chore: use image builder for AKSe VHDs

packer.mk

@@ -19,6 +19,9 @@ run-packer-windows: az-login
 az-copy: az-login
 	azcopy-preview copy "${OS_DISK_SAS}" "${SA_CONTAINER_URL}?${SA_TOKEN}" --overwrite=false
 
+az-copy-rbac: 
+	azcopy-preview copy "${OS_DISK_SAS}" "${SA_CONTAINER_URL}" --overwrite=false
+
 delete-sa: az-login
 	az storage account delete -n ${PACKER_TEMP_SA} -g ${PACKER_TEMP_GROUP} --yes
 generate-sas: az-login

parts/k8s/cloud-init/artifacts/cse_install.sh

@@ -41,9 +41,9 @@ installDeps() {
   if [[ ${OS} == "${UBUNTU_OS_NAME}" ]]; then
     retrycmd_no_stats 120 5 25 curl -fsSL ${MS_APT_REPO}/config/ubuntu/${UBUNTU_RELEASE}/packages-microsoft-prod.deb >/tmp/packages-microsoft-prod.deb || exit 42
     retrycmd 60 5 10 dpkg -i /tmp/packages-microsoft-prod.deb || exit 43
-    retrycmd_no_stats 120 5 25 curl ${MS_APT_REPO}/config/ubuntu/${UBUNTU_RELEASE}/prod.list >/tmp/microsoft-prod.list || exit 25
+    retrycmd_no_stats 120 5 25 curl -L ${MS_APT_REPO}/config/ubuntu/${UBUNTU_RELEASE}/prod.list >/tmp/microsoft-prod.list || exit 25
     retrycmd 10 5 10 cp /tmp/microsoft-prod.list /etc/apt/sources.list.d/ || exit 25
-    retrycmd_no_stats 120 5 25 curl ${MS_APT_REPO}/keys/microsoft.asc | gpg --dearmor >/tmp/microsoft.gpg || exit 26
+    retrycmd_no_stats 120 5 25 curl -L ${MS_APT_REPO}/keys/microsoft.asc | gpg --dearmor >/tmp/microsoft.gpg || exit 26
     retrycmd 10 5 10 cp /tmp/microsoft.gpg /etc/apt/trusted.gpg.d/ || exit 26
     aptmarkWALinuxAgent hold
     packages+=" cgroup-lite ceph-common glusterfs-client"

vhd/aib/AKSeImageTemplateWindows.json

@@ -0,0 +1,184 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "template_name": {
+            "type": "string"
+        },
+        "subscription_id": {
+            "type": "string"
+        },
+        "vhd_resource_group_name": {
+          "type": "string"
+        },
+        "managed_identity_name": {
+            "type": "string"
+        },
+        "vnet_resource_group_name": {
+          "type": "string"
+        },
+        "vnet_name": {
+            "type": "string"
+        },
+        "subnet_name": {
+            "type": "string"
+        },
+        "image_gallery_group_name": {
+            "type": "string"
+        },
+        "image_gallery_name": {
+            "type": "string"
+        },
+        "image_version": {
+            "type": "string"
+        },
+        "vhd_url": {
+            "type": "string"
+        },
+        "vhd_blob_container_name": {
+            "type": "string",
+            "defaultValue": "windows"
+        },
+        "vhd_name": {
+            "type": "string"
+        },
+        "vhd_run_output_name": {
+            "type": "string"
+        },
+        "github_branch_name": {
+            "type": "string",
+            "defaultValue": "master"
+        },
+        "location": {
+            "type": "string"
+        },
+        "vm_size": {
+            "type": "string"
+        },
+        "build_number": {
+            "type": "string"
+        },
+        "build_id": {
+            "type": "string"
+        },
+        "build_repo": {
+            "type": "string"
+        },
+        "git_version": {
+            "type": "string"
+        }
+    },
+    "resources": [
+        {
+            "name": "[parameters('template_name')]",
+            "type": "Microsoft.VirtualMachineImages/imageTemplates",
+            "apiVersion": "2022-02-14",
+            "location": "[parameters('location')]",
+            "dependsOn": [],
+            "tags": {
+                "userIdentity": "enabled"
+            },
+            "identity": {
+                "type": "UserAssigned",
+                "userAssignedIdentities": {
+                    "[concat('/subscriptions/',parameters('subscription_id'),'/resourcegroups/',parameters('vhd_resource_group_name'),'/providers/Microsoft.ManagedIdentity/userAssignedIdentities/',parameters('managed_identity_name'))]": {}
+                }
+            },
+            "properties": {
+                "buildTimeoutInMinutes" : 180,
+                "vmProfile": 
+                    {
+                        "vmSize": "[parameters('vm_size')]",
+                        "osDiskSizeGB": 30,
+                        "vnetConfig": {
+                            "subnetId": "[concat('/subscriptions/',parameters('subscription_id'),'/resourcegroups/',parameters('vnet_resource_group_name'),'/providers/Microsoft.Network/virtualNetworks/',parameters('vnet_name'),'/subnets/',parameters('subnet_name'))]"
+                        }
+                    },
+                "source": {
+                    "type": "PlatformImage",
+                    "publisher": "MicrosoftWindowsServer",
+                    "offer": "WindowsServer",
+                    "sku": "2019-Datacenter-Core-smalldisk",
+                    "version": "17763.5329.231230"
+                },
+                "customize": [
+                    {
+                        "type": "PowerShell",
+                        "name": "configure-windows-vhd-phase1",
+                        "runElevated": true,
+                        "scriptUri": "[uri('https://raw.githubusercontent.com/Azure/aks-engine-azurestack/',concat(parameters('github_branch_name'),'/vhd/packer/configure-windows-vhd-phase1.ps1'))]"
+                    },
+                    {
+                        "type": "WindowsRestart",
+                        "restartCheckCommand": "echo Azure-Image-Builder-Restarted-the-VM  > c:\\buildArtifacts\\azureImageBuilderRestart.txt",
+                        "restartTimeout": "10m"
+                    },
+                    {
+                        "type": "WindowsRestart",
+                        "restartCheckCommand": "echo Azure-Image-Builder-Restarted-the-VM  > c:\\buildArtifacts\\azureImageBuilderRestart.txt",
+                        "restartTimeout": "10m"
+                    },
+                    {
+                        "type": "PowerShell",
+                        "name": "configure-windows-vhd-phase2",
+                        "runElevated": true,
+                        "scriptUri": "[uri('https://raw.githubusercontent.com/Azure/aks-engine-azurestack/',concat(parameters('github_branch_name'),'/vhd/packer/configure-windows-vhd-phase2.ps1'))]"
+                    },
+                    {
+                        "type": "WindowsRestart",
+                        "restartCheckCommand": "echo Azure-Image-Builder-Restarted-the-VM  > c:\\buildArtifacts\\azureImageBuilderRestart.txt",
+                        "restartTimeout": "10m"
+                    },
+                    {
+                        "type": "File",
+                        "name": "download log collection script",
+                        "sourceUri": "[uri('https://raw.githubusercontent.com/Azure/aks-engine-azurestack/',concat(parameters('github_branch_name'),'/scripts/collect-windows-logs.ps1'))]",
+                        "destination":"c:\\akse-cache\\collect-windows-logs.ps1"
+                    },
+                    {
+                        "type": "File",
+                        "name": "download notice",
+                        "sourceUri": "[uri('https://raw.githubusercontent.com/Azure/aks-engine-azurestack/',concat(parameters('github_branch_name'),'/vhd/notice/notice_windows.txt'))]",
+                        "destination":"c:\\NOTICE.txt"
+                    },
+                    {
+                        "type": "File",
+                        "name": "download release notes script",
+                        "sourceUri": "[uri('https://raw.githubusercontent.com/Azure/aks-engine-azurestack/',concat(parameters('github_branch_name'),'/vhd/packer/write-release-notes-windows.ps1'))]",
+                        "destination":"c:\\akse-cache\\write-release-notes-windows.ps1"
+                    },
+                    {
+                        "type": "PowerShell",
+                        "name": "write release notes windows",
+                        "runElevated": true,
+                        "inline": [
+                            "[concat('& c:\\akse-cache\\write-release-notes-windows.ps1 -BUILD_NUMBER ',parameters('build_number'),' -BUILD_ID ',parameters('build_id'),' -BUILD_REPO ',parameters('build_repo'),' -BUILD_BRANCH ',parameters('github_branch_name'),' -BUILD_COMMIT ',parameters('git_version'))]"
+                        ]
+                    }
+                ],
+                "distribute": 
+                [
+                    {   
+                        "type": "SharedImage",
+                        "galleryImageId": "[concat('/subscriptions/',parameters('subscription_id'),'/resourcegroups/',parameters('image_gallery_group_name'),'/providers/Microsoft.Compute/galleries/',parameters('image_gallery_name'),'/images/windows2019containerd/versions/',parameters('image_version'))]",
+                        "runOutputName": "AKSeWindowsSIG",
+                        "artifactTags": {
+                            "baseosimg": "windows2019"
+                        },
+                        "replicationRegions": [
+                          "[parameters('location')]"
+                        ]
+                    },
+                    {
+                        "type": "VHD",
+                        "runOutputName": "[parameters('vhd_run_output_name')]",
+                        "artifactTags": {
+                            "baseosimg": "windows2019"
+                        },
+                        "uri": "[concat(parameters('vhd_url'),'/',parameters('vhd_blob_container_name'),'/',parameters('vhd_name'))]"
+                    }
+                ]
+            }
+        }
+    ]
+}    

vhd/aib/ImageCreationRole.json

@@ -0,0 +1,21 @@
+{
+    "Name": "Azure Image Builder Image Definition for AKSe ManagedIdentity",
+    "IsCustom": true,
+    "Description": "Image Builder access to create resources for the image build, you should delete or split out as appropriate",
+    "Actions": [
+        "Microsoft.Compute/galleries/read",
+        "Microsoft.Compute/galleries/images/read",
+        "Microsoft.Compute/galleries/images/versions/read",
+        "Microsoft.Compute/galleries/images/versions/write",
+
+        "Microsoft.Compute/images/write",
+        "Microsoft.Compute/images/read",
+        "Microsoft.Compute/images/delete"
+    ],
+    "NotActions": [
+    ],
+    "AssignableScopes": [
+      "/subscriptions/${subscription_id}/resourceGroups/{$vhd_resource_group_name}"
+    ]
+  }
+

vhd/aib/ImageVnetRole.json

@@ -0,0 +1,15 @@
+{
+    "Name": "Azure Image Builder Service Networking Role for AKSe ManagedIdentity",
+    "IsCustom": true,
+    "Description": "Image Builder access to create resources for the image build",
+    "Actions": [
+        "Microsoft.Network/virtualNetworks/read",
+        "Microsoft.Network/virtualNetworks/subnets/join/action"
+    ],
+    "NotActions": [
+    ],
+    "AssignableScopes": [
+      "/subscriptions/${subscription_id}/resourceGroups/${vnet_resource_group_name}"
+    ]
+  }
+

vhd/packer/cleanup-vhd.sh

@@ -2,6 +2,6 @@
 
 # Cleanup packer SSH key and machine ID generated for this boot
 rm -f /root/.ssh/authorized_keys
-rm -f /home/packer/.ssh/authorized_keys
+#rm -f /home/packer/.ssh/authorized_keys
 rm -f /etc/machine-id
 touch /etc/machine-id