How to disable livepatch tokens remotely

Solution 1:

The token is stored in /var/snap/canonical-livepatch/common/machine-token.

The only option I found so far is to have a backup of the machine that you can boot in a virtual machine (if it wasn't a VM to begin with as in your case). Preferably you have a disk image that you can convert to a virtual machine image, but a tarball of the root partition may also work. I tried changing the hostname and chrooting with /sys /proc /run and /dev mounted but had no success, snap reported that it could not find the livepatch snap. The operation is successful when you see the following message:

Successfully disabled device. Removed machine-token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Bear in mind that machine token is not your authentication token. Also I'm a bit in doubt about the limit and how it's supposed to work if there is no portal to enable and disable it (for non-Ubuntu advantage users).

Q: But I don’t want to buy UA support!

A: You don’t have to! Canonical is providing the Canonical Livepatch Service to community users of Ubuntu, at no charge for up to 3 machines (desktop, server, virtual machines, or cloud instances). http://blog.dustinkirkland.com/2016/10/canonical-livepatch.html

This is interesting, I just tried it out and enabled it on 4 machines. I went further and enabled 6 machines.

Ubuntu Community users of the Canonical Livepatch Service who want to eliminate the small chance of being randomly chosen as a canary should enroll in the Ubuntu Advantage program (starting at $12/month).

The more free testers the better? 🤔