From 29d99b1a6eef724d32ece21d56cb4adf2924d326 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 14 Dec 2023 14:11:55 +0200 Subject: [PATCH 1/7] waagent: nixpkgs-fmt The comments for the function args are redundant, we already have them in runtimeDeps. --- .../networking/cluster/waagent/default.nix | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/pkgs/applications/networking/cluster/waagent/default.nix b/pkgs/applications/networking/cluster/waagent/default.nix index d71e9fb7fb7d..38b7c8683e90 100644 --- a/pkgs/applications/networking/cluster/waagent/default.nix +++ b/pkgs/applications/networking/cluster/waagent/default.nix @@ -1,18 +1,19 @@ -{ fetchFromGitHub, - findutils, - gnugrep, - gnused, - iproute2, - iptables, - lib, - nettools, # for hostname - openssh, - openssl, - parted, - procps, # for pidof, - python39, # the latest python version that waagent test against according to https://github.com/Azure/WALinuxAgent/blob/28345a55f9b21dae89472111635fd6e41809d958/.github/workflows/ci_pr.yml#L75 - shadow, # for useradd, usermod - util-linux, # for (u)mount, fdisk, sfdisk, mkswap +{ fetchFromGitHub +, findutils +, gnugrep +, gnused +, iproute2 +, iptables +, lib +, nettools +, openssh +, openssl +, parted +, procps + # the latest python version that waagent test against according to https://github.com/Azure/WALinuxAgent/blob/28345a55f9b21dae89472111635fd6e41809d958/.github/workflows/ci_pr.yml#L75 +, python39 +, shadow +, util-linux }: let @@ -52,13 +53,13 @@ python39.pkgs.buildPythonPackage rec { ]; fixupPhase = '' - mkdir -p $out/bin/ - WAAGENT=$(find $out -name waagent | grep sbin) - cp $WAAGENT $out/bin/waagent - wrapProgram "$out/bin/waagent" \ - --prefix PYTHONPATH : $PYTHONPATH \ - --prefix PATH : "${makeBinPath runtimeDeps}" - patchShebangs --build "$out/bin/" + mkdir -p $out/bin/ + WAAGENT=$(find $out -name waagent | grep sbin) + cp $WAAGENT $out/bin/waagent + wrapProgram "$out/bin/waagent" \ + --prefix PYTHONPATH : $PYTHONPATH \ + --prefix PATH : "${makeBinPath runtimeDeps}" + patchShebangs --build "$out/bin/" ''; meta = { From beff92b86faa946f1413e9fb419eacca51c76317 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 14 Dec 2023 14:15:05 +0200 Subject: [PATCH 2/7] waagent: use buildPythonApplication --- pkgs/applications/networking/cluster/waagent/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/networking/cluster/waagent/default.nix b/pkgs/applications/networking/cluster/waagent/default.nix index 38b7c8683e90..0310199e281a 100644 --- a/pkgs/applications/networking/cluster/waagent/default.nix +++ b/pkgs/applications/networking/cluster/waagent/default.nix @@ -20,7 +20,7 @@ let inherit (lib) makeBinPath; in -python39.pkgs.buildPythonPackage rec { +python39.pkgs.buildPythonApplication rec { pname = "waagent"; version = "2.8.0.11"; src = fetchFromGitHub { From 76254a64b941574e76c18d2e3d70090a023ec1af Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 14 Dec 2023 14:16:48 +0200 Subject: [PATCH 3/7] waagent: fix description in meta Make description a single line, and put the multi-line version in a multiline string. --- pkgs/applications/networking/cluster/waagent/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/networking/cluster/waagent/default.nix b/pkgs/applications/networking/cluster/waagent/default.nix index 0310199e281a..8585bf601592 100644 --- a/pkgs/applications/networking/cluster/waagent/default.nix +++ b/pkgs/applications/networking/cluster/waagent/default.nix @@ -63,11 +63,12 @@ python39.pkgs.buildPythonApplication rec { ''; meta = { - description = "The Microsoft Azure Linux Agent (waagent) - manages Linux provisioning and VM interaction with the Azure - Fabric Controller"; + description = "The Microsoft Azure Linux Agent (waagent)"; + longDescription = '' + The Microsoft Azure Linux Agent (waagent) + manages Linux provisioning and VM interaction with the Azure + Fabric Controller''; homepage = "https://github.com/Azure/WALinuxAgent"; license = with lib.licenses; [ asl20 ]; }; - } From f9991e9de0014bc7e15394ef312fdf3d3112abd6 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 14 Dec 2023 14:31:31 +0200 Subject: [PATCH 4/7] waagent: fixes - use propagatedBuildInputs, we need `distro` at runtime. - move addition of runtimeDeps into makeWrapperArgs - move binary moving into preFixup, so buildPythonApplication can do its thing. - populate $out/etc as well, so udev rules can be found. The udev file needs to be patched to fix the /bin/chmod reference. --- .../networking/cluster/waagent/default.nix | 65 ++++++++++++------- 1 file changed, 40 insertions(+), 25 deletions(-) diff --git a/pkgs/applications/networking/cluster/waagent/default.nix b/pkgs/applications/networking/cluster/waagent/default.nix index 8585bf601592..52a95844284f 100644 --- a/pkgs/applications/networking/cluster/waagent/default.nix +++ b/pkgs/applications/networking/cluster/waagent/default.nix @@ -10,7 +10,6 @@ , openssl , parted , procps - # the latest python version that waagent test against according to https://github.com/Azure/WALinuxAgent/blob/28345a55f9b21dae89472111635fd6e41809d958/.github/workflows/ci_pr.yml#L75 , python39 , shadow , util-linux @@ -18,9 +17,11 @@ let inherit (lib) makeBinPath; + # the latest python version that waagent test against according to https://github.com/Azure/WALinuxAgent/blob/28345a55f9b21dae89472111635fd6e41809d958/.github/workflows/ci_pr.yml#L75 + python = python39; in -python39.pkgs.buildPythonApplication rec { +python.pkgs.buildPythonApplication rec { pname = "waagent"; version = "2.8.0.11"; src = fetchFromGitHub { @@ -30,36 +31,50 @@ python39.pkgs.buildPythonApplication rec { sha256 = "0fvjanvsz1zyzhbjr2alq5fnld43mdd776r2qid5jy5glzv0xbhf"; }; patches = [ - # Suppress the following error when waagent try to configure sshd: + # Suppress the following error when waagent tries to configure sshd: # Read-only file system: '/etc/ssh/sshd_config' ./dont-configure-sshd.patch ]; doCheck = false; - buildInputs = with python39.pkgs; [ distro ]; - runtimeDeps = [ - findutils - gnugrep - gnused - iproute2 - iptables - nettools # for hostname - openssh - openssl - parted - procps # for pidof - shadow # for useradd, usermod - util-linux # for (u)mount, fdisk, sfdisk, mkswap + # azure-product-uuid chmod rule invokes chmod to change the mode of + # product_uuid (which is not a device itself). + # Replace this with an absolute path. + postPatch = '' + substituteInPlace config/99-azure-product-uuid.rules \ + --replace "/bin/chmod" "${coreutils}/bin/chmod" + ''; + + propagatedBuildInputs = [ python.pkgs.distro ]; + + makeWrapperArgs = [ + "--prefix" + "PATH" + ":" + (lib.makeBinPath [ + findutils + gnugrep + gnused + iproute2 + iptables + nettools # for hostname + openssh + openssl + parted + procps # for pidof + shadow # for useradd, usermod + util-linux # for (u)mount, fdisk, sfdisk, mkswap + ]) ]; - fixupPhase = '' - mkdir -p $out/bin/ - WAAGENT=$(find $out -name waagent | grep sbin) - cp $WAAGENT $out/bin/waagent - wrapProgram "$out/bin/waagent" \ - --prefix PYTHONPATH : $PYTHONPATH \ - --prefix PATH : "${makeBinPath runtimeDeps}" - patchShebangs --build "$out/bin/" + # The binary entrypoint and udev rules are placed to the wrong place. + # Move them to their default location. + preFixup = '' + mv $out/${python.sitePackages}/usr/sbin $out/bin + rm $out/bin/waagent2.0 + rmdir $out/${python.sitePackages}/usr + + mv $out/${python.sitePackages}/etc $out/ ''; meta = { From 276939e0a1a218a8541c6c36a675e166c7131845 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 14 Dec 2023 14:49:49 +0200 Subject: [PATCH 5/7] nixos/waagent: move runtime dependencies to systemd service The udev rules shell out to chmod, cut and readlink, which are available for udev rules (see https://github.com/NixOS/nixpkgs/pull/274236). --- nixos/modules/virtualisation/azure-agent.nix | 21 +++++++++++ .../networking/cluster/waagent/default.nix | 37 ++----------------- 2 files changed, 25 insertions(+), 33 deletions(-) diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index e712fac17a46..dde5d9a92eb1 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -245,6 +245,27 @@ in pkgs.e2fsprogs pkgs.bash + pkgs.findutils + pkgs.gnugrep + pkgs.gnused + pkgs.iproute2 + pkgs.iptables + + # for hostname + pkgs.nettools + + pkgs.openssh + pkgs.openssl + pkgs.parted + + # for pidof + pkgs.procps + + # for useradd, usermod + pkgs.shadow + + pkgs.util-linux # for (u)mount, fdisk, sfdisk, mkswap + # waagent's Microsoft.OSTCExtensions.VMAccessForLinux needs Python 3 pkgs.python39 diff --git a/pkgs/applications/networking/cluster/waagent/default.nix b/pkgs/applications/networking/cluster/waagent/default.nix index 52a95844284f..e796f95f4df0 100644 --- a/pkgs/applications/networking/cluster/waagent/default.nix +++ b/pkgs/applications/networking/cluster/waagent/default.nix @@ -1,18 +1,9 @@ -{ fetchFromGitHub -, findutils -, gnugrep -, gnused -, iproute2 -, iptables +{ bash +, coreutils +, fetchFromGitHub , lib -, nettools -, openssh -, openssl -, parted -, procps , python39 -, shadow -, util-linux +, substituteAll }: let @@ -47,26 +38,6 @@ python.pkgs.buildPythonApplication rec { propagatedBuildInputs = [ python.pkgs.distro ]; - makeWrapperArgs = [ - "--prefix" - "PATH" - ":" - (lib.makeBinPath [ - findutils - gnugrep - gnused - iproute2 - iptables - nettools # for hostname - openssh - openssl - parted - procps # for pidof - shadow # for useradd, usermod - util-linux # for (u)mount, fdisk, sfdisk, mkswap - ]) - ]; - # The binary entrypoint and udev rules are placed to the wrong place. # Move them to their default location. preFixup = '' From f1c8d0709be6c9d510d4cafcdb2ad481f398c461 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 14 Dec 2023 19:43:10 +0200 Subject: [PATCH 6/7] nixos/waagent: provide waagent udev rules in initrd This should make /dev/disk/azure appear in-initrd too. --- nixos/modules/virtualisation/azure-agent.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index dde5d9a92eb1..ac4cd752615d 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -202,6 +202,13 @@ in services.udev.packages = [ pkgs.waagent ]; + # Provide waagent-shipped udev rules in initrd too. + boot.initrd.services.udev.packages = [ pkgs.waagent ]; + # udev rules shell out to chmod, cut and readlink, which are all + # provided by pkgs.coreutils, which is in services.udev.path, but not + # boot.initrd.services.udev.binPackages. + boot.initrd.services.udev.binPackages = [ pkgs.coreutils ]; + networking.dhcpcd.persistent = true; services.logrotate = { From f12915c4e0c143774d3139d6accb7a66df252fb9 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Mon, 18 Dec 2023 13:34:37 +0200 Subject: [PATCH 7/7] waagent: fix re-execution waagent re-executes itself in UpdateHandler.run_latest, even if autoupdate is disabled. It manually spawns a python interprever with argv0, so make sure we set this to the right place. PATH contains our PYTHON, and PYTHONPATH stays set, so this should somewhat still work. --- .../networking/cluster/waagent/default.nix | 25 +++++++++++++++---- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/networking/cluster/waagent/default.nix b/pkgs/applications/networking/cluster/waagent/default.nix index e796f95f4df0..45fc40384763 100644 --- a/pkgs/applications/networking/cluster/waagent/default.nix +++ b/pkgs/applications/networking/cluster/waagent/default.nix @@ -38,16 +38,31 @@ python.pkgs.buildPythonApplication rec { propagatedBuildInputs = [ python.pkgs.distro ]; - # The binary entrypoint and udev rules are placed to the wrong place. + # The udev rules are placed to the wrong place. # Move them to their default location. + # Keep $out/${python.sitePackages}/usr/sbin/waagent where it is. + # waagent re-executes itself in UpdateHandler.run_latest, even if autoupdate + # is disabled, manually spawning a python interprever with argv0. + # We can't use the default python program wrapping mechanism, as it uses + # wrapProgram which doesn't support --argv0. + # So instead we make our own wrapper in $out/bin/waagent, setting PATH and + # PYTHONPATH. + # PATH contains our PYTHON, and PYTHONPATH stays set, so this should somewhat + # still work. preFixup = '' - mv $out/${python.sitePackages}/usr/sbin $out/bin - rm $out/bin/waagent2.0 - rmdir $out/${python.sitePackages}/usr - mv $out/${python.sitePackages}/etc $out/ + + buildPythonPath + + mkdir -p $out/bin + makeWrapper $out/${python.sitePackages}/usr/sbin/waagent $out/bin/waagent \ + --set PYTHONPATH $PYTHONPATH \ + --prefix PATH : $program_PATH \ + --argv0 $out/${python.sitePackages}/usr/sbin/waagent ''; + dontWrapPythonPrograms = false; + meta = { description = "The Microsoft Azure Linux Agent (waagent)"; longDescription = ''