From d190d0925110f5d2fd0859fc09f366a95d9d89fa Mon Sep 17 00:00:00 2001 From: chrislopez Date: Wed, 5 Feb 2025 16:48:11 -0800 Subject: [PATCH 01/12] fix: add support for 'cvm' image SKU in packer build process --- packer.mk | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packer.mk b/packer.mk index 39337f3866a..2dc3d988bdf 100755 --- a/packer.mk +++ b/packer.mk @@ -32,6 +32,9 @@ ifeq (${OS_SKU},Ubuntu) ifeq (${IMG_SKU},20_04-lts-cvm) @echo "Using packer template file vhd-image-builder-cvm.json" @packer build -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-cvm.json +else ifeq (${IMG_SKU},cvm) + @echo "Using packer template file vhd-image-builder-cvm.json" + @packer build -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-cvm.json else @echo "Using packer template file vhd-image-builder-base.json" @packer build -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-base.json From 3f60bc4a3951c51859875e3de012878f0f7cb8a0 Mon Sep 17 00:00:00 2001 From: chrislopez Date: Thu, 6 Feb 2025 10:49:49 -0800 Subject: [PATCH 02/12] fix: enhance image definition creation for 'cvm' SKU in init-variables.sh --- vhdbuilder/packer/init-variables.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/vhdbuilder/packer/init-variables.sh b/vhdbuilder/packer/init-variables.sh index e49c85f235f..e7154661fff 100755 --- a/vhdbuilder/packer/init-variables.sh +++ b/vhdbuilder/packer/init-variables.sh @@ -261,13 +261,13 @@ if [[ "$MODE" == "linuxVhdMode" || "$MODE" == "windowsVhdMode" ]]; then if [ -z "$id" ]; then echo "Creating image definition ${SIG_IMAGE_NAME} in gallery ${SIG_GALLERY_NAME} resource group ${AZURE_RESOURCE_GROUP_NAME}" # The following conditionals do not require NVMe tagging on disk controller type - if [[ ${ARCHITECTURE,,} == "arm64" ]] || [[ ${IMG_SKU} == "20_04-lts-cvm" ]] || [[ ${HYPERV_GENERATION} == "V1" ]]; then + if [[ ${ARCHITECTURE,,} == "arm64" ]] || [[ ${IMG_SKU} == "20_04-lts-cvm" ]] || [[ ${IMG_SKU} == "cvm" ]] || [[ ${HYPERV_GENERATION} == "V1" ]]; then TARGET_COMMAND_STRING="" if [[ ${ARCHITECTURE,,} == "arm64" ]]; then - TARGET_COMMAND_STRING+="--architecture Arm64" - elif [[ ${IMG_SKU} == "20_04-lts-cvm" ]]; then - TARGET_COMMAND_STRING+="--os-state Specialized --features SecurityType=ConfidentialVM" - fi + TARGET_COMMAND_STRING+="--architecture Arm64" + elif [[ ${IMG_SKU} == "20_04-lts-cvm" ]] || [[ ${IMG_SKU} == "cvm" ]]; then + TARGET_COMMAND_STRING+="--os-state Specialized --features SecurityType=ConfidentialVM" + fi az sig image-definition create \ --resource-group ${AZURE_RESOURCE_GROUP_NAME} \ From 7985666afa805f400ee448528800f54a6b25895b Mon Sep 17 00:00:00 2001 From: chrislopez Date: Thu, 6 Feb 2025 13:31:41 -0800 Subject: [PATCH 03/12] fix: add support for 'cvm' image SKU in various scripts for Linux builds --- .../convert-sig-to-classic-storage-account-blob.sh | 2 +- vhdbuilder/packer/init-variables.sh | 9 +++++++-- vhdbuilder/packer/test/run-test.sh | 2 +- vhdbuilder/packer/vhd-scanning.sh | 2 +- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh b/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh index 7a7f066bb0f..bbf51f2ddcb 100755 --- a/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh +++ b/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh @@ -67,7 +67,7 @@ if [[ ${OS_TYPE} == "Linux" && ${ENABLE_TRUSTED_LAUNCH} == "True" ]]; then } \ } \ }" -elif [ "${OS_TYPE}" == "Linux" ] && [ "${IMG_SKU,,}" == "20_04-lts-cvm" ]; then +elif [ "${OS_TYPE}" == "Linux" ] && ([ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]); then az resource create --id $disk_resource_id --is-full-object --location $LOCATION --properties "{\"location\": \"$LOCATION\", \ \"properties\": { \ \"osType\": \"$OS_TYPE\", \ diff --git a/vhdbuilder/packer/init-variables.sh b/vhdbuilder/packer/init-variables.sh index e7154661fff..8594de2a825 100755 --- a/vhdbuilder/packer/init-variables.sh +++ b/vhdbuilder/packer/init-variables.sh @@ -76,6 +76,11 @@ if [ "${IMG_SKU,,}" == "20_04-lts-cvm" ] && [ -n "${CVM_PACKER_BUILD_LOCATION}" echo "CVM: PACKER_BUILD_LOCATION is set to ${PACKER_BUILD_LOCATION}" fi +if [ "${IMG_SKU,,}" == "cvm" ] && [ -n "${CVM_PACKER_BUILD_LOCATION}" ]; then + PACKER_BUILD_LOCATION="${CVM_PACKER_BUILD_LOCATION}" + echo "CVM: PACKER_BUILD_LOCATION is set to ${PACKER_BUILD_LOCATION}" +fi + # Currently only used for linux builds. This determines the environment in which the build is running (either prod or test). # Used to construct the name of the resource group in which the 1ES pool the build is running on lives in, which also happens. # to be the resource group in which the packer VNET lives in. @@ -172,8 +177,8 @@ if [[ "${MODE}" == "linuxVhdMode" ]]; then elif [[ "${IMG_OFFER,,}" == "azure-linux-3" ]]; then # for Azure Linux 3.0, only use AzureLinux prefix SIG_IMAGE_NAME="AzureLinux${SIG_IMAGE_NAME}" - elif [[ "${IMG_SKU,,}" == "20_04-lts-cvm" ]]; then - SIG_IMAGE_NAME+="Specialized" + elif [[ "${IMG_SKU,,}" == "20_04-lts-cvm" || "${IMG_SKU,,}" == "cvm" ]]; then + SIG_IMAGE_NAME+="Specialized" fi echo "No input for SIG_IMAGE_NAME was provided, defaulting to: ${SIG_IMAGE_NAME}" else diff --git a/vhdbuilder/packer/test/run-test.sh b/vhdbuilder/packer/test/run-test.sh index 31638588868..b544b69d2c5 100755 --- a/vhdbuilder/packer/test/run-test.sh +++ b/vhdbuilder/packer/test/run-test.sh @@ -74,7 +74,7 @@ if [ "${OS_TYPE}" == "Linux" ] && [ "${ENABLE_TRUSTED_LAUNCH}" == "True" ]; then TARGET_COMMAND_STRING+="--security-type TrustedLaunch --enable-secure-boot true --enable-vtpm true" fi -if [ "${OS_TYPE}" == "Linux" ] && [ ${IMG_SKU} == "20_04-lts-cvm" ]; then +if [ "${OS_TYPE}" == "Linux" ] && ([ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]); then # We completely re-assign the TARGET_COMMAND_STRING string here to ensure that no artifacts from earlier conditionals are included TARGET_COMMAND_STRING="--size Standard_DC8ads_v5 --security-type ConfidentialVM --enable-secure-boot true --enable-vtpm true --os-disk-security-encryption-type VMGuestStateOnly --specialized true" fi diff --git a/vhdbuilder/packer/vhd-scanning.sh b/vhdbuilder/packer/vhd-scanning.sh index 9808ef7b48f..22b7870e65a 100755 --- a/vhdbuilder/packer/vhd-scanning.sh +++ b/vhdbuilder/packer/vhd-scanning.sh @@ -63,7 +63,7 @@ if [[ "${OS_TYPE}" == "Linux" && "${ENABLE_TRUSTED_LAUNCH}" == "True" ]]; then VM_OPTIONS+=" --security-type TrustedLaunch --enable-secure-boot true --enable-vtpm true" fi -if [ "${OS_TYPE}" == "Linux" ] && [ ${IMG_SKU} == "20_04-lts-cvm" ]; then +if [ "${OS_TYPE}" == "Linux" ] && ([ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]); then # We completely re-assign the VM_OPTIONS string here to ensure that no artifacts from earlier conditionals are included VM_OPTIONS="--size Standard_DC8ads_v5 --security-type ConfidentialVM --enable-secure-boot true --enable-vtpm true --os-disk-security-encryption-type VMGuestStateOnly --specialized true" fi From 2c800c9ea534cf1d61aafc891c240f2136f1c3b0 Mon Sep 17 00:00:00 2001 From: chrislopez Date: Thu, 6 Feb 2025 13:40:37 -0800 Subject: [PATCH 04/12] Update style logic --- .../packer/convert-sig-to-classic-storage-account-blob.sh | 2 +- vhdbuilder/packer/test/run-test.sh | 2 +- vhdbuilder/packer/vhd-scanning.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh b/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh index bbf51f2ddcb..1fd85c41b42 100755 --- a/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh +++ b/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh @@ -67,7 +67,7 @@ if [[ ${OS_TYPE} == "Linux" && ${ENABLE_TRUSTED_LAUNCH} == "True" ]]; then } \ } \ }" -elif [ "${OS_TYPE}" == "Linux" ] && ([ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]); then +elif [ "${OS_TYPE}" == "Linux" ] && [[ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]]; then az resource create --id $disk_resource_id --is-full-object --location $LOCATION --properties "{\"location\": \"$LOCATION\", \ \"properties\": { \ \"osType\": \"$OS_TYPE\", \ diff --git a/vhdbuilder/packer/test/run-test.sh b/vhdbuilder/packer/test/run-test.sh index b544b69d2c5..566fd53f834 100755 --- a/vhdbuilder/packer/test/run-test.sh +++ b/vhdbuilder/packer/test/run-test.sh @@ -74,7 +74,7 @@ if [ "${OS_TYPE}" == "Linux" ] && [ "${ENABLE_TRUSTED_LAUNCH}" == "True" ]; then TARGET_COMMAND_STRING+="--security-type TrustedLaunch --enable-secure-boot true --enable-vtpm true" fi -if [ "${OS_TYPE}" == "Linux" ] && ([ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]); then +if [ "${OS_TYPE}" == "Linux" ] && [[ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]]; then # We completely re-assign the TARGET_COMMAND_STRING string here to ensure that no artifacts from earlier conditionals are included TARGET_COMMAND_STRING="--size Standard_DC8ads_v5 --security-type ConfidentialVM --enable-secure-boot true --enable-vtpm true --os-disk-security-encryption-type VMGuestStateOnly --specialized true" fi diff --git a/vhdbuilder/packer/vhd-scanning.sh b/vhdbuilder/packer/vhd-scanning.sh index 22b7870e65a..171a42301e1 100755 --- a/vhdbuilder/packer/vhd-scanning.sh +++ b/vhdbuilder/packer/vhd-scanning.sh @@ -63,7 +63,7 @@ if [[ "${OS_TYPE}" == "Linux" && "${ENABLE_TRUSTED_LAUNCH}" == "True" ]]; then VM_OPTIONS+=" --security-type TrustedLaunch --enable-secure-boot true --enable-vtpm true" fi -if [ "${OS_TYPE}" == "Linux" ] && ([ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]); then +if [ "${OS_TYPE}" == "Linux" ] && [[ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]]; then # We completely re-assign the VM_OPTIONS string here to ensure that no artifacts from earlier conditionals are included VM_OPTIONS="--size Standard_DC8ads_v5 --security-type ConfidentialVM --enable-secure-boot true --enable-vtpm true --os-disk-security-encryption-type VMGuestStateOnly --specialized true" fi From bb9db970b51ca1648c7e78ba5392d6634ee56ec1 Mon Sep 17 00:00:00 2001 From: chrislopez Date: Thu, 6 Feb 2025 13:43:45 -0800 Subject: [PATCH 05/12] fix: correct syntax for conditional checks on 'cvm' image SKU in scripts --- .../packer/convert-sig-to-classic-storage-account-blob.sh | 2 +- vhdbuilder/packer/test/run-test.sh | 2 +- vhdbuilder/packer/vhd-scanning.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh b/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh index 1fd85c41b42..ec8781229c6 100755 --- a/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh +++ b/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh @@ -67,7 +67,7 @@ if [[ ${OS_TYPE} == "Linux" && ${ENABLE_TRUSTED_LAUNCH} == "True" ]]; then } \ } \ }" -elif [ "${OS_TYPE}" == "Linux" ] && [[ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]]; then +elif [ "${OS_TYPE}" == "Linux" ] && {[ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]}; then az resource create --id $disk_resource_id --is-full-object --location $LOCATION --properties "{\"location\": \"$LOCATION\", \ \"properties\": { \ \"osType\": \"$OS_TYPE\", \ diff --git a/vhdbuilder/packer/test/run-test.sh b/vhdbuilder/packer/test/run-test.sh index 566fd53f834..43c6cf0b04b 100755 --- a/vhdbuilder/packer/test/run-test.sh +++ b/vhdbuilder/packer/test/run-test.sh @@ -74,7 +74,7 @@ if [ "${OS_TYPE}" == "Linux" ] && [ "${ENABLE_TRUSTED_LAUNCH}" == "True" ]; then TARGET_COMMAND_STRING+="--security-type TrustedLaunch --enable-secure-boot true --enable-vtpm true" fi -if [ "${OS_TYPE}" == "Linux" ] && [[ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]]; then +if [ "${OS_TYPE}" == "Linux" ] && {[ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]}; then # We completely re-assign the TARGET_COMMAND_STRING string here to ensure that no artifacts from earlier conditionals are included TARGET_COMMAND_STRING="--size Standard_DC8ads_v5 --security-type ConfidentialVM --enable-secure-boot true --enable-vtpm true --os-disk-security-encryption-type VMGuestStateOnly --specialized true" fi diff --git a/vhdbuilder/packer/vhd-scanning.sh b/vhdbuilder/packer/vhd-scanning.sh index 171a42301e1..bbbc46e7573 100755 --- a/vhdbuilder/packer/vhd-scanning.sh +++ b/vhdbuilder/packer/vhd-scanning.sh @@ -63,7 +63,7 @@ if [[ "${OS_TYPE}" == "Linux" && "${ENABLE_TRUSTED_LAUNCH}" == "True" ]]; then VM_OPTIONS+=" --security-type TrustedLaunch --enable-secure-boot true --enable-vtpm true" fi -if [ "${OS_TYPE}" == "Linux" ] && [[ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]]; then +if [ "${OS_TYPE}" == "Linux" ] && {[ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]}; then # We completely re-assign the VM_OPTIONS string here to ensure that no artifacts from earlier conditionals are included VM_OPTIONS="--size Standard_DC8ads_v5 --security-type ConfidentialVM --enable-secure-boot true --enable-vtpm true --os-disk-security-encryption-type VMGuestStateOnly --specialized true" fi From 787518e33ec975cd8bb6b31ec2efbe6e42c60ea4 Mon Sep 17 00:00:00 2001 From: chrislopez Date: Thu, 6 Feb 2025 14:40:03 -0800 Subject: [PATCH 06/12] fix: correct syntax for conditional checks on 'cvm' image SKU in various scripts --- .../packer/convert-sig-to-classic-storage-account-blob.sh | 2 +- vhdbuilder/packer/test/run-test.sh | 2 +- vhdbuilder/packer/vhd-scanning.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh b/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh index ec8781229c6..8f2e89b9b5a 100755 --- a/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh +++ b/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh @@ -67,7 +67,7 @@ if [[ ${OS_TYPE} == "Linux" && ${ENABLE_TRUSTED_LAUNCH} == "True" ]]; then } \ } \ }" -elif [ "${OS_TYPE}" == "Linux" ] && {[ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]}; then +elif [ "${OS_TYPE}" == "Linux" ] && { [ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ] }; then az resource create --id $disk_resource_id --is-full-object --location $LOCATION --properties "{\"location\": \"$LOCATION\", \ \"properties\": { \ \"osType\": \"$OS_TYPE\", \ diff --git a/vhdbuilder/packer/test/run-test.sh b/vhdbuilder/packer/test/run-test.sh index 43c6cf0b04b..f7cfcfeee17 100755 --- a/vhdbuilder/packer/test/run-test.sh +++ b/vhdbuilder/packer/test/run-test.sh @@ -74,7 +74,7 @@ if [ "${OS_TYPE}" == "Linux" ] && [ "${ENABLE_TRUSTED_LAUNCH}" == "True" ]; then TARGET_COMMAND_STRING+="--security-type TrustedLaunch --enable-secure-boot true --enable-vtpm true" fi -if [ "${OS_TYPE}" == "Linux" ] && {[ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]}; then +if [ "${OS_TYPE}" == "Linux" ] && { [ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ] }; then # We completely re-assign the TARGET_COMMAND_STRING string here to ensure that no artifacts from earlier conditionals are included TARGET_COMMAND_STRING="--size Standard_DC8ads_v5 --security-type ConfidentialVM --enable-secure-boot true --enable-vtpm true --os-disk-security-encryption-type VMGuestStateOnly --specialized true" fi diff --git a/vhdbuilder/packer/vhd-scanning.sh b/vhdbuilder/packer/vhd-scanning.sh index bbbc46e7573..2fa5020de58 100755 --- a/vhdbuilder/packer/vhd-scanning.sh +++ b/vhdbuilder/packer/vhd-scanning.sh @@ -63,7 +63,7 @@ if [[ "${OS_TYPE}" == "Linux" && "${ENABLE_TRUSTED_LAUNCH}" == "True" ]]; then VM_OPTIONS+=" --security-type TrustedLaunch --enable-secure-boot true --enable-vtpm true" fi -if [ "${OS_TYPE}" == "Linux" ] && {[ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ]}; then +if [ "${OS_TYPE}" == "Linux" ] && { [ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ] }; then # We completely re-assign the VM_OPTIONS string here to ensure that no artifacts from earlier conditionals are included VM_OPTIONS="--size Standard_DC8ads_v5 --security-type ConfidentialVM --enable-secure-boot true --enable-vtpm true --os-disk-security-encryption-type VMGuestStateOnly --specialized true" fi From 2bc1a33a6088f966d077987fa29c406867109289 Mon Sep 17 00:00:00 2001 From: chrislopez Date: Thu, 6 Feb 2025 15:28:48 -0800 Subject: [PATCH 07/12] fix: update conditional syntax for 'cvm' image SKU checks in scripts --- .../packer/convert-sig-to-classic-storage-account-blob.sh | 2 +- vhdbuilder/packer/test/run-test.sh | 2 +- vhdbuilder/packer/vhd-scanning.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh b/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh index 8f2e89b9b5a..40713465cf1 100755 --- a/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh +++ b/vhdbuilder/packer/convert-sig-to-classic-storage-account-blob.sh @@ -67,7 +67,7 @@ if [[ ${OS_TYPE} == "Linux" && ${ENABLE_TRUSTED_LAUNCH} == "True" ]]; then } \ } \ }" -elif [ "${OS_TYPE}" == "Linux" ] && { [ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ] }; then +elif [ "${OS_TYPE}" == "Linux" ] && [[ "${IMG_SKU}" == "20_04-lts-cvm" || "${IMG_SKU}" == "cvm" ]]; then az resource create --id $disk_resource_id --is-full-object --location $LOCATION --properties "{\"location\": \"$LOCATION\", \ \"properties\": { \ \"osType\": \"$OS_TYPE\", \ diff --git a/vhdbuilder/packer/test/run-test.sh b/vhdbuilder/packer/test/run-test.sh index f7cfcfeee17..00aec692fcd 100755 --- a/vhdbuilder/packer/test/run-test.sh +++ b/vhdbuilder/packer/test/run-test.sh @@ -74,7 +74,7 @@ if [ "${OS_TYPE}" == "Linux" ] && [ "${ENABLE_TRUSTED_LAUNCH}" == "True" ]; then TARGET_COMMAND_STRING+="--security-type TrustedLaunch --enable-secure-boot true --enable-vtpm true" fi -if [ "${OS_TYPE}" == "Linux" ] && { [ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ] }; then +if [ "${OS_TYPE}" == "Linux" ] && [[ "${IMG_SKU}" == "20_04-lts-cvm" || "${IMG_SKU}" == "cvm" ]]; then # We completely re-assign the TARGET_COMMAND_STRING string here to ensure that no artifacts from earlier conditionals are included TARGET_COMMAND_STRING="--size Standard_DC8ads_v5 --security-type ConfidentialVM --enable-secure-boot true --enable-vtpm true --os-disk-security-encryption-type VMGuestStateOnly --specialized true" fi diff --git a/vhdbuilder/packer/vhd-scanning.sh b/vhdbuilder/packer/vhd-scanning.sh index 2fa5020de58..c24eba7473e 100755 --- a/vhdbuilder/packer/vhd-scanning.sh +++ b/vhdbuilder/packer/vhd-scanning.sh @@ -63,7 +63,7 @@ if [[ "${OS_TYPE}" == "Linux" && "${ENABLE_TRUSTED_LAUNCH}" == "True" ]]; then VM_OPTIONS+=" --security-type TrustedLaunch --enable-secure-boot true --enable-vtpm true" fi -if [ "${OS_TYPE}" == "Linux" ] && { [ "${IMG_SKU}" == "20_04-lts-cvm" ] || [ "${IMG_SKU}" == "cvm" ] }; then +if [ "${OS_TYPE}" == "Linux" ] && [[ "${IMG_SKU}" == "20_04-lts-cvm" || "${IMG_SKU}" == "cvm" ]]; then # We completely re-assign the VM_OPTIONS string here to ensure that no artifacts from earlier conditionals are included VM_OPTIONS="--size Standard_DC8ads_v5 --security-type ConfidentialVM --enable-secure-boot true --enable-vtpm true --os-disk-security-encryption-type VMGuestStateOnly --specialized true" fi From 06c0936cc16d087cabc1af8418429a11c83ba910 Mon Sep 17 00:00:00 2001 From: chrislopez Date: Fri, 7 Feb 2025 10:00:42 -0800 Subject: [PATCH 08/12] merge if logic --- vhdbuilder/packer/init-variables.sh | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/vhdbuilder/packer/init-variables.sh b/vhdbuilder/packer/init-variables.sh index 8594de2a825..e9c2d0073df 100755 --- a/vhdbuilder/packer/init-variables.sh +++ b/vhdbuilder/packer/init-variables.sh @@ -71,12 +71,7 @@ if [ "$MODE" == "linuxVhdMode" ] && [ -z "${PACKER_BUILD_LOCATION}" ]; then exit 1 fi -if [ "${IMG_SKU,,}" == "20_04-lts-cvm" ] && [ -n "${CVM_PACKER_BUILD_LOCATION}" ]; then - PACKER_BUILD_LOCATION="${CVM_PACKER_BUILD_LOCATION}" - echo "CVM: PACKER_BUILD_LOCATION is set to ${PACKER_BUILD_LOCATION}" -fi - -if [ "${IMG_SKU,,}" == "cvm" ] && [ -n "${CVM_PACKER_BUILD_LOCATION}" ]; then +if [[ "${IMG_SKU,,}" == "20_04-lts-cvm" || "${IMG_SKU,,}" == "cvm" ]] && [ -n "${CVM_PACKER_BUILD_LOCATION}" ]; then PACKER_BUILD_LOCATION="${CVM_PACKER_BUILD_LOCATION}" echo "CVM: PACKER_BUILD_LOCATION is set to ${PACKER_BUILD_LOCATION}" fi From 2023c0989384836b267f662d06e80574718e089f Mon Sep 17 00:00:00 2001 From: chrislopez Date: Fri, 7 Feb 2025 12:12:43 -0800 Subject: [PATCH 09/12] fix: update SKU_NAME condition to include 'cvm' for image SKU --- .pipelines/templates/.builder-release-template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/templates/.builder-release-template.yaml b/.pipelines/templates/.builder-release-template.yaml index 28393f13fc3..9b48d755e5a 100644 --- a/.pipelines/templates/.builder-release-template.yaml +++ b/.pipelines/templates/.builder-release-template.yaml @@ -103,7 +103,7 @@ steps: if [[ "${HYPERV_GENERATION,,}" == "v2" ]]; then SKU_NAME="${SKU_NAME}gen2"; fi && \ if [[ "${ARCHITECTURE,,}" == "arm64" ]]; then SKU_NAME="${SKU_NAME}arm64"; fi && \ if [[ "${ENABLE_FIPS,,}" == "true" ]]; then SKU_NAME="${SKU_NAME}fips"; fi && \ - if [[ "${IMG_SKU}" == "20_04-lts-cvm" ]]; then SKU_NAME="${SKU_NAME}CVM"; fi && \ + if [[ "${IMG_SKU}" == "20_04-lts-cvm" || "${IMG_SKU}" == "cvm" ]]; then SKU_NAME="${SKU_NAME}CVM"; fi && \ if [[ "${IMG_SKU}" == *"minimal"* ]]; then SKU_NAME="${SKU_NAME}minimal"; fi && \ if [[ "${ENABLE_TRUSTED_LAUNCH}" == "True" ]]; then SKU_NAME="${SKU_NAME}TL"; fi && \ if [[ ${OS_SKU} != "CBLMariner" && ${OS_SKU} != "AzureLinux" && "${CONTAINER_RUNTIME}" == "containerd" ]]; then SKU_NAME="${SKU_NAME}containerd"; fi && \ From f9b86372c1a6b911b8155efcbc8ffb63c403e039 Mon Sep 17 00:00:00 2001 From: chrislopez Date: Fri, 7 Feb 2025 12:22:48 -0800 Subject: [PATCH 10/12] add grub fix --- vhdbuilder/packer/install-dependencies.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vhdbuilder/packer/install-dependencies.sh b/vhdbuilder/packer/install-dependencies.sh index 7b8fd39a6d4..0aefcf5d7be 100644 --- a/vhdbuilder/packer/install-dependencies.sh +++ b/vhdbuilder/packer/install-dependencies.sh @@ -36,7 +36,7 @@ capture_benchmark "${SCRIPT_NAME}_declare_variables_and_source_packer_files" echo "Logging the kernel after purge and reinstall + reboot: $(uname -r)" # fix grub issue with cvm by reinstalling before other deps # other VHDs use grub-pc, not grub-efi -if [[ "${UBUNTU_RELEASE}" == "20.04" ]] && [[ "$IMG_SKU" == "20_04-lts-cvm" ]]; then +if [[ [[ "${UBUNTU_RELEASE}" == "20.04" ]] && [[ "$IMG_SKU" == "20_04-lts-cvm" ]] || [[ [[ "${UBUNTU_RELEASE}" == "24.04" ]] && [[ "$IMG_SKU" == "cvm" ]] ]] ]]; then apt_get_update || exit $ERR_APT_UPDATE_TIMEOUT wait_for_apt_locks apt_get_install 30 1 600 grub-efi || exit 1 From 68af2f6caf2de181538564b08f5bb7268df3233b Mon Sep 17 00:00:00 2001 From: chrislopez Date: Fri, 7 Feb 2025 12:26:27 -0800 Subject: [PATCH 11/12] syntax style fix --- vhdbuilder/packer/install-dependencies.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vhdbuilder/packer/install-dependencies.sh b/vhdbuilder/packer/install-dependencies.sh index 0aefcf5d7be..0cee302e019 100644 --- a/vhdbuilder/packer/install-dependencies.sh +++ b/vhdbuilder/packer/install-dependencies.sh @@ -36,7 +36,7 @@ capture_benchmark "${SCRIPT_NAME}_declare_variables_and_source_packer_files" echo "Logging the kernel after purge and reinstall + reboot: $(uname -r)" # fix grub issue with cvm by reinstalling before other deps # other VHDs use grub-pc, not grub-efi -if [[ [[ "${UBUNTU_RELEASE}" == "20.04" ]] && [[ "$IMG_SKU" == "20_04-lts-cvm" ]] || [[ [[ "${UBUNTU_RELEASE}" == "24.04" ]] && [[ "$IMG_SKU" == "cvm" ]] ]] ]]; then +if [[ ( [[ "${UBUNTU_RELEASE}" == "20.04" ]] && [[ "$IMG_SKU" == "20_04-lts-cvm" ]] ) || ( [[ [[ "${UBUNTU_RELEASE}" == "24.04" ]] && [[ "$IMG_SKU" == "cvm" ]] ]] ) ]]; then apt_get_update || exit $ERR_APT_UPDATE_TIMEOUT wait_for_apt_locks apt_get_install 30 1 600 grub-efi || exit 1 From 4cfc4509a223cb8ef4ac30c9328b4c503092a32a Mon Sep 17 00:00:00 2001 From: chrislopez Date: Fri, 7 Feb 2025 12:29:21 -0800 Subject: [PATCH 12/12] style fix --- vhdbuilder/packer/install-dependencies.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vhdbuilder/packer/install-dependencies.sh b/vhdbuilder/packer/install-dependencies.sh index 0cee302e019..87c6c9dcfd6 100644 --- a/vhdbuilder/packer/install-dependencies.sh +++ b/vhdbuilder/packer/install-dependencies.sh @@ -36,7 +36,7 @@ capture_benchmark "${SCRIPT_NAME}_declare_variables_and_source_packer_files" echo "Logging the kernel after purge and reinstall + reboot: $(uname -r)" # fix grub issue with cvm by reinstalling before other deps # other VHDs use grub-pc, not grub-efi -if [[ ( [[ "${UBUNTU_RELEASE}" == "20.04" ]] && [[ "$IMG_SKU" == "20_04-lts-cvm" ]] ) || ( [[ [[ "${UBUNTU_RELEASE}" == "24.04" ]] && [[ "$IMG_SKU" == "cvm" ]] ]] ) ]]; then +if [[ "${UBUNTU_RELEASE}" == "20.04" && "$IMG_SKU" == "20_04-lts-cvm" ]] || [[ "${UBUNTU_RELEASE}" == "24.04" && "$IMG_SKU" == "cvm" ]]; then apt_get_update || exit $ERR_APT_UPDATE_TIMEOUT wait_for_apt_locks apt_get_install 30 1 600 grub-efi || exit 1