** Description changed: [Impact] This release sports both bug-fixes and new features and we would like to make sure all of our supported customers have access to these improvements. The notable ones are: * more robust error handling when determining the cloud we're on LP: #1940131 LP: #1938207 LP: #1944676 * disallows fips on focal aws/azure LP: #1939449 LP: #1939932 * adds/changes to ua-related recurring jobs: - change in frequency to existing job: updates the apt and motd esm update messaging: every 6 hours - new job: updates the contract details and status: every 12 hours - new job: ONLY ON GCP (implemented as separate timer that is only activated on GCP LTS when not attached): checks for license changes and auto-attaches if a pro license was added: every 5 minutes * adds support for ros/ros-updates entitlements with --beta flag - This also lays the foundations for metering pro subscriptions. However, - this feature is disabled in this release. + With this change, the ua-message timer is renamed to ua-timer, as it has + a more generic functionality: it triggers sub jobs which need to be + executed periodically. One of those is exactly the job which updates the + messaging - which has its interval reduced to 6h, as well as the timer + itself. There is also a job to update the client status every 12h, and a + third one to collect metrics, which is disabled for this release. See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. <TODO After released to -proposed: attach integration test artifacts> [Regression Potential] In order to mitigate the regression potential, the results of the aforementioned integration tests are attached to this bug. We moved the trigger of the apt and motd messaging updates from a dedicated systemd timer to a shared timer that conditionally calls the messaging updates in our python code. This adds complexity. If we made a mistake, then either the job won't get called frequently enough or will get called too frequently. If the former, then some esm updates related messaging will be out of date in apt and motd. If the latter, then cpu cycles will be wasted in needlessly updating messages. We touched postinst to handle cloud-id failures more robustly. Touching postinst is always scary because it is the most likely way for us to break upgrades. In theory this change made upgrades less likely to fail, but if we made a mistake, it could cause new unexpected failures. We added more recurring jobs in the service of new features. This increases complexity and potential for mistakes. In particular, we have strived to avoid excessive logging from these jobs. If we made a mistake in our logging, we could inadvertently fill up disks with useless logs. Additional recurring jobs will also use more cpu over time than previous versions. This is at least partially addressed below. We instrumented a high frequency timer to only run on GCP, but if we made a mistake, this could be accidentally activated on non-GCP machines, which would be a waste. (See below for additional high frequency timer discussion). [Discussion] Our timer on GCP runs every 5 minutes. This is necessary to support timely upgrades of gcp instances from standard ubuntu to ubuntu pro. We need to poll the metadata endpoint frequently to catch the license change in a timely manner. We exit as early as possible if there is nothing to be done for any given timer trigger. From our testing, this has minimal overall system performance impact. <TODO @chad.smith insert details and link to spreadsheet> [Changelog] - * d/tools.postinst: - - consider cloud to be "none" on any cloud-id error - - purge old ua-messaging.timer/service files - * systemd: - - remove ua-messaging.timer/service - - add new ua-timer.timer that runs every 2 hours - - add new ua-license_check.timer that runs every 5 minutes only if - activated by ua-license-check.path - * New upstream release 27.3 - - ros: - + add beta support to enable ros and ros-updates - + add support for "required services" so that esm-infra and esm-apps - get auto-enabled when enabling ros or ros-updates - + add support for "dependent services" so that user gets prompted to - disable ros/ros-updates if they disable esm-infra/esm-apps - - fips: - + allow fips on GCP bionic now that optimized kernel is ready - + disallow enabling fips on focal on clouds until cloud-optimized focal - fips-certified kernel is ready (LP: #1939449, LP: #1939932) - + print warning about generic fips kernel if cloud-id fails - - cloud: - + rely only on cloud-id to determine cloud type (LP: #1940131) - + catch errors when determining cloud type (LP: #1938207) (GH: #1541) - - azure: - + bump IMDS API version to support Azure published images - - cli: - + collect-logs command that creates a tar file with debug-relevant logs - and status info (GH: #463) - + clean locks on exceptions more thoroughly to avoid false "Operation in - progress" status messages - + retain past service state after detach - + shows better error message when a port value in a proxy is invalid - - non-unicode locale support: - + remove unicode-only characters from help file - + don't print unicode-only characters in ua fix if non-utf8 locale - (GH: #1463) - - ua-timer.timer: - + introduce a single systemd timer to handle ua recurring jobs - + timer runs every 2 hours to support most frequent timer job - + recurring job intervals are configurable in uaclient.conf - + individual jobs are disabled if their interval is set to 0 - - status job: - + update ua status every 12 hours - - messaging job: - + update APT/MOTD ESM messaging every 6 hours - - metering job: - + disabled until infrastructure is ready - + for attached machines only, periodically update contract server with - status information for proper contract metering - - ua-license-check.timer: - + only runs on LTS GCP instances that are not attached - + runs every 5 minutes to check if gcp instance has license required to - auto-attach - - logs: - + fixes duplicate logging (GH: #553) - - tests and support: - + remove groovy integration tests - + various improvements to integration tests + * d/tools.postinst: + - consider cloud to be "none" on any cloud-id error + - purge old ua-messaging.timer/service files + * systemd: + - remove ua-messaging.timer/service + - add new ua-timer.timer that runs every 2 hours + - add new ua-license_check.timer that runs every 5 minutes only if + activated by ua-license-check.path + * New upstream release 27.3 + - ros: + + add beta support to enable ros and ros-updates + + add support for "required services" so that esm-infra and esm-apps + get auto-enabled when enabling ros or ros-updates + + add support for "dependent services" so that user gets prompted to + disable ros/ros-updates if they disable esm-infra/esm-apps + - fips: + + allow fips on GCP bionic now that optimized kernel is ready + + disallow enabling fips on focal on clouds until cloud-optimized focal + fips-certified kernel is ready (LP: #1939449, LP: #1939932) + + print warning about generic fips kernel if cloud-id fails + - cloud: + + rely only on cloud-id to determine cloud type (LP: #1940131) + + catch errors when determining cloud type (LP: #1938207) (GH: #1541) + - azure: + + bump IMDS API version to support Azure published images + - cli: + + collect-logs command that creates a tar file with debug-relevant logs + and status info (GH: #463) + + clean locks on exceptions more thoroughly to avoid false "Operation in + progress" status messages + + retain past service state after detach + + shows better error message when a port value in a proxy is invalid + - non-unicode locale support: + + remove unicode-only characters from help file + + don't print unicode-only characters in ua fix if non-utf8 locale + (GH: #1463) + - ua-timer.timer: + + introduce a single systemd timer to handle ua recurring jobs + + timer runs every 2 hours to support most frequent timer job + + recurring job intervals are configurable in uaclient.conf + + individual jobs are disabled if their interval is set to 0 + - status job: + + update ua status every 12 hours + - messaging job: + + update APT/MOTD ESM messaging every 6 hours + - metering job: + + disabled until infrastructure is ready + + for attached machines only, periodically update contract server with + status information for proper contract metering + - ua-license-check.timer: + + only runs on LTS GCP instances that are not attached + + runs every 5 minutes to check if gcp instance has license required to + auto-attach + - logs: + + fixes duplicate logging (GH: #553) + - tests and support: + + remove groovy integration tests + + various improvements to integration tests
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1942929 Title: [SRU] ubuntu-advantage-tools (27.2.2 -> 27.3) Xenial, Bionic, Focal, Hirsute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1942929/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
