/
How-to migrate Ubuntu Pro from Canonical Cloud to On-Premise

How-to migrate Ubuntu Pro from Canonical Cloud to On-Premise

Owned by Orlando Ramirez
Last updated: Jul 15, 2024 by JM Lopez
3 min read

Table of Contents

Introduction

This guide outlines the necessary steps for migrating to an Ubuntu Pro On-Premise (VSS CGN) instance from an existing Ubuntu Pro subscription, ensuring a seamless transition.

Currently there is no support for realtime-kernel in Ubuntu Pro On-Premise. Please disable realtime-kernel and revert your kernel settings.

Current Active Services

Service

Description

Service

Description

esm-apps

Expanded Security Maintenance for Applications

esm-infra

Expanded Security Maintenance for Infrastructure

livepatch

Canonical Livepatch service

Pre-requisites

  1. To ensure smooth operation, please detach any previously connected virtual machines from Ubuntu Pro. Execute the following commands with administrative privileges:

    pro detach

    output:

    Detach will disable the following services: esm-apps esm-infra landscape livepatch Are you sure? (y/N) y Updating package lists Updating package lists Executing `landscape-config --disable` /etc/landscape/client.conf contains your landscape-client configuration. To re-enable Landscape with the same configuration, run: sudo pro enable landscape --assume-yes

  2. Run the command below if the file still exists /etc/apt/auth.conf.d/90ubuntu-advantage

    echo "" > /etc/apt/auth.conf.d/90ubuntu-advantage

  3. Run the following command through the vss-cli to present the latest endpoint settings

    vss-cli compute vm set {id} ubuntu-pro attach

Ubuntu Pro

  1. Configure the Ubuntu Pro Client by editing the contract_url setting in /etc/ubuntu-advantage/uaclient.conf to point to the server:

    echo "contract_url: $(vmware-rpctool "info-get guestinfo.ut.vss.ubuntu_pro.endpoint")" > /etc/ubuntu-advantage/uaclient.conf

    ย 

  2. Check everything works fine with the following command:

    pro refresh

    output:

    Successfully processed your pro configuration. This machine is not attached to an Ubuntu Pro subscription. See https://ubuntu.com/pro

  3. Attach your token:

    pro attach $(vmware-rpctool "info-get guestinfo.ut.vss.ubuntu_pro.token")

    output:

    Enabling default service esm-apps Updating Ubuntu Pro: ESM Apps package lists Ubuntu Pro: ESM Apps enabled Enabling default service esm-infra Updating Ubuntu Pro: ESM Infra package lists Ubuntu Pro: ESM Infra enabled Enabling default service livepatch Unable to enable Livepatch: Failed running command '/snap/bin/canonical-livepatch enable <REDACTED>' [exit(1)]. Message: Could not retrieve client information.: failed to validate token: Get https://contracts.canonical.com/v1/resources/livepatch?token=mAgJOEWNBS19ydkRLQm50bjdCQjBydUFKVUhyazM0OTY3Y3ZoUjRLUlZVQjVDUTA4OjQ1M2MxMmM1YTUxMTRkMjE4NDFiOGEzMTc4N2MwMjgxAAI4aXMtY29udHJhY3QgY0FLX3J2REtCbnRuN0JCMHJ1QUpVSHJrMzQ5NjdjdmhSNEtSVlVCNUNRMDgAAhVpcy1yZXNvdXJjZSBsaXZlcGF0Y2gAAAYghERqv1OjwMSeB99ztJit6hphx7IBhPEfQ_qtteqj5nU: invalid token This machine is now attached to 'Ubuntu Pro' SERVICE ENTITLED STATUS DESCRIPTION anbox-cloud yes disabled Scalable Android in the cloud esm-apps yes enabled Expanded Security Maintenance for Applications esm-infra yes enabled Expanded Security Maintenance for Infrastructure fips yes disabled NIST-certified FIPS crypto packages fips-updates yes disabled FIPS compliant crypto packages with stable security updates livepatch yes disabled Canonical Livepatch service ros yes disabled Security Updates for the Robot Operating System usg yes disabled Security compliance and audit tools NOTICES Operation in progress: pro attach For a list of all Ubuntu Pro services, run 'pro status --all' Enable services with: pro enable <service> Account: University of Toronto - EIS Private Cloud Subscription: Ubuntu Pro Valid until: Sat Jun 22 19:59:59 2024 EDT

    ย 

  4. Update the Ubuntu repositories and ensure there are no errors related to the vss-ubuntu-pro repositories:

    apt-get update

    output:

    Hit:1 http://vss-ubuntu-pro.eis.utoronto.ca/esm-apps/ubuntu focal-apps-security InRelease Hit:2 http://vss-ubuntu-pro.eis.utoronto.ca/esm-apps/ubuntu focal-apps-updates InRelease Hit:3 http://vss-ubuntu-pro.eis.utoronto.ca/esm-infra/ubuntu focal-infra-security InRelease Hit:4 http://vss-ubuntu-pro.eis.utoronto.ca/esm-infra/ubuntu focal-infra-updates InRelease Hit:5 http://ca.archive.ubuntu.com/ubuntu focal InRelease Hit:6 http://ca.archive.ubuntu.com/ubuntu focal-updates InRelease Hit:7 http://ca.archive.ubuntu.com/ubuntu focal-backports InRelease Hit:8 http://ca.archive.ubuntu.com/ubuntu focal-security InRelease Reading package lists... Done

  5. (optional) If you are running landscape-client, proceed with the following command, otherwise skip

    sudo pro enable landscape --assume-yes

    output:

    One moment, checking your subscription first Landscape is not available for Ubuntu 22.04 LTS (Jammy Jellyfish).

LivePatch

  1. Install the following packages in the client

    sudo snap install canonical-livepatch

  2. Configure the on-prem server

    canonical-livepatch config remote-server=$(vmware-rpctool "info-get guestinfo.ut.vss.ubuntu_pro.livepatch.endpoint")

  3. Verify configuration

    canonical-livepatch config

    output:

    http-proxy: "" https-proxy: "" no-proxy: "" remote-server: http://vss-ubuntu-livepatch.eis.utoronto.ca/ ca-certs: "" check-interval: 60 # minutes log-level: WARNING disable-signature-verification: false tls-patch-download: false

  4. Enable the Livepatch updates with the token

    canonical-livepatch enable $(vmware-rpctool "info-get guestinfo.ut.vss.ubuntu_pro.livepatch.token")

    output:

    Successfully enabled device. Using machine-token: <RANDOM_NUMBERS_OF_TOKEN>

  5. Check status of Ubuntu Pro

    pro status

    output:

    SERVICE ENTITLED STATUS DESCRIPTION anbox-cloud yes disabled Scalable Android in the cloud esm-apps yes enabled Expanded Security Maintenance for Applications esm-infra yes enabled Expanded Security Maintenance for Infrastructure fips yes disabled NIST-certified FIPS crypto packages fips-updates yes disabled FIPS compliant crypto packages with stable security updates livepatch yes enabled Canonical Livepatch service ros yes disabled Security Updates for the Robot Operating System usg yes disabled Security compliance and audit tools For a list of all Ubuntu Pro services, run 'pro status --all' Enable services with: pro enable <service> Account: University of Toronto - EIS Private Cloud Subscription: Ubuntu Pro Valid until: Sat Jun 22 19:59:59 2024 EDT Technical support level: essential

    ย 

  6. (Optional) If you are running Landscape, proceed to restart landscape-client, otherwise skip this step.

    systemctl restart landscape-client

References

https://ubuntu.com/pro/tutorial

ย 

https://ubuntu.com/security/livepatch/docs/livepatch_on_prem/how-to/use_livepatch_client

Revert realtime-kernel example

Ubuntu: Install Kernel and Set GRUB Default Kernel

ย 

ย 

ย 

Related content

University of Toronto - Since 1827