Skip to content

add support for Azure container linux#3577

Merged
nagworld9 merged 7 commits into
Azure:developfrom
mayankfz:mayansingh/add_acl_support
Apr 8, 2026
Merged

add support for Azure container linux#3577
nagworld9 merged 7 commits into
Azure:developfrom
mayankfz:mayansingh/add_acl_support

Conversation

@mayankfz
Copy link
Copy Markdown

@mayankfz mayankfz commented Mar 9, 2026
edited
Loading

Description

This adds support Azure Container Linux, which is derived from Azure Linux, and is compatible with it.

Issue

PR information

  • Ensure development PR is based on the develop branch.
  • If applicable, the PR references the bug/issue that it fixes in the description.
  • New Unit tests were added for the changes made

Quality of Code and Contribution Guidelines

Distro maintenance information, if applicable

  • This is a contribution from a distro maintainer
  • The changes in this PR have been taken as a downstream patch (Note: it is not recommended to patch the agent without upstream review and approval)

@mayankfz mayankfz force-pushed the mayansingh/add_acl_support branch 8 times, most recently from 66767af to 633b88d Compare March 11, 2026 12:36
@mayankfz mayankfz force-pushed the mayansingh/add_acl_support branch 5 times, most recently from c160224 to 205264c Compare March 20, 2026 07:20
@mayankfz
Copy link
Copy Markdown
Author

mayankfz commented Mar 24, 2026
edited
Loading

Attaching the waagent logs
ACL_waagent.log

nagworld9
nagworld9 reviewed Mar 24, 2026
View reviewed changes
Comment thread azurelinuxagent/common/future.py Outdated
Comment thread azurelinuxagent/ga/persist_firewall_rules.py Outdated
@mayankfz
add support for Azure Container Linux
3d7596f 
Signed-off-by: Mayank Singh <mayankfz@gmail.com>
@mayankfz mayankfz force-pushed the mayansingh/add_acl_support branch from d2451b5 to 3d7596f Compare March 26, 2026 03:44
Copilot AI review requested due to automatic review settings March 26, 2026 03:44
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds packaging/runtime support for Microsoft Azure Container Linux (ACL) (derived from Azure Linux) by installing ACL-specific systemd units and agent configuration when building/installing on that distro.

Changes:

  • Update setup.py to select ACL-specific config and systemd units when DISTRO_FULL_NAME indicates Azure Container Linux.
  • Add a new ACL waagent.service systemd unit.
  • Add an ACL systemd drop-in for multi-user.target and an ACL-specific waagent.conf.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File Description
setup.py Adds ACL-specific selection logic and installs extra systemd drop-in for ACL.
init/acl/waagent.service Introduces a new systemd unit for running waagent on ACL.
init/acl/10-waagent-sysext.conf Adds a multi-user.target drop-in intended to keep waagent upheld under sysext usage.
config/acl/waagent.conf Adds ACL-specific agent defaults (provisioning/resource disk/firewall, etc.).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread setup.py Outdated
Comment thread init/acl/waagent.service
Comment thread init/acl/waagent.service Outdated
Comment thread setup.py Outdated
Copilot AI review requested due to automatic review settings March 26, 2026 17:34
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread init/acl/waagent.service
Comment thread setup.py Outdated
@mayankfz mayankfz force-pushed the mayansingh/add_acl_support branch from 9038e1e to 16ad648 Compare March 26, 2026 18:33
@mayankfz
incorporate review comments
5eee74d 
Signed-off-by: Mayank Singh <mayankfz@gmail.com>
Copilot AI review requested due to automatic review settings March 26, 2026 18:46
@narrieta
Copy link
Copy Markdown
Member

narrieta commented Apr 1, 2026

Attaching the waagent logs ACL_waagent.log

We need to address these errors in the log

2026-03-24T03:42:50.204451Z ERROR Daemon Daemon Failed to mount resource disk [ResourceDiskError] unable to detect disk topology
...
2026-03-24T03:42:53.032311Z ERROR ExtHandler ExtHandler Unable to setup the persistent firewall rules: [Errno 30] Read-only file system: '/usr/lib/systemd/system/waagent-network-setup.service'

Copilot AI review requested due to automatic review settings April 2, 2026 14:40
@mayankfz mayankfz force-pushed the mayansingh/add_acl_support branch from 7873258 to ead57b2 Compare April 2, 2026 14:40
@mayankfz
Copy link
Copy Markdown
Author

mayankfz commented Apr 2, 2026

Attaching the waagent logs ACL_waagent.log

We need to address these errors in the log

2026-03-24T03:42:50.204451Z ERROR Daemon Daemon Failed to mount resource disk [ResourceDiskError] unable to detect disk topology
...
2026-03-24T03:42:53.032311Z ERROR ExtHandler ExtHandler Unable to setup the persistent firewall rules: [Errno 30] Read-only file system: '/usr/lib/systemd/system/waagent-network-setup.service'

Fixed.
ACL_waagent_1.log

Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread azurelinuxagent/common/osutil/factory.py Outdated
Comment thread azurelinuxagent/common/osutil/factory.py Outdated
Comment thread setup.py Outdated
Comment thread azurelinuxagent/common/osutil/factory.py Outdated
@mayankfz
incorporate review comments
fc501b4 
Signed-off-by: Mayank Singh <mayankfz@gmail.com>
@mayankfz mayankfz force-pushed the mayansingh/add_acl_support branch from b91c062 to fc501b4 Compare April 2, 2026 15:22
narrieta
narrieta reviewed Apr 2, 2026
View reviewed changes
Comment thread azurelinuxagent/common/osutil/factory.py Outdated
narrieta
narrieta reviewed Apr 2, 2026
View reviewed changes
Comment thread setup.py Outdated
Copilot AI review requested due to automatic review settings April 3, 2026 06:17
@mayankfz mayankfz force-pushed the mayansingh/add_acl_support branch from 3120791 to 54fec45 Compare April 3, 2026 06:17
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread setup.py Outdated
@mayankfz mayankfz force-pushed the mayansingh/add_acl_support branch from 7608c5a to c1ce628 Compare April 3, 2026 06:34
narrieta
narrieta reviewed Apr 3, 2026
View reviewed changes
Comment thread azurelinuxagent/common/osutil/factory.py Outdated
@mayankfz
review comments
08be6ef 
Signed-off-by: Mayank Singh <mayankfz@gmail.com>
Copilot AI review requested due to automatic review settings April 3, 2026 16:18
@mayankfz mayankfz force-pushed the mayansingh/add_acl_support branch from c1ce628 to 08be6ef Compare April 3, 2026 16:18
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread azurelinuxagent/common/osutil/factory.py Outdated
Comment on lines +152 to +153
# For Azure Container Linux, distro_name is "azurelinux" and distro_full_name is "Microsoft Azure Container Linux".
if distro_name == "azurelinux" and distro_full_name == "Microsoft Azure Container Linux":
Copy link

Copilot AI Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACL selection relies on an exact match of distro_full_name ("Microsoft Azure Container Linux"). If the full name differs (extra version/build text, casing, etc.), the agent will fall back to MarinerOSUtil, which uses a different systemd unit install path (/usr/lib/systemd/system) and may be incompatible with ACL’s stated read-only /usr requirement. Consider switching this check to a more tolerant match (e.g., substring/case-insensitive) or a stable identifier rather than the full, human-readable name.

Suggested change
# For Azure Container Linux, distro_name is "azurelinux" and distro_full_name is "Microsoft Azure Container Linux".
if distro_name == "azurelinux" and distro_full_name == "Microsoft Azure Container Linux":
# For Azure Container Linux, distro_name is "azurelinux" and distro_full_name contains
# "Microsoft Azure Container Linux" (it may include additional version/build information).
normalized_distro_full_name = (distro_full_name or "").lower()
if distro_name == "azurelinux" and "azure container linux" in normalized_distro_full_name:

Copilot uses AI. Check for mistakes.
Comment thread azurelinuxagent/common/osutil/acl.py
Comment on lines +18 to +21
# Azure Container Linux (ACL) is an immutable, sysext-based distro derived
# from Flatcar. This osutil is a standalone copy of MarinerOSUtil with
# ACL-specific overrides so that future Azure-Linux changes do not
# inadvertently affect the immutable ACL image.
Copy link

Copilot AI Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The module header says ACL is "derived from Flatcar", but the PR description states ACL is derived from Azure Linux. This inconsistency makes it unclear what behavior/assumptions this OSUtil should follow (e.g., Flatcar/CoreOS vs Azure Linux/Mariner). Please align the comment (or the PR description) to the correct lineage to avoid future maintenance mistakes.

Copilot uses AI. Check for mistakes.
narrieta
narrieta reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@narrieta narrieta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mayankfz
update distro name for ACL as azurecontainerlinux in waagent
88fa537 
Signed-off-by: Mayank Singh <mayankfz@gmail.com>
@mayankfz mayankfz force-pushed the mayansingh/add_acl_support branch from 9fa7056 to 88fa537 Compare April 8, 2026 11:25
@mayankfz
Copy link
Copy Markdown
Author

mayankfz commented Apr 8, 2026

@narrieta Now the waagent --version on ACL will look like - >

image

@nagworld9 nagworld9 merged commit f17af5a into Azure:develop Apr 8, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@narrieta narrieta narrieta approved these changes

@nagworld9 nagworld9 nagworld9 approved these changes

@ZhidongPeng ZhidongPeng Awaiting requested review from ZhidongPeng

@maddieford maddieford Awaiting requested review from maddieford maddieford is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mayankfz @nagworld9 @narrieta