A set of configurations that achieve a common goal are often grouped in scripts and executed together while a single configuration often can be applied using a simple oneliner. There are various ways to apply certain configurations to virtual machines. Sed -i -e "s%% $imgBuilderUri%g" sigImgLinux.json Sed -i -e "s// $outputName/g" sigImgLinux.json Sed -i -e "s// $location/g" sigImgLinux.json Sed -i -e "s// $sigName/g" sigImgLinux.json Sed -i -e "s// $imgDefName/g" sigImgLinux.json Sed -i -e "s// $subscriptionId/g" sigImgLinux.json ImgBuilderUri=/subscriptions/ $subscriptionId/resourcegroups/ $rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ $identityName # Create new template for deploying image to Shared Image Gallery Running the following commands in order creates a local copy of the template on your computer ready for submission to the Azure Image Builder service: 1 Install and enable a specific docker version.Enhance basic network security with kernel settings.A short summary of the custom CentOS configurations made in this template: Since this blog post aims towards highlighting features of Azure Image Builder the operating system configurations made wont be explained in detail. The template that has been pre-created for this post can be found here. # Submit the updated role definition to azureĪz role definition update -role-definition. Sed -i -e "s/AIB Custom Role/ $imageRoleDefName/g" aibSigRole.json Sed -i -e "s// $subscriptionId/g" aibSigRole.json # Apply custom values in the role definition # Update the role definition for publishing images to Azure Shared Image gallery Run the following commands in order to complete the role definition update: 1 To get a quick look at the role definiton click here. With this step, all prerequisites are met to update the role defintion in Azure. ImageRoleDefName= "Azure Image Builder Basic Role - 1596638916" If youre offering different specializations of your image you use the SKU parameter to separate them.Īz sig image-definition create -g $rg -gallery-name $sigName -gallery-image-definition $imgDefName -publisher ITInsights -offer CentOS -sku 7.8-Docker -os-type LinuxĪfter retrieving the value we need to write it to a variable: 1 Can be freely set, usually points to the operating system. Publisher: Usually your Company or Department name.Image definition name: The Name for the image definition.As the name suggests, it basically defines the image we are going to create. To create a new Azure Shared Image Gallery we need to run the following command(s): 1Īz sig create -resource-group $rg -gallery-name $sigNameĪfter creating the Shared Image Gallery we need to create an image definition which holds the information and requirements for using it. Although not part of this blog post series, with Azure RBAC and Azure policies its possible to enforce the usage of the Shared Image Galleries for Deployment. In our scenario we use a Azure Shared Image Gallery to provide our developers with a simple way to deploy CentOS pre-configured virtual machines. The core features comprises the following: Azure Shared Image GalleryĪzure Shared Image Galleries have been introduced by Microsoft to provide Azure customers with the possibility to streamline the custom image provisioning process. To ensure the developers easily can deploy a docker enabled virtual machine, which also allignes to company standards, we will provide them with customized VM images using the Azure Shared Image Gallery. Company policy also dictates the security configurations that have to be performed. The scenario were covering comprises the need for developers to easily deploy their own docker hosts since company policy forbids to run docker locally. Although taken from a real-world scenario, the customizations made in this blog post are straight forward to help you to get started with Azure Image Builder, especially if you are new to VM image customization. You can take this example and modify it, to fit your specific needs. Part 2 - Azure Image Builder Series - Shared Image GalleryĪs mentioned in the first post of this series we will take a real-world scenario where we will perform basic security and service configurations on a CentOS 7.8 image.Part 1 - Azure Image Builder Series - Introduction.This is a multi part series for Azure Image Builder with the following articles: Continuing the Azure Image Builder Series, we take a closer look at performing image network security customizations using an externally hosted Shell script, enforcing a password policy, installing a specific docker version and finally deploying the image to a Azure Shared Images Gallery.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |