Add support for diagnostics-server to Azure

Signed-off-by: Nathan LeClaire <[email protected]>

Author: nathanleclaire

aws/dockerfiles/files/bin/docker-diagnose

@@ -1,7 +1,54 @@
 #!/bin/sh
 
+set -e
+
 DIAGNOSTICS_MAGIC_PORT=44554
-NODES=$(docker node inspect $(docker node ls -q) | jq -r '.[] | .Description.Hostname' | tr '\n' ' ')
+
+platform()
+{
+	# TODO: This will need to be changed if the current configuration of
+	# system containers are not invoked via 'docker run' anymore
+	#
+	# (and/or might be more elegant to pass in the platform via environment
+	# variables, etc.)
+	PLATFORM=$(docker images | grep aws)
+	if [ $? -eq 0 ]
+		echo "aws"
+	then
+		echo "azure"
+	fi
+}
+
+node_hostnames()
+{
+	docker node inspect $(docker node ls -q) | jq -r '.[] | .Description.Hostname'
+}
+
+azure_resolver()
+{
+	# Sample /etc/resolv.conf on Azure:
+	#
+	# # Generated by dhcpcd from eth0.dhcp
+	# # /etc/resolv.conf.head can replace this line
+	# domain zopqyteo2tpuxc1cyzroivpijh.gx.internal.cloudapp.net
+	# nameserver 168.63.129.16
+	# # /etc/resolv.conf.tail can replace this line
+	#
+	cat /etc/resolv.conf | grep domain | awk '{ print $2; }'
+}
+
+if [ "$(platform)" = "aws" ]
+then
+	NODES=$(node_hostnames)
+else
+	# We need to append to the hostnames with the DNS resolver address, or
+	# else they won't resolve properly.
+	#
+	# We could potentially modify swarm to accept a "hostname" (more
+	# properly nodename) type flag on join, but no such option seems
+	# available today.
+	NODES=$(node_hostnames | sed -e "s/$/.$(azure_resolver)/")
+fi
 
 # Session is set to a pseudo-random string combined with the current timestamp.
 # This should minimize the probability of collision while also providing

azure/dockerfiles/walinuxagent/Dockerfile

@@ -20,7 +20,7 @@ RUN apk add --no-cache --update \
 
 # Windows Azure Linux agent section
 RUN pip install pyasn1
-ENV AGENT_REVISION ef3d68857cf08b65bbe7dfeb7a811cc9f1aa5bc1
+ENV AGENT_REVISION 5d66b1c923fcccf1f00b6004627f7f3d46172142
 
 # TODO: Move back to upstream (a PR is out for this on the Azure agent --
 # https://github.com/Azure/WALinuxAgent/pull/341), for now we have to use this
@@ -35,7 +35,7 @@ RUN cp bin/* /usr/sbin/
 # TODO: If upstream shell Dockerfile changes this will also need to be changed.
 # Should be implemented more elegantly.
 RUN mkdir /daemons && \
-    mv /entry.sh /daemons/sshd-entrypoint.sh && \
+    rm /entry.sh && \
     mv /etc/ssh/sshd_config /opt/sshd_config && \
     mv /etc/motd /opt/motd
 

azure/dockerfiles/walinuxagent/Makefile

@@ -1,7 +1,9 @@
+TAG := latest
+
 default: build
 
 build:
-	docker build -t docker4x/agent-azure .
+	docker build -t docker4x/agent-azure:$(TAG) .
 
 push: build
-	docker push docker4x/agent-azure
+	docker push docker4x/agent-azure:$(TAG)

azure/dockerfiles/walinuxagent/supervisord.conf

@@ -11,7 +11,7 @@ user=root
 childlogdir=/var/log/
 
 [program:sshd]
-command=bash -c "sleep 5; /daemons/sshd-entrypoint.sh /usr/sbin/sshd -D -f /etc/ssh/sshd_config"
+command=bash -c "sleep 5; /usr/sbin/sshd -D -f /etc/ssh/sshd_config"
 startretries=100
 autorestart=true
 

azure/release/files/custom-data_manager.sh

@@ -26,4 +26,4 @@ docker run --log-driver=json-file  --restart=no -d -e ROLE="$ROLE" -e REGION="$R
 docker run --log-driver=json-file  --restart=always -d -e ROLE="$ROLE" -e REGION="$REGION" -e TENANT_ID="$TENANT_ID" -e APP_ID="$APP_ID" -e APP_SECRET="$APP_SECRET" -e ACCOUNT_ID="$ACCOUNT_ID" -e GROUP_NAME="$GROUP_NAME" -e PRIVATE_IP="$MANAGER_IP" -e DOCKER_FOR_IAAS_VERSION="$DOCKER_FOR_IAAS_VERSION" -e SWARM_INFO_TABLE="$SWARM_INFO_TABLE" -e SWARM_INFO_STORAGE_ACCOUNT="$SWARM_INFO_STORAGE_ACCOUNT" -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker -v /var/log:/var/log docker4x/guide-azure:"$DOCKER_FOR_IAAS_VERSION"
 echo default: "$LB_NAME" >> /var/lib/docker/swarm/elb.config
 echo "$LB_NAME" > /var/lib/docker/swarm/lb_name
-docker run --log-driver=json-file  -v /var/run/docker.sock:/var/run/docker.sock  -v /var/lib/docker/swarm:/var/lib/docker/swarm --name=editions_controller docker4x/l4controller-azure:"$DOCKER_FOR_IAAS_VERSION" run --ad_app_id="$APP_ID" --ad_app_secret="$APP_SECRET" --subscription_id="$SUB_ID" --resource_group="$GROUP_NAME" --log=4 --default_lb_name="$LB_NAME" --environment=AzurePublicCloud
+docker run -d --log-driver=json-file  -v /var/run/docker.sock:/var/run/docker.sock  -v /var/lib/docker/swarm:/var/lib/docker/swarm --name=editions_controller docker4x/l4controller-azure:"$DOCKER_FOR_IAAS_VERSION" run --ad_app_id="$APP_ID" --ad_app_secret="$APP_SECRET" --subscription_id="$SUB_ID" --resource_group="$GROUP_NAME" --log=4 --default_lb_name="$LB_NAME" --environment=AzurePublicCloud

azure/templates/editions.template.json

@@ -342,6 +342,20 @@
               "direction": "Inbound"
             }
           },
+          {
+            "name": "diagnostics",
+            "properties": {
+              "description": "Allow communication for the diagnostics server",
+              "protocol": "Tcp",
+              "sourcePortRange": "*",
+              "destinationPortRange": "44554",
+              "sourceAddressPrefix": "[variables('subnetPrefix')]",
+              "destinationAddressPrefix": "[variables('subnetPrefix')]",
+              "access": "Allow",
+              "priority": 205,
+              "direction": "Inbound"
+            }
+          },
           {
             "name": "docker-port",
             "properties": {
@@ -352,7 +366,7 @@
               "sourceAddressPrefix": "[variables('subnetPrefix')]",
               "destinationAddressPrefix": "[variables('subnetPrefix')]",
               "access": "Allow",
-              "priority": 205,
+              "priority": 206,
               "direction": "Inbound"
             }
           }