Versions Compared

Old Version 3

changes.mady.by.user Orlando Ramirez

Saved on

compared with

New Version 4

changes.mady.by.user Orlando Ramirez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Configure the Ubuntu Pro Client by editing the contract_url setting in /etc/ubuntu-advantage/uaclient.conf to point to the server:

    Code Block
    contract_url: http://vss-ubuntu-pro.eis.utoronto.ca:8484

  2. Check everything works fine with the following command:

    Code Block
    pro refresh

    output:

    Code Block
    Successfully processed your pro configuration.
This machine is not attached to an Ubuntu Pro subscription.
See https://ubuntu.com/pro

  3. Attach your token:

    Code Block
    pro attach [TOKEN]

    output:

    Code Block
    Enabling default service esm-apps
Updating Ubuntu Pro: ESM Apps package lists
Ubuntu Pro: ESM Apps enabled
Enabling default service esm-infra
Updating Ubuntu Pro: ESM Infra package lists
Ubuntu Pro: ESM Infra enabled
Enabling default service livepatch
Unable to enable Livepatch: Failed running command '/snap/bin/canonical-livepatch enable <REDACTED>' [exit(1)]. Message: Could not retrieve client information.: failed to validate token: Get https://contracts.canonical.com/v1/resources/livepatch?token=mAgJOEWNBS19ydkRLQm50bjdCQjBydUFKVUhyazM0OTY3Y3ZoUjRLUlZVQjVDUTA4OjQ1M2MxMmM1YTUxMTRkMjE4NDFiOGEzMTc4N2MwMjgxAAI4aXMtY29udHJhY3QgY0FLX3J2REtCbnRuN0JCMHJ1QUpVSHJrMzQ5NjdjdmhSNEtSVlVCNUNRMDgAAhVpcy1yZXNvdXJjZSBsaXZlcGF0Y2gAAAYghERqv1OjwMSeB99ztJit6hphx7IBhPEfQ_qtteqj5nU: invalid token

This machine is now attached to 'Ubuntu Pro'

SERVICE          ENTITLED  STATUS       DESCRIPTION
anbox-cloud      yes       disabled     Scalable Android in the cloud
esm-apps         yes       enabled      Expanded Security Maintenance for Applications
esm-infra        yes       enabled      Expanded Security Maintenance for Infrastructure
fips             yes       disabled     NIST-certified FIPS crypto packages
fips-updates     yes       disabled     FIPS compliant crypto packages with stable security updates
livepatch        yes       disabled     Canonical Livepatch service
ros              yes       disabled     Security Updates for the Robot Operating System
usg              yes       disabled     Security compliance and audit tools

NOTICES
Operation in progress: pro attach

For a list of all Ubuntu Pro services, run 'pro status --all'
Enable services with: pro enable <service>

                Account: University of Toronto - EIS Private Cloud
           Subscription: Ubuntu Pro
            Valid until: Sat Jun 22 19:59:59 2024 EDT

  4. Edit the following path: /etc/apt/auth.conf.d/90ubuntu-advantage and add “http://

    Code Block
    machine http://vss-ubuntu-pro.eis.utoronto.ca/esm-apps/ubuntu/ login bearer password ... # ubuntu-pro-client
machine http://vss-ubuntu-pro.eis.utoronto.ca/esm-infra/ubuntu/ login bearer password ... # ubuntu-pro-client

  5. Update the Ubuntu repositories and ensure there are no errors related to the vss-ubuntu-pro repositories:

    Code Block
    apt-get update

    output:

    Code Block
    Hit:1 http://vss-ubuntu-pro.eis.utoronto.ca/esm-apps/ubuntu focal-apps-security InRelease
Hit:2 http://vss-ubuntu-pro.eis.utoronto.ca/esm-apps/ubuntu focal-apps-updates InRelease
Hit:3 http://vss-ubuntu-pro.eis.utoronto.ca/esm-infra/ubuntu focal-infra-security InRelease
Hit:4 http://vss-ubuntu-pro.eis.utoronto.ca/esm-infra/ubuntu focal-infra-updates InRelease
Hit:5 http://ca.archive.ubuntu.com/ubuntu focal InRelease
Hit:6 http://ca.archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:7 http://ca.archive.ubuntu.com/ubuntu focal-backports InRelease
Hit:8 http://ca.archive.ubuntu.com/ubuntu focal-security InRelease
Reading package lists... Done

  6. Add the virtual machine to the landscape server. Login into the Landscape Server to get the Registration Key.

    Code Block
    sudo landscape-config --computer-title "[Server Name]" --account-name standalone  -p [REGISTRATION_KEY] --url https://vss-ls.dcb.eis.utoronto.ca/message-system --ping-url http://vss-ls.dcb.eis.utoronto.ca/ping

    output:

    Code Block
    enabled

This script will interactively set up the Landscape client. It will
ask you a few questions about this computer and your Landscape
account, and will submit that information to the Landscape server.
After this computer is registered it will need to be approved by an
account administrator on the pending computers page.

Please see https://landscape.canonical.com for more information.


The Landscape client communicates with the server over HTTP and
HTTPS.  If your network requires you to use a proxy to access HTTP
and/or HTTPS web sites, please provide the address of these
proxies now.  If you don't use a proxy, leave these fields empty.

HTTP proxy URL:
HTTPS proxy URL:

Landscape has a feature which enables administrators to run
arbitrary scripts on machines under their control. By default this
feature is disabled in the client, disallowing any arbitrary script
execution. If enabled, the set of users that scripts may run as is
also configurable.

Enable script execution? [Y/n]:

By default, scripts are restricted to the 'landscape' and
'nobody' users. Please enter a comma-delimited list of users
that scripts will be restricted to. To allow scripts to be run
by any user, enter "ALL".

Script users [landscape]:

You may provide an access group for this computer e.g. webservers.

Access group:

You may provide tags for this computer e.g. server,precise.

Tags [development,database]:
Please wait...

Request a new registration for this computer now? [y/N]: y
System successfully registered.

LivePatch installation

  1. Install the following packages in the client

    Code Block
    sudo snap install canonical-livepatch

  2. Configure the on-prem server

    Code Block
    canonical-livepatch config remote-server="http://vss-ubuntu-pro.eis.utoronto.ca:8080/"

  3. Verify configuration

    Code Block
    canonical-livepatch config

    output:

    Code Block
    root@backup-billing-db-dev:/home/oramirez# canonical-livepatch config
http-proxy: ""
https-proxy: ""
no-proxy: ""
remote-server: http://vss-ubuntu-pro.eis.utoronto.ca:8080/
ca-certs: ""
check-interval: 60  # minutes
log-level: WARNING
disable-signature-verification: false
tls-patch-download: false

  4. Enable the Livepatch updates with the token

    Code Block
    canonical-livepatch enable <TOKEN_ON_VSS>

    output:

    Code Block
    Successfully enabled device. Using machine-token: <RANDOM_NUMBERS_OF_TOKEN>

  5. Check status of Ubuntu Pro

    Code Block
    pro status

    output:

    Code Block
    SERVICE          ENTITLED  STATUS       DESCRIPTION
anbox-cloud      yes       disabled     Scalable Android in the cloud
esm-apps         yes       enabled      Expanded Security Maintenance for Applications
esm-infra        yes       enabled      Expanded Security Maintenance for Infrastructure
fips             yes       disabled     NIST-certified FIPS crypto packages
fips-updates     yes       disabled     FIPS compliant crypto packages with stable security updates
livepatch        yes       enabled      Canonical Livepatch service
ros              yes       disabled     Security Updates for the Robot Operating System
usg              yes       disabled     Security compliance and audit tools

For a list of all Ubuntu Pro services, run 'pro status --all'
Enable services with: pro enable <service>

                Account: University of Toronto - EIS Private Cloud
           Subscription: Ubuntu Pro
            Valid until: Sat Jun 22 19:59:59 2024 EDT
Technical support level: essential

References

https://ubuntu.com/pro/tutorial

https://ubuntu.com/security/livepatch/docs/livepatch_on_prem/how-to/use_livepatch_client