Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed scripts for Azure Image Builder #22

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions articles/virtual-machines/linux/image-builder-permissions-cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -116,16 +116,16 @@ To simplify the replacement of values in the example, set the following variable

```azurecli-interactive
# Subscription ID - You can get this using `az account show | grep id` or from the Azure portal.
subscriptionID=$(az account show --query id --output tsv)
$subscriptionID=$(az account show --query id --output tsv)
# Resource group - image builder will only support creating custom images in the same Resource Group as the source managed image.
imageResourceGroup=<Resource group>
identityName="aibIdentity"
$imageResourceGroup="<Resource group>"
$identityName="aibIdentity"

# Use *cURL* to download the a sample JSON description
curl https://raw.githubusercontent.com/azure/azvmimagebuilder/master/solutions/12_Creating_AIB_Security_Roles/aibRoleImageCreation.json -o aibRoleImageCreation.json

# Create a unique role name to avoid clashes in the same Azure Active Directory domain
imageRoleDefName="Azure Image Builder Image Def"$(date +'%s')
$imageRoleDefName="Azure Image Builder Image Def$(date +'%s')"

# Update the JSON definition using stream editor
sed -i -e "s/<subscriptionID>/$subscriptionID/g" aibRoleImageCreation.json
Expand All @@ -136,7 +136,7 @@ sed -i -e "s/Azure Image Builder Service Image Creation Role/$imageRoleDefName/g
az role definition create --role-definition ./aibRoleImageCreation.json

# Get the user-assigned managed identity id
imgBuilderCliId=$(az identity show -g $imageResourceGroup -n $identityName --query clientId -o tsv)
$imgBuilderCliId=$(az identity show -g $imageResourceGroup -n $identityName --query clientId -o tsv)

# Grant the custom role to the user-assigned managed identity for Azure Image Builder.
az role assignment create \
Expand All @@ -158,15 +158,15 @@ To simplify the replacement of values in the example, set the following variable

```azurecli-interactive
# Subscription ID - You can get this using `az account show | grep id` or from the Azure portal.
subscriptionID=$(az account show --query id --output tsv)
VnetResourceGroup=<Resource group>
identityName="aibIdentity"
$subscriptionID=$(az account show --query id --output tsv)
$VnetResourceGroup="<Resource group>"
$identityName="aibIdentity"

# Use *cURL* to download the a sample JSON description
curl https://raw.githubusercontent.com/azure/azvmimagebuilder/master/solutions/12_Creating_AIB_Security_Roles/aibRoleNetworking.json -o aibRoleNetworking.json

# Create a unique role name to avoid clashes in the same domain
netRoleDefName="Azure Image Builder Network Def"$(date +'%s')
$netRoleDefName="Azure Image Builder Network Def$(date +'%s')"

# Update the JSON definition using stream editor
sed -i -e "s/<subscriptionID>/$subscriptionID/g" aibRoleNetworking.json
Expand All @@ -177,7 +177,7 @@ sed -i -e "s/Azure Image Builder Service Networking Role/$netRoleDefName/g" aibR
az role definition create --role-definition ./aibRoleNetworking.json

# Get the user-assigned managed identity id
imgBuilderCliId=$(az identity show -g $imageResourceGroup -n $identityName --query clientId -o tsv)
$imgBuilderCliId=$(az identity show -g $imageResourceGroup -n $identityName --query clientId -o tsv)

# Grant the custom role to the user-assigned managed identity for Azure Image Builder.
az role assignment create \
Expand Down
18 changes: 9 additions & 9 deletions articles/virtual-machines/windows/image-builder.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,19 +60,19 @@ Because you'll be using some pieces of information repeatedly, create some varia

```azurecli-interactive
# Resource group name - we're using myImageBuilderRG in this example
imageResourceGroup='myWinImgBuilderRG'
$imageResourceGroup='myWinImgBuilderRG'
# Region location
location='WestUS2'
$location='WestUS2'
# Run output name
runOutputName='aibWindows'
$runOutputName='aibWindows'
# The name of the image to be created
imageName='aibWinImage'
$imageName='aibWinImage'
```

Create a variable for your subscription ID:

```azurecli-interactive
subscriptionID=$(az account show --query id --output tsv)
$subscriptionID=$(az account show --query id --output tsv)
```

## Create the resource group
Expand All @@ -92,19 +92,19 @@ VM Image Builder uses the provided [user-identity](/azure/active-directory/manag
Create a user-assigned identity so that VM Image Builder can access the storage account where the script is stored.

```azurecli-interactive
identityName=aibBuiUserId$(date +'%s')
$identityName=aibBuiUserId$(date +'%s')
az identity create -g $imageResourceGroup -n $identityName

# Get the identity ID
imgBuilderCliId=$(az identity show -g $imageResourceGroup -n $identityName --query clientId -o tsv)
$imgBuilderCliId=$(az identity show -g $imageResourceGroup -n $identityName --query clientId -o tsv)

# Get the user identity URI that's needed for the template
imgBuilderId=/subscriptions/$subscriptionID/resourcegroups/$imageResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$identityName
$imgBuilderId=/subscriptions/$subscriptionID/resourcegroups/$imageResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$identityName

# Download the preconfigured role definition example
curl https://raw.githubusercontent.com/azure/azvmimagebuilder/master/solutions/12_Creating_AIB_Security_Roles/aibRoleImageCreation.json -o aibRoleImageCreation.json

imageRoleDefName="Azure Image Builder Image Def"$(date +'%s')
$imageRoleDefName="Azure Image Builder Image Def$(date +'%s')"

# Update the definition
sed -i -e "s%<subscriptionID>%$subscriptionID%g" aibRoleImageCreation.json
Expand Down