fix(acl): bump marketplace to 3.20260517.01 and adapt to UKI rename#8577
Draft
aadhar-agarwal wants to merge 1 commit into
Draft
fix(acl): bump marketplace to 3.20260517.01 and adapt to UKI rename#8577aadhar-agarwal wants to merge 1 commit into
aadhar-agarwal wants to merge 1 commit into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the AzureContainerLinux (ACL) marketplace image version used by the VHD builder Azure DevOps pipelines so new ACL VHD builds pull from the latest published ACL image.
Changes:
- Bumped
IMG_VERSIONforazure-linux-3-aclfrom3.20260510.01to3.20260517.01. - Bumped
IMG_VERSIONforazure-linux-3-arm64-gen2-aclfrom3.20260510.02to3.20260517.01. - Applied the update consistently across both the PR and release pipeline definitions (all 4 ACL matrix entries per file).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| .pipelines/.vsts-vhd-builder.yaml | Updates ACL marketplace IMG_VERSION variables for x64 and ARM64 build jobs to the new ACL image version. |
| .pipelines/.vsts-vhd-builder-release.yaml | Mirrors the same ACL marketplace IMG_VERSION bumps in the release pipeline build matrix. |
aadhar-agarwal
changed the title
Bumps the ACL marketplace image to 3.20260517.01, which renames the
active UKI from "acl.efi" to UAPI-compliant "vmlinuz-<version>.efi".
systemd-boot auto-discovers cmdline addons in "<active-uki>.efi.extra.d/",
so anything that hardcoded "acl.efi.extra.d/" silently breaks on the new
image -- specifically:
* the FIPS addon never loads (kernel boots without fips=1), and
* the firstboot addon restored by cleanup-vhd.sh lands in the wrong
directory, flipping Ignition into subsequent-boot mode, skipping
oem-cloudinit, dropping scriptless cloud-config customData, and
hanging CSE for 17 minutes.
Changes:
* .pipelines/.vsts-vhd-builder*.yaml: IMG_VERSION -> 3.20260517.01
for all ACL VHD jobs.
* vhdbuilder/scripts/linux/acl/tool_installs_acl.sh: discover the
active UKI dynamically and write fips.addon.efi into its .extra.d/.
* vhdbuilder/packer/test/linux-vhd-content-test.sh (testFips): probe
the active UKI's .extra.d/ for the FIPS addon instead of the
hardcoded path.
* vhdbuilder/packer/cleanup-vhd.sh: restore firstboot.addon.efi into
the active UKI's .extra.d/. Fail loud (exit 1) when no UKI is
found; the fail-loud path stays ACL-scoped under the existing
[ -f /boot/acl/uki-addons/firstboot.addon.efi ] guard, so non-ACL
distros are unaffected.
All three dynamic-discovery sites support both the legacy "acl.efi" and
the new "vmlinuz-<version>.efi" naming so the same scripts work against
older marketplace images during transition. Variable names, error
messages, and failure semantics are harmonized across the three sites
so a future grep finds all of them.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
aadhar-agarwal
force-pushed
the
aadagarwal/update-acl-marketplace-images-20260517
branch
from
635ca51 to
df9a8fa
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR does two things:
1. Bumps the ACL marketplace image to
3.20260517.01(from3.20260510.01).2. Adapts AgentBaker to the UKI rename in the new image. The active UKI is now
vmlinuz-<version>.efi(UAPI-compliant) instead ofacl.efi. systemd-boot auto-discovers cmdline addons only in<active-uki>.efi.extra.d/, so three sites that hardcodedacl.efi.extra.d/silently break:fips=1)cleanup-vhd.shlands in the wrong directory → Ignition flips to subsequent-boot mode → oem-cloudinit skipped → scriptlesscustomDatadropped → CSE hangs for 17 minAll three sites (
tool_installs_acl.sh,cleanup-vhd.sh,linux-vhd-content-test.sh) now discover the active UKI dynamically:Glob accepts both names so scripts work against pre- and post-rename images during the transition. Fail-loud (
exit 1/err $test) on missing UKI, ACL-scoped so non-ACL distros are unaffected.[TEST All VHDs] AKS Linux VHD Build - Msft Tenant - Running
AKS Linux VHD Build - TME Tenant - Running