← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1996424] Re: [SRU] ubuntu-advantage-tools (27.11.3 -> 27.12) Xenial, Bionic, Focal, Jammy, Kinetic

 

This bug was fixed in the package ubuntu-advantage-tools - 27.12~22.04.1

---------------
ubuntu-advantage-tools (27.12~22.04.1) jammy; urgency=medium

  * Backport new upstream release: (LP: #1996424) to jammy

ubuntu-advantage-tools (27.12~23.04.1) lunar; urgency=medium

  * New upstream release 27.12 (LP: #1996424):
    - auto-attach:
      + retry auto-attach for up to one month on Ubuntu Pro cloud instances
      + make a best effort to auto-attach when using the API
    - enable: show deduplicated list of supported arches (GH: #917)
    - fips: remove cloud package override logic from the client
    - messaging: verify contract expiration date on contract server before
      outputting expired message on MOTD
    - realtime-kernel: make service non-beta
    - reboot-required:
      + add API support to show if the system requires a reboot
        (u.pro.security.status.reboot_required.v1)
      + add cli command for the functionality (pro system reboot-required)
    - security-status:
      + add API support to report standard updates (u.pro.packages.updates.v1)
      + add API support to show CVEs patched by Livepatch
        (u.pro.security.status.livepatch_cves.v1)
      + add API support to show packages summary information
        (u.pro.packages.summary.v1)
      + list packages in oci manifest format (u.security.package_manifest.v1)
    - systemd: do not attempt to auto-attach if a machine-token is present

 -- Lucas Moura <lucas.moura@xxxxxxxxxxxxx>  Tue, 22 Nov 2022 10:06:26
-0300

** Changed in: ubuntu-advantage-tools (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1996424

Title:
  [SRU] ubuntu-advantage-tools (27.11.3 -> 27.12) Xenial, Bionic, Focal,
  Jammy, Kinetic

Status in ubuntu-advantage-tools package in Ubuntu:
  Fix Released
Status in ubuntu-advantage-tools source package in Xenial:
  Fix Committed
Status in ubuntu-advantage-tools source package in Bionic:
  Fix Committed
Status in ubuntu-advantage-tools source package in Focal:
  Fix Committed
Status in ubuntu-advantage-tools source package in Jammy:
  Fix Released
Status in ubuntu-advantage-tools source package in Kinetic:
  Fix Released

Bug description:
  [Impact]

  This release mostly include new features for the pro client. They are:

  * Add functionality to show if the system requires a reboot or not. This functionality can be accessed through our API or the CLI.
  * Add api support for some security-status information:
    - package summary information
    - list of available package updates
    - livepatch cves information
  * Add api entry point to show packages installed in the machine as a manifest file
  * Add retry mechanism for auto-attach on Pro cloud instances

  Additionally, we are performing some refactorings in the code as well,
  for example:

  * Remove package override logic when enabling FIPS services. Now we are relying exclusively on what the Contract server tell us when we install the FIPS metapackage.
  * Use the auto_attach api on the CLI

  [Test Case]

  The following development and SRU process will be followed:
  https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates

  The ubuntu-advantage-tools team will be in charge of attaching the
  artifacts and console output of the appropriate run to the bug.
  ubuntu-advantage-tools team members will not mark ‘verification-done’
  until this has happened.

  [Regression Potential]

  There are 3 main concerns that we have regarding this release. They
  are:

  * Installing incorrect FIPS metapackages:

  Now that we are only relying on the Contract Server to tell us which
  FIPS metapackage to install in the system, we can install incorrect
  metapackages if the Contract Server deliver us wrong information.

  * Change return code for auto-attach CLI commands

  Previously, in the case where the user tried to auto attach using the
  cli `pro auto-attach` on instances that were already attached or have
  disable_auto_attach configured as true in the uaclient.conf file, the
  cli exited with a 0 exit_code. We are changing those return code and
  that can harm users that are relying on a non-error execution under
  those conditions.

  * Adding another service to the daemon

  To make the retry auto-attach service works, we added a new service to
  our existing daemon. This service should only run for Pro instances if
  auto-attach fails. However, due to the already existing GCP service we
  have for GCP Pro instances, there could be unknown interactions
  between them, which could make unexpected changes on the machine.

  However, we believe all of those 3 regression potentials are low risk,
  as we will discuss in the next section.

  [Discussion]

  We want to address all of the regression potentials that we have:

  * Installing incorrect FIPS metapackages:

  We already have integration tests for all the clouds we support FIPS
  on. We were not able to detect any case where we installed the
  incorrect metapackage on those instance. Because of our tests, we
  believe that this a low risk regression.

  * Change return code for auto-attach CLI commands

  The cli returned 0s for on those two scenarios (auto-attach disabled
  on config and machine already attached) because we would call the cli
  command on the ua-auto-attach.service systemd unit. If we detected
  that the user was already attached or had an explicit config disabling
  that service, we didn't want to show that this service failed.
  However, we have a dedicated script for that systemd unit now that
  properly handle those error situations, which will make the systemd
  unit to not fail if that happens.

  Additionally, we didn't advertise the use of `pro auto-attach` for
  programmatic consumption.

  Therefore we believe it is safe to change the exit codes for those
  scenarios

  * Adding another service to the daemon

  We have created a flow diagram for the new retry auto-attach service:
  https://github.com/canonical/ubuntu-advantage-client/blob/main/dev-docs/explanations/systemd_units.md

  We have tested our code and it correctly follows that diagram. As we
  can see, the main interaction scenarios between the two services
  (auto-attach and GCP polling service) are covered in the code.

  Additionally, we already discussed the potential scenarios on the
  US011 spec with other teams.

  Because of all that, even though unknown interactions are still
  possible, we believe the regression potential is low here.

  Similar points were made during the review of this upload to Lunar in
  the MP that are worth checking out:

  https://code.launchpad.net/~lamoura/ubuntu/+source/ubuntu-advantage-
  tools/+git/ubuntu-advantage-tools/+merge/432980

  
  [Changelog]

      - auto-attach:
        + use auto-attach api in cli entry-point
        + retry auto-attach for up to one month on Ubuntu Pro cloud instances
        + best_effort auto_attach api instead of fail fast
      - enable: show deduplicated list of supported arches (GH: #917)
      - fips: remove cloud package override logic
      - messaging: verify contract expiration date on contract server before
        outputting expired message on MOTD
      - realtime-kernel: make service non-beta
      - reboot-required:
        + add api support to show if the system requires a reboot
        + add cli command for the functionality
      - security-status:
        + add api support to report standard updates
        + add api support to show livepatch cves
        + add api support to show packages summary information
        + list packages in oci manifest format
      - systemd: add machine token condition for auto-attac

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1996424/+subscriptions