group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #43492
[Bug 1973099] Re: [SRU] ubuntu-advantage-tools (27.8 -> 27.9) Xenial, Bionic, Focal, Impish, Jammy
This bug was fixed in the package ubuntu-advantage-tools - 27.9~21.10.1
---------------
ubuntu-advantage-tools (27.9~21.10.1) impish; urgency=medium
* Backport new upstream release: (LP: #1973099) to impish
-- Grant Orndorff <grant.orndorff@xxxxxxxxxxxxx> Wed, 18 May 2022
15:44:22 -0400
** Changed in: ubuntu-advantage-tools (Ubuntu Impish)
Status: Fix Committed => Fix Released
** Changed in: ubuntu-advantage-tools (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1973099
Title:
[SRU] ubuntu-advantage-tools (27.8 -> 27.9) Xenial, Bionic, Focal,
Impish, Jammy
Status in ubuntu-advantage-tools package in Ubuntu:
Fix Released
Status in ubuntu-advantage-tools source package in Xenial:
Fix Released
Status in ubuntu-advantage-tools source package in Bionic:
Fix Released
Status in ubuntu-advantage-tools source package in Focal:
Fix Released
Status in ubuntu-advantage-tools source package in Impish:
Fix Released
Status in ubuntu-advantage-tools source package in Jammy:
Fix Released
Bug description:
[Impact]
This release sports both bug-fixes and new features and we would like to make sure all of our supported customers have access to these improvements. The notable ones are:
* A daemon that only runs on GCP
* Currently it ends early based on a default config setting - making it
hardly a deamon. But this config setting will be flipped on as soon
as it's needed via a follow up SRU, so please review as if the daemon
was long-running.
* When it turns on, it will long-poll the GCP metadata endpoint and run
`ua auto-attach` when a pro license is added.
* This replaces the 5 minute timer we currently have on GCP.
* A part of this is a shim service only on xenial to replace a needed
feature from cloud-init, that is not backported to xenial.
* Contract renewal UX improvements
* `ua status` now notifies you when your contract is updated (e.g.
renewed), and instructs the user to run `ua refresh`. (Note this
isn't technically required for renewal - services will keep working
for a renewed contract regardless.)
* `ua refresh` now ensures motd/apt messaging is all up to date in
addition to updating contract details.
* In combination, these two features address user concerns over
confusing/outdated motd/apt messaging shortly after contract renewal.
* More granular APT Proxy configuration with backwards compatibility
* apt_http(s)_proxy is renamed to global_apt_http(s)_proxy (but the old
name still works)
* ua_apt_http(s)_proxy is introduced for ua-scoped apt proxy
configurations
* `ua security-status` now includes counts of packages from each archive
component
See the changelog entry below for a full list of changes and bugs.
[Test Case]
The following development and SRU process was followed:
[https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates](https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates)
The ubuntu-advantage-tools team will be in charge of attaching the
artifacts and console output of the appropriate run to the bug.
ubuntu-advantage-tools team members will not mark ‘verification-done’
until this has happened.
[Regression Potential]
This is a big update, with several refactors touching many pieces of the codebase. It is possible that some behavior changed in subtle ways not captured by our integration tests.
There are also several small refactors and additions to the postinst
script. Any adjustment to postinst poses the risk of breaking upgrades
if a mistake was made.
We already dropped support for trusty, but we removed even more trusty
related code in this release. It is possible that we were unknowingly
relying on some of this trusty code for subtle behavior.
We included backwards compatibility for the proxy configuration
changes, but it is possible that if we made a mistake then old
configurations will stop working correctly.
[Discussion]
There were a series of discussions about the daemon and it was decided
to limit the scope as much as possible. As such, it only runs on GCP
on unattached instances. Python won't even be instantiated on other
machines. The daemon checks several conditions on start up as well and
ends early if any don't match.
There was some effort to keep the memory footprint from being too
high. It depends on the python version; on xenial systemd says the
daemon takes just under 14Mb and on focal, just under 11Mb. We have
regression tests in place to keep on eye on memory usage. When the
daemon is running, it will almost always be blocked on a long-poll
endpoint, so CPU usage should be minimal.
The daemon does run as root, but doesn't listen on a socket or accept
on any user input. It looks at root-only config files and talks to a
particular GCP metadata endpoint. If a user were to maliciously MITM
the metadata endpoint, they could provide data to the daemon that
would cause it to send requests to the Contract Server unnecessarily.
[Changelog]
* d/rules
- remove trusty specific code
- remove ua-license-check.{timer,service,path}
- install ubuntu-advantage.service
- only on xenial: install ubuntu-advantage-cloud-id-shim.service
* d/tools.postinst
- remove trusty specific code
- print warnings if /etc/os-release doesn't have required fields
- hardcode service list instead of exec-ing python3 for old migration
- refactor python to avoid instantiating UAConfig extra times
- refactor python to always use messages module for strings
- rm the old marker file that triggered ua-license-check.path
- remove unnecessary deb-systemd-helper check in ua-messaging cleanup
- clean up old ua-license-check state
- run new cloud-id-shim script
* d/tools/postrm
- clean up ubuntu-advantage-daemon log files
* New upstream release 27.9 (LP: #1973099)
- cli:
+ for json formatted output, include additional_info for some errors
+ new subcommand `ua refresh messages` to update motd and apt messages
- daemon:
+ replace ua-license-check timer with ubuntu-advantage.service daemon
+ detects on-boot if pro license was added and runs auto-attach
+ only runs on gcp and does not continuously long-poll by default for now
- enable:
+ fix error message on wrong service name when unattached
- fips:
+ allow enabling generic fips kernel on azure by default
+ clean up fips reboot message (LP: #1972026)
- fix:
+ handle errors during attach process
+ fix bug where enable or detach during a fix failed (LP: #1969809)
+ fix bug where attempting to fix some CVEs would never finish
- performance:
+ remove unnecessary UAConfig object instantiation (also cleans up logs)
+ cache "apt-cache policy" output to avoid unnecessary subp calls
- proxy:
+ apt_http(s)_proxy renamed to global_apt_http(s)_proxy
+ apt_http(s)_proxy config var names will still work
+ new ua_apt_http(s)_proxy for only ua-related apt traffic (LP: #1956764)
+ global_apt_http(s)_proxy and ua_apt_http(s)_proxy cannot be set at the
same time
- realtime: adjust warning to clarify that a manual revert is possible
- refresh: a normal `ua refresh` will also update motd and apt messages
- security-status: add counts of packages from each archive component
- status: check if contract has updated and notify user to run "ua refresh"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1973099/+subscriptions
