group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #47291
[Bug 2031192] Re: Enabling of Pro Services Does Not Update when using airgapped mirrors over http://
This bug was fixed in the package ubuntu-advantage-tools - 32.3~24.04
---------------
ubuntu-advantage-tools (32.3~24.04) noble; urgency=medium
* Backport 32.3 to noble (LP: #2060732)
ubuntu-advantage-tools (32.3) oracular; urgency=medium
* d/apparmor: adjust the profiles to account for usr-merge consequences
(LP: #2067319)
ubuntu-advantage-tools (32.2) oracular; urgency=medium
* d/apparmor: adjust rules for violations found during testing (LP:
#2066929)
ubuntu-advantage-tools (32.1) oracular; urgency=medium
* d/apparmor: allow access for /etc/os-release on all supported
profiles (LP: #2065573)
* apport: get path for timer job status from the correct place (LP: #2065616)
ubuntu-advantage-tools (32) oracular; urgency=medium
* d/postinst: ensure migrations happen in correct package postinst (GH: #2982)
* d/apparmor: introduce new ubuntu_pro_esm_cache apparmor policy
* New upstream release 32 (LP: #2060732)
- api:
+ u.pro.attach.token.full_token_attach.v1: add support for attach
with token
+ u.pro.services.disable.v1: add support for disable operation
+ u.pro.services.enable.v1: add support for enable operation
+ u.pro.detach.v1: add support for detach operation
+ u.pro.status.is_attached.v1: add extra fields to API response
+ u.pro.services.dependencies.v1: add support for service dependencies
+ u.pro.security.fix.*.plan.v1: update ESM cache during plan API
if needed
- apt_news: add architectures and packages selectors filters for apt news
- cli:
+ improved cli/log message for unexpected errors (GH: #2600)
+ properly handle setting empty config values (GH: #2925)
- cloud-init: support ubuntu_pro user-data
- collect-logs: update default output file to pro_logs.tar.gz (LP: #2033313)
- config: create public and private config (GH: #2809)
- entitlements:
+ update logic that checks if a service is enabled (LP: #2031192)
- fips: warn/confirm with user if enabling fips downgrades the kernel
- fix: warn users if ESM cache cannot be updated (GH: #2841)
- logging:
+ use journald logging for all systemd services
+ add redundancy to secret redaction
- messaging:
+ add consistent messaging for end of contract state
+ make explicit that unattached enable/disable is a noop (GH: #2487)
+ make explicit that disabling a disabled service is a noop
+ make explicit that enabling an enabled service is a noop
- notices: filter unreadable notices when listing notices (GH: #2898)
-- Renan Rodrigo <renanrodrigo@xxxxxxxxxxxxx> Tue, 28 May 2024
15:15:48 -0300
** Changed in: ubuntu-advantage-tools (Ubuntu Noble)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2031192
Title:
Enabling of Pro Services Does Not Update when using airgapped mirrors
over http://
Status in ubuntu-advantage-tools package in Ubuntu:
Fix Released
Status in ubuntu-advantage-tools source package in Xenial:
Fix Released
Status in ubuntu-advantage-tools source package in Bionic:
Fix Released
Status in ubuntu-advantage-tools source package in Focal:
Fix Released
Status in ubuntu-advantage-tools source package in Jammy:
Fix Released
Status in ubuntu-advantage-tools source package in Mantic:
Fix Released
Status in ubuntu-advantage-tools source package in Noble:
Fix Released
Bug description:
[Impact]
When users create an airgapped environement, they may create APT
mirrors for the ESM services that share a common base URL. For
example, in this bug here, the user was mirroring their services one:
http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-apps-security
http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-apps-updates
http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-infra-security/
http://landscaperepo.com/repository/standalone/ubuntu/dists/bionic-esm-infra-updates/
http://landscaperepo.com/repository/standalone/ubuntu/dists/fips-bionic/
http://landscaperepo.com/repository/standalone/ubuntu/dists/jammy-esm-apps-security/
As we can see, all services share the
http://landscaperepo.com/repository/standalone/ APT url.
Since the Pro client was looking for unique urls to distinguish enabled services in the machine, this setup was not working.
Now, instead of looking at the APT url, we are also looking at the
suite (i.e. bionic-esm-apps-security)
If we identify that both APT url and suite are in the output of apt-cache policy
with the right permission number, we say that the service is enabled.
This will unblock users that want to use the same APT url for their
airgapped setup.
Additionally, we have discussed this issue with the Landscape team and
they assured us that we will always have an unique combination of APT
url and suite.
[Test cases]
We have setup an integration test for this scenario on the Pro client codebase.
We will link the test result here.
[ Regression Potential ]
We believe we are now improving our check to see if the service is
enabled or not, as we are now considering a combination that we now
will be unique. Therefore, the only regression potential we can think
is the situation were we mistakenly create that combination (APT url +
suite) or check it in a wrong way in the output of apt-cache policy.
However, we believe our integration tests should be enough to assert
that this is not the case.
[ Original Description]
contract server is airgapped and running
uaclient is pointing to the airgapped contract server to get entitlements
Additionally, using a landscape server and it's underlying reprepro to mirror ESM and FIPs for airgap, this forces using http
apt update is working over landscape over multiple repos.
pro attach subscriptioncontract, is working
next
pro enable service is creating /etc/apt/auth.conf.d/90ubuntu-advantage with correct apt entry, apt update can pickup the airgapped repo but with warning of http://
For example: pro enable esm-apps
Service Status is not getting updating
pro status is showing after enablement of esm-apps
SERVICE ENTITLED STATUS DESCRIPTION
esm-apps yes disabled Expanded Security Maintenance for Applications
esm-infra yes disabled Expanded Security Maintenance for Infrastructure
Editing 90ubuntu-advantage to append http:// get rids of the apt
update working but service status is not changing.
Issuing pro enable esm-apps appends another entry and is a loop
ubuntu-advantage.log is showing the following
["2023-08-11T16:54:20.596", "DEBUG", "uaclient.files.files", "read", 55, "File does not exist: /var/lib/ubuntu-advantage/user-config.json", {}]
["2023-08-11T16:54:22.233", "DEBUG", "root", "subp", 634, "Failed running command 'apt-cache policy' [exit(100)]. Message: E: Problem renaming the file /var/cache/apt/pkgcache.bin.K4g76Q to /var/cache/apt/pkgcache.bin - rename (2: No such file or directory)\nW: You may want to run apt-get update to correct these problems\nE: The package cache file is corrupted\n", {}]
["2023-08-11T16:54:22.233", "WARNING", "root", "subp", 636, "Stderr: E: Problem renaming the file /var/cache/apt/pkgcache.bin.K4g76Q to /var/cache/apt/pkgcache.bin - rename (2: No such file or directory)\nW: You may want to run apt-get update to correct these problems\nE: The package cache file is corrupted\n\nStdout: ", {}]
["2023-08-11T16:54:22.234", "DEBUG", "root", "subp", 640, "Failed running command 'apt-cache policy' [exit(100)]. Message: E: Problem renaming the file /var/cache/apt/pkgcache.bin.K4g76Q to /var/cache/apt/pkgcache.bin - rename (2: No such file or directory)\nW: You may want to run apt-get update to correct these problems\nE: The package cache file is corrupted\n Retrying 3 more times.", {}]
["2023-08-11T16:54:23.213", "DEBUG", "root", "_subp", 581, "Ran cmd: apt-get update, rc: 0 stderr: b''", {}]
For auditing purposes the status of subscription and it's services is
important to be correct. Additionally to insure correct packages for
fips get installed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2031192/+subscriptions
