Add security.protection.start to optionally prevent instance start up

[qianzhangxa]

This PR adds a new instance configuration option security.protection.start, and throws an error if a given instance with this option set to true is started.

Closes #12110.

[github-actions]

Heads up @ru-fu - the "Documentation" label was applied to this issue.

[tomponline]

Hi please can you rebase to fix conflicts

[qianzhangxa]

Hi please can you rebase to fix conflicts

@tomponline Done, thanks.

[tomponline]

I think instanceShouldAutoStart should be updated to take into account this new setting to avoid repeated start up tries and errors.

[tomponline]

Please can you sign the Canonical CLA too. https://ubuntu.com/legal/contributors Thanks

[qianzhangxa]

Please can you sign the Canonical CLA too. https://ubuntu.com/legal/contributors Thanks

I have signed it just now. Can we rerun the CLA check job to verify?

[tomponline]

Please can you sign the Canonical CLA too. https://ubuntu.com/legal/contributors Thanks

I have signed it just now. Can we rerun the CLA check job to verify?

Thanks will ask for a CLA list refresh internally....

[tomponline]

I think instanceShouldAutoStart should be updated to take into account this new setting to avoid repeated start up tries and errors.

[qianzhangxa]

I think instanceShouldAutoStart should be updated to take into account this new setting to avoid repeated start up tries and errors.

@tomponline I have updated instanceShouldAutoStart in the latest push, my solution is to check security.protection.start first and then boot.autostart (i.e. the former has higher priority than the latter), please let me know if you have a different idea, thanks!

[qianzhangxa]

@tomponline I am thinking about this case: If we set security.protection.start to true for a running instance, do we need to automatically stop the instance?

[tomponline]

@tomponline I have updated instanceShouldAutoStart in the latest push, my solution is to check security.protection.start first and then boot.autostart (i.e. the former has higher priority than the latter), please let me know if you have a different idea, thanks!

Sounds good! Thanks

[tomponline]

@tomponline I am thinking about this case: If we set security.protection.start to true for a running instance, do we need to automatically stop the instance?

Hrm i dont think we should do that. Just prevent subsequent starts.

[qianzhangxa]

@tomponline I am thinking about this case: If we set security.protection.start to true for a running instance, do we need to automatically stop the instance?

Hrm i dont think we should do that. Just prevent subsequent starts.

Agree. The reason that I asked this question is that we may run into this case: A running instance with security.protection.start set to true which is a bit weird, but I guess it should be OK since that config option is just for preventing subsequent starts.

[tomponline]

Thanks!

[tomponline]

Ah please can you sign your commits

https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification

[qianzhangxa]

Ah please can you sign your commits

https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification

Done :)

[ru-fu]

The documentation update looks good, just two small nitpicks.

[ru-fu]

Can you update the metadata again?

[qianzhangxa]

Can you update the metadata again?

Done.

[ru-fu]

Thanks! The docs look good now. :)

[tomponline]

thanks!