Livepatch server administration tool

To perform operations such as promoting patches to tiers and issuing tokens for machines to attach to the livepatch server, an administration tool is provided as a snap:

$ sudo snap install canonical-livepatch-server-admin

For ease of use, it’s recommended to alias the admin command:

$ sudo snap alias canonical-livepatch-server-admin.livepatch-admin livepatch-admin

Authentication

There are two ways for the livepatch administration tool to authenticate with the livepatch server:

  • Ubuntu SSO
  • Username/password

Password authentication

To configure password authentication, username/password hash pairs will need to be generated using the htpasswd tool available in the apache2-utils package:

$ htpasswd -bnBC 10 <username> <password>
username:$2y$10$74ZpDgHaxnUQo.AJZk1cMuSRfef5oK5xq5o/GLbUH/Bbw6W2bmctm

Multiple such pairs can be provided as a comma-separated list:

$ juju config livepatch auth_basic_users="<user1>:<password1,<user2>:<password2>"

When logging in with the client, the username and password will need to be provided:

$ export LIVEPATCH_URL={haproxy url}

$ livepatch-admin login --auth <username>:<password>

Ubuntu SSO authentication

Ubuntu SSO authentication utilizes membership in public launchpad groups to gate access. The launchpad groups that will have administrator privileges are specified using charmed operator configuration:

$ juju config livepatch auth_lp_teams='https://launchpad.net/~<team>'

Multiple teams can be specified as a comma-separated list.

When logging in, user interaction will be necessary:

$ export LIVEPATCH_URL={haproxy url}

$ livepatch-admin login

To login please visit http://127.0.0.1:44035