Public bug reported:
[Impact]
This release sports both bug-fixes and new features and we would like to make
sure all of our supported customers have access to these improvements. The
notable ones are:
* A daemon that only runs on GCP
* Currently it ends early based on a default config setting - making it
hardly a deamon. But this config setting will be flipped on as soon
as it's needed via a follow up SRU, so please review as if the daemon
was long-running.
* When it turns on, it will long-poll the GCP metadata endpoint and run
`ua auto-attach` when a pro license is added.
* This replaces the 5 minute timer we currently have on GCP.
* A part of this is a shim service only on xenial to replace a needed
feature from cloud-init, that is not backported to xenial.
* Contract renewal UX improvements
* `ua status` now notifies you when your contract is updated (e.g.
renewed), and instructs the user to run `ua refresh`. (Note this
isn't technically required for renewal - services will keep working
for a renewed contract regardless.)
* `ua refresh` now ensures motd/apt messaging is all up to date in
addition to updating contract details.
* In combination, these two features address user concerns over
confusing/outdated motd/apt messaging shortly after contract renewal.
* More granular APT Proxy configuration with backwards compatibility
* apt_http(s)_proxy is renamed to global_apt_http(s)_proxy (but the old
name still works)
* ua_apt_http(s)_proxy is introduced for ua-scoped apt proxy
configurations
* `ua security-status` now includes counts of packages from each archive
component
See the changelog entry below for a full list of changes and bugs.
[Test Case]
The following development and SRU process was followed:
[https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates](https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates)
The ubuntu-advantage-tools team will be in charge of attaching the
artifacts and console output of the appropriate run to the bug. ubuntu-
advantage-tools team members will not mark ‘verification-done’ until
this has happened.
[Regression Potential]
This is a big update, with several refactors touching many pieces of the
codebase. It is possible that some behavior changed in subtle ways not captured
by our integration tests.
There are also several small refactors and additions to the postinst
script. Any adjustment to postinst poses the risk of breaking upgrades
if a mistake was made.
We already dropped support for trusty, but we removed even more trusty
related code in this release. It is possible that we were unknowingly
relying on some of this trusty code for subtle behavior.
We included backwards compatibility for the proxy configuration changes,
but it is possible that if we made a mistake then old configurations
will stop working correctly.
[Discussion]
There were a series of discussions about the daemon and it was decided
to limit the scope as much as possible. As such, it only runs on GCP on
unattached instances. Python won't even be instantiated on other
machines. The daemon checks several conditions on start up as well and
ends early if any don't match.
There was some effort to keep the memory footprint from being too high.
It depends on the python version; on xenial systemd says the daemon
takes just under 14Mb and on focal, just under 11Mb. We have regression
tests in place to keep on eye on memory usage. When the daemon is
running, it will almost always be blocked on a long-poll endpoint, so
CPU usage should be minimal.
The daemon does run as root, but doesn't listen on a socket or accept on
any user input. It looks at root-only config files and talks to a
particular GCP metadata endpoint. If a user were to maliciously MITM the
metadata endpoint, they could provide data to the daemon that would
cause it to send requests to the Contract Server unnecessarily.
[Changelog]
Coming soon...
** Affects: ubuntu-advantage-tools (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
- [Impact]
+ [Impact]
This release sports both bug-fixes and new features and we would like to make
sure all of our supported customers have access to these improvements. The
notable ones are:
* A daemon that only runs on GCP
- * Currently it ends early based on a default config setting - making it
hardly a deamon. But this config setting will be flipped on as soon as it's
needed via a follow up SRU, so please review as if the daemon was long-running.
- * When it turns on, it will long-poll the GCP metadata endpoint and run
`ua auto-attach` when a pro license is added.
- * This replaces the 5 minute timer we currently have on GCP.
- * A part of this is a shim service only on xenial to replace a needed
feature from cloud-init, that is not backported to xenial.
- * Contract renewal UX improvements
- * `ua status` now notifies you when your contract is updated (e.g.
renewed), and instructs the user to run `ua refresh`. (Note this isn't
technically required for renewal - services will keep working regardless.)
- * `ua refresh` now ensures motd/apt messaging is all up to date in
addition to updating contract details.
- * In combination, these two features address user concerns over
confusing/outdated motd/apt messaging shortly after contract renewal.
- * More granular APT Proxy configuration with backwards compatibility
- * apt_http(s)_proxy is renamed to global_apt_http(s)_proxy (but the old
name still works)
- * ua_apt_http(s)_proxy is introduced for ua-scoped apt proxy
configurations
- * `ua security-status` now includes counts of packages from each archive
component
+ * Currently it ends early based on a default config setting - making it
+ hardly a deamon. But this config setting will be flipped on as soon
+ as it's needed via a follow up SRU, so please review as if the daemon
+ was long-running.
+ * When it turns on, it will long-poll the GCP metadata endpoint and run
+ `ua auto-attach` when a pro license is added.
+ * This replaces the 5 minute timer we currently have on GCP.
+ * A part of this is a shim service only on xenial to replace a needed
+ feature from cloud-init, that is not backported to xenial.
+ * Contract renewal UX improvements
+ * `ua status` now notifies you when your contract is updated (e.g.
+ renewed), and instructs the user to run `ua refresh`. (Note this
+ isn't technically required for renewal - services will keep working
+ for a renewed contract regardless.)
+ * `ua refresh` now ensures motd/apt messaging is all up to date in
+ addition to updating contract details.
+ * In combination, these two features address user concerns over
+ confusing/outdated motd/apt messaging shortly after contract renewal.
+ * More granular APT Proxy configuration with backwards compatibility
+ * apt_http(s)_proxy is renamed to global_apt_http(s)_proxy (but the old
+ name still works)
+ * ua_apt_http(s)_proxy is introduced for ua-scoped apt proxy
+ configurations
+ * `ua security-status` now includes counts of packages from each archive
+ component
See the changelog entry below for a full list of changes and bugs.
- [Test Case]
- The following development and SRU process was followed:
+ [Test Case]
+ The following development and SRU process was followed:
[https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates](https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates)
The ubuntu-advantage-tools team will be in charge of attaching the
artifacts and console output of the appropriate run to the bug. ubuntu-
advantage-tools team members will not mark ‘verification-done’ until
this has happened.
- [Regression Potential]
+ [Regression Potential]
This is a big update, with several refactors touching many pieces of the
codebase. It is possible that some behavior changed in subtle ways not captured
by our integration tests.
There are also several small refactors and additions to the postinst
script. Any adjustment to postinst poses the risk of breaking upgrades
if a mistake was made.
We already dropped support for trusty, but we removed even more trusty
related code in this release. It is possible that we were unknowingly
relying on some of this trusty code for subtle behavior.
We included backwards compatibility for the proxy configuration changes,
but it is possible that if we made a mistake then old configurations
will stop working correctly.
[Discussion]
There were a series of discussions about the daemon and it was decided
to limit the scope as much as possible. As such, it only runs on GCP on
unattached instances. Python won't even be instantiated on other
machines. The daemon checks several conditions on start up as well and
ends early if any don't match.
There was some effort to keep the memory footprint from being too high.
It depends on the python version; on xenial systemd says the daemon
takes just under 14Mb and on focal, just under 11Mb. We have regression
tests in place to keep on eye on memory usage. When the daemon is
running, it will almost always be blocked on a long-poll endpoint, so
CPU usage should be minimal.
The daemon does run as root, but doesn't listen on a socket or accept on
any user input. It looks at root-only config files and talks to a
particular GCP metadata endpoint. If a user were to maliciously MITM the
metadata endpoint, they could provide data to the daemon that would
cause it to send requests to the Contract Server unnecessarily.
[Changelog]
Coming soon...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1973099
Title:
[SRU] ubuntu-advantage-tools (27.8 -> 27.9) Xenial, Bionic, Focal,
Impish, Jammy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1973099/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
