nixpkgs/nixos/modules/virtualisation/azure-agent.nix

{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.virtualisation.azure.agent;

  waagent = with pkgs; stdenv.mkDerivation rec {
    name = "waagent-2.0";
    src = pkgs.fetchFromGitHub {
      owner = "Azure";
      repo = "WALinuxAgent";
      rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4";
      sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x";
    };

    patches = [ ./azure-agent-entropy.patch ];

    buildInputs = [ makeWrapper python pythonPackages.wrapPython ];
    runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh
                    nettools # for hostname
                    procps # for pidof
                    shadow # for useradd, usermod
                    utillinux # for (u)mount, fdisk, sfdisk, mkswap
                    parted
                  ];
    pythonPath = [ pythonPackages.pyasn1 ];

    configurePhase = false;
    buildPhase = false;

    installPhase = ''
      substituteInPlace config/99-azure-product-uuid.rules \
          --replace /bin/chmod "${coreutils}/bin/chmod"
      mkdir -p $out/lib/udev/rules.d
      cp config/*.rules $out/lib/udev/rules.d

      mkdir -p $out/bin
      cp waagent $out/bin/
      chmod +x $out/bin/waagent

      wrapProgram "$out/bin/waagent" \
          --prefix PYTHONPATH : $PYTHONPATH \
          --prefix PATH : "${makeBinPath runtimeDeps}"
    '';
  };

  provisionedHook = pkgs.writeScript "provisioned-hook" ''
    #!${pkgs.runtimeShell}
    ${config.systemd.package}/bin/systemctl start provisioned.target
  '';

in

{

  ###### interface

  options.virtualisation.azure.agent = {
    enable = mkOption {
      default = false;
      description = "Whether to enable the Windows Azure Linux Agent.";
    };
    verboseLogging = mkOption {
      default = false;
      description = "Whether to enable verbose logging.";
    };
    mountResourceDisk = mkOption {
      default = true;
      description = "Whether the agent should format (ext4) and mount the resource disk to /mnt/resource.";
    };
  };

  ###### implementation

  config = mkIf cfg.enable {
    assertions = [ {
      assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64;
      message = "Azure not currently supported on ${pkgs.stdenv.hostPlatform.system}";
    } {
      assertion = config.networking.networkmanager.enable == false;
      message = "Windows Azure Linux Agent is not compatible with NetworkManager";
    } ];

    boot.initrd.kernelModules = [ "ata_piix" ];
    networking.firewall.allowedUDPPorts = [ 68 ];


    environment.etc."waagent.conf".text = ''
        #
        # Windows Azure Linux Agent Configuration
        #

        Role.StateConsumer=${provisionedHook}

        # Enable instance creation
        Provisioning.Enabled=y

        # Password authentication for root account will be unavailable.
        Provisioning.DeleteRootPassword=n

        # Generate fresh host key pair.
        Provisioning.RegenerateSshHostKeyPair=n

        # Supported values are "rsa", "dsa" and "ecdsa".
        Provisioning.SshHostKeyPairType=ed25519

        # Monitor host name changes and publish changes via DHCP requests.
        Provisioning.MonitorHostName=y

        # Decode CustomData from Base64.
        Provisioning.DecodeCustomData=n

        # Execute CustomData after provisioning.
        Provisioning.ExecuteCustomData=n

        # Format if unformatted. If 'n', resource disk will not be mounted.
        ResourceDisk.Format=${if cfg.mountResourceDisk then "y" else "n"}

        # File system on the resource disk
        # Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.
        ResourceDisk.Filesystem=ext4

        # Mount point for the resource disk
        ResourceDisk.MountPoint=/mnt/resource

        # Respond to load balancer probes if requested by Windows Azure.
        LBProbeResponder=y

        # Enable logging to serial console (y|n)
        # When stdout is not enough...
        # 'y' if not set
        Logs.Console=y

        # Enable verbose logging (y|n)
        Logs.Verbose=${if cfg.verboseLogging then "y" else "n"}

        # Root device timeout in seconds.
        OS.RootDeviceScsiTimeout=300
    '';

    services.udev.packages = [ waagent ];

    networking.dhcpcd.persistent = true;

    services.logrotate = {
      enable = true;
      config = ''
        /var/log/waagent.log {
            compress
            monthly
            rotate 6
            notifempty
            missingok
        }
      '';
    };

    systemd.targets.provisioned = {
      description = "Services Requiring Azure VM provisioning to have finished";
    };

  systemd.services.consume-hypervisor-entropy =
    { description = "Consume entropy in ACPI table provided by Hyper-V";

      wantedBy = [ "sshd.service" "waagent.service" ];
      before = [ "sshd.service" "waagent.service" ];
      after = [ "local-fs.target" ];

      path  = [ pkgs.coreutils ];
      script =
        ''
          echo "Fetching entropy..."
          cat /sys/firmware/acpi/tables/OEM0 > /dev/random
        '';
      serviceConfig.Type = "oneshot";
      serviceConfig.RemainAfterExit = true;
      serviceConfig.StandardError = "journal+console";
      serviceConfig.StandardOutput = "journal+console";
     };

    systemd.services.waagent = {
      wantedBy = [ "multi-user.target" ];
      after = [ "network-online.target" "sshd.service" ];
      wants = [ "network-online.target" ];

      path = [ pkgs.e2fsprogs pkgs.bash ];
      description = "Windows Azure Agent Service";
      unitConfig.ConditionPathExists = "/etc/waagent.conf";
      serviceConfig = {
        ExecStart = "${waagent}/bin/waagent -daemon";
        Type = "simple";
      };
    };

  };

}
Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`

			`cfg = config.virtualisation.azure.agent;`

			`waagent = with pkgs; stdenv.mkDerivation rec {`
			`name = "waagent-2.0";`
Fix waagent revision, previous did not exist anymore. 2016-02-09 14:52:54 +00:00			`src = pkgs.fetchFromGitHub {`
azure-agent: switch back to upstream WALinuxAgent 2016-02-18 17:39:36 -08:00			`owner = "Azure";`
Fix waagent revision, previous did not exist anymore. 2016-02-09 14:52:54 +00:00			`repo = "WALinuxAgent";`
azure-agent: switch back to upstream WALinuxAgent 2016-02-18 17:39:36 -08:00			`rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4";`
			`sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x";`
Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00			`};`
virtualization/azure: take entropy handling code out of WALA and execute it before SSHD generates the host keys 2016-03-12 10:09:02 +02:00
			`patches = [ ./azure-agent-entropy.patch ];`

Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00			`buildInputs = [ makeWrapper python pythonPackages.wrapPython ];`
			`runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh`
			`nettools # for hostname`
			`procps # for pidof`
			`shadow # for useradd, usermod`
			`utillinux # for (u)mount, fdisk, sfdisk, mkswap`
			`parted`
			`];`
			`pythonPath = [ pythonPackages.pyasn1 ];`

			`configurePhase = false;`
			`buildPhase = false;`

			`installPhase = ''`
			`substituteInPlace config/99-azure-product-uuid.rules \`
			`--replace /bin/chmod "${coreutils}/bin/chmod"`
			`mkdir -p $out/lib/udev/rules.d`
			`cp config/*.rules $out/lib/udev/rules.d`

			`mkdir -p $out/bin`
			`cp waagent $out/bin/`
			`chmod +x $out/bin/waagent`

			`wrapProgram "$out/bin/waagent" \`
			`--prefix PYTHONPATH : $PYTHONPATH \`
replace makeSearchPath tree-wise to take care of possible multiple outputs 2016-04-13 15:53:51 +03:00			`--prefix PATH : "${makeBinPath runtimeDeps}"`
Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00			`'';`
			`};`

			`provisionedHook = pkgs.writeScript "provisioned-hook" ''`
nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00			`#!${pkgs.runtimeShell}`
Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00			`${config.systemd.package}/bin/systemctl start provisioned.target`
			`'';`

			`in`

			`{`

			`###### interface`

virtualization/azure: fixes azure-agent: add option for verbose logging azure-agent: disable ssh host key regeneration azure-common: set verbose logging on azure-image: increase size to 30GB 2016-03-10 23:15:52 -08:00			`options.virtualisation.azure.agent = {`
			`enable = mkOption {`
			`default = false;`
			`description = "Whether to enable the Windows Azure Linux Agent.";`
			`};`
			`verboseLogging = mkOption {`
			`default = false;`
			`description = "Whether to enable verbose logging.";`
			`};`
azure-agent: add option to control auto mount of resource disk. 2018-04-17 16:04:04 +02:00			`mountResourceDisk = mkOption {`
			`default = true;`
			`description = "Whether the agent should format (ext4) and mount the resource disk to /mnt/resource.";`
			`};`
Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00			`};`

			`###### implementation`

			`config = mkIf cfg.enable {`
			`assertions = [ {`
			`assertion = pkgs.stdenv.isi686 \|\| pkgs.stdenv.isx86_64;`
reewide: Purge all uses `stdenv.system` and top-level `system` It is deprecated and will be removed after 18.09. 2018-08-20 15:11:29 -04:00			`message = "Azure not currently supported on ${pkgs.stdenv.hostPlatform.system}";`
Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00			`} {`
			`assertion = config.networking.networkmanager.enable == false;`
			`message = "Windows Azure Linux Agent is not compatible with NetworkManager";`
			`} ];`

			`boot.initrd.kernelModules = [ "ata_piix" ];`
			`networking.firewall.allowedUDPPorts = [ 68 ];`


			`environment.etc."waagent.conf".text = ''`
			`#`
			`# Windows Azure Linux Agent Configuration`
			`#`

			`Role.StateConsumer=${provisionedHook}`

			`# Enable instance creation`
			`Provisioning.Enabled=y`

			`# Password authentication for root account will be unavailable.`
			`Provisioning.DeleteRootPassword=n`

			`# Generate fresh host key pair.`
virtualization/azure: fixes azure-agent: add option for verbose logging azure-agent: disable ssh host key regeneration azure-common: set verbose logging on azure-image: increase size to 30GB 2016-03-10 23:15:52 -08:00			`Provisioning.RegenerateSshHostKeyPair=n`
Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00
			`# Supported values are "rsa", "dsa" and "ecdsa".`
			`Provisioning.SshHostKeyPairType=ed25519`

			`# Monitor host name changes and publish changes via DHCP requests.`
			`Provisioning.MonitorHostName=y`

			`# Decode CustomData from Base64.`
			`Provisioning.DecodeCustomData=n`

			`# Execute CustomData after provisioning.`
			`Provisioning.ExecuteCustomData=n`

			`# Format if unformatted. If 'n', resource disk will not be mounted.`
azure-agent: add option to control auto mount of resource disk. 2018-04-17 16:04:04 +02:00			`ResourceDisk.Format=${if cfg.mountResourceDisk then "y" else "n"}`
Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00
			`# File system on the resource disk`
			`# Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.`
			`ResourceDisk.Filesystem=ext4`

			`# Mount point for the resource disk`
			`ResourceDisk.MountPoint=/mnt/resource`

			`# Respond to load balancer probes if requested by Windows Azure.`
			`LBProbeResponder=y`

			`# Enable logging to serial console (y\|n)`
			`# When stdout is not enough...`
			`# 'y' if not set`
			`Logs.Console=y`

			`# Enable verbose logging (y\|n)`
virtualization/azure: fixes azure-agent: add option for verbose logging azure-agent: disable ssh host key regeneration azure-common: set verbose logging on azure-image: increase size to 30GB 2016-03-10 23:15:52 -08:00			`Logs.Verbose=${if cfg.verboseLogging then "y" else "n"}`
Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00
			`# Root device timeout in seconds.`
			`OS.RootDeviceScsiTimeout=300`
			`'';`

			`services.udev.packages = [ waagent ];`

			`networking.dhcpcd.persistent = true;`

			`services.logrotate = {`
			`enable = true;`
			`config = ''`
			`/var/log/waagent.log {`
			`compress`
			`monthly`
			`rotate 6`
			`notifempty`
			`missingok`
			`}`
			`'';`
			`};`

			`systemd.targets.provisioned = {`
			`description = "Services Requiring Azure VM provisioning to have finished";`
			`};`

virtualization/azure: take entropy handling code out of WALA and execute it before SSHD generates the host keys 2016-03-12 10:09:02 +02:00			`systemd.services.consume-hypervisor-entropy =`
			`{ description = "Consume entropy in ACPI table provided by Hyper-V";`

			`wantedBy = [ "sshd.service" "waagent.service" ];`
			`before = [ "sshd.service" "waagent.service" ];`
			`after = [ "local-fs.target" ];`

			`path = [ pkgs.coreutils ];`
			`script =`
			`''`
			`echo "Fetching entropy..."`
			`cat /sys/firmware/acpi/tables/OEM0 > /dev/random`
			`'';`
			`serviceConfig.Type = "oneshot";`
			`serviceConfig.RemainAfterExit = true;`
			`serviceConfig.StandardError = "journal+console";`
			`serviceConfig.StandardOutput = "journal+console";`
			`};`
Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00
			`systemd.services.waagent = {`
virtualization/azure: reorder WALA and SSHD 2016-03-13 05:25:27 +02:00			`wantedBy = [ "multi-user.target" ];`
treewide: deprecate ip-up.target (#18319) Systemd upstream provides targets for networking. This also includes a target network-online.target. In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup. 2016-09-10 18:03:59 +02:00			`after = [ "network-online.target" "sshd.service" ];`
			`wants = [ "network-online.target" ];`
Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00
azure-agent: add bash to service path. as is often required by linux extensions. 2018-04-17 16:26:04 +02:00			`path = [ pkgs.e2fsprogs pkgs.bash ];`
Azure image: package and add azure agent 2015-12-09 07:30:15 +02:00			`description = "Windows Azure Agent Service";`
			`unitConfig.ConditionPathExists = "/etc/waagent.conf";`
			`serviceConfig = {`
			`ExecStart = "${waagent}/bin/waagent -daemon";`
			`Type = "simple";`
			`};`
			`};`

			`};`

			`}`