[Bug 1719671] Re: [SRU] include recent version containing fips and livepatch
** Description changed: ** description still being worked on, not done yet ** - [IMPACT] Most recent version of ubuntu-advantage-tool on github includes fips and livepatch enablement. The fips enablement will allow customers to easily install and configure Canonical's FIPS certified modules on xenial, whereas livepatch allows xenial and trusty customers to patch the running kernel without a reboot. This SRU will cover both new features. In addition to the new features themselves, a new "status" command was added that will give a short summary about the available modules and their status, at a glance. Note: FIPS certified modules are only available for xenial. Livepatch is supported on xenial and trusty. The tool will refuse to enable either service on an unsupported ubuntu release. Without this updated package, customers of those services have to enable them manually by following a series of steps. [FIPS DESCRIPTION] When "ubuntu-advantage enable-fips " is issued from commandline, - configure the private PPA where the FIPS modules are located - install the FIPS modules from this PPA to the local machine from where the script is run - configure the bootloader to enable fips Upon successful completion of these steps, the customer then gets a message stating to reboot the machine to complete the fips enablement process. Without the script, customers must perform the steps manually. [LIVEPATCH DESCRIPTION] Livepatch allows customers to apply kernel patches to a running system without rebooting it. The current instructions live in http://ubuntu.com/livepatch and boil down to: - install snapd if it's not installed already. On trusty this means a new kernel as well. - install the canonical-livepatch snap - obtain a livepatch token from Canonical - run the enable command with the given token The ubuntu-advantage-tools package simplifies this process by just requesting the token and performing all the other steps on behalf of the user. It also conveniently checks the running kernel and instructs the user to reboot into a newer kernel if needed to finish the installation (this is the case when running trusty). [FIX] Add fips and livepatch support to the ubuntu-adadvantage-tools package. See debdiff below. + [LIVEPATCH TESTCASES] + + XENIAL + 0. Install the new ubuntu-advantage-tools package to add livepatch support. + + 1. Collect status before enabling livepatch + + type on commandline, + ubuntu-advantage status + + expect, + livepatch: disabled + + esm: disabled (not available) + + fips: disabled + + 2. Enable livepatch + + visit https://ubuntu.com/livepatch and obtain a token + + type on commandline, + sudo ubuntu-advantage enable-livepatch + + expect, + Installing the canonical-livepatch snap. + This may take a few minutes depending on your bandwidth. + 2017-10-20T19:39:41Z INFO Waiting for restart... + canonical-livepatch 7.24 from 'canonical' installed + Enabling Livepatch with the given token, stand by... + Successfully enabled device. Using machine-token: + Use "canonical-livepatch status" to verify current patch status. + + 3. Verify livepatch status + + type on commandline, + ubuntu-advantage status + + expect an output like the following, + + livepatch: enabled + client-version: "7.23" + architecture: x86_64 + cpu-model: Intel Core Processor (Skylake) + last-check: 2017-10-20T19:39:54.451499227Z + boot-time: 2017-10-20T19:28:09Z + uptime: 15m30s + status: + - kernel: 4.4.0-97.120-generic + running: true + livepatch: + checkState: checked + patchState: nothing-to-apply + version: "" + fixes: "" + + esm: disabled (not available) + + fips: disabled + + [FIPS TESTCASES] These testcases assume you have installed ubuntu-advantage-tools with the proposed changes. Prior to the upload they were performed on S390, PPC64EL and AMD64 architectures. XENIAL - 0. Install the new package to add fips support. + 0. Install the new ubuntu-advantage-tools package to add fips support. 1. Collect status before enabling fips type on commandline, ubuntu-advantage status expect, livepatch: disabled esm: disabled (not available) fips: disabled 2. Enable fips Note: This will require a token or credentials to fips Private PPA, in the form xxx:xxx type on commandline, sudo ubuntu-advantage enable-fips xxx:xxx expect, [sudo] password for ubuntu: Running apt-get update... OK Ubuntu FIPS PPA repository enabled. Installing FIPS packages (this may take a while)... OK Configuring FIPS... Updating grub to enable fips... OK Successfully configured FIPS. Please reboot into the
[Bug 1719671] Re: [SRU] include recent version containing fips and livepatch
** Summary changed: - [SRU][xenial] include recent version containing fips and livepatch + [SRU] include recent version containing fips and livepatch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1719671 Title: [SRU] include recent version containing fips and livepatch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1720126] Re: [ip link] Message truncated error for large number of passthrough VFs
On 20.10.2017 [08:24:37 -0700], Nish Aravamudan wrote:
> On 20.10.2017 [07:18:15 -], Jan Gutter wrote:
> > I had a look at the two proposals and could not spot any obvious
> > mistakes:
> >
> > - the correct upstream git commit has been cherry-picked
> > - I don't have any objections to attribution or log messages
> >
> > Thanks again for shepherding this one through!
>
> You're welcome, I'll upload them both today.
>
> Thank you and Monique for filing the SRU template properly!
I have sponsored both packages. They will need to be approved by an SRU
team member (probably next week) before they appear in
{trusty,xenial}-proposed and then they will need testing as built in
proposed, with a minimum bake time of 7 days in proposed.
Thank you and Monique for your contribution to Ubuntu!
-Nish
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1720126
Title:
[ip link] Message truncated error for large number of passthrough VFs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1720126/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1720126] Re: [ip link] Message truncated error for large number of passthrough VFs
On 20.10.2017 [07:18:15 -], Jan Gutter wrote: > I had a look at the two proposals and could not spot any obvious > mistakes: > > - the correct upstream git commit has been cherry-picked > - I don't have any objections to attribution or log messages > > Thanks again for shepherding this one through! You're welcome, I'll upload them both today. Thank you and Monique for filing the SRU template properly! -Nish -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1720126 Title: [ip link] Message truncated error for large number of passthrough VFs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1720126/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1720126] Re: [ip link] Message truncated error for large number of passthrough VFs
On 20.10.2017 [07:09:00 -], Jan Gutter wrote: > I concur with option 2), unnecessary deviation will just cause > confusion. Thank you for confirming that! > Regarding the other buffer sizes, the last time I looked they were > mostly OK. The issue reared its head in this particular case because the > netlink message that previously had a pretty constant per-netdev > response size suddenly had the ability to balloon with "no warning". A > number of workarounds exist (i.e. you have to explicitly ask for the VF > info), but, in this case we actually want the VF info and iproute2 was > just unprepared for the size of it. Ok, that's good to hear. > I guess the core issue is that it's entirely possible for the kernel to > add extra netlink attributes to any query response, iproute2 makes the > assumption that the queries it's making is not necessarily going to > explode with gigabytes of new annotations and 16k will easily fit any > current real-world system. A pragmatic approach would probably be to > handle the "Message Truncated" path with a dynamically sized buffer as > an exceptional case. Yep, I can see how iproute2 itself has to move in lockstep with the kernel, which also means older iproute2 that can run on newer kernels needs periodic updates like this one. > Any fix in iproute2 that "properly" addresses this issue has to be > carefully vetted. Who knows how many inherent races will get exposed if > the ip command doubles in execution time. Yep :) I'm fine with eventually doubling the buffer again statically if that is the conclusion upstream reaches. My guess is that is the simplest solution. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1720126 Title: [ip link] Message truncated error for large number of passthrough VFs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1720126/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1398999] Re: Block migrate with attached volumes copies volumes to themselves
** Changed in: libvirt (Ubuntu Vivid) Status: Confirmed => Won't Fix ** Changed in: nova (Ubuntu Trusty) Importance: High => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1398999 Title: Block migrate with attached volumes copies volumes to themselves To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1398999/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1694159] Re: Complete libvirt migration to Debian style packaging (dependencies, conffiles)
** Changed in: nova (Ubuntu) Status: Confirmed => Triaged ** Changed in: nova (Ubuntu) Importance: High => Medium ** Changed in: nova (Ubuntu) Milestone: None => ubuntu-18.04 ** Changed in: nova (Ubuntu) Assignee: James Page (james-page) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1694159 Title: Complete libvirt migration to Debian style packaging (dependencies, conffiles) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1694159/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1659648] Re: Instance hung on first start, but works after being killed and restarted
** Changed in: nova (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1659648 Title: Instance hung on first start, but works after being killed and restarted To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1659648/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
