Ubuntu
ubuntu-advantage-tools package

[SRU] ubuntu-advantage-tools (27.8 -> 27.9) Xenial, Bionic, Focal, Impish, Jammy

Bug #1973099 reported by Grant Orndorff
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-advantage-tools (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Impish
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned

Bug Description

[Impact]
This release sports both bug-fixes and new features and we would like to make sure all of our supported customers have access to these improvements. The notable ones are:

  * A daemon that only runs on GCP
    * Currently it ends early based on a default config setting - making it
      hardly a deamon. But this config setting will be flipped on as soon
      as it's needed via a follow up SRU, so please review as if the daemon
      was long-running.
    * When it turns on, it will long-poll the GCP metadata endpoint and run
      `ua auto-attach` when a pro license is added.
    * This replaces the 5 minute timer we currently have on GCP.
    * A part of this is a shim service only on xenial to replace a needed
      feature from cloud-init, that is not backported to xenial.
  * Contract renewal UX improvements
    * `ua status` now notifies you when your contract is updated (e.g.
      renewed), and instructs the user to run `ua refresh`. (Note this
      isn't technically required for renewal - services will keep working
      for a renewed contract regardless.)
    * `ua refresh` now ensures motd/apt messaging is all up to date in
      addition to updating contract details.
    * In combination, these two features address user concerns over
      confusing/outdated motd/apt messaging shortly after contract renewal.
  * More granular APT Proxy configuration with backwards compatibility
    * apt_http(s)_proxy is renamed to global_apt_http(s)_proxy (but the old
      name still works)
    * ua_apt_http(s)_proxy is introduced for ua-scoped apt proxy
      configurations
  * `ua security-status` now includes counts of packages from each archive
    component

See the changelog entry below for a full list of changes and bugs.

[Test Case]
The following development and SRU process was followed:
[https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates](https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates)

The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened.

[Regression Potential]
This is a big update, with several refactors touching many pieces of the codebase. It is possible that some behavior changed in subtle ways not captured by our integration tests.

There are also several small refactors and additions to the postinst script. Any adjustment to postinst poses the risk of breaking upgrades if a mistake was made.

We already dropped support for trusty, but we removed even more trusty related code in this release. It is possible that we were unknowingly relying on some of this trusty code for subtle behavior.

We included backwards compatibility for the proxy configuration changes, but it is possible that if we made a mistake then old configurations will stop working correctly.

[Discussion]

There were a series of discussions about the daemon and it was decided to limit the scope as much as possible. As such, it only runs on GCP on unattached instances. Python won't even be instantiated on other machines. The daemon checks several conditions on start up as well and ends early if any don't match.

There was some effort to keep the memory footprint from being too high. It depends on the python version; on xenial systemd says the daemon takes just under 14Mb and on focal, just under 11Mb. We have regression tests in place to keep on eye on memory usage. When the daemon is running, it will almost always be blocked on a long-poll endpoint, so CPU usage should be minimal.

The daemon does run as root, but doesn't listen on a socket or accept on any user input. It looks at root-only config files and talks to a particular GCP metadata endpoint. If a user were to maliciously MITM the metadata endpoint, they could provide data to the daemon that would cause it to send requests to the Contract Server unnecessarily.

[Changelog]

  * d/rules
    - remove trusty specific code
    - remove ua-license-check.{timer,service,path}
    - install ubuntu-advantage.service
    - only on xenial: install ubuntu-advantage-cloud-id-shim.service
  * d/tools.postinst
    - remove trusty specific code
    - print warnings if /etc/os-release doesn't have required fields
    - hardcode service list instead of exec-ing python3 for old migration
    - refactor python to avoid instantiating UAConfig extra times
    - refactor python to always use messages module for strings
    - rm the old marker file that triggered ua-license-check.path
    - remove unnecessary deb-systemd-helper check in ua-messaging cleanup
    - clean up old ua-license-check state
    - run new cloud-id-shim script
  * d/tools/postrm
    - clean up ubuntu-advantage-daemon log files
  * New upstream release 27.9 (LP: #1973099)
    - cli:
      + for json formatted output, include additional_info for some errors
      + new subcommand `ua refresh messages` to update motd and apt messages
    - daemon:
      + replace ua-license-check timer with ubuntu-advantage.service daemon
      + detects on-boot if pro license was added and runs auto-attach
      + only runs on gcp and does not continuously long-poll by default for now
    - enable:
      + fix error message on wrong service name when unattached
    - fips:
      + allow enabling generic fips kernel on azure by default
      + clean up fips reboot message (LP: #1972026)
    - fix:
      + handle errors during attach process
      + fix bug where enable or detach during a fix failed (LP: #1969809)
      + fix bug where attempting to fix some CVEs would never finish
    - performance:
      + remove unnecessary UAConfig object instantiation (also cleans up logs)
      + cache "apt-cache policy" output to avoid unnecessary subp calls
    - proxy:
      + apt_http(s)_proxy renamed to global_apt_http(s)_proxy
      + apt_http(s)_proxy config var names will still work
      + new ua_apt_http(s)_proxy for only ua-related apt traffic (LP: #1956764)
      + global_apt_http(s)_proxy and ua_apt_http(s)_proxy cannot be set at the
        same time
    - realtime: adjust warning to clarify that a manual revert is possible
    - refresh: a normal `ua refresh` will also update motd and apt messages
    - security-status: add counts of packages from each archive component
    - status: check if contract has updated and notify user to run "ua refresh"

See original description
Grant Orndorff (orndorffgrant)
description: updated
Grant Orndorff (orndorffgrant)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 27.9~22.10.1

---------------
ubuntu-advantage-tools (27.9~22.10.1) kinetic; urgency=medium

  * d/rules
    - remove trusty specific code
    - remove ua-license-check.{timer,service,path}
    - install ubuntu-advantage.service
    - only on xenial: install ubuntu-advantage-cloud-id-shim.service
  * d/tools.preinst: remove old config field to avoid warnings in logs
  * d/tools.postinst
    - remove trusty specific code
    - print warnings if /etc/os-release doesn't have required fields
    - hardcode service list instead of exec-ing python3 for old migration
    - refactor python to avoid instantiating UAConfig extra times
    - refactor python to always use messages module for strings
    - rm the old marker file that triggered ua-license-check.path
    - remove unnecessary deb-systemd-helper check in ua-messaging cleanup
    - clean up old ua-license-check state
    - run new cloud-id-shim script
  * d/tools/postrm
    - clean up ubuntu-advantage-daemon log files
  * New upstream release 27.9 (LP: #1973099)
    - cli:
      + for json formatted output, include additional_info for some errors
      + new subcommand `ua refresh messages` to update motd and apt messages
    - daemon:
      + replace ua-license-check timer with ubuntu-advantage.service daemon
      + detects on-boot if pro license was added and runs auto-attach
      + only runs on gcp and does not continuously long-poll by default for now
    - enable:
      + fix error message on wrong service name when unattached
    - fips:
      + allow enabling generic fips kernel on azure by default
      + clean up fips reboot message (LP: #1972026)
    - fix:
      + handle errors during attach process
      + fix bug where enable or detach during a fix failed (LP: #1969809)
      + fix bug where attempting to fix some CVEs would never finish
    - performance:
      + remove unnecessary UAConfig object instantiation (also cleans up logs)
      + cache "apt-cache policy" output to avoid unnecessary subp calls
    - proxy:
      + apt_http(s)_proxy renamed to global_apt_http(s)_proxy
      + apt_http(s)_proxy config var names will still work
      + new ua_apt_http(s)_proxy for only ua-related apt traffic (LP: #1956764)
      + global_apt_http(s)_proxy and ua_apt_http(s)_proxy cannot be set at the
        same time
    - realtime: adjust warning to clarify that a manual revert is possible
    - refresh: a normal `ua refresh` will also update motd and apt messages
    - security-status: add counts of packages from each archive component
    - status: check if contract has updated and notify user to run "ua refresh"

 -- Grant Orndorff <email address hidden> Wed, 11 May 2022 13:04:46 -0400

Changed in ubuntu-advantage-tools (Ubuntu):
status: New → Fix Released
Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello Grant, or anyone else affected,

Accepted ubuntu-advantage-tools into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.9~22.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ubuntu-advantage-tools (Ubuntu Jammy):
status: New → Fix Committed
tags: added: verification-needed verification-needed-jammy
Changed in ubuntu-advantage-tools (Ubuntu Impish):
status: New → Fix Committed
tags: added: verification-needed-impish
Revision history for this message
Robie Basak (racb) wrote :

Hello Grant, or anyone else affected,

Accepted ubuntu-advantage-tools into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.9~21.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-impish. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ubuntu-advantage-tools (Ubuntu Focal):
status: New → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Robie Basak (racb) wrote :

Hello Grant, or anyone else affected,

Accepted ubuntu-advantage-tools into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.9~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ubuntu-advantage-tools (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed-bionic
Revision history for this message
Robie Basak (racb) wrote :

Hello Grant, or anyone else affected,

Accepted ubuntu-advantage-tools into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.9~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ubuntu-advantage-tools (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed-xenial
Revision history for this message
Robie Basak (racb) wrote :

Hello Grant, or anyone else affected,

Accepted ubuntu-advantage-tools into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.9~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Grant Orndorff (orndorffgrant) wrote :

We have run the full ubuntu-advantage-tools integration test suite against the version in -proposed. The results are attached. All tests passed.

You can verify the correct version was used by checking the output of the first test in each file, which prints the version number.

I am marking the verification done for this SRU.

tags: added: verification-done verification-done-bionic verification-done-focal verification-done-impish verification-done-jammy verification-done-xenial
removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish verification-needed-jammy verification-needed-xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 27.9~22.04.1

---------------
ubuntu-advantage-tools (27.9~22.04.1) jammy; urgency=medium

  * Backport new upstream release: (LP: #1973099) to jammy

 -- Grant Orndorff <email address hidden> Wed, 18 May 2022 15:44:25 -0400

Changed in ubuntu-advantage-tools (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for ubuntu-advantage-tools has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 27.9~21.10.1

---------------
ubuntu-advantage-tools (27.9~21.10.1) impish; urgency=medium

  * Backport new upstream release: (LP: #1973099) to impish

 -- Grant Orndorff <email address hidden> Wed, 18 May 2022 15:44:22 -0400

Changed in ubuntu-advantage-tools (Ubuntu Impish):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 27.9~20.04.1

---------------
ubuntu-advantage-tools (27.9~20.04.1) focal; urgency=medium

  * Backport new upstream release: (LP: #1973099) to focal

 -- Grant Orndorff <email address hidden> Wed, 18 May 2022 15:44:19 -0400

Changed in ubuntu-advantage-tools (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 27.9~18.04.1

---------------
ubuntu-advantage-tools (27.9~18.04.1) bionic; urgency=medium

  * Backport new upstream release: (LP: #1973099) to bionic

 -- Grant Orndorff <email address hidden> Wed, 18 May 2022 15:44:17 -0400

Changed in ubuntu-advantage-tools (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 27.9~16.04.1

---------------
ubuntu-advantage-tools (27.9~16.04.1) xenial; urgency=medium

  * Backport new upstream release: (LP: #1973099) to xenial

 -- Grant Orndorff <email address hidden> Wed, 18 May 2022 15:44:15 -0400

Changed in ubuntu-advantage-tools (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.