Re: UPStart errors on Xenial with systemd
Serge Hallyn [2016-04-05 13:30 +]: > Note I can easily reproduce this by creating a 14.04 lxd container and > doing do-release-upgrade in there. Thanks, I see that as well. Since there was no existing bug report, I created one now: https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1566333 So please feel free to subscribe. Let's keep the conversation on the bug report, as private mail is an exceptionally bad medium for bug reports. Thanks, Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: UPStart errors on Xenial with systemd
Hello Martinx, Martinx - ジェームズ [2016-04-04 18:49 -0300]: > > Symlink: > > cron -> /lib/init/upstart-job > > And a file: > > cron.dpkg-new > > Maybe, during "do-release-upgrade" from 14.04 to 16.04, it didn't upgraded > that file / link... > > This looks like an upgrade bug! Right, it sounds like the new "cron" got unpacked, but not configured, i. e. the upgrade crashed somewhere in the middle. What's the output of "dpkg -s cron"? It should have "Status: install ok installed", if it's anything like "unpacked", or "unconfigured" or so it's broken. Does "sudo apt-get -f install" clean this up? Can you put the upgrade logs from /var/log/dist-upgrade/ somewhere? This hopefully has some clues where the upgrade failed. Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: kGraft/kPatch Support on 16.04 LTS
- Original Message - > From: "Raja Genupula" > To: "Andrew Martin" , ubuntu-server@lists.ubuntu.com > Sent: Tuesday, January 26, 2016 1:51:05 PM > Subject: Re: kGraft/kPatch Support on 16.04 LTS > > Hi Andrew , > if we are using kernel 4.X , this feature will be default right ? > Please correct me if I am wrong. > Thank you. With best wishes > ___ Raja, Even though the kernel would technically support it, I believe you'd also need userland tools to help facilitate applying the updates, rolling back, and other operations. Robie, Thanks, I'll ask on the kernel-team list. Andrew -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
kGraft/kPatch Support on 16.04 LTS
Hello, For server environments where uptime is crucial and rebooting servers to install install kernel security fixes is very disruptive, the ability to live patch security fixes into the running kernel is a very desirable feature. Are there any plans to add support for the kGraft/kPatch support available in 4.x series kernels in Ubuntu Server 16.04? This would be a fantastic feature for the next LTS release and would make it a lot easier to apply critical security fixes such as CVE-2016-0728. Thanks, Andrew Martin -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: kGraft/kPatch support in Ubuntu 16.04 LTS
- Original Message - > From: "Robie Basak" > To: "Andrew Martin" > Cc: ubuntu-server@lists.ubuntu.com > Sent: Wednesday, September 23, 2015 10:38:49 AM > Subject: Re: kGraft/kPatch support in Ubuntu 16.04 LTS > > Hi Andrew, > > On Wed, Sep 23, 2015 at 10:35:20AM -0500, Andrew Martin wrote: > > > > ...Are > > there any plans to add support for the kGraft/kPatch support available in > > 4.x > > series kernels in Ubuntu Server 16.04? > > We rely on the Ubuntu kernel team for kernel bits. Try their mailing > list: https://lists.ubuntu.com/mailman/listinfo/kernel-team > Robie, Thanks for the clarification, I'll ask on the kernel-team mailing list. Andrew -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
kGraft/kPatch support in Ubuntu 16.04 LTS
Hello, I was very excited to see live kernel patching get accepted into the mainline kernel in 4.0. For server environments where uptime is crucial and rebooting servers to install kernel security fixes is very disruptive, the ability to live patch security fixes into the running kernel is a very desirable feature. Are there any plans to add support for the kGraft/kPatch support available in 4.x series kernels in Ubuntu Server 16.04? This would be a fantastic feature for the next LTS release and would be a huge improvement to timely application of security fixes in Ubuntu servers! Thanks, Andrew Martin -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Distro-provided mechanism to clean up old kernels
Dustin Kirkland [2012-02-16 10:11 -0600]: > I don't want to go into all the ways and reasons that the one-liner > above is sub-optimal or even evil, but I would like to call attention > to the generic problem and suggest that as a distribution, we provide > a supported and recommended utility to handle this. I agree. Especially since we switched to a two-weeks kernel update rhythm where almost every update in the most recent stable and LTS releases breaks ABI, kernels pile up like mad. > 1) Surely we're not the only Ubuntu users whose /boot or root > partition has filled up with age-old kernels, are we? Certainly not. I ran into several "home support" cases where Ubuntu started acting strangely because the root partition filled up, and we removed about 15 old kernels. > 2) Is computer-janitor here to stay, or to be abandoned in favor of > something else? > 3) Can we expect computer-janitor to work on command-line only > environments (Ubuntu servers) too? If so, can we get SRUs out so that > it works on older distributions? TBH, I don't think c-j or any other manual tool is the right answer here. While it's nice to have it, it doesn't feel right that Ubuntu "automatically" introduces the problem, but not automatically clean up after itself. > 4) Can we, as a distro, provide and recommend a utility to clean out > specifically old kernels (perhaps aside from cleaning up userspace > cruft a la computer-janitor)? I think it'd be best if update-manager would auto-remove all kernel packages except the most recent two or three during dist-upgrade. This needs to be specified carefully of course, as people might explicitly run a kernel from the previous distro release. So perhaps some clevernes like if you install linux-image-3.2.0-N-generic, delete all kernels up to linux-image-3.2.0-(N-2)-generic. linux-headers-* is already covered by apt-get autoremove, which is good. Perhaps we can mark older kernels as auto-removable as well, so that without any other tools you at least have one command to clean them up all? For servers it'd be even better if apt-get dist-upgrade would do the cleanup itself, of course. But we have fewer places to hook into the logic than in update-manager, so this might be tricky. Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Using biosdevname by default?
Colin Watson [2012-01-31 14:29 +]: > There are certainly some advantages to enabling biosdevname by default. > On systems that support it, it makes it somewhat easier to write scripts > that predictably apply to a certain interface without having to mess > around with looking up interfaces by MAC address. I agree that in many situations where you work with multiple interfaces, stable names would be much preferrable. > [...] > Secondly, while as I said above I agree that enabling biosdevname solves > some problems, it seems likely that this change will cause problems of > its own. For example, any software that needs to know about network > interfaces (let's say it listens on a particular interface) might well > default to eth0 Stephane confirmed that this is an actual problem in his reply. This situation has a striking similarity with stable names for block, sound, and input devices. There was a time when the "classic" names like hda/sda went away entirely, but this situation never lasted very long because of pretty much exactly this problem: too much software making hardcoded assumptions about device names. That's why the current policy eventually distilled itself: it is actively wrong, and now even unsupported by udev to rename devices, so schemas like "sd[a-z][0-9]" or input/event* will always continue to work. Instead, the only thing you can and should do is to create aliases in the form of symlinks (/dev/disks/by-uuid/, /dev/input/by-id/, etc.) Now, unfortunately network devices have always been special in that they are not proper character devices, so symlinks don't work. But as the kernel supports renaming devices, is there any way of providing the same devices under two names, i. e. adding aliases instead of ifrename? interfaces(5) already supports mappings and renames, so from my naive POV it seems this shouldn't be too hard to get a concept of aliases? Perhaps even the Dell folks would be interested in this, as it would remove the main blocker for adoption? If we can get this to work, then I see no reason to not introduce biosdevname, as it would not break any existing setup, local configuration, or hardcoded assumption. Thanks, Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Intermittent nfs/kerberos mount failures
Hi all! I'm having some strange issues with my nfs setup, both speed and mount failures. The system: I am running an ldap/kerberos/nfs4 environment with ubuntu 10.04 servers and clients only. - one kdap/kerberos(mit) host - one nfs host - one dhcp/dns host - a number of other servers running ldap authentication and nfs4/krb mounts - a number of clients running the same setup All machines, which are a member of the ldap domain, mounts users home directories from the fileserver using kerberos nfs4 shares. The mounting is done by autofs which gets its mount definitions from the ldap directory. Most of the time, it all works flawlessly, but every now and then, machines (clients and servers) starts to lock up when logging in over ssh. When it happens, all users (except local) cannot get access to their home directories, and therefore cannot get a shell going. Users can type in their password, and the MOTD is printed, but it then locks up. I've been searching the internet up and down while trying a heap of different proposed solutions, but nothing seems to work. What I've tried: - disable firewalls on server and client - checking that the portmap service is running on the clients and server - doing portmap checks (rpcinfo -[tu] ), which seems to be working fine both ways (server->client, client->server) - restarting the nfs-kernel-server on the server and all services installed by the nfs-common package on the clients - changing rsize and wsize on the mounts, both are currently set to 4096 - async and sync, wdelay and no_wdelay, intr and no intr exports - checked network interfaces on server and client, neither are seemingly reporting any errors - enabled debugging for nfs on the server and clients, and I cannot see anything other then these: * svc: failed to register lockdv1 RPC service (errno 97). * NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory * NFSD: starting 90-second grace period * /export/fileserver/homes and /export/fileserver/homes have same filehandle for gss/krb5, using first - one I have a feeling is the source of some issues are this message: * nslcd[1556]: [a1da7b] nslcd_passwd_byname(nfs/sega.example.com): invalid user name - but it shouldn't prevent the shares from being mounted? - probably a few other this which I have forgotten... Some configurations: # fileserver /etc/exports: /export gss/krb5(rw,fsid=0,sync,subtree_check,no_root_squash,crossmnt) /export/fileservergss/krb5(rw,sync,subtree_check,no_root_squash) /export/fileserver/homes gss/krb5(rw,no_wdelay,async,no_subtree_check,root_squash,crossmnt) # Should be noted that the export/fileserver directory is a bind mount to /fileserver. # client mount command: rsize=4096,wsize=4096,hard,intr,noatime,tcp,async,timeo=70,retrans=2,fstype=nfs4,rw,sec=krb5 fileserver.example.com:/fileserver/homes/ ; could be a bit mis-formatted as it is copied from the ldap automount cn's So my questions are; Is there anything I should check which I haven't already? Are there anyone who have had the same kind of issues and have figured out how to fix them? And just as a notice, it does not seem that setting the RPCGSSDOPTS in /etc/default/nfs-common works like advertised, as the rpc.gssd process is launched without any parameters. Hope someone has some good ideas, because I'm running dry at this point... -- Thanks, Tor Martin Slåen -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
RAID configuration failed during install
Hi everyone, I guess this problem would affect the entire chain of ubuntu versions, but I subscribe to this list, so here it goes. I had some problems getting a server to work today with my RAID configuration. I usually install servers with 2xRAID0 on the system disks, one partition /dev/md0 for swap, and one /dev/md1 for the root filesystem. I create two partitions on each disk before I configure the RAID. Usually, this works like a charm, but today this configuration failed. It seemingly created the raid arrays as it should, but after install and first boot, I got an errormessage saying that it was not able to mount root partition (/dev/disk/by-uuid/xxx) and was dropped to a rescue shell. I examined the RAID partitions, and saw that mdadm tried to assemble the swap array using /dev/sd[ab], not /dev/sd[ab]1 (notice the '1') which I had configured it to do. The same goes for the root array. I tried running through the installer again (after zeroing superblocks and dd'ing about 400K from /dev/zero to both /dev/sd[ab]). I notised that after creating the RAID partitions and starting the RAID configuration tool, it would not recognize /dev/sd[ab][12], but could only recognize /dev/sd[ab] (the whole disk). I could not get the installer to create partitions which could be recognized by the RAID configuration tool, so I had to use TTY2 to manually partition the disks using fdisk and creating the RAID arrays using mdadm. When I now ran the "Detect disks" step in the installer, the correct RAID arrays came up and I finished the installation. Now, booting was no problem and the server seems to behave like normal. My question is; it this a known bug or is it my combination of hardware which didn't agree with the ubuntu installer? This was during the installation of Ubuntu 10.04.1 Server amd64. -- Regards, Tor Martin Slåen -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: proposed universe demotion: virt-manager (or, a request for active maintenance)
Hello Dustin, Dustin Kirkland [2010-01-29 12:33 -0600]: > Bugs pile up > that we do very little about. > * https://bugs.launchpad.net/ubuntu/+source/virt-manager > * 113 bugs, 70+ untriaged As as side note: That by itself is not really a metric for quality, but more a suggestion of popularity. Firefox/OO.o/cups have _far_ more bugs. :-) > a) the Ubuntu Desktop Team provides active maintenance of virt-manager, or > b) virt-manager is demoted to Universe for Lucid. If someone in the Desktop team feels very attached to virt-manager, taking up maintenance would be nice, but speaking for my own, it's so much easier to use the CLI.. Also, it's not anywhere near the stated goals of the desktop team, so it would be a kind of hobby project only. If it's not really getting maintenance from core devs, but needs some, then demotion sounds appropriate. Thanks, Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: RFC: Ipsec support in main
Hello Mathias, Mathias Gug [2010-01-04 12:23 -0500]: > If not the following packages could be demoted to universe: > * ipsec-tools (and racoon) given its vulnerability history Some years ago I actually used ipsec-tools (not racoon) to setup a VPN in our university, but nowadays I'm using openvpn; it's simpler to set up, and is supported with more devices (mobile phones, routers, etc.) Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [Ubuntu-ha] Status of DRBD
Stefan Lesicnik wrote: > 2009/6/16 Ante Karamatić > >> I would like to bring kernel part of the whole package to Server Team. >> That way Server Team would control whole package and would be able to >> create backported packages for previous releases or utilize PPA. >> >> This could be achieved with dkms. So, my question goes to Kernel Team: >> >> Do you consider using dkms as a bad idea for this purpose? And do you >> have any suggestions or recommendations on how to solve this? > > > I am just a user of DRDB, but currently compile it myself against the latest > kernel. From my understanding, DKMS would be perfect for this (this is what > it was designed for!) and I would really enjoy to see it move this way. > > Stefan > > > > > > ___ > Mailing list: https://launchpad.net/~ubuntu-ha > Post to : ubuntu...@lists.launchpad.net > Unsubscribe : https://launchpad.net/~ubuntu-ha > More help : https://help.launchpad.net/ListHelp Good Morning, this is quite an interesting idea; right now, the way the kernel packages are built is still very similar to the Debian way to do it (I'm upstream/debian maintainer for it), but using DKMS might very well be an alternative to this. Best Regards Martin -- : Martin G. Loschwitz Tel +43-1-8178292-63 : : LINBIT Information Technologies GmbH Fax +43-1-8178292-82 : : Vivenotgasse 48, 1120 Vienna, Austria http://www.linbit.com : -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: help in configuring postfix domainkeys and dkim
2009/4/20 keichee : > i followed the wiki of ubuntu but i think someone had sabotaged it as > there are many errors when following it step by step I don't know about DKIM, but i guess it would help to describe the errors you encounter and step things you did before the error happened. Also your configuration would probably of interrest. I guess this raises the chance to get a meaningful answer. I can't say anything about the accuray but: Here is a step-by-step Guide for dkim-milter + postfix: http://stas.nerd.ro/blog/index.php/read/200 However, afaik recent amavisd-new Version also support DKIM-Signing, so if you already have working amavis - this should be easier. regards martin -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
RE: ufw package integration
Not listening is sufficient - that is the point Having a firewall that is automatically updated as packages are installed is dangerous. This is similar to UPnP and not the right way to do security By having all packages automatically update the firewall - you may as well not have a firewall Just because a HTTP server is installed it doesn't mean that it should be accessible. The decision to open the firewall should be a separate action Often packages get installed that are only intended to be accessed via a single interface on machines with multiple interfaces or via local host ONLY It really defeats the purpose of having a firewall if the ports are opened automatically - Chris Martin e: [EMAIL PROTECTED] m: +61(0)419812371 - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Soren Hansen Sent: Friday, 5 September 2008 1:39 AM To: ubuntu-server@lists.ubuntu.com; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: ufw package integration On Thu, Sep 04, 2008 at 09:58:40AM -0500, James Dinkel wrote: > I would say leave the ports open and leave the profile files. Leave > it up to the user to manage the firewall. If the package is removed, > it's not going to be listening on those ports any more anyway. If "not listening" was sufficient, there'd be little point in having a firewall in the first place, wouldn't there? -- Soren Hansen | Virtualisation specialist | Ubuntu Server Team Canonical Ltd. | http://www.ubuntu.com/ -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Performance tuning advice
By latency I'm assuming you mean how long packets stick around in the network stack before they are sent out. Packets are small (<500bytes) and need to sent within 10ms. Thank you for the man page pointers. They will help. On Aug 7, 2008, at 3:12 PM, David Miller wrote: There's a lot of kernel tweaks that can be used to fine tune your network stack for this type of workload but you didn't mention how critical latency is to your workload. That will also need to be factored into what settings to use. Pretty much anything in /proc/sys/net/core/ and /proc/sys/net/ipv4/ can be tweaked and the settings can be made permanent using /etc/ sysctl.conf. Look for the Sysctls section in the following man pages for definitions on what each of these settings do. man 7 tcp man 7 udp man 7 socket man 7 ip -- David On Thu, Aug 7, 2008 at 5:47 PM, Martin Hess <[EMAIL PROTECTED]> wrote: Hello, I'm looking for advice on how best to tune Ubuntu Server 8.0.4 for best network performance. I have a custom server application that has up to 50,000 tcp connections open at a time. The amount of data being sent is small -- on the order of a 3-4KB/min. Connections come and go at a rate of 1000/minute. Other considerations: Disk I/O is unimportant. Memory use is intensive. Any thoughts? Thanks, Marty -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Performance tuning advice
Hello, I'm looking for advice on how best to tune Ubuntu Server 8.0.4 for best network performance. I have a custom server application that has up to 50,000 tcp connections open at a time. The amount of data being sent is small -- on the order of a 3-4KB/min. Connections come and go at a rate of 1000/minute. Other considerations: Disk I/O is unimportant. Memory use is intensive. Any thoughts? Thanks, Marty -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Moving w3m out of standard
Matt Zimmerman [2008-06-16 15:31 +0100]: > * w3m# we need some text-based html presenter > [...] > Now that this is becoming possible with the new server seed[1], I'd like to > propose that it move to the server seed instead (or even be removed, if the > server team doesn't feel it's appropriate). +1 from me. (Also, yay for claiming back 1.1 MB on the desktop CDs!) Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
oVirt
Given that KVM is the preferred virtualization solution and that we have Virtual Machine Manager to manage a single instance, is there an chance we will be seeing oVirt anytime soon? http://ovirt.org/ From their home page: "From running a few virtual machines on a single host to managing thousands of VMs over hundreds of hosts on a network, oVirt is built to make virtualization easy and expand to meet your needs." I need a way to manage many machines Amazon EC2 style and this looks like a great tool. Currently I'm writing lots of code to do the job but I would love to dump it in exchange for something like this. While I'm wishing for the moon I may as well as ask for Cobbler: http://cobbler.et.redhat.com/ It basically make PXE boot setup painless for virtualized installs of KVM etc. Both of these projects are part(?) sponsored by RedHat as an "Emerging Technology Project", whatever that means. There brethren are: Augeas - A configuration editing tool and API libvirt - The open source virtualization API Cobbler - OS provisioning and profile management oVirt - Virtualization management across the data center FreeIPA - Identity, policy and audit management Virtual Machine Manager - Virtualization management from the Func - A secure, scriptable remote control framework & API I believe these all part of RedHat's Linux Automation for IT https://www.redhat.com/f/pdf/LinuxAutomation_whitepaper.pdf Is someone porting these at this time? Is this on Canonical's roadmap? Should these be on Canonical's roadmap? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Ubuntu Server graphical interface?
Jonathan points out that it needs good configuration reporting capabilities: The other requirement that needs to be there is reporting ablity. One of things that Landscape is currently lacking from what I have heard. The ability to manage a large group of computers, report back on the inventory of the machine (hardware, software, users) and create custom reports for the entire enterprise. An example: Give me all of my servers that have X amount of RAM, plus available slots to put more memory in. Also once this tool is created, expand it more importanlty to my clients. So now I can have one piece of management software that I can manage my entire infrastructre across and deploy patches, install software, setup, create and deploy confirautions and report across the entire enterprise. You get that piece of software that is open source and you will find on of the critical holes. Jonathan So here are the general requirements so far: 1) Optional - must not be required for Ubuntu Server 2) Secure - must not have known security issues, must have good known security architecture 3) Scalable - must be able to administer sets of machines 4) Open Source 5) Easy to use (and setup*) - for 1 or more machines * I just added the the "setup" part. It seems like that is pretty important for a single machine use case. If people have to spend a lot of time just getting it working for a single machine then it isn't going to get much acceptance. And these are the major feature categories: 1) Package management 2) User management 3) Security updates 4) Repository management 5) System monitoring 7) Service management (starting/stopping/monitoring) 8) Service configuring - router - dhcp - web - dns - firewall - ids - snort - ect... 9) Change management - track changes - control changes - rollback changes 10) Configuration reporting - HW - SW - Users - Global custom reports -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Ubuntu Server graphical interface?
Serge has pointed out what should probably be a 5th requirement. * Easy to use No point in having a GUI that is difficult to use. Windows is full of examples of such GUIs and gave GUIs a bad name. Additionally, if the tool makes it possible to manage a set of machines at the expense of managing 1 machine easily then it has failed the ease of use test. > Yes. But haveing some enterprise management tool installed, to > manage just a bunch of servers might also be if not rificulous, a > little overkill. > > Lots of businesses are small companies who need to only manage a > small number of servers. Small companies on low budget where one has > to put up stuff in a short time frame, as one server won't serve a > workgroup 200 users, but maybe 15. > > A per server management tool is what often is needed there. > > > Serge Here is the requirements list so far: 1) Optional - must not be required for Ubuntu Server 2) Secure - must not have known security issues, must have good known security architecture 3) Scalable - must be able to administer sets of machines 4) Open Source 5) Easy to use - for 1 or more machines Are there any packages that can meet such requirements? -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Ubuntu Server graphical interface?
It looks like Landscape (http://www.canonical.com/projects/landscape) does some things, but it is missing an important requirement: * Open source It appears from the way that it is described that you need a support contract with Canonical to use it. I've never used Landscape but it appears that it covers the following areas: 1) Package management 2) User management 3) Security updates 4) Repository management 5) System monitoring 6) Integrates with Canonical support system Obvious major things missing: 7) Service management (starting/stopping/monitoring) 8) Service configuring - router - dhcp - web - dns - firewall - ids - snort - ect... 9) Change management - track changes - control changes - rollback changes 10) ? On May 3, 2008, at 3:45 PM, Leandro Pereira de Lima e Silva wrote: > Agreed with you. But... isn't that Canonical Landscape? > > Cheers, Leandro. > > Em Sáb, 2008-05-03 às 15:31 -0700, Martin Hess escreveu: >> I find people who think in terms of a few servers will at times >> find a >> desktop GUI compelling, but once you move to hundreds or thousands of >> servers the idea of connecting into a desktop GUI on each machine to >> administer is beyond ridiculous. >> >> >> I think GUIs are fine but only if they can be used control whole >> swaths of machines at once i.e. : >> >> >> * upgrade some package on some set of machines >> >> * revert to prior package on some set of machines >> >> * compare machines for installed package differences >> >> * change netfilter policies on some set of machines to refuse or >> allow >> a certain type of traffic >> >> * start/stop service on some set of machines >> >> * change config file on some set of machines >> >> * ect... >> >> >> The list of course is pretty much endless but you get the idea. When >> you have many machines it is pretty much out of the question to >> connect to each one and administer it individually by hand, either >> buy >> GUI or shell. >> >> >> I think any server GUI that is consider should be scalable. It should >> be able to move beyond the needs of one or 2 servers and be able to >> handle many servers. >> >> >> Proposal: >> >> >> I propose creating requirements for a server GUI and then see if we >> can find anything that meets it. So far I think I've seen the >> following: >> >> >> 1) Optional - must not be required for Ubuntu Server >> 2) Secure - must not have known security issues, must have good known >> security architecture >> 3) Scalable - must be able to administer sets of machines (I know >> there is not necessarily any consensus on this one and people might >> reject it as a requirement) >> 4) ? >> >> >> Shameless plug for #3: >> >> >> * gets xwindows off the servers which is a know security risk and >> resource hog >> * potentially can require nothing more than sshd and preshared keys >> on >> all the servers >> >> >> >> On May 3, 2008, at 9:34 AM, Leandro Pereira de Lima e Silva wrote: >> >>> I'm talking about virt-install, which will open a VNC connection to >>> the machine and only allow connections from localhost. >>> >>> Cheers, Leandro. >>> >>> 2008/5/3 Ante Karamatic <[EMAIL PROTECTED]>: >>>On Sat, 3 May 2008 12:15:07 -0300 >>>"Leandro Pereira de Lima e Silva" >>><[EMAIL PROTECTED]> wrote: >>> >>>> I think that is necessary for creating virtual machines >>>following >>>> Ubuntu Server guide, isn't it? >>> >>> >>>If you are talking about virt-manager, then no. virt-manager >>>is a tool >>>you'll use on you workstation and manage virtual machines on >>>a pool of >>>ubuntu servers. >>> >>>-- >>> >>>ubuntu-server mailing list >>>ubuntu-server@lists.ubuntu.com >>>https://lists.ubuntu.com/mailman/listinfo/ubuntu-server >>>More info: https://wiki.ubuntu.com/ServerTeam >>> >>> >>> >>> >>> -- >>> Leandro Pereira de Lima e Silva -- >>> ubuntu-server mailing list >>> ubuntu-server@lists.ubuntu.com >>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server >>> More info: https://wiki.ubuntu.com/ServerTeam >> >> >> -- >> ubuntu-server mailing list >> ubuntu-server@lists.ubuntu.com >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server >> More info: https://wiki.ubuntu.com/ServerTeam > > > -- > ubuntu-server mailing list > ubuntu-server@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > More info: https://wiki.ubuntu.com/ServerTeam -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Ubuntu Server graphical interface?
I find people who think in terms of a few servers will at times find a desktop GUI compelling, but once you move to hundreds or thousands of servers the idea of connecting into a desktop GUI on each machine to administer is beyond ridiculous. I think GUIs are fine but only if they can be used control whole swaths of machines at once i.e. : * upgrade some package on some set of machines * revert to prior package on some set of machines * compare machines for installed package differences * change netfilter policies on some set of machines to refuse or allow a certain type of traffic * start/stop service on some set of machines * change config file on some set of machines * ect... The list of course is pretty much endless but you get the idea. When you have many machines it is pretty much out of the question to connect to each one and administer it individually by hand, either buy GUI or shell. I think any server GUI that is consider should be scalable. It should be able to move beyond the needs of one or 2 servers and be able to handle many servers. Proposal: I propose creating requirements for a server GUI and then see if we can find anything that meets it. So far I think I've seen the following: 1) Optional - must not be required for Ubuntu Server 2) Secure - must not have known security issues, must have good known security architecture 3) Scalable - must be able to administer sets of machines (I know there is not necessarily any consensus on this one and people might reject it as a requirement) 4) ? Shameless plug for #3: * gets xwindows off the servers which is a know security risk and resource hog * potentially can require nothing more than sshd and preshared keys on all the servers On May 3, 2008, at 9:34 AM, Leandro Pereira de Lima e Silva wrote: I'm talking about virt-install, which will open a VNC connection to the machine and only allow connections from localhost. Cheers, Leandro. 2008/5/3 Ante Karamatic <[EMAIL PROTECTED]>: On Sat, 3 May 2008 12:15:07 -0300 "Leandro Pereira de Lima e Silva" <[EMAIL PROTECTED]> wrote: > I think that is necessary for creating virtual machines following > Ubuntu Server guide, isn't it? If you are talking about virt-manager, then no. virt-manager is a tool you'll use on you workstation and manage virtual machines on a pool of ubuntu servers. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam -- Leandro Pereira de Lima e Silva -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Buying Ubuntu Support from Canonical not as smooth as running the Operating System!
> > Wouldn't you agree that faxing things along these days is quite > tedious when we have superior technology at our disposal. I could > have scanned it in and sent it via email for sure, and I just didn't > have access to a scanner immediately. However, I think that since USA > is such a large country with a lot of money to spend on such support > agreements, it may be wise to set up a toll free number, if they > really need to accept faxes from Americans. I quite agree, faxing signed documents is quite daft, especially when digitally signed documents are accepted in court plus you have the added weapon of launchpad which almost forces everyone to have signed keys anyway; might as well use them for something. > Of course, I could be living in my own little world here. Maybe > Americans are too whiny and need to change. I am not sure. I guess > Canonical would need to take into consideration the pros/cons of doing > such things. It is up to them, not me, but as you can see, I didn't > have a great experience and I am a huge Ubuntu fan... There is a justification for starting or help starting a US based ubuntu business; although it occurs to me that Canonical isn't a traditional business in that it just sets up shop in the local market. what it wants is for someone else to set up a local business to sell support contracts in that market with the backing of canonical as the second tier 'damn is completely foo' support line (complete it appears with British accents) So for canonical it might be worth them re-directing international enquiries to more local or a bunch of local support businesses (who can then fight it out amongst themselves for this market) and it leaves canonical able to focus on pushing it's support network and hub. Or at least that is what I'd do. Best Regards, Martin Owens -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Buying Ubuntu Support from Canonical not as smooth as running the Operating System!
> In reverse chronological order... > * Based in UK (so no US hours?) You won't be surprised to hear the number of British people complaining about US companies not putting staff on at 4am in the morning. > * Don't accept our corporate American Express (AMEX) Well that is to do with the way AMEX take the piss, I wouldn't mind but you try doing a switch/meastro or electron/visa transaction from the uk on US websites; i mean seriously banks screw us so badly and we don't even flinch. Then again no one in the UK accepts AMEX so you might as well throw the thing away if you go on holiday. > * After all this, we had to fill out the order by hand and fax the > paperwork back to a UK fax number (no US number available) What the hell is wrong with that? are Americans allergic to the international community or is it just something that you have managed to breed in over the 400 years you've existed. Get over yourself, a UK based company is damn well going to have a uk phone number, uk times and yes even uk banking and credit clearance. See this is why Europeans don't like doing business in the usa, customers in America whine about everything being foreign and different. Regards, Martin -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam