[Bug 2078614] Re: pro refresh Failed running command '/snap/bin/canonical-livepatch config' [exit(1)]. Message: error executing config: livepatchd error: daemon shutting down
** Also affects: canonical-livepatch-client Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078614 Title: pro refresh Failed running command '/snap/bin/canonical-livepatch config' [exit(1)]. Message: error executing config: livepatchd error: daemon shutting down To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-livepatch-client/+bug/2078614/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2075357] Re: pro collect-logs takes more than 1:30 minutes to complete on air-gapped envs, `pro status` and `pro help` doesn't work
Hi Carlos Bravo, I have tested this on the current airgapped test scenario we have for the Pro client and I wasn't able to reproduce the issues. Even though you are correct that we reach for the contract in some of those commands, once we use the airgapped-contract server, the Pro commands reach the airgapped server instead of https://contracts.canonical.com. Therefore, this issues should not be happening. Can you better explain the setup you are using to setup the airgapped machine ? ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2075357 Title: pro collect-logs takes more than 1:30 minutes to complete on air- gapped envs, `pro status` and `pro help` doesn't work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2075357/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067059] Re: Auto-attach image support is not available on none
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: Incomplete => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067059 Title: Auto-attach image support is not available on none To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/2067059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067059] Re: Auto-attach image support is not available on none
Hi carlos-bravo, Thanks for this report. I agree we should improve on this issue. I will create a feature request on the Pro client so we can better explore this -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067059 Title: Auto-attach image support is not available on none To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/2067059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2069237] Re: [SRU] ubuntu-advantage-tools (32.3 -> 33) Xenial, Bionic, Focal, Jammy, Noble
This are all of the tests performed for this Pro release. For the results, please be aware of: 1. There are some well known issues on the security API we use for the pro fix command. Due to that, we cannot fully run the integration tests on then. 2. Once we have detected test failures on a given run, we will have a subsequent file with a run with only the failed tests. This will be clear when looking at files with the "fixed-tests" suffix. 3. There is a failure when upgrading from Jammy to Noble when installing Pro from the proposed pocket. The issue is that do-release-upgrade disables the proposed pocket by default and we end up not installing the latest Pro package on Noble. We have created a manual test for this scenario showing that we can still install the proposed package on Noble after do-release-upgrade and that the package is shipping the right version of the apparmor profile we expect. Given all that, I am marking this release as verification done ** Attachment added: "release-33.2-test-results.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2069237/+attachment/5801236/+files/release-33.2-test-results.tar.xz ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-noble verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-jammy verification-done-noble verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2069237 Title: [SRU] ubuntu-advantage-tools (32.3 -> 33) Xenial, Bionic, Focal, Jammy, Noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2069237/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073264] Re: package ubuntu-pro-client 32.3.1~20.04 failed to install/upgrade: installed ubuntu-pro-client package post-installation script subprocess returned error exit status 127
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073264 Title: package ubuntu-pro-client 32.3.1~20.04 failed to install/upgrade: installed ubuntu-pro-client package post-installation script subprocess returned error exit status 127 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2073264/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2070095] Re: apt_news.py download forced unsandboxed
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2070095 Title: apt_news.py download forced unsandboxed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2070095/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067319] Re: After upgrading from bionic to focal, esm-cache.service hits apparmor denials
We have run all of the tests specified in the test plan. The result are attached here ** Attachment added: "test-results-32.3.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2067319/+attachment/5783774/+files/test-results-32.3.tar.xz ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-mantic verification-needed-noble verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-jammy verification-done-mantic verification-done-noble verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067319 Title: After upgrading from bionic to focal, esm-cache.service hits apparmor denials To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2067319/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060732] Re: [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic
We have marked the apparmor issue as verification-done: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2067319 Due to that, we are also marking this one as verification-done too ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-mantic verification-needed-noble verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-jammy verification-done-mantic verification-done-noble verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060732 Title: [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060732/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060732] Re: [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic
We have run the full ubuntu-advantage-tools integration (behave) test suite against the version in -proposed. The results are attached. Some tests are failing, but this is expected: * Upgrade from Bionic to Focal: Apparmor related issues that will be fixed on 32.3 * cloud-init related tests on Noble Pro cloud ** Attachment added: "test-result-32.2.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060732/+attachment/5783669/+files/test-result-32.2.tar.xz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060732 Title: [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060732/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060732] Re: [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic
** Description changed: [ Impact ] This release brings both bug-fixes and new features for the Pro Client, and we would like to make sure all of our supported customers have access to these improvements on all releases. The most important changes are: - - d/apparmor:introduce new ubuntu_pro_esm_cache apparmor policy - - api: -+ u.pro.attac.token.full_token_attach.v1: add suppport for attach with token -+ u.pro.services.disable.v1: add support for disable operation -+ u.pro.services.enable.v1: add support for enable operation -+ u.pro.detach.v1: add support for detach operation -+ u.pro.status.is_attached.v1: add extra fields to API response -+ u.pro.services.dependencies.v1: add support for service dependencies -+ u.pro.security.fix.*.plan.v1: update ESM cache during plan API if needed - - config: create public and private config (GH: #2809) - - messaging: add consistent messaging for end-of-contract - + - d/apparmor:introduce new ubuntu_pro_esm_cache apparmor policy + - api: + + u.pro.attac.token.full_token_attach.v1: add suppport for attach with token + + u.pro.services.disable.v1: add support for disable operation + + u.pro.services.enable.v1: add support for enable operation + + u.pro.detach.v1: add support for detach operation + + u.pro.status.is_attached.v1: add extra fields to API response + + u.pro.services.dependencies.v1: add support for service dependencies + + u.pro.security.fix.*.plan.v1: update ESM cache during plan API if needed + - config: create public and private config (GH: #2809) + - messaging: add consistent messaging for end-of-contract See the changelog entry below for a full list of changes and bugs. [ Test Plan ] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The Pro Client developers will be in charge of attaching the artifacts of the appropriate test runs to the bug, and will not mark ‘verification-done’ until this has happened. Additionally, we will perform manual tests for the public/private config feature that will be better discussed in the next section + + Finally, we will also perform another verification for an apparmor issue that + is described here: + + https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage- + tools/+bug/2067319 + + We will run the full test suite for version 32.2 and run only again only the affected scenarios for this apparmor issue that is fixed on 32.3. Please refer + to the apparmor bug for the full plan regarding the verification of this SRU [ Discussion] This release will be introducing a split on our config for public and private information. This is to be explicit in the behavior a non-root and root user will see when running pro config show. For example, we believe that a non-root user should not see proxy data in pro config show. This information is now stored in a private config file. We need a mechanism to ensure that old versions of the Pro client would also get that split. To do that, we have created a script to run on postinst to adapt the existing pro config into this new setting. However, we have recently introduced the new ubuntu-pro-client package. That means that we cannot know beforehand from which package the user would be upgrading from, ubuntu-advantage-tools or ubuntu-pro-client. If the system already has ubuntu-pro-client and is upgrading to a new version of ubuntu-pro-client, that means all migrations present in ubuntu-advantage-tools.postinst must have already run at the time the system upgraded to the renamed ubuntu-pro-client. That mean this config migration should happen on ubuntu-pro-client.postinst If upgrading from before the rename to the current version (from before version 31), then not necessarily all migrations inside of ubuntu- advantage-tools.postinst will have already run. Because the migrations present in this file may depend on those previous migrations, then we need to make the migration on ubuntu-advantage-tools.postinst That is because there might be users running an old version of ubuntu- advantage-tools that have not yet upgraded to version 27.14. This version is the one that introduces the /var/lib/ubuntu-advantage/user- config.json. Therefore, we need to ensure to this migration happens first, before our public/private migration. Because of that, we are coordinating which postinst script will execute the migration. A more detailed explanation of this logic can be found on the script itself, lib/postinst-migrations.sh - [ Changelog ] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060732 Title: [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic To manage notifications about this bug go to: https://bugs.launchpad.net
[Bug 2059952] Re: pro sometimes runs before cloud-config.service
I am adding the test results for Mantic. Those tests confirm that the daemon doesn't run on Mantic, which makes this release unaffected by this issue. ** Attachment added: "mantic-test-results.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+attachment/5775924/+files/mantic-test-results.tar.xz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059952 Title: pro sometimes runs before cloud-config.service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060566] Re: Add esm-infra-legacy support for Trusty
** Tags removed: verification-needed verification-needed-trusty ** Tags added: verification-done verification-done-trusty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060566 Title: Add esm-infra-legacy support for Trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060566/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060566] Re: Add esm-infra-legacy support for Trusty
Even though the verification is already done, we intend to only release this package on April 30 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060566 Title: Add esm-infra-legacy support for Trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060566/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060566] Re: Add esm-infra-legacy support for Trusty
I have performed the verification for this proposed changed. Attached to this comment, are the test results we have obtained when running a custom script that: 1) Launches a trusty lxd container 2) Install the proposed version of the Pro client 3) Checks that esm-infra-legacy appears on ua status when the user is unattached 4) Attaches to a license that is entitled to esm-infra-legacy 5) Verify the service is not enabled by default 6) Enables the esm-infra-legacy service manually 7) Checks that esm-infra-legacy is enabled on ua status 8) Disables esm-infra-legacy 9) Checks that esm-infra-legacy is disabled and esm-infra is still enabled 10) Enable the service again and checks that ua status reflect that 11) Detach from subscription 12) Attach to a subscription that is not entitled to esm-infra-legacy 13) Check that ua status show the service as not entitled 14) Detach from that subscription The script that perform this verification is also attached with the test result. Additionally, we are also adding the result of the existing integration tests for the Trusty package. We have also tested if esm-infra-legacy doesn't appear on any other release besides Trusty. We have looked on a Xenial instance and we have checked that both unattached and attached users do not see that service on pro status, even if we attached with a subscription token that is entitled to esm-infra-legacy. Another manual test performed was for the situation where an user: 1) User has older version of the Pro package installed (i.e. 19.6) 2) Is attached to subscription not entitled to esm-infra-legacy 3) Upgrades to latest version of package 4) See that esm-infra-legacy now appears on ua status, but not entitled 5) Buys support for esm-infra-legacy 6) Runs ua refresh 7) It can see now that the service appears as entitled on ua status 8) user enable the service through ua enable esm-infra-legacy We have coordinated that test with the Contract Server team and we were able to confirm all of the above scenarios. Finally, we were not able to perform one of the proposed tests, the do- release-upgrade one. We have found out that if an user has esm-infra enabled and has packages installed from that service, do-release-upgrade fails. That is because, on Trusty, do-release-upgrade thinks that esm- infra sources are Third-party sources and disables them. Which in turn, breaks the dependency chain of upgrading from Trusty to Xenial, as these packages don't have a "viable" candidate in Xenial anymore. This is a long living bug, that was not introduced in this package. Due to that, we will not act upon it right now. ** Attachment added: "trusty-test-results.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060566/+attachment/5769753/+files/trusty-test-results.tar.xz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060566 Title: Add esm-infra-legacy support for Trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060566/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2031192] Re: Enabling of Pro Services Does Not Update when using airgapped mirrors over http://
** Description changed: + [Impact] + + When users create an airgapped environement, they may create APT mirrors + for the ESM services that share a common base URL. For example, in this + bug here, the user was mirroring their services one: + + http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-apps-security + http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-apps-updates + http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-infra-security/ + http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-infra-updates/ + http://landscaperepo.com/repository/standalone/ubuntu/dists/fips-bionic/ + http://landscaperepo.com/repository/standalone/ubuntu/dists/jammy-esm-apps-security/ + + As we can see, all services share the + http://landscaperepo.com/repository/standalone/ APT url. + Since the Pro client was looking for unique urls to distinguish enabled services in the machine, this setup was not working. + + Now, instead of looking at the APT url, we are also looking at the suite + (i.e. bionic-esm-apps-security) + + If we identify that both APT url and suite are in the output of apt-cache policy + with the right permission number, we say that the service is enabled. + + This will unblock users that want to use the same APT url for their + airgapped setup. + + Additionally, we have discussed this issue with the Landscape team and + they assured us that we will always have an unique combination of APT + url and suite. + + + [Test cases] + + We have setup an integration test for this scenario on the Pro client codebase. + We will link the test result here. + + [ Regression Potential ] + + We believe we are now improving our check to see if the service is + enabled or not, as we are now considering a combination that we now will + be unique. Therefore, the only regression potential we can think is the + situation were we mistakenly create that combination (APT url + suite) + or check it in a wrong way in the output of apt-cache policy. + + However, we believe our integration tests should be enough to assert + that this is not the case. + + [ Original Description] + contract server is airgapped and running uaclient is pointing to the airgapped contract server to get entitlements Additionally, using a landscape server and it's underlying reprepro to mirror ESM and FIPs for airgap, this forces using http apt update is working over landscape over multiple repos. pro attach subscriptioncontract, is working next pro enable service is creating /etc/apt/auth.conf.d/90ubuntu-advantage with correct apt entry, apt update can pickup the airgapped repo but with warning of http:// For example: pro enable esm-apps Service Status is not getting updating pro status is showing after enablement of esm-apps SERVICE ENTITLED STATUSDESCRIPTION esm-apps yes disabled Expanded Security Maintenance for Applications esm-infrayes disabled Expanded Security Maintenance for Infrastructure Editing 90ubuntu-advantage to append http:// get rids of the apt update working but service status is not changing. Issuing pro enable esm-apps appends another entry and is a loop ubuntu-advantage.log is showing the following ["2023-08-11T16:54:20.596", "DEBUG", "uaclient.files.files", "read", 55, "File does not exist: /var/lib/ubuntu-advantage/user-config.json", {}] ["2023-08-11T16:54:22.233", "DEBUG", "root", "subp", 634, "Failed running command 'apt-cache policy' [exit(100)]. Message: E: Problem renaming the file /var/cache/apt/pkgcache.bin.K4g76Q to /var/cache/apt/pkgcache.bin - rename (2: No such file or directory)\nW: You may want to run apt-get update to correct these problems\nE: The package cache file is corrupted\n", {}] ["2023-08-11T16:54:22.233", "WARNING", "root", "subp", 636, "Stderr: E: Problem renaming the file /var/cache/apt/pkgcache.bin.K4g76Q to /var/cache/apt/pkgcache.bin - rename (2: No such file or directory)\nW: You may want to run apt-get update to correct these problems\nE: The package cache file is corrupted\n\nStdout: ", {}] ["2023-08-11T16:54:22.234", "DEBUG", "root", "subp", 640, "Failed running command 'apt-cache policy' [exit(100)]. Message: E: Problem renaming the file /var/cache/apt/pkgcache.bin.K4g76Q to /var/cache/apt/pkgcache.bin - rename (2: No such file or directory)\nW: You may want to run apt-get update to correct these problems\nE: The package cache file is corrupted\n Retrying 3 more times.", {}] ["2023-08-11T16:54:23.213", "DEBUG", "root", "_subp", 581, "Ran cmd: apt-get update, rc: 0 stderr: b''", {}] - - For auditing purposes the status of subscription and it's services is important to be correct. Additionally to insure correct packages for fips get installed. + For auditing purposes the status of subscription and it's services is + important to be correct. Additionally to insure
[Bug 2033313] Re: Rename ua_logs.tar.gz to up_logs.tar.gz
** Description changed: + [ Impact ] + + Since we want users to relate to the Pro name when using the client, + renaming the collect_logs output from ua_logs to pro_logs is a step on + that direction. + + [ Test Plan ] + + This is already covered by the integration tests tied to the next Pro release. + We will append the result of that test in this bug once verification is done. + + [ Regression Potential] + + This is just renaming a file, therefore we strongly believe that this + should not have any regression risks from our users, unless that are + automating the log collection somehow, which is not recommended. + + [ Original Description] + Ubuntu Advantage has been renamed to Ubuntu Pro, therefore the produced tar file should be renamed to align with these changes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2033313 Title: Rename ua_logs.tar.gz to up_logs.tar.gz To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2033313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060732] [NEW] [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic
Public bug reported: [ Impact ] This release brings both bug-fixes and new features for the Pro Client, and we would like to make sure all of our supported customers have access to these improvements on all releases. The most important changes are: - d/apparmor:introduce new ubuntu_pro_esm_cache apparmor policy - api: + u.pro.attac.token.full_token_attach.v1: add suppport for attach with token + u.pro.services.disable.v1: add support for disable operation + u.pro.services.enable.v1: add support for enable operation + u.pro.detach.v1: add support for detach operation + u.pro.status.is_attached.v1: add extra fields to API response + u.pro.services.dependencies.v1: add support for service dependencies + u.pro.security.fix.*.plan.v1: update ESM cache during plan API if needed - config: create public and private config (GH: #2809) - messaging: add consistent messaging for end-of-contract See the changelog entry below for a full list of changes and bugs. [ Test Plan ] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The Pro Client developers will be in charge of attaching the artifacts of the appropriate test runs to the bug, and will not mark ‘verification-done’ until this has happened. Additionally, we will perform manual tests for the public/private config feature that will be better discussed in the next section [ Discussion] This release will be introducing a split on our config for public and private information. This is to be explicit in the behavior a non-root and root user will see when running pro config show. For example, we believe that a non-root user should not see proxy data in pro config show. This information is now stored in a private config file. We need a mechanism to ensure that old versions of the Pro client would also get that split. To do that, we have created a script to run on postinst to adapt the existing pro config into this new setting. However, we have recently introduced the new ubuntu-pro-client package. That means that we cannot know beforehand from which package the user would be upgrading from, ubuntu-advantage-tools or ubuntu-pro-client. If the system already has ubuntu-pro-client and is upgrading to a new version of ubuntu-pro-client, that means all migrations present in ubuntu-advantage-tools.postinst must have already run at the time the system upgraded to the renamed ubuntu-pro-client. That mean this config migration should happen on ubuntu-pro-client.postinst If upgrading from before the rename to the current version (from before version 31), then not necessarily all migrations inside of ubuntu- advantage-tools.postinst will have already run. Because the migrations present in this file may depend on those previous migrations, then we need to make the migration on ubuntu-advantage-tools.postinst That is because there might be users running an old version of ubuntu- advantage-tools that have not yet upgraded to version 27.14. This version is the one that introduces the /var/lib/ubuntu-advantage/user- config.json. Therefore, we need to ensure to this migration happens first, before our public/private migration. Because of that, we are coordinating which postinst script will execute the migration. A more detailed explanation of this logic can be found on the script itself, lib/postinst-migrations.sh [ Changelog ] ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060732 Title: [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060732/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060566] Re: Add esm-infra-legacy support for Trusty
** Description changed: [Impact] As Trusty is reaching EOL of ESM support, we are now creating a new service called esm-infra-legacy to extend ESM support for more time. - Users who are entitled to that service, will need to run both of these - commands to enable the service in their machine: + This service will only be available and visible on Trusty and users who + are entitled to that service, will need to run both of these commands to + enable the service in their machine: $ ua refresh $ ua enable esm-infra-legacy - The first command will update the contract definitions on the machine, - making it aware of the esm-infra-legacy service, and the second command - enables it on the machine. + The first command will update the contract definitions on the machine, making it aware of the esm-infra-legacy service, and the second command enables it on the + machine. Additionally, we can see that esm-infra-legacy will be a standalone service, meaning that users won't need to have esm-infra already enabled before enabling that service. This also means that both esm-infra and esm-infra-legacy are completely independent of one another, in the sense that changes on esm-infra should not affect esm-infra-legacy and vice versa. However, there is one situation where esm-infra will impact esm- infra-legacy. We will better discuss that on the discussion section. Finally, users should now see esm-infra-legacy output on status from now on, when attached and unattached. Users will also see that service on the output of ua help as well. [Test cases] The Trusty version of the client only has a subset of the integration tests we have on the other releases that support the client. Due to that, we will need to perform several manual tests to guarantee that the support for esm-infra-legacy is working and we are not affecting existing customers. Therefore, besides running the current test for the Trusty package, we will run the following tests: * Enabling esm-infra-legacy - User is attached to a subscription that is entitled to esm-infra-legacy - User can see esm-infra-legacy on ua help - User can enable esm-infra-legacy through ua enable esm-infra-legacy - User see esm-infra-legacy as enabled on the output of ua status - User can see esm-infra-legacy enabled on the output of apt-cache policy - User can disable esm-infra-legacy - User can see that esm-infra-legacy is disabled on the machine - User enables esm-infra-legacy again - User can detach with esm-infra-legacy enabled on the machine * Interactions with esm-infra - User is attached to a subscription that is entitled to both esm-infra and esm-infra-legacy - User has esm-infra enabled - User can enable esm-infra-legacy - User can see both esm-infra and esm-infra-legacy as enabled on status - User can disable esm-infra-legacy and not affect esm-infra * User that is not entitled to esm-infra-legacy - User is attached to a subscription - User cannot enable esm-infra-legacy - User can see the service on status, which will show the service as not entitled * User that buys access to esm-infra-legacy - User is already attached to a subscription - User runs ua refresh - User enable esm-infra-legacy - User can see that the service is enabled on ua status * User that is attaching a new subscription - User subscription can be either entitled or not to esm-infra-legacy - In both situations, when the user runs ua attach, they will verify that: - esm-infra will be enabled by default - esm-infra-legacy should not be enabled by default * Upgrade scenarios: - User on Trusty running version <= 19.6 - User is attached to a subscription - User has esm-infra enabled - User upgrades to new Trusty package - User is still attached and sees esm-infra as enabled - User can enable esm-infra-legacy - User on Trusty running version <= 19.6 - User is attached to a subscription - User upgrades to new Trusty package - User enables esm-infra-legacy - User runs a do-release-upgrade - User will see that it is still attached - User still has esm-infra service enabled - User cannot see any indication of esm-infra-legacy on ua status and ua help - Users on other Ubuntu releases - Users should never see any mention of esm-infra-legacy service [Discussions] There are main aspects of the esm-infra-legacy service that need to be discussed here: The interaction between esm-infra-legacy and esm-infra and the disable strategy used for esm-infra-legacy. Regarding the first aspect, the services should be independent of one another, however there is one situation where that doesn't happen. If the user disables esm-infra it will also disable esm-infra-legacy. That is because the esm
[Bug 2060566] Re: Add esm-infra-legacy support for Trusty
** Also affects: ubuntu-advantage-tools (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060566 Title: Add esm-infra-legacy support for Trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060566/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060566] Re: Add esm-infra-legacy support for Trusty
** Description changed: - As Trusty is reaching EOL of ESM support, we are now creating a new - service called esm-infra-legacy to extend that support for more time + [Impact] + As Trusty is reaching EOL of ESM support, we are now creating a new service called esm-infra-legacy to extend ESM support for more time. + + Users who are entitled to that service, will need to run both of these + commands to enable the service in their machine: + + $ ua refresh + $ ua enable esm-infra-legacy + + The first command will update the contract definitions on the machine, making it aware of the esm-infra-legacy service, and the second command enables it on the + machine. + + Additionally, we can see that esm-infra-legacy will be a standalone + service, meaning that users won't need to have esm-infra already enabled + before enabling that service. This also means that both esm-infra and + esm-infra-legacy are completely independent of one another, in the sense + that changes on esm-infra should not affect esm-infra-legacy and vice + versa. However, there is one situation where esm-infra will impact esm- + infra-legacy. We will better discuss that on the discussion section. + + Finally, users should now see esm-infra-legacy output on status from now + on, when attached and unattached. Users will also see that service on + the output of ua help as well. + + [Test cases] + + The Trusty version of the client only has a subset of the integration + tests we have on the other releases that support the client. Due to + that, we will need to perform several manual tests to guarantee that the + support for esm-infra-legacy is working and we are not affecting + existing customers. + + Therefore, besides running the current test for the Trusty package, we + will run the following tests: + + * Enabling esm-infra-legacy + - User is attached to a subscription that is entitled to esm-infra-legacy + - User can see esm-infra-legacy on ua help + - User can enable esm-infra-legacy through ua enable esm-infra-legacy + - User see esm-infra-legacy as enabled on the output of ua status + - User can see esm-infra-legacy enabled on the output of apt-cache policy + - User can disable esm-infra-legacy + - User can see that esm-infra-legacy is disabled on the machine + - User enables esm-infra-legacy again + - User can detach with esm-infra-legacy enabled on the machine + + * Interactions with esm-infra + - User is attached to a subscription that is entitled to both esm-infra and esm-infra-legacy + - User has esm-infra enabled + - User can enable esm-infra-legacy + - User can see both esm-infra and esm-infra-legacy as enabled on status + - User can disable esm-infra-legacy and not affect esm-infra + + * User that is not entitled to esm-infra-legacy + - User is attached to a subscription + - User cannot enable esm-infra-legacy + - User can see the service on status, which will show the service as not entitled + + * User that buys access to esm-infra-legacy + - User is already attached to a subscription + - User runs ua refresh + - User enable esm-infra-legacy + - User can see that the service is enabled on ua status + + * User that is attaching a new subscription + - User subscription can be either entitled or not to esm-infra-legacy + - In both situations, when the user runs ua attach, they will verify that: + - esm-infra will be enabled by default + - esm-infra-legacy should not be enabled by default + + * Upgrade scenarios: + - User on Trusty running version <= 19.6 + - User is attached to a subscription + - User has esm-infra enabled + - User upgrades to new Trusty package + - User is still attached and sees esm-infra as enabled + - User can enable esm-infra-legacy + + - User on Trusty running version <= 19.6 + - User is attached to a subscription + - User upgrades to new Trusty package + - User enables esm-infra-legacy + - User runs a do-release-upgrade + - User will see that it is still attached + - User still has esm-infra service enabled + - User cannot see any indication of esm-infra-legacy on ua status and ua help + + - Users on other Ubuntu releases +- Users should never see any mention of esm-infra-legacy service + + + [Discussions] + + There are main aspects of the esm-infra-legacy service that need to be + discussed here: The interaction between esm-infra-legacy and esm-infra + and the disable strategy used for esm-infra-legacy. + + Regarding the first aspect, the services should be independent of one + another, however there is one situation where that doesn't happen. If + the user disables esm-infra it will also disable esm-infra-legacy. That + is because the esm-infra service in Trusty is disabled by performing the + following steps: + + * removing the service line from /etc/apt/auth.conf.d + * Create a preference file on /etc/apt/preferences.d with the following content: +
[Bug 2060566] [NEW] Add esm-infra-legacy support for Trusty
Public bug reported: As Trusty is reaching EOL of ESM support, we are now creating a new service called esm-infra-legacy to extend that support for more time ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060566 Title: Add esm-infra-legacy support for Trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060566/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059952] Re: pro sometimes runs before cloud-config.service
** Description changed: [ Impact ] Currently, the Pro client support a daemon named ubuntu-advantage.service that performs two actions: * Actively look for Pro licenses on Azure and GCP images to perform an auto-attach * Retry auto-attach on Pro images if that command fails on boot - Therefore, this daemon is only being activated on Azure and GCP images - and all Pro cloud images. + Therefore, this daemon is only being activated on generic Azure and GCP + images and all Pro cloud images. This daemon was originally setup to run after the cloud-config.service. However, due to a race condition, this is no longer happening. Right now, we manually check in the daemon code to see if the cloud-config service has finished. Unfortunately, this new logic now breaks the current Pro setup through cloud-init userdata in both GCP and Azure Pro cloud images. That is because our daemon is now running before cloud-init has even started running. This means that the daemon will perform the attach and not cloud-init itself. This will be clearer, in the following example: Let's imagine this situation where a user is launching a Pro GCP image: 1) User provides the following cloud-init userdata to the cloud image before booting it: #cloud-config ubuntu_advantage: enable: [] This means that the user wants no services to be enabled, but still want to attach to the Pro license. 2) Our daemon starts running before cloud-init has even started 3) Our daemon see the cloud-config.service as inactive and proceeds normally 4) Our daemon identifies that the user is running on a GCP instance and there is a valid Pro license for it. 5) Due to that, our daemon auto-attach the machine completely ignoring the cloud-init directives. Therefore, to fix that issue we need to guarantee that we will only execute the daemon, if and only if, cloud-init has already started. That is because, on this situation, the cloud-config.service will already perform the attach operation following the user directives. When the daemon starts running, it will see that the image is already attached and do nothing. Finally, given this scenario, this bug is only affecting GCP/Azure Pro images, as these are the only ones that will be able to reach the flow described here. [Discussion] To address that issue, we are now also checking if the cloud-init service has already started if we detect that cloud-config service is inactive. If it isn't, the daemon will sleep for an specific amount of time before trying again. [ Test Plan ] Since this is a first boot issue, we will need to create a custom image with the package in proposed. Then, we need to guarantee that Pro configuration delivered through cloud-init is being honored when we launch the image. Additionally, it is worth noting that we cannot reproduce this issue on a VM easily. That is because, we would need "mock" the VM to pass as one of the affected clouds and also add a valid Pro license to it. However, CPC is already aware of this issue and will help us creating the test plan here. [ Where problems could occur ] We are updating the cloud-init wait logic on the daemon. This could potentially make our daemon to not start. However, since we are just now waiting on the base cloud-init.service to start and we have already tested this solution in a custom image, we believe this is a low risk for this fix. [ Original Description ] We have recently updated the Pro to not strictly run after cloud-config.service. If cloud-config.service has not been started when pro runs, it can complete before cloud-config.service begins and thus the user-specificed pro configuration will be ignored since the instance is already attached. When cloud-config.service has yet to run, ubuntu-advantage.service should wait until it's finished before running. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059952 Title: pro sometimes runs before cloud-config.service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059952] Re: pro sometimes runs before cloud-config.service
** Description changed: [ Impact ] Currently, the Pro client support a daemon named ubuntu-advantage.service that performs two actions: * Actively look for Pro licenses on Azure and GCP images to perform an auto-attach * Retry auto-attach on Pro images if that command fails on boot Therefore, this daemon is only being activated on Azure and GCP images and all Pro cloud images. This daemon was originally setup to run after the cloud-config.service. However, due to a race condition, this is no longer happening. Right now, we manually check in the daemon code to see if the cloud-config service has finished. Unfortunately, this new logic now breaks the current Pro setup through cloud-init userdata in both GCP and Azure Pro cloud images. That is because our daemon is now running before cloud-init has even started running. This means that the daemon will perform the attach and not cloud-init itself. This will be clearer, in the following example: Let's imagine this situation where a user is launching a Pro GCP image: 1) User provides the following cloud-init userdata to the cloud image before booting it: #cloud-config ubuntu_advantage: - enable: [] + enable: [] - This means that the user wants to services to be enabled, but still want + This means that the user wants no services to be enabled, but still want to attach to the Pro license. 2) Our daemon starts running before cloud-init has even started 3) Our daemon see the cloud-config.service as inactive and proceeds normally 4) Our daemon identifies that the user is running on a GCP instance and there is a valid Pro license for it. 5) Due to that, our daemon auto-attach the machine completely ignoring the cloud-init directives. Therefore, to fix that issue we need to guarantee that we will only execute the daemon, if and only if, cloud-init has already started. That is because, on this situation, the cloud-config.service will already perform the attach operation following the user directives. When the daemon starts running, it will see that the image is already attached and do nothing. Finally, given this scenario, this bug is only affecting GCP/Azure Pro images, as these are the only ones that will be able to reach the flow described here. [Discussion] To address that issue, we are now also checking if the cloud-init service has already started if we detect that cloud-config service is inactive. If it isn't, the daemon will sleep for an specific amount of time before trying again. [ Test Plan ] Since this is a first boot issue, we will need to create a custom image with the package in proposed. Then, we need to guarantee that Pro configuration delivered through cloud-init is being honored when we launch the image. Additionally, it is worth noting that we cannot reproduce this issue on a VM easily. That is because, we would need "mock" the VM to pass as one of the affected clouds and also add a valid Pro license to it. However, CPC is already aware of this issue and will help us creating the test plan here. [ Where problems could occur ] We are updating the cloud-init wait logic on the daemon. This could potentially make our daemon to not start. However, since we are just now waiting on the base cloud-init.service to start and we have already tested this solution in a custom image, we believe this is a low risk for this fix. [ Original Description ] We have recently updated the Pro to not strictly run after cloud-config.service. If cloud-config.service has not been started when pro runs, it can complete before cloud-config.service begins and thus the user-specificed pro configuration will be ignored since the instance is already attached. When cloud-config.service has yet to run, ubuntu-advantage.service should wait until it's finished before running. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059952 Title: pro sometimes runs before cloud-config.service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059952] Re: pro sometimes runs before cloud-config.service
** Description changed: [ Impact ] - If the user has specified custom setup for the Pro client through cloud-init, there is a high chance that this setup will be ignored. + Currently, the Pro client support a daemon named ubuntu-advantage.service that + performs two actions: - This happened due to a recent change made on the Pro client. We - identified a race condition when our daemon waited for the cloud-config - service to be finished. We have removed that condition, by manually - checking the cloud-config service state in the daemon itself and only - proceeding if it has already finished. + * Actively look for Pro licenses on Azure and GCP images to perform an auto-attach + * Retry auto-attach on Pro images if that command fails on boot - However, there is a situation where the cloud-init service has not even - started yet, which would generate a inactive state for the cloud-config - service, allowing our daemon to proceed, causing the problem. + Therefore, this daemon is only being activated on Azure and GCP images + and all Pro cloud images. + + This daemon was originally setup to run after the cloud-config.service. However, + due to a race condition, this is no longer happening. Right now, we manually + check in the daemon code to see if the cloud-config service has finished. + + Unfortunately, this new logic now breaks the current Pro setup through + cloud-init userdata in both GCP and Azure Pro cloud images. That is + because our daemon is now running before cloud-init has even started + running. This means that the daemon will perform the attach and not + cloud-init itself. This will be clearer, in the following example: + + Let's imagine this situation where a user is launching a Pro GCP image: + + 1) User provides the following cloud-init userdata to the cloud image + before booting it: + + #cloud-config + + ubuntu_advantage: + enable: [] + + This means that the user wants to services to be enabled, but still want + to attach to the Pro license. + + 2) Our daemon starts running before cloud-init has even started + 3) Our daemon see the cloud-config.service as inactive and proceeds normally + 4) Our daemon identifies that the user is running on a GCP instance and there is a valid Pro license for it. + 5) Due to that, our daemon auto-attach the machine completely ignoring the cloud-init directives. + + Therefore, to fix that issue we need to guarantee that we will only + execute the daemon, if and only if, cloud-init has already started. That + is because, on this situation, the cloud-config.service will already + perform the attach operation following the user directives. When the + daemon starts running, it will see that the image is already attached + and do nothing. + + Finally, given this scenario, this bug is only affecting GCP/Azure Pro + images, as these are the only ones that will be able to reach the flow + described here. [Discussion] To address that issue, we are now also checking if the cloud-init service has already started if we detect that cloud-config service is inactive. If it isn't, the daemon will sleep for an specific amount of time before trying again. [ Test Plan ] Since this is a first boot issue, we will need to create a custom image with the package in proposed. Then, we need to guarantee that Pro configuration delivered through cloud-init is being honored when we launch the image. - CPC is already aware of this issue and will help us creating the test - plan here. + Additionally, it is worth noting that we cannot reproduce this issue on + a VM easily. That is because, we would need "mock" the VM to pass as one + of the affected clouds and also add a valid Pro license to it. + + However, CPC is already aware of this issue and will help us creating + the test plan here. [ Where problems could occur ] We are updating the cloud-init wait logic on the daemon. This could potentially make our daemon to not start. However, since we are just now waiting on the base cloud-init.service to start and we have already tested this solution in a custom image, we believe this is a low risk for this fix. [ Original Description ] We have recently updated the Pro to not strictly run after cloud-config.service. If cloud-config.service has not been started when pro runs, it can complete before cloud-config.service begins and thus the user-specificed pro configuration will be ignored since the instance is already attached. When cloud-config.service has yet to run, ubuntu-advantage.service should wait until it's finished before running. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059952 Title: pro sometimes runs before cloud-config.service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions -- ubuntu-bugs mailing list ubunt
[Bug 2059952] Re: pro sometimes runs before cloud-config.service
** Description changed: - We have recently updated the Pro to not strictly run after cloud- - config.service. If cloud-config.service has not been started when pro - runs, it can complete before cloud-config.service begins and thus the - user-specificed pro configuration will be ignored since the instance is - already attached. + [ Impact ] + If the user has specified custom setup for the Pro client through cloud-init, there is a high chance that this setup will be ignored. + + This happened due to a recent change made on the Pro client. We + identified a race condition when our daemon waited for the cloud-config + service to be finished. We have removed that condition, by manually + checking the cloud-config service state in the daemon itself and only + proceeding if it has already finished. + + However, there is a situation where the cloud-init service has not even + started yet, which would generate a inactive state for the cloud-config + service, allowing our daemon to proceed, causing the problem. + + [Discussion] + + To address that issue, we are now also checking if the cloud-init service + has already started if we detect that cloud-config service is inactive. If it isn't, the daemon will sleep for an specific amount of time before trying again. + + [ Test Plan ] + Since this is a first boot issue, we will need to create a custom image with the package in proposed. Then, we need to guarantee that Pro configuration delivered + through cloud-init is being honored when we launch the image. + + CPC is already aware of this issue and will help us creating the test + plan here. + + [ Where problems could occur ] + We are updating the cloud-init wait logic on the daemon. This could potentially make our daemon to not start. However, since we are just now waiting on the base cloud-init.service to start and we have already tested this solution in a custom image, we believe this is a low risk for this fix. + + [ Original Description ] + We have recently updated the Pro to not strictly run after cloud-config.service. If cloud-config.service has not been started when pro runs, it can complete before cloud-config.service begins and thus the user-specificed pro configuration will be ignored since the instance is already attached. When cloud-config.service has yet to run, ubuntu-advantage.service should wait until it's finished before running. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059952 Title: pro sometimes runs before cloud-config.service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059952] [NEW] pro sometimes runs before cloud-config.service
Public bug reported: We have recently updated the Pro to not strictly run after cloud- config.service. If cloud-config.service has not been started when pro runs, it can complete before cloud-config.service begins and thus the user-specificed pro configuration will be ignored since the instance is already attached. When cloud-config.service has yet to run, ubuntu-advantage.service should wait until it's finished before running. ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059952 Title: pro sometimes runs before cloud-config.service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059306] Re: [Feature Request] Inform user of Ubuntu Pro network requirements
Hi Brandon Castillo, I think that is a good idea and I agree that we can make this error message better. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059306 Title: [Feature Request] Inform user of Ubuntu Pro network requirements To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059306/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1707290] Re: Removing package leaves motd script in place, renders incorrect motd
We no longer ship the 99-esm file, so we shouldn't be affected by this issue anymore. Additionally, I have double checked the new update-motd scripts we deliver and I can confirm they will not break the system if the user just removes the packages, since we have a check that prevent invalid files from being read, for example, this is the output of our 88-esm-announce script: ``` #!/bin/sh stamp="/var/lib/ubuntu-advantage/messages/motd-esm-announce" [ ! -r "$stamp" ] || cat "$stamp" ``` Because of that, I am marking this bug as invalid for the current version of UA. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: Triaged => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1707290 Title: Removing package leaves motd script in place, renders incorrect motd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-advantage-script/+bug/1707290/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1974472] Re: The package cache file is corrupted, it has the wrong hash
Hi dabbsa, thanks for reporting this. I could not reproduce this error by running either attach or enable directly. Just to confirm something, if the error still persist in the machine, can you please send us the output of running apt-get update on the system ? ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1974472 Title: The package cache file is corrupted, it has the wrong hash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1974472/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1973320] Re: ua attach doesn't finish properly and shows "unexpected error" as a message
Hi Filipi, Can ypu please send us the output of running the command: $ sudo ua collect-logs This will generate a a tar file named: ua_logs.tar.gz With the logs there, we can better understand what happened during the failure you mentioned ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973320 Title: ua attach doesn't finish properly and shows "unexpected error" as a message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1973320/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1972900] Re: package ubuntu-advantage-tools 27.8~22.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 1
Hi Daevid, Looking at the dpkg logs, it seems that we are trying to import the yaml module from an incorrect path: File "/usr/lib/python3/dist-packages/uaclient/config.py", line 11, in import yaml File "/root/.local/lib/python2.7/site-packages/yaml/__init__.py", line 2, in from error import * Instead of importing it from the standard python path, we are using the path /root/.local/lib/python2.7/. How was the python yaml module installed on the system ? PS: I am marking this issue as incomplete just until you provide that install information. After that, we can check what is the path to fix this issue ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1972900 Title: package ubuntu-advantage-tools 27.8~22.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1972900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1972026] Re: ua status incorrectly lists reboot required for pre-built FIPS cloud image
Hi Eric, No, the problem here is that the FIPS message you are seeing: Reboot to FIPS kernel required Is not being properly removed by our tool. We will fix this in a subsequent release of UA. Not that this doesn't cause the lsb_release issue you mentioned at all. Additionally, the lsb_release command output is not related to ubuntu-advantage-tools at all. Also, `lsb_release` source the information from /etc/lsb-release, which fields identify the OS distribution and FIPS enablement is not a separate OS product. However, we can discuss this more if needed ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1972026 Title: ua status incorrectly lists reboot required for pre-built FIPS cloud image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1972026/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1969125] Re: [SRU] ubuntu-advantage-tools (27.7 -> 27.8) Xenial, Bionic, Focal, Impish, Jammy
We have run the full ubuntu-advantage-tools integration test suite against the version in -proposed. The results are attached. All tests passed. You can verify the correct version was used by checking the output of the first test in each file, which prints the version number. I am marking the verification done for this SRU. ** Attachment added: "release-27.8-test-results.tar.gz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1969125/+attachment/5587462/+files/release-27.8-test-results.tar.gz ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-impish verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1969125 Title: [SRU] ubuntu-advantage-tools (27.7 -> 27.8) Xenial, Bionic, Focal, Impish, Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1969125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1969809] Re: ua fails if any package removed from server
Hi cs-huit, thanks for reporting this issue. Looking at the logs this seems like a real bug on UA regarding the ua fix command. I will make a PR that address this issue. However, on the meantime, if you want to keep those packages, please run: $ ua enable esm-infra And then run: $ ua fix USN-4994-2 It should not prompt you anymore for enabling esm-infra and the command should finish without other exceptions. But please let me know if doing that still cause some issues. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1969809 Title: ua fails if any package removed from server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1969809/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968067] Re: upgrade_lts_contract.py exception on impish and later
** Description changed: + [Impact] + When users are upgrading their machines, we run the upgrade_lts_contract script to ensure that the services that were unable will keep being enable in the new ubuntu release the users are upgraded too. + + Currently, if the user upgrades directly from Focal to Jammy, the script + will error out because we are missing the entries for Focal and Impish + on that script. + + Therefore, even though we might not have full support for some services + in Jammy yet, we should not error out on that script and allow it to + complete; + + + [Test Case] + To reproduce the bug: follow these steps: + + 1. Launch a jammy machine + 2. Attach to a valid UA token + 3. run `sudo python3 /usr/lib/ubuntu-advantage/upgrade_lts_contract.py` + + And to verify that the fix works: + + 1. Upgrade UA to version 27.8 + 2. re-run `sudo python3 /usr/lib/ubuntu-advantage/upgrade_lts_contract.py` and confirm no errors are raised + + + [Regression Potential] + We are just adding the new releases into our support dict and providing better error messages if that problem happens again in the future. Therefore, we don't believe we have a big regression issue here. + + [Original Description] + See this error https://errors.ubuntu.com/problem/864d1a4d38167a7b009ce993125030b58eb012d5 When upgrading from focal -> impish or from impish -> jammy, a KeyError will occur in the upgrade_lts_contract.py script from ubuntu-advantage- tools. This happens because that script has not been kept up-to-date with new ubuntu series names since groovy. We plan to fix this bug in our next release of ubuntu-advantage-tools, which will be version 27.8 and should occur within the next month. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968067 Title: upgrade_lts_contract.py exception on impish and later To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1968067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1969125] [NEW] [SRU] ubuntu-advantage-tools (27.7 -> 27.8) Xenial, Bionic, Focal, Impish, Jammy
Public bug reported: [Impact] This release sports both bug-fixes and new features and we would like to make sure all of our supported customers have access to these improvements. The notable ones are: * add support for realtime kernel service on Jammy as a beta service * update code to use new contract overrides directive * Make FIPS an incompatible service for FIPS Updates * Unhold more FIPS packages when enabling FIPS * Unhold FIPS packages when enabling FIPS Updates See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu- advantage-tools team members will not mark ‘verification-done’ until this has happened. [Regression Potential] Since we using a new contracts directive to perform series and cloud specific overrides on the entitlements definitions, we could be parsing that information incorrectly, not respecting the overrides. We have an extensive number of tests to cover different scenarios for services enablement/disablement to verify is this is not happening, but it can still be a problem. We are also adding a new service that can only be enabled on Jammy. This service is incompatible with Livepatch, FIPS and FIPS Updates. If we have made any mistake on that implementation, we could have a gap where users will be able to enable it on other series or together with the incompatible services, but we do have tests that cover that. [Discussion] Most of the FIPS work on this release is aimed at allowing FIPS PRO machines to enable FIPS Updates if necessary. On those machines, the FIPS packages are installed and hold during the image creation. When UA runs auto-attach on the first boot, we enable FIPS and unhold those packages. However, we have identified that we were not unholding all of the FIPS packages anymore. This means that if an user tries to enable FIPS Updates, it will fail because we will not be able to install some of the FIPS Updates packages due to some package holds. Besides fixing that, we have also added safer mechanisms here to guarantee that we will properly unhold all the packages, like unholding them when FIPS Updates is being enabled. [Changelog] * New upstream release 27.8 - entitlements: apply overrides from the contract response - fips: + unhold fips package when enabling fips-updates + make fips service incompatible with fips-updates + unhold more packages when enabling fips - lib: fix upgrade script for unsupported releases - realtime: add suport for realtime kernel beta service on Jammy ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: New ** Affects: ubuntu-advantage-tools (Ubuntu Xenial) Importance: Undecided Status: New ** Affects: ubuntu-advantage-tools (Ubuntu Bionic) Importance: Undecided Status: New ** Affects: ubuntu-advantage-tools (Ubuntu Focal) Importance: Undecided Status: New ** Affects: ubuntu-advantage-tools (Ubuntu Impish) Importance: Undecided Status: New ** Affects: ubuntu-advantage-tools (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1969125 Title: [SRU] ubuntu-advantage-tools (27.7 -> 27.8) Xenial, Bionic, Focal, Impish, Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1969125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968067] Re: upgrade_lts_contract.py exception on impish and later
We have a PR up fixing this issue: https://github.com/canonical/ubuntu-advantage-client/pull/2028 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968067 Title: upgrade_lts_contract.py exception on impish and later To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1968067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964028] Re: [SRU] ubuntu-advantage-tools (27.6 -> 27.7) Xenial, Bionic, Focal, Impish
We have performed the test for release 27.7 using the package that is proposed ** Attachment added: "ua-test-results-27.7.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1964028/+attachment/5573894/+files/ua-test-results-27.7.tar.xz ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-impish verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964028 Title: [SRU] ubuntu-advantage-tools (27.6 -> 27.7) Xenial, Bionic, Focal, Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1964028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1965138] Re: Desktop application should check for service available information before listing it
Just approved the PR robert-ancell Also, I understand the need to use status.json directly. In the future we can better discuss on how we can extend `ua status --format json` to the Desktop needs to simplify that process. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1965138 Title: Desktop application should check for service available information before listing it To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-desktop-daemon/+bug/1965138/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1965138] [NEW] Desktop application should check for service available information before listing it
Public bug reported: Currently, it seems that software-properties is incorrectly assuming that both ESM and Livepatch services can be enabled in a Jammy machine. Those services are not yet available in Jammy and we are attaching an image showing that the Desktop message is that we had an error enabling then and that the user should try again. It seems that software-proporties source `/var/lib/ubuntu- advantage/status.json` and assumes the services is available if it appears on the services list and the `entitled` field has the `yes` value. However, it is perfectly possible for a service to be entitled to an user, but not available in the user's machine. We are now suggesting that software-properties also looks at the `available` field in the services json output to make that assumption, this will probably solve the issue we are seeing on Jammy. Another approach would be using the output of `ua status --format json` directly. However, this command will make a request to the contract's server if the user is unattached and maybe it is not wise to use it in that context. However, the output of that command only show services that are available, so we would not need to apply that extra available filter to it. ** Affects: software-properties (Ubuntu) Importance: Undecided Status: New ** Attachment added: "jammy-desktop-error.png" https://bugs.launchpad.net/bugs/1965138/+attachment/5569662/+files/jammy-desktop-error.png -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1965138 Title: Desktop application should check for service available information before listing it To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1965138/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961168] Re: package ubuntu-advantage-tools 27.6~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 139
Hi arnoldthebat, Just to double check, were you attached to an UA subscription before performing apt upgrade ? Also, does the problem persist if you run: apt-get install ubuntu-advantage-tools -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961168 Title: package ubuntu-advantage-tools 27.6~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 139 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1961168/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1960689] Re: livepatch is not able to enabled
Hi Gene Sun, This is a really odd issue and I have never experienced it before. I think the best path forward is to contact the snapd team and ask for help there, as this could be a bug on the package: https://bugs.launchpad.net/ubuntu/+source/snapd Since this is issue is snapd related, I am closing this issue for now. But if you are able to sort the snapd issue and livepatch still fails, please contact us again and we will more than glad to help you with that. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1960689 Title: livepatch is not able to enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1960689/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1960689] Re: livepatch is not able to enabled
Hello Gene Sun, It seems there is something wrong if your snapd service. What is the output of running: $ systemctl status snapd And if the service is not running, can you run: $ systemctl start snapd.service And double check if snap services is now running as expected ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1960689 Title: livepatch is not able to enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1960689/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1960712] Re: package ubuntu-advantage-tools 27.6~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess was killed by signal (Terminated)
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Opinion -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1960712 Title: package ubuntu-advantage-tools 27.6~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess was killed by signal (Terminated) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1960712/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1960198] Re: package ubuntu-advantage-tools 27.5~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 126
Hi sahbi, when looking at the DpkgTerminalLog, I found that entry when the error happened on ubuntu-advantage-tools: /usr/bin/python3: Permission denied Was there are any recent modifications on your python environment ? Our postinst script do need to run python code, so if we cannot run the interpreter somehow, the package will definitely fail to install -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1960198 Title: package ubuntu-advantage-tools 27.5~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 126 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1960198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958556] Re: [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Impish
We have performed the test using version 27.6 found in the proposed pocket. ** Attachment added: "sru-release-27.6.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1958556/+attachment/5559186/+files/sru-release-27.6.tar.xz ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-impish verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958556 Title: [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1958556/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958556] Re: [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Impish
Hi Robie, I think you spotted a gap in our solution, we should be redacting older logs in the postinst function before we make then world readable. We should not rely on the logrotate functionality for this. I will remove that commit from the release and update it accordingly. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958556 Title: [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1958556/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958556] Re: [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Impish
** Description changed: [Impact] The main focus of this release is to allow focal cloud users to enable FIPS services on their machines. Furthermore, we are also performing some small fixes in the code: * Fixing how apt and motd messages are updated after some ua operations * Disable the license check job after attach/auto-attach operations. Additionally, we are now making our logs word readable We have spent a lot time debugging our logs to see if are leaking any credentials there, but we are now sure that we have redacted all of the private information See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu- advantage-tools team members will not mark ‘verification-done’ until this has happened. Integration test artifacts are attached to the bug. [Regression Potential] Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved. However, by making the logs world readable, we could be still leaking some credentials there which would be now readable be every user on the machine. [Discussion] Even though the focus of this release is on allowing FIPS services on Focal machines, the major change of this release is making the logs world readable. + The reason for making the logs world readable is that we don't have any + major reason keep it readable by only sudo users. Also, this will also + allow for non-root users to more easily open bugs that affect the + package. + We have performed several tests on different scenarios to verify that the logs are not leaking, but even though we have tested it multiple times, we could still have a blind spot on that work. If we do have those leaks, this means that user on the machine can try to use the leaked credentials on other machines. This will not affect the machines already attached to an UA subscription. If the team has any reservations about this work, we can better discuss a better path moving forward here. [Changelog] * d/tools.postinst: - make log files world readable * New upstream release 27.6 - cli: only go for resources on explicit help calls - fips: + allow enabling FIPS on focal clouds + update prompt messages - jobs: disable jobs after attach/auto-attach - message: fix how apt and motd messages are updated after ua commands -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958556 Title: [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1958556/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958556] [NEW] [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Hirsute, Impish
Public bug reported: [Impact] The main focus of this release is to allow focal cloud users to enable FIPS services on their machines. Furthermore, we are also performing some small fixes in the code: * Fixing how apt and motd messages are updated after some ua operations * Disable the license check job after attach/auto-attach operations. Additionally, we are now making our logs word readable We have spent a lot time debugging our logs to see if are leaking any credentials there, but we are now sure that we have redacted all of the private information See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu- advantage-tools team members will not mark ‘verification-done’ until this has happened. Integration test artifacts are attached to the bug. [Regression Potential] Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved. However, by making the logs world readable, we could be still leaking some credentials there which would be now readable be every user on the machine. [Discussion] Even though the focus of this release is on allowing FIPS services on Focal machines, the major change of this release is making the logs world readable. We have performed several tests on different scenarios to verify that the logs are not leaking, but even though we have tested it multiple times, we could still have a blind spot on that work. If we do have those leaks, this means that user on the machine can try to use the leaked credentials on other machines. This will not affect the machines already attached to an UA subscription. If the team has any reservations about this work, we can better discuss a better path moving forward here. [Changelog] * d/tools.postinst: - make log files world readable * New upstream release 27.6 - cli: only go for resources on explicit help calls - fips: + allow enabling FIPS on focal clouds + update prompt messages - jobs: disable jobs after attach/auto-attach - message: fix how apt and motd messages are updated after ua commands ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: New ** Description changed: [Impact] The main focus of this release is to allow focal cloud users to enable FIPS services on their machines. Furthermore, we are also performing some small fixes in the code: * Fixing how apt and motd messages are updated after some ua operations * Disable the license check job after attach/auto-attach operations. Additionally, we are now making our logs word readable - See the changelog entry below for a full list of changes and bugs. We have spent a lot time - debugging our logs to see if are leaking any credentials there, but we are now sure that we - have redacted all of the private information + We have spent a lot time debugging our logs to see if are leaking any + credentials there, but we are now sure that we have redacted all of the + private information + + See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates - The ubuntu-advantage-tools team will be in charge of attaching the artifacts and - console output of the appropriate run to the bug. ubuntu-advantage-tools team - members will not mark ‘verification-done’ until this has happened. + The ubuntu-advantage-tools team will be in charge of attaching the + artifacts and console output of the appropriate run to the bug. ubuntu- + advantage-tools team members will not mark ‘verification-done’ until + this has happened. Integration test artifacts are attached to the bug. [Regression Potential] Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved. However, by making the logs world readable, we could be still leaking some credentials there which would be now readable be every user on the machine. - [Discussion] Even though the focus of this release is on allowing FIPS services on Focal machines, the major change of this release is making the logs world readable. We have performed several tests on different scenarios to verify that the logs are not leaking, but even though we have tested it multiple times, we could still have a blind spot on that work. If we do have those leaks, this means that user on the machine can try to use the leaked credentials on other machines. This will not affect the machines already attached to an UA subscription. If the team has any reservations about this work, we can better discuss - be
[Bug 1951705] Re: traceback from postinst on upgrade
Here is the results of our tests for this issue on release 27.4.2 Note that this issue should only affect LTS releases, which can be verified on the hirsute and impish tests. we have also appended the test script we have used to generate those results ** Attachment added: "release-27.4.2-test-results.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+attachment/5543613/+files/release-27.4.2-test-results.tar.xz ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute verification-needed-impish verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-hirsute verification-done-impish verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951705 Title: traceback from postinst on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952166] Re: ubuntu-bug ubuntu-advantage-tools error
Hi phuctruonghoang, Can you better describe what was the issue that happened with ubuntu- advantage-tools ? Also, can you please run: ua collect-logs And attach the results here, so after you describe the issue we can better investigate it. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952166 Title: ubuntu-bug ubuntu-advantage-tools error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1952166/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950576] Re: UA cli / Exception on launch
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950576 Title: UA cli / Exception on launch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950576/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950433] Re: Enabling service results in error
Awesome :) I will close this bug then, but if anything else comes up, please let us know ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950433 Title: Enabling service results in error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1951705] Re: ubuntu-advantage-tools (27.4.1 -> 27.4.2) Xenial, Bionic, Focal, Hirsute, Impish
** Summary changed: - traceback from postinst on upgrade + ubuntu-advantage-tools (27.4.1 -> 27.4.2) Xenial, Bionic, Focal, Hirsute, Impish -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951705 Title: ubuntu-advantage-tools (27.4.1 -> 27.4.2) Xenial, Bionic, Focal, Hirsute, Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1951705] Re: traceback from postinst on upgrade
** Description changed: + [Original bug description] I noticed this on an upgrade in focal: Setting up ubuntu-advantage-tools (27.4.1~20.04.1) ... Installing new version of config file /etc/ubuntu-advantage/uaclient.conf ... Traceback (most recent call last): - File "", line 10, in + File "", line 10, in KeyError: 'status' Traceback (most recent call last): - File "", line 10, in + File "", line 10, in KeyError: 'status' It's clearly nonfatal, but we shouldn't see python tracebacks in upgrade logs. + + [Impact] + This releases will guarantee that unattached users installing ubuntu-advantage-tools in an architecture that is different from i386 and amd64 + will no longer see the KeyError issue. Additionally, this will guarantee that the postinst flow where this error is triggered will be finished. However, this should not impact users that saw this bug, since the function was cleaning up old apt sources for esm-infra and esm-apps. However, since the user is unattached, that cleanup should have already happened if those service were once enabled. + + + [Test Case] + + 1.Launch an ubuntu machine: + $ lxc launch ubuntu-daily:xenial dev-x + 2. SSH into the machine and update ubuntu-advantage-tools to 27.4.1 + 3. Run ua status + 4. Go into /var/lib/dpkg/info/ubuntu-advantage-tools.postinst and +change the ESM_SUPPORTED_ARCHS variable to be empty + 5. Run dpkg-reconfigure ubuntu-advantage-tools + 6. Confirm that the expected error is there + 7. Install the new UA package 27.4.2 +https://launchpad.net/~ua-client/+archive/ubuntu/staging/ + 8. Go into /var/lib/dpkg/info/ubuntu-advantage-tools.postinst and +change the ESM_SUPPORTED_ARCHS variable to be empty + 9. Run the dpkg command again and verify that no errors are shown + + + + + [Regression Potential] + We currently don't see any regression potential, we are just making the code more resilient to potential errors on unattached scenarios. + + [Discussion] + Even though this will not affect all architecturse, we believe it is safer to address this as soon as possible, since we don't know when our next major release will be. + + [Changelog] + + * d/tools.postinst: +- Fix check_service_is_enabled function when the machine is + unattached (LP: #1951705) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951705 Title: traceback from postinst on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1951954] Re: ua refresh "Unexpected error(s) occurred"
Hi Albourne, can please run: ua collect-logs And append the result here so we can better investigate this issue ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951954 Title: ua refresh "Unexpected error(s) occurred" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1951705] Re: traceback from postinst on upgrade
Hi Steve and Oli, we have landed the fix on main we will soon release it. Thanks for reporting this issue and providing the additional context for it ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951705 Title: traceback from postinst on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950433] Re: Enabling service results in error
Hi c-kras, we have invalidated that token for you. You can now go to: https://ubuntu.com/advantage And get a new token for you. Also, please verify if you have other machines using the old token as well, just so you can update them to the new one -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950433 Title: Enabling service results in error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1951705] Re: traceback from postinst on upgrade
Hi Steve, I am also trying to reproduce this issue but so far I am unable to reproduce it using a clean lxd focal VM with ubuntu-advantage- tools version 27.3 installed by default. I tried running upgrade with a machine attached and unattached but still no failure prompts were generated. Was there any config changes applied to the machine before the upgrade ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951705 Title: traceback from postinst on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950692] Re: Ubuntu advantage tools should be removable without breakage of the core system functionality
Hi Norbert, This happens because ubuntu-advantage-tools is a package dependency of the ubuntu-minimal metapackage. Although it is possible to change that from a Depends to a Recommends, we will need to have a broader discussion about it. I suggest sending the request into this mailing list to see the broader opinion of the Ubuntu developers: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel Another thing we must take into consideration is that we need to also understand how update-manager is depending on ubuntu-advantage-tools and if we could also change the dependency there to Recommends. But that can be also better discussed in the mailing list. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: Confirmed => Opinion -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950692 Title: Ubuntu advantage tools should be removable without breakage of the core system functionality To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950692/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949634] Re: [SRU] ubuntu-advantage-tools (27.3 -> 27.4) Xenial, Bionic, Focal, Hirsute, Impish
Adding all of the tests results for this SRU ** Attachment added: "sru-verification-27.4.1.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1949634/+attachment/5541258/+files/sru-verification-27.4.1.tar.xz ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute verification-needed-impish verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-hirsute verification-done-impish verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949634 Title: [SRU] ubuntu-advantage-tools (27.3 -> 27.4) Xenial, Bionic, Focal, Hirsute, Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1949634/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950433] Re: Enabling service results in error
Hi c-kras, to invalidate the token please: 1. Run ua detach on the machine 2. Inform us that the machine is detached Once that is done, we will invalidate the token for you and we will let you know when a new token will be available for you. Now, regarding the error you posted, can you confirm if that apt repo link works ? If not, then I think this error is expected and I suggest changing for a valid apt repo link -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950433 Title: Enabling service results in error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950433] Re: Enabling service results in error
Sorry c-kras, you have accidentally leaked your resource token in this thread. You will need to invalidate your current token and generate a new one. Let me know if you need any help with that. And about the issue, can you send the full error that you see when you run ua enable -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950433 Title: Enabling service results in error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950576] Re: UA cli / Exception on launch
Hi freeeflyer, Can you take a look into /var/lib/ubuntu-advantage/private/machine- token.json and confirm if there any resourceTokens entry there without a "type" key ? One easy way to read that file is by installing the jq package. You can run the following command: cat /var/lib/ubuntu-advantage/private/machine-token.json | jq . > out Then just open the out file and verify the resourceTokens there -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950576 Title: UA cli / Exception on launch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950576/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1947506] Re: failed to call "sudo ua attach 'key'" with unexpected error
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1947506 Title: failed to call "sudo ua attach 'key'" with unexpected error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1947506/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950433] Re: Enabling service results in error
Awesome, so let's recreate that machine-id now: 1. Delete the /etc/machine-id file 2. Run systemd-machine-id-setup Hopefully this will create a machine-id without any special characters on it. If that is true, you can just attach again and enable esm-infra -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950433 Title: Enabling service results in error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950433] Re: Enabling service results in error
Fair enough, my mistake. I was running this directly on the interpreter. But let me try something here, can you run this command without errors: ua detach -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950433 Title: Enabling service results in error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950433] Re: Enabling service results in error
Yeah, that's a really odd problem. I tried using the same machine-id you provided on a Xenial container but was unable to reproduce any of the problems here. The enable operation was successful even using the machine-id with a newline character. Can you run the following python script and append the result here: -- from uaclient.config import UAConfig from uaclient.util import get_machine_id get_machine_id(UAConfig()) When I run this, this is the output I am getting on my Xenial machine: '1ec59c1328c24dc88642e5ba37159708\\nf81' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950433 Title: Enabling service results in error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950433] Re: Enabling service results in error
Hi Htbaa, This is weird because I think this type of special character should not be allowed on the machine-id. Also, it seems that you are already attached to an UA subscription. To attach we also use the machine-id so it is weird that attach worked and enable does not. Can you attach /var/log/ubuntu-advantange.log here so I can verify what happened during attach. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950433 Title: Enabling service results in error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950230] Re: cloud-init crashed with NameError in parse_version(): name 'PkgResourcesDeprecationWarning' is not defined
Hi guiverc, can you please also append the /var/log/cloud-init.log file to this bug -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950230 Title: cloud-init crashed with NameError in parse_version(): name 'PkgResourcesDeprecationWarning' is not defined To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1950230/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950433] Re: Enabling service results in error
Hi Htbaa, I think that's exactly the problem we are facing. Just to be clear, can you confirm if the id in /etc/machine-id is the one reported in this issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950433 Title: Enabling service results in error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950433/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949634] Re: [SRU] ubuntu-advantage-tools (27.3 -> 27.4) Xenial, Bionic, Focal, Hirsute, Impish
** Description changed: [Impact] This releases will turn on the metering job by default. The metering job will report which services are being used to the contract server every 4 hours. Since we already have the timer mechanism in place, we believe the substantial risk for this release is that the job may not work as intended and fail during the execution. However, this will not block any of the other existing jobs from running, so it should be a low risk addition. Furthermore, these are the additional functionalities we are adding: * Make cc-eal a non-beta service * Update ua fix return code: - - exit 0 when fix is successfully applied and completed - - exit 1 when fix cannot be applied - - exit 2 when fix requires a reboot to complete + - exit 0 when fix is successfully applied and completed + - exit 1 when fix cannot be applied + - exit 2 when fix requires a reboot to complete * Allow livepatch to be enabled together with fips-updates * New security-status subcommand that lists potentially available security and ESM updates * Set PYTHONPATH during postinst to avoid problems that happen when users have a custom python installation (LP: #1930121) Additionally, we are also addressing some bugs we found along the way: * Do not use proxy configuration when reaching clouds IMDS endpoint during auto-attach operation * Attach will save machine-id during operation * Detach won't ask unnecessary questions - (For example, when ROS is enabled we don't want to notify user about dependent services, since all services will be disabled anyway) + (For example, when ROS is enabled we don't want to notify user about dependent services, since all services will be disabled anyway) See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. - [Regression Potential] In order to mitigate the regression potential, the results of the aforementioned integration tests are attached to this bug. Since we are adding a new job, we need to make sure that if it fails we will not interfere with any of the other jobs that were already delivered on release 27.3. Currently, our script that handles the job execution should cover this. If the metering job fails it should just add a new log entry into /var/log/ubuntu-advantage-timer.log. For the ua fix update, we don't think we can cause a regression, since the command was always returning 0, no matter what happened during the execution. We believe the new return codes are better now. + Additionally, we are now also setting up the PYTHONPATH during postinst. + This should not change the behavior of any of the python commands we are issuing, we just want to guarantee that users with a custom python install + will not be affected when performing an install/upgrade operation here. However, we are now adding a dependency on the env command during an install/upgrade operation and this is a postinst change and it could cause + unexpected regressions, even though we currently believe the new change does not pose a high risk of regression. + The other fixes are either bug fixes or service changes (cc-eal) that should not pose a regression risk on current behavior of the ua client, since our tests are passing with those new changes. [Discussion] The addition of the new job was tested by the contracts team and it seems to be working fine. However, we will need to keep an eye open to see if the metering job is working as expected and delivering the desired information to the contract backend. [Changelog] -* d/tools.postinst: - - hardcode python binary and PYTHONPATH (LP: #1930121) - - undo unnecessary log file creation - * New upstream release 27.4 - - cc-eal: remove beta flag - - cli: - + attach will save machine-id during operation - + detach won't ask unnecessary questions - + new security-status subcommand lists potentially available - security and ESM updates (beta) - - fix: - + exit 0 when fix is successfully applied and completed - + exit 1 when fix cannot be applied - + exit 2 when fix requires a reboot to complete - + check reboot-required.pkgs for better reboot suggestions - - livepatch: allow livepatch and fips-updates at the same time - - metering: - + update how activity info is parsed - + update contract response structure - + enable job by default - - proxy: no_proxy defaults for link-local IMDS routes - - util: - + cache get_platform_info calls - + fix machine-
[Bug 1949634] [NEW] [SRU] ubuntu-advantage-tools (27.3 -> 27.4) Xenial, Bionic, Focal, Hirsute, Impish
Public bug reported: [Impact] This releases will turn on the metering job by default. The metering job will report which services are being used to the contract server every 4 hours. Since we already have the timer mechanism in place, we believe the substantial risk for this release is that the job may not work as intended and fail during the execution. However, this will not block any of the other existing jobs from running, so it should be a low risk addition. Furthermore, these are the additional functionalities we are adding: * Make cc-eal a non-beta service * Update ua fix return code: - exit 0 when fix is successfully applied and completed - exit 1 when fix cannot be applied - exit 2 when fix requires a reboot to complete * Allow livepatch to be enabled together with fips-updates * New security-status subcommand that lists potentially available security and ESM updates * Set PYTHONPATH during postinst to avoid problems that happen when users have a custom python installation (LP: #1930121) Additionally, we are also addressing some bugs we found along the way: * Do not use proxy configuration when reaching clouds IMDS endpoint during auto-attach operation * Attach will save machine-id during operation * Detach won't ask unnecessary questions (For example, when ROS is enabled we don't want to notify user about dependent services, since all services will be disabled anyway) See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. [Regression Potential] In order to mitigate the regression potential, the results of the aforementioned integration tests are attached to this bug. Since we are adding a new job, we need to make sure that if it fails we will not interfere with any of the other jobs that were already delivered on release 27.3. Currently, our script that handles the job execution should cover this. If the metering job fails it should just add a new log entry into /var/log/ubuntu-advantage-timer.log. For the ua fix update, we don't think we can cause a regression, since the command was always returning 0, no matter what happened during the execution. We believe the new return codes are better now. The other fixes are either bug fixes or service changes (cc-eal) that should not pose a regression risk on current behavior of the ua client, since our tests are passing with those new changes. [Discussion] The addition of the new job was tested by the contracts team and it seems to be working fine. However, we will need to keep an eye open to see if the metering job is working as expected and delivering the desired information to the contract backend. [Changelog] * d/tools.postinst: - hardcode python binary and PYTHONPATH (LP: #1930121) - undo unnecessary log file creation * New upstream release 27.4 - cc-eal: remove beta flag - cli: + attach will save machine-id during operation + detach won't ask unnecessary questions + new security-status subcommand lists potentially available security and ESM updates (beta) - fix: + exit 0 when fix is successfully applied and completed + exit 1 when fix cannot be applied + exit 2 when fix requires a reboot to complete + check reboot-required.pkgs for better reboot suggestions - livepatch: allow livepatch and fips-updates at the same time - metering: + update how activity info is parsed + update contract response structure + enable job by default - proxy: no_proxy defaults for link-local IMDS routes - util: + cache get_platform_info calls + fix machine-id fallback path on get_machine_id ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: New ** Affects: ubuntu-advantage-tools (Ubuntu Xenial) Importance: Undecided Status: New ** Affects: ubuntu-advantage-tools (Ubuntu Bionic) Importance: Undecided Status: New ** Affects: ubuntu-advantage-tools (Ubuntu Focal) Importance: Undecided Status: New ** Affects: ubuntu-advantage-tools (Ubuntu Hirsute) Importance: Undecided Status: New ** Affects: ubuntu-advantage-tools (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Hirsute) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Impish) Importance: Undecided St
[Bug 1949574] Re: package ubuntu-advantage-tools 27.3~16.04.1 failed to install/upgrade: podproces instalovaný post-installation skript vrátil chybový status 1
Hello murthagh, Did you a custom python version installed in your system ? If yes, I think you can run the upgrade command again specifying the right python path like this: env PYTHONPATH=/usr/lib/python3/dist-packages apt upgrade If that doesn't work, please provide the output of the following commands: which python3 python3 -c "import uaclient" env PYTHONPATH=/usr/lib/python3/dist-packages python3 -c "import uaclient" ua version apt policy ubuntu-advantage-tools And we will take a better look at it. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949574 Title: package ubuntu-advantage-tools 27.3~16.04.1 failed to install/upgrade: podproces instalovaný post-installation skript vrátil chybový status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1949574/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949585] Re: package ubuntu-advantage-tools 27.2.2~16.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Hello wsbrito1975, Did you a custom python version installed in your system ? If yes, I think you can run the upgrade command again specifying the right python path like this: env PYTHONPATH=/usr/lib/python3/dist-packages apt upgrade If that doesn't work, please provide the output of the following commands: which python3 python3 -c "import uaclient" env PYTHONPATH=/usr/lib/python3/dist-packages python3 -c "import uaclient" ua version apt policy ubuntu-advantage-tools And we will take a better look at it. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949585 Title: package ubuntu-advantage-tools 27.2.2~16.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1949585/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949524] Re: ua attach and ua status on linux Mint result in tracebacks
Yes, we should raise a more informative exception here for sure -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949524 Title: ua attach and ua status on linux Mint result in tracebacks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1949524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1948802] Re: package ubuntu-advantage-tools 27.2.2~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 1
Hi mxmotao, looking at the dpkg log it seems that you are using a custom cloud-id command, since the path for it is /usr/local/bin/cloud-id while the cloud-init version is expected to be on /usr/bin/cloud-id Is that true ? If yes, can you give us more context on what it is doing ? ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1948802 Title: package ubuntu-advantage-tools 27.2.2~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post- installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1948802/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1939932] Re: Ubuntu PRO Focal on AWS and Azure should not install the generic FIPS kernel via ubuntu-fips metapackage
Azure bug verified with the following script: --- import logging import os from pycloudlib.azure.cloud import Azure api = Azure( tag="test-azure", client_id=os.getenv("UACLIENT_BEHAVE_AZ_CLIENT_ID"), client_secret=os.getenv("UACLIENT_BEHAVE_AZ_CLIENT_SECRET"), tenant_id=os.getenv("UACLIENT_BEHAVE_AZ_TENANT_ID"), subscription_id=os.getenv("UACLIENT_BEHAVE_AZ_SUBSCRIPTION_ID") ) image_id = "Canonical:0001-com-ubuntu-pro-focal:pro-20_04-lts" # Focal pro image key_name = "test-key" private_key_path = "azure-priv-{}.pem".format(key_name) pub_key_path = "azure-pub-{}.txt".format(key_name) pub_key, priv_key = api.create_key_pair( key_name=key_name ) with open(pub_key_path, "w") as stream: stream.write(pub_key) with open(private_key_path, "w") as stream: stream.write(priv_key) os.chmod(pub_key_path, 0o600) os.chmod(private_key_path, 0o600) api.use_key(pub_key_path, private_key_path, key_name) instance = api.launch(image_id) print("--- Creating base instance") print(instance.execute("lsb_release -a")) instance.execute("sh -c 'sudo apt-get update > /dev/null'") instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > /dev/null'") print(instance.execute("ua version")) print(instance.execute("sudo ua enable fips --assume-yes")) print("--") print("--- Updating ua package") cmd = "sudo sh -c \"echo 'deb http://archive.ubuntu.com/ubuntu/ {}-proposed restricted main multiverse universe' >> /etc/apt/sources.list.d/proposed-repositories.list\"" instance.execute(cmd.format("focal")) instance.execute("sh -c 'sudo apt-get update > /dev/null'") instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > /dev/null'") print(instance.execute("ua version")) print(instance.execute("sudo ua enable fips --assume-yes")) print("--") instance.delete() - Test output: --- Creating base instance Distributor ID: Ubuntu Description:Ubuntu 20.04.3 LTS Release:20.04 Codename: focal 27.2.2~20.04.1 One moment, checking your subscription first Updating package lists Installing FIPS packages Updating package lists Could not enable FIPS. -- --- Updating ua package 27.3~20.04.1 One moment, checking your subscription first Ubuntu Focal does not provide an Azure optimized FIPS kernel For help see: https://ubuntu.com/advantage. -- ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute verification-needed-impish verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-hirsute verification-done-impish verifi
[Bug 1939932] Re: Ubuntu PRO Focal on AWS and Azure should not install the generic FIPS kernel via ubuntu-fips metapackage
AWS Bug verified with the following script: --- import logging import os from pycloudlib.ec2.cloud import EC2 api = EC2( tag="test-ec2", access_key_id=os.getenv("UACLIENT_BEHAVE_AWS_ACCESS_KEY_ID"), secret_access_key=os.getenv("UACLIENT_BEHAVE_AWS_SECRET_ACCESS_KEY") ) image_id = "ami-0193aa0a9df84a08b" # Focal pro image private_key_path = "ec2-{}.pem".format("test-key") key_name = "test-key" if key_name in api.list_keys(): api.delete_key(key_name) keypair = api.client.create_key_pair(KeyName=key_name) with open(private_key_path, "w") as stream: stream.write(keypair["KeyMaterial"]) os.chmod(private_key_path, 0o600) api.use_key(private_key_path, private_key_path, key_name) vpc = api.get_or_create_vpc(name="test-ec2-pro") instance = api.launch(image_id, vpc=vpc) print("--- Creating base instance") print(instance.execute("lsb_release -a")) instance.execute("sh -c 'sudo apt-get update > /dev/null'") instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > /dev/null'") print(instance.execute("ua version")) print(instance.execute("sudo ua enable fips --assume-yes")) print("--") print("--- Updating ua package") cmd = "sudo sh -c \"echo 'deb http://archive.ubuntu.com/ubuntu/ {}-proposed restricted main multiverse universe' >> /etc/apt/sources.list.d/proposed-repositories.list\"" instance.execute(cmd.format("focal")) instance.execute("sh -c 'sudo apt-get update > /dev/null'") instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > /dev/null'") print(instance.execute("ua version")) print(instance.execute("sudo ua enable fips --assume-yes")) print("--") instance.delete() --- To run that script, you need the pycloudlib dependency, which can be found here: https://github.com/canonical/pycloudlib/tree/main/pycloudlib Test output: Test output: --- Creating base instance Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS Release: 20.04 Codename: focal 27.2.2~20.04.1 One moment, checking your subscription first Updating package lists Installing FIPS packages Updating package lists Could not enable FIPS. -- --- Updating ua package 27.3~20.04.1 One moment, checking your subscription first Ubuntu Focal does not provide an AWS optimized FIPS kernel For help see: https://ubuntu.com/advantage. -- PS: This bug only affects focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939932 Title: Ubuntu PRO Focal on AWS and Azure should not install the generic FIPS kernel via ubuntu-fips metapackage To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1939932/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1939449] Re: Ubuntu Pro UA fails to enable fips-updates on 20.04
Bug verified with the following script: --- import logging import os from pycloudlib.ec2.cloud import EC2 api = EC2( tag="test-ec2", access_key_id=os.getenv("UACLIENT_BEHAVE_AWS_ACCESS_KEY_ID"), secret_access_key=os.getenv("UACLIENT_BEHAVE_AWS_SECRET_ACCESS_KEY") ) image_id = "ami-0193aa0a9df84a08b" # Focal pro image private_key_path = "ec2-{}.pem".format("test-key") key_name = "test-key" if key_name in api.list_keys(): api.delete_key(key_name) keypair = api.client.create_key_pair(KeyName=key_name) with open(private_key_path, "w") as stream: stream.write(keypair["KeyMaterial"]) os.chmod(private_key_path, 0o600) api.use_key(private_key_path, private_key_path, key_name) vpc = api.get_or_create_vpc(name="test-ec2-pro") instance = api.launch(image_id, vpc=vpc) print("--- Creating base instance") print(instance.execute("lsb_release -a")) instance.execute("sh -c 'sudo apt-get update > /dev/null'") instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > /dev/null'") print(instance.execute("ua version")) print(instance.execute("sudo ua enable fips --assume-yes")) print("--") print("--- Updating ua package") cmd = "sudo sh -c \"echo 'deb http://archive.ubuntu.com/ubuntu/ {}-proposed restricted main multiverse universe' >> /etc/apt/sources.list.d/proposed-repositories.list\"" instance.execute(cmd.format("focal")) instance.execute("sh -c 'sudo apt-get update > /dev/null'") instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > /dev/null'") print(instance.execute("ua version")) print(instance.execute("sudo ua enable fips --assume-yes")) print("--") instance.delete() --- To run that script, you need the pycloudlib dependency, which can be found here: https://github.com/canonical/pycloudlib/tree/main/pycloudlib -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939449 Title: Ubuntu Pro UA fails to enable fips-updates on 20.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1939449/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1939449] Re: Ubuntu Pro UA fails to enable fips-updates on 20.04
Test output: --- Creating base instance Distributor ID: Ubuntu Description:Ubuntu 20.04.2 LTS Release:20.04 Codename: focal 27.2.2~20.04.1 One moment, checking your subscription first Updating package lists Installing FIPS packages Updating package lists Could not enable FIPS. -- --- Updating ua package 27.3~20.04.1 One moment, checking your subscription first Ubuntu Focal does not provide an AWS optimized FIPS kernel For help see: https://ubuntu.com/advantage. -- PS: This bug only affects focal ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute verification-needed-impish verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-hirsute verification-done-impish verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939449 Title: Ubuntu Pro UA fails to enable fips-updates on 20.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1939449/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1944676] Re: Ubuntu ESM not working in WSL
PS: this bug does not affect hirsute and impish because those series are not entitled to FIPS services. This can be further verified in the test results ** Attachment added: "1944676-test-results.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1944676/+attachment/5536288/+files/1944676-test-results.tar.xz ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute verification-needed-impish verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-hirsute verification-done-impish verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944676 Title: Ubuntu ESM not working in WSL To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1944676/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1944676] Re: Ubuntu ESM not working in WSL
Bug verified with the following script: -- series=$1 name=test-$series multipass launch --name $name $series multipass exec $name -- ua version multipass exec $name -- cloud-init status --wait multipass exec $name -- sudo ua attach $UACLIENT_BEHAVE_CONTRACT_TOKEN multipass exec $name -- sudo mv /run/cloud-init/instance-data.json /run/cloud-init/instance-data.json.old multipass exec $name -- ls /run/cloud-init/ multipass exec $name -- sudo ua status multipass exec $name -- sudo sh -c "cat /dev/null" multipass exec $name -- sudo sh -c "apt install ubuntu-advantage-tools > /dev/null" multipass exec $name -- ua version multipass exec $name -- ls /run/cloud-init/ multipass exec $name -- sudo ua status multipass delete $name multipass purge - -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944676 Title: Ubuntu ESM not working in WSL To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1944676/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1938207] Re: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure
** Attachment added: "1938207-test-results-extra.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+attachment/5536058/+files/1938207-test-results-extra.tar.xz ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute verification-needed-impish verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-hirsute verification-done-impish verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938207 Title: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1938207] Re: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure
Impish and hirsute tests performed with the following script: series=$1 name=test-$series multipass launch --name $name $series multipass exec $name -- ua version multipass exec $name -- cloud-init status --wait multipass exec $name -- sudo /bin/sh -c "printf 'error' > /usr/bin/cloud-id" multipass exec $name -- sudo chmod 755 /usr/bin/cloud-id multipass exec $name -- sudo dpkg-reconfigure ubuntu-advantage-tools multipass exec $name -- echo $? multipass exec $name -- sudo sh -c "cat /dev/null" multipass exec $name -- sudo sh -c "apt install ubuntu-advantage-tools > /dev/null" multipass exec $name -- ua version multipass exec $name -- sudo dpkg-reconfigure ubuntu-advantage-tools multipass exec $name -- echo $? multipass delete $name multipass purge -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938207 Title: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1938207] Re: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure
** Attachment added: "1938207-test-results.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+attachment/5536055/+files/1938207-test-results.tar.xz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938207 Title: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1938207] Re: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure
I have modified the test script to install the package in proposed: -- import pycloudlib import os lxd = pycloudlib.LXDVirtualMachine("vm") name = 'pycloudlib-vm' release = "hirsute" pub_key_path = "lxd-pubkey" priv_key_path = "lxd-privkey" userdata_cloud_id_fail = """\ #cloud-config bootcmd: - cp /usr/bin/cloud-id /usr/bin/cloud-id.orig - 'echo "error" > /usr/bin/cloud-id' - chmod 755 /usr/bin/cloud-id """ pub_key, priv_key = lxd.create_key_pair() with open(pub_key_path, "w") as f: f.write(pub_key) with open(priv_key_path, "w") as f: f.write(priv_key) lxd.use_key( public_key_path=pub_key_path, private_key_path=priv_key_path ) image_id = lxd.released_image(release=release) instance = lxd.launch( name=name, image_id=image_id, user_data=userdata_cloud_id_fail ) print("--- Creating base instance") print("ip address: ", instance.ip) print("--- Make cloud-id command fail by changing the binary") cloud_id = instance.execute("cloud-id") print(cloud_id.stderr) print("--- Running postinst script for current version of uaclient") dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools") print(instance.execute("ua version")) print(dpkg_out.stderr) print("--") cmd = "sudo sh -c \"echo 'deb http://archive.ubuntu.com/ubuntu/ {}-proposed restricted main multiverse universe' >> /etc/apt/sources.list.d/proposed-repositories.list\"" print("--- Updating ua package") out = instance.execute(cmd.format(release)) instance.execute("sh -c 'sudo apt-get update -q > /dev/null'") instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > /dev/null'") print(instance.execute("ua version")) dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools") print(dpkg_out.stderr) print("--") instance.delete() Currently, pycloudlib doesn't support launching hirsute or impish vms Therefore, the test results here are for xenial, bionic and focal. I will run this test for hirsute and impish through multipass. PS: this bug should not affect xenial releases -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938207 Title: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940131] Re: sudo ua attach is not working
Adding test results ** Attachment added: "1940131-test-results.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1940131/+attachment/5536054/+files/1940131-test-results.tar.xz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940131 Title: sudo ua attach is not working To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1940131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940131] Re: sudo ua attach is not working
Bug verified with the following script: -- series=$1 name=test-$series UA_TOKEN= lxc launch ubuntu-daily:$series $name lxc exec $name -- ua version lxc exec $name -- cloud-init status --wait lxc exec $name -- mv /usr/bin/cloud-id /usr/bin/cloud-id.old lxc exec $name -- mv /var/lib/cloud/data/result.json /var/lib/cloud/data/result.json.old lxc exec $name -- touch /var/lib/cloud/data/result.json # verify failure to attach lxc exec $name -- ua attach $UA_TOKEN lxc delete --force $name lxc launch ubuntu-daily:$series $name lxc exec $name -- cloud-init status --wait lxc exec $name -- sh -c "cat
[Bug 1942929] Re: [SRU] ubuntu-advantage-tools (27.2.2 -> 27.3) Xenial, Bionic, Focal, Hirsute
I have run all of the manual tests with the proposed package and they are all working as expected -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1942929 Title: [SRU] ubuntu-advantage-tools (27.2.2 -> 27.3) Xenial, Bionic, Focal, Hirsute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1942929/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1947506] Re: failed to call "sudo ua attach 'key'" with unexpected error
Hi Florian, thanks for reporting this bug. This is probably happening because the machine has the cloud-init package installed but it was not fully run on the machine (which is not a problem per se). We have addressed this on our next release of ubuntu-advantage-tools that should be delivered very soon. Until that happens, you can add this at the end of /etc/ubuntu-advantage/uaclient.conf settings_overrides: cloud_type: "" And I believe it solve the problem for now. Let me know if that works for you ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1947506 Title: failed to call "sudo ua attach 'key'" with unexpected error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1947506/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1945053] Re: updating ubuntu 16.04 to 18.04 failed
Hi Muhammad, just to double check something, when you run: $ which python3 What is the output of that command ? ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1945053 Title: updating ubuntu 16.04 to 18.04 failed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1945053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1944994] Re: ua tools will not install correctly
Hi Albert, can you please append here the following file: /var/log/ubuntu-advantage.log Also, when you run: which python3 What is the output that you see ? ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944994 Title: ua tools will not install correctly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1944994/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1944762] Re: misleading motd after support ends
Hi Seth, although ubuntu-advantage-tools does generate some MOTD messages, we are not currently generating the message you are describing here. I think it is better to tag the update-notifier package in this bug. However, if you think there is something we can still do on our side, please let me know. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Opinion -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944762 Title: misleading motd after support ends To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1944762/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1939932] Re: Ubuntu PRO Focal on AWS and Azure should not install the generic FIPS kernel via ubuntu-fips metapackage
** Description changed: [Impact] This bug impacts users on AWS or Azure, trying to enable FIPS/FIPS updates on Focal images. Trying to install a non-cloud-optimized FIPS kernel may lead to unwanted behavior on those clouds, including inability to boot to the systems. Although Focal has a FIPS certified kernel, the AWS adapted kernel is not ready yet. There will be in the future a cloud-optimized version of the FIPS kernel, and then users will be able to install it. With the applied fix, UA will show a message saying that the kernel is not available instead of showing any error. If the user really wants to install FIPS, there is a feature override ("allow_default_fips_metapackage_on_focal_cloud") which will install the default kernel, but this is the user's choice, and not recommended. [Test Case] - The original description has steps to reproduce. To verify the fix, install ubuntu-advantage-tools 27.3 and check for the expected behavior described. + + To verify that this issue is fixed by version 27.3, please run the + following script: + + -- + import os + + from pycloudlib.ec2.cloud import EC2 + + + api = EC2( + tag="test-ec2", + access_key_id=os.getenv("UACLIENT_BEHAVE_AWS_ACCESS_KEY_ID"), + secret_access_key=os.getenv("UACLIENT_BEHAVE_AWS_SECRET_ACCESS_KEY") + ) + + image_id = "ami-0193aa0a9df84a08b" # Focal pro image + private_key_path = "ec2-{}.pem".format("test-key") + key_name = "test-key" + + if key_name in api.list_keys(): + api.delete_key(key_name) + + keypair = api.client.create_key_pair(KeyName=key_name) + + with open(private_key_path, "w") as stream: + stream.write(keypair["KeyMaterial"]) + + os.chmod(private_key_path, 0o600) + + api.use_key(private_key_path, private_key_path, key_name) + vpc = api.get_or_create_vpc(name="test-ec2-pro") + instance = api.launch(image_id, vpc=vpc) + + print("--- Creating base instance") + print(instance.execute("lsb_release -a")) + print(instance.execute("ua version")) + print(instance.execute("sudo ua enable fips --assume-yes")) + print("--") + + print("--- Updating ua package") + instance.execute("sudo add-apt-repository ppa:ua-client/staging -y") + instance.execute("sh -c 'sudo apt-get update > /dev/null'") + instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > /dev/null'") + print(instance.execute("ua version")) + print(instance.execute("sudo ua enable fips --assume-yes")) + print("--") + instance.delete() + --- + + This script depends on pycloudlib, which can be found here: + https://github.com/canonical/pycloudlib/tree/main/pycloudlib + [Regression Potential] This change needs to make sure that we indeed prevent the installation of non-cloud-optimized kernels. If a corner case shows up, the user might end up with a wrong kernel. This is unlikely because we are using cloud-init tools, present in AWS and Azure, to detect the cloud instance and effective blocking the install. If this detection fails, it means cloud-init has some problem and then, on AWS or Azure, the instance will have more problems than this one. We need to make sure to keep track of the certification progress for the cloud adapted FIPS package, so we can enable it in the future, when it becomes available. [Original Description] For Ubuntu PRO on 20.04 (Focal) `ua enable fips` should only install a cloud-optimized ubuntu-aws-fips or ubuntu-azure-fips metapackage. Installing a non-cloud-optimized FIPS kernel on AWS and Azure could lead to inability to boot on certain instance types. Expectation is that Focal AWS and Azure images should disallow enabling either fips or fips-updates. Expected behavior on Ubuntu PRO AWS and Azure Focal: $ ua status | grep fips fips no — NIST-certified FIPS modules fips-updates no — Uncertified security updates to FIPS modules $ sudo ua enable fips-updates One moment, checking your subscription first This system will NOT be considered FIPS certified, but will include security and bug fixes to the FIPS packages. Are you sure? (y/N) y This subscription is not entitled to FIPS Updates. For more information see: https://ubuntu.com/advantage Actual behavior: $ ua status | grep fips fips yes disabled NIST-certified FIPS modules fips-updates yes disabled Uncertified security updates to FIPS modules $ sudo ua enable fips-updates One moment, checking your subscription first This system will NOT be considered FIPS certified, but will include security and bug fixes to the FIPS packages. Are you sure? (y/N) y Updating package lists Installing FIPS Updates packages FIPS Updates enabled A reboot is required to complete install # see ubuntu-fips generic get installed which potentially degrades AWS and Azure environments $ sudo grep install /var/log/ubuntu-advantage.log 2021-08-13 22:1
[Bug 1938207] Re: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure
** Description changed: [Impact] If cloud-id fails in a different way from what our postinst currently checks for, then the postinst script will fail, breaking whatever apt process was running. We fixed this by changing the line that calls cloud-id to cloud_id=$(cloud-id 2>/dev/null) || cloud_id="" The commit with this change is here: https://github.com/canonical/ubuntu-advantage- client/commit/8ac323b1f2e2031afa8018112d20479085c0e4f7 By doing this, any error in cloud-id will be handled by assuming we are not on a cloud. This is a safe assumption for the purposes of our postinst script. [Test Plan] - TODO lucas to insert test script here + You can verify that this problem is addressed in version 27.3 by running + the following script: + + + import pycloudlib + import os + + + lxd = pycloudlib.LXDVirtualMachine("vm") + + name = 'pycloudlib-vm' + release = "bionic" + pub_key_path = "lxd-pubkey" + priv_key_path = "lxd-privkey" + + userdata_cloud_id_fail = """\ + #cloud-config + bootcmd: + - cp /usr/bin/cloud-id /usr/bin/cloud-id.orig + - 'echo "error" > /usr/bin/cloud-id' + - chmod 755 /usr/bin/cloud-id + """ + + pub_key, priv_key = lxd.create_key_pair() + + with open(pub_key_path, "w") as f: + f.write(pub_key) + + with open(priv_key_path, "w") as f: + f.write(priv_key) + + lxd.use_key( + public_key_path=pub_key_path, + private_key_path=priv_key_path + ) + + image_id = lxd.released_image(release=release) + instance = lxd.launch( + name=name, + image_id=image_id, + user_data=userdata_cloud_id_fail + ) + + print("--- Creating base instance") + print("ip address: ", instance.ip) + print("--- Make cloud-id command fail by changing the binary") + cloud_id = instance.execute("cloud-id") + print(cloud_id.stderr) + print("--- Running postinst script for current version of uaclient") + dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools") + print(instance.execute("ua version")) + print(dpkg_out.stderr) + print("--") + + print("--- Updating ua package") + instance.execute("sudo add-apt-repository ppa:ua-client/staging -y") + instance.execute("sh -c 'sudo apt-get update -q > /dev/null'") + instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > /dev/null'") + print(instance.execute("ua version")) + dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools") + print(dpkg_out.stderr) + print("--") + instance.delete() + -- + + This script relies on the pycloudlib project which can be found + here: + https://github.com/canonical/pycloudlib/tree/main/pycloudlib + [Where problems could occur] Any change to postinst is particularly dangerous because a mistake could cause it to fail and therefore cause apt installs/upgrades to fail. Because ua-client is on all ubuntu images, we need to be particularly careful here. Further, by changing the code that fixed a critical bug, we run the risk of reintroducing that bug. We've mitigated this by introducing an integration test scenario to cover that bug. [Other Info] - + The cloud id is used in postinst for doing 2 things: 1. notifying the user if they stumbled into an using an unsupported fips kernel on the cloud 2. activating the gcp_auto_attach job It is not critical if the cloud is falsely detected as none. The worst that could happen is that a user would not be notified of the unsupported fips kernel or that a user would not have the gcp_auto_attach job activated. [Original Description] As discovered in regression bug 1936833: 1) "cloud-id" can sometimes crash; perhaps it should return something more sensible if a cloud-id is not available 2) ubuntu-advantage-tools.postinst might crash if cloud-id crashes; perhaps it should be generally resilient against cloud-id crashing, instead of trying to predict if it will work or not (additionally the current prediction method seems to be based on an internal implementation detail that might change) I wonder if one or both of these things can be improved. For example, define the failure behaviour of cloud-id when it cannot function, and have the postinst test for that, and further, adjust the postinst to be robust against _any_ failure of cloud-id. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938207 Title: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1943375] Re: sudo ua attach fails. Unexpected error(s) occurred. For more details, see the log: /var/log/ubuntu-advantage.log
Hi Myroslav, can you please upload /var/log/ubuntu-advantage.log in this thread so we can better debug what happened here. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1943375 Title: sudo ua attach fails. Unexpected error(s) occurred. For more details, see the log: /var/log/ubuntu-advantage.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1943375/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941924] Re: Cannot find the "/usr/share/ubuntu-scap-security-guides" directory.
Hi Ronnie, just some questions around this issue: 1) Does the following error happened when running: ua enable cis ? 2) What cloud are you running ua on ? 3) What is the output of: cloud-init status --long ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941924 Title: Cannot find the "/usr/share/ubuntu-scap-security-guides" directory. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1941924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940131] Re: sudo ua attach is not working
Hi slava, there is just one minor problem on the config. The cloud_type entry is incorrectly place on under ua_config. The config should be: contract_url: https://contracts.canonical.com data_dir: /var/lib/ubuntu-advantage log_file: /var/log/ubuntu-advantage.log log_level: debug security_url: https://ubuntu.com/security ua_config: apt_http_proxy: null apt_https_proxy: null http_proxy: null https_proxy: null settings_overrides: cloud_type: "" Let me know if that works out -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940131 Title: sudo ua attach is not working To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1940131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs