[SRU] ubuntu-advantage-tools (27.11.3 -> 27.12) Xenial, Bionic, Focal, Jammy, Kinetic
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-advantage-tools (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
Kinetic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
This release mostly include new features for the pro client. They are:
* Add functionality to show if the system requires a reboot or not. This functionality can be accessed through our API or the CLI.
* Add api support for some security-status information:
- package summary information
- list of available package updates
- livepatch cves information
* Add api entry point to show packages installed in the machine as a manifest file
* Add retry mechanism for auto-attach on Pro cloud instances
Additionally, we are performing some refactorings in the code as well, for example:
* Remove package override logic when enabling FIPS services. Now we are relying exclusively on what the Contract server tell us when we install the FIPS metapackage.
* Use the auto_attach api on the CLI
[Test Case]
The following development and SRU process will be followed: https:/
The ubuntu-
[Regression Potential]
There are 3 main concerns that we have regarding this release. They are:
* Installing incorrect FIPS metapackages:
Now that we are only relying on the Contract Server to tell us which FIPS metapackage to install in the system, we can install incorrect metapackages if the Contract Server deliver us wrong information.
* Change return code for auto-attach CLI commands
Previously, in the case where the user tried to auto attach using the cli `pro auto-attach` on instances that were already attached or have disable_auto_attach configured as true in the uaclient.conf file, the cli exited with a 0 exit_code. We are changing those return code and that can harm users that are relying on a non-error execution under those conditions.
* Adding another service to the daemon
To make the retry auto-attach service works, we added a new service to our existing daemon. This service should only run for Pro instances if auto-attach fails. However, due to the already existing GCP service we have for GCP Pro instances, there could be unknown interactions between them, which could make unexpected changes on the machine.
However, we believe all of those 3 regression potentials are low risk, as we will discuss in the next section.
[Discussion]
We want to address all of the regression potentials that we have:
* Installing incorrect FIPS metapackages:
We already have integration tests for all the clouds we support FIPS on. We were not able to detect any case where we installed the incorrect metapackage on those instance. Because of our tests, we believe that this a low risk regression.
* Change return code for auto-attach CLI commands
The cli returned 0s for on those two scenarios (auto-attach disabled on config and machine already attached) because we would call the cli command on the ua-auto-
Additionally, we didn't advertise the use of `pro auto-attach` for programmatic consumption.
Therefore we believe it is safe to change the exit codes for those scenarios
* Adding another service to the daemon
We have created a flow diagram for the new retry auto-attach service:
https:/
We have tested our code and it correctly follows that diagram. As we can see, the main interaction scenarios between the two services (auto-attach and GCP polling service) are covered in the code.
Additionally, we already discussed the potential scenarios on the US011 spec with other teams.
Because of all that, even though unknown interactions are still possible, we believe the regression potential is low here.
Similar points were made during the review of this upload to Lunar in the MP that are worth checking out:
[Changelog]
- auto-attach:
+ use auto-attach api in cli entry-point
+ retry auto-attach for up to one month on Ubuntu Pro cloud instances
+ best_effort auto_attach api instead of fail fast
- enable: show deduplicated list of supported arches (GH: #917)
- fips: remove cloud package override logic
- messaging: verify contract expiration date on contract server before
outputting expired message on MOTD
- realtime-kernel: make service non-beta
- reboot-required:
+ add api support to show if the system requires a reboot
+ add cli command for the functionality
- security-status:
+ add api support to report standard updates
+ add api support to show livepatch cves
+ add api support to show packages summary information
+ list packages in oci manifest format
- systemd: add machine token condition for auto-attac
Related branches
- Andreas Hasenack: Approve
- Canonical Server Reporter: Pending requested
-
Diff: 15054 lines (+7867/-1698)185 files modifiedCONTRIBUTING.md (+4/-4)
README.md (+40/-38)
debian/changelog (+26/-0)
debian/control (+7/-6)
dev-docs/explanations/how_auto_attach_works.md (+2/-2)
dev-docs/explanations/systemd_units.md (+89/-0)
dev-docs/howtoguides/how_to_release_a_new_version_of_ua.md (+9/-9)
dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md (+13/-13)
dev-docs/howtoguides/testing.md (+5/-5)
dev-docs/references/architecture.md (+3/-3)
dev-docs/references/directory_layout.md (+8/-8)
dev-docs/references/enabling_a_service.md (+6/-6)
dev-docs/references/terminology.md (+4/-4)
dev-docs/references/what_happens_during_attach.md (+4/-4)
dev/null (+0/-161)
docs-requirements.txt (+2/-1)
docs/README.md (+2/-2)
docs/conf.py (+6/-1)
docs/explanations/apt_messages.md (+2/-2)
docs/explanations/how_to_interpret_the_security_status_command.md (+9/-10)
docs/explanations/motd_messages.md (+21/-21)
docs/explanations/status_columns.md (+10/-10)
docs/explanations/what_are_the_timer_jobs.md (+5/-5)
docs/explanations/what_are_ubuntu_pro_cloud_instances.md (+15/-0)
docs/explanations/what_is_the_daemon.md (+2/-2)
docs/explanations/what_is_the_ubuntu_advantage_pro_package.md (+2/-4)
docs/explanations/what_refresh_does.md (+5/-5)
docs/explanations/why_trusty_is_no_longer_supported.md (+3/-3)
docs/howtoguides/configure_proxies.md (+24/-24)
docs/howtoguides/configuring_timer_jobs.md (+5/-5)
docs/howtoguides/create_pro_golden_image.md (+1/-1)
docs/howtoguides/enable_cc.md (+2/-2)
docs/howtoguides/enable_cis.md (+1/-1)
docs/howtoguides/enable_esm_infra.md (+9/-9)
docs/howtoguides/enable_fips.md (+3/-3)
docs/howtoguides/enable_in_dockerfile.md (+32/-32)
docs/howtoguides/enable_livepatch.md (+2/-4)
docs/howtoguides/enable_realtime_kernel.md (+2/-2)
docs/howtoguides/get_token_and_attach.md (+11/-12)
docs/howtoguides/how_to_attach_with_config_file.md (+2/-2)
docs/howtoguides/how_to_collect_logs.md (+7/-7)
docs/howtoguides/how_to_run_fix_in_dry_run_mode.md (+13/-13)
docs/howtoguides/how_to_simulate_attach.md (+1/-1)
docs/howtoguides/update_motd_messages.md (+1/-1)
docs/index.rst (+7/-6)
docs/references/api.md (+336/-0)
docs/references/network_requirements.md (+4/-4)
docs/references/ppas.md (+4/-4)
docs/references/support_matrix.md (+2/-4)
docs/tutorials/basic_commands.md (+41/-41)
docs/tutorials/create_a_fips_docker_image.md (+17/-17)
docs/tutorials/create_a_fips_updates_pro_cloud_image.md (+7/-7)
docs/tutorials/fix_scenarios.md (+45/-45)
features/airgapped.feature (+53/-0)
features/api_configure_retry_service.feature (+59/-0)
features/api_packages.feature (+36/-0)
features/api_security.feature (+71/-0)
features/apt_messages.feature (+66/-20)
features/attached_commands.feature (+13/-8)
features/attached_enable.feature (+93/-24)
features/attached_status.feature (+3/-3)
features/daemon.feature (+0/-4)
features/detached_auto_attach.feature (+3/-2)
features/environment.py (+50/-19)
features/motd_messages.feature (+100/-3)
features/proxy_config.feature (+31/-0)
features/realtime_kernel.feature (+11/-15)
features/retry_auto_attach.feature (+364/-0)
features/schemas/ua_security_status.json (+3/-0)
features/steps/airgap.py (+185/-0)
features/steps/attach.py (+80/-0)
features/steps/contract.py (+122/-0)
features/steps/docker.py (+86/-0)
features/steps/files.py (+147/-0)
features/steps/fix.py (+49/-0)
features/steps/machines.py (+178/-0)
features/steps/magic_attach.py (+43/-0)
features/steps/misc.py (+40/-0)
features/steps/network.py (+74/-0)
features/steps/output.py (+114/-0)
features/steps/packages.py (+111/-0)
features/steps/shell.py (+144/-0)
features/steps/status.py (+30/-0)
features/steps/systemd.py (+126/-0)
features/steps/ubuntu_advantage_tools.py (+141/-0)
features/ubuntu_pro.feature (+18/-9)
features/ubuntu_pro_fips.feature (+18/-9)
features/unattached_status.feature (+8/-7)
help_data.yaml (+5/-7)
lib/auto_attach.py (+62/-17)
lib/daemon.py (+17/-22)
sru/release-27.11.3/test-apt-news-disable.sh (+86/-0)
sru/release-27.11.3/test_apport_wrong_encoding.sh (+66/-0)
systemd/ua-auto-attach.service (+3/-0)
systemd/ubuntu-advantage.service (+13/-7)
tools/create-lp-release-branches.sh (+1/-1)
tox.ini (+4/-4)
uaclient/actions.py (+4/-26)
uaclient/api/api.py (+10/-4)
uaclient/api/exceptions.py (+24/-15)
uaclient/api/tests/test_api.py (+1/-1)
uaclient/api/tests/test_api_u_pro_attach_auto_configure_retry_service.py (+60/-0)
uaclient/api/tests/test_api_u_pro_attach_auto_full_auto_attach_v1.py (+378/-0)
uaclient/api/tests/test_api_u_pro_attach_auto_should_auto_attach.py (+1/-1)
uaclient/api/tests/test_api_u_pro_packages_summary.py (+37/-0)
uaclient/api/tests/test_api_u_pro_packages_updates.py (+52/-0)
uaclient/api/tests/test_api_u_pro_security_status_get_package_manifest.py (+71/-0)
uaclient/api/tests/test_api_u_pro_security_status_livepatch_cves.py (+30/-0)
uaclient/api/tests/test_api_u_pro_security_status_reboot_required_v1.py (+27/-0)
uaclient/api/u/pro/attach/auto/configure_retry_service/__init__.py (+0/-0)
uaclient/api/u/pro/attach/auto/configure_retry_service/v1.py (+42/-0)
uaclient/api/u/pro/attach/auto/full_auto_attach/v1.py (+75/-93)
uaclient/api/u/pro/packages/__init__.py (+0/-0)
uaclient/api/u/pro/packages/summary/__init__.py (+0/-0)
uaclient/api/u/pro/packages/summary/v1.py (+76/-0)
uaclient/api/u/pro/packages/updates/__init__.py (+0/-0)
uaclient/api/u/pro/packages/updates/v1.py (+130/-0)
uaclient/api/u/pro/security/__init__.py (+0/-0)
uaclient/api/u/pro/security/status/__init__.py (+0/-0)
uaclient/api/u/pro/security/status/livepatch_cves/__init__.py (+0/-0)
uaclient/api/u/pro/security/status/livepatch_cves/v1.py (+54/-0)
uaclient/api/u/pro/security/status/reboot_required/__init__.py (+0/-0)
uaclient/api/u/pro/security/status/reboot_required/v1.py (+34/-0)
uaclient/api/u/security/__init__.py (+0/-0)
uaclient/api/u/security/package_manifest/__init__.py (+0/-0)
uaclient/api/u/security/package_manifest/v1.py (+47/-0)
uaclient/apt.py (+23/-5)
uaclient/cli.py (+109/-23)
uaclient/config.py (+2/-5)
uaclient/conftest.py (+38/-5)
uaclient/contract.py (+31/-34)
uaclient/daemon/__init__.py (+56/-0)
uaclient/daemon/poll_for_pro_license.py (+6/-34)
uaclient/daemon/retry_auto_attach.py (+186/-0)
uaclient/daemon/tests/__init__.py (+0/-0)
uaclient/daemon/tests/test_daemon.py (+67/-0)
uaclient/daemon/tests/test_poll_for_pro_license.py (+15/-101)
uaclient/daemon/tests/test_retry_auto_attach.py (+731/-0)
uaclient/data_types.py (+13/-0)
uaclient/entitlements/__init__.py (+18/-1)
uaclient/entitlements/base.py (+2/-1)
uaclient/entitlements/fips.py (+22/-65)
uaclient/entitlements/realtime.py (+3/-4)
uaclient/entitlements/repo.py (+1/-1)
uaclient/entitlements/tests/conftest.py (+0/-4)
uaclient/entitlements/tests/test_cc.py (+1/-1)
uaclient/entitlements/tests/test_entitlements.py (+60/-0)
uaclient/entitlements/tests/test_fips.py (+44/-108)
uaclient/entitlements/tests/test_livepatch.py (+1/-1)
uaclient/exceptions.py (+10/-31)
uaclient/files/__init__.py (+10/-0)
uaclient/files/data_types.py (+72/-0)
uaclient/files/files.py (+8/-75)
uaclient/files/state_files.py (+96/-0)
uaclient/files/tests/__init__.py (+0/-0)
uaclient/files/tests/test_data_types.py (+123/-0)
uaclient/files/tests/test_files.py (+49/-0)
uaclient/files/tests/test_state_files.py (+17/-0)
uaclient/jobs/tests/test_update_messaging.py (+56/-0)
uaclient/jobs/update_messaging.py (+38/-1)
uaclient/messages.py (+81/-27)
uaclient/security_status.py (+131/-31)
uaclient/snap.py (+41/-1)
uaclient/status.py (+12/-10)
uaclient/system.py (+1/-0)
uaclient/testing/helpers.py (+33/-0)
uaclient/tests/test_actions.py (+74/-39)
uaclient/tests/test_apt.py (+5/-5)
uaclient/tests/test_cli_attach.py (+2/-0)
uaclient/tests/test_cli_auto_attach.py (+65/-102)
uaclient/tests/test_cli_disable.py (+1/-1)
uaclient/tests/test_cli_enable.py (+1/-1)
uaclient/tests/test_cli_reboot_required.py (+37/-0)
uaclient/tests/test_cli_status.py (+18/-12)
uaclient/tests/test_config.py (+4/-4)
uaclient/tests/test_contract.py (+22/-30)
uaclient/tests/test_lib_auto_attach.py (+50/-13)
uaclient/tests/test_reboot_cmds.py (+1/-2)
uaclient/tests/test_security_status.py (+245/-6)
uaclient/tests/test_snap.py (+58/-0)
uaclient/tests/test_status.py (+55/-14)
uaclient/tests/test_util.py (+38/-0)
uaclient/util.py (+14/-0)
uaclient/version.py (+1/-1)
update-motd.d/91-contract-ua-esm-status (+6/-2)
summary: |
- [SRU] ubuntu-advantage-tools (27.11.3 -> 27.11.4) Xenial, Bionic, - Focal, Jammy + [SRU] ubuntu-advantage-tools (27.11.3 -> 27.12) Xenial, Bionic, Focal, + Jammy, Kinetic |
description: | updated |
description: | updated |
description: | updated |
Lunar was uploaded on the 21st and is going through migration at the moment: advantage- tools_27. 12~23.04. 1.dsc advantage- tools_27. 12~23.04. 1.tar.xz advantage- tools_27. 12~23.04. 1_source. buildinfo advantage- tools_27. 12~23.04. 1_source. changes
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Kinetic uploaded now: advantage- tools_27. 12~22.10. 1.dsc advantage- tools_27. 12~22.10. 1.tar.xz advantage- tools_27. 12~22.10. 1_source. buildinfo advantage- tools_27. 12~22.10. 1_source. changes
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Jammy uploaded now: advantage- tools_27. 12~22.04. 1.dsc advantage- tools_27. 12~22.04. 1.tar.xz advantage- tools_27. 12~22.04. 1_source. buildinfo advantage- tools_27. 12~22.04. 1_source. changes
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Focal uploaded now: advantage- tools_27. 12~20.04. 1.dsc advantage- tools_27. 12~20.04. 1.tar.xz advantage- tools_27. 12~20.04. 1_source. buildinfo advantage- tools_27. 12~20.04. 1_source. changes
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Bionic uploaded now: advantage- tools_27. 12~18.04. 1.dsc advantage- tools_27. 12~18.04. 1.tar.xz advantage- tools_27. 12~18.04. 1_source. buildinfo advantage- tools_27. 12~18.04. 1_source. changes
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Xenial uploaded now: advantage- tools_27. 12~16.04. 1.dsc: done. advantage- tools_27. 12~16.04. 1.tar.xz: done. advantage- tools_27. 12~16.04. 1_source. buildinfo: done. advantage- tools_27. 12~16.04. 1_source. changes: done.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Successfully uploaded packages.