commit bff548fef1c7bb8537d28814bdc3248de4c85bf3 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

waagent: enable provisioning

authored by Yang, Bo and committed by Jörg Thalheim 2 years ago bff548fe e1cb1dc2

+38 -42

4 changed files

expand all

unified split

nixos

modules

virtualisation

azure-agent.nix

azure-image.nix

pkgs

applications

networking

cluster

waagent

default.nix

dont-configure-sshd.patch

+7 -2

nixos/modules/virtualisation/azure-agent.nix

··· 61 61 62 62 # Which provisioning agent to use. Supported values are "auto" (default), "waagent", 63 63 # "cloud-init", or "disabled". 64 - Provisioning.Agent=disabled 64 + Provisioning.Agent=auto 65 65 66 66 # Password authentication for root account will be unavailable. 67 67 Provisioning.DeleteRootPassword=n ··· 246 246 pkgs.bash 247 247 248 248 # waagent's Microsoft.OSTCExtensions.VMAccessForLinux needs Python 3 249 - pkgs.python3 249 + pkgs.python39 250 250 251 251 # waagent's Microsoft.CPlat.Core.RunCommandLinux needs lsof 252 252 pkgs.lsof ··· 258 258 Type = "simple"; 259 259 }; 260 260 }; 261 + 262 + # waagent will generate files under /etc/sudoers.d during provisioning 263 + security.sudo.extraConfig = '' 264 + #includedir /etc/sudoers.d 265 + ''; 261 266 262 267 }; 263 268 }

-37

nixos/modules/virtualisation/azure-image.nix

··· 37 37 inherit config lib pkgs; 38 38 }; 39 39 40 - # Azure metadata is available as a CD-ROM drive. 41 - fileSystems."/metadata".device = "/dev/sr0"; 42 - 43 - systemd.services.fetch-ssh-keys = { 44 - description = "Fetch host keys and authorized_keys for root user"; 45 - 46 - wantedBy = [ "sshd.service" "waagent.service" ]; 47 - before = [ "sshd.service" "waagent.service" ]; 48 - 49 - path = [ pkgs.coreutils ]; 50 - script = 51 - '' 52 - eval "$(cat /metadata/CustomData.bin)" 53 - if ! [ -z "$ssh_host_ecdsa_key" ]; then 54 - echo "downloaded ssh_host_ecdsa_key" 55 - echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ed25519_key 56 - chmod 600 /etc/ssh/ssh_host_ed25519_key 57 - fi 58 - 59 - if ! [ -z "$ssh_host_ecdsa_key_pub" ]; then 60 - echo "downloaded ssh_host_ecdsa_key_pub" 61 - echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ed25519_key.pub 62 - chmod 644 /etc/ssh/ssh_host_ed25519_key.pub 63 - fi 64 - 65 - if ! [ -z "$ssh_root_auth_key" ]; then 66 - echo "downloaded ssh_root_auth_key" 67 - mkdir -m 0700 -p /root/.ssh 68 - echo "$ssh_root_auth_key" > /root/.ssh/authorized_keys 69 - chmod 600 /root/.ssh/authorized_keys 70 - fi 71 - ''; 72 - serviceConfig.Type = "oneshot"; 73 - serviceConfig.RemainAfterExit = true; 74 - serviceConfig.StandardError = "journal+console"; 75 - serviceConfig.StandardOutput = "journal+console"; 76 - }; 77 40 }; 78 41 }

+8 -3

pkgs/applications/networking/cluster/waagent/default.nix

··· 10 10 openssl, 11 11 parted, 12 12 procps, # for pidof, 13 - python3, 13 + python39, # the latest python version that waagent test against according to https://github.com/Azure/WALinuxAgent/blob/28345a55f9b21dae89472111635fd6e41809d958/.github/workflows/ci_pr.yml#L75 14 14 shadow, # for useradd, usermod 15 15 util-linux, # for (u)mount, fdisk, sfdisk, mkswap 16 16 }: ··· 19 19 inherit (lib) makeBinPath; 20 20 21 21 in 22 - python3.pkgs.buildPythonPackage rec { 22 + python39.pkgs.buildPythonPackage rec { 23 23 pname = "waagent"; 24 24 version = "2.8.0.11"; 25 25 src = fetchFromGitHub { ··· 28 28 rev = "04ded9f0b708cfaf4f9b68eead1aef4cc4f32eeb"; 29 29 sha256 = "0fvjanvsz1zyzhbjr2alq5fnld43mdd776r2qid5jy5glzv0xbhf"; 30 30 }; 31 + patches = [ 32 + # Suppress the following error when waagent try to configure sshd: 33 + # Read-only file system: '/etc/ssh/sshd_config' 34 + ./dont-configure-sshd.patch 35 + ]; 31 36 doCheck = false; 32 37 33 - buildInputs = with python3.pkgs; [ distro ]; 38 + buildInputs = with python39.pkgs; [ distro ]; 34 39 runtimeDeps = [ 35 40 findutils 36 41 gnugrep

+23

pkgs/applications/networking/cluster/waagent/dont-configure-sshd.patch

··· 1 + From 383e7c826906baedcd12ae7c20a4a5d4b32b104a Mon Sep 17 00:00:00 2001 2 + From: "Yang, Bo" <bo@preemo.io> 3 + Date: Wed, 8 Nov 2023 23:08:07 +0000 4 + Subject: [PATCH] Don't configure sshd 5 + 6 + --- 7 + azurelinuxagent/pa/provision/default.py | 3 --- 8 + 1 file changed, 3 deletions(-) 9 + 10 + diff --git a/azurelinuxagent/pa/provision/default.py b/azurelinuxagent/pa/provision/default.py 11 + index 91fe04edab..48edf01490 100644 12 + --- a/azurelinuxagent/pa/provision/default.py 13 + +++ b/azurelinuxagent/pa/provision/default.py 14 + @@ -237,9 +237,6 @@ def config_user_account(self, ovfenv): 15 + self.osutil.conf_sudoer(ovfenv.username, 16 + nopasswd=ovfenv.user_password is None) 17 + 18 + - logger.info("Configure sshd") 19 + - self.osutil.conf_sshd(ovfenv.disable_ssh_password_auth) 20 + - 21 + self.deploy_ssh_pubkeys(ovfenv) 22 + self.deploy_ssh_keypairs(ovfenv) 23 +