubuntu main
Excerpts from James Page's message of 2013-04-30 05:22:31 -0700: > Hi List > > MongoDB is becoming a popular core technology for Ubuntu Server, both in > its own right as a scalable, nosql database to support massive data > storage, and as a supporting technology for two other key projects; > OpenStack Ceilometer and Juju. > > Both Ceilometer and Juju will most likely be included in Ubuntu main for > Saucy so I'm proposing that we review MongoDB with the intent of > including it in Ubuntu main as well, where it will receive the full > attention of the Ubuntu Security Team for security updates and have > increased focus from the Ubuntu Server Team for important bug fixes etc... > > For Saucy, this would mean supporting the shipped release of MongoDB > (probably 2.4.x) for 9 months; this gets more challenging for 14.04 > where the support lifetime of the release is 5 years (with at least two > years of aggressive security and functional bug fixes to get people to > 16.04). We should apply for a minor release exception from the > technical board so we can ship point releases from upstream during the > lifetime of 13.10 and 14.04. > > We should also look at improving the support for non-x86 architectures; > specifically armhf which will be important for Ubuntu Server in > hyperscale ARM server deployments. This work would be upstreamed where > possible. > > I'd also like to see if we can work with 10gen on the MongoDB license to > allow us to enable SSL support in MongoDB upstream in Debian (and in > other distros). This will allow us to decrease the packaging delta > between Ubuntu and Debian. > Just for reference, 10gen has already made it clear in their public bug tracker that they believe one needs to get in touch with their sales department if they want a license exception: https://jira.mongodb.org/browse/SERVER-8886 So, one could argue that the current Ubuntu packages, which do link mongodb to OpenSSL, are violating the AGPL license. There is of course the special exception for system libraries, but that requires that one prove OpenSSL is "a major essential component of the specific operating system on which the executable work runs". Not a huge stretch, but one that Debian has been reluctant to make. Seems like a simple way forward would be to add gnutls support to MongoDB so that this becomes a non-issue. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: 12.04.2 LTS MaaS + PPA Juju doesn't work
Excerpts from Kyle Rankin's message of 2013-03-21 09:31:24 -0700: > I do appreciate your help. I'm in a tricky situation here because I'm not > deploying juju and maas for my own needs; I'm trying to write official > documentation for how to use juju and maas with precise so I would really > prefer to avoid directing a reader to a PPA whenever possible because I > fear a year from now someone will end up in the same situation I was in: > big changes in one or the other that work if you are in the latest release > but weren't regression tested on the LTS. Will the maas updates in the PPA > land in precise-backports (so I'll need to document for the reader how to > make sure that is enabled) or will it just show up as a standard update > to the maas package? > Hi Kyle! Thanks for doing this. Juju really does need more technical docs and I've always enjoyed your documentation efforts. There isn't really an official version of Juju for 12.04. It was rejected for main inclusion for various reasons, and thus ships from universe. Since then the python version shipped in 12.04 has slowed down quite a bit in favor of the shiny new go version, which is nearing feature parity with juju 0.6. I personally can't recommend the python version, as it is rife with rather large security issues, most of which are addressed in the go rewrite. I'm sure you have deadlines, and this is tricky, but you might want to focus on juju 2.0 when it comes out, and how it works with the latest maas in Ubuntu 12.04 at the time, which will likely be the "current" maas. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Framebuffers, plymouth, upstart and server installs.
Excerpts from Sander Smeenk's message of 2013-01-03 13:53:39 -0800: > Hello list, > > I recently got directed here from ubuntu-devel-discuss with my > pet-peeves on how i think Ubuntu Server is not really tailored for > servers [anymore], the thread of which you can read up on here: > https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2013-January/014163.html > > I wrote about these issues in an earlier thread on this list too: > https://lists.ubuntu.com/archives/ubuntu-server/2011-April/thread.html > > Basically it boils down to quotes from the above shown threads; > | "I like to be able to watch the [boot] process happen. [ .. ] I don't > | care if my server looks pretty when it's booting. I do care that I > | can see at what point in the boot process a catastrophic failure has > | occurred." > and; > | "[ .. ] under no circumstance should a server blindly come up in a mode > | in which it cannot display to a virtual console. Never. Ever. No Excuse." > > In fact, and i really, *really* don't mean to insult any one involved in > ubuntu-server development, but i kind-of wonder if the people putting > all this hard work in ubuntu-server are actually using ubuntu-server on a > daily basis on more than one system like a lot of sysadmins like myself > do. > I can say that the paid developers of Ubuntu server (of which I was one until fairly recently) do not administer many servers directly. However, the entire Operations team behind Ubuntu does administer many servers, and feeds data back to that team fairly rapidly. There's no special treatment given though, they report bugs just like you can report bugs. > Me and my team manage roughly 200 servers running Ubuntu. We encounter > situations where we have old CRT monitors, shady KVM-switches and crappy > ILOM/ELOM/DRAC java implementations with which we have to manage our > servers. Situations where (we/the customer) botched something up which > makes the bootprocess fail, etc. > I came to work on Ubuntu server from an environment very similar. I was quite surprised to see how quiet Ubuntu 10.04 was. You failed to mention versions though. Since 10.04, a lot of changes have been made specifically to make server users' lives better. This includes logging of all upstart job output, and the upstart<->plymouth bridge that tells you what jobs are starting/stopping. Also friendly recovery makes it a lot easier to handle disk issues. > Framebuffers, or rather 'special video modes', are somewhat unstable on > server hardware and/or plain right incompatible with shady KVM > implementations which are, unfortunately, commonly used in colocated > environments. > > What i really want to know is 'why' all this is necessary on server > installs ad what we / i can do to get a clearer view on what is > actually going on during boot. > > The path Ubuntu Server followed from Ubuntu Desktop is to depend on > framebuffers and upstart during boot and to switch off the GRUB menu > by default. > > I'd like to propose the (re)introduction of a special '-server' kernel > which has no framebuffers enabled? Some mechanism to tune GRUB into > verbose, 80x24 text mode when installed on a Server setup? Implement > 'tee(1)' functionality in Upstart perhaps? > Upstart logs all job output to /var/log/upstart now, since at least 12.04, maybe 11.10. So that much is at least handled. As far as a -server kernel, thats quite drastic. I'm fairly certain you can just disable the framebuffer using command line arguments, which could be made default on server installs. > Is any of this discussable? Yes. I'd recommend that you report some of these as bugs and bring them back here for discussion. None of the problem statements you have above are controversial, so the only hurdle is getting them done. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: D.ROOT-SERVERS.NET changed January 3rd 2013
Excerpts from Chuck Peters's message of 2013-01-08 19:15:13 -0800: > See http://d.root-servers.org/. I think bind9, and likely other DNS > servers, should be updated to include the correct IPv4 D root server, > http://www.internic.net/domain/named.root, and filed a bug report, > https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1090593. As the issue > stands now, it could be a long time before the LTS releases get the update, > but it should not cause serious DNS problems. > > Robie Basak triaged the bug report and said: > I'm reluctant to push for this unless a clear consensus is reached, > somebody points out exactly what we've done in the past, or an experienced > Ubuntu developer tells me otherwise. I think the best place to seek > consensus on this is the ubuntu-server mailing list. If others agree that > the change is worth it... > > How was this handled in the past? > > What do you think should be done? I commented in the bug, and opened SRU tasks. Once this is fixed in raring, it should be pushed back to lucid. There's no point in fixing it in hardy since it will be EOL by the time the old IP goes out of service. The only hesitation is that conffile changes in updates are usually discouraged, but I think in this case its worth it to avoid having problems 1/13th of the time. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: 13.04 Call for Ubuntu Server/Cloud Topics
Excerpts from Robbie Williamson's message of 2012-10-02 07:39:55 -0700: > Hi all, > > This is the "official" call for discussion about Ubuntu Server/Cloud > planning for the 13.04 cycle. As a reminder, this is a non-LTS > release, thus it is a good time to get in your more daring and > innovative server features, as we typically like to use the following > LTS-1 (13.10) release to harden the key features we want to highlight in > the next LTS (14.04). However, please keep in mind this is *not* true > for our cloud guest images, where users regularly deploy production > workloads on non-LTS Ubuntu Server releases, so we might push back on > features that impact these users. > > The process will be conducted as follows: > > 1. A call for blueprints, i.e. *this* email. > > 2. Create blueprints that start with "servercloud-r-", mark Dave > Walker[1] as approver, and propose them for uds-r[2]. > > 3. Send an email to ubuntu-server@lists.ubuntu.com to let us know you > submitted the idea, as sometimes we can lose the LP notification amongst > our other LP spam. We will then review the blueprints, ask some > clarification questions, and then approve the ones suitable for > discussion at UDS. > https://blueprints.launchpad.net/ubuntu/+spec/servercloud-r-webscale We've done this one before, its usually helpful to get a feel for the necessary work to promote things to main. I have started off with a few must-haves for Main promotion, but I suspect we will have some others sprinkled in there. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Call for Testing: Ubuntu Server Quantal
Excerpts from George Dunlap's message of 2012-09-20 09:45:28 -0700: > I just spent 10 minutes trying to figure out how to *actually report a > bug* on launchpad, and I give up. > Hi George. There are two easy ways. If you are reporting a bug on a running system, just run ubuntu-bug [package name] The package name is optional, but highly recommended so that apport knows what extra info to attach. Since you are reporting installer errors that might be hard to do, so go here: https://launchpad.net/ubuntu And click "report a bug" on the right side. > The netboot images for amd64 appear to be broken -- they don't work on > either of my two test boxes (one an AMD, one an Intel). The AMD > hangs, the Intel reboots. Below is the config I'm using: > > label ubuntu-quantal-amd64 > kernel ubuntu-quantal-amd64/linux > append vga=normal initrd=ubuntu-quantal-amd64/initrd.gz -- quiet > > The files in question were just downloaded today: > > -rw-r--r-- 1 mikemc xendev 9306616 Sep 20 16:39 initrd.gz > -rw-r--r-- 1 mikemc xendev 5127712 Sep 20 16:39 linux Can you give more information on the details of your hardware so others can try to reproduce? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Load balancing between datacenters
Excerpts from Jesus arteche's message of 2012-09-06 06:03:11 -0700: > Hey guys, > > I am trying to create a ha infrastructure. I would like to have my > infrastructure in a cloud/vps provider in europe and a replica in USA. I > will create load balancers in a HA mode. My problem comes up when I think > how to share the floating ip. I mean in a datacenter with the same range of > IP is not a problem...but when the datacenters are in different ranges of > ip's ...it shouldn't work... > > Any ideas about how to do it? There are a few approaches to this. They all boil down to some abuse of DNS. DNS based load balancing works by using low TTL's and an actively maintained list of the known working IP's. So basically each DC gets one floating IP and is monitored for availability. DNS clients are fed only those IPs that are available. Some nice commercial load balancers will also look at server load on all DC's and shift traffic to other DCs when one is overloaded by leaving the overloaded DC out of some DNS responses. Also there are some of these that will use GeoIP or AnyCast to send users to a closer DC. This has a HUGE latency drawback because of the low TTLs. If the TTLs are raised, then the system becomes much less responsive to a down DC. The *simplest* thing to do is to feed back all of those DC IPs and hope that clients are smart enough to fail-over quickly, which most web browsers are. Of course, this will not give you good balancing between the DCs because of caching and clients just doing the wrong thing. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Server Team 20120904 meeting minutes
Hi, Here are the minutes of the meeting. They can also be found online with the irc logs here: https://wiki.ubuntu.com/MeetingLogs/Server/20120904. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Server Team 20120626 meeting minutes
Hi, Here are the minutes of the meeting. They can also be found online with the irc logs here: https://wiki.ubuntu.com/MeetingLogs/Server/20120626. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: cobbler how to set static ip address for ubuntu
Excerpts from Shake Chen's message of Wed May 09 05:47:11 -0700 2012: > Hi > > I have set up orchestra in ubuntu 12.04. use cobbler deploy OS > > the Centos and ubuntu working well . > > Now I need set the static IP address for the node. > > In centos , I have success, > > but for Ubuntu, it no working. > > I read http://terrarum.net/administration/deploying-ubuntu-with-cobbler.html > > can not working. > Hi Shake! If you want to set the IP address in the pre-seed, edit the kickstart template and add a section with static IP config: # Static network configuration. d-i netcfg/get_nameservers string 192.168.1.1 d-i netcfg/get_ipaddress string 192.168.1.42 d-i netcfg/get_netmask string 255.255.255.0 d-i netcfg/get_gateway string 192.168.1.1 d-i netcfg/confirm_static boolean true You can replace any of these with variables, check sudo cobbler system dumpvars --name=your-system-record To get the values for the system you want to boot. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Replacing setuid with file capabilities
Excerpts from Serge Hallyn's message of Thu Mar 29 09:01:42 -0700 2012: > Quoting Andrea Corbellini (corbellini.and...@gmail.com): > > Hello, > > > > As many of you already know, there are some setuid executables in Ubuntu > > that perform very specific tasks and do not need many special privileges > > (ping and traceroute are just two examples). My proposal is to remove > > their setuid flag and set the file capabilities they need through > > setcap(8). This will indeed reduce the risk of privilege escalation. > > > > I think this is the right time to start discussing about this feature > > because 12.10 is four releases away from the next LTS and the risk of > > committing serious mistakes is lower. > > > > So, what do you think? Is it something that we could do for the > > Q-series? > > One of the things which always blocked this in the past has been > support for non-xattr filesystems, in particular NFS. Perhaps > it's something postinst can tweak based on fs support? > > Couldn't hurt to have another session on this at next UDS. > Wouldn't it be simpler to just have apparmor confine these binaries to their intended setuid-needing capabilities? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: php files on webdav (SetHandler)
Excerpts from Mark Dokter's message of Tue Mar 20 04:06:27 -0700 2012: > Hi! > > I just noticed that the usual way to edit php files through webdav does > not work on my ubuntu server 11.10. The ForceType text/plain is ignored > as is the RemoveHandler .php or RemoveType .php. > After a little trial and error I found out, that a SetHandler None and > ForceType text/plain combination in the DAV location works now the same > way the single ForceType text/plain used to work. > Is it a new apache behaviour, ubuntu specialty or just my installation? > On what version did it "used to work" ? This is most likely an apache behavior change, but its hard to determine that if we don't know at what point it did work. Given the documentation seen here: http://httpd.apache.org/docs/2.2/mod/mod_mime.html#removehandler I would expect "RemoveHandler .php" to do the same thing as SetHandler None, though I do notice that ForceType and SetHandler are both in core, while RemoveHandler and RemoveType are in mime.. so is it possible you don't have the mime module enabled (should be on by default)? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Webserver attacks
Excerpts from Whisperity's message of Sun Feb 19 06:34:57 -0800 2012: > Greetings! > > I wanted to share my little script with you, server owners. A week or two > ago I have set up an Ubuntu server box, with some services (Apache, MySQL) > for personal usage. But my webserver is getting attacked by flood bots from > time to time, so I needed to develop a wall (using Shorewall firewall) for > it, and an easy manage script. > > The two script files (ip.sh and log.sh) are the swiss army knife for me > right now. (You need to put them into your webserver log folder > (/var/log/apache2)) > What I am asking for, knowing that people here are developers with more > knowledge than me > - log.sh: lists the access.log (or anything else log file specified in the > first argument) and filters out the "banned" IP-list > - ip.sh: (needs to run as root) manages the IP filtering (also adjusts > Shorewall's blacklist) > > There are some awkward, flood-like entries in my webserver's log. They > seems to be some sort of vulnearability checks, should I be worried? Can > you please give me some more tips on how to improve my server's security? > A single server is a huge weakness, so the first tip I'd give you is to get a second server, in a second physical location. Be ready to scale out when you get legitimate traffic, and you'll have no problem handling malicious traffic while you find and ban the bad actors. Second, consider an application level firewall such as mod_security: http://www.modsecurity.org/ Most of those probes you are seeing are just mindless zombies looking for known vulnerable versions of old webapps, and can be ignored. I'd recommend filtering them out. Some packages, like logwatch, already do that. Finally, consider using apparmor to confine your application so that if somebody finds a hole in your application's security you can at least keep it confined to the files/directories/capabilities that you expect. Its actually a pretty straight forward process: https://help.ubuntu.com/11.10/serverguide/C/apparmor.html https://help.ubuntu.com/community/AppArmor -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: MySQL's future in Debian and Ubuntu
Excerpts from Clint Byrum's message of Tue Feb 07 01:50:18 -0800 2012: > Many of us in the Free and Open Source software community have seen a > trend regarding Oracle's stewardship of Open source software that it > inherited when it purchased Sun. In particular there were two fairly > large public project blow ups that resulted in OpenOffice splintering, > and the Hudson community (almost?) completely moving to an independent > fork called Jenkins. > > It has been brought to my attention that MySQL may have gone this way > as well, but in a much more subtle way. This started about a year ago, > and has only recently really become obvious. > > A few notable fellows from the MySQL ecosystem have commented: > > Mark Callaghan > http://mysqlha.blogspot.com/2011/02/where-have-bugs-gone.html > (read the comments on this one, very informative, and most of the > commenters are extremely important non-Oracle members of the MySQL > community) > > http://mysqlha.blogspot.com/2011/11/great-work-bug-12704861-was-fixed.html > > Stewart Smith: > http://www.mysqlperformanceblog.com/2011/11/20/bug12704861/ > > And the CVE's are extremely vague: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0119 > > "Unspecified vulnerability in the MySQL Server component in Oracle MySQL > 5.1.x and 5.5.x allows remote authenticated users to affect availability > via unknown vectors" > > Links to here: > > http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html > > Which links to here: > > http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1390289.1 > > Which requires an account (which I created). I did try to login but got > some kind of failure.. > > "Failure of server APACHE bridge:". > > The bzr commits for the latest MySQL releases also reference log bug#'s > that are thought to belong to the private oracle support system, not > accessible to non-paying customers. > > This is all very troubling, as in a Linux distribution, we must be able > to support our users and track upstream development. > > So what should we, the Debian and Ubuntu MySQL maintainers and users, > do about this? > > Well there is a Jenkins to MySQL's Hudson, a LibreOffice to their > OpenOffice. > > MariaDB 5.3, in release-candidate now, is 100% backward compatible with > MySQL 5.1. It also includes a few speedups and features that can be found > in MySQL 5.5 and Percona Server. It is developed 100% in the open, on > launchpad.net, including a public bug tracker and up to date bzr trees > of the code. > > http://mariadb.org > https://launchpad.net/maria > > I'm writing to the greater Debian and Ubuntu community to ask for your > thoughts on a proposal to drop MySQL in favor of MariaDB. Its clear to > me that Oracle is not going to do work in the open, and this will become > a huge support burden for Linux distributions. The recent CVE's had to > be hunted down and investigated at great difficulty to several people, > since the KB articles referenced and the internal Oracle bug numbers > referenced were not available. > > This will only get harder as the community bug tracker gets further out > of sync with the private one. > > There is some need to consider acting quickly: > > Ubuntu precise, the next LTS release of Ubuntu will be hitting feature > freeze on Feb. 16. The release, due in April, will be supported with > security updates for 5 years. That may be 5 long years of support if > MySQL continues to obscure things. > > Debian wheezy is still quite far off, but it is critical that this be > done and decided by the time the release freeze begins. > > So, here is a suggested plan, given the facts above: > > * Upload mariadb 5.3 to Debian experimental, with it providing > mysql-server, mysql-client, and libmysqlclient-dev. > > * For Ubuntu users, upload these packages to a PPA for testing > applications for compatibility, and rebuild testing. > > * If testing goes well, replace mysql-5.5 with mariadb in both Debian > unstable and Ubuntu precise. If there are reservations about switching > this late in precise's cycle, ship mysql-5.5 in precise, and push off > Ubuntu's transition until the next cycle. > > Before I strike out on this path alone, which, I understand, may sound > a bit radical, I want to hear what you all think. > > Thank you for your time and consideration. Thanks everyone for all of the thoughts and the great discussion that has taken place since my original message. As a smart person once said, "The plan is nothing, Planning is everything." In the course of looking at this from many different angles, I think I have come to understand the different facets of the problem and the situation that Debian and Ubuntu are in with regard to MySQL. To re-cap, the original suggestion was that we might "replace" MySQL with MariaDB in Debian and Ubuntu. This was somewhat ambiguous, and probably needed clarification. My intention was to suggest that MariaDB would be the database that U
MySQL's future in Debian and Ubuntu
Many of us in the Free and Open Source software community have seen a trend regarding Oracle's stewardship of Open source software that it inherited when it purchased Sun. In particular there were two fairly large public project blow ups that resulted in OpenOffice splintering, and the Hudson community (almost?) completely moving to an independent fork called Jenkins. It has been brought to my attention that MySQL may have gone this way as well, but in a much more subtle way. This started about a year ago, and has only recently really become obvious. A few notable fellows from the MySQL ecosystem have commented: Mark Callaghan http://mysqlha.blogspot.com/2011/02/where-have-bugs-gone.html (read the comments on this one, very informative, and most of the commenters are extremely important non-Oracle members of the MySQL community) http://mysqlha.blogspot.com/2011/11/great-work-bug-12704861-was-fixed.html Stewart Smith: http://www.mysqlperformanceblog.com/2011/11/20/bug12704861/ And the CVE's are extremely vague: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0119 "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors" Links to here: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Which links to here: http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1390289.1 Which requires an account (which I created). I did try to login but got some kind of failure.. "Failure of server APACHE bridge:". The bzr commits for the latest MySQL releases also reference log bug#'s that are thought to belong to the private oracle support system, not accessible to non-paying customers. This is all very troubling, as in a Linux distribution, we must be able to support our users and track upstream development. So what should we, the Debian and Ubuntu MySQL maintainers and users, do about this? Well there is a Jenkins to MySQL's Hudson, a LibreOffice to their OpenOffice. MariaDB 5.3, in release-candidate now, is 100% backward compatible with MySQL 5.1. It also includes a few speedups and features that can be found in MySQL 5.5 and Percona Server. It is developed 100% in the open, on launchpad.net, including a public bug tracker and up to date bzr trees of the code. http://mariadb.org https://launchpad.net/maria I'm writing to the greater Debian and Ubuntu community to ask for your thoughts on a proposal to drop MySQL in favor of MariaDB. Its clear to me that Oracle is not going to do work in the open, and this will become a huge support burden for Linux distributions. The recent CVE's had to be hunted down and investigated at great difficulty to several people, since the KB articles referenced and the internal Oracle bug numbers referenced were not available. This will only get harder as the community bug tracker gets further out of sync with the private one. There is some need to consider acting quickly: Ubuntu precise, the next LTS release of Ubuntu will be hitting feature freeze on Feb. 16. The release, due in April, will be supported with security updates for 5 years. That may be 5 long years of support if MySQL continues to obscure things. Debian wheezy is still quite far off, but it is critical that this be done and decided by the time the release freeze begins. So, here is a suggested plan, given the facts above: * Upload mariadb 5.3 to Debian experimental, with it providing mysql-server, mysql-client, and libmysqlclient-dev. * For Ubuntu users, upload these packages to a PPA for testing applications for compatibility, and rebuild testing. * If testing goes well, replace mysql-5.5 with mariadb in both Debian unstable and Ubuntu precise. If there are reservations about switching this late in precise's cycle, ship mysql-5.5 in precise, and push off Ubuntu's transition until the next cycle. Before I strike out on this path alone, which, I understand, may sound a bit radical, I want to hear what you all think. Thank you for your time and consideration. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Should we set vim's default background colorscheme to assume dark?
This bug was filed fairly recently: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/871907 I tend to think that its a bit confusing why we default to a light background setting in vim, when our default terminals all are dark. I have not checked on any of the other flavors of Ubuntu, but at least on our main desktop configuration, all terminals have a dark background. This seems like a no-brainer, so I was thinking of uploading a fix before FeatureFreeze, but I wanted to open up the discussion a bit wider in case there are people who feel that this might be too radical of a change. The change would be simple.. vim defaults to a light background, so in the default vimrc for precise, we'd change it to have background=dark. I have CC'd ubuntu-server, because I'm certain there are a lot of users of non-Ubuntu desktop platforms who ssh into Ubuntu servers, and would possibly be affected by this, whether negatively or positively. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: console-kit-daemon
Excerpts from afuentes's message of Mon Jan 16 01:07:50 -0800 2012: > Im not sure if I can safely remove console-kit-dameon from servers. From > time to time, ive get a process with 100% usage cpu of > console-kit-daemon and i have to kill it. When I try to purge it, it > tries to uninstall things like dbus. Is dbus not needed by anything > else?. What is console kit doing anyway? It is only necessary if you have multiple users who want to login to the system's console. http://www.freedesktop.org/wiki/Software/ConsoleKit For most servers, this isn't the case, and so it can probably be safely removed. Look at its reverse dependencies, I'm not even sure why you'd see it installed on a server, unless you also installed the GUI. Its possible it is part of the server install seed. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Code reviews for packaging changes
Excerpts from Alex Muntada's message of Fri Dec 16 12:59:11 -0800 2011: > + Clint Byrum : > > > You can look for active code reviews here: > > > > https://code.launchpad.net/~ubuntu-server/+activereviews > > Already did and successfully reviewed one pending change, > but i'd like to know whether there's some kind of notification > available (mail or rss) that i coudn't find or we're supposed > to take a look at that page periodically. > > Happy to be helpful :) > Alex, thanks for the review of my change! There's no emails, but I think thats just the default setting of the ubuntu-server team to not receive these emails. I do not know if launchpad will allow you to say "please send me merge proposals for this team.". Best thing to do is to just hit it periodically. I find that having a set time to do code reviews for the projects I'm working on helps me to focus on them, as they're not nearly as fun as doing actual coding. :) -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Code reviews for packaging changes
Hey everyone out there in server land. A few of us have decided to do start doing code reviews for the bulk of packaging changes in Ubuntu Server, given the high bar for quality and precision in.. well.. precise. :) Whether or not you are able to actually upload to the Ubuntu archive, you can help out with these code reviews. You can look for active code reviews here: https://code.launchpad.net/~ubuntu-server/+activereviews Note that you will probably want to join the 'ubuntu-server' launchpad team. If you want to propose a change to ubuntu-server, push the change to an appropriate branch, and then propose for merging, and change the requested reviewer to 'ubuntu-server'. An appropriate branch means something like bzr push lp:~your-username/ubuntu/precise/packagename/what-the-branch-does 1 review should be sufficient for most changes, though even if something already has an "Approved" from somebody else, feel free to suggest changes, the idea here is just to get more eyeballs on changes before they land in Ubuntu Server. Also please note that some packaging branches are out of sync. Recent versions of bzr will actually tell you if the branch is CURRENT or not. If it is out of date, you can send a debdiff to this list for review. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: rsyslog on Ubuntu Linux 10.04 LTS (Lucid Lynx) Server
Excerpts from Kaushal Shriyan's message of Mon Dec 12 15:18:32 -0800 2011: > Hi, > > Is there a step by step guide to install rsyslog on Ubuntu Linux 10.04 LTS > Server(Lucid Lynx) and configure clients to listen to the rsyslog server > and any free GUI Web Interface to view rsyslog server ? rsyslog is actually installed by default in 10.04, so you should have it on all of your Ubuntu server 10.04 installs. It will, by default, not listen for incoming traffic, so you will need to edit /etc/rsyslog.conf and uncomment these lines: # provides UDP syslog reception #$ModLoad imudp #$UDPServerRun 514 # provides TCP syslog reception #$ModLoad imtcp #$InputTCPServerRun 514 Also for your clients, you need to tell them to send their logs to the main server. Simplest way to do this is to add a file to /etc/rsyslog.d that has this in it: *.* @your.syslog.server I'd suggest reading 'man rsyslog.conf', under the section "Remote machine" for some tips on how to tune the reliability of these messages. As far as log viewing, I'm a fan of using ssh windows for it.. and 'ccze' for colorizing the messages... this works: tail -F /var/log/syslog | ccze -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Problem building/compiling in 12.04 (also in 11.10) with gssapi
Excerpts from Janåke Rönnblom's message of Fri Nov 11 05:40:50 -0800 2011: > Hi > > Im trying to compile a package called squid_auth_kerb in 12.04. I also tested > it in 11.10 with the same result. It works in 10.04 without problems. > > aptitude install build-essential libgss-dev libkrb5-dev libssl-dev > libldap-dev libsasl2-dev krb5-user > cd /usr/local/src > wget > http://downloads.sourceforge.net/project/squidkerbauth/squidkerbauth/squid_kerb_auth-1.0.7/squid_kerb_auth-1.0.7.tar.gz > tar -xzvf squid_kerb_auth-1.0.7.tar.gz > cd squid_kerb_auth-1.0.7/ > ./configure > > -> configure complains about missing spnego support in >= 11.10 and works in > 10.04 !!! > > make > > dies with: > b5 -lk5crypto -lcom_err -L../../../lib -o squid_kerb_auth squid_kerb_auth.o > base64.o derparse.o spnego.o spnegohelp.o spnegoparse.o > squid_kerb_auth.o: In function `check_gss_err': > /usr/local/src/squid_kerb_auth-1.0.7/squid_kerb_auth.c:180: undefined > reference to `gss_release_buffer' > /usr/local/src/squid_kerb_auth-1.0.7/squid_kerb_auth.c:170: undefined > reference to `gss_display_status' > /usr/local/src/squid_kerb_auth-1.0.7/squid_kerb_auth.c:177: undefined > reference to `gss_release_buffer' > ... > > Works with 10.04 > > If I try to compile squid_auth_ldap in 12.04 it also gives me a problem > (works in 10.04) > > wget > http://downloads.sourceforge.net/project/squidkerbauth/squidkerbldap/squid_kerb_ldap-1.2.2/squid_kerb_ldap-1.2.2.tar.gz > tar -xzvf squid_kerb_ldap-1.2.2.tar.gz > cd squid_kerb_ldap-1.2.2/ > ./configure > > missing-prototypes -Wmissing-declarations -Wdeclaration-after-statement > -Wshadow -L/usr/lib/x86_64-linux-gnu -Wl,-Bsymbolic-functions -lgssapi_krb5 > -lkrb5 -lk5crypto -lcom_err -o squid_kerb_ldap squid_kerb_ldap.o > support_group.o support_netbios.o support_member.o support_krb5.o > support_ldap.o support_sasl.o support_resolv.o support_lserver.o -lldap > -llber > /usr/bin/ld: support_krb5.o: undefined reference to symbol > 'krb5_kt_free_entry@@krb5_3_MIT' > /usr/bin/ld: note: 'krb5_kt_free_entry@@krb5_3_MIT' is defined in DSO > /usr/lib/x86_64-linux-gnu/libkrb5.so so try adding it to the linker command > line > /usr/lib/x86_64-linux-gnu/libkrb5.so: could not read symbols: Invalid > operation > collect2: ld returned 1 exit status > > I can get a bit further by manually editing the Makefile after the configure. > But not all the way. > > So anyone have an idea what changed and how do I fix it? Is the source broken > with 11.10 or is 11.10+ broken? > This is happening as a result of the --as-needed linker change in 11.10. Add '--no-as-needed' to LDFLAGS and it should build fine. Long term you should report this to the upstream project as they are linking to libldap incorrectly by putting it in LDFLAGS instead of in LIBS, which is why it is listed after the object files in the ld command line above. You did not post the full ld line for the krb5 linking, but it seems likely that it also suffers from this problem. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Fwd: Preparing for the next release
We probably need to start upstreaming our patches a lot more aggressively:
05_cobbler_fix_reposync_permissions.patch
12_fix_dhcp_restart.patch
21_cobbler_use_netboot.patch
33_authn_configfile.patch
34_fix_apache_wont_start.patch
39_cw_remove_vhost.patch
40_ubuntu_bind9_management.patch
41_update_tree_path_with_arch.patch
42_fix_repomirror_create_sync.patch
43_fix_reposync_env_variable.patch
44_cobbler_manpage_syntax_fix.patch
45_add_gpxe_support.patch
46_valid_hostname_for_dns.patch
47_ubuntu_add_oneiric_codename.patch
48_ubuntu_mini_iso_autodetect.patch
49_ubuntu_add_arm_arch_support.patch
50_fix_cobbler_timezone.patch
51_koan_grub2_instead_of_grubby.patch
52_ubuntu_default_config.patch
53_sample_preseed_kopts_postinst.patch
54_koan_fix_tree_when_ksmeta.patch
55_ubuntu_branding.patch
56_ubuntu_arm_generate_pxe_files.patch
57_ubuntu_dnsmasq_domain.patch
Note the forwarded message which shows only a few tiny patches in 2.2.2.
I missed the UDS session, but is this on somebody's TODO list for
alpha1/alpha2 ?
--- Begin forwarded message from James Cammarata ---
From: James Cammarata
To: cobbler development list , cobbler
mailing list
Date: Sun, 06 Nov 2011 18:57:08 -0500
Subject: Preparing for the next release
Gearing up for 2.2.2, so I've gone through the master and release22
branches making sure everything has been applied. As of now, I believe
there are only 4 patches that have not been applied to release22:
commit 5d1f682946cb5bf323ea97062dabf8071c9698a1
Merge: 1b4f9ec... 7f24553...
Author: James Cammarata
Date: Fri Nov 4 03:36:07 2011 -0500
Merge of authn_pam/https feature branch
commit 4bee30b4086a8d845bea5d39d6f2cba1f4a396aa
Author: James Cammarata
Date: Fri Oct 28 01:11:02 2011 -0500
Enabling CSRF protection for the web interface
commit 18eb1c06779b37d89dfb2962a08236dd1bab24a6
Author: James Cammarata
Date: Fri Nov 4 02:33:38 2011 -0500
Additional CSRF work. All URLs that modify state are now required
to be POSTs only.
commit 1b4f9ecf051422eb8512794701900f6199651442
Author: James Cammarata
Date: Fri Nov 4 03:23:09 2011 -0500
Convert all yaml loads to safe_loads for security/safety reasons.
https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858883
If you notice I forgot to apply something you sent in, or if I forgot
to apply it both to master AND release22, let me know and I'll cherry
pick it over.
I'd like to get all of these in for the next release, so if anyone has
some spare cycles I'd love for some extra testing. If you typically
install RPMs, you can easily build them by cloning the git tree and
using the command "make rpms", which should generate RPMs with the
version of 2.3.1-1. Please don't test these on production servers, the
YAML load change above shouldn't cause any issues but just in case I'd
hate for someone to corrupt production data.
If you do end up testing the authn_pam/https patch, please be aware
that a pretty major change was made to the cobbler_web.conf file for
Apache. Make sure there's no rpmnew/rpmsave version of this, and that
the contents look like the following:
# This configuration file enables the cobbler web
# interface (django version)
# Force everything to go to https
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/cobbler_web
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi
Here is a list of the patches applied since 2.2.1:
*FEAT: Add fedora16, rawhide, opensuse 11.2, 11.3, 11.4 and 12.1
to codes.py This should also fix ticket #611
*FEAT: Added a %post section for the cobbler-web package, which
replaces the SECRET_KEY field in the Django settings.py with a random
string
*BUGFIX: Use VALID_OS_VERSIONS from codes.py in the redhat importer.
*BUGFIX: Fixes to import_tree() to actually copy files to a safe
place when --available-as is specified.
Also some cleanup to the debian/ubuntu import module for when
--available-as is specified.
*BUGFIX: Modification to import processes so that rsync:// works as a path.
These changes should also correct the incorrect linking issue
where the link created in webdir/links/ pointed at a directory in
ks_mirror without the arch
Also removed the .old import modules for debian/ubuntu, which
were replaced with the unified manage_import_debian_ubuntu.py
*BUGFIX: add the /var/www/cobbler/pub directory to setup.py.
Calling buildiso from cobbler-web now works as expected.
*BUGFIX: patch koan (xencreate) to correct the same issue that was
broken for vmware regarding qemu_net_type
*BUGFIX: fixed issue with saving objects in the webgui failing
when it was the first of that object type saved.
*BUGFIX: Minor fix to the remote version to use the nicer extended
version available
*BUGFIX: Fix a bug in buildiso when duplicate kopt keys are used.
Reported and tested by Simon Woolsgrove
*BUGFIX: Fix for koan, where vmwcreate.py was not updated to
acc
Re: kvm and ethernet bonding
Excerpts from Jesus arteche's message of Sun Oct 23 13:03:41 -0700 2011: > hey guys, > > do you know if it is possible to increase the bandwidth in a virtual machine > running on kvm server with etehrnet bonding (LACP), or the bandwidth is > limited by kvm per virtual machine and not for network adaptor??? > Jesus, assuming you're using bridged networking, if your bridge is linked to a bonded interface below, you should get the full bandwidth of the bonded interface. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Server Team 20111018 meeting minutes
Hi, Here are the minutes of the meeting. They can also be found online with the irc logs here: https://wiki.ubuntu.com/MeetingLogs/Server/20111018. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Drop xinetd from main?
So, I was triaging a bug in xinetd, and got to wondering why it is in main. It seems to have a very short list of rdepends, all in universe. It has not had a release since 2005 from what I can see. There is no public bug tracker. openbsd-inetd is also in main, and at least has a responsive upstream. Unless somebody provides a good reason, I think it should be demoted to universe. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: ServerGuide reviewers needed
Excerpts from Stefan Sticht's message of Sun Aug 28 19:33:49 -0700 2011: > Hi guys, > > I am about to finish my rewrite of the OpenVPN chapter. Ideally I would like > to show how to configure the VPN client using network manager using > about three > screenshots. Can we put pictures in the server guide? Can anyone point > me to an example > on how to do this? > Stefan, I'm wondering.. how does one use network manager on a server? Do you mean using nmcli? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: ServerGuide reviewers needed
Excerpts from Ahmed Kamal's message of Wed Aug 24 06:07:06 -0700 2011: > Thanks again for everyone who volunteered .. can't wait to see those > merge proposals :) This brings up one question for me. I don't know that I'll have much time to scour the documentation, but I do allocate 4 hours of every month to patch piloting in Ubuntu. Will these merge proposals show up somewhere that I can sponsor? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Controlling memcached access with ufw
Excerpts from Simon Males's message of Wed Aug 24 06:53:29 -0700 2011: > (read: 'Securing' memcached) > > I hope to cluster memcached. The network is untrusted and I must > restrict the allowed clients. So this is my first attempt at > firewalling. > > I've switched the ufw's DEFAULT_INPUT_POLICY to ACCEPT as there is no > current firewall. Next I added two clients which have explicit access > to port 11212 followed by a catch all DENY to 11212. > > # ufw status verbose > Status: active > Logging: on (low) > Default: allow (incoming), allow (outgoing) > New profiles: skip > > To Action From > -- -- > 11212 ALLOW IN192.168.1.102 > 11212 ALLOW IN192.168.1.103 > 11212 DENY IN Anywhere > 11212 DENY IN Anywhere (v6) > > Does this sound like a decent attempt at locking down memcached? > > Additionally with the above rules, could I create an application > profile? Ideally there will be multiple memcached servers, and I would > like to version control the profile. > This should indeed limit access to memcached to those two IP's. You don't say whether its UDP or TCP ports (memcached uses either). If its really untrusted, you might also look at using memcached's built in SASL support to require the clients to authenticate. http://code.google.com/p/memcached/wiki/SASLHowto An even simpler way to go is to just setup a VPN so that you are not subject to the dangers of an untrusted network. Even with SASL and firewalling, somebody can man-in-the-middle those "trusted" IPs and use your memcached all they want. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: What can I do for Ubuntu Server Team?
Excerpts from a.gra...@gmail.com's message of Mon Aug 22 06:57:21 -0700 2011: > Hi, > > On 22 August 2011 14:40, Ahmed Kamal wrote: > > - A lot of work is also going into Ensemble, the Ubuntu server orchestration > > tool. A lot of work is needed there to start covering open-source > > applications with ensemble formulas. You could pick your favorite app, and > > start hacking a formula around it. This is something I can directly help you > > with. You can learn more about Ensemble at: https://ensemble.ubuntu.com/ > > (we're all in #ubuntu-ensemble) > > I didn't know what Ensemble was before reading this ;) > If I correctly understand it's a tool to remote admin a server, right? > I could test it directly on my VPS that is running Ubuntu Server. What > do you think about? > Almost, It is a tool to remote admin a service, which may be backed by many "servers", or vms, or whatever else you can think of to run code on and communicate over a network. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Controlling shared admin privileges
Excerpts from Jorge Salamero Sanz's message of Thu Jul 21 07:50:26 -0700 2011: > Hi all, > > I would like to ask what other sysadmins on this list use to keep an eye > on what's going on the servers where you share admin privileges with > other sysadmins and what good practices do you suggest: > > * sudo to restrict what others can run > > * etckeeper to track configuration changes > > * does anybody use auditd to log all commands? > > * anything else? I like to have syslogs sent to a central log server, and then use swatch for realtime monitoring (on a big monitor, or a shared screen that everybody watches). It colorizes things based on patterns, so usually there's some custom work to classify things. Its really just a poor man's Splunk. At one organization, swatch would print sudo commands out with blinking red text. That was interesting on days where all 100 machines had to be updated for some security vulnerability. There's also logwatch, which does something similar but via email (I find it a bit too verbose in its default configuration though). Also check out Dustin's new utility in oneiric, bootmail.. kind of cool, emails you when the system reboots. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Server Team 20110719 meeting minutes
Hi, Here are the minutes of the meeting. They can also be found online with the irc logs here: https://wiki.ubuntu.com/MeetingLogs/Server/20110719. Meeting Actions * [ACTION] sommer and j1mc to look at doc presentation (continued x 2) * [ACTION] All: review new triage process at https://wiki.ubuntu.com/ServerTeam/KnowledgeBase Oneiric Development * Overall progress is on track for oneiric * server-o-boot-experience lagging but should pick up soon * server-o-trusted-cloud will have to be dropped Ubuntu Server Team Events * SpamapS (Clint Byrum) will be speaking at OSCON July 28 http://www.oscon.com/oscon2011/public/schedule/detail/18367 Weekly Updates & Questions for the QA Team (hggdh) * 10.04.3 is scheduled to be released soon, any last minute testing is appreciated. Weekly Updates & Questions for the Kernel Team (smb) * Xen has several issues, which smb is working on with Citrix. Weekly Updates & Questions regarding Ubuntu ARM Server (NCommander) * PXE'able images are available for OMAP3/4, which should clear the way for Ensemble to deploy onto ARM using Orchestra. * A lot of effort is going on to "pipeclean" the ARM team's mechanisms for Alpha 3. New Triage Processes * Ursinha has completed initial work on a report to help streamline triaging for server related bugs. * All triagers should set importance as soon as they see a bug, to help prioritize the triage process itself. * New triage process is available here: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase Agree on next meeting date and time Next meeting will be on Tuesday, July 26 at 16:00 UTC in #ubuntu-meeting. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Proposal for weekly Ensemble releases into Oneiric
Excerpts from Robbie Williamson's message of Mon Jul 11 16:26:36 -0700 2011: > Hi all, > > Given the rapid pace of development with ensemble, and the needs of > people trying to build solutions with it in Oneiric, I would like to > propose that we implement a weekly release schedule for ensemble, and > the related packages in the ensemble PPA, for Ubuntu. This approach > really helped with Unity integration in Desktop, which was (and still is > in some ways) a rapidly advancing project. I'm not familiar with the > details of the ensemble daily build PPA, but "in theory", I imagine it > would simply be syncing from it on a weekly cadence. I think Monday, or > possibly Tuesday, is the best day of the week, so as not to collide with > any releases or freezes. Thoughts? Can someone take this effort on? Good plan. Unless anybody has any red flag on this, I'll go ahead and do this every Tuesday. I'm also going to start linking specific bugs to the Ubuntu package that need to get fixed in 11.10, and will encourage others to do so. If there are Critical open bugs in upstream, I will delay the weekly release until they are closed. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Which fs for storing mailboxes?
Excerpts from Pandu Poluan's message of Sat Jun 18 02:55:51 -0700 2011: > Hello list! > > We're going to deploy Axigen for our subsidiary company's email system. > > Now, I want to split the storage into 4: > * Boot : ext2 > * Swap > * Root : ext4 > * Mailboxes : ?which? > > The question: what filesystem should I use for the partition > containing the mailboxes? Ext4? XFS? Or something else? What would be > their advantages/disadvantages? > > FYI, the email server will have 40~50 simultaneous users, traffic will > be relatively light (I don't think there will be more than 30-40 > emails per day for 90% of the users), and the emails mostly are > mid-sized (100 KiB ~ 1 MiB, occasionally (less than 5% of time) 2 MiB > ~ 4 MiB). If you have mbox, honestly, I don't think it matters. 1 file per user means the FS has very little work to do. I'd go XFS for this because it is especially good at free space management and dealing with large files. mbox's biggest weakness is users like me, who end up with 10's of thousands of emails in one folder (CPU and I/O suffer whenever I make any changes). If you have Maildir, it gets interesting, because now each email is taking up an inode on the FS. This means how the FS manages its meta- data is very important. Ext4 is going to need some special options if you plan to store many millions of emails. If its under 1 million, I wouldn't worry about it. My 145G default / partition on Ext4 has 20 million inodes (created with installer defaults). Ext4 also may cause a lot of Random seeking in Maildir as it doesn't always put files from a directory in the same location. That said, if you bump up the inode number at filesystem creation time, there are very few gotchyas.. ext4 continues to be a jack of all trades. ReiserFS is something to be avoided, even though it has no inode limitation. It also keeps all files in a directory as physically close on the disk as possible, so reading the entire contents of a folder is quite fast. It suffers mightily from one thing though, which is that it has a single B-Tree for the entire Filesystem, so if there are two people deleting lots of email at the same time, they can block one another as they collapse nodes in the B-Tree. With 40-50 simultaneous users that is a real danger, and I've experienced it in the not-so-distant past (kernel 2.6.18). XFS at one time had a lot of problems with deleting lots of files. I don't know if those persist, but that is why I've avoided it for Maildir based systems. Anything that discourages users from deleting email is a bad thing. ;) So, I'd say Ext4, with lots of inodes, and a good RAID system underneath to soften the blow of random seeks, is the best option. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Performance statistics aggregation
Excerpts from Bouchard Louis's message of Fri Jun 17 05:36:31 -0700 2011: > Hello, > > Le 17/06/2011 14:00, ubuntu-server-requ...@lists.ubuntu.com a écrit : > > Date: Thu, 16 Jun 2011 17:02:37 +0200 > > From: Nicolas Barcet > > To: ubuntu-server > > Subject: Performance statistics aggregation > > Message-ID: <4dfa1b0d.7030...@canonical.com> > > Content-Type: text/plain; charset="iso-8859-1" > > > > I think it would be good to have the server community's opinion on what > > should be our preferred performance statistics aggregation solution in > > Ubuntu. The 2 main contenders would be ganglia [1] and collectd [2], > > but something even better might be out there that I do not know about. > > > > [1] http://ganglia.sourceforge.net/ > > [2] http://collectd.org/ > > > > Thoughts? > > Nick > > > > This is interesting as it is a topic that I brought up just before UDS-O > with my support colleagues. This might be somewhat off-topic with Nick's > request, but close enough to the topic to be worth mentioning. > > Right now, unlike other enterprise distributions, no performance data of > any kind is collected automatically. While this is understandable on a > Desktop system, such data is quite useful in on a server. > > Especially when time comes to deal with customer complains on the fact > that such and such upgrade did have a negative impact on performances. > Without historical performance data, investigation of such claims are > almost impossible. > > Some distributions have used SAR, which is part of sysstat. Other > lightweight solutions exists, like collectl (L and not D) which lives at > http://collectl.sourceforge.net. Those two only take care of collecting > the data and do nothing about displaying it. I've always liked sysstat for this, as its almost totally invisible in terms of system load but has a wealth of information for diagnosing chronic problems. As was pointed out elsewhere, this doesn't show you the brief spikes, but getting those involves a lot more data collection. :-P So if a customer is taken on, then installing something like sysstat should be one of the first recommendations. Of course, there's also Landscape, if you're so inclined to hand over a little cash, you get a lot of this built in (and a lot more ;) -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Performance statistics aggregation
Excerpts from Mark Seger's message of Sat Jun 18 05:26:18 -0700 2011: > > > Some distributions have used SAR, which is part of sysstat. Other > > lightweight solutions exists, like collectl (L and not D) which lives at > > http://collectl.sourceforge.net. Those two only take care of collecting > > the data and do nothing about displaying it. > > As the author of collectl, I have some thoughts. First and foremost collectl > DOES do a lot about displaying data and provides a number of different > formats. > If you include the collectl-utils package, also on sourceforge, it provides a > comprehensive web-based plotting tool called colplot. It also provides an > aggregater called colmux which allows you run aggregrate/sort data from many > systems both realtime and historical. I've run this on over 1000 nodes and > easily could see which nodes were using the most slab memory or had the > busiest > disks. You can sort of literally anything collectl can collectl. > > Another focus of collectl it the ability to supply/integrate data for other > tools. I know of one site running a 2300 node ganglia cluster. They get ALL > their data from collectl which talks directly to gmetad over a UDP socket, > which > sends a subset up to ganglia while keeps the deeper detailed data locally, > since > at 10 second sampling it would overwhelm ganglia. > Mark wow thats pretty awesome... now I'm quite interested in collectl as I made a brief attempt to create something like this about a year ago. I'm curious about the I/O impact that collectl has. One thing that tends to crush RRD based systems is the amount of random I/O needed to record the data. The caching daemon added in recent versions helps by aggregating syncs and writes so they're more linear. What does collectl do and how durable is the data it collects? To contrast what you've said collectl does, sysstat just takes a snapshot every 10 minutes, and isn't very painful to write out because its just a few hundred integers and floats at the most. One interesting trend I've seen also is to have individual nodes write to a local log file without syncing, and let a lazy writer send those to a centralized machine for safer storage and/or aggregation. Anyway, I do think it would be cool to have something like this enabled by default, but only if it truly is less than 1% of total system resources (not just CPU). -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Performance statistics aggregation
Excerpts from Nicolas Barcet's message of Thu Jun 16 08:02:37 -0700 2011: > I think it would be good to have the server community's opinion on what > should be our preferred performance statistics aggregation solution in > Ubuntu. The 2 main contenders would be ganglia [1] and collectd [2], > but something even better might be out there that I do not know about. > > [1] http://ganglia.sourceforge.net/ > [2] http://collectd.org/ I still like collectd because it is focused heavily on making *collecting* the data easy, and de-couples itself from presenting the data. That said, ganglia is pretty good for that as well. This one is also pretty slick: https://labs.omniti.com/labs/reconnoiter Last I checked it was not in Debian or Ubuntu, so it should be packaged for sure. I'm not sure we need to pick one.. right now munin is in main because its the one that was most respected at the time. It has lost favor because it really can't scale past 100 nodes, but that doesn't mean users aren't very well served by it. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Fwd: Changes for Ruby in Debian (and Ubuntu)
This is really excellent news! When I joined the Ubuntu Server team last year, and started talking to admins about what they wanted in Ubuntu, one big complaint was "please fix ruby!" Well, I did send one email, but I think, barely made any headway. A GIANT thanks should go to Lucas Nussbaum for working tirelessly to make Ruby really shine in Debian (and, therefore, in Ubuntu)! --- Begin forwarded message from Lucas Nussbaum --- From: Lucas Nussbaum To: ruby-core , ruby-talk Cc: debian-ruby Date: Tue, 24 May 2011 14:48:56 -0700 Subject: Changes for Ruby in Debian (and Ubuntu) Hi, Since the beginning of 2011, the Debian Ruby team has been working on several big changes. Those changes all are available in Debian unstable, some of them are also available in Debian testing, and they should all be available in the next Debian and Ubuntu releases. I think that it addresses most of the reasonable concerns about Ruby in Debian. Using alternatives to switch between Ruby implementations = The alternatives system is now used to manage the "ruby" symlink and the other related symlinks, making it easy to switch between Ruby implementations (only Ruby 1.8 and 1.9.X at the moment). The default choice for Ruby is still 1.8, but this change will make it easy for us to make a switch to 1.9.X by default (likely by the release of Debian wheezy). Installing gems executables to /usr/local/bin = Rubygems (both as a standalone package, and as shipped with Ruby 1.9.X) now install executables to /usr/local/bin. Enabling gem update --system gem update --system has been re-enabled. Since upgrading rubygems to a version that may not have been properly tested with the rest of the Debian system may cause issues in the user's system, there's a big warning about that. The user can confirm and upgrade rubygems anyway by defining an environment variable. New gem2deb packaging helper There's a new packaging helper, named gem2deb, that makes it very easy to generate Debian source packages from Rubygems. We are in the process of migrating all ruby libraries packaged in Debian to that new helper. It will take some time, though (help is welcomed). transition status: http://pkg-ruby-extras.alioth.debian.org/wheezy/ One big benefit of the switch to gem2deb for the Ruby community is that, in the process, we are enabling test suites at build time for each package and each Ruby implementation. This should make it easy to detect regressions in new interpreter versions. Ruby 1.9.3 == We will switch to Ruby 1.9.3 ASAP (probably when it is branched off trunk, with a package first in Debian experimental). Since the Ruby compatibility version issue is likely to stay around, we will re-evaluate how we are dealing with it (to avoid the ruby1.9.1 package <=> ruby -v = 1.9.2 problem that confuses many users). This is likely by switching the package name to ruby1.9.3 (keep a ruby1.9.1 package for compatibility). The package containing the shared library will stay libruby1.9.1. Links = team website: http://wiki.debian.org/Teams/Ruby contact point: debian-r...@lists.debian.org IRC: #debian-ruby @ irc.debian.org - Lucas (for the Debian Ruby team) --- End forwarded message --- -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Server Team 20110517 meeting minutes
Hi, Here are the minutes of the meeting. They can also be found online with the irc logs here: https://wiki.ubuntu.com/MeetingLogs/Server/20110517. Meeting Actions There were no actions identified during the meeting. Oneiric Development * Drafting on specs should be primary focus * Secondary focus is merges Ubuntu Server Team Events Just wrapped up UDS Oneiric, No other events on the immediate horizon. QA Team * Big changes in QA team structure going in place for Oneiric cycle * Daily build PPA needs as many packages with test suites as possible Kernel Team * smb has been looking into building the Amazon AMI's kernel for Ubuntu, smoser pointed him to the right place. * iscsitarget is on the block for removal from the Ubuntu kernel tree and moving into a DKMS. adam_g will help smb work out the details. * Server related kernel bugs should have the tag 'kernel-server' Updates & Questions from the Ubuntu Community * Peer reviews are very much appreciated from any and all community members (Daviey) * Also appreciated, test proposals, and SRU's, and ensemble formulas Agree on next meeting date and time Next meeting will be on Tuesday, May 24th at 16:00 UTC in #ubuntu-meeting. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: separate nic-*modules-udeb, remnants of the past?
Excerpts from Timo Aaltonen's message of Thu Apr 28 03:36:17 -0700 2011:
> On 27.04.2011 18:30, Tim Gardner wrote:
> > On 04/27/2011 08:56 AM, Timo Aaltonen wrote:
> >>
> >> Hi!
> >>
> >>A friend of mine was pretty upset when he (and some friends of his)
> >> were unable to install Ubuntu with networking when using the netboot-
> >> and server-images. The reason for that was that jme.ko is not included
> >> in nic-modules-udeb (*). The module lists are maintained by hand,
> >> because they are split in nic-{,pcmcia,usb,shared}-modules-udeb.
> >>
> >> Colin mentioned that this was due to some images not needing all the
> >> modules, so to save space they are split this way. I checked the
> >> extracted sizes of those (i386, generic):
> >>
> >> nic-modules:6096 kB
> >> nic-shared-modules:719 kB
> >> nic-pcmcia-modules:424 kB
> >> nic-usb-modules:776 kB
> >>
> >> So, is it really worth all the trouble to save ~1.2MB (+the missing
> >> modules) on the installation media? Wouldn't it make more sense to
> >> automatically include all the drivers (and blacklist some, if necessary)
> >> so networking works regardless of the installation medium used. Working
> >> NICs are a rather critical piece of the puzzle these days :)
> >>
> >>
> >> * https://bugs.launchpad.net/ubuntu/+source/linux/+bug/560249
> >>
> >
> > Well, how much space _do_ we have on the server and alternate CDs ?
> > Without wireless the drivers/net directory sums to about 11Mb. The
> > minimum available space on the server and alternate CDs dictate what I
> > can do with udebs since the same kernel image is packaged on both.
> >
> > rtg@zinc:2.6.38-9-generic$ du -sh kernel/drivers/net/
> > 16Mkernel/drivers/net/
> > rtg@zinc:2.6.38-9-generic$ du -sh kernel/drivers/net/wireless/
> > 5.2Mkernel/drivers/net/wireless/
>
> I've no idea, but the server folks should know, so I've added
> ubuntu-server to the recipients.
>
> I'd trade some server software to drivers any day, but the list might
> disagree..
>
Agreed 100%. The first and most important job of the server CD is to get
Ubuntu on your server and enable the hardware. After that the tasks and
such included are just mildly helpful.
I personally have always preferred minimal ISO's and installing over
the network with a primed cache or a local mirror to downloading some
ISO for hours and burning it only to not use half of the software on
it. Its not like the desktop where the thing is useless without 100MB
of office suite and 200MB of libraries.
Further, we've seen some corporate users of Ubuntu Server specifically
ask how to build their own custom repositories so they can have a static
build of the server.
With the Ubuntu Orchestra plan to integrate provisioning/network installs,
whats on the CD becomes, IMO, even less important.
I think we're going to do a seed review again in the O cycle. In addition
to deciding if things should be removed from main, maybe we should decide
on a few things to remove from the CD so we can include *all* drivers.
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
Re: Handling of configuration conflicts during upgrade (was: Re: [10.04 64bit])
Excerpts from Etienne Goyer's message of Mon Apr 18 10:52:25 -0700 2011: > On 11-04-18 01:27 PM, Clint Byrum wrote: > > The issue is that you have changed these files from the defaults. The > > package maintainers may have made a change to the way the package works > > that is incompatible with your changes, so its important to see those > > differences and *decide* whether to keep your config file or merge their > > changes into it (or just take theirs). > > A bit off-topic, but this is a recurring problem when upgrading, and > it's only worst when doing LTS-to-LTS upgrade (since there's a lot more > default configuration changes). It makes automatic non-interactive > upgrade challenging in certain situation. > > I see two things that could help that: > > 1. Having a tool that check ahead of time for these conflicts. That > way, you can plan the upgrade accordingly. > > 2. The ability to specify --force-confdef and --force-confnew on a > per-package basis (so that you can get the maintainer's version for some > packages, and keep your local changes for others). > > > Thoughts? (surely this is not the right place to discuss that, though) > The real issue is that its a 2-way merge and not a 3-way merge. dpkg only has whats on disk now, and what it is trying to write. It does not keep a copy of the original config files so it can show you the changes in the context of changes that you, the user made, to the common ancestor. If it did that, it could probably automerge most of the time. That said, this is what configuration management is built for. The problem of doing this per-server is impossible to solve without manual merging. With config management, you simply need to maintain the pro-active changes you need to make, and apply them when appropriate. In this way, you would do your upgrade with --force-confnew and then re-run your configuration management to make all of the necessary changes to turn it back into your server. If you're not using config management by now, you are just wasting your sysadmin time. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Jenkins -> Universe
Excerpts from James Page's message of Mon Apr 18 01:09:57 -0700 2011: > During the Natty cycle I've been working on getting Jenkins (nee Hudson) > + required dependencies (around ~80) built from source with the aim of > having a set of packages that could be part of the main Ubuntu archive > for Oneiric (see [0]). > > This work is pretty much there; Ideally I want to feed this back through > Debian so both distros get the benefit of this package (I have emailed > the debain-java team but with limited response to date). > > I hope to work on making this happen during the first part of the > Oneiric cycle; Help in terms of review and sponsorship would be much > appreciated! James this is really, really awesome. I think Jenkins going into the archive will really enable people to setup CI environments much faster. Are there any big decisions that need to be made here, or are we just looking to define the objectives for completing the goal? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [10.04 64bit]
Excerpts from Hilco Wijbenga's message of Sun Apr 17 17:39:59 -0700 2011: > Hi all, > > I'm trying to automate the setup of an Ubuntu Server 10.04 64bit > system. I am unable to run apt-get upgrade sucessfully (i.e. without > manual intervention). Every time it blocks because of openssh-server > (and portmap): > > Setting up openssh-server (1:5.3p1-3ubuntu6) ... > > Configuration file `/etc/init/ssh.conf' > ==> Modified (by you or by a script) since installation. > ==> Package distributor has shipped an updated version. >What would you like to do about it ? Your options are: > Y or I : install the package maintainer's version > N or O : keep your currently-installed version > D : show the differences between the versions > Z : background this process to examine the situation > The default action is to keep your current version. > *** ssh.conf (Y/I/N/O/D/Z) [default=N] ? > > I tried '-y' and '--force-yes'. I tried using aptitude instead of > apt-get. I tried aptitude's safe-upgrade. I tried setting debconf to > Noninteractive. Nothing seems to make any difference. How do I make > sure the upgrade continues automatically? The issue is that you have changed these files from the defaults. The package maintainers may have made a change to the way the package works that is incompatible with your changes, so its important to see those differences and *decide* whether to keep your config file or merge their changes into it (or just take theirs). Please use extreme caution before proceeding.. Still, to force one or the other, you can force it to keep your version (the default): apt-get -o DPkg::Options=--force-confdef or make it take the new packager's config file with: apt-get -o DPkg::Options=--force-confnew -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Test version of Upstart with full chroot support available
Excerpts from James Hunt's message of Fri Apr 15 09:57:07 -0700 2011: > > This is likely because the dbus upstart job has a post-start that sends > > USR1 to pid 1, which is supposed to tell it to re-connect to dbus. > > > > I believe the bug is because the USR1 handler needs to ignore requests > > to re-connect to dbus from chrooted processes, but I haven't gotten very > > deep in to debugging it yet. > > > Hi Clint, > > I've now fixed this bug and updated the ppa with > upstart-0.9.6-1ubuntu1~jh1. Feel free to re-test and let me know how it > goes. > Its working *perfectly* for me. No more dbus issues, and chroot support is flawless. Well done! -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Test version of Upstart with full chroot support available
Excerpts from James Hunt's message of Fri Apr 08 08:51:48 -0700 2011: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi All, > > As a precursor to pushing this update out to Natty next week, I've > updated my upstart-testing PPA with Upstart version 0.9.5-1ubuntu1: > > ppa:jamesodhunt/upstart-testing > > Code is here: > > lp:~jamesodhunt/ubuntu/natty/upstart/fix-chroot-sessions > > As the name suggests, chroots should now work fully [1], but we are keen > to solicit feedback from the community. FYI, on my natty box when I was running this, installing dbus in a schroot session resulted in upstart consuming all available virtual memory and eventually crashing the box. Steps to reproduce: (assuming you've setup schroots w/ mk-sbuild): schroot -c natty-amd64 -u root apt-get install dbus At the 'setting up dbus' point, upstart starts to consume memory at an alarming rate. This is likely because the dbus upstart job has a post-start that sends USR1 to pid 1, which is supposed to tell it to re-connect to dbus. I believe the bug is because the USR1 handler needs to ignore requests to re-connect to dbus from chrooted processes, but I haven't gotten very deep in to debugging it yet. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Server Boot
Excerpts from Sander Smeenk's message of Wed Apr 06 12:25:55 -0700 2011: > Quoting Clint Byrum (cl...@ubuntu.com): > > > > * GRUB's default "graphical console" > > Not sure I follow you .. whats the problem here? It looks pretty "texty" > > to me, but I have been primarily booting it in VM's. > > GRUB, Plymouth and later console-setup fiddle with the 'VESA Video > Mode'(?) of the text console. GRUB does it to display backgroundimages, > Plymouth for the splashscreen and console-setup changes the font of the > consoles. > > The problem is that lots of *LOM, *RMC and DRAC solutions completely > choke on these "nonstandard" videomodes. I could blame that on the > crappy Java applets they use, ofcourse. But why?! ;) There are actually a lot of good things about using higher video modes on servers. The added width and lines in the console mean less information is lost when switching VT's for one. It might make sense to restrict the video modes if one of these devices is found. > > > > * Plymouth splashscreens (even textbased ones!) > > With things starting in parallel, plymouth is just a multiplexer that > > keeps messages and user interaction from running all over eachother. > > I'm not sure why you'd be against that. > > I'd be happy with unsorted lines prefixed with a PID or procname or > something. It would be like going through maillogs, i'm used to that ;) > Thats close to what you will have in 11.04 and later. The point is that sometimes we need to query the user, like if Apache has an encrypted SSL cert or there are encrypted volumes. Without Plymouth, the parallel stuff going on in the background would just stomp all over the prompts/answers. > Current(!) Plymouth, in Lucid and Maverick at least, obstructs me in my > work with >300 servers running Ubuntu Server. > > Real-life examples: i can't see why or rather when my server > spontaneously rebooted, or what that kernel panic was i could identify > by the keyboard-leds, but nothing was on my screen. > > I have had servers show the bootscreen with red/white dots, aparently > stuck, no messages on screen but hitting 's' made it boot (nobootwait > issue). All these things really stress me out when i'm trying to quickly > fix a problem with a server. And one question remains: why? ;) The "press S to continue" thing confuses a lot of people. The thing I can say is, in future releases you won't just get dots and the question. I do think there's an open bug suggesting that this also have a timeout so the boot can boot and have sshd up if possible so the FS can be fixed remotely. > > > Agreed that some things have been done to the boot that make no sense > > for servers. You've done a nice job identifying a few of them above. > > Yeah. You've nailed my point. "Ubuntu" is geared, or gearing, towards > Desktop users. I have no beef with that, i love Ubuntu on the desktop. > My parents love it too. It just works so well. > > When i install Ubuntu on a server i keep asking: why? > Why do we want our server to have backgrounds in GRUB and show > bootscreens during boot? Why do we want to start processes in parallel? > With current hardware it takes longer to get through all BIOS POSTs, > disk-detection, PXE and other ROMs than it takes to boot the OS. ;) There's definitely a move toward more virtualization and separation, where the parallelism is an asset. Even on a big server, having the ability to make services reactive to events *other* than 'runlevel' can be quite useful. I do think we need to do a better job of isolating things and defining the state of the system that services require before they can start. Once that is done, I hope you and other users will not even notice the parallelism other than the order of events occasionally changing slightly. > > One solution could be a subset of packages geared to servers? > Don't know how feasible that is. > > Currently it's really only the kernel that makes a server install a > server install. The packages installed are all the same available on the > desktop. There's just less pulled in though metapackages at install. > There's also the plymouth theme that is different on the server. And don't forget that servers are supported on LTS for 5 years instead of just 3 for desktops. What packages should we do differently for the server? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Server Boot
Excerpts from Sander Smeenk's message of Wed Apr 06 00:00:18 -0700 2011: > Quoting Louis RUPPERT (lrupp...@louruppert.com): > > > They are for me. In the rare instance of a hardware or boot failure, I > > like to be able to watch the process happen, and to be able to have a > > working console to login to. Anything that requires bootsplash and > > upstart potentially interferes with that. I don't care if my server > > looks pretty when it's booting. I do care that I can see at what point > > in the boot process a catastrophic failure has occurred. > > I do so much agree with this. I recently subscribed here to discuss > exactly these concerns with Ubuntu's server edition. > > These things really, really bug me in my work with Ubuntu Server: > > * GRUB's default HIDDEN_TIMEOUT_QUIET=true This seems less of a problem since 10.10, which made the timeout a little longer, you don't have to hold down shift just to see grub anymore. > * GRUB's default "graphical console" Not sure I follow you .. whats the problem here? It looks pretty "texty" to me, but I have been primarily booting it in VM's. > * Plymouth splashscreens (even textbased ones!) With things starting in parallel, plymouth is just a multiplexer that keeps messages and user interaction from running all over eachother. I'm not sure why you'd be against that. What I think people are against is that thus far this hasn't been fully utilized so there seem to be no messages rather than a healthy stream of them. Some work has gone into adding support for plymouth to show things like upstart's "starting" and "started" events with the job descriptions. Its still not entirely there, but this is definitely somewhere we need a lot of improvement and ideas. However, plymouth, especially the text based "details plugin", are not going away without replacing it with something that can similarly manage parallel output. $ cat /var/log/boot.log fsck from util-linux-ng 2.17.2 /dev/vda1: clean, 62654/495808 files, 291020/1979392 blocks * Starting mDNS/DNS-SD daemon [ OK ] * Starting Userspace bootsplash [ OK ] * Stopping Userspace bootsplash [ OK ] * Starting configure network device security [ OK ] * Starting Uncomplicated firewall [ OK ] * Starting Mount network filesystems [ OK ] * Starting System V initialisation compatibility [ OK ] * Starting SMB/CIFS File Server [ OK ] * Stopping Mount network filesystems [ OK ] * Starting Bridge socket events into upstart [ OK ] * Starting configure network device [ OK ] * Starting AppArmor profiles * Starting configure network device security [ OK ] [ OK ] Starting memcached: memcached. * Stopping System V initialisation compatibility [ OK ] * Starting System V runlevel compatibility [ OK ] * Starting automatic crash report generation [ OK ] * Starting save kernel messages [ OK ] * Starting regular background program processing daemon [ OK ] * Starting deferred execution scheduler [ OK ] * Starting CPU interrupts balancing daemon [ OK ] * Starting HTTP proxy-cache [ OK ] * Stopping save kernel messages [ OK ] * Stopping OpenSSH server [ OK ] * Starting OpenSSH server [ OK ] * Stopping System V runlevel compatibility [ OK ] Its still not 100% perfect, but this shows what plymouth hears from upstart, as well as init.d scripts' output ( the line buffering will need some work, https://launchpad.net/bugs/752393 ) Until the very end of the boot (where gettys are started), this is what you see. Failures are
Re: [Oneiric-Topic] Revisit Xen support
Excerpts from Soren Hansen's message of Mon Apr 04 01:40:39 -0700 2011: > 2011/4/3 Clint Byrum : > > Excerpts from Clint Byrum's message of Fri Apr 01 16:51:04 -0700 2011: > >> Other than people already having familiarity with Xen, what is a > >> compelling reason to support it in favor of, or in addition to, KVM? > > Not one person has stood up and said that KVM blows Xen away, or is even > > "better". > > Um, no... because you didn't ask. > Fair enough. Maybe we should ask though. Adding Xen back in means less resources for KVM, so the KVM users' opinions matter quite a bit. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Revisit Xen support
Excerpts from Clint Byrum's message of Fri Apr 01 16:51:04 -0700 2011: > Excerpts from Chuck Short's message of Wed Mar 30 07:27:50 -0700 2011: > > Hi, > > > > In the past Xen support in Ubuntu as a host has been difficult for a > > variety of reasons most notably no upstream kernel support. Now that > > dom0 should be coming into the vanilla kernel soon. I think its time to > > revisit supporting Xen as a hypervisor as well. > > Just playing devil's advocate here. > > Other than people already having familiarity with Xen, what is a > compelling reason to support it in favor of, or in addition to, KVM? > Really awesome feedback guys, and thanks for putting up with my "tire kicking" on this idea. So what I'm reading is that KVM should be good once hardware catches up with it. Xen takes advantage of older hardware more effectively, and may also have a better I/O system. Not one person has stood up and said that KVM blows Xen away, or is even "better". I have very little operational experience with either.. having had my website and IMAP server on a Xen domU running CentOS 5 for a few years, I can say that it is "fine" for the lightweight work of a wordpress blog and courier-imap. So, with all of that said, and xen dom0 support coming to the vanilla kernel, it sounds like a slam dunk for Ubuntu to raise xen to first class status. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Byobu
Excerpts from Dustin Kirkland's message of Sat Apr 02 08:14:48 -0700 2011: > On Fri, Apr 1, 2011 at 2:12 PM, Clint Byrum wrote: > > I took your statement of "we'll have almost everything we need." to > > mean, we'll have almost everything we need to make it the default > > terminal shell. > > Hey Clint, one important clarification here. Just need to update the > vocabulary here... > > This isn't about byobu as a "default shell". Byobu/screen is not a > shell itself, but rather a "command line window manager". It's a > program that runs within a shell, and allows you to launch and manage > dozens (40, by default) of shells within a single user process. http://en.wikipedia.org/wiki/Shell_(computing) "A shell is a piece of software that provides an interface for users of an operating system which provides access to the services of a kernel." We can call it a shell, a command line window manager, or George. What is being proposed is that it become the default user interface for the CLI of Ubuntu. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Revisit Xen support
Excerpts from Michael Zoet's message of Sat Apr 02 01:20:36 -0700 2011: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Am 02.04.2011 02:05, schrieb Raphaël Pinson: > > On Sat, Apr 2, 2011 at 1:51 AM, Clint Byrum wrote: > >> Excerpts from Chuck Short's message of Wed Mar 30 07:27:50 -0700 2011: > >> > >> Just playing devil's advocate here. > >> > >> Other than people already having familiarity with Xen, what is a > >> compelling reason to support it in favor of, or in addition to, KVM? > > > > > > Familiarity is a good reason I think, but also industry standards, and > > hardware considerations. I think a lot of big companies expect major > > distributions such as Ubuntu to provide a proper support for such a > > standard as Xen. I know it came as a disappointment for us that using > > Lucid as a (production) Xen dom0 was nearly impossible. Also, afair, > > KVM requires hardware support. Most recent machines provide it, but > > it's not rare to find servers that are too old to use it, and then > > you'd rather use Xen for servers than VMWare... > > > > I agree with that! Really big companies choose the things they know. > And if they have to switch the distro they do it. > Noted. It sounds like Xen has a lot of inertia. > Another advantage for Xen: it is more mature and easier to setup (at > least for me because I have only one configuration file I can change > with vim). Much more documentation around that works. You have much > more network options. And you can easily assign a hardware NIC to a VM > with Xen. With KVM this does not work on every hardware... (Now I have > 2 15.000,- ? servers where I can not do the things with KVM I could > easily do with Xen. This was a pitty experience...) > I feel like a broken record, but could you provide us with some facts to back up these claims? Bug reports, manual pages, etc. I feel like there is a lot of anecdotal evidence, but we shouldn't make our decisions just because somebody says KVM can't do this or Xen can do that. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Revisit Xen support
Excerpts from Nathan Stratton Treadway's message of Sat Apr 02 04:14:19 -0700 2011: > On Fri, Apr 01, 2011 at 16:51:04 -0700, Clint Byrum wrote: > > Other than people already having familiarity with Xen, what is a > > compelling reason to support it in favor of, or in addition to, KVM? > > I don't know all the details myself, but my coworkers did some testing > and found that KVM was not able to isolate the virtual machines properly > when there was a high IO load. In the end they switched back to > running Debian on the Dom0 so we could use Xen. Nathan, can you dig up any facts to back this up? I understand that you weren't able to make KVM do what you knew how to do in Xen, but that doesn't mean that KVM can't, just that the docs and interface are lacking. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Revisit Xen support
Excerpts from Serge van Ginderachter's message of Sat Apr 02 02:17:29 -0700 2011: > On 2 April 2011 01:51, Clint Byrum wrote: > > > Other than people already having familiarity with Xen, what is a > > compelling reason to support it in favor of, or in addition to, KVM? > > > > > Performance. > Serge, would you mind elaborating on that? I'm looking for facts. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Ubuntu Orchestra
Excerpts from Raphaël Pinson's message of Fri Apr 01 16:28:40 -0700 2011: > On Wed, Mar 30, 2011 at 6:51 PM, Dustin Kirkland wrote: > > A series of similarly themed blueprints from UDS-Natty in Orlando were > > subsequently combined into a single blueprint [1] in the Natty cycle. > > > > As of 11.04, we have several of the key building blocks now packaged > > in the Ubuntu archive (cobbler, mcollective, etc). And we have a > > branch at lp:orchestra that provides the basic meta packaging for > > pieces we want to implement using the best of free software: > > * Provisioning / Installation Services > > * Configuration Management > > * Monitoring > > * Orchestration > > > > There are several limitations to stock ISO-based installs (eg, another > > thread here raises the issue of the limited ISO capacity). A complete > > network installation service is essential to the future of Ubuntu > > Server efforts. I envision a situation where the first step in > > deploying a set of Ubuntu Servers is to install the Ubuntu Orchestra > > Provisioning server (apt-get install > > ubuntu-orchestra-provisioning-server, or perhaps run a temporary > > deploy server from a LiveUSB). Subsequent installations in the > > hundreds or thousands are rapidly and flexibly bootstrapped directly > > from the provisioning server. > > One thing I like about FAI is that (afair from a few years back at > least) the live CD uses FAI to install the FAI server itself, using a > special class. All the same, when setting up a puppetmaster, it's > often recommended to begin with the puppetmaster class itself, > ensuring that the machine can install/replicate/manage itself before > it begins installing/replicating/managing others. > > I think it could be good to have an install CD specifically tailored > for bootstrapping a provisioning server. After all, that's the only CD > you might ever have to use to get started with your DC. > Agreed. Right now we have a CD for installing the whole UEC. That is useful for some but its not the whole story. Having a CD which bootstraps cobbler onto a server so you can rapidly build a private cloud would be super awesome (as would a DVD with "everything" on it). There's support in Cobbler for building custom CDs from the archives you've imported. I don't think it works for building an Ubuntu/Debian CD yet, but that is largely because we haven't done the work to integrate the tools for doing that into Cobbler. That would be a great project for Oneiric. > > Our OpenStack integration efforts for 11.10 will require some > > installation modifications similar to what we did in 9.10 for > > Eucalyptus and UEC. Rather than hacking through the guts of the > > debian-installer again for this work, I suggest that we build > > OpenStack's installation on top of a modern network installation > > service, as serious cloud deployments necessarily require the > > installation of more than one system. (Note that OpenStack already > > has a prototype of such a service with the Crowbar project.) > > > As a note from working in a DC with complex network infrastructure, it > could be useful (but maybe it's not Ubuntu's job) to provide a layout > to control switches. In our infrastructure, we use VLANs extensively > to organize services in sub-networks. We have an installation VLAN > that is not routed and is reserved for machines to be installed via > FAI. I know we're not the only ones doing this, and I believe it's > generally a good practice, since it ensures that your installation > DHCPd will not mess up production machines, and at the same time you > won't have to play with cables either, just retag the switch port to > use a production VLAN (or more than one if necessary) instead of the > installation VLAN. In such infrastructures, it is useful to consider > that the network installation service (or orchestra-like service) > might control switches via SNMP to automatize this step. So the steps > are: > > 1) Set switch port assigned to machine to installation VLAN; > 2) Start network installation (reboot and let pxe + > cobbler/FAI/kickstart/other do its job); > 3) Set switch port assigned to machine to production VLAN; > 4) Let puppet/cfengine/chef/other deploy software and configure the > machine for production. > > I don't expect that Orchestra would impose a VLAN-based network > infrastructure, but maybe it would be great if it provided > functionalities to plug this kind of DC architecture directly in it. > We could consider having such a functionality, and letting people plug > in the SNMP mib they need for their router. > > Just an idea, but I think it might make a huge difference for big DCs. > And sorry for the noise if that's already implemented :-) https://fedorahosted.org/cobbler/wiki/AdvancedNetworking There's the current state of advanced networking stuff in Cobbler. I'm sure there are switch control tools out there that allow altering a ports vlan tags simply. > > > A web/network-bas
Re: [Oneiric-Topic] Revisit Xen support
Excerpts from Chuck Short's message of Wed Mar 30 07:27:50 -0700 2011: > Hi, > > In the past Xen support in Ubuntu as a host has been difficult for a > variety of reasons most notably no upstream kernel support. Now that > dom0 should be coming into the vanilla kernel soon. I think its time to > revisit supporting Xen as a hypervisor as well. Just playing devil's advocate here. Other than people already having familiarity with Xen, what is a compelling reason to support it in favor of, or in addition to, KVM? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Byobu
Excerpts from Scott Kitterman's message of Fri Apr 01 12:16:28 -0700 2011: > On Friday, April 01, 2011 03:12:56 PM Clint Byrum wrote: > > I took your statement of "we'll have almost everything we need." to > > mean, we'll have almost everything we need to make it the default > > terminal shell. > > If you go down this route, please on new installs only. If a system is being > upgraded it's presumably set up the way the admin wants it. Presumably this would only be enabled in the /etc/skel default bashrc, and so, existing users would not suddenly see byobu on their next login. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Byobu
Excerpts from Dustin Kirkland's message of Fri Apr 01 10:43:02 -0700 2011: > On Fri, Apr 1, 2011 at 11:48 AM, Clint Byrum wrote: > > Excerpts from Dustin Kirkland's message of Fri Apr 01 07:08:31 -0700 2011: > >> 2011/4/1 Raphaël Pinson : > >> > Also, a few years back, I had begun to work on making screen ACLs > >> > easier in byobu, but had not found the time to finish that part. Since > >> > Ubuntu encourages the use of user accounts vs root, this is a feature > >> > that could be very useful on Ubuntu servers I think. > >> > >> That's a great idea, Raphael. Actually, I was talking with Dave > >> Walker about this recently. Basically, I'm just going to move the > >> screen configuration magic from screenbin into byobu, and I think > >> we'll have almost everything we need. > >> > > > > Maybe I'm missing something here.. but this seems to happen to me > > whenever I enable "byobu by default" (last time I did this in earnest > > was for a week around 10.10 beta1, but I simluated it again just now on > > natty beta1 to confirm its still this way): > > Clint, > > We're talking about two different things. What you're talking about > is the behavior of one system user on the system, logging in multiple > times, from multiple different places. > > We're talking about GNU screen's built in ACL feature, where one user > can share a session (optionally with read/write, or read/only) to a > different system user. So user 'kirkland' could share his session > with user 'Spamaps', or 'guest'. > I took your statement of "we'll have almost everything we need." to mean, we'll have almost everything we need to make it the default terminal shell. > > [ from inside byobu ] > > clint@laptop:~$ sshlucid-box-that-has-byobu-on > > > > I know that had it been a later release it would ask me about the nested > > session. I am not sure that is all that great as well, how about just > > making the default answer N and not even asking? I know sometimes you > > do want a nested session... but I'd bet guess thats a special case and > > usually not what users want, and is handled very well by running 'byobu' > > Even a simple echo 'You have an active byobu session..' would be better > > than stopping to ask me a question. > > Interesting. Sure, we can make that configurable, at the very least. > And we should absolutely discuss the most sensible default behavior. > That's absolutely a valid point, and something that should definitely > be reconsidered. > I opened a bug to get some feedback: https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/747649 > > Anyway, since this is a lucid remote box, now I have *4* lines of byobu > > hotness at the bottom. Also I hit F2 to go to the next window. OOPS, > > my ssh session disappeared because I'm only controlling the local > > byobu. I want to scroll back on the remote machine to see what I did > > 5 minutes ago. Oops, the scrollback capabilities are gone because my > > local terminal has been told its got a window now. Ctrl-A-A-ESC will > > get me into the screen backscroll/copy/paste mode, but by this time, > > honestly.. I'm very, very annoyed and just want my bash back. > > You can *always* get around byobu launching by default by running: > > $ ssh -t remotehost bash > > I use this frequently when ssh'ing elsewhere from within Byobu, if I > don't want a nested session. This probably needs to be documented > better. > I think its well documented and works fine. My main concern is that it interrupts the normal flow to have to logout and back in to disable the nesting. > > Until the mechanics flow between terminals and ssh sessions in a way > > that makes sense to me, I'll find it very hard to be a +1. > > Fair enough. It's really just a matter of knowing where you are, and > how to drive. It's second nature to me, at this point. > Thats sort of the opposite of all those who haven't started using byobu yet, whom we're suggesting may be opted in to it soon. This one isn't a total deal killer. I am concerned that going forward w/o some plan for how to handle nested sessions smoothly would be a missed opportunity to give a lot of users a really great first impression of byobu. > > Has there been any thought given to focusing on making byobu work in > > a more client/server way where a remote byobu knows it is talking to > > a byobu terminal, and so can integrate well into it (so add its status > &
Re: [Oneiric-Topic] Byobu
Excerpts from Dustin Kirkland's message of Fri Apr 01 07:08:31 -0700 2011: > 2011/4/1 Raphaël Pinson : > > Also, a few years back, I had begun to work on making screen ACLs > > easier in byobu, but had not found the time to finish that part. Since > > Ubuntu encourages the use of user accounts vs root, this is a feature > > that could be very useful on Ubuntu servers I think. > > That's a great idea, Raphael. Actually, I was talking with Dave > Walker about this recently. Basically, I'm just going to move the > screen configuration magic from screenbin into byobu, and I think > we'll have almost everything we need. > Maybe I'm missing something here.. but this seems to happen to me whenever I enable "byobu by default" (last time I did this in earnest was for a week around 10.10 beta1, but I simluated it again just now on natty beta1 to confirm its still this way): [ from inside byobu ] clint@laptop:~$ sshlucid-box-that-has-byobu-on I know that had it been a later release it would ask me about the nested session. I am not sure that is all that great as well, how about just making the default answer N and not even asking? I know sometimes you do want a nested session... but I'd bet guess thats a special case and usually not what users want, and is handled very well by running 'byobu' Even a simple echo 'You have an active byobu session..' would be better than stopping to ask me a question. Anyway, since this is a lucid remote box, now I have *4* lines of byobu hotness at the bottom. Also I hit F2 to go to the next window. OOPS, my ssh session disappeared because I'm only controlling the local byobu. I want to scroll back on the remote machine to see what I did 5 minutes ago. Oops, the scrollback capabilities are gone because my local terminal has been told its got a window now. Ctrl-A-A-ESC will get me into the screen backscroll/copy/paste mode, but by this time, honestly.. I'm very, very annoyed and just want my bash back. Until the mechanics flow between terminals and ssh sessions in a way that makes sense to me, I'll find it very hard to be a +1. Has there been any thought given to focusing on making byobu work in a more client/server way where a remote byobu knows it is talking to a byobu terminal, and so can integrate well into it (so add its status to the local byobu rather than adding another status line.. and letting f-keys be split between local / remote). THAT would make it smooth, and would probably turn me into a fan. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Puppet Integration
Excerpts from Mark Foster's message of Thu Mar 31 14:52:00 -0700 2011: > On 03/31/2011 10:36 AM, Chuck Short wrote: > > Puppet installs over apt-get and takes editing a quick > >> /etc/default/puppet file to say YES to enable it (rather than risk > >> conflicts) > > BTW this behavior is annoying, it should just rely on the normal methods > i.e. update-rc.d puppet defaults > Agreed. Does anybody know why puppet does this? What conflicts are we talking about? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Fwd: Cobbler 2.1.0
Excerpts from Scott Kitterman's message of Thu Mar 31 08:24:05 -0700 2011: > > I accepted 2.1.0 into the archive earlier this morning. > And there was much rejoicing! -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Nagios
Excerpts from Etienne Goyer's message of Thu Mar 31 07:34:56 -0700 2011: > On 11-03-30 03:57 PM, Ralph Janke wrote: > > On 03/30/2011 02:25 PM, Clint Byrum wrote: > >> On Wed, 2011-03-30 at 10:59 -0400, Chuck Short wrote: > >>> Hi, > >>> > >>> I think we should re-evaluate if nagios is the monitoring solution we > >>> want to support and if it easy make really really easy to deploy. > >>> > >> Seems to me that we should consider dropping nagios from main and > >> promoting icinga as its replacement: > >> > >> https://www.icinga.org/faq/why-a-fork/ > >> > > +1 from me > > Not that I care a whole lot, but isn't this somewhat the same debate as > MySQL vs. one of the many forks? > > Nagios is now an household brand in IT. I would be very, very cautious > about dumping that out in favor of a recent fork. I am all for doing a > competitive analysis, but please take market adoption into account. > We have already committed to Nagios for 4 more years with 10.04. Its not going anywhere. Meanwhile in 1 year, we will be making another commitment with "P". I'd like to see us make the delta between O and P's seeds very small, and largely subtractive (removing things we don't want to support). So if we're going to make a bold move, we should analyze these things with an eye for where it appears they will go in the next year. IMO, Nagios will remain popular, but lose ground slowly to alternatives (as it has for the last few years). Icinga is a mystery to me, but should get better than Nagios. Zenoss seems to be gaining steam at a rapid pace. This Shinken thing looks *very* interesting, and they've made a very wise decision to stick w/ nagios config file compatibility. The way I'd like to see this happen is people read up on all the alternatives, talk to users, and bring their experience and knowledge of the conflicts, positives, and negatives for each with them to a UDS session. We should try to accomplish as much as possible here and on the wiki page so the session can stay focused on the question at hand: Should nagios remain in main, and if not, what would take its place? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] SRU Process
Excerpts from Scott Kitterman's message of Wed Mar 30 08:31:15 -0700 2011: > > https://help.ubuntu.com/community/UbuntuBackports > > It's driven by user request and testing. In the case of packages with > rdepends we require testing of those as well (sometimes rdepends need to be > backported as well) so we don't leave users with a broken system. A > reasonably large fraction of users enable backports, so we need to be careful > (you should have seenthe flurry of bug reports when I did a backport that > broke Flash). > > Once we have not-automatic fully deployed we might be able to reconsider this. > > Backports are a purely community driven process, so we're always looking for > more help. Scott, I think it may be worth arguing for a bit more of the Canonical-Employed server team members' time if backports achieves the level of usability that seems very close. I think it would certainly make upstreams happier too if instead of cherrypicking medium priority fixes into -updates, we just put critical fixes in -updates and pointed anyone wanting those nit-pick bugs fixed at backports. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Improvements to cobbler
Excerpts from Nicolas Barcet's message of Thu Mar 31 03:20:43 -0700 2011: > On 03/30/2011 05:14 PM, Chuck Short wrote: > > Hi, > > > > I would like to see more puppet intergration with cobbler. > > I'd like to see cobbler to grow a field to a cloud-init script that > would be used to preseed the machine, so that the script is served > directly by the cobbler server. I believe this is already handled by the preseed file with preseed/run -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Package Updates
Excerpts from Ralph Janke's message of Thu Mar 31 05:55:44 -0700 2011: > On 03/30/2011 07:19 PM, Clint Byrum wrote: > > On Wed, Mar 30, 2011 at 10:16:14AM -0400, Ralph Janke wrote: > >> Isn't it time to use mariadb instead of mysql? > >> > > I'd really like to have a good reason before moving to any of these as > > our preferred MySQL service. I don't think MySQL is like Hudson.. Oracle > > seems to be taking good care of it and (for the time being) nothing has > > changed in their approach to community contribution (which has never > > been fantastic anyway). > > > There are lots of reasons to go to mariadb! Ralph, your reasons are pretty compelling. Could you make sure they're up to date in the wiki matrix that Dave Walker posted a link to? I definitely think we should have a discussion about this at UDS. It would be a bold move to move MySQL out of main and instead make the "M" in our LAMP server MariaDB. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: tomcat -> which version to download
Excerpts from Kaushal Shriyan's message of Thu Mar 31 04:34:47 -0700 2011: > Hi, > > As of now I am using tomcat apache 5.5.27 with java version "1.6.0_24" on > Ubuntu Server 10.04. I happened to visit the url -> > http://tomcat.apache.org/whichversion.html Bit confused. Not sure which > version i need to go for my production purpose to avail latest features and > performance improvement. > > Please suggest/guide. If you want to take advantage of the high degree of stability of 10.04 you should probably think about using the 'tomcat6' package in Lucid, which is v6.0.24 + patches for critical issues. However if you have some specific reason to use tomcat 5.5 .. then you are on your own as far as recommendations.. how can we help you choose? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Ubuntu Server hardware requirements...
https://help.ubuntu.com/community/Installation/SystemRequirements This states the following requirements for running Ubuntu Server: * 300 MHz x86 processor * 128MB of system memory (RAM) * 1GB of disk space * Graphics card and monitor capable of 640x480 * CD-ROM drive The first one is somewhat funny, as I think there were only a few early Pentium II's and PentiumPro's that ran at 300Mhz. Since we dropped i586 support in Maverick, might we also think about raising this to say, 450Mhz ? Also while there are things one can do w/ 128MB of RAM on Ubuntu Server.. is it a realistic minimum? Do we actually require a graphics card? If you are clever you can get the alternative installer to install via serial console IIRC. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Fwd: Cobbler 2.1.0
Very cool, an official release of Cobbler is now available that can install Ubuntu and Debian. We should be shipping 2.1.0 in 11.04, or at least, a very very close pre-released version of it. --- Begin forwarded message from Scott Henson --- From: Scott Henson To: cobbler development list Date: Thu, 31 Mar 2011 00:11:10 -0700 Subject: Cobbler 2.1.0 I'd like to officially announce availability of Cobbler 2.1.0 [0]. It contains a lot of new functionality. The biggest of these changes are the addition of a bunch of new Distributions that we can manage. I think most people will find Debian and Ubuntu support to be the most interesting. Please check the change log and git for all the particulars. Thanks to all who made this possible. Enjoy. [0] - http://shenson.fedorapeople.org/cobbler/cobbler-2.1.0.tar.gz --- End forwarded message --- -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Puppet Integration
Excerpts from Adam Gandelman's message of Wed Mar 30 13:04:37 -0700 2011: > On Wed, Mar 30, 2011 at 11:10:47AM -0400, Douglas Stanley wrote: > > > It's been an ongoing topic for while. I think we really have the > > > opportunity to differentiate Ubuntu here. In particular, preseedable > > > d-i integration would make Ubuntu deployment a completely hands-off > > > operation. Again, count me in for that one! > > > > > > > I'd also like to see this, as well as some possible pre-canned > > recipes/manifests. Even if they were just in an extra docs package, or > > on a dedicated wiki section or something like that. > > > > Doug > > > > I've been thinking about this, too. It would be great if users who > are creating a new puppet-centric infrastructure can start by creating > a puppet master node with the puppetmaster + new modules package. > The modules package could contain pre-written modules for common services > that define and take care of installation, configuration, management, etc. > If done correctly, the entire environment could be in-place and waiting > before any additional systems are booted. Another option would be to have > additional puppet-* or puppetmasterd-module-* packages, each containing > a module for a specific service or need. > The logical choice for this would be to take the stuff from puppet forge http://forge.puppetlabs.com/ And package it all, or at the very least, make sure its very easy and obvious how to get the modules available there. > Initially it felt like Puppet was still so new that it was difficult > to find defined best-practices, but with the publication of the Puppet > Style Guide ( http://www.puppetlabs.com/blog/a-question-of-style/ ) it > seems it wouldn't be too hard to develop and ship manifests and modules > that meet the standards.o I don't know that we want to get in to the business of developing manifests. It has proved difficult to keep them generic enough to be much more than templates. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Package Updates
On Wed, Mar 30, 2011 at 10:16:14AM -0400, Ralph Janke wrote: > Isn't it time to use mariadb instead of mysql? > Could you provide some rationalization of MariaDB vs. the main MySQL releases? There are a bunch of forks we could consider with varying degrees of compatibility with MYSQL. Percona (working on packaging) MariaDB (available from their own repos) Drizzle (in universe) Compatible or not, none of these are really MySQL. I'd really like to have a good reason before moving to any of these as our preferred MySQL service. I don't think MySQL is like Hudson.. Oracle seems to be taking good care of it and (for the time being) nothing has changed in their approach to community contribution (which has never been fantastic anyway). -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Split Server and Cloud
On Wed, 2011-03-30 at 01:10 -0400, Scott Kitterman wrote: > There does not seem to be a lot of overlap between people interested in > working on traditional server systems and cloud systems. There is also not a > lot of overlap in the package selection. > > It would clear up confusion if Server were separate from Cloud. Cloud is > more > of an alternate platform than and end of itself. > There are really two things that "cloud" can mean. There is cloud host, and cloud guest. In main, I don't see anything that is cloud guest specific beyond cloud-init (which, it turns out, is useful on servers too as we can use it with a provisioning system to pre-configure a system beyond what preseeding can do). There is far more that is server only because bits of infrastructure are abstracted away for cloud guests. For creating a Cloud Host, there is Eucalyptus. Presumably, Openstack would like to be in main and on equal footing with Eucalyptus as well. Other than these two, what would warrant a separate product? What about these two compromises the server product, other than CD space? Also these are really just services that run on a server (albeit, very heavy ones), so all the other great stuff in server is highly complimentary to them. I do think its worthwhile to think about having a DVD/USB image with the cloud hosting options, and then the CD can have more critical stuff on it that focuses on installing the server OS and integrating it into a network. This is one reason we've been putting time into the Ubuntu Orchestra idea, which is meant to help people deploy Ubuntu on a network, presumably without putting CDs or DVDs in individual servers and camping out by the keyboard/monitor. The workflow there is to simply download the iso to your cobbler server, import it, and then do your installs over the network. If that works really well, I could see it being even easier to justify having a DVD iso for those users who want to deploy a private cloud, and then the smaller CD which just helps you get a simple server, or Orchestra going. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Nagios
On Wed, 2011-03-30 at 10:59 -0400, Chuck Short wrote: > Hi, > > I think we should re-evaluate if nagios is the monitoring solution we > want to support and if it easy make really really easy to deploy. > Seems to me that we should consider dropping nagios from main and promoting icinga as its replacement: https://www.icinga.org/faq/why-a-fork/ -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Server Boot
On Wed, 2011-03-30 at 17:21 +0200, Alvin wrote: > Yes, they are certainly still issues (and the primary reason the company I > work for is abandoning Ubuntu.) > > I agree that a lot of servers are not often rebooted, but not every server is > a webserver. Some are used only during certain hours and can be booted > automatically (BIOS or WOL) when needed in order to keep the electricity bill > down. Booting should be a reliable and automated process. Accurate logging is > important in order to know what went wrong in case the unthinkable happens. > > The current boot.log looks like: > > mount.nfs: DNS resolution failed for 192.168.xxx.3: Name or service not > known > > mount.nfs4: Failed to resolve server exampleserver: Name or service not > known > > mountall: mount /srv/example [1134] terminated with status 32 > > mount error(101): Network is unreachable > while in reality filesystems are mounted. Now, when something goes wrong, the > log is identical. conclusion: boot.log is useless. (actually, the log is > probably correct. it can't resolve server names at that specific time.) > Proper boot logging would be popular[1]. > Agreed. This was on the list of bugs in upstart that were targetted to be fixed in natty, but it looks like it will not get done. Logging the output of daemons is *critical* to debugging boot issues. On another note, I believe Colin Watson added some support to the plymouth details plugin (which is, IIRC, the default on the server) to show upstart's starting/started events along with other console-bound messages. Not sure if that has to be enabled manually or what, but its worth adding to the discussion whether we want to see these by default (IMO, we do). > Take the following example of a server boot. Let's also assume that nothing > goes wrong that could lead to a busybox console. (It certainly can![2][3]) > So, you're now sitting in front of a nice prompt. Everything looks ok, but is > it? The server mounts NFS shares from another server, it runs KVM/libvirt > with > a netfs storage pool for its virtual machines and a quasselcore for IRC that > stores it's data on a postgresql on another server. The local filesystem uses > mdadm for RAID1 and LVM on op of that. Very server-like. (I once made this > setup to test some things.) In order to keep things under control, there are > /no/ LVM snapshots. That is another ugly story. > Pretty much all of this is solved with better logging/display of the success/failure of items during boot, since you will have some better idea of what happened. > So, what happens now: > - The RAID will be broken! [4][5] Re: mdadm.. I find our software RAID support to be quite unsatisfactory. I think its worth focusing just on this for a session to prioritize which bugs will be fixed for Oneiric and even suggest further bugs that need to be fixed before the P release. I know Surbhi, in the Foundations team, has spent some time improving mdadm quite a bit, but the bug list is long and she hasn't gotten to everything yet. > - The NFS shares in /etc/fstab might not be mounted, [6][7] > even when you told the system to wait with _netdev. [8] > - Your virtual machines on netfs will not be running. [9] > - The quasselcore with external db will not be started. [10] > > The array can be assembled by running a command and all of the above daemons > can be started manually. > > I talked about some of those topics on IRC, and the following workarounds > came > up. There are also some workarounds in the bug reports. > - Put NFS shares in /etc/fstab, and don't configure them as netfs storage > pools. > - Put the IP addresses of your NFS servers in /etc/hosts. > > For most servers, speeding up the boot process is less important than > reliability. Why not take a look at how Debian does it? You can disable > running the boot scripts in parallel with 'CONCURRENCY=none' in > /etc/default/rcS. > I think we can achieve a reliable boot sequence with upstart without giving up on parallelism. A critical piece of this is the logging bit that you mentioned earlier, so that we can tell what was actually happening when things went wrong. Please see my previous message about fences too. I really think that most of the issues people have with the boot stem from getting into runlevel 2 a bit early. Also its important to mention another project that James Hunt has been working on, which is enabling an 'interactive boot' in upstart. Basically he has a job that, when enabled, will ask you to confirm each starting event on the system while plymouth is running (which is right up until the getty's start). In this way, you can walk through the boot seeing things succeed and noting when it locks up / fails. > Also, think about daemons of commercial software without upstart scripts. You > never know whether they will start at boot or not. > Sure you do, they will start after the runlevel 2 event is emitted. If there is further ordering needed.. this can
Re: [Oneiric-Topic] Server Boot
On Wed, 2011-03-30 at 10:49 -0400, Douglas Stanley wrote: > On Wed, Mar 30, 2011 at 8:52 AM, Serge E. Hallyn > > I think right now these issues are oveshadowed by the fact that a > > great deal of server software is not yet upstartified. I think that > > needs to be addressed for O. > > I agree, it can get confusing when for example restarting some > services, I do restart, and for others I have to do the older > /etc/init.d/service restart. I miss the days when it was all uniform > :) > > Even if there was at the least, some kind of wrapper, so when I did > restart servicexyz, if that service wasn't upstartified, it just ran > the init script restart for me... > There is a wrapper, and has been for a long time: service X restart Will do the right thing, and figure out if the service has been upstart-ified or not. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Oneiric-Topic] Server Boot
On Wed, 2011-03-30 at 07:52 -0500, Serge E. Hallyn wrote: > Quoting Scott Kitterman (ubu...@kitterman.com): > > There was a lot of discussion around improving the server boot experience > > before the UDS-M. A number of people expressed interest in seeing more > > useful > > diagnostic information during boot. Others expressed concerns with boot > > reliability on the more complex hardware typically found in servers. > > > > How are we doing on this? Personally, I can't remember the last time I > > rebooted a server and it wasn't via SSH and the hardware I use is the sort > > there were problems with. Are these still issues for the Ubuntu Server > > community? > > > > Scott K > > I think right now these issues are oveshadowed by the fact that a > great deal of server software is not yet upstartified. I think that > needs to be addressed for O. I wonder if we need to address all of them. There are hundreds of daemons that will always work perfectly fine in /etc/init.d as a sysvinit script. $ apt-file search /etc/init.d| wc -l 1179 If I narrow it down to main, that drops to 220, 50 or so of those are already symlinks to upstart-job. So realistically, I'd say there are 150 - 170 left to convert in main, and probably about 1000 in universe. Rather than focus on upstartifying everything, the focus should probably be on getting the key infrastructure pieces working well in upstart (kerberos, ssh, ldap, nfs, etc), and then in improving the sysvinit compatibility layer so that Ubuntu continues to shine when something uses a sysvinit job. I think one issue with server boot is that its been left to the event model without many fences. James Hunt's visualization tool shows arrows going *everywhere*: http://upstart.at/2011/03/25/visualisation-of-jobs-and-events-in-ubuntu-natty/ http://upstart.at/wp-content/uploads/2011/03/initctl2dot.png But if you look at it, things get *much* more orderly around the runlevel event. This is a fence. We can reasonably say that the system, upon emitting the runlevel 2 event, has crossed into a zone where it is ready for network services to start. The problem is, its not true. This event is emitted as soon as lo is up by rc-sysinit: start on filesystem and net-device-up IFACE=lo Some services handle this quite well, some do not. Right now, the only other fences are flawed: start on net-device-up IFACE!=lo Which means at least one real interface is configured. This will never come on a machine that has no network. It has the benefit though, that it is emitted every time a network appears, so for laptops bouncing from no network, to wifi, and back, this is a great event to use to make sure something is up whenever there is a real network. On a server though, this just means that one of the possibly many interfaces is up, and so probably shouldn't be used. Or start on started networking Which means 'ifup -a' has returned, which means that all static, auto interfaces are configured. It also means we're missing dhcp interfaces. We should change rc-sysinit to start on started networking. This carries with it one problem, which is that if a static network interface needs a sysvinit service to finish coming up, it will lock the boot up. So we would have to review all scripts in /etc/network/ifup-pre.d and /etc/network/ifup-post.d and make sure they don't rely on sysvinit services. Likewise, we'd have to get this done quickly so users can review any custom scripts they have before the next LTS. As a secondary measure, running these scripts should time out so the boot can continue if this deadlock is encountered. This condition, of finishing 'ifup -a', was the case up until the all-upstart boot was done. The way the deadlock was avoided was services that expected to be needed before networking was available would specify a low number for runlevel S. These services are quite few, and can be easily identified and converted to upstart jobs that start at the right time. If I look on a hardy system at /etc/rcS.d, with netbase installed.. I see very little between loopback and networking: lrwxrwxrwx 1 root root 18 Mar 30 10:45 S08loopback -> ../init.d/loopback lrwxrwxrwx 1 root root 20 Nov 30 17:46 S11hwclock.sh -> ../init.d/hwclock.sh lrwxrwxrwx 1 root root 26 Nov 30 17:46 S11mountdevsubfs.sh -> ../init.d/mountdevsubfs.sh lrwxrwxrwx 1 root root 16 Nov 30 17:46 S17procps -> ../init.d/procps lrwxrwxrwx 1 root root 22 Nov 30 17:46 S20checkroot.sh -> ../init.d/checkroot.sh lrwxrwxrwx 1 root root 17 Nov 30 17:46 S22mtab.sh -> ../init.d/mtab.sh lrwxrwxrwx 1 root root 20 Nov 30 17:46 S30checkfs.sh -> ../init.d/checkfs.sh lrwxrwxrwx 1 root root 21 Nov 30 17:46 S35mountall.sh -> ../init.d/mountall.sh lrwxrwxrwx 1 root root 31 Nov 30 17:46 S36mountall-bootclean.sh -> ../init.d/mountall-bootclean.sh lrwxrwxrwx 1 root root 26 Nov 30 17:46 S37mountoverflowtmp -> ../init.d/mountoverflowtmp lrwxrwxrwx 1 root root 20 Mar 30 10:46 S40networking -> ../init.d/networking
Server Team 20110322 meeting minutes
Hi, Here are the minutes of the meeting. They can also be found online with the irc logs here: https://wiki.ubuntu.com/MeetingLogs/Server/20110322. Meeting Actions * Daviey to talk with wider docs team regarding translations (deferred) * Daviey to post another followup one euca-dhcp bug. * SpamapS to put his version of ubuntuserver-minutes in directions for writing minutes Natty Development * Nothing much to report here. The Work Items Tracker for beta1 seems to suggest we are a bit behind and need to postpone some items. * http://people.canonical.com/~platform/workitems/natty/canonical-server- ubuntu-11.04-beta-1.h Ubuntu Server Team Events * Texas Linux Fest, April 2nd, kirkland and RoAkSoAx will be presenting * MySQL Users Conference, April 13,14 - SpamapS presenting. * Noted that UDS-O is coming soon. Sponsorship nominations due March 29 Weekly Updates & Questions for the QA Team (hggdh) * hggdh and Daviey are working on a problem with Eucalyptus and isc-dhcpd v4, no word yet on the final resolution * SpamapS and jhunt will be proposing jenkins jobs to test boot/shutdown in a UDS-O session Weekly Updates & Questions for the Kernel Team (smb) * smb wondered how disappointed users would be if an SRU to the lucid kernel disabled NET_NS. hallyn believes that this is a popular component of LXC, even if it is somewhat buggy in lucid. SpamapS agrees that it would be a very unpopular move. Weekly Updates & Questions for the Documentation Team (sommer) * It would appear that sommer is no longer able to spend time working on the Ubuntu Server Guide or attend these meetings, and so we may need to seek more help with maintaining the server guide. Weekly Updates & Questions from the Ubuntu Community * kim0 noted that the virtual event, UbuntuCloudDays is happening March 23/24, and several server team members are presenting (soren, Daviey, SpamapS) Open Discussion * hally had brought up that the duplication required of the meeting chair to publish the meeting minutes was somewhat annoying. SpamapS pointed out his branch of Mathias Gug's old ubuntuserver-meeting tool sends to multiple addresses at once, and allows the writer to create just one copy of the minutes. Agree on next meeting date and time * Tuesday, March 29 2011 16:00 UTC in #ubuntu-meeting -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Ubuntu-Server Team Membership
On Fri, 2011-02-25 at 22:58 -0500, matt rosenberg wrote: > Hello, > My name is Matt. I am interested in joining the ubuntu-server team on > launchpad. I currently run ubuntu on 2 Desktops 1 Netbook 1 Server(in > house) and 4 Desktops remote(family admin through ssh and dyndns). > I am fairly good with Networking and the cli although I'm no master, > google is my best friend for that. I have taught myself everything I > know and am currently learning python and php. I don't know how much > help I could be in the beginning but I am willing to learn and help out > any way I can. > Hi Matt! Thanks for the interest. There are a bunch of great ideas for helping out here: https://wiki.ubuntu.com/ServerTeam/GettingInvolved For the Natty Release, we can definitely use some help fixing bugs. Just find one, grab the source, make a patch, and add it to the bug report. Welcome! -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: how do web hosting companies give ssh and root to so many users.
On Sat, 2011-03-05 at 20:12 +0530, Abhishek Dixit wrote: > Very correct.But I see people given root access in these situations > also and other than websites people are given a lot of server access > with dedicated IPs and SSH access so how do they acquire so many > IPs.Are these web hosting companies responsible for the finishing of > IPv4 addresses. I think you'll find that companies that give you a "Virtual Private Server", or VPS, where your website sits behind the same public IP as many others will be a bit different than a dedicated real/virtual host. If it really isn't a shared hosting situation where everybody is under the same webserver, then everybody is probably behind a massive vhosting proxy. In this situation, either the provider won't give you ssh root access, or, if they do, they'll use an ssh bounce proxy like you described originally. I've never seen it, but they could also proxy your ssh connection based on the destination port, so you could do ssh -P 22001 mydomain.com and it would find its way to your server. Again, I've never seen this in reality, but it would work. IPv4 exhaustion is real, but there is currently no simple plan to make everybody move to IPv6, so for the time being.. we all just have to deal with these little hacks. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: SSL by default for all packaged web apps?
On Wed, 2011-03-02 at 08:45 -0500, Marc Deslauriers wrote: > On Wed, 2011-03-02 at 08:23 +, Hakan Koseoglu wrote: > > Forcing a naive system administrator to think about SSL & certificates > > is at least something useful. Of course there should be abilities to > > opt-out where SSL is not required. On the other hand, it's like saying > > "on secured networks SSH is not required, telnet is all you need" and > > I'm sure all of us would look at that sentence and mutter "insanity!". > > Please don't compare using password-protected SSH with using self-signed > certificates. Using passwords instead of certificates with SSH has no > impact on it's effectiveness against MITM attacks. Of course it's better > then Telnet. > > It is trivial to MITM self-signed certs, thereby countering any security > advantage by adding SSL. Of course, I assume that people who are > clicking Accept in their browser aren't validating the SSL cert > fingerprint, as technical SSH users are instructed to do. > I think you're trivializing a decent analogy, though I agree its not entirely the same. However, SSH carries the same fingerprint verification problem that makes MITM just as simple on the first connection. Most browser users will save the certificate and be warned if it changes, just like the SSH user will be warned. The main difference is that ssh would generally be used by a more conscientious user than a browser user. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
SSL by default for all packaged web apps?
This bug was opened recently: https://bugs.launchpad.net/bugs/695857 It suggests that packages should configure themselves to require SSL by default. I think this is actually a good idea, and I am wondering how this would be received by the greater community. I am marking the bug as "Opinion" and I'd like to get the opinions of the server community as a whole on the issue. If enough people think its a good idea we can open a blueprint for a future UDS. Thanks! -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Ubuntu-bugcontrol] Fwd: [Bug 701471] Re: Sync libevent 2.0.10 from Debian experimental
On Sun, 2011-02-13 at 09:50 -0600, Micah Gersten wrote: > On 02/13/2011 09:44 AM, Andreas Noteng wrote: > > Forwarding to ubuntu-bugcontrol list in the hope that someone is willing > > and able to help. > > Unfortunately my knowlegde of C is pretty close to zero, but I'd be > > happy to help in any other way possible.. > > > > Andreas Noteng > > > > Original Message > > Subject: [Bug 701471] Re: Sync libevent 2.0.10 from Debian experimental > > Date: Sun, 13 Feb 2011 11:55:53 - > > From: Krzysztof Klimonda > > Reply-To: Bug 701471 <701...@bugs.launchpad.net> > > To: andr...@noteng.no > > > > I have tried rebuilding all the packages in both main and universe > > against the libevent 2.0.10 in the > > https://launchpad.net/~kklimonda/+archive/libevent2 PPA. > > All but four did fine, but the failure of one in its unit tests make me > > think that at least part of the packages that did build may not work > > correctly. As for the packages that did fail: > > > > * honeyd -- inactive upstream (ironically he's the author of libevent). > > I have attempted porting it to libevent2, and I've done it but I can't > > really test it as I have no idea how to use it so I can't tell if the > > port was successful. I didn't have luck contacting upstream author (but > > will try again) > > * ladvd -- this is the one with failing tests (or rather a single test). > > We can attempt fixing it, as it shouldn't be hard. > > * python-event -- this one has inactive upstream, no packages depend on > > it, we already have a python-gevent which is more popular and working > > * lua-event -- this one is tricky. lua-event that we ship is a fork of > > lua-event that has been made with single package in mind (prosody). > > Apparently all changes from this fork has been already merged upstream, > > and the upstream lua-event builds fine with libevent2, but Debian > > maintainer is concerned with whether prosody works with it, so he asked > > for some time to do tests. I also did not hear from him since then. > > > > There is not much time before the feature freeze but, if I could get one > > more person who knows C interested in helping me with ladvd, and > > proofreading honeyd changes I've made, and if I got answer about lua- > > event, we could make this transition. > > > > My main concern is the fact that we'd have to check as many reverse > > dependencies for whether they actually work - and even that may not be > > enough, someone would have to subscribe to all those packages and > > investigate problems (probably with the help of upstream) for the > > possibility that their cause is the new libevent. > > > This is totally off-topic for Ubuntu Bug Control, I've CC'd ubuntu-motu > in the hope someone will pick this up. I've CC'd the server list in the > hope that someone on there will notice the desire for this transition > and either give the go ahead or say it's not happening until Natty + 1. > Please drop ubuntu-bugcontrol ML from replies. Further, I think this should probably go to ubuntu-devel-discuss, so, adding it to the (growing) list of CC's IMO its a bit late for any library transitions in natty, especially for libevent which is used in a lot of server applications beyond those in the Ubuntu archives. VERY early in the O cycle is the perfect time for this to hit the archives. We can start reporting the bugs upstream now and some should be releasing fixes in time for O. Notable rdepends from main are memcached and nfs-common. libevent-1.4-2 Reverse Depends: gearman-job-server transmission-gtk unworkable trickle transmission-qt transmission-daemon transmission-cli tor tmux swordfish scanssh python-gevent python-event-dbg python-event picviz pgbouncer mysql-proxy museekd memcachedb liblua5.1-event0 ladvd infon-viewer infon-server honeyd getstream gearman-job-server farpd dnsproxy bitlbee beanstalkd transmission-gtk nfs-common memcached libevent-dev -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Looking for Feedback: Update mysql from 5.1 to 5.5
On Tue, 2011-02-08 at 14:22 -0500, Chuck Short wrote: > Hi, > > During the Ubuntu Server Team meeting I brought up the agenda item of > upgrading mysql 5.1 in main to mysql 5.5. There are several reasons to > do this: > > * Its faster compared to mysql 5.1 (although I dont have any benchmarks) > * There are more bug fixes for mysql 5.5. > * Amazon is using it on the cloud images. > * Packages are nearly ready to be uploaded. > * Easier to maintain going forward. > As excited as I am to get to 5.5 on natty (I have done most of the initial packaging work to handle the build conversion from automake to cmake), there seems to be at least one major gotchya in 5.5.8: http://bugs.mysql.com/59078 They've marked it as "not a bug" .. but its very clear to me that they've broken ABI compatibility without bumping SONAME. They're even telling people that this non-bug requires users to re-compile everything against 5.5 to get things to work. They've also made libmysqlclient thread safe, eliminating the need for the separate libmysqlclient_r. The way they've implemented that is also broken: lrwxrwxrwx 1 clint clint 24 Feb 8 18:38 libmysqlclient.so.16 -> libmysqlclient.so.16.0.0 -rw-r--r-- 1 clint clint 3414824 Feb 8 18:38 libmysqlclient.so.16.0.0 lrwxrwxrwx 1 clint clint 17 Feb 8 18:38 libmysqlclient_r.so.16 -> libmysqlclient.so lrwxrwxrwx 1 clint clint 17 Feb 8 18:38 libmysqlclient_r.so.16.0.0 -> libmysqlclient.so So it seems that they've still got some work to do to stabilize the client libraries. Seeing as the number of libraries that build-depend on libmysqlclient-dev is quite high, I'd say the client libraries *must* be of good quality. That said, as long as we're ok with having 5.1 and 5.5 in main, the libraries from 5.1 work *perfectly fine* to access a 5.5 server, so we can just hold the client libraries back until they figure that mess out. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: TurnKey Linux 11 released: 45 ready-to-use Ubuntu-based solutions (part one)
On Mon, 2011-01-31 at 11:53 +0200, Liraz Siri wrote: > Ubuntu fans rejoice, > > Part one of the TurnKey Linux 11 release is officially out spanning 45 > ready-to-use, Ubuntu-based solutions which can be deployed in minutes to > bare metal, virtual machines or launched on-demand in the cloud: > > http://www.turnkeylinux.org/blog/turnkeylinux-11-part1 > > The final release follows three months worth of community testing of the > release candidates. > > Highlights: > > * Upgraded base distribution to Ubuntu 10.04, the latest Ubuntu LTS > (Long Term Support) release. > Hoo-RAY! To the whole Turnkey team: Congratulations on the release! -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Bulk updating dozens of (not identical) servers
On Thu, 2011-01-27 at 23:35 -0500, Carlos A. Carnero Delgado wrote: > Hi there, > > the number of servers we have in my organization -- both physical and > virtual -- is slowly increasing at a steady pace, and the trend will > continue for the foreseeable future. It has come to the point that > apt-get upgrading && updating each one individually, and manually, is > really time consuming and prone to errors. We're looking into stuff > like Puppet and Cfengine, and it seems that either will do fine, but > we have this "feeling" or notion that they're a little bit heavyweight > for our needs. Not to mention the learning curve. > Puppet can actually be incredibly lightweight. Whether you choose puppet, cfengine, chef, or another, any configuration management system will have a lot of residual benefits. Its hard to recommend that you avoid these, when you don't *have* to take them on to make puppet useful for what you're doing now. Think about how hard it is to repeat what you did on server A, when somebody wants A+something slightly different. What about all those standard things you do on every install, like add admin users, or setup ldap auth. When you use a config management system.. that stuff is easy and maintainable. Add in version control, and now you can actually figure out what you did to break stuff. :) > So, in the context of *only* dealing with installed packages updates > in an automated way[1] and having 8.04 and 10.04 LTS releases in > service, do you guys recommend anything? Did you write custom code? > Has anyone seen Fabric in the context of systems administration? > One cool thing is that with puppet you can make sure the packages get configured automatically as well: http://projects.puppetlabs.com/projects/1/wiki/Debian_Preseed_Patterns Anyway, puppet has also recently added mcollective, which makes it easy to do things in a highly scalable way accross many servers intelligently. I think Chef has something to do that already as well. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: facter and KVM
On Wed, 2011-01-26 at 21:21 +0100, Oliver Brakmann wrote: > On 2011-01-26 18:33, Dustin Kirkland wrote: > > I'd agree too. Please make sure you file a bug and follow the rest of > > those procedures described in that SRU wiki document, and this should > > go painlessly. > > D'uh, I'm an idiot. > Give yourself some credit, you were able to identify that its a problem and file a cogent bug report. > I filed the bug now (it's #708080), and subsequently began setting up > all the bzr stuff the SRU wiki page talks about. When I checked out the > latest facter package, I saw that the bug has already been fixed in > Debian, and merged into the latest package which is now in Natty. > I just looked, and you did the right thing and marked it as Fix Released, though it would be good to also mention in the comments the changelog line that leads you to believe that. > I'll try the SRU stuff, but I've never done that before, and I'm > clueless, so bear with me ;-p > > I went ahead and nominated the bug for Lucid. You'll want to add the SRU justification to the bug description next. Also does this affect Maverick as well? Sounds like yes. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: facter and KVM
On Tue, 2011-01-25 at 14:00 -0800, Mark Foster wrote: > On 01/25/2011 11:48 AM, Oliver Brakmann wrote: > > I'd like to ask for your opinion whether it would be worthwhile to file > > a bug on this. On the one hand, this is fixed upstream already, on the > > other hand, both puppet and kvm are in main, and Lucid might benefit > > from an SRU. Is this SRU worthy? > Yes it is, please do! > +1 since per https://wiki.ubuntu.com/StableReleaseUpdates it qualifies > for both of these criteria in my opinion. > # Bugs which do not fit under above categories, but (1) have an > obviously safe patch and (2) affect an application rather than critical > infrastructure packages (like X.org or the kernel). > # For Long Term Support releases we regularly want to enable new > hardware. Such changes are appropriate provided that we can ensure to > not affect upgrades on existing hardware. For example, modaliases of > newly introduced drivers must not overlap with previously shipped drivers. > > However it would also be necessary & wise to review the full change log > entries since there is likely way more changed in 1.5.8 (vs. 1.5.6 or 7) > than this one value change. Right, I'd suggest that we just cherry pick the patch, as long as it isn't too invasive. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Server Team 20110125 meeting minutes
Hi, Here are the minutes of the meeting. They can also be found online with the irc logs here: https://wiki.ubuntu.com/MeetingLogs/Server/20110125. Meeting Actions * '''ACTION''' ''SpamapS'' - Add "verify SRU fixes" to the [ServerTeam/GettingInvolved] wiki page. Other Topics * Reviewing the action for ALL to check for verification-needed bugs, the list has remained managable and the process seems mostly to be working. * Natty Development - Alpha2 is close, some WI's may need to be postponed but nothing specific yet. * Kernel Team (smb) - EC2 t1.micro and i386 fixes for natty kernel are pending - should be in next kernel * SpamapS suggested adding an "Upcoming Events" section to the agenda for Ubuntu Server interested people to talk about and coordinate events they'll be attending. * QA Team (hggdh), Community Team (kim0), and Documentation Team (sommer) representatives were all absent. Agree on next meeting date and time Next meeting will be on Tuesday, February 1 at 16:00 UTC in #ubuntu-meeting. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Hard disk high avalibity
On Thu, 2011-01-20 at 10:27 -0600, Dan Sheffner wrote: > I have used rsync with cron. Since you can copy only the data that > has changed you can run this often. I have mine set as */5 * * * * > Any syncing that does not set the filesystem readonly while it runs, or use a snapshotting technology like LVM snapshotting, may result in corruption for anything except single files. Rsync, for instance, cannot run atomically over multiple files. If you rsync a running mysql InnoDB database, you will lose a lot more data than one might expect (its still atomic and durable, so the database will be usable, but recovery will end up rolling back really far). This is because while you are copying ib_logfile0, mysql has started writing to ib_logfile1. Then you move on to ib_logfile1, and ib_logfile0 starts getting written to again, all of those changes are missed, and ib_logfile0 and 1 appear out of sync, so you end up with only committed data in the database, and even possibly actual corruption. DRBD, on the other hand, keeps two volumes in sync. the write() on the active node does not return until, at the very least, the packet has been sent to the backup machine. In its most durable mode (mode A), the write() call won't even return until the data has been written to a physical disk/ battery backed write cache on the other machine. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Collecting data
On Fri, 2010-12-24 at 12:28 -0600, C de-Avillez wrote: > On 12/24/2010 09:29 AM, derleader __ wrote: > > Hi, > > I'm developing C plugin for Ubuntu Server which will be > > installed as kernel module. The problem is how to collect the data > > about: > > CPU Check – Utilization, Model, Number of Cores > > RAM Check – Total Memory, Free Memory, Memory Load > > HDD Check – Number of physical HDDs, Number of logical > > partitions, Total space, Free space > > Running processes – Total number of processes > > Logs – system logs such as error logs > > System uptime > > Users logged in and last login – total list of users > > Total network connections > > Check hardware parts model and number > > Isn't something similar already done by collectd [1]? Would it be > better to improve collectd as needed instead of writing a kernel > module (and starting from scratch)? > Indeed, collectd is really the way to go for this. Also sysstat, which has been around a long long time, also does most of this. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
[Fwd: Call for talks for the Configuration Management DevRoom at fosdem 2011]
This seems like a good forum to talk about the work we're doing with Puppet and Cobbler (and I'm aware that thus far, we haven't talked much about the Cobbler work, but thats only because we've been moving really fast). Any volunteers? Forwarded Message > From: James Turnbull > Reply-to: cobbler mailing list > To: fos...@lists.fosdem.org > Cc: cobb...@lists.fedorahosted.org > Subject: Call for talks for the Configuration Management DevRoom at > fosdem 2011 > Date: Mon, 20 Dec 2010 13:45:18 -0800 > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > **Call for talks for the Configuration Management DevRoom at fosdem 2011** > > FOSDEM 2011 - http://fosdem.org/2011/ > > 6 February 2011, 09:00 to 17:00, Brussels, Belgium > > Contact: fosdem2...@puppetlabs.com > > We will be holding a Configuration Management DevRoom at fosdem 2011 and > are requesting abstracts for structured presentations now. > > Important information, dates: > > ? Submission deadline for abstracts: 2011-01-08 > > ? Notification of accepted speakers: 2011-01-10 > > ? Final schedule: 2011-01-11 > > **About this DevRoom** > > Configuration Management is exciting! It is. Really. There is huge > interest in automation, configuration management and especially PAAS, > SAAS, IAAS and the cloud generally. We're seeking people who are > working the field, interested in the field, or just interested in > learning more about how to make their lives easier with automation and > configuration management. > > We invite you to submit talks on these topics: > > * Configuration Management theory principles > * Configuration Management tools - real world use cases > * Tools, techniques and case studies > * Configuration Management and the Cloud > * Configuration Management, Compliance and Security > > NOTE: Puppet Labs is helping organise this room but we're looking for > talks on more than Puppet! We're looking for CFengine, Chef, bcfg2, > AutomateIT, and the myriad of other tools out there. > > ** Your submission must include:** > > * Your name > > * The title of your talk > > * A short abstract of one to two paragraphs (150 words, max.) > > * A short biography > > * Links to related websites/blogs etc. > > Send the abstracts to: > > fosdem2...@puppetlabs.com > > Presentations are to be formal and not longer than 30 minutes, plus 15 > extra for questions (45 in total). Panels with more than one speaker are > something we're also seeking, a "My configuration management tools is > the awesomest and I'll debate that!" is possible, as are shorter > presentations of 20 minutes. We're also exploring some un-conference > style presentations too. > > The deadline for submissions is January 8th 2011. If your > proposal has been accepted, you will be informed by email by January > 10th 2011. > > Please feel free to forward this call for abstracts and papers to > relevant lists, people and sites. We're looking forward to seeing lots > of interested folks, have lots of spirited presentations, debates, > discussion and ... quite possibly drinking. > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEVAwUBTQ/ObiFa/lDkFHAyAQL/JAf9EJQexmBYS8VGcRiCwmOkOyaiCMTNC7DA > +khVdgCBNZgz5fz7lrXIw+oEYfj8MuIMW0jd2Fxpdc628y6hSG8PC1Y5/umKyYQI > JYxN9AYYu81rd1Gn7W54qN3ihNibqvJQWpi2jT00uLY/DqFnb6WGWbK00bmLh2lY > VnrtDRx8IoPKIVc0qoPfnKwmg2cw4RWQHqOrz8XwpPLyA2kjhvLmZV1MkYVu/h58 > /Cxbai4IiqhurgHoYVb+AUvvenY/45oAXfKWx8+ZsKppTO/YhRu/SIpG3GQSmKGT > uMdgmuQHFwvcdUWDMiR6ylGt14PIhmy4pXpAMVv4DtaRx48C7vwsPA== > =oM7D > -END PGP SIGNATURE- > ___ > cobbler mailing list > cobb...@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/cobbler -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: maverick - apache locale issue
On Mon, 2010-12-06 at 13:06 +0100, Aljoša Mohorović wrote: > i'd just like to point out that it's totally insane that apache > configuration by default uses LANG=C and not system locale. > it basically disables apache to properly handle file uploads with > non-ascii filenames, in my case when using mod_wsgi. > > since i'm sure there is a perfectly sane explanation for this could > somebody explain why is LANG=C used instead of system locale? > all comments appreciated. > It may just be that nobody ever noticed. I did some digging around the bzr branches at lp:ubuntu/apache2 and it seems that since importing the init.d script back in 2006, it had the default of LANG=C in it. In 2.2.12-1, August of 2009, Sefan Fritsch added it as the default in envvars as well, though I don't know that this affected anything, it did make it more clear. Have you filed a bug in Debian and/or Ubuntu for this yet? I think it warrants a deep explanation of why you think it shouldn't be defaulted to LANG=C , and some thoughtful developer resources as well. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Server SRU's need verification
Imre, you are my hero! Thanks, and keep up the great work. On Thu, 2010-12-02 at 14:05 +0200, Imre Gergely wrote: > On 11/30/2010 09:42 PM, Clint Byrum wrote: > > Hi everyone, > > > > So we need to make sure that when SRU's are accepted into *-proposed, a > > 3rd party (neither the reporter, nor the fixer) does a verification on > > the package. > > > > One day a week, as a server team contributor, you should go in to this > > list and see if there's a bug you can verify: > > > > http://people.canonical.com/~chucks/SRUTracker/sru-tracker-bugs.html#verified_bugs > > 674645, 659975, 595438 - checked the test cases, and the packages from > -proposed, everything seems to work. I've updated the bugreports. > > 265058 - I would need an exact test case for this to check, but with the > current openvpn package from Hardy I didn't have any problems. > > -- > Imre Gergely > Yahoo!: gergelyimre | ICQ#: 101510959 > MSN: gergely_imre | GoogleTalk: gergelyimre > gpg --keyserver subkeys.pgp.net --recv-keys 0x34525305 > > -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Server SRU's need verification
Hi everyone, So we need to make sure that when SRU's are accepted into *-proposed, a 3rd party (neither the reporter, nor the fixer) does a verification on the package. One day a week, as a server team contributor, you should go in to this list and see if there's a bug you can verify: http://people.canonical.com/~chucks/SRUTracker/sru-tracker-bugs.html#verified_bugs If you can, verify it by running through the specified test case (all SRU's have a test case before they are accepted), and then post your results as a comment in the bug. For the exact procedure: https://wiki.ubuntu.com/StableReleaseUpdates#Verification For now I think we can keep this informal as just "1 day a week, do bug verification", but if people would prefer some structure, we can maintain a schedule much like the triage schedule here: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase#triager -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: how to save bandwidth while package upgrades
On Tue, 2010-11-16 at 10:31 +0100, Nicolas Barcet wrote:
> On 11/16/2010 10:02 AM, Tapas Mishra wrote:
> > Here is a mail in /var/mail/root which I received in my server logs
> > http://paste.ubuntu.com/532866/
> > I see same packages downloaded many times again and again.
> > The servers which are upgrading are total 5 (4 virtual machines and one
> > host)
> > so is there a way I can save bandwidth on this sort of setup.
>
> You should setup a local package proxy. This can be done using packages
> such as squid-deb-proxy or apt-cacher-ng and adding the following line
> in /etc/apt/apt.conf.d/00Proxy :
> Acquire::http { Proxy "http://IPAddress:port";; };
>
You don't need to add any config files if you are using squid-deb-proxy.
Just install it on one box (with lots of extra disk space and a good
network connection!) and then install squid-deb-proxy-client on all of
your machines on the same LAN that need to use it, and it installs the
appropriate apt-conf.d file to pick it up from the avahi publish.
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
Server Team 20101109 meeting minutes
Hi, Here are the minutes of the meeting. They can also be found online with the irc logs here: https://wiki.ubuntu.com/MeetingLogs/Server/20101109. Meeting Actions * mathiaz: to verify SRU bug 666028 * ALL: please check the SRU tracker for verification-needed bugs and help out with verification * SpamapS: change kernel team representative from jjohansen to smb in meeting agenda going forward * robbiew: update the fridge calendar with new ubuntu server meeting time * hggdh: contact Ubuntu Developers asking for packages which run test suites during build. Review ACTION points from previous meeting Because the previous meeting was pre-UDS, there were no ACTION points to review. Natty Development Specifications should be submitted for review, robbiew is reviewing/approving those that are ready. Maverick SRUs * JamesPage brought up bug #666028 as it would need verification. * This brought up the bigger topic that there are no actual resources available to do verification of SRU's right now, so we should all allocate some time to watching for SRU's that are marked verification-needed and verify when possible. These are listed in Chuck's SRU tracker: http://people.canonical.com/~chucks/SRUTracker/sru-tracker- bugs.html#verified_bugs * There was talk of a "daily verification" schedule similar to bug triage. Discussion of this further is deferred. Weekly Updates & Questions for the QA Team (hggdh) * The ISO images page was consolidated, causing some confusion. hggdh thought we were going to have to start doing ISO testing for MAC, armel, PPC, even possibly PS3. * robbiew put this to rest, i386/amd64 are the only ones requiring server ISO testing. This was just the result of consolidation. * hggdh is expanding daily builds to include any packages that run extensive tests during their build process. * All are encouraged to send examples to hggdh. He will contact ubuntu developers for help in finding more. * mathiaz noted that rules files could be grepped for the 'nocheck' test that is suggested for any large test suites during build. Weekly Updates & Questions for the Kernel Team (jjohansen) * jjohansen has transitioned his role as server team kernel delegate to smb * smb notes kernel bug #415353 which he will be looking into to help address issues with teh bnx2x drivers. * jjohansen noted that there is an SRU pending for bug #651370 which causes ec2 to crash with an invalid opcode in maverick * jjohansen noted that pv-on-hvm drivers are in the natty kernel and will undergo testing/experimentation in the short term. Meeting time and scheduling * The meeting is a bit late in the day for many of the european participants, so it was proposed, and accepted, to move the meeting back to 1600 UTC. * robbiew will add an entry to the official #ubuntu-meeting calendar on the fridge Open Discussion * RoAkSoaX would like people to review his split for cluster-stack library packages. SpamapS suggests adding a merge proposal and asking ubuntu-server for review. Agree on next meeting date and time Next meeting will be on Tuesday, November 16th at 16:00 UTC in #ubuntu- meeting. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: collectd 4.10.1
On Sat, 2010-11-06 at 23:18 +0530, Kaushal Shriyan wrote: > > Hi > > Got it fixed. Anyways thanks a lot for all the support. > Can you share what the problem was? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
