ubuntu-advantage enable fips will fail due to missing --assume-yes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
Medium
|
Unassigned |
Bug Description
cloud-provider: AWS
cloud-init configuration (relevant section):
ubuntu-advantage:
token: <ua_contract_token>
enable:
- fips
(no reports attached, as bug is viewable in the code, however I can reproduce if you'd like)
ubuntu-advantage (ua) calls often have prompts. the ubuntu_advantage directive runs without the `--assume-yes` flag from ua
for service in enable:
try:
cmd = ['ua', 'enable', service]
except subp.ProcessExe
This will not work with FIPS, as running `ua enable fips` without `--assume-yes` will result in prompts.
I propose having `ua enable --assume-yes $service` be the default call in cloud-init
Confirmed on your suggested approach. Even services which don't have prompts will allow you to passe --assume-yes without error. It is ok to provide this param to all enable calls. /security- certs.docs. ubuntu. com/en/ cis to learn how to use CIS
$ ua enable cis --assume-yes
One moment, checking your subscription first
Updating package lists
Installing CIS Audit packages
CIS Audit enabled
Visit https:/
$ echo $?
0