Merge ~orndorffgrant/ubuntu/+source/ubuntu-advantage-tools:upload-28-mantic into ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel
- Git
- lp:~orndorffgrant/ubuntu/+source/ubuntu-advantage-tools
- upload-28-mantic
- Merge into ubuntu/devel
Status: | Merged |
---|---|
Merged at revision: | 3a9468ad1c615b05f46ecb8ae9bf8b264d396be8 |
Proposed branch: | ~orndorffgrant/ubuntu/+source/ubuntu-advantage-tools:upload-28-mantic |
Merge into: | ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel |
Diff against target: |
22814 lines (+8963/-3090) 215 files modified
.github/PULL_REQUEST_TEMPLATE.md (+21/-2) .github/actions/bug-refs/action.yml (+9/-0) .github/actions/bug-refs/index.js (+107/-0) .github/actions/bug-refs/package-lock.json (+430/-0) .github/actions/bug-refs/package.json (+10/-0) .github/workflows/ci-base.yaml (+2/-0) .github/workflows/ci-integration.yaml (+3/-0) .github/workflows/custom_pr_checks.yaml (+27/-0) .pre-commit-config.yaml (+1/-1) apport/source_ubuntu-advantage-tools.py (+6/-2) apt-hook/json-hook.cc (+35/-19) debian/changelog (+54/-0) debian/source/lintian-overrides (+3/-1) debian/ubuntu-advantage-tools.postinst (+1/-1) dev-docs/explanations/systemd_units.md (+6/-6) dev-docs/howtoguides/building.md (+0/-13) dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md (+1/-1) dev-docs/howtoguides/release_a_new_version.md (+52/-33) dev-docs/howtoguides/testing.md (+4/-15) dev-docs/references/directory_layout.md (+2/-2) dev-docs/references/enabling_a_service.md (+1/-1) dev-docs/references/terminology.md (+2/-2) dev-docs/references/version_string_formatting.md (+10/-10) dev-docs/references/what_happens_during_attach.md (+1/-1) dev-requirements.txt (+1/-1) dev/null (+0/-91) docs/_static/js/github_issue_links.js (+1/-1) docs/conf.py (+3/-1) docs/explanations.rst (+2/-0) docs/explanations/apt_messages.md (+1/-1) docs/explanations/cves_and_usns_explained.md (+44/-0) docs/explanations/how_to_interpret_output_of_unattended_upgrades.md (+82/-0) docs/explanations/how_to_interpret_the_security_status_command.md (+200/-7) docs/explanations/motd_messages.md (+121/-20) docs/explanations/status_columns.md (+102/-0) docs/googleaf254801a5285c31.html (+1/-0) docs/howtoguides.rst (+1/-0) docs/howtoguides/enable_fips.md (+1/-1) docs/howtoguides/get_rid_of_corrupt_lock.md (+1/-1) docs/howtoguides/get_token_and_attach.md (+37/-3) docs/howtoguides/how_to_not_fix_related_usns.md (+65/-0) docs/index.rst (+3/-2) docs/references/api.md (+207/-0) docs/references/network_requirements.md (+29/-23) docs/sitemap-index.xml (+8/-0) docs/tutorials/create_a_fips_updates_pro_cloud_image.md (+9/-9) docs/tutorials/fix_scenarios.md (+54/-15) features/_version.feature (+6/-6) features/airgapped.feature (+1/-1) features/api.feature (+12/-2) features/api_configure_retry_service.feature (+1/-1) features/api_full_auto_attach.feature (+1/-1) features/api_magic_attach.feature (+1/-1) features/api_packages.feature (+1/-1) features/api_security.feature (+2/-2) features/api_unattended_upgrades.feature (+1/-1) features/apt_messages.feature (+26/-51) features/attach_invalidtoken.feature (+2/-2) features/attach_validtoken.feature (+34/-20) features/attached_commands.feature (+66/-61) features/attached_enable.feature (+25/-25) features/attached_status.feature (+10/-6) features/cloud.py (+74/-18) features/cloud_pro_clone.feature (+2/-10) features/collect_logs.feature (+2/-2) features/config.feature (+1/-1) features/daemon.feature (+82/-14) features/docker.feature (+1/-2) features/enable_fips_cloud.feature (+1/-1) features/enable_fips_container.feature (+2/-2) features/enable_fips_vm.feature (+40/-40) features/environment.py (+114/-127) features/fix.feature (+286/-68) features/i8n.feature (+128/-0) features/install_uninstall.feature (+3/-3) features/livepatch.feature (+87/-16) features/logs.feature (+60/-1) features/magic_attach.feature (+2/-6) features/motd_messages.feature (+2/-2) features/proxy_config.feature (+19/-34) features/realtime_kernel.feature (+267/-47) features/reboot_cmds.feature (+48/-0) features/retry_auto_attach.feature (+6/-7) features/security_status.feature (+230/-66) features/steps/airgap.py (+2/-2) features/steps/attach.py (+20/-4) features/steps/files.py (+5/-2) features/steps/fix.py (+2/-2) features/steps/machines.py (+37/-13) features/steps/output.py (+7/-0) features/steps/packages.py (+17/-18) features/steps/shell.py (+4/-2) features/steps/status.py (+1/-1) features/steps/ubuntu_advantage_tools.py (+24/-23) features/timer.feature (+20/-0) features/ubuntu_pro.feature (+12/-12) features/ubuntu_pro_fips.feature (+12/-12) features/ubuntu_upgrade.feature (+2/-2) features/ubuntu_upgrade_unattached.feature (+1/-1) features/unattached_commands.feature (+183/-13) features/unattached_status.feature (+28/-12) features/util.py (+9/-4) integration-requirements.txt (+1/-4) lib/apt_news.py (+7/-1) lib/auto_attach.py (+7/-1) lib/daemon.py (+12/-1) lib/esm_cache.py (+7/-0) lib/reboot_cmds.py (+75/-107) lib/timer.py (+10/-3) lib/upgrade_lts_contract.py (+6/-114) pyproject.toml (+20/-0) sru/release-27.14/test-migrate-user-config.sh (+46/-28) systemd/ua-auto-attach.service (+11/-1) systemd/ua-reboot-cmds.service (+9/-2) systemd/ua-timer.service (+8/-1) systemd/ua-timer.timer (+5/-1) systemd/ubuntu-advantage.service (+4/-3) tools/README.md (+14/-2) tools/create-lp-release-branches.sh (+5/-5) tools/run-integration-tests.py (+20/-13) tools/ua.bash (+13/-3) tox.ini (+46/-37) uaclient/actions.py (+32/-6) uaclient/api/api.py (+2/-0) uaclient/api/exceptions.py (+2/-17) uaclient/api/tests/test_api_u_pro_status_enabled_services_v1.py (+73/-0) uaclient/api/u/pro/attach/auto/full_auto_attach/v1.py (+2/-1) uaclient/api/u/pro/status/enabled_services/v1.py (+83/-0) uaclient/api/u/pro/status/is_attached/__init__.py (+0/-0) uaclient/api/u/pro/status/is_attached/v1.py (+29/-0) uaclient/apt.py (+29/-14) uaclient/apt_news.py (+4/-3) uaclient/cli.py (+84/-20) uaclient/clouds/azure.py (+17/-4) uaclient/clouds/gcp.py (+2/-2) uaclient/clouds/tests/test_azure.py (+27/-8) uaclient/clouds/tests/test_gcp.py (+106/-20) uaclient/clouds/tests/test_identity.py (+4/-3) uaclient/config.py (+9/-35) uaclient/conftest.py (+15/-1) uaclient/contract.py (+103/-76) uaclient/contract_data_types.py (+18/-0) uaclient/daemon/poll_for_pro_license.py (+13/-4) uaclient/daemon/retry_auto_attach.py (+4/-3) uaclient/daemon/tests/test_poll_for_pro_license.py (+1/-1) uaclient/daemon/tests/test_retry_auto_attach.py (+11/-4) uaclient/data_types.py (+10/-10) uaclient/defaults.py (+1/-1) uaclient/entitlements/__init__.py (+9/-3) uaclient/entitlements/base.py (+146/-23) uaclient/entitlements/esm.py (+4/-4) uaclient/entitlements/fips.py (+2/-2) uaclient/entitlements/livepatch.py (+23/-13) uaclient/entitlements/realtime.py (+64/-2) uaclient/entitlements/repo.py (+29/-16) uaclient/entitlements/tests/test_base.py (+170/-4) uaclient/entitlements/tests/test_cc.py (+27/-34) uaclient/entitlements/tests/test_cis.py (+21/-6) uaclient/entitlements/tests/test_entitlements.py (+17/-1) uaclient/entitlements/tests/test_esm.py (+8/-8) uaclient/entitlements/tests/test_fips.py (+58/-41) uaclient/entitlements/tests/test_livepatch.py (+70/-63) uaclient/entitlements/tests/test_realtime.py (+61/-0) uaclient/entitlements/tests/test_repo.py (+34/-46) uaclient/event_logger.py (+7/-0) uaclient/exceptions.py (+51/-2) uaclient/files/files.py (+7/-0) uaclient/files/state_files.py (+5/-6) uaclient/livepatch.py (+85/-26) uaclient/log.py (+28/-2) uaclient/messages.py (+131/-13) uaclient/security.py (+390/-146) uaclient/security_status.py (+162/-69) uaclient/status.py (+133/-58) uaclient/system.py (+191/-46) uaclient/testing/fakes.py (+2/-5) uaclient/tests/constraints/constraints-jammy.txt (+8/-0) uaclient/tests/test_actions.py (+25/-11) uaclient/tests/test_apt.py (+78/-13) uaclient/tests/test_apt_news.py (+3/-3) uaclient/tests/test_cli.py (+168/-51) uaclient/tests/test_cli_api.py (+2/-1) uaclient/tests/test_cli_attach.py (+33/-11) uaclient/tests/test_cli_auto_attach.py (+39/-15) uaclient/tests/test_cli_collect_logs.py (+34/-4) uaclient/tests/test_cli_detach.py (+1/-0) uaclient/tests/test_cli_disable.py (+8/-1) uaclient/tests/test_cli_enable.py (+41/-3) uaclient/tests/test_cli_fix.py (+12/-3) uaclient/tests/test_cli_reboot_required.py (+2/-1) uaclient/tests/test_cli_refresh.py (+5/-2) uaclient/tests/test_cli_security_status.py (+4/-0) uaclient/tests/test_cli_status.py (+8/-0) uaclient/tests/test_config.py (+7/-53) uaclient/tests/test_contract.py (+146/-117) uaclient/tests/test_data_types.py (+8/-1) uaclient/tests/test_livepatch.py (+143/-41) uaclient/tests/test_reboot_cmds.py (+163/-154) uaclient/tests/test_security.py (+542/-113) uaclient/tests/test_security_status.py (+63/-28) uaclient/tests/test_status.py (+74/-7) uaclient/tests/test_system.py (+396/-101) uaclient/tests/test_upgrade_lts_contract.py (+32/-66) uaclient/tests/test_util.py (+32/-9) uaclient/timer/__init__.py (+20/-0) uaclient/timer/metering.py (+3/-2) uaclient/timer/tests/__init__.py (+0/-0) uaclient/timer/tests/test_update_contract_info.py (+2/-2) uaclient/timer/tests/test_update_messaging.py (+10/-12) uaclient/timer/update_contract_info.py (+2/-1) uaclient/timer/update_messaging.py (+4/-5) uaclient/upgrade_lts_contract.py (+104/-0) uaclient/util.py (+4/-1) uaclient/version.py (+1/-1) ubuntu-advantage.1 (+1/-1) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Lucas Kanashiro (community) | Approve | ||
Robie Basak | Needs Fixing | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+443833@code.launchpad.net |
Commit message
Description of the change
This is release 28 of ubuntu-
This replaces the 27.15 MP, which I will close shortly.
SRU Bug: https:/
Grant Orndorff (orndorffgrant) wrote : | # |
Lucas Kanashiro (lucaskanashiro) wrote : | # |
All tests were triggered.
Lucas Kanashiro (lucaskanashiro) wrote : | # |
Review:
As I am not familiar to the code base and my review here is more related to the
interaction with the system, I kind of skipped most changes related to tests
(the ones not executed during build time), CI and docs and tried to focus on the
code. Bear in mind this is my first pro-client review, so if there is something
you believe I should change in my approach please let me know.
I started reviewing the difference between the content in the archive (git tag
pkg/import/27.14.4) and the proposed branch for 27.15 (branch
upload-
proposed upload (upload-28-mantic branch) but it was a good way to review it in
smaller chunks.
# Diff between 27.14.4 and 27.15 (never released)
- The initial commits are related to the diff between the packaging branch and
upstream tag for that release that Robie raised to the Pro team on MM. Grant
added those missing changes to the package now with splitted commits. Thanks
Grant! There is still a delta in d/changelog which is fixed in version 28,
and the .gitignore changes which still remains in version 28.
- A bunch of refactoring was done.
- A bunch of logging related changes, plus a apport script update to include
those logs when reporting a bug. Now non-root user logging is supported.
- postinst change to better catch when the "ua_config" option is used. The
regex was updated to check if the line starts with "ua_config", which makes
sure that the option is not commented out. This change seems safe enough to
me.
- The code which tries to load uaclient.conf from CWD was removed, considered
unintuitive and unexpected behavior by the Pro team. I believe this has no
impact in the package itself, since the config is loaded from somewhere else.
- Livepatch related changes. Nothing that I believe it will impact the package.
The kernel architecture is now treated differently than the other packages,
they use uname.machine to track it. So instead of amd64 we have x86_64 for
kernels, which seems to be what the livepatch service supports.
- When getting OS info via os-release, now Pro tries to checkout /etc/os-release
and then fallback to /usr/lib/
- Update the ua-reboot-
/var/
it is already attached. I do not foresee any issue with that change.
- Pro security status now shows available/installed counts for ESM packages
even if it is not enabled/attached. The output of the command was also
updated to facilitate users searching for packages via grep, and some other
small changes. The pro status message was also improved.
- Bionic specific urls where added to apt messaging.
- The apt config file adding infra-security and apps-security to
Unattended-
now shipped by the unattended-upgrades package. I confirmed that it is true to
supported releases.
- Pro now supports variants for services, such as variants for kernel vendors
like Intel and NVIDIA.
# Diff between 27.15 (never re...
Grant Orndorff (orndorffgrant) wrote : | # |
Thank you for the review Lucas!
I've addressed your requests: The changelog references version 28 only now (since 27.15 never happened - I'll be deleting the 27.15 tag on GitHub as well). And the commit about the new return code now accurately says the new code is 4.
I'll also post the autopkgtest results so far in a separate comment. They're all passing so far, but some are still in the queue.
Grant Orndorff (orndorffgrant) wrote : | # |
* Staging PPA Test Results:
- ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
- ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
- ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
- ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
- ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
- ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
- ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
* Waiting:
# Q-num pkg release arch ppa trigger
- 716 ubuntu-
- 60 ubuntu-
- 1340 ubuntu-
- 1748 ubuntu-
Lucas Kanashiro (lucaskanashiro) wrote : | # |
Thanks for addressing my comments Grant!
I built the package locally and then ran lintian against it, and I noticed that the lintian overrides that you have in place seems to not be working. I got the following lintian error:
E: ubuntu-
I see you have it in d/source/
$ cat debian/
ubuntu-
Could we try to fix it? I saw the comment in d/control regarding this change.
There are also some lintian warnings that are not mandatory to fix TBH, but they are kind of annoying and some of them have a good reason to be ignored, so maybe documenting it via a lintian override is a good way. I am going to list all the warnings below and based on your judgement override them or not.
W: ubuntu-
W: ubuntu-
W: ubuntu-
W: ubuntu-
I believe you know what you are doing, hard-coding python3 interpreter there :)
W: ubuntu-
W: ubuntu-
Since in Ubuntu we support just systemd there I think it is fine to call it directly. Ideally, we should use deb-systemd-invoke.
W: ubuntu-
This warning should be fixed when we fix the lintian error mentioned above.
W: ubuntu-
We can override this one, I understand you use debhelper compat level 9 because you backport this package to old releases.
W: ubuntu-
This one is a false positive, this line is called in a python code snippet.
W: ubuntu-
I also believe you know what you are doing :)
W: ubuntu-
And I think this is needed.
In short, the lintian error I'd like to get it fixed before uploading it, but the warnings is up to you, feel free to override or ignore them :)
Lucas Kanashiro (lucaskanashiro) wrote : | # |
While taking a look and executing the DEP-8 test, I noticed that it is really trivial. You should add 'superficial' to Restrictions to signalize that the successful pass of this test does not mean that your package is fully functional, since you are simply calling "ua --help" and "ua version". This may not be something you want to do now but I think you should do it at some point.
Grant Orndorff (orndorffgrant) wrote : | # |
Thank you Lucas!
I think you've assessed the state of our lintian errors and warnings very well.
I've addressed the lintian error with an adjusted lintian-override in the latest commit I just pushed.
I've created issues on our GitHub repository to represent:
- overriding/
- marking our current dep-8 tests as superficial: https:/
- updating our dep-8 tests to be non-superficial: https:/
Let me know if there is anything else!
Lucas Kanashiro (lucaskanashiro) wrote : | # |
Thank you Grant! LGTM now, +1.
Grant Orndorff (orndorffgrant) wrote : | # |
The final autopkgtests have finished
- ubuntu-
+ ✅ ubuntu-
- ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
- ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
- ubuntu-
+ ✅ ubuntu-
- ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
+ ✅ ubuntu-
Robie Basak (racb) wrote : | # |
Thank you Lucas for the excellent summary and review! Generally this looks good to me with no specific issues from an SRU perspective. However I did notice an issue that I thought is severe enough to need attention. There's also one other minor request that doesn't need to block this.
---
[Must be fixed or needs further discussion]
> 1c9bc854 subp: use system environment vars by default
This is dangerous for a number of reasons:
1) env.update(
worse by run_apt_command defining env={} as a default, so this will not only
change the caller's copy, it will mutate that default.
2) If a caller were relying on overriding an option in the environment by
specifying it here, that will no longer work as the entry in os.environ will
override it. Have you checked all callers?
3) Doesn't this make for a really surprising API? I'd expect the API to be
identical to the Python subprocess module use of env. Failing that, one would
expect env=None to mean "use the current process environment, and if env is not
None, for this to mean that either the entries present should either override
the current process environment or that the entries present should be used
ignoring the current process environment (I think Python does the latter). The
behaviour should be clearly stated in the docstring. For it to instead be the
behaviour in the previous point is surprising.
Suggestions:
1. Stick to the Python library's meaning of env. This is what developers
expect, and then the docstring can just refer to the subprocess module's
behaviour.
2. Never use the "foo={}" default value pattern unless you're actually trying
to create globally mutable state. Always use foo=None, and if required, "if foo
is None: foo = {}" to make sure you get an empty one every time.
3. Fix issue 2527 without changing the subp API's definition of env. For
example you could add an additional_env parameter to subp to make it explicit,
instead of overloading the meaning of env. This could be implemented like this:
if additional_env:
final_env = dict(env) if env else {}
final_
As I've done here, it's generally a good idea to use a different name for every
variable with different semantics instead of mutating an existing one - this is
why I did not do "env = dict(env)...".
I see lots of use of env={} and haven't inspected the entire call graph to
understand the use of env throughout. This probably needs doing to make sure
the design accommodates everything.
---
[Optional/feature]
Some files in systemd/* contain some excellent comments explaining to
interested users what the services do, the circumstances under which they
(won't) activate and how to turn them off. Other files are less well commented.
For example, "attach" is a term that we understand, but users disinterested in
Pro do not.
Commits 697bbac1 and 9cd7fe26 touch these files. Maybe this is an opportunity
to improve the comments?
Grant Orndorff (orndorffgrant) wrote : | # |
Thank you Robie!
Yes that is an excellent point about our overall usage of "env" and we should fix it. After taking a look at all of our uses of that argument, I've discovered that it is exclusively there to support setting DEBIAN_
Please take a look here when you have time: https:/
I also went ahead and included more explanatory comments in our systemd unit files in that same PR - separate commit. Let me know if you think they make sense to include now or if not then we can workshop them and add them later.
Robie Basak (racb) wrote : | # |
> I also went ahead and included more explanatory comments in our systemd unit files in that same PR - separate commit. Let me know if you think they make sense to include now or if not then we can workshop them and add them later.
I think it makes sense to include now, assuming that's easiest for you. Fine if not.
Grant Orndorff (orndorffgrant) wrote : | # |
Thank you for the upstream review Robie!
We merged the fix upstream, and I just included it here in this branch. Please double check the last two commits I just pushed and let me know if you find anything else that needs fixing.
Lucas Kanashiro (lucaskanashiro) wrote : | # |
Thanks for the fixes Grant! I talked to Robie and he asked me just to make sure that what you proposed here matches the changes he approved in the upstream PR. I checked and the changes are the same. I'll be uploading those changes to Mantic.
Lucas Kanashiro (lucaskanashiro) wrote : | # |
Package uploaded:
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Preview Diff
1 | diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md |
2 | index abf1338..7faa407 100644 |
3 | --- a/.github/PULL_REQUEST_TEMPLATE.md |
4 | +++ b/.github/PULL_REQUEST_TEMPLATE.md |
5 | @@ -1,5 +1,13 @@ |
6 | -## Proposed Commit Message |
7 | -<!-- Include a proposed commit message because all PRs can be merged in a variety of ways by the reviewer --> |
8 | +## Why is this needed? |
9 | +<!-- This information should be captured in your commit messages, so any description here can be very brief --> |
10 | +This PR solves all of our problems because... |
11 | + |
12 | +<!-- |
13 | +By default, we rebase PRs and will ask for a clean well-organized commit history in the PR before rebasing. |
14 | +If your PR is small enough and you prefer, uncomment the following section and fill it out to request a squashed PR. |
15 | +--> |
16 | +<!-- |
17 | +## Please Squash this PR with this commit message |
18 | |
19 | ``` |
20 | summary: no more than 70 characters |
21 | @@ -14,6 +22,7 @@ If you need to write multiple paragraphs, feel free. |
22 | LP: #NNNNNNN (replace with the appropriate Launchpad bug reference if applicable) |
23 | Fixes: #NNNNNNN (replace with the appropriate github issue if applicable) |
24 | ``` |
25 | +--> |
26 | |
27 | ## Test Steps |
28 | <!-- Please include any steps necessary to verify (and reproduce if |
29 | @@ -21,6 +30,16 @@ this is a bug fix) this change on a live deployed system, |
30 | including any necessary configuration files, user-data, |
31 | setup, and teardown. Scripts used may be attached directly to this PR. --> |
32 | |
33 | +<!-- Example: |
34 | +``` |
35 | +env SHELL_BEFORE=1 ./tools/test-in-lxd.sh xenial |
36 | +# Set up test scenario before upgrade |
37 | +exit # new version gets installed after exit and lxc shell is re-started |
38 | +sudo pro new-sub-command --new-flag |
39 | +# Assert something |
40 | +``` |
41 | +--> |
42 | + |
43 | ## Checklist |
44 | <!-- Go over all the following points, and put an `x` in all the boxes |
45 | that apply. --> |
46 | diff --git a/.github/actions/bug-refs/action.yml b/.github/actions/bug-refs/action.yml |
47 | new file mode 100644 |
48 | index 0000000..458d152 |
49 | --- /dev/null |
50 | +++ b/.github/actions/bug-refs/action.yml |
51 | @@ -0,0 +1,9 @@ |
52 | +name: 'Require Bug References' |
53 | +description: 'Block PRs on missing bug references' |
54 | +inputs: |
55 | + repo-token: |
56 | + description: 'Token for the repository. Can be passed in using {{ secrets.GITHUB_TOKEN }}' |
57 | + required: true |
58 | +runs: |
59 | + using: 'node16' |
60 | + main: 'index.js' |
61 | diff --git a/.github/actions/bug-refs/index.js b/.github/actions/bug-refs/index.js |
62 | new file mode 100644 |
63 | index 0000000..b603793 |
64 | --- /dev/null |
65 | +++ b/.github/actions/bug-refs/index.js |
66 | @@ -0,0 +1,107 @@ |
67 | +const core = require('@actions/core'); |
68 | +const github = require('@actions/github'); |
69 | + |
70 | +const commentHeader = "<!-- ubuntu-pro-client-bug-refs -->"; |
71 | + |
72 | +function createCommentBody(commits, title) { |
73 | + let newComment = ""; |
74 | + newComment += commentHeader; |
75 | + newComment += "\n"; |
76 | + |
77 | + newComment += "Jira: "; |
78 | + const jiraMatches = title.toLocaleUpperCase().match(/SC-\d+/g); |
79 | + if (jiraMatches === null || jiraMatches.length === 0) { |
80 | + newComment += "This PR is not related to a Jira item. (The PR title does not include a SC-#### reference)\n"; |
81 | + } else { |
82 | + const jiraID = jiraMatches[0]; |
83 | + newComment += `[${jiraID}](https://warthogs.atlassian.net/browse/${jiraID})\n`; |
84 | + } |
85 | + newComment += "\n"; |
86 | + |
87 | + let lpBugs = []; |
88 | + let ghIssues = []; |
89 | + commits.forEach(commit => { |
90 | + const message = commit.commit.message.toLocaleUpperCase(); |
91 | + lpBugs = lpBugs.concat(Array.from(message.matchAll(/LP: #(\d+)/g)).map(m => m[1])); |
92 | + ghIssues = ghIssues.concat(Array.from(message.matchAll(/FIXES: #(\d+)/g)).map(m => m[1])); |
93 | + ghIssues = ghIssues.concat(Array.from(message.matchAll(/CLOSES: #(\d+)/g)).map(m => m[1])); |
94 | + }); |
95 | + |
96 | + newComment += "GitHub Issues:"; |
97 | + if (ghIssues.length === 0) { |
98 | + newComment += " No GitHub issues are fixed by this PR. (No commits have Fixes: #### references)\n"; |
99 | + } else { |
100 | + newComment += "\n"; |
101 | + ghIssues.forEach(issue => { |
102 | + newComment += `- Fixes: #${issue}\n`; |
103 | + }); |
104 | + } |
105 | + newComment += "\n"; |
106 | + |
107 | + newComment += "Launchpad Bugs:"; |
108 | + if (lpBugs.length === 0) { |
109 | + newComment += " No Launchpad bugs are fixed by this PR. (No commits have LP: #### references)\n"; |
110 | + } else { |
111 | + newComment += "\n"; |
112 | + lpBugs.forEach(bug => { |
113 | + newComment += `- LP: [#${bug}](https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/${bug})\n`; |
114 | + }); |
115 | + } |
116 | + newComment += "\n"; |
117 | + |
118 | + newComment += "👍 this comment to confirm that this is correct."; |
119 | + |
120 | + return newComment; |
121 | +} |
122 | + |
123 | +async function run() { |
124 | + const context = github.context; |
125 | + if (context.eventName !== "pull_request") { |
126 | + console.log( |
127 | + 'The event that triggered this action was not a pull request, skipping.' |
128 | + ); |
129 | + return; |
130 | + } |
131 | + |
132 | + const client = github.getOctokit( |
133 | + core.getInput('repo-token', {required: true}) |
134 | + ); |
135 | + const commits = await client.rest.pulls.listCommits({ |
136 | + owner: context.issue.owner, |
137 | + repo: context.issue.repo, |
138 | + pull_number: context.issue.number, |
139 | + }); |
140 | + const comments = await client.rest.issues.listComments({ |
141 | + owner: context.issue.owner, |
142 | + repo: context.issue.repo, |
143 | + issue_number: context.issue.number, |
144 | + }); |
145 | + const theComment = comments.data.find(c => c.body.includes(commentHeader)); |
146 | + if (theComment) { |
147 | + // comment already exists, update it appropriately |
148 | + const existingBody = theComment.body; |
149 | + const newBody = createCommentBody(commits.data, context.payload.pull_request.title); |
150 | + if (existingBody !== newBody) { |
151 | + client.rest.issues.updateComment({ |
152 | + owner: context.issue.owner, |
153 | + repo: context.issue.repo, |
154 | + comment_id: theComment.id, |
155 | + body: newBody, |
156 | + }); |
157 | + } |
158 | + } else { |
159 | + // first run, comment doesn't exist yet |
160 | + const newBody = createCommentBody(commits.data, context.payload.pull_request.title); |
161 | + client.rest.issues.createComment({ |
162 | + owner: context.issue.owner, |
163 | + repo: context.issue.repo, |
164 | + issue_number: context.issue.number, |
165 | + body: newBody, |
166 | + }); |
167 | + } |
168 | +} |
169 | + |
170 | +run().catch(error => { |
171 | + console.error(error); |
172 | + core.setFailed(error.message); |
173 | +}) |
174 | diff --git a/.github/actions/bug-refs/package-lock.json b/.github/actions/bug-refs/package-lock.json |
175 | new file mode 100644 |
176 | index 0000000..f9ad26b |
177 | --- /dev/null |
178 | +++ b/.github/actions/bug-refs/package-lock.json |
179 | @@ -0,0 +1,430 @@ |
180 | +{ |
181 | + "name": "bug-refs", |
182 | + "version": "1.0.0", |
183 | + "lockfileVersion": 2, |
184 | + "requires": true, |
185 | + "packages": { |
186 | + "": { |
187 | + "name": "bug-refs", |
188 | + "version": "1.0.0", |
189 | + "dependencies": { |
190 | + "@actions/core": "^1.10.0", |
191 | + "@actions/github": "^5.1.1" |
192 | + } |
193 | + }, |
194 | + "node_modules/@actions/core": { |
195 | + "version": "1.10.0", |
196 | + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz", |
197 | + "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==", |
198 | + "dependencies": { |
199 | + "@actions/http-client": "^2.0.1", |
200 | + "uuid": "^8.3.2" |
201 | + } |
202 | + }, |
203 | + "node_modules/@actions/github": { |
204 | + "version": "5.1.1", |
205 | + "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz", |
206 | + "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==", |
207 | + "dependencies": { |
208 | + "@actions/http-client": "^2.0.1", |
209 | + "@octokit/core": "^3.6.0", |
210 | + "@octokit/plugin-paginate-rest": "^2.17.0", |
211 | + "@octokit/plugin-rest-endpoint-methods": "^5.13.0" |
212 | + } |
213 | + }, |
214 | + "node_modules/@actions/http-client": { |
215 | + "version": "2.1.0", |
216 | + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz", |
217 | + "integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==", |
218 | + "dependencies": { |
219 | + "tunnel": "^0.0.6" |
220 | + } |
221 | + }, |
222 | + "node_modules/@octokit/auth-token": { |
223 | + "version": "2.5.0", |
224 | + "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz", |
225 | + "integrity": "sha512-r5FVUJCOLl19AxiuZD2VRZ/ORjp/4IN98Of6YJoJOkY75CIBuYfmiNHGrDwXr+aLGG55igl9QrxX3hbiXlLb+g==", |
226 | + "dependencies": { |
227 | + "@octokit/types": "^6.0.3" |
228 | + } |
229 | + }, |
230 | + "node_modules/@octokit/core": { |
231 | + "version": "3.6.0", |
232 | + "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz", |
233 | + "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==", |
234 | + "dependencies": { |
235 | + "@octokit/auth-token": "^2.4.4", |
236 | + "@octokit/graphql": "^4.5.8", |
237 | + "@octokit/request": "^5.6.3", |
238 | + "@octokit/request-error": "^2.0.5", |
239 | + "@octokit/types": "^6.0.3", |
240 | + "before-after-hook": "^2.2.0", |
241 | + "universal-user-agent": "^6.0.0" |
242 | + } |
243 | + }, |
244 | + "node_modules/@octokit/endpoint": { |
245 | + "version": "6.0.12", |
246 | + "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.12.tgz", |
247 | + "integrity": "sha512-lF3puPwkQWGfkMClXb4k/eUT/nZKQfxinRWJrdZaJO85Dqwo/G0yOC434Jr2ojwafWJMYqFGFa5ms4jJUgujdA==", |
248 | + "dependencies": { |
249 | + "@octokit/types": "^6.0.3", |
250 | + "is-plain-object": "^5.0.0", |
251 | + "universal-user-agent": "^6.0.0" |
252 | + } |
253 | + }, |
254 | + "node_modules/@octokit/graphql": { |
255 | + "version": "4.8.0", |
256 | + "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.8.0.tgz", |
257 | + "integrity": "sha512-0gv+qLSBLKF0z8TKaSKTsS39scVKF9dbMxJpj3U0vC7wjNWFuIpL/z76Qe2fiuCbDRcJSavkXsVtMS6/dtQQsg==", |
258 | + "dependencies": { |
259 | + "@octokit/request": "^5.6.0", |
260 | + "@octokit/types": "^6.0.3", |
261 | + "universal-user-agent": "^6.0.0" |
262 | + } |
263 | + }, |
264 | + "node_modules/@octokit/openapi-types": { |
265 | + "version": "12.11.0", |
266 | + "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.11.0.tgz", |
267 | + "integrity": "sha512-VsXyi8peyRq9PqIz/tpqiL2w3w80OgVMwBHltTml3LmVvXiphgeqmY9mvBw9Wu7e0QWk/fqD37ux8yP5uVekyQ==" |
268 | + }, |
269 | + "node_modules/@octokit/plugin-paginate-rest": { |
270 | + "version": "2.21.3", |
271 | + "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.21.3.tgz", |
272 | + "integrity": "sha512-aCZTEf0y2h3OLbrgKkrfFdjRL6eSOo8komneVQJnYecAxIej7Bafor2xhuDJOIFau4pk0i/P28/XgtbyPF0ZHw==", |
273 | + "dependencies": { |
274 | + "@octokit/types": "^6.40.0" |
275 | + }, |
276 | + "peerDependencies": { |
277 | + "@octokit/core": ">=2" |
278 | + } |
279 | + }, |
280 | + "node_modules/@octokit/plugin-rest-endpoint-methods": { |
281 | + "version": "5.16.2", |
282 | + "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-5.16.2.tgz", |
283 | + "integrity": "sha512-8QFz29Fg5jDuTPXVtey05BLm7OB+M8fnvE64RNegzX7U+5NUXcOcnpTIK0YfSHBg8gYd0oxIq3IZTe9SfPZiRw==", |
284 | + "dependencies": { |
285 | + "@octokit/types": "^6.39.0", |
286 | + "deprecation": "^2.3.1" |
287 | + }, |
288 | + "peerDependencies": { |
289 | + "@octokit/core": ">=3" |
290 | + } |
291 | + }, |
292 | + "node_modules/@octokit/request": { |
293 | + "version": "5.6.3", |
294 | + "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.6.3.tgz", |
295 | + "integrity": "sha512-bFJl0I1KVc9jYTe9tdGGpAMPy32dLBXXo1dS/YwSCTL/2nd9XeHsY616RE3HPXDVk+a+dBuzyz5YdlXwcDTr2A==", |
296 | + "dependencies": { |
297 | + "@octokit/endpoint": "^6.0.1", |
298 | + "@octokit/request-error": "^2.1.0", |
299 | + "@octokit/types": "^6.16.1", |
300 | + "is-plain-object": "^5.0.0", |
301 | + "node-fetch": "^2.6.7", |
302 | + "universal-user-agent": "^6.0.0" |
303 | + } |
304 | + }, |
305 | + "node_modules/@octokit/request-error": { |
306 | + "version": "2.1.0", |
307 | + "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz", |
308 | + "integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==", |
309 | + "dependencies": { |
310 | + "@octokit/types": "^6.0.3", |
311 | + "deprecation": "^2.0.0", |
312 | + "once": "^1.4.0" |
313 | + } |
314 | + }, |
315 | + "node_modules/@octokit/types": { |
316 | + "version": "6.41.0", |
317 | + "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz", |
318 | + "integrity": "sha512-eJ2jbzjdijiL3B4PrSQaSjuF2sPEQPVCPzBvTHJD9Nz+9dw2SGH4K4xeQJ77YfTq5bRQ+bD8wT11JbeDPmxmGg==", |
319 | + "dependencies": { |
320 | + "@octokit/openapi-types": "^12.11.0" |
321 | + } |
322 | + }, |
323 | + "node_modules/before-after-hook": { |
324 | + "version": "2.2.3", |
325 | + "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz", |
326 | + "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==" |
327 | + }, |
328 | + "node_modules/deprecation": { |
329 | + "version": "2.3.1", |
330 | + "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", |
331 | + "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==" |
332 | + }, |
333 | + "node_modules/is-plain-object": { |
334 | + "version": "5.0.0", |
335 | + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", |
336 | + "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==", |
337 | + "engines": { |
338 | + "node": ">=0.10.0" |
339 | + } |
340 | + }, |
341 | + "node_modules/node-fetch": { |
342 | + "version": "2.6.9", |
343 | + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.9.tgz", |
344 | + "integrity": "sha512-DJm/CJkZkRjKKj4Zi4BsKVZh3ValV5IR5s7LVZnW+6YMh0W1BfNA8XSs6DLMGYlId5F3KnA70uu2qepcR08Qqg==", |
345 | + "dependencies": { |
346 | + "whatwg-url": "^5.0.0" |
347 | + }, |
348 | + "engines": { |
349 | + "node": "4.x || >=6.0.0" |
350 | + }, |
351 | + "peerDependencies": { |
352 | + "encoding": "^0.1.0" |
353 | + }, |
354 | + "peerDependenciesMeta": { |
355 | + "encoding": { |
356 | + "optional": true |
357 | + } |
358 | + } |
359 | + }, |
360 | + "node_modules/once": { |
361 | + "version": "1.4.0", |
362 | + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", |
363 | + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", |
364 | + "dependencies": { |
365 | + "wrappy": "1" |
366 | + } |
367 | + }, |
368 | + "node_modules/tr46": { |
369 | + "version": "0.0.3", |
370 | + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", |
371 | + "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" |
372 | + }, |
373 | + "node_modules/tunnel": { |
374 | + "version": "0.0.6", |
375 | + "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz", |
376 | + "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==", |
377 | + "engines": { |
378 | + "node": ">=0.6.11 <=0.7.0 || >=0.7.3" |
379 | + } |
380 | + }, |
381 | + "node_modules/universal-user-agent": { |
382 | + "version": "6.0.0", |
383 | + "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz", |
384 | + "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w==" |
385 | + }, |
386 | + "node_modules/uuid": { |
387 | + "version": "8.3.2", |
388 | + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", |
389 | + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", |
390 | + "bin": { |
391 | + "uuid": "dist/bin/uuid" |
392 | + } |
393 | + }, |
394 | + "node_modules/webidl-conversions": { |
395 | + "version": "3.0.1", |
396 | + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", |
397 | + "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" |
398 | + }, |
399 | + "node_modules/whatwg-url": { |
400 | + "version": "5.0.0", |
401 | + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", |
402 | + "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", |
403 | + "dependencies": { |
404 | + "tr46": "~0.0.3", |
405 | + "webidl-conversions": "^3.0.0" |
406 | + } |
407 | + }, |
408 | + "node_modules/wrappy": { |
409 | + "version": "1.0.2", |
410 | + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", |
411 | + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" |
412 | + } |
413 | + }, |
414 | + "dependencies": { |
415 | + "@actions/core": { |
416 | + "version": "1.10.0", |
417 | + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz", |
418 | + "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==", |
419 | + "requires": { |
420 | + "@actions/http-client": "^2.0.1", |
421 | + "uuid": "^8.3.2" |
422 | + } |
423 | + }, |
424 | + "@actions/github": { |
425 | + "version": "5.1.1", |
426 | + "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz", |
427 | + "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==", |
428 | + "requires": { |
429 | + "@actions/http-client": "^2.0.1", |
430 | + "@octokit/core": "^3.6.0", |
431 | + "@octokit/plugin-paginate-rest": "^2.17.0", |
432 | + "@octokit/plugin-rest-endpoint-methods": "^5.13.0" |
433 | + } |
434 | + }, |
435 | + "@actions/http-client": { |
436 | + "version": "2.1.0", |
437 | + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz", |
438 | + "integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==", |
439 | + "requires": { |
440 | + "tunnel": "^0.0.6" |
441 | + } |
442 | + }, |
443 | + "@octokit/auth-token": { |
444 | + "version": "2.5.0", |
445 | + "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz", |
446 | + "integrity": "sha512-r5FVUJCOLl19AxiuZD2VRZ/ORjp/4IN98Of6YJoJOkY75CIBuYfmiNHGrDwXr+aLGG55igl9QrxX3hbiXlLb+g==", |
447 | + "requires": { |
448 | + "@octokit/types": "^6.0.3" |
449 | + } |
450 | + }, |
451 | + "@octokit/core": { |
452 | + "version": "3.6.0", |
453 | + "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz", |
454 | + "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==", |
455 | + "requires": { |
456 | + "@octokit/auth-token": "^2.4.4", |
457 | + "@octokit/graphql": "^4.5.8", |
458 | + "@octokit/request": "^5.6.3", |
459 | + "@octokit/request-error": "^2.0.5", |
460 | + "@octokit/types": "^6.0.3", |
461 | + "before-after-hook": "^2.2.0", |
462 | + "universal-user-agent": "^6.0.0" |
463 | + } |
464 | + }, |
465 | + "@octokit/endpoint": { |
466 | + "version": "6.0.12", |
467 | + "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.12.tgz", |
468 | + "integrity": "sha512-lF3puPwkQWGfkMClXb4k/eUT/nZKQfxinRWJrdZaJO85Dqwo/G0yOC434Jr2ojwafWJMYqFGFa5ms4jJUgujdA==", |
469 | + "requires": { |
470 | + "@octokit/types": "^6.0.3", |
471 | + "is-plain-object": "^5.0.0", |
472 | + "universal-user-agent": "^6.0.0" |
473 | + } |
474 | + }, |
475 | + "@octokit/graphql": { |
476 | + "version": "4.8.0", |
477 | + "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.8.0.tgz", |
478 | + "integrity": "sha512-0gv+qLSBLKF0z8TKaSKTsS39scVKF9dbMxJpj3U0vC7wjNWFuIpL/z76Qe2fiuCbDRcJSavkXsVtMS6/dtQQsg==", |
479 | + "requires": { |
480 | + "@octokit/request": "^5.6.0", |
481 | + "@octokit/types": "^6.0.3", |
482 | + "universal-user-agent": "^6.0.0" |
483 | + } |
484 | + }, |
485 | + "@octokit/openapi-types": { |
486 | + "version": "12.11.0", |
487 | + "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.11.0.tgz", |
488 | + "integrity": "sha512-VsXyi8peyRq9PqIz/tpqiL2w3w80OgVMwBHltTml3LmVvXiphgeqmY9mvBw9Wu7e0QWk/fqD37ux8yP5uVekyQ==" |
489 | + }, |
490 | + "@octokit/plugin-paginate-rest": { |
491 | + "version": "2.21.3", |
492 | + "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.21.3.tgz", |
493 | + "integrity": "sha512-aCZTEf0y2h3OLbrgKkrfFdjRL6eSOo8komneVQJnYecAxIej7Bafor2xhuDJOIFau4pk0i/P28/XgtbyPF0ZHw==", |
494 | + "requires": { |
495 | + "@octokit/types": "^6.40.0" |
496 | + } |
497 | + }, |
498 | + "@octokit/plugin-rest-endpoint-methods": { |
499 | + "version": "5.16.2", |
500 | + "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-5.16.2.tgz", |
501 | + "integrity": "sha512-8QFz29Fg5jDuTPXVtey05BLm7OB+M8fnvE64RNegzX7U+5NUXcOcnpTIK0YfSHBg8gYd0oxIq3IZTe9SfPZiRw==", |
502 | + "requires": { |
503 | + "@octokit/types": "^6.39.0", |
504 | + "deprecation": "^2.3.1" |
505 | + } |
506 | + }, |
507 | + "@octokit/request": { |
508 | + "version": "5.6.3", |
509 | + "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.6.3.tgz", |
510 | + "integrity": "sha512-bFJl0I1KVc9jYTe9tdGGpAMPy32dLBXXo1dS/YwSCTL/2nd9XeHsY616RE3HPXDVk+a+dBuzyz5YdlXwcDTr2A==", |
511 | + "requires": { |
512 | + "@octokit/endpoint": "^6.0.1", |
513 | + "@octokit/request-error": "^2.1.0", |
514 | + "@octokit/types": "^6.16.1", |
515 | + "is-plain-object": "^5.0.0", |
516 | + "node-fetch": "^2.6.7", |
517 | + "universal-user-agent": "^6.0.0" |
518 | + } |
519 | + }, |
520 | + "@octokit/request-error": { |
521 | + "version": "2.1.0", |
522 | + "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz", |
523 | + "integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==", |
524 | + "requires": { |
525 | + "@octokit/types": "^6.0.3", |
526 | + "deprecation": "^2.0.0", |
527 | + "once": "^1.4.0" |
528 | + } |
529 | + }, |
530 | + "@octokit/types": { |
531 | + "version": "6.41.0", |
532 | + "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz", |
533 | + "integrity": "sha512-eJ2jbzjdijiL3B4PrSQaSjuF2sPEQPVCPzBvTHJD9Nz+9dw2SGH4K4xeQJ77YfTq5bRQ+bD8wT11JbeDPmxmGg==", |
534 | + "requires": { |
535 | + "@octokit/openapi-types": "^12.11.0" |
536 | + } |
537 | + }, |
538 | + "before-after-hook": { |
539 | + "version": "2.2.3", |
540 | + "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz", |
541 | + "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==" |
542 | + }, |
543 | + "deprecation": { |
544 | + "version": "2.3.1", |
545 | + "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", |
546 | + "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==" |
547 | + }, |
548 | + "is-plain-object": { |
549 | + "version": "5.0.0", |
550 | + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", |
551 | + "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==" |
552 | + }, |
553 | + "node-fetch": { |
554 | + "version": "2.6.9", |
555 | + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.9.tgz", |
556 | + "integrity": "sha512-DJm/CJkZkRjKKj4Zi4BsKVZh3ValV5IR5s7LVZnW+6YMh0W1BfNA8XSs6DLMGYlId5F3KnA70uu2qepcR08Qqg==", |
557 | + "requires": { |
558 | + "whatwg-url": "^5.0.0" |
559 | + } |
560 | + }, |
561 | + "once": { |
562 | + "version": "1.4.0", |
563 | + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", |
564 | + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", |
565 | + "requires": { |
566 | + "wrappy": "1" |
567 | + } |
568 | + }, |
569 | + "tr46": { |
570 | + "version": "0.0.3", |
571 | + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", |
572 | + "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" |
573 | + }, |
574 | + "tunnel": { |
575 | + "version": "0.0.6", |
576 | + "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz", |
577 | + "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==" |
578 | + }, |
579 | + "universal-user-agent": { |
580 | + "version": "6.0.0", |
581 | + "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz", |
582 | + "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w==" |
583 | + }, |
584 | + "uuid": { |
585 | + "version": "8.3.2", |
586 | + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", |
587 | + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" |
588 | + }, |
589 | + "webidl-conversions": { |
590 | + "version": "3.0.1", |
591 | + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", |
592 | + "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" |
593 | + }, |
594 | + "whatwg-url": { |
595 | + "version": "5.0.0", |
596 | + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", |
597 | + "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", |
598 | + "requires": { |
599 | + "tr46": "~0.0.3", |
600 | + "webidl-conversions": "^3.0.0" |
601 | + } |
602 | + }, |
603 | + "wrappy": { |
604 | + "version": "1.0.2", |
605 | + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", |
606 | + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" |
607 | + } |
608 | + } |
609 | +} |
610 | diff --git a/.github/actions/bug-refs/package.json b/.github/actions/bug-refs/package.json |
611 | new file mode 100644 |
612 | index 0000000..14ceb07 |
613 | --- /dev/null |
614 | +++ b/.github/actions/bug-refs/package.json |
615 | @@ -0,0 +1,10 @@ |
616 | +{ |
617 | + "name": "bug-refs", |
618 | + "version": "1.0.0", |
619 | + "description": "Block PRs on missing bug references", |
620 | + "main": "index.js", |
621 | + "dependencies": { |
622 | + "@actions/core": "^1.10.0", |
623 | + "@actions/github": "^5.1.1" |
624 | + } |
625 | +} |
626 | diff --git a/.github/workflows/ci-base.yaml b/.github/workflows/ci-base.yaml |
627 | index 59174bf..dab17d3 100644 |
628 | --- a/.github/workflows/ci-base.yaml |
629 | +++ b/.github/workflows/ci-base.yaml |
630 | @@ -29,6 +29,8 @@ jobs: |
631 | run: tox -e mypy |
632 | - name: Version Consistency |
633 | run: python3 ./tools/check-versions-are-consistent.py |
634 | + - name: Docs |
635 | + run: tox -e docs |
636 | unit-tests: |
637 | name: Unit Tests |
638 | runs-on: ubuntu-22.04 |
639 | diff --git a/.github/workflows/ci-integration.yaml b/.github/workflows/ci-integration.yaml |
640 | index 62df9e3..937de39 100644 |
641 | --- a/.github/workflows/ci-integration.yaml |
642 | +++ b/.github/workflows/ci-integration.yaml |
643 | @@ -92,6 +92,9 @@ jobs: |
644 | # in a way that is incompatible with lxd. |
645 | # https://linuxcontainers.org/lxd/docs/master/howto/network_bridge_firewalld/#prevent-issues-with-lxd-and-docker |
646 | sudo iptables -I DOCKER-USER -j ACCEPT |
647 | + - name: Refresh LXD |
648 | + if: matrix.platform == 'lxd' || matrix.platform == 'vm' |
649 | + run: sudo snap refresh --channel latest/stable lxd |
650 | - name: Initialize LXD |
651 | if: matrix.platform == 'lxd' || matrix.platform == 'vm' |
652 | run: sudo lxd init --auto |
653 | diff --git a/.github/workflows/custom_pr_checks.yaml b/.github/workflows/custom_pr_checks.yaml |
654 | new file mode 100644 |
655 | index 0000000..b3be667 |
656 | --- /dev/null |
657 | +++ b/.github/workflows/custom_pr_checks.yaml |
658 | @@ -0,0 +1,27 @@ |
659 | +--- |
660 | + |
661 | +name: Custom PR Checks |
662 | + |
663 | +on: |
664 | + pull_request: |
665 | + types: |
666 | + - opened |
667 | + - synchronize |
668 | + - reopened |
669 | + - edited |
670 | + branches: |
671 | + - main |
672 | + |
673 | +jobs: |
674 | + bug-refs: |
675 | + runs-on: ubuntu-latest |
676 | + steps: |
677 | + - name: Git checkout |
678 | + uses: actions/checkout@v3 |
679 | + - name: Install dependencies |
680 | + run: cd ./.github/actions/bug-refs && npm install |
681 | + - name: Check for bug references |
682 | + uses: ./.github/actions/bug-refs |
683 | + id: bug-refs |
684 | + with: |
685 | + repo-token: ${{ secrets.GITHUB_TOKEN }} |
686 | diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml |
687 | index 829d39d..d3ba122 100644 |
688 | --- a/.pre-commit-config.yaml |
689 | +++ b/.pre-commit-config.yaml |
690 | @@ -4,7 +4,7 @@ repos: |
691 | hooks: |
692 | - id: black |
693 | - repo: https://github.com/pycqa/isort |
694 | - rev: 5.8.0 # Also stored in dev-requirements.txt; update both together! |
695 | + rev: 5.12.0 # Also stored in dev-requirements.txt; update both together! |
696 | hooks: |
697 | - id: isort |
698 | - repo: https://github.com/shellcheck-py/shellcheck-py |
699 | diff --git a/apport/source_ubuntu-advantage-tools.py b/apport/source_ubuntu-advantage-tools.py |
700 | index 193d557..f2c4f1a 100644 |
701 | --- a/apport/source_ubuntu-advantage-tools.py |
702 | +++ b/apport/source_ubuntu-advantage-tools.py |
703 | @@ -2,6 +2,7 @@ import os |
704 | import tempfile |
705 | |
706 | from apport.hookutils import attach_file_if_exists |
707 | +from uaclient import defaults |
708 | from uaclient.actions import collect_logs |
709 | from uaclient.config import UAConfig |
710 | |
711 | @@ -12,7 +13,7 @@ def add_info(report, ui=None): |
712 | cfg = UAConfig() |
713 | with tempfile.TemporaryDirectory() as output_dir: |
714 | collect_logs(cfg, output_dir) |
715 | - auto_include_log_files = [ |
716 | + auto_include_log_files = { |
717 | "cloud-id.txt", |
718 | "cloud-id.txt-error", |
719 | "ua-status.json", |
720 | @@ -24,6 +25,9 @@ def add_info(report, ui=None): |
721 | os.path.basename(cfg.timer_log_file), |
722 | os.path.basename(cfg.daemon_log_file), |
723 | os.path.basename(cfg.data_path("jobs-status")), |
724 | - ] |
725 | + os.path.basename(defaults.CONFIG_DEFAULTS["log_file"]), |
726 | + os.path.basename(defaults.CONFIG_DEFAULTS["timer_log_file"]), |
727 | + os.path.basename(defaults.CONFIG_DEFAULTS["daemon_log_file"]), |
728 | + } |
729 | for f in auto_include_log_files: |
730 | attach_file_if_exists(report, os.path.join(output_dir, f), key=f) |
731 | diff --git a/apt-hook/json-hook.cc b/apt-hook/json-hook.cc |
732 | index 1d36bd2..61548b7 100644 |
733 | --- a/apt-hook/json-hook.cc |
734 | +++ b/apt-hook/json-hook.cc |
735 | @@ -218,13 +218,17 @@ CloudID get_cloud_id() { |
736 | return ret; |
737 | } |
738 | |
739 | -bool is_xenial() { |
740 | +enum ESMInfraSeries {NOT_ESM_INFRA, XENIAL, BIONIC}; |
741 | + |
742 | +ESMInfraSeries get_esm_infra_series() { |
743 | std::ifstream os_release_file("/etc/os-release"); |
744 | - bool ret = false; |
745 | + ESMInfraSeries ret = NOT_ESM_INFRA; |
746 | if (os_release_file.is_open()) { |
747 | std::string os_release_str((std::istreambuf_iterator<char>(os_release_file)), (std::istreambuf_iterator<char>())); |
748 | if (os_release_str.find("xenial") != os_release_str.npos) { |
749 | - ret = true; |
750 | + ret = XENIAL; |
751 | + } else if (os_release_str.find("bionic") != os_release_str.npos) { |
752 | + ret = BIONIC; |
753 | } |
754 | os_release_file.close(); |
755 | } |
756 | @@ -238,27 +242,39 @@ struct ESMContext { |
757 | |
758 | ESMContext get_esm_context() { |
759 | CloudID cloud_id = get_cloud_id(); |
760 | - bool is_x = is_xenial(); |
761 | + ESMInfraSeries esm_infra_series = get_esm_infra_series(); |
762 | |
763 | ESMContext ret; |
764 | ret.context = ""; |
765 | ret.url = "https://ubuntu.com/pro"; |
766 | |
767 | - if (cloud_id != AZURE && is_x) { |
768 | - ret.context = " for 16.04"; |
769 | - ret.url = "https://ubuntu.com/16-04"; |
770 | - } else if (cloud_id == AZURE && !is_x) { |
771 | - ret.context = " on Azure"; |
772 | - ret.url = "https://ubuntu.com/azure/pro"; |
773 | - } else if (cloud_id == AZURE && is_x) { |
774 | - ret.context = " for 16.04 on Azure"; |
775 | - ret.url = "https://ubuntu.com/16-04/azure"; |
776 | - } else if (cloud_id == AWS && !is_x) { |
777 | - ret.context = " on AWS"; |
778 | - ret.url = "https://ubuntu.com/aws/pro"; |
779 | - } else if (cloud_id == GCE && !is_x) { |
780 | - ret.context = " on GCP"; |
781 | - ret.url = "https://ubuntu.com/gcp/pro"; |
782 | + if (esm_infra_series == XENIAL) { |
783 | + if (cloud_id == AZURE) { |
784 | + ret.context = " for 16.04 on Azure"; |
785 | + ret.url = "https://ubuntu.com/16-04/azure"; |
786 | + } else { |
787 | + ret.context = " for 16.04"; |
788 | + ret.url = "https://ubuntu.com/16-04"; |
789 | + } |
790 | + } else if (esm_infra_series == BIONIC) { |
791 | + if (cloud_id == AZURE) { |
792 | + ret.context = " for 18.04 on Azure"; |
793 | + ret.url = "https://ubuntu.com/18-04/azure"; |
794 | + } else { |
795 | + ret.context = " for 18.04"; |
796 | + ret.url = "https://ubuntu.com/18-04"; |
797 | + } |
798 | + } else { |
799 | + if (cloud_id == AZURE) { |
800 | + ret.context = " on Azure"; |
801 | + ret.url = "https://ubuntu.com/azure/pro"; |
802 | + } else if (cloud_id == AWS) { |
803 | + ret.context = " on AWS"; |
804 | + ret.url = "https://ubuntu.com/aws/pro"; |
805 | + } else if (cloud_id == GCE) { |
806 | + ret.context = " on GCP"; |
807 | + ret.url = "https://ubuntu.com/gcp/pro"; |
808 | + } |
809 | } |
810 | |
811 | return ret; |
812 | diff --git a/apt.conf.d/51ubuntu-advantage-esm b/apt.conf.d/51ubuntu-advantage-esm |
813 | deleted file mode 100644 |
814 | index e9b1c3a..0000000 |
815 | --- a/apt.conf.d/51ubuntu-advantage-esm |
816 | +++ /dev/null |
817 | @@ -1,6 +0,0 @@ |
818 | -Unattended-Upgrade::Allowed-Origins { |
819 | - "${distro_id}ESM:${distro_codename}-infra-security"; |
820 | -}; |
821 | -Unattended-Upgrade::Allowed-Origins { |
822 | - "${distro_id}ESMApps:${distro_codename}-apps-security"; |
823 | -}; |
824 | diff --git a/debian/changelog b/debian/changelog |
825 | index 69290bb..6a53910 100644 |
826 | --- a/debian/changelog |
827 | +++ b/debian/changelog |
828 | @@ -1,3 +1,57 @@ |
829 | +ubuntu-advantage-tools (28) mantic; urgency=medium |
830 | + |
831 | + * d/ubuntu-advantage-tools.postinst: |
832 | + - more specific regex for ua_config warning |
833 | + * d/source/lintian-overrides |
834 | + - adjust missing-build-dependency-for-dh-addon systemd override to work |
835 | + for the different but related error message on jammy onwards |
836 | + * New upstream release 28 (LP: #2017949) |
837 | + - api: |
838 | + + new endpoint: u.pro.status.is_attached.v1 |
839 | + + new endpoint: u.pro.status.enabled_services.v1 |
840 | + - apport: collect default log files if present for bug reports |
841 | + - apt messaging: add bionic-specific urls |
842 | + - auto-attach: |
843 | + + check for new Azure UBUNTU_PRO license on-boot of non-pro instances |
844 | + + exit 4 if attach succeeds but service enablement fails |
845 | + - cli: |
846 | + + avoid unnecessary network calls during autocomplete (GH: #2556) |
847 | + + warn users to not rely on human-readable output in scripts |
848 | + - config: no longer load uaclient.conf from current working directory |
849 | + - fix: |
850 | + + add support for --no-related flag |
851 | + + separate target USN from related USNs |
852 | + - general: |
853 | + + logs to user cache directory when run as non-root |
854 | + + fix bug where non-root commands failed with file permission error |
855 | + accessing /tmp/ubuntu-advantage (GH: #2567) |
856 | + + use system environment vars by default in sub processes (GH: #2527) |
857 | + + fall back to /usr/lib/os-release for release info |
858 | + + start logging to default log file until config is loaded |
859 | + + remove small timeout from contract checking request |
860 | + + avoid crashes when processing unicode text (LP: #2019729) |
861 | + - livepatch: |
862 | + + use uname.machine for kernel arch when checking support |
863 | + (GH: #2517) |
864 | + + display tailored warning messages for granular support statuses |
865 | + - realtime-kernel: add support for intel-iotg variant |
866 | + - reboot-required: new criteria for "yes-kernel-livepatches-applied" |
867 | + livepatch status must be either "applied" or "nothing-to-apply" and |
868 | + livepatch support status must say "supported" |
869 | + - security-status: |
870 | + + always show available/installed counts for esm packages |
871 | + + include hint to run apt-get update for up-to-date info (GH: #2443) |
872 | + + improve visibility of installed and available updates (GH: #2442) |
873 | + + change package info message hint to recommend apt-cache show |
874 | + + avoids unnecessary network calls (LP: #2015286, GH: #2536) |
875 | + - systemd: update service unit for reboot_cmds to not run if not attached |
876 | + - status: |
877 | + + add hint for pro status --all |
878 | + + better message if no services are available (LP: #1994923) |
879 | + - timer: only run timer when attached |
880 | + |
881 | + -- Grant Orndorff <grant.orndorff@canonical.com> Thu, 27 Apr 2023 16:34:55 -0400 |
882 | + |
883 | ubuntu-advantage-tools (27.14.4) lunar; urgency=medium |
884 | |
885 | * timer: disable update_contract_info job (LP: #2015302) |
886 | diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides |
887 | index e7419bd..b1ce79a 100644 |
888 | --- a/debian/source/lintian-overrides |
889 | +++ b/debian/source/lintian-overrides |
890 | @@ -1,6 +1,8 @@ |
891 | # Lintian doesn't see dh-systemd alternative when building on xenial |
892 | ubuntu-advantage-tools: missing-build-dependency-for-dh_-command dh_systemd_start => dh-systemd |
893 | -ubuntu-advantage-tools: missing-build-dependency-for-dh-addon systemd => dh-systemd |
894 | + |
895 | +# Lintian can't handle the multiline debhelper/dh-systemd dependencies explained in debian/control |
896 | +ubuntu-advantage-tools: missing-build-dependency-for-dh-addon *systemd* |
897 | |
898 | # Lintian doesn't like mentioning riscv64 for older go package |
899 | ubuntu-advantage-tools: invalid-arch-string-in-source-relation riscv64 [build-depends: golang-1.10-go [!powerpc !riscv64]] |
900 | diff --git a/debian/ubuntu-advantage-tools.postinst b/debian/ubuntu-advantage-tools.postinst |
901 | index 7d9d03e..31d93ae 100644 |
902 | --- a/debian/ubuntu-advantage-tools.postinst |
903 | +++ b/debian/ubuntu-advantage-tools.postinst |
904 | @@ -452,7 +452,7 @@ case "$1" in |
905 | migrate_user_config_post |
906 | fi |
907 | |
908 | - if grep -q "ua_config:" /etc/ubuntu-advantage/uaclient.conf; then |
909 | + if grep -q "^ua_config:" /etc/ubuntu-advantage/uaclient.conf; then |
910 | echo "Warning: uaclient.conf contains old ua_config field." >&2 |
911 | echo " Please do the following:" >&2 |
912 | echo " 1. Run 'pro config set field=value' for each field/value pair" >&2 |
913 | diff --git a/dev-docs/explanations/systemd_units.md b/dev-docs/explanations/systemd_units.md |
914 | index b5f4f0a..577960a 100644 |
915 | --- a/dev-docs/explanations/systemd_units.md |
916 | +++ b/dev-docs/explanations/systemd_units.md |
917 | @@ -6,8 +6,8 @@ |
918 | There are three methods by which a cloud instance may auto-attach to become Ubuntu Pro. |
919 | |
920 | 1. On boot auto-attach for known Pro cloud instances. |
921 | -2. Upgrade-in-place for non-Pro instances that get modified via the Cloud platform to entitle them to become Ubuntu Pro (only on GCP for now) |
922 | -3. Retry auto-attach in case of failures |
923 | +2. Upgrade-in-place for non-Pro instances that get modified via the Cloud platform to entitle them to become Ubuntu Pro (only on Azure and GCP for now). |
924 | +3. Retry auto-attach in case of failures. |
925 | |
926 | (1) is handled by a systemd unit (`ua-auto-attach.service`) delivered by a separate package called `ubuntu-advantage-pro`. This package is only installed on Ubuntu Pro Cloud images. In this way, an instance launched from an Ubuntu Pro Cloud image knows that it needs to auto-attach. |
927 | |
928 | @@ -22,8 +22,8 @@ graph TD; |
929 | is_pro{Is -pro installed?} |
930 | auto_outcome{Success?} |
931 | is_attached{Attached?} |
932 | - should_run_daemon{on GCP? or retry flag set?} |
933 | - is_gcp{GCP?} |
934 | + should_run_daemon{on Azure? or GCP? or retry flag set?} |
935 | + is_gcp{Azure or GCP?} |
936 | is_retry{retry flag set?} |
937 | is_gcp_pro{Pro license detected?} |
938 | daemon_attach_outcome{Success?} |
939 | @@ -33,11 +33,11 @@ graph TD; |
940 | auto_attach[/Try to Attach/] |
941 | trigger_retry[/Create Retry Flag File/] |
942 | trigger_retry2[/Create Retry Flag File/] |
943 | - poll_gcp[/Poll for GCP Pro license/] |
944 | + poll_gcp[/Poll for cloud Pro license/] |
945 | daemon_attach[/Try to Attach/] |
946 | daemon_attach2[/Try to Attach/] |
947 | wait[/Wait a while/] |
948 | - |
949 | + |
950 | %%%% systemd units |
951 | auto(ua-auto-attach.service) |
952 | daemon(ubuntu-advantage.service) |
953 | diff --git a/docs/README.md b/dev-docs/howtoguides/build-docs.md |
954 | similarity index 100% |
955 | rename from docs/README.md |
956 | rename to dev-docs/howtoguides/build-docs.md |
957 | diff --git a/dev-docs/howtoguides/building.md b/dev-docs/howtoguides/building.md |
958 | index 17be892..40b4d70 100644 |
959 | --- a/dev-docs/howtoguides/building.md |
960 | +++ b/dev-docs/howtoguides/building.md |
961 | @@ -41,16 +41,3 @@ sbuild-launchpad-chroot create --architecture="riscv64" "--name=focal-riscv64" " |
962 | > # this script can be used to update all chroots |
963 | > sudo PATTERN=\* sh /usr/share/doc/sbuild/examples/sbuild-debian-developer-setup-update-all |
964 | > ``` |
965 | - |
966 | -## Setting up an lxc development container |
967 | -```shell |
968 | -lxc launch ubuntu-daily:xenial dev-x -c user.user-data="$(cat tools/ua-dev-cloud-config.yaml)" |
969 | -lxc exec dev-x bash |
970 | -``` |
971 | - |
972 | -## Setting up a kvm development environment with multipass |
973 | -**Note:** There is a sample procedure documented in tools/multipass.md as well. |
974 | -```shell |
975 | -multipass launch daily:focal -n dev-f --cloud-init tools/ua-dev-cloud-config.yaml |
976 | -multipass connect dev-f |
977 | -``` |
978 | diff --git a/dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md b/dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md |
979 | index 792c5d8..c06c32b 100644 |
980 | --- a/dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md |
981 | +++ b/dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md |
982 | @@ -28,7 +28,7 @@ It is expected for you to see the following json response: |
983 | "_schema_version": "v1", |
984 | "data": { |
985 | "meta": { |
986 | - "environment_vars": []} |
987 | + "environment_vars": [] |
988 | }, |
989 | "attributes": { |
990 | "expires": "EXPIRE_DATE", |
991 | diff --git a/dev-docs/howtoguides/how_to_release_a_new_version_of_ua.md b/dev-docs/howtoguides/release_a_new_version.md |
992 | similarity index 75% |
993 | rename from dev-docs/howtoguides/how_to_release_a_new_version_of_ua.md |
994 | rename to dev-docs/howtoguides/release_a_new_version.md |
995 | index 7a067dc..44ebd48 100644 |
996 | --- a/dev-docs/howtoguides/how_to_release_a_new_version_of_ua.md |
997 | +++ b/dev-docs/howtoguides/release_a_new_version.md |
998 | @@ -31,6 +31,14 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
999 | ``` |
1000 | * You must have Launchpad already properly configured in your system in order to upload packages to the PPAs. Follow [this guide](https://help.launchpad.net/Packaging/PPA/Uploading) to get set up. |
1001 | |
1002 | +* In order to run the `ppa` command, install `ppa-dev-tools` from `bryce`'s PPA: |
1003 | + ```bash |
1004 | + sudo add-apt-repository ppa:bryce/ppa-dev-tools |
1005 | + sudo apt update |
1006 | + sudo apt install ppa-dev-tools |
1007 | + ``` |
1008 | + When running `ppa` for the first time, there will be another round of launchpad authorization to be performed. |
1009 | + |
1010 | ## I. Preliminary/staging release to team infrastructure |
1011 | 1. Create a release PR: |
1012 | |
1013 | @@ -38,10 +46,10 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
1014 | |
1015 | * This step is currently not well defined. We currently are using `release-27` for all `27.X` releases and have been cherry-picking/rebasing all commits from `main` into this branch for a release. |
1016 | |
1017 | - b Create a new entry in the `debian/changelog` file: |
1018 | + b. Create a new entry in the `debian/changelog` file: |
1019 | |
1020 | * You can do that by running `dch --newversion <version-name>`. |
1021 | - * Remember to update the release from `UNRELEASED` to the ubuntu/devel release. Edit the version to look like: `27.2~21.10.1`, with the appropriate pro-client and ubuntu/devel version numbers. |
1022 | + * Remember to update the release from `UNRELEASED` to the ubuntu/devel release. Edit the version to look like: `27.2`, with the appropriate pro-client version number. |
1023 | * Populate `debian/changelog` with the commits you have cherry-picked. |
1024 | * You can do that by running `git log <first-cherry-pick-commit>..<last-cherry-pick-commit> | log2dch` |
1025 | * This will generate a list of commits that could be included in the changelog. |
1026 | @@ -51,26 +59,26 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
1027 | changelog. |
1028 | * To structure the changelog you can use the other entries as example. But we basically try to |
1029 | keep this order: debian changes, new features/modifications, testing. Within each section, bullet points should be alphabetized. |
1030 | - |
1031 | + |
1032 | c. Create a PR on GitHub into the release branch. Ask in the ~UA channel on Mattermost for review. |
1033 | |
1034 | d. When reviewing the release PR, please use the following guidelines when reviewing the new changelog entry: |
1035 | |
1036 | - * Is the version correctly updated? We must ensure that the new version in the changelog is |
1037 | - correct and it also targets the latest Ubuntu release at the moment. |
1038 | - * Is the entry useful for the user? The changelog entries should be user focused, meaning |
1039 | - that we should only add entries that we think users will care about (i.e. we don't need |
1040 | - entries when fixing a test, as this doesn't provide meaningful information to the user). |
1041 | - * Is this entry redundant? Sometimes we may have changes that affect separate modules of the |
1042 | - code. We should have an entry only for the module that was most affected by it. |
1043 | - * Is the changelog entry unique? We need to verify that the changelog entry is not already |
1044 | - reflected in an earlier version of the changelog. If it is, we need not only to remove but double |
1045 | - check the process we are using to cherry-pick the commits. |
1046 | - * Is this entry actually reflected in the code? Sometimes, we can have changelog entries |
1047 | - that are not reflected in the code anymore. This can happen during development when we are |
1048 | - still unsure about the behaviour of a feature or when we fix a bug that removes the code |
1049 | - that was added. We must verify each changelog entry that is added to be sure of their |
1050 | - presence in the product. |
1051 | + * Is the version correctly updated? We must ensure that the new version in the changelog is |
1052 | + correct and it also targets the latest Ubuntu release at the moment. |
1053 | + * Is the entry useful for the user? The changelog entries should be user focused, meaning |
1054 | + that we should only add entries that we think users will care about (i.e. we don't need |
1055 | + entries when fixing a test, as this doesn't provide meaningful information to the user). |
1056 | + * Is this entry redundant? Sometimes we may have changes that affect separate modules of the |
1057 | + code. We should have an entry only for the module that was most affected by it. |
1058 | + * Is the changelog entry unique? We need to verify that the changelog entry is not already |
1059 | + reflected in an earlier version of the changelog. If it is, we need not only to remove but double |
1060 | + check the process we are using to cherry-pick the commits. |
1061 | + * Is this entry actually reflected in the code? Sometimes, we can have changelog entries |
1062 | + that are not reflected in the code anymore. This can happen during development when we are |
1063 | + still unsure about the behaviour of a feature or when we fix a bug that removes the code |
1064 | + that was added. We must verify each changelog entry that is added to be sure of their |
1065 | + presence in the product. |
1066 | |
1067 | 2. After the release PR is merged, tag the head of the release branch with the version number, e.g., `27.1`. Push this tag to GitHub. |
1068 | |
1069 | @@ -84,7 +92,7 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
1070 | |
1071 | b. Edit the changelog |
1072 | * List yourself as the author of this release. |
1073 | - * Edit the version number to look like: `27.2~20.04.1~rc1` (`<version>~<ubuntu-release-number>.<revno>~rc<release-candidate-number>`) |
1074 | + * Edit the version number to look like: `27.2~rc1` (`<version>~rc<release-candidate-number>`) |
1075 | * Edit the Ubuntu release name. Start with the ubuntu/devel release. |
1076 | * `git add debian/changelog && git commit -m "throwaway"` - Do **not** push this commit! |
1077 | |
1078 | @@ -95,9 +103,10 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
1079 | * If this succeeds move on. If this fails, debug and fix before continuing. |
1080 | |
1081 | e. Repeat 3.b through 3.d for all supported Ubuntu Releases |
1082 | - * PS: remember to also change the version number on the changelog. For example, suppose |
1083 | - the new version is `1.1~20.04.1~rc1`. If you want to test Bionic now, change it to |
1084 | - `1.1~18.04.1~rc1`. |
1085 | + * The version for series other than devel should be in the form `<version>~<ubuntu-release-number>~rc<release-candidate-number>` |
1086 | + This means you must add the release number in the changelog. For example, suppose |
1087 | + the devel version is `1.1~rc1`. If you want to build for jammy now, change it to |
1088 | + `1.1~22.04~rc1`. |
1089 | |
1090 | f. For each release, dput to the staging PPA: |
1091 | * `dput ppa:ua-client/staging ../out/<package_name>_source.changes` |
1092 | @@ -115,7 +124,7 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
1093 | b. Create a new bug on Launchpad for ubuntu-advantage-tools and use the format defined [here](https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates#SRU_Template) for the description. |
1094 | * The title should be in the format `[SRU] ubuntu-advantage-tools (27.1 -> 27.2) Xenial, Bionic, Focal, Jammy`, substituting version numbers and release names as necessary. |
1095 | * If any of the changes for the SRU is in the [Early Review Sign-off list](../references/early_review_signoff.md), include a pointer in the `[Discussion]` section to where the discussion/approval of that feature took place (if possible). |
1096 | - |
1097 | + |
1098 | c. For each Launchpad bug fixed by this release (which should all be referenced in our changelog), add the SRU template to the description and fill out each section. |
1099 | * Leave the original description in the bug at the bottom under the header `[Original Description]`. |
1100 | * For the testing steps, include steps to reproduce the bug. Then include instructions for adding `ppa:ua-client/staging`, and steps to verify the bug is no longer present. |
1101 | @@ -136,18 +145,21 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
1102 | e. `git checkout -B upload-<this-version>-kinetic` |
1103 | * This creates a new local branch name based on your detached branch. |
1104 | |
1105 | - f. Make sure the changelog version contains the release version in the name (e.g., `27.1~22.10.1`) |
1106 | - |
1107 | - g. `git push <your_launchpad_user> upload-<this-version>-kinetic` |
1108 | + f. `git push <your_launchpad_user> upload-<this-version>-kinetic` |
1109 | |
1110 | - h. On Launchpad, create a merge proposal for this version which targets `ubuntu/devel` |
1111 | - * For an example, see the [27.9 merge proposal](https://code.launchpad.net/~orndorffgrant/ubuntu/+source/ubuntu-advantage-tools/+git/ubuntu-advantage-tools/+merge/422906). |
1112 | + g. On Launchpad, create a merge proposal for this version which targets `ubuntu/devel` |
1113 | + * For an example, see the [27.14.1 merge proposal](https://code.launchpad.net/~renanrodrigo/ubuntu/+source/ubuntu-advantage-tools/+git/ubuntu-advantage-tools/+merge/439507). |
1114 | * Add 2 review slots for `canonical-server-reporter` and `canonical-server-core-reviewers`. |
1115 | |
1116 | -4. Server Team Review and Pre-SRU Review |
1117 | + h. With the packages published to `ppa:ua-client/staging`, add links to the autopkgtest triggers to the Merge Proposal. The reviewer will have permission to trigger those tests. The links can be obtained by running `ppa tests -r <release> -a <arch1,arch2> ua-client/staging -L` |
1118 | + * Make sure to post links to all the architectures built for a given release. |
1119 | + * The riscv64 autopkgtests are not avaialble and don't need to be included. |
1120 | + * The `ppa test` command will have two variations of tests: the regular one, and one with `all-proposed=1`; only the regular test need to be there. |
1121 | + |
1122 | +3. Server Team Review and Pre-SRU Review |
1123 | |
1124 | a. Ask the assigned ubuntu-advantage-tools reviewer/sponsor from Server team for a review of your MPs. If you don't know who that is, ask in ~Server. Include a link to the ubuntu/devel MP and to the SRU bug. |
1125 | - |
1126 | + |
1127 | b. If they request changes, create a PR into the release branch on GitHub and ask Pro Client team for review. After that is merged, cherry-pick the commit into your `upload-<this-version>-<devel-release>` branch and push to launchpad. Then notify the Server Team member that you have addressed their requests. |
1128 | * Some issues may just be filed for addressing in the future if they are not urgent or pertinent to this release. |
1129 | * Unless the changes are very minor, or only testing related, you should upload a new release candidate version to `ppa:ua-client/staging` as described in I.3. |
1130 | @@ -160,7 +172,12 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
1131 | * Follow instructions in `II.4.b` if they request any changes. |
1132 | |
1133 | e. Once the SRU team member gives a pre-SRU approval, create the branches for each stable release. They should be named `upload-<this-version>-<codename>`. |
1134 | + * The versions for the stable releases must include `~<release-number>` |
1135 | * If you've followed the instructions precisely so far, you can just run `bash tools/create-lp-release-branches.sh`. |
1136 | + - When using the `create-lp-release-branches.sh` script, an important parameter is `SRU_BUG`: |
1137 | + - In the vast majority of cases, this should be set to the overall SRU bug written in step II.1.b. |
1138 | + - In the case where an existing SRU never got released, and a new patch version was uploaded on top of it to fix a new bug discovered during review, then the bug should still be the overall SRU bug. |
1139 | + - If the release is exclusively a bugfix release and the previous version has already been successfully released all the way through the SRU process, then the bug should instead be the specific bugfix number. |
1140 | |
1141 | f. Ask Server team member sponsor to upload to devel, and then the SRU proposed queue using the stable release branches you just created. |
1142 | * Ask them to tag the PR with the appropriate `upload/<version>` tag so git-ubuntu will import rich commit history. |
1143 | @@ -170,7 +187,7 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
1144 | |
1145 | h. Tell the SRU team member who performed the pre-SRU review that the packages are in the -proposed release queue. They will need to actually approve the package to move into -proposed. |
1146 | |
1147 | -5. -proposed verification and release to -updates |
1148 | +4. -proposed verification and release to -updates |
1149 | |
1150 | a. As soon as the SRU vanguard approves the packages, a bot in #ubuntu-release will announce that ubuntu-advantage-tools is accepted into the applicable -proposed pockets, or the [Xenial -proposed release rejection queue](https://launchpad.net/ubuntu/xenial/+queue?queue_state=4&queue_text=ubuntu-advantage-tools) will contain a reason for rejections. Double check the SRU process bug for any actionable review feedback. |
1151 | * Once accepted into `-proposed` by an SRU vanguard [ubuntu-advantage-tools shows up in the pending_sru page](https://people.canonical.com/~ubuntu-archive/pending-sru.html), check `rmadison ubuntu-advantage-tools | grep -proposed` to see if the upload exists in -proposed yet. |
1152 | @@ -182,19 +199,21 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
1153 | * There may also be one-time test scripts added in the `sru/` directory for this release. |
1154 | |
1155 | d. After all tests have passed, tarball all of the output files and upload them to the SRU bug with a message that looks like this: |
1156 | + |
1157 | ``` |
1158 | We have run the full ubuntu-advantage-tools integration test suite against the version in -proposed. The results are attached. All tests passed. |
1159 | - |
1160 | + |
1161 | You can verify the correct version was used by checking the output of the first test in each file, which prints the version number. |
1162 | |
1163 | I am marking the verification done for this SRU. |
1164 | ``` |
1165 | + |
1166 | Change the tags on the bug from `verification-needed` to `verification-done` (including the verification tags for each Ubuntu release). |
1167 | |
1168 | e. For any other related Launchpad bugs that are fixed in this release, perform the verification steps necessary for those bugs and mark them `verification-done` as needed. This will likely involve following the test steps, but instead of adding the staging PPA, enabling -proposed. |
1169 | |
1170 | f. Once all SRU bugs are tagged as `verification*-done`, all SRU-bugs should be listed as green in [the pending_sru page](https://people.canonical.com/~ubuntu-archive/pending-sru.html). |
1171 | - |
1172 | + |
1173 | g. After the pending SRU page says that ubuntu-advantage-tools has been in proposed for 7 days, it is now time to ping the [current SRU vanguard](https://wiki.ubuntu.com/StableReleaseUpdates#Publishing) for acceptance of ubuntu-advantage-tools into -updates. |
1174 | |
1175 | h. Check `rmadison ubuntu-advantage-tools` for updated version in -updates. |
1176 | diff --git a/dev-docs/howtoguides/testing.md b/dev-docs/howtoguides/testing.md |
1177 | index fb0519a..24706d4 100644 |
1178 | --- a/dev-docs/howtoguides/testing.md |
1179 | +++ b/dev-docs/howtoguides/testing.md |
1180 | @@ -139,13 +139,13 @@ This adds an upfront cost that is amortized across several test scenarios. |
1181 | Based on some rough testing in July 2021, these are the situations |
1182 | when you should set UACLIENT_BEHAVE_SNAPSHOT_STRATEGY=1 |
1183 | |
1184 | -> At time of writing, starting a lxd.vm instance from a local snapshot takes |
1185 | -> longer than starting a fresh lxd.vm instance and installing ua. |
1186 | +> At time of writing, starting a lxd-vm instance from a local snapshot takes |
1187 | +> longer than starting a fresh lxd-vm instance and installing ua. |
1188 | |
1189 | | machine_type | condition | |
1190 | | ------------- | ------------------ | |
1191 | -| lxd.container | num_scenarios > 7 | |
1192 | -| lxd.vm | never | |
1193 | +| lxd-container | num_scenarios > 7 | |
1194 | +| lxd-vm | never | |
1195 | | gcp | num_scenarios > 5 | |
1196 | | azure | num_scenarios > 14 | |
1197 | | aws | num_scenarios > 11 | |
1198 | @@ -175,17 +175,6 @@ To specifically run non-ubuntu pro tests using canonical cloud-images an |
1199 | additional token obtained from https://ubuntu.com/pro needs to be set: |
1200 | - UACLIENT_BEHAVE_CONTRACT_TOKEN=<your_token> |
1201 | |
1202 | -By default, the public AMIs for Ubuntu Pro testing used for each Ubuntu |
1203 | -release are defined in features/aws-ids.yaml. These ami-ids are determined by |
1204 | -running `./tools/refresh-aws-pro-ids`. |
1205 | - |
1206 | -Integration tests will read features/aws-ids.yaml to determine which default |
1207 | -AMI id to use for each supported Ubuntu release. |
1208 | - |
1209 | -To update `features/aws-ids.yaml`, run `./tools/refresh-aws-pro-ids` and put up |
1210 | -a pull request against this repo to updated that content from the ua-contracts |
1211 | -marketplace definitions. |
1212 | - |
1213 | * To manually run EC2 integration tests with a specific AMI Id provide the |
1214 | following environment variable to launch your specific AMI instead of building |
1215 | a daily ubuntu-advantage-tools image. |
1216 | diff --git a/dev-docs/references/directory_layout.md b/dev-docs/references/directory_layout.md |
1217 | index 241fa36..1fc1f77 100644 |
1218 | --- a/dev-docs/references/directory_layout.md |
1219 | +++ b/dev-docs/references/directory_layout.md |
1220 | @@ -9,12 +9,11 @@ The following describes the intent of Ubuntu Pro Client related directories: |
1221 | | ./uaclient/ | collection of python modules which will be packaged into ubuntu-advantage-tools package to deliver the Ubuntu Pro Client CLI | |
1222 | | uaclient.entitlements | Service-specific \*Entitlement class definitions which perform enable, disable, status, and entitlement operations etc. All classes derive from base.py:UAEntitlement and many derive from repo.py:RepoEntitlement | |
1223 | | ./uaclient/cli.py | The entry-point for the command-line client |
1224 | -| ./uaclient/clouds/ | Cloud-platform detection logic used in Ubuntu Pro to determine if a given should be auto-attached to a contract | |
1225 | +| ./uaclient/clouds/ | Cloud-platform detection logic used in Ubuntu Pro to determine if a given instance should be auto-attached to a contract | |
1226 | | uaclient.contract | Module for interacting with the Contract Server API | |
1227 | | uaclient.messages | Module that contains the messages delivered by `pro` to the user | |
1228 | | uaclient.security | Module that hold the logic used to run `pro fix` commands | |
1229 | | ./apt-hook/ | the C++ apt-hook delivering MOTD and apt command notifications about Ubuntu Pro support services | |
1230 | -| ./apt-conf.d/ | apt config files delivered to /etc/apt/apt-conf.d to automatically allow unattended upgrades of ESM security-related components. If apt proxy settings are configured, an additional apt config file will be placed here to configure the apt proxy. | |
1231 | | /etc/ubuntu-advantage/uaclient.conf | Configuration file for the Ubuntu Pro Client.| |
1232 | | /var/lib/ubuntu-advantage/private | `root` read-only directory containing Contract API responses, machine-tokens and service credentials | |
1233 | | /var/lib/ubuntu-advantage/machine-token.json | `world` readable file containing redacted Contract API responses, machine-tokens and service credentials | |
1234 | @@ -23,6 +22,7 @@ The following describes the intent of Ubuntu Pro Client related directories: |
1235 | ## Note |
1236 | |
1237 | We have two `machine-token.json` files, located at: |
1238 | + |
1239 | - /var/lib/ubuntu-advantage/private/machine-token.json |
1240 | - /var/lib/ubuntu-advantage/machine-token.json |
1241 | |
1242 | diff --git a/dev-docs/references/enabling_a_service.md b/dev-docs/references/enabling_a_service.md |
1243 | index 17429d0..d799972 100644 |
1244 | --- a/dev-docs/references/enabling_a_service.md |
1245 | +++ b/dev-docs/references/enabling_a_service.md |
1246 | @@ -17,5 +17,5 @@ The Ubuntu Pro Client is simple in that it relies on the machine token on the at |
1247 | machine to describe whether a service is applicable for an environment and what |
1248 | configuration is required to properly enable that service. |
1249 | |
1250 | -Any interactions with the Contract server API are defined as UAContractClient |
1251 | +Any interactions with the Contract Server API are defined as UAContractClient |
1252 | class methods in [uaclient/contract.py](../../uaclient/contract.py). |
1253 | diff --git a/dev-docs/references/terminology.md b/dev-docs/references/terminology.md |
1254 | index cc79893..0459eb7 100644 |
1255 | --- a/dev-docs/references/terminology.md |
1256 | +++ b/dev-docs/references/terminology.md |
1257 | @@ -5,8 +5,8 @@ Ubuntu Pro Client performs: |
1258 | |
1259 | | Term | Meaning | |
1260 | | -------- | -------- | |
1261 | -| Ubuntu Pro Client | The python command line client represented in this ubuntu-advantage-client repository. It is installed on each Ubuntu machine and is the entry-point to enable any Ubuntu Pro commercial service on an Ubuntu machine. | |
1262 | -| Contract Server | The backend service exposing a REST API to which Ubuntu Pro Client authenticates in order to obtain contract and commercial service information and manage which support services are active on a machine.| |
1263 | +| Ubuntu Pro Client | The python command line client represented in this ubuntu-pro-client repository. It is installed on each Ubuntu machine and is the entry-point to enable any Ubuntu Pro commercial service on an Ubuntu machine | |
1264 | +| Contract Server | The backend service exposing a REST API to which Ubuntu Pro Client authenticates in order to obtain contract and commercial service information and manage which support services are active on a machine | |
1265 | | Entitlement/Service | An Ubuntu Pro commercial support service such as FIPS, ESM, Livepatch, CIS-Audit to which a contract may be entitled | |
1266 | | Affordance | Service-specific list of applicable architectures and Ubuntu series on which a service can run | |
1267 | | Directives | Service-specific configuration values which are applied to a service when enabling that service | |
1268 | diff --git a/dev-docs/references/version_string_formatting.md b/dev-docs/references/version_string_formatting.md |
1269 | index 98c150e..59f163c 100644 |
1270 | --- a/dev-docs/references/version_string_formatting.md |
1271 | +++ b/dev-docs/references/version_string_formatting.md |
1272 | @@ -5,10 +5,10 @@ Below are the versioning schemes used for publishing debs: |
1273 | | Build target | Version Format | |
1274 | | --------------------------------------------------------------------------------- | ------------------------------------------ | |
1275 | | [Daily PPA](https://code.launchpad.net/~canonical-server/+recipe/ua-client-daily) | `XX.YY-<revno>~g<commitish>~ubuntu22.04.1` | |
1276 | -| Staging PPA | `XX.YY~22.04.1~rc1` | |
1277 | -| Stable PPA | `XX.YY~22.04.1~stableppa1` | |
1278 | -| Archive release | `XX.YY~22.04.1` | |
1279 | -| Archive bugfix release | `XX.YY.Z~22.04.1` | |
1280 | +| Staging PPA | `XX.YY~22.04~rc1` | |
1281 | +| Stable PPA | `XX.YY~22.04~stableppa1` | |
1282 | +| Archive release | `XX.YY~22.04` | |
1283 | +| Archive bugfix release | `XX.YY.Z~22.04` | |
1284 | |
1285 | ## Supported upgrade paths on same upstream version |
1286 | |
1287 | @@ -18,10 +18,10 @@ This table demonstrates upgrade paths between sources for one particular upstrea |
1288 | |
1289 | | Upgrade path | Version diff example | |
1290 | | ------------------------------- | ----------------------------------------------------------------------- | |
1291 | -| Staging to Next Staging rev | `31.4~22.04.1~rc1` ➜ `31.4~22.04.1~rc2` | |
1292 | -| Staging to Stable | `31.4~22.04.1~rc2` ➜ `31.4~22.04.1~stableppa1` | |
1293 | -| Stable to Next Stable rev | `31.4~22.04.1~stableppa1` ➜ `31.4~22.04.1~stableppa2` | |
1294 | -| Stable to Archive | `31.4~22.04.1~stableppa2` ➜ `31.4~22.04.1` | |
1295 | -| LTS Archive to Next LTS Archive | `31.4~22.04.1` ➜ `31.4~24.04.1` | |
1296 | -| Archive to Daily | `31.4~24.04.1` ➜ `31.4-1500~g75fa134~ubuntu24.04.1` | |
1297 | +| Staging to Next Staging rev | `31.4~22.04~rc1` ➜ `31.4~22.04~rc2` | |
1298 | +| Staging to Stable | `31.4~22.04~rc2` ➜ `31.4~22.04~stableppa1` | |
1299 | +| Stable to Next Stable rev | `31.4~22.04~stableppa1` ➜ `31.4~22.04~stableppa2` | |
1300 | +| Stable to Archive | `31.4~22.04~stableppa2` ➜ `31.4~22.04` | |
1301 | +| LTS Archive to Next LTS Archive | `31.4~22.04` ➜ `31.4~24.04` | |
1302 | +| Archive to Daily | `31.4~24.04` ➜ `31.4-1500~g75fa134~ubuntu24.04.1` | |
1303 | | Daily to Next Daily | `31.4-1500~g75fa134~ubuntu24.04.1` ➜ `31.4-1501~g3836375~ubuntu24.04.1` | |
1304 | diff --git a/dev-docs/references/what_happens_during_attach.md b/dev-docs/references/what_happens_during_attach.md |
1305 | index 21ad455..05854e1 100644 |
1306 | --- a/dev-docs/references/what_happens_during_attach.md |
1307 | +++ b/dev-docs/references/what_happens_during_attach.md |
1308 | @@ -1,7 +1,7 @@ |
1309 | ### What happens during attach |
1310 | After running the command `pro attach TOKEN`, Ubuntu Pro Client will perform the following steps: |
1311 | |
1312 | -* read the config from /etc/ubuntu-advantage/uaclient.conf to obtain |
1313 | +* Read the config from /etc/ubuntu-advantage/uaclient.conf to obtain |
1314 | the contract\_url (default: https://contracts.canonical.com) |
1315 | * POSTs to the Contract Server API @ |
1316 | <contract_url>/api/v1/context/machines/token providing the \<contractToken\> |
1317 | diff --git a/dev-requirements.txt b/dev-requirements.txt |
1318 | index 06712bf..00dd2fb 100644 |
1319 | --- a/dev-requirements.txt |
1320 | +++ b/dev-requirements.txt |
1321 | @@ -1,6 +1,6 @@ |
1322 | # The black, isort and shellcheck-py versions are also in .pre-commit-config.yaml; |
1323 | # make sure to update both together |
1324 | black==22.3.0 |
1325 | -isort==5.8.0 |
1326 | +isort==5.12.0 |
1327 | pre-commit |
1328 | shellcheck-py==0.8.0.4 |
1329 | diff --git a/docs/_static/js/github_issue_links.js b/docs/_static/js/github_issue_links.js |
1330 | index e449b4e..d339060 100644 |
1331 | --- a/docs/_static/js/github_issue_links.js |
1332 | +++ b/docs/_static/js/github_issue_links.js |
1333 | @@ -2,7 +2,7 @@ window.onload = function() { |
1334 | const link = document.createElement("a"); |
1335 | link.classList.add("muted-link"); |
1336 | link.classList.add("github-issue-link"); |
1337 | - link.text = "Have a question?"; |
1338 | + link.text = "Give feedback"; |
1339 | link.href = ( |
1340 | "https://github.com/canonical/ubuntu-pro-client/issues/new?" |
1341 | + "title=docs%3A+TYPE+YOUR+QUESTION+HERE" |
1342 | diff --git a/docs/conf.py b/docs/conf.py |
1343 | index 8dd4d59..33da04c 100644 |
1344 | --- a/docs/conf.py |
1345 | +++ b/docs/conf.py |
1346 | @@ -38,6 +38,8 @@ extensions = [ |
1347 | |
1348 | templates_path = ["_templates"] |
1349 | |
1350 | +html_extra_path = ["googleaf254801a5285c31.html", "sitemap-index.xml"] |
1351 | + |
1352 | # List of patterns, relative to source directory, that match files and |
1353 | # directories to ignore when looking for source files. |
1354 | # This pattern also affects html_static_path and html_extra_path. |
1355 | @@ -100,7 +102,7 @@ html_static_path = ["_static"] |
1356 | html_css_files = [ |
1357 | "css/logo.css", |
1358 | "css/github_issue_links.css", |
1359 | - "css/custom.css" |
1360 | + "css/custom.css", |
1361 | ] |
1362 | html_js_files = [ |
1363 | "js/github_issue_links.js", |
1364 | diff --git a/docs/explanations.rst b/docs/explanations.rst |
1365 | index a424451..78adb85 100644 |
1366 | --- a/docs/explanations.rst |
1367 | +++ b/docs/explanations.rst |
1368 | @@ -27,6 +27,7 @@ selection of some of the commands -- what they do, and how they work. |
1369 | :maxdepth: 1 |
1370 | |
1371 | explanations/how_to_interpret_the_security_status_command.md |
1372 | + explanations/how_to_interpret_output_of_unattended_upgrades.md |
1373 | explanations/status_columns.md |
1374 | explanations/what_refresh_does.md |
1375 | |
1376 | @@ -48,6 +49,7 @@ Other Pro features explained |
1377 | .. toctree:: |
1378 | :maxdepth: 1 |
1379 | |
1380 | + explanations/cves_and_usns_explained.md |
1381 | explanations/what_are_the_timer_jobs.md |
1382 | explanations/what_is_the_daemon.md |
1383 | explanations/why_trusty_is_no_longer_supported.md |
1384 | diff --git a/docs/explanations/apt_messages.md b/docs/explanations/apt_messages.md |
1385 | index d4e62ef..edd50d2 100644 |
1386 | --- a/docs/explanations/apt_messages.md |
1387 | +++ b/docs/explanations/apt_messages.md |
1388 | @@ -25,7 +25,7 @@ Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04 |
1389 | |
1390 | ## LTS series with esm-apps service disabled |
1391 | |
1392 | -When you are running `apt upgraded` on a LTS release, like Focal, we advertise |
1393 | +When you are running `apt upgrade` on a LTS release, like Focal, we advertise |
1394 | the `esm-apps` service if packages could be upgraded by enabling the service: |
1395 | |
1396 | ``` |
1397 | diff --git a/docs/explanations/cves_and_usns_explained.md b/docs/explanations/cves_and_usns_explained.md |
1398 | new file mode 100644 |
1399 | index 0000000..272c1d8 |
1400 | --- /dev/null |
1401 | +++ b/docs/explanations/cves_and_usns_explained.md |
1402 | @@ -0,0 +1,44 @@ |
1403 | +# CVEs and USNs explained |
1404 | + |
1405 | +## What is a CVE |
1406 | + |
1407 | +Common Vulnerabilities and Exposures (CVEs) are a way to catalogue and track public security |
1408 | +vulnerabilities for a given software. Every CVE is identified through a unique identifier, |
1409 | +for example [CVE-2023-0465](https://www.cve.org/CVERecord?id=CVE-2023-0465). |
1410 | + |
1411 | +CVEs are maintained by the [MITRE Corporation](https://cve.mitre.org/) and the goal of the project |
1412 | +is to provide naming conventions for the public known security issues while also maintaining a |
1413 | +centralised repository for all of the security issues. This makes it easier for an organization to |
1414 | +submit a new security flaw though the CVE convention while also analysing any other existing CVEs |
1415 | +in the database. |
1416 | + |
1417 | +You can search for any existing CVE related to Ubuntu using |
1418 | +[the Ubuntu CVE page](https://ubuntu.com/security/cves). |
1419 | + |
1420 | +## What is a USN? |
1421 | + |
1422 | +An Ubuntu Security Notice (USN) is the way that Canonical publicly catalogues and displays security |
1423 | +vulneratibilities for Ubuntu packages. Usually, a USN is composed of one or more |
1424 | +[CVEs](#what-is-a-cve) and it also contains update instructions to fix the issue, if a fix is |
1425 | +already available. |
1426 | + |
1427 | +USNs follow a naming convention of the format: [USN-5963-1](https://ubuntu.com/security/notices/USN-5963-1) |
1428 | + |
1429 | +You can search for any existing USN using |
1430 | +[the Ubuntu Security Notices page](https://ubuntu.com/security/notices). |
1431 | + |
1432 | +## What are related USNs? |
1433 | + |
1434 | +A USN is composed of different CVEs. If the same CVE appears on multiple USNs, we say that those USNs are related. |
1435 | +In the following image, we can see a visual representation of that concept, where USN-789 and USN-321 |
1436 | +are related USNs because both are affected by CVE-2: |
1437 | + |
1438 | +![Related USN example](../images/usn-related.png) |
1439 | + |
1440 | + |
1441 | +A real example can be seen in [USN-5573-1](https://ubuntu.com/security/notices/USN-5573-1). |
1442 | +In the section **Related notices**, it shows that both **USN-5570-1** |
1443 | +and **USN-5570-2** are related to **USN-5573-1**. |
1444 | + |
1445 | +This information is useful for users that want to tackle |
1446 | +all related USNs at once, making sure that a CVE is fully fixed on their Ubuntu machine. |
1447 | diff --git a/docs/explanations/how_to_interpret_output_of_unattended_upgrades.md b/docs/explanations/how_to_interpret_output_of_unattended_upgrades.md |
1448 | new file mode 100644 |
1449 | index 0000000..714c14a |
1450 | --- /dev/null |
1451 | +++ b/docs/explanations/how_to_interpret_output_of_unattended_upgrades.md |
1452 | @@ -0,0 +1,82 @@ |
1453 | +# How to interpret the output of unattended-upgrades |
1454 | + |
1455 | +On Pro Client version 27.14~, we introduced the `u.pro.unattended_upgrades.status.v1` endpoint. |
1456 | +This endpoint is designed to provide users with an overview of the configuration and setup for |
1457 | +unattended-upgrades on the machine. The expected output follows this JSON example: |
1458 | + |
1459 | +```json |
1460 | +{ |
1461 | + "_schema_version": "v1", |
1462 | + "data": { |
1463 | + "attributes": { |
1464 | + "apt_periodic_job_enabled": true, |
1465 | + "package_lists_refresh_frequency_days": 1, |
1466 | + "systemd_apt_timer_enabled": true, |
1467 | + "unattended_upgrades_allowed_origins": [ |
1468 | + "${distro_id}:${distro_codename}", |
1469 | + "${distro_id}:${distro_codename}-security", |
1470 | + "${distro_id}ESMApps:${distro_codename}-apps-security", |
1471 | + "${distro_id}ESM:${distro_codename}-infra-security" |
1472 | + ], |
1473 | + "unattended_upgrades_disabled_reason": null, |
1474 | + "unattended_upgrades_frequency_days": 1, |
1475 | + "unattended_upgrades_last_run": null, |
1476 | + "unattended_upgrades_running": true |
1477 | + }, |
1478 | + "meta": { |
1479 | + "environment_vars": [], |
1480 | + "raw_config": { |
1481 | + "APT::Periodic::Enable": "1", |
1482 | + "APT::Periodic::Unattended-Upgrade": "1", |
1483 | + "APT::Periodic::Update-Package-Lists": "1", |
1484 | + "Unattended-Upgrade::Allowed-Origins": [ |
1485 | + "${distro_id}:${distro_codename}", |
1486 | + "${distro_id}:${distro_codename}-security", |
1487 | + "${distro_id}ESMApps:${distro_codename}-apps-security", |
1488 | + "${distro_id}ESM:${distro_codename}-infra-security" |
1489 | + ] |
1490 | + } |
1491 | + }, |
1492 | + "type": "UnattendedUpgradesStatus" |
1493 | + }, |
1494 | + "errors": [], |
1495 | + "result": "success", |
1496 | + "version": "27.14~16.04.1", |
1497 | + "warnings": [] |
1498 | +} |
1499 | +``` |
1500 | + |
1501 | +As we can see from this output, we have a variable named `unattended_upgrades_running`. That variable |
1502 | +indicates if unattended-upgrades is properly configured and running on the machine. |
1503 | +The value of this field will only be `true` if *ALL* of the following prerequisites are also true: |
1504 | + |
1505 | +* *`apt_periodic_job_enable` is true*: That variable indicates if the APT::Periodic::Enable configuration variable |
1506 | + is turned on. If it is turned off, unattended-upgrades will not automatically run on the machine. |
1507 | +* *`package_lists_refresh_frequency_days` is non-zero*: That variable shows the value of APT::Periodic::Package-List-Frequency. |
1508 | + This configuration defines the daily frequency for updating package sources in the background. If it has a zero value, this step will never |
1509 | + happen and unattended-upgrades might not be able to install new versions of the packages. |
1510 | +* *`systemd_apt_timer_enabled` is true*: This variable is true if both `apt-daily.timer` and `apt-daily-upgrade.timer` are running |
1511 | + on the machine. These timers are the ones that control when unattended-upgrades run. The first job, `apt-daily.timer` is responsible |
1512 | + for triggering the code that downloads the lastest package information on the system. The second job, `apt-daily-upgrade.timer` is |
1513 | + responsible for running unattended-upgrades to download the latest version of the packages. If one of these jobs is disabled, |
1514 | + unattended-upgrades might not work as expected. |
1515 | +* *`unattended_upgrades_allowed_origins` is not empty*: This variable defines the origins that |
1516 | + unattended-upgrades can use to install a package. If that list is empty, no packages can be |
1517 | + installed and unattended-upgrades will not work as expected. |
1518 | +* *`unattended_upgrades_frequency_days` is non-zero*: That variable shows the value of |
1519 | + APT::Periodic::Unattended-Upgrade. This configuration defines the daily frequency for running |
1520 | + unattended-upgrades in the background. Therefore, if it has a zero value, the command will never |
1521 | + run. |
1522 | + |
1523 | + |
1524 | +If any of those conditions are not met, the variable |
1525 | +*unattended_upgrades_disabled_reason* will contain an object explaining why unattended-upgrades is |
1526 | +not running. For example, if `package_lists_refresh_frequency_days` has a zero value, we will see |
1527 | +the following value for *unattended_upgrades_disabled_reason*: |
1528 | + |
1529 | +```json |
1530 | +{ |
1531 | + "msg": "APT::Periodic::Update-Package-Lists is turned off", |
1532 | + "code": "unattended-upgrades-cfg-value-turned-off" |
1533 | +} |
1534 | +``` |
1535 | diff --git a/docs/explanations/how_to_interpret_the_security_status_command.md b/docs/explanations/how_to_interpret_the_security_status_command.md |
1536 | index 21be0b4..b0a56e9 100644 |
1537 | --- a/docs/explanations/how_to_interpret_the_security_status_command.md |
1538 | +++ b/docs/explanations/how_to_interpret_the_security_status_command.md |
1539 | @@ -1,7 +1,200 @@ |
1540 | # What does `security-status` do? |
1541 | |
1542 | -The `security-status` command is used to get an overview of the packages |
1543 | -installed on your machine. |
1544 | +The `security-status` command provides an overview of all the packages |
1545 | +installed on your machine, and the security coverage that applies to those |
1546 | +packages. |
1547 | + |
1548 | +The output of the `security-status` command varies, depending on the configuration of the machine you run it on. In this article, we'll take a look at the different outputs of `security-status` and the situations in which you might see them. |
1549 | + |
1550 | +## Command output |
1551 | + |
1552 | +If you run the `pro security-status` command, the first blocks of information |
1553 | +you see look like: |
1554 | + |
1555 | +``` |
1556 | +2871 packages installed: |
1557 | + 2337 packages from Ubuntu Main/Restricted repository |
1558 | + 504 packages from Ubuntu Universe/Multiverse repository |
1559 | + 8 packages from third parties |
1560 | + 22 packages no longer available for download |
1561 | + |
1562 | +To get more information about the packages, run |
1563 | + pro security-status --help |
1564 | +for a list of available options. |
1565 | +``` |
1566 | + |
1567 | +Those are counts for the `apt` packages installed in the system, sorted |
1568 | +between the packages in main, universe, third party packages, and packages |
1569 | +that are no longer available. You will also see a hint to run |
1570 | +`pro security-status --help` to get more information. |
1571 | + |
1572 | +### `apt update` hint |
1573 | + |
1574 | +To get accurate package information, the `apt` caches must be up to date. If |
1575 | +your cache was not updated recently, you may see a message in the output with |
1576 | +a hint to update. |
1577 | + |
1578 | +``` |
1579 | +The system apt cache may be outdated. Make sure to run |
1580 | + sudo apt-get update |
1581 | +to get the latest package information from apt. |
1582 | +``` |
1583 | + |
1584 | +### LTS coverage |
1585 | + |
1586 | +If `esm-infra` is disabled in your system, main/restricted packages will be |
1587 | +covered during the LTS period - this information is presented right after the |
1588 | +hints. A covered system will present this message: |
1589 | + |
1590 | +``` |
1591 | +This machine is receiving security patching for Ubuntu Main/Restricted |
1592 | +repository until <year>. |
1593 | +``` |
1594 | + |
1595 | +On a system where the LTS period ended, you'll see: |
1596 | + |
1597 | +``` |
1598 | +This machine is NOT receiving security patches because the LTS period has ended |
1599 | +and esm-infra is not enabled. |
1600 | +``` |
1601 | + |
1602 | +### Ubuntu Pro coverage |
1603 | + |
1604 | +An Ubuntu Pro subscription provides more security coverage than a standard LTS. |
1605 | +The next blocks of information are related to Ubuntu Pro itself: |
1606 | + |
1607 | +``` |
1608 | +This machine is attached to an Ubuntu Pro subscription. |
1609 | + |
1610 | +Main/Restricted packages are receiving security updates from |
1611 | +Ubuntu Pro with 'esm-infra' enabled until 2032. |
1612 | + |
1613 | +Universe/Multiverse packages are receiving security updates from |
1614 | +Ubuntu Pro with 'esm-apps' enabled until 2032. You have received 21 security |
1615 | +updates. |
1616 | +``` |
1617 | + |
1618 | +This system is already attached to Pro! It is a Jammy machine, which has |
1619 | +installed some updates from `esm-apps`. Running the same command on a Xenial |
1620 | +system without Pro enabled, the output looks like: |
1621 | + |
1622 | +``` |
1623 | +This machine is NOT attached to an Ubuntu Pro subscription. |
1624 | + |
1625 | +Ubuntu Pro with 'esm-infra' enabled provides security updates for |
1626 | +Main/Restricted packages until 2026. There are 170 pending security updates. |
1627 | + |
1628 | +Ubuntu Pro with 'esm-apps' enabled provides security updates for |
1629 | +Universe/Multiverse packages until 2026. There is 1 pending security update. |
1630 | + |
1631 | +Try Ubuntu Pro with a free personal subscription on up to 5 machines. |
1632 | +Learn more at https://ubuntu.com/pro |
1633 | +``` |
1634 | + |
1635 | +There are lots of `esm-infra` updates for this machine, and even an `esm-apps` |
1636 | +update. The hint in the end of the output has a link to the main Pro website, |
1637 | +so the user can learn more about Pro and get their subscription. |
1638 | + |
1639 | +### Interim releases |
1640 | + |
1641 | +If you are running an interim release, the output is slightly different because |
1642 | +there are no Ubuntu Pro services available. You will still see the package |
1643 | +counts and support period though - your main/restricted packages are supported |
1644 | +for 9 months from the release date. |
1645 | + |
1646 | +``` |
1647 | +613 packages installed: |
1648 | + 601 packages from Ubuntu Main/Restricted repository |
1649 | + 12 packages from Ubuntu Universe/Multiverse repository |
1650 | + |
1651 | +To get more information about the packages, run |
1652 | + pro security-status --help |
1653 | +for a list of available options. |
1654 | + |
1655 | +Main/Restricted packages receive updates until 1/2024. |
1656 | + |
1657 | +Ubuntu Pro is not available for non-LTS releases. |
1658 | +``` |
1659 | + |
1660 | +### Optional flags for specific package sets |
1661 | + |
1662 | +Some flags can be passed to `security-status` to get information about coverage |
1663 | +of specific package sets. As an example, let's look at the output of |
1664 | +`pro security-status --esm-infra`: |
1665 | + |
1666 | +``` |
1667 | +442 packages installed: |
1668 | + 441 packages from Ubuntu Main/Restricted repository |
1669 | + |
1670 | +Main/Restricted packages are receiving security updates from |
1671 | +Ubuntu Pro with 'esm-infra' enabled until 2026. You have received 3 security |
1672 | +updates. There are 160 pending security updates. |
1673 | + |
1674 | +Run 'pro help esm-infra' to learn more |
1675 | + |
1676 | +Installed packages with an available esm-infra update: |
1677 | +( ... list of packages ... ) |
1678 | + |
1679 | +Installed packages with an esm-infra update applied: |
1680 | +( ... list of packages ... ) |
1681 | + |
1682 | +Further installed packages covered by esm-infra: |
1683 | +( ... list of packages ... ) |
1684 | + |
1685 | +For example, run: |
1686 | + apt-cache show tcpdump |
1687 | +to learn more about that package. |
1688 | +``` |
1689 | + |
1690 | +Besides the support information of main/restricted (which Ubuntu Pro with |
1691 | +`esm-infra` extends) there are lists of: |
1692 | +- packages which have some updated version available in esm-infra repositories |
1693 | +- packages which have an installed version from the esm-infra repositories |
1694 | +- packages which are covered by esm-infra |
1695 | + |
1696 | +You will see a similar output when running `pro security-status --esm-apps`, |
1697 | +but with information regarding universe/multiverse packages. |
1698 | + |
1699 | +You can also get a list of the third-party packages installed in the system: |
1700 | + |
1701 | +``` |
1702 | +$ pro security-status --thirdparty |
1703 | +2871 packages installed: |
1704 | + 8 packages from third parties |
1705 | + |
1706 | +Packages from third parties are not provided by the official Ubuntu |
1707 | +archive, for example packages from Personal Package Archives in Launchpad. |
1708 | + |
1709 | +Packages: |
1710 | +( ... list of packages ... ) |
1711 | + |
1712 | +For example, run: |
1713 | + apt-cache show <package_name> |
1714 | +to learn more about that package. |
1715 | +``` |
1716 | + |
1717 | +And also a list of unavailable packages (which no longer have any installation |
1718 | +source): |
1719 | + |
1720 | +``` |
1721 | +$ pro security-status --unavailable |
1722 | +2871 packages installed: |
1723 | + 22 packages no longer available for download |
1724 | + |
1725 | +Packages that are not available for download may be left over from a |
1726 | +previous release of Ubuntu, may have been installed directly from a |
1727 | +.deb file, or are from a source which has been disabled. |
1728 | + |
1729 | +Packages: |
1730 | +( ... list of packages ... ) |
1731 | + |
1732 | + |
1733 | +For example, run: |
1734 | + apt-cache show <package_name> |
1735 | +to learn more about that package. |
1736 | +``` |
1737 | + |
1738 | +## Machine-readable output |
1739 | |
1740 | If you run the `pro security-status --format yaml` command on your machine, you |
1741 | should expect to see an output that follows this structure: |
1742 | @@ -41,10 +234,10 @@ livepatch: |
1743 | Patched: true |
1744 | ``` |
1745 | |
1746 | -Let's understand what each key means in the output of the `pro security-status` |
1747 | -command: |
1748 | +Let's understand what each key means in the output of the |
1749 | +`pro security-status --format yaml` command: |
1750 | |
1751 | -## `summary` |
1752 | +### `summary` |
1753 | |
1754 | This provides a summary of the system related to Ubuntu Pro and the different |
1755 | package sources in the system: |
1756 | @@ -102,7 +295,7 @@ package sources in the system: |
1757 | * **`entitled_services`**: A list of services that are entitled on your |
1758 | Ubuntu Pro subscription. If unattached, this will always be an empty list. |
1759 | |
1760 | -## `packages` |
1761 | +### `packages` |
1762 | |
1763 | This provides a list of security updates for packages installed on the system. |
1764 | Every entry on the list will follow this structure: |
1765 | @@ -123,7 +316,7 @@ Every entry on the list will follow this structure: |
1766 | * **`download_size`**: The number of bytes that would be downloaded in order to |
1767 | install the update. |
1768 | |
1769 | -## `livepatch` |
1770 | +### `livepatch` |
1771 | |
1772 | This displays Livepatch-related information. Currently, the only information |
1773 | presented is **`fixed_cves`**. This represents a list of CVEs that were fixed |
1774 | diff --git a/docs/explanations/motd_messages.md b/docs/explanations/motd_messages.md |
1775 | index 337a4bd..6a8f22b 100644 |
1776 | --- a/docs/explanations/motd_messages.md |
1777 | +++ b/docs/explanations/motd_messages.md |
1778 | @@ -2,21 +2,51 @@ |
1779 | |
1780 | When the Ubuntu Pro Client (`pro`) is installed on the system, it delivers |
1781 | custom messages on ["Message of the Day" (MOTD)](https://wiki.debian.org/motd). |
1782 | -Those messages are generated directly by two different sources. |
1783 | +Those messages are generated directly by three different sources. |
1784 | |
1785 | -## Python-scripted MOTD |
1786 | +* MOTD about available updates |
1787 | +* MOTD about important subscription conditions |
1788 | +* MOTD about ESM being available |
1789 | + |
1790 | +## MOTD about available updates |
1791 | |
1792 | The [update-notifier](https://wiki.ubuntu.com/UpdateNotifier) delivers a script |
1793 | -called `apt_check.py`. With regards to Ubuntu Pro, this script is responsible |
1794 | -for: |
1795 | - |
1796 | +via the `update-notifier-common` package called |
1797 | +`/usr/lib/update-notifier/apt_check.py. |
1798 | +With regards to Ubuntu Pro, this script is responsible for: |
1799 | + |
1800 | * Informing the user about the status of one of the ESM services; `esm-apps` if |
1801 | the machine is an LTS series, or `esm-infra` if the series is in ESM mode. |
1802 | * Showing the number of `esm-infra` or `esm-apps` packages that can be upgraded |
1803 | on the machine. |
1804 | |
1805 | -For example, here is the output of the `apt_check.py` script on a LTS machine |
1806 | -when both of those services are enabled: |
1807 | +`update-notifier` has always added information about potential updates to |
1808 | +MOTD to raise user awareness. With the advent of Ubuntu Pro they are |
1809 | +just more differentiated. |
1810 | + |
1811 | +Note that if you run `apt_check.py` directly it might give you rather |
1812 | +unreadable output as it is meant for program use. You can add `--human-readable` |
1813 | +to see the information as it would be presented in MOTD. |
1814 | + |
1815 | +### Machine is unattached |
1816 | + |
1817 | +On a machine that runs an Ubuntu release for which the `esm-apps` service |
1818 | +is available, but not yet attached to an Ubuntu Pro subscription, there will |
1819 | +be a message notifying the user that there may be more security updates |
1820 | +available through ESM Apps. |
1821 | + |
1822 | +``` |
1823 | +Expanded Security Maintenance for Applications is not enabled. |
1824 | + |
1825 | +0 updates can be applied immediately. |
1826 | + |
1827 | +Enable ESM Apps to receive additional future security updates. |
1828 | +See https://ubuntu.com/esm or run: sudo pro status |
1829 | +``` |
1830 | + |
1831 | +### Machine is fully attached |
1832 | + |
1833 | +In the opposite situation, if an LTS machine has the `esm-infra` and `esm-apps` services enabled then users will see the following output in MOTD: |
1834 | |
1835 | ``` |
1836 | Expanded Security Maintenance for Applications is enabled. |
1837 | @@ -28,8 +58,16 @@ Expanded Security Maintenance for Applications is enabled. |
1838 | To see these additional updates run: apt list --upgradable |
1839 | ``` |
1840 | |
1841 | -However, if we were running this on an ESM series, we would instead see |
1842 | -`esm-infra` being advertised: |
1843 | +### Machine is fully attached, on an older release |
1844 | + |
1845 | +Above you have seen examples of recent (as in "still in their first 5 |
1846 | +years of support") Ubuntu releases, where the hint is about ESM Apps |
1847 | +extending the coverage to the universe repositories. |
1848 | + |
1849 | +However, if running on an Ubuntu release that has is already past the initial |
1850 | +5 years of support and has thereby entered Expanded Security Maintenance |
1851 | +(["ESM"](https://ubuntu.com/security/esm)), we would instead see |
1852 | +`esm-infra` (which provides coverage for another 5 years) being shown: |
1853 | |
1854 | ``` |
1855 | Expanded Security Maintenance Infrastructure is enabled. |
1856 | @@ -41,17 +79,19 @@ Expanded Security Maintenance Infrastructure is enabled. |
1857 | To see these additional updates run: apt list --upgradable |
1858 | ``` |
1859 | |
1860 | +### Partial service enablement |
1861 | + |
1862 | Now let's consider a scenario where one of these services is not enabled. For |
1863 | example, if `esm-apps` was disabled, the output will be: |
1864 | |
1865 | ``` |
1866 | Expanded Security Maintenance for Applications is not enabled. |
1867 | - |
1868 | + |
1869 | 6 updates can be applied immediately. |
1870 | 1 of these updates is a ESM Infra security update. |
1871 | 5 of these updates are standard security updates. |
1872 | To see these additional updates run: apt list --upgradable |
1873 | - |
1874 | + |
1875 | 5 additional security updates can be applied with ESM Apps |
1876 | Learn more about enabling ESM Apps for Ubuntu 16.04 at |
1877 | https://ubuntu.com/16-04 |
1878 | @@ -62,13 +102,13 @@ upgraded if that service was enabled. Note that we would deliver the same |
1879 | information for `esm-infra` if the service was disabled and the series running |
1880 | on the machine is in ESM state. |
1881 | |
1882 | -## MOTD through Ubuntu Pro timer jobs |
1883 | +## MOTD about important subscription conditions |
1884 | |
1885 | -One of the timer jobs Ubuntu Pro uses can insert additional messages into MOTD. |
1886 | -These messages will be always delivered before or after the content created by |
1887 | -the Python script delivered by `update-notifier`. These additional messages are |
1888 | -generated when `pro` detects that certain conditions on the machine have been |
1889 | -met. They are: |
1890 | +One of the [timer jobs](https://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/explanations/what_are_the_timer_jobs.html) |
1891 | +Ubuntu Pro uses can insert additional messages into MOTD. |
1892 | +These messages will be always delivered next to the content created by |
1893 | +`update-notifier`. These additional messages are generated when `pro` |
1894 | +detects that certain conditions on the machine have been met. They are: |
1895 | |
1896 | ### Subscription expired |
1897 | |
1898 | @@ -104,8 +144,69 @@ coverage for your applications. |
1899 | Your grace period will expire in 9 days. |
1900 | ``` |
1901 | |
1902 | -### How are these messages updated and inserted into MOTD? |
1903 | +## MOTD about ESM being available |
1904 | + |
1905 | +When Ubuntu Pro became generally available, a temporary announcement was made |
1906 | +through MOTD. This was intended to raise awareness of Pro now being available |
1907 | +and free for personal use, and was shown on systems that could be covered |
1908 | +by `esm-apps`. |
1909 | +It looked like: |
1910 | + |
1911 | +``` |
1912 | + * Introducing Expanded Security Maintenance for Applications. |
1913 | + Receive updates to over 25,000 software packages with your |
1914 | + Ubuntu Pro subscription. Free for personal use. |
1915 | + |
1916 | + https://ubuntu.com/pro |
1917 | +``` |
1918 | + |
1919 | +Since this message was intended as a limited-time announcement to coincide |
1920 | +with the release of Ubuntu Pro into general availability, it was removed in |
1921 | +27.14. |
1922 | + |
1923 | +## How are these messages inserted into MOTD and how can I disable them? |
1924 | + |
1925 | +Just as there are different purposes to the messages outlined above, |
1926 | +there are different sources producing these MOTD elements that one |
1927 | +sees at login. |
1928 | + |
1929 | +Those messages are considered important to ensure user awareness about |
1930 | +the free additional security coverage provided by Ubuntu Pro and about |
1931 | +not-yet-applied potential updates in general. Therefore it is generally not |
1932 | +recommended to disable them. But still, you can selectively disable them |
1933 | +by removing the config files that add them, as outlined below. |
1934 | + |
1935 | +Removing those files is considered a conffile change to customize a program |
1936 | +and they will stay removed even on future upgrades or re-installations of the |
1937 | +related packages. |
1938 | + |
1939 | +If you realize that you actually need them back you need |
1940 | +to reinstall the related packages and tell apt/dpkg to offer you to restore |
1941 | +those files via: |
1942 | + |
1943 | +``` |
1944 | +sudo apt install --reinstall -o Dpkg::Options::="--force-confask" ubuntu-advantage-tools update-notifier-common |
1945 | +``` |
1946 | + |
1947 | +## Source: MOTD about available updates |
1948 | + |
1949 | +1. `update-notifier-common` has a hook `/etc/apt/apt.conf.d/99update-notifier` that runs after `apt update`. |
1950 | +2. That hook will update the information in `/var/lib/update-notifier/updates-available` matching the new package information that was just fetched by using `/usr/lib/update-notifier/apt-check --human-readable`. |
1951 | +3. At MOTD generation time, the script located at `/etc/update-motd.d/90-updates-available` checks if `/var/lib/update-notifier/updates-available` exists and if it does, inserts the message into the full MOTD. |
1952 | + |
1953 | +If you want to disable any message of update-notifier (not just related to Ubuntu Pro and ESM) about potentially available updates remove `/etc/update-motd.d/90-updates-available`. |
1954 | |
1955 | -1. The contract status is checked periodically in the background when the machine is attached to an Ubuntu Pro contract. |
1956 | -2. If one of the above messages applies to the contract that the machine is attached to, then the message is stored in `/var/lib/ubuntu-advantage/messages/motd-contract-status`. |
1957 | +## Source: MOTD about important subscription conditions |
1958 | + |
1959 | +1. The subscription status is checked periodically in the background when the machine is attached to an Ubuntu Pro subscription. |
1960 | +2. If one of the above conditions applies to the subscription that the machine is attached to (there are no messages generated by this for unattached machines), then the message is stored in `/var/lib/ubuntu-advantage/messages/motd-contract-status`. |
1961 | 3. At MOTD generation time, the script located at `/etc/update-motd.d/91-contract-ua-esm-status` checks if `/var/lib/ubuntu-advantage/messages/motd-contract-status` exists and if it does, inserts the message into the full MOTD. |
1962 | + |
1963 | +If you want to disable any message about important conditions of your attached subscription remove `/etc/update-motd.d/91-contract-ua-esm-status`. |
1964 | + |
1965 | +## Source: MOTD about ESM being available |
1966 | + |
1967 | +1. `pro` checks regularly if a system would have `esm-apps` available to it and if so places a message in `/var/lib/ubuntu-advantage/messages/motd-esm-announce`. |
1968 | +2. At MOTD generation time, the script located at `/etc/update-motd.d/88-esm-announce` checks if `/var/lib/ubuntu-advantage/messages/motd-esm-announce` exists and if it does, inserts the message into the full MOTD. |
1969 | + |
1970 | +If you want to disable the ESM announcement remove `/etc/update-motd.d/88-esm-announce` (or upgrade to 27.14 or later which will remove it for you). |
1971 | diff --git a/docs/explanations/status_columns.md b/docs/explanations/status_columns.md |
1972 | index 1447b44..6e79449 100644 |
1973 | --- a/docs/explanations/status_columns.md |
1974 | +++ b/docs/explanations/status_columns.md |
1975 | @@ -101,3 +101,105 @@ allow_beta: True |
1976 | It's important to keep in mind that any feature defined like this will be |
1977 | listed, even if it is invalid or typed the wrong way. Those appear in `status` |
1978 | output for informational and debugging purposes. |
1979 | + |
1980 | +## Machine-readable output |
1981 | + |
1982 | +The `pro status` command supports a `--format` flag with options including `json` and `yaml`. These result in a machine-readable form of the information presented by the `pro status` command. |
1983 | + |
1984 | +```{note} |
1985 | +`pro status` should return the same results whether using `sudo` or not, but earlier versions did not always do this. We recommend using `sudo` whenever possible. |
1986 | +``` |
1987 | + |
1988 | +For example, running `sudo pro status --format=json` on an attached machine may give you something like this: |
1989 | +```javascript |
1990 | +{ |
1991 | + "_doc": "Content provided in json response is currently considered Experimental and may change", |
1992 | + "_schema_version": "0.1", |
1993 | + "account": { |
1994 | + "created_at": "2000-01-02T03:04:05+06:00", |
1995 | + "id": "account_id", |
1996 | + "name": "Test" |
1997 | + }, |
1998 | + "attached": true, |
1999 | + "config": { ...effectiveConfiguration }, |
2000 | + "config_path": "/etc/ubuntu-advantage/uaclient.conf", |
2001 | + "contract": { |
2002 | + "created_at": "2000-01-02T03:04:05+06:00", |
2003 | + "id": "contract_id", |
2004 | + "name": "contract_name", |
2005 | + "products": [ "uaa-essential" ], |
2006 | + "tech_support_level": "essential" |
2007 | + }, |
2008 | + "effective": null, |
2009 | + "environment_vars": [...proClientEnvironmentVariables], |
2010 | + "errors": [], |
2011 | + "execution_details": "No Ubuntu Pro operations are running", |
2012 | + "execution_status": "inactive", |
2013 | + "expires": "9999-12-31T00:00:00+00:00", |
2014 | + "features": {}, |
2015 | + "machine_id": "machine_id", |
2016 | + "notices": [], |
2017 | + "result": "success", |
2018 | + "services": [ |
2019 | + { |
2020 | + "available": "yes", |
2021 | + "blocked_by": [], |
2022 | + "description": "Expanded Security Maintenance for Applications", |
2023 | + "description_override": null, |
2024 | + "entitled": "yes", |
2025 | + "name": "esm-apps", |
2026 | + "status": "enabled", |
2027 | + "status_details": "Ubuntu Pro: ESM Apps is active", |
2028 | + "warning": null |
2029 | + }, |
2030 | + { |
2031 | + "available": "yes", |
2032 | + "blocked_by": [], |
2033 | + "description": "Expanded Security Maintenance for Infrastructure", |
2034 | + "description_override": null, |
2035 | + "entitled": "yes", |
2036 | + "name": "esm-infra", |
2037 | + "status": "enabled", |
2038 | + "status_details": "Ubuntu Pro: ESM Infra is active", |
2039 | + "warning": null |
2040 | + }, |
2041 | + { |
2042 | + "available": "yes", |
2043 | + "blocked_by": [], |
2044 | + "description": "Canonical Livepatch service", |
2045 | + "description_override": null, |
2046 | + "entitled": "yes", |
2047 | + "name": "livepatch", |
2048 | + "status": "enabled", |
2049 | + "status_details": "", |
2050 | + "warning": null |
2051 | + }, |
2052 | + ...otherServiceStatusObjects |
2053 | + ], |
2054 | + "simulated": false, |
2055 | + "version": "27.13.6~18.04.1", |
2056 | + "warnings": [] |
2057 | +} |
2058 | +``` |
2059 | + |
2060 | +Some particularly important attributes in the output include: |
2061 | +* `attached`: This boolean value indicates whether this machine is attached to an Ubuntu Pro account. This does not tell you if any particular service (e.g. `esm-infra`) is enabled. You must check the individual service item in the `services` list for that status (described below). |
2062 | +* `expires`: This is the date that the Ubuntu Pro subscription is valid until (in RFC3339 format). After this date has passed the machine should be treated as if not attached and no services are enabled. `attached` may still say `true` and services may still say they are `entitled` and `enabled`, but if the `expires` date has passed, you should assume the services are not functioning. |
2063 | +* `services`: This is a list of Ubuntu Pro services. Each item has its own attributes. Widely applicable services include those with `name` equal to `esm-infra`, `esm-apps`, and `livepatch`. Some important fields in each service object are: |
2064 | + * `name`: The name of the service. |
2065 | + * `entitled`: A boolean indicating whether the attached Ubuntu Pro account is allowed to enable this service. |
2066 | + * `status`: A string indicating the service's current status on the machine. Any value other than `enabled` should be treated as if the service is not enabled and not working properly on the machine. Possible values are: |
2067 | + * `enabled`: The service is enabled and working. |
2068 | + * `disabled`: The service can be enabled but is not currently. |
2069 | + * `n/a`: The service cannot be enabled on this machine. |
2070 | + * `warning`: The service is supposed to be enabled but something is wrong. Check the `warning` field in the service item for additional information. |
2071 | + |
2072 | +For example, if you want to programatically find the status of esm-infra on a particular machine, you can use the following command: |
2073 | +```shell |
2074 | +sudo pro status --format=json | jq '.services[] | select(.name == "esm-infra").status' |
2075 | +``` |
2076 | +That command will print one of the `status` values defined above. |
2077 | + |
2078 | +```{attention} |
2079 | +In an future version of Ubuntu Pro Client, there will be an [API](../references/api.md) function to access this information. For now, though, `pro status --format=json` is the recommended machine-readable interface to this data. |
2080 | +``` |
2081 | diff --git a/docs/googleaf254801a5285c31.html b/docs/googleaf254801a5285c31.html |
2082 | new file mode 100644 |
2083 | index 0000000..b603071 |
2084 | --- /dev/null |
2085 | +++ b/docs/googleaf254801a5285c31.html |
2086 | @@ -0,0 +1 @@ |
2087 | +google-site-verification: googleaf254801a5285c31.html |
2088 | \ No newline at end of file |
2089 | diff --git a/docs/howtoguides.rst b/docs/howtoguides.rst |
2090 | index 7127394..5b93de6 100644 |
2091 | --- a/docs/howtoguides.rst |
2092 | +++ b/docs/howtoguides.rst |
2093 | @@ -59,6 +59,7 @@ How to use ``pro`` commands |
2094 | :maxdepth: 1 |
2095 | |
2096 | Run `fix` in "dry run" mode <howtoguides/how_to_run_fix_in_dry_run_mode.md> |
2097 | + Skip fixing related USNs <howtoguides/how_to_not_fix_related_usns.md> |
2098 | |
2099 | ``refresh`` |
2100 | ----------- |
2101 | diff --git a/docs/howtoguides/enable_fips.md b/docs/howtoguides/enable_fips.md |
2102 | index 8f614fb..4fe8b8a 100644 |
2103 | --- a/docs/howtoguides/enable_fips.md |
2104 | +++ b/docs/howtoguides/enable_fips.md |
2105 | @@ -36,5 +36,5 @@ been installed: |
2106 | ``` |
2107 | Installing FIPS packages |
2108 | FIPS enabled |
2109 | -A reboot is required to complete installl |
2110 | +A reboot is required to complete install. |
2111 | ``` |
2112 | diff --git a/docs/howtoguides/get_rid_of_corrupt_lock.md b/docs/howtoguides/get_rid_of_corrupt_lock.md |
2113 | index 03da4a3..17e8e37 100644 |
2114 | --- a/docs/howtoguides/get_rid_of_corrupt_lock.md |
2115 | +++ b/docs/howtoguides/get_rid_of_corrupt_lock.md |
2116 | @@ -2,7 +2,7 @@ |
2117 | |
2118 | Some pro commands (`attach`, `enable`, `detach` and `disable`) will potentially change the |
2119 | internal state of your system. Since those commands can run in parallel, we have a lock file |
2120 | -mechanism to guarantee that only one of these commands can run at the same time. The lock follow |
2121 | +mechanism to guarantee that only one of these commands can run at the same time. The lock follows |
2122 | this pattern: |
2123 | |
2124 | ``` |
2125 | diff --git a/docs/howtoguides/get_token_and_attach.md b/docs/howtoguides/get_token_and_attach.md |
2126 | index 41726ef..ff15c15 100644 |
2127 | --- a/docs/howtoguides/get_token_and_attach.md |
2128 | +++ b/docs/howtoguides/get_token_and_attach.md |
2129 | @@ -1,10 +1,21 @@ |
2130 | # How to get an Ubuntu Pro token and attach to a subscription |
2131 | |
2132 | +## Get an Ubuntu Pro token |
2133 | + |
2134 | Retrieve your Ubuntu Pro token from the |
2135 | -[Ubuntu Pro portal](https://ubuntu.com/pro/). You will log in with your "Single |
2136 | +[Ubuntu Pro portal](https://ubuntu.com/pro/). Log in with your "Single |
2137 | Sign On" credentials, the same credentials you use for https://login.ubuntu.com. |
2138 | -Note that you can obtain a free personal token, which provides you with access |
2139 | -to several of the Ubuntu Pro services. |
2140 | + |
2141 | +Being logged in you can then go to the |
2142 | +[Ubuntu Pro Dashboard](https://ubuntu.com/pro/dashboard) that is associated to |
2143 | +your user. It will show you all subscriptions currently available to you and |
2144 | +for each the associated token. |
2145 | + |
2146 | +Note that even without buying anything you can always obtain a free personal |
2147 | +token that way, which provides you with access to several of the Ubuntu Pro |
2148 | +services. |
2149 | + |
2150 | +## Attach to a subscription |
2151 | |
2152 | Once that token is obtained, to attach your machine to a subscription, just run: |
2153 | |
2154 | @@ -35,3 +46,26 @@ Enable services with: pro enable <service> |
2155 | Once the Ubuntu Pro Client is attached to your Ubuntu Pro account, you can use |
2156 | it to activate various services, including: access to ESM packages, Livepatch, |
2157 | FIPS, and CIS. Some features are specific to certain LTS releases. |
2158 | + |
2159 | +## Control of auto-enabled services |
2160 | + |
2161 | +Your subscription controls which services are available to you and which ones |
2162 | +you can manage via the [Ubuntu Pro Dashboard](https://ubuntu.com/pro/dashboard). |
2163 | + |
2164 | +Recommended services are auto-enabled by default when attaching a system. |
2165 | +You can choose which of the available services will be automatically |
2166 | +enabled or disabled when you attach by toggling them in the |
2167 | +[Ubuntu Pro Dashboard](https://ubuntu.com/pro/dashboard). |
2168 | +Available services can always be enabled or disabled on the command line |
2169 | +with `pro enable` and `pro disable` after attaching. |
2170 | + |
2171 | +![Toggling recommended services in the Pro Dashboard](pro-dashboard-service-toggles.png) |
2172 | + |
2173 | +If your subscription does not permit you to change the default |
2174 | +enabled services via the Dashboard, or if you want to keep the |
2175 | +defaults but do not want to auto-enable any services while attaching a particular |
2176 | +machine, you can pass the `--no-auto-enable` flag to `attach` using the following command: |
2177 | + |
2178 | +``` |
2179 | +$ sudo pro attach YOUR_TOKEN --no-auto-enable |
2180 | +``` |
2181 | diff --git a/docs/howtoguides/how_to_not_fix_related_usns.md b/docs/howtoguides/how_to_not_fix_related_usns.md |
2182 | new file mode 100644 |
2183 | index 0000000..c9fabf0 |
2184 | --- /dev/null |
2185 | +++ b/docs/howtoguides/how_to_not_fix_related_usns.md |
2186 | @@ -0,0 +1,65 @@ |
2187 | +# How to not fix related USNs |
2188 | + |
2189 | +When running the `pro fix` command for a USN, by default we also try to fix |
2190 | +any related USNs as well. To better understand the concept of related USNs, |
2191 | +you can refer to our [related USNs guide](../explanations/cves_and_usns_explained.md). |
2192 | +To make this clear, let's take a look into the following example: |
2193 | + |
2194 | +``` |
2195 | +USN-5573-1: rsync vulnerability |
2196 | +Found CVEs: |
2197 | + - https://ubuntu.com/security/CVE-2022-37434 |
2198 | + |
2199 | +Fixing requested USN-5573-1 |
2200 | +1 affected source package is installed: rsync |
2201 | +(1/1) rsync: |
2202 | +A fix is available in Ubuntu standard updates. |
2203 | +{ apt update && apt install --only-upgrade -y rsync } |
2204 | + |
2205 | +✔ USN-5573-1 is resolved. |
2206 | + |
2207 | +Found related USNs: |
2208 | +- USN-5570-1 |
2209 | +- USN-5570-2 |
2210 | + |
2211 | +Fixing related USNs: |
2212 | +- USN-5570-1 |
2213 | +No affected source packages are installed. |
2214 | + |
2215 | +✔ USN-5570-1 does not affect your system. |
2216 | + |
2217 | +- USN-5570-2 |
2218 | +1 affected source package is installed: zlib |
2219 | +(1/1) zlib: |
2220 | +A fix is available in Ubuntu standard updates. |
2221 | +{ apt update && apt install --only-upgrade -y zlib1g } |
2222 | + |
2223 | +✔ USN-5570-2 is resolved. |
2224 | + |
2225 | +Summary: |
2226 | +✔ USN-5573-1 [requested] is resolved. |
2227 | +✔ USN-5570-1 [related] does not affect your system. |
2228 | +✔ USN-5570-2 [related] is resolved. |
2229 | +``` |
2230 | + |
2231 | +We can see here that the `pro fix` command fixed the requested **USN-5573-1** while also |
2232 | +handling both **USN-5570-1** and **USN-5570-2**, which are related to the requested USN. |
2233 | +If you don't want to fix any related USNs during the `fix` operation, just use the |
2234 | +`--no-related` flag. By running the command `pro fix USN-5573-1 --no-related` we would get |
2235 | +the following output instead: |
2236 | + |
2237 | +``` |
2238 | +USN-5573-1: rsync vulnerability |
2239 | +Found CVEs: |
2240 | + - https://ubuntu.com/security/CVE-2022-37434 |
2241 | + |
2242 | +Fixing requested USN-5573-1 |
2243 | +1 affected source package is installed: rsync |
2244 | +(1/1) rsync: |
2245 | +A fix is available in Ubuntu standard updates. |
2246 | +{ apt update && apt install --only-upgrade -y rsync } |
2247 | + |
2248 | +✔ USN-5573-1 is resolved. |
2249 | +``` |
2250 | + |
2251 | +Note that we have not analysed or tried to fix any related USNs |
2252 | diff --git a/docs/howtoguides/pro-dashboard-service-toggles.png b/docs/howtoguides/pro-dashboard-service-toggles.png |
2253 | new file mode 100644 |
2254 | index 0000000..90095f5 |
2255 | Binary files /dev/null and b/docs/howtoguides/pro-dashboard-service-toggles.png differ |
2256 | diff --git a/docs/images/usn-related.png b/docs/images/usn-related.png |
2257 | new file mode 100644 |
2258 | index 0000000..9db73c0 |
2259 | Binary files /dev/null and b/docs/images/usn-related.png differ |
2260 | diff --git a/docs/index.rst b/docs/index.rst |
2261 | index b63cce0..d07dd4d 100644 |
2262 | --- a/docs/index.rst |
2263 | +++ b/docs/index.rst |
2264 | @@ -63,9 +63,10 @@ using it! |
2265 | |
2266 | - **Having trouble?** |
2267 | We would like to help! To get help on a specific page in this documentation, |
2268 | - simply click on the "Have a question?" link at the top of that page. This |
2269 | + simply click on the "Give feedback" link at the top of that page. This |
2270 | will open up an issue in GitHub where you can tell us more about the problem |
2271 | - you're having and we will do our best to resolve it for you. |
2272 | + you're having or suggestion you'd like to make, and we will do our best to |
2273 | + resolve it for you. |
2274 | |
2275 | - **Found a bug?** |
2276 | You can `Report bugs on Launchpad`_! |
2277 | diff --git a/docs/references/api.md b/docs/references/api.md |
2278 | index 4708d9b..117875e 100644 |
2279 | --- a/docs/references/api.md |
2280 | +++ b/docs/references/api.md |
2281 | @@ -75,6 +75,28 @@ except ImportError: |
2282 | |
2283 | You could do something similar by catching certain errors when using the `pro api` subcommand, but there are more cases that could indicate an old version, and it generally isn't recommended. |
2284 | |
2285 | + |
2286 | +### Errors and Warnings fields |
2287 | + |
2288 | +When using the API through the CLI, we use two distinct fields to list issues to the users; *errors* |
2289 | +and *warnings*. Both of those fields will contain a list of JSON objects explaining unexpected |
2290 | +behavior during the execution of a command. For example, the *errors* field will be populated like |
2291 | +this if we have a connectivity issue when running a `pro api` command: |
2292 | + |
2293 | +```json |
2294 | +[ |
2295 | + { |
2296 | + "msg": "Failed to connect to authentication server", |
2297 | + "code": "connectivity-error", |
2298 | + "meta": {} |
2299 | + } |
2300 | +] |
2301 | +``` |
2302 | + |
2303 | +Finally, *warnings* follow the exact same structure as *errors*. The only difference is that |
2304 | +*warnings* means that the command was able to complete although unexpected scenarios happened |
2305 | +when executing the command. |
2306 | + |
2307 | ## Available endpoints |
2308 | The currently available endpoints are: |
2309 | - [u.pro.version.v1](#uproversionv1) |
2310 | @@ -88,7 +110,10 @@ The currently available endpoints are: |
2311 | - [u.pro.security.status.reboot_required.v1](#uprosecuritystatusreboot_requiredv1) |
2312 | - [u.pro.packages.summary.v1](#upropackagessummaryv1) |
2313 | - [u.pro.packages.updates.v1](#upropackagesupdatesv1) |
2314 | +- [u.pro.status.is_attached.v1](#uprostatusis_attachedv1) |
2315 | +- [u.pro.status.enabled_services.v1](#uprostatusenabled_servicesv1) |
2316 | - [u.security.package_manifest.v1](#usecuritypackage_manifestv1) |
2317 | +- [u.unattended_upgrades.status.v1](#uunattended_upgradesstatusv1) |
2318 | |
2319 | ## u.pro.version.v1 |
2320 | |
2321 | @@ -753,6 +778,86 @@ pro api u.pro.packages.updates.v1 |
2322 | } |
2323 | ``` |
2324 | |
2325 | +## u.pro.status.is_attached.v1 |
2326 | + |
2327 | +Introduced in Ubuntu Pro Client Version: `28~` |
2328 | + |
2329 | +Shows if the machine is attached to a Pro subscription. |
2330 | + |
2331 | +### Args |
2332 | + |
2333 | +This endpoint takes no arguments. |
2334 | + |
2335 | +### Python API interaction |
2336 | + |
2337 | +#### Calling from Python code |
2338 | + |
2339 | +```python |
2340 | +from uaclient.api.u.pro.status.is_attached.v1 import is_attached |
2341 | + |
2342 | +result = is_attached() |
2343 | +``` |
2344 | + |
2345 | +#### Expected return object: |
2346 | + |
2347 | +`uaclient.api.u.pro.status.is_attached.v1.IsAttachedResult` |
2348 | + |
2349 | +|Field Name|Type|Description| |
2350 | +|-|-|-| |
2351 | +|`is_attached`|*bool*|If the machine is attached to a Pro subscription| |
2352 | + |
2353 | +### CLI interaction |
2354 | + |
2355 | +#### Calling from the CLI: |
2356 | + |
2357 | +```bash |
2358 | +pro api u.pro.status.is_attached.v1 |
2359 | +``` |
2360 | + |
2361 | +## u.pro.status.enabled_services.v1 |
2362 | + |
2363 | +Introduced in Ubuntu Pro Client Version: `28~` |
2364 | + |
2365 | +Shows the Pro services that are enabled in the machine. |
2366 | + |
2367 | +### Args |
2368 | + |
2369 | +This endpoint takes no arguments. |
2370 | + |
2371 | +### Python API interaction |
2372 | + |
2373 | +#### Calling from Python code |
2374 | + |
2375 | +```python |
2376 | +from uaclient.api.u.pro.status.enabled_services.v1 import enabled_services |
2377 | + |
2378 | +result = enabled_services() |
2379 | +``` |
2380 | + |
2381 | +#### Expected return object: |
2382 | + |
2383 | +`uaclient.api.u.pro.status.enabled_services.v1.EnabledServicesResult` |
2384 | + |
2385 | +|Field Name|Type|Description| |
2386 | +|-|-|-| |
2387 | +|`enabled_services`|*List[EnabledService]*|A list of EnabledServices objects| |
2388 | + |
2389 | +`uaclient.api.u.pro.status.enabled_services.v1.EnabledService` |
2390 | + |
2391 | +|Field Name|Type|Description| |
2392 | +|-|-|-| |
2393 | +|`name` |*str* |name of the service | |
2394 | +|`variant_enabled`|*bool* |If a variant of the service is enabled | |
2395 | +|`variant_name` |*Optional[str]* |name of the variant, if a variant is enabled| |
2396 | + |
2397 | +### CLI interaction |
2398 | + |
2399 | +#### Calling from the CLI: |
2400 | + |
2401 | +```bash |
2402 | +pro api u.pro.status.enabled_services.v1 |
2403 | +``` |
2404 | + |
2405 | ## u.security.package_manifest.v1 |
2406 | |
2407 | Introduced in Ubuntu Pro Client Version: `27.12~` |
2408 | @@ -801,3 +906,105 @@ pro api u.security.package_manifest.v1 |
2409 | "package_manifest":"package1\t1.0\npackage2\t2.3\n" |
2410 | } |
2411 | ``` |
2412 | + |
2413 | +## u.unattended_upgrades.status.v1 |
2414 | + |
2415 | +Introduced in Ubuntu Pro Client Version: `27.14~` |
2416 | + |
2417 | +Returns the status around unattended-upgrades. The focus of the endpoint |
2418 | +is to verify if the application is running and how it is configured on |
2419 | +the machine. |
2420 | + |
2421 | +```{important} |
2422 | +For this endpoint, we deliver a unique key under `meta` called `raw_config`. This field contains |
2423 | +all related unattended-upgrades configurations unparsed. This means that this field will maintain |
2424 | +both original name and values for those configurations. |
2425 | +``` |
2426 | + |
2427 | +### Args |
2428 | + |
2429 | +This endpoint takes no arguments. |
2430 | + |
2431 | +### Python API interaction |
2432 | + |
2433 | +#### Calling from Python code |
2434 | + |
2435 | +```python |
2436 | +from uaclient.api.u.unattended_upgrades.status.v1 import status |
2437 | + |
2438 | +result = status() |
2439 | +``` |
2440 | + |
2441 | +#### Expected return object: |
2442 | +`uaclient.api.u.unattended_upgrades.status.v1.UnattendedUpgradesStatusResult |
2443 | + |
2444 | +|Field Name|Type|Description| |
2445 | +|-|-|-| |
2446 | +|`systemd_apt_timer_enabled`|*bool*|Indicate if the apt-daily.timer jobs are enabled| |
2447 | +|`apt_periodic_job_enabled`|*bool*|Indicate if the APT::Periodic::Enabled configuration is turned off| |
2448 | +|`package_lists_refresh_frequency_days`|*int*|The value of the APT::Periodic::Update-Package-Lists configuration| |
2449 | +|`unattended_upgrades_frequency_days`|*int*|The value of the APT::Periodic::Unattended-Upgrade configuration| |
2450 | +|`unattended_upgrades_allowed_origins`|*List[str]*|The value of the Unattended-Upgrade::Allowed-Origins configuration| |
2451 | +|`unattended_upgrades_running`|*bool*|Indicate if the unattended-upgrade service is correctly configured and running| |
2452 | +|`unattended_upgrades_disabled_reason`|*object*|Object that explains why unattended-upgrades is not running. In case the application is running, the object will be null| |
2453 | +|`unatteded_upgrades_last_run`|`datetime.datetime`|The last time unattended-upgrades has run| |
2454 | + |
2455 | +`uaclient.api.u.unattended_upgrades.status.v1.UnattendedUpgradesStatusDisabledReason` |
2456 | + |
2457 | +|Field Name|Type|Description| |
2458 | +|-|-|-| |
2459 | +|`msg`|*str*|The reason why unattended-upgrades is not running in the system| |
2460 | +|`code`|*str*|The message code associated with the message| |
2461 | + |
2462 | +### Raised exceptions |
2463 | + |
2464 | +- `UnattendedUpgradesError`: Raised in case we cannot run a necessary command to show the status |
2465 | + of unattended-upgrades |
2466 | + |
2467 | +### CLI interaction |
2468 | + |
2469 | +#### Calling from the CLI: |
2470 | + |
2471 | +```bash |
2472 | +pro api u.unattended_upgrades.status.v1 |
2473 | +``` |
2474 | + |
2475 | +#### Expected attributes in JSON structure |
2476 | + |
2477 | +```json |
2478 | +{ |
2479 | + "apt_periodic_job_enabled": true, |
2480 | + "package_lists_refresh_frequency_days": 1, |
2481 | + "systemd_apt_timer_enabled": true, |
2482 | + "unattended_upgrades_allowed_origins": [ |
2483 | + "${distro_id}:${distro_codename}", |
2484 | + "${distro_id}:${distro_codename}-security", |
2485 | + "${distro_id}ESMApps:${distro_codename}-apps-security", |
2486 | + "${distro_id}ESM:${distro_codename}-infra-security" |
2487 | + ], |
2488 | + "unattended_upgrades_disabled_reason": null, |
2489 | + "unattended_upgrades_frequency_days": 1, |
2490 | + "unattended_upgrades_last_run": null, |
2491 | + "unattended_upgrades_running": true |
2492 | +} |
2493 | +``` |
2494 | + |
2495 | +#### Possible attributes in JSON meta field |
2496 | +```json |
2497 | +{ |
2498 | + "meta": { |
2499 | + "environment_vars": [], |
2500 | + "raw_config": { |
2501 | + "APT::Periodic::Enable": "1", |
2502 | + "APT::Periodic::Unattended-Upgrade": "1", |
2503 | + "APT::Periodic::Update-Package-Lists": "1", |
2504 | + "Unattended-Upgrade::Allowed-Origins": [ |
2505 | + "${distro_id}:${distro_codename}", |
2506 | + "${distro_id}:${distro_codename}-security", |
2507 | + "${distro_id}ESMApps:${distro_codename}-apps-security", |
2508 | + "${distro_id}ESM:${distro_codename}-infra-security" |
2509 | + ] |
2510 | + } |
2511 | + } |
2512 | +} |
2513 | +``` |
2514 | diff --git a/docs/references/network_requirements.md b/docs/references/network_requirements.md |
2515 | index cb25256..66d01df 100644 |
2516 | --- a/docs/references/network_requirements.md |
2517 | +++ b/docs/references/network_requirements.md |
2518 | @@ -1,35 +1,41 @@ |
2519 | # Ubuntu Pro Client network requirements |
2520 | |
2521 | -Using the Ubuntu Pro Client to enable support services will rely on network |
2522 | -access to: |
2523 | - |
2524 | -- Obtain updated service credentials |
2525 | -- Add APT repositories to install `deb` packages |
2526 | -- Install [`snap` packages](https://snapcraft.io/about) when Livepatch is |
2527 | - enabled. |
2528 | +The Ubuntu Pro Client (`pro`) and Ubuntu Pro services need to make network requests to certain services to function correctly. |
2529 | |
2530 | ```{seealso} |
2531 | - |
2532 | -You can also refer to our [Proxy Configuration guide](/../howtoguides/configure_proxies.md) |
2533 | +You can also refer to our [Proxy Configuration guide](../howtoguides/configure_proxies.md) |
2534 | to learn how to inform Ubuntu Pro Client of HTTP(S)/APT proxies. |
2535 | ``` |
2536 | |
2537 | -## Network-limited |
2538 | +## Authentication |
2539 | +`pro` needs to authenticate with Canonical servers to provision credentials for access to the individual Ubuntu Pro services. |
2540 | |
2541 | -Ensure the managed system has access to the following port:urls if in a |
2542 | -network-limited environment: |
2543 | +Necessary endpoints: |
2544 | +- `contracts.canonical.com:443` |
2545 | |
2546 | -* `443:https://contracts.canonical.com/`: HTTP PUTs, GETs and POSTs for Ubuntu |
2547 | - Pro Client interaction. |
2548 | -* `443:https://esm.ubuntu.com/\*`: APT repository access for most services. |
2549 | |
2550 | -## Enable kernel Livepatch |
2551 | +## APT package based services |
2552 | +Many services are delivered via authenticated APT repositories. These include: |
2553 | +- `esm-infra` and `esm-apps` |
2554 | +- `fips` and `fips-updates` |
2555 | +- `cis` and `usg` |
2556 | +- `cc-eal` |
2557 | +- `ros` and `ros-updates` |
2558 | +- `realtime-kernel` |
2559 | |
2560 | -Enabling kernel Livepatch requires additional network egress: |
2561 | +Necessary endpoints: |
2562 | +- `esm.ubuntu.com:443` |
2563 | |
2564 | -* `snap` endpoints required in order to install and run snaps as defined in |
2565 | - [snap forum network-requirements post](https://forum.snapcraft.io/t/network-requirements/5147) |
2566 | -* `443:api.snapcraft.io` |
2567 | -* `443:dashboard.snapcraft.io` |
2568 | -* `443:login.ubuntu.com` |
2569 | -* `443:\*.snapcraftcontent.com` - Download CDNs |
2570 | +## Livepatch |
2571 | +`livepatch` requires a `snap`-packaged client, so `snap`-related endpoints are necessary. The Livepatch client itself also requires network access to download the patches from the Livepatch server. |
2572 | +```{seealso} |
2573 | +The [snap documentation page](https://snapcraft.io/docs/network-requirements) may have more up-to-date information on snap-related network requirements. |
2574 | +``` |
2575 | +Necessary endpoints for `snap`: |
2576 | +- `api.snapcraft.io:443` |
2577 | +- `dashboard.snapcraft.io:443` |
2578 | +- `login.ubuntu.com:443` |
2579 | +- `*.snapcraftcontent.com:443` |
2580 | + |
2581 | +Necessary endpoints for `livepatch`: |
2582 | +- `livepatch.canonical.com:443` |
2583 | diff --git a/docs/sitemap-index.xml b/docs/sitemap-index.xml |
2584 | new file mode 100644 |
2585 | index 0000000..efce50f |
2586 | --- /dev/null |
2587 | +++ b/docs/sitemap-index.xml |
2588 | @@ -0,0 +1,8 @@ |
2589 | +<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"> |
2590 | + <url> |
2591 | + <loc>https://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/</loc> |
2592 | + <changefreq>weekly</changefreq> |
2593 | + <priority>1.0</priority> |
2594 | + </url> |
2595 | +</urlset> |
2596 | + |
2597 | diff --git a/docs/tutorials/create_a_fips_updates_pro_cloud_image.md b/docs/tutorials/create_a_fips_updates_pro_cloud_image.md |
2598 | index e4427bc..10b87b3 100644 |
2599 | --- a/docs/tutorials/create_a_fips_updates_pro_cloud_image.md |
2600 | +++ b/docs/tutorials/create_a_fips_updates_pro_cloud_image.md |
2601 | @@ -1,8 +1,8 @@ |
2602 | -# Customised Cloud Ubuntu Pro images with FIPS updates |
2603 | +# How to customise a cloud Ubuntu Pro image with FIPS updates |
2604 | |
2605 | ## Launch an Ubuntu Pro instance on your cloud |
2606 | |
2607 | -See the following links for up to date information for each supported Cloud: |
2608 | +See the following links for up to date information for each supported cloud: |
2609 | |
2610 | * https://ubuntu.com/aws/pro |
2611 | * https://ubuntu.com/azure/pro |
2612 | @@ -10,20 +10,20 @@ See the following links for up to date information for each supported Cloud: |
2613 | |
2614 | ## Enable FIPS updates |
2615 | |
2616 | -First, we need to wait for the standard Ubuntu Pro services to be set up: |
2617 | +Wait for the standard Ubuntu Pro services to be set up: |
2618 | |
2619 | ```bash |
2620 | sudo pro status --wait |
2621 | ``` |
2622 | |
2623 | -We can then use [the `enable` command](../howtoguides/enable_fips.md) to set up |
2624 | +Use [the `enable` command](../howtoguides/enable_fips.md) to set up |
2625 | FIPS updates. |
2626 | |
2627 | ```bash |
2628 | sudo pro enable fips-updates --assume-yes |
2629 | ``` |
2630 | |
2631 | -Now, we need to reboot the instance: |
2632 | +Now, reboot the instance: |
2633 | |
2634 | ```bash |
2635 | sudo reboot |
2636 | @@ -49,12 +49,12 @@ Cloud-specific instructions are here: |
2637 | * [Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource) |
2638 | * [GCP](https://cloud.google.com/compute/docs/machine-images/create-machine-images) |
2639 | |
2640 | -## Launch your custom image! |
2641 | +## Launch your custom image |
2642 | |
2643 | -Use your specific Cloud to launch a new instance from your custom image. |
2644 | +Use your specific cloud to launch a new instance from the custom image. |
2645 | |
2646 | ````{note} |
2647 | -For versions prior to 27.11, you will need to re-enable `fips-updates` on each |
2648 | +For versions of the Ubuntu Pro Client prior to 27.11, you will need to re-enable `fips-updates` on each |
2649 | instance launched from the custom image. |
2650 | |
2651 | This won't require a reboot and is only necessary to ensure the instance gets |
2652 | @@ -64,7 +64,7 @@ updates to FIPS packages when they become available. |
2653 | sudo pro enable fips-updates --assume-yes |
2654 | ``` |
2655 | |
2656 | -You can easily script this using [cloud-init user data](https://cloudinit.readthedocs.io/en/latest/topics/modules.html#runcmd) at launch time: |
2657 | +This can be scripted using [cloud-init user data](https://cloudinit.readthedocs.io/en/latest/topics/modules.html#runcmd) at launch time: |
2658 | ```yaml |
2659 | #cloud-config |
2660 | # Enable fips-updates after pro auto-attach and reboot after cloud-init completes |
2661 | diff --git a/docs/tutorials/fix_scenarios.md b/docs/tutorials/fix_scenarios.md |
2662 | index fe6f8e2..1c96800 100644 |
2663 | --- a/docs/tutorials/fix_scenarios.md |
2664 | +++ b/docs/tutorials/fix_scenarios.md |
2665 | @@ -81,7 +81,9 @@ You should see an output like this: |
2666 | ``` |
2667 | CVE-2020-15180: MariaDB vulnerabilities |
2668 | https://ubuntu.com/security/CVE-2020-15180 |
2669 | + |
2670 | No affected source packages are installed. |
2671 | + |
2672 | ✔ CVE-2020-15180 does not affect your system. |
2673 | ``` |
2674 | |
2675 | @@ -110,10 +112,12 @@ You will then see the following output: |
2676 | ``` |
2677 | CVE-2020-25686: Dnsmasq vulnerabilities |
2678 | https://ubuntu.com/security/CVE-2020-25686 |
2679 | + |
2680 | 1 affected package is installed: dnsmasq |
2681 | (1/1) dnsmasq: |
2682 | A fix is available in Ubuntu standard updates. |
2683 | { apt update && apt install --only-upgrade -y dnsmasq } |
2684 | + |
2685 | ✔ CVE-2020-25686 is resolved. |
2686 | ``` |
2687 | |
2688 | @@ -137,10 +141,12 @@ run the `pro fix` command again, and we should now see the following: |
2689 | ``` |
2690 | CVE-2020-25686: Dnsmasq vulnerabilities |
2691 | https://ubuntu.com/security/CVE-2020-25686 |
2692 | + |
2693 | 1 affected package is installed: dnsmasq |
2694 | (1/1) dnsmasq: |
2695 | A fix is available in Ubuntu standard updates. |
2696 | The update is already installed. |
2697 | + |
2698 | ✔ CVE-2020-25686 is resolved. |
2699 | ``` |
2700 | |
2701 | @@ -151,30 +157,34 @@ let you know! Before we reproduce this scenario, let us first install a package |
2702 | that we know has no fix available by running: |
2703 | |
2704 | ```console |
2705 | -$ sudo apt install -y libawl-php |
2706 | +$ sudo apt-get install -y expat=2.1.0-7 swish-e matanza ghostscript |
2707 | ``` |
2708 | |
2709 | Now, we can confirm that there is no fix by running the following command: |
2710 | |
2711 | ```console |
2712 | -$ pro fix USN-4539-1 |
2713 | +$ pro fix CVE-2017-9233 |
2714 | ``` |
2715 | |
2716 | You will see the following output: |
2717 | |
2718 | ``` |
2719 | -USN-4539-1: AWL vulnerability |
2720 | -Found CVEs: |
2721 | -https://ubuntu.com/security/CVE-2020-11728 |
2722 | -1 affected source package is installed: awl |
2723 | -(1/1) awl: |
2724 | -Sorry, no fix is available. |
2725 | -1 package is still affected: awl |
2726 | -✘ USN-4539-1 is not resolved. |
2727 | +CVE-2017-9233: Coin3D vulnerability |
2728 | + - https://ubuntu.com/security/CVE-2017-9233 |
2729 | + |
2730 | +3 affected source packages are installed: expat, matanza, swish-e |
2731 | +(1/3, 2/3) matanza, swish-e: |
2732 | +Ubuntu security engineers are investigating this issue. |
2733 | +(3/3) expat: |
2734 | +A fix is available in Ubuntu standard updates. |
2735 | +{ apt update && apt install --only-upgrade -y expat } |
2736 | + |
2737 | +2 packages are still affected: matanza, swish-e |
2738 | +✘ CVE-2017-9233 is not resolved. |
2739 | ``` |
2740 | |
2741 | -As you can see, we are informed by `pro fix` that there is no fix available. In |
2742 | -the last line, we can also see that the USN is not resolved. |
2743 | +As you can see, we are informed by `pro fix` that some packages do not have a fix available. In |
2744 | +the last line, we can also see that the CVE is not resolved. |
2745 | |
2746 | ## CVE/USN that require an Ubuntu Pro subscription |
2747 | |
2748 | @@ -193,6 +203,8 @@ USN-5079-2: curl vulnerabilities |
2749 | Found CVEs: |
2750 | https://ubuntu.com/security/CVE-2021-22946 |
2751 | https://ubuntu.com/security/CVE-2021-22947 |
2752 | + |
2753 | +Fixing requested USN-5079-2 |
2754 | 1 affected package is installed: curl |
2755 | (1/1) curl: |
2756 | A fix is available in Ubuntu Pro: ESM Infra. |
2757 | @@ -222,6 +234,7 @@ USN-5079-2: curl vulnerabilities |
2758 | Found CVEs: |
2759 | https://ubuntu.com/security/CVE-2021-22946 |
2760 | https://ubuntu.com/security/CVE-2021-22947 |
2761 | + |
2762 | 1 affected package is installed: curl |
2763 | (1/1) curl: |
2764 | A fix is available in Ubuntu Pro: ESM Infra. |
2765 | @@ -258,22 +271,40 @@ Enable services with: pro enable <service> |
2766 | Technical support level: essential |
2767 | { apt update && apt install --only-upgrade -y curl libcurl3-gnutls } |
2768 | ✔ USN-5079-2 is resolved. |
2769 | + |
2770 | +Found related USNs: |
2771 | +- USN-5079-1 |
2772 | + |
2773 | +Fixing related USNs: |
2774 | +- USN-5079-1 |
2775 | +No affected source packages are installed. |
2776 | + |
2777 | +✔ USN-5079-1 does not affect your system. |
2778 | + |
2779 | +Summary: |
2780 | +✔ USN-5079-2 [requested] is resolved. |
2781 | +✔ USN-5079-1 [related] does not affect your system. |
2782 | ``` |
2783 | |
2784 | -We can see that that the attach command was successful, which can be verified |
2785 | +We can see that this command also fixed related USN **USN-5079-1**. |
2786 | +If you want to learn more about related USNs, refer to [our explanation guide](../explanations/cves_and_usns_explained.md#what-are-related-usns) |
2787 | + |
2788 | +Finally, we can see that that the attach command was successful, which can be verified |
2789 | by the status output we see when executing the command. Additionally, we can |
2790 | observe that the USN is indeed fixed, which you can confirm by running the |
2791 | `pro fix` command again: |
2792 | |
2793 | ``` |
2794 | -N-5079-2: curl vulnerabilities |
2795 | +USN-5079-2: curl vulnerabilities |
2796 | Found CVEs: |
2797 | https://ubuntu.com/security/CVE-2021-22946 |
2798 | https://ubuntu.com/security/CVE-2021-22947 |
2799 | + |
2800 | 1 affected package is installed: curl |
2801 | (1/1) curl: |
2802 | A fix is available in Ubuntu Pro: ESM Infra. |
2803 | The update is already installed. |
2804 | + |
2805 | ✔ USN-5079-2 is resolved. |
2806 | ``` |
2807 | |
2808 | @@ -308,6 +339,7 @@ prompted): |
2809 | ``` |
2810 | CVE-2021-44731: snapd vulnerabilities |
2811 | https://ubuntu.com/security/CVE-2021-44731 |
2812 | + |
2813 | 1 affected package is installed: snapd |
2814 | (1/1) snapd: |
2815 | A fix is available in Ubuntu Pro: ESM Infra. |
2816 | @@ -321,6 +353,7 @@ One moment, checking your subscription first |
2817 | Updating package lists |
2818 | Ubuntu Pro: ESM Infra enabled |
2819 | { apt update && apt install --only-upgrade -y ubuntu-core-launcher snapd } |
2820 | + |
2821 | ✔ CVE-2021-44731 is resolved. |
2822 | ``` |
2823 | |
2824 | @@ -342,13 +375,15 @@ $ sudo pro fix CVE-2022-0778 |
2825 | Then you will see the following output: |
2826 | |
2827 | ``` |
2828 | -VE-2022-0778: OpenSSL vulnerability |
2829 | +CVE-2022-0778: OpenSSL vulnerability |
2830 | https://ubuntu.com/security/CVE-2022-0778 |
2831 | + |
2832 | 1 affected package is installed: openssl |
2833 | (1/1) openssl: |
2834 | A fix is available in Ubuntu Pro: ESM Infra. |
2835 | { apt update && apt install --only-upgrade -y libssl1.0.0 openssl } |
2836 | A reboot is required to complete fix operation. |
2837 | + |
2838 | ✘ CVE-2022-0778 is not resolved. |
2839 | ``` |
2840 | |
2841 | @@ -358,10 +393,12 @@ indeed fixed: |
2842 | ``` |
2843 | CVE-2022-0778: OpenSSL vulnerability |
2844 | https://ubuntu.com/security/CVE-2022-0778 |
2845 | + |
2846 | 1 affected package is installed: openssl |
2847 | (1/1) openssl: |
2848 | A fix is available in Ubuntu Pro: ESM Infra. |
2849 | The update is already installed. |
2850 | + |
2851 | ✔ CVE-2022-0778 is resolved. |
2852 | ``` |
2853 | |
2854 | @@ -390,6 +427,7 @@ And you will see the following output: |
2855 | ``` |
2856 | CVE-2017-9233: Expat vulnerability |
2857 | https://ubuntu.com/security/CVE-2017-9233 |
2858 | + |
2859 | 3 affected packages are installed: expat, matanza, swish-e |
2860 | (1/3, 2/3) matanza, swish-e: |
2861 | Sorry, no fix is available. |
2862 | @@ -397,6 +435,7 @@ Sorry, no fix is available. |
2863 | A fix is available in Ubuntu standard updates. |
2864 | { apt update && apt install --only-upgrade -y expat } |
2865 | 2 packages are still affected: matanza, swish-e |
2866 | + |
2867 | ✘ CVE-2017-9233 is not resolved. |
2868 | ``` |
2869 | |
2870 | diff --git a/features/_version.feature b/features/_version.feature |
2871 | index 2a575d8..3530d3d 100644 |
2872 | --- a/features/_version.feature |
2873 | +++ b/features/_version.feature |
2874 | @@ -2,17 +2,17 @@ Feature: Pro is expected version |
2875 | |
2876 | @series.all |
2877 | @uses.config.check_version |
2878 | - @uses.config.machine_type.lxd.container |
2879 | - @uses.config.machine_type.lxd.vm |
2880 | + @uses.config.machine_type.lxd-container |
2881 | + @uses.config.machine_type.lxd-vm |
2882 | @uses.config.machine_type.aws.generic |
2883 | @uses.config.machine_type.aws.pro |
2884 | - @uses.config.machine_type.aws.pro.fips |
2885 | + @uses.config.machine_type.aws.pro-fips |
2886 | @uses.config.machine_type.azure.generic |
2887 | @uses.config.machine_type.azure.pro |
2888 | - @uses.config.machine_type.azure.pro.fips |
2889 | + @uses.config.machine_type.azure.pro-fips |
2890 | @uses.config.machine_type.gcp.generic |
2891 | @uses.config.machine_type.gcp.pro |
2892 | - @uses.config.machine_type.gcp.pro.fips |
2893 | + @uses.config.machine_type.gcp.pro-fips |
2894 | Scenario Outline: Check pro version |
2895 | Given a `<release>` machine with ubuntu-advantage-tools installed |
2896 | When I run `dpkg-query --showformat='${Version}' --show ubuntu-advantage-tools` with sudo |
2897 | @@ -44,7 +44,7 @@ Feature: Pro is expected version |
2898 | |
2899 | @series.all |
2900 | @uses.config.check_version |
2901 | - @uses.config.machine_type.lxd.container |
2902 | + @uses.config.machine_type.lxd-container |
2903 | @upgrade |
2904 | Scenario Outline: Check pro version |
2905 | Given a `<release>` machine with ubuntu-advantage-tools installed |
2906 | diff --git a/features/airgapped.feature b/features/airgapped.feature |
2907 | index 707d25b..2997971 100644 |
2908 | --- a/features/airgapped.feature |
2909 | +++ b/features/airgapped.feature |
2910 | @@ -2,7 +2,7 @@ |
2911 | Feature: Performing attach using ua-airgapped |
2912 | |
2913 | @series.jammy |
2914 | - @uses.config.machine_type.lxd.container |
2915 | + @uses.config.machine_type.lxd-container |
2916 | Scenario Outline: Attached enable Common Criteria service in an ubuntu lxd container |
2917 | Given a `<release>` machine with ubuntu-advantage-tools installed |
2918 | # set up the apt mirror configuration |
2919 | diff --git a/features/api.feature b/features/api.feature |
2920 | index 8ac86f4..950b012 100644 |
2921 | --- a/features/api.feature |
2922 | +++ b/features/api.feature |
2923 | @@ -1,7 +1,7 @@ |
2924 | Feature: Client behaviour for the API endpoints |
2925 | |
2926 | @series.all |
2927 | - @uses.config.machine_type.lxd.container |
2928 | + @uses.config.machine_type.lxd-container |
2929 | Scenario Outline: API invalid endpoint or args |
2930 | Given a `<release>` machine with ubuntu-advantage-tools installed |
2931 | When I verify that running `pro api invalid.endpoint` `with sudo` exits `1` |
2932 | @@ -25,7 +25,7 @@ Feature: Client behaviour for the API endpoints |
2933 | | lunar | |
2934 | |
2935 | @series.all |
2936 | - @uses.config.machine_type.lxd.container |
2937 | + @uses.config.machine_type.lxd-container |
2938 | Scenario Outline: Basic endpoints |
2939 | Given a `<release>` machine with ubuntu-advantage-tools installed |
2940 | When I run `pro api u.pro.version.v1` with sudo |
2941 | @@ -43,6 +43,16 @@ Feature: Client behaviour for the API endpoints |
2942 | """ |
2943 | {"_schema_version": "v1", "data": {"attributes": {"should_auto_attach": false}, "meta": {"environment_vars": \[\]}, "type": "ShouldAutoAttach"}, "errors": \[\], "result": "success", "version": ".*", "warnings": \[\]} |
2944 | """ |
2945 | + When I run `ua api u.pro.status.is_attached.v1` with sudo |
2946 | + Then stdout matches regexp: |
2947 | + """ |
2948 | + {"_schema_version": "v1", "data": {"attributes": {"is_attached": false}, "meta": {"environment_vars": \[\]}, "type": "IsAttached"}, "errors": \[\], "result": "success", "version": ".*", "warnings": \[\]} |
2949 | + """ |
2950 | + When I run `ua api u.pro.status.enabled_services.v1` with sudo |
2951 | + Then stdout matches regexp: |
2952 | + """ |
2953 | + {"_schema_version": "v1", "data": {"attributes": {"enabled_services": \[\]}, "meta": {"environment_vars": \[\]}, "type": "EnabledServices"}, "errors": \[\], "result": "success", "version": ".*", "warnings": \[\]} |
2954 | + """ |
2955 | |
2956 | Examples: ubuntu release |
2957 | | release | |
2958 | diff --git a/features/api_configure_retry_service.feature b/features/api_configure_retry_service.feature |
2959 | index d3d6edb..31ef305 100644 |
2960 | --- a/features/api_configure_retry_service.feature |
2961 | +++ b/features/api_configure_retry_service.feature |
2962 | @@ -1,7 +1,7 @@ |
2963 | Feature: api.u.pro.attach.auto.configure_retry_service |
2964 | |
2965 | @series.lts |
2966 | - @uses.config.machine_type.lxd.container |
2967 | + @uses.config.machine_type.lxd-container |
2968 | Scenario Outline: v1 successfully triggers retry service when run during startup |
2969 | Given a `<release>` machine with ubuntu-advantage-tools installed |
2970 | When I change contract to staging with sudo |
2971 | diff --git a/features/api_full_auto_attach.feature b/features/api_full_auto_attach.feature |
2972 | index c65fca5..9df2f69 100644 |
2973 | --- a/features/api_full_auto_attach.feature |
2974 | +++ b/features/api_full_auto_attach.feature |
2975 | @@ -27,7 +27,7 @@ Feature: Full Auto-Attach Endpoint |
2976 | """ |
2977 | Then stdout matches regexp: |
2978 | """ |
2979 | - livepatch +yes +(disabled|n/a) +Canonical Livepatch service |
2980 | + livepatch +yes +(disabled|n/a) +(Canonical Livepatch service|Current kernel is not supported) |
2981 | """ |
2982 | Examples: |
2983 | | release | |
2984 | diff --git a/features/api_magic_attach.feature b/features/api_magic_attach.feature |
2985 | index 4ab6592..2364a81 100644 |
2986 | --- a/features/api_magic_attach.feature |
2987 | +++ b/features/api_magic_attach.feature |
2988 | @@ -1,7 +1,7 @@ |
2989 | Feature: Magic Attach endpoints |
2990 | |
2991 | @series.lts |
2992 | - @uses.config.machine_type.lxd.container |
2993 | + @uses.config.machine_type.lxd-container |
2994 | Scenario Outline: Call magic attach endpoints |
2995 | Given a `<release>` machine with ubuntu-advantage-tools installed |
2996 | When I change contract to staging with sudo |
2997 | diff --git a/features/api_packages.feature b/features/api_packages.feature |
2998 | index e22798b..da63bbc 100644 |
2999 | --- a/features/api_packages.feature |
3000 | +++ b/features/api_packages.feature |
3001 | @@ -1,7 +1,7 @@ |
3002 | Feature: Package related API endpoints |
3003 | |
3004 | @series.all |
3005 | - @uses.config.machine_type.lxd.container |
3006 | + @uses.config.machine_type.lxd-container |
3007 | @uses.config.contract_token |
3008 | Scenario Outline: Call packages API endpoints to see information in a Ubuntu machine |
3009 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3010 | diff --git a/features/api_security.feature b/features/api_security.feature |
3011 | index 85e8ae8..c682bee 100644 |
3012 | --- a/features/api_security.feature |
3013 | +++ b/features/api_security.feature |
3014 | @@ -1,7 +1,7 @@ |
3015 | Feature: API security/security status tests |
3016 | |
3017 | @series.xenial |
3018 | - @uses.config.machine_type.lxd.vm |
3019 | + @uses.config.machine_type.lxd-vm |
3020 | @uses.config.contract_token |
3021 | Scenario: Call Livepatched CVEs endpoint |
3022 | Given a `xenial` machine with ubuntu-advantage-tools installed |
3023 | @@ -17,7 +17,7 @@ Feature: API security/security status tests |
3024 | """ |
3025 | |
3026 | @series.lts |
3027 | - @uses.config.machine_type.lxd.container |
3028 | + @uses.config.machine_type.lxd-container |
3029 | @uses.config.contract_token |
3030 | Scenario Outline: Call package manifest endpoint for machine |
3031 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3032 | diff --git a/features/api_unattended_upgrades.feature b/features/api_unattended_upgrades.feature |
3033 | index 43f0ef6..9449ef5 100644 |
3034 | --- a/features/api_unattended_upgrades.feature |
3035 | +++ b/features/api_unattended_upgrades.feature |
3036 | @@ -1,7 +1,7 @@ |
3037 | Feature: api.u.unattended_upgrades.status.v1 |
3038 | |
3039 | @series.all |
3040 | - @uses.config.machine_type.lxd.container |
3041 | + @uses.config.machine_type.lxd-container |
3042 | Scenario Outline: v1 unattended upgrades status |
3043 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3044 | When I run `pro api u.unattended_upgrades.status.v1` as non-root |
3045 | diff --git a/features/apt_messages.feature b/features/apt_messages.feature |
3046 | index 401360d..90ed066 100644 |
3047 | --- a/features/apt_messages.feature |
3048 | +++ b/features/apt_messages.feature |
3049 | @@ -1,7 +1,7 @@ |
3050 | Feature: APT Messages |
3051 | |
3052 | @series.xenial |
3053 | - @uses.config.machine_type.lxd.container |
3054 | + @uses.config.machine_type.lxd-container |
3055 | Scenario Outline: APT JSON Hook prints package counts correctly on xenial |
3056 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3057 | When I attach `contract_token` with sudo |
3058 | @@ -99,7 +99,7 @@ Feature: APT Messages |
3059 | | xenial | accountsservice=0.6.40-2ubuntu10 libaccountsservice0=0.6.40-2ubuntu10 | curl=7.47.0-1ubuntu2 libcurl3-gnutls=7.47.0-1ubuntu2 | hello=2.10-1 | |
3060 | |
3061 | @series.xenial |
3062 | - @uses.config.machine_type.lxd.container |
3063 | + @uses.config.machine_type.lxd-container |
3064 | Scenario Outline: APT Hook advertises esm-infra on upgrade |
3065 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3066 | When I run `apt-get update` with sudo |
3067 | @@ -157,7 +157,7 @@ Feature: APT Messages |
3068 | @series.bionic |
3069 | @series.focal |
3070 | @series.jammy |
3071 | - @uses.config.machine_type.lxd.container |
3072 | + @uses.config.machine_type.lxd-container |
3073 | Scenario Outline: APT Hook advertises esm-apps on upgrade |
3074 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3075 | When I run `apt-get update` with sudo |
3076 | @@ -175,7 +175,7 @@ Feature: APT Messages |
3077 | Calculating upgrade... |
3078 | Get more security updates through Ubuntu Pro with 'esm-apps' enabled: |
3079 | <package> |
3080 | - Learn more about Ubuntu Pro at https://ubuntu.com/pro |
3081 | + <learn_more_msg> |
3082 | 0 upgraded, 0 newly installed, 0 to remove and \d+ not upgraded. |
3083 | """ |
3084 | When I run `apt-get upgrade` with sudo |
3085 | @@ -211,13 +211,13 @@ Feature: APT Messages |
3086 | 0 upgraded, 0 newly installed, 0 to remove and \d+ not upgraded\. |
3087 | """ |
3088 | Examples: ubuntu release |
3089 | - | release | package | |
3090 | - | bionic | ansible | |
3091 | - | focal | hello | |
3092 | - | jammy | hello | |
3093 | + | release | package | learn_more_msg | |
3094 | + | bionic | ansible | Learn more about Ubuntu Pro for 18.04 at https://ubuntu.com/18-04 | |
3095 | + | focal | hello | Learn more about Ubuntu Pro at https://ubuntu.com/pro | |
3096 | + | jammy | hello | Learn more about Ubuntu Pro at https://ubuntu.com/pro | |
3097 | |
3098 | @series.all |
3099 | - @uses.config.machine_type.lxd.container |
3100 | + @uses.config.machine_type.lxd-container |
3101 | Scenario Outline: APT News |
3102 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3103 | When I attach `contract_token` with sudo |
3104 | @@ -613,60 +613,35 @@ Feature: APT Messages |
3105 | |
3106 | @series.xenial |
3107 | @series.bionic |
3108 | + @series.focal |
3109 | + @uses.config.machine_type.any |
3110 | @uses.config.machine_type.aws.generic |
3111 | - Scenario Outline: AWS URLs |
3112 | - Given a `<release>` machine with ubuntu-advantage-tools installed |
3113 | - When I run `apt-get update` with sudo |
3114 | - When I run `apt-get install ansible -y` with sudo |
3115 | - When I run `apt-get update` with sudo |
3116 | - When I run `apt upgrade --dry-run` with sudo |
3117 | - Then stdout matches regexp: |
3118 | - """ |
3119 | - <msg> |
3120 | - """ |
3121 | - Examples: ubuntu release |
3122 | - | release | msg | |
3123 | - | xenial | Learn more about Ubuntu Pro for 16\.04 at https:\/\/ubuntu\.com\/16-04 | |
3124 | - | bionic | Learn more about Ubuntu Pro on AWS at https:\/\/ubuntu\.com\/aws\/pro | |
3125 | - |
3126 | - @series.xenial |
3127 | - @series.bionic |
3128 | @uses.config.machine_type.azure.generic |
3129 | - Scenario Outline: Azure URLs |
3130 | - Given a `<release>` machine with ubuntu-advantage-tools installed |
3131 | - When I run `apt-get update` with sudo |
3132 | - When I run `apt-get install ansible -y` with sudo |
3133 | - When I run `apt-get update` with sudo |
3134 | - When I run `apt upgrade --dry-run` with sudo |
3135 | - Then stdout matches regexp: |
3136 | - """ |
3137 | - <msg> |
3138 | - """ |
3139 | - Examples: ubuntu release |
3140 | - | release | msg | |
3141 | - | xenial | Learn more about Ubuntu Pro for 16\.04 on Azure at https:\/\/ubuntu\.com\/16-04\/azure | |
3142 | - | bionic | Learn more about Ubuntu Pro on Azure at https:\/\/ubuntu\.com\/azure\/pro | |
3143 | - |
3144 | - @series.xenial |
3145 | - @series.bionic |
3146 | @uses.config.machine_type.gcp.generic |
3147 | - Scenario Outline: GCP URLs |
3148 | - Given a `<release>` machine with ubuntu-advantage-tools installed |
3149 | + Scenario Outline: Cloud and series-specific URLs |
3150 | + Given a `<release>` `<machine_type>` machine with ubuntu-advantage-tools installed |
3151 | When I run `apt-get update` with sudo |
3152 | When I run `apt-get install ansible -y` with sudo |
3153 | When I run `apt-get update` with sudo |
3154 | When I run `apt upgrade --dry-run` with sudo |
3155 | - Then stdout matches regexp: |
3156 | + Then stdout contains substring: |
3157 | """ |
3158 | <msg> |
3159 | """ |
3160 | - Examples: ubuntu release |
3161 | - | release | msg | |
3162 | - | xenial | Learn more about Ubuntu Pro for 16\.04 at https:\/\/ubuntu\.com\/16-04 | |
3163 | - | bionic | Learn more about Ubuntu Pro on GCP at https:\/\/ubuntu\.com\/gcp\/pro | |
3164 | + Examples: release-per-machine-type |
3165 | + | release | machine_type | msg | |
3166 | + | xenial | aws.generic | Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04 | |
3167 | + | xenial | azure.generic | Learn more about Ubuntu Pro for 16.04 on Azure at https://ubuntu.com/16-04/azure | |
3168 | + | xenial | gcp.generic | Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04 | |
3169 | + | bionic | aws.generic | Learn more about Ubuntu Pro for 18.04 at https://ubuntu.com/18-04 | |
3170 | + | bionic | azure.generic | Learn more about Ubuntu Pro for 18.04 on Azure at https://ubuntu.com/18-04/azure | |
3171 | + | bionic | gcp.generic | Learn more about Ubuntu Pro for 18.04 at https://ubuntu.com/18-04 | |
3172 | + | focal | aws.generic | Learn more about Ubuntu Pro on AWS at https://ubuntu.com/aws/pro | |
3173 | + | focal | azure.generic | Learn more about Ubuntu Pro on Azure at https://ubuntu.com/azure/pro | |
3174 | + | focal | gcp.generic | Learn more about Ubuntu Pro on GCP at https://ubuntu.com/gcp/pro | |
3175 | |
3176 | @series.kinetic |
3177 | - @uses.config.machine_type.lxd.container |
3178 | + @uses.config.machine_type.lxd-container |
3179 | Scenario Outline: APT Hook do not advertises esm-apps on upgrade for interim releases |
3180 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3181 | When I run `apt-get update` with sudo |
3182 | diff --git a/features/attach_invalidtoken.feature b/features/attach_invalidtoken.feature |
3183 | index d3c145d..5897668 100644 |
3184 | --- a/features/attach_invalidtoken.feature |
3185 | +++ b/features/attach_invalidtoken.feature |
3186 | @@ -2,7 +2,7 @@ Feature: Command behaviour when trying to attach a machine to an Ubuntu |
3187 | Pro subscription using an invalid token |
3188 | |
3189 | @series.all |
3190 | - @uses.config.machine_type.lxd.container |
3191 | + @uses.config.machine_type.lxd-container |
3192 | Scenario Outline: Attach command failure on invalid token |
3193 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3194 | When I verify that running `pro attach INVALID_TOKEN` `with sudo` exits `1` |
3195 | @@ -32,7 +32,7 @@ Feature: Command behaviour when trying to attach a machine to an Ubuntu |
3196 | | lunar | |
3197 | |
3198 | @series.all |
3199 | - @uses.config.machine_type.lxd.container |
3200 | + @uses.config.machine_type.lxd-container |
3201 | @uses.config.contract_token_staging_expired |
3202 | Scenario Outline: Attach command failure on expired token |
3203 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3204 | diff --git a/features/attach_validtoken.feature b/features/attach_validtoken.feature |
3205 | index da04c06..e894c1e 100644 |
3206 | --- a/features/attach_validtoken.feature |
3207 | +++ b/features/attach_validtoken.feature |
3208 | @@ -4,22 +4,35 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro |
3209 | |
3210 | @series.kinetic |
3211 | @series.lunar |
3212 | - @uses.config.machine_type.lxd.container |
3213 | + @uses.config.machine_type.lxd-container |
3214 | Scenario Outline: Attached command in a non-lts ubuntu machine |
3215 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3216 | When I attach `contract_token` with sudo |
3217 | - And I run `pro status --all` as non-root |
3218 | + And I run `pro status` as non-root |
3219 | Then stdout matches regexp: |
3220 | - """ |
3221 | - SERVICE +ENTITLED STATUS DESCRIPTION |
3222 | - cc-eal +yes +n/a +Common Criteria EAL2 Provisioning Packages |
3223 | - cis +yes +n/a +Security compliance and audit tools |
3224 | - esm-apps +yes +n/a +Expanded Security Maintenance for Applications |
3225 | - esm-infra +yes +n/a +Expanded Security Maintenance for Infrastructure |
3226 | - fips +yes +n/a +NIST-certified core packages |
3227 | - fips-updates +yes +n/a +NIST-certified core packages with priority security updates |
3228 | - livepatch +yes +n/a +Canonical Livepatch service |
3229 | - """ |
3230 | + """ |
3231 | + No Ubuntu Pro services are available to this system. |
3232 | + """ |
3233 | + And stdout matches regexp: |
3234 | + """ |
3235 | + For a list of all Ubuntu Pro services, run 'pro status --all' |
3236 | + """ |
3237 | + When I run `pro status --all` as non-root |
3238 | + Then stdout matches regexp: |
3239 | + """ |
3240 | + SERVICE +ENTITLED STATUS DESCRIPTION |
3241 | + cc-eal +yes +n/a +Common Criteria EAL2 Provisioning Packages |
3242 | + cis +yes +n/a +Security compliance and audit tools |
3243 | + esm-apps +yes +n/a +Expanded Security Maintenance for Applications |
3244 | + esm-infra +yes +n/a +Expanded Security Maintenance for Infrastructure |
3245 | + fips +yes +n/a +NIST-certified core packages |
3246 | + fips-updates +yes +n/a +NIST-certified core packages with priority security updates |
3247 | + livepatch +yes +n/a +Canonical Livepatch service |
3248 | + """ |
3249 | + And stdout does not match regexp: |
3250 | + """ |
3251 | + For a list of all Ubuntu Pro services, run 'pro status --all' |
3252 | + """ |
3253 | |
3254 | Examples: ubuntu release |
3255 | | release | |
3256 | @@ -27,7 +40,7 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro |
3257 | | lunar | |
3258 | |
3259 | @series.lts |
3260 | - @uses.config.machine_type.lxd.container |
3261 | + @uses.config.machine_type.lxd-container |
3262 | Scenario Outline: Attach command in a ubuntu lxd container |
3263 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3264 | When I run `apt-get update` with sudo, retrying exit [100] |
3265 | @@ -83,10 +96,10 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro |
3266 | | xenial | libkrad0=1.13.2+dfsg-5 | disabled | cis | disabled | disabled | Canonical Livepatch service | |
3267 | | bionic | libkrad0=1.16-2build1 | disabled | cis | disabled | disabled | Canonical Livepatch service | |
3268 | | focal | hello=2.10-2ubuntu2 | n/a | usg | disabled | disabled | Canonical Livepatch service | |
3269 | - | jammy | hello=2.10-2ubuntu4 | n/a | usg | n/a | n/a | Available with the HWE kernel | |
3270 | + | jammy | hello=2.10-2ubuntu4 | n/a | usg | n/a | n/a | Canonical Livepatch service | |
3271 | |
3272 | @series.lts |
3273 | - @uses.config.machine_type.lxd.container |
3274 | + @uses.config.machine_type.lxd-container |
3275 | Scenario Outline: Attach command with attach config |
3276 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3277 | # simplest happy path |
3278 | @@ -306,7 +319,7 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro |
3279 | | jammy | enabled | n/a | n/a | usg | n/a | |
3280 | |
3281 | @series.all |
3282 | - @uses.config.machine_type.lxd.container |
3283 | + @uses.config.machine_type.lxd-container |
3284 | Scenario Outline: Attach command with json output |
3285 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3286 | When I verify that running attach `as non-root` with json response exits `1` |
3287 | @@ -334,7 +347,7 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro |
3288 | | jammy | n/a | |
3289 | |
3290 | @series.all |
3291 | - @uses.config.machine_type.lxd.container |
3292 | + @uses.config.machine_type.lxd-container |
3293 | Scenario Outline: Attach and Check for contract change in status checking |
3294 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3295 | When I attach `contract_token` with sudo |
3296 | @@ -380,6 +393,7 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro |
3297 | |
3298 | Examples: ubuntu release livepatch status |
3299 | | release | |
3300 | - | xenial | |
3301 | - | bionic | |
3302 | - | focal | |
3303 | + # removing until we add this feature back in a way that doesn't hammer the server |
3304 | + #| xenial | |
3305 | + #| bionic | |
3306 | + #| focal | |
3307 | diff --git a/features/attached_commands.feature b/features/attached_commands.feature |
3308 | index 524e4e0..2681466 100644 |
3309 | --- a/features/attached_commands.feature |
3310 | +++ b/features/attached_commands.feature |
3311 | @@ -2,7 +2,7 @@ |
3312 | Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3313 | |
3314 | @series.all |
3315 | - @uses.config.machine_type.lxd.container |
3316 | + @uses.config.machine_type.lxd-container |
3317 | Scenario Outline: Attached refresh in a ubuntu machine |
3318 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3319 | When I attach `contract_token` with sudo |
3320 | @@ -60,7 +60,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3321 | | lunar | |
3322 | |
3323 | @series.all |
3324 | - @uses.config.machine_type.lxd.container |
3325 | + @uses.config.machine_type.lxd-container |
3326 | Scenario Outline: Attached disable of an already disabled service in a ubuntu machine |
3327 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3328 | When I attach `contract_token` with sudo |
3329 | @@ -86,7 +86,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3330 | | lunar | |
3331 | |
3332 | @series.lts |
3333 | - @uses.config.machine_type.lxd.container |
3334 | + @uses.config.machine_type.lxd-container |
3335 | Scenario Outline: Attached disable with json format |
3336 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3337 | When I attach `contract_token` with sudo |
3338 | @@ -144,7 +144,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3339 | @series.xenial |
3340 | @series.bionic |
3341 | @series.jammy |
3342 | - @uses.config.machine_type.lxd.container |
3343 | + @uses.config.machine_type.lxd-container |
3344 | Scenario Outline: Attached disable of a service in a ubuntu machine |
3345 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3346 | When I attach `contract_token` with sudo |
3347 | @@ -183,7 +183,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3348 | | jammy | Try cc-eal, esm-apps, esm-infra, fips, fips-updates, livepatch, realtime-kernel,\nros, ros-updates, usg. | |
3349 | |
3350 | @series.focal |
3351 | - @uses.config.machine_type.lxd.container |
3352 | + @uses.config.machine_type.lxd-container |
3353 | Scenario: Attached disable of a service in a ubuntu machine |
3354 | Given a `focal` machine with ubuntu-advantage-tools installed |
3355 | When I attach `contract_token` with sudo |
3356 | @@ -218,86 +218,91 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3357 | |
3358 | |
3359 | @series.lts |
3360 | - @uses.config.machine_type.lxd.container |
3361 | + @uses.config.machine_type.lxd-container |
3362 | Scenario Outline: Attached detach in an ubuntu machine |
3363 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3364 | When I attach `contract_token` with sudo |
3365 | + And I run `pro api u.pro.status.enabled_services.v1` as non-root |
3366 | + Then stdout matches regexp: |
3367 | + """ |
3368 | + {"_schema_version": "v1", "data": {"attributes": {"enabled_services": \[{"name": "esm-apps", "variant_enabled": false, "variant_name": null}, {"name": "esm-infra", "variant_enabled": false, "variant_name": null}\]}, "meta": {"environment_vars": \[\]}, "type": "EnabledServices"}, "errors": \[\], "result": "success", "version": ".*", "warnings": \[\]} |
3369 | + """ |
3370 | Then I verify that running `pro detach` `as non-root` exits `1` |
3371 | And stderr matches regexp: |
3372 | - """ |
3373 | - This command must be run as root \(try using sudo\). |
3374 | - """ |
3375 | + """ |
3376 | + This command must be run as root \(try using sudo\). |
3377 | + """ |
3378 | When I run `pro detach --assume-yes` with sudo |
3379 | Then I will see the following on stdout: |
3380 | - """ |
3381 | - Detach will disable the following services: |
3382 | - esm-apps |
3383 | - esm-infra |
3384 | - Updating package lists |
3385 | - Updating package lists |
3386 | - This machine is now detached. |
3387 | - """ |
3388 | + """ |
3389 | + Detach will disable the following services: |
3390 | + esm-apps |
3391 | + esm-infra |
3392 | + Updating package lists |
3393 | + Updating package lists |
3394 | + This machine is now detached. |
3395 | + """ |
3396 | When I run `pro status --all` as non-root |
3397 | Then stdout matches regexp: |
3398 | - """ |
3399 | - SERVICE +AVAILABLE DESCRIPTION |
3400 | - cc-eal +<cc-eal> +Common Criteria EAL2 Provisioning Packages |
3401 | - """ |
3402 | + """ |
3403 | + SERVICE +AVAILABLE DESCRIPTION |
3404 | + cc-eal +<cc-eal> +Common Criteria EAL2 Provisioning Packages |
3405 | + """ |
3406 | Then stdout matches regexp: |
3407 | - """ |
3408 | - esm-apps +<esm-apps> +Expanded Security Maintenance for Applications |
3409 | - esm-infra +yes +Expanded Security Maintenance for Infrastructure |
3410 | - fips +<fips> +NIST-certified core packages |
3411 | - fips-updates +<fips> +NIST-certified core packages with priority security updates |
3412 | - livepatch +(yes|no) +(Canonical Livepatch service|Current kernel is not supported) |
3413 | - realtime-kernel +<realtime-kernel> +Ubuntu kernel with PREEMPT_RT patches integrated |
3414 | - ros +<ros> +Security Updates for the Robot Operating System |
3415 | - ros-updates +<ros> +All Updates for the Robot Operating System |
3416 | - """ |
3417 | + """ |
3418 | + esm-apps +<esm-apps> +Expanded Security Maintenance for Applications |
3419 | + esm-infra +yes +Expanded Security Maintenance for Infrastructure |
3420 | + fips +<fips> +NIST-certified core packages |
3421 | + fips-updates +<fips> +NIST-certified core packages with priority security updates |
3422 | + livepatch +(yes|no) +(Canonical Livepatch service|Current kernel is not supported) |
3423 | + realtime-kernel +<realtime-kernel> +Ubuntu kernel with PREEMPT_RT patches integrated |
3424 | + ros +<ros> +Security Updates for the Robot Operating System |
3425 | + ros-updates +<ros> +All Updates for the Robot Operating System |
3426 | + """ |
3427 | Then stdout matches regexp: |
3428 | - """ |
3429 | - <cis_or_usg> +<cis> +Security compliance and audit tools |
3430 | - """ |
3431 | + """ |
3432 | + <cis_or_usg> +<cis> +Security compliance and audit tools |
3433 | + """ |
3434 | And stdout matches regexp: |
3435 | - """ |
3436 | - This machine is not attached to an Ubuntu Pro subscription. |
3437 | - """ |
3438 | + """ |
3439 | + This machine is not attached to an Ubuntu Pro subscription. |
3440 | + """ |
3441 | And I verify that running `apt update` `with sudo` exits `0` |
3442 | When I attach `contract_token` with sudo |
3443 | Then I verify that running `pro enable foobar --format json` `as non-root` exits `1` |
3444 | And stdout is a json matching the `ua_operation` schema |
3445 | And I will see the following on stdout: |
3446 | - """ |
3447 | - {"_schema_version": "0.1", "errors": [{"message": "json formatted response requires --assume-yes flag.", "message_code": "json-format-require-assume-yes", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []} |
3448 | - """ |
3449 | + """ |
3450 | + {"_schema_version": "0.1", "errors": [{"message": "json formatted response requires --assume-yes flag.", "message_code": "json-format-require-assume-yes", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []} |
3451 | + """ |
3452 | Then I verify that running `pro enable foobar --format json` `with sudo` exits `1` |
3453 | And stdout is a json matching the `ua_operation` schema |
3454 | And I will see the following on stdout: |
3455 | - """ |
3456 | - {"_schema_version": "0.1", "errors": [{"message": "json formatted response requires --assume-yes flag.", "message_code": "json-format-require-assume-yes", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []} |
3457 | - """ |
3458 | + """ |
3459 | + {"_schema_version": "0.1", "errors": [{"message": "json formatted response requires --assume-yes flag.", "message_code": "json-format-require-assume-yes", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []} |
3460 | + """ |
3461 | Then I verify that running `pro detach --format json --assume-yes` `as non-root` exits `1` |
3462 | And stdout is a json matching the `ua_operation` schema |
3463 | And I will see the following on stdout: |
3464 | - """ |
3465 | - {"_schema_version": "0.1", "errors": [{"message": "This command must be run as root (try using sudo).", "message_code": "nonroot-user", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []} |
3466 | - """ |
3467 | + """ |
3468 | + {"_schema_version": "0.1", "errors": [{"message": "This command must be run as root (try using sudo).", "message_code": "nonroot-user", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []} |
3469 | + """ |
3470 | When I run `pro detach --format json --assume-yes` with sudo |
3471 | Then stdout is a json matching the `ua_operation` schema |
3472 | And I will see the following on stdout: |
3473 | - """ |
3474 | - {"_schema_version": "0.1", "errors": [], "failed_services": [], "needs_reboot": false, "processed_services": ["esm-apps", "esm-infra"], "result": "success", "warnings": []} |
3475 | - """ |
3476 | + """ |
3477 | + {"_schema_version": "0.1", "errors": [], "failed_services": [], "needs_reboot": false, "processed_services": ["esm-apps", "esm-infra"], "result": "success", "warnings": []} |
3478 | + """ |
3479 | |
3480 | Examples: ubuntu release |
3481 | | release | esm-apps | cc-eal | cis | fips | fips-update | ros | cis_or_usg | realtime-kernel | |
3482 | | xenial | yes | yes | yes | yes | yes | yes | cis | no | |
3483 | | bionic | yes | yes | yes | yes | yes | yes | cis | no | |
3484 | | focal | yes | no | yes | yes | yes | no | usg | no | |
3485 | - | jammy | yes | no | no | no | no | no | usg | yes | |
3486 | + | jammy | yes | no | yes | no | no | no | usg | yes | |
3487 | |
3488 | @series.all |
3489 | - @uses.config.machine_type.lxd.container |
3490 | + @uses.config.machine_type.lxd-container |
3491 | Scenario Outline: Attached auto-attach in a ubuntu machine |
3492 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3493 | When I attach `contract_token` with sudo |
3494 | @@ -323,7 +328,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3495 | | lunar | |
3496 | |
3497 | @series.all |
3498 | - @uses.config.machine_type.lxd.container |
3499 | + @uses.config.machine_type.lxd-container |
3500 | Scenario Outline: Attached show version in a ubuntu machine |
3501 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3502 | When I attach `contract_token` with sudo |
3503 | @@ -346,7 +351,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3504 | | lunar | |
3505 | |
3506 | @series.all |
3507 | - @uses.config.machine_type.lxd.container |
3508 | + @uses.config.machine_type.lxd-container |
3509 | Scenario Outline: Attached status in a ubuntu machine with feature overrides |
3510 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3511 | When I create the file `/tmp/machine-token-overlay.json` with the following: |
3512 | @@ -416,7 +421,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3513 | |
3514 | @series.xenial |
3515 | @series.bionic |
3516 | - @uses.config.machine_type.lxd.container |
3517 | + @uses.config.machine_type.lxd-container |
3518 | Scenario Outline: Attached disable of different services in a ubuntu machine |
3519 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3520 | When I attach `contract_token` with sudo |
3521 | @@ -463,7 +468,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3522 | | jammy | |
3523 | |
3524 | @series.focal |
3525 | - @uses.config.machine_type.lxd.container |
3526 | + @uses.config.machine_type.lxd-container |
3527 | Scenario: Attached disable of different services in a ubuntu machine |
3528 | Given a `focal` machine with ubuntu-advantage-tools installed |
3529 | When I attach `contract_token` with sudo |
3530 | @@ -504,7 +509,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3531 | """ |
3532 | |
3533 | @series.all |
3534 | - @uses.config.machine_type.lxd.container |
3535 | + @uses.config.machine_type.lxd-container |
3536 | Scenario Outline: Help command on an attached machine |
3537 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3538 | When I attach `contract_token` with sudo |
3539 | @@ -611,7 +616,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3540 | |
3541 | @series.jammy |
3542 | @series.focal |
3543 | - @uses.config.machine_type.lxd.container |
3544 | + @uses.config.machine_type.lxd-container |
3545 | Scenario Outline: Help command on an attached machine |
3546 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3547 | When I attach `contract_token` with sudo |
3548 | @@ -727,7 +732,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3549 | | jammy | |
3550 | |
3551 | @series.lts |
3552 | - @uses.config.machine_type.lxd.container |
3553 | + @uses.config.machine_type.lxd-container |
3554 | Scenario Outline: Enable command with invalid repositories in user machine |
3555 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3556 | When I attach `contract_token` with sudo |
3557 | @@ -753,7 +758,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3558 | | jammy | cloud-init-dev-ubuntu-daily-jammy | |
3559 | |
3560 | @series.all |
3561 | - @uses.config.machine_type.lxd.container |
3562 | + @uses.config.machine_type.lxd-container |
3563 | Scenario Outline: Run timer script on an attached machine |
3564 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3565 | When I run `systemctl stop ua-timer.timer` with sudo |
3566 | @@ -831,7 +836,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3567 | | lunar | |
3568 | |
3569 | @series.lts |
3570 | - @uses.config.machine_type.lxd.container |
3571 | + @uses.config.machine_type.lxd-container |
3572 | Scenario Outline: Run timer script to valid machine activity endpoint |
3573 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3574 | When I attach `contract_token` with sudo |
3575 | @@ -902,7 +907,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
3576 | | jammy | |
3577 | |
3578 | @series.lts |
3579 | - @uses.config.machine_type.lxd.container |
3580 | + @uses.config.machine_type.lxd-container |
3581 | Scenario Outline: Run timer script to valid machine activity endpoint |
3582 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3583 | When I attach `contract_token` with sudo |
3584 | diff --git a/features/attached_enable.feature b/features/attached_enable.feature |
3585 | index e833c54..d730fc8 100644 |
3586 | --- a/features/attached_enable.feature |
3587 | +++ b/features/attached_enable.feature |
3588 | @@ -4,7 +4,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3589 | @slow |
3590 | @series.xenial |
3591 | @series.bionic |
3592 | - @uses.config.machine_type.lxd.container |
3593 | + @uses.config.machine_type.lxd-container |
3594 | Scenario Outline: Attached enable Common Criteria service in an ubuntu lxd container |
3595 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3596 | When I attach `contract_token` with sudo |
3597 | @@ -30,7 +30,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3598 | |
3599 | @series.xenial |
3600 | @series.bionic |
3601 | - @uses.config.machine_type.lxd.container |
3602 | + @uses.config.machine_type.lxd-container |
3603 | Scenario Outline: Enable cc-eal with --access-only |
3604 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3605 | When I attach `contract_token` with sudo |
3606 | @@ -52,7 +52,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3607 | @series.jammy |
3608 | @series.kinetic |
3609 | @series.lunar |
3610 | - @uses.config.machine_type.lxd.container |
3611 | + @uses.config.machine_type.lxd-container |
3612 | Scenario Outline: Attached enable Common Criteria service in an ubuntu lxd container |
3613 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3614 | When I attach `contract_token` with sudo |
3615 | @@ -75,7 +75,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3616 | | lunar | 23.04 | Lunar Lobster | |
3617 | |
3618 | @series.lts |
3619 | - @uses.config.machine_type.lxd.container |
3620 | + @uses.config.machine_type.lxd-container |
3621 | Scenario Outline: Empty series affordance means no series, null means all series |
3622 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3623 | When I attach `contract_token` with sudo and options `--no-auto-enable` |
3624 | @@ -126,7 +126,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3625 | | jammy | |
3626 | |
3627 | @series.lts |
3628 | - @uses.config.machine_type.lxd.container |
3629 | + @uses.config.machine_type.lxd-container |
3630 | Scenario Outline: Attached enable of different services using json format |
3631 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3632 | When I attach `contract_token` with sudo |
3633 | @@ -196,7 +196,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3634 | | jammy | cc-eal, esm-apps, esm-infra, fips, fips-updates, livepatch, realtime-kernel,\nros, ros-updates, usg. | |
3635 | |
3636 | @series.lts |
3637 | - @uses.config.machine_type.lxd.container |
3638 | + @uses.config.machine_type.lxd-container |
3639 | Scenario Outline: Attached enable of a service in a ubuntu machine |
3640 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3641 | When I attach `contract_token` with sudo |
3642 | @@ -251,7 +251,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3643 | | bionic | libkrad0 | https://esm.ubuntu.com/infra/ubuntu | |
3644 | |
3645 | @series.focal |
3646 | - @uses.config.machine_type.lxd.container |
3647 | + @uses.config.machine_type.lxd-container |
3648 | Scenario: Attached enable of a service in a ubuntu machine |
3649 | Given a `focal` machine with ubuntu-advantage-tools installed |
3650 | When I attach `contract_token` with sudo |
3651 | @@ -302,7 +302,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3652 | """ |
3653 | |
3654 | @series.all |
3655 | - @uses.config.machine_type.lxd.container |
3656 | + @uses.config.machine_type.lxd-container |
3657 | Scenario Outline: Attached enable of non-container services in a ubuntu lxd container |
3658 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3659 | When I attach `contract_token` with sudo |
3660 | @@ -328,7 +328,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3661 | | lunar | |
3662 | |
3663 | @series.lts |
3664 | - @uses.config.machine_type.lxd.container |
3665 | + @uses.config.machine_type.lxd-container |
3666 | Scenario Outline: Attached enable not entitled service in a ubuntu machine |
3667 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3668 | When I set the machine token overlay to the following yaml |
3669 | @@ -362,7 +362,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3670 | |
3671 | @series.xenial |
3672 | @series.bionic |
3673 | - @uses.config.machine_type.lxd.container |
3674 | + @uses.config.machine_type.lxd-container |
3675 | Scenario Outline: Attached enable of cis service in a ubuntu machine |
3676 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3677 | When I attach `contract_token` with sudo |
3678 | @@ -446,7 +446,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3679 | | xenial | Canonical_Ubuntu_16.04_CIS_v1.1.0-harden.sh | |
3680 | |
3681 | @series.focal |
3682 | - @uses.config.machine_type.lxd.container |
3683 | + @uses.config.machine_type.lxd-container |
3684 | Scenario Outline: Attached enable of cis service in a ubuntu machine |
3685 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3686 | When I attach `contract_token` with sudo |
3687 | @@ -526,7 +526,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3688 | |
3689 | @series.bionic |
3690 | @series.xenial |
3691 | - @uses.config.machine_type.lxd.container |
3692 | + @uses.config.machine_type.lxd-container |
3693 | Scenario Outline: Attached enable of usg service in a ubuntu machine |
3694 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3695 | When I attach `contract_token` with sudo |
3696 | @@ -547,7 +547,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3697 | | xenial | |
3698 | |
3699 | @series.focal |
3700 | - @uses.config.machine_type.lxd.container |
3701 | + @uses.config.machine_type.lxd-container |
3702 | Scenario Outline: Attached enable of usg service in a focal machine |
3703 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3704 | When I attach `contract_token` with sudo |
3705 | @@ -608,7 +608,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3706 | |
3707 | @series.bionic |
3708 | @series.xenial |
3709 | - @uses.config.machine_type.lxd.vm |
3710 | + @uses.config.machine_type.lxd-vm |
3711 | Scenario Outline: Attached disable of livepatch in a lxd vm |
3712 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3713 | When I attach `contract_token` with sudo |
3714 | @@ -651,7 +651,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3715 | |
3716 | @series.xenial |
3717 | @series.bionic |
3718 | - @uses.config.machine_type.lxd.vm |
3719 | + @uses.config.machine_type.lxd-vm |
3720 | Scenario Outline: Attach works when snapd cannot be installed |
3721 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3722 | When I run `apt-get remove -y snapd` with sudo |
3723 | @@ -690,7 +690,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3724 | |
3725 | @series.bionic |
3726 | @series.xenial |
3727 | - @uses.config.machine_type.lxd.vm |
3728 | + @uses.config.machine_type.lxd-vm |
3729 | Scenario Outline: Attached enable livepatch |
3730 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3731 | When I verify that running `canonical-livepatch status` `with sudo` exits `1` |
3732 | @@ -722,7 +722,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3733 | |
3734 | |
3735 | @series.xenial |
3736 | - @uses.config.machine_type.lxd.vm |
3737 | + @uses.config.machine_type.lxd-vm |
3738 | Scenario Outline: Attached enable livepatch |
3739 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3740 | When I attach `contract_token` with sudo |
3741 | @@ -792,7 +792,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3742 | |
3743 | @slow |
3744 | @series.bionic |
3745 | - @uses.config.machine_type.lxd.vm |
3746 | + @uses.config.machine_type.lxd-vm |
3747 | Scenario: Attached enable livepatch on a machine with fips active |
3748 | Given a `bionic` machine with ubuntu-advantage-tools installed |
3749 | When I attach `contract_token` with sudo |
3750 | @@ -831,7 +831,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3751 | """ |
3752 | |
3753 | @series.bionic |
3754 | - @uses.config.machine_type.lxd.vm |
3755 | + @uses.config.machine_type.lxd-vm |
3756 | Scenario: Attached enable fips on a machine with livepatch active |
3757 | Given a `bionic` machine with ubuntu-advantage-tools installed |
3758 | When I attach `contract_token` with sudo |
3759 | @@ -863,7 +863,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3760 | @slow |
3761 | @series.xenial |
3762 | @series.bionic |
3763 | - @uses.config.machine_type.lxd.vm |
3764 | + @uses.config.machine_type.lxd-vm |
3765 | Scenario Outline: Attached enable fips on a machine with livepatch active |
3766 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3767 | When I attach `contract_token` with sudo |
3768 | @@ -905,7 +905,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3769 | @slow |
3770 | @series.xenial |
3771 | @series.bionic |
3772 | - @uses.config.machine_type.lxd.vm |
3773 | + @uses.config.machine_type.lxd-vm |
3774 | Scenario Outline: Attached enable fips on a machine with fips-updates active |
3775 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3776 | When I attach `contract_token` with sudo |
3777 | @@ -943,7 +943,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3778 | @series.xenial |
3779 | @series.bionic |
3780 | @uses.config.contract_token |
3781 | - @uses.config.machine_type.lxd.container |
3782 | + @uses.config.machine_type.lxd-container |
3783 | Scenario Outline: Attached enable ros on a machine |
3784 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3785 | When I attach `contract_token` with sudo |
3786 | @@ -1158,7 +1158,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3787 | |
3788 | @series.xenial |
3789 | @uses.config.contract_token |
3790 | - @uses.config.machine_type.lxd.container |
3791 | + @uses.config.machine_type.lxd-container |
3792 | Scenario Outline: APT auth file is edited correctly on enable |
3793 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3794 | When I attach `contract_token` with sudo |
3795 | @@ -1188,7 +1188,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3796 | | xenial | |
3797 | |
3798 | @series.lts |
3799 | - @uses.config.machine_type.lxd.container |
3800 | + @uses.config.machine_type.lxd-container |
3801 | Scenario Outline: Attached enable esm-apps on a machine |
3802 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3803 | When I attach `contract_token` with sudo |
3804 | @@ -1231,7 +1231,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3805 | | focal | ant | |
3806 | |
3807 | @series.lts |
3808 | - @uses.config.machine_type.lxd.container |
3809 | + @uses.config.machine_type.lxd-container |
3810 | Scenario Outline: Attached enable with corrupt lock |
3811 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3812 | When I attach `contract_token` with sudo |
3813 | diff --git a/features/attached_status.feature b/features/attached_status.feature |
3814 | index b01386e..ad086d0 100644 |
3815 | --- a/features/attached_status.feature |
3816 | +++ b/features/attached_status.feature |
3817 | @@ -2,7 +2,7 @@ |
3818 | Feature: Attached status |
3819 | |
3820 | @series.all |
3821 | - @uses.config.machine_type.lxd.container |
3822 | + @uses.config.machine_type.lxd-container |
3823 | Scenario Outline: Attached status in a ubuntu machine - formatted |
3824 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3825 | When I attach `contract_token` with sudo |
3826 | @@ -42,7 +42,7 @@ Feature: Attached status |
3827 | | lunar | |
3828 | |
3829 | @series.xenial |
3830 | - @uses.config.machine_type.lxd.container |
3831 | + @uses.config.machine_type.lxd-container |
3832 | Scenario Outline: Non-root status can see in-progress operations |
3833 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3834 | When I attach `contract_token` with sudo |
3835 | @@ -83,7 +83,7 @@ Feature: Attached status |
3836 | |
3837 | @series.xenial |
3838 | @series.bionic |
3839 | - @uses.config.machine_type.lxd.container |
3840 | + @uses.config.machine_type.lxd-container |
3841 | Scenario Outline: Attached status in a ubuntu machine |
3842 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3843 | When I attach `contract_token` with sudo |
3844 | @@ -101,6 +101,7 @@ Feature: Attached status |
3845 | ros +yes +disabled +Security Updates for the Robot Operating System |
3846 | ros-updates +yes +disabled +All Updates for the Robot Operating System |
3847 | |
3848 | + For a list of all Ubuntu Pro services, run 'pro status --all' |
3849 | Enable services with: pro enable <service> |
3850 | """ |
3851 | When I verify root and non-root `pro status --all` calls have the same output |
3852 | @@ -128,7 +129,7 @@ Feature: Attached status |
3853 | | bionic | |
3854 | |
3855 | @series.focal |
3856 | - @uses.config.machine_type.lxd.container |
3857 | + @uses.config.machine_type.lxd-container |
3858 | Scenario Outline: Attached status in a ubuntu machine |
3859 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3860 | When I attach `contract_token` with sudo |
3861 | @@ -143,6 +144,7 @@ Feature: Attached status |
3862 | fips-updates +yes +disabled +NIST-certified core packages with priority security updates |
3863 | usg +yes +disabled +Security compliance and audit tools |
3864 | |
3865 | + For a list of all Ubuntu Pro services, run 'pro status --all' |
3866 | Enable services with: pro enable <service> |
3867 | """ |
3868 | When I verify root and non-root `pro status --all` calls have the same output |
3869 | @@ -169,7 +171,7 @@ Feature: Attached status |
3870 | | focal | |
3871 | |
3872 | @series.jammy |
3873 | - @uses.config.machine_type.lxd.container |
3874 | + @uses.config.machine_type.lxd-container |
3875 | Scenario Outline: Attached status in the latest LTS ubuntu machine |
3876 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3877 | When I attach `contract_token` with sudo |
3878 | @@ -180,7 +182,9 @@ Feature: Attached status |
3879 | SERVICE +ENTITLED +STATUS +DESCRIPTION |
3880 | esm-apps +yes +enabled +Expanded Security Maintenance for Applications |
3881 | esm-infra +yes +enabled +Expanded Security Maintenance for Infrastructure |
3882 | + usg +yes +disabled +Security compliance and audit tools |
3883 | |
3884 | + For a list of all Ubuntu Pro services, run 'pro status --all' |
3885 | Enable services with: pro enable <service> |
3886 | """ |
3887 | When I verify root and non-root `pro status --all` calls have the same output |
3888 | @@ -197,7 +201,7 @@ Feature: Attached status |
3889 | realtime-kernel +yes +n/a +Ubuntu kernel with PREEMPT_RT patches integrated |
3890 | ros +yes +n/a +Security Updates for the Robot Operating System |
3891 | ros-updates +yes +n/a +All Updates for the Robot Operating System |
3892 | - usg +yes +n/a +Security compliance and audit tools |
3893 | + usg +yes +disabled +Security compliance and audit tools |
3894 | |
3895 | Enable services with: pro enable <service> |
3896 | """ |
3897 | diff --git a/features/cloud.py b/features/cloud.py |
3898 | index 1a5d11b..8f3bcb0 100644 |
3899 | --- a/features/cloud.py |
3900 | +++ b/features/cloud.py |
3901 | @@ -15,8 +15,6 @@ class Cloud: |
3902 | |
3903 | :cloud_credentials_path: |
3904 | A string containing the path for the pycloudlib cloud credentials file |
3905 | - :machine_type: |
3906 | - A string representing the type of machine to launch (pro or generic) |
3907 | :region: |
3908 | The region to create the cloud resources on |
3909 | :param tag: |
3910 | @@ -30,7 +28,6 @@ class Cloud: |
3911 | |
3912 | def __init__( |
3913 | self, |
3914 | - machine_type: str, |
3915 | cloud_credentials_path: Optional[str], |
3916 | tag: Optional[str] = None, |
3917 | timestamp_suffix: bool = True, |
3918 | @@ -39,11 +36,11 @@ class Cloud: |
3919 | self.tag = tag |
3920 | else: |
3921 | self.tag = "uaclient-ci" |
3922 | - self.machine_type = machine_type |
3923 | self._api = None |
3924 | self.key_name = pycloudlib.util.get_timestamped_tag(self.tag) |
3925 | self.timestamp_suffix = timestamp_suffix |
3926 | self.cloud_credentials_path = cloud_credentials_path |
3927 | + self._ssh_key_managed = False |
3928 | |
3929 | @property |
3930 | def pycloudlib_cls(self): |
3931 | @@ -65,6 +62,7 @@ class Cloud: |
3932 | def _create_instance( |
3933 | self, |
3934 | series: str, |
3935 | + machine_type: str, |
3936 | instance_name: Optional[str] = None, |
3937 | image_name: Optional[str] = None, |
3938 | user_data: Optional[str] = None, |
3939 | @@ -77,6 +75,8 @@ class Cloud: |
3940 | The ubuntu release to be used when creating an instance. We will |
3941 | create an image based on this value if the used does not provide |
3942 | a image_name value |
3943 | + :machine_type: |
3944 | + string representing the type of machine to launch (pro or generic) |
3945 | :param instance_name: |
3946 | The name of the instance to be created |
3947 | :param image_name: |
3948 | @@ -115,6 +115,7 @@ class Cloud: |
3949 | def launch( |
3950 | self, |
3951 | series: str, |
3952 | + machine_type: str, |
3953 | instance_name: Optional[str] = None, |
3954 | image_name: Optional[str] = None, |
3955 | user_data: Optional[str] = None, |
3956 | @@ -127,6 +128,8 @@ class Cloud: |
3957 | The ubuntu release to be used when creating an instance. We will |
3958 | create an image based on this value if the used does not provide |
3959 | a image_name value |
3960 | + :machine_type: |
3961 | + string representing the type of machine to launch (pro or generic) |
3962 | :param instance_name: |
3963 | The name of the instance to be created |
3964 | :param image_name: |
3965 | @@ -143,6 +146,7 @@ class Cloud: |
3966 | """ |
3967 | inst = self._create_instance( |
3968 | series=series, |
3969 | + machine_type=machine_type, |
3970 | instance_name=instance_name, |
3971 | image_name=image_name, |
3972 | user_data=user_data, |
3973 | @@ -168,11 +172,15 @@ class Cloud: |
3974 | """ |
3975 | return instance.id |
3976 | |
3977 | - def locate_image_name(self, series: str) -> str: |
3978 | + def locate_image_name( |
3979 | + self, series: str, machine_type: str, daily: bool = True |
3980 | + ) -> str: |
3981 | """Locate and return the image name to use for vm provision. |
3982 | |
3983 | :param series: |
3984 | The ubuntu release to be used when locating the image name |
3985 | + :machine_type: |
3986 | + string representing the type of machine to launch (pro or generic) |
3987 | |
3988 | :returns: |
3989 | A image name to use when provisioning a virtual machine |
3990 | @@ -184,12 +192,19 @@ class Cloud: |
3991 | ) |
3992 | |
3993 | image_type = ImageType.GENERIC |
3994 | - if "pro.fips" in self.machine_type: |
3995 | + if "pro-fips" in machine_type: |
3996 | image_type = ImageType.PRO_FIPS |
3997 | - elif "pro" in self.machine_type: |
3998 | + elif "pro" in machine_type: |
3999 | image_type = ImageType.PRO |
4000 | |
4001 | - return self.api.daily_image(release=series, image_type=image_type) |
4002 | + if daily: |
4003 | + logging.debug("looking up daily image for {}".format(series)) |
4004 | + return self.api.daily_image(release=series, image_type=image_type) |
4005 | + else: |
4006 | + logging.debug("looking up released image for {}".format(series)) |
4007 | + return self.api.released_image( |
4008 | + release=series, image_type=image_type |
4009 | + ) |
4010 | |
4011 | def manage_ssh_key( |
4012 | self, |
4013 | @@ -202,6 +217,11 @@ class Cloud: |
4014 | Location of the private key path to use. If None, the location |
4015 | will be a default location. |
4016 | """ |
4017 | + if self._ssh_key_managed: |
4018 | + logging.debug("SSH key already set up") |
4019 | + return |
4020 | + |
4021 | + logging.debug("Setting up SSH key") |
4022 | if key_name: |
4023 | self.key_name = key_name |
4024 | cloud_name = self.name.lower().replace("_", "-") |
4025 | @@ -221,10 +241,17 @@ class Cloud: |
4026 | self.api.use_key( |
4027 | public_key_path=pub_key_path, private_key_path=priv_key_path |
4028 | ) |
4029 | + self._ssh_key_managed = True |
4030 | |
4031 | |
4032 | class EC2(Cloud): |
4033 | - """Class that represents the EC2 cloud provider.""" |
4034 | + """ |
4035 | + Class that represents the EC2 cloud provider. |
4036 | + |
4037 | + For AWS, we need to specify on the pycloudlib config file that |
4038 | + the AWS region must be us-east-2. The reason for that is because |
4039 | + our image ids were captured using that region. |
4040 | + """ |
4041 | |
4042 | name = "aws" |
4043 | |
4044 | @@ -270,6 +297,7 @@ class EC2(Cloud): |
4045 | def _create_instance( |
4046 | self, |
4047 | series: str, |
4048 | + machine_type: str, |
4049 | instance_name: Optional[str] = None, |
4050 | image_name: Optional[str] = None, |
4051 | user_data: Optional[str] = None, |
4052 | @@ -282,6 +310,8 @@ class EC2(Cloud): |
4053 | The ubuntu release to be used when creating an instance. We will |
4054 | create an image based on this value if the used does not provide |
4055 | a image_name value |
4056 | + :machine_type: |
4057 | + string representing the type of machine to launch (pro or generic) |
4058 | :param instance_name: |
4059 | The name of the instance to be created |
4060 | :param image_name: |
4061 | @@ -297,7 +327,16 @@ class EC2(Cloud): |
4062 | An AWS cloud provider instance |
4063 | """ |
4064 | if not image_name: |
4065 | - image_name = self.locate_image_name(series) |
4066 | + if series == "xenial" and "pro" not in machine_type: |
4067 | + logging.debug( |
4068 | + "defaulting to non-daily image for awsgeneric-16.04" |
4069 | + ) |
4070 | + daily = False |
4071 | + else: |
4072 | + daily = True |
4073 | + image_name = self.locate_image_name( |
4074 | + series, machine_type, daily=daily |
4075 | + ) |
4076 | |
4077 | logging.info( |
4078 | "--- Launching AWS image {}({})".format(image_name, series) |
4079 | @@ -316,7 +355,7 @@ class EC2(Cloud): |
4080 | class Azure(Cloud): |
4081 | """Class that represents the Azure cloud provider.""" |
4082 | |
4083 | - name = "Azure" |
4084 | + name = "azure" |
4085 | |
4086 | @property |
4087 | def pycloudlib_cls(self): |
4088 | @@ -376,6 +415,7 @@ class Azure(Cloud): |
4089 | def _create_instance( |
4090 | self, |
4091 | series: str, |
4092 | + machine_type: str, |
4093 | instance_name: Optional[str] = None, |
4094 | image_name: Optional[str] = None, |
4095 | user_data: Optional[str] = None, |
4096 | @@ -388,6 +428,8 @@ class Azure(Cloud): |
4097 | The ubuntu release to be used when creating an instance. We will |
4098 | create an image based on this value if the used does not provide |
4099 | a image_name value |
4100 | + :machine_type: |
4101 | + string representing the type of machine to launch (pro or generic) |
4102 | :param instance_name: |
4103 | The name of the instance to be created |
4104 | :param image_name: |
4105 | @@ -403,7 +445,7 @@ class Azure(Cloud): |
4106 | An Azure cloud provider instance |
4107 | """ |
4108 | if not image_name: |
4109 | - image_name = self.locate_image_name(series) |
4110 | + image_name = self.locate_image_name(series, machine_type) |
4111 | |
4112 | logging.info( |
4113 | "--- Launching Azure image {}({})".format(image_name, series) |
4114 | @@ -430,13 +472,11 @@ class GCP(Cloud): |
4115 | |
4116 | def __init__( |
4117 | self, |
4118 | - machine_type: str, |
4119 | cloud_credentials_path: Optional[str], |
4120 | tag: Optional[str] = None, |
4121 | timestamp_suffix: bool = True, |
4122 | ) -> None: |
4123 | super().__init__( |
4124 | - machine_type=machine_type, |
4125 | cloud_credentials_path=cloud_credentials_path, |
4126 | tag=tag, |
4127 | timestamp_suffix=timestamp_suffix, |
4128 | @@ -494,6 +534,7 @@ class GCP(Cloud): |
4129 | def _create_instance( |
4130 | self, |
4131 | series: str, |
4132 | + machine_type: str, |
4133 | instance_name: Optional[str] = None, |
4134 | image_name: Optional[str] = None, |
4135 | user_data: Optional[str] = None, |
4136 | @@ -506,6 +547,8 @@ class GCP(Cloud): |
4137 | The ubuntu release to be used when creating an instance. We will |
4138 | create an image based on this value if the used does not provide |
4139 | a image_name value |
4140 | + :machine_type: |
4141 | + string representing the type of machine to launch (pro or generic) |
4142 | :param instance_name: |
4143 | The name of the instance to be created |
4144 | :param image_name: |
4145 | @@ -521,7 +564,7 @@ class GCP(Cloud): |
4146 | An GCP cloud provider instance |
4147 | """ |
4148 | if not image_name: |
4149 | - image_name = self.locate_image_name(series) |
4150 | + image_name = self.locate_image_name(series, machine_type) |
4151 | |
4152 | logging.info( |
4153 | "--- Launching GCP image {}({})".format(image_name, series) |
4154 | @@ -536,6 +579,7 @@ class _LXD(Cloud): |
4155 | def _create_instance( |
4156 | self, |
4157 | series: str, |
4158 | + machine_type: str, |
4159 | instance_name: Optional[str] = None, |
4160 | image_name: Optional[str] = None, |
4161 | user_data: Optional[str] = None, |
4162 | @@ -548,6 +592,8 @@ class _LXD(Cloud): |
4163 | The ubuntu release to be used when creating an instance. We will |
4164 | create an image based on this value if the used does not provide |
4165 | a image_name value |
4166 | + :machine_type: |
4167 | + string representing the type of machine to launch (pro or generic) |
4168 | :param instance_name: |
4169 | The name of the instance to be created |
4170 | :param image_name: |
4171 | @@ -563,7 +609,7 @@ class _LXD(Cloud): |
4172 | An AWS cloud provider instance |
4173 | """ |
4174 | if not image_name: |
4175 | - image_name = self.locate_image_name(series) |
4176 | + image_name = self.locate_image_name(series, machine_type) |
4177 | |
4178 | image_type = self.name.title().replace("-", " ") |
4179 | |
4180 | @@ -603,11 +649,15 @@ class _LXD(Cloud): |
4181 | # instead of the instance id |
4182 | return instance.name |
4183 | |
4184 | - def locate_image_name(self, series: str) -> str: |
4185 | + def locate_image_name( |
4186 | + self, series: str, machine_type: str, daily: bool = True |
4187 | + ) -> str: |
4188 | """Locate and return the image name to use for vm provision. |
4189 | |
4190 | :param series: |
4191 | The ubuntu release to be used when locating the image name |
4192 | + :machine_type: |
4193 | + string representing the type of machine to launch (pro or generic) |
4194 | |
4195 | :returns: |
4196 | A image name to use when provisioning a virtual machine |
4197 | @@ -618,7 +668,13 @@ class _LXD(Cloud): |
4198 | "Must provide either series or image_name to launch azure" |
4199 | ) |
4200 | |
4201 | - image_name = self.api.daily_image(release=series) |
4202 | + if daily: |
4203 | + logging.debug("looking up daily image for {}".format(series)) |
4204 | + image_name = self.api.daily_image(release=series) |
4205 | + else: |
4206 | + logging.debug("looking up released image for {}".format(series)) |
4207 | + image_name = self.api.released_image(release=series) |
4208 | + |
4209 | return image_name |
4210 | |
4211 | |
4212 | diff --git a/features/cloud_pro_clone.feature b/features/cloud_pro_clone.feature |
4213 | index 6895c47..9ec5e0a 100644 |
4214 | --- a/features/cloud_pro_clone.feature |
4215 | +++ b/features/cloud_pro_clone.feature |
4216 | @@ -13,11 +13,7 @@ Feature: Creating golden images based on Cloud Ubuntu Pro instances |
4217 | log_file: /var/log/ubuntu-advantage.log |
4218 | """ |
4219 | When I run `pro auto-attach` with sudo |
4220 | - And I run `pro status --format yaml` with sudo |
4221 | - Then stdout matches regexp: |
4222 | - """ |
4223 | - attached: true |
4224 | - """ |
4225 | + Then the machine is attached |
4226 | When I run `apt install -y jq` with sudo |
4227 | When I save the `activityInfo.activityToken` value from the contract |
4228 | When I save the `activityInfo.activityID` value from the contract |
4229 | @@ -37,11 +33,7 @@ Feature: Creating golden images based on Cloud Ubuntu Pro instances |
4230 | When I launch a `<release>` machine named `clone` from the snapshot of `system-under-test` |
4231 | # The clone will run auto-attach on boot |
4232 | When I run `pro status --wait` `with sudo` on the `clone` machine |
4233 | - When I run `pro status --format yaml` `with sudo` on the `clone` machine |
4234 | - Then stdout matches regexp: |
4235 | - """ |
4236 | - attached: true |
4237 | - """ |
4238 | + Then the machine is attached |
4239 | When I run `python3 /usr/lib/ubuntu-advantage/timer.py` `with sudo` on the `clone` machine |
4240 | Then I verify that `activityInfo.activityToken` value has been updated on the contract on the `clone` machine |
4241 | Then I verify that `activityInfo.activityID` value has been updated on the contract on the `clone` machine |
4242 | diff --git a/features/collect_logs.feature b/features/collect_logs.feature |
4243 | index f45046f..bc9cb39 100644 |
4244 | --- a/features/collect_logs.feature |
4245 | +++ b/features/collect_logs.feature |
4246 | @@ -2,7 +2,7 @@ |
4247 | Feature: Command behaviour when attached to an Ubuntu Pro subscription |
4248 | |
4249 | @series.all |
4250 | - @uses.config.machine_type.lxd.container |
4251 | + @uses.config.machine_type.lxd-container |
4252 | Scenario Outline: Run collect-logs on an unattached machine |
4253 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4254 | When I run `python3 /usr/lib/ubuntu-advantage/timer.py` with sudo |
4255 | @@ -51,7 +51,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
4256 | | lunar | |
4257 | |
4258 | @series.lts |
4259 | - @uses.config.machine_type.lxd.container |
4260 | + @uses.config.machine_type.lxd-container |
4261 | Scenario Outline: Run collect-logs on an attached machine |
4262 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4263 | When I attach `contract_token` with sudo |
4264 | diff --git a/features/config.feature b/features/config.feature |
4265 | index 47b21d5..1c99798 100644 |
4266 | --- a/features/config.feature |
4267 | +++ b/features/config.feature |
4268 | @@ -3,7 +3,7 @@ Feature: pro config sub-command |
4269 | @series.xenial |
4270 | @series.jammy |
4271 | @series.kinetic |
4272 | - @uses.config.machine_type.lxd.container |
4273 | + @uses.config.machine_type.lxd-container |
4274 | Scenario Outline: old ua_config in uaclient.conf is still supported |
4275 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4276 | When I run `pro config show` with sudo |
4277 | diff --git a/features/daemon.feature b/features/daemon.feature |
4278 | index ed74ec5..42d999d 100644 |
4279 | --- a/features/daemon.feature |
4280 | +++ b/features/daemon.feature |
4281 | @@ -2,7 +2,7 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary |
4282 | |
4283 | @series.all |
4284 | @uses.config.contract_token |
4285 | - @uses.config.machine_type.lxd.container |
4286 | + @uses.config.machine_type.lxd-container |
4287 | Scenario Outline: cloud-id-shim service is not installed on anything other than xenial |
4288 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4289 | Then I verify that running `systemctl status ubuntu-advantage-cloud-id-shim.service` `with sudo` exits `4` |
4290 | @@ -20,7 +20,7 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary |
4291 | |
4292 | @series.lts |
4293 | @uses.config.contract_token |
4294 | - @uses.config.machine_type.lxd.container |
4295 | + @uses.config.machine_type.lxd-container |
4296 | Scenario Outline: cloud-id-shim should run in postinst and on boot |
4297 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4298 | # verify installing pro created the cloud-id file |
4299 | @@ -105,10 +105,10 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary |
4300 | Active: active \(running\) |
4301 | """ |
4302 | # TODO find out what caused memory to go up, try to lower it again |
4303 | - Then on `xenial`, systemd status output says memory usage is less than `16` MB |
4304 | - Then on `bionic`, systemd status output says memory usage is less than `14` MB |
4305 | - Then on `focal`, systemd status output says memory usage is less than `12` MB |
4306 | - Then on `jammy`, systemd status output says memory usage is less than `13` MB |
4307 | + Then on `xenial`, systemd status output says memory usage is less than `17` MB |
4308 | + Then on `bionic`, systemd status output says memory usage is less than `15` MB |
4309 | + Then on `focal`, systemd status output says memory usage is less than `13` MB |
4310 | + Then on `jammy`, systemd status output says memory usage is less than `14` MB |
4311 | |
4312 | When I run `cat /var/log/ubuntu-advantage-daemon.log` with sudo |
4313 | Then stdout matches regexp: |
4314 | @@ -208,10 +208,79 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary |
4315 | | focal | |
4316 | | jammy | |
4317 | |
4318 | + @series.lts |
4319 | + @uses.config.contract_token |
4320 | + @uses.config.machine_type.azure.generic |
4321 | + Scenario Outline: daemon should run when appropriate on azure generic lts |
4322 | + Given a `<release>` machine with ubuntu-advantage-tools installed |
4323 | + # verify its enabled, but stops itself when not configured to poll |
4324 | + When I run `cat /var/log/ubuntu-advantage-daemon.log` with sudo |
4325 | + Then stdout matches regexp: |
4326 | + """ |
4327 | + daemon starting |
4328 | + """ |
4329 | + Then stdout matches regexp: |
4330 | + """ |
4331 | + Configured to not poll for pro license, shutting down |
4332 | + """ |
4333 | + Then stdout matches regexp: |
4334 | + """ |
4335 | + daemon ending |
4336 | + """ |
4337 | + When I run `systemctl is-enabled ubuntu-advantage.service` with sudo |
4338 | + Then stdout matches regexp: |
4339 | + """ |
4340 | + enabled |
4341 | + """ |
4342 | + Then I verify that running `systemctl is-failed ubuntu-advantage.service` `with sudo` exits `1` |
4343 | + Then stdout matches regexp: |
4344 | + """ |
4345 | + inactive |
4346 | + """ |
4347 | + |
4348 | + # verify it stays on when configured to do so |
4349 | + When I create the file `/var/lib/ubuntu-advantage/user-config.json` with the following: |
4350 | + """ |
4351 | + { "poll_for_pro_license": true } |
4352 | + """ |
4353 | + When I run `systemctl restart ubuntu-advantage.service` with sudo |
4354 | + # give it time to get past the initial request |
4355 | + When I wait `5` seconds |
4356 | + When I run `cat /var/log/ubuntu-advantage-daemon.log` with sudo |
4357 | + Then stdout matches regexp: |
4358 | + """ |
4359 | + daemon starting |
4360 | + """ |
4361 | + Then stdout matches regexp: |
4362 | + """ |
4363 | + Cancelling polling |
4364 | + """ |
4365 | + Then stdout matches regexp: |
4366 | + """ |
4367 | + daemon ending |
4368 | + """ |
4369 | + When I run `systemctl is-enabled ubuntu-advantage.service` with sudo |
4370 | + Then stdout matches regexp: |
4371 | + """ |
4372 | + enabled |
4373 | + """ |
4374 | + Then I verify that running `systemctl is-failed ubuntu-advantage.service` `with sudo` exits `1` |
4375 | + Then stdout matches regexp: |
4376 | + """ |
4377 | + inactive |
4378 | + """ |
4379 | + Examples: version |
4380 | + | release | |
4381 | + | xenial | |
4382 | + | bionic | |
4383 | + | focal | |
4384 | + | jammy | |
4385 | + |
4386 | @series.kinetic |
4387 | @uses.config.contract_token |
4388 | + @uses.config.machine_type.azure.generic |
4389 | @uses.config.machine_type.gcp.generic |
4390 | - Scenario Outline: daemon does not start on gcp generic non lts |
4391 | + Scenario Outline: daemon does not start on gcp,azure generic non lts |
4392 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4393 | When I wait `1` seconds |
4394 | When I run `cat /var/log/ubuntu-advantage-daemon.log` with sudo |
4395 | @@ -233,11 +302,10 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary |
4396 | |
4397 | @series.all |
4398 | @uses.config.contract_token |
4399 | - @uses.config.machine_type.lxd.container |
4400 | - @uses.config.machine_type.lxd.vm |
4401 | + @uses.config.machine_type.lxd-container |
4402 | + @uses.config.machine_type.lxd-vm |
4403 | @uses.config.machine_type.aws.generic |
4404 | - @uses.config.machine_type.azure.generic |
4405 | - Scenario Outline: daemon does not start when not on gcpgeneric |
4406 | + Scenario Outline: daemon does not start when not on gcpgeneric or azuregeneric |
4407 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4408 | Then I verify that running `systemctl status ubuntu-advantage.service` `with sudo` exits `3` |
4409 | Then stdout matches regexp: |
4410 | @@ -266,8 +334,7 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary |
4411 | |
4412 | @series.lts |
4413 | @uses.config.machine_type.aws.pro |
4414 | - @uses.config.machine_type.azure.pro |
4415 | - Scenario Outline: daemon does not start when not on gcpgeneric |
4416 | + Scenario Outline: daemon does not start when not on gcpgeneric or azuregeneric |
4417 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4418 | When I create the file `/etc/ubuntu-advantage/uaclient.conf` with the following: |
4419 | """ |
4420 | @@ -301,7 +368,8 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary |
4421 | |
4422 | @series.lts |
4423 | @uses.config.machine_type.gcp.pro |
4424 | - Scenario Outline: daemon does not start when not on gcpgeneric |
4425 | + @uses.config.machine_type.azure.pro |
4426 | + Scenario Outline: daemon does not start when not on gcpgeneric or azuregeneric |
4427 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4428 | When I create the file `/etc/ubuntu-advantage/uaclient.conf` with the following: |
4429 | """ |
4430 | diff --git a/features/docker.feature b/features/docker.feature |
4431 | index 2e82266..6724512 100644 |
4432 | --- a/features/docker.feature |
4433 | +++ b/features/docker.feature |
4434 | @@ -4,7 +4,7 @@ Feature: Build docker images with pro services |
4435 | @slow |
4436 | @docker |
4437 | @series.focal |
4438 | - @uses.config.machine_type.lxd.vm |
4439 | + @uses.config.machine_type.lxd-vm |
4440 | Scenario Outline: Build docker images with pro services |
4441 | Given a `focal` machine with ubuntu-advantage-tools installed |
4442 | When I have the `<container_release>` debs under test in `/home/ubuntu` |
4443 | @@ -77,4 +77,3 @@ Feature: Build docker images with pro services |
4444 | | focal | xenial | [ esm-infra ] | curl | esm | |
4445 | | focal | bionic | [ fips ] | openssl | fips | |
4446 | | focal | focal | [ esm-apps ] | hello | esm | |
4447 | - |
4448 | diff --git a/features/enable_fips_cloud.feature b/features/enable_fips_cloud.feature |
4449 | index c14b39b..41edbb0 100644 |
4450 | --- a/features/enable_fips_cloud.feature |
4451 | +++ b/features/enable_fips_cloud.feature |
4452 | @@ -217,7 +217,7 @@ Feature: FIPS enablement in cloud based machines |
4453 | And I verify that `strongswan-hmac` is installed from apt source `<fips-apt-source>` |
4454 | When I run `apt-cache policy ubuntu-fips` as non-root |
4455 | Then stdout does not match regexp: |
4456 | - "" |
4457 | + """ |
4458 | .*Installed: \(none\) |
4459 | """ |
4460 | When I reboot the machine |
4461 | diff --git a/features/enable_fips_container.feature b/features/enable_fips_container.feature |
4462 | index 178b6ad..a908d2b 100644 |
4463 | --- a/features/enable_fips_container.feature |
4464 | +++ b/features/enable_fips_container.feature |
4465 | @@ -5,7 +5,7 @@ Feature: FIPS enablement in lxd containers |
4466 | @series.xenial |
4467 | @series.bionic |
4468 | @series.focal |
4469 | - @uses.config.machine_type.lxd.container |
4470 | + @uses.config.machine_type.lxd-container |
4471 | Scenario Outline: Attached enable of FIPS in an ubuntu lxd container |
4472 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4473 | When I attach `contract_token` with sudo |
4474 | @@ -100,7 +100,7 @@ Feature: FIPS enablement in lxd containers |
4475 | @series.xenial |
4476 | @series.bionic |
4477 | @series.focal |
4478 | - @uses.config.machine_type.lxd.container |
4479 | + @uses.config.machine_type.lxd-container |
4480 | Scenario Outline: Try to enable FIPS after FIPS Updates in a lxd container |
4481 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4482 | When I attach `contract_token` with sudo |
4483 | diff --git a/features/enable_fips_vm.feature b/features/enable_fips_vm.feature |
4484 | index ea6c38e..f27a5e9 100644 |
4485 | --- a/features/enable_fips_vm.feature |
4486 | +++ b/features/enable_fips_vm.feature |
4487 | @@ -4,14 +4,14 @@ Feature: FIPS enablement in lxd VMs |
4488 | @slow |
4489 | @series.xenial |
4490 | @series.bionic |
4491 | - @uses.config.machine_type.lxd.vm |
4492 | + @uses.config.machine_type.lxd-vm |
4493 | Scenario Outline: Attached enable of FIPS in an ubuntu lxd vm |
4494 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4495 | When I attach `contract_token` with sudo |
4496 | When I run `pro status --format json` with sudo |
4497 | Then stdout contains substring |
4498 | """ |
4499 | - {"available": "yes", "blocked_by": [{"name": "livepatch", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "disabled", "status_details": "FIPS is not configured"} |
4500 | + {"available": "yes", "blocked_by": [{"name": "livepatch", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "disabled", "status_details": "FIPS is not configured", "warning": null} |
4501 | """ |
4502 | When I run `pro disable livepatch` with sudo |
4503 | And I run `DEBIAN_FRONTEND=noninteractive apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y openssh-client openssh-server strongswan` with sudo, retrying exit [100] |
4504 | @@ -48,15 +48,14 @@ Feature: FIPS enablement in lxd VMs |
4505 | When I run `pro status --format json --all` with sudo |
4506 | Then stdout contains substring: |
4507 | """ |
4508 | - {"available": "no", "blocked_by": [{"name": "fips", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}], "description": "Canonical Livepatch service", "description_override": null, "entitled": "yes", "name": "livepatch", "status": "n/a", "status_details": "Cannot enable Livepatch when FIPS is enabled."} |
4509 | + {"available": "no", "blocked_by": [{"name": "fips", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}], "description": "Canonical Livepatch service", "description_override": null, "entitled": "yes", "name": "livepatch", "status": "n/a", "status_details": "Cannot enable Livepatch when FIPS is enabled.", "warning": null} |
4510 | """ |
4511 | - |
4512 | When I reboot the machine |
4513 | And I run `uname -r` as non-root |
4514 | Then stdout matches regexp: |
4515 | - """ |
4516 | - fips |
4517 | - """ |
4518 | + """ |
4519 | + fips |
4520 | + """ |
4521 | When I run `cat /proc/sys/crypto/fips_enabled` with sudo |
4522 | Then I will see the following on stdout: |
4523 | """ |
4524 | @@ -64,24 +63,24 @@ Feature: FIPS enablement in lxd VMs |
4525 | """ |
4526 | When I run `pro status --all` with sudo |
4527 | Then stdout does not match regexp: |
4528 | - """ |
4529 | - FIPS support requires system reboot to complete configuration |
4530 | - """ |
4531 | + """ |
4532 | + FIPS support requires system reboot to complete configuration |
4533 | + """ |
4534 | When I run `pro disable <fips-service>` `with sudo` and stdin `y` |
4535 | Then stdout matches regexp: |
4536 | - """ |
4537 | - This will disable the FIPS entitlement but the FIPS packages will remain installed. |
4538 | - """ |
4539 | + """ |
4540 | + This will disable the FIPS entitlement but the FIPS packages will remain installed. |
4541 | + """ |
4542 | And stdout matches regexp: |
4543 | - """ |
4544 | - Updating package lists |
4545 | - A reboot is required to complete disable operation |
4546 | - """ |
4547 | + """ |
4548 | + Updating package lists |
4549 | + A reboot is required to complete disable operation |
4550 | + """ |
4551 | When I run `pro status --all` with sudo |
4552 | Then stdout matches regexp: |
4553 | - """ |
4554 | - Disabling FIPS requires system reboot to complete operation |
4555 | - """ |
4556 | + """ |
4557 | + Disabling FIPS requires system reboot to complete operation |
4558 | + """ |
4559 | When I run `apt-cache policy ubuntu-fips` as non-root |
4560 | Then stdout matches regexp: |
4561 | """ |
4562 | @@ -103,13 +102,13 @@ Feature: FIPS enablement in lxd VMs |
4563 | """ |
4564 | When I run `pro status --all` with sudo |
4565 | Then stdout matches regexp: |
4566 | - """ |
4567 | - <fips-service> +yes disabled |
4568 | - """ |
4569 | + """ |
4570 | + <fips-service> +yes disabled |
4571 | + """ |
4572 | Then stdout does not match regexp: |
4573 | - """ |
4574 | - Disabling FIPS requires system reboot to complete operation |
4575 | - """ |
4576 | + """ |
4577 | + Disabling FIPS requires system reboot to complete operation |
4578 | + """ |
4579 | When I run `pro enable <fips-service> --assume-yes --format json --assume-yes` with sudo |
4580 | Then stdout is a json matching the `ua_operation` schema |
4581 | And I will see the following on stdout: |
4582 | @@ -125,9 +124,9 @@ Feature: FIPS enablement in lxd VMs |
4583 | """ |
4584 | When I run `pro status --all` with sudo |
4585 | Then stdout matches regexp: |
4586 | - """ |
4587 | - <fips-service> +yes disabled |
4588 | - """ |
4589 | + """ |
4590 | + <fips-service> +yes disabled |
4591 | + """ |
4592 | |
4593 | Examples: ubuntu release |
4594 | | release | fips-name | fips-service |fips-apt-source | |
4595 | @@ -137,7 +136,7 @@ Feature: FIPS enablement in lxd VMs |
4596 | @slow |
4597 | @series.xenial |
4598 | @series.bionic |
4599 | - @uses.config.machine_type.lxd.vm |
4600 | + @uses.config.machine_type.lxd-vm |
4601 | Scenario Outline: Attached enable of FIPS-updates in an ubuntu lxd vm |
4602 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4603 | When I attach `contract_token` with sudo |
4604 | @@ -171,7 +170,7 @@ Feature: FIPS enablement in lxd VMs |
4605 | When I run `pro status --all --format json` with sudo |
4606 | Then stdout contains substring: |
4607 | """ |
4608 | - {"available": "no", "blocked_by": [{"name": "fips-updates", "reason": "FIPS cannot be enabled if FIPS Updates has ever been enabled because FIPS Updates installs security patches that aren't officially certified.", "reason_code": "fips-updates-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "n/a", "status_details": "Cannot enable FIPS when FIPS Updates is enabled."} |
4609 | + {"available": "no", "blocked_by": [{"name": "fips-updates", "reason": "FIPS cannot be enabled if FIPS Updates has ever been enabled because FIPS Updates installs security patches that aren't officially certified.", "reason_code": "fips-updates-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "n/a", "status_details": "Cannot enable FIPS when FIPS Updates is enabled.", "warning": null} |
4610 | """ |
4611 | |
4612 | When I reboot the machine |
4613 | @@ -245,7 +244,7 @@ Feature: FIPS enablement in lxd VMs |
4614 | When I run `pro status --all --format json` with sudo |
4615 | Then stdout contains substring: |
4616 | """ |
4617 | - {"available": "no", "blocked_by": [{"name": "livepatch", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}, {"name": "fips-updates", "reason": "FIPS cannot be enabled if FIPS Updates has ever been enabled because FIPS Updates installs security patches that aren't officially certified.", "reason_code": "fips-updates-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "n/a", "status_details": "Cannot enable FIPS when FIPS Updates is enabled."} |
4618 | + {"available": "no", "blocked_by": [{"name": "livepatch", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}, {"name": "fips-updates", "reason": "FIPS cannot be enabled if FIPS Updates has ever been enabled because FIPS Updates installs security patches that aren't officially certified.", "reason_code": "fips-updates-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "n/a", "status_details": "Cannot enable FIPS when FIPS Updates is enabled.", "warning": null} |
4619 | """ |
4620 | When I run `pro disable <fips-service> --assume-yes` with sudo |
4621 | And I run `pro enable <fips-service> --assume-yes --format json --assume-yes` with sudo |
4622 | @@ -275,7 +274,7 @@ Feature: FIPS enablement in lxd VMs |
4623 | @slow |
4624 | @series.xenial |
4625 | @series.bionic |
4626 | - @uses.config.machine_type.lxd.vm |
4627 | + @uses.config.machine_type.lxd-vm |
4628 | Scenario Outline: Attached enable FIPS-updates while livepatch is enabled |
4629 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4630 | When I attach `contract_token` with sudo |
4631 | @@ -332,7 +331,7 @@ Feature: FIPS enablement in lxd VMs |
4632 | |
4633 | @slow |
4634 | @series.focal |
4635 | - @uses.config.machine_type.lxd.vm |
4636 | + @uses.config.machine_type.lxd-vm |
4637 | Scenario Outline: Attached enable of FIPS in an ubuntu lxd vm |
4638 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4639 | When I attach `contract_token` with sudo |
4640 | @@ -342,7 +341,6 @@ Feature: FIPS enablement in lxd VMs |
4641 | """ |
4642 | Updating package lists |
4643 | Installing <fips-name> packages |
4644 | - FIPS strongswan-hmac package could not be installed |
4645 | <fips-name> enabled |
4646 | A reboot is required to complete install |
4647 | """ |
4648 | @@ -376,6 +374,8 @@ Feature: FIPS enablement in lxd VMs |
4649 | When I reboot the machine |
4650 | Then I verify that `openssh-server` installed version matches regexp `fips` |
4651 | And I verify that `openssh-client` installed version matches regexp `fips` |
4652 | + And I verify that `strongswan` installed version matches regexp `fips` |
4653 | + And I verify that `strongswan-hmac` installed version matches regexp `fips` |
4654 | When I run `apt-mark unhold openssh-client openssh-server strongswan` with sudo |
4655 | Then I will see the following on stdout: |
4656 | """ |
4657 | @@ -395,7 +395,7 @@ Feature: FIPS enablement in lxd VMs |
4658 | |
4659 | @slow |
4660 | @series.focal |
4661 | - @uses.config.machine_type.lxd.vm |
4662 | + @uses.config.machine_type.lxd-vm |
4663 | Scenario Outline: Attached enable of FIPS-updates in an ubuntu lxd vm |
4664 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4665 | When I attach `contract_token` with sudo |
4666 | @@ -465,7 +465,7 @@ Feature: FIPS enablement in lxd VMs |
4667 | |
4668 | @slow |
4669 | @series.lts |
4670 | - @uses.config.machine_type.lxd.vm |
4671 | + @uses.config.machine_type.lxd-vm |
4672 | Scenario Outline: Attached enable fips-updates on fips enabled vm |
4673 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4674 | When I attach `contract_token` with sudo |
4675 | @@ -520,7 +520,7 @@ Feature: FIPS enablement in lxd VMs |
4676 | """ |
4677 | And stdout matches regexp: |
4678 | """ |
4679 | - livepatch +yes enabled |
4680 | + livepatch +yes (enabled|warning) |
4681 | """ |
4682 | When I run `uname -r` as non-root |
4683 | Then stdout matches regexp: |
4684 | @@ -542,7 +542,7 @@ Feature: FIPS enablement in lxd VMs |
4685 | @slow |
4686 | @series.xenial |
4687 | @series.bionic |
4688 | - @uses.config.machine_type.lxd.vm |
4689 | + @uses.config.machine_type.lxd-vm |
4690 | Scenario Outline: FIPS enablement message when cloud init didn't run properly |
4691 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4692 | When I delete the file `/run/cloud-init/instance-data.json` |
4693 | @@ -566,7 +566,7 @@ Feature: FIPS enablement in lxd VMs |
4694 | |
4695 | @slow |
4696 | @series.focal |
4697 | - @uses.config.machine_type.lxd.vm |
4698 | + @uses.config.machine_type.lxd-vm |
4699 | Scenario Outline: FIPS enablement message when cloud init didn't run properly |
4700 | Given a `<release>` machine with ubuntu-advantage-tools installed |
4701 | When I delete the file `/run/cloud-init/instance-data.json` |
4702 | diff --git a/features/environment.py b/features/environment.py |
4703 | index 8c3f685..7e553b4 100644 |
4704 | --- a/features/environment.py |
4705 | +++ b/features/environment.py |
4706 | @@ -6,6 +6,7 @@ import random |
4707 | import re |
4708 | import string |
4709 | import sys |
4710 | +import tarfile |
4711 | from typing import Dict, List, Optional, Tuple, Union # noqa: F401 |
4712 | |
4713 | import pycloudlib # type: ignore # noqa: F401 |
4714 | @@ -46,7 +47,7 @@ class UAClientBehaveConfig: |
4715 | This indicates whether the image created for this test run should be |
4716 | cleaned up when all tests are complete. |
4717 | :param machine_type: |
4718 | - The default machine_type to test: lxd.container, lxd.vm, azure.pro, |
4719 | + The default machine_type to test: lxd-container, lxd-vm, azure.pro, |
4720 | azure.generic, aws.pro or aws.generic |
4721 | :param private_key_file: |
4722 | Optional path to pre-existing private key file to use when connecting |
4723 | @@ -105,8 +106,6 @@ class UAClientBehaveConfig: |
4724 | # This variable is used in .from_environ() but also to emit the "Config |
4725 | # options" stanza in __init__ |
4726 | all_options = boolean_options + str_options |
4727 | - cloud_api = None # type: pycloudlib.cloud.BaseCloud |
4728 | - cloud_manager = None # type: cloud.Cloud |
4729 | |
4730 | def __init__( |
4731 | self, |
4732 | @@ -116,15 +115,15 @@ class UAClientBehaveConfig: |
4733 | destroy_instances: bool = True, |
4734 | ephemeral_instance: bool = False, |
4735 | snapshot_strategy: bool = False, |
4736 | - machine_type: str = "lxd.container", |
4737 | + machine_type: str = "lxd-container", |
4738 | private_key_file: Optional[str] = None, |
4739 | private_key_name: str = "uaclient-integration", |
4740 | reuse_image: Optional[str] = None, |
4741 | contract_token: Optional[str] = None, |
4742 | contract_token_staging: Optional[str] = None, |
4743 | contract_token_staging_expired: Optional[str] = None, |
4744 | - artifact_dir: Optional[str] = None, |
4745 | - install_from: InstallationSource = InstallationSource.DAILY, |
4746 | + artifact_dir: str = "artifacts", |
4747 | + install_from: InstallationSource = InstallationSource.LOCAL, |
4748 | custom_ppa: Optional[str] = None, |
4749 | debs_path: Optional[str] = None, |
4750 | userdata_file: Optional[str] = None, |
4751 | @@ -214,47 +213,39 @@ class UAClientBehaveConfig: |
4752 | ) |
4753 | timed_job_tag += "-" + random_suffix |
4754 | |
4755 | - if "aws" in self.machine_type: |
4756 | - # For AWS, we need to specify on the pycloudlib config file that |
4757 | - # the AWS region must be us-east-2. The reason for that is because |
4758 | - # our image ids were captured using that region. |
4759 | - self.cloud_manager = cloud.EC2( |
4760 | - machine_type=self.machine_type, |
4761 | + self.clouds = { |
4762 | + "aws": cloud.EC2( |
4763 | cloud_credentials_path=self.cloud_credentials_path, |
4764 | tag=timed_job_tag, |
4765 | timestamp_suffix=False, |
4766 | - ) |
4767 | - self.cloud = "aws" |
4768 | - elif "azure" in self.machine_type: |
4769 | - self.cloud_manager = cloud.Azure( |
4770 | - machine_type=self.machine_type, |
4771 | + ), |
4772 | + "azure": cloud.Azure( |
4773 | cloud_credentials_path=self.cloud_credentials_path, |
4774 | tag=timed_job_tag, |
4775 | timestamp_suffix=False, |
4776 | - ) |
4777 | - self.cloud = "azure" |
4778 | - elif "gcp" in self.machine_type: |
4779 | - self.cloud_manager = cloud.GCP( |
4780 | - machine_type=self.machine_type, |
4781 | + ), |
4782 | + "gcp": cloud.GCP( |
4783 | cloud_credentials_path=self.cloud_credentials_path, |
4784 | tag=timed_job_tag, |
4785 | timestamp_suffix=False, |
4786 | - ) |
4787 | - self.cloud = "gcp" |
4788 | - elif "lxd.vm" in self.machine_type: |
4789 | - self.cloud_manager = cloud.LXDVirtualMachine( |
4790 | - machine_type=self.machine_type, |
4791 | + ), |
4792 | + "lxd-vm": cloud.LXDVirtualMachine( |
4793 | cloud_credentials_path=self.cloud_credentials_path, |
4794 | - ) |
4795 | - self.cloud = "lxd.vm" |
4796 | - else: |
4797 | - self.cloud_manager = cloud.LXDContainer( |
4798 | - machine_type=self.machine_type, |
4799 | + ), |
4800 | + "lxd-container": cloud.LXDContainer( |
4801 | cloud_credentials_path=self.cloud_credentials_path, |
4802 | - ) |
4803 | - self.cloud = "lxd" |
4804 | - |
4805 | - self.cloud_api = self.cloud_manager.api |
4806 | + ), |
4807 | + } |
4808 | + if "aws" in self.machine_type: |
4809 | + self.default_cloud = self.clouds["aws"] |
4810 | + elif "azure" in self.machine_type: |
4811 | + self.default_cloud = self.clouds["azure"] |
4812 | + elif "gcp" in self.machine_type: |
4813 | + self.default_cloud = self.clouds["gcp"] |
4814 | + elif "lxd-vm" in self.machine_type: |
4815 | + self.default_cloud = self.clouds["lxd-vm"] |
4816 | + else: |
4817 | + self.default_cloud = self.clouds["lxd-container"] |
4818 | |
4819 | # Finally, print the config options. This helps users debug the use of |
4820 | # config options, and means they'll be included in test logs in CI. |
4821 | @@ -299,6 +290,9 @@ class UAClientBehaveConfig: |
4822 | bool_value = False |
4823 | kwargs[key] = bool_value |
4824 | |
4825 | + # userdata should override environment variables |
4826 | + kwargs.update(config.userdata) |
4827 | + |
4828 | if "install_from" in kwargs: |
4829 | kwargs["install_from"] = InstallationSource(kwargs["install_from"]) |
4830 | |
4831 | @@ -329,17 +323,16 @@ def before_all(context: Context) -> None: |
4832 | print(" - {} = {}".format(key, value)) |
4833 | context.series_image_name = {} |
4834 | context.series_reuse_image = "" |
4835 | - context.config = UAClientBehaveConfig.from_environ(context.config) |
4836 | - context.config.cloud_manager.manage_ssh_key() |
4837 | + context.pro_config = UAClientBehaveConfig.from_environ(context.config) |
4838 | context.snapshots = {} |
4839 | context.machines = {} |
4840 | |
4841 | - if context.config.reuse_image: |
4842 | + if context.pro_config.reuse_image: |
4843 | series = lxc_get_property( |
4844 | - context.config.reuse_image, property_name="series", image=True |
4845 | + context.pro_config.reuse_image, property_name="series", image=True |
4846 | ) |
4847 | machine_type = lxc_get_property( |
4848 | - context.config.reuse_image, |
4849 | + context.pro_config.reuse_image, |
4850 | property_name="machine_type", |
4851 | image=True, |
4852 | ) |
4853 | @@ -347,26 +340,26 @@ def before_all(context: Context) -> None: |
4854 | print("Found machine_type: {vm_type}".format(vm_type=machine_type)) |
4855 | if series is not None: |
4856 | context.series_reuse_image = series |
4857 | - context.series_image_name[series] = context.config.reuse_image |
4858 | + context.series_image_name[series] = context.pro_config.reuse_image |
4859 | else: |
4860 | print(" Could not check image series. It will not be used. ") |
4861 | - context.config.reuse_image = None |
4862 | + context.pro_config.reuse_image = None |
4863 | |
4864 | |
4865 | def _should_skip_tags(context: Context, tags: List) -> str: |
4866 | """Return a reason if a feature or scenario should be skipped""" |
4867 | - machine_type = getattr(context.config, "machine_type", "") |
4868 | + machine_type = getattr(context.pro_config, "machine_type", "") |
4869 | machine_types = [] |
4870 | |
4871 | for tag in tags: |
4872 | parts = tag.split(".") |
4873 | - if parts[0] != "uses": |
4874 | - continue # Only process @uses.* tags for skipping: |
4875 | - val = context |
4876 | - for idx, attr in enumerate(parts[1:], 1): |
4877 | + if parts[0] != "uses" or parts[1] != "config": |
4878 | + continue # Only process @uses.config.* tags for skipping: |
4879 | + val = context.pro_config |
4880 | + for idx, attr in enumerate(parts[2:], 1): |
4881 | val = getattr(val, attr, None) |
4882 | if attr == "machine_type": |
4883 | - curr_machine_type = ".".join(parts[idx + 1 :]) |
4884 | + curr_machine_type = ".".join(parts[idx + 2 :]) |
4885 | machine_types.append(curr_machine_type) |
4886 | if curr_machine_type == machine_type: |
4887 | return "" |
4888 | @@ -397,9 +390,9 @@ def before_scenario(context: Context, scenario: Scenario): |
4889 | scenario.skip(reason=reason) |
4890 | return |
4891 | |
4892 | - filter_series = context.config.filter_series |
4893 | + filter_series = context.pro_config.filter_series |
4894 | given_a_series_match = re.match( |
4895 | - "a `(.*)` machine with ubuntu-advantage-tools installed", |
4896 | + "a `([a-z]*)` machine with ubuntu-advantage-tools installed", |
4897 | scenario.steps[0].name, |
4898 | ) |
4899 | if filter_series and given_a_series_match: |
4900 | @@ -415,6 +408,38 @@ def before_scenario(context: Context, scenario: Scenario): |
4901 | ) |
4902 | return |
4903 | |
4904 | + if hasattr(scenario, "_row") and scenario._row is not None: |
4905 | + row_release = scenario._row.get("release") |
4906 | + if ( |
4907 | + row_release |
4908 | + and len(filter_series) > 0 |
4909 | + and row_release not in filter_series |
4910 | + ): |
4911 | + scenario.skip( |
4912 | + reason=( |
4913 | + "Skipping scenario outline series `{series}`." |
4914 | + " Cmdline provided @series tags: {cmdline_series}".format( |
4915 | + series=row_release, cmdline_series=filter_series |
4916 | + ) |
4917 | + ) |
4918 | + ) |
4919 | + return |
4920 | + row_machine_type = scenario._row.get("machine_type") |
4921 | + if ( |
4922 | + row_machine_type |
4923 | + and context.pro_config.machine_type != "any" |
4924 | + and row_machine_type != context.pro_config.machine_type |
4925 | + ): |
4926 | + scenario.skip( |
4927 | + reason=( |
4928 | + "Skipping scenario outline machine_type `{}`." |
4929 | + " Cmdline provided machine_type: {}".format( |
4930 | + row_machine_type, context.pro_config.machine_type |
4931 | + ) |
4932 | + ) |
4933 | + ) |
4934 | + return |
4935 | + |
4936 | # before_step doesn't execute early enough to modify the step |
4937 | # so we perform step text surgery here |
4938 | # Also, logging capture is not set up when before_scenario is called, |
4939 | @@ -431,61 +456,30 @@ def before_scenario(context: Context, scenario: Scenario): |
4940 | ) |
4941 | |
4942 | |
4943 | -FAILURE_FILES = ( |
4944 | - "/etc/ubuntu-advantage/uaclient.log", |
4945 | - "/var/log/cloud-init.log", |
4946 | - "/var/log/ubuntu-advantage.log", |
4947 | - "/var/log/ubuntu-advantage-daemon.log", |
4948 | - "/var/log/ubuntu-advantage-timer.log", |
4949 | - "/var/lib/cloud/instance/user-data.txt", |
4950 | - "/var/lib/cloud/instance/vendor-data.txt", |
4951 | -) |
4952 | -FAILURE_CMDS = { |
4953 | - "ua-version": ["pro", "version"], |
4954 | - "cloud-init-analyze": ["cloud-init", "analyze", "show"], |
4955 | - "cloud-init.status": ["cloud-init", "status", "--long"], |
4956 | - "status.yaml": ["pro", "status", "--all", "--format=yaml"], |
4957 | - "journal.log": ["journalctl", "-b", "0"], |
4958 | - "systemd-analyze-blame": ["systemd-analyze", "blame"], |
4959 | - "systemctl-status": ["systemctl", "status"], |
4960 | - "systemctl-status-ua-auto-attach": [ |
4961 | - "systemctl", |
4962 | - "status", |
4963 | - "ua-auto-attach.service", |
4964 | - ], |
4965 | - "systemctl-status-ua-reboot-cmds": [ |
4966 | - "systemctl", |
4967 | - "status", |
4968 | - "ua-reboot-cmds.service", |
4969 | - ], |
4970 | - "systemctl-status-ubuntu-advantage": [ |
4971 | - "systemctl", |
4972 | - "status", |
4973 | - "ubuntu-advantage.service", |
4974 | - ], |
4975 | - "systemctl-status-apt-news": [ |
4976 | - "systemctl", |
4977 | - "status", |
4978 | - "apt-news.service", |
4979 | - ], |
4980 | -} |
4981 | - |
4982 | - |
4983 | def after_step(context, step): |
4984 | """Collect test artifacts in the event of failure.""" |
4985 | if step.status == "failed": |
4986 | - if context.config.artifact_dir: |
4987 | - artifacts_dir = context.config.artifact_dir |
4988 | - else: |
4989 | - artifacts_dir = "artifacts" |
4990 | - artifacts_dir = os.path.join( |
4991 | - artifacts_dir, |
4992 | + logging.warning("STEP FAILED. Collecting logs.") |
4993 | + inner_dir = os.path.join( |
4994 | + datetime.datetime.now().strftime("%Y-%m-%dT%H-%M-%S"), |
4995 | "{}_{}".format(os.path.basename(step.filename), step.line), |
4996 | ) |
4997 | + new_artifacts_dir = os.path.join( |
4998 | + context.pro_config.artifact_dir, |
4999 | + inner_dir, |
5000 | + ) |
* Staging PPA Test Triggers: advantage- tools/28~ rc1: Pending /autopkgtest. ubuntu. com/request. cgi?release= mantic& package= ubuntu- advantage- tools&arch= amd64&trigger= ubuntu- advantage- tools%2F28~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= mantic& package= ubuntu- advantage- tools&arch= arm64&trigger= ubuntu- advantage- tools%2F28~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= mantic& package= ubuntu- advantage- tools&arch= armhf&trigger= ubuntu- advantage- tools%2F28~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= mantic& package= ubuntu- advantage- tools&arch= ppc64el& trigger= ubuntu- advantage- tools%2F28~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= mantic& package= ubuntu- advantage- tools&arch= s390x&trigger= ubuntu- advantage- tools%2F28~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= mantic& package= ubuntu- advantage- tools&arch= riscv64& trigger= ubuntu- advantage- tools%2F28~ rc1&ppa= ua-client% 2Fstaging♻ advantage- tools/28~ 23.04~rc1: Pending /autopkgtest. ubuntu. com/request. cgi?release= lunar&package= ubuntu- advantage- tools&arch= amd64&trigger= ubuntu- advantage- tools%2F28~ 23.04~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= lunar&package= ubuntu- advantage- tools&arch= arm64&trigger= ubuntu- advantage- tools%2F28~ 23.04~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= lunar&package= ubuntu- advantage- tools&arch= armhf&trigger= ubuntu- advantage- tools%2F28~ 23.04~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= lunar&package= ubuntu- advantage- tools&arch= ppc64el& trigger= ubuntu- advantage- tools%2F28~ 23.04~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= lunar&package= ubuntu- advantage- tools&arch= s390x&trigger= ubuntu- advantage- tools%2F28~ 23.04~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= lunar&package= ubuntu- advantage- tools&arch= riscv64& trigger= ubuntu- advantage- tools%2F28~ 23.04~rc1& ppa=ua- client% 2Fstaging♻ advantage- tools/28~ 22.10~rc1: Pending /autopkgtest. ubuntu. com/request. cgi?release= kinetic& package= ubuntu- advantage- tools&arch= amd64&trigger= ubuntu- advantage- tools%2F28~ 22.10~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= kinetic& package= ubuntu- advantage- tools&arch= arm64&trigger= ubuntu- advantage- tools%2F28~ 22.10~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= kinetic& package= ubuntu- advantage- tools&arch= armhf&trigger= ubuntu- advantage- tools%2F28~ 22.10~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= kinetic& package= ubuntu- advantage- tools&arch= ppc64el& trigger= ubuntu- advantage- tools%2F28~ 22.10~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= kin...
- Source ubuntu-
+ amd64: https:/
+ arm64: https:/
+ armhf: https:/
+ ppc64el: https:/
+ s390x: https:/
+ riscv64: https:/
- Source ubuntu-
+ amd64: https:/
+ arm64: https:/
+ armhf: https:/
+ ppc64el: https:/
+ s390x: https:/
+ riscv64: https:/
- Source ubuntu-
+ amd64: https:/
+ arm64: https:/
+ armhf: https:/
+ ppc64el: https:/
+ s390x: https:/