From the Canyon Edge -- :-Dustin

Tuesday, April 21, 2009

What I Want the Ubuntu Server To Be

My Canonical Ubuntu Server Team colleagues, Soren Hansen and Thierry Carrez, have recently published manifestos on what they would like to see the Ubuntu Server become. Accordingly, here are my thoughts on the matter...

What I Want The Ubuntu Server To Be...

Secure

Security is the most important element of a server to me. Kees, Jamie, and Marc on the Ubuntu Security team do a fabulous job keeping the Ubuntu packages updated, and our servers safe from published CVE's and known security bugs. They have hardened the Ubuntu toolchain in such a way that protects Ubuntu binaries from vast classes of vulnerabilities.

But, I believe that security goes far beyond fixing bugs in code. I believe that Security also consists of feature development. I believe that we've done a decent job integrating some really useful security features, such as:
  • AppArmor
  • Encrypted-Home and Encrypted-Private directories
  • ufw
I hope that we expand this list tremendously over our next releases.

I think every Ubuntu user (desktop and server) should automatically have an Encrypted Private directory where they can store their most sensitive information, with an easy option to encrypt all of $HOME.

I think we should use swap files, rather than partitions, by default, with supporting applications to automatically and manually resize it when your memory availability and requirements change. And I think you should be able to easily enable/disable swap encryption at your discretion--encrypted swap is essential for encrypted-private and encrypted-home directories.

I would like to see us move toward having ufw enabled and running by default. I think this means that all services would need appropriate hooks to open the necessary ports for operation--something that needs to be implemented carefully and over time.

I would like AppArmor and/or SELinux profiles for everything! This is a lot of very expert-level work, that I don't really want to do myself ;-) I want to run my servers with fully enforcing MAC protection, but I don't even want to know it's there. Yes, this is a tough one, I agree. I was an SELinux developer working on Fedora and Red Hat when they first turned SELinux 'on'. It was painful. Maybe it still is? (I don't know.) This is a lot of work, but totally worth it in my opinion.

Easy To Use

I would like the Ubuntu Server to be the easiest, friendliest Linux server on the market.

To some people, this means having a graphical desktop. For those people, I'd like to expose a simple option to basically:
$ sudo apt-get install --no-install-recommends ubuntu-desktop
Which would install a graphical desktop manager without some of the desktop addons like Evolution and OpenOffice, but continue to use the server flavor kernel. It might even be worth using XFCE rather than Gnome...

I don't think graphical desktops should be installed on the majority of servers, however. Most people don't need a graphical desktop manager, they simply need a window manager. For that, we have the command-line utility 'screen'. I've blogged several times about a new package I created with help from Nick Barcet: 'screen-profiles'. I think one of the screen-profiles configurations should be configured by default for each user on the server, and automatically launched on login. I believe that a shell running inside of a screen-profiles configuration for 'screen' should be the face of the Ubuntu server.

I would also like to see an ever growing set of tasksel package sets, for creating Ubuntu servers with stacks of applications configured and working well together. I have been installing Tomcat on Linux servers since the Summer of 2000, and it's been a huge pain for almost 8 years. Thierry's work on Ubuntu's Tomcat packaging (and all the Java dependencies) has finally made this a one-step operation... sudo apt-get install tomcat6. Beautiful! I would like to see the same quality for other complex application stacks (eg, alfresco, sugarcrm).

Also, a complete "collaboration server" stack would be phenomenal, containing servers for a wiki, irc, document editing, listserv, pastebin, etc. Any small business using open tooling should be able to get all of these in a box, up and running in a matter of minutes or hours.

Stable

We added LVM-by-default for Ubuntu servers in Jaunty. And Soren had the brilliant idea of always installing Ubuntu Servers with a degraded RAID-1. This would make it really easy to add a second disk to a server sometime later. Great idea. I've done this before with my servers (actually, created a mirrored RAID on a server that was not setup for it). There was a painstaking set of very specific steps that had to be executed perfectly. We would need some additional tooling in userspace (beyond just the installer) to make the feature practical. But this is quite doable.

I hope we take a close look at ksplice for Ubuntu servers. For non-ABI-changing kernel updates, ksplice can actually roll out kernel changes to a running kernel, merely by compiling some code and inserting a module. Scary, I know. And it needs some heavy testing and security review. But in the interest of uptime, this could be an incredible feature. I met the developers at the Linux Foundation Collaboration Summit, and it seems that they do much of their testing and development already on Ubuntu. I think this would be pretty cool.

Also, I'm a big fan of Thierry's work on putting /etc under revision control. This is a great idea, very easy to use, minimal overhead. I'm hoping we'll see this on Ubuntu servers by default very soon, and possibly on the desktop too.

Efficient

I would like the Ubuntu server to be the 'greenest' Linux server distribution on the planet. We took a couple of steps in this direction in Jaunty (ondemand cpu frequency scaling on by default, server suspend/hibernate/resume working, powerman & pwrkap packaged). But there's a lot more to do!

Cloud computing and virtualization presents us with new opportunities and challenges with respect to power management. I'm hoping to keep Ubuntu on top of these, with integrated functionality for migrating and consolidating workloads to the minimum number of virtualization hosts required to do the job, placing the rest in a suspended or hibernated state, and dynamically resuming hot-spare hardware when dictated by load.

Performant

I'm quite interested in btrfs. I don't know that we're quite ready to default to btrfs (for stability reasons), but I'm quite interested in heavily testing btrfs in Karmic, as there are some tremendous performance benefits available.

:-Dustin

Printfriendly