Ubuntu Pro beta tutorial

ogra · February 2, 2023, 1:01pm

and why do you think users have to pay for it ?

they explicitly don’t (as stated in every announcement around ubuntu-pro), enterprises are though and to have control that enterprises do not abuse this there must be a gate-keeping mechanism.

maintaining an extra 20000+ packages is a non-trivial and non-cheap amount of work, someone has to pay for it, but it is not you …

lethargos · February 2, 2023, 1:31pm

They don’t, but they have to deal with being bugged by it constantly. I perceive it as if you are “infesting” a core tool, as it were. Subscribing to the pro version means creating a user, creating a user with personally identifiable information, so generally being much more involved, even when you want to just use a clean operating system.

That’s a slippery slope, anyway, if we were to take into consideration the FOSS chain, linux kernel and, of course, Debian. Yes, I expect companies to be able to use Ubuntu without paying. You might think it’s an “ugly” truth, but it is what it is. And I think that’s actually very important, too, the fact that people simply use it. And they can contribute in turn with as little as pointing out bugs or even with merge requests. If they need support, they’ll pay for it. If they need fast security updates, they’ll pay for it. Otherwise, the operating system should be clean. Ubuntu has a purely community-driven operating system at its core. But all this is probably an officially unpopular idea, I know.

Anyway, to my mind, the more you push users and limit their choice, the more they’ll start looking for other solutions.

ogra · February 2, 2023, 1:53pm

Last time i checked only an email address was needed for Ubuntu SSO … so it makes you as much identifiable as something like yodeldiploma@gmail.com goes, yes …

nobody will ask for your ID at the door …

and they are … nothing has changed, it is still the same Ubuntu it was 2 weeks ago, but there are new security features available that close potentially serious CVEs in the software you use.

the tool that has always notified you about these still notifies you about them and you are free to ignore this, nobody forces you into anything, it is just a message, nothing more and noting less …

codingmaster008 · February 4, 2023, 8:58am

In jammy gcc is 11/12 and python is 3,10/3,11rc if i attach pro free single personal non commercial subcription after few year will i get gcc >12 or gcc-2(x) version or py> 3.11 or 3.2(x) cause its esm upto 2032 right

mikenavy · February 5, 2023, 10:46am

Hi,
I am a Linux Mint user and I tried to install Ubuntu Pro on Linux Mint 20.3 (based on Ubuntu 20.04 LTS).
Following the tutorial, my computer can be attached to Ubuntu Pro, but no service can be enabled, since “Una” or “20.3” are not recognized as valid Ubuntu codenames.
I had to hack my system, changing some configuration files, to have it recognized as Ubuntu 20.04 LTS, focal.
However, this hack broke some of Linux Mint specific tools (mintsources, kernel tool) and this is not satisfactory.
So, my question is: does Canonical intents to extend Ubuntu Pro to Ubuntu derivatives (see https://wiki.ubuntu.com/DerivativeTeam/Derivatives) in order to have Ubuntu Pro work on these derivatives without system hacking? (A way to do that would be to have “pro enable” command accept, as an example, “una” “20.3” as equivalent to Ubuntu 20.04 LTS Focal Fossa).
This would be a great improvement.
Regards,
MN

ogra · February 5, 2023, 11:23am

To offer security updates like pro does it is essential that all packages come unmodified from the same archive.

Official Ubuntu flavors are doing all their work inside the Ubuntu archive, sharing the same packages, while derivatives like Mint add modifications to core packages via third-party repositories.

There is no way to properly support such a setup for Canonical, Mint would have to provide this to you, since they are the only ones having control over the hacked/changed packages and conceptual differences they did implement.

ayedo · February 6, 2023, 4:31pm

Dear all, please apologize if this is not the right place to ask this question. I am evaluating the use of Ubuntu Pro for a stand-alone device which has no connection to the internet (so not a cloud machine, just your ol’ regular box). We are mainly interested in having CIS hardening, so making use of the USG. I saw that the Ubuntu cloud images do not need to “attach” any token, but I could not find the Ubuntu Desktop Pro image which has the USG already installed. What we are looking for is a CIS hardened Ubuntu image that we can install on our stand alone device. Does such a thing exist, and if not, how would you go about and create such an image? Ubuntu Pro looks very promising, and we really hope that we can make it work for our use case. Thanks & best regards, ayedo

henrycoggill · July 19, 2023, 1:39pm

Hi, sorry to have not replied sooner. We don’t offer pre-configured Pro images for standalone servers. You could set up the machine online, enable Pro, install USG and harden the system, then transition it to an offline environment.
Henry

extjmontalvo · July 24, 2023, 9:30am

Hi.
I have a problem with this tutorial.
I have followed all the steps, form 1 to 4 ( Free Personal Token) and in step 5 i get the following error:
# sudo pro attach <<xxxx <-my token >>
Failed to attach machine.
I have searched in kb, forums and i didn’t see why fail.

Can you help me?
Thanks a lot

Lech · October 4, 2023, 8:31am

could you check which version of the pro client and which version of Ubuntu you have pls?
$ pro version
$ lsb_release -a

extjmontalvo · October 4, 2023, 9:09am

root@:# pro version
29.4~18.04
root@:# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.6 LTS
Release: 18.04
Codename: bionic

Lech · October 4, 2023, 9:23am

ok, this looks correct. be sure you only include your token in the command. you don’t need []
so the command is

$ sudo pro attach [your token]

alternatively you could simply use the command without the token

$ sudo pro attach

it would generate a code that you would have to input at ubuntu.com/pro/attach (you need to login first)

you should see the following output

Please sign in to your Ubuntu Pro account at this link:
https://ubuntu.com/pro/attach
And provide the following code: 123ABC

note that 123ABC is a made-up example

please let me know if that helped?

extjmontalvo · October 4, 2023, 9:47am

Ok.

Now i have a problem with SSL not related and connection fail:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)
Failed to connect to authentication server

I’ll try when ssl problem has been solved
Thanks

renanrodrigo · October 5, 2023, 11:31am

Hello @extjmontalvo
Is it happening only to the Pro Client? Are other certificates overall working?
As a hint: you machine may not trust the correct root certificates: we use letsencrypt to maintain the certs. Make sure your system trusts letsencrypt (:
Feel free to reach out if you think we can help you further with the SSL problems.

extjmontalvo · October 26, 2023, 9:57am

We use a wildcard ssl, signed from FNMT-RCM purchuased in 20231010.

sudo pro attach -our token-
Failed to connect to authentication server
Check your Internet connection and try again.

sudo pro attach
Initiating attach operation…
ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)

We have 20 domains, eight using wildcard, rest using letsencrypt or digicert ssl, without problems.

curl -I https://acme-v02.api.letsencrypt.org
HTTP/2 200
server: nginx
date: Thu, 26 Oct 2023 09:51:09 GMT
content-type: text/html
content-length: 1540
last-modified: Thu, 23 Jun 2022 21:19:20 GMT
etag: “62b4d8d8-604”
x-frame-options: DENY
strict-transport-security: max-age=604800

apt-get install ca-certificates
Reading package lists… Done
Building dependency tree
Reading state information… Done
ca-certificates is already the newest version (20230311ubuntu0.18.04.1).

I miss something and i didn’ see what is.

renanrodrigo · December 13, 2023, 10:25am

Hmmm… I see.
In this case, we would need more details about this.
Could you please run
sudo ubuntu-bug ubuntu-advantage-tools
so our team gets a Launchpad bug with the debugging information there?

Or, if you wish, directly open a bug in our Launchpad project . If you are manually opening the bug, make sure to run sudo pro collect-logs and attach the resulting tarball to the bug please.

husnu2 · January 4, 2024, 1:45pm

I have run pro detach command on two test machines but activated machine count on the dashboard dis not changed, even went up by 1 machine, how can I verify deactivate machines.

husnu2 · January 5, 2024, 4:48pm

Update: Next day the count was correct. I guess it needs some time to update. I am doing tests with realtime-kernel, I don’t know what would happen if I detach a machine and attach other machine for test, do I need to wait one day before attaching?

grant.orndorff · January 5, 2024, 5:00pm

Hi husnu2,

The dashboard count is the number of active machines within the past 24 hours, so it will take a day to decrease when you detach.
For exactly that reason, you won’t get auto-denied for going a few over your contract limit and it is okay to temporarily go above your limit to do testing like you suggest.

Hope this helps.

extjmontalvo · February 12, 2024, 1:21pm

Hi Renan.

Sorry for not answering until now, but I completely forgot it.
The error was with the ca-certificate path.

Fixed up and now this server is in Ubuntu Pro.
Thanks for all.