Prepare-device script run but serial returned empty

snowsky · April 9, 2021, 3:50pm

Hi there,

I don’t see issues from the logs of prepare-device script, except journal logs:

Apr 09 15:00:48 ubuntu systemd[1]: snap.pc-gadget.hook.prepare-device.xxx.scope: Succeeded.
– Subject: Unit succeeded
– Defined-By: systemd
– Support: http://www.ubuntu.com/support
–
– The unit snap.pc-gadget.hook.prepare-device.xxx.scope has successfully entered the ‘dead’ state.

It shows the gadget prepare-device unit entered the ‘dead’ state. And the output of snap known serial is empty.

No DENIED message in logs but seeing some STATUS logs from AppArmor:

Apr 09 11:00:21 ubuntu kernel: audit: type=1400 audit(1617966021.159:15): apparmor=“STATUS” operation=“profile_load” profile=“unconfined” name=“snap.pc-gadget.hook.prepare-device” pid=1916 comm=“apparmor_parser”

Thanks,
Hao

ijohnson · April 9, 2021, 4:09pm

You can get more information this by taking a look at the changes snap changes and snap tasks for all such changes.

All this means is that the prepare-device hook ran, the fact that this unit is “dead” is expected, it’s a transient unit that is created just for that hook at that specific time. If the hook were to run again, it would have a different unit created. All logging and output from this hook is sent to snapd, not to systemd, so you need to use snap changes and snap tasks to debug the prepare-device hook.

snowsky · April 9, 2021, 4:18pm

Yeah, got an error …

Status  Spawn               Ready               Summary
Undone  today at 15:00 UTC  today at 15:00 UTC  Run prepare-device hook
Done    today at 15:00 UTC  today at 15:00 UTC  Generate device key
Error   today at 15:00 UTC  today at 15:00 UTC  Request device serial

......................................................................
Request device serial

2021-04-09T15:00:50Z ERROR cannot deliver device serial request: unexpected status 400

It is a client issue. One of prepare-device commands failed then. I used the same API KEY for core18.

ijohnson · April 9, 2021, 5:01pm

Right you may need to debug the interaction with the serial vault here, but make sure to be careful to not post the API key here

snowsky · April 9, 2021, 6:11pm

I used the below settings for core18:

snapctl set registration.proposed-serial="xxxx"
snapctl set device-service.url="https://serial-vault-partners.canonical.com/v1/"
snapctl set device-service.headers='{"api-key": "xxx"}'

Are there some updates for core20?

Thanks,
Hao

ijohnson · April 9, 2021, 6:52pm

No there are not any changes to this process for UC20, but you may be using a different model number and need to make sure the serial vault is configured to deliver serial assertions for the new model assertion you are using with UC20.

snowsky · April 9, 2021, 7:51pm

Thanks @ijohnson. It works!