[Bug 2078614] Re: pro refresh Failed running command '/snap/bin/canonical-livepatch config' [exit(1)]. Message: error executing config: livepatchd error: daemon shutting down

[Lucas Albuquerque Medeiros de Moura]

** Also affects: canonical-livepatch-client
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2078614

Title:
  pro refresh  Failed running command '/snap/bin/canonical-livepatch
  config' [exit(1)]. Message: error executing config: livepatchd error:
  daemon shutting down

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-livepatch-client/+bug/2078614/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2075357] Re: pro collect-logs takes more than 1:30 minutes to complete on air-gapped envs, `pro status` and `pro help` doesn't work

[Lucas Albuquerque Medeiros de Moura]

Hi Carlos Bravo,

I have tested this on the current airgapped test scenario we have for
the Pro client and I wasn't able to reproduce the issues. Even though
you are correct that we reach for the contract in some of those
commands,  once we use the airgapped-contract server, the Pro commands
reach the airgapped server instead of https://contracts.canonical.com.
Therefore, this issues should not be happening.

Can you better explain the setup you are using to setup the airgapped
machine ?

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2075357

Title:
  pro collect-logs takes more than 1:30 minutes to complete on air-
  gapped envs, `pro status` and `pro help` doesn't work

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2075357/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2067059] Re: Auto-attach image support is not available on none

[Lucas Albuquerque Medeiros de Moura]

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: Incomplete => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067059

Title:
  Auto-attach image support is not available on none

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/2067059/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2067059] Re: Auto-attach image support is not available on none

[Lucas Albuquerque Medeiros de Moura]

Hi carlos-bravo,

Thanks for this report. I agree we should improve on this issue. I will
create a feature request on the Pro client so we can better explore this

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067059

Title:
  Auto-attach image support is not available on none

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/2067059/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2069237] Re: [SRU] ubuntu-advantage-tools (32.3 -> 33) Xenial, Bionic, Focal, Jammy, Noble

[Lucas Albuquerque Medeiros de Moura]

This are all of the tests performed for this Pro release. For the
results, please be aware of:

1. There are some well known issues on the security API we use for the
pro fix command. Due to that, we cannot fully run the integration tests
on then.

2. Once we have detected test failures on a given run, we will have a
subsequent file with a run with only the failed tests. This will be
clear when looking at files with the "fixed-tests" suffix.

3. There is a failure when upgrading from Jammy to Noble when installing
Pro from the proposed pocket. The issue is that do-release-upgrade
disables the proposed pocket by default and we end up not installing the
latest Pro package on Noble. We have created a manual test for this
scenario showing that we can still install the proposed package on Noble
after do-release-upgrade and that the package is shipping the right
version of the apparmor profile we expect.

Given all that, I am marking this release as verification done

** Attachment added: "release-33.2-test-results.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2069237/+attachment/5801236/+files/release-33.2-test-results.tar.xz

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-jammy verification-needed-noble 
verification-needed-xenial
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-jammy verification-done-noble 
verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2069237

Title:
  [SRU] ubuntu-advantage-tools (32.3 -> 33) Xenial, Bionic, Focal,
  Jammy, Noble

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2069237/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2073264] Re: package ubuntu-pro-client 32.3.1~20.04 failed to install/upgrade: installed ubuntu-pro-client package post-installation script subprocess returned error exit status 127

[Lucas Albuquerque Medeiros de Moura]

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073264

Title:
  package ubuntu-pro-client 32.3.1~20.04 failed to install/upgrade:
  installed ubuntu-pro-client package post-installation script
  subprocess returned error exit status 127

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2073264/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2070095] Re: apt_news.py download forced unsandboxed

[Lucas Albuquerque Medeiros de Moura]

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2070095

Title:
  apt_news.py download forced unsandboxed

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2070095/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2067319] Re: After upgrading from bionic to focal, esm-cache.service hits apparmor denials

[Lucas Albuquerque Medeiros de Moura]

We have run all of the tests specified in the test plan. The result are
attached here

** Attachment added: "test-results-32.3.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2067319/+attachment/5783774/+files/test-results-32.3.tar.xz

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-jammy verification-needed-mantic 
verification-needed-noble verification-needed-xenial
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-jammy verification-done-mantic 
verification-done-noble verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067319

Title:
  After upgrading from bionic to focal, esm-cache.service hits apparmor
  denials

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2067319/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2060732] Re: [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic

[Lucas Albuquerque Medeiros de Moura]

We have marked the apparmor issue as verification-done:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2067319

Due to that, we are also marking this one as verification-done too

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-jammy verification-needed-mantic 
verification-needed-noble verification-needed-xenial
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-jammy verification-done-mantic 
verification-done-noble verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060732

Title:
  [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy,
  Mantic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060732/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2060732] Re: [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic

[Lucas Albuquerque Medeiros de Moura]

We have run the full ubuntu-advantage-tools integration (behave) test
suite against the version in -proposed. The results are attached.

Some tests are failing, but this is expected:

* Upgrade from Bionic to Focal: Apparmor related issues that will be fixed on 
32.3
* cloud-init related tests on Noble Pro cloud

** Attachment added: "test-result-32.2.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060732/+attachment/5783669/+files/test-result-32.2.tar.xz

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060732

Title:
  [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy,
  Mantic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060732/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2060732] Re: [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

  [ Impact ]
  
  This release brings both bug-fixes and new features for the Pro Client,
  and we would like to make sure all of our supported customers have
  access to these improvements on all releases.
  
  The most important changes are:
-  - d/apparmor:introduce new ubuntu_pro_esm_cache apparmor policy
-  - api:
-+ u.pro.attac.token.full_token_attach.v1: add suppport for attach with 
token
-+ u.pro.services.disable.v1: add support for disable operation
-+ u.pro.services.enable.v1: add support for enable operation
-+ u.pro.detach.v1: add support for detach operation
-+ u.pro.status.is_attached.v1: add extra fields to API response
-+ u.pro.services.dependencies.v1: add support for service dependencies
-+ u.pro.security.fix.*.plan.v1: update ESM cache during plan API if needed
-  - config: create public and private config (GH: #2809) 
-  - messaging: add consistent messaging for end-of-contract
-  
+  - d/apparmor:introduce new ubuntu_pro_esm_cache apparmor policy
+  - api:
+    + u.pro.attac.token.full_token_attach.v1: add suppport for attach with 
token
+    + u.pro.services.disable.v1: add support for disable operation
+    + u.pro.services.enable.v1: add support for enable operation
+    + u.pro.detach.v1: add support for detach operation
+    + u.pro.status.is_attached.v1: add extra fields to API response
+    + u.pro.services.dependencies.v1: add support for service dependencies
+    + u.pro.security.fix.*.plan.v1: update ESM cache during plan API if needed
+  - config: create public and private config (GH: #2809)
+  - messaging: add consistent messaging for end-of-contract
  
  See the changelog entry below for a full list of changes and bugs.
  
  [ Test Plan ]
  
  The following development and SRU process was followed:
  https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
  
  The Pro Client developers will be in charge of attaching the artifacts
  of the appropriate test runs to the bug, and will not mark
  ‘verification-done’ until this has happened.
  
  Additionally, we will perform manual tests for the public/private config
  feature that will be better discussed in the next section
+ 
+ Finally, we will also perform another verification for an apparmor issue that
+ is described here:
+ 
+ https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-
+ tools/+bug/2067319
+ 
+ We will run the full test suite for version 32.2 and run only again only the 
affected scenarios for this apparmor issue that is fixed on 32.3. Please refer
+ to the apparmor bug for the full plan regarding the verification of this SRU
  
  [ Discussion]
  
  This release will be introducing a split on our config for public and private 
information. This is to be explicit in the behavior a non-root and root user 
will see when running pro config show. For example,
  we believe that a non-root user should not see proxy data in pro config show. 
This information is now stored in a private config file.
  
  We need a mechanism to ensure that old versions of the Pro client would
  also get that split. To do that, we have created a script to run on
  postinst to adapt the existing pro config into this new setting.
  
  However, we have recently introduced the new ubuntu-pro-client package.
  That means that we cannot know beforehand from which package the user
  would be upgrading from, ubuntu-advantage-tools or ubuntu-pro-client.
  
  If the system already has ubuntu-pro-client and is upgrading to a new
  version of ubuntu-pro-client, that means all migrations present in
  ubuntu-advantage-tools.postinst must have already run at the time the
  system upgraded to the renamed ubuntu-pro-client. That mean this config
  migration should happen on ubuntu-pro-client.postinst
  
  If upgrading from before the rename to the current version (from before
  version 31), then not necessarily all migrations inside of ubuntu-
  advantage-tools.postinst will have already run. Because the migrations
  present in this file may depend on those previous migrations, then we
  need to make the migration on ubuntu-advantage-tools.postinst
  
  That is because there might be users running an old version of ubuntu-
  advantage-tools that have not yet upgraded to version 27.14. This
  version is the one that introduces the /var/lib/ubuntu-advantage/user-
  config.json. Therefore, we need to ensure to this migration happens
  first, before our public/private migration.
  
  Because of that, we are coordinating which postinst script will execute
  the migration. A more detailed explanation of this logic can be found on
  the script itself, lib/postinst-migrations.sh
  
- 
  [ Changelog ]

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060732

Title:
  [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy,
  Mantic

To manage notifications about this bug go to:
https://bugs.launchpad.net

[Bug 2059952] Re: pro sometimes runs before cloud-config.service

[Lucas Albuquerque Medeiros de Moura]

I am adding the test results for Mantic. Those tests confirm that the
daemon doesn't run on Mantic, which makes this release unaffected by
this issue.

** Attachment added: "mantic-test-results.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+attachment/5775924/+files/mantic-test-results.tar.xz

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059952

Title:
  pro sometimes runs before cloud-config.service

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2060566] Re: Add esm-infra-legacy support for Trusty

[Lucas Albuquerque Medeiros de Moura]

** Tags removed: verification-needed verification-needed-trusty
** Tags added: verification-done verification-done-trusty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060566

Title:
  Add esm-infra-legacy support for Trusty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060566/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2060566] Re: Add esm-infra-legacy support for Trusty

[Lucas Albuquerque Medeiros de Moura]

Even though the verification is already done, we intend to only release
this package on April 30

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060566

Title:
  Add esm-infra-legacy support for Trusty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060566/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2060566] Re: Add esm-infra-legacy support for Trusty

[Lucas Albuquerque Medeiros de Moura]

I have performed the verification for this proposed changed.
Attached to this comment, are the test results we have obtained when running a 
custom script that:

1) Launches a trusty lxd container
2) Install the proposed version of the Pro client
3) Checks that esm-infra-legacy appears on ua status when the user is unattached
4) Attaches to a license that is entitled to esm-infra-legacy
5) Verify the service is not enabled by default
6) Enables the esm-infra-legacy service manually
7) Checks that esm-infra-legacy is enabled on ua status
8) Disables esm-infra-legacy
9) Checks that esm-infra-legacy is disabled and esm-infra is still enabled
10) Enable the service again and checks that ua status reflect that
11) Detach from subscription
12) Attach to a subscription that is not entitled to esm-infra-legacy
13) Check that ua status show the service as not entitled
14) Detach from that subscription

The script that perform this verification is also attached with the test result.
Additionally, we are also adding the result of the existing integration tests 
for the Trusty package.

We have also tested if esm-infra-legacy doesn't appear on any other release 
besides Trusty.
We have looked on a Xenial instance and we have checked that both unattached 
and attached users do not see that service on pro status, even if we attached 
with a subscription token that is entitled to esm-infra-legacy.

Another manual test performed was for the situation where an user:

1) User has older version of the Pro package installed (i.e. 19.6)
2) Is attached to subscription not entitled to esm-infra-legacy
3) Upgrades to latest version of package
4) See that esm-infra-legacy now appears on ua status, but not entitled
5) Buys support for esm-infra-legacy
6) Runs ua refresh
7) It can see now that the service appears as entitled on ua status
8) user enable the service through ua enable esm-infra-legacy

We have coordinated that test with the Contract Server team and we were
able to confirm all of the above scenarios.

Finally, we were not able to perform one of the proposed tests, the do-
release-upgrade one. We have found out that if an user has esm-infra
enabled and has packages installed from that service, do-release-upgrade
fails. That is because, on Trusty, do-release-upgrade thinks that esm-
infra sources are Third-party sources and disables them. Which in turn,
breaks the dependency chain of upgrading from Trusty to Xenial, as these
packages don't have a "viable" candidate in Xenial anymore. This is a
long living bug, that was not introduced in this package. Due to that,
we will not act upon it right now.

** Attachment added: "trusty-test-results.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060566/+attachment/5769753/+files/trusty-test-results.tar.xz

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060566

Title:
  Add esm-infra-legacy support for Trusty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060566/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2031192] Re: Enabling of Pro Services Does Not Update when using airgapped mirrors over http://

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

+ [Impact]
+ 
+ When users create an airgapped environement, they may create APT mirrors
+ for the ESM services that share a common base URL. For example, in this
+ bug here, the user was mirroring their services one:
+ 
+ 
http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-apps-security
+ 
http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-apps-updates
+ 
http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-infra-security/
+ 
http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-infra-updates/
+ http://landscaperepo.com/repository/standalone/ubuntu/dists/fips-bionic/
+ 
http://landscaperepo.com/repository/standalone/ubuntu/dists/jammy-esm-apps-security/
+ 
+ As we can see, all services share the 
+ http://landscaperepo.com/repository/standalone/ APT url. 
+ Since the Pro client was looking for unique urls to distinguish enabled 
services in the machine, this setup was not working.
+ 
+ Now, instead of looking at the APT url, we are also looking at the suite
+ (i.e. bionic-esm-apps-security)
+ 
+ If we identify that both APT url and suite are in the output of apt-cache 
policy
+ with the right permission number, we say that the service is enabled.
+ 
+ This will unblock users that want to use the same APT url for their
+ airgapped setup.
+ 
+ Additionally, we have discussed this issue with the Landscape team and
+ they assured us that we will always have an unique combination of APT
+ url and suite.
+ 
+ 
+ [Test cases]
+ 
+ We have setup an integration test for this scenario on the Pro client 
codebase.
+ We will link the test result here.
+ 
+ [ Regression Potential ]
+ 
+ We believe we are now improving our check to see if the service is
+ enabled or not, as we are now considering a combination that we now will
+ be unique. Therefore, the only regression potential we can think is the
+ situation were we mistakenly create that combination (APT url + suite)
+ or check it in a wrong way in the output of apt-cache policy.
+ 
+ However, we believe our integration tests should be enough to assert
+ that this is not the case.
+ 
+ [ Original Description]
+ 
  contract server is airgapped and running
  uaclient is pointing to the airgapped contract server to get entitlements
  
  Additionally, using a landscape server and it's underlying reprepro to mirror 
ESM and FIPs for airgap, this forces using http
  apt update is working over landscape over multiple repos.
  
  pro attach subscriptioncontract, is working
  next
  pro enable service is creating /etc/apt/auth.conf.d/90ubuntu-advantage with 
correct apt entry, apt update can pickup the airgapped repo but with warning of 
http://
  
  For example: pro enable esm-apps
  
  Service Status is not getting updating
  
  pro status is showing after enablement of esm-apps
  
  SERVICE  ENTITLED  STATUSDESCRIPTION
  esm-apps yes   disabled  Expanded Security Maintenance for 
Applications
  esm-infrayes   disabled  Expanded Security Maintenance for 
Infrastructure
  
  Editing 90ubuntu-advantage to append http:// get rids of the apt update
  working but service status is not changing.
  
  Issuing pro enable esm-apps appends another entry and is a loop
  
  ubuntu-advantage.log is showing the following
  
  ["2023-08-11T16:54:20.596", "DEBUG", "uaclient.files.files", "read", 55, 
"File does not exist: /var/lib/ubuntu-advantage/user-config.json", {}]
  ["2023-08-11T16:54:22.233", "DEBUG", "root", "subp", 634, "Failed running 
command 'apt-cache policy' [exit(100)]. Message: E: Problem renaming the file 
/var/cache/apt/pkgcache.bin.K4g76Q to /var/cache/apt/pkgcache.bin - rename (2: 
No such file or directory)\nW: You may want to run apt-get update to correct 
these problems\nE: The package cache file is corrupted\n", {}]
  ["2023-08-11T16:54:22.233", "WARNING", "root", "subp", 636, "Stderr: E: 
Problem renaming the file /var/cache/apt/pkgcache.bin.K4g76Q to 
/var/cache/apt/pkgcache.bin - rename (2: No such file or directory)\nW: You may 
want to run apt-get update to correct these problems\nE: The package cache file 
is corrupted\n\nStdout: ", {}]
  ["2023-08-11T16:54:22.234", "DEBUG", "root", "subp", 640, "Failed running 
command 'apt-cache policy' [exit(100)]. Message: E: Problem renaming the file 
/var/cache/apt/pkgcache.bin.K4g76Q to /var/cache/apt/pkgcache.bin - rename (2: 
No such file or directory)\nW: You may want to run apt-get update to correct 
these problems\nE: The package cache file is corrupted\n Retrying 3 more 
times.", {}]
  ["2023-08-11T16:54:23.213", "DEBUG", "root", "_subp", 581, "Ran cmd: apt-get 
update, rc: 0 stderr: b''", {}]
  
- 
- For auditing purposes the status of subscription and it's services is 
important to be correct. Additionally to insure correct packages for fips get 
installed.
+ For auditing purposes the status of subscription and it's services is
+ important to be correct. Additionally to insure

[Bug 2033313] Re: Rename ua_logs.tar.gz to up_logs.tar.gz

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

+ [ Impact ]
+ 
+ Since we want users to relate to the Pro name when using the client,
+ renaming the collect_logs output from ua_logs to pro_logs is a step on
+ that direction.
+ 
+ [ Test Plan ]
+ 
+ This is already covered by the integration tests tied to the next Pro release.
+ We will append the result of that test in this bug once verification is done.
+ 
+ [ Regression Potential]
+ 
+ This is just renaming a file, therefore we strongly believe that this
+ should not have any regression risks from our users, unless that are
+ automating the log collection somehow, which is not recommended.
+ 
+ [ Original Description]
+ 
  Ubuntu Advantage has been renamed to Ubuntu Pro, therefore the produced
  tar file should be renamed to align with these changes.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2033313

Title:
  Rename ua_logs.tar.gz to up_logs.tar.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2033313/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2060732] [NEW] [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic

[Lucas Albuquerque Medeiros de Moura]

Public bug reported:

[ Impact ]

This release brings both bug-fixes and new features for the Pro Client,
and we would like to make sure all of our supported customers have
access to these improvements on all releases.

The most important changes are:
 - d/apparmor:introduce new ubuntu_pro_esm_cache apparmor policy
 - api:
   + u.pro.attac.token.full_token_attach.v1: add suppport for attach with token
   + u.pro.services.disable.v1: add support for disable operation
   + u.pro.services.enable.v1: add support for enable operation
   + u.pro.detach.v1: add support for detach operation
   + u.pro.status.is_attached.v1: add extra fields to API response
   + u.pro.services.dependencies.v1: add support for service dependencies
   + u.pro.security.fix.*.plan.v1: update ESM cache during plan API if needed
 - config: create public and private config (GH: #2809) 
 - messaging: add consistent messaging for end-of-contract
 

See the changelog entry below for a full list of changes and bugs.

[ Test Plan ]

The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates

The Pro Client developers will be in charge of attaching the artifacts
of the appropriate test runs to the bug, and will not mark
‘verification-done’ until this has happened.

Additionally, we will perform manual tests for the public/private config
feature that will be better discussed in the next section

[ Discussion]

This release will be introducing a split on our config for public and private 
information. This is to be explicit in the behavior a non-root and root user 
will see when running pro config show. For example,
we believe that a non-root user should not see proxy data in pro config show. 
This information is now stored in a private config file.

We need a mechanism to ensure that old versions of the Pro client would
also get that split. To do that, we have created a script to run on
postinst to adapt the existing pro config into this new setting.

However, we have recently introduced the new ubuntu-pro-client package.
That means that we cannot know beforehand from which package the user
would be upgrading from, ubuntu-advantage-tools or ubuntu-pro-client.

If the system already has ubuntu-pro-client and is upgrading to a new
version of ubuntu-pro-client, that means all migrations present in
ubuntu-advantage-tools.postinst must have already run at the time the
system upgraded to the renamed ubuntu-pro-client. That mean this config
migration should happen on ubuntu-pro-client.postinst

If upgrading from before the rename to the current version (from before
version 31), then not necessarily all migrations inside of ubuntu-
advantage-tools.postinst will have already run. Because the migrations
present in this file may depend on those previous migrations, then we
need to make the migration on ubuntu-advantage-tools.postinst

That is because there might be users running an old version of ubuntu-
advantage-tools that have not yet upgraded to version 27.14. This
version is the one that introduces the /var/lib/ubuntu-advantage/user-
config.json. Therefore, we need to ensure to this migration happens
first, before our public/private migration.

Because of that, we are coordinating which postinst script will execute
the migration. A more detailed explanation of this logic can be found on
the script itself, lib/postinst-migrations.sh


[ Changelog ]

** Affects: ubuntu-advantage-tools (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060732

Title:
  [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy,
  Mantic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060732/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2060566] Re: Add esm-infra-legacy support for Trusty

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

  [Impact]
  As Trusty is reaching EOL of ESM support, we are now creating a new service 
called esm-infra-legacy to extend ESM support for more time.
  
- Users who are entitled to that service, will need to run both of these
- commands to enable the service in their machine:
+ This service will only be available and visible on Trusty and users who
+ are entitled to that service, will need to run both of these commands to
+ enable the service in their machine:
  
  $ ua refresh
  $ ua enable esm-infra-legacy
  
- The first command will update the contract definitions on the machine,
- making it aware of the esm-infra-legacy service, and the second command
- enables it on the machine.
+ The first command will update the contract definitions on the machine, making 
it aware of the esm-infra-legacy service, and the second command enables it on 
the
+ machine.
  
  Additionally, we can see that esm-infra-legacy will be a standalone
  service, meaning that users won't need to have esm-infra already enabled
  before enabling that service. This also means that both esm-infra and
  esm-infra-legacy are completely independent of one another, in the sense
  that changes on esm-infra should not affect esm-infra-legacy and vice
  versa. However, there is one situation where esm-infra will impact esm-
  infra-legacy. We will better discuss that on the discussion section.
  
  Finally, users should now see esm-infra-legacy output on status from now
  on, when attached and unattached. Users will also see that service on
  the output of ua help as well.
  
  [Test cases]
  
  The Trusty version of the client only has a subset of the integration
  tests we have on the other releases that support the client. Due to
  that, we will need to perform several manual tests to guarantee that the
  support for esm-infra-legacy is working and we are not affecting
  existing customers.
  
  Therefore, besides running the current test for the Trusty package, we
  will run the following tests:
  
  * Enabling esm-infra-legacy
    - User is attached to a subscription that is entitled to esm-infra-legacy
  - User can see esm-infra-legacy on ua help
  - User can enable esm-infra-legacy through ua enable esm-infra-legacy
  - User see esm-infra-legacy as enabled on the output of ua status
  - User can see esm-infra-legacy enabled on the output of apt-cache policy
  - User can disable esm-infra-legacy
  - User can see that esm-infra-legacy is disabled on the machine
  - User enables esm-infra-legacy again
  - User can detach with esm-infra-legacy enabled on the machine
  
  * Interactions with esm-infra
    - User is attached to a subscription that is entitled to both esm-infra and 
esm-infra-legacy
    - User has esm-infra enabled
    - User can enable esm-infra-legacy
    - User can see both esm-infra and esm-infra-legacy as enabled on status
    - User can disable esm-infra-legacy and not affect esm-infra
  
  * User that is not entitled to esm-infra-legacy
    - User is attached to a subscription
    - User cannot enable esm-infra-legacy
    - User can see the service on status, which will show the service as not 
entitled
  
  * User that buys access to esm-infra-legacy
    - User is already attached to a subscription
  - User runs ua refresh
  - User enable esm-infra-legacy
  - User can see that the service is enabled on ua status
  
  * User that is attaching a new subscription
    - User subscription can be either entitled or not to esm-infra-legacy
    - In both situations, when the user runs ua attach, they will verify that:
  - esm-infra will be enabled by default
  - esm-infra-legacy should not be enabled by default
  
  * Upgrade scenarios:
    - User on Trusty running version <= 19.6
  - User is attached to a subscription
  - User has esm-infra enabled
  - User upgrades to new Trusty package
  - User is still attached and sees esm-infra as enabled
  - User can enable esm-infra-legacy
  
    - User on Trusty running version <= 19.6
  - User is attached to a subscription
  - User upgrades to new Trusty package
  - User enables esm-infra-legacy
  - User runs a do-release-upgrade
  - User will see that it is still attached
  - User still has esm-infra service enabled
  - User cannot see any indication of esm-infra-legacy on ua status and ua 
help
  
   - Users on other Ubuntu releases
     - Users should never see any mention of esm-infra-legacy service
  
  [Discussions]
  
  There are main aspects of the esm-infra-legacy service that need to be
  discussed here: The interaction between esm-infra-legacy and esm-infra
  and the disable strategy used for esm-infra-legacy.
  
  Regarding the first aspect, the services should be independent of one
  another, however there is one situation where that doesn't happen. If
  the user disables esm-infra it will also disable esm-infra-legacy. That
  is because the esm

[Bug 2060566] Re: Add esm-infra-legacy support for Trusty

[Lucas Albuquerque Medeiros de Moura]

** Also affects: ubuntu-advantage-tools (Ubuntu Trusty)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060566

Title:
  Add esm-infra-legacy support for Trusty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060566/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2060566] Re: Add esm-infra-legacy support for Trusty

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

- As Trusty is reaching EOL of ESM support, we are now creating a new
- service called esm-infra-legacy to extend that support for more time
+ [Impact]
+ As Trusty is reaching EOL of ESM support, we are now creating a new service 
called esm-infra-legacy to extend ESM support for more time.
+ 
+ Users who are entitled to that service, will need to run both of these
+ commands to enable the service in their machine:
+ 
+ $ ua refresh
+ $ ua enable esm-infra-legacy
+ 
+ The first command will update the contract definitions on the machine, making 
it aware of the esm-infra-legacy service, and the second command enables it on 
the
+ machine.
+ 
+ Additionally, we can see that esm-infra-legacy will be a standalone
+ service, meaning that users won't need to have esm-infra already enabled
+ before enabling that service. This also means that both esm-infra and
+ esm-infra-legacy are completely independent of one another, in the sense
+ that changes on esm-infra should not affect esm-infra-legacy and vice
+ versa. However, there is one situation where esm-infra will impact esm-
+ infra-legacy. We will better discuss that on the discussion section.
+ 
+ Finally, users should now see esm-infra-legacy output on status from now
+ on, when attached and unattached. Users will also see that service on
+ the output of ua help as well.
+ 
+ [Test cases]
+ 
+ The Trusty version of the client only has a subset of the integration
+ tests we have on the other releases that support the client. Due to
+ that, we will need to perform several manual tests to guarantee that the
+ support for esm-infra-legacy is working and we are not affecting
+ existing customers.
+ 
+ Therefore, besides running the current test for the Trusty package, we
+ will run the following tests:
+ 
+ * Enabling esm-infra-legacy
+   - User is attached to a subscription that is entitled to esm-infra-legacy
+ - User can see esm-infra-legacy on ua help
+ - User can enable esm-infra-legacy through ua enable esm-infra-legacy
+ - User see esm-infra-legacy as enabled on the output of ua status
+ - User can see esm-infra-legacy enabled on the output of apt-cache policy
+ - User can disable esm-infra-legacy
+ - User can see that esm-infra-legacy is disabled on the machine
+ - User enables esm-infra-legacy again
+ - User can detach with esm-infra-legacy enabled on the machine
+ 
+ * Interactions with esm-infra
+   - User is attached to a subscription that is entitled to both esm-infra and 
esm-infra-legacy
+   - User has esm-infra enabled
+   - User can enable esm-infra-legacy
+   - User can see both esm-infra and esm-infra-legacy as enabled on status
+   - User can disable esm-infra-legacy and not affect esm-infra
+ 
+ * User that is not entitled to esm-infra-legacy
+   - User is attached to a subscription
+   - User cannot enable esm-infra-legacy
+   - User can see the service on status, which will show the service as not 
entitled
+ 
+ * User that buys access to esm-infra-legacy
+   - User is already attached to a subscription
+ - User runs ua refresh
+ - User enable esm-infra-legacy
+ - User can see that the service is enabled on ua status
+ 
+ * User that is attaching a new subscription
+   - User subscription can be either entitled or not to esm-infra-legacy
+   - In both situations, when the user runs ua attach, they will verify that:
+ - esm-infra will be enabled by default
+ - esm-infra-legacy should not be enabled by default
+ 
+ * Upgrade scenarios:
+   - User on Trusty running version <= 19.6
+ - User is attached to a subscription
+ - User has esm-infra enabled
+ - User upgrades to new Trusty package
+ - User is still attached and sees esm-infra as enabled
+ - User can enable esm-infra-legacy
+   
+   - User on Trusty running version <= 19.6
+ - User is attached to a subscription
+ - User upgrades to new Trusty package
+ - User enables esm-infra-legacy
+ - User runs a do-release-upgrade
+ - User will see that it is still attached
+ - User still has esm-infra service enabled
+ - User cannot see any indication of esm-infra-legacy on ua status and ua 
help
+ 
+  - Users on other Ubuntu releases
+- Users should never see any mention of esm-infra-legacy service
+ 
+ 
+ [Discussions]
+ 
+ There are main aspects of the esm-infra-legacy service that need to be
+ discussed here: The interaction between esm-infra-legacy and esm-infra
+ and the disable strategy used for esm-infra-legacy.
+ 
+ Regarding the first aspect, the services should be independent of one
+ another, however there is one situation where that doesn't happen. If
+ the user disables esm-infra it will also disable esm-infra-legacy. That
+ is because the esm-infra service in Trusty is disabled by performing the
+ following steps:
+ 
+ * removing the service line from /etc/apt/auth.conf.d
+ * Create a preference file on /etc/apt/preferences.d with the following 
content:
+

[Bug 2060566] [NEW] Add esm-infra-legacy support for Trusty

[Lucas Albuquerque Medeiros de Moura]

Public bug reported:

As Trusty is reaching EOL of ESM support, we are now creating a new
service called esm-infra-legacy to extend that support for more time

** Affects: ubuntu-advantage-tools (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060566

Title:
  Add esm-infra-legacy support for Trusty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060566/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2059952] Re: pro sometimes runs before cloud-config.service

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

  [ Impact ]
  Currently, the Pro client support a daemon named ubuntu-advantage.service that
  performs two actions:
  
  * Actively look for Pro licenses on Azure and GCP images to perform an 
auto-attach
  * Retry auto-attach on Pro images if that command fails on boot
  
- Therefore, this daemon is only being activated on Azure and GCP images
- and all Pro cloud images.
+ Therefore, this daemon is only being activated on generic Azure and GCP
+ images and all Pro cloud images.
  
  This daemon was originally setup to run after the cloud-config.service. 
However,
  due to a race condition, this is no longer happening. Right now, we manually
  check in the daemon code to see if the cloud-config service has finished.
  
  Unfortunately, this new logic now breaks the current Pro setup through
  cloud-init userdata in both GCP and Azure Pro cloud images. That is
  because our daemon is now running before cloud-init has even started
  running. This means that the daemon will perform the attach and not
  cloud-init itself. This will be clearer, in the following example:
  
  Let's imagine this situation where a user is launching a Pro GCP image:
  
  1) User provides the following cloud-init userdata to the cloud image
  before booting it:
  
  #cloud-config
  
  ubuntu_advantage:
    enable: []
  
  This means that the user wants no services to be enabled, but still want
  to attach to the Pro license.
  
  2) Our daemon starts running before cloud-init has even started
  3) Our daemon see the cloud-config.service as inactive and proceeds normally
  4) Our daemon identifies that the user is running on a GCP instance and there 
is a valid Pro license for it.
  5) Due to that, our daemon auto-attach the machine completely ignoring the 
cloud-init directives.
  
  Therefore, to fix that issue we need to guarantee that we will only
  execute the daemon, if and only if, cloud-init has already started. That
  is because, on this situation, the cloud-config.service will already
  perform the attach operation following the user directives. When the
  daemon starts running, it will see that the image is already attached
  and do nothing.
  
  Finally, given this scenario, this bug is only affecting GCP/Azure Pro
  images, as these are the only ones that will be able to reach the flow
  described here.
  
  [Discussion]
  
  To address that issue, we are now also checking if the cloud-init service
  has already started if we detect that cloud-config service is inactive. If it 
isn't, the daemon will sleep for an specific amount of time before trying again.
  
  [ Test Plan ]
  Since this is a first boot issue, we will need to create a custom image with 
the package in proposed. Then, we need to guarantee that Pro configuration 
delivered
  through cloud-init is being honored when we launch the image.
  
  Additionally, it is worth noting that we cannot reproduce this issue on
  a VM easily. That is because, we would need "mock" the VM to pass as one
  of the affected clouds and also add a valid Pro license to it.
  
  However, CPC is already aware of this issue and will help us creating
  the test plan here.
  
  [ Where problems could occur ]
  We are updating the cloud-init wait logic on the daemon. This could 
potentially make our daemon to not start. However, since we are just now 
waiting on the base cloud-init.service to start and we have already tested this 
solution in a custom image, we believe this is a low risk for this fix.
  
  [ Original Description ]
  We have recently updated the Pro to not strictly run after 
cloud-config.service. If cloud-config.service has not been started when pro 
runs, it can complete before cloud-config.service begins and thus the 
user-specificed pro configuration will be ignored since the instance is already 
attached.
  
  When cloud-config.service has yet to run, ubuntu-advantage.service
  should wait until it's finished before running.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059952

Title:
  pro sometimes runs before cloud-config.service

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2059952] Re: pro sometimes runs before cloud-config.service

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

  [ Impact ]
  Currently, the Pro client support a daemon named ubuntu-advantage.service that
  performs two actions:
  
  * Actively look for Pro licenses on Azure and GCP images to perform an 
auto-attach
  * Retry auto-attach on Pro images if that command fails on boot
  
  Therefore, this daemon is only being activated on Azure and GCP images
  and all Pro cloud images.
  
  This daemon was originally setup to run after the cloud-config.service. 
However,
  due to a race condition, this is no longer happening. Right now, we manually
  check in the daemon code to see if the cloud-config service has finished.
  
  Unfortunately, this new logic now breaks the current Pro setup through
  cloud-init userdata in both GCP and Azure Pro cloud images. That is
  because our daemon is now running before cloud-init has even started
  running. This means that the daemon will perform the attach and not
  cloud-init itself. This will be clearer, in the following example:
  
  Let's imagine this situation where a user is launching a Pro GCP image:
  
  1) User provides the following cloud-init userdata to the cloud image
  before booting it:
  
  #cloud-config
  
  ubuntu_advantage:
-   enable: []
+   enable: []
  
- This means that the user wants to services to be enabled, but still want
+ This means that the user wants no services to be enabled, but still want
  to attach to the Pro license.
  
  2) Our daemon starts running before cloud-init has even started
  3) Our daemon see the cloud-config.service as inactive and proceeds normally
  4) Our daemon identifies that the user is running on a GCP instance and there 
is a valid Pro license for it.
  5) Due to that, our daemon auto-attach the machine completely ignoring the 
cloud-init directives.
  
  Therefore, to fix that issue we need to guarantee that we will only
  execute the daemon, if and only if, cloud-init has already started. That
  is because, on this situation, the cloud-config.service will already
  perform the attach operation following the user directives. When the
  daemon starts running, it will see that the image is already attached
  and do nothing.
  
  Finally, given this scenario, this bug is only affecting GCP/Azure Pro
  images, as these are the only ones that will be able to reach the flow
  described here.
  
  [Discussion]
  
  To address that issue, we are now also checking if the cloud-init service
  has already started if we detect that cloud-config service is inactive. If it 
isn't, the daemon will sleep for an specific amount of time before trying again.
  
  [ Test Plan ]
  Since this is a first boot issue, we will need to create a custom image with 
the package in proposed. Then, we need to guarantee that Pro configuration 
delivered
  through cloud-init is being honored when we launch the image.
  
  Additionally, it is worth noting that we cannot reproduce this issue on
  a VM easily. That is because, we would need "mock" the VM to pass as one
  of the affected clouds and also add a valid Pro license to it.
  
  However, CPC is already aware of this issue and will help us creating
  the test plan here.
  
  [ Where problems could occur ]
  We are updating the cloud-init wait logic on the daemon. This could 
potentially make our daemon to not start. However, since we are just now 
waiting on the base cloud-init.service to start and we have already tested this 
solution in a custom image, we believe this is a low risk for this fix.
  
  [ Original Description ]
  We have recently updated the Pro to not strictly run after 
cloud-config.service. If cloud-config.service has not been started when pro 
runs, it can complete before cloud-config.service begins and thus the 
user-specificed pro configuration will be ignored since the instance is already 
attached.
  
  When cloud-config.service has yet to run, ubuntu-advantage.service
  should wait until it's finished before running.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059952

Title:
  pro sometimes runs before cloud-config.service

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2059952] Re: pro sometimes runs before cloud-config.service

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

  [ Impact ]
- If the user has specified custom setup for the Pro client through cloud-init, 
there is a high chance that this setup will be ignored.
+ Currently, the Pro client support a daemon named ubuntu-advantage.service that
+ performs two actions:
  
- This happened due to a recent change made on the Pro client. We
- identified a race condition when our daemon waited for the cloud-config
- service to be finished. We have removed that condition, by manually
- checking the cloud-config service state in the daemon itself and only
- proceeding if it has already finished.
+ * Actively look for Pro licenses on Azure and GCP images to perform an 
auto-attach
+ * Retry auto-attach on Pro images if that command fails on boot
  
- However, there is a situation where the cloud-init service has not even
- started yet, which would generate a inactive state for the cloud-config
- service, allowing our daemon to proceed, causing the problem.
+ Therefore, this daemon is only being activated on Azure and GCP images
+ and all Pro cloud images.
+ 
+ This daemon was originally setup to run after the cloud-config.service. 
However,
+ due to a race condition, this is no longer happening. Right now, we manually
+ check in the daemon code to see if the cloud-config service has finished.
+ 
+ Unfortunately, this new logic now breaks the current Pro setup through
+ cloud-init userdata in both GCP and Azure Pro cloud images. That is
+ because our daemon is now running before cloud-init has even started
+ running. This means that the daemon will perform the attach and not
+ cloud-init itself. This will be clearer, in the following example:
+ 
+ Let's imagine this situation where a user is launching a Pro GCP image:
+ 
+ 1) User provides the following cloud-init userdata to the cloud image
+ before booting it:
+ 
+ #cloud-config
+ 
+ ubuntu_advantage:
+   enable: []
+ 
+ This means that the user wants to services to be enabled, but still want
+ to attach to the Pro license.
+ 
+ 2) Our daemon starts running before cloud-init has even started
+ 3) Our daemon see the cloud-config.service as inactive and proceeds normally
+ 4) Our daemon identifies that the user is running on a GCP instance and there 
is a valid Pro license for it.
+ 5) Due to that, our daemon auto-attach the machine completely ignoring the 
cloud-init directives.
+ 
+ Therefore, to fix that issue we need to guarantee that we will only
+ execute the daemon, if and only if, cloud-init has already started. That
+ is because, on this situation, the cloud-config.service will already
+ perform the attach operation following the user directives. When the
+ daemon starts running, it will see that the image is already attached
+ and do nothing.
+ 
+ Finally, given this scenario, this bug is only affecting GCP/Azure Pro
+ images, as these are the only ones that will be able to reach the flow
+ described here.
  
  [Discussion]
  
  To address that issue, we are now also checking if the cloud-init service
  has already started if we detect that cloud-config service is inactive. If it 
isn't, the daemon will sleep for an specific amount of time before trying again.
  
  [ Test Plan ]
  Since this is a first boot issue, we will need to create a custom image with 
the package in proposed. Then, we need to guarantee that Pro configuration 
delivered
  through cloud-init is being honored when we launch the image.
  
- CPC is already aware of this issue and will help us creating the test
- plan here.
+ Additionally, it is worth noting that we cannot reproduce this issue on
+ a VM easily. That is because, we would need "mock" the VM to pass as one
+ of the affected clouds and also add a valid Pro license to it.
+ 
+ However, CPC is already aware of this issue and will help us creating
+ the test plan here.
  
  [ Where problems could occur ]
  We are updating the cloud-init wait logic on the daemon. This could 
potentially make our daemon to not start. However, since we are just now 
waiting on the base cloud-init.service to start and we have already tested this 
solution in a custom image, we believe this is a low risk for this fix.
  
  [ Original Description ]
  We have recently updated the Pro to not strictly run after 
cloud-config.service. If cloud-config.service has not been started when pro 
runs, it can complete before cloud-config.service begins and thus the 
user-specificed pro configuration will be ignored since the instance is already 
attached.
  
  When cloud-config.service has yet to run, ubuntu-advantage.service
  should wait until it's finished before running.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059952

Title:
  pro sometimes runs before cloud-config.service

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions


-- 
ubuntu-bugs mailing list
ubunt

[Bug 2059952] Re: pro sometimes runs before cloud-config.service

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

- We have recently updated the Pro to not strictly run after cloud-
- config.service. If cloud-config.service has not been started when pro
- runs, it can complete before cloud-config.service begins and thus the
- user-specificed pro configuration will be ignored since the instance is
- already attached.
+ [ Impact ]
+ If the user has specified custom setup for the Pro client through cloud-init, 
there is a high chance that this setup will be ignored.
+ 
+ This happened due to a recent change made on the Pro client. We
+ identified a race condition when our daemon waited for the cloud-config
+ service to be finished. We have removed that condition, by manually
+ checking the cloud-config service state in the daemon itself and only
+ proceeding if it has already finished.
+ 
+ However, there is a situation where the cloud-init service has not even
+ started yet, which would generate a inactive state for the cloud-config
+ service, allowing our daemon to proceed, causing the problem.
+ 
+ [Discussion]
+ 
+ To address that issue, we are now also checking if the cloud-init service
+ has already started if we detect that cloud-config service is inactive. If it 
isn't, the daemon will sleep for an specific amount of time before trying again.
+ 
+ [ Test Plan ]
+ Since this is a first boot issue, we will need to create a custom image with 
the package in proposed. Then, we need to guarantee that Pro configuration 
delivered
+ through cloud-init is being honored when we launch the image.
+ 
+ CPC is already aware of this issue and will help us creating the test
+ plan here.
+ 
+ [ Where problems could occur ]
+ We are updating the cloud-init wait logic on the daemon. This could 
potentially make our daemon to not start. However, since we are just now 
waiting on the base cloud-init.service to start and we have already tested this 
solution in a custom image, we believe this is a low risk for this fix.
+ 
+ [ Original Description ]
+ We have recently updated the Pro to not strictly run after 
cloud-config.service. If cloud-config.service has not been started when pro 
runs, it can complete before cloud-config.service begins and thus the 
user-specificed pro configuration will be ignored since the instance is already 
attached.
  
  When cloud-config.service has yet to run, ubuntu-advantage.service
  should wait until it's finished before running.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059952

Title:
  pro sometimes runs before cloud-config.service

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2059952] [NEW] pro sometimes runs before cloud-config.service

[Lucas Albuquerque Medeiros de Moura]

Public bug reported:

We have recently updated the Pro to not strictly run after cloud-
config.service. If cloud-config.service has not been started when pro
runs, it can complete before cloud-config.service begins and thus the
user-specificed pro configuration will be ignored since the instance is
already attached.

When cloud-config.service has yet to run, ubuntu-advantage.service
should wait until it's finished before running.

** Affects: ubuntu-advantage-tools (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059952

Title:
  pro sometimes runs before cloud-config.service

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2059306] Re: [Feature Request] Inform user of Ubuntu Pro network requirements

[Lucas Albuquerque Medeiros de Moura]

Hi Brandon Castillo,

I think that is a good idea and I agree that we can make this error
message better.


** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059306

Title:
  [Feature Request] Inform user of Ubuntu Pro network requirements

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059306/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1707290] Re: Removing package leaves motd script in place, renders incorrect motd

[Lucas Albuquerque Medeiros de Moura]

We no longer ship the 99-esm file, so we shouldn't be affected by this issue 
anymore.
Additionally, I have double checked the new update-motd scripts we deliver and 
I can confirm they will not break the system if the user just removes the 
packages, since we have a check that prevent invalid files from being read, for 
example, this is the output of our 88-esm-announce script:

```
#!/bin/sh
stamp="/var/lib/ubuntu-advantage/messages/motd-esm-announce"

[ ! -r "$stamp" ] || cat "$stamp"
```

Because of that, I am marking this bug as invalid for the current
version of UA.

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: Triaged => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1707290

Title:
  Removing package leaves motd script in place, renders incorrect motd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-advantage-script/+bug/1707290/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1974472] Re: The package cache file is corrupted, it has the wrong hash

[Lucas Albuquerque Medeiros de Moura]

Hi dabbsa, thanks for reporting this.

I could not reproduce this error by running either attach or enable directly.
Just to confirm something, if the error still persist in the machine, can you 
please send
us the output of running apt-get update on the system ?

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1974472

Title:
  The package cache file is corrupted, it has the wrong hash

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1974472/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1973320] Re: ua attach doesn't finish properly and shows "unexpected error" as a message

[Lucas Albuquerque Medeiros de Moura]

Hi Filipi,

Can ypu please send us the output of running the command:

$ sudo ua collect-logs

This will generate a a tar file named: ua_logs.tar.gz

With the logs there, we can better understand what happened during the
failure you mentioned

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1973320

Title:
  ua attach doesn't finish properly and shows "unexpected error" as a
  message

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1973320/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1972900] Re: package ubuntu-advantage-tools 27.8~22.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 1

[Lucas Albuquerque Medeiros de Moura]

Hi Daevid,

Looking at the dpkg logs, it seems that we are trying to import the yaml
module from an incorrect path:

File "/usr/lib/python3/dist-packages/uaclient/config.py", line 11, in 
  import yaml
File "/root/.local/lib/python2.7/site-packages/yaml/__init__.py", line 2, in 

  from error import *

Instead of importing it from the standard python path, we are using the
path /root/.local/lib/python2.7/. How was the python yaml module
installed on the system ?

PS: I am marking this issue as incomplete just until you provide that
install information. After that, we can check what is the path to fix
this issue

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1972900

Title:
  package ubuntu-advantage-tools 27.8~22.04.1 failed to install/upgrade:
  installed ubuntu-advantage-tools package post-installation script
  subprocess returned error exit status 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1972900/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1972026] Re: ua status incorrectly lists reboot required for pre-built FIPS cloud image

[Lucas Albuquerque Medeiros de Moura]

Hi Eric,

No, the problem here is that the FIPS message you are seeing:
Reboot to FIPS kernel required

Is not being properly removed by our tool. We will fix this in a subsequent 
release of UA.
Not that this doesn't cause the lsb_release issue you mentioned at all. 
Additionally, the lsb_release command output is not related to 
ubuntu-advantage-tools at all.

Also, `lsb_release` source the information from /etc/lsb-release, which
fields identify the OS distribution and FIPS enablement is not a
separate OS product. However, we can discuss this more if needed

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1972026

Title:
  ua status incorrectly lists reboot required for pre-built FIPS cloud
  image

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1972026/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1969125] Re: [SRU] ubuntu-advantage-tools (27.7 -> 27.8) Xenial, Bionic, Focal, Impish, Jammy

[Lucas Albuquerque Medeiros de Moura]

We have run the full ubuntu-advantage-tools integration test suite
against the version in -proposed. The results are attached. All tests
passed.

You can verify the correct version was used by checking the output of
the first test in each file, which prints the version number.

I am marking the verification done for this SRU.

** Attachment added: "release-27.8-test-results.tar.gz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1969125/+attachment/5587462/+files/release-27.8-test-results.tar.gz

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-impish verification-needed-xenial
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-impish verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1969125

Title:
   [SRU] ubuntu-advantage-tools (27.7 -> 27.8) Xenial, Bionic, Focal,
  Impish, Jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1969125/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1969809] Re: ua fails if any package removed from server

[Lucas Albuquerque Medeiros de Moura]

Hi cs-huit, thanks for reporting this issue.

Looking at the logs this seems like a real bug on UA regarding the ua fix 
command.
I will make a PR that address this issue.

However, on the meantime, if you want to keep those packages, please
run:

$ ua enable esm-infra

And then run:

$ ua fix USN-4994-2

It should not prompt you anymore for enabling esm-infra and the command
should finish without other exceptions.

But please let me know if doing that still cause some issues.

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1969809

Title:
  ua fails if any package removed from server

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1969809/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1968067] Re: upgrade_lts_contract.py exception on impish and later

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

+ [Impact]
+ When users are upgrading their machines, we run the upgrade_lts_contract 
script to ensure that the services that were unable will keep being enable in 
the new ubuntu release the users are upgraded too.
+ 
+ Currently, if the user upgrades directly from Focal to Jammy, the script
+ will error out because we are missing the entries for Focal and Impish
+ on that script.
+ 
+ Therefore, even though we might not have full support for some services
+ in Jammy yet, we should not error out on that script and allow it to
+ complete;
+ 
+ 
+ [Test Case]
+ To reproduce the bug: follow these steps:
+ 
+ 1. Launch a jammy machine
+ 2. Attach to a valid UA token
+ 3. run `sudo python3 /usr/lib/ubuntu-advantage/upgrade_lts_contract.py`
+ 
+ And to verify that the fix works:
+ 
+ 1. Upgrade UA to version 27.8
+ 2. re-run `sudo python3 /usr/lib/ubuntu-advantage/upgrade_lts_contract.py` 
and confirm no errors are raised
+ 
+ 
+ [Regression Potential]
+ We are just adding the new releases into our support dict and providing 
better error messages if that problem happens again in the future. Therefore, 
we don't believe we have a big regression issue here.
+ 
+ [Original Description]
+ 
  See this error
  https://errors.ubuntu.com/problem/864d1a4d38167a7b009ce993125030b58eb012d5
  
  When upgrading from focal -> impish or from impish -> jammy, a KeyError
  will occur in the upgrade_lts_contract.py script from ubuntu-advantage-
  tools. This happens because that script has not been kept up-to-date
  with new ubuntu series names since groovy.
  
  We plan to fix this bug in our next release of ubuntu-advantage-tools,
  which will be version 27.8 and should occur within the next month.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1968067

Title:
  upgrade_lts_contract.py exception on impish and later

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1968067/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1969125] [NEW] [SRU] ubuntu-advantage-tools (27.7 -> 27.8) Xenial, Bionic, Focal, Impish, Jammy

[Lucas Albuquerque Medeiros de Moura]

Public bug reported:

[Impact]
This release sports both bug-fixes and new features and we would like to
make sure all of our supported customers have access to these
improvements. The notable ones are:

  * add support for realtime kernel service on Jammy as a beta service
  * update code to use new contract overrides directive
  * Make FIPS an incompatible service for FIPS Updates
  * Unhold more FIPS packages when enabling FIPS
  * Unhold FIPS packages when enabling FIPS Updates

See the changelog entry below for a full list of changes and bugs.

[Test Case]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates

The ubuntu-advantage-tools team will be in charge of attaching the
artifacts and console output of the appropriate run to the bug. ubuntu-
advantage-tools team members will not mark ‘verification-done’ until
this has happened.

[Regression Potential]
Since we using a new contracts directive to perform series and cloud specific 
overrides on the entitlements definitions, we could be parsing that information 
incorrectly, not respecting the
overrides. We have an extensive number of tests to cover different scenarios 
for services enablement/disablement to verify is this is not happening, but it 
can still be a problem.

We are also adding a new service that can only be enabled on Jammy. This
service is incompatible with Livepatch, FIPS and FIPS Updates. If we
have made any mistake on that implementation, we could have a gap where
users will be able to enable it on other series or together with the
incompatible services, but we do have tests that cover that.

[Discussion]
Most of the FIPS work on this release is aimed at allowing FIPS PRO machines to 
enable FIPS Updates if necessary. On those machines, the FIPS packages are 
installed and hold during the image creation. When UA runs auto-attach on the 
first boot, we enable FIPS and unhold those packages. However, we have 
identified that we were not unholding all of the FIPS packages anymore. This 
means that if an user tries to enable FIPS Updates, it will fail because we 
will not be able to install some of the FIPS Updates packages due to some 
package holds. Besides fixing that, we have also added safer mechanisms here to 
guarantee that we will properly unhold all the packages, like unholding them 
when FIPS Updates is being enabled.

[Changelog]

  * New upstream release 27.8 
- entitlements: apply overrides from the contract response
- fips:
  + unhold fips package when enabling fips-updates
  + make fips service incompatible with fips-updates
  + unhold more packages when enabling fips 
- lib: fix upgrade script for unsupported releases
- realtime: add suport for realtime kernel beta service on Jammy

** Affects: ubuntu-advantage-tools (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: ubuntu-advantage-tools (Ubuntu Xenial)
 Importance: Undecided
 Status: New

** Affects: ubuntu-advantage-tools (Ubuntu Bionic)
 Importance: Undecided
 Status: New

** Affects: ubuntu-advantage-tools (Ubuntu Focal)
 Importance: Undecided
 Status: New

** Affects: ubuntu-advantage-tools (Ubuntu Impish)
 Importance: Undecided
 Status: New

** Affects: ubuntu-advantage-tools (Ubuntu Jammy)
 Importance: Undecided
 Status: New

** Also affects: ubuntu-advantage-tools (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Also affects: ubuntu-advantage-tools (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: ubuntu-advantage-tools (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: ubuntu-advantage-tools (Ubuntu Impish)
   Importance: Undecided
   Status: New

** Also affects: ubuntu-advantage-tools (Ubuntu Focal)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1969125

Title:
   [SRU] ubuntu-advantage-tools (27.7 -> 27.8) Xenial, Bionic, Focal,
  Impish, Jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1969125/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1968067] Re: upgrade_lts_contract.py exception on impish and later

[Lucas Albuquerque Medeiros de Moura]

We have a PR up fixing this issue:
https://github.com/canonical/ubuntu-advantage-client/pull/2028

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1968067

Title:
  upgrade_lts_contract.py exception on impish and later

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1968067/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1964028] Re: [SRU] ubuntu-advantage-tools (27.6 -> 27.7) Xenial, Bionic, Focal, Impish

[Lucas Albuquerque Medeiros de Moura]

We have performed the test for release 27.7 using the package that is
proposed

** Attachment added: "ua-test-results-27.7.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1964028/+attachment/5573894/+files/ua-test-results-27.7.tar.xz

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-impish verification-needed-xenial
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-impish verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1964028

Title:
  [SRU] ubuntu-advantage-tools (27.6 -> 27.7) Xenial, Bionic, Focal,
  Impish

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1964028/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1965138] Re: Desktop application should check for service available information before listing it

[Lucas Albuquerque Medeiros de Moura]

Just approved the PR robert-ancell

Also, I understand the need to use status.json directly. In the future
we can better discuss on how we can extend `ua status --format json` to
the Desktop needs to simplify that process.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1965138

Title:
  Desktop application should check for service available information
  before listing it

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-desktop-daemon/+bug/1965138/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1965138] [NEW] Desktop application should check for service available information before listing it

[Lucas Albuquerque Medeiros de Moura]

Public bug reported:

Currently, it seems that software-properties is incorrectly assuming
that both ESM and Livepatch services can be enabled in a Jammy machine.
Those services are not yet available in Jammy and we are attaching an
image showing that the Desktop message is that we had an error enabling
then and that the user should try again.

It seems that software-proporties source `/var/lib/ubuntu-
advantage/status.json` and assumes the services is available if it
appears on the services list and the `entitled` field has the `yes`
value. However, it is perfectly possible for a service to be entitled to
an user, but not available in the user's machine.

We are now suggesting that software-properties also looks at the
`available` field in the services json output to make that assumption,
this will probably solve the issue we are seeing on Jammy.

Another approach would be using the output of `ua status --format json`
directly. However, this command will make a request to the contract's
server if the user is unattached and maybe it is not wise to use it in
that context. However, the output of that command only show services
that are available, so we would not need to apply that extra available
filter to it.

** Affects: software-properties (Ubuntu)
 Importance: Undecided
 Status: New

** Attachment added: "jammy-desktop-error.png"
   
https://bugs.launchpad.net/bugs/1965138/+attachment/5569662/+files/jammy-desktop-error.png

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1965138

Title:
  Desktop application should check for service available information
  before listing it

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1965138/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1961168] Re: package ubuntu-advantage-tools 27.6~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 139

[Lucas Albuquerque Medeiros de Moura]

Hi arnoldthebat,

Just to double check, were you attached to an UA subscription before performing 
apt upgrade ?
Also, does the problem persist if you run:

apt-get install ubuntu-advantage-tools

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961168

Title:
  package ubuntu-advantage-tools 27.6~20.04.1 failed to install/upgrade:
  installed ubuntu-advantage-tools package post-installation script
  subprocess returned error exit status 139

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1961168/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1960689] Re: livepatch is not able to enabled

[Lucas Albuquerque Medeiros de Moura]

Hi Gene Sun,

This is a really odd issue and I have never experienced it before. I think the 
best path forward is to contact the snapd team and ask for help there, as this 
could be a bug on the package:
https://bugs.launchpad.net/ubuntu/+source/snapd

Since this is issue is snapd related, I am closing this issue for now.
But if you are able to sort the snapd issue and livepatch still fails,
please contact us again and we will more than glad to help you with
that.


** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1960689

Title:
  livepatch is not able to enabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1960689/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1960689] Re: livepatch is not able to enabled

[Lucas Albuquerque Medeiros de Moura]

Hello Gene Sun,

It seems there is something wrong if your snapd service.
What is the output of running:

$ systemctl status snapd

And if the service is not running, can you run:

$ systemctl start snapd.service

And double check if snap services is now running as expected ?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1960689

Title:
  livepatch is not able to enabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1960689/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1960712] Re: package ubuntu-advantage-tools 27.6~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess was killed by signal (Terminated)

[Lucas Albuquerque Medeiros de Moura]

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Opinion

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1960712

Title:
  package ubuntu-advantage-tools 27.6~20.04.1 failed to install/upgrade:
  installed ubuntu-advantage-tools package post-installation script
  subprocess was killed by signal (Terminated)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1960712/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1960198] Re: package ubuntu-advantage-tools 27.5~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 126

[Lucas Albuquerque Medeiros de Moura]

Hi sahbi, when looking at the DpkgTerminalLog, I found that entry when
the error happened on ubuntu-advantage-tools:

/usr/bin/python3: Permission denied

Was there are any recent modifications on your python environment ?
Our postinst script do need to run python code, so if we cannot run the 
interpreter somehow, the package will definitely fail to install

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1960198

Title:
  package ubuntu-advantage-tools 27.5~20.04.1 failed to install/upgrade:
  installed ubuntu-advantage-tools package post-installation script
  subprocess returned error exit status 126

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1960198/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1958556] Re: [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Impish

[Lucas Albuquerque Medeiros de Moura]

We have performed the test using version 27.6 found in the proposed
pocket.

** Attachment added: "sru-release-27.6.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1958556/+attachment/5559186/+files/sru-release-27.6.tar.xz

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-impish verification-needed-xenial
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-impish verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1958556

Title:
  [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal,
  Impish

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1958556/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1958556] Re: [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Impish

[Lucas Albuquerque Medeiros de Moura]

Hi Robie,

I think you spotted a gap in our solution, we should be redacting older
logs in the postinst function before we make then world readable. We
should not rely on the logrotate functionality for this. I will remove
that commit from the release and update it accordingly.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1958556

Title:
  [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal,
  Impish

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1958556/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1958556] Re: [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Impish

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

  [Impact]
  The main focus of this release is to allow focal cloud users to enable FIPS 
services on their machines. Furthermore, we are also performing some small 
fixes in the code:
  
  * Fixing how apt and motd messages are updated after some ua operations
  * Disable the license check job after attach/auto-attach operations.
  
  Additionally, we are now making our logs word readable
  
  We have spent a lot time debugging our logs to see if are leaking any
  credentials there, but we are now sure that we have redacted all of the
  private information
  
  See the changelog entry below for a full list of changes and bugs.
  
  [Test Case]
  The following development and SRU process was followed:
  https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
  
  The ubuntu-advantage-tools team will be in charge of attaching the
  artifacts and console output of the appropriate run to the bug. ubuntu-
  advantage-tools team members will not mark ‘verification-done’ until
  this has happened.
  
  Integration test artifacts are attached to the bug.
  
  [Regression Potential]
  Most of the changes are adding new things and the integration tests make sure 
that the existing functionality is preserved.
  
  However, by making the logs world readable, we could be still leaking
  some credentials there which would be now readable be every user on the
  machine.
  
  [Discussion]
  Even though the focus of this release is on allowing FIPS services on Focal 
machines, the major change of this release is making the logs world readable.
  
+ The reason for making the logs world readable is that we don't have any
+ major reason keep it readable by only sudo users. Also, this will also
+ allow for non-root users to more easily open bugs that affect the
+ package.
+ 
  We have performed several tests on different scenarios to verify that
  the logs are not leaking, but even though we have tested it multiple
  times, we could still have a blind spot on that work.
  
  If we do have those leaks, this means that user on the machine can try
  to use the leaked credentials on other machines. This will not affect
  the machines already attached to an UA subscription.
  
  If the team has any reservations about this work, we can better discuss
  a better path moving forward here.
  
  [Changelog]
  
    * d/tools.postinst:
  - make log files world readable
    * New upstream release 27.6
  - cli: only go for resources on explicit help calls
  - fips:
    + allow enabling FIPS on focal clouds
    + update prompt messages
  - jobs: disable jobs after attach/auto-attach
  - message: fix how apt and motd messages are updated after ua commands

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1958556

Title:
  [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal,
  Impish

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1958556/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1958556] [NEW] [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Hirsute, Impish

[Lucas Albuquerque Medeiros de Moura]

Public bug reported:

[Impact]
The main focus of this release is to allow focal cloud users to enable FIPS 
services on their machines. Furthermore, we are also performing some small 
fixes in the code:

* Fixing how apt and motd messages are updated after some ua operations
* Disable the license check job after attach/auto-attach operations.

Additionally, we are now making our logs word readable

We have spent a lot time debugging our logs to see if are leaking any
credentials there, but we are now sure that we have redacted all of the
private information

See the changelog entry below for a full list of changes and bugs.

[Test Case]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates

The ubuntu-advantage-tools team will be in charge of attaching the
artifacts and console output of the appropriate run to the bug. ubuntu-
advantage-tools team members will not mark ‘verification-done’ until
this has happened.

Integration test artifacts are attached to the bug.

[Regression Potential]
Most of the changes are adding new things and the integration tests make sure 
that the existing functionality is preserved.

However, by making the logs world readable, we could be still leaking
some credentials there which would be now readable be every user on the
machine.

[Discussion]
Even though the focus of this release is on allowing FIPS services on Focal 
machines, the major change of this release is making the logs world readable.

We have performed several tests on different scenarios to verify that
the logs are not leaking, but even though we have tested it multiple
times, we could still have a blind spot on that work.

If we do have those leaks, this means that user on the machine can try
to use the leaked credentials on other machines. This will not affect
the machines already attached to an UA subscription.

If the team has any reservations about this work, we can better discuss
a better path moving forward here.

[Changelog]

  * d/tools.postinst:
- make log files world readable
  * New upstream release 27.6
- cli: only go for resources on explicit help calls
- fips:
  + allow enabling FIPS on focal clouds
  + update prompt messages
- jobs: disable jobs after attach/auto-attach
- message: fix how apt and motd messages are updated after ua commands

** Affects: ubuntu-advantage-tools (Ubuntu)
 Importance: Undecided
 Status: New

** Description changed:

  [Impact]
  The main focus of this release is to allow focal cloud users to enable FIPS 
services on their machines. Furthermore, we are also performing some small 
fixes in the code:
  
  * Fixing how apt and motd messages are updated after some ua operations
  * Disable the license check job after attach/auto-attach operations.
  
  Additionally, we are now making our logs word readable
  
- See the changelog entry below for a full list of changes and bugs. We have 
spent a lot time
- debugging our logs to see if are leaking any credentials there, but we are 
now sure that we
- have redacted all of the private information
+ We have spent a lot time debugging our logs to see if are leaking any
+ credentials there, but we are now sure that we have redacted all of the
+ private information
+ 
+ See the changelog entry below for a full list of changes and bugs.
  
  [Test Case]
  The following development and SRU process was followed:
  https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
  
- The ubuntu-advantage-tools team will be in charge of attaching the artifacts 
and
- console output of the appropriate run to the bug. ubuntu-advantage-tools team
- members will not mark ‘verification-done’ until this has happened.
+ The ubuntu-advantage-tools team will be in charge of attaching the
+ artifacts and console output of the appropriate run to the bug. ubuntu-
+ advantage-tools team members will not mark ‘verification-done’ until
+ this has happened.
  
  Integration test artifacts are attached to the bug.
  
  [Regression Potential]
  Most of the changes are adding new things and the integration tests make sure 
that the existing functionality is preserved.
  
  However, by making the logs world readable, we could be still leaking
  some credentials there which would be now readable be every user on the
  machine.
- 
  
  [Discussion]
  Even though the focus of this release is on allowing FIPS services on Focal 
machines, the major change of this release is making the logs world readable.
  
  We have performed several tests on different scenarios to verify that
  the logs are not leaking, but even though we have tested it multiple
  times, we could still have a blind spot on that work.
  
  If we do have those leaks, this means that user on the machine can try
  to use the leaked credentials on other machines. This will not affect
  the machines already attached to an UA subscription.
  
  If the team has any reservations about this work, we can better discuss
- be

[Bug 1951705] Re: traceback from postinst on upgrade

[Lucas Albuquerque Medeiros de Moura]

Here is the results of our tests for this issue on release 27.4.2
Note that this issue should only affect LTS releases, which can be verified on 
the hirsute and impish tests.

we have also appended the test script we have used to generate those
results

** Attachment added: "release-27.4.2-test-results.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+attachment/5543613/+files/release-27.4.2-test-results.tar.xz

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-hirsute 
verification-needed-impish verification-needed-xenial
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-hirsute verification-done-impish 
verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1951705

Title:
  traceback from postinst on upgrade

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1952166] Re: ubuntu-bug ubuntu-advantage-tools error

[Lucas Albuquerque Medeiros de Moura]

Hi phuctruonghoang,

Can you better describe what was the issue that happened with ubuntu-
advantage-tools ?

Also, can you please run:

ua collect-logs

And attach the results here, so after you describe the issue we can
better investigate it.

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1952166

Title:
  ubuntu-bug ubuntu-advantage-tools error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1952166/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950576] Re: UA cli / Exception on launch

[Lucas Albuquerque Medeiros de Moura]

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950576

Title:
  UA cli / Exception on launch

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950576/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950433] Re: Enabling service results in error

[Lucas Albuquerque Medeiros de Moura]

Awesome :)
I will close this bug then, but if anything else comes up, please let us know


** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950433

Title:
  Enabling service results in error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1951705] Re: ubuntu-advantage-tools (27.4.1 -> 27.4.2) Xenial, Bionic, Focal, Hirsute, Impish

[Lucas Albuquerque Medeiros de Moura]

** Summary changed:

- traceback from postinst on upgrade
+ ubuntu-advantage-tools (27.4.1 -> 27.4.2) Xenial, Bionic, Focal, Hirsute, 
Impish

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1951705

Title:
  ubuntu-advantage-tools (27.4.1 -> 27.4.2) Xenial, Bionic, Focal,
  Hirsute, Impish

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1951705] Re: traceback from postinst on upgrade

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

+ [Original bug description]
  I noticed this on an upgrade in focal:
  
  Setting up ubuntu-advantage-tools (27.4.1~20.04.1) ...
  Installing new version of config file /etc/ubuntu-advantage/uaclient.conf ...
  Traceback (most recent call last):
-   File "", line 10, in 
+   File "", line 10, in 
  KeyError: 'status'
  Traceback (most recent call last):
-   File "", line 10, in 
+   File "", line 10, in 
  KeyError: 'status'
  
  It's clearly nonfatal, but we shouldn't see python tracebacks in upgrade
  logs.
+ 
+ [Impact]
+ This releases will guarantee that unattached users installing 
ubuntu-advantage-tools in an architecture that is different from i386 and amd64
+ will no longer see the KeyError issue. Additionally, this will guarantee that 
the postinst flow where this error is triggered will be finished. However, this 
should not impact users that saw this bug, since the function was cleaning up 
old apt sources for esm-infra and esm-apps. However, since the user is 
unattached, that cleanup should have already happened if those service were 
once enabled.
+ 
+ 
+ [Test Case]
+ 
+ 1.Launch an ubuntu machine:
+   $ lxc launch ubuntu-daily:xenial dev-x
+ 2. SSH into the machine and update ubuntu-advantage-tools to 27.4.1
+ 3. Run ua status
+ 4. Go into /var/lib/dpkg/info/ubuntu-advantage-tools.postinst and
+change the ESM_SUPPORTED_ARCHS variable to be empty
+ 5. Run dpkg-reconfigure ubuntu-advantage-tools
+ 6. Confirm that the expected error is there
+ 7. Install the new UA package 27.4.2
+https://launchpad.net/~ua-client/+archive/ubuntu/staging/
+ 8. Go into /var/lib/dpkg/info/ubuntu-advantage-tools.postinst and
+change the ESM_SUPPORTED_ARCHS variable to be empty
+ 9. Run the dpkg command again and verify that no errors are shown
+ 
+ 
+ 
+ 
+ [Regression Potential]
+ We currently don't see any regression potential, we are just making the code 
more resilient to potential errors on unattached scenarios.
+ 
+ [Discussion]
+ Even though this will not affect all architecturse, we believe it is safer to 
address this as soon as possible, since we don't know when our next major 
release will be.
+ 
+ [Changelog]
+ 
+  * d/tools.postinst:
+- Fix check_service_is_enabled function when the machine is
+  unattached (LP: #1951705)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1951705

Title:
  traceback from postinst on upgrade

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1951954] Re: ua refresh "Unexpected error(s) occurred"

[Lucas Albuquerque Medeiros de Moura]

Hi Albourne, can please run:

ua collect-logs

And append the result here so we can better investigate this issue

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1951954

Title:
  ua  refresh "Unexpected error(s) occurred"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951954/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1951705] Re: traceback from postinst on upgrade

[Lucas Albuquerque Medeiros de Moura]

Hi Steve and Oli, we have landed the fix on main we will soon release it.
Thanks for reporting this issue and providing the additional context for it

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1951705

Title:
  traceback from postinst on upgrade

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950433] Re: Enabling service results in error

[Lucas Albuquerque Medeiros de Moura]

Hi c-kras, we have invalidated that token for you. You can now go to:
https://ubuntu.com/advantage

And get a new token for you.

Also, please verify if you have other machines using the old token as
well, just so you can update them to the new one

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950433

Title:
  Enabling service results in error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1951705] Re: traceback from postinst on upgrade

[Lucas Albuquerque Medeiros de Moura]

Hi Steve, I am also trying to reproduce this issue but so far I am
unable to reproduce it using a clean lxd focal VM with ubuntu-advantage-
tools version 27.3 installed by default. I tried running upgrade with a
machine attached and unattached but still no failure prompts were
generated.

Was there any config changes applied to the machine before the upgrade ?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1951705

Title:
  traceback from postinst on upgrade

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950692] Re: Ubuntu advantage tools should be removable without breakage of the core system functionality

[Lucas Albuquerque Medeiros de Moura]

Hi Norbert,

This happens because ubuntu-advantage-tools is a package dependency of
the ubuntu-minimal metapackage. Although it is possible to change that
from a Depends to a Recommends, we will need to have a broader
discussion about it.

I suggest sending the request into this mailing list to see the broader opinion 
of the Ubuntu developers:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Another thing we must take into consideration is that we need to also
understand how update-manager is depending on ubuntu-advantage-tools and
if we could also change the dependency there to Recommends.

But that can be also better discussed in the mailing list.

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: Confirmed => Opinion

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950692

Title:
  Ubuntu advantage tools should be removable without breakage of the
  core system functionality

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950692/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1949634] Re: [SRU] ubuntu-advantage-tools (27.3 -> 27.4) Xenial, Bionic, Focal, Hirsute, Impish

[Lucas Albuquerque Medeiros de Moura]

Adding all of the tests results for this SRU

** Attachment added: "sru-verification-27.4.1.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1949634/+attachment/5541258/+files/sru-verification-27.4.1.tar.xz

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-hirsute 
verification-needed-impish verification-needed-xenial
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-hirsute verification-done-impish 
verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949634

Title:
   [SRU] ubuntu-advantage-tools (27.3 -> 27.4) Xenial, Bionic, Focal,
  Hirsute, Impish

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1949634/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950433] Re: Enabling service results in error

[Lucas Albuquerque Medeiros de Moura]

Hi c-kras, to invalidate the token please:

1. Run ua detach on the machine
2. Inform us that the machine is detached

Once that is done, we will invalidate the token for you and we will let
you know when a new token will be available for you.

Now, regarding the error you posted, can you confirm if that apt repo
link works ? If not, then I think this error is expected and I suggest
changing for a valid apt repo link

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950433

Title:
  Enabling service results in error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950433] Re: Enabling service results in error

[Lucas Albuquerque Medeiros de Moura]

Sorry c-kras, you have accidentally leaked your resource token in this thread.
You will need to invalidate your current token and generate a new one.
Let me know if you need any help with that.

And about the issue, can you send the full error that you see when you
run ua enable

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950433

Title:
  Enabling service results in error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950576] Re: UA cli / Exception on launch

[Lucas Albuquerque Medeiros de Moura]

Hi freeeflyer,

Can you take a look into /var/lib/ubuntu-advantage/private/machine-
token.json and confirm if there any resourceTokens entry there without a
"type" key ?

One easy way to read that file is by installing the jq package.
You can run the following command:

cat /var/lib/ubuntu-advantage/private/machine-token.json | jq . > out

Then just open the out file and verify the resourceTokens there

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950576

Title:
  UA cli / Exception on launch

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950576/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1947506] Re: failed to call "sudo ua attach 'key'" with unexpected error

[Lucas Albuquerque Medeiros de Moura]

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1947506

Title:
  failed to call "sudo ua attach 'key'" with unexpected error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1947506/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950433] Re: Enabling service results in error

[Lucas Albuquerque Medeiros de Moura]

Awesome, so let's recreate that machine-id now:

1. Delete the /etc/machine-id file
2. Run systemd-machine-id-setup 

Hopefully this will create a machine-id without any special characters on it.
If that is true, you can just attach again and enable esm-infra

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950433

Title:
  Enabling service results in error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950433] Re: Enabling service results in error

[Lucas Albuquerque Medeiros de Moura]

Fair enough, my mistake. I was running this directly on the interpreter.

But let me try something here, can you run this command without errors:
ua detach

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950433

Title:
  Enabling service results in error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950433] Re: Enabling service results in error

[Lucas Albuquerque Medeiros de Moura]

Yeah, that's a really odd problem. I tried using the same machine-id you
provided on a Xenial container but was unable to reproduce any of the
problems here. The enable operation was successful even using the
machine-id with a newline character.

Can you run the following python script and append the result here:
--
from uaclient.config import UAConfig
from uaclient.util import get_machine_id
get_machine_id(UAConfig())


When I run this, this is the output I am getting on my Xenial machine:
'1ec59c1328c24dc88642e5ba37159708\\nf81'

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950433

Title:
  Enabling service results in error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950433] Re: Enabling service results in error

[Lucas Albuquerque Medeiros de Moura]

Hi Htbaa,

This is weird because I think this type of special character should not be 
allowed on the machine-id.
Also, it seems that you are already attached to an UA subscription. To attach 
we also use the machine-id so it is weird that attach worked and enable does 
not.

Can you attach /var/log/ubuntu-advantange.log here so I can verify what
happened during attach.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950433

Title:
  Enabling service results in error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950230] Re: cloud-init crashed with NameError in parse_version(): name 'PkgResourcesDeprecationWarning' is not defined

[Lucas Albuquerque Medeiros de Moura]

Hi guiverc, can you please also append the /var/log/cloud-init.log file
to this bug

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950230

Title:
  cloud-init crashed with NameError in parse_version(): name
  'PkgResourcesDeprecationWarning' is not defined

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1950230/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950433] Re: Enabling service results in error

[Lucas Albuquerque Medeiros de Moura]

Hi Htbaa, I think that's exactly the problem we are facing.

Just to be clear, can you confirm if the id in /etc/machine-id is the
one reported in this issue.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950433

Title:
  Enabling service results in error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1949634] Re: [SRU] ubuntu-advantage-tools (27.3 -> 27.4) Xenial, Bionic, Focal, Hirsute, Impish

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

  [Impact]
  This releases will turn on the metering job by default. The metering job will 
report which services are being used to the contract server every 4 hours. 
Since we already have the timer mechanism in place, we believe the substantial 
risk for this release is that the job may not work
  as intended and fail during the execution. However, this will not block any 
of the other existing jobs from running, so it should be a low risk addition.
  
  Furthermore, these are the additional functionalities we are adding:
  
  * Make cc-eal a non-beta service
  * Update ua fix return code:
-   - exit 0 when fix is successfully applied and completed
-   - exit 1 when fix cannot be applied
-   - exit 2 when fix requires a reboot to complete
+   - exit 0 when fix is successfully applied and completed
+   - exit 1 when fix cannot be applied
+   - exit 2 when fix requires a reboot to complete
  * Allow livepatch to be enabled together with fips-updates
  * New security-status subcommand that lists potentially available security 
and ESM updates
  * Set PYTHONPATH during postinst to avoid problems that happen when users 
have a custom python installation (LP: #1930121)
  
  Additionally, we are also addressing some bugs we found along the way:
  
  * Do not use proxy configuration when reaching clouds IMDS endpoint during 
auto-attach operation
  * Attach will save machine-id during operation
  * Detach won't ask unnecessary questions
-   (For example, when ROS is enabled we don't want to notify user about 
dependent services, since all services will be disabled anyway)
+   (For example, when ROS is enabled we don't want to notify user about 
dependent services, since all services will be disabled anyway)
  
  See the changelog entry below for a full list of changes and bugs.
  
  [Test Case]
  The following development and SRU process was followed:
  https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
  
  The ubuntu-advantage-tools team will be in charge of attaching the artifacts 
and
  console output of the appropriate run to the bug. ubuntu-advantage-tools team
  members will not mark ‘verification-done’ until this has happened.
  
  
  
- 
  [Regression Potential]
  In order to mitigate the regression potential, the results of the
  aforementioned integration tests are attached to this bug.
  
  Since we are adding a new job, we need to make sure that if it fails we will 
not interfere
  with any of the other jobs that were already delivered on release 27.3. 
Currently, our script
  that handles the job execution should cover this. If the metering job fails 
it should just add a new log entry into /var/log/ubuntu-advantage-timer.log.
  
  For the ua fix update, we don't think we can cause a regression, since
  the command was always returning 0, no matter what happened during the
  execution. We believe the new return codes are better now.
  
+ Additionally, we are now also setting up the PYTHONPATH during postinst.
+ This should not change the behavior of any of the python commands we are 
issuing, we just want to guarantee that users with a custom python install
+ will not be affected when performing an install/upgrade operation here. 
However, we are now adding a dependency on the env command during an 
install/upgrade operation and this is a postinst change and it could cause
+ unexpected regressions, even though we currently believe the new change does 
not pose a high risk of regression.
+ 
  The other fixes are either bug fixes or service changes (cc-eal) that
  should not pose a regression risk on current behavior of the ua client,
  since our tests are passing with those new changes.
  
  [Discussion]
  The addition of the new job was tested by the contracts team and it seems to 
be working fine. However, we will need to keep an eye open to see if the 
metering job is working as expected and delivering the desired information to 
the contract backend.
  
  [Changelog]
  
-* d/tools.postinst:
- - hardcode python binary and PYTHONPATH (LP: #1930121)
- - undo unnecessary log file creation
-   * New upstream release 27.4
- - cc-eal: remove beta flag
- - cli:
-   + attach will save machine-id during operation
-   + detach won't ask unnecessary questions
-   + new security-status subcommand lists potentially available
- security and ESM updates (beta)
- - fix:
-   + exit 0 when fix is successfully applied and completed
-   + exit 1 when fix cannot be applied
-   + exit 2 when fix requires a reboot to complete
-   + check reboot-required.pkgs for better reboot suggestions
- - livepatch: allow livepatch and fips-updates at the same time
- - metering:
-   + update how activity info is parsed
-   + update contract response structure
-   + enable job by default
- - proxy: no_proxy defaults for link-local IMDS routes
- - util:
-   + cache get_platform_info calls
-   + fix machine-

[Bug 1949634] [NEW] [SRU] ubuntu-advantage-tools (27.3 -> 27.4) Xenial, Bionic, Focal, Hirsute, Impish

[Lucas Albuquerque Medeiros de Moura]

Public bug reported:

[Impact]
This releases will turn on the metering job by default. The metering job will 
report which services are being used to the contract server every 4 hours. 
Since we already have the timer mechanism in place, we believe the substantial 
risk for this release is that the job may not work
as intended and fail during the execution. However, this will not block any of 
the other existing jobs from running, so it should be a low risk addition.

Furthermore, these are the additional functionalities we are adding:

* Make cc-eal a non-beta service
* Update ua fix return code:
  - exit 0 when fix is successfully applied and completed
  - exit 1 when fix cannot be applied
  - exit 2 when fix requires a reboot to complete
* Allow livepatch to be enabled together with fips-updates
* New security-status subcommand that lists potentially available security and 
ESM updates
* Set PYTHONPATH during postinst to avoid problems that happen when users have 
a custom python installation (LP: #1930121)

Additionally, we are also addressing some bugs we found along the way:

* Do not use proxy configuration when reaching clouds IMDS endpoint during 
auto-attach operation
* Attach will save machine-id during operation
* Detach won't ask unnecessary questions
  (For example, when ROS is enabled we don't want to notify user about 
dependent services, since all services will be disabled anyway)

See the changelog entry below for a full list of changes and bugs.

[Test Case]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates

The ubuntu-advantage-tools team will be in charge of attaching the artifacts and
console output of the appropriate run to the bug. ubuntu-advantage-tools team
members will not mark ‘verification-done’ until this has happened.




[Regression Potential]
In order to mitigate the regression potential, the results of the
aforementioned integration tests are attached to this bug.

Since we are adding a new job, we need to make sure that if it fails we will 
not interfere
with any of the other jobs that were already delivered on release 27.3. 
Currently, our script
that handles the job execution should cover this. If the metering job fails it 
should just add a new log entry into /var/log/ubuntu-advantage-timer.log.

For the ua fix update, we don't think we can cause a regression, since
the command was always returning 0, no matter what happened during the
execution. We believe the new return codes are better now.

The other fixes are either bug fixes or service changes (cc-eal) that
should not pose a regression risk on current behavior of the ua client,
since our tests are passing with those new changes.

[Discussion]
The addition of the new job was tested by the contracts team and it seems to be 
working fine. However, we will need to keep an eye open to see if the metering 
job is working as expected and delivering the desired information to the 
contract backend.

[Changelog]

   * d/tools.postinst:
- hardcode python binary and PYTHONPATH (LP: #1930121)
- undo unnecessary log file creation
  * New upstream release 27.4
- cc-eal: remove beta flag
- cli:
  + attach will save machine-id during operation
  + detach won't ask unnecessary questions
  + new security-status subcommand lists potentially available
security and ESM updates (beta)
- fix:
  + exit 0 when fix is successfully applied and completed
  + exit 1 when fix cannot be applied
  + exit 2 when fix requires a reboot to complete
  + check reboot-required.pkgs for better reboot suggestions
- livepatch: allow livepatch and fips-updates at the same time
- metering:
  + update how activity info is parsed
  + update contract response structure
  + enable job by default
- proxy: no_proxy defaults for link-local IMDS routes
- util:
  + cache get_platform_info calls
  + fix machine-id fallback path on get_machine_id

** Affects: ubuntu-advantage-tools (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: ubuntu-advantage-tools (Ubuntu Xenial)
 Importance: Undecided
 Status: New

** Affects: ubuntu-advantage-tools (Ubuntu Bionic)
 Importance: Undecided
 Status: New

** Affects: ubuntu-advantage-tools (Ubuntu Focal)
 Importance: Undecided
 Status: New

** Affects: ubuntu-advantage-tools (Ubuntu Hirsute)
 Importance: Undecided
 Status: New

** Affects: ubuntu-advantage-tools (Ubuntu Impish)
 Importance: Undecided
 Status: New

** Also affects: ubuntu-advantage-tools (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: ubuntu-advantage-tools (Ubuntu Hirsute)
   Importance: Undecided
   Status: New

** Also affects: ubuntu-advantage-tools (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: ubuntu-advantage-tools (Ubuntu Impish)
   Importance: Undecided
   St

[Bug 1949574] Re: package ubuntu-advantage-tools 27.3~16.04.1 failed to install/upgrade: podproces instalovaný post-installation skript vrátil chybový status 1

[Lucas Albuquerque Medeiros de Moura]

Hello murthagh,

Did you a custom python version installed in your system ? If yes, I
think you can run the upgrade command again specifying the right python
path like this:

env PYTHONPATH=/usr/lib/python3/dist-packages apt upgrade

If that doesn't work, please provide the output of the following
commands:

which python3
python3 -c "import uaclient"
env PYTHONPATH=/usr/lib/python3/dist-packages python3 -c "import uaclient"
ua version
apt policy ubuntu-advantage-tools

And we will take a better look at it.


** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949574

Title:
  package ubuntu-advantage-tools 27.3~16.04.1 failed to install/upgrade:
  podproces instalovaný post-installation skript vrátil chybový status 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1949574/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1949585] Re: package ubuntu-advantage-tools 27.2.2~16.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

[Lucas Albuquerque Medeiros de Moura]

Hello wsbrito1975,

Did you a custom python version installed in your system ? If yes, I
think you can run the upgrade command again specifying the right python
path like this:

env PYTHONPATH=/usr/lib/python3/dist-packages apt upgrade

If that doesn't work, please provide the output of the following
commands:

which python3
python3 -c "import uaclient"
env PYTHONPATH=/usr/lib/python3/dist-packages python3 -c "import uaclient"
ua version
apt policy ubuntu-advantage-tools

And we will take a better look at it.


** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949585

Title:
  package ubuntu-advantage-tools 27.2.2~16.04.1 failed to
  install/upgrade: subprocess installed post-installation script
  returned error exit status 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1949585/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1949524] Re: ua attach and ua status on linux Mint result in tracebacks

[Lucas Albuquerque Medeiros de Moura]

Yes, we should raise a more informative exception here for sure

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949524

Title:
  ua attach and ua status on linux Mint result in tracebacks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1949524/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1948802] Re: package ubuntu-advantage-tools 27.2.2~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 1

[Lucas Albuquerque Medeiros de Moura]

Hi mxmotao, looking at the dpkg log it seems that you are using a custom
cloud-id command, since the path for it is /usr/local/bin/cloud-id while
the cloud-init version is expected to be on /usr/bin/cloud-id

Is that true ? If yes, can you give us more context on what it is doing
?

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948802

Title:
  package ubuntu-advantage-tools 27.2.2~20.04.1 failed to
  install/upgrade: installed ubuntu-advantage-tools package post-
  installation script subprocess returned error exit status 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1948802/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1939932] Re: Ubuntu PRO Focal on AWS and Azure should not install the generic FIPS kernel via ubuntu-fips metapackage

[Lucas Albuquerque Medeiros de Moura]

Azure bug verified with the following script:
---
import logging
import os

from pycloudlib.azure.cloud import Azure


api = Azure(
tag="test-azure",
client_id=os.getenv("UACLIENT_BEHAVE_AZ_CLIENT_ID"),
client_secret=os.getenv("UACLIENT_BEHAVE_AZ_CLIENT_SECRET"),
tenant_id=os.getenv("UACLIENT_BEHAVE_AZ_TENANT_ID"),
subscription_id=os.getenv("UACLIENT_BEHAVE_AZ_SUBSCRIPTION_ID")
)

image_id = "Canonical:0001-com-ubuntu-pro-focal:pro-20_04-lts"  # Focal pro 
image
key_name = "test-key"
private_key_path = "azure-priv-{}.pem".format(key_name)
pub_key_path = "azure-pub-{}.txt".format(key_name)

pub_key, priv_key = api.create_key_pair(
key_name=key_name
)

with open(pub_key_path, "w") as stream:
stream.write(pub_key)

with open(private_key_path, "w") as stream:
stream.write(priv_key)

os.chmod(pub_key_path, 0o600)
os.chmod(private_key_path, 0o600)

api.use_key(pub_key_path, private_key_path, key_name)
instance = api.launch(image_id)

print("--- Creating base instance")
print(instance.execute("lsb_release -a"))
instance.execute("sh -c 'sudo apt-get update > /dev/null'")
instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > 
/dev/null'")
print(instance.execute("ua version"))
print(instance.execute("sudo ua enable fips --assume-yes"))
print("--")

print("--- Updating ua package")
cmd = "sudo sh -c \"echo 'deb http://archive.ubuntu.com/ubuntu/ {}-proposed 
restricted main multiverse universe' >> 
/etc/apt/sources.list.d/proposed-repositories.list\""
instance.execute(cmd.format("focal"))
instance.execute("sh -c 'sudo apt-get update > /dev/null'")
instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > 
/dev/null'")
print(instance.execute("ua version"))
print(instance.execute("sudo ua enable fips --assume-yes"))
print("--")
instance.delete()
-

Test output:

--- Creating base instance  
  
Distributor ID: Ubuntu  
  
Description:Ubuntu 20.04.3 LTS  
  
Release:20.04   
  
Codename:   focal   
  
27.2.2~20.04.1  
  
One moment, checking your subscription first
  
Updating package lists  
  
Installing FIPS packages
  
Updating package lists  
  
Could not enable FIPS.  
  
--  
  
--- Updating ua package 
  
27.3~20.04.1
  
One moment, checking your subscription first
  
Ubuntu Focal does not provide an Azure optimized FIPS kernel
  
For help see: https://ubuntu.com/advantage. 
  
--  


** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-hirsute 
verification-needed-impish verification-needed-xenial
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-hirsute verification-done-impish 
verifi

[Bug 1939932] Re: Ubuntu PRO Focal on AWS and Azure should not install the generic FIPS kernel via ubuntu-fips metapackage

[Lucas Albuquerque Medeiros de Moura]

AWS Bug verified with the following script:

---
import logging
import os

from pycloudlib.ec2.cloud import EC2

api = EC2(
tag="test-ec2",
access_key_id=os.getenv("UACLIENT_BEHAVE_AWS_ACCESS_KEY_ID"),
secret_access_key=os.getenv("UACLIENT_BEHAVE_AWS_SECRET_ACCESS_KEY")
)

image_id = "ami-0193aa0a9df84a08b" # Focal pro image
private_key_path = "ec2-{}.pem".format("test-key")
key_name = "test-key"

if key_name in api.list_keys():
api.delete_key(key_name)

keypair = api.client.create_key_pair(KeyName=key_name)

with open(private_key_path, "w") as stream:
stream.write(keypair["KeyMaterial"])

os.chmod(private_key_path, 0o600)

api.use_key(private_key_path, private_key_path, key_name)
vpc = api.get_or_create_vpc(name="test-ec2-pro")
instance = api.launch(image_id, vpc=vpc)

print("--- Creating base instance")
print(instance.execute("lsb_release -a"))
instance.execute("sh -c 'sudo apt-get update > /dev/null'")
instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > 
/dev/null'")
print(instance.execute("ua version"))
print(instance.execute("sudo ua enable fips --assume-yes"))
print("--")

print("--- Updating ua package")
cmd = "sudo sh -c \"echo 'deb http://archive.ubuntu.com/ubuntu/ {}-proposed 
restricted main multiverse universe' >> 
/etc/apt/sources.list.d/proposed-repositories.list\""
instance.execute(cmd.format("focal"))
instance.execute("sh -c 'sudo apt-get update > /dev/null'")
instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > 
/dev/null'")
print(instance.execute("ua version"))
print(instance.execute("sudo ua enable fips --assume-yes"))
print("--")
instance.delete()
---

To run that script, you need the pycloudlib dependency, which can be found here:
https://github.com/canonical/pycloudlib/tree/main/pycloudlib


Test output:


Test output:

--- Creating base instance
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
27.2.2~20.04.1
One moment, checking your subscription first
Updating package lists
Installing FIPS packages
Updating package lists
Could not enable FIPS.
--
--- Updating ua package
27.3~20.04.1
One moment, checking your subscription first
Ubuntu Focal does not provide an AWS optimized FIPS kernel
For help see: https://ubuntu.com/advantage.
--

PS: This bug only affects focal

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1939932

Title:
  Ubuntu PRO Focal on AWS and Azure should not install the generic FIPS
  kernel via ubuntu-fips metapackage

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1939932/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1939449] Re: Ubuntu Pro UA fails to enable fips-updates on 20.04

[Lucas Albuquerque Medeiros de Moura]

Bug verified with the following script:

---
import logging
import os

from pycloudlib.ec2.cloud import EC2


api = EC2(
tag="test-ec2",
access_key_id=os.getenv("UACLIENT_BEHAVE_AWS_ACCESS_KEY_ID"),
secret_access_key=os.getenv("UACLIENT_BEHAVE_AWS_SECRET_ACCESS_KEY")
)

image_id = "ami-0193aa0a9df84a08b"  # Focal pro image
private_key_path = "ec2-{}.pem".format("test-key")
key_name = "test-key"

if key_name in api.list_keys():
api.delete_key(key_name)

keypair = api.client.create_key_pair(KeyName=key_name)

with open(private_key_path, "w") as stream:
stream.write(keypair["KeyMaterial"])

os.chmod(private_key_path, 0o600)

api.use_key(private_key_path, private_key_path, key_name)
vpc = api.get_or_create_vpc(name="test-ec2-pro")
instance = api.launch(image_id, vpc=vpc)

print("--- Creating base instance")
print(instance.execute("lsb_release -a"))
instance.execute("sh -c 'sudo apt-get update > /dev/null'")
instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > 
/dev/null'")
print(instance.execute("ua version"))
print(instance.execute("sudo ua enable fips --assume-yes"))
print("--")

print("--- Updating ua package")
cmd = "sudo sh -c \"echo 'deb http://archive.ubuntu.com/ubuntu/ {}-proposed 
restricted main multiverse universe' >> 
/etc/apt/sources.list.d/proposed-repositories.list\""
instance.execute(cmd.format("focal"))
instance.execute("sh -c 'sudo apt-get update > /dev/null'")
instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > 
/dev/null'")
print(instance.execute("ua version"))
print(instance.execute("sudo ua enable fips --assume-yes"))
print("--")
instance.delete()
---

To run that script, you need the pycloudlib dependency, which can be found here:
https://github.com/canonical/pycloudlib/tree/main/pycloudlib

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1939449

Title:
  Ubuntu Pro UA fails to enable fips-updates on 20.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1939449/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1939449] Re: Ubuntu Pro UA fails to enable fips-updates on 20.04

[Lucas Albuquerque Medeiros de Moura]

Test output:

--- Creating base instance  
  
Distributor ID: Ubuntu  
  
Description:Ubuntu 20.04.2 LTS  
  
Release:20.04   
  
Codename:   focal   
  
27.2.2~20.04.1  
  
One moment, checking your subscription first
  
Updating package lists  
  
Installing FIPS packages
  
Updating package lists  
  
Could not enable FIPS.  
  
--  
  
--- Updating ua package 
  
27.3~20.04.1
  
One moment, checking your subscription first
  
Ubuntu Focal does not provide an AWS optimized FIPS kernel  
  
For help see: https://ubuntu.com/advantage. 
  
--  

PS: This bug only affects focal

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-hirsute 
verification-needed-impish verification-needed-xenial
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-hirsute verification-done-impish 
verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1939449

Title:
  Ubuntu Pro UA fails to enable fips-updates on 20.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1939449/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1944676] Re: Ubuntu ESM not working in WSL

[Lucas Albuquerque Medeiros de Moura]

PS: this bug does not affect hirsute and impish because those series are
not entitled to FIPS services.

This can be further verified in the test results

** Attachment added: "1944676-test-results.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1944676/+attachment/5536288/+files/1944676-test-results.tar.xz

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-hirsute 
verification-needed-impish verification-needed-xenial
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-hirsute verification-done-impish 
verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1944676

Title:
  Ubuntu ESM not working in WSL

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1944676/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1944676] Re: Ubuntu ESM not working in WSL

[Lucas Albuquerque Medeiros de Moura]

Bug verified with the following script:
--
series=$1
name=test-$series

multipass launch --name $name $series
multipass exec $name -- ua version
multipass exec $name -- cloud-init status --wait
multipass exec $name -- sudo ua attach $UACLIENT_BEHAVE_CONTRACT_TOKEN
multipass exec $name -- sudo mv /run/cloud-init/instance-data.json 
/run/cloud-init/instance-data.json.old
multipass exec $name -- ls /run/cloud-init/
multipass exec $name -- sudo ua status

multipass exec $name -- sudo sh -c "cat  /dev/null"
multipass exec $name -- sudo sh -c "apt install ubuntu-advantage-tools > 
/dev/null"
multipass exec $name -- ua version
multipass exec $name -- ls /run/cloud-init/
multipass exec $name -- sudo ua status

multipass delete $name
multipass purge
-

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1944676

Title:
  Ubuntu ESM not working in WSL

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1944676/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1938207] Re: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure

[Lucas Albuquerque Medeiros de Moura]

** Attachment added: "1938207-test-results-extra.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+attachment/5536058/+files/1938207-test-results-extra.tar.xz

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-hirsute 
verification-needed-impish verification-needed-xenial
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-hirsute verification-done-impish 
verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1938207

Title:
  ubuntu-advantage-tools.postinst and cloud-id are not robust against
  failure

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1938207] Re: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure

[Lucas Albuquerque Medeiros de Moura]

Impish and hirsute tests performed with the following script:

series=$1
name=test-$series

multipass launch --name $name $series
multipass exec $name -- ua version
multipass exec $name -- cloud-init status --wait
multipass exec $name -- sudo /bin/sh -c "printf 'error' > /usr/bin/cloud-id"
multipass exec $name -- sudo chmod 755 /usr/bin/cloud-id
multipass exec $name -- sudo dpkg-reconfigure ubuntu-advantage-tools
multipass exec $name -- echo $?

multipass exec $name -- sudo sh -c "cat  /dev/null"
multipass exec $name -- sudo sh -c "apt install ubuntu-advantage-tools > 
/dev/null"
multipass exec $name -- ua version
multipass exec $name -- sudo dpkg-reconfigure ubuntu-advantage-tools
multipass exec $name -- echo $?
multipass delete $name
multipass purge


-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1938207

Title:
  ubuntu-advantage-tools.postinst and cloud-id are not robust against
  failure

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1938207] Re: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure

[Lucas Albuquerque Medeiros de Moura]

** Attachment added: "1938207-test-results.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+attachment/5536055/+files/1938207-test-results.tar.xz

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1938207

Title:
  ubuntu-advantage-tools.postinst and cloud-id are not robust against
  failure

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1938207] Re: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure

[Lucas Albuquerque Medeiros de Moura]

I have modified the test script to install the package in proposed:
--
import pycloudlib
import os

lxd = pycloudlib.LXDVirtualMachine("vm")

name = 'pycloudlib-vm'
release = "hirsute"
pub_key_path = "lxd-pubkey"
priv_key_path = "lxd-privkey"

userdata_cloud_id_fail = """\
#cloud-config
bootcmd:
 - cp /usr/bin/cloud-id /usr/bin/cloud-id.orig
 - 'echo "error" > /usr/bin/cloud-id'
 - chmod 755 /usr/bin/cloud-id
"""

pub_key, priv_key = lxd.create_key_pair()

with open(pub_key_path, "w") as f:
f.write(pub_key)

with open(priv_key_path, "w") as f:
f.write(priv_key)

lxd.use_key(
public_key_path=pub_key_path,
private_key_path=priv_key_path
)

image_id = lxd.released_image(release=release)
instance = lxd.launch(
name=name,
image_id=image_id,
user_data=userdata_cloud_id_fail
)

print("--- Creating base instance")
print("ip address: ", instance.ip)
print("--- Make cloud-id command fail by changing the binary")
cloud_id = instance.execute("cloud-id")
print(cloud_id.stderr)
print("--- Running postinst script for current version of uaclient")
dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools")
print(instance.execute("ua version"))
print(dpkg_out.stderr)
print("--")

cmd = "sudo sh -c \"echo 'deb http://archive.ubuntu.com/ubuntu/ {}-proposed 
restricted main multiverse universe' >> 
/etc/apt/sources.list.d/proposed-repositories.list\""
print("--- Updating ua package")
out = instance.execute(cmd.format(release))
instance.execute("sh -c 'sudo apt-get update -q > /dev/null'")
instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > 
/dev/null'")
print(instance.execute("ua version"))
dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools")
print(dpkg_out.stderr)
print("--")
instance.delete()


Currently, pycloudlib doesn't support launching hirsute or impish vms
Therefore, the test results here are for xenial, bionic and focal.

I will run this test for hirsute and impish through multipass.

PS: this bug should not affect xenial releases

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1938207

Title:
  ubuntu-advantage-tools.postinst and cloud-id are not robust against
  failure

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1940131] Re: sudo ua attach is not working

[Lucas Albuquerque Medeiros de Moura]

Adding test results

** Attachment added: "1940131-test-results.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1940131/+attachment/5536054/+files/1940131-test-results.tar.xz

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940131

Title:
  sudo ua attach is not working

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1940131/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1940131] Re: sudo ua attach is not working

[Lucas Albuquerque Medeiros de Moura]

Bug verified with the following script:

--
series=$1
name=test-$series
UA_TOKEN=

lxc launch ubuntu-daily:$series $name
lxc exec $name -- ua version
lxc exec $name -- cloud-init status --wait
lxc exec $name -- mv /usr/bin/cloud-id /usr/bin/cloud-id.old
lxc exec $name -- mv /var/lib/cloud/data/result.json 
/var/lib/cloud/data/result.json.old
lxc exec $name -- touch /var/lib/cloud/data/result.json
# verify failure to attach
lxc exec $name -- ua attach $UA_TOKEN
lxc delete --force $name

lxc launch ubuntu-daily:$series $name
lxc exec $name -- cloud-init status --wait
lxc exec $name -- sh -c "cat 

[Bug 1942929] Re: [SRU] ubuntu-advantage-tools (27.2.2 -> 27.3) Xenial, Bionic, Focal, Hirsute

[Lucas Albuquerque Medeiros de Moura]

I have run all of the manual tests with the proposed package and they
are all working as expected

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1942929

Title:
  [SRU] ubuntu-advantage-tools (27.2.2 -> 27.3) Xenial, Bionic, Focal,
  Hirsute

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1942929/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1947506] Re: failed to call "sudo ua attach 'key'" with unexpected error

[Lucas Albuquerque Medeiros de Moura]

Hi Florian, thanks for reporting this bug. This is probably happening
because the machine has the cloud-init package installed but it was not
fully run on the machine (which is not a problem per se).

We have addressed this on our next release of ubuntu-advantage-tools
that should be delivered very soon. Until that happens, you can add this
at the end of /etc/ubuntu-advantage/uaclient.conf

settings_overrides:
  cloud_type: ""

And I believe it solve the problem for now. Let me know if that works
for you

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1947506

Title:
  failed to call "sudo ua attach 'key'" with unexpected error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1947506/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1945053] Re: updating ubuntu 16.04 to 18.04 failed

[Lucas Albuquerque Medeiros de Moura]

Hi Muhammad, just to double check something, when you run:

$ which python3

What is the output of that command ?

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1945053

Title:
  updating ubuntu 16.04 to 18.04 failed

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1945053/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1944994] Re: ua tools will not install correctly

[Lucas Albuquerque Medeiros de Moura]

Hi Albert, can you please append here the following file:
/var/log/ubuntu-advantage.log

Also, when you run:
which python3

What is the output that you see ?

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1944994

Title:
  ua tools will not install correctly

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1944994/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1944762] Re: misleading motd after support ends

[Lucas Albuquerque Medeiros de Moura]

Hi Seth, although ubuntu-advantage-tools does generate some MOTD
messages, we are not currently generating the message you are describing
here. I think it is better to tag the update-notifier package in this
bug.

However, if you think there is something we can still do on our side,
please let me know.

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Opinion

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1944762

Title:
  misleading motd after support ends

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1944762/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1939932] Re: Ubuntu PRO Focal on AWS and Azure should not install the generic FIPS kernel via ubuntu-fips metapackage

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

  [Impact]
  
  This bug impacts users on AWS or Azure, trying to enable FIPS/FIPS
  updates on Focal images. Trying to install a non-cloud-optimized FIPS
  kernel may lead to unwanted behavior on those clouds, including
  inability to boot to the systems.
  
  Although Focal has a FIPS certified kernel, the AWS adapted kernel is
  not ready yet. There will be in the future a cloud-optimized version of
  the FIPS kernel, and then users will be able to install it.
  
  With the applied fix, UA will show a message saying that the kernel is
  not available instead of showing any error. If the user really wants to
  install FIPS, there is a feature override
  ("allow_default_fips_metapackage_on_focal_cloud") which will install the
  default kernel, but this is the user's choice, and not recommended.
  
  [Test Case]
- The original description has steps to reproduce. To verify the fix, install 
ubuntu-advantage-tools 27.3 and check for the expected behavior described.
+ 
+ To verify that this issue is fixed by version 27.3, please run the
+ following script:
+ 
+ --
+ import os
+ 
+ from pycloudlib.ec2.cloud import EC2
+ 
+ 
+ api = EC2(
+ tag="test-ec2",
+ access_key_id=os.getenv("UACLIENT_BEHAVE_AWS_ACCESS_KEY_ID"),
+ secret_access_key=os.getenv("UACLIENT_BEHAVE_AWS_SECRET_ACCESS_KEY")
+ )
+ 
+ image_id = "ami-0193aa0a9df84a08b"  # Focal pro image
+ private_key_path = "ec2-{}.pem".format("test-key")
+ key_name = "test-key"
+ 
+ if key_name in api.list_keys():
+ api.delete_key(key_name)
+ 
+ keypair = api.client.create_key_pair(KeyName=key_name)
+ 
+ with open(private_key_path, "w") as stream:
+ stream.write(keypair["KeyMaterial"])
+ 
+ os.chmod(private_key_path, 0o600)
+ 
+ api.use_key(private_key_path, private_key_path, key_name)
+ vpc = api.get_or_create_vpc(name="test-ec2-pro")
+ instance = api.launch(image_id, vpc=vpc)
+ 
+ print("--- Creating base instance")
+ print(instance.execute("lsb_release -a"))
+ print(instance.execute("ua version"))
+ print(instance.execute("sudo ua enable fips --assume-yes"))
+ print("--")
+ 
+ print("--- Updating ua package")
+ instance.execute("sudo add-apt-repository ppa:ua-client/staging -y")
+ instance.execute("sh -c 'sudo apt-get update > /dev/null'")
+ instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > 
/dev/null'")
+ print(instance.execute("ua version"))
+ print(instance.execute("sudo ua enable fips --assume-yes"))
+ print("--")
+ instance.delete()
+ ---
+ 
+ This script depends on pycloudlib, which can be found here:
+ https://github.com/canonical/pycloudlib/tree/main/pycloudlib
+ 
  
  [Regression Potential]
  This change needs to make sure that we indeed prevent the installation of 
non-cloud-optimized kernels. If a corner case shows up, the user might end up 
with a wrong kernel. This is unlikely because we are using cloud-init tools, 
present in AWS and Azure, to detect the cloud instance and effective blocking 
the install. If this detection fails, it means cloud-init has some problem and 
then, on AWS or Azure, the instance will have more problems than this one.
  
  We need to make sure to keep track of the certification progress for the
  cloud adapted FIPS package, so we can enable it in the future, when it
  becomes available.
  
  [Original Description]
  For Ubuntu PRO on 20.04 (Focal) `ua enable fips` should only install a 
cloud-optimized ubuntu-aws-fips or ubuntu-azure-fips metapackage. Installing a 
non-cloud-optimized FIPS kernel on AWS and Azure could lead to inability to 
boot on certain instance types. Expectation is that Focal AWS and Azure images 
should disallow enabling either fips or fips-updates.
  
  Expected behavior on Ubuntu PRO AWS and Azure Focal:
  $ ua status | grep fips
  fips no — NIST-certified FIPS modules
  fips-updates no — Uncertified security updates to FIPS modules
  
  $ sudo ua enable fips-updates
  One moment, checking your subscription first
  This system will NOT be considered FIPS certified, but will include security
  and bug fixes to the FIPS packages.
  Are you sure? (y/N) y
  This subscription is not entitled to FIPS Updates.
  For more information see: https://ubuntu.com/advantage
  
  Actual behavior:
  $ ua status | grep fips
  fips yes disabled NIST-certified FIPS modules
  fips-updates yes disabled Uncertified security updates to FIPS modules
  
  $ sudo ua enable fips-updates
  One moment, checking your subscription first
  This system will NOT be considered FIPS certified, but will include security
  and bug fixes to the FIPS packages.
  Are you sure? (y/N) y
  Updating package lists
  Installing FIPS Updates packages
  FIPS Updates enabled
  A reboot is required to complete install
  
  # see ubuntu-fips generic get installed which potentially degrades AWS and 
Azure environments
  $ sudo grep install /var/log/ubuntu-advantage.log
  2021-08-13 22:1

[Bug 1938207] Re: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure

[Lucas Albuquerque Medeiros de Moura]

** Description changed:

  [Impact]
  
  If cloud-id fails in a different way from what our postinst currently
  checks for, then the postinst script will fail, breaking whatever apt
  process was running.
  
  We fixed this by changing the line that calls cloud-id to
  
  cloud_id=$(cloud-id 2>/dev/null) || cloud_id=""
  
  The commit with this change is here:
  https://github.com/canonical/ubuntu-advantage-
  client/commit/8ac323b1f2e2031afa8018112d20479085c0e4f7
  
  By doing this, any error in cloud-id will be handled by assuming we are
  not on a cloud. This is a safe assumption for the purposes of our
  postinst script.
  
  [Test Plan]
  
- TODO lucas to insert test script here
+ You can verify that this problem is addressed in version 27.3 by running
+ the following script:
+ 
+ 
+ import pycloudlib
+ import os
+ 
+ 
+ lxd = pycloudlib.LXDVirtualMachine("vm")
+ 
+ name = 'pycloudlib-vm'
+ release = "bionic"
+ pub_key_path = "lxd-pubkey"
+ priv_key_path = "lxd-privkey"
+ 
+ userdata_cloud_id_fail = """\
+ #cloud-config
+ bootcmd:
+  - cp /usr/bin/cloud-id /usr/bin/cloud-id.orig
+  - 'echo "error" > /usr/bin/cloud-id'
+  - chmod 755 /usr/bin/cloud-id
+ """
+ 
+ pub_key, priv_key = lxd.create_key_pair()
+ 
+ with open(pub_key_path, "w") as f:
+ f.write(pub_key)
+ 
+ with open(priv_key_path, "w") as f:
+ f.write(priv_key)
+ 
+ lxd.use_key(
+ public_key_path=pub_key_path,
+ private_key_path=priv_key_path
+ )
+ 
+ image_id = lxd.released_image(release=release)
+ instance = lxd.launch(
+ name=name,
+ image_id=image_id,
+ user_data=userdata_cloud_id_fail
+ )
+ 
+ print("--- Creating base instance")
+ print("ip address: ", instance.ip)
+ print("--- Make cloud-id command fail by changing the binary")
+ cloud_id = instance.execute("cloud-id")
+ print(cloud_id.stderr)
+ print("--- Running postinst script for current version of uaclient")
+ dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools")
+ print(instance.execute("ua version"))
+ print(dpkg_out.stderr)
+ print("--")
+ 
+ print("--- Updating ua package")
+ instance.execute("sudo add-apt-repository ppa:ua-client/staging -y")
+ instance.execute("sh -c 'sudo apt-get update -q > /dev/null'")
+ instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > 
/dev/null'")
+ print(instance.execute("ua version"))
+ dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools")
+ print(dpkg_out.stderr)
+ print("--")
+ instance.delete()
+ --
+ 
+ This script relies on the pycloudlib project which can be found
+ here:
+ https://github.com/canonical/pycloudlib/tree/main/pycloudlib
+ 
  
  [Where problems could occur]
  
  Any change to postinst is particularly dangerous because a mistake could
  cause it to fail and therefore cause apt installs/upgrades to fail.
  Because ua-client is on all ubuntu images, we need to be particularly
  careful here.
  
  Further, by changing the code that fixed a critical bug, we run the risk
  of reintroducing that bug. We've mitigated this by introducing an
  integration test scenario to cover that bug.
  
  [Other Info]
-  
+ 
  The cloud id is used in postinst for doing 2 things:
  
  1. notifying the user if they stumbled into an using an unsupported fips 
kernel on the cloud
  2. activating the gcp_auto_attach job
  
  It is not critical if the cloud is falsely detected as none. The worst
  that could happen is that a user would not be notified of the
  unsupported fips kernel or that a user would not have the
  gcp_auto_attach job activated.
  
  [Original Description]
  
  As discovered in regression bug 1936833:
  
   1) "cloud-id" can sometimes crash; perhaps it should return something
  more sensible if a cloud-id is not available
  
   2) ubuntu-advantage-tools.postinst might crash if cloud-id crashes;
  perhaps it should be generally resilient against cloud-id crashing,
  instead of trying to predict if it will work or not (additionally the
  current prediction method seems to be based on an internal
  implementation detail that might change)
  
  I wonder if one or both of these things can be improved. For example,
  define the failure behaviour of cloud-id when it cannot function, and
  have the postinst test for that, and further, adjust the postinst to be
  robust against _any_ failure of cloud-id.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1938207

Title:
  ubuntu-advantage-tools.postinst and cloud-id are not robust against
  failure

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1943375] Re: sudo ua attach fails. Unexpected error(s) occurred. For more details, see the log: /var/log/ubuntu-advantage.log

[Lucas Albuquerque Medeiros de Moura]

Hi Myroslav, can you please upload /var/log/ubuntu-advantage.log in this
thread so we can better debug what happened here.

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1943375

Title:
  sudo ua attach  fails. Unexpected error(s) occurred. For more
  details, see the log: /var/log/ubuntu-advantage.log

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1943375/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1941924] Re: Cannot find the "/usr/share/ubuntu-scap-security-guides" directory.

[Lucas Albuquerque Medeiros de Moura]

Hi Ronnie, just some questions around this issue:

1) Does the following error happened when running: ua enable cis ?
2) What cloud are you running ua on ?
3) What is the output of: cloud-init status --long

** Changed in: ubuntu-advantage-tools (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1941924

Title:
  Cannot find the "/usr/share/ubuntu-scap-security-guides" directory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1941924/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1940131] Re: sudo ua attach is not working

[Lucas Albuquerque Medeiros de Moura]

Hi slava, there is just one minor problem on the config. The cloud_type
entry is incorrectly place on under ua_config. The config should be:

contract_url: https://contracts.canonical.com
data_dir: /var/lib/ubuntu-advantage
log_file: /var/log/ubuntu-advantage.log
log_level: debug
security_url: https://ubuntu.com/security
ua_config:
   apt_http_proxy: null
   apt_https_proxy: null
   http_proxy: null
   https_proxy: null
settings_overrides:
  cloud_type: ""


Let me know if that works out

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940131

Title:
  sudo ua attach is not working

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1940131/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs