Upgrade to Ubuntu Pro at scale using tokens with SSM

Key Value
Summary How to upgrade to Ubuntu Pro using tokens automatically and at scale using AWS Systems Manager
Categories cloud, server, aws
Difficulty 2
Author Carlos Bravo carlos.bravo@canonical.com

Overview

Duration 2:00

Ubuntu Pro expands Ubuntu LTS’ 5 years of coverage up to ten-year of security coverage with an additional support of 23,000 packages beyond the main operating system and it is free for use on up to 5 machines!

There are two ways to get Ubuntu Pro on AWS:

  1. Launching an Ubuntu Pro machine from the AWS Marketplace, which is ready to use through a PAYG charging model.
  2. Attaching an Ubuntu Pro token to any existing Ubuntu LTS server

This tutorial will cover the second case: Activating Pro via token but with a little twist: using AWS Systems Manager to leverage automation and scalability.

There are many ways to automate actions on AWS Systems Manager but for this tutorial, we are going to use SSM Documents and the Run Command functionality as it will give us better control of execution, repeatability and version control.

As in a previous tutorial we already covered how to write SSM Documents and run them, we will jump directly into what we need for attaching tokens in a SSM Document format.

What you’ll need

  • An AWS account
  • An Ubuntu One account (you can create one on https://ubuntu.com/pro)
  • Machines with SSM agent installed (available by default on Ubuntu 16.04 onwards). If it is properly configured, the servers will appear as Managed Nodes on AWS SSM Fleet Manager (see the reference links for more information)
  • Basic understanding about writing and running SSM Documents (see the reference links for more information)

What you’ll learn

  • How to get Pro tokens
  • How to create SSM Documents with user-input parameters
  • How to attach Pro tokens using SSM Documents on AWS

Getting started

Duration 5:00

Normally, applying a token to any machine requires access to a terminal to run the following command:

sudo pro attach <YOUR_TOKEN>

But if you want to do it on several machines, you may be already thinking that this method cannot be done manually as it is time consuming and error prone. This is where AWS Systems Manager comes to our help, but we will need to have our machines listed as managed nodes on the SSM console as shown in the picture below.

AWS SSM Fleet manager

Please see this tutorial if you don’t know how to do this yet.

The second prerequisite is to have basic knowledge about writing SSM documents and running them with SSM Run Command. If you don’t know how to do it yet, please read this tutorial.

If your machines have SSM enabled and are shown as managed nodes on the SSM console, we are ready to get started!

Get a token

Duration: 5:00

To get an Ubuntu Pro token, you need to create an account in https://ubuntu.com/pro to see your subscriptions and get your tokens. Anyone can use Ubuntu Pro for free on up to 5 machines, even for production workloads.

Log-in by clicking on Your subscriptions. You will be redirected to the following screen where the token is exposed as shown in the orange ellipse:

Your Subscriptions

Create a SSM Document to attach the token

Duration: 10:00

The SSM Document is just a JSON or YAML file containing the script in steps or sections. Then we will run it using SSM Run Command.

As we already know how to write and run a basic SSM document, we will be jumping to the full solution here.

ⓘ Note:
As the token is personal, it is not recommended to hard-code it into the code but add it as a user parameter.

This is the full code:

---
schemaVersion: '2.2'
description: "Enable Pro services using a Pro token"
parameters:
  token:
    type: String
mainSteps:
- action: aws:runShellScript
  name: update
  inputs:
    runCommand:
    - "sudo apt-get update && sudo apt-get upgrade -y"
- action: aws:runShellScript
  name: attachToken
  inputs:
    runCommand:
    - "sudo pro attach {{ token }}"
- action: aws:runShellScript
  name: updateWithESM
  inputs:
    runCommand:
    - "sudo apt-get update && sudo apt-get upgrade -y"

This code has two main sections: One for parameters and one for the actual script (mainSteps).

The token will be requested to the user when running this document, then it will execute the rest of the code:

  1. Run an update (to make sure the pro agent is at the latest version)
  2. Attach the token
  3. Update again in case you have installed software that could get security updates from Pro repositories.

No reboot is needed.

Let’s run it.

Duration: 2:00

Now you can go either to Fleet Manager or Run Command and schedule this Document via Run Command. If in doubt we have it also covered in this tutorial

Now you can sit back and relax while you see the status of this action. You don’t need to restart the machines after applying the token. If it fails, check the SSM format of your document, see if there are any typos and try again. If this does not work check the output generated by SSM and see for any configuration issue (do your machines have access to update and upgrade packages? Pro repositories are available on different endpoints. Check the references at the end of the tutorial).

Sucess

That’s all Folks!

You can always check the status of the subscription by running sudo pro status and see entitlements and enabled services.

What’s next? If you want to learn more about Pro entitlements and features, please take a look at our onboarding page: Getting started with Ubuntu Pro

Further reading