engineering: Azure Linux 4.0 (AZL4) full enablement stack#667
Draft
Britel wants to merge 42 commits into
Draft
Conversation
Collaborator
Author
|
/azp run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
4 times, most recently
from
23e5322 to
659da62
Compare
Implements AzureLinuxRelease::AzL4 variant, VERSION_ID 4.x parsing, ID_LIKE=fedora matching, updated GRUB match arms for AzL3|AzL4, and image_distro() fallback to host os-release. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
1ca856a to
317b898
Compare
image_distro() was falling back to the host os-release whenever the image's distro was Distro::Other. This silently masked unrecognized distros as the host distro, causing GRUB config to be written for the wrong OS. Now: if an image is mounted (self.image.is_some()), always use the image's distro. Fallback to host only fires when no image is present at all (functional tests, runtime operations). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Adds is_azl4_or_later() helper, generic EFI vendor-dir discovery via grub-probe, and AZL4 ESP partition layout support. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Remove redundant ensure!(grub_noprefix) check from ESP setup. generate_boot_filepaths() already finds a working GRUB binary (noprefix, standard, or vendor-dir). The separate policy check was redundant. - Simplify copy_boot_files to return () instead of bool - Attribute grub search format variants to distro conventions (AZL3/Mariner vs AZL4/Fedora), not MIC internals - Update mixed-forms test comment to reference cross-version A/B update scenario Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
No callers remain after the noprefix check removal. Can be re-added if a future change needs version-range gating. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
AZL3 ships two GRUB variants: grub2-efi-binary (prefix-relative config lookup) and grub2-efi-binary-noprefix (root-device-relative lookup). Trident's A/B update path requires the noprefix variant on AZL3. Restore the noprefix check, but scope it to AZL3 only using image_distro().is_azl3(). AZL4+ uses standard grubx64.efi in vendor directories and does not need noprefix. This replaces the previous generic ensure! + DISABLE_GRUB_NOPREFIX_CHECK flag with a targeted distro check. No escape hatch needed since the check only fires for AZL3. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Keep the original variable name and preserve the operator escape hatch. Minimize diff from upstream. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Keep the same macro as upstream to minimize diff. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Keep the original if/else if chain with replace (first match). No real-world grub config has multiple search lines. Minimizes diff from upstream. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
1de76ba to
5d0d1e8
Compare
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
4 times, most recently
from
941764d to
c4cecd1
Compare
AZL4 (Fedora-based) uses Boot Loader Spec entries instead of inline linux commands in grub.cfg. When grub.cfg contains blscfg and no inline linux lines, fall back to reading boot args from /boot/loader/entries/*.conf. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
c4cecd1 to
afb3c77
Compare
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Adds AZL4 build pipeline stages with MCR-hosted MIC container, BlobImageManifest class for ACG blob source downloads, and service connection runbook. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
testimages.py runs docker with the short tag (imagecustomizer:1.4.0-1) but docker pull uses the full MCR path. Without a local tag, docker run fails with 'pull access denied'. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
afb3c77 to
3767fd8
Compare
AZL4 base VHDXes may continue to come from blob storage rather than the ADO feed. The trident-service RPM will come from an AZL4 package repo, not ADO. Update comments to reflect this. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
bfjelds
reviewed
Jun 8, 2026
|
|
||
| /// Retrieves the distribution of the OS image. | ||
| /// | ||
| /// Prefers the image's own os-release (e.g., from the COSI being installed). |
Member
There was a problem hiding this comment.
we use "servicing OS" and "target OS" to distinguish these ideas.
bfjelds
reviewed
Jun 8, 2026
| if self.image.is_some() { | ||
| self.image_os_release().get_distro() | ||
| } else { | ||
| self.host_os_release.get_distro() |
Member
There was a problem hiding this comment.
why do we need this now and havn't needed it before?
bfjelds
reviewed
Jun 8, 2026
| @@ -0,0 +1,5 @@ | |||
| compatible: | |||
Member
There was a problem hiding this comment.
do we need the duplicate directories (base and base-azl4) ... i wonder if there is a way to do this without duplicating the files.
bfjelds
reviewed
Jun 8, 2026
| help="The image to download.", | ||
| choices=[c.image.name for c in artifacts.base_images], | ||
| ) | ||
| parser_download_img.add_argument( |
Member
There was a problem hiding this comment.
curious: is this just temp? or is this how azl4 will be accessed in the future?
AZL4 Beta may not have complete SELinux policies. Testing whether enforcing mode prevents services from starting after reboot. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
a413009 to
eca253f
Compare
Testing whether netplan (match: enp*) conflicts with the image's eth0 networking (net.ifnames=0) and prevents network after reboot. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
eca253f to
473a057
Compare
Strip back to the config that passed in build 1133385 to confirm the netlaunch timeout is caused by our additions, not an infra change. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
473a057 to
e53ffb0
Compare
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
e53ffb0 to
fa9f4a0
Compare
os.users alone passed. Now testing swap + /home partitions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
fa9f4a0 to
0fc76f3
Compare
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
0fc76f3 to
4eab827
Compare
The COSI image user (MIC) must differ from the trident config user (os.users) to avoid /home mount conflict. AZL3 uses testuser in the COSI and testing-user in the trident config. AZL4 was using testing-user in both, causing 'Mount path /mnt/newroot/home is not empty' during install. Also restore full test config (swap, /home, os.users, os.selinux, os.netplan) and fix netplan match from enp* to eth* (AZL4 uses net.ifnames=0). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
4eab827 to
745568e
Compare
COSI ESP only stores one set of boot files (~7MB). 64M was unnecessarily large. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
745568e to
f5a3b53
Compare
The COSI bakes /home/testuser onto root via MIC os.users. Trident's newroot mount rejects non-empty mount points, so a separate /home partition conflicts. AZL3 avoids this by only testing /home in container mode. Container mode for AZL4 is a follow-up. Keep swap, os.users, os.selinux, os.netplan, postConfigure. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Adds AZL4 bare-metal simulated netlaunch pipeline stage and SELinux xattr stripping script for test image prep. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Adds sfdisk partition-table helper, extended offline-init for AZL4 qcow2 images, base image COSI config, and test helper scripts. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
osmodifier is now a Rust crate built into the trident binary (PR #638). No separate osmodifier binary needs to be baked into test images. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Matches AZL3's 16M. Remove stale comment about needing 64M. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Adds AZL4 VM rollback test pipeline stage using storm-trident for automated rollback validation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…k config Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Britel
force-pushed
the
user/britel/azl4-7b-rollback-stage
branch
from
f5a3b53 to
22e88da
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Full AZL4 enablement stack — all changes from PR-1 through PR-7b in a single cumulative PR against main. This PR includes:
Rust engine changes (PR-1 + PR-2 + PR-3)
Build infrastructure (PR-5a)
Image configs + pipeline (PR-5b + PR-6 + PR-7a + PR-7b)
Validation
CI build 1127408 — all 4 AZL4 stages passed (image builds, BM-sim install, storm-trident rollback). All AZL3 stages also passed (no regressions).
Stacked PR breakdown
For reviewers who prefer smaller chunks, this stack is also available as individual branches: