UBUNTU-ADVANTAGE(1)            Ubuntu Advantage            UBUNTU-ADVANTAGE(1)

       ubuntu-advantage - Manage Ubuntu Advantage services from Canonical

       ua <command> [<args>]
       ubuntu-advantage <command> [<args>]

       Ubuntu  Advantage  is  a collection of services offered by Canonical to
       Ubuntu users. The Ubuntu Advantage command line tool is used to  attach
       a  system  to  an  Ubuntu Advantage contract to then enable and disable
       services from  Canonical.  The  available  commands  and  services  are
       described in more detail below.

       attach [--no-auto-enable] <token>
              Connect an Ubuntu Advantage support contract to this machine.

              The  token  parameter  can  be  obtained  from https://auth.con-

              The optional --no-auto-enable flag will  disable  the  automatic
              enablement  of  recommended  entitlements  which usually happens
              immediately after a successful attach.

              The exit code can be:
                  0: on successful attach
                  1: in case of any error while trying to attach
                  2: if the machine is already attached

       collect-logs [-o <file>| --output <file>]
              Create a tarball with all relevant UA logs and debug data.

              The --output parameter defines the path to the tarball.  If  not
              provided,  the  file  is  saved as ua_logs.tar.gz in the current

       detach Remove the Ubuntu Advantage support contract from this  machine.
              This also disables all enabled services that can be.

       disable [cc-eal|cis|esm|fips|fips-updates|livepatch|ros|ros-updates]
              Disable this machine's access to an Ubuntu Advantage service.

       enable [cc-eal|cis|esm|fips|fips-updates|livepatch|ros|ros-updates]
              Activate and configure this machine's access to an Ubuntu Advan-
              tage service.

       fix <security_issue>
              Fix a CVE or USN on the  system  by  upgrading  the  appropriate

              <security_issue>  can be any of the following formats: CVE-yyyy-
              nnnn, CVE-yyyy-nnnnnnn, or USN-nnnn-dd.

              The exit code can be 0, 1, or 2.
                  0: the fix was successfully applied
                  1: the fix cannot be applied
                  2: the fix was applied but requires a reboot before it takes

              Refresh contract and service details from Canonical.

              Show  security updates for packages in the system, including all
              available ESM related content.

       status   [--format=tabular|json|yaml]   [--simulate-with-token   TOKEN]
              Report current status of Ubuntu Advantage services on system.

              This  shows whether this machine is attached to an Ubuntu Advan-
              tage support contract. When attached, the  report  includes  the
              specific  support  contract  details  including  contract  name,
              expiry dates, and the status of each service on this system.

              The attached status output has four columns:

              SERVICE: name of the service

              ENTITLED: whether the contract to which this machine is attached
              entitles use of this service. Possible values are: yes or no

              STATUS:  whether the service is enabled on this machine.  Possi-
              ble values are: enabled, disabled, n/a (if your  contract  enti-
              tles  you  to  the  service,  but  it  isn't  available for this
              machine) or -- (if you aren't entitled to this service)

              DESCRIPTION: a brief description of the service

              The unattached status output instead has three columns.  SERVICE
              and DESCRIPTION are the same as above, and there is the addition

              AVAILABLE: whether this  service  would  be  available  if  this
              machine were attached.  The possible values are yes or no.

              If  --simulate-with-token is used, then the output has five col-
              umns.  SERVICE, AVAILABLE, ENTITLED and DESCRIPTION are the same
              as  mentioned  above, and AUTO_ENABLED shows whether the service
              is set to be enabled when that token is attached.

              If the --all flag is set, beta and unavailable services are also
              listed in the output.

              Show version of the Ubuntu Advantage package.

       UA  client sets up a systemd timer to run jobs that need to be executed
       recurrently. The timer itself ticks every 5  minutes  on  average,  and
       decides which jobs need to be executed based on their intervals.

       Jobs  are  executed  by  the timer script if the script has not yet run
       successfully, or their interval since last successful  run  is  already
       exceeded.   There is a random delay applied to the timer, to desynchro-
       nize job execution time on machines spinned at the same time,  avoiding
       multiple synchronized calls to the same service.

       Current jobs being checked and executed are:

              Makes  sure  that  the  MOTD  and  APT messages match the avail-
              able/enabled services on the system, showing  information  about
              available packages or security updates.

              Makes sure the `ua status` command will have the latest informa-
              tion even  when  executed  by  a  non-root  user,  updating  the
              /var/lib/ubuntu-advantage/status.json file.

              Only  operable on Google Cloud Platform (GCP) generic Ubuntu VMs
              without an active Ubuntu Advantage license. It polls  GCP  meta-
              data  every 5 minutes to discover if a license has been attached
              to the VM through Google Cloud and will perform `ua auto-attach`
              in that case.

       By default, Ubuntu Advantage client configuration options are read from

       The following configuration options are available:

              The ubuntu advantage contract server URL

              The ubuntu advantage security server URL

              Where Ubuntu Advantage client stores its data files

              The logging level used when writing to log_file

              The log file for the Ubuntu Advantage client

              The log file for the Ubuntu Advantage timer and timer jobs

              The log file for the Ubuntu Advantage license  check  job  (only
              used on GCP)

       The following options must be nested under the "ua_config" key:

              If  set,  ua  will  use the specified http proxy when making any
              http requests

              If set, ua will use the specified https proxy  when  making  any
              https requests

              If set, ua will configure apt to use the specified http proxy by
              writing a apt config file to /etc/apt/apt.conf.d/90ubuntu-advan-

              If  set,  ua will configure apt to use the specified https proxy
              by writing a apt config  file  to  /etc/apt/apt.conf.d/90ubuntu-

              Sets the timer running interval for a specific job. Those inter-
              vals are checked every time the systemd timer runs.

       If needed, authentication to the proxy server can be performed by  set-
       ting username and password in the URL itself, as in:

         http_proxy: http://<username>:<password>@<fqdn>:<port>

       Additionally, some configuration options can be overridden in the envi-
       ronment   by   setting   an   environment    variable    prefaced    by
       UA_<option_name>.  Both  uppercase  and lowercase environment variables
       are allowed. The configuration options that support this are: data_dir,
       log_file,  timer_log_file, license_check_log_file, log_level, and secu-

       For  example,  the  following  overrides   the   log_level   found   in

         UA_LOG_LEVEL=info ua attach

       Common Criteria EAL2 Provisioning (cc-eal)
              Enables and install the Common Criteria artifacts.

              The  artifacts  include a configure script, a tarball with addi-
              tional packages, and post install scripts. The artifacts will be
              installed  in  /usr/lib/common-criteria directory and the README
              and configuration guide are available in  /usr/share/doc/ubuntu-
              commoncriteria directory.

       CIS Audit (cis)
              Enables and installs the CIS Audit artifacts.

       Extended Security Maintenance (esm)
              Extended  Security  Maintenance ensures the ongoing security and
              integrity of systems running  Ubuntu  Long  Term  Support  (LTS)
              releases through Ubuntu Advantage for Infrastructure.

              See for more information.

       FIPS 140-2 certified modules (fips)
              Install, configure, and enable FIPS 140-2 certified modules.

              After  successfully  enabling FIPS, the system MUST be rebooted.
              Failing to reboot will result in  the  system  not  running  the
              updated FIPS kernel.

              Disabling FIPS is not currently supported.

       FIPS 140-2 certified modules with updates (fips-updates)
              Install, configure, and enable FIPS 140-2 certified modules with
              updates. Enabling FIPS with updates will take the system out  of
              FIPS compliance as the updated modules are not FIPS certified.

              After  successfully  enabling FIPS with updates, the system MUST
              be rebooted. Failing to reboot will result  in  the  system  not
              running the updated FIPS kernel.

              Disabling FIPS with updates is not currently supported.

       Livepatch Service (livepatch)
              Automatically  apply  critical kernel patches without rebooting.
              Reduces downtime, keeping your Ubuntu  LTS  systems  secure  and

              See for more information.

       ROS ESM Security Updates (ros)
              Robot  Operating  System  Extended Security Maintenance Security
              Updates provides security fixes for ROS packages to  ensure  the
              ongoing integrity of ROS based applications.

              See for more information.

       ROS ESM All Updates (ros-updates)
              Robot Operating System Extended Security Maintenance All Updates
              provides additional bug fixes in addition to security fixes  for
              ROS packages to ensure the ongoing integrity of ROS based appli-

              See for more information.

       Please report bugs  either  by  running  `ubuntu-bug  ubuntu-advantage-
       tools`  or  login  to  Launchpad  and  navigate to https://bugs.launch-

       Copyright (C) 2019-2020 Canonical Ltd.

Canonical Ltd.                 21 February 2020            UBUNTU-ADVANTAGE(1)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2022 Hurricane Electric. All Rights Reserved.