Thanks for the quick reply & info. I was frantically looking around how to solve the case where containers could benefit globally from these in house Ubuntu security updates for packages like imagemagick. Mistakes were made, when using AI search Engines, sorry for that.
As far as i understand the ubuntu pro token is supposed to go on the host and unsure if and how to add it to unprivileged containers. By the looks of it SRUs ( StableReleaseUpdates) could work with LXD VMs and containers are on the todo list? Still looking.
Since i fumbled posting that yesterday, i spun up a barebone 22.04 server and went through the steps above to answer your question.
There is no, ubuntu-advantage
package in 22.04.
~ # apt-cache search ubuntu-advantage
ubuntu-advantage-desktop-daemon - Daemon to allow access to ubuntu-advantage via D-Bus
ubuntu-advantage-tools - management tools for Ubuntu Pro
ubuntu-advantage-pro - Additional services for Ubuntu Pro images
and to answer your question,
~ # ua enable-esm lxd
usage: pro <command> [flags]
argument : invalid choice: 'enable-esm' (choose from 'attach', 'api', 'auto-attach', 'collect-logs', 'config', 'detach', 'disable', 'enable', 'fix', 'security-status', 'help', 'refresh', 'status', 'version', 'system')
~ # snap info lxd [25/192]
name: lxd
summary: LXD - container and VM manager
publisher: Canonical✓
store-url: https://snapcraft.io/lxd
contact: https://github.com/lxc/lxd/issues
license: unset
description: |
LXD is a system container and virtual machine manager.
It offers a simple CLI and REST API to manage local or remote instances,
uses an image based workflow and support for a variety of advanced features.
Images are available for all Ubuntu releases and architectures as well
as for a wide number of other Linux distributions. Existing
integrations with many deployment and operation tools, makes it work
just like a public cloud, except everything is under your control.
LXD containers are lightweight, secure by default and a great
alternative to virtual machines when running Linux on Linux.
LXD virtual machines are modern and secure, using UEFI and secure-boot
by default and a great choice when a different kernel or operating
system is needed.
With clustering, up to 50 LXD servers can be easily joined and managed
together with the same tools and APIs and without needing any external
dependencies.
Supported configuration options for the snap (snap set lxd [<key>=<value>...]):
- ceph.builtin: Use snap-specific Ceph configuration [default=false]
- ceph.external: Use the system's ceph tools (ignores ceph.builtin) [default=false]
- criu.enable: Enable experimental live-migration support [default=false]
- daemon.debug: Increase logging to debug level [default=false]
- daemon.group: Set group of users that have full control over LXD [default=lxd]
- daemon.user.group: Set group of users that have restricted LXD access [default=lxd]
- daemon.preseed: Pass a YAML configuration to `lxd init` on initial start
- daemon.syslog: Send LXD log events to syslog [default=false]
- daemon.verbose: Increase logging to verbose level [default=false]
- lvm.external: Use the system's LVM tools [default=false]
- lxcfs.pidfd: Start per-container process tracking [default=false]
- lxcfs.loadavg: Start tracking per-container load average [default=false]
- lxcfs.cfs: Consider CPU shares for CPU usage [default=false]
- lxcfs.debug: Increase logging to debug level [default=false]
- openvswitch.builtin: Run a snap-specific OVS daemon [default=false]
- openvswitch.external: Use the system's OVS tools (ignores openvswitch.builtin) [default=false]
- ovn.builtin: Use snap-specific OVN configuration [default=false]
- shiftfs.enable: Enable shiftfs support [default=auto]
For system-wide configuration of the CLI, place your configuration in
/var/snap/lxd/common/global-conf/ (config.yml and servercerts)
commands:
- lxd.benchmark
- lxd.buginfo
- lxd.check-kernel
- lxd.lxc
- lxd.lxc-to-lxd
- lxd
- lxd.migrate
services:
lxd.activate: oneshot, enabled, inactive
lxd.daemon: simple, enabled, active
lxd.user-daemon: simple, enabled, inactive
snap-id: J60k4JY0HppjwOjW8dZdYc8obXKxujRu
tracking: latest/stable
refresh-date: 12 days ago, at 07:34 UTC
channels:
latest/stable: 5.14-7072c7b 2023-06-01 (24918) 178MB -
latest/candidate: 5.15-be147af 2023-06-21 (25038) 181MB -
latest/beta: ↑
latest/edge: git-53db74c 2023-06-23 (25075) 181MB -
5.14/stable: –
5.14/candidate: 5.14-7072c7b 2023-05-31 (24918) 178MB -
5.14/beta: ↑
5.14/edge: ↑
5.13/stable: 5.13-8e2d7eb 2023-05-31 (24846) 174MB -
5.13/candidate: ↑
5.13/beta: ↑
5.13/edge: ↑
5.0/stable: 5.0.2-838e1b2 2023-01-25 (24322) 117MB -
5.0/candidate: 5.0.2-838e1b2 2023-01-18 (24322) 117MB -
5.0/beta: ↑
5.0/edge: git-2a04cf3 2023-04-15 (24732) 118MB -
4.0/stable: 4.0.9-a29c6f1 2022-12-04 (24061) 96MB -
4.0/candidate: 4.0.9-a29c6f1 2022-12-02 (24061) 96MB -
4.0/beta: ↑
4.0/edge: git-407205d 2022-11-22 (23988) 96MB -
3.0/stable: 3.0.4 2019-10-10 (11348) 55MB -
3.0/candidate: 3.0.4 2019-10-10 (11348) 55MB -
3.0/beta: ↑
3.0/edge: git-81b81b9 2019-10-10 (11362) 55MB -
installed: 5.14-7072c7b (24918) 178MB -
Would be great if LXD containers would automatically benefit and be able to pull the updates from ubuntu pro subscribed hosts.
https://wiki.ubuntu.com/StableReleaseUpdates
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
https://discourse.ubuntu.com/t/ubuntu-advantage-client/21788
https://canonical-ubuntu-pro-client.readthedocs-hosted.com