group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #44370
[Bug 1996424] Re: [SRU] ubuntu-advantage-tools (27.11.3 -> 27.12) Xenial, Bionic, Focal, Jammy, Kinetic
This bug was fixed in the package ubuntu-advantage-tools - 27.12~18.04.1
---------------
ubuntu-advantage-tools (27.12~18.04.1) bionic; urgency=medium
* Backport new upstream release: (LP: #1996424) to bionic
ubuntu-advantage-tools (27.12~23.04.1) lunar; urgency=medium
* New upstream release 27.12 (LP: #1996424):
- auto-attach:
+ retry auto-attach for up to one month on Ubuntu Pro cloud instances
+ make a best effort to auto-attach when using the API
- enable: show deduplicated list of supported arches (GH: #917)
- fips: remove cloud package override logic from the client
- messaging: verify contract expiration date on contract server before
outputting expired message on MOTD
- realtime-kernel: make service non-beta
- reboot-required:
+ add API support to show if the system requires a reboot
(u.pro.security.status.reboot_required.v1)
+ add cli command for the functionality (pro system reboot-required)
- security-status:
+ add API support to report standard updates (u.pro.packages.updates.v1)
+ add API support to show CVEs patched by Livepatch
(u.pro.security.status.livepatch_cves.v1)
+ add API support to show packages summary information
(u.pro.packages.summary.v1)
+ list packages in oci manifest format (u.security.package_manifest.v1)
- systemd: do not attempt to auto-attach if a machine-token is present
-- Lucas Moura <lucas.moura@xxxxxxxxxxxxx> Tue, 22 Nov 2022 10:06:13
-0300
** Changed in: ubuntu-advantage-tools (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1996424
Title:
[SRU] ubuntu-advantage-tools (27.11.3 -> 27.12) Xenial, Bionic, Focal,
Jammy, Kinetic
Status in ubuntu-advantage-tools package in Ubuntu:
Fix Released
Status in ubuntu-advantage-tools source package in Xenial:
Fix Released
Status in ubuntu-advantage-tools source package in Bionic:
Fix Released
Status in ubuntu-advantage-tools source package in Focal:
Fix Released
Status in ubuntu-advantage-tools source package in Jammy:
Fix Released
Status in ubuntu-advantage-tools source package in Kinetic:
Fix Released
Bug description:
[Impact]
This release mostly include new features for the pro client. They are:
* Add functionality to show if the system requires a reboot or not. This functionality can be accessed through our API or the CLI.
* Add api support for some security-status information:
- package summary information
- list of available package updates
- livepatch cves information
* Add api entry point to show packages installed in the machine as a manifest file
* Add retry mechanism for auto-attach on Pro cloud instances
Additionally, we are performing some refactorings in the code as well,
for example:
* Remove package override logic when enabling FIPS services. Now we are relying exclusively on what the Contract server tell us when we install the FIPS metapackage.
* Use the auto_attach api on the CLI
[Test Case]
The following development and SRU process will be followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
The ubuntu-advantage-tools team will be in charge of attaching the
artifacts and console output of the appropriate run to the bug.
ubuntu-advantage-tools team members will not mark ‘verification-done’
until this has happened.
[Regression Potential]
There are 3 main concerns that we have regarding this release. They
are:
* Installing incorrect FIPS metapackages:
Now that we are only relying on the Contract Server to tell us which
FIPS metapackage to install in the system, we can install incorrect
metapackages if the Contract Server deliver us wrong information.
* Change return code for auto-attach CLI commands
Previously, in the case where the user tried to auto attach using the
cli `pro auto-attach` on instances that were already attached or have
disable_auto_attach configured as true in the uaclient.conf file, the
cli exited with a 0 exit_code. We are changing those return code and
that can harm users that are relying on a non-error execution under
those conditions.
* Adding another service to the daemon
To make the retry auto-attach service works, we added a new service to
our existing daemon. This service should only run for Pro instances if
auto-attach fails. However, due to the already existing GCP service we
have for GCP Pro instances, there could be unknown interactions
between them, which could make unexpected changes on the machine.
However, we believe all of those 3 regression potentials are low risk,
as we will discuss in the next section.
[Discussion]
We want to address all of the regression potentials that we have:
* Installing incorrect FIPS metapackages:
We already have integration tests for all the clouds we support FIPS
on. We were not able to detect any case where we installed the
incorrect metapackage on those instance. Because of our tests, we
believe that this a low risk regression.
* Change return code for auto-attach CLI commands
The cli returned 0s for on those two scenarios (auto-attach disabled
on config and machine already attached) because we would call the cli
command on the ua-auto-attach.service systemd unit. If we detected
that the user was already attached or had an explicit config disabling
that service, we didn't want to show that this service failed.
However, we have a dedicated script for that systemd unit now that
properly handle those error situations, which will make the systemd
unit to not fail if that happens.
Additionally, we didn't advertise the use of `pro auto-attach` for
programmatic consumption.
Therefore we believe it is safe to change the exit codes for those
scenarios
* Adding another service to the daemon
We have created a flow diagram for the new retry auto-attach service:
https://github.com/canonical/ubuntu-advantage-client/blob/main/dev-docs/explanations/systemd_units.md
We have tested our code and it correctly follows that diagram. As we
can see, the main interaction scenarios between the two services
(auto-attach and GCP polling service) are covered in the code.
Additionally, we already discussed the potential scenarios on the
US011 spec with other teams.
Because of all that, even though unknown interactions are still
possible, we believe the regression potential is low here.
Similar points were made during the review of this upload to Lunar in
the MP that are worth checking out:
https://code.launchpad.net/~lamoura/ubuntu/+source/ubuntu-advantage-
tools/+git/ubuntu-advantage-tools/+merge/432980
[Changelog]
- auto-attach:
+ use auto-attach api in cli entry-point
+ retry auto-attach for up to one month on Ubuntu Pro cloud instances
+ best_effort auto_attach api instead of fail fast
- enable: show deduplicated list of supported arches (GH: #917)
- fips: remove cloud package override logic
- messaging: verify contract expiration date on contract server before
outputting expired message on MOTD
- realtime-kernel: make service non-beta
- reboot-required:
+ add api support to show if the system requires a reboot
+ add cli command for the functionality
- security-status:
+ add api support to report standard updates
+ add api support to show livepatch cves
+ add api support to show packages summary information
+ list packages in oci manifest format
- systemd: add machine token condition for auto-attac
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1996424/+subscriptions
