SUSE Linux Enterprise Server Configuration For Windows Azure
Windows Azure Linux Agent
Windows Azure Linux Agent (waagent) manages VM interaction with Windows Azure Fabric Controller. It provides the following functionality for SUSE IaaS deployments:
Image Provisioning
- Creating user accounts
- Configuring SSH authentication types
- Deploying SSH public keys and key pairs
- Setting the host name
- Publishing the host name to the platform DNS
- Reporting SSH host key fingerprint to the platform
- Resource disk management
- Formatting and mounting the resource disk
- Configuring swap space
Networking
- Managing routes to improve compatibility with platform DHCP servers
- Ensuring stability of network interface name
Kernel
- Configuring virtual non-uniform memory access (NUMA)
- Consuming Hyper-V entropy for /dev/random
- Configuring SCSI timeouts for the root device (which could be remote)
Diagnostics
- Console redirection to the serial port
The information flow from the platform to the agent occurs via two channels: A TCP endpoint exposing a REST API and a boot-time attached DVD for IaaS deployments. The DVD includes an OVF-compliant configuration file that includes all provisioning information other than the actual SSH keypairs. The deployment configuration and topology are obtained over the REST API.
The image needs to contain the WALinuxAgent – available in the update channel for SUSE Linux Enterprise Server.
Other Image Requirements
SUSE Azure images have the following specs:
- Add console=ttyS0 to the Kernel Boot Line
- This allows support to provide serial console output when needed
- Set the SCSI timeout to 300 sec (largest possible value)
- Create /etc/udev/rules.d/50-udev.rules with the following content
ACTION==”add”, SUBSYSTEM==”scsi” , SYSFS{type}==”0|7|14″, RUN+=”/bin/sh -c ‘echo 300 > /sys$$DEVPATH/timeout'”
- Create /etc/udev/rules.d/50-udev.rules with the following content
- Images are 30 GB fixed size disk
- Published images have to conform to Image Publishing Guidelines (see section below)
- Include the following set of Libraries
- Linux Integration Services driver 3.0 or later (LIS Releases)
- The SLES 11 SP2 and higher kernel provides the required modules
- Kernel Patch for Azure I/O stability (see Bugzilla #762343)
- Python pyasn1
- Provided by SLES with the python-pyasn1 package
- openSSL v 1.0 or greater
- SUSE Linux Enterprise 11 (all service packs) provides openSSL 0.9.8 with CMS support, this is sufficient to provide the Azure requirements
- Linux Integration Services driver 3.0 or later (LIS Releases)
- SSH Server enabled by default
- Add SSH keep alive to sshd_config with the following option:
- ClientAliveInterval 180
- The system image disk should not contain a SWAP partition.
- If required, SWAP space can be created on the local resource disk with the Linux Agent.
- Remove the /etc/resolv.conf and do not include any custom network configuration
- Do not install the Network Manager package
- Make sure to configure the network device and ensure that it is brought up on boot and uses DHCP.
- The Agent should be installed using the RPM package (manual install process can be used too but the packages are recommended and preferred)
- The image should not contain a root password
- You have the option to run the waagent -deprovision command or
- Delete the Root password and make sure that it has been removed from the /etc/shadow and /etc/passwd
- Clear any history entries that you might have
- Shut the image down cleanly
Full package list for SUSE Linux Enterprise Server on Azure
Image Publishing Guidelines
Image Publishing Process
In order to enable their images for discovery in the Windows Azure gallery, Image publishers will need to do the following:
- Upload image to personal Azure account.
- Test image on personal account to see if it meets all the test requirements.
- Call the Azure service management replication API with the name of the image to publish and the list of target locations. This starts the replication process to the caching infrastructure. The target locations must include all Windows Azure locations that support the service: PersistentVMRole. The list of locations that support the service PersistentVMRole can be determined through the use of the Azure service management API List Locations.
- Windows Azure Caching infrastructure will start the replication process
- Query for the replication state of the image in order to proceed to the next stage.
- Enable the images to be listed on the image gallery by calling the Azure service management API Share Image.
- Maintain the original images in the storage account so that they remain cached and available through the gallery. The removal of an image will result in its removal from the gallery.
- Test
- The replication, registration and enablement processes will take some time to complete, so Image Publishers should be prepared to deal with the process in an asynchronous manner
Upon successful registration, the image will become available for Windows Azure customers to use for their Virtual Machine creation scenarios.
Image Deletion Process
In order to delete an image from the Windows Azure gallery and remove the image from the Azure image cache the publisher must perform the following steps:
- Image publisher calls Azure service management API Share Image to change the image to the sharing state of ‘Private’.
- Image publisher calls Azure service management API Unreplicate Image to remove the image from the Azure image cache
Image Update process
Image publishers will have the ability to update their image metadata by calling an Azure service management API with the appropriate parameters to complete the operation.
Image publishers are not able to modify the image contents once the image is replicated. To change the image contents the image publisher must add a replacement image and delete the original image.
Other helpful links:
Related Articles
Jan 12th, 2023
SUSE Receives 15 Badges in the Winter G2 Report
Apr 03rd, 2023
No comments yet