Change Mariner to Azure Linux

docs/book/src/capi/goss/goss.md

@@ -13,9 +13,9 @@ to test if the images have all requisite components to work with cluster API.
 | OS                      | Builder              |
 |-------------------------|----------------------|
 | Amazon Linux            | aws                  |
+| Azure Linux             | azure                |
 | CentOS                  | aws, ova             |
 | Flatcar Container Linux | aws, azure, ova      |
-| Mariner                 | azure                |
 | PhotonOS                | ova                  |
 | Ubuntu                  | aws, azure, gcp, ova |
 | Windows                 | aws, azure, ova      |

images/capi/.ansible-lint-ignore

@@ -22,8 +22,6 @@ ansible/roles/kubernetes/tasks/ecrpull.yml no-changed-when
 ansible/roles/kubernetes/tasks/kubeadmpull.yml command-instead-of-shell
 ansible/roles/kubernetes/tasks/kubeadmpull.yml no-changed-when
 ansible/roles/kubernetes/tasks/main.yml name[missing]
-ansible/roles/kubernetes/tasks/mariner.yml jinja[spacing]
-ansible/roles/kubernetes/tasks/mariner.yml no-changed-when
 ansible/roles/kubernetes/tasks/photon.yml jinja[spacing]
 ansible/roles/kubernetes/tasks/photon.yml no-changed-when
 ansible/roles/kubernetes/tasks/redhat.yml jinja[spacing]
@@ -46,7 +44,6 @@ ansible/roles/providers/defaults/main.yml var-naming[no-role-prefix]
 ansible/roles/providers/tasks/aws.yml command-instead-of-shell
 ansible/roles/providers/tasks/aws.yml name[missing]
 ansible/roles/providers/tasks/aws.yml no-changed-when
-ansible/roles/providers/tasks/aws.yml package-latest
 ansible/roles/providers/tasks/awscliv2.yml no-changed-when
 ansible/roles/providers/tasks/awscliv2.yml risky-file-permissions
 ansible/roles/providers/tasks/azure.yml name[missing]
@@ -63,8 +60,6 @@ ansible/roles/providers/tasks/nutanix.yml name[missing]
 ansible/roles/providers/tasks/nutanix.yml risky-file-permissions
 ansible/roles/providers/tasks/raw.yml command-instead-of-shell
 ansible/roles/providers/tasks/raw.yml no-changed-when
-ansible/roles/providers/tasks/redhat.yml command-instead-of-module
-ansible/roles/providers/tasks/redhat.yml no-changed-when
 ansible/roles/providers/tasks/vmware-photon.yml no-changed-when
 ansible/roles/providers/tasks/vmware-photon.yml risky-file-permissions
 ansible/roles/providers/tasks/vmware-redhat.yml command-instead-of-shell
@@ -75,15 +70,16 @@ ansible/roles/python/defaults/main.yml var-naming[no-role-prefix]
 ansible/roles/python/tasks/flatcar.yml no-changed-when
 ansible/roles/python/tasks/main.yml name[missing]
 ansible/roles/python/tasks/main.yml no-changed-when
+ansible/roles/security/tasks/trivy.yml jinja[spacing]
 ansible/roles/setup/defaults/main.yml var-naming[no-role-prefix]
+ansible/roles/setup/tasks/azurelinux.yml name[missing]
+ansible/roles/setup/tasks/azurelinux.yml package-latest
 ansible/roles/setup/tasks/debian.yml command-instead-of-module
 ansible/roles/setup/tasks/debian.yml no-changed-when
 ansible/roles/setup/tasks/debian.yml package-latest
 ansible/roles/setup/tasks/flatcar.yml name[missing]
 ansible/roles/setup/tasks/flatcar.yml risky-file-permissions
 ansible/roles/setup/tasks/main.yml name[missing]
-ansible/roles/setup/tasks/mariner.yml name[missing]
-ansible/roles/setup/tasks/mariner.yml package-latest
 ansible/roles/setup/tasks/photon.yml name[missing]
 ansible/roles/setup/tasks/photon.yml no-changed-when
 ansible/roles/setup/tasks/redhat.yml command-instead-of-module
@@ -92,13 +88,12 @@ ansible/roles/setup/tasks/redhat.yml no-changed-when
 ansible/roles/setup/tasks/redhat.yml package-latest
 ansible/roles/setup/tasks/rpm_repos.yml no-changed-when
 ansible/roles/sysprep/defaults/main.yml var-naming[no-role-prefix]
+ansible/roles/sysprep/tasks/azurelinux.yml name[missing]
 ansible/roles/sysprep/tasks/debian.yml no-changed-when
 ansible/roles/sysprep/tasks/flatcar.yml no-changed-when
 ansible/roles/sysprep/tasks/main.yml name[missing]
 ansible/roles/sysprep/tasks/main.yml no-changed-when
 ansible/roles/sysprep/tasks/main.yml risky-file-permissions
-ansible/roles/sysprep/tasks/mariner.yml name[missing]
-ansible/roles/sysprep/tasks/mariner.yml no-changed-when
 ansible/roles/sysprep/tasks/photon.yml name[missing]
 ansible/roles/sysprep/tasks/photon.yml no-changed-when
 ansible/roles/sysprep/tasks/redhat.yml command-instead-of-module

images/capi/Makefile

@@ -629,7 +629,7 @@ build-azure-sig-ubuntu-2004: ## Builds Ubuntu 20.04 Azure managed image in Share
 build-azure-sig-ubuntu-2204: ## Builds Ubuntu 22.04 Azure managed image in Shared Image Gallery
 build-azure-sig-ubuntu-2404: ## Builds Ubuntu 24.04 Azure managed image in Shared Image Gallery
 build-azure-sig-centos-7: ## Builds CentOS 7 Azure managed image in Shared Image Gallery
-build-azure-sig-mariner-2: ## Builds Mariner 2 Azure managed image in Shared Image Gallery
+build-azure-sig-azurelinux-2: ## Builds Azure Linux 2 Azure managed image in Shared Image Gallery
 build-azure-sig-rhel-8: ## Builds RHEL 8 Azure managed image in Shared Image Gallery
 build-azure-sig-windows-2019-containerd: ## Builds Windows Server 2019 with containerd Azure managed image in Shared Image Gallery
 build-azure-sig-windows-2022-containerd: ## Builds Windows Server 2022 with containerd Azure managed image in Shared Image Gallery
@@ -639,13 +639,13 @@ build-azure-vhd-ubuntu-2004: ## Builds Ubuntu 20.04 VHD image for Azure
 build-azure-vhd-ubuntu-2204: ## Builds Ubuntu 22.04 VHD image for Azure
 build-azure-vhd-ubuntu-2404: ## Builds Ubuntu 24.04 VHD image for Azure
 build-azure-vhd-centos-7: ## Builds CentOS 7 VHD image for Azure
-build-azure-vhd-mariner-2: ## Builds Mariner 2 VHD image for Azure
+build-azure-vhd-azurelinux-2: ## Builds Azure Linux 2 VHD image for Azure
 build-azure-vhd-rhel-8: ## Builds RHEL 8 VHD image for Azure
 build-azure-vhd-windows-2019-containerd: ## Builds for Windows Server 2019 with containerd
 build-azure-vhd-windows-2022-containerd: ## Builds for Windows Server 2022 with containerd
 build-azure-sig-windows-annual-containerd: ## Builds for Windows Server Annual Channel with containerd
 build-azure-sig-centos-7-gen2: ## Builds CentOS Gen2 managed image in Shared Image Gallery
-build-azure-sig-mariner-2-gen2: ## Builds Mariner Gen2 managed image in Shared Image Gallery
+build-azure-sig-azurelinux-2-gen2: ## Builds Azure Linux 2 Gen2 managed image in Shared Image Gallery
 build-azure-sig-flatcar: ## Builds Flatcar Azure managed image in Shared Image Gallery
 build-azure-sig-flatcar-gen2: ## Builds Flatcar Azure Gen2 managed image in Shared Image Gallery
 build-azure-sig-ubuntu-2004-gen2: ## Builds Ubuntu 20.04 Gen2 managed image in Shared Image Gallery
@@ -656,6 +656,13 @@ build-azure-sig-ubuntu-2204-cvm: ## Builds Ubuntu 22.04 CVM managed image in Sha
 build-azure-sig-ubuntu-2404-cvm: ## Builds Ubuntu 24.04 CVM managed image in Shared Image Gallery
 build-azure-vhds: $(AZURE_BUILD_VHD_TARGETS) ## Builds all Azure VHDs
 build-azure-sigs: $(AZURE_BUILD_SIG_TARGETS) $(AZURE_BUILD_SIG_GEN2_TARGETS) $(AZURE_BUILD_SIG_CVM_TARGETS) ## Builds all Azure Shared Image Gallery images
+# Deprecated targets, for backward compatibility
+build-azure-vhd-mariner-2: ## Deprecated: use build-azure-vhd-azurelinux-2
+	$(MAKE) build-azure-vhd-azurelinux-2
+build-azure-sig-mariner-2: ## Deprecated: use build-azure-sig-azurelinux-2
+	$(MAKE) build-azure-sig-azurelinux-2
+build-azure-sig-mariner-2-gen2: ## Deprecated: use build-azure-sig-azurelinux-2-gen2
+	$(MAKE) validate-azure-sig-azurelinux-2-gen2
 
 build-do-ubuntu-2004: ## Builds Ubuntu 20.04 DigitalOcean Snapshot
 build-do-ubuntu-2204: ## Builds Ubuntu 22.04 DigitalOcean Snapshot
@@ -822,7 +829,7 @@ validate-ami-windows-2019: ## Validates Windows Server 2019 AMI Packer config
 validate-ami-all: $(AMI_VALIDATE_TARGETS) ## Validates all AMIs Packer config
 
 validate-azure-sig-centos-7: ## Validates CentOS 7 Azure managed image in Shared Image Gallery Packer config
-validate-azure-sig-mariner-2: ## Validates Mariner 2 Azure managed image in Shared Image Gallery Packer config
+validate-azure-sig-azurelinux-2: ## Validates Azure Linux 2 Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-rhel-8: ## Validates RHEL 8 Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-ubuntu-2004: ## Validates Ubuntu 20.04 Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-ubuntu-2204: ## Validates Ubuntu 22.04 Azure managed image in Shared Image Gallery Packer config
@@ -831,22 +838,29 @@ validate-azure-sig-windows-2019-containerd: ## Validate Windows Server 2019 with
 validate-azure-sig-windows-2022-containerd: ## Validate Windows Server 2022 with containerd Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-windows-annual-containerd: ## Validate Windows Server Annual Channel with containerd Azure managed image in Shared Image Gallery Packer config
 validate-azure-vhd-centos-7: ## Validates CentOS 7 VHD image Azure Packer config
-validate-azure-vhd-mariner-2: ## Validates Mariner 2 VHD image Azure Packer config
+validate-azure-vhd-azurelinux-2: ## Validates Azure Linux 2 VHD image Azure Packer config
 validate-azure-vhd-rhel-8: ## Validates RHEL 8 VHD image Azure Packer config
 validate-azure-vhd-ubuntu-2004: ## Validates Ubuntu 20.04 VHD image Azure Packer config
 validate-azure-vhd-ubuntu-2204: ## Validates Ubuntu 22.04 VHD image Azure Packer config
 validate-azure-vhd-ubuntu-2404: ## Validates Ubuntu 24.04 VHD image Azure Packer config
 validate-azure-vhd-windows-2019-containerd: ## Validate Windows Server 2019 VHD with containerd image Azure Packer config
 validate-azure-vhd-windows-2022-containerd: ## Validate Windows Server 2022 VHD with containerd image Azure Packer config
 validate-azure-sig-centos-7-gen2: ## Validates CentOS 7 Azure managed image in Shared Image Gallery Packer config
-validate-azure-sig-mariner-2-gen2: ## Validates Mariner 2 Gen2 Azure managed image in Shared Image Gallery Packer config
+validate-azure-sig-azurelinux-2-gen2: ## Validates Azure Linux 2 Gen2 Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-ubuntu-2004-gen2: ## Validates Ubuntu 20.04 Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-ubuntu-2004-cvm: ## Validates Ubuntu 20.04 CVM Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-ubuntu-2204-gen2: ## Validates Ubuntu 22.04 Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-ubuntu-2204-cvm: ## Validates Ubuntu 22.04 CVM Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-ubuntu-2404-gen2: ## Validates Ubuntu 24.04 Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-ubuntu-2404-cvm: ## Validates Ubuntu 24.04 CVM Azure managed image in Shared Image Gallery Packer config
 validate-azure-all: $(AZURE_VALIDATE_SIG_TARGETS) $(AZURE_VALIDATE_VHD_TARGETS) $(AZURE_VALIDATE_SIG_GEN2_TARGETS) $(AZURE_VALIDATE_SIG_CVM_TARGETS) ## Validates all images for Azure Packer config
+# Deprecated targets, for backward compatibility
+validate-azure-vhd-mariner-2: ## Deprecated: use validate-azure-vhd-azurelinux-2
+	$(MAKE) validate-azure-vhd-azurelinux-2
+validate-azure-sig-mariner-2: ## Deprecated: use validate-azure-sig-azurelinux-2
+	$(MAKE) validate-azure-sig-azurelinux-2
+validate-azure-sig-mariner-2-gen2: ## Deprecated: use validate-azure-sig-azurelinux-2-gen2
+	$(MAKE) validate-azure-sig-azurelinux-2-gen2
 
 validate-do-ubuntu-2004: ## Validates Ubuntu 20.04 DigitalOcean Snapshot Packer config
 validate-do-ubuntu-2204: ## Validates Ubuntu 22.04 DigitalOcean Snapshot Packer config

images/capi/ansible/roles/containerd/templates/etc/systemd/system/containerd.service.d/limit-nofile.conf

@@ -1,4 +1,4 @@
 [Service]
-# LimitNOFILE=infinity on Mariner means 1073741816, which has caused issues
+# LimitNOFILE=infinity on Azure Linux means 1073741816, which has caused issues
 # running some software in containers such as mysql5 and sshd.
 LimitNOFILE=1048576

images/capi/ansible/roles/kubernetes/tasks/mariner.yml → images/capi/ansible/roles/kubernetes/tasks/azurelinux.yml

@@ -31,7 +31,7 @@
       - kubelet-{{ kubernetes_rpm_version }}
       - kubeadm-{{ kubernetes_rpm_version }}
       - kubectl-{{ kubernetes_rpm_version }}
-      - kubernetes-cni{{ '-'+kubernetes_cni_rpm_version if kubernetes_cni_rpm_version else '' }}
+      - kubernetes-cni{{ '-' + kubernetes_cni_rpm_version if kubernetes_cni_rpm_version else '' }}
 
 - name: Allow Kubernetes API server through iptables
   ansible.builtin.iptables:
@@ -44,3 +44,5 @@
 
 - name: Persist iptables configuration
   ansible.builtin.shell: iptables-save -t filter > /etc/systemd/scripts/ip4save
+  register: iptables_output
+  changed_when: iptables_output.rc != 0

images/capi/ansible/roles/kubernetes/tasks/main.yml

@@ -15,7 +15,7 @@
 - ansible.builtin.import_tasks: debian.yml
   when: kubernetes_source_type == "pkg" and ansible_os_family == "Debian"
 
-- ansible.builtin.import_tasks: mariner.yml
+- ansible.builtin.import_tasks: azurelinux.yml
   when: kubernetes_source_type == "pkg" and ansible_os_family == "Common Base Linux Mariner"
 
 - ansible.builtin.import_tasks: redhat.yml

images/capi/ansible/roles/node/defaults/main.yml

@@ -30,8 +30,8 @@ al2_rpms:
   - python-netifaces
   - python-requests
 
-# Used for Mariner distributions
-mariner_rpms:
+# Used for Azure Linux distributions
+azurelinux_rpms:
   - lsof
 
 # Used for RedHat based distributions ==  7 (ex. RHEL-7, CentOS-7 etc.)

images/capi/ansible/roles/node/meta/main.yml

@@ -46,5 +46,5 @@ dependencies:
 
   - role: setup
     vars:
-      rpms: "{{ common_rpms + mariner_rpms + lookup('vars', 'common_' + build_target + '_rpms') }}"
+      rpms: "{{ common_rpms + azurelinux_rpms + lookup('vars', 'common_' + build_target + '_rpms') }}"
     when: ansible_distribution == "Common Base Linux Mariner"

images/capi/ansible/roles/setup/tasks/main.yml

@@ -21,7 +21,7 @@
   # "Flatcar" for comparison, which is the correct value.
   when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
 
-- ansible.builtin.import_tasks: mariner.yml
+- ansible.builtin.import_tasks: azurelinux.yml
   when: ansible_os_family == "Common Base Linux Mariner"
 
 - ansible.builtin.import_tasks: redhat.yml

images/capi/ansible/roles/sysprep/tasks/mariner.yml → images/capi/ansible/roles/sysprep/tasks/azurelinux.yml

@@ -28,6 +28,8 @@
 
 - name: Ensure nftables config ends with a newline
   ansible.builtin.shell: /bin/echo "" >> /etc/sysconfig/nftables.conf
+  register: echo_output
+  changed_when: echo_output.rc != 0
 
 - name: Disable swap service and ensure it is masked
   ansible.builtin.systemd:

images/capi/ansible/roles/sysprep/tasks/main.yml

@@ -21,7 +21,7 @@
 - ansible.builtin.import_tasks: redhat.yml
   when: ansible_os_family == "RedHat"
 
-- ansible.builtin.import_tasks: mariner.yml
+- ansible.builtin.import_tasks: azurelinux.yml
   when: ansible_os_family == "Common Base Linux Mariner"
 
 - ansible.builtin.import_tasks: photon.yml

images/capi/azure_targets.sh

@@ -1,8 +1,8 @@
-VHD_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 rhel-8 windows-2019-containerd windows-2022-containerd"
-VHD_CI_TARGETS="ubuntu-2204 ubuntu-2404 mariner-2 windows-2019-containerd windows-2022-containerd"
-SIG_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 rhel-8 windows-2019-containerd windows-2022-containerd flatcar"
-SIG_CI_TARGETS="ubuntu-2204 ubuntu-2404 mariner-2 windows-2019-containerd windows-2022-containerd flatcar"
-SIG_GEN2_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 flatcar"
-SIG_GEN2_CI_TARGETS="ubuntu-2204 ubuntu-2404 mariner-2 flatcar"
+VHD_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 azurelinux-2 rhel-8 windows-2019-containerd windows-2022-containerd"
+VHD_CI_TARGETS="ubuntu-2204 ubuntu-2404 azurelinux-2 windows-2019-containerd windows-2022-containerd"
+SIG_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 azurelinux-2 rhel-8 windows-2019-containerd windows-2022-containerd flatcar"
+SIG_CI_TARGETS="ubuntu-2204 ubuntu-2404 azurelinux-2 windows-2019-containerd windows-2022-containerd flatcar"
+SIG_GEN2_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 azurelinux-2 flatcar"
+SIG_GEN2_CI_TARGETS="ubuntu-2204 ubuntu-2404 azurelinux-2 flatcar"
 SIG_CVM_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 windows-2019-containerd windows-2022-containerd"
 SIG_CVM_CI_TARGETS="ubuntu-2204 ubuntu-2404 windows-2022-containerd"

images/capi/packer/azure/mariner-2-gen2.json → images/capi/packer/azure/azurelinux-2-gen2.json

@@ -1,6 +1,6 @@
 {
-  "build_name": "mariner-2-gen2",
-  "distribution": "mariner",
+  "build_name": "azurelinux-2-gen2",
+  "distribution": "azurelinux",
   "distribution_release": "cbl-mariner-2",
   "distribution_version": "2",
   "image_offer": "cbl-mariner",

images/capi/packer/azure/mariner-2.json → images/capi/packer/azure/azurelinux-2.json

@@ -1,6 +1,6 @@
 {
-  "build_name": "mariner-2",
-  "distribution": "mariner",
+  "build_name": "azurelinux-2",
+  "distribution": "azurelinux",
   "distribution_release": "cbl-mariner-2",
   "distribution_version": "2",
   "image_offer": "cbl-mariner",

images/capi/packer/azure/scripts/init-sig.sh

@@ -64,8 +64,8 @@ case ${SIG_TARGET} in
   centos-7)
     create_image_definition "centos-7" "centos-7" "V1" "Linux"
   ;;
-  mariner-2)
-    create_image_definition ${SIG_TARGET} "mariner-2" "V1" "Linux"
+  azurelinux-2)
+    create_image_definition ${SIG_TARGET} "azurelinux-2" "V1" "Linux"
   ;;
   rhel-8)
     create_image_definition "rhel-8" "rhel-8" "V1" "Linux"
@@ -112,8 +112,8 @@ case ${SIG_TARGET} in
   centos-7-gen2)
     create_image_definition "centos-7-gen2" "centos-7-gen2" "V2" "Linux"
   ;;
-  mariner-2-gen2)
-    create_image_definition ${SIG_TARGET} "mariner-2-gen2" "V2" "Linux"
+  azurelinux-2-gen2)
+    create_image_definition ${SIG_TARGET} "azurelinux-2-gen2" "V2" "Linux"
   ;;
   flatcar-gen2)
     SKU="flatcar-${FLATCAR_CHANNEL}-${FLATCAR_VERSION}-gen2"

images/capi/packer/azure/scripts/new-sku.sh

@@ -40,7 +40,7 @@ sku_id="${os}-${version}-${VM_GENERATION}"
 if [ "$OS" == "Ubuntu" ]; then
     os_type="Ubuntu"
     os_family="Linux"
-elif [ "$OS" == "Mariner" ]; then
+elif [ "$OS" == "AzureLinux" ] || [ "$OS" == "Mariner" ]; then
     os_type="CBL-Mariner"
     os_family="Linux"
 elif [ "$OS" == "Windows" ]; then

images/capi/packer/goss/goss-vars.yaml

@@ -55,7 +55,7 @@ chrony_deb: &chrony_deb
     skip: true
     installed: false
 
-common_mariner_rpms: &common_mariner_rpms
+common_azurelinux_rpms: &common_azurelinux_rpms
   audit:
   ca-certificates:
   cloud-init:
@@ -232,8 +232,8 @@ photon:
     - distro_version: "5"
       package:
         <<: *photon_5_rpms
-mariner:
-  common-package: *common_mariner_rpms
+azurelinux:
+  common-package: *common_azurelinux_rpms
   azure:
     package:
       open-vm-tools: