Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

Objective

This guide outlines the necessary steps for migrating to an Ubuntu Pro On-Premise (VSS-PUBLIC) instance from an existing Ubuntu Pro installation, ensuring a seamless transition.

Currently there is no support for realtime-kernel in Ubuntu Pro On-Premise. Please disable realtime-kernel and revert your kernel settings.

Current Active Services

Service

Description

esm-apps

Expanded Security Maintenance for Applications

esm-infra

Expanded Security Maintenance for Infrastructure

livepatch

Canonical Livepatch service

Pre-requisites

  1. To ensure smooth operation, please detach any previously connected virtual machines from Ubuntu Pro. Execute the following commands with administrative privileges:

    pro detach

    output:

    Detach will disable the following services:
    esm-apps
    esm-infra
    landscape
    livepatch
Are you sure? (y/N) y
Updating package lists
Updating package lists
Executing `landscape-config --disable`
/etc/landscape/client.conf contains your landscape-client configuration.
To re-enable Landscape with the same configuration, run:
    sudo pro enable landscape --assume-yes

  2. Run the command below if the file still exists /etc/apt/auth.conf.d/90ubuntu-advantage

    echo "" > /etc/apt/auth.conf.d/90ubuntu-advantage

Steps

  1. Configure the Ubuntu Pro Client by editing the contract_url setting in /etc/ubuntu-advantage/uaclient.conf to point to the server: 

    echo \'contract_url: $(vmware-rpctool "info-get guestinfo.ut.vss.ubuntu_pro.endpoint")\' > /etc/ubuntu-advantage/uaclient.conf

  2. Check everything works fine with the following command: 

    pro refresh

    output:

    Successfully processed your pro configuration.
This machine is not attached to an Ubuntu Pro subscription.
See https://ubuntu.com/pro

  3. Attach your token:

    pro attach $(vmware-rpctool "info-get guestinfo.ut.vss.ubuntu_pro")

    output:

    Enabling default service esm-apps
Updating Ubuntu Pro: ESM Apps package lists
Ubuntu Pro: ESM Apps enabled
Enabling default service esm-infra
Updating Ubuntu Pro: ESM Infra package lists
Ubuntu Pro: ESM Infra enabled
Enabling default service livepatch
Unable to enable Livepatch: Failed running command '/snap/bin/canonical-livepatch enable <REDACTED>' [exit(1)]. Message: Could not retrieve client information.: failed to validate token: Get https://contracts.canonical.com/v1/resources/livepatch?token=mAgJOEWNBS19ydkRLQm50bjdCQjBydUFKVUhyazM0OTY3Y3ZoUjRLUlZVQjVDUTA4OjQ1M2MxMmM1YTUxMTRkMjE4NDFiOGEzMTc4N2MwMjgxAAI4aXMtY29udHJhY3QgY0FLX3J2REtCbnRuN0JCMHJ1QUpVSHJrMzQ5NjdjdmhSNEtSVlVCNUNRMDgAAhVpcy1yZXNvdXJjZSBsaXZlcGF0Y2gAAAYghERqv1OjwMSeB99ztJit6hphx7IBhPEfQ_qtteqj5nU: invalid token

This machine is now attached to 'Ubuntu Pro'

SERVICE          ENTITLED  STATUS       DESCRIPTION
anbox-cloud      yes       disabled     Scalable Android in the cloud
esm-apps         yes       enabled      Expanded Security Maintenance for Applications
esm-infra        yes       enabled      Expanded Security Maintenance for Infrastructure
fips             yes       disabled     NIST-certified FIPS crypto packages
fips-updates     yes       disabled     FIPS compliant crypto packages with stable security updates
livepatch        yes       disabled     Canonical Livepatch service
ros              yes       disabled     Security Updates for the Robot Operating System
usg              yes       disabled     Security compliance and audit tools

NOTICES
Operation in progress: pro attach

For a list of all Ubuntu Pro services, run 'pro status --all'
Enable services with: pro enable <service>

                Account: University of Toronto - EIS Private Cloud
           Subscription: Ubuntu Pro
            Valid until: Sat Jun 22 19:59:59 2024 EDT

  4. Edit the following path: /etc/apt/auth.conf.d/90ubuntu-advantage and add “http://

    sed -i 's/machine \([^ ]*\)/machine http:\/\/\1/' /etc/apt/auth.conf.d/90ubuntu-advantage

  5. Update the Ubuntu repositories and ensure there are no errors related to the vss-ubuntu-pro repositories:

    apt-get update

    output:

    Hit:1 http://vss-ubuntu-pro.eis.utoronto.ca/esm-apps/ubuntu focal-apps-security InRelease
Hit:2 http://vss-ubuntu-pro.eis.utoronto.ca/esm-apps/ubuntu focal-apps-updates InRelease
Hit:3 http://vss-ubuntu-pro.eis.utoronto.ca/esm-infra/ubuntu focal-infra-security InRelease
Hit:4 http://vss-ubuntu-pro.eis.utoronto.ca/esm-infra/ubuntu focal-infra-updates InRelease
Hit:5 http://ca.archive.ubuntu.com/ubuntu focal InRelease
Hit:6 http://ca.archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:7 http://ca.archive.ubuntu.com/ubuntu focal-backports InRelease
Hit:8 http://ca.archive.ubuntu.com/ubuntu focal-security InRelease
Reading package lists... Done

  6. To re-enable Landscape with the same configuration, run:

    sudo pro enable landscape --assume-yes

    output:

    One moment, checking your subscription first
Landscape is not available for Ubuntu 22.04 LTS (Jammy Jellyfish).

LivePatch installation

  1. Install the following packages in the client

    sudo snap install canonical-livepatch

  2. Configure the on-prem server

    canonical-livepatch config remote-server='$(vmware-rpctool "info-get guestinfo.ut.vss.ubuntu_pro.livepatch.endpoint")'

  3. Verify configuration

    canonical-livepatch config

    output:

    root@backup-billing-db-dev:/home/oramirez# canonical-livepatch config
http-proxy: ""
https-proxy: ""
no-proxy: ""
remote-server: http://vss-ubuntu-pro.eis.utoronto.ca:8080/
ca-certs: ""
check-interval: 60  # minutes
log-level: WARNING
disable-signature-verification: false
tls-patch-download: false

  4. Enable the Livepatch updates with the token

    canonical-livepatch enable $(vmware-rpctool "info-get guestinfo.ut.vss.ubuntu_pro.livepatch.token")

    output:

    Successfully enabled device. Using machine-token: <RANDOM_NUMBERS_OF_TOKEN>

  5. Check status of Ubuntu Pro

    pro status

    output:

    SERVICE          ENTITLED  STATUS       DESCRIPTION
anbox-cloud      yes       disabled     Scalable Android in the cloud
esm-apps         yes       enabled      Expanded Security Maintenance for Applications
esm-infra        yes       enabled      Expanded Security Maintenance for Infrastructure
fips             yes       disabled     NIST-certified FIPS crypto packages
fips-updates     yes       disabled     FIPS compliant crypto packages with stable security updates
livepatch        yes       enabled      Canonical Livepatch service
ros              yes       disabled     Security Updates for the Robot Operating System
usg              yes       disabled     Security compliance and audit tools

For a list of all Ubuntu Pro services, run 'pro status --all'
Enable services with: pro enable <service>

                Account: University of Toronto - EIS Private Cloud
           Subscription: Ubuntu Pro
            Valid until: Sat Jun 22 19:59:59 2024 EDT
Technical support level: essential

  6. Restart Landscape Client

    systemctl restart landscape-client

References

https://ubuntu.com/pro/tutorial

https://ubuntu.com/security/livepatch/docs/livepatch_on_prem/how-to/use_livepatch_client

Revert realtime-kernel example

https://gist.github.com/chaiyujin/c08e59752c3e238ff3b1a5098322b363

  • No labels

University of Toronto - Since 1827