Skip to content

feat: install aznfs package on AzureLinux 3.0 #8085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
andyzhangx wants to merge 11 commits into
base: main
Choose a base branch
from
+83 −0
Open

feat: install aznfs package on AzureLinux 3.0 #8085

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
2e1dfb1
feat: install aznfs package on AzureLinux 3.0
andyzhangx Mar 12, 2026
6b047d1
fix: address hbeberman review comments for aznfs install
andyzhangx Mar 28, 2026
e40c8aa
feat: add aznfs RPM to components.json for version tracking
andyzhangx Mar 28, 2026
bca74c5
fix: use pre-downloaded aznfs RPM from VHD instead of downloading at …
andyzhangx Mar 28, 2026
0d80632
fix: address review comments - use dnf_install, improve systemctl err…
andyzhangx Mar 28, 2026
c14d00a
fix: remove ubuntu and flatcar entries from aznfs in components.json
andyzhangx Mar 28, 2026
bbe5248
fix: use arch-aware RPM URL and move aznfs install after download loop
AndyZHYU Apr 10, 2026
a38dcdc
fix: simplify aznfswatchdog disable and import Microsoft RPM GPG key
AndyZHYU Apr 10, 2026
24add77
use sort -V to deterministically pick newest aznfs RPM
andyzhangx Apr 10, 2026
765e71f
fix: address review comments from djsly
andyzhangx Apr 17, 2026
a33bcb4
fix: remove duplicate installAznfsPkgFromPMC call after download loop
andyzhangx Apr 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions parts/common/components.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2230,6 +2230,31 @@
}
}
}
},
{
"name": "aznfs",
"downloadLocation": "/opt/aznfs/downloads",
"downloadURIs": {
"azurelinux": {
"v3.0": {
"versionsV2": [
{
"renovateTag": "<DO_NOT_UPDATE>",
"latestVersion": "3.0.15-1"
Copy link
Copy Markdown
Collaborator

@djsly djsly Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why arent we looking at tracking the versions with renovate ? when would this need to change ?

Copy link
Copy Markdown
Contributor Author

@andyzhangx andyzhangx Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The aznfs package is from PMC (packages.microsoft.com) not the AzureLinux repo, so renovate can't track it. The version is pinned with <DO_NOT_UPDATE> tag and we'd bump it manually when a new version is available. We could add a custom renovate datasource later if this becomes a maintenance burden.

Copy link
Copy Markdown
Collaborator

@djsly djsly Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

renovate support PMC, or I mean we could easily add support for the locaiton of this package

I'm just scared at one point we will loose track of the manual bump

Copy link
Copy Markdown
Contributor Author

@andyzhangx andyzhangx Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's do it manually now since we need to verify the version before auto version bump. we need to make sure the version AB used is stable and won't break first. @djsly

}
],
"downloadURL": "https://packages.microsoft.com/rhel/9/prod/Packages/a/aznfs-${version}.$(uname -m).rpm"
Comment thread
andyzhangx marked this conversation as resolved.
},
Comment thread
andyzhangx marked this conversation as resolved.
"OSGUARD/v3.0": {
"versionsV2": [
{
"renovateTag": "<DO_NOT_UPDATE>",
"latestVersion": "<SKIP>"
}
]
}
}
}
}
],
"OCIArtifacts": [
Expand Down
47 changes: 47 additions & 0 deletions parts/linux/cloud-init/artifacts/mariner/cse_install_mariner.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,53 @@ installKubeletKubectlFromPkg() {
installRPMPackageFromFile "kubectl" $desiredVersion || exit $ERR_KUBECTL_INSTALL_FAIL
}

installAznfsPkgFromPMC() {
Copy link
Copy Markdown
Collaborator

@djsly djsly Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is this package for ? how come it doesnt live in azl3 repo ?

Copy link
Copy Markdown
Contributor Author

@andyzhangx andyzhangx Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is no azl3 package due to GNU TLS dependency, this is only the way to install aznfs package on AzureLinux3, check here: https://learn.microsoft.com/en-us/azure/storage/files/encryption-in-transit-for-nfs-shares?tabs=azure-portal%2CAzureLinux

if [ "$OS_VERSION" != "3.0" ]; then
echo "aznfs package install is only supported on Azure Linux 3.0"
return
fi

# The aznfs RPM is pre-downloaded to /opt/aznfs/downloads during VHD build
Comment thread
andyzhangx marked this conversation as resolved.
# (via components.json). If not found, download it now as a fallback.
local aznfs_download_dir="/opt/aznfs/downloads"
local aznfs_rpm_file
aznfs_rpm_file=$(find "${aznfs_download_dir}" -name "aznfs-*.rpm" -type f 2>/dev/null | sort -V | tail -1)
if [ -z "${aznfs_rpm_file}" ]; then
echo "aznfs RPM not found in ${aznfs_download_dir}, downloading from PMC"
local download_url
download_url=$(getPackageDownloadUrl "aznfs")
if [ -z "${download_url}" ]; then
echo "Error: could not determine aznfs download URL"
exit $ERR_APT_INSTALL_TIMEOUT
fi
mkdir -p "${aznfs_download_dir}"
local aznfs_filename
aznfs_filename=$(basename "${download_url}")
retrycmd_curl_file 120 5 25 "${aznfs_download_dir}/${aznfs_filename}" "${download_url}" || exit $ERR_MS_PROD_DEB_DOWNLOAD_TIMEOUT
Comment thread
andyzhangx marked this conversation as resolved.
aznfs_rpm_file="${aznfs_download_dir}/${aznfs_filename}"
fi
Comment thread
andyzhangx marked this conversation as resolved.

echo "Installing aznfs from pre-downloaded RPM: ${aznfs_rpm_file}"
if ! AZNFS_NONINTERACTIVE_INSTALL=1 dnf_install 30 1 600 "${aznfs_rpm_file}"; then
exit $ERR_APT_INSTALL_TIMEOUT
fi

# Disable aznfs auto-upgrade to respect operator OS update settings and AKS SDP
local aznfs_config="/opt/microsoft/aznfs/data/config"
if [ -f "${aznfs_config}" ]; then
sed -i 's/AUTOUPDATE=.*/AUTOUPDATE=false/' "${aznfs_config}"
echo "Disabled aznfs auto-upgrade in ${aznfs_config}"
fi

# Disable aznfswatchdog since aznfs install enables both aznfswatchdog and aznfswatchdogv4
# services at the same time while we only need aznfswatchdogv4
systemctl disable aznfswatchdog
systemctl stop aznfswatchdog

echo "Importing Microsoft RPM GPG key into RPM database"
gpg --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Microsoft || echo "Warning: failed to import Microsoft RPM GPG key"
Comment thread
andyzhangx marked this conversation as resolved.
Copy link
Copy Markdown
Collaborator

@djsly djsly Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need this ?

Copy link
Copy Markdown
Contributor Author

@andyzhangx andyzhangx Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see #8085 (comment), without this, there would be cert issue when dnf install other packages.

}
Comment thread
andyzhangx marked this conversation as resolved.

installToolFromLocalRepo() {
local tool_name=$1
local tool_download_dir=$2
Expand Down
11 changes: 11 additions & 0 deletions vhdbuilder/packer/install-dependencies.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -521,6 +521,17 @@ while IFS= read -r p; do
"acr-mirror")
# acr-mirror is handled separately below via installAndConfigureArtifactStreaming.
;;
"aznfs")
Copy link
Copy Markdown
Collaborator

@djsly djsly Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should only perform the installAznfsPkgFromPMC in here, and combien the download in the function, no. need to decouple the downlaod and later do the install. if we want to always install it.

Copy link
Copy Markdown
Contributor Author

@andyzhangx andyzhangx Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done — added installAznfsPkgFromPMC call in install-dependencies.sh after the download, so it's combined during VHD build. Also added a fallback download path in the function for cases where the RPM isn't pre-downloaded.

for version in ${PACKAGE_VERSIONS[@]}; do
evaluatedURL=$(evalPackageDownloadURL "${PACKAGE_DOWNLOAD_URL}")
mkdir -p "${downloadDir}"
aznfsFilename=$(basename "${evaluatedURL}")
echo "Downloading aznfs RPM from ${evaluatedURL} to ${downloadDir}/${aznfsFilename}"
retrycmd_curl_file 120 5 25 "${downloadDir}/${aznfsFilename}" "${evaluatedURL}" || exit $ERR_MS_PROD_DEB_DOWNLOAD_TIMEOUT
echo " - aznfs version ${version}" >> ${VHD_LOGS_FILEPATH}
Comment thread
andyzhangx marked this conversation as resolved.
done
installAznfsPkgFromPMC
;;
*)
echo "Package name: ${name} not supported for download. Please implement the download logic in the script."
# We can add a common function to download a generic package here.
Expand Down
Loading