Merge pull request #274220 from flokli/waagent-cleanups

waagent: cleanups
2024-11-10 16:45:51 +03:00 · 2023-12-19 19:19:40 +02:00 · 2023-12-19 19:19:40 +02:00 · b6cad0fd94
commit b6cad0fd94
parent cf3205c5ef f12915c4e0
2 changed files with 76 additions and 45 deletions
--- a/nixos/modules/virtualisation/azure-agent.nix
+++ b/nixos/modules/virtualisation/azure-agent.nix
@ -202,6 +202,13 @@ in

    services.udev.packages = [ pkgs.waagent ];

+    # Provide waagent-shipped udev rules in initrd too.
+    boot.initrd.services.udev.packages = [ pkgs.waagent ];
+    # udev rules shell out to chmod, cut and readlink, which are all
+    # provided by pkgs.coreutils, which is in services.udev.path, but not
+    # boot.initrd.services.udev.binPackages.
+    boot.initrd.services.udev.binPackages = [ pkgs.coreutils ];
+
    networking.dhcpcd.persistent = true;

    services.logrotate = {
@ -245,6 +252,27 @@ in
        pkgs.e2fsprogs
        pkgs.bash

+        pkgs.findutils
+        pkgs.gnugrep
+        pkgs.gnused
+        pkgs.iproute2
+        pkgs.iptables
+
+        # for hostname
+        pkgs.nettools
+
+        pkgs.openssh
+        pkgs.openssl
+        pkgs.parted
+
+        # for pidof
+        pkgs.procps
+
+        # for useradd, usermod
+        pkgs.shadow
+
+        pkgs.util-linux # for (u)mount, fdisk, sfdisk, mkswap
+
        # waagent's Microsoft.OSTCExtensions.VMAccessForLinux needs Python 3
        pkgs.python39

--- a/pkgs/applications/networking/cluster/waagent/default.nix
+++ b/pkgs/applications/networking/cluster/waagent/default.nix
@ -1,25 +1,18 @@
-{ fetchFromGitHub,
-  findutils,
-  gnugrep,
-  gnused,
-  iproute2,
-  iptables,
-  lib,
-  nettools, # for hostname
-  openssh,
-  openssl,
-  parted,
-  procps, # for pidof,
-  python39, # the latest python version that waagent test against according to https://github.com/Azure/WALinuxAgent/blob/28345a55f9b21dae89472111635fd6e41809d958/.github/workflows/ci_pr.yml#L75
-  shadow, # for useradd, usermod
-  util-linux, # for (u)mount, fdisk, sfdisk, mkswap
+{ bash
+, coreutils
+, fetchFromGitHub
+, lib
+, python39
+, substituteAll
 }:

 let
  inherit (lib) makeBinPath;
+  # the latest python version that waagent test against according to https://github.com/Azure/WALinuxAgent/blob/28345a55f9b21dae89472111635fd6e41809d958/.github/workflows/ci_pr.yml#L75
+  python = python39;

 in
-python39.pkgs.buildPythonPackage rec {
+python.pkgs.buildPythonApplication rec {
  pname = "waagent";
  version = "2.8.0.11";
  src = fetchFromGitHub {
@ -29,44 +22,54 @@ python39.pkgs.buildPythonPackage rec {
    sha256 = "0fvjanvsz1zyzhbjr2alq5fnld43mdd776r2qid5jy5glzv0xbhf";
  };
  patches = [
-    # Suppress the following error when waagent try to configure sshd:
+    # Suppress the following error when waagent tries to configure sshd:
    # Read-only file system: '/etc/ssh/sshd_config'
    ./dont-configure-sshd.patch
  ];
  doCheck = false;

-  buildInputs = with python39.pkgs; [ distro ];
-  runtimeDeps = [
-    findutils
-    gnugrep
-    gnused
-    iproute2
-    iptables
-    nettools # for hostname
-    openssh
-    openssl
-    parted
-    procps # for pidof
-    shadow # for useradd, usermod
-    util-linux # for (u)mount, fdisk, sfdisk, mkswap
-  ];
-
-  fixupPhase = ''
-     mkdir -p $out/bin/
-     WAAGENT=$(find $out -name waagent | grep sbin)
-     cp $WAAGENT $out/bin/waagent
-     wrapProgram "$out/bin/waagent" \
-         --prefix PYTHONPATH : $PYTHONPATH \
-         --prefix PATH : "${makeBinPath runtimeDeps}"
-     patchShebangs --build "$out/bin/"
+  # azure-product-uuid chmod rule invokes chmod to change the mode of
+  # product_uuid (which is not a device itself).
+  # Replace this with an absolute path.
+  postPatch = ''
+    substituteInPlace config/99-azure-product-uuid.rules \
+      --replace "/bin/chmod" "${coreutils}/bin/chmod"
  '';

+  propagatedBuildInputs = [ python.pkgs.distro ];
+
+  # The udev rules are placed to the wrong place.
+  # Move them to their default location.
+  # Keep $out/${python.sitePackages}/usr/sbin/waagent where it is.
+  # waagent re-executes itself in UpdateHandler.run_latest, even if autoupdate
+  # is disabled, manually spawning a python interprever with argv0.
+  # We can't use the default python program wrapping mechanism, as it uses
+  # wrapProgram which doesn't support --argv0.
+  # So instead we make our own wrapper in $out/bin/waagent, setting PATH and
+  # PYTHONPATH.
+  # PATH contains our PYTHON, and PYTHONPATH stays set, so this should somewhat
+  # still work.
+  preFixup = ''
+    mv $out/${python.sitePackages}/etc $out/
+
+    buildPythonPath
+
+    mkdir -p $out/bin
+    makeWrapper $out/${python.sitePackages}/usr/sbin/waagent $out/bin/waagent \
+      --set PYTHONPATH $PYTHONPATH \
+      --prefix PATH : $program_PATH \
+      --argv0 $out/${python.sitePackages}/usr/sbin/waagent
+  '';
+
+  dontWrapPythonPrograms = false;
+
  meta = {
-    description = "The Microsoft Azure Linux Agent (waagent)
-                   manages Linux provisioning and VM interaction with the Azure
-                   Fabric Controller";
+    description = "The Microsoft Azure Linux Agent (waagent)";
+    longDescription = ''
+      The Microsoft Azure Linux Agent (waagent)
+      manages Linux provisioning and VM interaction with the Azure
+      Fabric Controller'';
    homepage = "https://github.com/Azure/WALinuxAgent";
    license = with lib.licenses; [ asl20 ];
  };
-
 }