diff options
Diffstat (limited to 'nixpkgs/nixos/modules/virtualisation/azure-agent.nix')
-rw-r--r-- | nixpkgs/nixos/modules/virtualisation/azure-agent.nix | 216 |
1 files changed, 138 insertions, 78 deletions
diff --git a/nixpkgs/nixos/modules/virtualisation/azure-agent.nix b/nixpkgs/nixos/modules/virtualisation/azure-agent.nix index 31047c4ddc0e..6e6021cf80fe 100644 --- a/nixpkgs/nixos/modules/virtualisation/azure-agent.nix +++ b/nixpkgs/nixos/modules/virtualisation/azure-agent.nix @@ -1,51 +1,10 @@ { config, lib, pkgs, ... }: with lib; - let cfg = config.virtualisation.azure.agent; - waagent = with pkgs; stdenv.mkDerivation rec { - name = "waagent-2.0"; - src = pkgs.fetchFromGitHub { - owner = "Azure"; - repo = "WALinuxAgent"; - rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4"; - sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x"; - }; - - patches = [ ./azure-agent-entropy.patch ]; - - buildInputs = [ makeWrapper python pythonPackages.wrapPython ]; - runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh - nettools # for hostname - procps # for pidof - shadow # for useradd, usermod - util-linux # for (u)mount, fdisk, sfdisk, mkswap - parted - ]; - pythonPath = [ pythonPackages.pyasn1 ]; - - configurePhase = false; - buildPhase = false; - - installPhase = '' - substituteInPlace config/99-azure-product-uuid.rules \ - --replace /bin/chmod "${coreutils}/bin/chmod" - mkdir -p $out/lib/udev/rules.d - cp config/*.rules $out/lib/udev/rules.d - - mkdir -p $out/bin - cp waagent $out/bin/ - chmod +x $out/bin/waagent - - wrapProgram "$out/bin/waagent" \ - --prefix PYTHONPATH : $PYTHONPATH \ - --prefix PATH : "${makeBinPath runtimeDeps}" - ''; - }; - provisionedHook = pkgs.writeScript "provisioned-hook" '' #!${pkgs.runtimeShell} /run/current-system/systemd/bin/systemctl start provisioned.target @@ -74,14 +33,15 @@ in ###### implementation - config = mkIf cfg.enable { - assertions = [ { + config = lib.mkIf cfg.enable { + assertions = [{ assertion = pkgs.stdenv.hostPlatform.isx86; message = "Azure not currently supported on ${pkgs.stdenv.hostPlatform.system}"; - } { - assertion = config.networking.networkmanager.enable == false; - message = "Windows Azure Linux Agent is not compatible with NetworkManager"; - } ]; + } + { + assertion = config.networking.networkmanager.enable == false; + message = "Windows Azure Linux Agent is not compatible with NetworkManager"; + }]; boot.initrd.kernelModules = [ "ata_piix" ]; networking.firewall.allowedUDPPorts = [ 68 ]; @@ -89,13 +49,19 @@ in environment.etc."waagent.conf".text = '' # - # Windows Azure Linux Agent Configuration + # Microsoft Azure Linux Agent Configuration # - Role.StateConsumer=${provisionedHook} + # Enable extension handling. Do not disable this unless you do not need password reset, + # backup, monitoring, or any extension handling whatsoever. + Extensions.Enabled=y - # Enable instance creation - Provisioning.Enabled=y + # How often (in seconds) to poll for new goal states + Extensions.GoalStatePeriod=6 + + # Which provisioning agent to use. Supported values are "auto" (default), "waagent", + # "cloud-init", or "disabled". + Provisioning.Agent=disabled # Password authentication for root account will be unavailable. Provisioning.DeleteRootPassword=n @@ -103,18 +69,31 @@ in # Generate fresh host key pair. Provisioning.RegenerateSshHostKeyPair=n - # Supported values are "rsa", "dsa" and "ecdsa". + # Supported values are "rsa", "dsa", "ecdsa", "ed25519", and "auto". + # The "auto" option is supported on OpenSSH 5.9 (2011) and later. Provisioning.SshHostKeyPairType=ed25519 # Monitor host name changes and publish changes via DHCP requests. Provisioning.MonitorHostName=y + # How often (in seconds) to monitor host name changes. + Provisioning.MonitorHostNamePeriod=30 + # Decode CustomData from Base64. Provisioning.DecodeCustomData=n # Execute CustomData after provisioning. Provisioning.ExecuteCustomData=n + # Algorithm used by crypt when generating password hash. + #Provisioning.PasswordCryptId=6 + + # Length of random salt used when generating password hash. + #Provisioning.PasswordCryptSaltLength=10 + + # Allow reset password of sys user + Provisioning.AllowResetSysUser=n + # Format if unformatted. If 'n', resource disk will not be mounted. ResourceDisk.Format=${if cfg.mountResourceDisk then "y" else "n"} @@ -125,22 +104,103 @@ in # Mount point for the resource disk ResourceDisk.MountPoint=/mnt/resource - # Respond to load balancer probes if requested by Windows Azure. - LBProbeResponder=y + # Create and use swapfile on resource disk. + ResourceDisk.EnableSwap=n + + # Size of the swapfile. + ResourceDisk.SwapSizeMB=0 - # Enable logging to serial console (y|n) - # When stdout is not enough... - # 'y' if not set - Logs.Console=y + # Comma-separated list of mount options. See mount(8) for valid options. + ResourceDisk.MountOptions=None # Enable verbose logging (y|n) Logs.Verbose=${if cfg.verboseLogging then "y" else "n"} + # Enable Console logging, default is y + # Logs.Console=y + + # Enable periodic log collection, default is n + Logs.Collect=n + + # How frequently to collect logs, default is each hour + Logs.CollectPeriod=3600 + + # Is FIPS enabled + OS.EnableFIPS=n + # Root device timeout in seconds. OS.RootDeviceScsiTimeout=300 + + # How often (in seconds) to set the root device timeout. + OS.RootDeviceScsiTimeoutPeriod=30 + + # If "None", the system default version is used. + OS.OpensslPath=${pkgs.openssl_3.bin}/bin/openssl + + # Set the SSH ClientAliveInterval + # OS.SshClientAliveInterval=180 + + # Set the path to SSH keys and configuration files + OS.SshDir=/etc/ssh + + # If set, agent will use proxy server to access internet + #HttpProxy.Host=None + #HttpProxy.Port=None + + # Detect Scvmm environment, default is n + # DetectScvmmEnv=n + + # + # Lib.Dir=/var/lib/waagent + + # + # DVD.MountPoint=/mnt/cdrom/secure + + # + # Pid.File=/var/run/waagent.pid + + # + # Extension.LogDir=/var/log/azure + + # + # Home.Dir=/home + + # Enable RDMA management and set up, should only be used in HPC images + OS.EnableRDMA=n + + # Enable checking RDMA driver version and update + # OS.CheckRdmaDriver=y + + # Enable or disable goal state processing auto-update, default is enabled + AutoUpdate.Enabled=n + + # Determine the update family, this should not be changed + # AutoUpdate.GAFamily=Prod + + # Determine if the overprovisioning feature is enabled. If yes, hold extension + # handling until inVMArtifactsProfile.OnHold is false. + # Default is enabled + EnableOverProvisioning=n + + # Allow fallback to HTTP if HTTPS is unavailable + # Note: Allowing HTTP (vs. HTTPS) may cause security risks + # OS.AllowHTTP=n + + # Add firewall rules to protect access to Azure host node services + OS.EnableFirewall=n + + # How often (in seconds) to check the firewall rules + OS.EnableFirewallPeriod=30 + + # How often (in seconds) to remove the udev rules for persistent network interface + # names (75-persistent-net-generator.rules and /etc/udev/rules.d/70-persistent-net.rules) + OS.RemovePersistentNetRulesPeriod=30 + + # How often (in seconds) to monitor for DHCP client restarts + OS.MonitorDhcpClientRestartPeriod=30 ''; - services.udev.packages = [ waagent ]; + services.udev.packages = [ pkgs.waagent ]; networking.dhcpcd.persistent = true; @@ -157,23 +217,24 @@ in description = "Services Requiring Azure VM provisioning to have finished"; }; - systemd.services.consume-hypervisor-entropy = - { description = "Consume entropy in ACPI table provided by Hyper-V"; - - wantedBy = [ "sshd.service" "waagent.service" ]; - before = [ "sshd.service" "waagent.service" ]; - - path = [ pkgs.coreutils ]; - script = - '' - echo "Fetching entropy..." - cat /sys/firmware/acpi/tables/OEM0 > /dev/random - ''; - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; - serviceConfig.StandardError = "journal+console"; - serviceConfig.StandardOutput = "journal+console"; - }; + systemd.services.consume-hypervisor-entropy = + { + description = "Consume entropy in ACPI table provided by Hyper-V"; + + wantedBy = [ "sshd.service" "waagent.service" ]; + before = [ "sshd.service" "waagent.service" ]; + + path = [ pkgs.coreutils ]; + script = + '' + echo "Fetching entropy..." + cat /sys/firmware/acpi/tables/OEM0 > /dev/random + ''; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + serviceConfig.StandardError = "journal+console"; + serviceConfig.StandardOutput = "journal+console"; + }; systemd.services.waagent = { wantedBy = [ "multi-user.target" ]; @@ -184,11 +245,10 @@ in description = "Windows Azure Agent Service"; unitConfig.ConditionPathExists = "/etc/waagent.conf"; serviceConfig = { - ExecStart = "${waagent}/bin/waagent -daemon"; + ExecStart = "${pkgs.waagent}/bin/waagent -daemon"; Type = "simple"; }; }; }; - } |