From ca0175017d980c74341cab3e1977b19a2f80bfd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=85smund=20=C3=98stvold?= Date: Tue, 10 Jan 2023 20:58:20 +0100 Subject: [PATCH] waagent: update to 2.8.0.11 (#206974) The agent has not been updated for a very long time. In addition to updating to the newest tagged version the change creates a package for it. The existing version has issues with the new python2.7 package not containing crypt.so file. And the commit 6910a4eea0038728a2f10ce84122806f2cb6b170 I believe introduced regression that caused the shebang to not be updated. --- .../virtualisation/azure-agent-entropy.patch | 17 -- nixos/modules/virtualisation/azure-agent.nix | 212 +++++++++++------- .../networking/cluster/waagent/default.nix | 67 ++++++ pkgs/top-level/all-packages.nix | 2 + 4 files changed, 205 insertions(+), 93 deletions(-) delete mode 100644 nixos/modules/virtualisation/azure-agent-entropy.patch create mode 100644 pkgs/applications/networking/cluster/waagent/default.nix diff --git a/nixos/modules/virtualisation/azure-agent-entropy.patch b/nixos/modules/virtualisation/azure-agent-entropy.patch deleted file mode 100644 index 2a7ad08a4afc..000000000000 --- a/nixos/modules/virtualisation/azure-agent-entropy.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- a/waagent 2016-03-12 09:58:15.728088851 +0200 -+++ a/waagent 2016-03-12 09:58:43.572680025 +0200 -@@ -6173,10 +6173,10 @@ - Log("MAC address: " + ":".join(["%02X" % Ord(a) for a in mac])) - - # Consume Entropy in ACPI table provided by Hyper-V -- try: -- SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0")) -- except: -- pass -+ #try: -+ # SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0")) -+ #except: -+ # pass - - Log("Probing for Azure environment.") - self.Endpoint = self.DoDhcpWork() diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index abe6455a1a69..6e6021cf80fe 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -1,51 +1,10 @@ { config, lib, pkgs, ... }: with lib; - let cfg = config.virtualisation.azure.agent; - waagent = with pkgs; stdenv.mkDerivation rec { - name = "waagent-2.0"; - src = pkgs.fetchFromGitHub { - owner = "Azure"; - repo = "WALinuxAgent"; - rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4"; - sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x"; - }; - - patches = [ ./azure-agent-entropy.patch ]; - - nativeBuildInputs = [ makeWrapper python pythonPackages.wrapPython ]; - runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh - nettools # for hostname - procps # for pidof - shadow # for useradd, usermod - util-linux # for (u)mount, fdisk, sfdisk, mkswap - parted - ]; - pythonPath = [ pythonPackages.pyasn1 ]; - - configurePhase = false; - buildPhase = false; - - installPhase = '' - substituteInPlace config/99-azure-product-uuid.rules \ - --replace /bin/chmod "${coreutils}/bin/chmod" - mkdir -p $out/lib/udev/rules.d - cp config/*.rules $out/lib/udev/rules.d - - mkdir -p $out/bin - cp waagent $out/bin/ - chmod +x $out/bin/waagent - - wrapProgram "$out/bin/waagent" \ - --prefix PYTHONPATH : $PYTHONPATH \ - --prefix PATH : "${makeBinPath runtimeDeps}" - ''; - }; - provisionedHook = pkgs.writeScript "provisioned-hook" '' #!${pkgs.runtimeShell} /run/current-system/systemd/bin/systemctl start provisioned.target @@ -74,14 +33,15 @@ in ###### implementation - config = mkIf cfg.enable { - assertions = [ { + config = lib.mkIf cfg.enable { + assertions = [{ assertion = pkgs.stdenv.hostPlatform.isx86; message = "Azure not currently supported on ${pkgs.stdenv.hostPlatform.system}"; - } { - assertion = config.networking.networkmanager.enable == false; - message = "Windows Azure Linux Agent is not compatible with NetworkManager"; - } ]; + } + { + assertion = config.networking.networkmanager.enable == false; + message = "Windows Azure Linux Agent is not compatible with NetworkManager"; + }]; boot.initrd.kernelModules = [ "ata_piix" ]; networking.firewall.allowedUDPPorts = [ 68 ]; @@ -89,13 +49,19 @@ in environment.etc."waagent.conf".text = '' # - # Windows Azure Linux Agent Configuration + # Microsoft Azure Linux Agent Configuration # - Role.StateConsumer=${provisionedHook} + # Enable extension handling. Do not disable this unless you do not need password reset, + # backup, monitoring, or any extension handling whatsoever. + Extensions.Enabled=y - # Enable instance creation - Provisioning.Enabled=y + # How often (in seconds) to poll for new goal states + Extensions.GoalStatePeriod=6 + + # Which provisioning agent to use. Supported values are "auto" (default), "waagent", + # "cloud-init", or "disabled". + Provisioning.Agent=disabled # Password authentication for root account will be unavailable. Provisioning.DeleteRootPassword=n @@ -103,18 +69,31 @@ in # Generate fresh host key pair. Provisioning.RegenerateSshHostKeyPair=n - # Supported values are "rsa", "dsa" and "ecdsa". + # Supported values are "rsa", "dsa", "ecdsa", "ed25519", and "auto". + # The "auto" option is supported on OpenSSH 5.9 (2011) and later. Provisioning.SshHostKeyPairType=ed25519 # Monitor host name changes and publish changes via DHCP requests. Provisioning.MonitorHostName=y + # How often (in seconds) to monitor host name changes. + Provisioning.MonitorHostNamePeriod=30 + # Decode CustomData from Base64. Provisioning.DecodeCustomData=n # Execute CustomData after provisioning. Provisioning.ExecuteCustomData=n + # Algorithm used by crypt when generating password hash. + #Provisioning.PasswordCryptId=6 + + # Length of random salt used when generating password hash. + #Provisioning.PasswordCryptSaltLength=10 + + # Allow reset password of sys user + Provisioning.AllowResetSysUser=n + # Format if unformatted. If 'n', resource disk will not be mounted. ResourceDisk.Format=${if cfg.mountResourceDisk then "y" else "n"} @@ -125,22 +104,103 @@ in # Mount point for the resource disk ResourceDisk.MountPoint=/mnt/resource - # Respond to load balancer probes if requested by Windows Azure. - LBProbeResponder=y + # Create and use swapfile on resource disk. + ResourceDisk.EnableSwap=n - # Enable logging to serial console (y|n) - # When stdout is not enough... - # 'y' if not set - Logs.Console=y + # Size of the swapfile. + ResourceDisk.SwapSizeMB=0 + + # Comma-separated list of mount options. See mount(8) for valid options. + ResourceDisk.MountOptions=None # Enable verbose logging (y|n) Logs.Verbose=${if cfg.verboseLogging then "y" else "n"} + # Enable Console logging, default is y + # Logs.Console=y + + # Enable periodic log collection, default is n + Logs.Collect=n + + # How frequently to collect logs, default is each hour + Logs.CollectPeriod=3600 + + # Is FIPS enabled + OS.EnableFIPS=n + # Root device timeout in seconds. OS.RootDeviceScsiTimeout=300 + + # How often (in seconds) to set the root device timeout. + OS.RootDeviceScsiTimeoutPeriod=30 + + # If "None", the system default version is used. + OS.OpensslPath=${pkgs.openssl_3.bin}/bin/openssl + + # Set the SSH ClientAliveInterval + # OS.SshClientAliveInterval=180 + + # Set the path to SSH keys and configuration files + OS.SshDir=/etc/ssh + + # If set, agent will use proxy server to access internet + #HttpProxy.Host=None + #HttpProxy.Port=None + + # Detect Scvmm environment, default is n + # DetectScvmmEnv=n + + # + # Lib.Dir=/var/lib/waagent + + # + # DVD.MountPoint=/mnt/cdrom/secure + + # + # Pid.File=/var/run/waagent.pid + + # + # Extension.LogDir=/var/log/azure + + # + # Home.Dir=/home + + # Enable RDMA management and set up, should only be used in HPC images + OS.EnableRDMA=n + + # Enable checking RDMA driver version and update + # OS.CheckRdmaDriver=y + + # Enable or disable goal state processing auto-update, default is enabled + AutoUpdate.Enabled=n + + # Determine the update family, this should not be changed + # AutoUpdate.GAFamily=Prod + + # Determine if the overprovisioning feature is enabled. If yes, hold extension + # handling until inVMArtifactsProfile.OnHold is false. + # Default is enabled + EnableOverProvisioning=n + + # Allow fallback to HTTP if HTTPS is unavailable + # Note: Allowing HTTP (vs. HTTPS) may cause security risks + # OS.AllowHTTP=n + + # Add firewall rules to protect access to Azure host node services + OS.EnableFirewall=n + + # How often (in seconds) to check the firewall rules + OS.EnableFirewallPeriod=30 + + # How often (in seconds) to remove the udev rules for persistent network interface + # names (75-persistent-net-generator.rules and /etc/udev/rules.d/70-persistent-net.rules) + OS.RemovePersistentNetRulesPeriod=30 + + # How often (in seconds) to monitor for DHCP client restarts + OS.MonitorDhcpClientRestartPeriod=30 ''; - services.udev.packages = [ waagent ]; + services.udev.packages = [ pkgs.waagent ]; networking.dhcpcd.persistent = true; @@ -157,23 +217,24 @@ in description = "Services Requiring Azure VM provisioning to have finished"; }; - systemd.services.consume-hypervisor-entropy = - { description = "Consume entropy in ACPI table provided by Hyper-V"; + systemd.services.consume-hypervisor-entropy = + { + description = "Consume entropy in ACPI table provided by Hyper-V"; - wantedBy = [ "sshd.service" "waagent.service" ]; - before = [ "sshd.service" "waagent.service" ]; + wantedBy = [ "sshd.service" "waagent.service" ]; + before = [ "sshd.service" "waagent.service" ]; - path = [ pkgs.coreutils ]; - script = - '' - echo "Fetching entropy..." - cat /sys/firmware/acpi/tables/OEM0 > /dev/random - ''; - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; - serviceConfig.StandardError = "journal+console"; - serviceConfig.StandardOutput = "journal+console"; - }; + path = [ pkgs.coreutils ]; + script = + '' + echo "Fetching entropy..." + cat /sys/firmware/acpi/tables/OEM0 > /dev/random + ''; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + serviceConfig.StandardError = "journal+console"; + serviceConfig.StandardOutput = "journal+console"; + }; systemd.services.waagent = { wantedBy = [ "multi-user.target" ]; @@ -184,11 +245,10 @@ in description = "Windows Azure Agent Service"; unitConfig.ConditionPathExists = "/etc/waagent.conf"; serviceConfig = { - ExecStart = "${waagent}/bin/waagent -daemon"; + ExecStart = "${pkgs.waagent}/bin/waagent -daemon"; Type = "simple"; }; }; }; - } diff --git a/pkgs/applications/networking/cluster/waagent/default.nix b/pkgs/applications/networking/cluster/waagent/default.nix new file mode 100644 index 000000000000..a1a72a69885a --- /dev/null +++ b/pkgs/applications/networking/cluster/waagent/default.nix @@ -0,0 +1,67 @@ +{ fetchFromGitHub, + findutils, + gnugrep, + gnused, + iproute2, + iptables, + lib, + nettools, # for hostname + openssh, + openssl, + parted, + procps, # for pidof, + python3, + shadow, # for useradd, usermod + util-linux, # for (u)mount, fdisk, sfdisk, mkswap +}: + +let + inherit (lib) makeBinPath; + +in +python3.pkgs.buildPythonPackage rec { + pname = "waagent"; + version = "2.8.0.11"; + src = fetchFromGitHub { + owner = "Azure"; + repo = "WALinuxAgent"; + rev = "04ded9f0b708cfaf4f9b68eead1aef4cc4f32eeb"; + sha256 = "0fvjanvsz1zyzhbjr2alq5fnld43mdd776r2qid5jy5glzv0xbhf"; + }; + doCheck = false; + + buildInputs = with python3.pkgs; [ distro ]; + runtimeDeps = [ + findutils + gnugrep + gnused + iproute2 + iptables + nettools # for hostname + openssh + openssl + parted + procps # for pidof + shadow # for useradd, usermod + util-linux # for (u)mount, fdisk, sfdisk, mkswap + ]; + + fixupPhase = '' + mkdir -p $out/bin/ + WAAGENT=$(find $out -name waagent | grep sbin) + cp $WAAGENT $out/bin/waagent + wrapProgram "$out/bin/waagent" \ + --prefix PYTHONPATH : $PYTHONPATH \ + --prefix PATH : "${makeBinPath runtimeDeps}" + patchShebangs --build "$out/bin/" + ''; + + meta = { + description = "The Microsoft Azure Linux Agent (waagent) + manages Linux provisioning and VM interaction with the Azure + Fabric Controller"; + homepage = "https://github.com/Azure/WALinuxAgent"; + license = with lib.licenses; [ asl20 ]; + }; + +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f0caa502c84c..2fb633d45571 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16466,6 +16466,8 @@ with pkgs; trealla = callPackage ../development/interpreters/trealla { }; + waagent = callPackage ../applications/networking/cluster/waagent { }; + wapm-cli = callPackage ../tools/package-management/wapm/cli { inherit (darwin.apple_sdk.frameworks) Security SystemConfiguration; };