Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update GCP agents to current Go versions #1826

Draft
wants to merge 14 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
DIST google-guest-agent-20240314.00-deps.tar.xz 100146672 BLAKE2B 5d59bad49c536a73f8be83f567cca3018fa1d56a78232e33eaefd1b8472174018da789bc1a432a56686568a01f932e9da2aee8c1f813cee829394037bcf694cd SHA512 1a00e48f54f74449b0289bf826aee5788d40a8406086a2f70f57d5e0d0c0c1bdf448b12e54962020a2dca4ff9d8586d7d94ae3dc3c5372e4622fbb18904cfb77
DIST google-guest-agent-20240314.00.tar.gz 194225 BLAKE2B 2c3a69507b3a66b7b9e541f021a050bc3b050896fd27726b46307ecb940a72fc287d8b5b8794f6bf5363c5f2ad85b411b352a680f805d50d34836d63caca1d6b SHA512 8cfaa7ed3d7b34ae224b3cb3df7b747e2e2d305b034f53b674fd984b4b609bd67c7a0115c876a7b01e869172d970e4dcd7de2c87f27fff7d46648ef0cf1c32d8
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
#
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# COS specific settings for the Linux Guest Environment for Google Compute
# Engine.

[InstanceSetup]
set_boto_config = false
host_key_dir = /mnt/stateful_partition/etc/ssh

[Instance]
instance_id_dir = /mnt/stateful_partition/etc

[MetadataScripts]
run_dir = /var/lib/google/

[NetworkInterfaces]
setup = false

[IpForwarding]
ip_aliases = false

[Accounts]
reuse_homedir = true
# Use usermod instead of gpasswd to avoid race between gpasswd and cloud-init.
gpasswd_add_cmd = usermod -aG {group} {user}
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
From e6ffb5fccf86931a79f551fdc960a659044042ce Mon Sep 17 00:00:00 2001
From: Oleksandr Tymoshenko <[email protected]>
Date: Wed, 8 Nov 2023 01:55:51 +0000
Subject: [PATCH 2/2] Create missing directories

Create missing directories for instance ID file and for SSH host key
---
google_guest_agent/instance_setup.go | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/google_guest_agent/instance_setup.go b/google_guest_agent/instance_setup.go
index d8cbc02bf94e..86b91b5c4636 100644
--- a/google_guest_agent/instance_setup.go
+++ b/google_guest_agent/instance_setup.go
@@ -171,7 +171,12 @@ func agentInit(ctx context.Context) {
// Check if instance ID has changed, and if so, consider this
// the first boot of the instance.
// TODO Also do this for windows. liamh@13-11-2019
- instanceIDFile := config.Instance.InstanceIDDir
+ instanceIDDir := config.Instance.InstanceIDDir
+ // Create the instance ID directory, if it doesn't exist.
+ if err := os.MkdirAll(instanceIDDir, 0755); err != nil {
+ logger.Warningf("Failed to create instance ID directory: %v", err)
+ }
+ instanceIDFile := instanceIDDir + "/google_instance_id"
instanceID, err := os.ReadFile(instanceIDFile)
if err != nil && !os.IsNotExist(err) {
logger.Warningf("Not running first-boot actions, error reading instance ID: %v", err)
@@ -220,6 +225,10 @@ func agentInit(ctx context.Context) {
func generateSSHKeys(ctx context.Context) error {
config := cfg.Get()
hostKeyDir := config.InstanceSetup.HostKeyDir
+ // Create the host key directory, if it doesn't exist.
+ if err := os.MkdirAll(hostKeyDir, 0755); err != nil {
+ logger.Warningf("Failed to create host key directory: %v", err)
+ }
dir, err := os.Open(hostKeyDir)
if err != nil {
return err
--
2.42.0.869.gea05f2083d-goog

Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
From a28e8fa46b5ef09c8a83763a6163d7b63d04f156 Mon Sep 17 00:00:00 2001
From: Oleksandr Tymoshenko <[email protected]>
Date: Thu, 2 Nov 2023 00:23:19 +0000
Subject: [PATCH 1/2] Add stable gid for added users

Use gid obtained from the home directory to create users with a
volatile /etc directory.
---
google_guest_agent/accounts_unix.go | 17 +++++++++++++----
google_guest_agent/accounts_windows.go | 6 +++---
google_guest_agent/non_windows_accounts.go | 6 +++---
google_guest_agent/windows_accounts.go | 4 ++--
4 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/google_guest_agent/accounts_unix.go b/google_guest_agent/accounts_unix.go
index 94cedd3d480a..0cc6470f15f2 100644
--- a/google_guest_agent/accounts_unix.go
+++ b/google_guest_agent/accounts_unix.go
@@ -27,21 +27,30 @@ import (
"github.com/GoogleCloudPlatform/guest-agent/google_guest_agent/run"
)

-func getUID(path string) string {
+func getUIDAndGID(path string) (string, string) {
if dir, err := os.Stat(path); err == nil {
if stat, ok := dir.Sys().(*syscall.Stat_t); ok {
- return fmt.Sprintf("%d", stat.Uid)
+ return fmt.Sprintf("%d", stat.Uid), fmt.Sprintf("%d", stat.Gid)
}
}
- return ""
+ return "", ""
}

-func createUser(ctx context.Context, username, uid string) error {
+func createUser(ctx context.Context, username, uid, gid string) error {
config := cfg.Get()
useradd := config.Accounts.UserAddCmd
if uid != "" {
useradd = fmt.Sprintf("%s -u %s", useradd, uid)
}
+ if gid != "" {
+ groupadd := config.Accounts.GroupAddCmd
+ groupadd = fmt.Sprintf("%s -g %s", groupadd, gid)
+ cmd, args := createUserGroupCmd(groupadd, "", username)
+ if err := run.Quiet(ctx, cmd, args...); err != nil {
+ return err
+ }
+ useradd = fmt.Sprintf("%s -g %s", useradd, gid)
+ }
cmd, args := createUserGroupCmd(useradd, username, "")
return run.Quiet(ctx, cmd, args...)
}
diff --git a/google_guest_agent/accounts_windows.go b/google_guest_agent/accounts_windows.go
index 5f0087afd6eb..c66b3e6cc211 100644
--- a/google_guest_agent/accounts_windows.go
+++ b/google_guest_agent/accounts_windows.go
@@ -138,7 +138,7 @@ func addUserToGroup(ctx context.Context, username, group string) error {
return nil
}

-func createUser(ctx context.Context, username, pwd string) error {
+func createUser(ctx context.Context, username, pwd, _ string) error {
uPtr, err := syscall.UTF16PtrFromString(username)
if err != nil {
return fmt.Errorf("error encoding username to UTF16: %v", err)
@@ -184,6 +184,6 @@ func userExists(name string) (bool, error) {
return true, nil
}

-func getUID(path string) string {
- return ""
+func getUIDAndGID(path string) (string, string) {
+ return "", ""
}
diff --git a/google_guest_agent/non_windows_accounts.go b/google_guest_agent/non_windows_accounts.go
index 2fa6f5de6487..c8640624064c 100644
--- a/google_guest_agent/non_windows_accounts.go
+++ b/google_guest_agent/non_windows_accounts.go
@@ -343,12 +343,12 @@ func createUserGroupCmd(cmd, user, group string) (string, []string) {
// createGoogleUser creates a Google managed user account if needed and adds it
// to the configured groups.
func createGoogleUser(ctx context.Context, config *cfg.Sections, user string) error {
- var uid string
+ var uid, gid string
if config.Accounts.ReuseHomedir {
- uid = getUID(fmt.Sprintf("/home/%s", user))
+ uid, gid = getUIDAndGID(fmt.Sprintf("/home/%s", user))
}

- if err := createUser(ctx, user, uid); err != nil {
+ if err := createUser(ctx, user, uid, gid); err != nil {
return err
}
groups := config.Accounts.Groups
diff --git a/google_guest_agent/windows_accounts.go b/google_guest_agent/windows_accounts.go
index 248bf399e436..a46b60759129 100644
--- a/google_guest_agent/windows_accounts.go
+++ b/google_guest_agent/windows_accounts.go
@@ -133,7 +133,7 @@ func createOrResetPwd(ctx context.Context, k metadata.WindowsKey) (*credsJSON, e
}
} else {
logger.Infof("Creating user %s", k.UserName)
- if err := createUser(ctx, k.UserName, pwd); err != nil {
+ if err := createUser(ctx, k.UserName, pwd, ""); err != nil {
return nil, fmt.Errorf("error running createUser: %v", err)
}
if k.AddToAdministrators == nil || *k.AddToAdministrators {
@@ -155,7 +155,7 @@ func createSSHUser(ctx context.Context, user string) error {
return nil
}
logger.Infof("Creating user %s", user)
- if err := createUser(ctx, user, pwd); err != nil {
+ if err := createUser(ctx, user, pwd, ""); err != nil {
return fmt.Errorf("error running createUser: %v", err)
}

--
2.42.0.869.gea05f2083d-goog

Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
#! /bin/bash
#
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Get a metadata value from the metadata server.
# curl exit codes: https://everything.curl.dev/usingcurl/returns
declare -r VARNAME=$1
declare -r MDS_PREFIX=http://metadata.google.internal/computeMetadata/v1
declare -r MDS_TRIES=${MDS_TRIES:-100}

function print_metadata_value() {
local readonly tmpfile=$(mktemp)
http_code=$(curl -f "${1}" -H "Metadata-Flavor: Google" -w "%{http_code}" \
-s -o ${tmpfile} 2>/dev/null)
local readonly return_code=$?
# If the command completed successfully, print the metadata value to stdout.
if [[ ${return_code} == 0 && ${http_code} == 200 ]]; then
cat ${tmpfile}
fi
rm -f ${tmpfile}
return ${return_code}
}

function print_metadata_value_if_exists() {
local return_code=1
local readonly url=$1
print_metadata_value ${url}
return_code=$?
return ${return_code}
}

function get_metadata_value() {
local readonly varname=$1
# Print the instance metadata value.
print_metadata_value_if_exists ${MDS_PREFIX}/instance/${varname}
return_code=$?
# If the instance doesn't have the value, try the project.
if [[ ${return_code} != 0 && ${return_code} != 6 && ${return_code} != 7 ]];
then
print_metadata_value_if_exists ${MDS_PREFIX}/project/${varname}
return_code=$?
fi
return ${return_code}
}

function get_metadata_value_with_retries() {
local return_code=1 # General error code.
for ((count=0; count <= ${MDS_TRIES}; count++)); do
get_metadata_value $VARNAME
return_code=$?
case $return_code in
# No error. We're done.
0) exit ${return_code};;
# Failed to resolve host or connect to host. Retry.
6|7) sleep 0.3; continue;;
# A genuine error. Exit.
*) exit ${return_code};
esac
done
# Exit with the last return code we got.
exit ${return_code}
}

get_metadata_value_with_retries
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
#
# Copyright 2023 Google LLC
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# version 2 as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
EAPI=7

# Flatcar: inherit coreos-go-depend
COREOS_GO_VERSION=go1.21
inherit coreos-go-depend go-module systemd

DESCRIPTION="Google Guest Agent"
HOMEPAGE="https://github.com/GoogleCloudPlatform/guest-agent"

SRC_URI="https://github.com/GoogleCloudPlatform/guest-agent/archive/${PV}.tar.gz -> ${P}.tar.gz"
# Flatcar: explicitly reference mirror
SRC_URI+=" https://commondatastorage.googleapis.com/cos-localmirror/distfiles/${P}-deps.tar.xz"

LICENSE="Apache-2.0 BSD ZLIB"
SLOT="0"
KEYWORDS="*"
IUSE=""
RDEPEND="!app-admin/compute-image-packages
>=app-admin/oslogin-20231004.00
"

S=${WORKDIR}/guest-agent-${PV}

PATCHES=(
"${FILESDIR}/20231016.00-homedir-gid.patch"
"${FILESDIR}/20231016.00-create-hostkey-and-instanceID-dirs.patch"
)

# Flatcar: export GO variables
src_prepare() {
go_export
default
}

src_compile() {
export GOTRACEBACK="crash"
pushd google_guest_agent || die
# Flatcar: switch to EGO
CGO_ENABLED=0 ${EGO} build -ldflags="-s -w -X main.version=${PV}" \
-mod=readonly || die
popd || die
pushd google_metadata_script_runner || die
# Flatcar: switch to EGO
CGO_ENABLED=0 ${EGO} build -ldflags="-s -w -X main.version=${PV}" \
-mod=readonly || die
popd || die
}

src_install() {
dobin google_guest_agent/google_guest_agent
dobin google_metadata_script_runner/google_metadata_script_runner
systemd_dounit google-guest-agent.service
systemd_dounit google-startup-scripts.service
systemd_dounit google-shutdown-scripts.service
systemd_enable_service multi-user.target google-guest-agent.service
systemd_enable_service multi-user.target google-startup-scripts.service
systemd_enable_service multi-user.target google-shutdown-scripts.service

# Backports the get_metadata_value script from compute-image-packages.
# We have users that still rely on this script, so we need to continue
# to install it.
exeinto /usr/share/google/
newexe "${FILESDIR}/get_metadata_value" get_metadata_value

# Install COS specific configuration
insinto /etc/default
newins "${FILESDIR}/20201102-instance_configs.cfg.distro" instance_configs.cfg.distro
}
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DIST google-guest-configs-20240304.00.tar.gz 24918 BLAKE2B 08f8e5b8c2abd720f5af6682e110b78579e4c8788dfe3b0f243de5aaf98b40f03bcb885d1706d166e08b6e987ed4d86dc4140d444173f0c03aee82ce4d8759ea SHA512 6ae4335c31e1265dcf1bf9b45532571276a50103b482662e8d8ff393a11783a51c5ce0fd266ed41342a1db046114be3b1fe1675b9c4d3e97e52486d7ededcf41
Loading
Loading