fix: fixing repodepot support for azlinux3 and ubuntu2404 as well as PMC on Ubuntu (#7565)

Author: djsly

parts/linux/cloud-init/artifacts/init-aks-custom-cloud-mariner.sh

@@ -1,6 +1,29 @@
 #!/bin/bash
 set -x
 mkdir -p /root/AzureCACertificates
+
+IS_MARINER=0
+IS_AZURELINUX=0
+# shellcheck disable=SC3010
+if [[ -f /etc/os-release ]]; then
+        . /etc/os-release
+    # shellcheck disable=SC3010
+    if [[ $NAME == *"Mariner"* ]]; then
+        IS_MARINER=1
+    elif [[ $NAME == *"Microsoft Azure Linux"* ]]; then
+        IS_AZURELINUX=1
+    else
+        echo "Unknown Linux distribution"
+        exit 1
+    fi
+else
+    echo "Unsupported operating system"
+    exit 1
+fi
+
+echo "distribution is $distribution"
+echo "Running on $NAME"
+
 # http://168.63.129.16 is a constant for the host's wireserver endpoint
 certs=$(curl "http://168.63.129.16/machine?comp=acmspackage&type=cacertificates&ext=json")
 IFS_backup=$IFS
@@ -17,15 +40,77 @@ cp /root/AzureCACertificates/*.crt /etc/pki/ca-trust/source/anchors/
 
 cloud-init status --wait
 
+function init_mariner_repo_depot {
+    local repodepot_endpoint=$1
+    echo "Adding [extended] repo"
+    cp /etc/yum.repos.d/mariner-extras.repo /etc/yum.repos.d/mariner-extended.repo
+    sed -i -e "s|extras|extended|" /etc/yum.repos.d/mariner-extended.repo
+    sed -i -e "s|Extras|Extended|" /etc/yum.repos.d/mariner-extended.repo
+
+    echo "Adding [nvidia] repo"
+    cp /etc/yum.repos.d/mariner-extras.repo /etc/yum.repos.d/mariner-nvidia.repo
+    sed -i -e "s|extras|nvidia|" /etc/yum.repos.d/mariner-nvidia.repo
+    sed -i -e "s|Extras|Nvidia|" /etc/yum.repos.d/mariner-nvidia.repo
+
+    echo "Adding [cloud-native] repo"
+    cp /etc/yum.repos.d/mariner-extras.repo /etc/yum.repos.d/mariner-cloud-native.repo
+    sed -i -e "s|extras|cloud-native|" /etc/yum.repos.d/mariner-cloud-native.repo
+    sed -i -e "s|Extras|Cloud-Native|" /etc/yum.repos.d/mariner-cloud-native.repo
+
+    echo "Pointing Mariner repos at RepoDepot..."
+    for f in /etc/yum.repos.d/*.repo
+    do
+        sed -i -e "s|https://packages.microsoft.com|${repodepot_endpoint}/mariner/packages.microsoft.com|" $f
+        echo "$f modified."
+    done
+    echo "Mariner repo setup complete."
+}
+
+function init_azurelinux_repo_depot {
+    local repodepot_endpoint=$1
+    repos=("amd" "base" "cloud-native" "extended" "ms-non-oss" "ms-oss" "nvidia")
+
+    # tbd maybe we do this a bit nicer
+    rm -f /etc/yum.repos.d/azurelinux*
+
+    for repo in "${repos[@]}"; do
+        output_file="/etc/yum.repos.d/azurelinux-${repo}.repo"
+        repo_content=(
+            "[azurelinux-official-$repo]"
+            "name=Azure Linux Official $repo \$releasever \$basearch"
+            "baseurl=$repodepot_endpoint/azurelinux/\$releasever/prod/$repo/\$basearch"
+            "gpgkey=file:///etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY"
+            "gpgcheck=1"
+            "repo_gpgcheck=1"
+            "enabled=1"
+            "skip_if_unavailable=True"
+            "sslverify=1"
+        )
+
+        rm -f "$output_file"
+
+        for line in "${repo_content[@]}"; do
+            echo "$line" >> "$output_file"
+        done
+
+        echo "File '$output_file' has been created."
+    done
+}
+
 marinerRepoDepotEndpoint="$(echo "${REPO_DEPOT_ENDPOINT}" | sed 's/\/ubuntu//')"
 if [ -z "$marinerRepoDepotEndpoint" ]; then
   >&2 echo "repo depot endpoint empty while running custom-cloud init script"
 else
-  for f in /etc/yum.repos.d/*.repo
-  do
-      sed -i -e "s|https://packages.microsoft.com|${marinerRepoDepotEndpoint}/mariner/packages.microsoft.com|" "$f"
-      echo "## REPO - $f - MODIFIED"
-  done
+  # logic taken from https://repodepot.azure.com/scripts/cloud-init/setup_repodepot.sh
+  if [ "$IS_MARINER" -eq 1 ]; then
+      echo "Initializing Mariner repo depot settings..."
+      init_mariner_repo_depot ${marinerRepoDepotEndpoint}
+  elif [ "$IS_AZURELINUX" -eq 1 ]; then
+      echo "Initializing Azure Linux repo depot settings..."
+      init_azurelinux_repo_depot ${marinerRepoDepotEndpoint}
+  else
+      echo "No customizations for distribution: $NAME"
+  fi
 fi
 
 # Set the chrony config to use the PHC /dev/ptp0 clock
@@ -58,4 +143,4 @@ EOF
 
 systemctl restart chronyd
 
-#EOF
+#EOF

parts/linux/cloud-init/artifacts/init-aks-custom-cloud.sh

@@ -2,12 +2,28 @@
 set -x
 mkdir -p /root/AzureCACertificates
 
-# For Flatcar: systemd timer instead of cron, skip cloud-init/apt ops, chronyd service name).
 IS_FLATCAR=0
-if [ -f /etc/os-release ] && grep -qi '^ID=flatcar' /etc/os-release; then
-  IS_FLATCAR=1
+IS_UBUNTU=0
+# shellcheck disable=SC3010
+if [[ -f /etc/os-release ]]; then
+    . /etc/os-release
+    # shellcheck disable=SC3010
+    if [[ $NAME == *"Ubuntu"* ]]; then
+        IS_UBUNTU=1
+    elif [[ $ID == *"flatcar"* ]]; then
+        IS_FLATCAR=1
+    else
+        echo "Unknown Linux distribution"
+        exit 1
+    fi
+else
+    echo "Unsupported operating system"
+    exit 1
 fi
 
+echo "distribution is $distribution"
+echo "Running on $NAME"
+
 # http://168.63.129.16 is a constant for the host's wireserver endpoint
 certs=$(curl "http://168.63.129.16/machine?comp=acmspackage&type=cacertificates&ext=json")
 IFS_backup=$IFS
@@ -41,13 +57,159 @@ if [ "$action" = "ca-refresh" ]; then
     exit
 fi
 
-if [ "$IS_FLATCAR" -eq 0 ]; then
+function init_ubuntu_main_repo_depot {
+    local repodepot_endpoint="$1"
+    # Initialize directory for keys
+    mkdir -p /etc/apt/keyrings
+
+    # This copies the updated bundle to the location used by OpenSSL which is commonly used
+    echo "Copying updated bundle to OpenSSL .pem file..."
+    cp /etc/ssl/certs/ca-certificates.crt /usr/lib/ssl/cert.pem
+    echo "Updated bundle copied."
+
+    # Back up sources.list and sources.list.d contents
+    mkdir -p /etc/apt/backup/
+    if [ -f "/etc/apt/sources.list" ]; then
+        mv /etc/apt/sources.list /etc/apt/backup/
+    fi
+    for sources_file in /etc/apt/sources.list.d/*; do
+        if [ -f "$sources_file" ]; then
+            mv "$sources_file" /etc/apt/backup/
+        fi
+    done
+
+    # Set location of sources file
+    . /etc/os-release
+    aptSourceFile="/etc/apt/sources.list.d/ubuntu.sources"
+
+    # Create main sources file
+    cat <<EOF > /etc/apt/sources.list.d/ubuntu.sources
+
+Types: deb
+URIs: ${repodepot_endpoint}/ubuntu
+Suites: ${VERSION_CODENAME} ${VERSION_CODENAME}-updates ${VERSION_CODENAME}-backports ${VERSION_CODENAME}-security
+Components: main universe restricted multiverse
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+EOF
+
+    # Update the apt sources file using the RepoDepot Ubuntu URL for this cloud. Update it by replacing
+    # all urls with the RepoDepot Ubuntu url
+    ubuntuUrl=${repodepot_endpoint}/ubuntu
+    echo "Converting URLs in $aptSourceFile to RepoDepot URLs..."
+    sed -i "s,https\?://.[^ ]*,$ubuntuUrl,g" $aptSourceFile
+    echo "apt source URLs converted, see new file below:"
+    echo ""
+    echo "-----"
+    cat $aptSourceFile
+    echo "-----"
+    echo ""
+}
+
+function check_url {
+    local url=$1
+    echo "Checking url: $url"
+
+    # Use curl to check the URL and capture both stdout and stderr
+    curl_exit_code=$(curl -s --head --request GET $url)
+    # Check the exit status of curl
+    # shellcheck disable=SC3010
+    if [[ $? -ne 0 ]] || echo "$curl_exit_code" | grep -E "404 Not Found" > /dev/null; then
+        echo "ERROR: $url is not available. Please manually check if the url is valid before re-running script"
+        exit 1
+    fi
+}
+
+function write_to_sources_file {
+    local sources_list_d_file=$1
+    local source_uri=$2
+    shift 2
+    local key_paths=("$@")
+
+    sources_file_path="/etc/apt/sources.list.d/${sources_list_d_file}.sources"
+    ubuntuDist=$(lsb_release -c | awk '{print $2}')
+
+    tee -a $sources_file_path <<EOF
+
+Types: deb
+URIs: $source_uri
+Suites: $ubuntuDist
+Components: main
+Arch: amd64
+Signed-By: ${key_paths[*]}
+EOF
+}
+
+function add_key_ubuntu {
+    local key_name=$1
+
+    key_url="${repodepot_endpoint}/keys/${key_name}"
+    check_url $key_url
+    echo "Adding $key_name key to keyring..."
+    key_data=$(wget -O - $key_url)
+    key_path=$(derive_key_paths $key_name)
+    echo "$key_data" | gpg --dearmor | tee $key_path > /dev/null
+    echo "$key_name key added to keyring."
+}
+
+function derive_key_paths {
+    local key_names=("$@")
+    local key_paths=()
+
+    for key_name in "${key_names[@]}"; do
+        key_paths+=("/etc/apt/keyrings/${key_name}.gpg")
+    done
+
+    echo "${key_paths[*]}"
+}
+
+function add_ms_keys {
+    # Add the Microsoft package server keys to keyring.
+    echo "Adding Microsoft keys to keyring..."
+
+    add_key_ubuntu microsoft.asc
+    add_key_ubuntu msopentech.asc
+}
+
+function aptget_update {
+    echo "apt-get updating..."
+    echo "note: depending on how many sources have been added this may take a couple minutes..."
+    if apt-get update | grep -q "404 Not Found"; then
+        echo "ERROR: apt-get update failed to find all sources. Please validate the sources or remove bad sources from your sources and try again."
+        exit 1
+    else
+        echo "apt-get update complete!"
+    fi
+}
+
+function init_ubuntu_pmc_repo_depot {
+    local repodepot_endpoint="$1"
+    # Add Microsoft packages source to the azure specific sources.list.
+    echo "Adding the packages.microsoft.com Ubuntu-$ubuntuRel repo..."
+
+    microsoftPackageSource="$repodepot_endpoint/microsoft/ubuntu/$ubuntuRel/prod"
+    check_url $microsoftPackageSource
+    write_to_sources_file microsoft-prod $microsoftPackageSource $(derive_key_paths microsoft.asc msopentech.asc)
+    write_to_sources_file microsoft-prod-testing $microsoftPackageSource $(derive_key_paths microsoft.asc msopentech.asc)
+    echo "Ubuntu ($ubuntuRel) repo added."
+    echo "Adding packages.microsoft.com keys"
+    add_ms_keys $repodepot_endpoint
+}
+
+if [ "$IS_UBUNTU" -eq 1 ]; then
     (crontab -l ; echo "0 19 * * * $0 ca-refresh") | crontab -
 
     cloud-init status --wait
-    repoDepotEndpoint="${REPO_DEPOT_ENDPOINT}"
-    sudo sed -i "s,http://.[^ ]*,$repoDepotEndpoint,g" /etc/apt/sources.list
-else
+    rootRepoDepotEndpoint="$(echo "${REPO_DEPOT_ENDPOINT}" | sed 's/\/ubuntu//')"
+    # logic taken from https://repodepot.azure.com/scripts/cloud-init/setup_repodepot.sh
+    ubuntuRel=$(lsb_release --release | awk '{print $2}')
+    ubuntuDist=$(lsb_release -c | awk '{print $2}')
+    # initialize archive.ubuntu.com repo
+    init_ubuntu_main_repo_depot ${rootRepoDepotEndpoint}
+    init_ubuntu_pmc_repo_depot ${rootRepoDepotEndpoint}
+    # update apt list
+    echo "Running apt-get update"
+    aptget_update
+elif [ "$IS_FLATCAR" -eq 1 ]; then
     script_path="$(readlink -f "$0")"
     svc="/etc/systemd/system/azure-ca-refresh.service"
     tmr="/etc/systemd/system/azure-ca-refresh.timer"
@@ -79,15 +241,15 @@ fi
 
 # Disable systemd-timesyncd and install chrony and uses local time source
 chrony_conf="/etc/chrony/chrony.conf"
-if [ "$IS_FLATCAR" -eq 0 ]; then
+if [ "$IS_UBUNTU" -eq 1 ]; then
     systemctl stop systemd-timesyncd
     systemctl disable systemd-timesyncd
 
     if [ ! -e "$chrony_conf" ]; then
         apt-get update
         apt-get install chrony -y
     fi
-else
+elif [ "$IS_FLATCAR" -eq 1 ]; then
     rm -f ${chrony_conf}
 fi
 
@@ -139,10 +301,10 @@ refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0
 makestep 1.0 -1
 EOF
 
-if [ "$IS_FLATCAR" -eq 0 ]; then
+if [ "$IS_UBUNTU" -eq 1 ]; then
     systemctl restart chrony
-else
+elif [ "$IS_FLATCAR" -eq 1 ]; then
     systemctl restart chronyd
 fi
 
-#EOF
+#EOF

pkg/agent/testdata/AKSUbuntu2204+CustomCloud+USNat/CustomData

@@ -81,7 +81,7 @@ write_files:
   encoding: gzip
   owner: root
   content: !!binary |
-    H4sIAAAAAAAC/5RWbU/byhL+vr9iulgEUP0SelXd0rq9NIAu0lFBwNH5kKRosx4ne2LvurtjIKX896O1DRgoPRQ+WOt55u2ZZ8dZexXPlI5nwi2YQ4LwipXLTFkIK4itMRTvfq8tjnZHaEnlSgpCx9jh6fnBH7tno92TNGEqhzGEOcRIMjYutFigcAhTWF+HucUKwm8KBl8P99K8ECSFHTzGvgdaoGYAvcBDlivGJFpyabAha1sAXxBVO3E8fPvf6O2baLj9Lhq+jUshF0rjJ2nKKhWydJWQSzHHdVpVmEohe6Wv4xWlfzuj+SY7PDg9nwm5rKs0ODw49ec0GEzsRA+atF9EiS7dCDZQLgwETSXwo+vIHMNg49OH1IMmfAcmfHP8dcKnW4PNzcb7s8nUv7uPWuTqSQhfJ4+kJd7yy4N7ajiE+A2GML2jDaDFV1hyT1tuLChQGoLrV/fFjP83vXkPmWkdmqque9ZATW8AfoDDDAYunkzsZKLjiY7ng/7b2J8/An9WHvFty9d3LLax2yDcxZFEG0fBNV7RTTznm5xlRmM7gPupsOc6Tx50Ln+h1HjLUwhx7WxcGCmK2C2ExViKsK+KuAlUV5kgDB/Z2F0SL1nniriZ5OMQvTxqdgfzA2FYOHxJpRWWj5P8qi5/O4QkZXQaXA93QqUV3dxS1ho4pMClCC3mFt2CP1KMoibIi1jekNZoEjMIC3jfiocnMHwHW81/kEAvzyb8gDt8R2Bh6qypERwJqh2E4aVQ1BgtVmYPK0P7OquM0pTy4Ppk//jofG//+OjsfP/L3vHR4ZezG97AXZ2ZRkqhAu5ed0shGn+F6dbr4Emw13Pe8ioqip2prUQXFcrR/WSctKqi80rQIuXBhkWRFUov/VbjQeIF2qAuZMrbCa0cYZl1z1j4eYb3BEQO7YWS2LpRaV/oRqpE2zpJQfCRB+5CcvjwYf/ogI3/1IqmbA/bYv3cT1o/aPQEo9qRKWHkmYbRLjxQy25OaFONdGnsMjS6UBojEnaOxP4SmtwzNjY+bXuZsjO/To1GtzDE9q9QnpKwlAY98noiYL7mXidU2l90sidUsYLOFUz+kpbY+MzzNWVHeiQK1Jmw6fDdTpKwY7ROOUJNKdka2YnQmSnVd8z2sBCrU5TpmyRhbHyoHYmimDYUYPZ5lTYjcLfd3/bQDkxSAZnA0mj/3TIie2RDLWYFQhhqcwk/H277TVtYo1fn0ui8E0b7pntE3sBfdi3vkzsyVXfMQp/LrbR8XGGmXFPiU1wDbFK+ghCBB70iH+4N/ycqCudI3Wp68lq1tEIbA8JVg8jV/YWzpb9bwXUvy03LjVcL9LN3omFrbK0ypgBNVVTPak11JE15m1rNausISnHV3XD4T4dPbtH+FHlvY+c/wQ87/PA38dsvxG8ztsRVrgqEn8x8iSvHWGZVTi3kQrSfkoewBsDYWmHmQFbIpdJzKFG42mKJmlyzXZUjJR1jhZn733JtLDPvgjBWiqt2cm6JlzBMkihhzJL0UmDMYi4LI5dw/P8RxBlexBVVCVSmKOANZM0z3AaT5/4XY8JKsURHWMEwSiAcNpfmd9Vr0fll0immt5ifQWSNWNb2jw7+CQAA//84+ynUwgoAAA==
+    H4sIAAAAAAAC/6xZWXPjNhJ+56/o4bDiY4ek5ExNbZwwE4+PXVdNbJds7z7YjgoiWhJWJMAAoG3F1n/fAsBLhz1Odp0HhUBf6ONDo+f9u3jEeDwiauop1BA+evmMMglhAbEUQscHf5QSDw8OUWo2ZinRqDzv9HJ48vXg6vBgkPTMx/WX67Or66TnsTHc3EA4hhh1GgsVSsyQKIS7ux9BT5F7AADR6rZddbzB2cGvx5AksOtfj0quS393mdn8tSr7dg2zivn0yLGOM6JTIl/grW2vmSsD7Ec6FeBf8xkXDxy+Ml4+AmVKSzYqNRPcbykfmQYnYcy8RkgtQJVFIaRGCqJASTTjE1BzpTF3Iir2MfM8x9LVAkxBsKzWEQ1Kzo0kwZ2jfM9LUWqVBNtpKTPwp1oX+3Hc//T36NP3UX/vh6j/Kc5JOmUcP6ciLxKS5qog6YxM8Ds9LzBJSdoJ7nf4qJP/KMH9He/05HI4IumsLJLg9OTSfCfB1q285VtW7RnJUSXbwbY1LrCWwDNMJBYQigvY2v78U2KIbv19uPV3bn679e92t3Z2LPcXQdm32Q8d5XxNhLHTj1KpfZt14AdtZH0I8XfoQzf2jr4w/h8zbywkMGAcgqd3rTE3v9wtfgQq2kgGT53dgN0tAJ5BIYUtFd/eyttbHt/yeLLVXY3N98/gv1hAcX3kp8aLTrYT4qs4SlHGUfCEj3oRT/wd36OCowtAGxXvpZP3lk6evlLL8a5xIcSlknEmUpLFakokxikJu1kRW0FlQYnGcGXPa5SYolYqi20kV0V09LBRQ2YC0hbPNywtMF9V8ppdprZIasonCZ76+yHjTC9ql7kNHxLwUxJKHEtUU38lY5i2QsYlT11ZcqaHpYWlYU4YH0osxJBiITQ8WR7rQzDLdnWInBaCcZ34Qd8Vfouv5iSk0PEM55LxSeVIV+iHopibQndHozAqOc0QtIDzAvnl5Vew3hizDKMo8v/nEHSga1ljKgqGNPK9F4x3mRg3CG7A3292lShliirKmNLLzrXS7mEj5WbpY+Z+hISKeGiOb4p4o5SIxrtNMS+ZF3T5182qTFsl22hUxzBboa/cb6TQl1bgCcsw8V+y2aVXVK1Wfk+Jhp9+Oj4/gZ/hbYyedzUvUO0DxZF3PThV+xA8reflomLzLkum0RL963hweXp+Njw8Pzo2d8xi01roElNt3DMOMpff5l2FaSmZnnuHIi8ER67VPphqgpKze5QKQaK5+lKThnmZabfqXbIJRxp+me+7JHZIVVdPdZCQyHTK7jGs1qNJMfGOz0+cHx3NtcySV53RrUN+byqIT+B68FXZG2MpkKYkB1iIIwsChqapR4PlIQNffTC3srr9vB/H0c1vcLf7IWgM+TDxVyR2tJNCV7nutKfOGqQfQCECxweLADDCTDzs+x3O7v+H5s9v8uhFbR26WsiiA37pFNPZ0HQZXagrjS/7XY8ZMgtdMtuHoJRZncOlzIYGU4epoFh3LKGCMJwioRCGEn8vUWn4x/GVZdzp9oWfIeRobrY7eH6udAXLMv2mezgG/2PvI5wJDSei5NQ3dUPxPuZllq2UuxN1PBicD5y9pvviQgO5JywjowwjuHBdbE54SbJs7nxhLNNThIrlnmSMwgjHQpoMDmXVq6lUskK/1Dh2PfwgmcahFsMlfOt6u94wJT+kdr/2fpdgWEqWBHsuC6dsrGGvQzPD+bAgeqqSbT/4xd9x4enqtNsvQ1TwtMGORQtZbaUdMaWTYDtTo2H9EghTeAbyMIOtp0IyriHYW2xVNmhECAkEa7Y48NuEae2BWwhrda9hjHcg0+k+kJx++tgFlOCp8crN7t3CIkY3NITSoaFwopdiYpY5yW0g7LKlk1nib8aYGc5V7PQZtkVVmU11BRV/p6YOKDWZFNQ8RoUBnhrjasQx+5RokgTbDxPznDuHsJG305DY6AbbFCW7x2Fz8Fb+Tkd3UAu11VVMIAwpEpkLCc82YEEtoFtjqwIaqwmlSLu2L4PMmk2bPN0k7sacrnLJ9AmNZsbBb11u+3x/qTdo+P+WbPtrnVk3XOZCqVS3N3510uUk8tcyKFfmZPWhlmL7K0ulUGKswVKsBNc1EMs5mNccEVHpRgIlCuQa06mlWDKm0BPUQ3eJL5lDCh2a1LFb3dxy21xoNPVXIKfVQ3QqHgwwzmsEgSm5N1cS8jrYU6YgJ3PQZIZAIBVlkSHkjJemKa0VsDEsKccGzX9fRfPXEHxFxpiwzCXcmHEKJGtAtEF1C9yG1oB5fQghQWIuzEkIbVbHUuQwF2XTggLhFLScA5kQxqONKL9hwLBipHmYZ6jxnb/pWui+Ooo8/SuPjqVUM8esJgAqarMoFTm4kUtYIegAndQ2BRvqC8fv+ojED9aVxw1t1VXFrdS4kIKu4d5m4ZZq883YMIRG3ksCYAPSLdXOSqHsvFljqFHZ1vD/qrl6hrka3m6dtmNj4Woq2hDWF0Jq4MRv4KFGoA0BMznXzhPcfG3TIGU7lYJrMoIwgx8rE3rQ/wF27X9BDzoP6h14hoa+6gMzUVL7GAeliS5NA/hAmLab5vXftNPHbR5v1wg7OL44Hx4dX5xfDY/Pji7OT8+uFn5n+lInW7y1021EBpit9iHNbHJTO/JXWhgLYq9MCIKnjadbrDGuFPmrfMtzwWVc8et3Z4v1nhuVfnNa5prWqg8MtiUSmjE+c8/nnl/5Vt2nVZfoRpu0+o3JH6W0A5kqDyKF8p6llUU6l29k0yxH2T5dfvYDdZ/6VTd4c82ZvvOO0BnLBE8Gjg/s/AgOS6VFDocm4eDwAJamQwdjjTLhqB+EnIWCZ4xjpImcoPb+TbhWL+x5N5fuLHe2G00ERzUV2jt+xPRSE6mToOO8Ti3YnrJzEp3LV05yRFg2h4oVxPgtR/Juroy/7rxzfkgy5JTIpP/Dfq/nXaBUTGnkOtGyRG9AOBU5+wPpEWZkfolp8n2v53k3p1xpkmV31gVIv8wTGwJVn74+gwtYqjOgBHPBTTEJQlf2kJvnE4QhFw+wObh2wJZOpeDzYSr4uEoMt1L9RGbDfxM4tbqVFkX1SUOjSs15umogZcpauE7XDrTeQYjmqdnauD4yWq67tWXmvApOBoTz9p8N3lSNMjeFFzx1bFg4x5lUgq5t9Uvpvfe+ECIDrouomgyZ26AehY1KqTTk5LHuYz5W9L2a2nxFhlvIyQb6fkXf/5P0e2+k3/O8Gc7tpbshIcwd5nlUsrF2JPfEDTWXySyB573PxAS0JG4ukSNRpcTcPArtDcSUZqnyvExMKJOVLDGphHheTh6radcMH6Df60U9z5M6NYnieRLHaSbSGVz889C9fwpd9KAQWQbfA7W/4R6I8Vihhp6XkxkqjQX0ox6EfTeb+nOpLVEZoKnS6c2Q/gI/tZn03tjx3wAAAP//sVSSeQ8cAAA=
 
 - path: /opt/azure/containers/reconcilePrivateHosts.sh
   permissions: "0744"