waagent: enable provisioning
This commit is contained in:
parent
e1cb1dc257
commit
bff548fef1
|
@ -61,7 +61,7 @@ in
|
|||
|
||||
# Which provisioning agent to use. Supported values are "auto" (default), "waagent",
|
||||
# "cloud-init", or "disabled".
|
||||
Provisioning.Agent=disabled
|
||||
Provisioning.Agent=auto
|
||||
|
||||
# Password authentication for root account will be unavailable.
|
||||
Provisioning.DeleteRootPassword=n
|
||||
|
@ -246,7 +246,7 @@ in
|
|||
pkgs.bash
|
||||
|
||||
# waagent's Microsoft.OSTCExtensions.VMAccessForLinux needs Python 3
|
||||
pkgs.python3
|
||||
pkgs.python39
|
||||
|
||||
# waagent's Microsoft.CPlat.Core.RunCommandLinux needs lsof
|
||||
pkgs.lsof
|
||||
|
@ -259,5 +259,10 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
# waagent will generate files under /etc/sudoers.d during provisioning
|
||||
security.sudo.extraConfig = ''
|
||||
#includedir /etc/sudoers.d
|
||||
'';
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -37,42 +37,5 @@ in
|
|||
inherit config lib pkgs;
|
||||
};
|
||||
|
||||
# Azure metadata is available as a CD-ROM drive.
|
||||
fileSystems."/metadata".device = "/dev/sr0";
|
||||
|
||||
systemd.services.fetch-ssh-keys = {
|
||||
description = "Fetch host keys and authorized_keys for root user";
|
||||
|
||||
wantedBy = [ "sshd.service" "waagent.service" ];
|
||||
before = [ "sshd.service" "waagent.service" ];
|
||||
|
||||
path = [ pkgs.coreutils ];
|
||||
script =
|
||||
''
|
||||
eval "$(cat /metadata/CustomData.bin)"
|
||||
if ! [ -z "$ssh_host_ecdsa_key" ]; then
|
||||
echo "downloaded ssh_host_ecdsa_key"
|
||||
echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ed25519_key
|
||||
chmod 600 /etc/ssh/ssh_host_ed25519_key
|
||||
fi
|
||||
|
||||
if ! [ -z "$ssh_host_ecdsa_key_pub" ]; then
|
||||
echo "downloaded ssh_host_ecdsa_key_pub"
|
||||
echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ed25519_key.pub
|
||||
chmod 644 /etc/ssh/ssh_host_ed25519_key.pub
|
||||
fi
|
||||
|
||||
if ! [ -z "$ssh_root_auth_key" ]; then
|
||||
echo "downloaded ssh_root_auth_key"
|
||||
mkdir -m 0700 -p /root/.ssh
|
||||
echo "$ssh_root_auth_key" > /root/.ssh/authorized_keys
|
||||
chmod 600 /root/.ssh/authorized_keys
|
||||
fi
|
||||
'';
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.RemainAfterExit = true;
|
||||
serviceConfig.StandardError = "journal+console";
|
||||
serviceConfig.StandardOutput = "journal+console";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
openssl,
|
||||
parted,
|
||||
procps, # for pidof,
|
||||
python3,
|
||||
python39, # the latest python version that waagent test against according to https://github.com/Azure/WALinuxAgent/blob/28345a55f9b21dae89472111635fd6e41809d958/.github/workflows/ci_pr.yml#L75
|
||||
shadow, # for useradd, usermod
|
||||
util-linux, # for (u)mount, fdisk, sfdisk, mkswap
|
||||
}:
|
||||
|
@ -19,7 +19,7 @@ let
|
|||
inherit (lib) makeBinPath;
|
||||
|
||||
in
|
||||
python3.pkgs.buildPythonPackage rec {
|
||||
python39.pkgs.buildPythonPackage rec {
|
||||
pname = "waagent";
|
||||
version = "2.8.0.11";
|
||||
src = fetchFromGitHub {
|
||||
|
@ -28,9 +28,14 @@ python3.pkgs.buildPythonPackage rec {
|
|||
rev = "04ded9f0b708cfaf4f9b68eead1aef4cc4f32eeb";
|
||||
sha256 = "0fvjanvsz1zyzhbjr2alq5fnld43mdd776r2qid5jy5glzv0xbhf";
|
||||
};
|
||||
patches = [
|
||||
# Suppress the following error when waagent try to configure sshd:
|
||||
# Read-only file system: '/etc/ssh/sshd_config'
|
||||
./dont-configure-sshd.patch
|
||||
];
|
||||
doCheck = false;
|
||||
|
||||
buildInputs = with python3.pkgs; [ distro ];
|
||||
buildInputs = with python39.pkgs; [ distro ];
|
||||
runtimeDeps = [
|
||||
findutils
|
||||
gnugrep
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
From 383e7c826906baedcd12ae7c20a4a5d4b32b104a Mon Sep 17 00:00:00 2001
|
||||
From: "Yang, Bo" <bo@preemo.io>
|
||||
Date: Wed, 8 Nov 2023 23:08:07 +0000
|
||||
Subject: [PATCH] Don't configure sshd
|
||||
|
||||
---
|
||||
azurelinuxagent/pa/provision/default.py | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/azurelinuxagent/pa/provision/default.py b/azurelinuxagent/pa/provision/default.py
|
||||
index 91fe04edab..48edf01490 100644
|
||||
--- a/azurelinuxagent/pa/provision/default.py
|
||||
+++ b/azurelinuxagent/pa/provision/default.py
|
||||
@@ -237,9 +237,6 @@ def config_user_account(self, ovfenv):
|
||||
self.osutil.conf_sudoer(ovfenv.username,
|
||||
nopasswd=ovfenv.user_password is None)
|
||||
|
||||
- logger.info("Configure sshd")
|
||||
- self.osutil.conf_sshd(ovfenv.disable_ssh_password_auth)
|
||||
-
|
||||
self.deploy_ssh_pubkeys(ovfenv)
|
||||
self.deploy_ssh_keypairs(ovfenv)
|
||||
|
Loading…
Reference in New Issue
Block a user