g8ddlZddlZddlZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZmZmZmZmZddl mZddl mZmZddl mZddl mZmZmZddlmZmZmZm Z dd l!m"Z"m#Z#dd l$m%Z%m&Z&m'Z'm(Z(m)Z)ejTZ+ejXejZe.Z/d Z0d Z1d e jddejfdejfdZ4 d-d e jddeejjdejfdejde6f dZ7 d-d e jdde8de6de6ddf dZ9 d.d e jdde jtddfdZ;dddddd e jdde8de6de8de6d e ee8f d!Zddfd)Z?d e jdfd*Z@d e jdd+e8fd,ZAy)0N)ListOptional)apicloudsconfigcontract entitlements event_logger exceptions livepatch)log)messagessecret_manager)status)systemtimerutil)APPARMOR_PROFILESCLOUD_BUILD_INFODEFAULT_CONFIG_FILEDEFAULT_LOG_PREFIX) machine_tokennotices)AttachmentDataattachment_data_filemachine_id_fileonly_series_check_marker_filetimer_jobs_state_file)zapt-news.servicezesm-cache.servicezua-timer.servicezua-timer.timerzua-auto-attach.pathzua-auto-attach.servicezua-reboot-cmds.servicezubuntu-advantage.service cfgcontract_client attached_atcddlm}tjt |t j ||||jy)Nrupdate_motd_messagesr"r )uaclient.timer.update_messagingr%rwriter ua_statusrupdate_activity_token)r r!r"r%s 2/usr/lib/python3/dist-packages/uaclient/actions.py_handle_partial_attachr-9s= E~+FG ))+Fservices_to_be_enabledsilentc d}g}g} |D]k}t||j|j|\} } || z}| s|j|jLtj |jm |st|||tj||rot jt||D cgc]C\} }| tj j#t%|t'j(fEc}} t j*|D cgc]} | tj,fc} y#t j$r3} tjjt|||| d} ~ wt j$r!|jjd}YAt$r9} d}|jj|j| Yd} ~ }d} ~ wwxYwcc}} wcc} w)NT)r namevariantr0)serviceF) error_msglog_path)failed_services)enable_entitlement_by_namer2r3appendeventservice_processedr ConnectivityErrorservice_failedr-UbuntuProError Exceptionservices_failedAttachFailureUnknownErrorziprUNEXPECTED_ERRORformatstrpro_logget_user_or_root_log_file_pathAttachFailureDefaultServices!E_ATTACH_FAILURE_DEFAULT_SERVICES)r r/r!r"r0retr7unexpected_errorsenable_by_default_serviceent_retreasonexcer2 exceptions r,_enable_default_servicesrRFs CO$)? P %8.33199 OGV 7NC&&'@'E'EF''0I0N0N'O P2 sO[A o. 66,/'):, !(i  1188&))n%,%K%K%M9 !  99!0!8EEF! +   ' ' 6;;<sO[A  $ $8==> $8==>  ##$ !!s7A0E=AG> !HG;.F3G;:G;.G66G;token allow_enablereturncddlm}ddlm}tj j |tj|}tj|}tjjtjj}|j||} t!j"j$} | j'dij'di} t)d| j'd gD} | j'd ij'd ij'd d } | rt!j*| }| | k7r+t-j.|j0|j2t5j6t4j8j:|j0|j2t=j>| |j?|  ||t jDjG| j'dij'dt!jD|}tIj>||r4tjJ||jM}tO|||||tQj>tS|||tUjVy #t,j@$r}|jC|d }~wwxYw)aC Common functionality to take a token and attach via contract backend :raise ConnectivityError: On unexpected connectivity issues to contract server or inability to access identity doc from metadata service. :raise ContractAPIError: On unexpected errors when talking to the contract server. r)+check_entitlement_apt_directives_are_uniquer$)tz)contract_token attachment_dtmachineTokenInfo contractInfoc3jK|]+}|jddk(r|jd|f-yw)typesupportN)get).0rPs r, z$attach_with_token..s5 55=I % vs13resourceEntitlementsr_ affordances onlySeriesN)releaseseries_codename machineId)r r/r!r"r0r&),uaclient.entitlementsrWr(r%rsecrets add_secretrget_machine_token_filerUAContractClientdatetimenowtimezoneutcadd_contract_machinerget_release_infoseriesr`dictget_distro_infor AttachFailureRestrictedReleaserfrgraddNoticeLIMITED_TO_RELEASErr)%EntitlementsAPTDirectivesAreNotUniquedeleteget_machine_id cache_clearrget_enabled_by_default_servicesr rRrrrstart)r rSrTr0rWr%machine_token_filer!r"new_machine_tokencurrent_seriesr\support_resource only_seriesallowed_releaserP machine_idr/s r,attach_with_tokenrsE%%e,&==cB//4O##''8+<+<+@+@'AK'<<K=,,.55N$(();R@DDL!!"8"= Y+ ]B  \4   00= . (;;'// / ? ?   NN - -#+++;; &++K8./3C8  %%'"&&'92>BBV**3/J*%!)!I!I #002"  !#9+#  ~+FG KKM1  ; ;!!#s'K K3K..K3cloudcB|j|}t|||y)a\ :raise ConnectivityError: On unexpected connectivity issues to contract server or inability to access identity doc from metadata service. :raise ContractAPIError: On unexpected errors when talking to the contract server. :raise NonAutoAttachImageError: If this cloud type does not have auto-attach support. )rSrTN)acquire_pro_tokenr)r rrTrSs r, auto_attachrs   # #C (Ec\Br.) access_onlyr3r0 extra_argsr2rr3rctj|||||}|s=tjtj j |j|jtj\}}|r?|s=tjtjj |j||fS)z Constructs an entitlement based on the name provided. Passes kwargs onto the entitlement constructor. :raise EntitlementNotFoundError: If no entitlement with the given name is found, then raises this error. )r r2r3rr)title) r entitlement_factoryr:infor ENABLING_TMPLrDrenablerProgressWrapper ENABLED_TMPL) r r2rr3r0r entitlementrMrNs r,r8r8s22   K  8))00{7H7H0IJ!(()<)<)>?OGVv 8((//k6G6G/HI F?r.)simulate_with_tokenshow_allrrc~|rtj|||\}}||fStj||}d}||fS)z6 Construct the current Pro status dictionary. )r rSrr rr)r*simulate_statusr)r rrrrJs r,rrsS//%  3;!!cH= 3;r.filenamecgd}d}d} tj|\}}|rfg}|jdD]*}tj||s|j |,tj |dj|yy#tj$rW}tjdt|tj dj|t|Yd}~yd}~wwxYw)z Helper which gets ubuntu_pro apparmor logs from the kernel from the last day and writes them to the specified filename. ) journalctlz-bz-kz--since=1 day agoz7apparmor=\".*(profile=\"ubuntu_pro_|name=\"ubuntu_pro_)N z!Failed to collect kernel logs: %s{}-error)rsubpsplitresearchr9 write_filejoinr ProcessExecutionErrorLOGwarningrErD)rcmd apparmor_re kernel_logs_ apparmor_logs kernel_linerPs r,_write_apparmor_logs_to_filer%s :CLKK BS) Q M*006 6 99[+6!((5 6   h -(@ A   + +? 8#a&A*++H5s1v>>?sB C5A C00C5 return_codesc> tj|j|\}}tj|dj ||y#t j $r8}tjdj |t|Yd}~yd}~wwxYw)zCHelper which runs a command and writes output or error to filename.)rcszstdout: {} stderr: {}rN)rrrrrDr rrE)rrrouterrrPs r,_write_command_output_to_filer>s~ ;;syy{ =S  299#sC   + +?*++H5s1v>>?s(AB$.BBcjxstjtjj t gfdtjDS)Nc3K|]:}t|tjjr|j<ywN) issubclassr repoRepoEntitlement repo_file)raentitlement_clsr s r,rbz#_get_state_files..Ss: /<+<+<+L+LM C * * sAA) cfg_pathrlog_filerua_filepathrr ENTITLEMENT_CLASSESr's`r,_get_state_filesrLsM ++ %%**   #/#C#C  r. output_dirc  tddj|tdjtjdj|tddj|tddj|td jd j t Dcgc]}d |vsd j|c}d j|t D]1}tdj|dj||ddg3t |d\}}tjdj|tj|tjtj}tjdj|tj|t|}tjrt!j"dt$nt!j&g}t)|D]q\} } tj*tj,| } tjt.j0j |dj| | s|t;j:t<dzzD]} t.j0j?| s# tj,| } tj*| } tjrtj| | tjt.j0j |t.j0jA| | tCdj|tDD]9} t.j0j?| s# tGjH| |;ycc}w#t2$r+} t4j7d| t9| Yd} ~ d} ~ wwxYw#t2$r+} t4j7d| t9| Yd} ~ d} ~ wwxYw#t2$r*} t4j7d| t9| Yd} ~ d} ~ wwxYw)zG Write all relevant Ubuntu Pro logs to the specified directory zcloud-idz{}/cloud-id.txtz {} statusz{}/livepatch-status.txtzsystemctl list-timers --allz{}/systemd-timers.txtzujournalctl --boot=0 -o short-precise -u cloud-init-local.service -u cloud-init-config.service -u cloud-config.servicez{}/cloud-init-journal.txtzjournalctl -o short-precise {} z.servicez-u {}z{}/pro-journal.txtzsystemctl status {}z {}/{}.txtr)rFrz{}/pro-status.json)clsz{}/environment_vars.jsonNz user{}.logz&Failed to collect user log file: %s %s*zFailed to load file: %s %sz{}/apparmor_logs.txtzFailed to copy file: %s %s)%rrDr LIVEPATCH_CMDr UA_SERVICESrrrjsondumpsrDatetimeAwareJSONEncoderget_pro_environmentrwe_are_currently_rootrFget_all_user_log_filesUSER_LOG_COLLECTED_LIMITget_user_log_file enumerateredact_sensitive_logs load_fileosrr?rrrEglobrisfilebasenamerrshutilcopy)r rsr4 pro_statusrenv_vars state_filesuser_log_files log_file_idxrcontentrPfs r, collect_logsr[s"%,,Z8"9223!((4"%&&z2" & $**:6" ,44 HH,7Kq:?"K  ##J/  % ! ( ( 1   z7 3Q  sU3MJ ##J/ :4#@#@A'')H "))*5 8 #3'K  % % ' &&()B*BC'') * #,N";  h 001A1A(1KLG    Z)<)<\)JK  499%7#%=> > 77>>!   **1-009G))+!!!W-    Z)9)9!)<=w (!!7!>!>z!JK 77>>!   Az*CLH  KK98SV     91c!fE  .  91c!fE sU- O7O(A+O!PQ! P* PP Q ! QQ  R Q==R)F)Tr)Brnrrloggingrrrtypingrruaclientrrrrr r r r r rFrrrr*rrruaclient.defaultsrrrruaclient.filesrruaclient.files.state_filesrrrrrget_event_loggerr: getLoggerreplace_top_level_logger_name__name__rrrUAConfigrmr-EnableByDefaultServiceboolrRrErAutoAttachInstancerr8rintrrrr.r,rs  !   $-((( 2 & %%'g:::8DE   ,  ,.. ,"" ,$ ? ? !@!@A?..?"" ?  ?L Q Q QQ  Q  QnC C  $ $C C*&*       c#J*.  "# ,B3B4B4=A    &.tCy&9      &// bfoob3br.