mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-24 23:21:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

overlay app-emulation/wa-linux-agent: Redo the package for sysext

Browse Source 
Since the contents of this package will be now a part of the sysext
image, we don't need any special OEM-specific hacks. We don't need to
install the package in /usr/share/oem directory any more, so update
the ebuild to use the Gentoo python machinery to install files in the
usual locations. This can also use a normal python package, so replace
dependencies on dev-lang/python-oem and dev-python/distro-oem with
dev-lang/python and dev-python/distro, respectively. The waagent.conf
file we used to provide is updated (to disable auto updates, for
example, and dropped obsolete options) and now is a part of the patch,
so it is installed by the python machinery.
This commit is contained in:
Krzesimir Nowak 2023-06-06 13:03:19 +02:00
parent 5ef38b98aa
commit 86eada1cc9
4 changed files with 451 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

418
sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/files/0001-flatcar-changes.patch vendored Normal file
View File

@ -0,0 +1,418 @@
From 90b28746c0d8698a080eb7082e0e14054aee0a02 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Mon, 27 Feb 2023 15:59:21 +0100
Subject: [PATCH] flatcar changes
---
azurelinuxagent/common/osutil/coreos.py | 39 +-----
azurelinuxagent/common/osutil/coreoscommon.py | 57 ++++++++
azurelinuxagent/common/osutil/factory.py | 3 +
azurelinuxagent/common/osutil/flatcar.py | 41 ++++++
config/flatcar/waagent.conf | 122 ++++++++++++++++++
init/flatcar/10-waagent-sysext.conf | 2 +
init/flatcar/waagent.service | 30 +++++
setup.py | 20 ++-
8 files changed, 272 insertions(+), 42 deletions(-)
create mode 100644 azurelinuxagent/common/osutil/coreoscommon.py
create mode 100644 azurelinuxagent/common/osutil/flatcar.py
create mode 100644 config/flatcar/waagent.conf
create mode 100644 init/flatcar/10-waagent-sysext.conf
create mode 100644 init/flatcar/waagent.service
diff --git a/azurelinuxagent/common/osutil/coreos.py b/azurelinuxagent/common/osutil/coreos.py
index fc0a6604..314008f0 100644
--- a/azurelinuxagent/common/osutil/coreos.py
+++ b/azurelinuxagent/common/osutil/coreos.py
@@ -17,11 +17,10 @@
#
import os
-import azurelinuxagent.common.utils.shellutil as shellutil
-from azurelinuxagent.common.osutil.default import DefaultOSUtil
+from azurelinuxagent.common.osutil.coreoscommon import CoreosCommonUtil
-class CoreOSUtil(DefaultOSUtil):
+class CoreOSUtil(CoreosCommonUtil):
def __init__(self):
super(CoreOSUtil, self).__init__()
@@ -46,40 +45,6 @@ class CoreOSUtil(DefaultOSUtil):
def get_agent_bin_path():
return "/usr/share/oem/bin"
- def is_sys_user(self, username):
- # User 'core' is not a sysuser.
- if username == 'core':
- return False
- return super(CoreOSUtil, self).is_sys_user(username)
-
- def is_dhcp_enabled(self):
- return True
-
- def start_network(self):
- return shellutil.run("systemctl start systemd-networkd", chk_err=False)
-
- def restart_if(self, ifname=None, retries=None, wait=None):
- shellutil.run("systemctl restart systemd-networkd")
-
- def restart_ssh_service(self):
- # SSH is socket activated on CoreOS. No need to restart it.
- pass
-
- def stop_dhcp_service(self):
- return shellutil.run("systemctl stop systemd-networkd", chk_err=False)
-
- def start_dhcp_service(self):
- return shellutil.run("systemctl start systemd-networkd", chk_err=False)
-
- def start_agent_service(self):
- return shellutil.run("systemctl start {0}".format(self.service_name), chk_err=False)
-
- def stop_agent_service(self):
- return shellutil.run("systemctl stop {0}".format(self.service_name), chk_err=False)
-
- def get_dhcp_pid(self):
- return self._get_dhcp_pid(["systemctl", "show", "-p", "MainPID", "systemd-networkd"])
-
def conf_sshd(self, disable_password):
# In CoreOS, /etc/sshd_config is mount readonly. Skip the setting.
pass
diff --git a/azurelinuxagent/common/osutil/coreoscommon.py b/azurelinuxagent/common/osutil/coreoscommon.py
new file mode 100644
index 00000000..fde9a456
--- /dev/null
+++ b/azurelinuxagent/common/osutil/coreoscommon.py
@@ -0,0 +1,57 @@
+#
+# Copyright 2023 Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Requires Python 2.6+ and Openssl 1.0+
+#
+
+import azurelinuxagent.common.utils.shellutil as shellutil
+from azurelinuxagent.common.osutil.default import DefaultOSUtil
+
+
+class CoreosCommonUtil(DefaultOSUtil):
+
+ def is_sys_user(self, username):
+ # User 'core' is not a sysuser.
+ if username == 'core':
+ return False
+ return super(CoreOSUtil, self).is_sys_user(username)
+
+ def is_dhcp_enabled(self):
+ return True
+
+ def start_network(self):
+ return shellutil.run("systemctl start systemd-networkd", chk_err=False)
+
+ def restart_if(self, ifname=None, retries=None, wait=None):
+ shellutil.run("systemctl restart systemd-networkd")
+
+ def restart_ssh_service(self):
+ # SSH is socket activated on CoreOS. No need to restart it.
+ pass
+
+ def stop_dhcp_service(self):
+ return shellutil.run("systemctl stop systemd-networkd", chk_err=False)
+
+ def start_dhcp_service(self):
+ return shellutil.run("systemctl start systemd-networkd", chk_err=False)
+
+ def start_agent_service(self):
+ return shellutil.run("systemctl start {0}".format(self.service_name), chk_err=False)
+
+ def stop_agent_service(self):
+ return shellutil.run("systemctl stop {0}".format(self.service_name), chk_err=False)
+
+ def get_dhcp_pid(self):
+ return self._get_dhcp_pid(["systemctl", "show", "-p", "MainPID", "systemd-networkd"])
diff --git a/azurelinuxagent/common/osutil/factory.py b/azurelinuxagent/common/osutil/factory.py
index b5ee0b09..9280c645 100644
--- a/azurelinuxagent/common/osutil/factory.py
+++ b/azurelinuxagent/common/osutil/factory.py
@@ -27,6 +27,7 @@ from .clearlinux import ClearLinuxUtil
from .coreos import CoreOSUtil
from .debian import DebianOSBaseUtil, DebianOSModernUtil
from .default import DefaultOSUtil
+from .flatcar import FlatcarUtil
from .freebsd import FreeBSDOSUtil
from .gaia import GaiaOSUtil
from .iosxe import IosxeOSUtil
@@ -82,6 +83,8 @@ def _get_osutil(distro_name, distro_code_name, distro_version, distro_full_name)
return DebianOSBaseUtil()
if distro_name in ("flatcar", "coreos") or distro_code_name in ("flatcar", "coreos"):
+ if Version(distro_version) >= Version("3550"):
+ return FlatcarUtil()
return CoreOSUtil()
if distro_name in ("suse", "sle_hpc", "sles", "opensuse"):
diff --git a/azurelinuxagent/common/osutil/flatcar.py b/azurelinuxagent/common/osutil/flatcar.py
new file mode 100644
index 00000000..3d1bf535
--- /dev/null
+++ b/azurelinuxagent/common/osutil/flatcar.py
@@ -0,0 +1,41 @@
+#
+# Copyright 2023 Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Requires Python 2.6+ and Openssl 1.0+
+#
+
+import os
+import shutil
+
+import azurelinuxagent.common.conf as conf
+
+from azurelinuxagent.common.osutil.coreoscommon import CoreosCommonUtil
+
+
+class FlatcarUtil(CoreosCommonUtil):
+
+ @staticmethod
+ def get_systemd_unit_file_install_path():
+ return "/usr/lib/systemd/system"
+
+ def conf_sshd(self, disable_password):
+ # make sure that the config file stops being a symlink
+ conf_file_path = conf.get_sshd_conf_file_path()
+ conf_file_path2 = f"{conf_file_path}.wal.tmp"
+ shutil.copy(conf_file_path, conf_file_path2)
+ os.remove(conf_file_path)
+ os.rename(conf_file_path2, conf_file_path)
+ super(CoreosCommonUtil, self).conf_sshd(disable_password)
+ pass
diff --git a/config/flatcar/waagent.conf b/config/flatcar/waagent.conf
new file mode 100644
index 00000000..b453c634
--- /dev/null
+++ b/config/flatcar/waagent.conf
@@ -0,0 +1,122 @@
+#
+# Microsoft Azure Linux Agent Configuration
+#
+
+# Enable extension handling. Do not disable this unless you do not need password reset,
+# backup, monitoring, or any extension handling whatsoever.
+Extensions.Enabled=y
+
+# Which provisioning agent to use. Supported values are "auto" (default), "waagent",
+# "cloud-init", or "disabled".
+Provisioning.Agent=waagent
+
+# Password authentication for root account will be unavailable.
+Provisioning.DeleteRootPassword=n
+
+# Generate fresh host key pair.
+Provisioning.RegenerateSshHostKeyPair=n
+
+# Supported values are "rsa", "dsa", "ecdsa", "ed25519", and "auto".
+# The "auto" option is supported on OpenSSH 5.9 (2011) and later.
+Provisioning.SshHostKeyPairType=auto
+
+# Monitor host name changes and publish changes via DHCP requests.
+Provisioning.MonitorHostName=y
+
+# Decode CustomData from Base64.
+Provisioning.DecodeCustomData=y
+
+# Execute CustomData after provisioning.
+Provisioning.ExecuteCustomData=n
+
+# Algorithm used by crypt when generating password hash.
+#Provisioning.PasswordCryptId=6
+
+# Length of random salt used when generating password hash.
+#Provisioning.PasswordCryptSaltLength=10
+
+# Allow reset password of sys user
+Provisioning.AllowResetSysUser=n
+
+# Format if unformatted. If 'n', resource disk will not be mounted.
+ResourceDisk.Format=y
+
+# File system on the resource disk
+# Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.
+ResourceDisk.Filesystem=ext4
+
+# Mount point for the resource disk
+ResourceDisk.MountPoint=/mnt/resource
+
+# Create and use swapfile on resource disk.
+ResourceDisk.EnableSwap=n
+
+# Size of the swapfile.
+ResourceDisk.SwapSizeMB=0
+
+# Comma-seperated list of mount options. See mount(8) for valid options.
+ResourceDisk.MountOptions=None
+
+# Respond to load balancer probes if requested by Windows Azure.
+LBProbeResponder=y
+
+# Enable verbose logging (y|n)
+Logs.Verbose=n
+
+# Enable Console logging, default is y
+# Logs.Console=y
+
+# Is FIPS enabled
+OS.EnableFIPS=n
+
+# Set the path to SSH keys and configuration files
+OS.SshDir=/etc/ssh
+
+# Root device timeout in seconds.
+OS.RootDeviceScsiTimeout=300
+
+# If "None", the system default version is used.
+OS.OpensslPath=None
+
+# If set, agent will use proxy server to access internet
+#HttpProxy.Host=None
+#HttpProxy.Port=None
+
+# Detect Scvmm environment, default is n
+# DetectScvmmEnv=n
+
+#
+# Lib.Dir=/var/lib/waagent
+
+#
+# DVD.MountPoint=/mnt/cdrom/secure
+
+#
+# Pid.File=/var/run/waagent.pid
+
+#
+# Extension.LogDir=/var/log/azure
+
+#
+# Home.Dir=/home
+
+# Enable RDMA management and set up, should only be used in HPC images
+# OS.EnableRDMA=y
+
+# Enable or disable goal state processing auto-update, default is enabled
+AutoUpdate.Enabled=n
+
+# Determine the update family, this should not be changed
+# AutoUpdate.GAFamily=Prod
+
+# Determine if the overprovisioning feature is enabled. If yes, hold extension
+# handling until inVMArtifactsProfile.OnHold is false.
+# Default is enabled
+# EnableOverProvisioning=y
+
+# Allow fallback to HTTP if HTTPS is unavailable
+# Note: Allowing HTTP (vs. HTTPS) may cause security risks
+# OS.AllowHTTP=n
+
+# Add firewall rules to protect access to Azure host node services
+OS.EnableFirewall=y
diff --git a/init/flatcar/10-waagent-sysext.conf b/init/flatcar/10-waagent-sysext.conf
new file mode 100644
index 00000000..f756dbc9
--- /dev/null
+++ b/init/flatcar/10-waagent-sysext.conf
@@ -0,0 +1,2 @@
+[Unit]
+Upholds=waagent.service
diff --git a/init/flatcar/waagent.service b/init/flatcar/waagent.service
new file mode 100644
index 00000000..d0d6f7c8
--- /dev/null
+++ b/init/flatcar/waagent.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=Microsoft Azure Linux Agent
+Wants=network-online.target sshd.service sshd-keygen.service
+After=network-online.target sshd-keygen.service
+
+[Service]
+Type=simple
+
+# Symlink the config if it's missing in /etc. This is a workaround for
+# the fact that this software comes to Flatcar as a sysext and as such
+# can't use the /etc overlay solution by putting the config into
+# /usr/share/flatcar/etc.
+#
+ExecStartPre=/bin/bash -c 'if [[ ! -e /etc/waagent.conf ]]; then ln -sf ../usr/share/waagent/waagent.conf /etc/waagent.conf; fi'
+
+# This could be done also with:
+#
+# ExecStart=/usr/bin/python -u /usr/sbin/waagent -daemon
+#
+# But this would mean that logs from waagent in journal will be
+# denoted as coming from python instead.
+#
+Environment=PYTHONUNBUFFERED=x
+ExecStart=/usr/sbin/waagent -daemon
+
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target
diff --git a/setup.py b/setup.py
index d38d74d6..57b0edb9 100755
--- a/setup.py
+++ b/setup.py
@@ -125,12 +125,22 @@ def get_data_files(name, version, fullname): # pylint: disable=R0912
src=["init/arch/waagent.service"])
elif name in ('coreos', 'flatcar'):
set_bin_files(data_files, dest=agent_bin_path)
- set_conf_files(data_files, dest="/usr/share/oem",
- src=["config/coreos/waagent.conf"])
set_logrotate_files(data_files)
- set_udev_files(data_files)
- set_files(data_files, dest="/usr/share/oem",
- src=["init/coreos/cloud-config.yml"])
+ if int(version.split('.')[0]) >= 3550:
+ # Not installing udev rules, Flatcar already has those
+ set_conf_files(data_files, dest="/usr/share/waagent",
+ src=["config/flatcar/waagent.conf"])
+ set_systemd_files(data_files, dest=systemd_dir_path,
+ src=["init/flatcar/waagent.service"])
+ multi_user_target_drop_in_dir=f"{systemd_dir_path}/multi-user.target.d"
+ set_systemd_files(data_files, dest=multi_user_target_drop_in_dir,
+ src=["init/flatcar/10-waagent-sysext.conf"])
+ else:
+ set_udev_files(data_files)
+ set_conf_files(data_files, dest="/usr/share/oem",
+ src=["config/coreos/waagent.conf"])
+ set_files(data_files, dest="/usr/share/oem",
+ src=["init/coreos/cloud-config.yml"])
elif "Clear Linux" in fullname:
set_bin_files(data_files, dest=agent_bin_path)
set_conf_files(data_files, dest="/usr/share/defaults/waagent",
--
2.25.1

127
sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/files/waagent.conf vendored
View File

@ -1,127 +0,0 @@
#
# Microsoft Azure Linux Agent Configuration
#
# Enable instance creation
Provisioning.Enabled=y
# Enable extension handling. Do not disable this unless you do not need password reset,
# backup, monitoring, or any extension handling whatsoever.
Extensions.Enabled=y
# Rely on cloud-init to provision
Provisioning.UseCloudInit=n
# Password authentication for root account will be unavailable.
Provisioning.DeleteRootPassword=n
# Generate fresh host key pair.
Provisioning.RegenerateSshHostKeyPair=n
# Supported values are "rsa", "dsa", "ecdsa", "ed25519", and "auto".
# The "auto" option is supported on OpenSSH 5.9 (2011) and later.
Provisioning.SshHostKeyPairType=auto
# Monitor host name changes and publish changes via DHCP requests.
Provisioning.MonitorHostName=y
# Decode CustomData from Base64.
Provisioning.DecodeCustomData=y
# Execute CustomData after provisioning.
Provisioning.ExecuteCustomData=n
# Algorithm used by crypt when generating password hash.
#Provisioning.PasswordCryptId=6
# Length of random salt used when generating password hash.
#Provisioning.PasswordCryptSaltLength=10
# Allow reset password of sys user
Provisioning.AllowResetSysUser=n
# Format if unformatted. If 'n', resource disk will not be mounted.
ResourceDisk.Format=y
# File system on the resource disk
# Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.
ResourceDisk.Filesystem=ext4
# Mount point for the resource disk
ResourceDisk.MountPoint=/mnt/resource
# Create and use swapfile on resource disk.
ResourceDisk.EnableSwap=n
# Size of the swapfile.
ResourceDisk.SwapSizeMB=0
# Comma-seperated list of mount options. See man(8) for valid options.
ResourceDisk.MountOptions=None
# Enable verbose logging (y|n)
Logs.Verbose=n
# Is FIPS enabled
OS.EnableFIPS=n
# Root device timeout in seconds.
OS.RootDeviceScsiTimeout=300
# If "None", the system default version is used.
OS.OpensslPath=None
# Set the SSH ClientAliveInterval
# OS.SshClientAliveInterval=180
# Set the path to SSH keys and configuration files
OS.SshDir=/etc/ssh
# If set, agent will use proxy server to access internet
#HttpProxy.Host=None
#HttpProxy.Port=None
# Detect Scvmm environment, default is n
# DetectScvmmEnv=n
#
# Lib.Dir=/var/lib/waagent
#
# DVD.MountPoint=/mnt/cdrom/secure
#
# Pid.File=/var/run/waagent.pid
#
# Extension.LogDir=/var/log/azure
#
# Home.Dir=/home
# Enable RDMA management and set up, should only be used in HPC images
# OS.EnableRDMA=y
# Enable or disable goal state processing auto-update, default is enabled
# AutoUpdate.Enabled=y
# Determine the update family, this should not be changed
# AutoUpdate.GAFamily=Prod
# Determine if the overprovisioning feature is enabled. If yes, hold extension
# handling until inVMArtifactsProfile.OnHold is false.
# Default is enabled
# EnableOverProvisioning=y
# Allow fallback to HTTP if HTTPS is unavailable
# Note: Allowing HTTP (vs. HTTPS) may cause security risks
# OS.AllowHTTP=n
# Add firewall rules to protect access to Azure host node services
OS.EnableFirewall=y
# Enforce control groups limits on the agent and extensions
CGroups.EnforceLimits=n
# CGroups which are excluded from limits, comma separated
CGroups.Excluded=customscript,runcommand

36
sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/wa-linux-agent-2.6.0.2-r2.ebuild vendored
View File

@ -1,36 +0,0 @@
# Copyright (c) 2014 CoreOS, Inc.. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
EAPI=7
DESCRIPTION="Windows Azure Linux Agent"
HOMEPAGE="https://github.com/Azure/WALinuxAgent"
KEYWORDS="amd64 arm64"
SRC_URI="${HOMEPAGE}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="Apache-2.0"
SLOT="0"
IUSE=""
# Depending on specific version of python-oem allows us to notice when
# we update the major version of python and then to make sure that we
# install the package in correctly versioned site-packages directory.
DEP_PYVER="3.10"
RDEPEND="
dev-lang/python-oem:${DEP_PYVER}
dev-python/distro-oem
"
S="${WORKDIR}/WALinuxAgent-${PV}"
src_install() {
into "/oem"
dobin "${S}/bin/waagent"
insinto "/oem/python/$(get_libdir)/python${DEP_PYVER}/site-packages"
doins -r "${S}/azurelinuxagent/"
insinto "/oem"
doins "${FILESDIR}/waagent.conf"
}

33
sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/wa-linux-agent-2.6.0.2-r3.ebuild vendored Normal file
View File

@ -0,0 +1,33 @@
# Copyright (c) 2014 CoreOS, Inc.. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Don't use DISTUTILS_USE_PEP517=setuptools because this installs
# everything inside /usr/lib/pythonX_Y/site-packages, even files that
# ought to be put into /etc or /sbin.
PYTHON_COMPAT=( python3_{9..11} )
inherit distutils-r1
DESCRIPTION="Windows Azure Linux Agent"
HOMEPAGE="https://github.com/Azure/WALinuxAgent"
SRC_URI="${HOMEPAGE}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="Apache-2.0"
KEYWORDS="amd64 arm64"
SLOT="0"
IUSE=""
RESTRICT=""
BDEPEND="
dev-python/distro
"
RDEPEND="${BDEPEND}
"
S="${WORKDIR}/WALinuxAgent-${PV}"
PATCHES=(
"${FILESDIR}/0001-flatcar-changes.patch"
)