ajmitchshould just be eth0 in the guest12:04
lophyteit'll act like an additional box on my network?12:04
lophyteit won't even ping itself..12:05
ajmitch(network-script 'network-bridge netdev=eth1')12:06
ajmitchignore the netdev=eth1 bit12:06
ajmitchbut you should have something like that on the dom012:06
lophyteI do12:06
=== ajmitch just wanted to make sure it bridged with the wired interface on the laptop, not the wireless
lophytethough, here's the issue I had...12:07
lophytemy main interface is ra012:07
lophyteso I did (network-script 'network-bridge netdev=ra0')12:07
lophytebut then networking wouldn't work on dom012:07
=== ajmitch has had all sorts of fun with bridging..
lophyteshould I be using eth0 in dom0?12:10
lophytedom0/eth0 -> xenbr0 -> ra0 -> network ?12:11
lophyteand domU/eth0 -> xenbr0 -> ra0 -> network12:11
lophyteis that how it works12:11
ajmitchno, the bridging is from domU to dom012:13
ajmitchso only domU/eth0 -> xenbr0 -> ra0 -> network12:13
ajmitchra0 only exists in dom012:13
lophyteso the question is, why does ra0 break in dom0 when I use network-bridge netdev=ra012:14
=== ajmitch shrugs :)
lophytecuz I should be using eth0 in dom0..12:15
lophyteI think12:15
ajmitchdo you even have an eth0 in dom0?12:18
lophyteugh.. this is confusing..12:19
ajmitchjust use the interface that's normally connected & it ought to work :)12:19
ajmitchwhy it suddenly stops in dom0 is beyond me12:19
lophytewhen I use network-bridge netdev=ra012:19
lophytera0 says "no wireless extensions"12:19
ajmitchhm right12:19
lophytethough it creates pra0, which has wireless extensions12:19
ajmitchthough this could be why I switched to eth1 (the wired interface)12:20
ajmitchsince the ipw2200 was playing funny tricks12:20
ajmitchbut this was also when i was testing 2.6.16 & the firmware was broken :)12:20
lophytebut I tried using pra0 and it didn't work either12:20
ajmitchI haven't set it to use wireless since then12:20
lophyteI don't really have a choice12:21
lophytehas to use wireless :|12:21
ajmitchlaptop sits on top of my tower case usually12:21
lophytethis is a desktop ;)12:21
ajmitchI could hardly put my main box on my desk :)12:21
lophyteokay, its a tower :P12:22
lophytenot a laptop12:22
lophytepaste warning12:22
lophytein /etc/xen/xend-config.sxp, there's a little diagram...12:23
lophytedom0: fake eth0 -> vif0.0 -> bridge -> real eth0 -> network12:23
lophytedomU: fake eth0 -> vifN.0 -> bridge -> real eth0 -> network12:23
lophyteso if I use netdev=ra0, it becomes "real ra0 -> network"12:24
lophytebut would the fake ones remain eth0, or become ra0?12:24
=== ajmitch doesn't know, hasn't checked it
lophyteand also...12:26
lophyteis fake eth0 called 'eth0' or peth0? :P12:26
ajmitchsee reponse above12:27
Burgworkwasabi_: rh uses a joined /etc/ldap.conf12:50
wasabi_How do they deal with maintainer scripts, or do they not?12:50
Burgworkno idea12:50
Burgworklooking at my FC4 machines12:50
wasabi_It might be fine to not deal with it, and move ldap.conf configuration completely into authtooll12:50
wasabi_And remove conffile from the files.12:50
wasabi_Get rid of the debconf questions on libnss-ldap, etc12:51
BurgworkI think that works12:54
Burgworkwhiprush: what does SLED 10 have?12:54
Burgworkbut FC doesn't have our common-* stuff12:55
Burgworkat least 4 doesn't12:55
Burgworkalso, fedora bundles pam_ldap.so in with nss_ldap12:57
cliebow_Burgwork:How do you plan to supply the functions smbldap-tools provides?01:00
wasabi_What functions are those?01:02
cliebow_those from smb.conf...adding machines passwrord changes01:02
wasabi_In the case of AD.01:03
cliebow_i guess i need to read the spec..ive been working on perl stuff to replace the functions smbldap-passwd smbldap-useradd etc do01:04
Burgworkhow does ccreds interact with nssdb?01:04
wasabi_It doesn't.01:04
wasabi_It's completely seperate.01:04
wasabi_You reading my novel?01:05
Burgwork'cause db doesn't appear to cache auth stuff01:05
wasabi_It does not.01:05
Burgworkso I need both?01:05
wasabi_NSS does not involve auth.01:05
cliebow_why does ad come up?01:05
wasabi_NSS involves only passwd/group entries.01:05
cliebow_in This situation01:05
wasabi_pam is hte "is your password correct?" pipeline.01:05
wasabi_Kerberos users have no entry in shadow.01:05
wasabi_No hashed password, etc.01:05
Burgworkauth    sufficient      pam_ldap.so <-- replace with pam_ccreds.so ?01:06
wasabi_pam_ldap shouldn't be used.01:06
wasabi_Oh, this is at your office?01:06
wasabi_Ahh. You have no kerberos.01:06
wasabi_Jump to my sample pam file.01:06
wasabi_And my long explanation of it's purpose.01:06
Burgworkand I discovered the pain when my ldap server decided to start using a dhcp addy01:07
Burgworkstill haven't figured why01:07
Burgworkgiven I have hacked /etc/network/interfaces to list it as static01:08
Burgworkwasabi_: your novel can assume more knowledge on the part of the read01:10
Burgworkie: don't tell use what pam is, etc.01:10
wasabi_I don't want it to.01:10
wasabi_Also it's only one sentence.01:10
BurgworkI assume those assumptions are inherent throughout the text01:11
wasabi_You'd be suprised how many people don't actually understand PAM and NSS.01:11
wasabi_Again, I want this to be blogged about, and get people talking/interested.01:11
lophyteokay, spec time01:12
Burgworkthat is way too long to a be blog post01:12
wasabi_It won't be IN a blog post.01:12
Burgworkstill too long01:12
wasabi_Linked from, sure.01:12
Burgworklook, you need to catch peoples attention01:12
Burgworknovels don't do it01:12
wasabi_Actually, specifically, I need to sell it to mark.01:12
wasabi_So he'll pay for it.01:13
Burgworkthat is not going to catch his eye either01:13
Burgworkremember, mark has add01:13
BurgworkADD, raterh01:13
wasabi_I have ADD. It worked for me.01:13
Burgworkyours is probably treated01:13
BurgworkMarks is not01:13
wasabi_Mine isn't. =)01:13
wasabi_I don't get anything done if I do. =(01:14
Burgworkok, if you must keep the fracking novel01:14
Burgworkat least point the point form stuff at the top01:14
Burgworkthe todos, etc.01:14
lophytewould you guys mind a short discussion about directory services in general?01:14
Burgworkthen put everything else in a discussion section01:14
wasabi_I suspect you should read my novel though. ;)01:14
lophyteI sifted through it ;)01:14
Burgworkit looks interesting, in a text book way01:14
BurgworkI need facts and short bits, not learning01:14
Burgworklophyte: shoot01:15
lophyteI just basically wanted to do a braindump of my own and see how it matches up with other people's visions01:15
BurgworkThe NSCD daemon will run as root. <-- lets figure out a way around this, if possible01:15
wasabi_There is no way around it.01:15
wasabi_Except to one run copy for every user.01:15
Burgworkquestion about your pam block01:15
wasabi_Including root.01:15
wasabi_Each with massively duplicated information.01:16
wasabi_And redundant LDAP queries.01:16
Burgworkif I don't run kerberos, can I just nuke that line?01:16
wasabi_Replace the line with pam_ldap01:16
wasabi_In some intelligent way.01:16
lophyteUDS (ubuntu directory services, not developer summit) should, imo, be a group of packages that can either work standalone or together..01:16
Burgworkwasabi_: ok01:16
lophyteUSUS for example.. can be run on its own, but works better with other packages, ie the GPO-like configuration system01:16
lophyteso you've got network auth, update services, config deployment... all things that can be run standalone or together as one big system01:17
lophyteunlike AD which is one big bloated package that you take all or none01:18
wasabi_Not really, but okay. ;)01:18
wasabi_WSUS is not tied to AD.01:18
wasabi_The only real tie is that you're forced to use both their LDAP and their KDC.01:18
lophytewell, no.. but you can't have SSO services without GPO services01:18
Burgworkwsus not tied to AD is a mistake on MS's part01:18
wasabi_lophyte: Well, you don't have to USE GPO.01:19
lophyteno, but its still there01:19
wasabi_For instance, I use other software to deploy software.01:19
lophyteis there any work being done on a GPO-like system?01:20
=== wasabi_ shrugs.
wasabi_https://wiki.ubuntu.com/NetworkAuthentication/Client   Moved my novel.01:20
lophyteanother question.. is UDS going to be tied to specific packages, or is it going to be versatile and flexible?01:21
lophyteie. you don't /have/ to use openldap and krb5-kdc01:21
wasabi_Depends what you mean by that.01:21
Burgworkwasabi_: can you forward that on to federico01:21
Burgworklophyte: we are going to pick a best of breed ldap server01:21
Burgworkask whiprush01:21
Burgworkubuntu is about making decisions01:22
wasabi_I suspuect UDS will be nothing but some automated utilities to install a server, configure it, and setup some schema.01:22
wasabi_No reason you can't setup your own server instead of using that.01:22
wasabi_That's sort of why we'll work with AD.01:22
lophytebut under the umbrella of 'UDS' includes our own centralized config deployment system01:23
lophyteand network auth01:23
lophyteand perhaps other packages01:23
wasabi_Sure... but again, the client component is just Ubuntu configured to talk LDAP/Kerberos.01:24
wasabi_NO reason you have to use our server component for that.01:24
lophyteright.. so you don't have to use the config system if you don't want to01:24
wasabi_I don't think there's anyway we could force you to do so.01:25
Burgworkbut we are going to provide the complete stack, client and server01:25
Burgworkfor the server side, we are going to choose technologies and go with them01:25
lophyteat a bare minimum, UDS is simply Ubuntu configured to talk LDAP/Kerberos on the client side, and LDAP/KDC on the server side01:25
Burgworkthe client is fairly generic01:26
Burgworkthe server is going to be much more specific01:26
wasabi_I wouldn't even consider UDS a product name.01:26
lophytebut you can install fancy extras on top of that.. ie. config system, usus, etc.01:26
Burgworkwe are going to say OpenLDAP or FDS01:26
Burgworkfedora directory server01:27
lophytewhy fedora?01:28
Burgworkbecause FDS is better than most out there01:28
BurgworkOpenLDAP vs FDS is debatable right now01:28
Burgworkand the world doesn't need another ds01:28
lophyteso what are we doing then?01:29
Burgworkneed to evaluate both of them and decide01:29
=== Fujitsu [n=Fujitsu@ubuntu/member/fujitsu] has joined #ubuntu-directory
lophyteif the world doesn't need another ds.. are we just making ubuntu work with existing DS systems?01:29
wasabi_A DS is just a database though.01:30
Burgworkyes, but we also don't need to go out and fork an existing DS01:30
wasabi_Something has to install it, configure it, and set it up with proper information for clients to use it.01:30
lophyteah, alright01:30
wasabi_I suspect we'd like to reduce that down to a single wizard on a server.01:30
lophyteso if we choose FDS, how would we migrate that into ubuntu?01:31
Burgworkthere is a spec for that01:31
wasabi_Somebody needs to package it.01:31
lophyteI'm just more or less catching up to what's going on :P01:32
lophyteand figuring out what our goals are01:32
FujitsuDoesn't it depend on pretty much everything on the planet?01:32
BurgworkFujitsu: less everyday01:33
FujitsuBurgwork: Good!01:33
Burgworkthey are splitting out the web frontend, which requires non-free java, in the next release01:33
lophyteis FDS free?01:34
Burgworkall RH stuff is open source01:34
wasabi_Did you give me federico's email?01:35
Burgworkwhiprush has it01:35
Burgworkjust a sec, let me see if have it01:35
wasabi_oh yeah i remember now01:36
wasabi_This one:01:36
lophyteBurgwork: you didn't get a tracking # for that package did you?01:38
Burgworkyep, but it is at home01:38
lophyteshould check it01:38
lophytemy mom said she hasn't gotten anything by courier01:38
Burgworkit came by regular post01:43
lophytehow big is it?01:44
lophyteI wonder if the mailman stuffed it in the mailbox01:44
lophyteprobably in the mailbox01:50
lophytebrb I'll check01:50
ajmitchright, I'm back01:53
ajmitchwasabi_: yes, I started packaging FDS, nothing new there01:54
ajmitchso of the todo list you have there, I've got stuff for the last 2.01:56
lophyteBurgwork: got it, thanks02:01
lophyteI'll hand them out tomorrow and pass some on to djp02:01
lophyte1 down, 3 to go02:03
Burgworkwasabi_: just got bitten by https://launchpad.net/distros/ubuntu/+source/pam/+bug/6727602:06
lophyteBurgwork: is there a list of goals for the directory team somewhere?02:08
Burgworkour specs02:09
lophyteah, good point02:13
Burgworkwhat is the FC equiv of /var/log/auth.log ?02:19
=== ajmitch rages at ugly php code
Fujitsuajmitch: That's what PHP is for!02:23
FujitsuBeing ugly, and raged at.02:24
lophyteBurgwork: alright, I'm gonna start merging our braindump with /UpdateServer02:31
lophytealso, re: -ca approval.. I'm gonna put us on the CC agenda, is there anything else we need?02:31
Burgworkwe need the approval form02:31
Burgworkdid you see that?02:31
lophyteI glanced at it briefly02:31
Burgworkplease fill that out02:32
BurgworkI am fighting with FC402:32
wasabiBurgwork: Yeah. So... You see why we need C coders. ;)02:32
Burgworkajmitch: got a stumper of a question of you02:32
Burgworkuserdel claims that I am logged in02:32
Burgworkbut I am, have no open files and have no running processes02:33
Burgworkwhat else should I check?02:33
ajmitchtype it02:33
Burgworknope, doesn't list me02:34
=== ajmitch wonders what userdel is using then
Burgworkno idea02:34
FujitsuIt's Fedora, does it need a reason to do crazy stuff?02:35
BurgworkI am currently on dapper02:36
lophyteoohhh burrrrn.02:36
Burgworkmy boss wants a "homogenous" environment with our main office02:36
FujitsuAh, you said `I am fighting with FC4' :P02:36
Burgwork1 Ubuntu machine, 2 FC02:36
FujitsuI've never had userdel do that sort of thing to me.02:36
Burgworkwasabi_: how are you working around the ccreds brokenness?02:37
wasabiWhich is incorrect functionally, but works for now.02:42
wasabiIt's returning auth_err.02:42
ajmitchwhat should it return?02:44
Burgworkright, o02:47
=== Burgwork grumbles further at FC4
Burgworkgetent passwd corey --> uid 1000002:49
Burgworkchown corey:corey --> uid of home dir? 002:49
Burgworkhmm, ok02:52
Burgworkthat worked02:52
wasabiThat's another interesting point... probably a place where i'd be willing to take a stand against everybody else.02:53
wasabilibnss-ldap should not make groups for users.02:53
Burgworkyou mean, it shouldn't do the Ubuntu default?02:53
wasabiNope. It shouldn't.02:53
Burgworka corey group along with the corey user?02:53
Burgworkwhy not?02:53
wasabiBecause it serves no real purpose, and muddles the issue tremendously... the LDAP server would have to have groups for each user.02:54
wasabiAnd make sure there were no conflicting gids, etc.02:54
Burgworkare we talking ldap groups or local groups?02:54
wasabiNeither really.02:54
wasabiI make my LDAP members primary group 65535, nogroup.02:55
Burgworkwe shouldn't diverge from ubuntu02:55
BurgworkI don't see a benefit to diverging, so why do it?02:55
wasabiBecause we have no way to not diverge.02:55
wasabiUnless you're going to mandate AD make a group for every user.02:55
Burgworkis that a bad thing?02:56
Burgworkwe shouldn't shoehorn Ubuntu into Windows02:56
wasabiHmm. I'd say so.02:56
ajmitchthat's a lot of unnecessary groups02:56
wasabiNo, certainly not, but we should carefully examine the reasons MS doesn't make a group for every user.02:56
wasabiANd I assert that reason is because nobody suggested it, because they had no problem to solve.02:56
wasabiBecause it solves no problem. =)02:56
Burgworkthe groups one?02:57
Burgworkwhat about standalone machines?02:57
wasabiI believe the old-schoolr eason for doing it is because POSIX permissions are limiting.02:57
wasabiAnd you can only have one owner.02:57
BurgworkI find them quite elegant, actually02:57
wasabiSo, in the case you want to share your folder with one other perosn, you setgroup it to him.02:57
wasabiPosix ACLs don't make that a problem anymore.02:58
ajmitchwhich is why windows never really needed a group per user02:58
wasabiYup. THey were never working around a Posix permission set.02:58
wasabiThey started with ACLs02:58
wasabiAnyways, so the options are thus: Either we leave it up to the admin to make a AD group for every user (not likely to happen)02:59
wasabiWe mandate they do, no way to enforce it.02:59
wasabiWe auto generate matching "fake groups" in libnss-ldap02:59
wasabi(horribly hacky, might make conflicting gids)02:59
wasabiOr we fix the problem that made us need a per-user group in the first place.02:59
wasabiWhich is probably a better long term goal.02:59
Burgworkthen write a spec for that03:00
wasabilocal users can still have their own group, it hurts nothing.03:00
Burgworkand get it on the MTV03:00
=== Fujitsu likes that last solution, there's a lot of clutter otherwise...
ajmitchwasabi: so do you want to spec up ACLs enabled throughout ubuntu?03:00
wasabiHmm. I don't think it's required at first.03:00
Fujitsuajmitch: There's already a spec on that...03:00
wasabiAnd I think somebody else will do that. ;)03:00
ajmitchFujitsu: sure, but when might that get done?03:00
ajmitchthere's a spec for nearly everything03:01
wasabiNOt having a per user group doesn't break anything.03:01
ajmitchdoesn't mean it's useful :)03:01
wasabiIt just makes it slightly more difficult to give a single user access to one of your files.03:01
Fujitsuajmitch: True, but it's not difficult to implement...03:01
ajmitchother linux distros have managed fine without group-per-user03:01
ajmitchI think it's an option in debian03:01
wasabiI don't mind per-user groups for local stuff. It hurts nothing.03:01
wasabiLet it continue.03:01
wasabiMy first user I create in Ubuntu is "admin".. and that creates an "admin" group.03:02
wasabiAnd that group has sudo access.03:02
ajmitchthen let's break from that for remote users03:02
wasabiSo I add remote users to the local admin group, to give other users sudo access.03:02
wasabiadduser jhaltom@DOM admin03:02
wasabiAnd that's worked wonderfully.03:02
wasabiSince all users require a primary gid, I've been using 65534 I believe, for nogroup.03:03
wasabiWhich has no permissions.03:03
wasabiOther groups are secondary.03:03
lophytehey guys, where can I find a decent ldap+kerb howto?03:04
wasabiDon't think there is one.03:04
ajmitchyeah 65534 is default for  nogroup it seems03:04
lophyteyou're telling me ;)03:04
wasabibayour had a good one.03:04
wasabibut it's been aging.03:04
lophyteokay, half-decent.03:04
ajmitchthere are 1001 useful ones03:04
ajmitchnone decent03:04
lophyteBurgwork: what's the news about UDS?03:05
lophyteMTV I mean03:05
Burgworkneed to look into my finances03:05
lophyteI don't know if I'm comfortable with you sending me :P03:05
ajmitchwe'll help relieve you of your finances, that's fine03:06
lophytethat's quite a bit of buck03:06
Burgworkajmitch: heh03:06
=== ajmitch looks into his bank account & cringes
=== lophyte does the same
Burgworkmine is pretty bad too03:06
ajmitchhopefully I get paid again before I get to the US03:06
Burgworkjust slightly less worse03:06
ajmitchcurrently about $250NZD to last me until next payday03:06
ajmitchyay for being poor :)03:07
lophyteI have about $250CAD in my account03:07
lophytebut that's /all/ i have03:07
Burgworkhow are you paying rent?03:07
lophytethat's what my girlfriend is for, Burgwork ;)03:07
=== ajmitch puts off rent...
wasabiHow are ya'll poor? You have more skills than 95% of the populace.03:08
Burgworkok, here is a fun one03:08
ajmitchof course this $250 is the $250 until I hit the overdraft &  credit card limit :)03:08
ajmitchwasabi: sure, find me a job that pays03:08
Burgworkwasabi_: I am poor 'cause I choose to work for a Linux company and didn't want to move03:08
ajmitchthere just aren't many jobs in this field where I live03:08
wasabiI get 4 job postings a day coming across my in box.03:09
wasabiFor ~100k03:09
wasabiYa'll should move to the US! =)03:09
ajmitchlucky you - I wouldn't see that in a year :)03:09
Burgworkwasabi: lophyte is poor 'cause he doesn't know how much he is worth03:10
lophytehah, that's about right actually03:11
ajmitchand I'm poor because I waste my life writing php ;)03:11
wasabiI do C# and Windows. ;)03:12
Burgworkthing is, I wasn't willing to sell my soul and work on Windows anymore03:12
lophyteyeah, I don't think I am either03:12
lophyteI'd /really/ prefer to work in a linux environment03:12
ajmitchwasabi: you poor sod03:12
wasabiI don't have a moral problem with technology. I have a technological problem.03:12
wasabiWIndows pisses me off.03:12
lophyteI have both :P03:12
ajmitchI have a windows box that I work on, but all the code runs on the debian server03:12
wasabiBecause it sucks in such obvious ways.03:13
wasabiAnd there's no way to improve it.03:13
wasabiANd hence I believe money is to be made in superceeding that.03:13
lophyteBurgwork: did I ever tell you our plans for the Vista launch party in Toronto?03:13
lophytedjp and I (and a gang of people probably) are going to be putting up his 12-foot inflatable Tux outside the party03:13
wasabiThe idea of a Vista release party confuses the shit out of me.03:14
Burgworkhand out Ubuntu cds03:14
wasabiPeople who had nothing to do with the actual development of it praising it's launch?03:14
wasabiThat sounds like religion to me.03:14
lophytegood call03:14
wasabiIf they'd worked to make a Linux distro, they can have a release party.03:14
lophytebut then again, what do you call Edgy release parties?03:14
wasabiDepends whose there. =)03:15
lophytetrue enough03:15
wasabiSince so many people do actually contribute.03:15
wasabiAnd have a personal stake in it.03:15
lophytegood point03:15
ajmitchmost people who go to those ubuntu release parties have no involvement in contributing to development03:15
wasabiWonder if there's one around me.03:15
lophytedjp is supposedly having one, but he wouldn't tell me the date03:15
lophyteI bet its tonight, and nobody showed up because it was a last minute thing03:15
ajmitchI don't think we're planning any release party here in dunedin03:16
=== ajmitch doesn't really feel like attending one in any case
lophytefyi, djp = a dude in toronto that owns the linuxcaffe03:16
cliebow_ wasabi:call it community chuckle03:18
lophyteBurgwork: yay for recruiting03:18
lophyteI just saw Em3rald say he was from Edmonton in #ubuntu-offtopic, so I pointed him over to -ca ;)03:19
lophytebrb, rebooting03:21
wasabiANyboyd know much about libdb?03:41
wasabiberkely db03:42
wasabihttp://www.macdevcenter.com/pub/a/mac/2003/12/09/active_directory.html  <--- Joining OS X to AD03:43
wasabiajmitch: You might be interested in their interfaces.03:44
ajmitchseen it03:44
ajmitchflatmate has a mac03:45
ajmitchhe works with some of this stuff at uni03:45
ajmitchteaching fellow/sysadmin in telecommunications03:45
ajmitchwhich is where I got into it03:45
=== ajmitch was helping him teach some of the network management stuff in the labs
wasabiI'm wondering if berkely DB can be used properly readonly.03:46
=== lophyte [n=dsulliva@ubuntu/member/lophyte] has joined #ubuntu-directory
lophyteugh.. xen networking...03:55
lophyteI'm still lost.03:58
lophyteanywho.. bbl.03:59
lophytetime for TV03:59
=== Fujitsu [n=Fujitsu@ubuntu/member/fujitsu] has joined #ubuntu-directory
=== Burgundavia [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-directory
=== Burgwork [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-directory
=== ajforgue [n=andrew@2001:5c0:89e4:0:212:f0ff:fed8:c339] has joined #ubuntu-directory
=== Fujitsu [n=Fujitsu@ubuntu/member/fujitsu] has joined #ubuntu-directory
=== ukh [n=ukh@] has joined #ubuntu-directory
=== robertj [n=rcaskey@cai17.music.uga.edu] has joined #ubuntu-directory
robertjstily me forgot to read my scrollback this morning :P03:42
robertjwell I'm a happy boy, my RAID is _finally_ rebuilding itself04:49
robertjthe RAID controller has internal ports only, so there is an inside-outside mounting bracket that goes where PCI cards normally go04:50
robertjand apparently one of those ports is flaky enough to cause problems04:50
robertj48 hr rebuild time still sucks04:52
whiprushanyone around?07:02
=== Burgwork [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-directory
whiprushBurgwork: ping07:04
Burgworkwhiprush: pong07:04
whiprushBurgwork: where you working on an email list?07:04
whiprushI just got a mail from that guy in Indiana doing edubuntu in schools07:04
whiprushand he's very interested in discussion, etc.07:04
BurgworkI have a half written email, but I felll asleep last night07:07
Burgworkwill do it today07:07
Burgworkwhiprush: can you followup with mdz about n-a?07:07
whiprushok, just wondering if that was on the drawing board.07:07
whiprushBurgwork: will do when I finish this mail07:07
Burgworkyou writing to devel?07:07
whiprushI was pinging him on irc07:07
whiprushbut I can do -devel07:07
Burgworkno ping him07:09
robertj_btw, I'd note that the AD stuff posted for mac is no longer current and has been redone in 10.407:23
robertj_although I haven't looked at it07:23
whiprush"Please give me your feedback. I believe Andrew Mitchell was working on this as a SoC project but was unable to finish it? I don't know his status at the moment, and will try to get in contact with him."07:25
Burgworkwhiprush: that is old07:25
whiprushmaybe we should do a quick status for mdz.07:25
whiprushso has he looked at this yet then?07:25
Burgworkwell, as soon as that email to -devel goes out, they will know07:27
whiprushI hope that dude's school has the funds to send him out.07:27
whiprushI was like "dude just come to mountain view."07:27
whiprushBurgwork: One of our states (Indiana) is mandating linux desktops for all public schools07:27
whiprushso guys like him are a big PR win too.07:28
BurgworkI have heard fo that07:28
Burgworkwhiprush: have you responded to the indiana guy07:29
whiprushjust about 5 minutes ago07:30
whiprushfilled him in on the new stuff, pointed to the specs, launchpad, etc.07:31
robertj_what does GPO stand for?07:32
robertj_Group Policy Something?07:32
Burgworkgroup policy object07:32
robertj_from they way it's referred to you need...leprechauns? It seems to be a magical fix to problem X :)07:35
Burgworkwhiprush: n-a has been accepted07:39
whiprushBurgwork: you're the man on so many levels.07:41
BurgworkI had nothing todo with it07:41
whiprushI just felt like fanboing you for a little bit07:42
whiprushroll with it07:42
=== SimonAnibal [n=chatzill@] has joined #ubuntu-directory
whiprushhi SimonAnibal!07:43
SimonAnibalHello Jorge07:43
whiprushBurgwork: this is Simon from Indiana like I was talking about.07:44
Burgworkhey SimonAnibal07:44
whiprushSimonAnibal: meet Corey Burger.07:44
whiprushand robertj_07:44
SimonAnibaljust got your e-mail07:44
whiprushand the rest. :D07:44
SimonAnibaland I'm glad someone else is doing all the hard work :-D07:44
robertj_Howdy SimonAnibal07:44
SimonAnibalHowdy all07:44
Burgworkwell, we also need testers07:44
robertj_SimonAnibal: what's your background? Are you rolling Ubuntu at at a school, multiples schools, etc?07:45
SimonAnibalHigh School here in Indiana07:45
SimonAnibalOne school07:45
SimonAnibal9 Classrooms07:45
SimonAnibal279 workstations07:45
BurgworkSimonAnibal: what do you do for auto updating?07:45
SimonAnibalONE RING!07:45
SimonAnibalthat was overly geeky07:45
SimonAnibal*fidgets nervously* I've not been doing updates this year07:46
SimonAnibalLast year I used Ghost, but this year I've just not had time07:46
Burgworkah, ok07:46
SimonAnibalI literally scorched earth and re-imaged every workstation about once a week to keep them up to date07:46
Burgworkyou might want to take a peek at the UbuntuSUS stuff07:46
SimonAnibalSo, this is the part where I'm supposed to say: "UbuntuSUS?"07:47
Burgworkdoes that meet your needs?07:48
Burgworkcode doesn't exist yet, just a spec07:48
Burgworkbut lophyte here is going to be working on it07:48
SimonAnibalyes, meets the need07:49
SimonAnibalor at least a need07:49
whiprushIt's no secret that there's tons of stuff we need.07:50
whiprushSimonAnibal: since last we talked I've learned that Novell will be putting resources in sabayon and pessulus development.07:50
SimonAnibalSo, my concerns are: Updates (just addressed), Active Directory integration, Desktop management and lockdown (Sabayon and Pessulus?)07:51
SimonAnibalAD would be Kerberos and LDAP (maybe something else?)07:52
whiprushyou got it07:52
SimonAnibalboy I'm glad you guys have a freenode channel07:53
whiprushBurgwork: was lophyte looking at the existing nwu code or doing something else?07:54
SimonAnibalSo, basics - how do launchpad teams "work"?07:54
SimonAnibalI've got a launchpad account, and I wanna join07:54
SimonAnibalAnd unfortunately I don't think my high school will fly me out to California07:56
=== SimonAnibal [n=chatzill@] has joined #ubuntu-directory
SimonAnibalFirefox died and I'm using ChatZilla08:04
SimonAnibalSo, who else here is in an aggresively homogenous Microsoft shop?08:04
Burgworkwhiprush: new stuff08:04
Burgworknwu solves a different issues08:05
BurgworkSimonAnibal: I work and sell Linux08:05
Burgworkwork with, rather08:05
SimonAnibalBefore the Indiana ACCESS program our network was about 100% Microsoft08:05
Burgworkah, wow08:05
SimonAnibalthough they do use Linux on some servers downtown08:05
BurgworkSimonAnibal: did you figure out LP08:06
SimonAnibalAnyhow, our corporate tech support structure was not happy about 300 new Linux boxes08:06
Burgworkespecially with 3 different distros across several schools08:06
SimonAnibalYou're speaking from a state perspective, yes, 3 different distros across several schools08:07
SimonAnibalour school is the only one in our corporation that runs Linux08:07
SimonAnibaland our Linux is homogenously Ubuntu08:08
SimonAnibalRe: LP, I'm looking for a button called "Join", but I see such a thing does not exist08:08
SimonAnibalor I am blind08:08
SimonAnibalAnyhow, our corporate IS people said flat out "We will not support this, you are on your own"08:08
SimonAnibal"We only support Windows XP"08:08
SimonAnibalI found out recently that they've been moving since XP came out towards a 100% Windows XP deployment, so as to operate Active Directory in "native mode", whatever that is. So it seems they're pretty irritated to have 300 Linux workstations dumped in the middle of their plans08:09
Burgworkto join an Ubuntu machine to add currently takes work08:11
Burgworkajmitch is working on making that easier, as easy as windows08:11
SimonAnibalYeah, and I'm grateful for that08:13
SimonAnibalBut they're not concerned about how much work it's going to take08:13
SimonAnibalThey're not doing any of the work08:13
SimonAnibalAnd with that in mind, they still want to get rid of everything non-Microsoft08:13
SimonAnibalI've heard they're thinking of segregating all the Linux workstations in their own subnet08:14
Burgworkthat is crack08:14
Burgworkand very MS-thinking08:14
SimonAnibaland cut it off completely from the Microsoft network08:14
SimonAnibalyeah, so I figure if I can demonstrate that they'll play nice, I can punch holes in their logic08:14
SimonAnibalMy question is, is there some benefit (from their point of view) to having a 100% MS network?08:17
SimonAnibalDoes anybody in here know?08:17
SimonAnibal(I mean in the context of they're not being asked to support any non-MS clients)08:17
Burgworkyes, head-in-the-sand-thinking08:17
BurgworkI used to work for such a company08:17
SimonAnibalthat's not really a benefit, I'm looking for something more concrete like "it's easier to manage the network with AD in 'native mode'"08:18
Burgworkno, it isn't08:18
SimonAnibalOk, I give up, how do I join a Launchpad Team?08:18
Burgworkat least, as of server 2k it wasn;t08:18
Burgworkgo to our LP team page08:18
Burgworkclick join08:18
SimonAnibal:-/ the only instance of "join" is in "Membership policy:  Open Team. Any user can join and no approval is required. "08:21
SimonAnibalAh, there I see it08:21
SimonAnibalI get it, I was at https://features.launchpad.net/people/ubuntu-directory08:23
Burgworkhey wasabi_08:23
SimonAnibalI was just listening to Chris DiBona's podcast with Jeremy from Samba. I'm addicted to podcasts recently08:26
wasabi_I see a lot of discussion.08:28
wasabi_What was all that about? Somebody distill it. ;)08:28
BurgworkSimonAnibal here has 250+ ubuntu workstations in an indiana school08:28
Burgworkhe wants to be able to link them with AD08:28
SimonAnibalWell, NEED is more accurate08:29
Burgworkhe also was droolling over the update server08:29
SimonAnibalI don't particularly WANT to deal with this08:29
SimonAnibalAnd Sabayon08:29
wasabi_Well, it can be done, but it'll take a lot of knowledge on your part right now.08:29
wasabi_Are you up for it? :)08:29
BurgworkSimonAnibal: the other piece you need is http://live.gnome.org/Glocke08:29
SimonAnibalThis page does not exist yet. You can create a new empty page, or use one of the page templates. Before creating the page, please check if a similar page already exists.08:30
SimonAnibaldid you mean http://live.gnome.org/Glockenspiel?08:30
SimonAnibalI'm checking it out08:32
SimonAnibalSo, lots of great concepts08:32
SimonAnibalwhat can I do to help them become real products?08:32
Burgworkhelp federico with real world use cases08:33
SimonAnibalI'm inexperienced but willing08:34
SimonAnibaland I gotta go run TVs around the school now, bbiab08:35
whiprushmixed mode is when you support NT4 workstations on an AD08:48
whiprushwhich disables some features for AD.08:48
whiprushgoing native means you don't have to deal with them08:48
wasabi_Believe it also means LanMan hashes are not generated.08:48
wasabi_Oh yes, in mixed mode the DC runs the services neccassary for a NT4 BDC to pull from.08:50
whiprushI run all native and my ubuntu machines work fine08:53
whiprushhis windows guys probably think that they have to run in nt4 mode to support the linux machines.08:54
wasabi_The Linux machines can participate as fully secured AD members.08:56
wasabi_Including Kerberos authentication and LDAP access using Kerberos.08:56
wasabi_The will appear in AD as computer accounts, just like Windows.08:57
wasabi_And they will need their own tickets to even be able to talk to windows services.08:57
whiprushyep, they show up in the AD management tools08:57
wasabi_Obvioulsy GPO doesn't work with them.08:57
robertj_SimonAnibal: pretty much the only advantage from a networking perspective is that you could, with appropriate hardware, require anti-virus & firewall stuff before even getting routed to the outside world09:00
robertj_SimonAnibal: but _nobody_ I know is actually using that stuff thankfully09:00
ajmitchrobertj_: sadly I do09:02
ajmitchrobertj_: small businesses using the ISA firewall client - makes it hard to get a linux box on the network09:02
SimonAnibalThis has been incredibly informative09:04
SimonAnibalI'm passing this information along to my boss for his perusal09:04
whiprushSimonAnibal: idle around for a while, wait until wasabi and ajmitch REALLY get going09:04
SimonAnibalAnd all I had to do was go push some TVs around09:05
SimonAnibalI'm actually now done with my work day09:05
ajmitchwhiprush: haha09:05
whiprushSimonAnibal: do you talk with your counterparts in the other districts?09:05
SimonAnibalWell, I'm going to be representing Canonical at the next CINLUG meeting where I expect some of my counterparts will be09:06
robertj_wasabi: so is the plan to implement a subset of GPO where applicable or to come up with a full alternative?09:06
SimonAnibalbut normal not09:06
SimonAnibalI'll be promoting the ubuntu-education community mainly09:06
whiprushmaybe they'll be impressed with where we're going and climb aboard.09:07
whiprushSimonAnibal: work is sending me to the conference because we need this too.09:07
whiprushso you can ring the "academic alliance" bell a few times, heh.09:07
SimonAnibalI hope I can convert some09:08
whiprush"There are other schools doing this too ..."09:08
whiprushto convince management, etc.09:08
SimonAnibalof course09:08
SimonAnibalI want to relate the Ubuntu creation story09:08
whiprushI whip out that Trump card all the time.09:08
SimonAnibalI think it's a good story/intriguing introduction09:08
whiprush"Hey, U of M is doing this, we don't want to be left behind." etc.09:09
SimonAnibalWell, the main pain with that is that I'd be luring them from Novell, who as far as I know have this directory stuff pretty much down09:09
whiprushluckily we're friends with them09:10
SimonAnibalSo I'm going for the community angle09:10
whiprushthere's lots of things to learn from each deployment09:10
SimonAnibalnodnod, I don't want to HURT Novell, but I do want to score converts for Ubuntu09:10
SimonAnibalweird situation09:10
SimonAnibalI'd rather win converts from people who don't know Linux yet, so we can spread our user base without hurting the other projects out there09:11
SimonAnibalI admire what Novell and Red Hat have done for the community09:11
SimonAnibalI just think Ubuntu is the next logical evolutionary step.09:11
whiprusha guy from Novell will be at our spec braindumps, heh09:11
SimonAnibalI was just saying I was listening to him on FLOSS Weekly09:12
whiprushhe's good people, we should have a great time.09:12
SimonAnibalToo bad there's no money to support the project09:13
SimonAnibalIt's all deployment money and teacher professional development money09:13
SimonAnibalSo I doubt I'll ever get them to foot my bill for anything09:13
SimonAnibalI went to Ohio LinuxFest on my own dime09:13
whiprushthat's ok, with all of us together we all have something to contribute09:14
SimonAnibalOne day, I'll be making a living on this stuff09:14
whiprushyeah, I have it pretty good, surrounded by linux.09:14
whiprusha little bit of windows stuff09:15
whiprushbut that's always nice to know to keep the skills up09:15
SimonAnibalI get paid $8/hr, 7hrs/day, 35 hrs/wk, 180 days/yr.09:15
SimonAnibalWhich, frankly, sucks...I love the work, don't get me wrong09:16
SimonAnibalI feel like a fish in water09:16
whiprushheh, I took a pay cut to work at this U just to work on linux.09:16
BurgworkI took a pay cut to sell Linux09:16
whiprushbut, if you factor in the costs of going back to school, I come out ahead.09:16
whiprushplus I don't deal with shit like Outlook anymore09:16
whiprushthis makes me a happy camper09:16
SimonAnibalI just started working with all this stuff on top of my other responsibilities09:17
SimonAnibalSo I provide 100% of the support on almost 300 computers on top of my job...and now I've put myself in the position where if I leave I feel this program will come to a grinding halt09:17
ajmitchyou people get *paid* for this? ;)09:18
SimonAnibalwhich makes me feel bad thinking about moving on to a different job09:18
SimonAnibalcause I'm really invested in this community and this project, personally09:18
SimonAnibalbut, you know, I've got my whole life ahead of me09:19
SimonAnibaland $10,000 a year isn't going to cover any of my hopes and dreams09:19
whiprushhow old are you?09:19
SimonAnibalI only survive by living with my mom (cramped house, my fiancee and I, my mom, my much older brother, and our 4 furry children)09:19
SimonAnibalI'm 2309:19
whiprushdang, it's like hispanic Full House09:20
SimonAnibalAnd, to add insult to injury, I don't have a computer to play with at home09:20
robertj_Umm, leave em09:20
SimonAnibal*lol* Actually I'm the only Hispanic in the house09:20
robertj_go find a better job09:20
SimonAnibalyeah, I know that's the logical conclusion09:21
robertj_let them go back to pirating windows and go work somewhere decent09:21
whiprushIt took me 10 years to find a linux-related job, I'm going to retire here if I can get away with it, heh.09:21
SimonAnibalI've bitched to my bosses about it, though, and pointed out all the reponsibilities I've taken on on the off chance that the corporate machinery could be moved to realize they need me enough to pay me what I'm worth09:21
SimonAnibalI believe in Ubuntu, and I believe in education09:21
SimonAnibalIf I didn't have to worry about money, THIS is what I'd be doing as a hobby to pass the time09:22
SimonAnibalyou know?09:22
SimonAnibalit's hard to walk away from that09:22
robertj_SimonAnibal: tell them you need a raise, can't afford to live, and are taking time off to look at your options09:22
SimonAnibalonly to go to a job that I hate where I make decent money09:22
whiprushthe project is pretty high-visibility Linux-deployment wise09:22
whiprushwho knows, maybe someone will come looking for him when it's done.09:22
robertj_whiprush: "done"?09:23
whiprushheh, good point.09:23
SimonAnibalThat's another hope I have, that this experience and visibility will be worth something in the long run09:23
SimonAnibalwell, worth something tangible09:23
whiprushI got some job offers at linuxworld and i don't do /shit/ but blog about ubuntu.09:23
whiprushSo there's definately a need out there for people like us09:23
SimonAnibalI think what I'm doing should be worth something to someone. I mean why is our military so well-funded when we're churning out illiterate high school graduates and cutting back the education budget?09:24
robertj_SimonAnibal: $7.50 is chump change in the states09:24
SimonAnibalit is09:25
whiprushyeah, we pay our student-employees like, 9 bucks09:25
SimonAnibalwhich makes me a chump09:25
robertj_SimonAnibal: Dude, the principle at your school is probably pulling down $100-150k09:25
robertj_whiprush: some of may lab workers get paid 1009:25
SimonAnibalWell, he's a brand new principal, so he'd be a little lower than that, but your point is valid09:25
ajmitchwhiprush: yeah, I should so start blogging about this :)09:25
SimonAnibalmy boss directly over me makes at least 4 or 5 times as much as I do09:26
ajmitchthrow up a few screenshots, etc :)09:26
robertj_whiprush: the issue is not that there isn't enough money in the game, it's that someone is getting to it before you are. And if there is a 2x increase in funding you will see a cost-of-living increase and they will fatten their take, that's how it works everywhere09:26
robertj_SimonAnibal: what's your bosses name?09:26
SimonAnibalMy direct boss?09:26
whiprushajmitch: yeah dude ... publicity always gets people involved, etc.09:26
robertj_the head honcho at the school09:26
robertj_first & last, I can look it up & let you know09:26
SimonAnibalJeff Henderson09:26
SimonAnibalJeffry, actually09:26
ajmitchwhiprush: then dholbach can stop nagging me to get on the planet09:27
whiprushLook at Burgwork, he's a sales weeny and already has an Ubuntu book under his belt.09:27
whiprushajmitch: heh. YOu know you can add yourself to planet right?09:27
=== Burgwork smacks whiprush
SimonAnibalOh, THAT Corey Burger09:27
SimonAnibalheh, I have a copy of the book right here09:27
Burgworkthe one and same09:27
ajmitchSimonAnibal: yeah, the infamous one09:27
SimonAnibalI got it for getting the Ohio LinuxFest organizer a drink09:28
ajmitchwhiprush: I know I can add myself to planet - I need some content first09:28
robertj_ajmitch: is he new to Indiana? He doesn't seem to bel isted here09:28
robertj_err SimonAnibal, not ajmitch, sorry09:28
whiprushajmitch: blog about this stuff.09:28
SimonAnibaland I got Ubuntu hacks for just saying I'd invite my bosses for next year09:28
ajmitchwhiprush: I will09:28
whiprushit'll get more interest09:28
whiprushmore attention, etc. etc.09:28
SimonAnibalThis is his first year as a principal09:28
SimonAnibalI think09:28
SimonAnibalmaybe last...09:28
SimonAnibalLast it was09:28
ajmitchfor the sake of the project09:28
robertj_SimonAnibal: hehe, what's steves last name then?09:28
robertj_http://www2.indystar.com/state_salaries/ <-- take a peek for yourself09:29
=== lophyte- [n=guest02@206-248-160-94.dsl.teksavvy.com] has joined #ubuntu-directory
lophyte-anyone around?09:29
Burgworkrobertj_: we are trying make him not leave his job, not make him more depressed about how little he gets paid09:30
lophyte-hey Burgwork09:30
SimonAnibalHe's not there either09:30
Burgworkhey lophyte09:30
whiprushhi lophyte-09:30
lophyte-hey whiprush09:30
lophyte-I'm working on the uus spec.. and i've run into something that doesn't make sense..09:31
SimonAnibalNoone I know here is on that list09:31
whiprushlophyte-: ok09:31
lophyte-why would we download Packages.gz/Releases from the dapper/edgy repo if those packages are frozen on release?09:31
ajmitchok, back later09:31
lophyte-for an update server, it would never need to access the main repo... only -updates and -security09:32
whiprushI agree09:32
lophyte-also, storing all this information in the filesystem seems kinda disorganized.. but I don't know if its worth while to use mysql or postgre09:33
whiprushhow about something like sqlite?09:33
lophyte-the uus server would need to keep track of a) updates available upstream, b) which updates are required by which clients, and c) which packages are installed on which clients09:33
lophyte-and tracking that via files is messy imo09:33
lophyte-if that info was stored in a db it'd be so much easier for comparison/storage/retrieval09:34
robertj_lophyte-: are you doing the implementation?09:34
whiprushsqlite seems appropriate for this09:34
lophyte-robertj_, yes09:34
lophyte-robertj_, I'm working on the spec right now though09:35
lophyte-whiprush, I'll look into that09:35
robertj_lophyte-: were you here for my suggestion that it be in twisted w/ xmlrpc?09:35
lophyte-I remember you briefly mentioning xmlrpc, but thats about it09:35
lophyte-care to elaborate?09:35
robertj_lophyte-: and that the web client would also communicate over xmlrpc & not use apache09:36
robertj_but include derive from the twisted HTTPServer class09:37
SimonAnibalAlright, and as you move to a higher plane in the conversation I have important personal business to attend to (including, but not limited to, getting the hell out of here)09:37
whiprushI wonder what pup does (the fedora one)09:37
=== whiprush looks
SimonAnibalsruiz@mccsc.edu - http://indianalinux.blogspot.com if you wanna get ahold of me09:37
SimonAnibalI'm on the Launchpad team now, and I plan to start idling here when I'm on09:37
SimonAnibalSo I'll see you all around09:37
lophyte-see ya09:37
whiprushthanks for dropping by09:38
SimonAnibalThanks for clueing me in09:38
SimonAnibalPor curiosidad, me puedes entender en este idioma?09:38
whiprush<-- doesn't speak spamish09:39
whiprushspanish either.09:39
lophyte-<-- doesn't either09:39
lophyte-spamish, hehe09:39
SimonAnibalyeah, just checking09:39
SimonAnibalI said "Out of curiosity, can you understand me in this language?"09:39
Burgworkwhiprush: pup is our update-manager09:39
SimonAnibalnow for real09:39
lophyte-Burgwork, FSOSS sucked, btw09:39
Burgworklophyte: is it done already?09:40
whiprushBurgwork: yeah I see that, I'm looking for whatever they replaced up2date with09:40
lophyte-nope, i left early because i didn't pay for registration and didn't wanna keep sneaking into talks :P09:40
whiprushfor the RHN integration thing09:40
lophyte-the other guys were more interested in attending the seminars09:40
whiprushlophyte-: dang.09:40
lophyte-there weren't any other tables.. it was just kinda awkward09:41
lophyte-I snuck into an interesting seminar on marketing foss though09:41
lophyte-it was really interesting09:41
lophyte-but anywho... back to uus09:45
lophyte-i think it would make sense to store package and tracking info in a db...09:46
lophyte-when the client-side update checker is triggered, it checks whether or not it has reported its package list to the server.. if not, it sends a full package list, and the server stores it in a db09:46
lophyte-when updates are made.. the client machine makes a copy of dpkg.log, updates, and diff's the two dpkg logs and pushes the diff to the server09:47
lophyte-the server takes the diff, analyzes it and updates its tracking info as necesary09:47
whiprush"rhnsd" is the Red Hat Network Daemon. Every other hour, it sends a request to Red Hat Network asking for any notifications or updates and works in coordination with Red Hat Network to schedule automated tasks. It sends information to Red Hat Network only requested by you. If you add a new system using the Red Hat Network web interface, the next time the Red Hat Network Daemon probes Red Hat Network it receives a request to return the inform09:55
Burgworkcan we build our client side stuff into update-manager?10:10
lophyte-that's what I was planning10:11
Burgworkin that case, you need to talk to mvo10:11
lophyte-how do I go about that?10:12
Burgworkwrite up the client side code changes10:14
Burgworkthen run them past him10:14
lophyte-how would the update-manager discover if there's a uus server?10:14
Burgworkneed to be configured10:15
Burgworktold an IP addy, I think10:15
lophyte-well the uus server info would be in sources.list..10:15
lophyte-perhaps it could check the repos for a certain file, to see if its a uus repo10:15
Burgworkwe have no way of knowing what is an uus repo10:16
Burgworkbetter to explicitly mark it10:16
Burgworkafter all, uus is likely going to be used in conjunction with kickstart or something simlar10:16
lophyte-i'm wondering how we'd mark it10:16
Burgworksometing in an update-manager.conf10:16
Burgworkuseuss = yes10:17
BurgworkserverIP =
lophyte-good call10:17
lophyte-update-manager is python, isn't it?10:17
Burgworkcurrently it has conf file10:18
Burgworkit has no, rather10:18
Burgworkexcept gconf10:18
lophyte-could be stored in gconf..10:18
lophyte-a gconf key for uus10:18
Burgworksee waht mvo has says10:25
lophyte-i'm gonna look into using sqlite for storing package and update tracking data on the server sde10:39
Burgworkit rocks how you are just digging in10:40
lophyte-I've been kicking around the whole directory services idea on my own for a while.. I was excited to find out there's already a team working on it ;)10:42
wasabi_There is an update-manager config file?10:44
wasabi_I thought it just pulled from apt?10:44
lophyte-no, there isn't10:46
lophyte-just gconf10:46
lophyte-btw Burgwork, I delivered the remaining case badges to djp.. i'm at the caffe right now10:50
Burgworklophyte-: cool. How many did you have?10:59
Burgworkwasabi_: it uses the sources.list and sources.list.d10:59
lophyte-I think I gave him 60 or so10:59
lophyte-handed out some this morning at fsoss10:59
Burgworkso you gave out 40 or so?10:59
lophyte-yeah, about that10:59
lophyte-update-notifier is what we'd need to modify11:01
lophyte-not update-manager11:01
wasabi_Yeah, SQL lite was what I expected to be used.11:02
Burgworkupdate-notifier is a generic method of notifying on changes11:02
wasabi_Some simple db storage thing.11:02
wasabi_update-manager is the part that runs as root though isn't it?11:02
Burgworkupdate-manager is the piece that actually does the update11:03
wasabi_And pulls from apt I assume.11:03
Burgworkbut notifier is the daemon that runs constantly11:03
lophyte-notifier launches manager?11:03
Burgworknotifier puts the thing in the notification area11:04
wasabi_Looks like /etc/cron.daily/apt is the thing that is schedule to pull updates.11:04
Burgworkmanager is launched by the user11:04
wasabi_And thus, the thing that should push package info.11:04
lophyte-wasabi, on the client side, right?11:04
lophyte-so there's the key11:04
Burgworkthat runs 24 times a day, you realize that?11:04
lophyte-should only be once a day if its in cron.daily11:05
lophyte-wasabi, you're right.. that's what we'll need to modify11:06
wasabi_yeah, it looks like it runs 24 times, but only does something every now and then.11:06
lophyte- /etc/cron.daily/apt should push its package list to the uus server11:07
wasabi_If that server is UUS.11:07
wasabi_Or otherwise it is told to do so.11:07
lophyte-say what?11:07
wasabi_Well, you want it to simply report packages to "the apt servers", which may or may not be UUS.11:08
lophyte-you mean you don't want it to do that11:08
wasabi_Report packages to archive.ubuntu.com11:08
wasabi_It does not need to do that. ;011:08
wasabi_Also, it shouldn't report packages to any random line in apt.sources, only ones marked as trusted in some way.11:08
lophyte-well, that's what we tossed around earlier..11:09
lophyte-having a gconf key or a config file specify the uus server11:09
lophyte-and have the script use that11:09
wasabi_gconf won't work, since this doesnt' happen as a user.11:09
lophyte-alright, so then a config file..11:09
wasabi_I'd say a companion file to apt.soruces is fine.11:09
wasabi_sources.list i mean11:09
wasabi_Unless apt provides a built in way to attach metadata to specific servers.11:09
wasabi_Which it might, I remember there being special syntax back in the pre apt-key days11:10
lophyte-I'll have to look into that11:10
lophyte-what's the wiki page for edgy release parties?11:11
Burgworklophyte-: for comparison11:13
Burgworkperl, but might have some interesting ideas11:13
Burgworklophyte-: just to let you know, time is ticking on the -ca approval process, to get edgy cds11:15
lophyte-I wanted to talk to you about what to put on the application11:15
Burgworkfor the stuff we have done11:16
Burgworklophyte-: you are not in -ca11:16
Burgworklets move there11:16
lophyte-alright, so we've got this apt cronjob that checks for updates.. it can also push its package list to the uus server if there is one..11:19
lophyte-i imagine it simply does apt-get update..11:19
lophyte-and then update-notifier checks the package cache to see if there's a new version available11:19
lophyte-and notifies you11:19
lophyte-which then launches update-manager to do the actual update11:20
lophyte-so update-manager would need to be modified to push the update results back to the server, so uus can keep track of which updates are installed on which clients11:20
lophyte-wasabi_, I wonder if we could create an apt-config entry for UUS-specific variables11:21
lophyte-ie. whether or not its enabled, and the IP/address of the serer11:21
wasabi_Why do ya need IP address of server?11:23
wasabi_Create a convention underneath an apt repository.11:23
wasabi_just like dists, pool, etc.11:23
wasabi_"Data shall be reported in this schema posted to $repos/post"11:23
lophyte-yeah, but we need to differentiate between archive.ubuntu.org and a local uus server11:24
Burgworkfor the actual updates, yes11:24
Burgworkbut the passing for the sources.list info, we need another method11:24
Burgworkand the dpkg -l stuff11:24
lophyte-we need another method of determining the uus server for package list pushing11:25
lophyte-apt-config might work..11:25
wasabi_Well, you don't want to determine a single server.11:26
wasabi_Since there may actually be multiple.11:26
wasabi_Just push to each apt source, if it's marked as pushable.11:26
lophyte-marked how?11:26
wasabi_I dunno. "this apt source is ok!"11:27
wasabi_In apt-config if it fits there.11:27
lophyte-that's what i said :P11:27
Burgworkbut there are two issues here11:27
lophyte-which are?11:27
Burgworkthe actual updates, which is easy11:27
Burgworkand the backchannel data transfer11:27
wasabi_for source in `cat sources.list`; if source is marked as ok; push; end; done11:28
Burgworkthe actual updates is simply hacking the sources.list11:28
lophyte-how is it marked in sources.list, though11:28
Burgworkbut for passing teh sources.list and dpkg -l information, we need another method11:28
lophyte-well, passing sources.list to the clients is done via the unnamed configuration deployment system11:28
Burgworkare we going to be passing the sources.list back?11:29
BurgworkI don't us doing that11:29
lophyte-not that I planned, no11:29
lophyte-just dpkg -l11:29
lophyte-and dpkg.log diffs11:29
Burgworkwe need to pass teh sources.list to the server11:29
lophyte-dpkg -l gets pushed once.. and dpkg.log diffs get pushed on every update11:29
Burgworkto check whether or not the list is correct11:29
lophyte-hm.. good call11:30
Burgworkthen the server would say "this is correct"11:30
lophyte-or should that be up to the config system?11:30
Burgworkfor now, just notifying is what we will do11:30
Burgworkie server says to admin "you have a problem with this computer"11:30
lophyte-but sources.list isn't going to be handled by uus..11:31
Burgworkno, it is not11:31
lophyte-but uus should verify it?11:31
Burgworkbecause that is simple11:31
lophyte-yeah, i suppose, as an extra security precaution11:31
lophyte-but the question is again.. how do we mark a specific sources.list entry as pushable/uus?>11:32
Burgworkso there are two error conditions the server notifies the admin of11:32
Burgworkwe assume the admin is controlling the entire sources.list11:32
Burgworkassuming we have a uss=yes set somewhere11:32
Burgworkactually, we don't need to set an IP, just a flag11:33
Burgworkas we have the IP11:33
Burgworkvia the sources.list11:33
lophyte-we just need something that flags a specific entry as a uus server11:33
Burgworkno we don't11:33
Burgworkoh, hmm, we do11:34
lophyte-we need to differentiate between a regular apt repo and a uus server11:34
Burgworkbecause you might have mixed sources11:34
Burgworkthen I think we need an IP field11:34
lophyte-outside of sources.list?11:34
Burgworkyes, where the flag is11:34
wasabi_Not an ip. Just a source path.11:35
Burgworkthat field shoudl be able to take several IP addys, to handle wasabi_'s use case of several update servers11:35
wasabi_Just a copy of whatever is in apt sources.11:35
Burgworkno, no11:35
Burgworkthis is for the primary server to contact with config stuff11:35
wasabi_That way it's a simple "does this == that"11:35
Burgworkthis is completely seperate from apt11:35
wasabi_Not really.11:35
Burgworkyes it is11:35
wasabi_My UUS might be on a different box.11:35
wasabi_My WSUS sure is.11:36
Burgworkthe update-notifier takes this IP and passes the dpkg -l and sources.list to this box11:36
wasabi_I don't like that at all.11:36
Burgworkthen apt, which is a seperate system, updates the system based on the sources.list11:36
wasabi_Just post it to the HTTP URL in sources.list11:36
lophyte-but then you're posting to apt rpeos11:36
Burgworkthat is crack11:36
wasabi_You're posting to a known URL under an apt repos.11:36
Burgworkwe also have the issue that it should work without changing apt11:36
wasabi_In the same way we "know binary-arch"11:36
wasabi_or "release.gz"11:36
wasabi_or "Packages.gz"11:37
lophyte-we don't need people trying to post their dpkg -l to archive.ubuntu.org11:37
wasabi_Nothing is changing apt.11:37
wasabi_lophyte-: Hence the mark.11:37
Burgworkif you add stuff to sources.list, you need to change apt11:37
lophyte-what mark?11:37
wasabi_Didn't say we were.11:37
wasabi_A mark in apt-config.11:37
wasabi_"this sources.list line is postable!"11:37
lophyte-that's what I said :P11:37
Burgworkthen we need to change apt11:37
wasabi_Not IP.11:37
wasabi_Sources.list line.11:37
Burgworkwhich sucks11:37
wasabi_No we don't.11:37
BurgworkI am totally lost11:37
lophyte-use apt-config11:37
Burgworkwhere is teh config stored? on the server?11:38
wasabi_apt-config certainly has the ability to stick some srot of string into it someplace.11:38
wasabi_In fact, check out apt.conf.d11:38
lophyte-apt-config -o UUS::ServerIP=''11:38
wasabi_There's stuff in there for Unattended-Upgrade11:38
Burgworkhmm, ah11:38
wasabi_Read 50unattended-upgrades11:38
BurgworkI see11:38
wasabi_model after that11:38
wasabi_UUS::Allowed-Servers { "http://server.com/whatever" ; "next line"; }11:39
lophyte-sounds good11:39
wasabi_Simple for each line in sources.list, if it == a line in Allowed-Servers, you're good.11:39
Burgworkwhat parses apt.conf?11:39
wasabi_At some point, maybe that can change to be key based or something.11:39
wasabi_For now that is good.11:39
lophyte-that sounds good11:39
Burgworkwait a sec11:39
Burgworkare we talking checking whether or not you should update from a server or whether or not you shoudl pass data to that server11:40
lophyte-whether or not you should pass data11:40
Burgworkwasabi_: is that what you were thinking?11:40
lophyte-we're trying to determine whether or not a sources.list entry is pushable11:40
lophyte-i should probably head home11:41
wasabi_Whether you should post data to it.11:41
wasabi_Whether or not you should update is something else.11:41
lophyte-apt-config sounds like the best method11:41
Burgworkin that case UUS::Config-Servers { "http://server.com/whatever" ; "next line"; }11:41
wasabi_Which actually, seems to be in 50unattended-upgrades11:41
Burgworkthat is better11:41
wasabi_/ allowed (origin, archive) pairs11:41
wasabi_Unattended-Upgrade::Allowed-Origins {11:41
wasabi_        "Ubuntu edgy-security";11:41
wasabi_/      "Ubuntu edgy-updates";11:41
Burgworkdoes this require apt changes?11:42
lophyte-all we need to modify is /etc/cron,daily/apt to push the dpkg -l11:42
wasabi_We would use Allowed-Origins too11:42
lophyte-and update-manager to push the dpkg.log diffs11:42
wasabi_Since it looks like unattended-upgrades already handles this11:42
wasabi_we would configure which servers you can POST to, and they would configure which ones get pulled from automatically.11:43
lophyte-yeah, right11:43
lophyte-okay, that sounds good11:43
wasabi_So you can do those independently, or in conjunction.11:43
wasabi_Allowed-Origins is interesting.11:44
Burgworkbut that is drifting into configuration issues11:44
wasabi_Since it's Origins.11:44
Burgworkwhich is a little bit beyond this spec11:44
Burgworkfor now, the server should do some parsing and notify the admin is something is amiss11:44
lophyte-well, milestone 1 is getting the basic framework to function11:44
lophyte-pushing dpkg -l, dpkg.log diffs, approving packages, etc.11:45
Burgworkas soon as you have code, I want to test it11:45
lophyte-well I'm still working on the spec.. I'll probably start coding next week11:45
lophyte-I wanna make sure all the methodology is planned out before I write code11:45
Burgworkmake certain you get some of the core dev team to look at it11:46
lophyte-that way I don't trip over my own feet half way through11:46
Burgworkinclude mvo, infinity and keybuk11:46
lophyte-look at the spec?11:46
lophyte-or the code?11:46
Burgworkthe spec11:47
Burgworkafter all, we want this is main11:47
lophyte-well once I have it finished I'll pass it around11:47
Burgworkoh, pitti to11:47
lophyte-will have to meet these folks.. never spoke to them before11:47
Burgworkpitti does security, keybuk and mvo are apt people and infinity does servers11:48
lophyte-well once the spec is looking good, I'll pass it around11:48
Burgworkpitti is Martin Pitt, keybuk is Scott James Remnant, mvo is Michael Vogt, and inifinity is Adam Conrad11:48
wasabi_/ never update the packages in this list11:49
wasabi_Unattended-Upgrade::Package-Blacklist {11:49
wasabi_/      "vim";11:49
wasabi_I suspect we fit into this file.11:50
wasabi_Maybe to the point where your client code becomes part of it11:50
=== SimonAnibal [n=sruiz@adsl-68-251-147-250.dsl.bltnin.ameritech.net] has joined #ubuntu-directory
wasabi_And you're client portions are actually part of Unattended-Upgrade11:50
lophyte-wasabi, agreed11:50
lophyte-I'll look through the apt-config stuff whe i get home11:50
lophyte-anywho.. i'm out before i have to pay more for this laptop11:51
wasabi_Actually, now that I'm in this file, my ideas have been altered11:51
lophyte-yay rentals11:51
lophyte-well.. leave the discussion for later ;)11:51
Burgworklophyte-: you rent a laptop?11:51
wasabi_Unattended-Upgrade::Trusted-Post-Keys { "apt-key name"; };11:51
lophyte-Burgwork, linuxcaffe rents them for $2/hr11:51
Burgworkat least you get ubuntu11:51
lophyte-yup :)11:51
lophyte-anyhow.. I'll be back later tonight, and we can discuss this more11:51
lophyte-I wanna get the spec done by sunday11:51
lophyte-start on the code next week11:52
lophyte-anyway.. i'm out11:52
lophyte-be back in a few hours11:53
Burgworkok, this update server is going to rock11:55
SimonAnibalhell yes it will11:56
Burgworknow I just need to make it talk yum *grin*11:57
SimonAnibalwhy yum?11:58
Burgworkcause I have to deal with FC4 boxen11:58
BurgworkI only have an Ubuntu machine 'cause I brought it in the backdoor11:58
BurgworkI work for Userful, we build on Fedora11:58
SimonAnibalthat is quite the interesting story11:59
SimonAnibalI'm glad to see you on the team, I'm sure your getting this to work will help other people as well, doncha think?12:00
=== ajmitch is back

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!