fix(e2e): gunzip nbc-cmd source in CustomDataWithNBCCmdHack for Flatcar/ACL#8360
Merged
awesomenix merged 1 commit intomainfrom Apr 21, 2026
Merged
Conversation
…ar/ACL PR #8357 added `compression: gzip` to the flatcar ignition entry for aks-node-controller-nbc-cmd.sh, so the base64 payload now decodes to gzip bytes (Ignition gunzips at write time). CustomDataWithNBCCmdHack reuses that base64 source but re-emits via cloud-config `!!binary`, which only base64-decodes. The resulting nbc-cmd-hack.sh ended up containing raw gzip bytes, so CSE exec failed with "cannot execute binary file" (exit 126) on every Flatcar/ACL scriptless-NBC scenario (ACL_GPU* tests). Detect the gzip compression hint and gunzip the payload before re-encoding for `!!binary`.
ganeshkumarashok
requested review from
AbelHu,
Devinwong,
SriHarsha001,
awesomenix,
calvin197,
cameronmeissner,
djsly,
junjiezhang1997,
lilypan26,
mxj220,
pdamianov-dev,
phealy,
r2k1,
sulixu,
surajssd,
timmy-wright and
zachary-bailey
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes a regression in the e2e VMSS helper that converts Flatcar Ignition JSON into cloud-config for scriptless NBC scenarios. After PR #8357 started marking the Ignition aks-node-controller-nbc-cmd*.sh file contents as compression: gzip, the e2e helper was re-emitting gzipped bytes via cloud-config !!binary (base64 decode only), causing CSE to fail when attempting to execute the resulting file.
Changes:
- Detect
contents.compression == "gzip"in the Flatcar ignitionstorage.filesentry for the NBC cmd script and gunzip the decoded payload. - Re-base64 encode the plaintext script so
!!binarywrites valid shell content.
awesomenix
approved these changes
Apr 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
PR #8357 added
compression: gzipto the flatcar ignition entry foraks-node-controller-nbc-cmd.sh. The base64 payload now decodes to gzip bytes — Ignition gunzips at write time on real nodes, so production is fine.The e2e helper
CustomDataWithNBCCmdHack(ine2e/vmss.go) reuses the same base64 source from the ignition config but re-emits it through cloud-config!!binary, which only base64-decodes. As a result the renamednbc-cmd-hack.shended up containing raw gzip bytes, and CSE failed withcannot execute binary file(exit 126) on every Flatcar/ACL scriptless-NBC scenario (e.g.Test_AzureLinuxV3_ACL_GPUA100/scriptless_nbc).This PR detects the
compression: gziphint and gunzips the payload before re-encoding it for!!binary.Failure signature
Observed in main-branch build 161132296 on all ACL_GPU* scriptless_nbc scenarios after #8357 merged.
Test plan
*ACL_GPU*/scriptless_nbcscenarios get past CSEbase64 -d | gzip -ditself)