Open
Conversation
mxj220
requested review from
AbelHu,
Devinwong,
YaoC,
awesomenix,
calvin197,
cameronmeissner,
djsly,
ganeshkumarashok,
juan-lee,
junjiezhang1997,
lilypan26,
pdamianov-dev,
phealy,
r2k1,
timmy-wright,
yewmsft and
zachary-bailey
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
Adds support for installing/upgrading WALinuxAgent via the Azure wireserver manifest and running the install post-deprovision during VHD build, with accompanying VHD validation and regenerated CustomData snapshots.
Changes:
- Update packer deprovision steps to optionally run a post-deprovision WALinuxAgent install script.
- Add
installWALinuxAgent(wireserver/manifest-based) and a VHD content test validating the cached agent + waagent.conf settings. - Add a
walinuxagententry tocomponents.json, update build logging, capture waagent logs in e2e, and regenerate snapshot testdata.
Reviewed changes
Copilot reviewed 51 out of 78 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/vhd-image-builder-mariner.json | Run post-deprovision WALinuxAgent install after waagent deprovision. |
| vhdbuilder/packer/vhd-image-builder-mariner-cvm.json | Same post-deprovision WALinuxAgent install hook (Mariner CVM). |
| vhdbuilder/packer/vhd-image-builder-mariner-arm64.json | Same post-deprovision WALinuxAgent install hook (Mariner arm64). |
| vhdbuilder/packer/vhd-image-builder-cvm.json | Same post-deprovision WALinuxAgent install hook (Ubuntu CVM). |
| vhdbuilder/packer/vhd-image-builder-base.json | Same post-deprovision WALinuxAgent install hook (Ubuntu base). |
| vhdbuilder/packer/vhd-image-builder-arm64-gen2.json | Same post-deprovision WALinuxAgent install hook (Ubuntu arm64 gen2). |
| vhdbuilder/packer/test/linux-vhd-content-test.sh | Add WALinuxAgent validation in VHD content tests. |
| vhdbuilder/packer/pre-install-dependencies.sh | Add OS variant detection. |
| vhdbuilder/packer/install-dependencies.sh | Add walinuxagent handling/logging in package loop. |
| vhdbuilder/packer/cleanup-vhd.sh | Generate post-deprovision WALinuxAgent install script driven by components.json. |
| pkg/agent/testdata/MarinerV2+Kata/CustomData | Regenerated CustomData snapshot. |
| pkg/agent/testdata/MarinerV2+CustomCloud/CustomData | Regenerated CustomData snapshot. |
| pkg/agent/testdata/Flatcar/CustomData.inner | Regenerated CustomData snapshot. |
| pkg/agent/testdata/CustomizedImageLinuxGuard/CustomData | Regenerated CustomData snapshot. |
| pkg/agent/testdata/CustomizedImageKata/CustomData | Regenerated CustomData snapshot. |
| pkg/agent/testdata/CustomizedImage/CustomData | Regenerated CustomData snapshot. |
| parts/linux/cloud-init/artifacts/cse_install.sh | Add manifest-based installWALinuxAgent implementation. |
| parts/common/components.json | Add walinuxagent downloadLocation entry. |
| e2e/vmss.go | Collect /var/log/waagent.log in VM log extraction. |
mxj220
changed the title
awesomenix
reviewed
Mar 2, 2026
|
|
||
| # Step 1: Get the goalstate to find the ExtensionsConfig URL | ||
| local goalstate | ||
| goalstate=$(retrycmd_if_failure 10 5 60 curl -sSf -H "x-ms-agent-name: WALinuxAgent" -H "x-ms-version: 2012-11-30" "${wireserverURL}/machine/?comp=goalstate") || { |
Contributor
There was a problem hiding this comment.
curl has its own retries mechanism, look at the repo and search for --retries
awesomenix
reviewed
Mar 2, 2026
| # GAFamily is the exact version the waagent daemon targets during auto-update. | ||
| # Installing it during VHD build lets the daemon pick it up locally without | ||
| # downloading from the network at provisioning time. | ||
| installWALinuxAgent() { |
Contributor
There was a problem hiding this comment.
i see lot of python used in this function. Why not move all the functionality into a python script and call it? Just makes it easier to read and maintain.
awesomenix
reviewed
Mar 2, 2026
| if [ "$OS_ID" != "FLATCAR" ] && [ "$OS_VARIANT_ID" != "OSGUARD" ]; then | ||
| WALINUXAGENT_DOWNLOAD_DIR="/opt/walinuxagent/downloads" | ||
| WALINUXAGENT_WIRESERVER_URL="http://168.63.129.16:80" | ||
| cat > /opt/azure/containers/post-deprovision-walinuxagent.sh << WALINUXAGENT_SCRIPT |
Contributor
There was a problem hiding this comment.
can you create this file in the repo directly (check it in) instead of creating one on the fly
awesomenix
reviewed
Mar 2, 2026
| @@ -784,7 +784,7 @@ | |||
| "inline": [ | |||
| "sudo /bin/bash -eux /home/packer/cis.sh", | |||
| "sudo /bin/bash -eux /opt/azure/containers/cleanup-vhd.sh", | |||
| "sudo /usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync || exit 125" | |||
| "sudo /bin/bash -c '/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync && if [ -f /opt/azure/containers/post-deprovision-walinuxagent.sh ]; then /bin/bash -eu /opt/azure/containers/post-deprovision-walinuxagent.sh && rm -f /opt/azure/containers/post-deprovision-walinuxagent.sh; fi' || exit 125" | |||
Contributor
There was a problem hiding this comment.
move the whole command into deprovision script for easier debugging
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Upgrades WALinuxAgent through manifest to preserve existing configurations but support the latest features (including FIPS 140-3 compatibility). Upgrading during build means that the customer faces no waagent update delays during AKS boot, as the latest version is baked into the VHD.
This update also blocks the WALinuxAgent from automatically updating afterwards.
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #