UAclient
Differences between revisions 25 and 26
8690
Comment:
|
← Revision 26 as of 2021-04-13 13:22:32 ⇥
265
|
Deletions are marked like this. | Additions are marked like this. |
Line 4: | Line 4: |
||<tablebgcolor="#f1f1ed" tablewidth="40%" tablestyle="margin: 0pt 0pt 1em 1em; float: right; font-size: 0.9em;"style="padding: 0.5em;"><<TableOfContents>>|| The '''Ubuntu Advantage (UA) client''' is a tool designed to automate access to UA services like Extended Security Maintenance (ESM), FIPS, and more. Currently this is available for [[https://wiki.ubuntu.com/SecurityTeam/ESM/14.04|Ubuntu 14.04 LTS (Trusty) ESM]], [[https://ubuntu.com/aws/pro|Ubuntu Pro for AWS]] and [[https://ubuntu.com/azure/pro|Ubuntu Pro for Azure]]. The updated client provides users a command line interface with a single point to access all UA services. This simplifies access to UA Services and allows access to UA services for all users of Ubuntu with a free tier of service. = Fast Path to ESM = 1. Make sure that you have the latest UA client installed on your Ubuntu 14.04 LTS machine. 2. Follow the instructions on [[https://ubuntu.com/advantage/|ubuntu.com/advantage]] to retrieve your UA token and get started with ESM. Keep reading if you want more detailed instructions, or have questions = Installing the UA client = The UA client is installed through '''`apt`'''. Make sure to confirm you have latest Ubuntu Advantage client which is 19.6~ubuntu14.04.3. {{{ $ sudo apt update $ sudo apt install ubuntu-advantage-tools }}} Once this has been installed, you will need to attach it to your UA account. |
|
Line 27: | Line 6: |
= Attach the UA client = | |
Line 29: | Line 7: |
Retrieve your UA token from [[https://ubuntu.com/advantage/|ubuntu.com/advantage]]. You will log in with your SSO credentials, the same credentials you use for [[https://login.ubuntu.com|login.ubuntu.com]]. | |
Line 31: | Line 8: |
{{{ $ sudo ua attach YOUR_TOKEN }}} |
|
Line 35: | Line 9: |
You should see output like the following, indicating that you have successfully associated this machine with your account. | = This content was moved to the Ubuntu Server Guide on Discourse = |
Line 37: | Line 11: |
{{{ Updating 'esm-infra' apt sources list on changed directives. Updating package lists Updating package lists This machine is now attached to 'user@domain.tld'. SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis-audit no — Center for Internet Security Audit Tools esm-infra yes enabled UA Infra: Extended Security Maintenance fips yes n/a NIST-certified FIPS modules fips-updates yes n/a Uncertified security updates to FIPS modules livepatch yes disabled Canonical Livepatch service Enable services with: ua enable <service> Account: user@domain.tld Subscription: user@domain.tld }}} Once the UA client is attached to your UA account, you can use it to activate various services, including: access to ESM packages, and Livepatch. The UA client for different releases of Ubuntu may have more or less services available. = UA Status = Users can use the 'status' subcommand to get the current status and see what services are enabled or disabled: {{{ $ sudo ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis-audit no — Center for Internet Security Audit Tools esm-infra yes enabled UA Infra: Extended Security Maintenance fips yes n/a NIST-certified FIPS modules fips-updates yes n/a Uncertified security updates to FIPS modules livepatch yes disabled Canonical Livepatch service Enable services with: ua enable <service> Account: user@domain.tld Subscription: user@domain.tld }}} = Extended Security Maintenance (ESM) = For Ubuntu 14.04 LTS as shown above, ESM will be automatically enabled after attaching the UA client to your account. After ubuntu-advantage-tools is installed and your machine is attached, ESM should be enabled. If ESM is not enabled, you can enable it with the following command: {{{ $ sudo ua enable esm-infra }}} With the ESM repository enabled, you may see a number of additional package updates available that were not available previously. Your system may have indicated that it was up to date before installing the ubuntu-advantage-tools, but make sure to check for new updates with '''`apt update`'''. If you have cron jobs set to install updates, or other unattended upgrades configured, be aware that this will likely result in a number of package updates after ESM is enabled. {{{ $ sudo apt update }}} Running '''`apt upgrade`''' will show a number of package updates available. {{{ $ sudo apt upgrade }}} More information: https://wiki.ubuntu.com/SecurityTeam/ESM/ = Livepatch = Livepatch requires: * kernel version 4.4 or above (16.04+ delivered via the [[https://wiki.ubuntu.com/Kernel/LTSEnablementStack|HWE Kernel]]). * The ESM repo enabled and up-to-date specifically packages like snapd. To enable just do: {{{ $ sudo ua enable livepatch }}} You should see output like the following, indicating that the Livepatch snap package has been installed. {{{ One moment, checking your subscription first Installing snapd Updating package lists Installing canonical-livepatch snap Canonical livepatch enabled. }}} To check the status of Livepatch once it has been installed use this command {{{ $ sudo canonical-livepatch status }}} More information: https://wiki.ubuntu.com/Kernel/Livepatch = Security Cerifications (FIPS / Common Criteria) = FIPS and Common Criteria are supported on 16.04+, please see https://docs.ubuntu.com/security-certs/en/. The UA client will be updated for 16.04+ at a later date. = FAQ = == General == * Why are we updating the client? * The updated client provides users a command line interface with a single point to access all UA services. * This reduces the number of tokens a customer has to manage as the old mechanism was one token per service. * What about releases other than Ubuntu 14.04 LTS? * Support for the client on Ubuntu 16.04 LTS (Xenial)+ is coming. * Can I see how many active devices I have attached? * Not yet, but providing a mechanism for reporting usage is planned for a future cycle. * Will the old ESM system stay in place for the entire Ubuntu 14.04 LTS ESM lifetime? * Yes. If you have ESM provisioned using the old client or manually you do not have to change. * Ubuntu.com/advantage shows I have 0? Why? I have more licenses. * The number is showing 0 attached the subscription - not your total license amount. == Attach == * How do I attach/login/activate? * You have to obtain a token and run: '''`ua attach <token>`''' * Where do I get a token? * [[https://ubuntu.com/advantage/|ubuntu.com/advantage]] * How do I use SSO? * SSO is available from a user’s Ubuntu One account and can be created at [[https://login.ubuntu.com/|login.ubuntu.com]]. * What services get enabled by default? * ESM would be enabled by default where possible, Livepatch will not be auto-enabled on Ubuntu 14.04 LTS. * If a service is not applicable on the platform or release then the service will be skipped * I already have UA, and use Landscape to manage my devices, can I attach and manage UA from Landscape? * No == Status == * What does '''entitled''' mean? * Entitled shows whether your contract with us includes this Ubuntu Advantage service or not. * Why does the STATUS column say '''n/a''' if I am '''entitled''' to the service? * This service may not be applicable to the system you are currently on. Here are some examples: * FIPS is currently only supported on Xenial. If you are on any other release, FIPS would show up as '''n/a'''. * On Ubuntu 14.04 LTS, Livepatch is only available if you have the HWE kernel installed and are booted into it. Otherwise it shows '''n/a'''. * If you are on a container, you cannot install Livepatch. == Issues/Bugs/Debug == * Where can I file bugs? * https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+filebug * Things are failing, what logs are useful? * First, consider using the '''`--debug`''' option to see what might be failing. * Otherwise, checkout '''`/var/log/ubuntu-advantage.log`'''. If including this log file in a bug report, please sanitize it first, as it '''will likely contain secrets'''! * I'm attaching successfully, but not showing entitled to anything? I have a commercial contract. * Please open a [[https://support.canonical.com/ | support case ]] with the output of sudo ua status --format json |
[[https://discourse.ubuntu.com/t/ubuntu-advantage-client/21788|Ubuntu Advantage Client]] |
UAclient (last edited 2021-04-13 13:22:32 by rharding)