Feature: Adding Azure Linux 4.0 Base Support using dnf5 package manager#343
Feature: Adding Azure Linux 4.0 Base Support using dnf5 package manager#343yashnap wants to merge 21 commits into
Conversation
yashnap
force-pushed
the
37454066_dnf5_packageManager_support
branch
from
7ddf13b to
c615038
Compare
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Introduces an Azure Linux 4–specific DNF (dnf5) package manager implementation and wires it into distro/package-manager detection so Azure Linux 4 selects DNF instead of TDNF.
Changes:
- Added
AzL4DnfPackageManagerskeleton class extendingPackageManager. - Updated Azure Linux package manager detection to choose DNF for Azure Linux 4+ and TDNF for Azure Linux 3.
- Added
Constants.DNFand registered DNF configurations inConfigurationFactory.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
src/core/src/package_managers/AzL4DnfPackageManager.py |
Adds a new (currently stubbed) DNF-based package manager for Azure Linux 4. |
src/core/src/bootstrap/EnvLayer.py |
Selects DNF for Azure Linux 4+ and keeps TDNF for Azure Linux 3. |
src/core/src/bootstrap/Constants.py |
Introduces a DNF constant used by configuration selection. |
src/core/src/bootstrap/ConfigurationFactory.py |
Registers DNF configs and maps them to AzL4DnfPackageManager. |
Comments suppressed due to low confidence (1)
src/core/src/bootstrap/EnvLayer.py:1
- This error path drops useful diagnostics. Consider including the command result (
out) and/or the checked path in the message so failures are actionable (e.g., whendnfis installed but not on PATH). Also, returningstr()(empty string) makes it hard to distinguish 'not found' vs 'unknown'; consider returningNoneor a dedicated sentinel, depending on existing conventions in this module.
# Copyright 2020 Microsoft Corporation
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| def refresh_repo(self): | ||
| """Refreshes the DNF repository cache and lists available updates by cleaning expired cache entries | ||
| Commands: | ||
| - sudo dnf clean expire-cache (cleans expired cache entries) | ||
| - sudo dnf -q check-update (checks for available updates) | ||
| """ | ||
| pass |
| def get_all_updates(self, cached=False): | ||
| """Gets all missing updates available for the system and returns the cached updates list and versions list | ||
| Cache Check Logic: | ||
| - If cached=True and cache has data, return cached updates and versions immediately (high performance reuse) | ||
| - If cache miss or cached=False, execute the DNF command to get fresh updates and populate cache | ||
| Command: | ||
| - sudo dnf -q check-update (checks for all available updates) | ||
| 1. If cached=True and cache has data, return cached results | ||
| 2. Execute command, parse output, cache results | ||
| 3. Return all_updates_cached and all_update_versions_cached | ||
| """ | ||
| return [], [] | ||
|
|
||
| # AssessPatch method | ||
| def get_security_updates(self): | ||
| """Gets all missing security updates available for the system and returns packages and versions list | ||
| Command: | ||
| - sudo dnf -q check-update --security (checks for available security updates only) | ||
| Returns: | ||
| - List of security package names | ||
| - List of corresponding security package versions | ||
| """ | ||
| pass |
| if major is not None and int(major) >= 4: | ||
| code, out = self.run_command_output('which dnf', False, False) | ||
| if code == 0: | ||
| return 'dnf' |
| """ | ||
| return [], [] | ||
|
|
||
| def set_max_patch_publish_date(self, max_patch_publish_date=str()): |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #343 +/- ##
==========================================
+ Coverage 93.84% 93.86% +0.02%
==========================================
Files 105 107 +2
Lines 18218 19135 +917
==========================================
+ Hits 17096 17961 +865
- Misses 1122 1174 +52
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
yashnap
force-pushed
the
37454066_dnf5_packageManager_support
branch
from
b081d06 to
1b80cf7
Compare
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
yashnap
force-pushed
the
37454066_dnf5_packageManager_support
branch
from
0a05123 to
9b9fd31
Compare
yashnap
changed the title
yashnap
force-pushed
the
37454066_dnf5_packageManager_support
branch
from
6fdc513 to
d42304e
Compare
yashnap
force-pushed
the
37454066_dnf5_packageManager_support
branch
from
d42304e to
b950de5
Compare
You are adding dnf5 support to AzLinux4 and not replacing Tdnf in this PR. TdnfPackageManager will still be used in AzLinux3 post this PR. |
|
|
||
| from core.src.package_managers.AptitudePackageManager import AptitudePackageManager | ||
| from core.src.package_managers.AzL3TdnfPackageManager import AzL3TdnfPackageManager | ||
| from core.src.package_managers.DnfPackageManager import DnfPackageManager |
There was a problem hiding this comment.
updated naming everywhere with dnf5
|
|
||
| self.configurations = { | ||
| 'apt_prod_config': self.new_prod_configuration(Constants.APT, AptitudePackageManager), | ||
| 'dnf_prod_config': self.new_prod_configuration(Constants.DNF, DnfPackageManager), |
|
|
||
| # Package Managers | ||
| APT = 'apt' | ||
| DNF = 'dnf' |
| # | ||
| # Requires Python 2.7+ | ||
|
|
||
| """DnfPackageManager for Azure Linux L4 and RHEL 10""" |
There was a problem hiding this comment.
Do not mention the image restrictions within packagemanager. Restrictions would only come from the places where it is set/invoked and not within the package manager implementation.
There was a problem hiding this comment.
Removed image restrictions.
|
|
||
|
|
||
| class DnfPackageManager(PackageManager): | ||
| """Implementation of Azure Linux L4/RHEL 10 DNF5 package management operations""" |
There was a problem hiding this comment.
Same comment as on line 17
| return Constants.AutomaticOSPatchStates.DISABLED | ||
|
|
||
| if enable_on_reboot_value: | ||
| return Constants.AutomaticOSPatchStates.ENABLED |
There was a problem hiding this comment.
What if apply_updates_value is enabled?
|
|
||
| if enable_on_reboot_value: | ||
| return Constants.AutomaticOSPatchStates.ENABLED | ||
|
|
There was a problem hiding this comment.
Can you map out a matrix on all the possible values of: is_service_installed, enable_on_reboot_value, download_updates_value, apply_updates_value and how it affects auto_os_patch_state_for_dnf5_automatic?
There was a problem hiding this comment.
Added in the document
| enable_on_reboot_value = self.is_service_set_to_enable_on_reboot(self.enable_on_reboot_check_cmd) | ||
|
|
||
| self.composite_logger.log_debug( | ||
| "[DNF] Checking if auto updates are currently enabled...") |
| except Exception as error: | ||
| raise Exception( | ||
| "[DNF] Error occurred in fetching current auto OS update settings from the machine (dnf5). [Exception={0}]".format( | ||
| repr(error))) |
There was a problem hiding this comment.
Enabling and disabling Auto OS updates is slightly more involved than what is implemented here. There's more checks and balances that are missed. Will try to cover it in offline sync.
But a suggestion here is, try to closely follow what is already implemented in tdnf, it will be same or very similar for dnf. Create an AzL3 VM, see how auto OS update works in it, you can try running the cmds in it to understand what is happening and then re-create the process for AzL4
| package_manager.get_current_auto_os_patch_state = self.runtime.backup_get_current_auto_os_patch_state | ||
|
|
||
| # Mock the systemctl cat output with enabled flags | ||
| systemctl_cat_output = '''[Unit] |
There was a problem hiding this comment.
Refer existing UTs on how mocks are implemented within the code base
There was a problem hiding this comment.
I am adding UTs to cover all scenarios . Will review the existing code on how it done.
|
Note: Renamed the DNfPackageManager file to DNF5 =PackageManager along with code updates, which caused Git to show it as a delete + add. The logic changes are incremental, but previous comments may appear outdated due to this artifact. |
yashnap
force-pushed
the
37454066_dnf5_packageManager_support
branch
from
2b061b5 to
95e1ae1
Compare
yashnap
force-pushed
the
37454066_dnf5_packageManager_support
branch
from
95e1ae1 to
72a32d8
Compare
|
UT coverage still in progress. |
yashnap
force-pushed
the
37454066_dnf5_packageManager_support
branch
from
e4364c6 to
775c15e
Compare
|
|
||
| return packages, versions | ||
|
|
||
| def dedupe_update_packages_to_get_latest_versions(self, packages, package_versions): |
There was a problem hiding this comment.
Is this duplicated code? Can we pull duplicated code out into helper classes?
There was a problem hiding this comment.
@yashnap add a sample of what the input to this function would look like. How this function is implemented would depend on what output the calling function receives from a command run.
dedupe_update_packages_to_get_latest_versions() was added in TdnfPackageManager because its command returned package list with each version. for eg:
| Package | version |
| P1 | 1.0 |
| P2 | 1.0 |
| P1 | 2.0 |
| P1 | 1.2 |
From this we needed to get the latest version for each package. Verify if DNF5 returns similar command output, if not refer how this implemented in other package managers
There was a problem hiding this comment.
It is the same between TDNF and DNF package Managers. Currently we don't have helper classes in LPE to put common code as lot of code gets dumped into those. Since it is just 1 method we can keep it as is. In future if we see more duplicates, I'll work on separating it out.
There was a problem hiding this comment.
@rane-rajasi Right now since Azl4 VM only has 1 repo installed, I am unable to verify how multiple version would look like. We can keep it as is as a safety until we can verify.
yashnap
force-pushed
the
37454066_dnf5_packageManager_support
branch
from
d7ff451 to
bee76df
Compare
yashnap
force-pushed
the
37454066_dnf5_packageManager_support
branch
from
bee76df to
ed857b8
Compare
|
|
||
| def __assert_std_io(self, captured_output, expected_output=''): | ||
| output = captured_output.getvalue() | ||
| self.assertTrue(expected_output in output) |
| def test_refresh_repo(self): | ||
| self.runtime.set_legacy_test_type('HappyPath') | ||
| package_manager = self.container.get('package_manager') | ||
| self.assertTrue(package_manager is not None) |
| package_manager.disable_auto_os_update() | ||
| self.assertTrue(package_manager.image_default_patch_configuration_backup_exists()) | ||
| image_default_patch_configuration_backup = json.loads(self.runtime.env_layer.file_system.read_with_retry(package_manager.image_default_patch_configuration_backup_path)) | ||
| self.assertTrue(image_default_patch_configuration_backup is not None) |
| self.assertTrue(image_default_patch_configuration_backup is not None) | ||
|
|
||
| # validating backup for dnf-automatic | ||
| self.assertTrue(package_manager.dnf5_auto_os_update_service in image_default_patch_configuration_backup) |
| @@ -38,6 +38,7 @@ | |||
|
|
|||
| from core.src.package_managers.AptitudePackageManager import AptitudePackageManager | |||
There was a problem hiding this comment.
Adding a comment on the PR description here in case it was missed earlier due to it appearing only on the conversation tab: #343 (comment)
Please see the linked comment from previous feedback. This PR was never intended to replace TdnfPackageManager. Tdnf was added for AzL3 and will continue to be used for it. Dnf5 is being added for AzL4 and possibly RHEL10. Tdnf and dnf5 are independent from each other. Tdnf was never intended to be used for AzL4
| return None | ||
|
|
||
| if str(package_manager_name) not in [Constants.APT, Constants.TDNF, Constants.YUM, Constants.ZYPPER]: | ||
| if str(package_manager_name) not in [Constants.APT, Constants.DNF, Constants.TDNF, Constants.YUM, Constants.ZYPPER]: |
| elif cmd.find("dnf5 -y upgrade") > -1: | ||
| code = 0 | ||
| output = "Complete!\n" | ||
|
|
There was a problem hiding this comment.
Remove empty line break
| " * glibc\n\n" + \ | ||
| "Reboot is required to fully utilize these updates.\n" + \ | ||
| "More information: https://access.redhat.com/solutions/27943\n" | ||
|
|
There was a problem hiding this comment.
Remove empty line break
| "python3.x86_64 3.12.3-4.azl4~20260501 azurelinux-base\n" + \ | ||
| "python3.x86_64 3.12.3-5.azl4~20260501 azurelinux-base\n" + \ | ||
| "python3.x86_64 3.12.3-6.azl4~20260501 azurelinux-base\n" | ||
|
|
There was a problem hiding this comment.
Remove empty line break
| current_auto_os_patch_state_for_dnf5_automatic = self.__get_current_auto_os_patch_state_for_dnf5_automatic() | ||
|
|
||
| self.composite_logger.log("[DNF5] OS patch state per auto OS update service: [dnf5-automatic={0}]".format( | ||
| str(current_auto_os_patch_state_for_dnf5_automatic))) |
| self.composite_logger.log("[DNF5] Fetching the current automatic OS patch state on the machine...") | ||
|
|
||
| current_auto_os_patch_state_for_dnf5_automatic = self.__get_current_auto_os_patch_state_for_dnf5_automatic() | ||
|
|
| def get_current_auto_os_patch_state(self): | ||
| """ Gets the current auto OS update patch state on the machine """ | ||
| self.composite_logger.log("[DNF5] Fetching the current automatic OS patch state on the machine...") | ||
|
|
|
|
||
| self.composite_logger.log_debug( | ||
| "[DNF5] Overall Auto OS Patch State based on all auto OS update service states [OverallAutoOSPatchState={0}]".format( | ||
| str(current_auto_os_patch_state))) |
There was a problem hiding this comment.
self.composite_logger.log_debug("[DNF5] Overall Auto OS Patch State based on all auto OS update service states [OverallAutoOSPatchState={0}]".format(str(current_auto_os_patch_state)))
| override_text = "[Service]\nExecStart=\nExecStart={0}\n".format(" ".join(flags)) | ||
|
|
||
| self.env_layer.run_command_output("sudo mkdir -p {0}".format(self.dnf5_automatic_override_dir), False, False) | ||
| self.env_layer.file_system.write_with_retry(self.dnf5_automatic_override_file, override_text, mode='w+') |
There was a problem hiding this comment.
I'm not on board with this solution, completely overriding a config, without retaining any of its original state, should not be done. We are not simply adding or updating the patch related configs but overriding everything else in it
|
|
||
| # Package Managers | ||
| APT = 'apt' | ||
| DNF = 'dnf5' |
|
|
||
| def do_processes_require_restart(self): | ||
| """Fulfilling base class contract. Not needed for DNF5""" | ||
| pass |
| '3.12.9-1.azl3', '3.12.3-4.azl3', '6.6.78.1-1.azl3', '3.12.3-5.azl3', '3.12.3-5.azl3'] | ||
| deduped_packages, deduped_package_versions = package_manager.dedupe_update_packages_to_get_latest_versions( | ||
| packages, package_versions) | ||
| self.assertTrue(deduped_packages is not None and deduped_packages is not []) |
| deduped_packages, deduped_package_versions = package_manager.dedupe_update_packages_to_get_latest_versions( | ||
| packages, package_versions) | ||
| self.assertTrue(deduped_packages is not None and deduped_packages is not []) | ||
| self.assertTrue(deduped_package_versions is not None and deduped_package_versions is not []) |
| self.assertEqual(versions[4], '3.12.3-6.azl4~20260501') | ||
|
|
||
| # Test: install command generation (pure logic, safe to test) | ||
| packages = ['kernel.x86_64', 'selinux-policy-targeted.noarch'] |
|
|
||
| # Test: install command generation (pure logic, safe to test) | ||
| packages = ['kernel.x86_64', 'selinux-policy-targeted.noarch'] | ||
| package_versions = ['2.02.177-4.el7', '3.10.0-862.el7'] |
| package_manager.disable_auto_os_update() | ||
| self.assertTrue(package_manager.image_default_patch_configuration_backup_exists()) | ||
| image_default_patch_configuration_backup = json.loads(self.runtime.env_layer.file_system.read_with_retry(package_manager.image_default_patch_configuration_backup_path)) | ||
| self.assertTrue(image_default_patch_configuration_backup is not None) |
Implemented DnfPackageManager by extending PackageManager instead of TdnfPackageManager.
DNF5 behavior (output, classification, dependency resolution) differs from Tdnf making reuse unsafe. This approach keeps the implementation clean with dnf5 capabilities.
FIRST ITERATION ( Enablement/Disablement)
Implemented the below methods:
get_current_auto_os_patch_state,
disable_auto_os_update,
disable_auto_os_update_for_dnf5_automatic,
disable_auto_update_on_reboot,
is_auto_update_service_installed,
is_service_set_to_enable_on_reboot,
enable_auto_update_on_reboot
Added few UT's to cover the implementation(more to follow)
TESTING
ARM ID : /subscriptions/6acc8a91-e2b0-4041-a069-c2932ab42fd9/resourceGroups/rg-yashna-linux4-test-wus2/providers/Microsoft.Compute/virtualMachines/vm-yashna-linux4
<--------------------ITERATION2------------------------->
output.txt
<------------------ITERATION3---------------->
Install Update package available
output.txt
All packages are upto date and already installed
output_alreadyUptoDate.txt
<-------ITERATION4 ------->
output_new.txt
<---- ITERATION5-------->
<-------------------AUTO-OS -------------------------->
AUTO OS
ANALYSIS:
Active: active (waiting)
Triggers: ● dnf5-automatic.service
ExecStart=
ExecStart=/usr/bin/dnf5 automatic --timer --downloadupdates --no-installupdates
Modified Config file at /etc/dnf/automatic.conf but there was no change in execution or patching behavior/output.
There is no config reference in the service when checked with Command : systemctl cat dnf5-automatic.service and output : ExecStart=/usr/bin/dnf5 automatic --timer --downloadupdates --installupdates
CODE APPRAOCH:
--installupdates
--no-installupdates
--downloadupdates
--no-downloadupdates
Logic :
(apply=yes) → --installupdates
(apply=no, download=yes) → --downloadupdates --no-installupdates
(apply=no, download=no) → --no-downloadupdates --no-installupdates
(None, None) → remove override
I am treating --no-installupdates and --no-downloadupdates same as "" or empty in the ExecStart command ( The default definition doesnt have any flags so to keep parity and make sure we dont have flags when we revert
I've added the Auto-OS method at the bottom of the class.
Auto OS Use-case tested via script :
full_output4.log
FULL LIFECYLE RUN
Used the script test_full.py from the ARM ID : /subscriptions/6acc8a91-e2b0-4041-a069-c2932ab42fd9/resourceGroups/rg-yashna-linux4-test-wus2/providers/Microsoft.Compute/virtualMachines/vm-yashna-linux4
full_output_2026_06_03.log