azl4: build target and test image definitions#697
Draft
bfjelds wants to merge 14 commits into
Draft
Conversation
bfjelds
force-pushed
the
user/bfjelds/azl4-2-images
branch
from
084346c to
b76b575
Compare
Add the Makefile output targets and the azl4 grub test image definitions (base/update) plus the supporting first-boot scripts and units used to build Azure Linux 4 test images: initrd rebuild, SSH host-key move/regeneration, hostname shim, SELinux xattr stripping, and the testimages.py / builder plumbing to produce them. Stacked on the azl4 runtime PR. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
bfjelds
force-pushed
the
user/bfjelds/azl4-1-runtime
branch
from
fd80756 to
3ac0bb5
Compare
bfjelds
force-pushed
the
user/bfjelds/azl4-2-images
branch
from
b76b575 to
490d136
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Azure Linux 4 (AZL4) VM GRUB test-image definitions and extends the test-image builder plumbing so images can expose multiple output targets (e.g., .cosi + .qcow2) and fetch AZL4 base images from blob storage when needed.
Changes:
- Add AZL4 GRUB base/update image YAML configs plus first-boot/post-customization scripts and a oneshot systemd unit for SSH host-key generation.
- Refactor the Python image builder to support per-image
output_and_configmappings, a--output-typeselector, and blob-sourced base images (BlobImageManifest+ downloader). - Simplify Makefile image build rules into a generalized output-suffix-driven pattern; update pipeline template to stage the SSH public key into the image tree.
Reviewed changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/images/trident-vm-testimage/base/updateimg-grub-azl4.yaml | New AZL4 update-image (COSI) definition for GRUB-based VM testing. |
| tests/images/trident-vm-testimage/base/baseimg-grub-azl4.yaml | New AZL4 bootable base qcow2 definition used by rollback tests. |
| tests/images/trident-vm-testimage/base/scripts/strip-selinux-xattrs.sh | New post-customization script to strip security.selinux xattrs during image build. |
| tests/images/trident-vm-testimage/base/scripts/ssh-move-host-keys-azl4.sh | New AZL4-specific sshd HostKey drop-in configuration script. |
| tests/images/trident-vm-testimage/base/scripts/rebuild-initrd-azl4.sh | New initramfs rebuild script to ensure non-hostonly storage drivers are included. |
| tests/images/trident-vm-testimage/base/scripts/enable-trident-service-azl4.sh | New defensive systemd enablement script for trident units on AZL4 builds. |
| tests/images/trident-vm-testimage/base/scripts/enable-regen-sshd-keys.sh | New script enabling the SSH host-key regeneration oneshot unit. |
| tests/images/trident-vm-testimage/base/files/regen-sshd-keys.service | New systemd oneshot unit to generate SSH host keys under /var/srv on first boot. |
| tests/images/trident-vm-testimage/base/files/hostname-shim.sh | New hostname shim for AZL4 images where the binary is not present. |
| tests/images/testimages.py | Update image definitions to use multi-output configs; add AZL4 VM test image and blob base-image manifest. |
| tests/images/builder/init.py | Introduce Distro, BlobImageManifest, multi-output config mapping, and runtime output selection. |
| tests/images/builder/run.py | Add output-type selection at build time; route blob manifests to blob downloader. |
| tests/images/builder/download.py | Add blob-based base-image downloader; extend MCR download URL selection by distro. |
| tests/images/builder/cli.py | Add --output-type and blob download CLI flags/env defaults. |
| tests/images/builder/builder.py | Update build calls to use the selected output format dynamically. |
| Makefile | Generalize artifacts build pattern to include .qcow2/.vhd and pass output type through to the builder. |
| .pipelines/templates/stages/trident_images/trident-testimg-template.yml | Stage SSH public key into the testimage tree before building. |
…st images The netplan-main generate/configure split defers virtual-device creation to netplan-configure.service (Fedora ships it preset-disabled), and the grub-azl4 base image needs the socket-activated tridentd unit enabled. Enable both in the grub-azl4 base and update test images. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- builder/__init__.py: pass Distro.OTHER via distro= keyword so it maps to the distro field instead of mcr_name for Ubuntu/GB200 entries - builder/download.py: move docstring to first statement so it is a real docstring rather than a no-op expression - rebuild-initrd-azl4.sh: enable nullglob so an empty modules dir yields an empty array and the 0-kernels error arm is reachable - enable-regen-sshd-keys.sh: add set -euo pipefail and mkdir -p the wants directory so enabling fails loudly and works on minimal images - regen-sshd-keys.service: condition on all host key types via OR-negated ConditionPathExists so partial key state still triggers regeneration Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The pattern rule passes the file extension as --output-type, so a .cosi target always resolves to OutputFormat.COSI even for configs that intend OutputFormat.BAREMETAL_IMAGE (both use extension cosi). Echo a note on .cosi builds pointing users who want a baremetal-image COSI to invoke testimages.py directly with --output-type baremetal-image. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
bfjelds
force-pushed
the
user/bfjelds/azl4-2-images
branch
from
9fdf734 to
9e50bd5
Compare
bfjelds
force-pushed
the
user/bfjelds/azl4-2-images
branch
from
898a664 to
e0ce882
Compare
The config_file field on ImageConfig is no longer read; full_yaml_path() derives the YAML from config_path()/output_and_config. Left in place it made show-image <name> config-file return a stale default, so remove it. - show_image: render dict fields one entry per line so show-image <name> output-and-config prints a readable outputtype: yaml mapping instead of a raw dict repr. - README: document show-image <name> base-image with the download step (it identifies which base image to fetch, as the build pipeline does) and show-image <name> output-and-config with the config-edit step (it lists the YAML used for each output type). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
bfjelds
force-pushed
the
user/bfjelds/azl4-2-images
branch
from
e0ce882 to
8559e3d
Compare
- Annotate output_and_config values and config_path() return as Path to match __post_init__ normalization. - Drop stale baseimg-grub-azl4.yaml TODO about trident additionalFiles / inline binary; the config installs the trident-service RPM. - Update enable-trident-service-azl4.sh header: AZL4 now installs the trident-service RPM (units ship with the RPM, not additionalFiles). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Drop module-level logging.basicConfig from the builder library module; cli.py already configures root logging. - Fix set_output_type warning to point at the valid 'baremetal-image' output type (was 'baremetal-cosi', which is not an OutputFormat). - Log the resolved output_format() instead of the raw runtime value so vhd->vhd-fixed / cosi->baremetal-image resolution is visible. - Set distro=Distro.AZL4 on BaseImage.AZL4_QEMU_GUEST. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 18 out of 18 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
tests/images/builder/run.py:36
list-filescurrently prints exactly one output file per image config viaconfig.file_name(), which now only reflects the default output type (first key inoutput_and_config). For configs that declare multiple outputs (e.g. VM images that produce both.cosiand.qcow2),list-fileswill omit valid artifacts and can mislead callers.
Consider listing one target per declared output format instead of only the default.
def list_files(*, configs: List[ImageConfig], output_dir: Path) -> None:
for config in configs:
print(output_dir / config.file_name())
output_format() previously fell back to the first declared output format when --output-type matched no declared format, so make artifacts/<name>.<ext> could complete without producing the requested artifact. It now raises a ValueError listing the supported output extensions for the image. Also simplify config_path() to index output_and_config by the resolved output_format() key, since that key is guaranteed present. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- output_and_config default_factory now returns a Path value to match the dict[OutputFormat, Path] annotation. - Remove unused Distro import from testimages.py (only referenced in commented-out code). - Annotate download_blob_image storage_account/container as Optional[str] to match the None defaults passed from the run layer. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 18 out of 18 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
tests/images/builder/download.py:35
download_base_image()always pulls the amd64 artifact (--platform linux/amd64), which will download the wrong base image when the manifest refers to an ARM64 base image (e.g.BaseImage.CORE_ARM64in tests/images/testimages.py). This makes./testimages.py download-image core_arm64unusable and can silently produce a mismatched VHDX.
Pick the ORAS platform based on the base image name (arm64/aarch64 vs amd64), and pass that into --platform.
"--platform",
"linux/amd64",
],
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
output_format() resolved a requested --output-type purely by file extension. Because ext() collapses baremetal-image->cosi and vhd-fixed->vhd, an explicit request for baremetal-image or vhd-fixed could silently downgrade to a same-extension format (COSI/VHD), and two declared formats sharing an extension could not be selected reliably. Now, when the requested format is baremetal-image or vhd-fixed and that exact format is declared in output_and_config, return it directly; otherwise fall back to extension-based matching to preserve the Makefile's extension-driven selection (--output-type cosi / vhd). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
set_output_type() warned on every --output-type cosi/vhd, even when the image config does not declare the same-extension alternative (BAREMETAL_IMAGE/VHD_FIXED). Gate each warning on the alternative being present in output_and_config so the hint only appears when the ambiguity is real. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Part 2 of the stacked azl4 series. Builds on the runtime PR. Adds the Makefile output targets and azl4 grub test image definitions.
base/updateimg-grub-azl4 test image definitions and thetestimages.py/ builder plumbing to produce them.