[ARO-22145] Bump to Azure Linux 3.0#4766
Open
rhamitarora wants to merge 27 commits intomasterfrom
Open
Conversation
|
Skipping CI for Draft Pull Request. |
rhamitarora
force-pushed
the
rhamitarora/ARO-22145-azure-linux3
branch
from
273c839 to
d499bc1
Compare
|
Please rebase pull request. |
1 similar comment
|
Please rebase pull request. |
rhamitarora
force-pushed
the
rhamitarora/ARO-22145-azure-linux3
branch
from
d499bc1 to
454c1c8
Compare
rhamitarora
requested review from
alcasim,
bennerv,
cadenmarchese,
hawkowl,
hlipsig,
jharrington22,
kevinobriendotca,
kimorris27,
mociarain,
mrWinston,
rogbas,
sankur-codes,
tiguelu,
tsatam,
tuxerrante,
ventifus,
wanghaoran1988 and
yjst2012
as code owners
Podman 5.x on Azure Linux 3 requires crun (OCI runtime), netavark (network stack), and aardvark-dns explicitly installed. Without these, az acr login fails with "could not find netavark" on RP and gateway VMSS. Made-with: Cursor
aardvark-dns is not a separate package in Azure Linux 3 repos. DNS functionality is bundled with netavark on this platform. Made-with: Cursor
On Azure Linux 3, nftables is the default and native firewall backend. Forcing iptables causes firewalld to crash with a DBus NoReply error because the iptables backend is not functional on this platform. Made-with: Cursor
…e Linux 3) Made-with: Cursor
…ackages - Use block list for nginx command in route/loadbalancer e2e manifests - Rename dnf_*_pkgs to tdnf_*_pkgs and use tdnf consistently with extended repo - Regenerate gateway and rp production deploy assets Made-with: Cursor
Add a file-level comment to util-packages.sh clarifying that the RP and gateway VMSS bootstrap uses tdnf exclusively (extended repo, update, and install), consistent with the dev-env Azure Linux migration in PR #4777. Made-with: Cursor
…red gallery The Mariner 2 FIPS marketplace SKU was absent from the platform-image allowlist for VMSS Automatic OS Upgrades, so ARO used the non-FIPS image and configured FIPS manually at boot. Azure Linux 3 FIPS is referenced via the 1P Shared Gallery, which uses the gallery-based automatic upgrade path and is not subject to that allowlist restriction. Addresses reviewer question from PR #4777. Made-with: Cursor
Made-with: Cursor
Switch configure_repo_azurelinux_extended to use dnf instead of tdnf, and update the default argument fallback from 1 to empty string. Made-with: Cursor
Made-with: Cursor
- Replace dnf with tdnf in configure_repo_azurelinux_extended in util-packages.sh to prevent VMSS bootstrapping failure on Azure Linux 3 where dnf is not present - Replace yum with tdnf in devProxyVMSS.sh weekly cron job to prevent silent failures; rename cron file from yumupdate to tdnfupdate - Regenerate assets after changes Made-with: Cursor
Remove unused get_boot_dev_uuid after grub-based FIPS configure removal. Use repo_retry_count=5 for extended-repo enablement; keep pkg_retry_count=60 for tdnf update/install. Regenerate production assets (make generate). Co-authored-by: Cursor <cursoragent@cursor.com>
Use direct bash array appends in tdnf install/update helpers so package and exclude flags are passed as clean argv elements without mapfile parsing side effects. Co-authored-by: Cursor <cursoragent@cursor.com>
Ensure VMSS package updates call tdnf with the update subcommand before -x exclusions so WALinuxAgent exclusions are parsed correctly, then regenerate deployment assets. Co-authored-by: Cursor <cursoragent@cursor.com>
rhamitarora
force-pushed
the
rhamitarora/ARO-22145-azure-linux3
branch
from
076db1f to
411eb59
Compare
|
Please rebase pull request. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Which issue this PR addresses:
Fixes ARO-22145 — Migrate Azure Red Hat OpenShift RP/Gateway VMSS from Azure Linux 2.0 (EOL July 31, 2025) to Azure Linux 3.0.
What this PR does / why we need it:
Test plan for issue:
Verify RP and Gateway VMSS boot and run successfully on Azure Linux 3 FIPS images
Is there any documentation that needs to be updated for this PR?
How do you know this will function as expected in production?
INT and Canary Testing
Refer attached screen-shots from https://redhat.atlassian.net/browse/ARO-22197