Sponsored Links

Canonical Distribution of Kubernetes: Dev Summary (Sept 22 2017)

This article originally appeared on Tim Van Steenburgh’s blog

September 15th concluded our most recent development sprint on the Canonical Distribution of Kubernetes (CDK). Here are some highlights:

Canal Bundle

Our new Canal bundle is published! If you need network policy support in your cluster, try it out:

juju deploy canonical-kubernetes-canal

In the future you’ll be able to choose between Flannel and Calico when deploying Kubernetes via conjure-up.

Blogs and Demos

In case you missed them, check out some new blog posts and demos of CDK from members of the CDK engineering team:


We added more tests for RBAC and updated CI to start testing an RBAC-enabled cluster. Our remaining task for RBAC is to plan and test the upgrade path for old clusters once we make RBAC on-by-default.


We built and published an s390x nginx-ingress-controller image and an e2e snap, and started testing a lxd CDK cluster on s390x. Since then we’ve gotten access to more hardware and are now testing on s390x vms using the Juju manual provider.


In our current sprint we’ve started testing 1.8.0 in anticipation of the upstream release at the end of this month. We’re also testing with docker 1.13.1, which will soon become the default in CDK.

If you’d like to follow along more closely with CDK development, you can do so in the following places:

Until next time!

Ubuntu Desktop Weekly Update: September 22, 2017

We’re less than a week away from Final Beta! It seems to have come round very quickly this cycle. Next week we’re at the Ubuntu Rally in New York City where we will be putting the finishing touches to the beta. In the meantime, here’s a quick rundown on what happened this week:


  • The release of GNOME 3.26 last week meant lots of package updates in 17.10. Thanks Jeremy for leading the charge on this.
  • More work is happening on the progress bars in Dash to Dock.
  • We’re working on a fix for a bug which shows your desktop for a few seconds when resuming from suspend. This affects Unity and GNOME Shell.
  • We’ve made a few more tweaks to GDM, and you can now see the Ubuntu logo at bottom of the greeter.
  • Some new additions to Didier’s series of blog posts on the transition to GNOME Shell covers alt-tab behaviour
  • And the transparency settings for Dash to Dock:
  • The new wallpaper and mascot were released.


We’ve been working on a Platform Snap for GNOME 3.26 to allow you to run the latest GNOME apps on Xenial as well as making Snaps for the new apps. This should be ready for testing soon and we’d appreciate some feedback.

Some desktop specific updates to snapd are also in the going to be rolling out soon; Snaps using the new Desktop interface will automatically get access to host system fonts and font caches.


  • Chromium 61.0.3163.79 is ready for publication. Chromium beta updated to 62.0.3202.18 and dev updated to 63.0.3213.3 for all series except Trusty.
  • Libreoffice 5.4.1-0ubuntu1 now in Artful.

In The News

  • OMG talks about the changes to the Dock.
  • Dustin Kirkland presents the results of the app survey at UbuCon Paris.

Kali Linux 2017.2 Released With New Hacking Tools

In 2016, the Kali Linux developers decided to make a switch to the rolling release model. As a result, Kali Linux ensures that your ethical hacking setup is regularly updated with new security patches and features. As a follow-up to Kali Linux 2017.1, which was released in April 2017, the developers have just released Kali Linux 2017.2.
The latest version has all the updates and fixes released since 2017.1. Kali 2017.2 has lots of new and updated packages that are surely worth checking out. It goes without saying that these new tools are in addition to the standard security and package updates being received via Debian Testing.
Kali team has also worked to improve the overall integration of Kali Linux packages. Program usage examples, which is one area in particular, have been improved to help reduce confusion for both Kali veterans and newcomers.
Kali Linux is available for both 32-bit and 64-bit architecture. Kali ARM and Kali Virtual images have been updated. You also have different desktop options to choose from.

Submitted by: Arnfried Walbrecht

The ISS just got its own Linux supercomputer

A year-long project to determine how high-performance computers can perform in space has just cleared a major hurdle — successfully booting up on the International Space Station (ISS).
This experiment conducted by Hewlett Packard Enterprise (HPE) and NASA aims to run a commercial off-the-shelf high-performance computer in the harsh conditions of space for one year — roughly the amount of time it will take to travel to Mars.
Many of the calculations needed for space research projects are still done on Earth due to the limited computing capabilities in space, but this in turn create causes a problem in terms of transmitting data to and from a spaceship. While this approach works for space exploration on the moon or in low Earth orbit, when astronauts can be in almost real-time communication with Earth, the further they go towards Mars, the greater the communication latencies.
This means it could take 20 minutes for data to travel from a spacecraft back to Earth — and then another 20 minutes for a response to reach the astronauts.
The hardware, which the company dubs the ‘Spaceborne Computer’, is an Apollo 40 server with a high-speed HPC interconnect running Linux. It runs in a water-cooled enclosure and HPE has developed additional software to address the environmental constraints and reliability requirements of supercomputing in space.

Submitted by: Arnfried Walbrecht

Microsoft and Canonical Increase Velocity with Azure Tailored Kernel

By Leann Ogasawara, Director of Kernel Engineering

Ubuntu has long been a popular choice for Linux instances on Azure.  Our ongoing partnership with Microsoft has brought forth great results, such as the support of the latest Azure features, Ubuntu underlying SQL Server instances, bash on Windows, Ubuntu containers with Hyper-V Isolation on Windows 10 and Windows Servers, and much more.

Canonical, with the team at Microsoft Azure, are now delighted to announce that as of September 21, 2017, Ubuntu Cloud Images for Ubuntu 16.04 LTS on Azure have been enabled with a new Azure tailored Ubuntu kernel by default.  The Azure tailored Ubuntu kernel will receive the same level of support and security maintenance as all supported Ubuntu kernels for the duration of the Ubuntu 16.04 LTS support life.

The kernel itself is provided by the linux-azure kernel package. The most notable highlights for this kernel include:

  • Infiniband and RDMAcapability for Azure HPC to deliver optimized performance of compute intensive workloads on Azure A8, A9, H-series, and NC24r.
  • Full support for Accelerated Networking in Azure.  Direct access to the PCI device provides gains in overall network performance offering the highest throughput and lowest latency for guests in Azure.  Transparent SR-IOV eliminates configuration steps for bonding network devices.  SR-IOV for Linux in Azure is in preview but will become generally available later this year.
  • NAPI and Receive Segment Coalescing for 10% greater throughput on guests not using SR-IOV.
  • 18% reduction in kernel size.
  • Hyper-V socket capability — a socket-based host/guest communication method that does not require a network.
  • The very latest Hyper-V device drivers and feature support available.

The ongoing collaboration between Canonical and Microsoft will also continue to produce upgrades to newer kernel versions providing access to the latest kernel features, bug fixes, and security updates.  Any Ubuntu 16.04 LTS image brought up from the Azure portal after September 21st will be running on this Azure tailored Ubuntu kernel.

How to verify which kernel is used:

 $ uname -r 4.11.0-1011-azure 


Instances using the Azure tailored Ubuntu kernel will, of course, be supportable through Canonical’s Ubuntu Advantage service, available for purchase on our online shop or through sales@canonical.com in three tiers:

  • Essential: designed for self-sufficient users, providing access to our self-support portal as well as a variety of Canonical tools and services.
  • Standard: adding business-hours web and email support on top of the contents of Essential, as well as a 2-hour to 2-business days response time (severity 1-4).
  • Advanced: adding 24×7 web and email support on top of the contents of Essential, as well as a 1-hour to 1-business day response time (severity 1-4).

The Azure tailored Ubuntu kernel will not support the Canonical Livepatch Service at the time of this announcement, but investigation is underway to evaluate delivery of this service in the future.

If, for now, you prefer livepatching at scale over the above performance improvements, it is possible to revert to the standard kernel, using the following commands:


 $ sudo apt install linux-virtual linux-cloud-tools-virtual $ sudo apt purge linux*azure $ sudo reboot 


As we continue to collaborate closely with various Microsoft teams on public cloud, private cloud, containers and services, you can expect further boosts in performance, simplification of operations at scale, and enablement of new innovations and technologies.

Kubernetes Snaps: The Quick Version

This article originally appeared on George Kraft’s blog

When we built the Canonical Distribution of Kubernetes (CDK), one of our goals was to provide snap packages for the various Kubernetes clients and services: kubectl, kube-apiserver, kubelet, etc.

While we mainly built the snaps for use in CDK, they are freely available to use for other purposes as well. Let’s have a quick look at how to install and configure the Kubernetes snaps directly.

The Client Snaps

This covers: kubectl, kubeadm, kubefed

Nothing special to know about these. Just snap install and you can use them right away:

 $ sudo snap install kubectl --classic kubectl 1.7.4 from 'canonical' installed $ kubectl version --client Client Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.4", GitCommit:"793658f2d7ca7f064d2bdf606519f9fe1229c381", GitTreeState:"clean", BuildDate:"2017-08-17T08:48:23Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"} 

The Server Snaps

This covers: kube-apiserver, kube-controller-manager, kube-scheduler, kubelet, kube-proxy

Example: kube-apiserver

We will use kube-apiserver as an example. The other services generally work the same way.

Install with snap install

This creates a systemd service named snap.kube-apiserver.daemon. Initially, it will be in an error state because it’s missing important configuration:

 $ systemctl status snap.kube-apiserver.daemon ● snap.kube-apiserver.daemon.service - Service for snap application kube-apiserver.daemon Loaded: loaded (/etc/systemd/system/snap.kube-apiserver.daemon.service; enabled; vendor preset: enabled) Active: inactive (dead) (Result: exit-code) since Fri 2017-09-01 15:54:39 UTC; 11s ago ... 

Configure kube-apiserver using snap set.

 sudo snap set kube-apiserver \ etcd-servers= \ etcd-certfile=/root/certs/client.crt \ etcd-keyfile=/root/certs/client.key \ etcd-cafile=/root/certs/ca.crt \ service-cluster-ip-range= \ cert-dir=/root/certs 

Note: Any files used by the service, such as certificate files, must be placed within the /root/ directory to be visible to the service. This limitation allows us to run a few of the services in a strict confinement mode that offers better isolation and security.

After configuring, restart the service and you should see it running:

 $ sudo service snap.kube-apiserver.daemon restart $ systemctl status snap.kube-apiserver.daemon ● snap.kube-apiserver.daemon.service - Service for snap application kube-apiserver.daemon Loaded: loaded (/etc/systemd/system/snap.kube-apiserver.daemon.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2017-09-01 16:02:33 UTC; 6s ago ... 


The keys and values for snap set map directly to arguments that you would
normally pass to the service. You can view a list of arguments by invoking the
service directly, e.g. kube-apiserver -h.

For configuring the snaps, drop the leading dashes and pass them through
snap set. For example, if you want kube-apiserver to be invoked like this

 kube-apiserver --etcd-servers --allow-privileged 

You would configure the snap like this:

 snap set kube-apiserver etcd-servers= allow-privileged=true 

Note, also, that we had to specify a value of true for allow-privileged. This
applies to all boolean flags.

Going deeper

Want to know more? Here are a couple good things to know:

If you’re confused about what snap set ... is actually doing, you can read
the snap configure hooks in


to see how they work.

The configure hook creates an args file here:


This contains the actual arguments that get passed to the service by the snap:

 $ cat /var/snap/kube-apiserver/current/args --cert-dir "/root/certs" --etcd-cafile "/root/certs/ca.crt" --etcd-certfile "/root/certs/client.crt" --etcd-keyfile "/root/certs/client.key" --etcd-servers "" --service-cluster-ip-range "" 

Note: While you can technically bypass snap set and edit the args file directly, it’s best not to do so. The next time the configure hook runs, it will obliterate your changes. This can occur not only from a call to snap set but also during a background refresh of the snap.

The source code for the snaps can be found here: https://github.com/juju-solutions/release/tree/rye/snaps/snap

We’re working on getting these snaps added to the upstream Kubernetes build process. You can follow our progress on that here: https://github.com/kubernetes/release/pull/293

If you have any questions or need help, you can either find us at #juju on
freenode, or open an issue against https://github.com/juju-solutions/bundle-canonical-kubernetes and we’ll help you out as soon as we can.

Linux Kernel 4.12 Reached End of Life, Users Are Urged to Move to Linux 4.13

The Linux 4.12.4 point release is now available for all users using the Linux 4.12 kernel series, but it seems that this is the last maintenance update to be issued for this branch, which is now marked as EOL (End of Life) on the kernel.org website and will no longer receive support.
Therefore, all users using the Linux 4.12 kernel series are urged to upgrade to a newer kernel branch, such as Linux 4.13, which received its third maintenance update today. Of course, you can also choose to update to Linux kernel 4.12.4, but keep in mind that it’s the last patch.
If you’re using a GNU/Linux distribution powered by a kernel from the Linux 4.12 series, please consider upgrading to the Linux 4.13 kernel as soon as possible. If you don’t know how to compile your own kernel, you should ask your distro’s maintainer to upgrade the kernel packages to Linux 4.13.
Linux 4.13 is the latest stable and most advanced kernel series, released two weeks ago with numerous new features and improvements. Unfortunately, it’s also not a short-lived branch, so you’re better off waiting for the next LTS version, Linux 4.14, whose development was kicked off by Linus Torvalds last weekend.

Submitted by: Arnfried Walbrecht

TUXEDO InfinityBook Pro 13 Review: a Powerful Ultrabook Running TUXEDO Xubuntu

TUXEDO Computers is a German computer company manufacturing and selling notebooks, high-end gaming computers, and workstations powered by popular GNU/Linux distributions like Ubuntu, Debian, Fedora, Linux Mint, or OpenSuSE. The TUXEDO InfinityBook Pro 13 is one of their latest and finest ultrabooks running a custom Xubuntu OS that the company calls it TUXEDO Xubuntu.
At first glance, TUXEDO InfinityBook Pro 13 looks great thanks to its ultrabook aluminum chassis. It’s outfitted with enough ports for everything you can fit in the system, but we’ll take a closer look at the hardware specs in the paragraphs below. Of course, the best part is that it comes pre-loaded with a Linux distro, so you won’t have to install one, but you can do that as well.
The TUXEDO InfinityBook Pro 13 is quite affordable for its specs and can be yours for €1.049,00 EUR in Europe or about $1250 USD if you’re buying it from the United States. You can only buy the laptop from TUXEDO Computers’ online store, and it’s delivered in a box full of goodies that’ll make your day happy.

Submitted by: Arnfried Walbrecht

Kernel Team Summary – September 20, 2017

September 13 through September 18

Development (Artful / 17.10)


Important upcoming dates:

 Final Beta - Sept 28 (~1 week away) Kernel Freeze - Oct 5 (~2 weeks away) Final Freeze - Oct 12 (~3 weeks away) Ubuntu 17.10 - Oct 19 (~4 weeks away) 

We intend to target a 4.13 kernel for the Ubuntu 17.10 release. A 4.13.1 based kernel is available for testing from the artful-proposed pocket of the Ubuntu archive. As a reminder, the Ubuntu 17.10 Kernel Freeze is Thurs Oct 5, 2017.

Stable (Released & Supported)

  • All kernels have been re-spun to include a fix for high priority CVE-2017-1000251.

  • SRU cycle completed successfully and the following kernel updates have been released:

     trusty 3.13.0-132.181 trusty/lts-xenial 4.4.0-96.119~14.04.1 xenial 4.4.0-96.119 xenial/snapdargon 4.4.0-1076.81 xenial/raspi2 4.4.0-1074.82 xenial/aws 4.4.0-1035.44 xenial/gke 4.4.0-1031.31 xenial/gcp 4.10.0-1006.6 zesty 4.10.0-35.39 zesty/raspi2 4.10.0-1018.21 
    • The following kernel snap updates have been released in the snap store:
       gke-kernel aws-kernel dragonboard-kernel pi2-kernel pc-kernel 
  • Current cycle: 15-Sep through 07-Oct

     15-Sep Last day for kernel commits for this cycle. 18-Sep - 23-Sep Kernel prep week. 24-Sep - 06-Oct Bug verification & Regression testing. 09-Oct Release to -updates. 
  • Next cycle: 06-Oct through 28-Oct

     06-Oct Last day for kernel commits for this cycle. 

    09-Oct - 14-Oct Kernel prep week.
    15-Oct - 27-Oct Bug verification & Regression testing.
    30-Oct Release to -updates.


Linux Mint 18.3 Ubuntu-based operating system is named ‘Sylvia’

Ubuntu 17.10 is almost here, and many Linux users are excited. Canonical’s operating system is already excellent, but it will soon be even better thanks to a new default desktop environment — GNOME. What this means for the Ubuntu-based Linux Mint’s usage remains to be seen. You see, many people choose Mint because they do not like the Unity DE. Now that Ubuntu has ditched Unity, the reasons to opt for a distro based on Ubuntu rather than using “The Real McCoy” are dwindling.
But OK, if you are still a diehard Linux Mint user for some reason, I have some interesting news. Version 18.3 is coming soon, and we now know the official code name. As is typical with the Mint operating system, a woman’s name is being used. This time, “Sylvia” has been selected. Besides the name, we know some other interesting tidbits — the distro will be getting a secondary default backup tool (Timeshift), and Xreader is being significantly improved.
“Timeshift is an excellent tool which focuses on creating and restoring system snapshots. It’s a great companion to mintBackup which focuses on personal data. The two applications will be installed by default and complement each others in Linux Mint 18.3. We’re currently working with Tony to improve translations and desktop integration for Timeshift, add window progress support into it and improve its support for HiDPI,” says Clement Lefebvre, Linux Mint.

Submitted by: Arnfried Walbrecht