rpms/WALinuxAgent
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import OL WALinuxAgent-2.13.1.1-3.0.1.el9_7.2

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-03-02 02:56:50 -05:00
parent 53f6cb07ba
commit 23a678dbec
13 changed files with 373 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
SOURCES/0100-add-oracle-support.patch Normal file
View File

@ -0,0 +1,31 @@
From 246586f31209b70667b494db30c847c5b87fe7a3 Mon Sep 17 00:00:00 2001
From: Darren Archibald <darren.archibald@oracle.com>
Date: Wed, 21 Sep 2022 05:40:34 -0700
Subject: [PATCH] Add Oracle support
Add oracle support to fix waagent.service build issue
Signed-off-by: Darren Archibald <darren.archibald@oracle.com>
Updated for OL9.7
Signed-off-by: Mark Will <mark.will@oracle.com>
---
setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index cf6e90b..f2a49f1 100755
--- a/setup.py
+++ b/setup.py
@@ -97,7 +97,7 @@ def get_data_files(name, version, fullname): # pylint: disable=R0912
systemd_dir_path = osutil.get_systemd_unit_file_install_path()
agent_bin_path = osutil.get_agent_bin_path()
- if name in ('redhat', 'rhel', 'centos', 'almalinux', 'cloudlinux', 'rocky'):
+ if name in ('redhat', 'rhel', 'centos', 'almalinux', 'cloudlinux', 'rocky', 'oracle'):
if version.startswith("8") or version.startswith("9"):
# redhat8+ default to py3
set_bin_files(data_files, dest=agent_bin_path,
--
2.27.0

1
SOURCES/90-tpm2-import.rules Normal file
View File

@ -0,0 +1 @@
SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/usr/sbin/tpm2-luks-import.sh /dev/$name"

18
SOURCES/module-setup-cvm.sh Normal file
View File

@ -0,0 +1,18 @@
#!/usr/bin/bash
# SPDX-License-Identifier: GPL-2.0-or-later
check() {
return 0
}
depends() {
echo tpm2-tss
return 0
}
install() {
inst_multiple -o \
cryptsetup cut mktemp base64 uname hexdump \
tpm2_flushcontext tpm2_import tpm2_load tpm2_unseal tpm2_create tpm2_createprimary \
/usr/sbin/tpm2-luks-import.sh /lib/udev/rules.d/90-tpm2-import.rules
}

0
SOURCES/module-setup.sh → SOURCES/module-setup-udev.sh
View File

74
SOURCES/tpm2-luks-import.sh Normal file
View File

@ -0,0 +1,74 @@
#! /bin/bash -e
#
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# This script goes through all 'tpm2-import' tokens and converts them
# to 'systemd-tpm2' ones.
#
getval () {
grep ^\"$2\" $1 | cut -f 2 -d ':' | sed 's/\"//g'
}
if [[ ! -b "$1" ]]; then
echo "Device $1 does not exist!" 1>&2
exit 1
fi
/usr/sbin/cryptsetup luksDump "$1" | sed -n '/^Tokens:/,/^Digests:/p' | grep ' tpm2-import' | cut -d ':' -f 1 | while read tokenid; do
echo "Importing token $tokenid from $1"
token=`mktemp`
/usr/sbin/cryptsetup token export --token-id "$tokenid" "$1" | sed -e 's/[{}]/''/g' -e 's/\[//g' -e 's/\]//g' -e 's/,\"/\n"/g' > "$token"
tempdir=`mktemp -d`
pushd "$tempdir" > /dev/null
# Save token data to inidividual files to process them with tpm2-tools
getval "$token" "parent_pub" | base64 -d > parent.pub
getval "$token" "parent_prv" | base64 -d > parent.prv
getval "$token" "parent_seed" | base64 -d > parent.seed
getval "$token" "seal_pub" | base64 -d > seal.pub
getval "$token" "seal_prv" | base64 -d > seal.prv
getval "$token" "pcrpolicy_dat" | base64 -d > pcrpolicy.dat
if [ ! -z `getval "$token" "unique_dat"` ]; then
getval "$token" "unique_dat" | base64 -d > unique.dat
fi
echo "Unsealing volume key"
# Import sealed object
tpm2_flushcontext -t
if [ ! -f "unique.dat" ]; then
tpm2_createprimary -Q -C o -a 'restricted|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda' -g sha256 -G rsa -c primary.ctx
else
tpm2_createprimary -Q -C o -a 'restricted|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda' -g sha256 -G rsa -u unique.dat -c primary.ctx
fi
tpm2_flushcontext -t
tpm2_import -Q -C primary.ctx -u parent.pub -i parent.prv -r parent_imported.prv -s parent.seed
tpm2_flushcontext -t
tpm2_load -Q -C primary.ctx -u parent.pub -r parent_imported.prv -c parent.ctx
tpm2_flushcontext -t
tpm2_load -Q -C parent.ctx -u seal.pub -r seal.prv -c seal.ctx
tpm2_flushcontext -t
tpm2_unseal -Q -c seal.ctx -p pcr:`getval "$token" tpm2-pcr-bank`:`getval "$token" tpm2-pcrs` > volume_key
tpm2_flushcontext -t
echo "Sealing new volume key"
# Create a new sealed object under primary ECC key
tpm2_createprimary -Q -C o -g sha256 -G ecc:null:aes128cfb -c primary_ecc.ctx
tpm2_flushcontext -t
tpm2_create -Q -u seal_local.pub -r seal_local.prv -C primary_ecc.ctx -L pcrpolicy.dat -i volume_key
# Create a new systemd-tpm2 compatible token
echo "Adding new LUKS token to $1"
echo '{"type":"systemd-tpm2","keyslots":["'`getval "$token" keyslots`'"],
"tpm2-blob":"'`cat seal_local.prv seal_local.pub | base64 -w0`'",
"tpm2-pcrs":['`getval "$token" tpm2-pcrs`'],
"tpm2-pcr-bank":"'`getval "$token" tpm2-pcr-bank`'",
"tpm2-primary-alg":"ecc",
"tpm2-policy-hash":"'`hexdump -ve '1/1 "%.2x"' pcrpolicy.dat`'",
"tpm2-pin": false,
"kversion": "'`uname -r`'"}' | /usr/sbin/cryptsetup token import "$1"
# Remove tpm2-import token now
echo "Removing now-unneeded token $tokenid from $1"
/usr/sbin/cryptsetup token remove --token-id "$tokenid" "$1"
echo "Importing token $tokenid from $1 finished successfully"
popd > /dev/null
# Cleanup
rm -rf "$tempdir"
rm -f "$token"
done

16
SOURCES/0002-Disable-automatic-log-collector.patch → SOURCES/wla-Disable-automatic-log-collector.patch
View File

@ -1,18 +1,19 @@
From cb221e0885f794e0ec302cbb77bff927a8d4458a Mon Sep 17 00:00:00 2001
From 92baa5663a0baa45e37243936221b0c1795ff324 Mon Sep 17 00:00:00 2001
From: Ani Sinha <anisinha@redhat.com>
Date: Mon, 6 May 2024 11:50:49 +0530
Subject: [PATCH] Disable automatic log collector
Subject: Disable automatic log collector
RH-Author: Ani Sinha <anisinha@redhat.com>
RH-MergeRequest: 12: Disable automatic log collector
RH-Jira: RHEL-35963
RH-MergeRequest: 11: Disable automatic log collector
RH-Jira: RHEL-7273
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/1] d885b584e6bf7ad7d2169b21bcc12db2b526b651 (anisinha/centos-wa-linux-agent)
RH-Commit: [1/1] 7a8002c626b45eb5e90fa0fe82694639d1e5b93d (anisinha/centos-wa-linux-agent)
Log collector is enabled by default. Due to security concerns from our customers
disable it.
Jira: https://issues.redhat.com/browse/RHEL-35963
Jira: https://issues.redhat.com/browse/RHEL-7273
Upstream: RHEL only.
Signed-off-by: Ani Sinha <anisinha@redhat.com>
@ -37,3 +38,6 @@ index 3c9ad5d4..62d8148e 100644
# How frequently to collect logs, default is each hour
Logs.CollectPeriod=3600
--
2.39.3

21
SOURCES/0001-waagent.service-set-ConditionVirtualization-microsof.patch → SOURCES/wla-Jira-https-issues.redhat.com-browse-RHEL-134939.patch
View File

@ -1,7 +1,16 @@
From 2d78c9ebaba4742390e92dc5994391949b90ec4c Mon Sep 17 00:00:00 2001
From cbf30e0eebbedc5242d03f53d355113a53209635 Mon Sep 17 00:00:00 2001
From: Chris Patterson <cpatterson@microsoft.com>
Date: Thu, 1 Sep 2022 10:45:47 -0400
Subject: [PATCH] waagent.service: set ConditionVirtualization=|microsoft
Subject: [PATCH] Jira: https://issues.redhat.com/browse/RHEL-134939
RH-Author: yuxisun <None>
RH-MergeRequest: 25: waagent.service: set ConditionVirtualization=|microsoft
RH-Jira: RHEL-134939
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/1] 95d939cb838949a4509bd9415873fbdc7e7191f3
waagent.service: set ConditionVirtualization=|microsoft
Only start waagent service when running under Microsoft virtualization.
@ -9,6 +18,11 @@ Set it as a triggering condition to make it easier for downstreams or
test setups to add another condition (i.e. run outside of hyperv).
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
(cherry picked from commit 2d78c9ebaba4742390e92dc5994391949b90ec4c)
Downstream only
Signed-off-by: Yuxin Sun <yuxisun@redhat.com>
---
bin/waagent2.0 | 1 +
init/redhat/py2/waagent.service | 1 +
@ -64,3 +78,6 @@ index e91f1433..aa1f3203 100644
[Service]
Type=simple
--
2.52.0

22
SOURCES/wla-Jira-https-issues.redhat.com-browse-RHEL-129954.patch → SOURCES/wla-Support-for-FIPS-140-3-3324.patch
View File

@ -1,24 +1,22 @@
From 0e90372ba24091860266bb0a3c33fc20e38a1a97 Mon Sep 17 00:00:00 2001
From c446f444a897fc7094a5ce00bd77bb430c79d8ea Mon Sep 17 00:00:00 2001
From: Norberto Arrieta <narrieta@users.noreply.github.com>
Date: Tue, 4 Mar 2025 12:55:27 -0800
Subject: [PATCH] Jira: https://issues.redhat.com/browse/RHEL-129954
Subject: [PATCH] Support for FIPS 140-3 (#3324)
RH-Author: yuxisun <None>
RH-MergeRequest: 23: Support for FIPS 140-3 (#3324)
RH-Jira: RHEL-129954
RH-MergeRequest: 24: Support for FIPS 140-3 (#3324)
RH-Jira: RHEL-124949
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/1] da147f85a89d1375c0f4d7e36fffd0f68b231770
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
RH-Commit: [1/1] 3aadd91d56764017d13d8dc2cdada02551a7deff
Support for FIPS 140-3 (#3324)
Jira: https://issues.redhat.com/browse/RHEL-124949
When fetching certificates from WireServer, the Agent uses DES_EDE3_CBC. The PFX it receives has a MAC computed using PKCS12KDF. Both are deprecated on FIPS 140-3.
This PR switches to AES128_CBC for communication with the WireServer (a subsequent PR will change it to AES256_CBC) and skips MAC verification when it is not needed.
The changes also include some minor cleanup to remove data structures that are not used.
When fetching certificates from WireServer, the Agent uses DES_EDE3_CBC. The PFX it receives has a MAC computed using PKCS12KDF. Both are deprecated on FIPS 140-3. This PR switches to AES128_CBC for communication with the WireServer (a subsequent PR will change it to AES256_CBC) and skips MAC verification when it is not needed. The changes also include some minor cleanup to remove data structures that are not used.
Upstream PR: https://github.com/Azure/WALinuxAgent/pull/3324
Signed-off-by: Yuxin Sun <yuxisun@redhat.com>
Signed-off-by: Yuxin Sun yuxisun@redhat.com
---
azurelinuxagent/common/event.py | 20 ++
azurelinuxagent/common/protocol/goal_state.py | 216 +++++++++++-------
@ -702,5 +700,5 @@ index 167e69dc..376e9fc0 100644
for extension in goal_state.extensions_goal_state.extensions:
for settings in extension.settings:
--
2.47.3
2.51.1

24
SOURCES/wla-Use-systemctl-instead-of-service-to-manager-services.patch
View File

@ -1,18 +1,24 @@
From 93376d3c37882f246c51843ff1b327600f074f81 Mon Sep 17 00:00:00 2001
From 846d9f18e2ee331e35a7243f73de3bb3c18875df Mon Sep 17 00:00:00 2001
From: Yuxin Sun <yuxisun@redhat.com>
Date: Fri, 27 Jun 2025 01:34:20 +0800
Subject: [PATCH 1/2] Use systemctl instead of service to manager services in
new RHEL versions (#3403)
Subject: [PATCH] Use systemctl instead of service to manager services in new
RHEL versions (#3403)
RH-Author: yuxisun <None>
RH-MergeRequest: 20: Use systemctl instead of service to manager services in new RHEL versions (#3403)
RH-Jira: RHEL-109465
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-MergeRequest: 19: Use systemctl instead of service to manager services in new RHEL versions (#3403)
RH-Jira: RHEL-97572
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Commit: [1/1] 95bb66dad7fda08c89a88ca347e55ec18f75d8e8 (yuxisun/WALinuxAgent-src)
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/1] bc7fe085ed52750264773c1922e8268ace741a8e (yuxisun/WALinuxAgent-src)
In the RHEL bootc base image there's no initscripts-service package installed, so that there's no "service" command by default. This causes many service control commands cannot be executed inside WALA.
From RHEL-7 on, the systemctl command replaces service and chkconfig. So we'd like to drop all the 'service' command and use systemctl instead.
RH-JIRA: RHEL-97572
Upstream PR: https://github.com/Azure/WALinuxAgent/pull/3403
Signed-off-by: Yuxin Sun <yuxisun@redhat.com>
(cherry picked from commit a6cfdfdc3e04884a08cd6dd20fa035b687943fe9)
Signed-off-by: Yuxin Sun <yuxisun@redhat.com>
---
azurelinuxagent/common/osutil/redhat.py | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
@ -50,5 +56,5 @@ index b85b2d42..cf2d2f78 100644
def set_dhcp_hostname(self, hostname):
--
2.39.3
2.50.1

13
SOURCES/wla-docs-add-waagent-manpage-3401.patch
View File

@ -1,13 +1,14 @@
From 079c5ced40fe1a9153af56d86a2094060ee9aa3e Mon Sep 17 00:00:00 2001
From 756fe22f41c0607394a9b9ba20c15677b3389a21 Mon Sep 17 00:00:00 2001
From: Li Tian <94442129+litian1992@users.noreply.github.com>
Date: Tue, 5 Aug 2025 03:18:10 +0800
Subject: [PATCH 2/2] docs: add waagent manpage (#3401)
Subject: [PATCH] docs: add waagent manpage (#3401)
RH-Author: Li Tian <None>
RH-MergeRequest: 21: redhat: docs: add waagent manpage (RHEL-10) (#3401)
RH-Jira: RHEL-96792
RH-MergeRequest: 22: redhat: docs: add waagent manpage (RHEL-9) (#3401)
RH-Jira: RHEL-109496
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/1] 7084e622fbea114a2bf70f5125a40f4ab26415a5 (litian1/WALinuxAgent)
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
RH-Commit: [1/1] a6c0303463f4cd9362d7276119cc81ebe74490ac (litian1/WALinuxAgent)
* docs: add waagent manpage
@ -197,5 +198,5 @@ index cf6e90b5..9ed135fb 100755
# Use default setting
set_bin_files(data_files, dest=agent_bin_path)
--
2.39.3
2.50.1

19
SOURCES/0004-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch → SOURCES/wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch
View File

@ -1,16 +1,15 @@
From c17811fbdb131a4cca41a847e8b666f432dbe4a8 Mon Sep 17 00:00:00 2001
From c8df88fd1fedb25727fff64ecc5dde1a59d7a976 Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Mon, 6 Jan 2025 17:13:11 +0100
Subject: [PATCH] redhat: Add a udev rule to avoid managing slave NICs with
Subject: redhat: Add a udev rule to avoid managing slave NICs with
NetworkManager
RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-MergeRequest: 15: redhat: Add a udev rule to avoid managing slave NICs with NetworkManager
RH-Jira: RHEL-68796
RH-Acked-by: Ani Sinha <anisinha@redhat.com>
RH-MergeRequest: 16: redhat: Add a udev rule to avoid managing slave NICs with NetworkManager
RH-Jira: RHEL-5880
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
RH-Acked-by: Cathy Avery <cavery@redhat.com>
RH-Commit: [1/1] f6a5ab0e22831b67fc48afc8e80b724fcb9c8503 (vkuznets/WALinuxAgentCentOS)
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/1] 8d0a87117c847aafec5fa97d3e4e74ade531c033 (vkuznets/WALinuxAgentCentOS)
This is borrowed from https://github.com/Azure/azure-vm-utils/pull/41 and
the long term plan is to get azure-vm-utils packaged for RHEL
@ -23,9 +22,10 @@ Patch-name: wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch
Patch-id:
Patch-present-in-specfile: True
---
.distro/WALinuxAgent.spec | 1 +
config/10-azure-unmanaged-sriov.rules | 6 ++++++
setup.py | 3 ++-
2 files changed, 8 insertions(+), 1 deletion(-)
3 files changed, 9 insertions(+), 1 deletion(-)
create mode 100644 config/10-azure-unmanaged-sriov.rules
diff --git a/config/10-azure-unmanaged-sriov.rules b/config/10-azure-unmanaged-sriov.rules
@ -54,3 +54,6 @@ index e83f5989..cf6e90b5 100755
"config/99-azure-product-uuid.rules"]
data_files.append((dest, src))
--
2.39.3

21
SOURCES/0003-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch → SOURCES/wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
View File

@ -1,15 +1,8 @@
From b0c1a1641973b0444045a4906d80e0b16ff755e7 Mon Sep 17 00:00:00 2001
From 8ac14e61d8067bd8b4e60c59b35b4a4227f8a242 Mon Sep 17 00:00:00 2001
From: Mohammed Gamal <mgamal@redhat.com>
Date: Fri, 29 Jul 2022 13:07:13 +0200
Subject: [PATCH] redhat: Use NetworkManager to set DHCP hostnames on recent
RHEL distros
RH-Author: Ani Sinha <anisinha@redhat.com>
RH-MergeRequest: 13: sync c10s branch from c9s
RH-Jira: RHEL-40966
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/4] 05e1d05db526deae49e976dea3bae140ea1b2ecf (anisinha/centos-wa-linux-agent)
Subject: redhat: Use NetworkManager to set DHCP hostnames on recent RHEL
distros
RH-Author: Mohamed Gamal Morsy <mmorsy@redhat.com>
RH-MergeRequest: 3: redhat: Use NetworkManager to set DHCP hostnames on recent RHEL distros
@ -28,11 +21,6 @@ Fix this for setting DHCP hostnames in those RHEL versions.
Signed-off-by: Mohammed Gamal <mgamal@redhat.com>
Patch-name: wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
Patch-id:
Patch-present-in-specfile: True
(cherry picked from commit 8400a993c6c27f8f8fc598f81e2c329dc8255805)
Patch-name: wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
Patch-id:
Patch-present-in-specfile: True
@ -60,3 +48,6 @@ index a9a10347..b85b2d42 100644
+
+ if return_code != 0:
+ logger.error("failed to set DHCP hostname for interface {0}: return code {1}".format(ifname, return_code))
--
2.39.3

321
SPECS/WALinuxAgent.spec
View File

@ -1,43 +1,53 @@
%global with_legacy 0
%global dracut_modname 97walinuxagent
%global dracut_modname_udev 97walinuxagent
%global dracut_modname_cvm 97walinuxagentcvm
Name: WALinuxAgent
Version: 2.13.1.1
Release: 2%{?dist}.1
Summary: The Microsoft Azure Linux Agent
Name: WALinuxAgent
Version: 2.13.1.1
Release: 3.0.1%{?dist}.2
Summary: The Microsoft Azure Linux Agent
License: Apache-2.0
URL: https://github.com/Azure/%{name}
Source0: https://github.com/Azure/%{name}/archive/v%{version}.tar.gz
Source1: module-setup.sh
Patch1: 0001-waagent.service-set-ConditionVirtualization-microsof.patch
Patch2: 0002-Disable-automatic-log-collector.patch
Patch3: 0003-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
Patch4: 0004-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch
# For RHEL-109465 - [Azure][RHEL-10][WALA][Image mode] Cannot find 'service' command
Patch5: wla-Use-systemctl-instead-of-service-to-manager-services.patch
# For RHEL-96792 - [Azure][WALA][RHEL-10] Missing man page
Patch6: wla-docs-add-waagent-manpage-3401.patch
# For RHEL-129954 - Update walagent to 2.14 to support FIPS 140-3 on Azure [rhel-10.1.z]
Patch7: wla-Jira-https-issues.redhat.com-browse-RHEL-129954.patch
License: ASL 2.0
URL: https://github.com/Azure/%{name}
Source0: https://github.com/Azure/%{name}/archive/v%{version}.tar.gz
Source1: module-setup-udev.sh
Source2: module-setup-cvm.sh
Source3: 90-tpm2-import.rules
Source4: tpm2-luks-import.sh
BuildArch: noarch
# For bz#2114830 - [Azure][WALA][RHEL-9.1] Provisioning failed if no ifcfg-eth0
Patch0001: wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
# For RHEL-7273 - [Azure][WALA] Consider to disable Log collector
Patch0002: wla-Disable-automatic-log-collector.patch
# For RHEL-5880 - [Azure][RHEL-9]68-azure-sriov-nm-unmanaged.rules cannot stop NetworkManager-wait-online.service checking SRIOV interface
Patch0003: wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch
# For RHEL-109496 - [Azure][WALA][RHEL-9] Missing man page
Patch4: wla-docs-add-waagent-manpage-3401.patch
# For RHEL-97572 - [Azure][RHEL-9][WALA][Image mode] Cannot find 'service' command
Patch5: wla-Use-systemctl-instead-of-service-to-manager-services.patch
# For RHEL-124949 - Update walagent to 2.14 to support FIPS 140-3 on Azure [rhel-9.7.z]
Patch6: wla-Support-for-FIPS-140-3-3324.patch
# For RHEL-134939 - Backport ConditionVirtualization=|microsoft for waagent in RHEL 9.x [rhel-9.7.z]
Patch7: wla-Jira-https-issues.redhat.com-browse-RHEL-134939.patch
Patch1000: 0100-add-oracle-support.patch
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: python3-distro
Requires: %name-udev = %version-%release
BuildArch: noarch
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: python3-distro
Requires: %name-udev = %version-%release
%if 0%{?fedora}
Requires: ntfsprogs
Requires: ntfsprogs
%endif
Requires: openssh
Requires: openssh-server
Requires: openssl
Requires: parted
Requires: python3-pyasn1
Requires: iptables
Requires: openssh
Requires: openssh-server
Requires: openssl
Requires: parted
Requires: python3-pyasn1
Requires: iptables
BuildRequires: systemd
BuildRequires: systemd
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
@ -49,21 +59,29 @@ images that are built to run in the Microsoft Azure environment.
%if 0%{?with_legacy}
%package legacy
Summary: The Microsoft Azure Linux Agent (legacy)
Requires: %name = %version-%release
Requires: python2
Requires: net-tools
Summary: The Microsoft Azure Linux Agent (legacy)
Requires: %name = %version-%release
Requires: python2
Requires: net-tools
%description legacy
The Microsoft Azure Linux Agent supporting old version of extensions.
%endif
%package udev
Summary: Udev rules for Microsoft Azure
Summary: Udev rules for Microsoft Azure
%description udev
Udev rules specific to Microsoft Azure Virtual Machines.
%package cvm
Summary: Microsoft Azure CVM specific tools
Requires: tpm2-tools
Requires: cryptsetup
%description cvm
Scripts and udev rules specific to Microsoft Azure Confidential Virtual Machines.
%prep
%setup -q
%autopatch -p1
@ -85,17 +103,23 @@ rm -rf %{buildroot}/%{python3_sitelib}/tests
rm -rf %{buildroot}/%{python3_sitelib}/__main__.py
rm -rf %{buildroot}/%{python3_sitelib}/__pycache__/__main__*.py*
sed -i 's,#!/usr/bin/env python,#!/usr/bin/python3,' %{buildroot}%{_sbindir}/waagent
%if 0%{?with_legacy}
sed -i 's,#!/usr/bin/env python,#!/usr/bin/python2,' %{buildroot}%{_sbindir}/waagent2.0
%else
rm -f %{buildroot}%{_sbindir}/waagent2.0
%endif
sed -i 's,/usr/bin/python ,/usr/bin/python3 ,' %{buildroot}%{_unitdir}/waagent.service
mv %{buildroot}%{_sysconfdir}/logrotate.d/waagent.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -m0755 -D -t %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname}/ %{SOURCE1}
mkdir -p %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}
cp %{SOURCE1} %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}/module-setup.sh
chmod 0755 %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}/module-setup.sh
mkdir -p %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}
cp %{SOURCE2} %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}/module-setup.sh
chmod 0755 %{buildroot}%{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}/module-setup.sh
install -m0644 -D -t %{buildroot}%{_udevrulesdir}/ %{SOURCE3}
install -m0755 -D -t %{buildroot}%{_sbindir} %{SOURCE4}
%post
%systemd_post waagent.service
@ -123,8 +147,17 @@ rm -rf %{_unitdir}/waagent.service.d/
%{python3_sitelib}/*.egg-info
%files udev
%{_udevrulesdir}/*.rules
%{_prefix}/lib/dracut/modules.d/%{dracut_modname}/*.sh
%{_udevrulesdir}/10-azure-unmanaged-sriov.rules
%{_udevrulesdir}/66-azure-storage.rules
%{_udevrulesdir}/99-azure-product-uuid.rules
%dir %{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}
%{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}/*.sh
%files cvm
%{_sbindir}/tpm2-luks-import.sh
%{_udevrulesdir}/90-tpm2-import.rules
%dir %{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}
%{_prefix}/lib/dracut/modules.d/%{dracut_modname_cvm}/*.sh
%if 0%{?with_legacy}
%files legacy
@ -132,136 +165,124 @@ rm -rf %{_unitdir}/waagent.service.d/
%endif
%changelog
* Fri Nov 28 2025 Miroslav Rezanina <mrezanin@redhat.com> - 2.13.1.1-2.el10_1.1
- wla-Jira-https-issues.redhat.com-browse-RHEL-129954.patch [RHEL-129954]
- Resolves: RHEL-129954
(Update walagent to 2.14 to support FIPS 140-3 on Azure [rhel-10.1.z])
* Tue Feb 17 2026 Darren Archibald <darren.archibald@oracle.com> - 2.13.1.1-3.0.1.el9_7.2
- Add oracle support to fix waagent.service build issue
* Thu Aug 21 2025 Miroslav Rezanina <mrezanin@redhat.com> - 2.13.1.1-2
- wla-Use-systemctl-instead-of-service-to-manager-services.patch [RHEL-109465]
- wla-docs-add-waagent-manpage-3401.patch [RHEL-96792]
- Resolves: RHEL-109465
([Azure][RHEL-10][WALA][Image mode] Cannot find 'service' command)
- Resolves: RHEL-96792
([Azure][WALA][RHEL-10] Missing man page)
* Tue Jan 06 2026 Jon Maloy <jmaloy@redhat.com> - 2.13.1.1-3.el9_7.2
- wla-Jira-https-issues.redhat.com-browse-RHEL-134939.patch [RHEL-134939]
- Resolves: RHEL-134939
(Backport ConditionVirtualization=|microsoft for waagent in RHEL 9.x [rhel-9.7.z])
* Tue Dec 02 2025 Jon Maloy <jmaloy@redhat.com> - 2.13.1.1-3.el9_7.1
- wla-Support-for-FIPS-140-3-3324.patch [RHEL-124949]
- Resolves: RHEL-124949
(Update walagent to 2.14 to support FIPS 140-3 on Azure [rhel-9.7.z])
* Thu Aug 21 2025 Jon Maloy <jmaloy@redhat.com> - 2.13.1.1-3
- wla-Use-systemctl-instead-of-service-to-manager-services.patch [RHEL-97572]
- Resolves: RHEL-97572
([Azure][RHEL-9][WALA][Image mode] Cannot find 'service' command)
* Thu Aug 21 2025 Jon Maloy <jmaloy@redhat.com> - 2.13.1.1-2
- wla-docs-add-waagent-manpage-3401.patch [RHEL-109496]
- Resolves: RHEL-109496
([Azure][WALA][RHEL-9] Missing man page)
* Thu May 22 2025 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.13.1.1-1
- Rebase to 2.13.1.1 [RHEL-86509]
- Resolves: RHEL-86509
(Rebase to v2.13.1.1)
* Rebase to 2.13.1.1 [RHEL-91090]
- Resolves: RHEL-91090
(Rebase to v2.13.1.1 [rhel-9])
* Tue Mar 25 2025 Miroslav Rezanina <mrezanin@redhat.com> - 2.9.1.1-10
- wla-redhat-Explicitly-list-udev-rule-requirements-in-the.patch [RHEL-84073]
- wla-redhat-Include-10-azure-unmanaged-sriov.rules-into-i.patch [RHEL-84073]
- Resolves: RHEL-84073
([Azure][ARM][RHEL-9] Kdump cannot save vmcore via ssh or nfs [rhel-10])
* Fri Apr 11 2025 Jon Maloy <jmaloy@redhat.com> - 2.7.0.6-13
- wla-redhat-Include-10-azure-unmanaged-sriov.rules-into-i.patch [RHEL-40957]
- Resolves: RHEL-40957
([Azure][ARM][RHEL-9] Kdump cannot save vmcore via ssh or nfs)
* Mon Jan 13 2025 Miroslav Rezanina <mrezanin@redhat.com> - 2.9.1.1-9
- wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch [RHEL-68796]
- Resolves: RHEL-68796
(Please add `mana` to 99-azure-unmanaged-devices.conf of Azure image)
* Wed Apr 02 2025 Jon Maloy <jmaloy@redhat.com> - 2.7.0.6-12
- wla-redhat-Include-10-azure-unmanaged-sriov.rules-into-i.patch [RHEL-40957]
- Resolves: RHEL-40957
([Azure][ARM][RHEL-9] Kdump cannot save vmcore via ssh or nfs)
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.9.1.1-8
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Fri Jan 17 2025 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-11
- wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch [RHEL-5880]
- Resolves: RHEL-5880
([Azure][RHEL-9]68-azure-sriov-nm-unmanaged.rules cannot stop NetworkManager-wait-online.service checking SRIOV interface)
* Mon Aug 05 2024 Miroslav Rezanina <mrezanin@redhat.com> - 2.9.1.1-7
- wla-skip-cgorup-monitor-2939.patch [RHEL-46713]
- Resolves: RHEL-46713
([Azure][RHEL-10][WALA] waagent -collect-logs doesn't work and the log is confusing)
* Thu May 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-10
- wla-Disable-automatic-log-collector.patch [RHEL-7273]
- Resolves: RHEL-7273
([Azure][WALA] Consider to disable Log collector)
* Thu Jul 11 2024 Miroslav Rezanina <mrezanin@redhat.com> - 2.9.1.1-6
- wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch [RHEL-40966]
- wla-redhat-Remove-all-waagent-unit-files-when-uninstalli.patch [RHEL-40966]
- wla-redhat-Mark-directories-properly-in-the-files-list.patch [RHEL-40966]
- wla-redhat-Remove-files-inside-WALA-services-directory.patch [RHEL-40966]
- Resolves: RHEL-40966
([Azure][WALA][RHEL-10] Provisioning failed if no ifcfg-eth0)
* Wed Feb 08 2023 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-9
- wla-redhat-Adjust-tpm2_createprimary-key-attributes-to-m.patch [bz#2167322]
- Resolves: bz#2167322
(Adjust TPM primary key creation parameters to match Azure)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.9.1.1-5
- Bump release for June 2024 mass rebuild
* Mon Feb 06 2023 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-8
- wla-redhat-Explicitly-list-udev-rule-requirements-in-the.patch [bz#2165042]
- Resolves: bz#2165042
([9.0.z] /dev/disk/azure/ is created as symlink to sr0 or sda and not as a directory[Azure])
* Tue May 14 2024 Miroslav Rezanina <mrezanin@redhat.com> - 2.9.1.1-4
- wla-Disable-automatic-log-collector.patch [RHEL-35963]
- Resolves: RHEL-35963
([Azure][WALA] Consider to disable Log collector [rhel-10])
* Mon Jan 23 2023 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-7
- wla-redhat-Azure-CVM-specific-udev-rules.patch [bz#2162668]
- Resolves: bz#2162668
(Add support for importing remotely sealed TPM2 objects)
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Aug 29 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-6
- wla-redhat-Remove-files-inside-WALA-services-directory.patch [bz#2114768]
- Resolves: bz#2114768
([Azure][WALA][RHEL-9] When remove package some files left)
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Aug 23 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-5
- wla-redhat-Mark-directories-properly-in-the-files-list.patch [bz#2114768]
- Resolves: bz#2114768
([Azure][WALA][RHEL-9] When remove package some files left)
* Wed Oct 18 2023 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.9.1.1-1
- Update to 2.9.1.1 (#2232763)
* Wed Aug 17 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-4
- wla-redhat-Remove-all-waagent-unit-files-when-uninstalli.patch [bz#2114768]
- Resolves: bz#2114768
([Azure][WALA][RHEL-9] When remove package some files left)
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.0.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Aug 08 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-3
- wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch [bz#2114830]
- wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch [bz#2093965]
- Resolves: bz#2114830
([Azure][WALA][RHEL-9.1] Provisioning failed if no ifcfg-eth0)
- Resolves: bz#2093965
([Azure][WALA][RHEL-9] The description of "Logs.Collect" is incorrect)
* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 2.9.0.4-3
- Rebuilt for Python 3.12
* Fri Jul 15 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-2
- wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch [bz#2098233]
- Resolves: bz#2098233
([Azure][WALA][RHEL-9] [9.1] walinuxagent kills network during boot)
* Tue May 30 2023 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.9.0.4-2
- Switch to SPDX identifiers for the license field
* Wed May 25 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-1
- Rebase to 2.7.0.6-1 [bz#2083464]
- Adding restart_if implementation for RHEL [bz#2081944]
- Resolves: bz#2083464
([Azure][RHEL-9]Rebase WALinuxAgent to v2.7.0.6)
- Resolves: bz#2081944
([Azure][WALA][9.0] WALA provisions VM failed because of no "ifdown")
* Mon Mar 13 2023 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.9.0.4-1
- Update to 2.9.0.4 (#2177333)
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.0.2-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Jan 20 2023 Dusty Mabe <dusty@dustymabe.com> - 2.8.0.11-3
- Move module-setup.sh into git
* Sun Jul 25 2021 Miroslav Rezanina <mrezanin@redhat.com> - 2.3.0.2-2
- wala-Require-iptables-package.patch [bz#1978572]
- Resolves: bz#1978572
([Azure][WALA][RHEL-9] WALA needs iptables package)
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.0.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jun 24 2021 Miroslav Rezanina <mrezanin@redhat.com> - 2.3.0.2-1
- Rebase to 2.3.0.2 [bz#1972101]
- Resolves: bz#1972101
([Azure][RHEL-9]Rebase WALinuxAgent to 2.3.0.2)
* Mon Oct 31 2022 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.8.0.11-1
- Update to 2.8.0.11 (#2128547)
* Tue Oct 18 2022 Chris Patterson <cpatterson@microsoft.com> - 2.7.3.0-2
- Add ConditionVirtualization=|microsoft triggering condition
* Wed Aug 03 2022 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.7.3.0-1
- Update to 2.7.3.0 (#2110155)
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jun 30 2022 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.7.1.0-1
- Update to 2.7.1.0 (#2097244)
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 2.7.0.6-2
- Rebuilt for Python 3.11
* Fri Apr 22 2022 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.7.0.6-1
- Update to 2.7.0.6 (#2040980)
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Jan 03 2022 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.5.0.2-1
- Update to 2.5.0.2 (#2008699)
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jul 19 2021 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.3.1.1-1
- Update to 2.3.1.1 (#1982512)
- Require iptables for setting up persistent firewall rules
* Tue Jun 15 2021 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.3.0.2-1
- Update to 2.3.0.2 (#1971116)
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 2.2.54.2-2
- Rebuilt for Python 3.10
* Fri May 21 2021 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.54.2-1
- Update to 2.2.54.2 (#1916966)
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.2.52-6
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.2.52-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Feb 19 2021 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.52-5
- Require ntfsprogs on Fedora only
- Require ntfsprogs on Fedora only
* Tue Jan 26 2021 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.2.52-4
- Fix distro resolution for RedHat