feat: enable Artifact Streaming on Flatcar

parts/linux/cloud-init/artifacts/cse_config.sh

@@ -420,6 +420,7 @@ ensureTeleportd() {
 }
 
 ensureArtifactStreaming() {
+  systemctl unmask overlaybd-{tcmu,snapshotter}.service # Flatcar masks these initially.
   retrycmd_if_failure 120 5 25 time systemctl --quiet enable --now  acr-mirror overlaybd-tcmu overlaybd-snapshotter
   time /opt/acr/bin/acr-config --enable-containerd 'azurecr.io'
 }
@@ -943,7 +944,7 @@ configGPUDrivers() {
 }
 
 validateGPUDrivers() {
-    if [ "$(isARM64)" -eq 1 ]; then
+    if isARM64; then
         return
     fi
 
@@ -968,7 +969,7 @@ validateGPUDrivers() {
 }
 
 ensureGPUDrivers() {
-    if [ "$(isARM64)" -eq 1 ]; then
+    if isARM64; then
         return
     fi
 

parts/linux/cloud-init/artifacts/cse_helpers.sh

@@ -602,11 +602,7 @@ getCPUArch() {
 }
 
 isARM64() {
-    if [ "$(getCPUArch)" = "arm64" ]; then
-        echo 1
-    else
-        echo 0
-    fi
+    [ "$(getCPUArch)" = "arm64" ]
 }
 
 isRegistryUrl() {

parts/linux/cloud-init/artifacts/cse_install.sh

@@ -364,7 +364,7 @@ installCrictl() {
 downloadTeleportdPlugin() {
     DOWNLOAD_URL=$1
     TELEPORTD_VERSION=$2
-    if [ "$(isARM64)" -eq 1 ]; then
+    if isARM64; then
         return
     fi
 
@@ -381,7 +381,7 @@ downloadTeleportdPlugin() {
 }
 
 installTeleportdPlugin() {
-    if [ "$(isARM64)" -eq 1 ]; then
+    if isARM64; then
         return
     fi
 

parts/linux/cloud-init/artifacts/ubuntu/cse_install_ubuntu.sh

@@ -456,7 +456,7 @@ ensureRunc() {
 
     TARGET_VERSION=${1:-""}
 
-    if [ "$(isARM64)" -eq 1 ]; then
+    if isARM64; then
         if [ "${TARGET_VERSION}" = "1.0.0-rc92" ] || [ "${TARGET_VERSION}" = "1.0.0-rc95" ]; then
             # only moby-runc-1.0.3+azure-1 exists in ARM64 ubuntu repo now, no 1.0.0-rc92 or 1.0.0-rc95
             return

vhdbuilder/packer/flatcar-customdata.json

@@ -1 +1 @@
-{"ignition":{"version":"3.4.0"},"kernelArguments":{"shouldNotExist":["flatcar.autologin"]},"storage":{"files":[{"path":"/etc/extensions/aks-sysext/usr/lib/extension-release.d/extension-release.aks-sysext","contents":{"compression":"","source":"data:,ID%3Dflatcar%0ASYSEXT_LEVEL%3D1.0%0A"},"mode":420},{"overwrite":true,"path":"/etc/flatcar/update.conf","contents":{"compression":"","source":"data:,SERVER%3Ddisabled%0A"},"mode":420},{"path":"/etc/systemd/system/containerd.service.d/50-default-config.conf","contents":{"compression":"","source":"data:,%5BService%5D%0AEnvironment%3DCONTAINERD_CONFIG%3D%2Fetc%2Fcontainerd%2Fconfig.toml%0A"},"mode":420},{"path":"/etc/tmpfiles.d/protocols.conf","contents":{"compression":"","source":"data:,C%20%2Fetc%2Fprotocols%20-%20-%20-%20-%20%2Fusr%2Fshare%2Fbaselayout%2Fprotocols%0A"},"mode":420},{"overwrite":true,"path":"/etc/nsswitch.conf","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/3yP0U7DMAxF3/0VkXhn7/sbk3o0ookjX4dof4+yFJgGXZ+qe46i45dwEo+nAvTkcX2NWi5nospAX87h9l3SJggNNn8ABFzhkhfCyov2Q4/eTVvd8bN3aFU4DsR8HbRwlrAUUBHvah/TflAHJ4h9pij/CVRNXaNuN/jArMbvgj+MxFcx3F86QjLjPmRMvyfP6U3VKxvn4c2Jm2vWVvwngnhLjD15n74CAAD//8ytimubAQAA"},"mode":420}],"links":[{"path":"/etc/extensions/aks-sysext/usr/local/bin","hard":false,"target":"/opt/bin"},{"path":"/etc/containerd/config.toml","hard":false,"target":"/usr/share/containerd/config.toml"}]},"systemd":{"units":[{"dropins":[{"contents":"[Unit]\nConditionPathIsSymbolicLink=\nConditionPathIsSymbolicLink=/etc/ssl/certs/ca-certificates.crt\n","name":"10-ensure-ca-file.conf"}],"enabled":true,"name":"update-ca-certificates.service"}]}}
+{"ignition":{"version":"3.4.0"},"kernelArguments":{"shouldNotExist":["flatcar.autologin"]},"storage":{"files":[{"path":"/etc/extensions/aks-sysext/usr/lib/extension-release.d/extension-release.aks-sysext","contents":{"compression":"","source":"data:,ID%3Dflatcar%0ASYSEXT_LEVEL%3D1.0%0A"},"mode":420},{"path":"/etc/flatcar/enabled-sysext.conf","contents":{"compression":"","source":"data:,overlaybd%0A"}},{"overwrite":true,"path":"/etc/flatcar/update.conf","contents":{"compression":"","source":"data:,SERVER%3Ddisabled%0A"},"mode":420},{"path":"/etc/systemd/system/containerd.service.d/50-default-config.conf","contents":{"compression":"","source":"data:,%5BService%5D%0AEnvironment%3DCONTAINERD_CONFIG%3D%2Fetc%2Fcontainerd%2Fconfig.toml%0A"},"mode":420},{"path":"/etc/tmpfiles.d/protocols.conf","contents":{"compression":"","source":"data:,C%20%2Fetc%2Fprotocols%20-%20-%20-%20-%20%2Fusr%2Fshare%2Fbaselayout%2Fprotocols%0A"},"mode":420},{"overwrite":true,"path":"/etc/nsswitch.conf","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/3yP0U7DMAxF3/0VkXhn7/sbk3o0ookjX4dof4+yFJgGXZ+qe46i45dwEo+nAvTkcX2NWi5nospAX87h9l3SJggNNn8ABFzhkhfCyov2Q4/eTVvd8bN3aFU4DsR8HbRwlrAUUBHvah/TflAHJ4h9pij/CVRNXaNuN/jArMbvgj+MxFcx3F86QjLjPmRMvyfP6U3VKxvn4c2Jm2vWVvwngnhLjD15n74CAAD//8ytimubAQAA"},"mode":420}],"links":[{"path":"/etc/extensions/aks-sysext/usr/local/bin","hard":false,"target":"/opt/bin"},{"path":"/etc/containerd/config.toml","hard":false,"target":"/usr/share/containerd/config.toml"}]},"systemd":{"units":[{"mask":true,"name":"overlaybd-tcmu.service"},{"mask":true,"name":"overlaybd-snapshotter.service"},{"dropins":[{"contents":"[Unit]\nConditionPathIsSymbolicLink=\nConditionPathIsSymbolicLink=/etc/ssl/certs/ca-certificates.crt\n","name":"10-ensure-ca-file.conf"}],"enabled":true,"name":"update-ca-certificates.service"}]}}

vhdbuilder/packer/flatcar-customdata.yaml

@@ -11,6 +11,10 @@ storage:
       inline: |
         ID=flatcar
         SYSEXT_LEVEL=1.0
+  - path: /etc/flatcar/enabled-sysext.conf
+    contents:
+      inline: |
+        overlaybd
   - path: /etc/flatcar/update.conf
     mode: 0644
     overwrite: true
@@ -63,6 +67,10 @@ storage:
     hard: false
 systemd:
   units:
+  - name: overlaybd-tcmu.service
+    mask: true
+  - name: overlaybd-snapshotter.service
+    mask: true
   - name: update-ca-certificates.service
     enabled: true
     dropins:

vhdbuilder/packer/install-dependencies.sh

@@ -103,7 +103,7 @@ ForwardToSyslog=yes
 EOF
 capture_benchmark "${SCRIPT_NAME}_install_deps_and_set_configs"
 
-if [ "$(isARM64)" -eq 1 ]; then
+if isARM64; then
   # shellcheck disable=SC3010
   if [[ ${HYPERV_GENERATION,,} == "v1" ]]; then
     echo "No arm64 support on V1 VM, exiting..."
@@ -482,33 +482,47 @@ installAndConfigureArtifactStreaming() {
   MIRROR_DOWNLOAD_PATH="./$1.$2"
   MIRROR_PROXY_URL="https://acrstreamingpackage.z5.web.core.windows.net/${MIRROR_PROXY_VERSION}/${PACKAGE_NAME}.${PACKAGE_EXTENSION}"
   retrycmd_curl_file 10 5 60 $MIRROR_DOWNLOAD_PATH $MIRROR_PROXY_URL || exit ${ERR_ARTIFACT_STREAMING_DOWNLOAD}
-  if [ "$2" = "deb" ]; then
+
+  if isFlatcar "$OS"; then
+    bsdtar -C / -xf "${MIRROR_DOWNLOAD_PATH}" opt/ ||
+      exit $ERR_ARTIFACT_STREAMING_DOWNLOAD
+    bsdtar -Oxf "${MIRROR_DOWNLOAD_PATH}" usr/lib/systemd/system/acr-mirror.service | install -m0644 /dev/stdin /etc/systemd/system/acr-mirror.service ||
+      exit $ERR_ARTIFACT_STREAMING_DOWNLOAD
+    env -C /opt/acr/bin ./acr init --min-init
+  elif [ "$2" = "deb" ]; then
     apt_get_install 30 1 600 $MIRROR_DOWNLOAD_PATH || exit $ERR_ARTIFACT_STREAMING_DOWNLOAD
   elif [ "$2" = "rpm" ]; then
     dnf_install 30 1 600 $MIRROR_DOWNLOAD_PATH || exit $ERR_ARTIFACT_STREAMING_DOWNLOAD
   fi
   rm $MIRROR_DOWNLOAD_PATH
 
-  /opt/acr/tools/overlaybd/install.sh
+  if ! isFlatcar "$OS"; then
+    /opt/acr/tools/overlaybd/install.sh
+    systemctl link /opt/overlaybd/overlaybd-tcmu.service /opt/overlaybd/snapshotter/overlaybd-snapshotter.service
+  fi
+
   /opt/acr/tools/overlaybd/config-user-agent.sh azure
   /opt/acr/tools/overlaybd/enable-http-auth.sh
   /opt/acr/tools/overlaybd/config.sh download.enable false
   /opt/acr/tools/overlaybd/config.sh cacheConfig.cacheSizeGB 32
   /opt/acr/tools/overlaybd/config.sh exporterConfig.enable true
   /opt/acr/tools/overlaybd/config.sh exporterConfig.port 9863
-  systemctl link /opt/overlaybd/overlaybd-tcmu.service /opt/overlaybd/snapshotter/overlaybd-snapshotter.service
+
+  if isFlatcar "$OS"; then
+    rm -r /opt/acr/tools
+  fi
 }
 
 UBUNTU_MAJOR_VERSION=$(echo $UBUNTU_RELEASE | cut -d. -f1)
 # Artifact Streaming enabled for all supported Ubuntu versions including 24.04
-if [ "$OS" = "$UBUNTU_OS_NAME" ] && [ "$(isARM64)" -ne 1 ] && [ "$UBUNTU_MAJOR_VERSION" -ge 20 ]; then
+if [ "$OS" = "$UBUNTU_OS_NAME" ] && ! isARM64 && [ "$UBUNTU_MAJOR_VERSION" -ge 20 ]; then
   installAndConfigureArtifactStreaming acr-mirror-${UBUNTU_RELEASE//.} deb
 fi
 
 # Artifact Streaming enabled for Azure Linux 2.0 and 3.0
-if [ "$OS" = "$MARINER_OS_NAME" ] && [ "$OS_VERSION" = "2.0" ] && [ "$(isARM64)" -ne 1 ]; then
+if [ "$OS" = "$MARINER_OS_NAME" ] && [ "$OS_VERSION" = "2.0" ] && ! isARM64; then
   installAndConfigureArtifactStreaming acr-mirror-mariner rpm
-elif ! isAzureLinuxOSGuard "$OS" "$OS_VARIANT" && [ "$OS" = "$AZURELINUX_OS_NAME" ] && [ "$OS_VERSION" = "3.0" ] && [ "$(isARM64)" -ne 1 ]; then
+elif isFlatcar "$OS" || { ! isAzureLinuxOSGuard "$OS" "$OS_VARIANT" && [ "$OS" = "$AZURELINUX_OS_NAME" ] && [ "$OS_VERSION" = "3.0" ]; } && ! isARM64; then
   installAndConfigureArtifactStreaming acr-mirror-azurelinux3 rpm
 fi
 
@@ -541,7 +555,7 @@ while IFS= read -r imageToBePulled; do
 done <<< "$GPUContainerImages"
 
 # For Ubuntu, pre-pull the CUDA driver image
-if [ $OS = $UBUNTU_OS_NAME ] && [ "$(isARM64)" -ne 1 ]; then  # No ARM64 SKU with GPU now
+if [ $OS = $UBUNTU_OS_NAME ] && ! isARM64; then  # No ARM64 SKU with GPU now
   gpu_action="copy"
 
   while IFS= read -r imageToBePulled; do
@@ -628,7 +642,7 @@ while IFS= read -r imageToBePulled; do
     amd64OnlyVersions=$(echo "${amd64OnlyVersionsStr}" | jq -r ".[]")
   fi
 
-  if [ "$(isARM64)" -eq 1 ]; then
+  if isARM64; then
     versions="${MULTI_ARCH_VERSIONS[*]}"
   else
     versions="${amd64OnlyVersions} ${MULTI_ARCH_VERSIONS[*]}"

vhdbuilder/packer/test/linux-vhd-content-test.sh

@@ -179,7 +179,7 @@ testAcrCredentialProviderInstalled() {
 
 testPackagesInstalled() {
   local test="testPackagesInstalled"
-  if [ "$(isARM64)" -eq 1 ]; then
+  if isARM64; then
     return
   fi
   CPU_ARCH="amd64"
@@ -403,7 +403,7 @@ testImagesPulled() {
       amd64OnlyVersions=$(echo "${amd64OnlyVersionsStr}" | jq -r ".[]")
     fi
 
-    if [ "$(isARM64)" -eq 1 ]; then
+    if isARM64; then
       echo "ARM64 detected, using only multiArchVersions"
       if [ ${#MULTI_ARCH_VERSIONS[@]} -eq 0 ]; then
         echo "Warning: No multi-arch versions found for ARM64"

vhdbuilder/scripts/linux/tool_installs.sh

@@ -57,7 +57,7 @@ getAzCopyCurrentPath() {
     # Download and extract
     local azcopyDownloadURL="https://azcopyvnext.azureedge.net/releases/release-10.22.1-20231220/azcopy_linux_amd64_10.22.1.tar.gz"
     local azcopySha256="7549424d56ab2d8b4033c84c2a9bb167dc2dcbb23998acd7fffb37bc1a71a267"
-    if [ "$(isARM64)" -eq 1 ]; then
+    if isARM64; then
       azcopyDownloadURL="https://azcopyvnext.azureedge.net/releases/release-10.22.1-20231220/azcopy_linux_arm64_10.22.1.tar.gz"
       azcopySha256="4db9a4b48abc7775f1a5d6d928afc42361dcc57bbfcde23ac82e4c419a0dc8fc"
     fi

vhdbuilder/scripts/linux/ubuntu/tool_installs_ubuntu.sh

@@ -80,7 +80,7 @@ installBpftrace() {
     local bpftrace_url="https://upstreamartifacts.azureedge.net/$bpftrace_bin/$version"
     local bpftrace_filepath="/usr/local/bin/$bpftrace_bin"
     local tools_filepath="/usr/local/share/$bpftrace_bin"
-    if [ "$(isARM64)" -eq 1 ]; then
+    if isARM64; then
         # install bpftrace tool using default bpftrace apt package
         # the binary at "$bpftrace_url/$bpftrace_bin" is not for arm64
         if [ ! -f "/usr/sbin/bpftrace" ]; then