fix: Pipeline agent image update from 18.04 to 22.04 | AzSecPack (#2327)

* Use ResolveCtl for Ubuntu22.04

* test: debug

* test: XDG dir

* ci: Remove sudo for testvalidate

* ci: remove sudo dualstack

* ci: remove test scripts

* fix: lint

---------

Co-authored-by: Sheyla Trudo <[email protected]>

Author: jpayne3506

.pipelines/containers/manifest-template.yaml

@@ -19,9 +19,16 @@ steps:
     retryCountOnTaskFailure: 3
 
   - script: |
-      set -e
+      set -ex
+      echo "checking XDG_RUNTIME_DIR"
+      echo $XDG_RUNTIME_DIR
       make ${{ parameters.name }}-manifest-push
       mkdir -p $(Build.ArtifactStagingDirectory)/images
+
+      echo "setting XDG_RUNTIME_DIR"
+      export XDG_RUNTIME_DIR=/run/user/$(id -u)
+      echo $XDG_RUNTIME_DIR
+
       make ${{ parameters.name }}-skopeo-archive IMAGE_ARCHIVE_DIR=$(Build.ArtifactStagingDirectory)/images
     name: manifest_push
     displayName: Manifest Push

.pipelines/singletenancy/azure-cni-overlay/azure-cni-overlay-e2e-step-template.yaml

@@ -99,7 +99,7 @@ steps:
         make -C ./hack/aks azcfg AZCLI=az REGION=$(REGION_AKS_CLUSTER_TEST)
         kubectl get pods -owide -A
         echo "Validating Node Restart"
-        sudo CNI_TYPE=cniv2 RESTART_CASE=true go test -timeout 30m -tags load -run ^TestValidateState$
+        CNI_TYPE=cniv2 RESTART_CASE=true go test -timeout 30m -tags load -run ^TestValidateState$
     displayName: "Validate Node Restart"
     retryCountOnTaskFailure: 3
 
@@ -108,12 +108,12 @@ steps:
       kubectl get pod -owide -A
       echo "validate pod state before CNS restarts"
       cd test/integration/load
-      sudo CNI_TYPE=cniv2 go test -timeout 30m -tags load -run ^TestValidateState$
+      CNI_TYPE=cniv2 go test -timeout 30m -tags load -run ^TestValidateState$
       kubectl rollout restart ds azure-cns -n kube-system
       kubectl rollout status ds azure-cns -n kube-system
       kubectl get pod -owide -A
       echo "validate pods after CNS restart"
-      sudo CNI_TYPE=cniv2 go test -timeout 30m -tags load -run ^TestValidateState$
+      CNI_TYPE=cniv2 go test -timeout 30m -tags load -run ^TestValidateState$
     name: "restartCNS_ValidatePodState"
     displayName: "Restart CNS and validate pod state"
     retryCountOnTaskFailure: 3

.pipelines/singletenancy/dualstack-overlay/dualstackoverlay-e2e-step-template.yaml

@@ -56,16 +56,16 @@ steps:
       set -e
       cd test/integration/load
       echo "DualStack Overlay Linux control plane Node properties test"
-      sudo CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestDualStackProperties$
+      CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestDualStackProperties$
       echo "DualStack Overlay Linux control plane Load test"
-      sudo go test -timeout 30m -tags load -run ^TestLoad$
+      go test -timeout 30m -tags load -run ^TestLoad$
       echo "DualStack Overlay Linux control plane CNS validation test"
-      sudo CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestValidateState$
+      CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestValidateState$
       cd ../datapath
       echo "Dualstack Overlay Linux datapath IPv6 test"
-      sudo go test -count=1 datapath_linux_test.go -timeout 3m -tags connection -run ^TestDatapathLinux$ -tags=connection,integration -isDualStack=true
+      go test -count=1 datapath_linux_test.go -timeout 3m -tags connection -run ^TestDatapathLinux$ -tags=connection,integration -isDualStack=true
       echo "Dualstack Overlay Linux datapath IPv4 test"
-      sudo go test -count=1 datapath_linux_test.go -timeout 3m -tags connection -run ^TestDatapathLinux$ -tags=connection,integration
+      go test -count=1 datapath_linux_test.go -timeout 3m -tags connection -run ^TestDatapathLinux$ -tags=connection,integration
       echo "cleaning up load-test namespace"
       kubectl delete ns load-test
     retryCountOnTaskFailure: 3
@@ -100,7 +100,7 @@ steps:
         make -C ./hack/aks azcfg AZCLI=az REGION=$(REGION_DUALSTACKOVERLAY_CLUSTER_TEST)
         kubectl get pods -A
         echo "Validating Node Restart"
-        sudo CNI_TYPE=dualstack RESTART_CASE=true go test -timeout 30m -tags load -run ^TestValidateState$
+        CNI_TYPE=dualstack RESTART_CASE=true go test -timeout 30m -tags load -run ^TestValidateState$
     displayName: "Validate Node Restart"
     retryCountOnTaskFailure: 3
 
@@ -109,12 +109,12 @@ steps:
       kubectl get pod -owide -A
       echo "validate pod state before CNS restarts"
       cd test/integration/load
-      sudo CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestValidateState$
+      CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestValidateState$
       kubectl rollout restart ds azure-cns -n kube-system
       kubectl rollout status ds azure-cns -n kube-system
       kubectl get pod -owide -A
       echo "validate pods after CNS restarts"
-      sudo CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestValidateState$
+      CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestValidateState$
     name: "restartCNS_ValidatePodState"
     displayName: "Restart CNS and Validate Pod State"
     retryCountOnTaskFailure: 3

Makefile

@@ -499,7 +499,7 @@ manifest-push: # util target to push multiarch container manifest.
 	$(CONTAINER_BUILDER) manifest push --all $(IMAGE_REGISTRY)/$(IMAGE):$(TAG) docker://$(IMAGE_REGISTRY)/$(IMAGE):$(TAG)
 
 manifest-skopeo-archive: # util target to export tar archive of multiarch container manifest.
-	skopeo copy --all docker://$(IMAGE_REGISTRY)/$(IMAGE):$(TAG) oci-archive:$(IMAGE_ARCHIVE_DIR)/$(IMAGE)-$(TAG).tar
+	skopeo copy --all docker://$(IMAGE_REGISTRY)/$(IMAGE):$(TAG) oci-archive:$(IMAGE_ARCHIVE_DIR)/$(IMAGE)-$(TAG).tar --debug
 
 ## Build specific multiplat images.
 

network/network_linux.go

@@ -4,7 +4,6 @@
 package network
 
 import (
-	"errors"
 	"fmt"
 	"net"
 	"strconv"
@@ -16,6 +15,7 @@ import (
 	"github.com/Azure/azure-container-networking/network/networkutils"
 	"github.com/Azure/azure-container-networking/ovsctl"
 	"github.com/Azure/azure-container-networking/platform"
+	"github.com/pkg/errors"
 	"go.uber.org/zap"
 	"golang.org/x/sys/unix"
 )
@@ -39,6 +39,8 @@ const (
 	LocalIPKey = "localIP"
 	// InfraVnetIPKey key for infra vnet
 	InfraVnetIPKey = "infraVnetIP"
+	// Ubuntu Release Version for checking which command to use.
+	Ubuntu22 = "22.04"
 )
 
 const (
@@ -243,13 +245,72 @@ func isGreaterOrEqaulUbuntuVersion(versionToMatch int) bool {
 	return false
 }
 
+func (nm *networkManager) systemVersion() (string, error) {
+	osVersion, err := nm.plClient.ExecuteCommand("lsb_release -rs")
+	if err != nil {
+		return osVersion, errors.Wrap(err, "error retrieving the system distribution version")
+	}
+	return osVersion, nil
+}
+
+func (nm *networkManager) addDomain(ifName, domain string) (string, error) {
+	osVersion, err := nm.systemVersion()
+	if err != nil {
+		return osVersion, err
+	}
+
+	var cmd string
+	switch {
+	case strings.HasPrefix(osVersion, Ubuntu22):
+		cmd = fmt.Sprintf("resolvectl domain %s %s", ifName, domain)
+	default:
+		cmd = fmt.Sprintf("systemd-resolve --interface %s --set-domain %s", ifName, domain)
+	}
+	return cmd, nil
+}
+
+func (nm *networkManager) addDNSServers(ifName string, dnsServers []string) (string, error) {
+	osVersion, err := nm.systemVersion()
+	if err != nil {
+		return osVersion, err
+	}
+
+	var cmd string
+	switch {
+	case strings.HasPrefix(osVersion, Ubuntu22):
+		cmd = fmt.Sprintf("resolvectl dns %s %s", ifName, strings.Join(dnsServers, " "))
+	default:
+		cmd = fmt.Sprintf("systemd-resolve --interface %s %s", ifName, strings.Join(dnsServers, "--set-dns "))
+	}
+	return cmd, nil
+}
+
+func (nm *networkManager) ifNameStatus(ifName string) (string, error) {
+	osVersion, err := nm.systemVersion()
+	if err != nil {
+		return osVersion, err
+	}
+	var cmd string
+	switch {
+	case strings.HasPrefix(osVersion, Ubuntu22):
+		cmd = fmt.Sprintf("resolvectl status %s", ifName)
+	default:
+		cmd = fmt.Sprintf("systemd-resolve --status %s", ifName)
+	}
+	return cmd, nil
+}
+
 func (nm *networkManager) readDNSInfo(ifName string) (DNSInfo, error) {
 	var dnsInfo DNSInfo
 
-	cmd := fmt.Sprintf("systemd-resolve --status %s", ifName)
+	cmd, err := nm.ifNameStatus(ifName)
+	if err != nil {
+		return dnsInfo, errors.Wrap(err, "Error generating interface name status cmd")
+	}
+
 	out, err := nm.plClient.ExecuteCommand(cmd)
 	if err != nil {
-		return dnsInfo, err
+		return dnsInfo, errors.Wrapf(err, "Error executing interface status with cmd %s", cmd)
 	}
 
 	logger.Info("console output for above cmd", zap.Any("out", out))
@@ -333,7 +394,8 @@ func (nm *networkManager) applyIPConfig(extIf *externalInterface, targetIf *net.
 
 func (nm *networkManager) applyDNSConfig(extIf *externalInterface, ifName string) error {
 	var (
-		setDnsList string
+		setDNSList []string
+		cmd        string
 		err        error
 	)
 
@@ -344,21 +406,31 @@ func (nm *networkManager) applyDNSConfig(extIf *externalInterface, ifName string
 				continue
 			}
 
-			buf := fmt.Sprintf("--set-dns=%s", server)
-			setDnsList = setDnsList + " " + buf
+			setDNSList = append(setDNSList, server)
 		}
 
-		if setDnsList != "" {
-			cmd := fmt.Sprintf("systemd-resolve --interface=%s%s", ifName, setDnsList)
+		if len(setDNSList) > 0 {
+			cmd, err = nm.addDNSServers(ifName, setDNSList)
+			if err != nil {
+				return errors.Wrap(err, "Error generating add DNS Servers cmd")
+			}
+
 			_, err = nm.plClient.ExecuteCommand(cmd)
 			if err != nil {
-				return err
+				return errors.Wrapf(err, "Error executing add DNS Servers with cmd %s", cmd)
 			}
 		}
 
 		if extIf.DNSInfo.Suffix != "" {
-			cmd := fmt.Sprintf("systemd-resolve --interface=%s --set-domain=%s", ifName, extIf.DNSInfo.Suffix)
+			cmd, err = nm.addDomain(ifName, extIf.DNSInfo.Suffix)
+			if err != nil {
+				return errors.Wrap(err, "Error generating add domain cmd")
+			}
+
 			_, err = nm.plClient.ExecuteCommand(cmd)
+			if err != nil {
+				return errors.Wrapf(err, "Error executing add Domain with cmd %s", cmd)
+			}
 		}
 
 	}