From cfcf937d77344ba03841a839adad2f97b04dad4e Mon Sep 17 00:00:00 2001 From: Bin Xia Date: Thu, 27 Feb 2025 11:05:34 +0800 Subject: [PATCH] feat: Update containerd config to support cache rule prefix in network isolated cluster (#5918) --- .../linux/cloud-init/artifacts/cse_config.sh | 4 +- parts/linux/cloud-init/artifacts/cse_main.sh | 8 +- .../AKSUbuntu1604+Containerd/CustomData | 4 +- .../AKSUbuntu1604+Containerd/line33.sh | 8 +- .../AKSUbuntu1604+Containerd/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../testdata/AKSUbuntu1604+Docker/CustomData | 4 +- .../testdata/AKSUbuntu1604+Docker/line33.sh | 8 +- .../testdata/AKSUbuntu1604+Docker/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../AKSUbuntu1604+GPUDedicatedVHD/CustomData | 4 +- .../AKSUbuntu1604+GPUDedicatedVHD/line33.sh | 8 +- .../AKSUbuntu1604+GPUDedicatedVHD/line70.sh | 4 +- .../testdata/AKSUbuntu1604+K8S115/CustomData | 4 +- .../testdata/AKSUbuntu1604+K8S115/line33.sh | 8 +- .../testdata/AKSUbuntu1604+K8S115/line70.sh | 4 +- .../testdata/AKSUbuntu1604+K8S117/CustomData | 4 +- .../testdata/AKSUbuntu1604+K8S117/line33.sh | 8 +- .../testdata/AKSUbuntu1604+K8S117/line70.sh | 4 +- .../testdata/AKSUbuntu1604+K8S118/CustomData | 4 +- .../testdata/AKSUbuntu1604+K8S118/line33.sh | 8 +- .../testdata/AKSUbuntu1604+K8S118/line70.sh | 4 +- .../CustomData | 4 +- .../AKSUbuntu1604+KubeletConfigFile/line33.sh | 8 +- .../AKSUbuntu1604+KubeletConfigFile/line70.sh | 4 +- .../AKSUbuntu1604+OSKubeletDisk/CustomData | 4 +- .../AKSUbuntu1604+OSKubeletDisk/line33.sh | 8 +- .../AKSUbuntu1604+OSKubeletDisk/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../AKSUbuntu1604+TempDiskExplicit/CustomData | 4 +- .../AKSUbuntu1604+TempDiskExplicit/line33.sh | 8 +- .../AKSUbuntu1604+TempDiskExplicit/line70.sh | 4 +- .../AKSUbuntu1604+TempDiskToggle/CustomData | 4 +- .../AKSUbuntu1604+TempDiskToggle/line33.sh | 8 +- .../AKSUbuntu1604+TempDiskToggle/line70.sh | 4 +- .../CustomData | 4 +- .../AKSUbuntu1804+ArtifactStreaming/line33.sh | 8 +- .../AKSUbuntu1804+ArtifactStreaming/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../AKSUbuntu1804+Containerd+Certsd/line33.sh | 8 +- .../AKSUbuntu1804+Containerd+Certsd/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../AKSUbuntu1804+Containerd+MIG/CustomData | 4 +- .../AKSUbuntu1804+Containerd+MIG/line33.sh | 8 +- .../AKSUbuntu1804+Containerd+MIG/line70.sh | 4 +- .../AKSUbuntu1804+Containerd+MotD/CustomData | 4 +- .../AKSUbuntu1804+Containerd+MotD/line33.sh | 8 +- .../AKSUbuntu1804+Containerd+MotD/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../AKSUbuntu1804+CustomCATrust/CustomData | 4 +- .../AKSUbuntu1804+CustomCATrust/line33.sh | 8 +- .../AKSUbuntu1804+CustomCATrust/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../AKSUbuntu1804+DisableCustomData/line33.sh | 8 +- .../AKSUbuntu1804+DisableCustomData/line70.sh | 4 +- .../AKSUbuntu1804+HTTPProxy/CustomData | 4 +- .../AKSUbuntu1804+HTTPProxy/line33.sh | 8 +- .../AKSUbuntu1804+HTTPProxy/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../testdata/AKSUbuntu1804+NoneCNI/CustomData | 4 +- .../testdata/AKSUbuntu1804+NoneCNI/line33.sh | 8 +- .../testdata/AKSUbuntu1804+NoneCNI/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../AKSUbuntu1804+krustlet/CustomData | 4 +- .../testdata/AKSUbuntu1804+krustlet/line33.sh | 8 +- .../testdata/AKSUbuntu1804+krustlet/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../testdata/AKSUbuntu2204+China/CustomData | 4 +- .../testdata/AKSUbuntu2204+China/line33.sh | 8 +- .../testdata/AKSUbuntu2204+China/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../AKSUbuntu2204+Containerd+MIG/CustomData | 4 +- .../AKSUbuntu2204+Containerd+MIG/line33.sh | 8 +- .../AKSUbuntu2204+Containerd+MIG/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../AKSUbuntu2204+CustomCloud/CustomData | 4 +- .../AKSUbuntu2204+CustomCloud/line33.sh | 8 +- .../AKSUbuntu2204+CustomCloud/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../AKSUbuntu2204+OutboundTypeNil/CustomData | 4 +- .../AKSUbuntu2204+OutboundTypeNil/line33.sh | 8 +- .../AKSUbuntu2204+OutboundTypeNil/line70.sh | 4 +- .../AKSUbuntu2204+OutboundTypeNone/CustomData | 4 +- .../AKSUbuntu2204+OutboundTypeNone/line33.sh | 8 +- .../AKSUbuntu2204+OutboundTypeNone/line70.sh | 4 +- .../AKSUbuntu2204+SSHStatusOff/CustomData | 4 +- .../AKSUbuntu2204+SSHStatusOff/line33.sh | 8 +- .../AKSUbuntu2204+SSHStatusOff/line70.sh | 4 +- .../AKSUbuntu2204+SSHStatusOn/CustomData | 4 +- .../AKSUbuntu2204+SSHStatusOn/line33.sh | 8 +- .../AKSUbuntu2204+SSHStatusOn/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../AKSUbuntu2204+SecurityProfile/CustomData | 4 +- .../AKSUbuntu2204+SecurityProfile/line33.sh | 8 +- .../AKSUbuntu2204+SecurityProfile/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../AKSUbuntu2204+cgroupv2/CustomData | 4 +- .../testdata/AKSUbuntu2204+cgroupv2/line33.sh | 8 +- .../testdata/AKSUbuntu2204+cgroupv2/line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../CustomData | 4 +- .../line33.sh | 8 +- .../line70.sh | 4 +- .../AKSUbuntu2404+NetworkPolicy/CustomData | 4 +- .../AKSUbuntu2404+NetworkPolicy/line33.sh | 8 +- .../AKSUbuntu2404+NetworkPolicy/line70.sh | 4 +- .../AKSUbuntu2404+Teleport/CustomData | 4 +- .../testdata/AKSUbuntu2404+Teleport/line33.sh | 8 +- .../testdata/AKSUbuntu2404+Teleport/line70.sh | 4 +- .../testdata/AzureLinuxV2+Kata/CustomData | 4 +- .../testdata/AzureLinuxV2+Kata/line32.sh | 8 +- .../testdata/AzureLinuxV2+Kata/line68.sh | 4 +- .../CustomData | 4 +- .../line32.sh | 8 +- .../line68.sh | 4 +- .../CustomData | 4 +- .../line32.sh | 8 +- .../line68.sh | 4 +- .../CustomData | 4 +- .../line32.sh | 8 +- .../line68.sh | 4 +- .../CustomData | 4 +- .../line32.sh | 8 +- .../line68.sh | 4 +- pkg/agent/testdata/CustomizedImage/CustomData | 4 +- pkg/agent/testdata/CustomizedImage/line28.sh | 8 +- pkg/agent/testdata/CustomizedImage/line65.sh | 4 +- .../CustomizedImageKata+1.32/CustomData | 316 +++++++ .../CustomizedImageKata+1.32/line28.sh | 395 ++++++++ .../CustomizedImageKata+1.32/line65.sh | 892 ++++++++++++++++++ .../testdata/CustomizedImageKata/CustomData | 4 +- .../testdata/CustomizedImageKata/line28.sh | 8 +- .../testdata/CustomizedImageKata/line65.sh | 4 +- .../testdata/MarinerV2+CustomCloud/CustomData | 4 +- .../testdata/MarinerV2+CustomCloud/line32.sh | 8 +- .../testdata/MarinerV2+CustomCloud/line68.sh | 4 +- pkg/agent/testdata/MarinerV2+Kata/CustomData | 4 +- pkg/agent/testdata/MarinerV2+Kata/line32.sh | 8 +- pkg/agent/testdata/MarinerV2+Kata/line68.sh | 4 +- .../CustomData | 4 +- .../line32.sh | 8 +- .../line68.sh | 4 +- .../CustomData | 4 +- .../line32.sh | 8 +- .../line68.sh | 4 +- .../CustomData | 4 +- .../line32.sh | 8 +- .../line68.sh | 4 +- .../CustomData | 4 +- .../line32.sh | 8 +- .../line68.sh | 4 +- pkg/agent/testdata/RawUbuntu/CustomData | 4 +- pkg/agent/testdata/RawUbuntu/line33.sh | 8 +- pkg/agent/testdata/RawUbuntu/line70.sh | 4 +- .../testdata/RawUbuntuContainerd/CustomData | 4 +- .../testdata/RawUbuntuContainerd/line33.sh | 8 +- .../testdata/RawUbuntuContainerd/line70.sh | 4 +- .../cloud-init/artifacts/cse_config_spec.sh | 46 + 276 files changed, 2466 insertions(+), 635 deletions(-) create mode 100644 pkg/agent/testdata/CustomizedImageKata+1.32/CustomData create mode 100644 pkg/agent/testdata/CustomizedImageKata+1.32/line28.sh create mode 100644 pkg/agent/testdata/CustomizedImageKata+1.32/line65.sh diff --git a/parts/linux/cloud-init/artifacts/cse_config.sh b/parts/linux/cloud-init/artifacts/cse_config.sh index fab686e49ba..eadd705e97e 100755 --- a/parts/linux/cloud-init/artifacts/cse_config.sh +++ b/parts/linux/cloud-init/artifacts/cse_config.sh @@ -347,9 +347,11 @@ configureContainerdRegistryHost() { mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")" touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" + CONTAINER_REGISTRY_URL=$(sed 's@/@/v2/@1' <<< "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}/") tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null <>/opt/m + +source "${CSE_DISTRO_HELPERS_FILEPATH}" +source "${CSE_INSTALL_FILEPATH}" +source "${CSE_DISTRO_INSTALL_FILEPATH}" +source "${CSE_CONFIG_FILEPATH}" + +if [[ "${DISABLE_SSH}" == "true" ]]; then + disableSSH || exit $ERR_DISABLE_SSH +fi + +echo "private egress proxy address is '${PRIVATE_EGRESS_PROXY_ADDRESS}'" + +if [[ "${SHOULD_CONFIGURE_HTTP_PROXY}" == "true" ]]; then + if [[ "${SHOULD_CONFIGURE_HTTP_PROXY_CA}" == "true" ]]; then + configureHTTPProxyCA || exit $ERR_UPDATE_CA_CERTS + fi + configureEtcEnvironment +fi + + +if [[ "${SHOULD_CONFIGURE_CUSTOM_CA_TRUST}" == "true" ]]; then + logs_to_events "AKS.CSE.configureCustomCaCertificate" configureCustomCaCertificate || exit $ERR_UPDATE_CA_CERTS +fi + +registry_domain_name="mcr.microsoft.com" +if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then + registry_domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%%/*}" +fi +verify_DNS_health $registry_domain_name || exit $ERR_DNS_HEALTH_FAIL + +if [[ -n "${OUTBOUND_COMMAND}" ]]; then + if [[ -n "${PROXY_VARS}" ]]; then + eval $PROXY_VARS + fi + retrycmd_if_failure 50 1 5 $OUTBOUND_COMMAND >> /var/log/azure/cluster-provision-cse-output.log 2>&1 || exit $ERR_OUTBOUND_CONN_FAIL; +else + touch /var/run/outbound-check-skipped +fi + +logs_to_events "AKS.CSE.setCPUArch" setCPUArch +source /etc/os-release + +if [[ ${ID} != "mariner" ]] && [[ ${ID} != "azurelinux" ]]; then + echo "Removing man-db auto-update flag file..." + logs_to_events "AKS.CSE.removeManDbAutoUpdateFlagFile" removeManDbAutoUpdateFlagFile +fi + +if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then + logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${registry_domain_name}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $? +fi + +export -f should_skip_nvidia_drivers +skip_nvidia_driver_install=$(retrycmd_if_failure_no_stats 10 1 10 bash -cx should_skip_nvidia_drivers) +ret=$? +if [[ "$ret" != "0" ]]; then + echo "Failed to determine if nvidia driver install should be skipped" + exit $ERR_NVIDIA_DRIVER_INSTALL +fi + +if [[ "${GPU_NODE}" != "true" ]] || [[ "${skip_nvidia_driver_install}" == "true" ]]; then + logs_to_events "AKS.CSE.cleanUpGPUDrivers" cleanUpGPUDrivers +fi + +logs_to_events "AKS.CSE.disableSystemdResolved" disableSystemdResolved + +logs_to_events "AKS.CSE.configureAdminUser" configureAdminUser + +export -f getInstallModeAndCleanupContainerImages +SKIP_BINARY_CLEANUP=$(retrycmd_if_failure_no_stats 10 1 10 bash -cx should_skip_binary_cleanup) +FULL_INSTALL_REQUIRED=$(getInstallModeAndCleanupContainerImages $SKIP_BINARY_CLEANUP $IS_VHD) +ret=$? +if [[ "$ret" != "0" ]]; then + echo "Failed to get the install mode and cleanup container images" + exit $ERR_CLEANUP_CONTAINER_IMAGES +fi + +if [[ $OS == $UBUNTU_OS_NAME ]] && [ "$FULL_INSTALL_REQUIRED" = "true" ]; then + logs_to_events "AKS.CSE.installDeps" installDeps +else + echo "Golden image; skipping dependencies installation" +fi + +logs_to_events "AKS.CSE.installContainerRuntime" installContainerRuntime +if [ "${NEEDS_CONTAINERD}" == "true" ] && [ "${TELEPORT_ENABLED}" == "true" ]; then + logs_to_events "AKS.CSE.installTeleportdPlugin" installTeleportdPlugin +fi + +setupCNIDirs + +logs_to_events "AKS.CSE.installNetworkPlugin" installNetworkPlugin + +if [ "${IS_KRUSTLET}" == "true" ]; then + local versionsWasm=$(jq -r '.Packages[] | select(.name == "containerd-wasm-shims") | .downloadURIs.default.current.versionsV2[].latestVersion' "$COMPONENTS_FILEPATH") + local downloadLocationWasm=$(jq -r '.Packages[] | select(.name == "containerd-wasm-shims") | .downloadLocation' "$COMPONENTS_FILEPATH") + local downloadURLWasm=$(jq -r '.Packages[] | select(.name == "containerd-wasm-shims") | .downloadURIs.default.current.downloadURL' "$COMPONENTS_FILEPATH") + logs_to_events "AKS.CSE.installContainerdWasmShims" installContainerdWasmShims "$downloadLocationWasm" "$downloadURLWasm" "$versionsWasm" + + local versionsSpinKube=$(jq -r '.Packages[] | select(.name == spinkube") | .downloadURIs.default.current.versionsV2[].latestVersion' "$COMPONENTS_FILEPATH") + local downloadLocationSpinKube=$(jq -r '.Packages[] | select(.name == "spinkube) | .downloadLocation' "$COMPONENTS_FILEPATH") + local downloadURLSpinKube=$(jq -r '.Packages[] | select(.name == "spinkube") | .downloadURIs.default.current.downloadURL' "$COMPONENTS_FILEPATH") + logs_to_events "AKS.CSE.installSpinKube" installSpinKube "$downloadURSpinKube" "$downloadLocationSpinKube" "$versionsSpinKube" +fi + +if [ "${ENABLE_SECURE_TLS_BOOTSTRAPPING}" == "true" ]; then + logs_to_events "AKS.CSE.downloadSecureTLSBootstrapKubeletExecPlugin" downloadSecureTLSBootstrapKubeletExecPlugin +fi + +REBOOTREQUIRED=false + +echo $(date),$(hostname), "Start configuring GPU drivers" +if [[ "${GPU_NODE}" = true ]] && [[ "${skip_nvidia_driver_install}" != "true" ]]; then + logs_to_events "AKS.CSE.ensureGPUDrivers" ensureGPUDrivers + if [[ "${ENABLE_GPU_DEVICE_PLUGIN_IF_NEEDED}" = true ]]; then + if [[ "${MIG_NODE}" == "true" ]] && [[ -f "/etc/systemd/system/nvidia-device-plugin.service" ]]; then + mkdir -p "/etc/systemd/system/nvidia-device-plugin.service.d" + tee "/etc/systemd/system/nvidia-device-plugin.service.d/10-mig_strategy.conf" > /dev/null <<'EOF' +[Service] +Environment="MIG_STRATEGY=--mig-strategy single" +ExecStart= +ExecStart=/usr/local/nvidia/bin/nvidia-device-plugin $MIG_STRATEGY +EOF + fi + logs_to_events "AKS.CSE.start.nvidia-device-plugin" "systemctlEnableAndStart nvidia-device-plugin" || exit $ERR_GPU_DEVICE_PLUGIN_START_FAIL + else + logs_to_events "AKS.CSE.stop.nvidia-device-plugin" "systemctlDisableAndStop nvidia-device-plugin" + fi + + if [[ "${GPU_NEEDS_FABRIC_MANAGER}" == "true" ]]; then + if isMarinerOrAzureLinux "$OS"; then + logs_to_events "AKS.CSE.installNvidiaFabricManager" installNvidiaFabricManager + fi + logs_to_events "AKS.CSE.nvidia-fabricmanager" "systemctlEnableAndStart nvidia-fabricmanager" || exit $ERR_GPU_DRIVERS_START_FAIL + fi + + if [[ "${MIG_NODE}" == "true" ]]; then + REBOOTREQUIRED=true + + logs_to_events "AKS.CSE.ensureMigPartition" ensureMigPartition + fi +fi + +echo $(date),$(hostname), "End configuring GPU drivers" + +if [ "${NEEDS_DOCKER_LOGIN}" == "true" ]; then + set +x + docker login -u $SERVICE_PRINCIPAL_CLIENT_ID -p $SERVICE_PRINCIPAL_CLIENT_SECRET "${AZURE_PRIVATE_REGISTRY_SERVER}" + set -x +fi + +logs_to_events "AKS.CSE.installKubeletKubectlAndKubeProxy" installKubeletKubectlAndKubeProxy + +createKubeManifestDir + +if [ "${HAS_CUSTOM_SEARCH_DOMAIN}" == "true" ]; then + "${CUSTOM_SEARCH_DOMAIN_FILEPATH}" > /opt/azure/containers/setup-custom-search-domain.log 2>&1 || exit $ERR_CUSTOM_SEARCH_DOMAINS_FAIL +fi + + +mkdir -p "/etc/systemd/system/kubelet.service.d" + +logs_to_events "AKS.CSE.configureKubeletServing" configureKubeletServing + +logs_to_events "AKS.CSE.configureK8s" configureK8s + +logs_to_events "AKS.CSE.configureCNI" configureCNI + +if [ "${IPV6_DUAL_STACK_ENABLED}" == "true" ]; then + logs_to_events "AKS.CSE.ensureDHCPv6" ensureDHCPv6 +fi + +if isMarinerOrAzureLinux "$OS"; then + logs_to_events "AKS.CSE.configureSystemdUseDomains" configureSystemdUseDomains +fi + +if [ "${NEEDS_CONTAINERD}" == "true" ]; then + logs_to_events "AKS.CSE.ensureContainerd" ensureContainerd +else + logs_to_events "AKS.CSE.ensureDocker" ensureDocker +fi + +if [[ "${MESSAGE_OF_THE_DAY}" != "" ]]; then + if isMarinerOrAzureLinux "$OS" && [ -f /etc/dnf/automatic.conf ]; then + sed -i "s/emit_via = motd/emit_via = stdio/g" /etc/dnf/automatic.conf + elif [[ $OS == "$UBUNTU_OS_NAME" ]] && [[ -d "/etc/update-motd.d" ]]; then + aksCustomMotdUpdatePath=/etc/update-motd.d/99-aks-custom-motd + touch "${aksCustomMotdUpdatePath}" + chmod 0755 "${aksCustomMotdUpdatePath}" + echo -e "#!/bin/bash\ncat /etc/motd" > "${aksCustomMotdUpdatePath}" + fi + echo "${MESSAGE_OF_THE_DAY}" | base64 -d > /etc/motd +fi + +if [[ "${TARGET_CLOUD}" == "AzureChinaCloud" ]]; then + retagMCRImagesForChina +fi + +if [[ "${ENABLE_HOSTS_CONFIG_AGENT}" == "true" ]]; then + logs_to_events "AKS.CSE.configPrivateClusterHosts" configPrivateClusterHosts +fi + +if [ "${SHOULD_CONFIG_TRANSPARENT_HUGE_PAGE}" == "true" ]; then + logs_to_events "AKS.CSE.configureTransparentHugePage" configureTransparentHugePage +fi + +if [ "${SHOULD_CONFIG_SWAP_FILE}" == "true" ]; then + logs_to_events "AKS.CSE.configureSwapFile" configureSwapFile +fi + +if [ "${NEEDS_CGROUPV2}" == "true" ]; then + tee "/etc/systemd/system/kubelet.service.d/10-cgroupv2.conf" > /dev/null < /etc/containerd/kubenet_template.conf + + tee "/etc/systemd/system/kubelet.service.d/10-containerd-base-flag.conf" > /dev/null <<'EOF' +[Service] +Environment="KUBELET_CONTAINERD_FLAGS=--runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock --runtime-cgroups=/system.slice/containerd.service" +EOF + + if ! semverCompare ${KUBERNETES_VERSION:-"0.0.0"} "1.27.0"; then + tee "/etc/systemd/system/kubelet.service.d/10-container-runtime-flag.conf" > /dev/null <<'EOF' +[Service] +Environment="KUBELET_CONTAINER_RUNTIME_FLAG=--container-runtime=remote" +EOF + fi +fi + +if [ "${HAS_KUBELET_DISK_TYPE}" == "true" ]; then + tee "/etc/systemd/system/kubelet.service.d/10-bindmount.conf" > /dev/null < /sys/bus/vmbus/drivers/hv_util/unbind + sed -i "13i\echo 2dd1ce17-079e-403c-b352-a1921ee207ee > /sys/bus/vmbus/drivers/hv_util/unbind\n" /etc/rc.local + fi +fi + +VALIDATION_ERR=0 + + +API_SERVER_CONN_RETRIES=50 +if [[ $API_SERVER_NAME == *.privatelink.* ]]; then + API_SERVER_CONN_RETRIES=100 +fi +if ! [[ ${API_SERVER_NAME} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + API_SERVER_DNS_RETRY_TIMEOUT=300 + if [[ $API_SERVER_NAME == *.privatelink.* ]]; then + API_SERVER_DNS_RETRY_TIMEOUT=600 + fi + if [[ "${ENABLE_HOSTS_CONFIG_AGENT}" != "true" ]]; then + RES=$(logs_to_events "AKS.CSE.apiserverNslookup" "retrycmd_nslookup 1 15 ${API_SERVER_DNS_RETRY_TIMEOUT} ${API_SERVER_NAME}") + STS=$? + else + STS=0 + fi + if [[ $STS != 0 ]]; then + time nslookup ${API_SERVER_NAME} + if [[ $RES == *"168.63.129.16"* ]]; then + VALIDATION_ERR=$ERR_K8S_API_SERVER_AZURE_DNS_LOOKUP_FAIL + else + VALIDATION_ERR=$ERR_K8S_API_SERVER_DNS_LOOKUP_FAIL + fi + else + if [ "${UBUNTU_RELEASE}" == "18.04" ]; then + #TODO (djsly): remove this once 18.04 isn't supported anymore + logs_to_events "AKS.CSE.apiserverNC" "retrycmd_if_failure ${API_SERVER_CONN_RETRIES} 1 10 nc -vz ${API_SERVER_NAME} 443" || time nc -vz ${API_SERVER_NAME} 443 || VALIDATION_ERR=$ERR_K8S_API_SERVER_CONN_FAIL + else + logs_to_events "AKS.CSE.apiserverCurl" "retrycmd_if_failure ${API_SERVER_CONN_RETRIES} 1 10 curl -v --cacert /etc/kubernetes/certs/ca.crt https://${API_SERVER_NAME}:443" || time curl -v --cacert /etc/kubernetes/certs/ca.crt "https://${API_SERVER_NAME}:443" || VALIDATION_ERR=$ERR_K8S_API_SERVER_CONN_FAIL + fi + fi +else + API_SERVER_CONN_RETRIES=300 + logs_to_events "AKS.CSE.apiserverNC" "retrycmd_if_failure ${API_SERVER_CONN_RETRIES} 1 10 nc -vz ${API_SERVER_NAME} 443" || time nc -vz ${API_SERVER_NAME} 443 || VALIDATION_ERR=$ERR_K8S_API_SERVER_CONN_FAIL +fi + +if [[ ${ID} != "mariner" ]] && [[ ${ID} != "azurelinux" ]]; then + echo "Recreating man-db auto-update flag file and kicking off man-db update process at $(date)" + createManDbAutoUpdateFlagFile + /usr/bin/mandb && echo "man-db finished updates at $(date)" & +fi + +if $REBOOTREQUIRED; then + echo 'reboot required, rebooting node in 1 minute' + /bin/bash -c "shutdown -r 1 &" + if [[ $OS == $UBUNTU_OS_NAME ]]; then + aptmarkWALinuxAgent unhold & + fi +else + if [[ $OS == $UBUNTU_OS_NAME ]]; then + if [ "${ENABLE_UNATTENDED_UPGRADES}" == "true" ]; then + UU_CONFIG_DIR="/etc/apt/apt.conf.d/99periodic" + mkdir -p "$(dirname "${UU_CONFIG_DIR}")" + touch "${UU_CONFIG_DIR}" + chmod 0644 "${UU_CONFIG_DIR}" + echo 'APT::Periodic::Update-Package-Lists "1";' >> "${UU_CONFIG_DIR}" + echo 'APT::Periodic::Unattended-Upgrade "1";' >> "${UU_CONFIG_DIR}" + systemctl unmask apt-daily.service apt-daily-upgrade.service + systemctl enable apt-daily.service apt-daily-upgrade.service + systemctl enable apt-daily.timer apt-daily-upgrade.timer + systemctl restart --no-block apt-daily.timer apt-daily-upgrade.timer + systemctl restart --no-block apt-daily.service + + fi + aptmarkWALinuxAgent unhold & + elif isMarinerOrAzureLinux "$OS"; then + if [ "${ENABLE_UNATTENDED_UPGRADES}" == "true" ]; then + if [ "${IS_KATA}" == "true" ]; then + echo 'EnableUnattendedUpgrade is not supported by kata images, will not be enabled' + else + systemctl disable dnf-automatic-notifyonly.timer + systemctl stop dnf-automatic-notifyonly.timer + systemctl unmask dnf-automatic-install.service || exit $ERR_SYSTEMCTL_START_FAIL + systemctl unmask dnf-automatic-install.timer || exit $ERR_SYSTEMCTL_START_FAIL + systemctlEnableAndStart dnf-automatic-install.timer || exit $ERR_SYSTEMCTL_START_FAIL + fi + fi + fi +fi + +echo "Custom script finished. API server connection check code:" $VALIDATION_ERR +echo $(date),$(hostname), endcustomscript>>/opt/m + +exit $VALIDATION_ERR + + +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImageKata+1.32/line65.sh b/pkg/agent/testdata/CustomizedImageKata+1.32/line65.sh new file mode 100644 index 00000000000..7f6b7a2c050 --- /dev/null +++ b/pkg/agent/testdata/CustomizedImageKata+1.32/line65.sh @@ -0,0 +1,892 @@ +#!/bin/bash +NODE_INDEX=$(hostname | tail -c 2) +NODE_NAME=$(hostname) + +configureAdminUser(){ + chage -E -1 -I -1 -m 0 -M 99999 "${ADMINUSER}" + chage -l "${ADMINUSER}" +} + +configPrivateClusterHosts() { + mkdir -p /etc/systemd/system/reconcile-private-hosts.service.d/ + touch /etc/systemd/system/reconcile-private-hosts.service.d/10-fqdn.conf + tee /etc/systemd/system/reconcile-private-hosts.service.d/10-fqdn.conf > /dev/null < /sys/kernel/mm/transparent_hugepage/enabled + echo "kernel/mm/transparent_hugepage/enabled=${THP_ENABLED}" >> ${ETC_SYSFS_CONF} + fi + if [[ "${THP_DEFRAG}" != "" ]]; then + echo "${THP_DEFRAG}" > /sys/kernel/mm/transparent_hugepage/defrag + echo "kernel/mm/transparent_hugepage/defrag=${THP_DEFRAG}" >> ${ETC_SYSFS_CONF} + fi +} + +configureSystemdUseDomains() { + NETWORK_CONFIG_FILE="/etc/systemd/networkd.conf" + + if awk '/^\[DHCPv4\]/{flag=1; next} /^\[/{flag=0} flag && /#UseDomains=no/' "$NETWORK_CONFIG_FILE"; then + sed -i '/^\[DHCPv4\]/,/^\[/ s/#UseDomains=no/UseDomains=yes/' $NETWORK_CONFIG_FILE + fi + + if [ "${IPV6_DUAL_STACK_ENABLED}" == "true" ]; then + if awk '/^\[DHCPv6\]/{flag=1; next} /^\[/{flag=0} flag && /#UseDomains=no/' "$NETWORK_CONFIG_FILE"; then + sed -i '/^\[DHCPv6\]/,/^\[/ s/#UseDomains=no/UseDomains=yes/' $NETWORK_CONFIG_FILE + fi + fi + + systemctl restart systemd-networkd + + systemctl restart rsyslog +} + +configureSwapFile() { + swap_size_kb=$(expr ${SWAP_FILE_SIZE_MB} \* 1000) + swap_location="" + + if [[ -L /dev/disk/azure/resource-part1 ]]; then + resource_disk_path=$(findmnt -nr -o target -S $(readlink -f /dev/disk/azure/resource-part1)) + disk_free_kb=$(df ${resource_disk_path} | sed 1d | awk '{print $4}') + if [[ ${disk_free_kb} -gt ${swap_size_kb} ]]; then + echo "Will use resource disk for swap file" + swap_location=${resource_disk_path}/swapfile + else + echo "Insufficient disk space on resource disk to create swap file: request ${swap_size_kb} free ${disk_free_kb}, attempting to fall back to OS disk..." + fi + fi + + if [[ -z "${swap_location}" ]]; then + os_device=$(readlink -f /dev/disk/azure/root) + disk_free_kb=$(df -P / | sed 1d | awk '{print $4}') + if [[ ${disk_free_kb} -gt ${swap_size_kb} ]]; then + echo "Will use OS disk for swap file" + swap_location=/swapfile + else + echo "Insufficient disk space on OS device ${os_device} to create swap file: request ${swap_size_kb} free ${disk_free_kb}" + exit $ERR_SWAP_CREATE_INSUFFICIENT_DISK_SPACE + fi + fi + + echo "Swap file will be saved to: ${swap_location}" + retrycmd_if_failure 24 5 25 fallocate -l ${swap_size_kb}K ${swap_location} || exit $ERR_SWAP_CREATE_FAIL + chmod 600 ${swap_location} + retrycmd_if_failure 24 5 25 mkswap ${swap_location} || exit $ERR_SWAP_CREATE_FAIL + retrycmd_if_failure 24 5 25 swapon ${swap_location} || exit $ERR_SWAP_CREATE_FAIL + retrycmd_if_failure 24 5 25 swapon --show | grep ${swap_location} || exit $ERR_SWAP_CREATE_FAIL + echo "${swap_location} none swap sw 0 0" >> /etc/fstab +} + +configureEtcEnvironment() { + mkdir -p /etc/systemd/system.conf.d/ + touch /etc/systemd/system.conf.d/proxy.conf + chmod 0644 /etc/systemd/system.conf.d/proxy.conf + + mkdir -p /etc/apt/apt.conf.d + touch /etc/apt/apt.conf.d/95proxy + chmod 0644 /etc/apt/apt.conf.d/95proxy + + echo "[Manager]" >> /etc/systemd/system.conf.d/proxy.conf + if [ "${HTTP_PROXY_URLS}" != "" ]; then + echo "HTTP_PROXY=${HTTP_PROXY_URLS}" >> /etc/environment + echo "http_proxy=${HTTP_PROXY_URLS}" >> /etc/environment + echo "Acquire::http::proxy \"${HTTP_PROXY_URLS}\";" >> /etc/apt/apt.conf.d/95proxy + echo "DefaultEnvironment=\"HTTP_PROXY=${HTTP_PROXY_URLS}\"" >> /etc/systemd/system.conf.d/proxy.conf + echo "DefaultEnvironment=\"http_proxy=${HTTP_PROXY_URLS}\"" >> /etc/systemd/system.conf.d/proxy.conf + fi + if [ "${HTTPS_PROXY_URLS}" != "" ]; then + echo "HTTPS_PROXY=${HTTPS_PROXY_URLS}" >> /etc/environment + echo "https_proxy=${HTTPS_PROXY_URLS}" >> /etc/environment + echo "Acquire::https::proxy \"${HTTPS_PROXY_URLS}\";" >> /etc/apt/apt.conf.d/95proxy + echo "DefaultEnvironment=\"HTTPS_PROXY=${HTTPS_PROXY_URLS}\"" >> /etc/systemd/system.conf.d/proxy.conf + echo "DefaultEnvironment=\"https_proxy=${HTTPS_PROXY_URLS}\"" >> /etc/systemd/system.conf.d/proxy.conf + fi + if [ "${NO_PROXY_URLS}" != "" ]; then + echo "NO_PROXY=${NO_PROXY_URLS}" >> /etc/environment + echo "no_proxy=${NO_PROXY_URLS}" >> /etc/environment + echo "DefaultEnvironment=\"NO_PROXY=${NO_PROXY_URLS}\"" >> /etc/systemd/system.conf.d/proxy.conf + echo "DefaultEnvironment=\"no_proxy=${NO_PROXY_URLS}\"" >> /etc/systemd/system.conf.d/proxy.conf + fi + + mkdir -p "/etc/systemd/system/kubelet.service.d" + tee "/etc/systemd/system/kubelet.service.d/10-httpproxy.conf" > /dev/null <<'EOF' +[Service] +EnvironmentFile=/etc/environment +EOF +} + +configureHTTPProxyCA() { + if isMarinerOrAzureLinux "$OS"; then + cert_dest="/usr/share/pki/ca-trust-source/anchors" + update_cmd="update-ca-trust" + else + cert_dest="/usr/local/share/ca-certificates" + update_cmd="update-ca-certificates" + fi + HTTP_PROXY_TRUSTED_CA=$(echo "${HTTP_PROXY_TRUSTED_CA}" | xargs) + echo "${HTTP_PROXY_TRUSTED_CA}" | base64 -d > "${cert_dest}/proxyCA.crt" || exit $ERR_UPDATE_CA_CERTS + $update_cmd || exit $ERR_UPDATE_CA_CERTS +} + +configureCustomCaCertificate() { + mkdir -p /opt/certs + for i in $(seq 0 $((${CUSTOM_CA_TRUST_COUNT} - 1))); do + declare varname=CUSTOM_CA_CERT_${i} + echo "${!varname}" | base64 -d > /opt/certs/00000000000000cert${i}.crt + done + systemctl restart update_certs.service || exit $ERR_UPDATE_CA_CERTS + systemctl restart containerd +} + +configureContainerdUlimits() { + CONTAINERD_ULIMIT_DROP_IN_FILE_PATH="/etc/systemd/system/containerd.service.d/set_ulimits.conf" + touch "${CONTAINERD_ULIMIT_DROP_IN_FILE_PATH}" + chmod 0600 "${CONTAINERD_ULIMIT_DROP_IN_FILE_PATH}" + tee "${CONTAINERD_ULIMIT_DROP_IN_FILE_PATH}" > /dev/null < /etc/kubernetes/certs/client.key + fi + if [ -n "${KUBELET_CLIENT_CERT_CONTENT}" ]; then + echo "${KUBELET_CLIENT_CERT_CONTENT}" | base64 -d > /etc/kubernetes/certs/client.crt + fi + if [ -n "${SERVICE_PRINCIPAL_FILE_CONTENT}" ]; then + echo "${SERVICE_PRINCIPAL_FILE_CONTENT}" | base64 -d > /etc/kubernetes/sp.txt + fi + + echo "${APISERVER_PUBLIC_KEY}" | base64 --decode > "${APISERVER_PUBLIC_KEY_PATH}" + SP_FILE="/etc/kubernetes/sp.txt" + SERVICE_PRINCIPAL_CLIENT_SECRET="$(cat "$SP_FILE")" + SERVICE_PRINCIPAL_CLIENT_SECRET=${SERVICE_PRINCIPAL_CLIENT_SECRET//\\/\\\\} + SERVICE_PRINCIPAL_CLIENT_SECRET=${SERVICE_PRINCIPAL_CLIENT_SECRET//\"/\\\"} + rm "$SP_FILE" + cat << EOF > "${AZURE_JSON_PATH}" +{ + "cloud": "${TARGET_CLOUD}", + "tenantId": "${TENANT_ID}", + "subscriptionId": "${SUBSCRIPTION_ID}", + "aadClientId": "${SERVICE_PRINCIPAL_CLIENT_ID}", + "aadClientSecret": "${SERVICE_PRINCIPAL_CLIENT_SECRET}", + "resourceGroup": "${RESOURCE_GROUP}", + "location": "${LOCATION}", + "vmType": "${VM_TYPE}", + "subnetName": "${SUBNET}", + "securityGroupName": "${NETWORK_SECURITY_GROUP}", + "vnetName": "${VIRTUAL_NETWORK}", + "vnetResourceGroup": "${VIRTUAL_NETWORK_RESOURCE_GROUP}", + "routeTableName": "${ROUTE_TABLE}", + "primaryAvailabilitySetName": "${PRIMARY_AVAILABILITY_SET}", + "primaryScaleSetName": "${PRIMARY_SCALE_SET}", + "cloudProviderBackoffMode": "${CLOUDPROVIDER_BACKOFF_MODE}", + "cloudProviderBackoff": ${CLOUDPROVIDER_BACKOFF}, + "cloudProviderBackoffRetries": ${CLOUDPROVIDER_BACKOFF_RETRIES}, + "cloudProviderBackoffExponent": ${CLOUDPROVIDER_BACKOFF_EXPONENT}, + "cloudProviderBackoffDuration": ${CLOUDPROVIDER_BACKOFF_DURATION}, + "cloudProviderBackoffJitter": ${CLOUDPROVIDER_BACKOFF_JITTER}, + "cloudProviderRateLimit": ${CLOUDPROVIDER_RATELIMIT}, + "cloudProviderRateLimitQPS": ${CLOUDPROVIDER_RATELIMIT_QPS}, + "cloudProviderRateLimitBucket": ${CLOUDPROVIDER_RATELIMIT_BUCKET}, + "cloudProviderRateLimitQPSWrite": ${CLOUDPROVIDER_RATELIMIT_QPS_WRITE}, + "cloudProviderRateLimitBucketWrite": ${CLOUDPROVIDER_RATELIMIT_BUCKET_WRITE}, + "useManagedIdentityExtension": ${USE_MANAGED_IDENTITY_EXTENSION}, + "userAssignedIdentityID": "${USER_ASSIGNED_IDENTITY_ID}", + "useInstanceMetadata": ${USE_INSTANCE_METADATA}, + "loadBalancerSku": "${LOAD_BALANCER_SKU}", + "disableOutboundSNAT": ${LOAD_BALANCER_DISABLE_OUTBOUND_SNAT}, + "excludeMasterFromStandardLB": ${EXCLUDE_MASTER_FROM_STANDARD_LB}, + "providerVaultName": "${KMS_PROVIDER_VAULT_NAME}", + "maximumLoadBalancerRuleCount": ${MAXIMUM_LOADBALANCER_RULE_COUNT}, + "providerKeyName": "k8s", + "providerKeyVersion": "" +} +EOF + set -x + if [[ "${CLOUDPROVIDER_BACKOFF_MODE}" = "v2" ]]; then + sed -i "/cloudProviderBackoffExponent/d" /etc/kubernetes/azure.json + sed -i "/cloudProviderBackoffJitter/d" /etc/kubernetes/azure.json + fi + + if [ "${IS_CUSTOM_CLOUD}" == "true" ]; then + set +x + AKS_CUSTOM_CLOUD_JSON_PATH="/etc/kubernetes/${TARGET_ENVIRONMENT}.json" + touch "${AKS_CUSTOM_CLOUD_JSON_PATH}" + chmod 0600 "${AKS_CUSTOM_CLOUD_JSON_PATH}" + chown root:root "${AKS_CUSTOM_CLOUD_JSON_PATH}" + + echo "${CUSTOM_ENV_JSON}" | base64 -d > "${AKS_CUSTOM_CLOUD_JSON_PATH}" + set -x + fi + + if [ "${KUBELET_CONFIG_FILE_ENABLED}" == "true" ]; then + set +x + KUBELET_CONFIG_JSON_PATH="/etc/default/kubeletconfig.json" + touch "${KUBELET_CONFIG_JSON_PATH}" + chmod 0600 "${KUBELET_CONFIG_JSON_PATH}" + chown root:root "${KUBELET_CONFIG_JSON_PATH}" + echo "${KUBELET_CONFIG_FILE_CONTENT}" | base64 -d > "${KUBELET_CONFIG_JSON_PATH}" + set -x + KUBELET_CONFIG_DROP_IN="/etc/systemd/system/kubelet.service.d/10-componentconfig.conf" + touch "${KUBELET_CONFIG_DROP_IN}" + chmod 0600 "${KUBELET_CONFIG_DROP_IN}" + tee "${KUBELET_CONFIG_DROP_IN}" > /dev/null < /etc/modules-load.d/br_netfilter.conf + configureCNIIPTables +} + +configureCNIIPTables() { + if [[ "${NETWORK_PLUGIN}" = "azure" ]]; then + mv $CNI_BIN_DIR/10-azure.conflist $CNI_CONFIG_DIR/ + chmod 600 $CNI_CONFIG_DIR/10-azure.conflist + if [[ "${NETWORK_POLICY}" == "calico" ]]; then + sed -i 's#"mode":"bridge"#"mode":"transparent"#g' $CNI_CONFIG_DIR/10-azure.conflist + elif [[ "${NETWORK_POLICY}" == "" || "${NETWORK_POLICY}" == "none" ]] && [[ "${NETWORK_MODE}" == "transparent" ]]; then + sed -i 's#"mode":"bridge"#"mode":"transparent"#g' $CNI_CONFIG_DIR/10-azure.conflist + fi + /sbin/ebtables -t nat --list + fi +} + +disableSystemdResolved() { + ls -ltr /etc/resolv.conf + cat /etc/resolv.conf + UBUNTU_RELEASE=$(lsb_release -r -s) + if [[ "${UBUNTU_RELEASE}" == "18.04" || "${UBUNTU_RELEASE}" == "20.04" || "${UBUNTU_RELEASE}" == "22.04" || "${UBUNTU_RELEASE}" == "24.04" ]]; then + echo "Ingoring systemd-resolved query service but using its resolv.conf file" + echo "This is the simplest approach to workaround resolved issues without completely uninstall it" + [ -f /run/systemd/resolve/resolv.conf ] && sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf + ls -ltr /etc/resolv.conf + cat /etc/resolv.conf + fi +} + +ensureContainerd() { + if [ "${TELEPORT_ENABLED}" == "true" ]; then + ensureTeleportd + fi + mkdir -p "/etc/systemd/system/containerd.service.d" + tee "/etc/systemd/system/containerd.service.d/exec_start.conf" > /dev/null < /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT + else + echo "Generating containerd config..." + echo "${CONTAINERD_CONFIG_CONTENT}" | base64 -d > /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT + fi + + if [[ -n "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}" ]]; then + logs_to_events "AKS.CSE.ensureContainerd.configureContainerdRegistryHost" configureContainerdRegistryHost + fi + + tee "/etc/sysctl.d/99-force-bridge-forward.conf" > /dev/null < /dev/null < "${KUBELET_DEFAULT_FILE}" + echo "KUBELET_REGISTER_SCHEDULABLE=true" >> "${KUBELET_DEFAULT_FILE}" + echo "NETWORK_POLICY=${NETWORK_POLICY}" >> "${KUBELET_DEFAULT_FILE}" + echo "KUBELET_IMAGE=${KUBELET_IMAGE}" >> "${KUBELET_DEFAULT_FILE}" + echo "KUBELET_NODE_LABELS=${KUBELET_NODE_LABELS}" >> "${KUBELET_DEFAULT_FILE}" + if [ -n "${AZURE_ENVIRONMENT_FILEPATH}" ]; then + echo "AZURE_ENVIRONMENT_FILEPATH=${AZURE_ENVIRONMENT_FILEPATH}" >> "${KUBELET_DEFAULT_FILE}" + fi + chmod 0600 "${KUBELET_DEFAULT_FILE}" + + KUBE_CA_FILE="/etc/kubernetes/certs/ca.crt" + mkdir -p "$(dirname "${KUBE_CA_FILE}")" + echo "${KUBE_CA_CRT}" | base64 -d > "${KUBE_CA_FILE}" + chmod 0600 "${KUBE_CA_FILE}" + + if [ "${ENABLE_SECURE_TLS_BOOTSTRAPPING}" == "true" ] || [ -n "${TLS_BOOTSTRAP_TOKEN}" ]; then + KUBELET_TLS_DROP_IN="/etc/systemd/system/kubelet.service.d/10-tlsbootstrap.conf" + mkdir -p "$(dirname "${KUBELET_TLS_DROP_IN}")" + touch "${KUBELET_TLS_DROP_IN}" + chmod 0600 "${KUBELET_TLS_DROP_IN}" + tee "${KUBELET_TLS_DROP_IN}" > /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < "${SYSCTL_CONFIG_FILE}" + retrycmd_if_failure 24 5 25 sysctl --system +} + +ensureK8sControlPlane() { + if $REBOOTREQUIRED || [ "$NO_OUTBOUND" = "true" ]; then + return + fi + retrycmd_if_failure 120 5 25 $KUBECTL 2>/dev/null cluster-info || exit $ERR_K8S_RUNNING_TIMEOUT +} + +createKubeManifestDir() { + KUBEMANIFESTDIR=/etc/kubernetes/manifests + mkdir -p $KUBEMANIFESTDIR +} + +writeKubeConfig() { + KUBECONFIGDIR=/home/$ADMINUSER/.kube + KUBECONFIGFILE=$KUBECONFIGDIR/config + mkdir -p $KUBECONFIGDIR + touch $KUBECONFIGFILE + chown $ADMINUSER:$ADMINUSER $KUBECONFIGDIR + chown $ADMINUSER:$ADMINUSER $KUBECONFIGFILE + chmod 700 $KUBECONFIGDIR + chmod 600 $KUBECONFIGFILE + set +x + echo " +--- +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: \"$CA_CERTIFICATE\" + server: $KUBECONFIG_SERVER + name: \"$MASTER_FQDN\" +contexts: +- context: + cluster: \"$MASTER_FQDN\" + user: \"$MASTER_FQDN-admin\" + name: \"$MASTER_FQDN\" +current-context: \"$MASTER_FQDN\" +kind: Config +users: +- name: \"$MASTER_FQDN-admin\" + user: + client-certificate-data: \"$KUBECONFIG_CERTIFICATE\" + client-key-data: \"$KUBECONFIG_KEY\" +" > $KUBECONFIGFILE + set -x +} + +configClusterAutoscalerAddon() { + CLUSTER_AUTOSCALER_ADDON_FILE=/etc/kubernetes/addons/cluster-autoscaler-deployment.yaml + sed -i "s||$(echo $SERVICE_PRINCIPAL_CLIENT_ID | base64)|g" $CLUSTER_AUTOSCALER_ADDON_FILE + sed -i "s||$(echo $SERVICE_PRINCIPAL_CLIENT_SECRET | base64)|g" $CLUSTER_AUTOSCALER_ADDON_FILE + sed -i "s||$(echo $SUBSCRIPTION_ID | base64)|g" $CLUSTER_AUTOSCALER_ADDON_FILE + sed -i "s||$(echo $TENANT_ID | base64)|g" $CLUSTER_AUTOSCALER_ADDON_FILE + sed -i "s||$(echo $RESOURCE_GROUP | base64)|g" $CLUSTER_AUTOSCALER_ADDON_FILE +} + +configACIConnectorAddon() { + ACI_CONNECTOR_CREDENTIALS=$(printf "{\"clientId\": \"%s\", \"clientSecret\": \"%s\", \"tenantId\": \"%s\", \"subscriptionId\": \"%s\", \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com\",\"resourceManagerEndpointUrl\": \"https://management.azure.com/\", \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\", \"sqlManagementEndpointUrl\": \"https://management.core.windows.net:8443/\", \"galleryEndpointUrl\": \"https://gallery.azure.com/\", \"managementEndpointUrl\": \"https://management.core.windows.net/\"}" "$SERVICE_PRINCIPAL_CLIENT_ID" "$SERVICE_PRINCIPAL_CLIENT_SECRET" "$TENANT_ID" "$SUBSCRIPTION_ID" | base64 -w 0) + + openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 -keyout /etc/kubernetes/certs/aci-connector-key.pem -out /etc/kubernetes/certs/aci-connector-cert.pem -subj "/C=US/ST=CA/L=virtualkubelet/O=virtualkubelet/OU=virtualkubelet/CN=virtualkubelet" + ACI_CONNECTOR_KEY=$(base64 /etc/kubernetes/certs/aci-connector-key.pem -w0) + ACI_CONNECTOR_CERT=$(base64 /etc/kubernetes/certs/aci-connector-cert.pem -w0) + + ACI_CONNECTOR_ADDON_FILE=/etc/kubernetes/addons/aci-connector-deployment.yaml + sed -i "s||$ACI_CONNECTOR_CREDENTIALS|g" $ACI_CONNECTOR_ADDON_FILE + sed -i "s||$RESOURCE_GROUP|g" $ACI_CONNECTOR_ADDON_FILE + sed -i "s||$ACI_CONNECTOR_CERT|g" $ACI_CONNECTOR_ADDON_FILE + sed -i "s||$ACI_CONNECTOR_KEY|g" $ACI_CONNECTOR_ADDON_FILE +} + +configAzurePolicyAddon() { + AZURE_POLICY_ADDON_FILE=/etc/kubernetes/addons/azure-policy-deployment.yaml + sed -i "s||/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP|g" $AZURE_POLICY_ADDON_FILE +} + +configGPUDrivers() { + if [[ $OS == $UBUNTU_OS_NAME ]]; then + mkdir -p /opt/{actions,gpu} + if [[ "${CONTAINER_RUNTIME}" == "containerd" ]]; then + ctr -n k8s.io image pull $NVIDIA_DRIVER_IMAGE:$NVIDIA_DRIVER_IMAGE_TAG + retrycmd_if_failure 5 10 600 bash -c "$CTR_GPU_INSTALL_CMD $NVIDIA_DRIVER_IMAGE:$NVIDIA_DRIVER_IMAGE_TAG gpuinstall /entrypoint.sh install" + ret=$? + if [[ "$ret" != "0" ]]; then + echo "Failed to install GPU driver, exiting..." + exit $ERR_GPU_DRIVERS_START_FAIL + fi + ctr -n k8s.io images rm --sync $NVIDIA_DRIVER_IMAGE:$NVIDIA_DRIVER_IMAGE_TAG + else + bash -c "$DOCKER_GPU_INSTALL_CMD $NVIDIA_DRIVER_IMAGE:$NVIDIA_DRIVER_IMAGE_TAG install" + ret=$? + if [[ "$ret" != "0" ]]; then + echo "Failed to install GPU driver, exiting..." + exit $ERR_GPU_DRIVERS_START_FAIL + fi + docker rmi $NVIDIA_DRIVER_IMAGE:$NVIDIA_DRIVER_IMAGE_TAG + fi + elif isMarinerOrAzureLinux "$OS"; then + downloadGPUDrivers + installNvidiaContainerToolkit + enableNvidiaPersistenceMode + else + echo "os $OS not supported at this time. skipping configGPUDrivers" + exit 1 + fi + + retrycmd_if_failure 120 5 25 nvidia-modprobe -u -c0 || exit $ERR_GPU_DRIVERS_START_FAIL + retrycmd_if_failure 120 5 300 nvidia-smi || exit $ERR_GPU_DRIVERS_START_FAIL + retrycmd_if_failure 120 5 25 ldconfig || exit $ERR_GPU_DRIVERS_START_FAIL + + if isMarinerOrAzureLinux "$OS"; then + createNvidiaSymlinkToAllDeviceNodes + fi + + if [[ "${CONTAINER_RUNTIME}" == "containerd" ]]; then + retrycmd_if_failure 120 5 25 pkill -SIGHUP containerd || exit $ERR_GPU_DRIVERS_INSTALL_TIMEOUT + else + retrycmd_if_failure 120 5 25 pkill -SIGHUP dockerd || exit $ERR_GPU_DRIVERS_INSTALL_TIMEOUT + fi +} + +validateGPUDrivers() { + if [[ $(isARM64) == 1 ]]; then + return + fi + + retrycmd_if_failure 24 5 25 nvidia-modprobe -u -c0 && echo "gpu driver loaded" || configGPUDrivers || exit $ERR_GPU_DRIVERS_START_FAIL + which nvidia-smi + if [[ $? == 0 ]]; then + SMI_RESULT=$(retrycmd_if_failure 24 5 300 nvidia-smi) + else + SMI_RESULT=$(retrycmd_if_failure 24 5 300 $GPU_DEST/bin/nvidia-smi) + fi + SMI_STATUS=$? + if [[ $SMI_STATUS != 0 ]]; then + if [[ $SMI_RESULT == *"infoROM is corrupted"* ]]; then + exit $ERR_GPU_INFO_ROM_CORRUPTED + else + exit $ERR_GPU_DRIVERS_START_FAIL + fi + else + echo "gpu driver working fine" + fi +} + +ensureGPUDrivers() { + if [[ $(isARM64) == 1 ]]; then + return + fi + + if [[ "${CONFIG_GPU_DRIVER_IF_NEEDED}" = true ]]; then + logs_to_events "AKS.CSE.ensureGPUDrivers.configGPUDrivers" configGPUDrivers + else + logs_to_events "AKS.CSE.ensureGPUDrivers.validateGPUDrivers" validateGPUDrivers + fi + if [[ $OS == $UBUNTU_OS_NAME ]]; then + logs_to_events "AKS.CSE.ensureGPUDrivers.nvidia-modprobe" "systemctlEnableAndStart nvidia-modprobe" || exit $ERR_GPU_DRIVERS_START_FAIL + fi +} + +disableSSH() { + systemctlDisableAndStop ssh || exit $ERR_DISABLE_SSH +} + +configCredentialProvider() { + CREDENTIAL_PROVIDER_CONFIG_FILE=/var/lib/kubelet/credential-provider-config.yaml + mkdir -p "$(dirname "${CREDENTIAL_PROVIDER_CONFIG_FILE}")" + touch "${CREDENTIAL_PROVIDER_CONFIG_FILE}" + if [[ -n "$AKS_CUSTOM_CLOUD_CONTAINER_REGISTRY_DNS_SUFFIX" ]]; then + echo "configure credential provider for custom cloud" + tee "${CREDENTIAL_PROVIDER_CONFIG_FILE}" > /dev/null < /dev/null < /dev/null < /dev/null) + if [[ $? -eq 0 ]]; then + nodeIPAddrs=() + ipv4Addr=$(echo $imdsOutput | jq -r '.[0].ipv4.ipAddress[0].privateIpAddress // ""') + [ -n "$ipv4Addr" ] && nodeIPAddrs+=("$ipv4Addr") + ipv6Addr=$(echo $imdsOutput | jq -r '.[0].ipv6.ipAddress[0].privateIpAddress // ""') + [ -n "$ipv6Addr" ] && nodeIPAddrs+=("$ipv6Addr") + nodeIPArg=$(IFS=, ; echo "${nodeIPAddrs[*]}") + if [ -n "$nodeIPArg" ]; then + echo "Adding --node-ip=$nodeIPArg to kubelet flags" + KUBELET_FLAGS="$KUBELET_FLAGS --node-ip=$nodeIPArg" + fi + fi +} + +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImageKata/CustomData b/pkg/agent/testdata/CustomizedImageKata/CustomData index 102f9c5cf18..f15f80a3b4d 100644 --- a/pkg/agent/testdata/CustomizedImageKata/CustomData +++ b/pkg/agent/testdata/CustomizedImageKata/CustomData @@ -25,7 +25,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/9x7e5fauJL4/3wKjYdfOpk75pHXTDKX3OOAm/YJGH626dlsJusjbAG6bSRHkkn3dHo/+x5JtjE0r+7Jzh/LOUmDXCpVlapK9ZB//KE5xaQ5hXxRsz0vPHcGdvi7FXQvwsAZ2qNJ0HkNahwJYF7X8Ax8AuYMNGkqmvDPjKFmRImAmCDGmymjK8wxJY2ILtMECQQ+/wbEApEaUB8ULSgwrIQhGN8ABgkQFPAsihDnAF1jgcm80WgYBfg1FqBVm+FabUYZwAATUH/K0RfQBi9et1rPfgMxVbCaLg6M+m3Xt8MLezC2PV/xMraCiztjixAA5gylwDz/As5+zKHt0fnZAQRPnoApQ/BKYZjh9bJ1DEz0RRF0bxXFQX23WBUQSjgqoXmCUAraxQoxJajGUQxMDIxmhcxmbOwntMZpxiJ0AKAGU7GE7Op3a4BJdm3NERFgQZMYPKnVBqN+2HO8TnMFWTOh83yX4RWvLa9izICZgvptDnVXS4gU+xZwlGRcIGau9SGhc/BHzucxYDPiyKSZSDOxOW+tcz81/s0p2fUkSmgWm5hgYc5wgngjhSsU74JcLSQcFzBJ1upawK05bNZq6Y1YUPLimNKHDMUwEqEiIYwomeF5I73JcZqmJk2PmykUi1wSeKqpbipqSFQwkWMQ16JEoaWiJ1dI3Iav1SbvJ24wCT17YFu+3ak/Tfg0ZChBkCNgMmDyZ8qWP4H67SbsHeh0gNF+3Wi9NMDnqj7zLKYApsKcS19wA2AmKENLukIgWjBKbmqlidf/tZ7Bb7hAy0gkgCEuIBP5SGwKvET8hkSxsnA98WkMBXr2c/3pgnJB4BI9+xmoWVHGBV3yiOFUvHuntmJZ29L1nuMH3ui4TTiuH1iDwX6AHNFRuO7IPXf6G7alpWrUb3uOb70f2KHvS+8hhSpYhrZkGmMOpwny/Qvw7VvFW1Qmr4VjpAyvoEAAzZl0mCmj1zcAxrH6hTk4q9+OPefSCuzQ7nu274djb/QfH0Or15O/7s6q9PkXo8mgl7Mw8ezwIgjGesJ+ek+ZHXat/QjkRytqxpCcM5ZMdK1N9ifjnmSia4Vd2wv8qsstJ9sisskKM0qWiAglpQPMdSd+MBpKjIE38YP9BCZ0zkNBQ7RCRHBgWB/8Rte3G+W6XaWIXdhFTOAZjqBABjj09DBrku6YLiEmoVT3jrGMWGOJI0Y5nQnpmYycLZOA+u370SjwA89SslZnSnfkBpbj2l7o2X2ptx9D3/Yube9uS9WqizwI0f9r3hmSzhVieHYT9lw/XCCYSB9UQbqlwK4fXtjWILgIzy1nUFvzYNRvR5Pg/Wjiyv0ZDi23d7dTyzSsVqlLy/PvdqgSWsEE1NcwVU1hSLCbaBmHeBbOIE4yhsCrFmiDV6C+TQF49+7B59Lzd0/am0xXsLqu4vu3WnnAC5pFuctnGWnSTExpRmIzWqDoyuRXOE2R9oT7VJAj0R1PLBYtDLD+XrikJhJRk3Iz9/K10r87vTvwQwcYS8jkiSWlKIOZjWeK5URGA1tC1o7Hk24ekzlYQmLGU+X6zSyVvhrMEjgH8qwtA7d99OvDYghJb2plgk7U/PMEzs9xggxw8LESzF+1A3CQPMogH9A5JupbmMiv4VcsFuFVNkUJEiGOERFY3BjgGAR4uIWB+sS3vdDyfafv2r3Q6dlu4AQfQ6cH6oHtWm4gv5YK9y99MFynlAkZkvMFzZI4lIoUkhWOMQxjhleI8dr9sTCPfDr1pzvMJCQ05AIKDtrSXtotILMDYEbXB1Z5VmNIdOr/Kp0wQ8JQytXaqVPnECcolglAjARiS0yQNHyNFGikICczXxZMEcgNRWva2vTcS6fnWGHPcy5trzi4K0pj1G/740nojnr2naaq8P1Sohpgv5gecVwkCJJJ2h9Pelo8Brg3dNDYi8hAx0oe4jRZodgAu8f34ylPJiteYjLh0gHcH6sq0hwJR7M9pDGySNyVhGdpt4h5nSWcI17zPzjj8L3jWt7HsDuwLXcy/kvqNMUEspsw0qs9q51PBoMyBPPs/z9xPLvXqT89kT5Q30EgqDt+eHnRe7yyyuBXLFCpmUsaIwBJDHK6QZkaAKzo2NbUnJKKM3CGVt/2K8paH/lS3+p5ZD7yQ9ca2oXfBkZ9p2gMsFbREzQ0Z6CHUm6Ayo/1iaVZ79MkRkQz85s2P3kSxChFJEYkwogX06HAlBgH1TqHLPfKy4hMA0oKth/oioNRv3Vtu+evhdbbNMlCMLeBPbDHIy8IbVcG0FtgpxwDOSEBSpC0iHicZHNMSgK3xhWzHIks7bpODzN+lHUXia+UXW2h3RitlVw7fvhBxqsDO9jFSc5IBBMgHQqmhP8O+bJTf/rvLzLNO2uMYXQltfDTZ/ANcJSgSDxtqHBNIit1NTa/Qr40+QIvufEMfAONmH4lCYXxxHN4I0YzmCWiEWWMISIaxWKXzz99biRQIC4u9dAZMOrd0XA8cm03WKdgxrMKqQXqAY2Uxnxvkgu8D6Fl4g3+FslV1jtG3mkGFEuyfbU62P8MGPVdUjcq47kE5FBVl4zaDiXzU0w+ZFN0qrh4iokMkf521XoooUZB6fdQqEcv/jfqUUFjqTzFwIZmrKHu61H12bZ+GOWhJp2Zdsmhb3dlRh4M/LAMkceO2z/g4PaESDklPooyhoKB/55SwQWD6QcdjtvXKCr87AOAFdGeLYkrw44ZlKfigSKV4avaVhFaySOyP57kcSw3doahHSCZXedjx2LQHx4WgyLCM4aqIej2yGZNJ98fSWDPvnS6djgeTPqOGzrnoTx+9Wla0LyViZdYhk6/5K8aZmsWzRkwVKaaFwHzv03NshmjFY6Qmap9aHDE5M8deb/8lOXoByNsxMYGJoHQY5A02y1zieeh1CKB5jcq1jbAO9CM0apJsiQB//znmT06P6t98vWkz7VKzapjSFlJ/Q/s/seOKZGZBTLAMZknyKhJvVS61al8bWacNZXDyWlUPZxd5IJ6dRHJbc0enZfs57WSQ2qkyq+NXbgNYJTVXZvItMQisbaD3eAb1ZL7euYHlhfoetG93sh+6mh6lLieTpoUdTTdTVxROtq0CWWtKvQ8t957TjccWq7Vt73DFU48A5gPdb1lxKw/M4ZUqwUY9ZFv7NDlYzGjIvgcThmOhpDAuczi9j97yO7mspip+csC97F93QK/v68qD/e3d/SeePc4iy0JbfliCVU+O8qg9nlDPB9DJrDKUMD9sYK8w50Iw5aJ3j4Xv5Wr9EbdD7YXDkZ9x917tnEkwD+u8wJtdIUYUFUlYGag7tuetg7PcbvO2BqE3YFj6zKQmR547ttdzw4kJdZ/yqO2aApsF8aMkgTz+pSsLT8p5Z9IJBaJ5TdVwC+1cT9IrRYxBAWSA0NI8Axx0cNsLbULyy/K9L5ted2LsDcaWgdkZ9Rvd8FXm7bv9jTtVMZm6p6SyRFk0cLUtew9pd1dC/lasVXn4fBhlJcHq+fP8YJNLkp1cpB5pWqz+eAUTL/y6vRf+Qlzuq5TbWu4TiUpHV++DnsTayDNu/vhUKp9QnzSu+iOV68Lm9S/irDxNCd6lJe8WDbhqKf2uCqNe882QtbDVYeTeVxnZAWf6xGwLrgcEZTyD6Wg1K/NCufQ9n2rb4ej8zC4sMOe9TEPGu/3Vw5IVtdSzJnuKMRk1oSZoEsocKREunXJobigwJtoiUW4whB0wJKKuPqbixjT5tzYhzM/7zfKX8ZW/asaRca5nekehCmXa8Q740R4xXVPbkhFrHsKYygWnfvTm2/emPCKF15BDlbw6PaNUb/dg/CuGlJGiyWNQeuXV69OnaHOHBMBo3Id5w8SQaElJomR3uwotvzE16W7PRrxDUwhR69fSjG+W+Pf1KXA8vp2EHYHo0mh9UpRugtMYDeh2ba4GRJwPux6uvp6TpmC3ESaZxgXIz/wi+a51bfdR/djx7oj3tW9ugvKRWnbOx5tmPZGizgMPMv1x5Ynj8+LSd8Ox1bffrC1l14lYJDwFMpU/SKbozGcV5vEO54eIM3/3RqrM+3x5PhfYaqbbPeGdrm7vjeajC+f711vb75075yTKVI0ZzRLV893pkcyF9mTHH2YvLcHUgUVOeH5wOr7HTNHZ+qoq5MTYKik5lGeuzy5FUPrut6GHUlaXDsIA3s4HliBvduK1pOVJAgSoUDLNIECaS/3GOmtC41yPXOWwPnDE81SlqU8SnkyXWg3GfqSIS7UrRyaiU771RKY6+VLOETilGIiOhnB12+bTdXNrnC+/trgNLoC6xX0zvFOzm+DJzhCG/B5vl9mqMVp9QPgaLlCrEuX0myA3hDPtQPbD2Wi4Yzct6bRarQaLeMOGO3G818are1E65GCL+n/TqIPvYkbOENb7UBnh4g7DC2pqIghz0uqgXKBtef4H8Lg49j+TsY6xSRe0oyI/dY6IVh8rnnoS4YZ4h05w9RTckw1ayYQ2/WgMNLDgY5/wyORFIGO/lV7QCNolxOtKP5k4AydwN8jsEOXL0pNnSR4iUU1jLz37AQ+8zi+YDT/WSmX+jJ5c0dhbzKWSdxo6PjdyWjih+89p/eI40mv49Jelo7ImNEl5lH2nuFYnk4HHp7Umvz27S+G69k0IyLzCUz5ggod2ZRKsDFa0LO7D3rvItFemrcvE0ln/zyO2xFq/2K2fnmDzJetF5E5ffHquQnbb563EXre+gUhaRX8hjenGW+ulvL/vAbQXKzCTOCkmRGp/euLvXmM3H6B//juq/xB8rCaRQ1VEqz6jEtr4PSswBm5oe15nVatVrPGTl4A0PeUPDvwHNvvvGoVe1yBUJLqdMBPjfzyYYLJVeOnTeHtw9huqcvbyoGr60ZbiO9A57/Bf31qmW8+/+OPxu6/9b1L9VxfrfSxvKf+otWqbvtD2TiG/nWOvnL5+2hU+8OhqpbfqT/dZw0wxdJrIubyhNKrLDWAUd6tIPkYaIP2q0253iP7bofc896Q/PiB38mv627UW+X4DnbrfuBLplr3+ZFHFygpu7/oVqug7tnKLH8y2q9/bbx+0Wg/f9NovzZ+ArvL/VuarKoyH371w8oyutolJTAYjT7ImLEoPN5j70SM+3AVaVYVZeG3t+5Tayfd/lVfqN7B2I/BqDcCT+N/8+Tm2dv8GhwQC8wBJRECairAnJwJwLM0pUygGEBys6QMnVRFXutSt6pFlXuRG7tVteE7fWGHRMBc/bnLgl++fKHqv3r3D4FJqBNEXt6d3L9xR/nsZix5JKdRxhJgrmToCyPE8vxbxkqMIIF4Uw7yZgQbERNgIUTK3zab9zl+uyGYh2E1TkD7KEnmajvD65rTPt9d+NL/YzpViWS+z8VYVdQ+djVWXRC7wtGVBKSzWQGcw6WMqjegoCjaDrqYowvm+27EqvdZMs5UvWgJSTyV1Gu6cvwzTDBfoDhfaGMF8KQMozb7K9tMnjE0pVQApiP++GegByQvhMYIYALaYIlJJtCZpqqoYAEzAgZfZCKmXwkwGWiDJ8YjIrNdLyxlJH9laVujH4Z663LCxLWCwHZ7di+cjPue1bP9vWF28ZlMilO/53gdnWvBVMh/KotSpcUUMUxjHBl7etj1pzFm6iaIPEKqGO+MZ1vt6qIUuQW2AZSXIF+/fHkMUm+yNQ7evh3nRL59q3XNzO+rmAPMpfG3jd/OwLt3j8NIoBCIxCg2J+mcwRidjG/9ClFGlpBfqbeQYoiTmyKzXI+YmUZe5py7ESHV1vzfQCSdFtuBRo3vQVK8GWWahJrThEZXpyKs4nsM8l3M7WofH7VAVbw/ven9HcyuekfSCqyj8GvN1D3ttUIW+og5ILQaZE1vwBUUML/J+zP4ipNEgUxRvvHx2abmb4cqm1uRX94GMZmZZQPEJFTg2Q0lxV4fQMAFTR8/O7eezfnFO5CFAWy0Pf2PfmAPu8Fgu5P/iAW0vv4F9FtXEb7fKhU9X0dI69fudLsF6HcPyzO1IUMnoGMgEFFCUCQwJUC9zwMiGqO3BqhvBicHrhYgEu9+xVHzsYWnVvvRHp3/TwAAAP//+JgcJLs9AAA= + H4sIAAAAAAAC/9w7f3fauLL/8ym0Xu6m7V1D6K/ddi+9xwWH+BQMzzbZ19ft8xG2AN0YyZVkmtw077O/I8k2hhhIsn37x+OcNiCPRjOjmdH8kH/8oT3DpD2DfNmwPS88c4Z2+LsV9M7DwBnZ42nQfQ0aHAlgXjXwHHwC5hy0aSra8N8ZQ+2IEgExQYy3U0bXmGNKWhFdpQkSCHz+DYglIg2gPihaUmBYCUMwvgYMEiAo4FkUIc4BusICk0Wr1TIK8CsswGljjhuNOWUAA0xA8wlHX0AHvHh9evr0NxBTBavp4sBo3vR8Ozy3hxPb8xUvEys4vzV2CAFgwVAKzLMv4OTHHNoen50cQPDTT2DGELxUGOZ4s2wTAxN9UQTdWUVx0KwXqwJCCUclNE8QSkGnWCGmBDU4ioGJgdGukNmOjf2ENjjNWIQOADRgKlaQXf5uDTHJrqwFIgIsaRKDnxqN4XgQ9h2v215D1k7oIt9leMkbq8sYM2CmoHmTQ902EiLFvgMcJRkXiJkbfUjoAvyR83kM2Iw4Mmkm0kxsz9vo3LPWvzgldU+ihGaxiQkW5hwniLdSuEZxHeR6KeG4gEmyUdcCbsNhu9FIr8WSkhfHlD5kKIaRCBUJYUTJHC9a6XWO0zQ1aXrcTKFY5pLAM011W1FDooKJHIO4EiUKLRU9uULiLnyjMX0/dYNp6NlD2/LtbvNJwmchQwmCHAGTAZM/Vbb8CTRvtmFvQbcLjM7r1ulLA3yu6jPPYgpgKsyF9AXXAGaCMrSiawSiJaPkulGaePOfmxn8mgu0ikQCGOICMpGPxKbAK8SvSRQrC9cTn8RQoKc/N58sKRcErtDTn4GaFWVc0BWPGE7Fu3dqK1aNHV3vO37gjY/bhOP6gTUc7gfIER2F643dM2ewZVtaqkbzpu/41vuhHfq+9B5SqIJlaEemMeZwliDfPwffvlW8RWXyRjhGyvAaCgTQgkmHmTJ6dQ1gHKtfmIOT5s3Ecy6swA7tgWf7fjjxxv/5MbT6ffnr9qRKn38+ng77OQtTzw7Pg2CiJ+yn9z6zw561H4H8aEXNGJJzJpKJnrXN/nTSl0z0rLBne4FfdbnlZFtENlljRskKEaGkdIC53tQPxiOJMfCmfrCfwIQueChoiNaICA4M64Pf6vl2q1y3pxSxB3uICTzHERTIAIeeHmZN0s3QAnPBrsOYriAmodT7rrGKWGuFI0Y5nQvpooycP5OA5s378TjwA89SQleHS2/sBpbj2l7o2QOpwB9D3/YubO92m8P61R6E8W9/az+7NSTta8Tw/Drsu364RDCRfqkO/452u354blvD4Dw8s5xhY8OX0bwZT4P346krN280stz+ba0KalitbxeW59/W6BlawwQ0NzBVNWJIsOtoFYd4Hs4hTjKGwKtT0AGvQHOXAvDu3YMPrefvfupsM13B6rqK798a5ekvaBbl5wHLSJtmYkYzEpvREkWXJr/EaYq0m9ynnxyJ3mRqsWhpgM33wl+1kYjalJv5EdAonb/TvwU/dIGxgkweZ1KKMtLZeqZYTmSosCNk7ZU8eQZgsgArSMx4ps4FM0ulIwfzBC6APIjLqG4f/fokGUHSn1mZoFM1/yyBizOcIAMcfKwE82dtAxwkjzLIh3SBifoWJvJr+BWLZXiZzVCCRIhjRAQW1wY4BiE1t85Ibg3QnPq2F1q+7wxcux86fdsNnOBj6PRBM7Bdyw3k11Kv/qkPh6uUMiHDcr6kWRKHUl9CssYxhmHM8Box3rg7FubRT7f5pMYaQkJDLqDgoCPNonMKZIYAzOjqwCpPGwyJbvOfpSNmSBhKh05rVecM4gTFMgmIkUBshQmS9q2RAo0U5GTmy4IZArk9aIXaWJh74fQdK+x7zoXtFYd3RTeM5s1gMg3dcd++1VQV/l9KVAPsF9MjjowEQTJNB5NpX4vHAHeGDtp0ER3oeMlDnCZrFBugfnw/nvJ0suIVJlMu7fzuWFWRFkg4mu0RjZFF4p4kPEt7RdzrrOAC8Yb/wZmE7x3X8j6GvaFtudPJn1KnGSaQXYeRXu1p42w6HJZhmGf/x9Tx7H63+eSe9IFmDYGg6fjhxXn/8coqA2CxRKVmrmiMACQxyOkGZXoAsKJjV1NzSipuyRlZA9uvKGtz7Et9a+bR+dgPXWtkF+4ZGM1a0Rhgo6L30NCcgT5KuQEqPzYHk2Z9QJMYEc3Mb9r8pMOPUYpIjEiEES+mQ4EpMQ6qdQ5Z7pWXEZkKlBTsPtBVB6N549p2398Irb9tkoVgbgJ7aE/GXhDargyid8Du4+1zQgKUIGkR8STJFpiUBO6MK2Y5Elnac50+Zvwo6y4SXym73EG7NdoouXb88IOMWYd2UMdJzkgEEyAdCqaE/w75qtt88q8vMtU7aU1gdCm18NNn8A1wlKBIPGmpqEwiK3U1Nr9CvjL5Eq+48RR8A62YfiUJhfHUc3grRnOYJaIVZYwhIlrFYhfPP31uJVAgLi700Akwmr3xaDJ2bTfYpGHG0wqpBeohjZTGfG+SC7wPoWXqDf8SyVXWO0be/QwolmT7anWw/xkwmnVSNyrjuQTkUFWXjEaNkvkpJh+yGbqvuHiKiYyE/nLVeiihRkHp91CoRy/+F+pRQWOpPMXAlmZsoO7qUfXZrn4Y5aEmnZl2yaFv92RWHgz9sAzWJ447OODg9oRIOSU+ijKGgqH/nlLBBYPpBx1121coKvzsA4AV0Z4tiSvDjjmUp+KBQpXhq/pWEVrJI3IwmeZxLDdqw9AukMxu0q5jMegPD4tBEeEZQ9UQdHdku66T748ksG9fOD07nAynA8cNnbNQHr/6NC1o3km4SywjZ1DyVw2zNYvmHBgqIc0LgfnftmbZjNEaR8hM1T60OGLyZ016Lz9lSfrBCFuxsYVJIPQYJO3OqbnCi1BqkUCLaxVrG+AdaMdo3SZZkoB//OPEHp+dND75etLnRqVu1TWkrKT+B/bgY9eUyMwCGeCYLBJkNKReKt3qVr62M87ayuHkNKo+Th25oFldRHLbsMdnJft5SeSQGqkSbKsOtwGMssJrE5mWWCTWdlAPvlUUuatnfmB5gS4L3emP7KeOpkeJ6+ukSVFH03riigrRtk0oa1Wh55n13nN64chyrYHtHa5y4jnAfKTLKmNm/TtjSLVbgNEc+0aNLh+LGRXBZ3DGcDSCBC5kFrf/2UN2N5fFXM1fFbiP7esO+N19VXm4v7ujd8S7x1nsSGjHF0uo8tlRBrXPG+HFBDKBVYYC7o4V5B3uRhi2TPT2ufidXKU/7n2wvXA4Hjju3rONIwH+fqX7ATS6RAyo4hEwM9D0bU9bh+e4PWdiDcPe0LF1GchMDzz37Z5nB5IS67/kUVs0BnbrX0ZJgnl1n6wtPynln0gkFonlN1XEL7VxP0ijETEEBZIDI0jwHHHRx2wjtXPLL0r1vm15vfOwPx5ZB2RnNG/q4KuN23d7GncqYzN1X8nkCLJoaepq3J4Kbt1CvlZs1X04fBjlVcDq+XO8YJOLUp0cZFGp2mw/uA+mX3l1+q/8HnN6rlNtbbhOJSmdXLwO+1NrKM279+FQqn2P+KR/3pusXxc2qX8VYeP9nOhRXvJi2ZSjvtrjqjTuPNsKWQ9XHe7N4yYjK/jcjIBNweWIoJR/KAWlfm1XOEe271sDOxyfhcG5Hfatj3nQeLeNckCyupZiznXjICbzNswEXUGBIyXSnYsOxSUF3kYrLMI1hqALVlTE1d9cxJi2F8Y+nPl5v1X+MnbqX9UoMs7tTLcaTLlcK66NE+El1325ERWxbh1MoFh2705vv3ljwkteeAU5WMGjuzRG82YPwttqSBktVzQGp7+8enXfGerMMREwKldy/iARFFpikhjpzY5iy098XbrboxHfwAxy9PqlFOO7Df5tXQosb2AHYW84nhZarxSlt8QE9hKa7YqbIQEXo56nq69nlCnIbaR5hnE+9gO/aKBbA9t9dE92orviPd2SO6dclLZd82jLtLfaxGHgWa4/sTx5fJ5PB3Y4sQb2g6299CoBg4SnUKbq59kCTeCi2iiueXqANP93a6LOtMeT43+Fqe6l3Rmqc3cDbzydXDzfu97efOnOOSdTpGjBaJaun9emRzIX2ZMcfZi+t4dSBRU54dnQGvhdM0dn6qirmxNgqKTmUZ67PLkVQ5u63pYdSVpcOwgDezQZWoFdb0WbyUoSBIlQoFWaQIG0l3uM9DaFRrmeOU/g4uGJZinLUh6lPJkutJsMfckQF+pmDs1Et/NqBczN8iUcInFKMRHdjOCrt+22alpXON98bXEaXYLNCnrneDfnt8UTHKEt+DzfLzPU4rT6AXC0WiPWoytpNkBviOfage2HMtFwxu5b0zhtnbZOjVtgdFrPf2md7iZajxR8Sf93En3oTd3AGdlqB7o1Iu4ytKKiIoY8L6kGygXWvuN/CIOPE/s7GesMk3hFMyL2W+uUYPG54aEvGWaId+UMU0/JMTWsuUCs7kFhpIcDHf+aRyIpAh39q/GARlCdE60o/nTojJzA3yOwQ3csSk2dJniFRTWMvPPsHnzmcXzBaP6zUi71ZfLmjsP+dCKTuPHI8XvT8dQP33tO/xHHk17Hpf0sHZMJoyvMo+w9w7E8nQ48vFdr8tu3PxmuZ7OMiMwnMOVLKnRkUyrB1mhBT30f9M59ob00794Zks7+eRx3ItT5xTz95Q0yX56+iMzZi1fPTdh587yD0PPTXxCSVsGveXuW8fZ6Jf/PawDt5TrMBE7aGZHav7ncm8fInRf4j+++yh8kD6tZ1FIlwarPuLCGTt8KnLEb2p7XPW00GtbEyQsA+jqSZweeY/vdV6fFHlcglKS6XfCslV9ATDC5bD3bFt4+jJ1TdYFbOXB1q2gH8S3o/g/470+n5pvPf/+jVf+3uXepvuurlT6Wd9VfnJ5Wt/2hbBxD/zpHX7kAfjSq/eFQVcvvNp/sswaYYuk1EXN5QulllhrAKO9WkHwMdEDn1bZc75B9WyP3vDckP37gd/Mru1v1Vjlew27TD3zJ1OldfuTRBUrK7i660ypoerYyy2dG5/WvrdcvWp3nb1qd18YzUF/u39FkVZX58KsfVpbR1S4pgeF4/EHGjEXh8Q5798S4D1eRZlVRFn575061dtKdX/Wl6hrGfgzG/TF4Ev+LJ9dP3+a33YBYYg4oiRBQUwHm5EQAnqUpZQLFAJLrFWXoXlXkjS71qlpUuf64tVtVG77VF3ZIBMz1v+ss+OXLF6r+q3f/EJiEuofIyyuS+zfuKJ+9jCWP5DTKWALMtQx9YYRYnn/LWIkRJBBvy0HejmArYgIshUj523b7LsdvtwTzMKzGPdA+SpK52s7xpua0z3cXvvT/mU5VIpnvc/9VFbWP3YBVF8QucXQpAel8XgDncCmj6i0oKIq2gy7m6IL5vouv6p2WjDNVL1pBEs8k9ZquHP8cE8yXKM4X2loB/FSGUdv9lV0mTxiaUSoA0xF//DPQA5IXQmMEMAEdsMIkE+hEU1VUsIAZAYMvMxHTrwSYDHTAT8YjIrO6l5Yykr+2tKvRD0O9czlh6lpBYLt9ux9OJwPP6tv+3jC7+Eynxanfd7yuzrVgKuQ/lUWp0mKKGKYxjow9PezmkxgzdRNEHiFVjLfG0512dVGK3AHbAspLkK9fvjwGqTfZmgRv305yIt++1bpm5vdVzCHm0vg7xm8n4N27x2EkUAhEYhSb03TBYIzujW/zGlFGVpBfqjeRYoiT6yKz3IyYmUZe5pz1iJBqa/5fIJJOi9WgUeN7kBRvR5kmoeYsodHlfRFW8T0GeR1zde3joxaoivf3b3p/B7Or3pG0Auso/EYzdU97o5CFPmIOCK0GWbNrcAkFzG/y/gy+4iRRIDOUb3x8sq35u6HK9lbkl7dBTOZm2QAxCRV4fk1JsdcHEHBB08fPzq1ne37xHmRhAFttT/+jH9ijXjDc7eQ/YgGtr38C/c5VhO+3SkXPNxHS5tU73W4B+v3D8kxtydAJ6BgIRJQQFAlMCVCv7YCIxuitAZrbwcmBqwWIxPWvOWo+dvA0Gj/a47P/DQAA//+Snb3zvz0AAA== - path: /opt/azure/containers/provision_installs.sh permissions: "0744" @@ -62,7 +62,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKy+xu6Wkuw43sRbpYeWaIdrvZak0uaLe3loEpJRU6QCgH5sov/9Hjz4JvVI2u/u/c56zzY2ORgMBgNgMC9+95fOLQo7ty65OxhPBrpjjAf6r73W4V1EaOguIfgCqIsCoHrg5EiAjLWRnoM4OjjwonCOFjGGmr9E4YxAfHj0+QAAALw7dwGBqgP1GKgG/+8SdIE6Am/YD1Ban7XByBjPLN1cK/kmQfndOulnitGDS2E/iAmF+F1EKDk8AqK/5b2PMFBXoAOp1yHPhMKlL//tYOhFoYcCqK4ECpWNgbQJxA/Ig22/w3HQKPbuvhLBcVedf/LDNqNUIIPwD0AF3oKODx86YRwE4Kef9MnlwUdLQP52oIcPCEfhEoa0p1zPLnRHmxqOpZvvdVNO1ufSk7VywHAAIKjxaKCH7m0AtdC3qIspaCAPfPkC4BOioKWbpmN9sGx91LeHjmVrpu1casbwYJ1Jg43dkKxcDEP6Ll7AqbuA6UTpdp+1v7Sc/mR82VMSHs0JH7AQBTQHHz8yObDfTR19rF0M9cFaAX/pAUUBv/32d0DvYMgh2Q/07qIq8FvA0HbuIQ5h0FkuOzSjyrmLF3DlLmAH8uH7JVy7NepVunwLWp+LA1xzzHNUHdZAvzS1q91GlcLuNigfzrG72G9Mok2v3N+GEa1z698SQj4jcBAtXRRmC3Os279MzGve1LhyLo2hnk06XxghpI8Rvvfl/Cecch/vwYvO/7n5OHjXnz6c3vzW+TwP3EXv+O8ghE90Ddg7+ay7Buxf8P33oPNdRkQvjDovgNKqoUEpcZtAH6io1OGPvAtAyjhzfz1D0nkB6npI2JTOPJtMY/r+zBnMNL5y+tc52en1gEJxDBVQFoQKL87+ZF7U8uPsD+FHbjEkrEl3IoAh4XuQFAw1EYwmOEyeSRAtioL46K4uUZDtN+TRXTkE/Qs697e91iF8WmHQ+mz9ok05VY5l/LfujC7W4OYHcNztdo+yVkHkuRRFYU8Ru1JuDatDsS/7iNx33H/FGHYwJFGMPaiuXEyPq+s5ee+wNs7KpXe91uEchf4ypEANMVAjQF28gBSoFmgdYuj6AQrvgTrf0tfRUdoJxz3HUI7Wn4PW52rHa/CFT/CxD74I2fq8wiikoHW6fnGUF7yPH0Hrcx7pGqgLClqf82xdVwebbTu/oCAAMYHp+DmNYB5hzmQwRwFUiqJX4H0t/R0Gw1pme1xAYE3vRkji+Rx5CIZUdExWrgdBFJbooRHwMHQpzKg6Bxh+iiGpDpfxosyXH4FLKVyuKAoXDNvcDQJw63oc9cTivbTbbaVpGUi5+hfbJQocWNecDRFxfMiUgN4WOYkiukk41Cno/L+QBcmP3aXgj5hw1ilnGmh9Thm4/vaZL9Kd05LYHtM3dc1m2rU1u7w0+oY+tp2BYV071lTrN+6JYixWQg94ZIy7hYC4D9AHNDoHFSE5EHsMxc/e0nfQ3Jm7KIgxBCen4BU4ecUFkkFzFbs0rusKvpLClxsKV/aEvr6MfHDW7VYab6Vlec95/RWdbsLKkEXhn4RVVcld9Ai+gAWGX0V5os+VGoZRKCWPPIIu6HKdi+tHc0Ld28LhplMvp/PvdPfhStXWC04CtcLR03N2hxEz3D07Pd2xUZEc0chdUfZ/CV2mo/i28+YVx1bbewNojrkfR27oLiD+LWPiTuNMtLN3tj11pubk1w/OzBxamW5eq5pn0L26pgkFMJuxEoI7SlcOJ+UrEWjepxhheH7OMJ2fc1TgpmYgN8rfM3wbWJ6hHsC5Gwc0f8W82TziG2VPrm/pbCN39u4sdwNLZtrab6qtwsitr5lsUhiP9U3TTcrzbf1JE75h3H/GlG/g0bdO+niy+4wnsL1qs+0TFUbpIPZvXMuZRnL+6CloJP1rmF88DpQ6c9h9fAsDSDPzl5Jaz3aD7xx3VSY3We9KyWj2Qp9cvqg3m7GbYq8yH/rksnDsMkGcMvR9LT1z0RwgMnIxCiGeYI1p20MUxk9AaU2s8oXag5g6PiS0p3RigjvkzsWws7pHHc9VKY4JVcVdpOOG3l2ESaZSxivfpdDxln5PEb+rSRsBVNCDyx0xNSOQ3Xmuyl6jOWJK4NYuqrByNeW2YtucWbY+cPoau1lL/ab2/VoBX8CTixfkqKAMNQPfugSenQLVB28ZYDqytZCzvtb2MFWKetdsOmAqV19z+rppW7ynVja8zcD5Ge/HhEbLvtvPmFCjbUUr2mF0EcGeCAMEUAhahwR+Al3QOjxsfe7PLHsyYr3w8Tn9yWxsr4EKjo+Ojv4O/Ci7nUEvcDEEDy4O3SXsZS0ZfU7rM1qDinHwLxK6wrKMuE638MOeMVyMfRydH4WwwcCSsI6hSVbcdo5X8XhRSF22Uvwil9PHswAtUWrN70/GtmaMdXPgzIbGyLCdgTmZOsZYWGymmv2uV7s5ZP3k9gcCqRML/KmFWSigSuvzDl3xq1Wii3a7+7Tiu9iO4DWW/nRNVRBYbLopBi/Y/27CF0d8z8qb9YHvwmUUqhgGkesf7DEr169rvCqC3WzzxSGkkAjRypnFtKkh3QzT2cXQ6DvX+of8TJWbdtwVYnMEMV/HuWuBwp0W9chST1F6M9gJOnoMAY4ies7+s62JGM5/z0zd+Yc1GTcMgttX2r+TKCzTXmxZoljITxNMlc4KoFhhkIK/PmW6jRoy4OvZhT7Ubac/5FYGJjT62F43aTgbGpS2ktr58wIEQ9q+h88VVaueHLaJ7U9TsdUehCXbW5UwNvNGX3empjHuG1NtKJbhdtq2NtxMHlm16ROtsfPUy2MBn+pDL/KhOAu3Cbw1zbtZKhRIoMpgJMstvW/qdk9pHXouE0KJTTnarV0dmwoQnc7NTefm5uZm/YfhUxg+RZqdljmaxbpyKfjpJ6BPLiX7KotKbHaKF0Sxr5xzp5tmXnEpnMwGa+VH8Z7C0A2pkYDoY21sO0b2nsS3xMNoRVEUJlDW7MLqm8bUNibjPKzr+n0uqClg0yjrGlnQw5BuaSjYkzZO7N1XOIpXoqmpW5OZ2dedK3Mym6aQiXFKAA0nfY1Rn75+WNrPKyhevh859oepnmdBCOnYXcJ0+OMcDQR6MUb0mdOQQSXeIkvvz0zD/lCi56GA8r1h2jNt6MhGBSizOsYSuNMwZhzFFNrubQCznszJzNYdW7sYZgNcYbR08bP24KLAvUUBos9WnrqpaYw084OjvdeMoXZhDNlwrBwLJALLcwNY29Lqa0O90ITL5RRHD8iH+ML17qP5fBT5sh2X0ak5eW8MdNO50PrXk8tLZzQZ6BsRKOegoe16QysTUowgaW7smLptGrq1CYn+tIpCGNINWPRfp5Mx21Q3oBnEOBHTJjSDmSlkdwOafyBKId6A5B+GbetmLQrTpXDIVMua5qZm61xZ29zyn1NrU2Pnn1NrM4KL2LuHGwlwLmb9a307Hb9gROE2YpxfTMPWdyFpOzpBVxFjTKCw4vqGD0OK6LP+RGFIkomeWboz0sbalT5wjIE+ttkC03+19bGVm+iYQKwRghZhhscYiAUzs3TT0SzLuBrnceT22ZhAIyTUDT04gtT1XeqmfRtjy9bGfd0Z6bY20Gxtne6arn/hBqwRtu7jZPPUBs6FNmQtTMe6nqV9+Iiw3WYS09soDn1rrNm8j2KLgWGx7ceZzOyLyWw8cBhc0iN88oLYhyOXUIgvcbS0qBv6LvaHFxyV/mt/OBswdlm2bjqX5mTkMOIHmjlwhhfrdEcS0/fejYPcfnQ94sY3MWfvtdnQlhFEstnSfULLeDnMDduMA9iPYrmyR9qvxmg2ctiI0gGZM64xzbKlnXR/DZ+Tzu9fE6X69j3EUgoU5WAt45iEMqw+FeNrNu2JoAeUh5Map6oMeVA6m/asjq+A5rvAbrjEjrMDpkr0iOUkVgGhmGyIGsndEfiF5rrYdtPdJlV/9PF7w5yMR2wjzt11ivedRsQ5x2jp+rNbk+ptaFO7irYuIfXxew5XZ1TaiZCcfJXnI72sZFEuO0X0lOamhKY8M76w0yamT3FRb5qOJlyNk7FTg8pU7NCqcqPLManpyrQb5tyM1LBP2lZ6u5uPvWgpFrdkbRaHuIm1sp9dGVsFl9ahJrj9Qj/LHL4caldWT1XFkMBWQUp201JcX39spMagOif58UlXevQjf4WjWwhusRNCOkcBhbhoKxxN2JZ8UXaJs0t5vpGSXJ2XkR8HkKjsYG37nTxMzkWdo9SYcgWelEeQPM8b78U5kVwKpsPZFed5Dyh8D645HpYPoNUfG86FMXYGhskER2zXrKsAESpeJ9NomJ2SYPBIiRJIBUkp4CZP42Ro9D/IfcVzA+RFSl2wTRK5R75TlvySoNxi5C+gkv6di/9Uvlu82IMoGGwmi9vjm16GUcj5Cr7/voQjOZj5hpnR9j89OmkqYj8dcovCDrylXHCASkHoUqCqKbxYJ1KJk9Gv7PYZPEA/lbOAADWgWIgz5m9zkuvS+hezi9nYnjmmPtQ1S++1DgNy62AYQJdAoGKgSh9KOhXFBpKRx6/b3dNkPmohTrpbIU62QpxyiIbgZSNcRBiFizSiE0sOgU8xxM8gcSncxhTEhAEiSkCOH6W4MIHVvkMEIMI6BAQtVwEkFLirFY5c7w7QCDxG+N7FTKsGaYeIkBgS8IjoXRRTwLb8AFIYPIM4REzXDwKAaNbVRx5Oh+MwPUEkqvx0AS7LJPYjEIRAJTu0qJ3xrbKyUV6EKMKQFFwqUggTVcXWh/p0Ytpb9ROBx4YBXEWY+gdyWWz24tY5XhRwsMGPW+uqgU/Qc7hzotaRWzoCn6DHcxamEaE9sWDRKlmwU3A5MX/RzAHQ+n19aicOkoQfmmkbl1rfdizb1LWRMb7aypkgWhCHRg58gCElQNGurXbf0ttlzssHGqZo7nrUohi6SxQuFNDwonhM1lDG75zD4UGigRYDvnJ+nNymcDWdOePkwsMGU9h5yT1aOeED8pHr+Bg9QOzIVVAcfkEy+Oq7giHELo9yDaNQvZrOco4keRxzXyh7E0Y+BH4M2ap8PwLUXUifUaqkZ54tuUWPJw4jfaNRPeuwI5UYGi2DIhu5FvSLZvffObYx0icz+yDnLK+MpTKGNFa3mdQ/h0YxxTIcmDssLiYT27JNjXvKU/2Z0+KY+pVh2eYHmeRTDhbeWWZrnLImXCBC8fO7iFAFbAFICS+seI8Gbb/z5o06j7AHVXFUsz8eXdlnzRoHByGkbbR6OG2jlSOBQQ8cZ895xIkbBG35ls1gDuBsI4CgQv6jhnPVc4NATbcOBia04Y0KrxgdUFWxoVUSpPr2kJ2VE21QcL4ioroeRQ8QqOqnGEEK/Mi7h5gtzcMUzJGKBTjpgpdd3qkEq8nDGjiDSf9aNx3Lnky5cn20IcErJ+i75HQdbJl3ecyM+kwUpxPLsCfmB+eCKS5K63PN4/Pe0sPtJfJwRKI52+iX/E60O4b/6vAG1fWYroV3E8t2Rn1T3gHzS5GHMvidWsTrjkjFYwtVKZx5rUMf8TiL+o2g0vFaeMvqwgyamxyUHdu7tqqGGTSD1x2pbNRtEXx33unsud/8xsh2V8IXgvj6+ais4iBQfhQ+p+ABKr8lMVVi3xlHg3g1Cac4WiLixRd8JWYZOw2SK9qqYaT68Wo34S0pM1u7oAnkPugr57nsJlv0Il8QuB5WlwjjCCc6TwFKRGXUAzEVk4f0uB7u0CgKSCd6gDhwn2/9jjy52+RuK6hYzWpMIFbdBQxpm9wBfh3a2lQMgsfaqW5M73bvjvXhR48hv8hLXsxdcRTv2t5zvTu2BXH7DPvdQv+CVxfg5ckeSOATm1yIJR5JClN1vh4J+wO8eX32km0YiRFE5HE5XoShw3jN1kiMA6D+CqYzG7zgcXls2Z2/fvW31xL5zyHpOdJG872gzeHJLE89PkMebqPoe8KljB2LS5f2UgJfAHVSJ3N8QNkw0t9U6i3jWjGsb0hCd0XuIm64zpDknm4Q6WKnGwFyCBvWBlMpl1GYLb8BPxjTpZ2chdIrrv+q95NVawz1Xt1dRBytzfcQjpdNI9ucVfcqOYvzaer5vkeT2dgWFrj0iN69cy+ALnaWURxSZ4WjlbvgXk5nHrgLktEj++L20Qy5wNYRwV85R0IxNvGYaRTdYvihCJAhoFVGDOryuX7/BF60X4CfasC//x7cYuje15lVeCctBFRGxEm3W4t7i37ckP5FAghX4Ljca010Y1UFy+lE29SwzerTwMkdwgV1rPnMqVPsUoUuPW1y8s6zcbceZf6dt3o42+Ec2920i1ZnjlSSNxh21wcHC0inIsxhjDxjmtnD2LYnZspGS9g7zj1duk8yuKB33M09R73CX6ueIn09j3cogDwpEQE1oKCVYeB3oLxsr3qtQ7EBE2sI1HdASfy650DcdLn6c97pHJ+9aZ+8Om3LfztLCScO2dCDSbp6B4UU4rnrwZ/dFVIfhHOyd9I9OVa7J2r3mN0Kf/8EVAxetD92f0suNJrvY0gIeyIrLBjJs0q6Jb/+oZXCpLL1M1813fr8ysYVJ5ZFK+V51kOvdXiI/pokD6frRF530UoRM8lvyNCCwdzi3vRr4TzgZphwsTFAemvQaOK4SKLZTOO9ZutbQ0el/0KGj97DZ6UOGw8d3B0Nj0LleKIVDAkJwAKGmLhAjWIKWltIBSfd09eF1hh+AmoIH4H69Kr7Bqi++0zA3152u0C9h8/bEdZ2m44JqCS+/R0onf6YZ2rI6ixrBaiu78MnykOxfoce1YRPvzcYW+cFyGLQb2FWC44SdrUQpjEnT40xvuLkGJdGnxFuTmwZJsbzauodn7IShehMmH/DBcilGgAcUX7cAUSA3H39H8EiM9QQGMxVEdhRi+AR0btkEjJz7h5ynEvYpzEOQbfg+t2FBc5Qu9CHPSWTuHbicUg9kKqkXfXcnicK2ij/xmtCKL1AnQNyF8WBn5yMjmzgyOE4ualwkrkU+oqMZNmFgTyrvXIiOWHElDJKwHGXqTBdcOuSO6B6T19DVOZD4VtrCEG3QVxZ9zzrGviQQrxEIWTtdpJiQRi4hakwg9tnbhZdRVGQM4gWFZ/hZHI9mzr78MyxtavaIIV9kGyMWvi6xVsz3hJGXnKIb0MMX4Kfq7vADVObsktACKEPfaXi+RfO7pwvnT/oqConCKpCnAspTT02xs0Q/Iqa89d/a9RHTeRHTfhCPj4iy6raAFS0PnOd4wWag7YYkj20LqKIEordFaONewIYWfUA4l7OtWvQBjD0X6TYjyoDycVgJEKXzer/6JZdkahl9CA8FD4EgXsLg+JRunnnVnJHwDJ6SA7HceTD4b64qjl6+y0jWWpKaRyiqtKAcMFVeakItmLEs6SA1z18Fq/mOFoW11fDSC8DdwGUEuZeozKyA5YyLb1t+s//l8vOh8FhmwaEieYlCuDRi9ILWcHuGj6nr79qcbm+//XizTha3kld3/9mKc/7oSWyVJFMUA30Sx5JmrNYFIOSagpaSIj0VCNw+QBxP1quXAyBEAxzrNu65bzXTcuYjM9VpdvutrvKGijH7ZM37W45I3ezX+w6jRKjOa4YUybRCqh7WpPVUzycSmcTN8TnhDrPl7VSg0XY3XXTsfrv9MFsyOS+JwT+7W6YijE5vZognbf7kWSMtCs9NzD+9/5o+JWES1GeS7mnu6DMpXeJ9J5c6CqHk0mW9TpNc5PeFnxbCZNX8frQwBr4dLU4fa0hi0umublZ4mSDoyqPZp3kb+XDMnnertkYhpm1bRhDDqDuusjTeXTHHlpO6lKaGuOr4nYNvnxJ564A6tiTa31cM2kJ+xj0/tGeNCC3icJTCvXcwMdSfyk7ayNEC4BbwkPrYUuxoQWg/QNDi2xNQkMZd5Lw0AcXdwJ0m3Csk3unqim7NjapgyrElX69iJTmX9MGaRpXTznzXXh6Mn+tnr48e62env3ttfrmdD5XX74568KT1/Dl2ctuSZvgwiYDv+socFgPUjHRplPHGNSrFQVC9kNYZ6uTLbNWbP7ydTN34vk2ad7WS71ob29VkXPhxN6joRT67S1qVoC7QjI/5Bw8HB/co9A/B8JFdyDtK+T8QAWMC+fCmCwfHwAgfzs/SGpoSE2c+zkjjOjzOdi0C8s8FHadOgeZH71ce/f89PTlQUwKlCTmoHQmD4Sr6VyaXaB3nilpuTHKLGdGIAwpEgmb7fvXpI2izkPmBvGi5dJlvBCeTV4VML8Dsj9yC1ygzXrEC5L1r4I8lckzVQ3hE1VXOKJRz70nagFjAdB1RQhojD3ITtbc8llnKzSkEAsHzSjy4TkYwwc+S+JHJgTJItBGOI+ECf/Ai0IKnyjnrfxdTqic3fKsS0bXToGYnBxfBMIDL8YYhjT5uw4k2fFErPReB9ufvPL3XPL7r/U9Fvl/Vjfj9D0MzxvF499QonNmjK0Surtc7iSNu8rgVsn73yxv6fadCZl4lLdsnu9WOEM2vIfP59tLgHy1qKYUV1nZKKF1QDk9s+JeNGdj2xjpiRVH1GOQUpudiqlnn2T3hruDGmW8GV2tLOW/tPAd/18WpW6kUeqqD47PXrfPXraPT960j8/YKqHeCqiqzz0vr7tA/R2wO8BXNX958urkLMUgY+HZYZp56Xutw92sIiXvvgJKD4QtSx9bTIszRgOLHfK2afS5vWj/C5uM+0NLnzDtgWLkcWUnu7s17CtbSEj3mXSP2dqg5h68WxspQluBd7/bJeUixkbfYZP3OT+Xa6UILG9b5X576T2s/KaMwBhbumlXCefp3PbEGWnjq6GsldFrfd4HXH6SIpfS1CqYythF8AcFLd0FVD0MeTK/G6hJYrjMcFR+4EESe7W8RaHqI6z80JS/1E/c4yBrniigmAdV3Ub0Dmyjjdvkt5KReLwwBGQFPTRH0AcoLDq5lD0tmIKAftprkomexPNX3+zZgYw9reuh8VV9+f9S/FLipyhEGqUW6ZowXEuGDs540bqt8VFJpKEqity1KVpWwuvH2tR6N7GTKnd1vY7QYupiitiOlHz7ZuO3aJZowav28xa7f4GmqdlxV+WvcDRHAdz++Zk98Oy+F11NZ1ldDBkz3hMpSOXH68wk1DQzBRJz88sTLtJ5lSkWBRW0lHXyRhV/qO59LnCyySxSwVc9H+pgagrSNYKlhcRSgKYs+EYUGyuVF1NSct6Y16QfhRRHwTRwQ5gP72mZOrt4mPo/Z4apD4QxVmmNJ2nJEZ4UXW+IExEyeb1rYyAh35379hCcvM0ES+pxKgrnUWmxv7aYrjU2xldp+Of64EAU62f7z8gN0RwSOkC44GgaaWPjUrfsgWH2yprrUrYhRVloldqxjh4xEv2IY6DQhZgY3sFdtISdVhoJ3Gmz3kqAYkEUGnZyd6MiGSlITvhaRVy5eoFZz+fZr3WIdgTPoWcy/bdutx5ZmtFe0zTnbhUif6CqavlSlb9Hbb8yqSJY80ZpyVqj0hF5oxSuSzlq5GUpvVrcKK2kEM4/B+ObXa7XlSbZvaX4SnX9JQo5QFNn5UtMBaJwySzd6xp723TPy1iWY0qVddk9r7bBtf7hRjlgimnTTKtPWSihNMtpMY2I5wYQa77PDka5dPrDGR+FNrMnvM6Z6WiDQSGCPV8Nh7Vl10yxQ7gpUtWHqyB6ZodP+9ldBgf5kjvky09iSMbg7RfpyW9tqK6X+eC/LBTQ2khifUcW9HboSZTj+5beSHxbGFOxtOC3YJaVDXPI0+qG34IWLzKExbp7e2FNpUvrG/0oDKFHo5JgaX1e42Gs9+2J6fRNnVf10oZWr3XIP2czB8rnG0UKhn+jMDH/L3Kj/AiSp6KmYvFNUvGx+LRY57H4ThiuBwhzIp/10F9FKKQzHAi4xJ4TRAsUZmmQURigkAeI3ig/3qS1GuX3LBqxLPl7vg6yCNNaQq6wu7pLyiMmRCdoFuxl+xGFfvRI2iGkEgf5FIzSHnYhwoswzOM5f316+lIiW7hBADdwRL6vDGT5TRR0bpS1ApRNG8DG12LVMpB0RXD44trLa3CPoHt0UBsKfg+fASbu+Wn3zZmMDQ8jH5JCiPjLs1ciRDyKaYPdzfUQO0fEOmCg7RVcioDxXRqwZ6JFEkPem1kdy+71tc6w94Awjd0gseJOKg9m5Sf9cemJUrMkr/UPvdah5NFew3qUn2QrLXHdtPdDmA37MZmgIsrtJ1ER4bZDCEOfvP3Satya+M7XREJ1Kx27S/j2S2kf3QsH40CVIN2098JyD58rSK71D5txZFs4W93TKEDec2kH52E2IhZpl6lgeNQVR7RtJnC67b390slv3qRTXsidQpVc0qlldz2l2RivprMBr6lRrjjVmnCbVEuW0plY3JJfU2qq8ImBzy63d5IfF6t4Xa0PlcvNFobppERUmqmm1OcMeRQDNQTCZyzsU2DFrmSt8XtjYGjOwDTe66aI6zqve5jGnOcuhJXr3ytw3OU3BRmtD5RW3zad1DgwHDr90WC/TsFiFSdVezowpPiZHwxtcpdYnZQyXb3Wz4VHCf8wpCJjpdvApuwWc5kmAiR9X01nQJRP+ZFfXFG4KHzjrxrZz4YtRmOVk/BqIkIapokAvOTX/ND7ysmqpE9mkyNzD79tfpJZAP9rpkGmaeIl+kqWS3w8LGD3T8ckefPZnpILlOCjH/MqPml1DjuKgnuUK9nGjWsCaMqu34TC0OOhFalTt/xdkYjwrSqMKCDxiqe7+8ClgN4hAihawjYg92i1koVzClteKZ3luGDs3WgeEuWI1DTdVI2B6nWLNqEN89aM+2W3myAnS/QHIDx5BQJf2vZ3wfYVXwziRi4xa9bzMkDhvR1pQTDgH60cM62x4u78thNh42hX9ygIgGoZV+9m08Yc6Pzok60jn7dd2HT26E8svT07E9HoD26AfJfC5iP5EBHNHJ2dHjEW1X62N2/j3GqDbRDi779P0mJWsdyqAFvW0Ofl9cqLaGcZfbxD3l1OuPMj+5mNqCZf2BoZjqlbs6Fdn2cnxlJcNEfVCdwdTYsPQLds7ggvI5UizNBZtmbPrOSIkMPIXrDzoWY8OThBj/T7hfPInIwAIsCLMI5XFPp1rr7qwWCMLyeOORk5/Ylpzqa2Ptjw1dldj5R0+6+kAuVE4jHC92xTnaMQKpWkij9UiPO7xaVxlSPfMS6dsa4PRF5NUjturwSKjNJ25XyoCHuVLzsjry5vBVSfVT/Bv6sivjMhpWWvAKXJu1WB3HWpFyuOWu+qHs6BeMe7ilaAkLtSVQmZCWpZ73IW24p7NrPWpnfVrBD8xpCvZhd4di9rKqq1ua+qL25rg4NSHYVKse+aolaDseXwDzX/2ljT1NsaE+Dxj8cB8TWZcvTZVrK3RKPdFxz7uYBf6T6ozKZ0KCQU8nDexK3gerguIkHMk0u9O4PfNpIIYBUoP7SzUkRK3WMvrH3sw9rHMck/3neKROEKkR3Wd707mHwR5Bwox92leF8Imk7Hmgy1nfCzGDmdj3tWN1XpLwb7/gEFG/cRNFmJBCASBS5T0QuFBP4jdLsIXaUY4b+DVGUR81iWWpQl4aq1E89bewhbfSTvLuLGU7QlUwCBlF2xyX/kbCc5+/fYoYT6UJe7mimTS59MYrqKaVYuCajvQForiauCqhpG4svTyg8KUNWl+6RStITg1Z9SROkkJzJHxetNQz2kkI9M831Meoe5kkqrh1P2MMnubmXD3btSE+h0gKLk6jWltZpEH4qoDJ6j5K+9w9zrAlVnO1N19tVUnW2m6qxElQTBi17r0Li0ej+Cv6fBS7nmH3/4ba0cgZrkuhRBfeKcTLsVWewq94KpaNXLmgEaNVUqqCv8UQz7rEOolC9iYj18p08u/28AAAD//7CdAjYLjwAA + H4sIAAAAAAAC/+x9+3vbuLHo7/4rUK7Oxt4uRdlx3MRdpaUl2mGtV0kquznxXn40CclYU6QCgH400f9+Pzz4pl7J7rm956v7dWOTg8FgMBgMZgbD7/6k3aJIu/XI3cFo3Ddcc9Q3fum2Du9iQiNvAcEXQD0UAtUHJ0cCZKQPjQLE0cGBH0czNE8w1IMFiqYE4sOjzwcAAODfeXMIVAOox0A1+X8XoAPUIXjDfoDS+qz3h+ZoahvWSik2CavvVmk/E4wePAp7YUIoxO9iQsnhERD9Le4DhIG6BBqkvkaeCYWLQP6rYejHkY9CqC4FCpWNgbQJxA/Ih+1A4zhonPh3X4nguKPOPgVRm1EqkEH4O6ACb4EWwActSsIQ/PSTMb48+GgLyF8PjOgB4ThawIh2levpheHqE9O1Deu9YcnJ+lx5slIOGA4ABDU+DY3Iuw2hHgU29TAFa8gDX74A+IQoaBmW5dofbMcY9pyBazu65biXujk4WOXS4GAvIksPw4i+S+Zw4s1hNlGG02PtL223Nx5ddpWURzPCByxEAc3Ax49MDpx3E9cY6RcDo79SwJ+6QFHAr7/+FdA7GHFI9gP9u7gO/BYwtNo9xBEMtcVCozlV7l0yh0tvDjXIhx9UcO3WqFvr8i1ofS4PcMUxz1B9WH3j0tKvdhtVBrvboAI4w958vzGJNt1qfxtGtCqsf1sI+ZTAfrzwUJQvzJHh/Dy2rnlT88q9NAdGPul8YUSQPsb4PpDzn3LKe7wHL7T/c/Ox/643eTi9+VX7PAu9eff4ryCCT3QF2Dv5rLMC7F/w/fdA+y4nohvF2gugtBpoUCrcJjAAKqp0+CPvApAqzsJfz5BoL0BTDymbsplnk2lO3p+5/anOV07vuiA73S5QKE6gAqqCUOPF2R/Mi0Z+nP0u/CgshpQ1mSYCGBKug6RgqKlgrIPD5JmE8bwsiI/e8hKFub4hj97SJehf0L2/7bYO4dMSg9Zn+2d9wqlybfO/DXd4sQI3P4DjTqdzlLcKY9+jKI66itBKhTWsDoReDhC517x/JRhqGJI4wT5Ulx6mx/X1nL53WRt36dG7butwhqJgEVGgRhioMaAenkMKVBu0DjH0ghBF90Cdbenr6CjrhOOeYShHG8xA63O94xX4wif4OABfhGx9XmIUUdA6Xb04Kgrex4+g9bmIdAXUOQWtz0W2ruqDzdXOzygMQUJgNn5OI5jFmDMZzFAIlbLolXjfSL/GYFjLXMeFBDb0bkYkmc2Qj2BERcdk6fkQxFGFHhoDH0OPwpyqc4DhpwSS+nAZL6p8+RF4lMLFkqJozrDNvDAEt57PUY9t3ku73VbWLQMpV/9iWqLEgVXD3hATN4DMCOhukZM4ppuEQ50A7f+FLEh+7C4Fv8eEs04500Drc8bA1bfPfJnugpXEdEzPMnSHWdf29PLS7JnGyHH7pn3t2hO9t1YnirHYKT3gkTHuFgLiPcAA0Pgc1ITkQOgYip/9ReCimTvzUJhgCE5OwStw8ooLJIPmJnZlXNc1fBWDrzAUbuwJe30RB+Cs06k13krL4p7z+is63YSVIYujPwirqpK7+BF8AXMMv4ry1J6rNIziSEoeeQQd0OE2F7ePZoR6t6XNzaB+webf6ezDjaqtB5wUaonjp+f8DCNmuHN2erpjozI5opG3pOz/ErpKR/mt9uYVx9bY+xrQAnM/Dr3Im0P8a87EncaZWmfvHGfiTqzxLx/cqTWwc9u80TTPobtNTVMKYD5jFQR3lC5dTspXItD9TwnC8PycYTo/56jATcNAbpS/5vg2sDxH3YczLwlp8Yh5s3nEN8qeXN/S2Ubu7N1Z4QSWzrS931TbpZHbXzPZpDQe+5umm1Tn2/6DJnzDuP+IKd/Ao2+d9NF49xlPYbv1ZtsnKoqzQezfuJEza8n5vadgLelfw/zydqA0ucPuk1sYQpq7v5TMe7YbvHbcUZnc5L0rFafZC2N8+aLZbcZOit3afBjjy9K2ywRxwtD39GzPRTOAyNDDKIJ4jHVmbQ9QlDwBpTW2qwdqH2LqBpDQrqIlBGvkzsNQW94jzfdUihNCVXEW0bzIv4sxyU3KZBl4FLr+Iugq4nc1bSOASnZwtSNmZoSyO99T2Ws0Q8wI3NpFHVaupoIqdqyp7Rh9t6ezk7W0bxrfrxTwBTx5eE6OSsbQeuBbj8CzU6AG4C0DzEa2EnLW09s+pkrZ7ppO+szk6uluz7Acm/fUyoe3Gbg4472E0HjR83o5ExqsrXhJNUYXEeyJMUAARaB1SOAn0AGtw8PW597UdsZD1gsfn9sbT0fOCqjg+Ojo6K8giPPTGfRDD0Pw4OHIW8Bu3pLR57Y+oxWoOQf/JKFrLMuJ0zqlH/aM4WLs4+iCOIJrHCwp6xiadMVt53gdjx9H1GMrJShzOXs8DdECZd783njk6ObIsPrudGAOTcftW+OJa46Ex2aiO++6jcoh76egHwikbiLwZx5mYYAqrc87dMWPVqkt2uns04prsR3BGzz92ZqqIbDZdFMMXrD/3UQvjrjOKrr1QeDBRRypGIaxFxzsMSvXrxuiKoLdTPniCFJIhGgV3GL6xJRhhsn0YmD23GvjQ3Gmqk01b4nYHEHM13HhWKDwoEUzsixSlJ0MdoKOHyOA45ies/9sayKG899Ty3D/YY9HawbB/Svt30gcVWkvt6xQLORnHUydzhqgWGGQgj8/5baNGjHg6+mFMTActzfgXgYmNMbIWa2zcDY0qKiSxvnzQwQj2r6HzzVTq5kcpsT2p6ncag/CUvVWJ4zNvNkz3IlljnrmRB+IZbidtq0NN5NHlm36RBv8PM3yWMKnBtCPAyj2wm0Cb0+KYZYaBRKoNhjJctvoWYbTVVqHvseEUGJTjnZr18SmEoSm3dxoNzc3N6vfDZ/C8CnS7bQo0CzWlUfBTz8BY3wp2VdbVELZKX4YJ4FyzoNuunXFpXA87a+UH8V7CiMvomYKYoz0keOa+XuS3BIfoyVFcZRC2dMLu2eZE8ccj4qwnhf0uKBmgOtG2dTIhj6GdEtDwZ6scervvsJxshRNLcMeT62e4V5Z4+kkg0ydUwJoMO7pjPrs9cPCeV5C8fL90HU+TIwiCyJIR94CZsMfFWgg0E8wos+chhwqjRbZRm9qmc6HCj0PJZTvTcuZ6gNXNipBWfUxVsDdNWPGcUKh492GMO/JGk8dw3X0i0E+wCVGCw8/6w8eCr1bFCL6bBepm1jmULc+uPp73RzoF+aADccusEAisH0vhI0t7Z4+MEpNuFxOcPyAAogvPP8+ns2GcSDbcRmdWOP3Zt+w3Au9dz2+vHSH476xEYFyDta0XW1oZUGKESTrG7uW4VimYW9CYjwt4whGdAMW45fJeMSU6gY0/QSnYroOTX9qCdndgOYfiFKINyD5h+k4htWIwvIoHDDTsqG5pTsGN9Y2t/znxN7U2P3nxN6M4CLx7+FGAtyLae/a2E7HzxhRuI0Y92fLdIxdSNqOTtBVxpgQKLy4gRnAiCL6bDxRGJF0oqe24Q71kX5l9F2zb4wctsCMXxxjZBcmOiEQ64SgeZTjMftiwUxtw3J12zavRkUcBT2bEGhGhHqRD4eQeoFHvaxvc2Q7+qhnuEPD0fu6o68yrekFF17IGmH7PkmVp953L/QBa2G59vU06yNAhGmbcUJv4yQK7JHu8D7KLfqmzdSPO546F+PpqO8yuLRH+OSHSQCHHqEQX+J4YVMvCjwcDC44KuOX3mDaZ+yyHcNyL63x0GXE93Wr7w4uVplGEtP33kvCgj66HnLnm5iz9/p04MgMItls4T2hRbIYFIZtJSHsxYlc2UP9F3M4HbpsRNmArCm3mKb50k67v4bPaef3r4lSf/seYikFinKwknlMwhhWn8r5NZt0IugC5eGkIagqUx4UbZPO0gIFrD8L7IZLaJwdMNWyR2w39QoIw2RD1kjhjMAPNNfltpvONpn5Y4zem9Z4NGSKuHDWKZ931iIuBEYrx5/dmtRPQ5va1ax1CWmM3nO4JqfSToQU5Ks6H9lhJc9y2SmjpzI3FTTVmQmEnzZ1fYqD+rrpWIdr7WTs1KA2FTu0qp3oCkxad2TaDXNhRhrYJ30r3d3dx368EItbsjbPQ9zEWtnProytg0vv0Dq4/VI/qxy+HOhXdldVxZDAVkFKtWklr683MjNnUFOQ/PikIyP6cbDE8S0Et9iNIJ2hkEJc9hUOx0wlX1RD4uxQXmykpEfnRRwkISQq21jbgVaEKYSoC5SaE27Ak+oI0udF573YJ9JDwWQwveI87wKF6+CG7WHxAFq9kelemCO3b1pMcIS6Zl2FiFDxOp1G09IqgsEzJSogNSSVhJsijeOB2fsg9YrvhciPlaZkmzRzj3ynLPghQbnFKJhDJfu7kP+pfDd/sQdRMNxMFvfHr3sZxRHnK/j++wqOdGPmCjOn7X96dNJVxH40cosiDd5SLjhApSDyKFDVDF6sE2nEyexXdvoMH2CQyVlIgBpSLMQZ87cFyfVo84vpxXTkTF3LGBi6bXRbhyG5dTEMoUcgUDFQZQwlm4pyA8nI49ftzmk6H40QJ52tECdbIU45xJrkZTOaxxhF8yyjE0sOgU8JxM8gDSncJhQkhAEiSkCBH5W8MIHVuUMEIMI6BAQtliEkFHjLJY49/w7QGDzG+N7DzKoGWYeIkAQS8IjoXZxQwFR+CCkMn0ESIWbrhyFANO/qI0+nw0mU7SASVXG6AJdlkgQxCCOgkh1aNM74VlnZKC9CFGFESiEVKYSpqeIYA2Mytpyt9onA48AQLmNMgwO5LDZHcZsCLwo42BDHbQzVwCfouzw40RjIrWyBT9DndxYmMaFdsWDRMl2wE3A5tn7WrT7Qez1j4qQBkpQfuuWYl3rPcW3HMvShObraypkwnhOXxi58gBElQNGv7XbPNtpVzssHOqZo5vnUphh6CxTNFbDmRXmbbKCMnzkHg4PUAi0nfBXiOAWlcDWZuqP0wMMGU9K85B4t3egBBchzA4weIHblKigPvyQZfPVdwQhij2e5RnGkXk2mhUCS3I55LJS9ieIAgiCBbFW+HwLqzWXMKDPS88iWVNGjsctI3+hUzzvUpBFD40VYZiO3gn7Wnd471zGHxnjqHBSC5bWx1MaQ5equJ/WPoVFMsUwH5gGLi/HYsR1L55HyzH7mtLiWcWXajvVBXvKpJgvvLLMNQVkLzhGh+PldTKgCtgBkhJdWvE/DdqC9eaPOYuxDVWzV7I9HT/bZsMbBQQRpGy0fTtto6Upg0AXH+XOeceKFYVu+ZTNYADjbCCCokP+o0Uz1vTBUM9XBwIQ1vNHgFaMDqioUWu2CVM8ZsL1yrPdLwVdEVM+n6AECVf2UIEhBEPv3ELOleZiBudKwACcd8LLDO5VgDfew+m5/3Ls2LNd2xhNuXB9tuOBVEPRd7nQdbJl3uc0Me0wUJ2PbdMbWB/eCGS5K63PD4/PuwsftBfJxTOIZU/QLfibaHcN/abxBfT1ma+Hd2HbcYc+SZ8DiUuSpDIHWiHiliat4bKEqpT2vdRggnmfRrAhqHa9EtKwpzWB9k4NqYHvXVg3aYGoNuq1DZiy/IH/X/q49nGh/P34Bfvrpp30ViqYcNWYyrKeoaddmjG2L/L5zTSsgKpHMZvZXxgZvKWIriK/Hj8oyCUPlRxHDCh8gB4ofIMYogPxGiNzj0tQtod5GcT9ZjqMJjheI+MkFX/D5xaA1C0S0VaNYDZLlbmukYjNt7YKmkPugr5kNsptct4hricDzsbpAGMc4Na1KUCL5oxmIWbI8c8jzsUbjOCQaY3PoPd8GmjQQ2uRuK6hQGmpCIFa9OYxom9wBfura2lQMgqf0qV5C73bvjvURxI8R9xdIXsw8sePv2t73/Dum6bgbiP1uo3/Bqwvw8mQPJPCJTS7EEo8khcvnVyNhf4A3r89eMr2U+lrEdTHXjzF0Ga/Z0klwCNRfwGTqgBc8/Y8tvfPXr/7yWiL/W0S6rnQFfS9oc/mdmacunyEft1H8PeFSxnbfhUe7GYEvgDpukjk+oHwY2W8q9RdJoxg2NySRtyR3MfeP50gKTzeIdLnTjQAFhGvWBrNcF3GUL78+33+zpZ1uuTL4bvxi9NJVaw6MbtORR+zg6487HC+bRrYHqN5VuuUXb8MX+x6OpyNHOPoyS2D3zv0QethdxElE3SWOl96cB1PdWejNSU6P7Iu7YXPkApsmcswK8YpyCuQxM1w65SxHkYdDQKuKGDRdG/vtE3jRfgF+agD//ntwi6F33+S94Z20EFAZESedTiPuLWb4mltmJIRwCY6rvTYkUdYtvYLptc3a22yl9d3CRlyy+tbvOU32Y2Y3ZrtNQd75pd+tW1lw5y8fznbYx3b3IKPlmStt8Q3+49XBwRzSicimGCHfnORuN6b2xEw5aAG7x4WnC+9J5jB0jzuF56hb+mvZVWRI6fEOhZDffURADSlo5Rj4Uaso28tu61AoYGIPgPoOKGn4+ByIAzU3gc417fjsTfvk1Wlb/qstJJzYZCMfprfiNRRRiGeeD//mLZH6IGKg3ZPOybHaOVE7x+zw+dsnoGLwov2x82t6btKDAENC2BNZyMFMn9VudfJTJloqTCpbf+OrptN8jXPtihPLopXxPO+h2zo8RH9O7yhn60SeqtFSETPJD+LQhuHM5kH7axGj4N6eaL4xD3trbmoaH0mT5izzve4YWzNUZZhEZqnew2elCRvPUNwdDU925XjiJYwICcEcRph4QI0TClpbSAUnndPXpdYYfgJqBB+B+vSq8waogfdMwF9edjpAvYfP2xE2dpuNCagkuf0NKFpvxC+EyCIwKwWoXhDAJ8ozvn6DPtVF6kC3P7LPS5Dl3OLSrJbiMex4ITxwbpEac3TFyTEvzR4j3Bo7MhuNX99pjq/KgheiM+FljuagcKMB4Jjy7Q4gAqT2DX4E89wfRGA4U0X+SCOCR0Tv0knIvcZ7yHGhLgBNcAQ6pQjzLixwB/qFMegqucS108BGFuhUJe2q73V9UTdH+TdeE8LoBeoMkLs4CYN0Z3RlA1cOxy1MhZvOpbBXZMLMLgzkl+drO5IbxcwoowQcd5gJ0wG3HrkDqv/0NUTloRquWiMIOmvElXXPL3eDAFKIFyiCrN1OUiwIA7cwE2Zw+8y9r8s4Dgt+17LhMxiPr6cTdx+euY5+1ZgLsQ+SjckRX7d4G8ZbwcgrG3E1xPCl+Lm5C7woc117BEQQBjBQagkGIqZeCNnzB5qqcoKgKsS5dHOqy8a4GYIfUQtpAd+aXNKQYNKQJVFMw8gvb20AKju5uc3xAs1AWwzJGdgXcUwJxd6S0cYDDoysZgBxLufWNWgDGAUvMuxHtYEUUj1Soctn9X9UZdckahE/iEBIAEHo3cKwvJVu1txKYQtYxA/p5jiKAzjYF1f9KuB+y0hWtFLWDlFVaUi44Kq8IgVbMeJZWifsHj6LVzMcL8rra81IL0NvDpQK5u5aY2QHLFVautvsn/8vl10Aw8M2DQkTzUsUwqMXlReyUN41fM5ef9Xi8oLg68WbcbSqSb0g+GYpL4a7JbLMkExR9Y1LnrBa8FiUc58a6mZIiGxXI3DxAHEvXiw9DIEQDGtkOIbtvjcs2xyPzlWl0+60O8oKKMftkzftTvXi7+bw23WWjEYLXDEnTKIV0PS04fJQeXOq7E3cGV8Q6iJfVkoDFuGNNyzX7r0z+tMBk/uuEPi3u2Eqp/50G3KB3u5HkjnUr4zCwPjf+6PhRxIuRUUuFZ7ugrJwi0zcIipkyHI4eZez2aZZ36S7Bd9WwuRRvDkDsQE+Wy1uT19zWUzepvPy+5lr4mFFNKv0mlgx+5NfD7bWZnvmbdeMoQDQdFzkt4YM1xnYbhbYmpijq7K6Bl++ZHNXAnWd8bUxapi0lH0Mev+kUhqS29TgqWSUbuBjpb+MnY2JqCXALVmozbCVFNQS0P75p2W2phmojDtpFuqDh7UQ3aYc0wrvVDVj18YmTVCl9NWvF5HK/Ot6P7st1lXOAg+ensxeq6cvz16rp2d/ea2+OZ3N1Jdvzjrw5DV8efayU7EmuLDJ/PImClzWgzRM9MnENfvNZkWJkP0QNvnqZMu8FZu/YnnOnXi+TZq39dIs2ttb1eRcxMr3aCiFfnuLhhXgLZG8hnIOHo4P7lEUnAMRojuQ/hVyfqACxoVz4UyWjw8AkL+dH6SlOqQlzuOcMUb0+Rxs0sLyugs7Tp2DPJZeLfF7fnr68iAhJUpSd1A2kwci1HQu3S7QP8+NtMIY5WVqRiCMKBL3Qtv3r0kbxdpDHgbx48XCY7wQkU1efLCoAdkfhQUu0OY94jnJ+1dBkcr0mapG8ImqSxzTuOvdE7WEsQToeSLTNME+ZDtrYfms8hUaUYhFgGYYB/AcjOADnyXxI+8dyVrTZjSLhQv/wI8jCp8o5638XU6onN3qrEtGN06BmJwCXwTCAz/BGEY0/bsJJNV4IiV7r43tD175ey75/df6Hov8P6ubcfoeRudrxePfUKILboytErq7XO4kjbvK4FbJ+98sb5n6zoVMPCp6Ns93q88hG97D5/PtlUa+WlQziuusXCuhTUAFO7MWXrSmI8ccGqkXR5R9kFKb74pZZJ/k54a7gwZjfD26RlkqftDhO/6/PBnezJLh1QAcn71un71sH5+8aR+fsVVC/SVQ1YBHXl53gPobYGeAr2r+8uTVyVmGQabcs800j9J3W4e7eUUq0X0FVB4IX5YxspkVZw77NtvkHcvscX/R/gc2mfeHFgFh1gPFyOfGTn52W6NXtpCQ6ZlMx2xt0HAO3q2NFKGtwLuf7dKqFCOz57LJ+1ycy5VSBpanrWq/3ewcVn1TRWCObMNy6oTzW+PO2B3qo6uBLMnRbX3eB1x++aJwc6pVcpWxg+APClp4c6j6GPKaAV6opvfP5UVK5QeeJLFXy1sUqQHCyg/rrkn10vA4yJunBijmSVW3Mb0D22jjPvmtZKQRLwwBWUIfzRAMAIrKQS5lTw+mIKCX9ZpeeE+vDdTf7NmBzD1t6mHtq+avDFTyl9I4RSnTKPNIN6Th2jJ1cMpr423Nj0ozDVVRS69N0aKWxT/SJ/a7sZMW02vqdYjmEw9TxDRS+omdjZ+8WaA5/zgAb7H7h27WNTvuqPwVjmcohNu/crMHnt110dVkmpffkJnrXXHTqfp4lbuE1s1MicTC/PJ7Hdm8ypscJRO0crnljSr+UL37QuLkOrdIDV99f2iCaah7txYsq1eWAay7bL8WxcaC6OWbL4VozGvSiyOK43ASehEspve0LIMdPCzjn1PTMvrCGau0RuOssgm/e93siBMZMkW7a2MiIdfOPWcATt7mgiXtOBVFs7iy2F/bzNYamaOrLP1zdXAgvgnA9M/Qi9AMEtpHuBRoGuoj89Kwnb5pdauW60K2IWVZaFXasY4eMRL9iG2g1IWYGN7BXbyAWivLBNbarLcKoFgQpYZa4WxUJiMDKQhfq4yrUJYw7/k8/7UJ0Y7gBfRMpv/S6TQjyy7ONzQthFuFyB+oqlo9VBXPUduPTKpI1rxRWrKkqQxE3iil41KBGnlYyo4WN0orrbfzz/7oZpfjda1Jfm4pv1K9YIEiDrCus+ohpgZROmRWznVre9t0zstZVmBKnXX5Oa+xwbXx4UY5YIbpuplWn/JUQumW0xMaE98LIdaDgG2Mcun0BlM+Cn3qjHk5NcvV+/1SBnux6A5ry46ZQkN4GVI1gMswfmabT/vZW4QHxco+5MtPYkhm/+0XGclvbSjil8fgv8wV0NpIYnNHNvR36ElU/fuW3khyWxpTuYLht2CWBRQLyLMiit+CFs9zhOXyfnthzaRL75m9OIqgT+OKYOk9XkpiZPScseX2LIMXD9MHdrd1yL+aMwPK5xtFCkZwozAx/y9yo/wI0qeidGP5TVpYsvy0XE6y/E44rvsIcyKfjShYxiiiUxwKuNSfE8ZzFOW3LeMoRBFPEL1RfrzJSkLKz2asxbLg7/k6yDNMGwm5wt7yLq3CmBKdopmzl+1HFAXxI2lHkEoc5FM4zHrYhQg/xrCI5/z16elLiWzuhSHcwBH5vjaQxTdRoN0oKwUomxTAxtdi1TKQbEVw+PLaK1pwj6BzdNCYCn4PnwEm3vlp582ZzA2P4gCSUor4y7NXIkU8Tugav5vnI7aPiHXAQNtLuBAJ47s0YM9EizSHvDu1Ndvp9nRt0H1AmCZemHpxx7UH0+qT3qjyRGlYktfGh27rUPJor2E9yi+/VZa4YTn7IcyH/ZhOUBnl9p2ojHDbJoRhQN5+aa1VTVzzrSOhrkpH3gK+/VLRo3vhYByoE2RYzl5Y7uFzDcm18WEzjlyFs9U9iUPkP1c0OE+zEblIu0wFw6MuOaJtM4Eztff2i1ZU3kSrLmStVIyXaI3sbqY0H+PVZNrnpTuqha1aY+6TasmKPWObe/IbKlqVvmTw2eP+TvLjfJms6mWoCje2hWM6rUSV3VRTmu8M+RQDNQIiZiz8U2DJjmSt0Xuzb+pu3zLfG5bI6zpvepjlnBcOhLXj3ytw3OEnBZmtD5RWz7HczDkwGLi9YX+/TsF8maTFgTQYUfzMN4Y2uUu9TkqVrm7rb6VHKf8wpOLGSmcNm/JTzGV2ESDt+2oyBaJKy4/84IqieelTgvXMfjZsMRq7egmvISNkzTQRgBf8mB/5XzlZteuT+eTIu4ffNj/pLID/NdMgr2niBfpKlkt8PC1g9y/UpPfmc51SSJTgox/xYkFZERAnjsN7VKgMx51rAmjCjt+EwsjnqRVZULf6+ZKYcFUVxRSQZMmvuwfAo4DeIQIoWsA2IPdouZT1eUoqr3Kd5bjk7N3oHhJVj9TsuqmaANXvlH1CG+ZtPe6XnU6KnCzQ74Dw5BUIA+nb3wXbV3yYiDu5xKzZz4sQRfdOrIdhn38bc8Ssxlq489t2hI2jXd6jMASqbV69m07W3oEujj5VHcV72yWls0d/Yunt2ZnIRn/wQhR4FK7fkg8R0a3h2ekRY1Hj14GLPs6tPtg1Qvz99+m1mGUiVRVgyxoGvIpfdRHtLKOPd8i/Kwh3cWR/YyNquC9sD03XMuzpwGm+ZyfGUl40R/UJ3B1Niw/AsB0eCK8ilSLM0NmO7kztdIuQw8hfsP2hYTwFOEGPjPtFs9gaDwEiwI8xTpYUBk2hvvrGYI4ux641Hrq9sWVNJ47R3/Bx2123lEz9164CFUTiMcb3TKnOUASV2qWK31WIi9ri0rwqkO+al+7IMPriXk1aom6vCxQ5pe3a/lAT9jpfdkZeX94KqD+rf+l/V0N8Z0Iqy14ByrroVg1y16VeLmxqv6tHOPviHe8qXgJC7ipVJeRNUNt+V/DY1sKzubc2O6vm9eY3pnytD4Hn57J1tbs291WPxW1tcFCpo1CrKd5Q6qo/sl3+Pehf1pZO9bfmBPj8G3VAfLSmmn22lewt2Wj3pcB+IeFXhg9qsykDCimFPJ03DSt4Pm7KSBDz5FH/zuSnjTQDWAXKD+28FJHS9NiPGh8HsPFxQoqP950iUbhC3A7ref4dTD88cg6U485CvC8lTWdjTYfaTvlZzpwu5j2rmz4GUE72/R3qQu4jaLISCUAkDj1mopcKCfxH6HYRulrNw38Hqcoz5rGs6ChLwtVLNJ639hC25kzeXcSNX9GWTAEEUnbEJv+Rs53k7N9DQwnzoenuam5MLgIyTugyoXm5JKC+A1mtJG4KqmoUiw9cKz8oQFUX3pNK0QKCV39IEaWTgsgclY83a+ohRXxkehBg0j0slFRaPpyyh+nt7lY+3L0rNQFNA4pSqNeU1WoSfSiiAHmBkj93DwuvS1Sd7UzV2VdTdbaZqrMKVRIEz7utQ/PS7v4I/polLxWaf/zh15VyBBou12UImi/OyWu34ha7yqNgKlp282aAxusqFTQV/iinfTYhVKoHMbEevjPGl/83AAD//3eodhxyjwAA - path: /opt/azure/manifest.json permissions: "0644" diff --git a/pkg/agent/testdata/CustomizedImageKata/line28.sh b/pkg/agent/testdata/CustomizedImageKata/line28.sh index 5d749a254ed..377193a1857 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line28.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line28.sh @@ -66,11 +66,11 @@ if [[ "${SHOULD_CONFIGURE_CUSTOM_CA_TRUST}" == "true" ]]; then logs_to_events "AKS.CSE.configureCustomCaCertificate" configureCustomCaCertificate || exit $ERR_UPDATE_CA_CERTS fi -domain_name="mcr.microsoft.com" +registry_domain_name="mcr.microsoft.com" if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then - domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%/}" + registry_domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%%/*}" fi -verify_DNS_health $domain_name || exit $ERR_DNS_HEALTH_FAIL +verify_DNS_health $registry_domain_name || exit $ERR_DNS_HEALTH_FAIL if [[ -n "${OUTBOUND_COMMAND}" ]]; then if [[ -n "${PROXY_VARS}" ]]; then @@ -90,7 +90,7 @@ if [[ ${ID} != "mariner" ]] && [[ ${ID} != "azurelinux" ]]; then fi if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then - logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%/}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $? + logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${registry_domain_name}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $? fi export -f should_skip_nvidia_drivers diff --git a/pkg/agent/testdata/CustomizedImageKata/line65.sh b/pkg/agent/testdata/CustomizedImageKata/line65.sh index b2a16604579..7f6b7a2c050 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line65.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line65.sh @@ -337,9 +337,11 @@ configureContainerdRegistryHost() { mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")" touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" + CONTAINER_REGISTRY_URL=$(sed 's@/@/v2/@1' <<< "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}/") tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null < /dev/null <