a few questions on azure image builder
brwilkinson opened this issue · 4 comments
- Is it supported to supply your own resource group name for the build ?
- Is it possible to get the local admin password for the VM, I would like to log on and check logs?
- Is there any streaming output from the build process/logs etc ?
- I only see
Get-AzImageBuilderTemplate -ImageTemplateName vmss2019webnetcore-WestCentralUS -ResourceGroupName ACU1-BRW-AOA-RG-G1 | select *
It would be nice to expand out some of these properties with a format file in powershell.
- it looks like the:
packerlogs/d9d79566-55c7-436d-be99-6cf17d8dcb4f/customization.logis only the output from before any customizations are run, they do not include any outputs from executing the customizations ? - Is the user assigned managed identity supposed to be assigned to the build virtual machine? I thought it was originally when I was testing, however at the moment it doesn't seem to be getting assigned?!
- It's there any chance installing extensions might be supported?
Hey @brwilkinson below are the answers to your questions:
-
Is it supported to supply your own resource group name for the build ?
Not currently, but this in our backlog of items to do within this CY. -
Is it possible to get the local admin password for the VM, I would like to log on and check logs?
We do not support getting the local admin password for the VM. -
Is there any streaming output from the build process/logs etc ?
There's no streaming output from the build process/logs currently. This is in our backlog of items to do. -
it looks like the: packerlogs/d9d79566-55c7-436d-be99-6cf17d8dcb4f/customization.log is only the output from before any customizations are run, they do not include any outputs from executing the customizations ?
You would need to add instrumentation to your code, please see the following documentation: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/image-builder-virtual-desktop#tips-for-building-windows-images -
Is the user assigned managed identity supposed to be assigned to the build virtual machine? I thought it was originally when I was testing, however at the moment it doesn't seem to be getting assigned?!
No, the user-assigned managed identity is not available to the build VM. It is used when you submit the template and inject the final image. -
Is there any chance installing extensions might be supported?
No, this is not planned to be supported.
We are looking into your powershell ask. Also, if you are having difficulties getting Image Builder to work, please do not hesitate to reach out to us. We'd be happy to help.
@kof-f Thank you for the response.
I think at the moment, since there are no plans to support extensions directly, I would have to say that my number one feedback item would be to enable the assignment for the User assigned managed identity on the virtual machine being deployed.
By performing that task, I am able to delegate access from the scripts that are running in the provisioning process to access other things, like keyvault, storage or in my case I will connect it up to Azure Automation DSC (state configuration) to pull down and apply the settings.
here is a sample of how it maybe used (noticed the login-azaccount -Identity) would allow me to log on via the managed identity.
Without that I am not really sure of a way to provide or access secrets or configuration data unless it's from public URI's Etc ?!
Also just to add, I am pretty sure I ran into this issue.
I didn't see that on any of the samples on GitHub, so I think this will be very helpful and may unblock my main issues on why I wasn't getting any successful builds once I added the extra PowerShell commands. I had some time scheduled to work on this today, so I am going to kick out some more builds and hopefully this unblocks me.
@kof-f are there any updates regarding the resource group specification? I stumbled upon an issue between Azure Policy and Azure Image Builder. AIB violates the policies when it creates the temporary build resources. I cannot create an exemption, because the resource group is also temporary.