将 Ubuntu Pro 应用于 Ubuntu 22.04
首先
https://ubuntu.com/blog/ubuntu-pro-enters-ga
最近,Ubuntu Pro的一般提供已经开始。据说个人用途最多可免费使用5台设备,因此我尝试在家里使用的Ubuntu上应用这一功能。以下是操作步骤,仅作备忘录记录。
Note
本文中涉及的Ubuntu版本为22.04。
操作步骤
1.创建Ubuntu One账户
2. token的确认并注册。
$ sudo pro attach {your_token}
[sudo] {your_name} 的密码:
Enabling default service esm-apps
Updating package lists
Ubuntu Pro: ESM Apps enabled
Enabling default service esm-infra
Updating package lists
Ubuntu Pro: ESM Infra enabled
Enabling default service livepatch
Installing snapd
Updating package lists
Installing canonical-livepatch snap
Canonical livepatch enabled.
Unable to determine current instance-id
This machine is now attached to 'Ubuntu Pro - free personal subscription'
SERVICE ENTITLED STATUS DESCRIPTION
esm-apps yes enabled Expanded Security Maintenance for Applications
esm-infra yes enabled Expanded Security Maintenance for Infrastructure
livepatch yes enabled Canonical Livepatch service
realtime-kernel yes disabled Ubuntu kernel with PREEMPT_RT patches integrated
NOTICES
Operation in progress: pro attach
Enable services with: pro enable <service>
Account: {your_mail}
Subscription: Ubuntu Pro - free personal subscription
3. 安装管理工具并确认应用Pro。
注册过程已在步骤2中完成,现在要安装Pro的管理工具ubuntu-advantage-tools。顺便升级一下软件包。
$ sudo apt-get install ubuntu-advantage-tools
$ sudo apt update && sudo apt upgrade
通过以下命令确认是否已应用Pro” 或者 “使用下面的命令检查是否已应用Pro
$ pro --version
27.13.2~22.04.1
$ pro status
pro status
SERVICE ENTITLED STATUS DESCRIPTION
esm-apps yes enabled Expanded Security Maintenance for Applications
esm-infra yes enabled Expanded Security Maintenance for Infrastructure
livepatch yes enabled Canonical Livepatch service
realtime-kernel yes disabled Ubuntu kernel with PREEMPT_RT patches integrated
Enable services with: pro enable <service>
Account: {your_mail}
Subscription: Ubuntu Pro - free personal subscription
Pro 版本的功能举例
关于安全性方面
- 可以查看安装包的类型和路径。
$ pro security-status
2097 packages installed:
1852 packages from Ubuntu Main/Restricted repository
224 packages from Ubuntu Universe/Multiverse repository
19 packages from third parties
2 packages no longer available for download
To get more information about the packages, run
pro security-status --help
for a list of available options.
This machine is attached to an Ubuntu Pro subscription.
Main/Restricted packages are receiving security updates from
Ubuntu Pro with 'esm-infra' enabled until 2032.
Universe/Multiverse packages are receiving security updates from
Ubuntu Pro with 'esm-apps' enabled until 2032. You have received 1 security
update.
- 可以通过CVE编号检查系统是否受到影响。
$ pro fix CVE-2021-3583
CVE-2021-3583: Ansible vulnerabilities
https://ubuntu.com/security/CVE-2021-3583
No affected source packages are installed.
✔ CVE-2021-3583 does not affect your system.
- “Ubuntu Main repository” 与 “Ubuntu Universe repository” 的软件包集将获得 10 年的支持。
Kernel Livepatch
https://ubuntu.com/security/livepatch
- 可以在系统运行时应用内核补丁,对服务器用途非常方便。
附加内容:启用实时内核
通过查看状态,我发现很容易切换到应用了PREEMPT_RT补丁的内核,所以进行了尝试
Note
目前实时内核realtime-kernel和livepatch无法共存,如果需要使用livepatch,请注意
The Real-time kernel is an Ubuntu kernel with PREEMPT_RT patches integrated.
It services latency-dependent use cases by providing deterministic response times.
The Real-time kernel meets stringent preemption specifications and is suitable for
telco applications and dedicated devices in industrial automation and robotics.
The Real-time kernel is currently incompatible with FIPS and Livepatch.
此外,如果在应用补丁后想要返回到原始内核,也需要手动进行处理,所以请注意。
This will change your kernel. To revert to your original kernel, you will need
to make the change manually.
执行以下命令后,只需重新启动即可启用realtime-kernel。
$ sudo pro enable realtime-kernel
$ pro status
SERVICE ENTITLED STATUS DESCRIPTION
esm-apps yes enabled Expanded Security Maintenance for Applications
esm-infra yes enabled Expanded Security Maintenance for Infrastructure
realtime-kernel yes enabled Ubuntu kernel with PREEMPT_RT patches integrated
参考
https://ubuntu.com/pro/tutorialhttps://github.com/canonical/ubuntu-advantage-client
