Skip to content

Commit 9e26745

Browse files
committed
feat: enable Artifact Streaming on Flatcar
This uses Flatcar's own systemd system extension for overlaybd and Azure Linux's RPM for acr and the configuration scripts. It's not perfect, but we cannot improve on this until acr changes its build process or goes open source. Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
1 parent 3286230 commit 9e26745

File tree

4 files changed

+28
-5
lines changed

4 files changed

+28
-5
lines changed

parts/linux/cloud-init/artifacts/cse_config.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -418,6 +418,7 @@ ensureTeleportd() {
418418
}
419419

420420
ensureArtifactStreaming() {
421+
systemctl unmask overlaybd-{tcmu,snapshotter}.service # Flatcar masks these initially.
421422
retrycmd_if_failure 120 5 25 time systemctl --quiet enable --now acr-mirror overlaybd-tcmu overlaybd-snapshotter
422423
time /opt/acr/bin/acr-config --enable-containerd 'azurecr.io'
423424
}
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
{"ignition":{"version":"3.4.0"},"kernelArguments":{"shouldNotExist":["flatcar.autologin"]},"storage":{"files":[{"path":"/etc/extensions/aks-sysext/usr/lib/extension-release.d/extension-release.aks-sysext","contents":{"compression":"","source":"data:,ID%3Dflatcar%0ASYSEXT_LEVEL%3D1.0%0A"},"mode":420},{"overwrite":true,"path":"/etc/flatcar/update.conf","contents":{"compression":"","source":"data:,SERVER%3Ddisabled%0A"},"mode":420},{"path":"/etc/systemd/system/containerd.service.d/50-default-config.conf","contents":{"compression":"","source":"data:,%5BService%5D%0AEnvironment%3DCONTAINERD_CONFIG%3D%2Fetc%2Fcontainerd%2Fconfig.toml%0A"},"mode":420},{"path":"/etc/tmpfiles.d/protocols.conf","contents":{"compression":"","source":"data:,C%20%2Fetc%2Fprotocols%20-%20-%20-%20-%20%2Fusr%2Fshare%2Fbaselayout%2Fprotocols%0A"},"mode":420},{"overwrite":true,"path":"/etc/nsswitch.conf","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/3yP0U7DMAxF3/0VkXhn7/sbk3o0ookjX4dof4+yFJgGXZ+qe46i45dwEo+nAvTkcX2NWi5nospAX87h9l3SJggNNn8ABFzhkhfCyov2Q4/eTVvd8bN3aFU4DsR8HbRwlrAUUBHvah/TflAHJ4h9pij/CVRNXaNuN/jArMbvgj+MxFcx3F86QjLjPmRMvyfP6U3VKxvn4c2Jm2vWVvwngnhLjD15n74CAAD//8ytimubAQAA"},"mode":420}],"links":[{"path":"/etc/extensions/aks-sysext/usr/local/bin","hard":false,"target":"/opt/bin"}]},"systemd":{"units":[{"dropins":[{"contents":"[Unit]\nConditionPathIsSymbolicLink=\nConditionPathIsSymbolicLink=/etc/ssl/certs/ca-certificates.crt\n","name":"10-ensure-ca-file.conf"}],"enabled":true,"name":"update-ca-certificates.service"}]}}
1+
{"ignition":{"version":"3.4.0"},"kernelArguments":{"shouldNotExist":["flatcar.autologin"]},"storage":{"files":[{"path":"/etc/extensions/aks-sysext/usr/lib/extension-release.d/extension-release.aks-sysext","contents":{"compression":"","source":"data:,ID%3Dflatcar%0ASYSEXT_LEVEL%3D1.0%0A"},"mode":420},{"path":"/etc/flatcar/enabled-sysext.conf","contents":{"compression":"","source":"data:,overlaybd%0A"}},{"overwrite":true,"path":"/etc/flatcar/update.conf","contents":{"compression":"","source":"data:,SERVER%3Ddisabled%0A"},"mode":420},{"path":"/etc/systemd/system/containerd.service.d/50-default-config.conf","contents":{"compression":"","source":"data:,%5BService%5D%0AEnvironment%3DCONTAINERD_CONFIG%3D%2Fetc%2Fcontainerd%2Fconfig.toml%0A"},"mode":420},{"path":"/etc/tmpfiles.d/protocols.conf","contents":{"compression":"","source":"data:,C%20%2Fetc%2Fprotocols%20-%20-%20-%20-%20%2Fusr%2Fshare%2Fbaselayout%2Fprotocols%0A"},"mode":420},{"overwrite":true,"path":"/etc/nsswitch.conf","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/3yP0U7DMAxF3/0VkXhn7/sbk3o0ookjX4dof4+yFJgGXZ+qe46i45dwEo+nAvTkcX2NWi5nospAX87h9l3SJggNNn8ABFzhkhfCyov2Q4/eTVvd8bN3aFU4DsR8HbRwlrAUUBHvah/TflAHJ4h9pij/CVRNXaNuN/jArMbvgj+MxFcx3F86QjLjPmRMvyfP6U3VKxvn4c2Jm2vWVvwngnhLjD15n74CAAD//8ytimubAQAA"},"mode":420}],"links":[{"path":"/etc/extensions/aks-sysext/usr/local/bin","hard":false,"target":"/opt/bin"}]},"systemd":{"units":[{"mask":true,"name":"overlaybd-tcmu.service"},{"mask":true,"name":"overlaybd-snapshotter.service"},{"dropins":[{"contents":"[Unit]\nConditionPathIsSymbolicLink=\nConditionPathIsSymbolicLink=/etc/ssl/certs/ca-certificates.crt\n","name":"10-ensure-ca-file.conf"}],"enabled":true,"name":"update-ca-certificates.service"}]}}

vhdbuilder/packer/flatcar-customdata.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,10 @@ storage:
1111
inline: |
1212
ID=flatcar
1313
SYSEXT_LEVEL=1.0
14+
- path: /etc/flatcar/enabled-sysext.conf
15+
contents:
16+
inline: |
17+
overlaybd
1418
- path: /etc/flatcar/update.conf
1519
mode: 0644
1620
overwrite: true
@@ -60,6 +64,10 @@ storage:
6064
hard: false
6165
systemd:
6266
units:
67+
- name: overlaybd-tcmu.service
68+
mask: true
69+
- name: overlaybd-snapshotter.service
70+
mask: true
6371
- name: update-ca-certificates.service
6472
enabled: true
6573
dropins:

vhdbuilder/packer/install-dependencies.sh

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -467,21 +467,35 @@ installAndConfigureArtifactStreaming() {
467467
MIRROR_DOWNLOAD_PATH="./$1.$2"
468468
MIRROR_PROXY_URL="https://acrstreamingpackage.z5.web.core.windows.net/${MIRROR_PROXY_VERSION}/${PACKAGE_NAME}.${PACKAGE_EXTENSION}"
469469
retrycmd_curl_file 10 5 60 $MIRROR_DOWNLOAD_PATH $MIRROR_PROXY_URL || exit ${ERR_ARTIFACT_STREAMING_DOWNLOAD}
470-
if [ "$2" = "deb" ]; then
470+
471+
if isFlatcar "$OS"; then
472+
bsdtar -C / -xf "${MIRROR_DOWNLOAD_PATH}" opt/ ||
473+
exit $ERR_ARTIFACT_STREAMING_DOWNLOAD
474+
bsdtar -Oxf "${MIRROR_DOWNLOAD_PATH}" usr/lib/systemd/system/acr-mirror.service | install -m0644 /dev/stdin /etc/systemd/system/acr-mirror.service ||
475+
exit $ERR_ARTIFACT_STREAMING_DOWNLOAD
476+
env -C /opt/acr/bin ./acr init --min-init
477+
elif [ "$2" = "deb" ]; then
471478
apt_get_install 30 1 600 $MIRROR_DOWNLOAD_PATH || exit $ERR_ARTIFACT_STREAMING_DOWNLOAD
472479
elif [ "$2" = "rpm" ]; then
473480
dnf_install 30 1 600 $MIRROR_DOWNLOAD_PATH || exit $ERR_ARTIFACT_STREAMING_DOWNLOAD
474481
fi
475482
rm $MIRROR_DOWNLOAD_PATH
476483

477-
/opt/acr/tools/overlaybd/install.sh
484+
if ! isFlatcar "$OS"; then
485+
/opt/acr/tools/overlaybd/install.sh
486+
systemctl link /opt/overlaybd/overlaybd-tcmu.service /opt/overlaybd/snapshotter/overlaybd-snapshotter.service
487+
fi
488+
478489
/opt/acr/tools/overlaybd/config-user-agent.sh azure
479490
/opt/acr/tools/overlaybd/enable-http-auth.sh
480491
/opt/acr/tools/overlaybd/config.sh download.enable false
481492
/opt/acr/tools/overlaybd/config.sh cacheConfig.cacheSizeGB 32
482493
/opt/acr/tools/overlaybd/config.sh exporterConfig.enable true
483494
/opt/acr/tools/overlaybd/config.sh exporterConfig.port 9863
484-
systemctl link /opt/overlaybd/overlaybd-tcmu.service /opt/overlaybd/snapshotter/overlaybd-snapshotter.service
495+
496+
if isFlatcar "$OS"; then
497+
rm -r /opt/acr/tools
498+
fi
485499
}
486500

487501
UBUNTU_MAJOR_VERSION=$(echo $UBUNTU_RELEASE | cut -d. -f1)
@@ -493,7 +507,7 @@ fi
493507
# Artifact Streaming enabled for Azure Linux 2.0 and 3.0
494508
if [ "$OS" = "$MARINER_OS_NAME" ] && [ "$OS_VERSION" = "2.0" ] && ! isARM64; then
495509
installAndConfigureArtifactStreaming acr-mirror-mariner rpm
496-
elif ! isAzureLinuxOSGuard "$OS" "$OS_VARIANT" && [ "$OS" = "$AZURELINUX_OS_NAME" ] && [ "$OS_VERSION" = "3.0" ] && ! isARM64; then
510+
elif isFlatcar "$OS" || { ! isAzureLinuxOSGuard "$OS" "$OS_VARIANT" && [ "$OS" = "$AZURELINUX_OS_NAME" ] && [ "$OS_VERSION" = "3.0" ]; } && ! isARM64; then
497511
installAndConfigureArtifactStreaming acr-mirror-azurelinux3 rpm
498512
fi
499513

0 commit comments

Comments
 (0)