ubuntu-advantage-tools.postinst and cloud-id are not robust against failure

Bug #1938207 reported by Robie Basak
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-advantage-tools (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Hirsute
Fix Released
Undecided
Unassigned
Impish
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

If cloud-id fails in a different way from what our postinst currently checks for, then the postinst script will fail, breaking whatever apt process was running.

We fixed this by changing the line that calls cloud-id to

cloud_id=$(cloud-id 2>/dev/null) || cloud_id=""

The commit with this change is here: https://github.com/canonical/ubuntu-advantage-client/commit/8ac323b1f2e2031afa8018112d20479085c0e4f7

By doing this, any error in cloud-id will be handled by assuming we are not on a cloud. This is a safe assumption for the purposes of our postinst script.

[Test Plan]

You can verify that this problem is addressed in version 27.3 by running the following script:

------------------------------------------------------------
import pycloudlib
import os

lxd = pycloudlib.LXDVirtualMachine("vm")

name = 'pycloudlib-vm'
release = "bionic"
pub_key_path = "lxd-pubkey"
priv_key_path = "lxd-privkey"

userdata_cloud_id_fail = """\
#cloud-config
bootcmd:
 - cp /usr/bin/cloud-id /usr/bin/cloud-id.orig
 - 'echo "error" > /usr/bin/cloud-id'
 - chmod 755 /usr/bin/cloud-id
"""

pub_key, priv_key = lxd.create_key_pair()

with open(pub_key_path, "w") as f:
    f.write(pub_key)

with open(priv_key_path, "w") as f:
    f.write(priv_key)

lxd.use_key(
    public_key_path=pub_key_path,
    private_key_path=priv_key_path
)

image_id = lxd.released_image(release=release)
instance = lxd.launch(
    name=name,
    image_id=image_id,
    user_data=userdata_cloud_id_fail
)

print("--- Creating base instance")
print("ip address: ", instance.ip)
print("--- Make cloud-id command fail by changing the binary")
cloud_id = instance.execute("cloud-id")
print(cloud_id.stderr)
print("--- Running postinst script for current version of uaclient")
dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools")
print(instance.execute("ua version"))
print(dpkg_out.stderr)
print("------------------")

print("--- Updating ua package")
instance.execute("sudo add-apt-repository ppa:ua-client/staging -y")
instance.execute("sh -c 'sudo apt-get update -q > /dev/null'")
instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > /dev/null'")
print(instance.execute("ua version"))
dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools")
print(dpkg_out.stderr)
print("------------------")
instance.delete()
----------------------------------------------------------

This script relies on the pycloudlib project which can be found
here:
https://github.com/canonical/pycloudlib/tree/main/pycloudlib

[Where problems could occur]

Any change to postinst is particularly dangerous because a mistake could cause it to fail and therefore cause apt installs/upgrades to fail. Because ua-client is on all ubuntu images, we need to be particularly careful here.

Further, by changing the code that fixed a critical bug, we run the risk of reintroducing that bug. We've mitigated this by introducing an integration test scenario to cover that bug.

[Other Info]

The cloud id is used in postinst for doing 2 things:

1. notifying the user if they stumbled into an using an unsupported fips kernel on the cloud
2. activating the gcp_auto_attach job

It is not critical if the cloud is falsely detected as none. The worst that could happen is that a user would not be notified of the unsupported fips kernel or that a user would not have the gcp_auto_attach job activated.

[Original Description]

As discovered in regression bug 1936833:

 1) "cloud-id" can sometimes crash; perhaps it should return something more sensible if a cloud-id is not available

 2) ubuntu-advantage-tools.postinst might crash if cloud-id crashes; perhaps it should be generally resilient against cloud-id crashing, instead of trying to predict if it will work or not (additionally the current prediction method seems to be based on an internal implementation detail that might change)

I wonder if one or both of these things can be improved. For example, define the failure behaviour of cloud-id when it cannot function, and have the postinst test for that, and further, adjust the postinst to be robust against _any_ failure of cloud-id.

Changed in ubuntu-advantage-tools (Ubuntu):
status: New → Triaged
description: updated
description: updated
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Robie, or anyone else affected,

Accepted ubuntu-advantage-tools into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.3~21.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-impish. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ubuntu-advantage-tools (Ubuntu Impish):
status: New → Fix Committed
tags: added: verification-needed verification-needed-impish
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Robie, or anyone else affected,

Accepted ubuntu-advantage-tools into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.3~21.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ubuntu-advantage-tools (Ubuntu Hirsute):
status: New → Fix Committed
tags: added: verification-needed-hirsute
Changed in ubuntu-advantage-tools (Ubuntu Focal):
status: New → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Robie, or anyone else affected,

Accepted ubuntu-advantage-tools into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.3~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Robie, or anyone else affected,

Accepted ubuntu-advantage-tools into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.3~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ubuntu-advantage-tools (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed-bionic
Steve Langasek (vorlon)
Changed in ubuntu-advantage-tools (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Robie, or anyone else affected,

Accepted ubuntu-advantage-tools into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.3~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ubuntu-advantage-tools (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed-xenial
Revision history for this message
Lucas Albuquerque Medeiros de Moura (lamoura) wrote :

I have modified the test script to install the package in proposed:
----------------------------------------------------------------------
import pycloudlib
import os

lxd = pycloudlib.LXDVirtualMachine("vm")

name = 'pycloudlib-vm'
release = "hirsute"
pub_key_path = "lxd-pubkey"
priv_key_path = "lxd-privkey"

userdata_cloud_id_fail = """\
#cloud-config
bootcmd:
 - cp /usr/bin/cloud-id /usr/bin/cloud-id.orig
 - 'echo "error" > /usr/bin/cloud-id'
 - chmod 755 /usr/bin/cloud-id
"""

pub_key, priv_key = lxd.create_key_pair()

with open(pub_key_path, "w") as f:
    f.write(pub_key)

with open(priv_key_path, "w") as f:
    f.write(priv_key)

lxd.use_key(
    public_key_path=pub_key_path,
    private_key_path=priv_key_path
)

image_id = lxd.released_image(release=release)
instance = lxd.launch(
    name=name,
    image_id=image_id,
    user_data=userdata_cloud_id_fail
)

print("--- Creating base instance")
print("ip address: ", instance.ip)
print("--- Make cloud-id command fail by changing the binary")
cloud_id = instance.execute("cloud-id")
print(cloud_id.stderr)
print("--- Running postinst script for current version of uaclient")
dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools")
print(instance.execute("ua version"))
print(dpkg_out.stderr)
print("------------------")

cmd = "sudo sh -c \"echo 'deb http://archive.ubuntu.com/ubuntu/ {}-proposed restricted main multiverse universe' >> /etc/apt/sources.list.d/proposed-repositories.list\""
print("--- Updating ua package")
out = instance.execute(cmd.format(release))
instance.execute("sh -c 'sudo apt-get update -q > /dev/null'")
instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > /dev/null'")
print(instance.execute("ua version"))
dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools")
print(dpkg_out.stderr)
print("------------------")
instance.delete()
--------------------------------------------

Currently, pycloudlib doesn't support launching hirsute or impish vms
Therefore, the test results here are for xenial, bionic and focal.

I will run this test for hirsute and impish through multipass.

PS: this bug should not affect xenial releases

Revision history for this message
Lucas Albuquerque Medeiros de Moura (lamoura) wrote :
Revision history for this message
Lucas Albuquerque Medeiros de Moura (lamoura) wrote :

Impish and hirsute tests performed with the following script:
--------------------------------
series=$1
name=test-$series

multipass launch --name $name $series
multipass exec $name -- ua version
multipass exec $name -- cloud-init status --wait
multipass exec $name -- sudo /bin/sh -c "printf 'error' > /usr/bin/cloud-id"
multipass exec $name -- sudo chmod 755 /usr/bin/cloud-id
multipass exec $name -- sudo dpkg-reconfigure ubuntu-advantage-tools
multipass exec $name -- echo $?

multipass exec $name -- sudo sh -c "cat <<EOF >/etc/apt/sources.list.d/ubuntu-$series-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $series-proposed restricted main multiverse universe
EOF"
multipass exec $name -- sudo sh -c "apt update > /dev/null"
multipass exec $name -- sudo sh -c "apt install ubuntu-advantage-tools > /dev/null"
multipass exec $name -- ua version
multipass exec $name -- sudo dpkg-reconfigure ubuntu-advantage-tools
multipass exec $name -- echo $?
multipass delete $name
multipass purge
------------------------------------------------------------

Revision history for this message
Lucas Albuquerque Medeiros de Moura (lamoura) wrote :
tags: added: verification-done verification-done-bionic verification-done-focal verification-done-hirsute verification-done-impish verification-done-xenial
removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute verification-needed-impish verification-needed-xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.4 KiB)

This bug was fixed in the package ubuntu-advantage-tools - 27.3~21.10.1

---------------
ubuntu-advantage-tools (27.3~21.10.1) impish; urgency=medium

  * d/tools.postinst:
    - consider cloud to be "none" on any cloud-id error
    - purge old ua-messaging.timer/service files
    - keep ua-timer.timer disabled if ua-messaging.timer was disabled by
      the user
    - properly configure both ubuntu-advantage-timer and
      ubuntu-advantage-licence-check logs
  * d/tools.postrm:
    - remove ubuntu-advantage-timer and ubuntu-advantage-license-check logs
      during purge
  * systemd:
    - remove ua-messaging.timer/service
    - add new ua-timer.timer that runs every 6 hours
    - add new ua-license_check.timer that runs every 5 minutes only if
      activated by ua-license-check.path
  * New upstream release 27.3 (LP: #1942929)
    - ros:
      + add beta support to enable ros and ros-updates
      + add support for "required services" so that esm-infra and esm-apps
        get auto-enabled when enabling ros or ros-updates
      + add support for "dependent services" so that user gets prompted to
        disable ros/ros-updates if they disable esm-infra/esm-apps
    - fips:
      + allow fips on GCP bionic now that optimized kernel is ready
      + disallow enabling fips on focal on clouds until cloud-optimized focal
        fips-certified kernel is ready (LP: #1939449, LP: #1939932)
      + print warning about generic fips kernel if cloud-id fails
    - cloud:
      + rely only on cloud-id to determine cloud type (LP: #1940131)
      + catch errors when determining cloud type
        (LP: #1938207, LP: #1944676) (GH: #1541)
    - azure:
      + bump IMDS API version to support Azure published images
    - cli:
      + collect-logs command that creates a tar file with debug-relevant logs
        and status info (GH: #463)
      + clean locks on exceptions more thoroughly to avoid false "Operation in
        progress" status messages
      + retain past service state after detach
      + shows better error message when a port value in a proxy is invalid
    - non-unicode locale support:
      + remove unicode-only characters from help file
      + don't print unicode-only characters in ua fix if non-utf8 locale
        (GH: #1463)
    - logrotate:
      + add logrotate functionality for ubuntu-advantage-timer.log.
      + Fix root:root logrotate permissions.
    - ua-timer.timer:
      + introduce a single systemd timer to handle ua recurring jobs
      + timer runs every 2 hours to support most frequent timer job
      + recurring job intervals are configurable in uaclient.conf
      + individual jobs are disabled if their interval is set to 0
      - status job:
        + update ua status every 12 hours
      - messaging job:
        + update APT/MOTD ESM messaging every 6 hours
      - metering job:
        + disabled until infrastructure is ready
        + for attached machines only, periodically update contract server with
          status information for proper contract metering
    - ua-license-check.timer:
      + only runs on LTS GCP instances that are not attached
      + runs every 5 minutes to check if gcp instance has license r...

Read more...

Changed in ubuntu-advantage-tools (Ubuntu Impish):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for ubuntu-advantage-tools has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.5 KiB)

This bug was fixed in the package ubuntu-advantage-tools - 27.3~21.04.1

---------------
ubuntu-advantage-tools (27.3~21.04.1) hirsute; urgency=medium

  * Backport new upstream release: (LP: #1942929) to hirsute

ubuntu-advantage-tools (27.3~21.10.1) impish; urgency=medium

  * d/tools.postinst:
    - consider cloud to be "none" on any cloud-id error
    - purge old ua-messaging.timer/service files
    - keep ua-timer.timer disabled if ua-messaging.timer was disabled by
      the user
    - properly configure both ubuntu-advantage-timer and
      ubuntu-advantage-licence-check logs
  * d/tools.postrm:
    - remove ubuntu-advantage-timer and ubuntu-advantage-license-check logs
      during purge
  * systemd:
    - remove ua-messaging.timer/service
    - add new ua-timer.timer that runs every 6 hours
    - add new ua-license_check.timer that runs every 5 minutes only if
      activated by ua-license-check.path
  * New upstream release 27.3 (LP: #1942929)
    - ros:
      + add beta support to enable ros and ros-updates
      + add support for "required services" so that esm-infra and esm-apps
        get auto-enabled when enabling ros or ros-updates
      + add support for "dependent services" so that user gets prompted to
        disable ros/ros-updates if they disable esm-infra/esm-apps
    - fips:
      + allow fips on GCP bionic now that optimized kernel is ready
      + disallow enabling fips on focal on clouds until cloud-optimized focal
        fips-certified kernel is ready (LP: #1939449, LP: #1939932)
      + print warning about generic fips kernel if cloud-id fails
    - cloud:
      + rely only on cloud-id to determine cloud type (LP: #1940131)
      + catch errors when determining cloud type
        (LP: #1938207, LP: #1944676) (GH: #1541)
    - azure:
      + bump IMDS API version to support Azure published images
    - cli:
      + collect-logs command that creates a tar file with debug-relevant logs
        and status info (GH: #463)
      + clean locks on exceptions more thoroughly to avoid false "Operation in
        progress" status messages
      + retain past service state after detach
      + shows better error message when a port value in a proxy is invalid
    - non-unicode locale support:
      + remove unicode-only characters from help file
      + don't print unicode-only characters in ua fix if non-utf8 locale
        (GH: #1463)
    - logrotate:
      + add logrotate functionality for ubuntu-advantage-timer.log.
      + Fix root:root logrotate permissions.
    - ua-timer.timer:
      + introduce a single systemd timer to handle ua recurring jobs
      + timer runs every 2 hours to support most frequent timer job
      + recurring job intervals are configurable in uaclient.conf
      + individual jobs are disabled if their interval is set to 0
      - status job:
        + update ua status every 12 hours
      - messaging job:
        + update APT/MOTD ESM messaging every 6 hours
      - metering job:
        + disabled until infrastructure is ready
        + for attached machines only, periodically update contract server with
          status information for proper contract metering
    - ua-license-check.timer:
   ...

Read more...

Changed in ubuntu-advantage-tools (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.5 KiB)

This bug was fixed in the package ubuntu-advantage-tools - 27.3~20.04.1

---------------
ubuntu-advantage-tools (27.3~20.04.1) focal; urgency=medium

  * Backport new upstream release: (LP: #1942929) to focal

ubuntu-advantage-tools (27.3~21.10.1) impish; urgency=medium

  * d/tools.postinst:
    - consider cloud to be "none" on any cloud-id error
    - purge old ua-messaging.timer/service files
    - keep ua-timer.timer disabled if ua-messaging.timer was disabled by
      the user
    - properly configure both ubuntu-advantage-timer and
      ubuntu-advantage-licence-check logs
  * d/tools.postrm:
    - remove ubuntu-advantage-timer and ubuntu-advantage-license-check logs
      during purge
  * systemd:
    - remove ua-messaging.timer/service
    - add new ua-timer.timer that runs every 6 hours
    - add new ua-license_check.timer that runs every 5 minutes only if
      activated by ua-license-check.path
  * New upstream release 27.3 (LP: #1942929)
    - ros:
      + add beta support to enable ros and ros-updates
      + add support for "required services" so that esm-infra and esm-apps
        get auto-enabled when enabling ros or ros-updates
      + add support for "dependent services" so that user gets prompted to
        disable ros/ros-updates if they disable esm-infra/esm-apps
    - fips:
      + allow fips on GCP bionic now that optimized kernel is ready
      + disallow enabling fips on focal on clouds until cloud-optimized focal
        fips-certified kernel is ready (LP: #1939449, LP: #1939932)
      + print warning about generic fips kernel if cloud-id fails
    - cloud:
      + rely only on cloud-id to determine cloud type (LP: #1940131)
      + catch errors when determining cloud type
        (LP: #1938207, LP: #1944676) (GH: #1541)
    - azure:
      + bump IMDS API version to support Azure published images
    - cli:
      + collect-logs command that creates a tar file with debug-relevant logs
        and status info (GH: #463)
      + clean locks on exceptions more thoroughly to avoid false "Operation in
        progress" status messages
      + retain past service state after detach
      + shows better error message when a port value in a proxy is invalid
    - non-unicode locale support:
      + remove unicode-only characters from help file
      + don't print unicode-only characters in ua fix if non-utf8 locale
        (GH: #1463)
    - logrotate:
      + add logrotate functionality for ubuntu-advantage-timer.log.
      + Fix root:root logrotate permissions.
    - ua-timer.timer:
      + introduce a single systemd timer to handle ua recurring jobs
      + timer runs every 2 hours to support most frequent timer job
      + recurring job intervals are configurable in uaclient.conf
      + individual jobs are disabled if their interval is set to 0
      - status job:
        + update ua status every 12 hours
      - messaging job:
        + update APT/MOTD ESM messaging every 6 hours
      - metering job:
        + disabled until infrastructure is ready
        + for attached machines only, periodically update contract server with
          status information for proper contract metering
    - ua-license-check.timer:
      +...

Read more...

Changed in ubuntu-advantage-tools (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.5 KiB)

This bug was fixed in the package ubuntu-advantage-tools - 27.3~18.04.1

---------------
ubuntu-advantage-tools (27.3~18.04.1) bionic; urgency=medium

  * Backport new upstream release: (LP: #1942929) to bionic

ubuntu-advantage-tools (27.3~21.10.1) impish; urgency=medium

  * d/tools.postinst:
    - consider cloud to be "none" on any cloud-id error
    - purge old ua-messaging.timer/service files
    - keep ua-timer.timer disabled if ua-messaging.timer was disabled by
      the user
    - properly configure both ubuntu-advantage-timer and
      ubuntu-advantage-licence-check logs
  * d/tools.postrm:
    - remove ubuntu-advantage-timer and ubuntu-advantage-license-check logs
      during purge
  * systemd:
    - remove ua-messaging.timer/service
    - add new ua-timer.timer that runs every 6 hours
    - add new ua-license_check.timer that runs every 5 minutes only if
      activated by ua-license-check.path
  * New upstream release 27.3 (LP: #1942929)
    - ros:
      + add beta support to enable ros and ros-updates
      + add support for "required services" so that esm-infra and esm-apps
        get auto-enabled when enabling ros or ros-updates
      + add support for "dependent services" so that user gets prompted to
        disable ros/ros-updates if they disable esm-infra/esm-apps
    - fips:
      + allow fips on GCP bionic now that optimized kernel is ready
      + disallow enabling fips on focal on clouds until cloud-optimized focal
        fips-certified kernel is ready (LP: #1939449, LP: #1939932)
      + print warning about generic fips kernel if cloud-id fails
    - cloud:
      + rely only on cloud-id to determine cloud type (LP: #1940131)
      + catch errors when determining cloud type
        (LP: #1938207, LP: #1944676) (GH: #1541)
    - azure:
      + bump IMDS API version to support Azure published images
    - cli:
      + collect-logs command that creates a tar file with debug-relevant logs
        and status info (GH: #463)
      + clean locks on exceptions more thoroughly to avoid false "Operation in
        progress" status messages
      + retain past service state after detach
      + shows better error message when a port value in a proxy is invalid
    - non-unicode locale support:
      + remove unicode-only characters from help file
      + don't print unicode-only characters in ua fix if non-utf8 locale
        (GH: #1463)
    - logrotate:
      + add logrotate functionality for ubuntu-advantage-timer.log.
      + Fix root:root logrotate permissions.
    - ua-timer.timer:
      + introduce a single systemd timer to handle ua recurring jobs
      + timer runs every 2 hours to support most frequent timer job
      + recurring job intervals are configurable in uaclient.conf
      + individual jobs are disabled if their interval is set to 0
      - status job:
        + update ua status every 12 hours
      - messaging job:
        + update APT/MOTD ESM messaging every 6 hours
      - metering job:
        + disabled until infrastructure is ready
        + for attached machines only, periodically update contract server with
          status information for proper contract metering
    - ua-license-check.timer:
     ...

Read more...

Changed in ubuntu-advantage-tools (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.5 KiB)

This bug was fixed in the package ubuntu-advantage-tools - 27.3~16.04.1

---------------
ubuntu-advantage-tools (27.3~16.04.1) xenial; urgency=medium

  * Backport new upstream release: (LP: #1942929) to xenial

ubuntu-advantage-tools (27.3~21.10.1) impish; urgency=medium

  * d/tools.postinst:
    - consider cloud to be "none" on any cloud-id error
    - purge old ua-messaging.timer/service files
    - keep ua-timer.timer disabled if ua-messaging.timer was disabled by
      the user
    - properly configure both ubuntu-advantage-timer and
      ubuntu-advantage-licence-check logs
  * d/tools.postrm:
    - remove ubuntu-advantage-timer and ubuntu-advantage-license-check logs
      during purge
  * systemd:
    - remove ua-messaging.timer/service
    - add new ua-timer.timer that runs every 6 hours
    - add new ua-license_check.timer that runs every 5 minutes only if
      activated by ua-license-check.path
  * New upstream release 27.3 (LP: #1942929)
    - ros:
      + add beta support to enable ros and ros-updates
      + add support for "required services" so that esm-infra and esm-apps
        get auto-enabled when enabling ros or ros-updates
      + add support for "dependent services" so that user gets prompted to
        disable ros/ros-updates if they disable esm-infra/esm-apps
    - fips:
      + allow fips on GCP bionic now that optimized kernel is ready
      + disallow enabling fips on focal on clouds until cloud-optimized focal
        fips-certified kernel is ready (LP: #1939449, LP: #1939932)
      + print warning about generic fips kernel if cloud-id fails
    - cloud:
      + rely only on cloud-id to determine cloud type (LP: #1940131)
      + catch errors when determining cloud type
        (LP: #1938207, LP: #1944676) (GH: #1541)
    - azure:
      + bump IMDS API version to support Azure published images
    - cli:
      + collect-logs command that creates a tar file with debug-relevant logs
        and status info (GH: #463)
      + clean locks on exceptions more thoroughly to avoid false "Operation in
        progress" status messages
      + retain past service state after detach
      + shows better error message when a port value in a proxy is invalid
    - non-unicode locale support:
      + remove unicode-only characters from help file
      + don't print unicode-only characters in ua fix if non-utf8 locale
        (GH: #1463)
    - logrotate:
      + add logrotate functionality for ubuntu-advantage-timer.log.
      + Fix root:root logrotate permissions.
    - ua-timer.timer:
      + introduce a single systemd timer to handle ua recurring jobs
      + timer runs every 2 hours to support most frequent timer job
      + recurring job intervals are configurable in uaclient.conf
      + individual jobs are disabled if their interval is set to 0
      - status job:
        + update ua status every 12 hours
      - messaging job:
        + update APT/MOTD ESM messaging every 6 hours
      - metering job:
        + disabled until infrastructure is ready
        + for attached machines only, periodically update contract server with
          status information for proper contract metering
    - ua-license-check.timer:
     ...

Read more...

Changed in ubuntu-advantage-tools (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.4 KiB)

This bug was fixed in the package ubuntu-advantage-tools - 27.3~21.10.1

---------------
ubuntu-advantage-tools (27.3~21.10.1) impish; urgency=medium

  * d/tools.postinst:
    - consider cloud to be "none" on any cloud-id error
    - purge old ua-messaging.timer/service files
    - keep ua-timer.timer disabled if ua-messaging.timer was disabled by
      the user
    - properly configure both ubuntu-advantage-timer and
      ubuntu-advantage-licence-check logs
  * d/tools.postrm:
    - remove ubuntu-advantage-timer and ubuntu-advantage-license-check logs
      during purge
  * systemd:
    - remove ua-messaging.timer/service
    - add new ua-timer.timer that runs every 6 hours
    - add new ua-license_check.timer that runs every 5 minutes only if
      activated by ua-license-check.path
  * New upstream release 27.3 (LP: #1942929)
    - ros:
      + add beta support to enable ros and ros-updates
      + add support for "required services" so that esm-infra and esm-apps
        get auto-enabled when enabling ros or ros-updates
      + add support for "dependent services" so that user gets prompted to
        disable ros/ros-updates if they disable esm-infra/esm-apps
    - fips:
      + allow fips on GCP bionic now that optimized kernel is ready
      + disallow enabling fips on focal on clouds until cloud-optimized focal
        fips-certified kernel is ready (LP: #1939449, LP: #1939932)
      + print warning about generic fips kernel if cloud-id fails
    - cloud:
      + rely only on cloud-id to determine cloud type (LP: #1940131)
      + catch errors when determining cloud type
        (LP: #1938207, LP: #1944676) (GH: #1541)
    - azure:
      + bump IMDS API version to support Azure published images
    - cli:
      + collect-logs command that creates a tar file with debug-relevant logs
        and status info (GH: #463)
      + clean locks on exceptions more thoroughly to avoid false "Operation in
        progress" status messages
      + retain past service state after detach
      + shows better error message when a port value in a proxy is invalid
    - non-unicode locale support:
      + remove unicode-only characters from help file
      + don't print unicode-only characters in ua fix if non-utf8 locale
        (GH: #1463)
    - logrotate:
      + add logrotate functionality for ubuntu-advantage-timer.log.
      + Fix root:root logrotate permissions.
    - ua-timer.timer:
      + introduce a single systemd timer to handle ua recurring jobs
      + timer runs every 2 hours to support most frequent timer job
      + recurring job intervals are configurable in uaclient.conf
      + individual jobs are disabled if their interval is set to 0
      - status job:
        + update ua status every 12 hours
      - messaging job:
        + update APT/MOTD ESM messaging every 6 hours
      - metering job:
        + disabled until infrastructure is ready
        + for attached machines only, periodically update contract server with
          status information for proper contract metering
    - ua-license-check.timer:
      + only runs on LTS GCP instances that are not attached
      + runs every 5 minutes to check if gcp instance has license r...

Read more...

Changed in ubuntu-advantage-tools (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.