Ubuntu Pro & Cloudron
-
"Starting with the Ubuntu 16.04 edition and including the later LTS versions, Canonical will offer expanded security coverage for critical, high, and medium Common Vulnerabilities and Exposures (CVEs) to all of Ubuntu's open-source applications and toolchains for ten years," reports ZDNet.
Free for personal use on up to 5 servers:
https://ubuntu.com/blog/ubuntu-pro-beta-release- One of the benefits is kernel live patch
@staff any issue if users enable this on Cloudrons?
UPDATE: Does not appear to be.
-
@robi A couple of days ago, I activated Ubuntu Pro on two machines (physical server and VDS). So far, so good. But I have not yet been able to check whether Cloudron can update the system with LivePatch enabled.
-
@WiseMetalhead Thanks for chiming in.
I tried to enable it on an 18.04 machine, however it failed as the 'pro' command doesn't exist
-
@robi said in Ubuntu Pro & Cloudron:
@WiseMetalhead Thanks for chiming in.
however it failed as the 'pro' command doesn't exist
You need to install
ubuntu-advantage-tools
first, then check Ubuntu Pro with command:pro --version
https://discourse.ubuntu.com/t/ubuntu-pro-beta-tutorial/31018
-
@WiseMetalhead Thanks, I have installed the package and by default it enables esm & livepatch.
From the guide it seems the rest is automated via apt, so as Cloudron runs
apt upgrade
for security updates it should pull in the above too. -
Given that Ubuntu Pro has it's own terms/license, don't think it's right for us to auto-enable this without end user permission. Also, "personal use" is hard to determine for us.
But I can maybe add this to https://docs.cloudron.io/installation/
-
@girish said in Ubuntu Pro & Cloudron:
"personal use" is hard to determine for us
Looks like in this case it just means "5 or fewer machines" (unless you are an official Ubuntu Community member, and then it's 50 machines)
"Free for personal use. Anyone can use Ubuntu Pro for free on up to 5 machines" -- https://ubuntu.com/pro
@girish said in Ubuntu Pro & Cloudron:
Ubuntu Pro has it's own terms/license
I can't seem to find any info on that, got a link?
-
@jdaviescoates said in Ubuntu Pro & Cloudron:
I can't seem to find any info on that, got a link?
I couldn't find any when I looked earlier either, but imagine it's somewhere since you pay for it. (even a web search cannot find it!)
-
It looks like livepatch is out of beta now.
It gets activated automatically when you attach your machine to your Ubuntu Pro account:sudo pro attach insertyourtokenhere
It did not require the installation of ubuntu-advantage-tools.
However, on my Ubuntu 22.04.1 LTS (Cloudron) machine, is asked me to install an update of these tools.
On my Ubuntu 22.04.2 LTS (non-Cloudron) machine, it already seemed to have the latest version.
That brings me to a question @girish: Is it OK to upgrade to 22.04.2 on the Cloudron machine? -
Note: keeping the installation up to date doesn't upgrade to the kernel (5.15 -> 5.19)
-
To check if you already have the new kernel:
sudo apt list linux-generic-hwe-22.04 --installed
-
To install the metapackage for the new kernel:
sudo apt install linux-generic-hwe-22.04 --install-recommends
-
Otherwise:
sudo apt install --install-recommends
(add an-s
to first simulate updates)
-
-
All went well, thanks again! I am now on Ubuntu 22.04.2 LTS / Kernel 5.19 with livepatches activated. No problems at all during or after the upgrade.
-
@necrevistonnezr
How do you know that if the live patch is enabled?On the documentation, I only see that kernel 5.15 is supported and not 5.19.
-
@random_eric I took my information from here: https://www.omgubuntu.co.uk/2023/02/ubuntu-22-04-2-download
-
@necrevistonnezr
How do you know that the live patching is enabled for that kernel?
I just don't know how to check.-- edit --
Found it:
canonical-livepatch status
returns
last check: 23 seconds ago kernel: 5.15.0-67.74-generic server check-in: succeeded patch state: ✓ no livepatches needed for this kernel yet tier: updates (Free usage; This machine beta tests new patches.)
last check: 1 minute ago kernel: 5.19.0-35.36~22.04.1-generic server check-in: succeeded patch state: ✗ kernel version not supported tier: updates (Free usage; This machine beta tests new patches.)
So based on the pattern in the docs,
the 22.04 hwe kernel will only be supported for live patching once the 24.04 LTS is released. -
-
I was checking the livepatch status and received the info that I need to update the ubuntu-advantage-tools. I did that, and during the installation it told me that I need Kernel 6.2.0-26-generic, which has been now automatically been scheduled for installation. Feeling brave, I did a reboot. Now I am indeed running 6.2.0-26-generic:
last check: 38 minutes ago kernel: 6.2.0-26.26~22.04.1-generic server check-in: succeeded kernel state: ✓ kernel is supported by Canonical until 2024-08-13 patch state: ✓ no livepatches needed for this kernel yet
No issues so far with Cloudron or any apps (although, to be honest, I don't even know if there are any problems to expect when doing a kernel update).
Anyway, while I'm on it. Is it advisable to go to the recently released Ubuntu version 22.04.3 LTS?