← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 2031192] Re: Enabling of Pro Services Does Not Update when using airgapped mirrors over http://

 

This bug was fixed in the package ubuntu-advantage-tools - 32.3~24.04

---------------
ubuntu-advantage-tools (32.3~24.04) noble; urgency=medium

  * Backport 32.3 to noble (LP: #2060732)

ubuntu-advantage-tools (32.3) oracular; urgency=medium

  * d/apparmor: adjust the profiles to account for usr-merge consequences
    (LP: #2067319)

ubuntu-advantage-tools (32.2) oracular; urgency=medium

  * d/apparmor: adjust rules for violations found during testing (LP:
#2066929)

ubuntu-advantage-tools (32.1) oracular; urgency=medium

  * d/apparmor: allow access for /etc/os-release on all supported
    profiles (LP: #2065573)
  * apport: get path for timer job status from the correct place (LP: #2065616)

ubuntu-advantage-tools (32) oracular; urgency=medium

  * d/postinst: ensure migrations happen in correct package postinst (GH: #2982)
  * d/apparmor: introduce new ubuntu_pro_esm_cache apparmor policy
  * New upstream release 32 (LP: #2060732)
    - api:
      + u.pro.attach.token.full_token_attach.v1: add support for attach
        with token
      + u.pro.services.disable.v1: add support for disable operation
      + u.pro.services.enable.v1: add support for enable operation
      + u.pro.detach.v1: add support for detach operation
      + u.pro.status.is_attached.v1: add extra fields to API response
      + u.pro.services.dependencies.v1: add support for service dependencies
      + u.pro.security.fix.*.plan.v1: update ESM cache during plan API
        if needed
    - apt_news: add architectures and packages selectors filters for apt news
    - cli:
      + improved cli/log message for unexpected errors (GH: #2600)
      + properly handle setting empty config values (GH: #2925)
    - cloud-init: support ubuntu_pro user-data
    - collect-logs: update default output file to pro_logs.tar.gz (LP: #2033313)
    - config: create public and private config (GH: #2809)
    - entitlements:
      + update logic that checks if a service is enabled (LP: #2031192)
    - fips: warn/confirm with user if enabling fips downgrades the kernel
    - fix: warn users if ESM cache cannot be updated (GH: #2841)
    - logging:
      + use journald logging for all systemd services
      + add redundancy to secret redaction
    - messaging:
      + add consistent messaging for end of contract state
      + make explicit that unattached enable/disable is a noop (GH: #2487)
      + make explicit that disabling a disabled service is a noop
      + make explicit that enabling an enabled service is a noop
    - notices: filter unreadable notices when listing notices (GH: #2898)

 -- Renan Rodrigo <renanrodrigo@xxxxxxxxxxxxx>  Tue, 28 May 2024
15:15:48 -0300

** Changed in: ubuntu-advantage-tools (Ubuntu Noble)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2031192

Title:
  Enabling of Pro Services Does Not Update when using airgapped mirrors
  over http://

Status in ubuntu-advantage-tools package in Ubuntu:
  Fix Released
Status in ubuntu-advantage-tools source package in Xenial:
  Fix Released
Status in ubuntu-advantage-tools source package in Bionic:
  Fix Released
Status in ubuntu-advantage-tools source package in Focal:
  Fix Released
Status in ubuntu-advantage-tools source package in Jammy:
  Fix Released
Status in ubuntu-advantage-tools source package in Mantic:
  Fix Released
Status in ubuntu-advantage-tools source package in Noble:
  Fix Released

Bug description:
  [Impact]

  When users create an airgapped environement, they may create APT
  mirrors for the ESM services that share a common base URL. For
  example, in this bug here, the user was mirroring their services one:

  http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-apps-security
  http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-apps-updates
  http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-infra-security/
  http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-infra-updates/
  http://landscaperepo.com/repository/standalone/ubuntu/dists/fips-bionic/
  http://landscaperepo.com/repository/standalone/ubuntu/dists/jammy-esm-apps-security/

  As we can see, all services share the 
  http://landscaperepo.com/repository/standalone/ APT url. 
  Since the Pro client was looking for unique urls to distinguish enabled services in the machine, this setup was not working.

  Now, instead of looking at the APT url, we are also looking at the
  suite (i.e. bionic-esm-apps-security)

  If we identify that both APT url and suite are in the output of apt-cache policy
  with the right permission number, we say that the service is enabled.

  This will unblock users that want to use the same APT url for their
  airgapped setup.

  Additionally, we have discussed this issue with the Landscape team and
  they assured us that we will always have an unique combination of APT
  url and suite.

  
  [Test cases]

  We have setup an integration test for this scenario on the Pro client codebase.
  We will link the test result here.

  [ Regression Potential ]

  We believe we are now improving our check to see if the service is
  enabled or not, as we are now considering a combination that we now
  will be unique. Therefore, the only regression potential we can think
  is the situation were we mistakenly create that combination (APT url +
  suite) or check it in a wrong way in the output of apt-cache policy.

  However, we believe our integration tests should be enough to assert
  that this is not the case.

  [ Original Description]

  contract server is airgapped and running
  uaclient is pointing to the airgapped contract server to get entitlements

  Additionally, using a landscape server and it's underlying reprepro to mirror ESM and FIPs for airgap, this forces using http
  apt update is working over landscape over multiple repos.

  pro attach subscriptioncontract, is working
  next
  pro enable service is creating /etc/apt/auth.conf.d/90ubuntu-advantage with correct apt entry, apt update can pickup the airgapped repo but with warning of http://

  For example: pro enable esm-apps

  Service Status is not getting updating

  pro status is showing after enablement of esm-apps

  SERVICE          ENTITLED  STATUS    DESCRIPTION
  esm-apps         yes       disabled  Expanded Security Maintenance for Applications
  esm-infra        yes       disabled  Expanded Security Maintenance for Infrastructure

  Editing 90ubuntu-advantage to append http:// get rids of the apt
  update working but service status is not changing.

  Issuing pro enable esm-apps appends another entry and is a loop

  ubuntu-advantage.log is showing the following

  ["2023-08-11T16:54:20.596", "DEBUG", "uaclient.files.files", "read", 55, "File does not exist: /var/lib/ubuntu-advantage/user-config.json", {}]
  ["2023-08-11T16:54:22.233", "DEBUG", "root", "subp", 634, "Failed running command 'apt-cache policy' [exit(100)]. Message: E: Problem renaming the file /var/cache/apt/pkgcache.bin.K4g76Q to /var/cache/apt/pkgcache.bin - rename (2: No such file or directory)\nW: You may want to run apt-get update to correct these problems\nE: The package cache file is corrupted\n", {}]
  ["2023-08-11T16:54:22.233", "WARNING", "root", "subp", 636, "Stderr: E: Problem renaming the file /var/cache/apt/pkgcache.bin.K4g76Q to /var/cache/apt/pkgcache.bin - rename (2: No such file or directory)\nW: You may want to run apt-get update to correct these problems\nE: The package cache file is corrupted\n\nStdout: ", {}]
  ["2023-08-11T16:54:22.234", "DEBUG", "root", "subp", 640, "Failed running command 'apt-cache policy' [exit(100)]. Message: E: Problem renaming the file /var/cache/apt/pkgcache.bin.K4g76Q to /var/cache/apt/pkgcache.bin - rename (2: No such file or directory)\nW: You may want to run apt-get update to correct these problems\nE: The package cache file is corrupted\n Retrying 3 more times.", {}]
  ["2023-08-11T16:54:23.213", "DEBUG", "root", "_subp", 581, "Ran cmd: apt-get update, rc: 0 stderr: b''", {}]

  For auditing purposes the status of subscription and it's services is
  important to be correct. Additionally to insure correct packages for
  fips get installed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2031192/+subscriptions