Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

Disable Azure VM agent and report VM as ready

Browse Source
This commit is contained in:
Malte Poll 2022-10-21 10:06:02 +02:00 committed by Malte Poll
parent ed9acef9d4
commit f3d78a573f
4 changed files with 109 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cli/internal/terraform/terraform/azure/modules/scale_set/main.tf
View File

@ -24,6 +24,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "scale_set" {
admin_username = "adminuser"
admin_password = random_password.password.result
overprovision = false
provision_vm_agent = false
vtpm_enabled = true
disable_password_authentication = false
upgrade_mode = "Manual"

13
image/mkosi.skeleton/usr/lib/dracut/modules.d/38azure-provision/azure-provisioning.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=Azure Provisioning
After=network-online.target
Wants=network-online.target
ConditionKernelCommandLine=constel.csp=azure
[Service]
Type=oneshot
ExecStart=/usr/local/bin/azure-provisioning
RemainAfterExit=yes
StandardOutput=tty
StandardInput=tty
StandardError=tty

65
image/mkosi.skeleton/usr/lib/dracut/modules.d/38azure-provision/azure-provisioning.sh Executable file
View File

@ -0,0 +1,65 @@
#!/usr/bin/env bash
# source https://learn.microsoft.com/en-us/azure/virtual-machines/linux/no-agent
attempts=1
until [ "$attempts" -gt 5 ]
do
echo "obtaining goal state - attempt $attempts"
goalstate=$(curl --fail -v -X 'GET' -H "x-ms-agent-name: azure-vm-register" \
-H "Content-Type: text/xml;charset=utf-8" \
-H "x-ms-version: 2012-11-30" \
"http://168.63.129.16/machine/?comp=goalstate")
if [ $? -eq 0 ]
then
echo "successfully retrieved goal state"
retrieved_goal_state=true
break
fi
sleep 5
attempts=$((attempts+1))
done
if [ "$retrieved_goal_state" != "true" ]
then
echo "failed to obtain goal state - cannot register this VM"
exit 1
fi
container_id=$(grep ContainerId <<< "$goalstate" | sed 's/\s*<\/*ContainerId>//g' | sed 's/\r$//')
instance_id=$(grep InstanceId <<< "$goalstate" | sed 's/\s*<\/*InstanceId>//g' | sed 's/\r$//')
ready_doc=$(cat << EOF
<?xml version="1.0" encoding="utf-8"?>
<Health xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<GoalStateIncarnation>1</GoalStateIncarnation>
<Container>
<ContainerId>$container_id</ContainerId>
<RoleInstanceList>
<Role>
<InstanceId>$instance_id</InstanceId>
<Health>
<State>Ready</State>
</Health>
</Role>
</RoleInstanceList>
</Container>
</Health>
EOF
)
attempts=1
until [ "$attempts" -gt 5 ]
do
echo "registering with Azure - attempt $attempts"
curl --fail -v -X 'POST' -H "x-ms-agent-name: azure-vm-register" \
-H "Content-Type: text/xml;charset=utf-8" \
-H "x-ms-version: 2012-11-30" \
-d "$ready_doc" \
"http://168.63.129.16/machine?comp=health"
if [ $? -eq 0 ]
then
echo "successfully register with Azure"
break
fi
sleep 5 # sleep to prevent throttling from wire server
done

30
image/mkosi.skeleton/usr/lib/dracut/modules.d/38azure-provision/module-setup.sh Executable file
View File

@ -0,0 +1,30 @@
#!/usr/bin/env bash
# Copyright (c) Edgeless Systems GmbH
#
# SPDX-License-Identifier: AGPL-3.0-only
depends() {
echo systemd
}
install_and_enable_unit() {
unit="$1"; shift
target="$1"; shift
inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit"
mkdir -p "${initdir}${systemdsystemconfdir}/${target}.wants"
ln_r "${systemdsystemunitdir}/${unit}" \
"${systemdsystemconfdir}/${target}.wants/${unit}"
}
install() {
inst_multiple \
bash \
curl \
grep \
sed
inst_script "$moddir/azure-provisioning.sh" \
"/usr/local/bin/azure-provisioning"
install_and_enable_unit "azure-provisioning.service" \
"basic.target"
}