lparkes / azure-agent Goto Github PK

The Azure Agent creates a self-signed certificate for ... reasons. The "openssl req" command that does this requires an OpenSSL config file and NetBSD doesn't ship with one.

At the moment we manually "touch /etc/openssl/openssl.cnf", but we should work out how to make Azure Agent use /dev/null as the OpenSSL config file. Not only is creating the default config file something that we want to avoid doing (because it's not our file), but also we don't want to pick up and user configuration.

The Azure Agent appears to be willing to stop and then restart the system DHCP client while it makes a DHCP request if it can't extract the option 245 information from the system's DHCP lease.

While this isn't our preferred way of getting the option 245 information from the DHCP lease, it is guaranteed to work with any NetBSD system.

This might not be related issue #7 even though it is in the same vein.

The NetBSD dhcpcd program can print the DHCP lease in an easy to parse text format, but it doesn't print option 245 because it doesn't know about that option.

We should get Roy Marples to add support for option 245 to dhcpcd (send him the patch).

This is much better than the other Azure Agent alternative, but we won't be able to get this change into NetBSD 10.0.

At the moment we need to set "OS.EnableFirewall=False" in waagent.conf because waagent implements the firewall using iptables, which isn't going to work on NetBSD.

We should almost certainly do something with NPF instead.

If you run /etc/rc.d/waagent stop when the azure agent is not installed, then you get the following output

eval: cannot open //usr/pkg/sbin/waagent: no such file
[: /usr/bin/env: unexpected operator
[: !=: argument expected
waagent not running? (check /var/run/waagent.pid).

which is all a bit ugly.

Why, what and where?

Error decrypting CMS using private key
FFFFFFFFFFFFFFFF:error:80000009:system library:file_ctrl:Bad file descriptor:/usr/src/crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c:326:calling fflush()
FFFFFFFFFFFFFFFF:error:10080002:BIO routines:file_ctrl:system lib:/usr/src/crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c:328:

The agent contains a builtin DHCP client that it uses when it can't extract the WireServer endpoint address from the current DHCP lease file.

I can see the agent shutting down and starting up the system DHCP client and tcpdump shows a DHCP request and response, but the agent never configures itself with the endpoint address.

If I disable management of the system DHCP client then I get error messages in the logs about UDP ports not being available, which makes sense.

I need to check whether the packets that tcpdump sees from the agent's builtin DHCP client, or from the system DHCP client restarting?

Something is trying to use the Linux "ip" command to monitor the network configuration.

Something is almost certainly looking for the Linux "dhclient" program.

waagent uses the Linux command "sysctl -n hw.uuid". On NetBSD this should almost certainly be "/sbin/sysctl -n machdep.dmi.system-uuid".

We'll need to find a suitable alternative.

waagent tries to read the route table from the Linux specific /proc/net/route.