From b706ce41c157a000ce9e3c331f7816414f35d713 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Tue, 14 May 2024 13:28:39 -0600 Subject: [PATCH 1/2] Change Mariner to Azure Linux --- docs/book/src/capi/goss/goss.md | 2 +- images/capi/.ansible-lint-ignore | 13 +++------- images/capi/Makefile | 26 ++++++++++++++----- .../containerd.service.d/limit-nofile.conf | 2 +- .../tasks/{mariner.yml => azurelinux.yml} | 4 ++- .../ansible/roles/kubernetes/tasks/main.yml | 2 +- .../capi/ansible/roles/node/defaults/main.yml | 4 +-- images/capi/ansible/roles/node/meta/main.yml | 2 +- .../tasks/{mariner.yml => azurelinux.yml} | 0 .../capi/ansible/roles/setup/tasks/main.yml | 2 +- .../tasks/{mariner.yml => azurelinux.yml} | 2 ++ .../capi/ansible/roles/sysprep/tasks/main.yml | 2 +- images/capi/packer/azure/scripts/new-sku.sh | 2 +- images/capi/packer/goss/goss-vars.yaml | 4 +-- 14 files changed, 40 insertions(+), 27 deletions(-) rename images/capi/ansible/roles/kubernetes/tasks/{mariner.yml => azurelinux.yml} (90%) rename images/capi/ansible/roles/setup/tasks/{mariner.yml => azurelinux.yml} (100%) rename images/capi/ansible/roles/sysprep/tasks/{mariner.yml => azurelinux.yml} (95%) diff --git a/docs/book/src/capi/goss/goss.md b/docs/book/src/capi/goss/goss.md index f0b826a98d..0d4fcba8cd 100644 --- a/docs/book/src/capi/goss/goss.md +++ b/docs/book/src/capi/goss/goss.md @@ -13,9 +13,9 @@ to test if the images have all requisite components to work with cluster API. | OS | Builder | |-------------------------|----------------------| | Amazon Linux | aws | +| Azure Linux | azure | | CentOS | aws, ova | | Flatcar Container Linux | aws, azure, ova | -| Mariner | azure | | PhotonOS | ova | | Ubuntu | aws, azure, gcp, ova | | Windows | aws, azure, ova | diff --git a/images/capi/.ansible-lint-ignore b/images/capi/.ansible-lint-ignore index 471f5515d6..e5cdcb5379 100644 --- a/images/capi/.ansible-lint-ignore +++ b/images/capi/.ansible-lint-ignore @@ -22,8 +22,6 @@ ansible/roles/kubernetes/tasks/ecrpull.yml no-changed-when ansible/roles/kubernetes/tasks/kubeadmpull.yml command-instead-of-shell ansible/roles/kubernetes/tasks/kubeadmpull.yml no-changed-when ansible/roles/kubernetes/tasks/main.yml name[missing] -ansible/roles/kubernetes/tasks/mariner.yml jinja[spacing] -ansible/roles/kubernetes/tasks/mariner.yml no-changed-when ansible/roles/kubernetes/tasks/photon.yml jinja[spacing] ansible/roles/kubernetes/tasks/photon.yml no-changed-when ansible/roles/kubernetes/tasks/redhat.yml jinja[spacing] @@ -46,7 +44,6 @@ ansible/roles/providers/defaults/main.yml var-naming[no-role-prefix] ansible/roles/providers/tasks/aws.yml command-instead-of-shell ansible/roles/providers/tasks/aws.yml name[missing] ansible/roles/providers/tasks/aws.yml no-changed-when -ansible/roles/providers/tasks/aws.yml package-latest ansible/roles/providers/tasks/awscliv2.yml no-changed-when ansible/roles/providers/tasks/awscliv2.yml risky-file-permissions ansible/roles/providers/tasks/azure.yml name[missing] @@ -63,8 +60,6 @@ ansible/roles/providers/tasks/nutanix.yml name[missing] ansible/roles/providers/tasks/nutanix.yml risky-file-permissions ansible/roles/providers/tasks/raw.yml command-instead-of-shell ansible/roles/providers/tasks/raw.yml no-changed-when -ansible/roles/providers/tasks/redhat.yml command-instead-of-module -ansible/roles/providers/tasks/redhat.yml no-changed-when ansible/roles/providers/tasks/vmware-photon.yml no-changed-when ansible/roles/providers/tasks/vmware-photon.yml risky-file-permissions ansible/roles/providers/tasks/vmware-redhat.yml command-instead-of-shell @@ -75,15 +70,16 @@ ansible/roles/python/defaults/main.yml var-naming[no-role-prefix] ansible/roles/python/tasks/flatcar.yml no-changed-when ansible/roles/python/tasks/main.yml name[missing] ansible/roles/python/tasks/main.yml no-changed-when +ansible/roles/security/tasks/trivy.yml jinja[spacing] ansible/roles/setup/defaults/main.yml var-naming[no-role-prefix] +ansible/roles/setup/tasks/azurelinux.yml name[missing] +ansible/roles/setup/tasks/azurelinux.yml package-latest ansible/roles/setup/tasks/debian.yml command-instead-of-module ansible/roles/setup/tasks/debian.yml no-changed-when ansible/roles/setup/tasks/debian.yml package-latest ansible/roles/setup/tasks/flatcar.yml name[missing] ansible/roles/setup/tasks/flatcar.yml risky-file-permissions ansible/roles/setup/tasks/main.yml name[missing] -ansible/roles/setup/tasks/mariner.yml name[missing] -ansible/roles/setup/tasks/mariner.yml package-latest ansible/roles/setup/tasks/photon.yml name[missing] ansible/roles/setup/tasks/photon.yml no-changed-when ansible/roles/setup/tasks/redhat.yml command-instead-of-module @@ -92,13 +88,12 @@ ansible/roles/setup/tasks/redhat.yml no-changed-when ansible/roles/setup/tasks/redhat.yml package-latest ansible/roles/setup/tasks/rpm_repos.yml no-changed-when ansible/roles/sysprep/defaults/main.yml var-naming[no-role-prefix] +ansible/roles/sysprep/tasks/azurelinux.yml name[missing] ansible/roles/sysprep/tasks/debian.yml no-changed-when ansible/roles/sysprep/tasks/flatcar.yml no-changed-when ansible/roles/sysprep/tasks/main.yml name[missing] ansible/roles/sysprep/tasks/main.yml no-changed-when ansible/roles/sysprep/tasks/main.yml risky-file-permissions -ansible/roles/sysprep/tasks/mariner.yml name[missing] -ansible/roles/sysprep/tasks/mariner.yml no-changed-when ansible/roles/sysprep/tasks/photon.yml name[missing] ansible/roles/sysprep/tasks/photon.yml no-changed-when ansible/roles/sysprep/tasks/redhat.yml command-instead-of-module diff --git a/images/capi/Makefile b/images/capi/Makefile index d85515223d..bc3413b0e1 100644 --- a/images/capi/Makefile +++ b/images/capi/Makefile @@ -629,7 +629,7 @@ build-azure-sig-ubuntu-2004: ## Builds Ubuntu 20.04 Azure managed image in Share build-azure-sig-ubuntu-2204: ## Builds Ubuntu 22.04 Azure managed image in Shared Image Gallery build-azure-sig-ubuntu-2404: ## Builds Ubuntu 24.04 Azure managed image in Shared Image Gallery build-azure-sig-centos-7: ## Builds CentOS 7 Azure managed image in Shared Image Gallery -build-azure-sig-mariner-2: ## Builds Mariner 2 Azure managed image in Shared Image Gallery +build-azure-sig-mariner-2: ## Builds Azure Linux 2 Azure managed image in Shared Image Gallery build-azure-sig-rhel-8: ## Builds RHEL 8 Azure managed image in Shared Image Gallery build-azure-sig-windows-2019-containerd: ## Builds Windows Server 2019 with containerd Azure managed image in Shared Image Gallery build-azure-sig-windows-2022-containerd: ## Builds Windows Server 2022 with containerd Azure managed image in Shared Image Gallery @@ -639,13 +639,13 @@ build-azure-vhd-ubuntu-2004: ## Builds Ubuntu 20.04 VHD image for Azure build-azure-vhd-ubuntu-2204: ## Builds Ubuntu 22.04 VHD image for Azure build-azure-vhd-ubuntu-2404: ## Builds Ubuntu 24.04 VHD image for Azure build-azure-vhd-centos-7: ## Builds CentOS 7 VHD image for Azure -build-azure-vhd-mariner-2: ## Builds Mariner 2 VHD image for Azure +build-azure-vhd-mariner-2: ## Builds Azure Linux 2 VHD image for Azure build-azure-vhd-rhel-8: ## Builds RHEL 8 VHD image for Azure build-azure-vhd-windows-2019-containerd: ## Builds for Windows Server 2019 with containerd build-azure-vhd-windows-2022-containerd: ## Builds for Windows Server 2022 with containerd build-azure-sig-windows-annual-containerd: ## Builds for Windows Server Annual Channel with containerd build-azure-sig-centos-7-gen2: ## Builds CentOS Gen2 managed image in Shared Image Gallery -build-azure-sig-mariner-2-gen2: ## Builds Mariner Gen2 managed image in Shared Image Gallery +build-azure-sig-mariner-2-gen2: ## Builds Azure Linux 2 Gen2 managed image in Shared Image Gallery build-azure-sig-flatcar: ## Builds Flatcar Azure managed image in Shared Image Gallery build-azure-sig-flatcar-gen2: ## Builds Flatcar Azure Gen2 managed image in Shared Image Gallery build-azure-sig-ubuntu-2004-gen2: ## Builds Ubuntu 20.04 Gen2 managed image in Shared Image Gallery @@ -656,6 +656,13 @@ build-azure-sig-ubuntu-2204-cvm: ## Builds Ubuntu 22.04 CVM managed image in Sha build-azure-sig-ubuntu-2404-cvm: ## Builds Ubuntu 24.04 CVM managed image in Shared Image Gallery build-azure-vhds: $(AZURE_BUILD_VHD_TARGETS) ## Builds all Azure VHDs build-azure-sigs: $(AZURE_BUILD_SIG_TARGETS) $(AZURE_BUILD_SIG_GEN2_TARGETS) $(AZURE_BUILD_SIG_CVM_TARGETS) ## Builds all Azure Shared Image Gallery images +# Targets for forward compatibility +build-azure-vhd-azurelinux-2: ## Alias for build-azure-vhd-mariner-2 + $(MAKE) build-azure-vhd-mariner-2 +build-azure-sig-azurelinux-2: ## Alias for build-azure-sig-mariner-2 + $(MAKE) build-azure-sig-mariner-2 +build-azure-sig-azurelinux-2-gen2: ## Alias for build-azure-sig-mariner-2-gen2 + $(MAKE) validate-azure-sig-mariner-2-gen2 build-do-ubuntu-2004: ## Builds Ubuntu 20.04 DigitalOcean Snapshot build-do-ubuntu-2204: ## Builds Ubuntu 22.04 DigitalOcean Snapshot @@ -822,7 +829,7 @@ validate-ami-windows-2019: ## Validates Windows Server 2019 AMI Packer config validate-ami-all: $(AMI_VALIDATE_TARGETS) ## Validates all AMIs Packer config validate-azure-sig-centos-7: ## Validates CentOS 7 Azure managed image in Shared Image Gallery Packer config -validate-azure-sig-mariner-2: ## Validates Mariner 2 Azure managed image in Shared Image Gallery Packer config +validate-azure-sig-mariner-2: ## Validates Azure Linux 2 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-rhel-8: ## Validates RHEL 8 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2004: ## Validates Ubuntu 20.04 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2204: ## Validates Ubuntu 22.04 Azure managed image in Shared Image Gallery Packer config @@ -831,7 +838,7 @@ validate-azure-sig-windows-2019-containerd: ## Validate Windows Server 2019 with validate-azure-sig-windows-2022-containerd: ## Validate Windows Server 2022 with containerd Azure managed image in Shared Image Gallery Packer config validate-azure-sig-windows-annual-containerd: ## Validate Windows Server Annual Channel with containerd Azure managed image in Shared Image Gallery Packer config validate-azure-vhd-centos-7: ## Validates CentOS 7 VHD image Azure Packer config -validate-azure-vhd-mariner-2: ## Validates Mariner 2 VHD image Azure Packer config +validate-azure-vhd-mariner-2: ## Validates Azure Linux 2 VHD image Azure Packer config validate-azure-vhd-rhel-8: ## Validates RHEL 8 VHD image Azure Packer config validate-azure-vhd-ubuntu-2004: ## Validates Ubuntu 20.04 VHD image Azure Packer config validate-azure-vhd-ubuntu-2204: ## Validates Ubuntu 22.04 VHD image Azure Packer config @@ -839,7 +846,7 @@ validate-azure-vhd-ubuntu-2404: ## Validates Ubuntu 24.04 VHD image Azure Packer validate-azure-vhd-windows-2019-containerd: ## Validate Windows Server 2019 VHD with containerd image Azure Packer config validate-azure-vhd-windows-2022-containerd: ## Validate Windows Server 2022 VHD with containerd image Azure Packer config validate-azure-sig-centos-7-gen2: ## Validates CentOS 7 Azure managed image in Shared Image Gallery Packer config -validate-azure-sig-mariner-2-gen2: ## Validates Mariner 2 Gen2 Azure managed image in Shared Image Gallery Packer config +validate-azure-sig-mariner-2-gen2: ## Validates Azure Linux 2 Gen2 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2004-gen2: ## Validates Ubuntu 20.04 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2004-cvm: ## Validates Ubuntu 20.04 CVM Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2204-gen2: ## Validates Ubuntu 22.04 Azure managed image in Shared Image Gallery Packer config @@ -847,6 +854,13 @@ validate-azure-sig-ubuntu-2204-cvm: ## Validates Ubuntu 22.04 CVM Azure managed validate-azure-sig-ubuntu-2404-gen2: ## Validates Ubuntu 24.04 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2404-cvm: ## Validates Ubuntu 24.04 CVM Azure managed image in Shared Image Gallery Packer config validate-azure-all: $(AZURE_VALIDATE_SIG_TARGETS) $(AZURE_VALIDATE_VHD_TARGETS) $(AZURE_VALIDATE_SIG_GEN2_TARGETS) $(AZURE_VALIDATE_SIG_CVM_TARGETS) ## Validates all images for Azure Packer config +# Targets for forward compatibility +validate-azure-vhd-azurelinux-2: ## Alias for validate-azure-vhd-mariner-2 + $(MAKE) validate-azure-vhd-mariner-2 +validate-azure-sig-azurelinux-2: ## Alias for validate-azure-sig-mariner-2 + $(MAKE) validate-azure-sig-mariner-2 +validate-azure-sig-azurelinux-2-gen2: ## Alias for validate-azure-sig-mariner-2-gen2 + $(MAKE) validate-azure-sig-mariner-2-gen2 validate-do-ubuntu-2004: ## Validates Ubuntu 20.04 DigitalOcean Snapshot Packer config validate-do-ubuntu-2204: ## Validates Ubuntu 22.04 DigitalOcean Snapshot Packer config diff --git a/images/capi/ansible/roles/containerd/templates/etc/systemd/system/containerd.service.d/limit-nofile.conf b/images/capi/ansible/roles/containerd/templates/etc/systemd/system/containerd.service.d/limit-nofile.conf index f720980650..f5974f1282 100644 --- a/images/capi/ansible/roles/containerd/templates/etc/systemd/system/containerd.service.d/limit-nofile.conf +++ b/images/capi/ansible/roles/containerd/templates/etc/systemd/system/containerd.service.d/limit-nofile.conf @@ -1,4 +1,4 @@ [Service] -# LimitNOFILE=infinity on Mariner means 1073741816, which has caused issues +# LimitNOFILE=infinity on Azure Linux means 1073741816, which has caused issues # running some software in containers such as mysql5 and sshd. LimitNOFILE=1048576 diff --git a/images/capi/ansible/roles/kubernetes/tasks/mariner.yml b/images/capi/ansible/roles/kubernetes/tasks/azurelinux.yml similarity index 90% rename from images/capi/ansible/roles/kubernetes/tasks/mariner.yml rename to images/capi/ansible/roles/kubernetes/tasks/azurelinux.yml index fc242cb246..8b76bd5f3e 100644 --- a/images/capi/ansible/roles/kubernetes/tasks/mariner.yml +++ b/images/capi/ansible/roles/kubernetes/tasks/azurelinux.yml @@ -31,7 +31,7 @@ - kubelet-{{ kubernetes_rpm_version }} - kubeadm-{{ kubernetes_rpm_version }} - kubectl-{{ kubernetes_rpm_version }} - - kubernetes-cni{{ '-'+kubernetes_cni_rpm_version if kubernetes_cni_rpm_version else '' }} + - kubernetes-cni{{ '-' + kubernetes_cni_rpm_version if kubernetes_cni_rpm_version else '' }} - name: Allow Kubernetes API server through iptables ansible.builtin.iptables: @@ -44,3 +44,5 @@ - name: Persist iptables configuration ansible.builtin.shell: iptables-save -t filter > /etc/systemd/scripts/ip4save + register: iptables_output + changed_when: iptables_output.rc != 0 diff --git a/images/capi/ansible/roles/kubernetes/tasks/main.yml b/images/capi/ansible/roles/kubernetes/tasks/main.yml index ab56cca51e..bcdcf92c94 100644 --- a/images/capi/ansible/roles/kubernetes/tasks/main.yml +++ b/images/capi/ansible/roles/kubernetes/tasks/main.yml @@ -15,7 +15,7 @@ - ansible.builtin.import_tasks: debian.yml when: kubernetes_source_type == "pkg" and ansible_os_family == "Debian" -- ansible.builtin.import_tasks: mariner.yml +- ansible.builtin.import_tasks: azurelinux.yml when: kubernetes_source_type == "pkg" and ansible_os_family == "Common Base Linux Mariner" - ansible.builtin.import_tasks: redhat.yml diff --git a/images/capi/ansible/roles/node/defaults/main.yml b/images/capi/ansible/roles/node/defaults/main.yml index f7959fe243..729e94bb23 100644 --- a/images/capi/ansible/roles/node/defaults/main.yml +++ b/images/capi/ansible/roles/node/defaults/main.yml @@ -30,8 +30,8 @@ al2_rpms: - python-netifaces - python-requests -# Used for Mariner distributions -mariner_rpms: +# Used for Azure Linux distributions +azurelinux_rpms: - lsof # Used for RedHat based distributions == 7 (ex. RHEL-7, CentOS-7 etc.) diff --git a/images/capi/ansible/roles/node/meta/main.yml b/images/capi/ansible/roles/node/meta/main.yml index f93e6e3906..f8f68c287e 100644 --- a/images/capi/ansible/roles/node/meta/main.yml +++ b/images/capi/ansible/roles/node/meta/main.yml @@ -46,5 +46,5 @@ dependencies: - role: setup vars: - rpms: "{{ common_rpms + mariner_rpms + lookup('vars', 'common_' + build_target + '_rpms') }}" + rpms: "{{ common_rpms + azurelinux_rpms + lookup('vars', 'common_' + build_target + '_rpms') }}" when: ansible_distribution == "Common Base Linux Mariner" diff --git a/images/capi/ansible/roles/setup/tasks/mariner.yml b/images/capi/ansible/roles/setup/tasks/azurelinux.yml similarity index 100% rename from images/capi/ansible/roles/setup/tasks/mariner.yml rename to images/capi/ansible/roles/setup/tasks/azurelinux.yml diff --git a/images/capi/ansible/roles/setup/tasks/main.yml b/images/capi/ansible/roles/setup/tasks/main.yml index 5d6deded7f..058f8bfc26 100644 --- a/images/capi/ansible/roles/setup/tasks/main.yml +++ b/images/capi/ansible/roles/setup/tasks/main.yml @@ -21,7 +21,7 @@ # "Flatcar" for comparison, which is the correct value. when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] -- ansible.builtin.import_tasks: mariner.yml +- ansible.builtin.import_tasks: azurelinux.yml when: ansible_os_family == "Common Base Linux Mariner" - ansible.builtin.import_tasks: redhat.yml diff --git a/images/capi/ansible/roles/sysprep/tasks/mariner.yml b/images/capi/ansible/roles/sysprep/tasks/azurelinux.yml similarity index 95% rename from images/capi/ansible/roles/sysprep/tasks/mariner.yml rename to images/capi/ansible/roles/sysprep/tasks/azurelinux.yml index a3ad4356cf..251dd74a89 100644 --- a/images/capi/ansible/roles/sysprep/tasks/mariner.yml +++ b/images/capi/ansible/roles/sysprep/tasks/azurelinux.yml @@ -28,6 +28,8 @@ - name: Ensure nftables config ends with a newline ansible.builtin.shell: /bin/echo "" >> /etc/sysconfig/nftables.conf + register: echo_output + changed_when: echo_output.rc != 0 - name: Disable swap service and ensure it is masked ansible.builtin.systemd: diff --git a/images/capi/ansible/roles/sysprep/tasks/main.yml b/images/capi/ansible/roles/sysprep/tasks/main.yml index c1293deb9f..bb8cb7a56a 100644 --- a/images/capi/ansible/roles/sysprep/tasks/main.yml +++ b/images/capi/ansible/roles/sysprep/tasks/main.yml @@ -21,7 +21,7 @@ - ansible.builtin.import_tasks: redhat.yml when: ansible_os_family == "RedHat" -- ansible.builtin.import_tasks: mariner.yml +- ansible.builtin.import_tasks: azurelinux.yml when: ansible_os_family == "Common Base Linux Mariner" - ansible.builtin.import_tasks: photon.yml diff --git a/images/capi/packer/azure/scripts/new-sku.sh b/images/capi/packer/azure/scripts/new-sku.sh index 5a53c86ff7..75c1b2cb2f 100755 --- a/images/capi/packer/azure/scripts/new-sku.sh +++ b/images/capi/packer/azure/scripts/new-sku.sh @@ -40,7 +40,7 @@ sku_id="${os}-${version}-${VM_GENERATION}" if [ "$OS" == "Ubuntu" ]; then os_type="Ubuntu" os_family="Linux" -elif [ "$OS" == "Mariner" ]; then +elif [ "$OS" == "AzureLinux" ] || [ "$OS" == "Mariner" ]; then os_type="CBL-Mariner" os_family="Linux" elif [ "$OS" == "Windows" ]; then diff --git a/images/capi/packer/goss/goss-vars.yaml b/images/capi/packer/goss/goss-vars.yaml index 05c4be0182..a32994b454 100644 --- a/images/capi/packer/goss/goss-vars.yaml +++ b/images/capi/packer/goss/goss-vars.yaml @@ -55,7 +55,7 @@ chrony_deb: &chrony_deb skip: true installed: false -common_mariner_rpms: &common_mariner_rpms +common_azurelinux_rpms: &common_azurelinux_rpms audit: ca-certificates: cloud-init: @@ -233,7 +233,7 @@ photon: package: <<: *photon_5_rpms mariner: - common-package: *common_mariner_rpms + common-package: *common_azurelinux_rpms azure: package: open-vm-tools: From 281408558d96107d29998b1327ceee58e7cec6aa Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Wed, 15 May 2024 08:25:26 -0600 Subject: [PATCH 2/2] Add Azure Linux 3 for Azure --- images/capi/Makefile | 6 ++++++ images/capi/ansible/roles/containerd/tasks/main.yml | 4 ++-- images/capi/ansible/roles/kubernetes/tasks/main.yml | 2 +- images/capi/ansible/roles/node/defaults/main.yml | 2 +- images/capi/ansible/roles/node/meta/main.yml | 2 +- images/capi/ansible/roles/node/tasks/main.yml | 2 +- images/capi/ansible/roles/providers/tasks/azurecli.yml | 2 +- images/capi/ansible/roles/setup/tasks/azurelinux.yml | 2 +- images/capi/ansible/roles/setup/tasks/main.yml | 2 +- images/capi/ansible/roles/sysprep/tasks/main.yml | 6 +++--- images/capi/azure_targets.sh | 6 +++--- images/capi/packer/azure/azurelinux-3-gen2.json | 9 +++++++++ images/capi/packer/azure/azurelinux-3.json | 9 +++++++++ images/capi/packer/azure/scripts/init-sig.sh | 6 ++++++ images/capi/packer/goss/goss-vars.yaml | 5 +++++ 15 files changed, 50 insertions(+), 15 deletions(-) create mode 100644 images/capi/packer/azure/azurelinux-3-gen2.json create mode 100644 images/capi/packer/azure/azurelinux-3.json diff --git a/images/capi/Makefile b/images/capi/Makefile index bc3413b0e1..773c89e4a2 100644 --- a/images/capi/Makefile +++ b/images/capi/Makefile @@ -630,6 +630,7 @@ build-azure-sig-ubuntu-2204: ## Builds Ubuntu 22.04 Azure managed image in Share build-azure-sig-ubuntu-2404: ## Builds Ubuntu 24.04 Azure managed image in Shared Image Gallery build-azure-sig-centos-7: ## Builds CentOS 7 Azure managed image in Shared Image Gallery build-azure-sig-mariner-2: ## Builds Azure Linux 2 Azure managed image in Shared Image Gallery +build-azure-sig-azurelinux-3: ## Builds Azure Linux 3 Azure managed image in Shared Image Gallery build-azure-sig-rhel-8: ## Builds RHEL 8 Azure managed image in Shared Image Gallery build-azure-sig-windows-2019-containerd: ## Builds Windows Server 2019 with containerd Azure managed image in Shared Image Gallery build-azure-sig-windows-2022-containerd: ## Builds Windows Server 2022 with containerd Azure managed image in Shared Image Gallery @@ -640,12 +641,14 @@ build-azure-vhd-ubuntu-2204: ## Builds Ubuntu 22.04 VHD image for Azure build-azure-vhd-ubuntu-2404: ## Builds Ubuntu 24.04 VHD image for Azure build-azure-vhd-centos-7: ## Builds CentOS 7 VHD image for Azure build-azure-vhd-mariner-2: ## Builds Azure Linux 2 VHD image for Azure +build-azure-vhd-azurelinux-3: ## Builds Azure Linux 3 VHD image for Azure build-azure-vhd-rhel-8: ## Builds RHEL 8 VHD image for Azure build-azure-vhd-windows-2019-containerd: ## Builds for Windows Server 2019 with containerd build-azure-vhd-windows-2022-containerd: ## Builds for Windows Server 2022 with containerd build-azure-sig-windows-annual-containerd: ## Builds for Windows Server Annual Channel with containerd build-azure-sig-centos-7-gen2: ## Builds CentOS Gen2 managed image in Shared Image Gallery build-azure-sig-mariner-2-gen2: ## Builds Azure Linux 2 Gen2 managed image in Shared Image Gallery +build-azure-sig-azurelinux-3-gen2: ## Builds Azure Linux 3 Gen2 managed image in Shared Image Gallery build-azure-sig-flatcar: ## Builds Flatcar Azure managed image in Shared Image Gallery build-azure-sig-flatcar-gen2: ## Builds Flatcar Azure Gen2 managed image in Shared Image Gallery build-azure-sig-ubuntu-2004-gen2: ## Builds Ubuntu 20.04 Gen2 managed image in Shared Image Gallery @@ -830,6 +833,7 @@ validate-ami-all: $(AMI_VALIDATE_TARGETS) ## Validates all AMIs Packer config validate-azure-sig-centos-7: ## Validates CentOS 7 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-mariner-2: ## Validates Azure Linux 2 Azure managed image in Shared Image Gallery Packer config +validate-azure-sig-azurelinux-3: ## Validates Azure Linux 3 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-rhel-8: ## Validates RHEL 8 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2004: ## Validates Ubuntu 20.04 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2204: ## Validates Ubuntu 22.04 Azure managed image in Shared Image Gallery Packer config @@ -839,6 +843,7 @@ validate-azure-sig-windows-2022-containerd: ## Validate Windows Server 2022 with validate-azure-sig-windows-annual-containerd: ## Validate Windows Server Annual Channel with containerd Azure managed image in Shared Image Gallery Packer config validate-azure-vhd-centos-7: ## Validates CentOS 7 VHD image Azure Packer config validate-azure-vhd-mariner-2: ## Validates Azure Linux 2 VHD image Azure Packer config +validate-azure-vhd-azurelinux-3: ## Validates Azure Linux 3 VHD image Azure Packer config validate-azure-vhd-rhel-8: ## Validates RHEL 8 VHD image Azure Packer config validate-azure-vhd-ubuntu-2004: ## Validates Ubuntu 20.04 VHD image Azure Packer config validate-azure-vhd-ubuntu-2204: ## Validates Ubuntu 22.04 VHD image Azure Packer config @@ -847,6 +852,7 @@ validate-azure-vhd-windows-2019-containerd: ## Validate Windows Server 2019 VHD validate-azure-vhd-windows-2022-containerd: ## Validate Windows Server 2022 VHD with containerd image Azure Packer config validate-azure-sig-centos-7-gen2: ## Validates CentOS 7 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-mariner-2-gen2: ## Validates Azure Linux 2 Gen2 Azure managed image in Shared Image Gallery Packer config +validate-azure-sig-azurelinux-3-gen2: ## Validates Azure Linux 3 Gen2 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2004-gen2: ## Validates Ubuntu 20.04 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2004-cvm: ## Validates Ubuntu 20.04 CVM Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2204-gen2: ## Validates Ubuntu 22.04 Azure managed image in Shared Image Gallery Packer config diff --git a/images/capi/ansible/roles/containerd/tasks/main.yml b/images/capi/ansible/roles/containerd/tasks/main.yml index de5977a996..ffbd429d38 100644 --- a/images/capi/ansible/roles/containerd/tasks/main.yml +++ b/images/capi/ansible/roles/containerd/tasks/main.yml @@ -16,7 +16,7 @@ when: ansible_os_family == "Debian" - ansible.builtin.import_tasks: redhat.yml - when: ansible_os_family in ["Common Base Linux Mariner", "RedHat"] + when: ansible_os_family in ["Common Base Linux Mariner", "Microsoft Azure Linux", "RedHat"] - ansible.builtin.import_tasks: photon.yml when: ansible_os_family == "VMware Photon OS" @@ -137,7 +137,7 @@ dest: /etc/systemd/system/containerd.service.d/limit-nofile.conf src: etc/systemd/system/containerd.service.d/limit-nofile.conf mode: "0644" - when: ansible_os_family == "Common Base Linux Mariner" + when: ansible_os_family in ["Common Base Linux Mariner", "Microsoft Azure Linux"] - name: Create containerd http proxy conf file if needed ansible.builtin.template: diff --git a/images/capi/ansible/roles/kubernetes/tasks/main.yml b/images/capi/ansible/roles/kubernetes/tasks/main.yml index bcdcf92c94..f885bf5169 100644 --- a/images/capi/ansible/roles/kubernetes/tasks/main.yml +++ b/images/capi/ansible/roles/kubernetes/tasks/main.yml @@ -16,7 +16,7 @@ when: kubernetes_source_type == "pkg" and ansible_os_family == "Debian" - ansible.builtin.import_tasks: azurelinux.yml - when: kubernetes_source_type == "pkg" and ansible_os_family == "Common Base Linux Mariner" + when: kubernetes_source_type == "pkg" and ansible_os_family in ["Common Base Linux Mariner", "Microsoft Azure Linux"] - ansible.builtin.import_tasks: redhat.yml when: kubernetes_source_type == "pkg" and ansible_os_family == "RedHat" diff --git a/images/capi/ansible/roles/node/defaults/main.yml b/images/capi/ansible/roles/node/defaults/main.yml index 729e94bb23..b4654674f0 100644 --- a/images/capi/ansible/roles/node/defaults/main.yml +++ b/images/capi/ansible/roles/node/defaults/main.yml @@ -115,7 +115,7 @@ common_raw_photon_rpms: [] # photon and flatcar do not have backward compatibility for legacy distro behavior for sysctl.conf by default # as it uses systemd-sysctl. set this var so we can use for sysctl conf file value. sysctl_conf_file: >- - {{ '/etc/sysctl.d/99-sysctl.conf' if ansible_os_family in ['Common Base Linux Mariner', 'Flatcar', 'VMware Photon OS'] + {{ '/etc/sysctl.d/99-sysctl.conf' if ansible_os_family in ['Common Base Linux Mariner', 'Flatcar', 'Microsoft Azure Linux', 'VMware Photon OS'] else '/etc/sysctl.conf' }} pause_image: registry.k8s.io/pause:3.9 diff --git a/images/capi/ansible/roles/node/meta/main.yml b/images/capi/ansible/roles/node/meta/main.yml index f8f68c287e..5e5a0cd175 100644 --- a/images/capi/ansible/roles/node/meta/main.yml +++ b/images/capi/ansible/roles/node/meta/main.yml @@ -47,4 +47,4 @@ dependencies: - role: setup vars: rpms: "{{ common_rpms + azurelinux_rpms + lookup('vars', 'common_' + build_target + '_rpms') }}" - when: ansible_distribution == "Common Base Linux Mariner" + when: ansible_distribution in ["Common Base Linux Mariner", "Microsoft Azure Linux"] diff --git a/images/capi/ansible/roles/node/tasks/main.yml b/images/capi/ansible/roles/node/tasks/main.yml index 484556b17f..408c9d769c 100644 --- a/images/capi/ansible/roles/node/tasks/main.yml +++ b/images/capi/ansible/roles/node/tasks/main.yml @@ -79,7 +79,7 @@ name: conntrackd state: stopped enabled: false - when: ansible_os_family not in ["Common Base Linux Mariner", "Debian", "Flatcar"] + when: ansible_os_family not in ["Common Base Linux Mariner", "Debian", "Flatcar", "Microsoft Azure Linux"] - name: Ensure auditd is running and comes on at reboot ansible.builtin.service: diff --git a/images/capi/ansible/roles/providers/tasks/azurecli.yml b/images/capi/ansible/roles/providers/tasks/azurecli.yml index f4b21e09af..ce52812f4c 100644 --- a/images/capi/ansible/roles/providers/tasks/azurecli.yml +++ b/images/capi/ansible/roles/providers/tasks/azurecli.yml @@ -44,7 +44,7 @@ state: present - name: Install Azure CLI - when: ansible_os_family == "Common Base Linux Mariner" + when: ansible_os_family in ["Common Base Linux Mariner", "Microsoft Azure Linux"] ansible.builtin.package: name: azure-cli state: present diff --git a/images/capi/ansible/roles/setup/tasks/azurelinux.yml b/images/capi/ansible/roles/setup/tasks/azurelinux.yml index 31c11d4d30..6535d2d5ab 100644 --- a/images/capi/ansible/roles/setup/tasks/azurelinux.yml +++ b/images/capi/ansible/roles/setup/tasks/azurelinux.yml @@ -20,7 +20,7 @@ state: latest lock_timeout: 60 -- name: Install baseline dependencies on Mariner +- name: Install baseline dependencies on Azure Linux ansible.builtin.yum: name: "{{ rpms }}" state: present diff --git a/images/capi/ansible/roles/setup/tasks/main.yml b/images/capi/ansible/roles/setup/tasks/main.yml index 058f8bfc26..e4174217c1 100644 --- a/images/capi/ansible/roles/setup/tasks/main.yml +++ b/images/capi/ansible/roles/setup/tasks/main.yml @@ -22,7 +22,7 @@ when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] - ansible.builtin.import_tasks: azurelinux.yml - when: ansible_os_family == "Common Base Linux Mariner" + when: ansible_os_family in ["Common Base Linux Mariner", "Microsoft Azure Linux"] - ansible.builtin.import_tasks: redhat.yml when: ansible_os_family == "RedHat" diff --git a/images/capi/ansible/roles/sysprep/tasks/main.yml b/images/capi/ansible/roles/sysprep/tasks/main.yml index bb8cb7a56a..62108535a4 100644 --- a/images/capi/ansible/roles/sysprep/tasks/main.yml +++ b/images/capi/ansible/roles/sysprep/tasks/main.yml @@ -22,7 +22,7 @@ when: ansible_os_family == "RedHat" - ansible.builtin.import_tasks: azurelinux.yml - when: ansible_os_family == "Common Base Linux Mariner" + when: ansible_os_family in ["Common Base Linux Mariner", "Microsoft Azure Linux"] - ansible.builtin.import_tasks: photon.yml when: ansible_os_family == "VMware Photon OS" @@ -49,7 +49,7 @@ loop: - { path: /etc/machine-id, state: absent, mode: "{{ machine_id_mode }}" } - { path: /etc/machine-id, state: touch, mode: "{{ machine_id_mode }}" } - when: ansible_os_family not in ["Common Base Linux Mariner", "Flatcar"] + when: ansible_os_family not in ["Common Base Linux Mariner", "Flatcar", "Microsoft Azure Linuz"] - name: Truncate hostname file ansible.builtin.file: @@ -65,7 +65,7 @@ - name: Set hostname ansible.builtin.hostname: name: localhost.local - when: ansible_os_family not in ["Common Base Linux Mariner", "Flatcar", "VMware Photon OS"] and packer_build_name != "nutanix" + when: ansible_os_family not in ["Common Base Linux Mariner", "Flatcar", "Microsoft Azure Linux", "VMware Photon OS"] and packer_build_name != "nutanix" - name: Reset hosts file ansible.builtin.copy: diff --git a/images/capi/azure_targets.sh b/images/capi/azure_targets.sh index 87cf363c2f..952fc26c7f 100644 --- a/images/capi/azure_targets.sh +++ b/images/capi/azure_targets.sh @@ -1,8 +1,8 @@ -VHD_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 rhel-8 windows-2019-containerd windows-2022-containerd" +VHD_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 azurelinux-3 rhel-8 windows-2019-containerd windows-2022-containerd" VHD_CI_TARGETS="ubuntu-2204 ubuntu-2404 mariner-2 windows-2019-containerd windows-2022-containerd" -SIG_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 rhel-8 windows-2019-containerd windows-2022-containerd flatcar" +SIG_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 azurelinux-3 rhel-8 windows-2019-containerd windows-2022-containerd flatcar" SIG_CI_TARGETS="ubuntu-2204 ubuntu-2404 mariner-2 windows-2019-containerd windows-2022-containerd flatcar" -SIG_GEN2_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 flatcar" +SIG_GEN2_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 azurelinux-3 flatcar" SIG_GEN2_CI_TARGETS="ubuntu-2204 ubuntu-2404 mariner-2 flatcar" SIG_CVM_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 windows-2019-containerd windows-2022-containerd" SIG_CVM_CI_TARGETS="ubuntu-2204 ubuntu-2404 windows-2022-containerd" diff --git a/images/capi/packer/azure/azurelinux-3-gen2.json b/images/capi/packer/azure/azurelinux-3-gen2.json new file mode 100644 index 0000000000..5374c6d86b --- /dev/null +++ b/images/capi/packer/azure/azurelinux-3-gen2.json @@ -0,0 +1,9 @@ +{ + "build_name": "azurelinux-3-gen2", + "distribution": "azurelinux", + "distribution_release": "azure-linux-gen2", + "distribution_version": "3", + "image_offer": "azure-linux", + "image_publisher": "MicrosoftCBLMariner", + "image_sku": "azure-linux-gen2" +} diff --git a/images/capi/packer/azure/azurelinux-3.json b/images/capi/packer/azure/azurelinux-3.json new file mode 100644 index 0000000000..7d7303bcb7 --- /dev/null +++ b/images/capi/packer/azure/azurelinux-3.json @@ -0,0 +1,9 @@ +{ + "build_name": "azurelinux-3", + "distribution": "azurelinux", + "distribution_release": "azure-linux-3", + "distribution_version": "3", + "image_offer": "azure-linux", + "image_publisher": "MicrosoftCBLMariner", + "image_sku": "azure-linux-3" +} diff --git a/images/capi/packer/azure/scripts/init-sig.sh b/images/capi/packer/azure/scripts/init-sig.sh index 3d9f3f56a4..0591dc6902 100755 --- a/images/capi/packer/azure/scripts/init-sig.sh +++ b/images/capi/packer/azure/scripts/init-sig.sh @@ -67,6 +67,9 @@ case ${SIG_TARGET} in mariner-2) create_image_definition ${SIG_TARGET} "mariner-2" "V1" "Linux" ;; + azurelinux-3) + create_image_definition ${SIG_TARGET} "azurelinux-3" "V1" "Linux" + ;; rhel-8) create_image_definition "rhel-8" "rhel-8" "V1" "Linux" ;; @@ -115,6 +118,9 @@ case ${SIG_TARGET} in mariner-2-gen2) create_image_definition ${SIG_TARGET} "mariner-2-gen2" "V2" "Linux" ;; + azurelinux-3-gen2) + create_image_definition ${SIG_TARGET} "azurelinux-3-gen2" "V2" "Linux" + ;; flatcar-gen2) SKU="flatcar-${FLATCAR_CHANNEL}-${FLATCAR_VERSION}-gen2" create_image_definition "${SKU}" "${SKU}" "V2" "Linux" diff --git a/images/capi/packer/goss/goss-vars.yaml b/images/capi/packer/goss/goss-vars.yaml index a32994b454..847954d0f0 100644 --- a/images/capi/packer/goss/goss-vars.yaml +++ b/images/capi/packer/goss/goss-vars.yaml @@ -232,6 +232,11 @@ photon: - distro_version: "5" package: <<: *photon_5_rpms +azurelinux: + common-package: *common_azurelinux_rpms + azure: + package: + open-vm-tools: mariner: common-package: *common_azurelinux_rpms azure: