Deploying Linux VMs on Azure Stack Hub with Enterprise CA Certificates? Here's a Solution!
When deploying Linux VMs on Azure Stack Hub in a corporate environment, you may encounter issues with TLS endpoint certificates signed by an internal Enterprise CA. In this post, we'll explore a technique for importing the root CA certificate into the truststore of your Linux VMs, enabling seamless access to TLS endpoints. We'll also show you how to use Terraform to automate the process, including provisioning a VM, importing the CA certificate, and running a custom script
I do understand distributed management and delegation, but this seems like a step too far. There is a new setting that allows users to be able to create their own Azure AD tenants. While it is a great privilege and setting to have, why ‘Yes’ would be the default choice is an interesting default and I would like to understand the rationale behind that.
Save your future self from a number of headaches, just select no.
Are you trying to create a budget with PowerShell using New-AzConsumptionBudget on a resource group? You might have tried the code reference on this page New-AzConsumptionBudget (Az.Billing) | Microsoft Learn.
# If you update the sample command and try to execute
New-AzConsumptionBudget -ResourceGroupName budgetThis -Amount 60 -Name PSBudgetRG -Category Cost -StartDate 2022-11-01 -EndDate 2024-11-01 -TimeGrain MonthlyIf you’re not using a subscription in an EA, you’ll get this error New-AzConsumptionBudget: Operation returned an invalid status code 'BadRequest'
Running get-error doesn’t provide much in the way of help to resolve. After further digging you’ll find the PowerShell reference page, you’ll probably find that Microsoft docs states you have to be an “EA customer, you can create and edit budgets programmatically using the Azure PowerShell module. However, we recommend that you use REST APIs to create and edit budgets because CLI commands might not support the latest version of the APIs."
If you are using EA subscription it still doesn’t create the alerts and the PowerShell doco doesn’t seem easy to use to create these notifications either.
Hopefully, you found this script SetConsumptionBudget.ps1 Create a Consumption Budget for ResourceGroups in Azure (github.com). It is a complete script and is helpful. This is a good implementation of the content documented here. Budgets - Create Or Update - REST API (Azure Consumption) | Microsoft Learn.
What if you couldn’t find a pre-created script what would you do? Or if you wanted a simplified call rather than the long doc example, in this case, I wanted to leverage using an Action Group.
Let’s create a budget through the Azure portal called “CreatedWithUI” and use the browser developer tools (F12) to capture the traffic requests to the Azure API.
After you click “Create” you’ll see traffic and see the request payload
You can copy the properties section, you just need to add the properties name back in.
With some changes to the syntax object, we can create a script to create the budget alerting an Action Group.
# Converted Syntax for use in script
$bodyObject = @{
"properties"= @{
"timePeriod" = @{
"startDate"= "2022-10-01T00:00:00Z"
"endDate"= "2024-09-30T00:00:00Z"
}
"timeGrain" = "Monthly"
"amount"= 62
"category"= "Cost"
"notifications" =@{
"forecasted_GreaterThan_90_Percent"= @{
"enabled" = $true
"operator"= "GreaterThan"
"threshold"= 90
"contactGroups"= @("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/cloudmodernization-rg/providers/microsoft.insights/actionGroups/BudgetAlerts")
"thresholdType"= "Forecasted"
}
}
}
}The last piece of data we need is the Action Group, which still works in PowerShell
# Parameters
$ActionGroupRGName = "cloudmodernization-rg"
$ActionGroupEmails = @("admin@yourorg.com")
$ActionGroupName = "BudgetAlerts"
# Get existing action Group ID
$ActionGroupId = (Get-AzActionGroup -resourcegroup cloudmodernization-rg -Name BudgetAlerts).id
# Create New Action Group
$AlertEmail = New-AzActionGroupReceiver -EmailAddress $ActionGroupEmail -Name ForcastBudgetAlert
$ActionGroupId = (Set-AzActionGroup -ResourceGroupName ($cb.ResourceGroup) -Name $ActionGroupName -ShortName $ActionGroupName -Receiver $AlertEmail).IdFinally, if you pull all this together calling Invoke-RestMethod it would like something like
# Parameters
$subscriptionId = "00000000-1111-2222-3333-444444444444"
$resourceGroupName = "cloudmodernization-rg"
$ActionGroupName = "BudgetAlerts"
$budgetName = "$resourceGroupName-cb"
# Get existing action Group ID
$ActionGroupId = (Get-AzActionGroup -resourcegroup $resourceGroupName -Name $ActionGroupName ).id
$bodyObject = @{
"properties"= @{
"timePeriod" = @{
"startDate"= "2022-10-01T00:00:00Z"
"endDate"= "2024-09-30T00:00:00Z"
}
"timeGrain" = "Monthly"
"amount"= 62
"category"= "Cost"
"notifications" = @{
"forecasted_GreaterThan_90_Percent"= @{
"enabled" = $true
"operator"= "GreaterThan"
"threshold"= 90
"contactGroups"= @($ActionGroupId)
"thresholdType"= "Forecasted"
}
}
}
"filter" =@{}
}
$bearerToken=(Get-AzAccessToken).token
$headers = @{'Authorization' = "Bearer $bearerToken"}
$RequestBody = $bodyObject | convertto-json -Depth 15
$URI = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Consumption/budgets/$budgetName"+"?api-version=2021-10-01"
Invoke-RestMethod -Method Put -ContentType "application/json; charset=utf-8" -Uri $URI -Headers $headers -Body $RequestBodyHere are the three budgets $60, $61, and $62 created through this article.
This was aimed at showing you how to get to the payload submitted to the Azure Portal to solve a problem using PowerShell and how to revert to using a direct Azure API call.
This isn’t a groundbreaking demo in terms of the end result; we deploy some VMs, however, the interesting conversation is about how we got there and what we can do with these VMs. With Azure Arc, we can now connect vSphere to the Azure platform, meaning using Azure we can use cloud methods to deploy servers such as Azure templates. This is a step towards creating an environment with a single-pane-of-glass, at least to view and query your IT estate.
The features today are simple, but Azure is a constantly evolving platform and when you are connected, as new features and services are developed and released, and the ecosystem evolves, you can grow with it.
The goal of this article is to give you some ideas about why connecting your vSphere cluster to Azure via Azure Arc and how having VMWare-connected VMs can start providing a path to a consistent cloud experience. This allows administrators to develop management processes in the cloud without requiring a complete lift and shift of all existing servers. As of this writing, this feature is still in preview.
This is assuming you have deployed the Azure Arc bridge to connect your on-premises resources. This process is evolving and is not meant to be the focus of this article.
Once connected using the Azure portal, you can do a simple VM deployment.
Click, click, VM name, deploy-demo-01 next, next, finish.
We can save this as an ARM template, I created a template spec and saved it to Azure, which I am using through the portal to deploy VM deploy-demo-02 but you could use pipeline tools such as Azure DevOps or other CI/CD tooling or templates from PowerShell command line.
You could use PowerShell to deploy that ARM Template to deploy deploy-demo-03
you could convert this into a Bicep template if that’s your standard.
What I do have now is 3 new vSphere hosted VMs all deployed via Azure ARM
however, I never touched the VMware console, and I now have an Azure Resource object.
You have access to basic controls. You could assign this via Azure RBAC rather than having administrators and users needing to access the vSphere console. There are options for resizing, adding disks, and managing networking, standardizing the experience.
In addition, you can also onboard existing deployed vSphere VMs and enable guest management to help manage things like VMware tools versions from Azure.
While the monitoring agent options are changing, I’ll keep this simple. You could also include VM extension such as the monitoring agent in your template.
which in term allows us to query these servers via Log analytics. This means it can be connected to alerts like low disk space and other services like Azure Policy.
This space is changing, there are a lot of new features coming to Azure Arc which we see as a gateway to connecting your existing IT servers to Azure allowing companies to gain the benefits of Azure without having to execute migrations for every server.
Hopefully, you found this insightful or informative
This blog is a follow on from Creating a MAAS Image Builder Server (Windows Server 2022 example) — Crying Cloud the goal here is to create a MAAS usable Azure Stack HCI image for deployment with MAAS. This is still using the component from cloudbase/windows-imaging-tools: Tools to automate the creation of a Windows image for OpenStack, supporting KVM, Hyper-V, ESXi and more. (github.com) this repo.
The primary issue is if you try to “generalize” an HCI image, if you attempt to use that prepped image, you get the perpetual error “Windows could not finish configuring the system. To attempt to resume configuration, restart the computer”
However, if you don’t “generalize” the HCI base image, the deployment works. The problem with using the existing tools/repo and scripts is creating a MAAS image with this option not to generalize it.
The following content is assuming the layout as described here Creating a MAAS Image Builder Server (Windows Server 2022 example) — Crying Cloud.
Looking into the file C:\BuilderFiles\windows-openstack-imaging-tools\UnattendResources\Logon.ps1 around line 714 we find the command that is calling sysprep.exe
& "$ENV:SystemRoot\System32\Sysprep\Sysprep.exe" `/generalize `/oobe `/shutdown `/unattend:"$unattendedXmlPath"Without breaking the ability to build other images or have a complete clone of the repo we need to make a few changes. Being able to have a parameter in the ini file makes sense. Create a copy of the ini file C:\BuilderFiles\Scripts\config-Server-HCI-UEFI.ini. I have added a parameter to the [sysprep] section run_sysprep_generalize=False. The differences between the 2022 file and HCI are as follows.
# config-Server-HCI-UEFI key diff to config-Server-2022-UEFI
image_name=Azure Stack HCI SERVERAZURESTACKHCICORE
image_path=C:\BuilderFiles\Images\HCI.10.2022.tgz
custom_scripts_path="C:\BuilderFiles\scripts\HCICS"
unattend_xml_path="UnattendTemplateHCI.xml"
# new parameter in section
[sysprep]
run_sysprep_generalize=FalseI have created a copy of unattendTemplate2022.xml and save as unattendTemplateHCI.xml stored here C:\BuilderFiles\windows-openstack-imaging-tools with the following changes.
# Delete the following component from specialize node
# <settings pass="specialize">
<component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<fDenyTSConnections>false</fDenyTSConnections>
</component>
<component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<UserAuthentication>0</UserAuthentication>
</component>
<component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<FirewallGroups>
<FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop">
<Active>true</Active>
<Profile>all</Profile>
<Group>@FirewallAPI.dll,-28752</Group>
</FirewallGroup>
</FirewallGroups>
</component>Next is changes to C:\BuilderFiles\windows-openstack-imaging-tools\UnattendResources\Logon.ps1
# line 575 under
# if ($installQemuGuestAgent -and $installQemuGuestAgent -ne 'False') {
# Install-QemuGuestAgent
# }
# add the following get-ini parameter call
try {
$generalizeWindowsImage = Get-IniFileValue -Path $configIniPath -Section "sysprep" -Key "run_sysprep_generalize" -Default "True"
} catch{}then, lets a simple if statement to flip the call
# line 741 under
# Optimize-SparseImage
if ($generalizeWindowsImage -eq "False") {
& "$ENV:SystemRoot\System32\Sysprep\Sysprep.exe" `/oobe `/shutdown `/unattend:"$unattendedXmlPath"
} else {
& "$ENV:SystemRoot\System32\Sysprep\Sysprep.exe" `/generalize `/oobe `/shutdown `/unattend:"$unattendedXmlPath"
}Next, create the C:\BuilderFiles\Scripts\HCICS folder. Which will also copy in the RunBeforeSysprep.ps1 script for HCI I have added an additional script C:\BuilderFiles\Scripts\HCICS\RunBeforeWindowsUpdates.ps1 with a script to install the pre-requisites needed for HCI clusters.
function Write-Log {
Param($messageToOut)
add-content -path "c:\build.log" ("{0} - {1}" -f @((Get-Date), $messageToOut))
}
Write-Log "RunBeforeWindowsUpdate.ps1 starting"
Write-Log "install windows Features"
install-windowsfeature FS-Data-Deduplication,BitLocker,Data-Center-Bridging,Failover-Clustering,NetworkATC,RSAT-AD-PowerShell,RSAT-Hyper-V-Tools,RSAT-Clustering,RSAT-DataCenterBridging-LLDP-Tools
Write-Log "RunBeforeWindowsUpdate.ps1 finished"And to bring it all together the script to call this Build-HCI.ps1. These can be more normalized but for now, create a separate file with the appropriate parameters.
# Build-HCI.ps1 parameters
Param (
$VerbosePreference = "Continue",
$ISOImage = "C:\BuilderFiles\ISOs\AzureStackHCI_20348.587_en-us.iso",
$ConfigFilePath = "C:\BuilderFiles\Scripts\config-Server-HCI-UEFI.ini",
$CloudBuildModules = "C:\BuilderFiles\windows-openstack-imaging-tools"
)Fingers crossed, let’s run the Build-HCI.ps1 script
After deployment we can RDP to the server, as it is named in MAAS
Let’s try the credentials and add the server to Windows Admin Center
I believe there is room to refine this process and automate more of it, but these are the steps I took to get an Azure Stack HCI image with updates, users and features installed and able to deploy directly to bare metal with MAAS
This blog post is a walkthrough for building out an image server for MAAS to create custom images. For this first image, we will build a Windows 2022 server Image.
MAAS | Metal as a Service does include built-in features that support adding Linux images, you do need to build your own Windows images for use with MAAS. I used to create and script this process to make it easier. For this image builder, I am using a Dell R630 physical host with windows 2019 installed. The code base I am leveraging can be found here cloudbase/windows-imaging-tools: Tools to automate the creation of a Windows image for OpenStack, supporting KVM, Hyper-V, ESXi and more. (github.com).
There is a follow up article for creating an Azure Stack HCI image Creating an Azure Stack HCI Image for MAAS — Crying Cloud
# Enable Remote Desktop
# Manually disabled IE Enhanced security
# Install Windows Updates
# Install Windows Assessment
# Install Deployment Kit (ADK) https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install
# Run as Admin
# set execution policy bypass
Set-ExecutionPolicy -ExecutionPolicy bypass -Force:$true
# install chocolatey
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
# Useful Choco installs (you may need to relaunch Powershell)
choco install vscode -y
choco install git -y
choco install microsoft-edge -y
choco install chrome-remote-desktop-chrome -y
choco install beyondcompare -y
choco install putty.install -y
choco install winscp -y
# Install Hyber-V and management tool
Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart
# Reboot Server
# Create an external virtual switch called External
$adapter = Get-NetAdapter | ?{$_.status -eq "up"} | select -first 1
new-vmswitch "External" -NetAdapterName $adapter.nameNext is to get the files local so we can use them to build our images
mkdir BuilderFiles
cd builderfiles
mkdir ISOs
mkdir ISOCopy
mkdir Scripts
# Clone Repo
git clone https://github.com/cloudbase/windows-openstack-imaging-tools.git
git submodule update --init
# Load Modules
pushd windows-openstack-imaging-tools
Import-Module .\WinImageBuilder.psm1
Import-Module .\Config.psm1
Import-Module .\UnattendResources\ini.psm1
# Create a empty config.ini file
$ConfigFilePath = ".\config.ini"
New-WindowsImageConfig -ConfigFilePath $ConfigFilePathI have saved 3 ISO files to c:\BuilderFiles\ISOs
Additionally, if you want to customize using the deployment tool kit you will need to extract the ISOs to C:\BuilderFiles\isoCopy. This way you can use “Windows System Image Manager” to build custom unattend files.
We are going to start with building a Windows 2022 Image. I am starting with 2022 as there are fewer updates to execute so it’s faster to test the process. First, mount the Windows 2022 ISO.
Copy the config.ini file we just created and rename it to config-Server-2022-UEFI.ini. We do need to make a few changes. You can explore the differences here in the compressed contents of the file. Any value not listed is =““
# C:\BuilderFiles\Scripts\config-Server-2022-UEFI.ini
[DEFAULT]
wim_file_path=F:\Sources\install.wim
image_name="Windows Server 2022 SERVERDATACENTER"
image_path=C:\BuilderFiles\Images\WinSvr2022DC.tgz
virtual_disk_format=RAW
image_type=MAAS
disk_layout=UEFI
product_key="ASDFG-GHJKL-WERTY-WERTY-ASDFG"
force=False
install_maas_hooks=True
compression_format="tar.gz"
gold_image=False
custom_scripts_path="C:\BuilderFiles\Scripts\2022CS"
enable_administrator_account=True
shrink_image_to_minimum_size=True
enable_custom_wallpaper=False
disable_first_logon_animation=False
compress_qcow2=False
zero_unused_volume_sectors=False
extra_packages_ignore_errors=False
enable_shutdown_without_logon=False
enable_ping_requests=False
enable_ipv6_eui64=False
enable_active_mode=False
[vm]
administrator_password=getBENT123!
external_switch=external
cpu_count=4
ram_size=12884901888
disk_size=42949672960
disable_secure_boot=True
[drivers]
[custom]
install_qemu_ga=False
[updates]
install_updates=True
purge_updates=True
clean_updates_offline=True
clean_updates_online=True
[sysprep]
run_sysprep=True
unattend_xml_path=UnattendTemplate2022.xml
disable_swap=True
persist_drivers_install=True
[cloudbase_init]
beta_release=False
serial_logging_port=COM1
cloudbase_init_use_local_system=False
cloudbase_init_delayed_start=FalseWhile building and testing your images I would suggest disabling updates, for faster testing cycles, including install, purge, and clean turning these settings in the ini to false.
[updates]
install_updates=False
purge_updates=False
clean_updates_offline=False
clean_updates_online=FalseWe added a reference for an UnattendTemplate2022.xml file. Copy UnattendTemplate.xml from git repo to c:\builderFiles\Scripts and rename the file. Using the files in isoCopy you can edit the unattend.xml. There are lots of internet sources to assist with that process.
Here are a few small changes you can make
# DELETE Lines
<VisualEffects>
<FontSmoothing>ClearType</FontSmoothing>
</VisualEffects>
<NetworkLocation>Work</NetworkLocation>
# ADD/EDIT Lines
<AdministratorPassword>
<Value>getBENT123!</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<!-- The following is needed on a client OS -->
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>getBENT123!</Value>
<PlainText>true</PlainText>
</Password>
<Description>Admin user</Description>
<DisplayName>Admin</DisplayName>
<Group>Administrators</Group>
<Name>Admin</Name>
</LocalAccount>
</LocalAccounts>
# Microsoft-Windows-TerminalServices-RDP-WinStationExtensions
<UserAuthentication>0</UserAuthentication>Another way you can configure the images is with Custom Scripts in the CustomScripts folder. I find this easier than working through windows Image settings. Some files you can use are RunAfterCloudbaseInitInstall.ps1, RunBeforeWindowsUpdates.ps1, RunBeforeCloudbaseInitInstall.ps1, RunAfterWindowsUpdates.ps1.
Here is a file I have created C:\BuilderFiles\Scripts\2022CS\RunBeforeSysprep.ps1 and the parameter is already set in the ini custom_scripts_path="C:\BuilderFiles\Scripts\2022CS\"
# C:\BuilderFiles\Scripts\2022CS\RunBeforeSysprep.ps1
function Write-Log {
Param($messageToOut)
add-content -path "c:\build.log" ("{0} - {1}" -f @((Get-Date), $messageToOut))
}
function Disable-IEESC {
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
Stop-Process -Name Explorer
Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
}
Write-Log "RunBeforeSysprep.ps1 starting"
write-Log "Disable-IEESC"
Disable-IEESC
write-Log "Allow RDP"
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name 'fDenyTSConnections' -value 0
Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'
write-Log "Allow All RDP clients"
(Get-WmiObject -class 'Win32_TSGeneralSetting' -Namespace root\cimv2\terminalservices -ComputerName $env:COMPUTERNAME -Filter 'TerminalName="RDP-tcp"').SetUserAuthenticationRequired(0)
write-Log "set updates"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name AUOptions -Value 4
write-Log "avahcAdmin"
$Password = ConvertTo-SecureString -String "getBENT123!" -AsPlainText -Force
New-LocalUser -Name "avahcAdmin" -Password $Password -AccountNeverExpires
Add-LocalGroupMember -Group "Administrators" -Member "avahcAdmin"
& cmd.exe /c 'net.exe user "avahcAdmin" "getBENT123!"'
write-Log "avaAdmin"
$Password = ConvertTo-SecureString -String "getBENT123!" -AsPlainText -Force
New-LocalUser -Name "avaAdmin" -Password $Password -AccountNeverExpires
Add-LocalGroupMember -Group "Administrators" -Member "avaAdmin"
& cmd.exe /c 'net.exe user "avaAdmin" "getBENT123!"'
write-Log "disable administrator"
& cmd.exe /c 'net.exe user Administrator /active:no'
write-Log "disable admin"
& cmd.exe /c 'net.exe user Admin /active:no'
#& cmd.exe /c 'net.exe user "Administrator" "getBENT123!"'
Write-Log "RunBeforeSysprep.ps1 Finished"Next, create a file called Build-2022.ps1.
# C:\BuilderFiles\Scripts\Build-2022.ps1
Param (
$VerbosePreference = "Continue",
$ISOImage = "C:\BuilderFiles\isos\en-us_windows_server_2022_updated_april_2022_x64_dvd_d428acee.iso",
$ConfigFilePath = "C:\BuilderFiles\Scripts\config-Server-2022-UEFI.ini",
$CloudBuildModules = "C:\BuilderFiles\windows-openstack-imaging-tools"
)
Set-Location $CloudBuildModules
Import-Module .\WinImageBuilder.psm1
Import-Module .\Config.psm1
Import-Module .\UnattendResources\ini.psm1
Mount-DiskImage -ImagePath $ISOImage
$MountLetter = (Get-DiskImage $ISOImage| Get-Volume).DriveLetter
# Create a config.ini file using the built in function, then set them accordingly to your needs
# New-WindowsImageConfig -ConfigFilePath $ConfigFilePath
# To automate the config options setting:
Set-IniFileValue -Path (Resolve-Path $ConfigFilePath) -Section "DEFAULT" -Key "wim_file_path" -Value ("$MountLetter" + ":\Sources\install.wim")
#New Online image
New-WindowsOnlineImage -ConfigFilePath $ConfigFilePath
Dismount-DiskImage $ISOImageExecute this script, which will use DISM to create the initial image
Which will then be booted by Hyper-V and any scripts specified executed locally
This shows the custom script log c:\build.log has completed and sysprep running
Once this is complete because we are loading this to MAAS the image will be compressed and converted to a RAW image and then tarballed and gzipped.
Using Putty create a session to one of the servers you manage MAAS
you can also import this into winSCP and copy the image file up to the ubuntu server directory. My goal was to automate this but didn’t manage to get the process fully end-to-end, so this part is still manual.
Then we can log into that server and upload the boot image. To keep track of files and images I add an instance numbering to the name.
# Must have the MAAS CLI installed
# Must have a MAAS profile (in this case mquick)
maas mquick boot-resources create name='windows/WS2022DC01' title='WinServer2022DC01' architecture='amd64/generic' filetype='ddtgz' content@=WinSvr2022DC01.tgz
# Additional Boot-resource management commands
# Show all
maas mquick boot-resources read
# delete one
maas mquick boot-resource delete id
maas mquick boot-resource delete 80Now for the final test, deploying the newly created image using MAAS
After MAAS finishes the deployment, we can log in using the pre-staged Admin accounts and the other settings we configured, RDP, etc
You can mix and match depending on your needs. Here is a follow-on article of how to create an image for Azure Stack HCI Creating an Azure Stack HCI Image for MAAS — Crying Cloud
If you are new to MAAS or having issues with custom windows images hopefully this is helpful.