Add EnableFirewall and other required flags to mariner waagent conf (#…

…2407) Co-authored-by: Dhivya Ganesan <dhivyaganesan@users.noreply.github.com>
Azure · Nov 15, 2021 · 318d76f · 318d76f
1 parent 6f16013
commit 318d76f
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/config/mariner/waagent.conf b/config/mariner/waagent.conf
@@ -1,6 +1,14 @@
 # Microsoft Azure Linux Agent Configuration
 #
 
+# Enable extension handling. Do not disable this unless you do not need password reset,
+# backup, monitoring, or any extension handling whatsoever.
+Extensions.Enabled=y
+
+# Which provisioning agent to use. Supported values are "auto" (default), "waagent",
+# "cloud-init", or "disabled".
+Provisioning.Agent=auto
+
 # Specified program is invoked with the argument "Ready" when we report ready status
 # to the endpoint server.
 Role.StateConsumer=None
@@ -15,9 +23,6 @@ Role.TopologyConsumer=None
 # Enable instance creation
 Provisioning.Enabled=n
 
-# Rely on cloud-init to provision
-Provisioning.UseCloudInit=y
-
 # Password authentication for root account will be unavailable.
 Provisioning.DeleteRootPassword=y
 
@@ -78,3 +83,6 @@ AutoUpdate.GAFamily=Prod
 # handling until inVMArtifactsProfile.OnHold is false.
 # Default is disabled
 # EnableOverProvisioning=n
+
+# Add firewall rules to protect access to Azure host node services
+OS.EnableFirewall=y