{ "content": [ { "type": "text", "text": "# ua(1) (man)\n\n**Summary:** pro - Manage Ubuntu Pro services from Canonical\n\n**Synopsis:** pro [-h] [--debug] [--version] ...\n\n## Flags\n\n| Flag | Long | Arg | Description |\n|------|------|-----|-------------|\n| -h | --help | — | Show help for pro or for the specified pro command. |\n| — | --debug | — | Redirect all the debugging logs to the console. |\n| — | --version | — | Show the Pro Client version and exit. |\n\n## Section Outline\n\n- **NAME** (4 lines)\n- **SYNOPSIS** (4 lines)\n- **DESCRIPTION** (7 lines)\n- **OPTIONS** (1 lines) — 3 subsections\n - -h, --help (3 lines)\n - --debug (3 lines)\n - --version (4 lines)\n- **COMMANDS** (178 lines)\n- **SERVICES** (1 lines) — 11 subsections\n - Anbox Cloud (anbox-cloud) (10 lines)\n - Common Criteria EAL2 Provisioning (cc-eal) (6 lines)\n - CIS Audit (cis)/Ubuntu Security Guide (usg) (7 lines)\n - Expanded Security Maintenance for Infrastructure (esm-infra) (8 lines)\n - Expanded Security Maintenance for Applications (esm-apps) (8 lines)\n - FIPS 140-2 certified modules (fips) (9 lines)\n - FIPS 140-2 certified modules with updates (fips-updates) (6 lines)\n - Landscape (landscape) (10 lines)\n - Livepatch Service (livepatch) (9 lines)\n - ROS ESM Security Updates (ros) (9 lines)\n - ROS ESM All Updates (ros-updates) (9 lines)\n- **CONFIGURATION SETTINGS** (64 lines)\n- **PRO UPGRADE DAEMON** (8 lines)\n- **TIMER JOBS** (16 lines) — 1 subsections\n - metering (5 lines)\n- **REPORTING BUGS** (4 lines)\n- **COPYRIGHT** (5 lines)\n\n## Full Content\n\n### NAME\n\npro - Manage Ubuntu Pro services from Canonical\n\n### SYNOPSIS\n\npro [-h] [--debug] [--version] ...\n\n### DESCRIPTION\n\nUbuntu Pro is a collection of services offered by Canonical to Ubuntu users. The Ubuntu Pro\ncommand line tool is used to attach a system to an Ubuntu Pro contract to then enable and\ndisable services from Canonical. The available commands and services are described in more\ndetail below.\n\n### OPTIONS\n\n#### -h, --help\n\nShow help for pro or for the specified pro command.\n\n#### --debug\n\nRedirect all the debugging logs to the console.\n\n#### --version\n\nShow the Pro Client version and exit.\n\n### COMMANDS\n\napi [-h] [--show-progress] [--args [OPTIONS ...]] [--data DATA] endpoint\nCalls the Client API endpoints.\n\nFor a list of all of the supported endpoints and their structure, please refer to the\nPro Client API reference guide:\n\nhttps://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/references/api/\n\n\nattach [-h] [--no-auto-enable] [--attach-config ATTACHCONFIG] [--format {cli,json}] [token]\nAttach this machine to an Ubuntu Pro subscription with a token obtained from:\nhttps://ubuntu.com/pro/dashboard\n\nWhen running this command without a token, it will generate a short code and prompt\nyou to attach the machine to your Ubuntu Pro account using a web browser.\n\nThe \"attach-config\" option can be used to provide a file with the token and option‐\nally, a list of services to enable after attaching. To know more, visit:\nhttps://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/howtogu‐\nides/howtoattachwithconfigfile/\n\nThe exit code will be:\n\n* 0: on successful attach\n* 1: in case of any error while trying to attach\n* 2: if the machine is already attached\n\n\nauto-attach [-h]\nAutomatically attach on an Ubuntu Pro cloud instance.\n\n\ncollect-logs [-h] [-o OUTPUT]\nCollect logs and relevant system information into a tarball. This information can be\nlater used for triaging/debugging issues.\n\n\ncve [-h] cve\nShow all available information about a given CVE.\n\n\n\ncves [-h] [--unfixable] [--fixable]\nList the CVE vulnerabilities that affects the system.\n\n\nconfig [-h] {show,set,unset} ...\nManage Ubuntu Pro Client configuration on this machine.\n\n\nshow [-h] [key]\nShow customizable configuration settings.\n\n\nset [-h] keyvaluepair\nSet and apply Ubuntu Pro configuration settings.\n\n\nunset [-h] key\nUnset an Ubuntu Pro configuration setting, restoring the default value.\n\n\ndetach [-h] [--assume-yes] [--format {cli,json}]\nDetach this machine from an Ubuntu Pro subscription.\n\n\ndisable [-h] [--assume-yes] [--format {cli,json}] [--purge] service [service ...]\nDisable one or more Ubuntu Pro services.\n\n\nenable [-h] [--access-only] [--assume-yes] [--auto] [--beta] [--format {cli,json}] [--variant\nVARIANT] [service ...]\nActivate and configure this machine's access to one or more Ubuntu Pro services.\n\n\nfix [-h] [--dry-run] [--no-related] securityissue\nInspect and resolve Common Vulnerabilities and Exposures (CVEs) and Ubuntu Security\nNotices (USNs) on this machine.\n\nThe exit code will be:\n\n* 0: the fix was successfully applied or the system is not affected\n* 1: the fix cannot be applied\n* 2: the fix was applied but requires a reboot before it takes effect\n\n\nhelp [-h] [--format {tabular,json,yaml}] [--all] [service]\nProvide detailed information about Ubuntu Pro services.\n\n\nrefresh [-h] [{contract,config,messages}]\nRefresh three distinct Ubuntu Pro related artifacts in the system:\n\n* contract: Update contract details from the server.\n* config: Reload the config file.\n* messages: Update APT and MOTD messages related to Pro.\n\nYou can individually target any of the three specific actions, by passing the target\nname to the command. If no target is specified, all targets are refreshed.\n\n\n\nsecurity-status [-h] [--format {json,yaml,text}] [--thirdparty | --unavailable | --esm-infra\n| --esm-apps]\nShow security updates for packages in the system, including all available Expanded Se‐\ncurity Maintenance (ESM) related content.\n\nShows counts of how many packages are supported for security updates in the system.\n\nIf the format is set to JSON or YAML it shows a summary of the installed packages\nbased on the origin:\n\n- main/restricted/universe/multiverse: Packages from the Ubuntu archive.\n- esm-infra/esm-apps: Packages from the ESM archive.\n- third-party: Packages installed from non-Ubuntu sources.\n- unknown: Packages which don't have an installation source (like local\ndeb packages or packages for which the source was removed).\n\nThe output contains basic information about Ubuntu Pro. For a complete status on\nUbuntu Pro services, run 'pro status'.\n\n\n\nstatus [-h] [--wait] [--format {tabular,json,yaml}] [--simulate-with-token TOKEN] [--all]\nReport current status of Ubuntu Pro services on system.\n\nThis shows whether this machine is attached to an Ubuntu Pro support contract. When\nattached, the report includes the specific support contract details including contract\nname, expiry dates, and the status of each service on this system.\n\nThe attached status output has four columns:\n\n* SERVICE: Name of the service.\n* ENTITLED: Whether the contract to which this machine is attached\nentitles use of this service. Possible values are: yes or no.\n* STATUS: Whether the service is enabled on this machine. Possible\nvalues are: enabled, disabled, n/a (if your contract entitles\nyou to the service, but it isn't available for this machine) or - (if\nyou aren't entitled to this service).\n* DESCRIPTION: A brief description of the service.\n\nThe unattached status output instead has three columns. SERVICE and DESCRIPTION are\nthe same as above, and there is the addition of:\n\n* AVAILABLE: Whether this service would be available if this machine\nwere attached. The possible values are yes or no.\n\nIf \"simulate-with-token\" is used, then the output has five columns. SERVICE, AVAIL‐\nABLE, ENTITLED and DESCRIPTION are the same as mentioned above, and AUTOENABLED shows\nwhether the service is set to be enabled when that token is attached.\n\nIf the \"all\" flag is set, beta and unavailable services are also listed in the output.\n\n\n\nsystem [-h] {reboot-required} ...\nOutput system-related information about Pro services.\n\n\nreboot-required [-h]\nReport the current reboot-required status for the machine.\n\nThis command will output one of the three following states for the machine regarding\nreboot:\n\n* no: The machine doesn't require a reboot.\n* yes: The machine requires a reboot.\n* yes-kernel-livepatches-applied: There are only kernel-related\npackages that require a reboot, but Livepatch has already provided\npatches for the current running kernel. The machine still needs a\nreboot, but you can assess if the reboot can be performed in the\nnearest maintenance window.\n\n### SERVICES\n\n#### Anbox Cloud (anbox-cloud)\n\nAnbox Cloud lets you stream mobile apps securely, at any scale, to any device, letting\nyou focus on your apps. Run Android in system containers on public or private clouds\nwith ultra low streaming latency. When the anbox-cloud service is enabled, by default,\nthe Appliance variant is enabled. Enabling this service allows orchestration to provi‐\nsion a PPA with the Anbox Cloud resources. This step also configures the Anbox Manage‐\nment Service (AMS) with the necessary image server credentials.\n\nTo learn more about Anbox Cloud, see https://anbox-cloud.io\n\n#### Common Criteria EAL2 Provisioning (cc-eal)\n\nCommon Criteria is an Information Technology Security Evaluation standard (ISO/IEC IS\n15408) for computer security certification. Ubuntu 16.04 has been evaluated to assur‐\nance level EAL2 through CSEC. The evaluation was performed on Intel x8664, IBM Power8\nand IBM Z hardware platforms.\n\n#### CIS Audit (cis)/Ubuntu Security Guide (usg)\n\nUbuntu Security Guide is a tool for hardening and auditing, allowing for environment-\nspecific customizations. It enables compliance with profiles such as DISA-STIG and the\nCIS benchmarks.\n\nFind out more at https://ubuntu.com/security/certifications/docs/usg\n\n#### Expanded Security Maintenance for Infrastructure (esm-infra)\n\nExpanded Security Maintenance for Infrastructure provides access to a private PPA\nwhich includes available high and critical CVE fixes for Ubuntu LTS packages in the\nUbuntu Main repository between the end of the standard Ubuntu LTS security maintenance\nand its end of life. It is enabled by default with Ubuntu Pro.\n\nYou can find out more about the service at https://ubuntu.com/security/esm\n\n#### Expanded Security Maintenance for Applications (esm-apps)\n\nExpanded Security Maintenance for Applications is enabled by default on entitled work‐\nloads. It provides access to a private PPA which includes available high and critical\nCVE fixes for Ubuntu LTS packages in the Ubuntu Main and Ubuntu Universe repositories\nfrom the Ubuntu LTS release date until its end of life.\n\nYou can find out more about the esm service at https://ubuntu.com/security/esm\n\n#### FIPS 140-2 certified modules (fips)\n\nInstalls FIPS 140 crypto packages for FedRAMP, FISMA and compliance use cases. Note\nthat \"fips\" does not provide security patching. For FIPS certified modules with secu‐\nrity patches please see \"fips-updates\". If you are unsure, choose \"fips-updates\" for\nmaximum security.\n\nFind out more at https://ubuntu.com/security/fips\n\n#### FIPS 140-2 certified modules with updates (fips-updates)\n\nfips-updates installs FIPS 140 crypto packages including all security patches for\nthose modules that have been provided since their certification date.\n\nYou can find out more at https://ubuntu.com/security/fips\n\n#### Landscape (landscape)\n\nLandscape Client can be installed on this machine and enrolled in Canonical's Land‐\nscape SaaS: https://landscape.canonical.com or a self-hosted Landscape:\nhttps://ubuntu.com/landscape/install\n\nLandscape allows you to manage many machines as easily as one, with an intuitive dash‐\nboard and API interface for automation, hardening, auditing, and more.\n\nFind out more about Landscape at https://ubuntu.com/landscape\n\n#### Livepatch Service (livepatch)\n\nLivepatch provides selected high and critical kernel CVE fixes and other non-security\nbug fixes as kernel livepatches. Livepatches are applied without rebooting a machine\nwhich drastically limits the need for unscheduled system reboots. Due to the nature of\nfips compliance, livepatches cannot be enabled on fips-enabled systems.\n\nYou can find out more about Ubuntu Kernel Livepatch service at https://ubuntu.com/se‐\ncurity/livepatch\n\n#### ROS ESM Security Updates (ros)\n\nros provides access to a private PPA which includes security-related updates for\navailable high and critical CVE fixes for Robot Operating System (ROS) packages. For\naccess to ROS ESM and security updates, both esm-infra and esm-apps services will also\nbe enabled. To get additional non-security updates, enable ros-updates.\n\nYou can find out more about the ROS ESM service at https://ubuntu.com/robotics/ros-esm\n\n#### ROS ESM All Updates (ros-updates)\n\nros-updates provides access to a private PPA that includes non-security-related up‐\ndates for Robot Operating System (ROS) packages. For full access to ROS ESM, security\nand non-security updates, the esm-infra, esm-apps, and ros services will also be en‐\nabled.\n\nYou can find out more about the ROS ESM service at https://ubuntu.com/robotics/ros-esm\n\n### CONFIGURATION SETTINGS\n\nhttpproxy\nIf set, pro will use the specified http proxy when making any http requests\n\n\nhttpsproxy\nIf set, pro will use the specified https proxy when making any https requests\n\n\napthttpproxy [DEPRECATED]\nIf set, pro will configure apt to use the specified http proxy by writing a apt config\nfile to /etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy. (Please use\nglobalapthttpproxy)\n\n\napthttpsproxy [DEPRECATED]\nIf set, pro will configure apt to use the specified https proxy by writing a apt con‐\nfig file to /etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy. (Please use\nglobalapthttpsproxy)\n\n\nglobalapthttpproxy\nIf set, pro will configure apt to use the specified http proxy by writing a apt config\nfile to /etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy. Set this if you prefer a\nglobal proxy for all resources, not just the ones from esm.ubuntu.com\n\n\nglobalapthttpsproxy\nIf set, pro will configure apt to use the specified https proxy by writing a apt con‐\nfig file to /etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy. Set this if you prefer a\nglobal proxy for all resources, not just the ones from esm.ubuntu.com\n\n\nuaapthttpproxy\nIf set, pro will configure apt to use the specified http proxy by writing a apt config\nfile to /etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy. This proxy is limited to ac‐\ncessing resources from esm.ubuntu.com\n\n\nuaapthttpsproxy\nIf set, pro will configure apt to use the specified https proxy by writing a apt con‐\nfig file to /etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy. This proxy is limited to\naccessing resources from esm.ubuntu.com\n\n\ntimer\nSets the timer running interval for a specific job. Those intervals are checked every\ntime the systemd timer runs.\n\n\naptnews\nIf set to false, the Pro client will no longer display apt news messages on the output\nof apt upgrade.\n\n\naptnewsurl\nSets the url where the Pro client will consume apt news information from.\n\n\nIf needed, authentication to the proxy server can be performed by setting username and pass‐\nword in the URL itself, as in:\nhttpproxy: http://:@:\n\n### PRO UPGRADE DAEMON\n\nUbuntu Pro client sets up a daemon on supported platforms (currently on Azure and GCP) to de‐\ntect if an Ubuntu Pro license is purchased for the machine. If an Ubuntu Pro license is de‐\ntected, then the machine is automatically attached. If you are uninterested in Ubuntu Pro\nservices, you can safely stop and disable the daemon using systemctl:\n\nsudo systemctl stop ubuntu-advantage.service sudo systemctl disable ubuntu-advantage.service\n\n### TIMER JOBS\n\nUbuntu Pro client sets up a systemd timer to run jobs that need to be executed recurrently.\nThe timer itself ticks every 5 minutes on average, and decides which jobs need to be executed\nbased on their intervals.\n\nJobs are executed by the timer script if the script has not yet run successfully, or their\ninterval since last successful run is already exceeded. There is a random delay applied to\nthe timer, to desynchronize job execution time on machines spinned at the same time, avoiding\nmultiple synchronized calls to the same service.\n\nCurrent jobs being checked and executed are:\n\nupdatemessaging\nMakes sure that the MOTD and APT messages match the available/enabled services on the\nsystem, showing information about available packages or security updates.\n\n#### metering\n\nIf attached, this job will ping the Canonical servers telling which services are en‐\nabled on the machine.\n\n### REPORTING BUGS\n\nPlease report bugs either by running `ubuntu-bug ubuntu-advantage-tools` or login to Launch‐\npad and navigate to https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+filebug\n\n### COPYRIGHT\n\nCopyright (C) 2019-2025 Canonical Ltd.\n\n\n\nCanonical Ltd. 21 February 2020 UBUNTU-PRO(1)\n\n" } ], "structuredContent": { "command": "ua", "section": "1", "mode": "man", "summary": "pro - Manage Ubuntu Pro services from Canonical", "synopsis": "pro [-h] [--debug] [--version] ...", "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [ { "flag": "-h", "long": "--help", "arg": null, "description": "Show help for pro or for the specified pro command." }, { "flag": "", "long": "--debug", "arg": null, "description": "Redirect all the debugging logs to the console." }, { "flag": "", "long": "--version", "arg": null, "description": "Show the Pro Client version and exit." } ], "examples": [], "see_also": [], "section_outline": [ { "name": "NAME", "lines": 4, "subsections": [] }, { "name": "SYNOPSIS", "lines": 4, "subsections": [] }, { "name": "DESCRIPTION", "lines": 7, "subsections": [] }, { "name": "OPTIONS", "lines": 1, "subsections": [ { "name": "-h, --help", "lines": 3, "flag": "-h", "long": "--help" }, { "name": "--debug", "lines": 3, "long": "--debug" }, { "name": "--version", "lines": 4, "long": "--version" } ] }, { "name": "COMMANDS", "lines": 178, "subsections": [] }, { "name": "SERVICES", "lines": 1, "subsections": [ { "name": "Anbox Cloud (anbox-cloud)", "lines": 10 }, { "name": "Common Criteria EAL2 Provisioning (cc-eal)", "lines": 6 }, { "name": "CIS Audit (cis)/Ubuntu Security Guide (usg)", "lines": 7 }, { "name": "Expanded Security Maintenance for Infrastructure (esm-infra)", "lines": 8 }, { "name": "Expanded Security Maintenance for Applications (esm-apps)", "lines": 8 }, { "name": "FIPS 140-2 certified modules (fips)", "lines": 9 }, { "name": "FIPS 140-2 certified modules with updates (fips-updates)", "lines": 6 }, { "name": "Landscape (landscape)", "lines": 10 }, { "name": "Livepatch Service (livepatch)", "lines": 9 }, { "name": "ROS ESM Security Updates (ros)", "lines": 9 }, { "name": "ROS ESM All Updates (ros-updates)", "lines": 9 } ] }, { "name": "CONFIGURATION SETTINGS", "lines": 64, "subsections": [] }, { "name": "PRO UPGRADE DAEMON", "lines": 8, "subsections": [] }, { "name": "TIMER JOBS", "lines": 16, "subsections": [ { "name": "metering", "lines": 5 } ] }, { "name": "REPORTING BUGS", "lines": 4, "subsections": [] }, { "name": "COPYRIGHT", "lines": 5, "subsections": [] } ] } }