diff --git a/.pipelines/vhd-builder.yaml b/.pipelines/vhd-builder.yaml index 58ce8b558..30dfd1099 100644 --- a/.pipelines/vhd-builder.yaml +++ b/.pipelines/vhd-builder.yaml @@ -6,72 +6,142 @@ trigger: none # - generate SAS link from azure CLI # - POST a new SKU to azure marketplace -variables: - CONTAINER_IMAGE: 'mcr.microsoft.com/oss/azcu/go-dev:v1.34.7' - -pool: - vmImage: 'Ubuntu 18.04' -steps: -- script: | - docker run --rm \ - -v ${PWD}:/go/src/github.com/Azure/aks-engine \ - -w /go/src/github.com/Azure/aks-engine \ - -e CLIENT_ID=${CLIENT_ID} \ - -e CLIENT_SECRET="$(CLIENT_SECRET)" \ - -e TENANT_ID=${TENANT_ID} \ - -e AZURE_VM_SIZE=${AZURE_VM_SIZE} \ - -e AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME} \ - -e AZURE_LOCATION=${AZURE_LOCATION} \ - -e FEATURE_FLAGS=${FEATURE_FLAGS} \ - -e GIT_VERSION=$(Build.SourceVersion) \ - -e BUILD_ID=$(Build.BuildId) \ - -e BUILD_NUMBER=$(Build.BuildNumber) \ - -e UBUNTU_SKU=18.04 \ - ${CONTAINER_IMAGE} make run-packer - displayName: Building VHD -- task: PublishPipelineArtifact@0 - inputs: - artifactName: 'vhd-release-notes' - targetPath: 'release-notes.txt' -- script: | - OS_DISK_SAS="$(cat packer-output | grep "OSDiskUriReadOnlySas:" | cut -d " " -f 2)" && \ - VHD_NAME="$(echo $OS_DISK_SAS | cut -d "/" -f 8 | cut -d "?" -f 1)" && \ - printf "COPY ME ----> ${CLASSIC_BLOB}/${VHD_NAME}?" | tee -a vhd-sas && \ - docker run --rm \ - -v ${PWD}:/go/src/github.com/Azure/aks-engine \ - -w /go/src/github.com/Azure/aks-engine \ - -e CLIENT_ID=${CLIENT_ID} \ - -e CLIENT_SECRET="$(CLIENT_SECRET)" \ - -e TENANT_ID=${TENANT_ID} \ - -e CLASSIC_BLOB=${CLASSIC_BLOB} \ - -e CLASSIC_SAS_TOKEN="$(SAS_TOKEN)" \ - -e OS_DISK_SAS=${OS_DISK_SAS} \ - -e VHD_NAME=${VHD_NAME} \ - ${CONTAINER_IMAGE} make az-copy - displayName: Copying resource to Classic Storage Account - condition: eq(variables.DRY_RUN, 'False') -- script: | - SA_NAME="$(cat packer-output | grep "storage name:" | cut -d " " -f 3)" && \ - docker run --rm \ - -v ${PWD}:/go/src/github.com/Azure/aks-engine \ - -w /go/src/github.com/Azure/aks-engine \ - -e CLIENT_ID=${CLIENT_ID} \ - -e CLIENT_SECRET="$(CLIENT_SECRET)" \ - -e TENANT_ID=${TENANT_ID} \ - -e SA_NAME=${SA_NAME} \ - -e AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME} \ - ${CONTAINER_IMAGE} make delete-sa - displayName: Clean-up Storage Account - condition: always() -- script: | - docker run --rm \ - -v ${PWD}:/go/src/github.com/Azure/aks-engine \ - -w /go/src/github.com/Azure/aks-engine \ - -e CLIENT_ID=${CLIENT_ID} \ - -e CLIENT_SECRET="$(CLIENT_SECRET)" \ - -e TENANT_ID=${TENANT_ID} \ - -e CLASSIC_SA_CONNECTION_STRING="$(CLASSIC_SA_CONNECTION_STRING)" \ - -e START_DATE=${START_DATE} \ - -e EXPIRY_DATE=${EXPIRY_DATE} \ - ${CONTAINER_IMAGE} make generate-sas - displayName: Getting Shared Access Signature URI +jobs: +- job: create_ubuntu_18_04_vhd + variables: + CONTAINER_IMAGE: 'mcr.microsoft.com/oss/azcu/go-dev:v1.34.7' + pool: + vmImage: 'Ubuntu 18.04' + steps: + - script: | + docker run --rm \ + -v ${PWD}:/go/src/github.com/Azure/aks-engine \ + -w /go/src/github.com/Azure/aks-engine \ + -e CLIENT_ID=${CLIENT_ID} \ + -e CLIENT_SECRET="$(CLIENT_SECRET)" \ + -e TENANT_ID=${TENANT_ID} \ + -e AZURE_VM_SIZE=${AZURE_VM_SIZE} \ + -e AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME} \ + -e AZURE_LOCATION=${AZURE_LOCATION} \ + -e FEATURE_FLAGS=${FEATURE_FLAGS} \ + -e GIT_VERSION=$(Build.SourceVersion) \ + -e BUILD_ID=$(Build.BuildId) \ + -e BUILD_NUMBER=$(Build.BuildNumber) \ + -e UBUNTU_SKU=18.04 \ + ${CONTAINER_IMAGE} make run-packer + displayName: Building VHD + - task: PublishPipelineArtifact@0 + inputs: + artifactName: 'vhd-release-notes-18-04' + targetPath: 'release-notes-18.04.txt' + - script: | + OS_DISK_SAS="$(cat packer-output | grep "OSDiskUriReadOnlySas:" | cut -d " " -f 2)" && \ + VHD_NAME="$(echo $OS_DISK_SAS | cut -d "/" -f 8 | cut -d "?" -f 1)" && \ + printf "COPY ME ----> ${CLASSIC_BLOB}/${VHD_NAME}?" | tee -a vhd-sas && \ + docker run --rm \ + -v ${PWD}:/go/src/github.com/Azure/aks-engine \ + -w /go/src/github.com/Azure/aks-engine \ + -e CLIENT_ID=${CLIENT_ID} \ + -e CLIENT_SECRET="$(CLIENT_SECRET)" \ + -e TENANT_ID=${TENANT_ID} \ + -e CLASSIC_BLOB=${CLASSIC_BLOB} \ + -e CLASSIC_SAS_TOKEN="$(SAS_TOKEN)" \ + -e OS_DISK_SAS=${OS_DISK_SAS} \ + -e VHD_NAME=${VHD_NAME} \ + ${CONTAINER_IMAGE} make az-copy + displayName: Copying resource to Classic Storage Account + condition: eq(variables.DRY_RUN, 'False') + - script: | + SA_NAME="$(cat packer-output | grep "storage name:" | cut -d " " -f 3)" && \ + docker run --rm \ + -v ${PWD}:/go/src/github.com/Azure/aks-engine \ + -w /go/src/github.com/Azure/aks-engine \ + -e CLIENT_ID=${CLIENT_ID} \ + -e CLIENT_SECRET="$(CLIENT_SECRET)" \ + -e TENANT_ID=${TENANT_ID} \ + -e SA_NAME=${SA_NAME} \ + -e AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME} \ + ${CONTAINER_IMAGE} make delete-sa + displayName: Clean-up Storage Account + condition: always() + - script: | + docker run --rm \ + -v ${PWD}:/go/src/github.com/Azure/aks-engine \ + -w /go/src/github.com/Azure/aks-engine \ + -e CLIENT_ID=${CLIENT_ID} \ + -e CLIENT_SECRET="$(CLIENT_SECRET)" \ + -e TENANT_ID=${TENANT_ID} \ + -e CLASSIC_SA_CONNECTION_STRING="$(CLASSIC_SA_CONNECTION_STRING)" \ + -e START_DATE=${START_DATE} \ + -e EXPIRY_DATE=${EXPIRY_DATE} \ + ${CONTAINER_IMAGE} make generate-sas + displayName: Getting Shared Access Signature URI +- job: create_ubuntu_20_04_vhd + variables: + CONTAINER_IMAGE: 'mcr.microsoft.com/oss/azcu/go-dev:v1.34.7' + pool: + vmImage: 'Ubuntu 20.04' + steps: + - script: | + docker run --rm \ + -v ${PWD}:/go/src/github.com/Azure/aks-engine \ + -w /go/src/github.com/Azure/aks-engine \ + -e CLIENT_ID=${CLIENT_ID} \ + -e CLIENT_SECRET="$(CLIENT_SECRET)" \ + -e TENANT_ID=${TENANT_ID} \ + -e AZURE_VM_SIZE=${AZURE_VM_SIZE} \ + -e AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME} \ + -e AZURE_LOCATION=${AZURE_LOCATION} \ + -e FEATURE_FLAGS=${FEATURE_FLAGS} \ + -e GIT_VERSION=$(Build.SourceVersion) \ + -e BUILD_ID=$(Build.BuildId) \ + -e BUILD_NUMBER=$(Build.BuildNumber) \ + -e UBUNTU_SKU=20.04 \ + ${CONTAINER_IMAGE} make run-packer-20-04 + displayName: Building VHD + - task: PublishPipelineArtifact@0 + inputs: + artifactName: 'vhd-release-notes-20-04' + targetPath: 'release-notes-20.04.txt' + - script: | + OS_DISK_SAS="$(cat packer-output-20-04 | grep "OSDiskUriReadOnlySas:" | cut -d " " -f 2)" && \ + VHD_NAME="$(echo $OS_DISK_SAS | cut -d "/" -f 8 | cut -d "?" -f 1)" && \ + printf "COPY ME ----> ${CLASSIC_BLOB}/${VHD_NAME}?" | tee -a vhd-sas && \ + docker run --rm \ + -v ${PWD}:/go/src/github.com/Azure/aks-engine \ + -w /go/src/github.com/Azure/aks-engine \ + -e CLIENT_ID=${CLIENT_ID} \ + -e CLIENT_SECRET="$(CLIENT_SECRET)" \ + -e TENANT_ID=${TENANT_ID} \ + -e CLASSIC_BLOB=${CLASSIC_BLOB} \ + -e CLASSIC_SAS_TOKEN="$(SAS_TOKEN)" \ + -e OS_DISK_SAS=${OS_DISK_SAS} \ + -e VHD_NAME=${VHD_NAME} \ + ${CONTAINER_IMAGE} make az-copy + displayName: Copying resource to Classic Storage Account + condition: eq(variables.DRY_RUN, 'False') + - script: | + SA_NAME="$(cat packer-output-20-04 | grep "storage name:" | cut -d " " -f 3)" && \ + docker run --rm \ + -v ${PWD}:/go/src/github.com/Azure/aks-engine \ + -w /go/src/github.com/Azure/aks-engine \ + -e CLIENT_ID=${CLIENT_ID} \ + -e CLIENT_SECRET="$(CLIENT_SECRET)" \ + -e TENANT_ID=${TENANT_ID} \ + -e SA_NAME=${SA_NAME} \ + -e AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME} \ + ${CONTAINER_IMAGE} make delete-sa + displayName: Clean-up Storage Account + condition: always() + - script: | + docker run --rm \ + -v ${PWD}:/go/src/github.com/Azure/aks-engine \ + -w /go/src/github.com/Azure/aks-engine \ + -e CLIENT_ID=${CLIENT_ID} \ + -e CLIENT_SECRET="$(CLIENT_SECRET)" \ + -e TENANT_ID=${TENANT_ID} \ + -e CLASSIC_SA_CONNECTION_STRING="$(CLASSIC_SA_CONNECTION_STRING)" \ + -e START_DATE=${START_DATE} \ + -e EXPIRY_DATE=${EXPIRY_DATE} \ + ${CONTAINER_IMAGE} make generate-sas + displayName: Getting Shared Access Signature URI diff --git a/packer.mk b/packer.mk index 56697a750..55e416421 100644 --- a/packer.mk +++ b/packer.mk @@ -1,6 +1,9 @@ build-packer: @packer build -var-file=vhd/packer/settings.json vhd/packer/vhd-image-builder.json +build-packer-20-04: + @packer build -var-file=vhd/packer/settings.json vhd/packer/vhd-image-builder-20.04.json + build-packer-ubuntu-gen2: @packer build -var-file=vhd/packer/settings.json vhd/packer/vhd-image-builder-ubuntu-gen2.json @@ -16,6 +19,9 @@ az-login: run-packer: az-login @packer version && set -o pipefail && ($(MAKE) init-packer | tee packer-output) && ($(MAKE) build-packer | tee -a packer-output) +run-packer-20-04: az-login + @packer version && set -o pipefail && ($(MAKE) init-packer | tee packer-output-20-04) && ($(MAKE) build-packer-20-04 | tee -a packer-output-20-04) + run-packer-ubuntu-gen2: az-login @packer version && set -o pipefail && ($(MAKE) init-packer | tee packer-output) && ($(MAKE) build-packer-ubuntu-gen2 | tee -a packer-output) diff --git a/parts/k8s/cloud-init/artifacts/cis.sh b/parts/k8s/cloud-init/artifacts/cis.sh index 838476e06..d0f77b863 100644 --- a/parts/k8s/cloud-init/artifacts/cis.sh +++ b/parts/k8s/cloud-init/artifacts/cis.sh @@ -4,8 +4,15 @@ assignRootPW() { if grep '^root:[!*]:' /etc/shadow; then SALT=$(openssl rand -base64 5) SECRET=$(openssl rand -base64 37) - CMD="import crypt, getpass, pwd; print crypt.crypt('$SECRET', '\$6\$$SALT\$')" - HASH=$(python -c "$CMD") + if command -v python; then + CMD="import crypt, getpass, pwd; print crypt.crypt('$SECRET', '\$6\$$SALT\$')" + HASH=$(python -c "$CMD") + elif command -v python3; then + CMD="import crypt, getpass, pwd; print(crypt.crypt('$SECRET', '\$6\$$SALT\$'))" + HASH=$(python3 -c "$CMD") + else + exit 112 + fi echo 'root:'$HASH | /usr/sbin/chpasswd -e || exit 112 fi diff --git a/pkg/engine/templates_generated.go b/pkg/engine/templates_generated.go index b9a853818..5092222c1 100644 --- a/pkg/engine/templates_generated.go +++ b/pkg/engine/templates_generated.go @@ -16166,8 +16166,15 @@ assignRootPW() { if grep '^root:[!*]:' /etc/shadow; then SALT=$(openssl rand -base64 5) SECRET=$(openssl rand -base64 37) - CMD="import crypt, getpass, pwd; print crypt.crypt('$SECRET', '\$6\$$SALT\$')" - HASH=$(python -c "$CMD") + if command -v python; then + CMD="import crypt, getpass, pwd; print crypt.crypt('$SECRET', '\$6\$$SALT\$')" + HASH=$(python -c "$CMD") + elif command -v python3; then + CMD="import crypt, getpass, pwd; print(crypt.crypt('$SECRET', '\$6\$$SALT\$'))" + HASH=$(python3 -c "$CMD") + else + exit 112 + fi echo 'root:'$HASH | /usr/sbin/chpasswd -e || exit 112 fi diff --git a/vhd/packer/vhd-image-builder-20.04.json b/vhd/packer/vhd-image-builder-20.04.json new file mode 100644 index 000000000..2083c87ec --- /dev/null +++ b/vhd/packer/vhd-image-builder-20.04.json @@ -0,0 +1,200 @@ +{ + "variables": { + "client_id": "{{env `AZURE_CLIENT_ID`}}", + "client_secret": "{{env `AZURE_CLIENT_SECRET`}}", + "tenant_id": "{{env `AZURE_TENANT_ID`}}", + "subscription_id": "{{env `AZURE_SUBSCRIPTION_ID`}}", + "location": "{{env `AZURE_LOCATION`}}", + "vm_size": "{{env `AZURE_VM_SIZE`}}", + "build_number": "{{env `BUILD_NUMBER`}}", + "build_id": "{{env `BUILD_ID`}}", + "commit": "{{env `GIT_VERSION`}}", + "feature_flags": "{{env `FEATURE_FLAGS`}}", + "ubuntu_sku": "{{env `UBUNTU_SKU`}}" + }, + "builders": [ + { + "type": "azure-arm", + "client_id": "{{user `client_id`}}", + "client_secret": "{{user `client_secret`}}", + "tenant_id": "{{user `tenant_id`}}", + "subscription_id": "{{user `subscription_id`}}", + "resource_group_name": "{{user `resource_group_name`}}", + "capture_container_name": "aksengine-vhds", + "capture_name_prefix": "aksengine-{{user `create_time`}}", + "storage_account": "{{user `storage_account_name`}}", + "os_type": "Linux", + "os_disk_size_gb": 30, + "image_publisher": "Canonical", + "image_offer": "0001-com-ubuntu-server-focal", + "image_sku": "20_04-lts", + "image_version": "latest", + "azure_tags": { + "os": "Linux", + "now": "{{user `create_time`}}", + "createdBy": "aks-engine-vhd-pipeline" + }, + "location": "{{user `location`}}", + "vm_size": "{{user `vm_size`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "sudo mkdir -p /opt/azure/containers", + "sudo chown -R $USER /opt/azure/containers" + ] + }, + { + "type": "file", + "source": "vhd/packer/cleanup-vhd.sh", + "destination": "/home/packer/cleanup-vhd.sh" + }, + { + "type": "file", + "source": "vhd/packer/packer_source.sh", + "destination": "/home/packer/packer_source.sh" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/cse_install.sh", + "destination": "/home/packer/provision_installs.sh" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/cse_helpers.sh", + "destination": "/home/packer/provision_source.sh" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/cis.sh", + "destination": "/home/packer/cis.sh" + }, + { + "type": "file", + "source": "vhd/packer/install-dependencies.sh", + "destination": "/home/packer/install-dependencies.sh" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/sysctl-d-60-CIS.conf", + "destination": "/home/packer/sysctl-d-60-CIS.conf" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/sshd_config", + "destination": "/home/packer/sshd_config" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/sshd_config_1604", + "destination": "/home/packer/sshd_config_1604" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/rsyslog-d-60-CIS.conf", + "destination": "/home/packer/rsyslog-d-60-CIS.conf" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/etc-issue", + "destination": "/home/packer/etc-issue" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/etc-issue.net", + "destination": "/home/packer/etc-issue.net" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/modprobe-CIS.conf", + "destination": "/home/packer/modprobe-CIS.conf" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/pwquality-CIS.conf", + "destination": "/home/packer/pwquality-CIS.conf" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/pam-d-su", + "destination": "/home/packer/pam-d-su" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/pam-d-common-auth", + "destination": "/home/packer/pam-d-common-auth" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/pam-d-common-password", + "destination": "/home/packer/pam-d-common-password" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/profile-d-cis.sh", + "destination": "/home/packer/profile-d-cis.sh" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/label-nodes.sh", + "destination": "/home/packer/label-nodes.sh" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/label-nodes.service", + "destination": "/home/packer/label-nodes.service" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/apt-preferences", + "destination": "/home/packer/apt-preferences" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/health-monitor.sh", + "destination": "/home/packer/health-monitor.sh" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/docker_clear_mount_propagation_flags.conf", + "destination": "/home/packer/docker_clear_mount_propagation_flags.conf" + }, + { + "type": "file", + "source": "parts/k8s/cloud-init/artifacts/generateproxycerts.sh", + "destination": "/home/packer/generateproxycerts.sh" + }, + { + "type": "file", + "source": "scripts/collect-logs.sh", + "destination": "/home/packer/collect-logs.sh" + }, + { + "type": "file", + "source": "vhd/notice/notice.txt", + "destination": "/home/packer/NOTICE.txt" + }, + { + "type": "shell", + "inline": [ + "sudo FEATURE_FLAGS={{user `feature_flags`}} BUILD_NUMBER={{user `build_number`}} BUILD_ID={{user `build_id`}} COMMIT={{user `commit`}} /bin/bash -ux /home/packer/install-dependencies.sh" + ] + }, + { + "type": "file", + "direction": "download", + "source": "/opt/azure/vhd-install.complete", + "destination": "release-notes-20.04.txt" + }, + { + "type": "shell", + "inline": [ + "sudo /bin/bash -eux /home/packer/cis.sh", + "sudo /bin/bash -eux /home/packer/cleanup-vhd.sh", + "sudo /usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync || exit 125" + ] + } + ] +} diff --git a/vhd/packer/vhd-image-builder.json b/vhd/packer/vhd-image-builder.json index 52d28148d..097d6779b 100644 --- a/vhd/packer/vhd-image-builder.json +++ b/vhd/packer/vhd-image-builder.json @@ -186,7 +186,7 @@ "type": "file", "direction": "download", "source": "/opt/azure/vhd-install.complete", - "destination": "release-notes.txt" + "destination": "release-notes-18.04.txt" }, { "type": "shell",