Provided by: ubuntu-pro-client_34~24.04_amd64 bug

NAME

       pro - Manage Ubuntu Pro services from Canonical

SYNOPSIS

       pro <command> [<args>]

DESCRIPTION

       Ubuntu  Pro  is  a collection of services offered by Canonical to Ubuntu users. The Ubuntu
       Pro command line tool is used to attach a system to an Ubuntu Pro contract to then  enable
       and  disable services from Canonical. The available commands and services are described in
       more detail below.

COMMANDS

       api <api-endpoint>
              Calls the Client API endpoints.

              For a list of all of the supported endpoints and their structure, please  refer  to
              the Pro client API reference guide:

              https://canonical-ubuntu-pro-client.readthedocs-
              hosted.com/en/latest/references/api/

       attach [--no-auto-enable] [--attach-config=/path/to/file.yaml] <token>
              Connect an Ubuntu Pro support contract to this machine.

              The --attach-config option can be used  to  provide  a  file  with  the  token  and
              optionally,  a  list  of  services  to  enable after attaching. The token parameter
              should not be used if this option is provided. An attach config file looks like the
              following:
                  token: YOUR_TOKEN_HERE  # required
                  enable_services:        # optional list of service names to auto-enable
                      - esm-infra
                      - esm-apps
                      - cis

              The  optional  --no-auto-enable  flag  will  disable  the  automatic  enablement of
              recommended entitlements which  usually  happens  immediately  after  a  successful
              attach.

              The exit code can be:
                  0: on successful attach
                  1: in case of any error while trying to attach
                  2: if the machine is already attached

       collect-logs[-o<file>|--output<file>]
              Create a tarball with all relevant logs and debug data.

              The  --output  parameter defines the path to the tarball. If not provided, the file
              is saved as pro_logs.tar.gz in the current directory.

       config set/unset <config-name>

              Set/unset one of the available Pro configuration settings:

              http_proxy If set, pro will use the specified  http  proxy  when  making  any  http
              requests

              https_proxy  If  set,  pro will use the specified https proxy when making any https
              requests

              apt_http_proxy [DEPRECATED] If set, pro will configure apt  to  use  the  specified
              http  proxy by writing a apt config file to /etc/apt/apt.conf.d/90ubuntu-advantage-
              aptproxy. (Please use global_apt_http_proxy)

              apt_https_proxy [DEPRECATED] If set, pro will configure apt to  use  the  specified
              https proxy by writing a apt config file to /etc/apt/apt.conf.d/90ubuntu-advantage-
              aptproxy. (Please use global_apt_https_proxy)

              global_apt_http_proxy If set, pro will configure apt  to  use  the  specified  http
              proxy  by  writing  a  apt  config  file to /etc/apt/apt.conf.d/90ubuntu-advantage-
              aptproxy. Set this if you prefer a global proxy for all  resources,  not  just  the
              ones from esm.ubuntu.com

              global_apt_https_proxy  If  set,  pro will configure apt to use the specified https
              proxy by writing  a  apt  config  file  to  /etc/apt/apt.conf.d/90ubuntu-advantage-
              aptproxy.  Set  this  if  you prefer a global proxy for all resources, not just the
              ones from esm.ubuntu.com

              ua_apt_http_proxy If set, pro will configure apt to use the specified http proxy by
              writing  a apt config file to /etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy. This
              proxy is limited to accessing resources from esm.ubuntu.com

              ua_apt_https_proxy If set, pro will configure apt to use the specified https  proxy
              by  writing  a  apt config file to /etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy.
              This proxy is limited to accessing resources from esm.ubuntu.com

              <job_name>_timer Sets  the  timer  running  interval  for  a  specific  job.  Those
              intervals are checked every time the systemd timer runs.

              apt_news  If  set to false, the Pro client will no longer display apt news messages
              on the output of apt upgrade.

              apt_news_url Sets the url where the Pro client will consume  apt  news  information
              from.

              If  needed, authentication to the proxy server can be performed by setting username
              and password in the URL itself, as in:
                http_proxy: http://<username>:<password>@<fqdn>:<port>

       config show <config-name>
              Show customizable configuration settings

              If no config is provided, this command will display all of  the  Pro  configuration
              values

       detach Remove the Ubuntu Pro support contract from this machine.

       disable [anbox-cloud|cc-eal|cis|esm-apps|esm-infra|fips|fips-updates|
               landscape|livepatch|realtime-kernel|ros|ros-updates]

              Disable this machine's access to an Ubuntu Pro service.

       enable [anbox-cloud|cc-eal|cis|esm-apps|esm-infra|fips|fips-updates|
              landscape|livepatch|realtime-kernel|ros|ros-updates]

              Activate and configure this machine's access to an Ubuntu Pro service.

       fix [--dry-run] [--no-related] <security_issue>
              Fix a CVE or USN on the system by upgrading the appropriate package(s).

              The  optional  --dry-run flag will display everything that would be executed by the
              fix command without actually making any changes.

              The optional --no-related flag  will  modify  how  the  fix  command  behaves  when
              handling  a  USN.   With  this  flag,  the command will not attempt to fix any USNs
              related to the target USN.

              <security_issue> can be any of  the  following  formats:  CVE-yyyy-nnnn,  CVE-yyyy-
              nnnnnnn, or USN-nnnn-dd.

              The exit code can be 0, 1, or 2.
                  0:  the  fix  was successfully applied or the security issue doesn't affect the
              system
                  1: the fix cannot be applied
                  2: the fix was applied but requires a reboot before it takes effect

       refresh [contract|config|messages]
              Refresh three distinct Ubuntu Pro related artifacts in the system:

              contract: Update contract details from the server.

              config: Reload the config file.

              messages: Update APT and MOTD messages related to UA.

              You can individually target any of the  three  specific  actions,  by  passing  the
              target  name  to  the  command.   If  no  `target`  is  specified,  all targets are
              refreshed.

       security-status [--thirdparty | --unavailable | --esm-infra | --esm-apps]

              Show security updates for packages in the system, including all available  Expanded
              Security Maintenance (ESM) related content.

              Shows counts of how many packages are supported for security updates in the system.

              The  output  contains  basic information about Ubuntu Pro. For a complete status on
              Ubuntu Pro services, run 'pro status'.

              The optional --thirdparty  flag  will  only  show  information  about  third  party
              packages

              The  optional  --unavailable  flag  will  only  show  information about unavailable
              packages

              The optional --esm-infra flag will only show information about esm-infra packages

              The optional --esm-apps flag will only show information about esm-apps packages

       status [--simulate-with-token TOKEN] [--all]
              Report current status of Ubuntu Pro services on system.

              This shows whether this machine is attached to an Ubuntu Pro support contract. When
              attached,  the  report  includes  the  specific  support contract details including
              contract name, expiry dates, and the status of each service on this system.

              The attached status output has four columns:

              SERVICE: name of the service

              ENTITLED: whether the contract to which this machine is attached  entitles  use  of
              this service. Possible values are: yes or no

              STATUS:  whether  the  service  is  enabled  on this machine.  Possible values are:
              enabled, disabled, n/a (if your contract entitles you to the service, but it  isn't
              available for this machine) or  (if you aren't entitled to this service)

              DESCRIPTION: a brief description of the service

              The unattached status output instead has three columns. SERVICE and DESCRIPTION are
              the same as above, and there is the addition of:

              AVAILABLE: whether this service would be available if this machine  were  attached.
              The possible values are yes or no.

              If  --simulate-with-token  is  used,  then  the  output has five columns.  SERVICE,
              AVAILABLE,  ENTITLED  and  DESCRIPTION  are  the  same  as  mentioned  above,   and
              AUTO_ENABLED  shows  whether  the  service  is set to be enabled when that token is
              attached.

              If the --all flag is set, unavailable services are also listed in the output.

       system reboot-required
              Tells if the system needs to be rebooted

       version
              Show version of the Ubuntu Pro package.

PRO UPGRADE DAEMON

       Ubuntu Pro client sets up a daemon on supported platforms (currently on Azure and GCP)  to
       detect  if an Ubuntu Pro license is purchased for the machine. If an Ubuntu Pro license is
       detected, then the machine is automatically attached.  If you are uninterested  in  Ubuntu
       Pro services, you can safely stop and disable the daemon using systemctl:

       sudo    systemctl   stop   ubuntu-advantage.service   sudo   systemctl   disable   ubuntu-
       advantage.service

TIMER JOBS

       Ubuntu Pro client sets  up  a  systemd  timer  to  run  jobs  that  need  to  be  executed
       recurrently.  The  timer  itself  ticks every 5 minutes on average, and decides which jobs
       need to be executed based on their intervals.

       Jobs are executed by the timer script if the script has not yet run successfully, or their
       interval  since  last successful run is already exceeded.  There is a random delay applied
       to the timer, to desynchronize job execution time on machines spinned at  the  same  time,
       avoiding multiple synchronized calls to the same service.

       Current jobs being checked and executed are:

       update_messaging
              Makes  sure  that the MOTD and APT messages match the available/enabled services on
              the system, showing information about available packages or security updates.

       metering
              If attached, this job will ping the Canonical servers telling  which  services  are
              enabled on the machine.

SERVICES

       Anbox Cloud (anbox-cloud)
              Anbox  Cloud  lets  you  stream  mobile apps securely, at any scale, to any device,
              letting you focus on your apps. Run Android  in  system  containers  on  public  or
              private  clouds  with  ultra low streaming latency. When the anbox-cloud service is
              enabled, by default, the Appliance variant is enabled. Enabling this service allows
              orchestration  to  provision  a  PPA with the Anbox Cloud resources. This step also
              configures the Anbox Management Service  (AMS)  with  the  necessary  image  server
              credentials.

              To learn more about Anbox Cloud, see https://anbox-cloud.io

       Common Criteria EAL2 Provisioning (cc-eal)
              Common  Criteria is an Information Technology Security Evaluation standard (ISO/IEC
              IS 15408) for computer security certification. Ubuntu 16.04 has been  evaluated  to
              assurance  level  EAL2  through CSEC. The evaluation was performed on Intel x86_64,
              IBM Power8 and IBM Z hardware platforms.

       CIS Audit (cis)/Ubuntu Security Guide (usg)
              Ubuntu  Security  Guide  is  a  tool  for  hardening  and  auditing,  allowing  for
              environment-specific  customizations.  It  enables compliance with profiles such as
              DISA-STIG and the CIS benchmarks.

              Find out more at https://ubuntu.com/security/certifications/docs/usg

       Expanded Security Maintenance for Infrastructure (esm-infra)
              Expanded Security Maintenance for Infrastructure provides access to a  private  PPA
              which includes available high and critical CVE fixes for Ubuntu LTS packages in the
              Ubuntu Main repository  between  the  end  of  the  standard  Ubuntu  LTS  security
              maintenance and its end of life. It is enabled by default with Ubuntu Pro.

              You can find out more about the service at https://ubuntu.com/security/esm

       Expanded Security Maintenance for Applications (esm-apps)
              Expanded  Security  Maintenance  for Applications is enabled by default on entitled
              workloads. It provides access to a private PPA which includes  available  high  and
              critical  CVE  fixes for Ubuntu LTS packages in the Ubuntu Main and Ubuntu Universe
              repositories from the Ubuntu LTS release date until its end of life.

              You can find out more about the esm service at https://ubuntu.com/security/esm

       FIPS 140-2 certified modules (fips)
              Installs FIPS 140 crypto packages for FedRAMP,  FISMA  and  compliance  use  cases.
              Note  that  "fips"  does  not provide security patching. For FIPS certified modules
              with security patches please see "fips-updates". If you are unsure,  choose  "fips-
              updates" for maximum security.

              Find out more at https://ubuntu.com/security/fips

       FIPS 140-2 certified modules with updates (fips-updates)
              fips-updates  installs  FIPS 140 crypto packages including all security patches for
              those modules that have been provided since their certification date.

              You can find out more at https://ubuntu.com/security/fips

       Landscape (landscape)
              Landscape Client can be installed on  this  machine  and  enrolled  in  Canonical's
              Landscape   SaaS:   https://landscape.canonical.com  or  a  self-hosted  Landscape:
              https://ubuntu.com/landscape/install

              Landscape allows you to manage many machines as easily as one,  with  an  intuitive
              dashboard and API interface for automation, hardening, auditing, and more.

              Find out more about Landscape at https://ubuntu.com/landscape

       Livepatch Service (livepatch)
              Livepatch  provides  selected  high  and  critical  kernel CVE fixes and other non-
              security bug fixes as kernel livepatches. Livepatches are applied without rebooting
              a  machine which drastically limits the need for unscheduled system reboots. Due to
              the nature of fips  compliance,  livepatches  cannot  be  enabled  on  fips-enabled
              systems.

              You    can   find   out   more   about   Ubuntu   Kernel   Livepatch   service   at
              https://ubuntu.com/security/livepatch

       ROS ESM Security Updates (ros)
              ros provides access to a private PPA which includes  security-related  updates  for
              available  high  and  critical CVE fixes for Robot Operating System (ROS) packages.
              For access to ROS ESM and security updates, both esm-infra  and  esm-apps  services
              will also be enabled. To get additional non-security updates, enable ros-updates.

              You can find out more about the ROS ESM service at https://ubuntu.com/robotics/ros-
              esm

       ROS ESM All Updates (ros-updates)
              ros-updates provides access to a private  PPA  that  includes  non-security-related
              updates  for  Robot  Operating  System  (ROS) packages. For full access to ROS ESM,
              security and non-security updates, the esm-infra, esm-apps, and ros  services  will
              also be enabled.

              You can find out more about the ROS ESM service at https://ubuntu.com/robotics/ros-
              esm

REPORTING BUGS

       Please report bugs either by  running  `ubuntu-bug  ubuntu-advantage-tools`  or  login  to
       Launchpad   and  navigate  to  https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-
       tools/+filebug

COPYRIGHT

       Copyright (C) 2019-2020 Canonical Ltd.