waagent: enable provisioning
This commit is contained in:
parent
e1cb1dc257
commit
bff548fef1
@ -61,7 +61,7 @@ in
|
|||||||
|
|
||||||
# Which provisioning agent to use. Supported values are "auto" (default), "waagent",
|
# Which provisioning agent to use. Supported values are "auto" (default), "waagent",
|
||||||
# "cloud-init", or "disabled".
|
# "cloud-init", or "disabled".
|
||||||
Provisioning.Agent=disabled
|
Provisioning.Agent=auto
|
||||||
|
|
||||||
# Password authentication for root account will be unavailable.
|
# Password authentication for root account will be unavailable.
|
||||||
Provisioning.DeleteRootPassword=n
|
Provisioning.DeleteRootPassword=n
|
||||||
@ -246,7 +246,7 @@ in
|
|||||||
pkgs.bash
|
pkgs.bash
|
||||||
|
|
||||||
# waagent's Microsoft.OSTCExtensions.VMAccessForLinux needs Python 3
|
# waagent's Microsoft.OSTCExtensions.VMAccessForLinux needs Python 3
|
||||||
pkgs.python3
|
pkgs.python39
|
||||||
|
|
||||||
# waagent's Microsoft.CPlat.Core.RunCommandLinux needs lsof
|
# waagent's Microsoft.CPlat.Core.RunCommandLinux needs lsof
|
||||||
pkgs.lsof
|
pkgs.lsof
|
||||||
@ -259,5 +259,10 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# waagent will generate files under /etc/sudoers.d during provisioning
|
||||||
|
security.sudo.extraConfig = ''
|
||||||
|
#includedir /etc/sudoers.d
|
||||||
|
'';
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -37,42 +37,5 @@ in
|
|||||||
inherit config lib pkgs;
|
inherit config lib pkgs;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Azure metadata is available as a CD-ROM drive.
|
|
||||||
fileSystems."/metadata".device = "/dev/sr0";
|
|
||||||
|
|
||||||
systemd.services.fetch-ssh-keys = {
|
|
||||||
description = "Fetch host keys and authorized_keys for root user";
|
|
||||||
|
|
||||||
wantedBy = [ "sshd.service" "waagent.service" ];
|
|
||||||
before = [ "sshd.service" "waagent.service" ];
|
|
||||||
|
|
||||||
path = [ pkgs.coreutils ];
|
|
||||||
script =
|
|
||||||
''
|
|
||||||
eval "$(cat /metadata/CustomData.bin)"
|
|
||||||
if ! [ -z "$ssh_host_ecdsa_key" ]; then
|
|
||||||
echo "downloaded ssh_host_ecdsa_key"
|
|
||||||
echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ed25519_key
|
|
||||||
chmod 600 /etc/ssh/ssh_host_ed25519_key
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! [ -z "$ssh_host_ecdsa_key_pub" ]; then
|
|
||||||
echo "downloaded ssh_host_ecdsa_key_pub"
|
|
||||||
echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ed25519_key.pub
|
|
||||||
chmod 644 /etc/ssh/ssh_host_ed25519_key.pub
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! [ -z "$ssh_root_auth_key" ]; then
|
|
||||||
echo "downloaded ssh_root_auth_key"
|
|
||||||
mkdir -m 0700 -p /root/.ssh
|
|
||||||
echo "$ssh_root_auth_key" > /root/.ssh/authorized_keys
|
|
||||||
chmod 600 /root/.ssh/authorized_keys
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
serviceConfig.Type = "oneshot";
|
|
||||||
serviceConfig.RemainAfterExit = true;
|
|
||||||
serviceConfig.StandardError = "journal+console";
|
|
||||||
serviceConfig.StandardOutput = "journal+console";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
openssl,
|
openssl,
|
||||||
parted,
|
parted,
|
||||||
procps, # for pidof,
|
procps, # for pidof,
|
||||||
python3,
|
python39, # the latest python version that waagent test against according to https://github.com/Azure/WALinuxAgent/blob/28345a55f9b21dae89472111635fd6e41809d958/.github/workflows/ci_pr.yml#L75
|
||||||
shadow, # for useradd, usermod
|
shadow, # for useradd, usermod
|
||||||
util-linux, # for (u)mount, fdisk, sfdisk, mkswap
|
util-linux, # for (u)mount, fdisk, sfdisk, mkswap
|
||||||
}:
|
}:
|
||||||
@ -19,7 +19,7 @@ let
|
|||||||
inherit (lib) makeBinPath;
|
inherit (lib) makeBinPath;
|
||||||
|
|
||||||
in
|
in
|
||||||
python3.pkgs.buildPythonPackage rec {
|
python39.pkgs.buildPythonPackage rec {
|
||||||
pname = "waagent";
|
pname = "waagent";
|
||||||
version = "2.8.0.11";
|
version = "2.8.0.11";
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
@ -28,9 +28,14 @@ python3.pkgs.buildPythonPackage rec {
|
|||||||
rev = "04ded9f0b708cfaf4f9b68eead1aef4cc4f32eeb";
|
rev = "04ded9f0b708cfaf4f9b68eead1aef4cc4f32eeb";
|
||||||
sha256 = "0fvjanvsz1zyzhbjr2alq5fnld43mdd776r2qid5jy5glzv0xbhf";
|
sha256 = "0fvjanvsz1zyzhbjr2alq5fnld43mdd776r2qid5jy5glzv0xbhf";
|
||||||
};
|
};
|
||||||
|
patches = [
|
||||||
|
# Suppress the following error when waagent try to configure sshd:
|
||||||
|
# Read-only file system: '/etc/ssh/sshd_config'
|
||||||
|
./dont-configure-sshd.patch
|
||||||
|
];
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
|
|
||||||
buildInputs = with python3.pkgs; [ distro ];
|
buildInputs = with python39.pkgs; [ distro ];
|
||||||
runtimeDeps = [
|
runtimeDeps = [
|
||||||
findutils
|
findutils
|
||||||
gnugrep
|
gnugrep
|
||||||
|
@ -0,0 +1,23 @@
|
|||||||
|
From 383e7c826906baedcd12ae7c20a4a5d4b32b104a Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Yang, Bo" <bo@preemo.io>
|
||||||
|
Date: Wed, 8 Nov 2023 23:08:07 +0000
|
||||||
|
Subject: [PATCH] Don't configure sshd
|
||||||
|
|
||||||
|
---
|
||||||
|
azurelinuxagent/pa/provision/default.py | 3 ---
|
||||||
|
1 file changed, 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/azurelinuxagent/pa/provision/default.py b/azurelinuxagent/pa/provision/default.py
|
||||||
|
index 91fe04edab..48edf01490 100644
|
||||||
|
--- a/azurelinuxagent/pa/provision/default.py
|
||||||
|
+++ b/azurelinuxagent/pa/provision/default.py
|
||||||
|
@@ -237,9 +237,6 @@ def config_user_account(self, ovfenv):
|
||||||
|
self.osutil.conf_sudoer(ovfenv.username,
|
||||||
|
nopasswd=ovfenv.user_password is None)
|
||||||
|
|
||||||
|
- logger.info("Configure sshd")
|
||||||
|
- self.osutil.conf_sshd(ovfenv.disable_ssh_password_auth)
|
||||||
|
-
|
||||||
|
self.deploy_ssh_pubkeys(ovfenv)
|
||||||
|
self.deploy_ssh_keypairs(ovfenv)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user