Ubuntu
ubuntu-advantage-tools package

ua fails if any package removed from server

Bug #1969809 reported by Jerry Larivee
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-advantage-tools (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

[Impact]
This bug causes enabling services during a `ua fix` operation to fail.
That means that any user that is attached to a UA contract, but needs a particular service to fix a USN or CVE could run into this bug if they try to use `ua fix` to fix that USN/CVE.

In practice, this probably mostly affects xenial users who are attached to a UA contract, but don't have `esm-infra` enabled. For them, many `ua fix` attempts will fail because they attempt to enable `esm-infra`.

The bug occurred because we are re-using a function to `enable` that has a required argument that isn't checked by mypy. When this new required argument got added to the function, we failed to update this callsite. That happened because the args are currently passed via an argparse Namespace object and so the discrepancy wasn't captured by mypy.

The fix is to pass the required argument.

[Test Plan]
To Reproduce:
```
lxc launch ubuntu-daily:xenial x-1969809
lxc exec x-1969809 -- apt update
lxc exec x-1969809 -- apt upgrade
lxc exec x-1969809 -- apt install apache2
lxc exec x-1969809 -- ua attach --no-auto-enable $YOUR_TOKEN
lxc exec x-1969809 -- ua fix usn-4994-2
# respond with "e" to the prompt
```
You should see "Unexpected error(s) occurred."

To see that release 27.9 of ubuntu-advantage-tools fixes the problem, you can use the build in `ppa:ua-client/staging` for now (or once it is in -proposed, just enable proposed).

```
lxc launch ubuntu-daily:xenial x-1969809
lxc exec x-1969809 -- add-apt-repository ppa:ua-client/staging
lxc exec x-1969809 -- apt update
lxc exec x-1969809 -- apt upgrade
lxc exec x-1969809 -- apt install apache2
lxc exec x-1969809 -- ua attach --no-auto-enable $YOUR_TOKEN
lxc exec x-1969809 -- ua fix usn-4994-2
# respond with "e" to the prompt
```
You should see "USN-4994-2 is resolved."

[Where problems could occur]
Because the fix just adds the required argument, similar problems could occur in the future if we add a new required argument (or rename an argument, etc) and again forget to update this callsite.

If our fix of passing the required arg is wrong somehow (e.g. mispelled), then this same bug will continue to occur.

If our fix is egregiously wrong (e.g. invalid python), then all `ua fix` attempts could fail, not just those that require a service enabled in the middle.

[Other Info]

In the future, we should move away from re-using the cli action functions with Namespace args for this functionality. Instead we should use functions with mypy-type-checked arguments. We will likely do this soon as a refactor of `ua fix` is on our roadmap for this cycle.

[Original Description]

I'm using the ua tool (version 27.7~16.04.1). I'm unable to enable the esm-infra service because a couple of the packages that I have installed have been completely removed from the launchpad server. Specifically:

deb http://ppa.launchpad.net/jonathonf/ffmpeg-3/ubuntu xenial main
deb http://ppa.launchpad.net/jonathonf/python-3.6/ubuntu xenial main

When I remove these package definitions from /etc/apt/sources.list.d/ the command succeeds.

I've attached a log file that includes this stack trace.

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 1629, in wrapper
    return func(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 1725, in main
    return args.action(args, cfg=cfg)
  File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 480, in action_fix
    fix_status = security.fix_security_issue_id(cfg, args.security_issue)
  File "/usr/lib/python3/dist-packages/uaclient/security.py", line 607, in fix_security_issue_id
    usn_released_pkgs=usn_released_pkgs,
  File "/usr/lib/python3/dist-packages/uaclient/security.py", line 982, in prompt_for_affected_packages
    num_pkgs=count,
  File "/usr/lib/python3/dist-packages/uaclient/security.py", line 872, in _handle_released_package_fixes
    cfg, binary_pkgs, pocket
  File "/usr/lib/python3/dist-packages/uaclient/security.py", line 1223, in upgrade_packages_and_attach
    if not _check_subscription_for_required_service(pocket, cfg):
  File "/usr/lib/python3/dist-packages/uaclient/security.py", line 1139, in _check_subscription_for_required_service
    if _prompt_for_enable(cfg, ent.name):
  File "/usr/lib/python3/dist-packages/uaclient/security.py", line 1118, in _prompt_for_enable
    cfg,
  File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 200, in new_f
    if cmd_args.format == "json" and not cmd_args.assume_yes:
AttributeError: 'Namespace' object has no attribute 'format'

See original description
Revision history for this message
Jerry Larivee (cs-huit) wrote :
Revision history for this message
Lucas Albuquerque Medeiros de Moura (lamoura) wrote :

Hi cs-huit, thanks for reporting this issue.

Looking at the logs this seems like a real bug on UA regarding the ua fix command.
I will make a PR that address this issue.

However, on the meantime, if you want to keep those packages, please run:

$ ua enable esm-infra

And then run:

$ ua fix USN-4994-2

It should not prompt you anymore for enabling esm-infra and the command should finish without other exceptions.

But please let me know if doing that still cause some issues.

Changed in ubuntu-advantage-tools (Ubuntu):
status: New → Confirmed
Grant Orndorff (orndorffgrant)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 27.9~22.10.1

---------------
ubuntu-advantage-tools (27.9~22.10.1) kinetic; urgency=medium

  * d/rules
    - remove trusty specific code
    - remove ua-license-check.{timer,service,path}
    - install ubuntu-advantage.service
    - only on xenial: install ubuntu-advantage-cloud-id-shim.service
  * d/tools.preinst: remove old config field to avoid warnings in logs
  * d/tools.postinst
    - remove trusty specific code
    - print warnings if /etc/os-release doesn't have required fields
    - hardcode service list instead of exec-ing python3 for old migration
    - refactor python to avoid instantiating UAConfig extra times
    - refactor python to always use messages module for strings
    - rm the old marker file that triggered ua-license-check.path
    - remove unnecessary deb-systemd-helper check in ua-messaging cleanup
    - clean up old ua-license-check state
    - run new cloud-id-shim script
  * d/tools/postrm
    - clean up ubuntu-advantage-daemon log files
  * New upstream release 27.9 (LP: #1973099)
    - cli:
      + for json formatted output, include additional_info for some errors
      + new subcommand `ua refresh messages` to update motd and apt messages
    - daemon:
      + replace ua-license-check timer with ubuntu-advantage.service daemon
      + detects on-boot if pro license was added and runs auto-attach
      + only runs on gcp and does not continuously long-poll by default for now
    - enable:
      + fix error message on wrong service name when unattached
    - fips:
      + allow enabling generic fips kernel on azure by default
      + clean up fips reboot message (LP: #1972026)
    - fix:
      + handle errors during attach process
      + fix bug where enable or detach during a fix failed (LP: #1969809)
      + fix bug where attempting to fix some CVEs would never finish
    - performance:
      + remove unnecessary UAConfig object instantiation (also cleans up logs)
      + cache "apt-cache policy" output to avoid unnecessary subp calls
    - proxy:
      + apt_http(s)_proxy renamed to global_apt_http(s)_proxy
      + apt_http(s)_proxy config var names will still work
      + new ua_apt_http(s)_proxy for only ua-related apt traffic (LP: #1956764)
      + global_apt_http(s)_proxy and ua_apt_http(s)_proxy cannot be set at the
        same time
    - realtime: adjust warning to clarify that a manual revert is possible
    - refresh: a normal `ua refresh` will also update motd and apt messages
    - security-status: add counts of packages from each archive component
    - status: check if contract has updated and notify user to run "ua refresh"

 -- Grant Orndorff <email address hidden> Wed, 11 May 2022 13:04:46 -0400

Changed in ubuntu-advantage-tools (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.