Skip to content

feat: migrate Packer templates to HCL2 #7689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
zachary-bailey wants to merge 61 commits into
base: main
Choose a base branch
from
Draft

feat: migrate Packer templates to HCL2 #7689

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
61 commits
Select commit Hold shift + click to select a range
878d6ab
fix
zachary-bailey Jan 15, 2026
ec9eb1d
fix
zachary-bailey Jan 15, 2026
ae4bd66
fix
zachary-bailey Jan 15, 2026
bbf594a
fix
zachary-bailey Jan 15, 2026
2813ae6
fix
zachary-bailey Jan 15, 2026
b64a1e2
fix
zachary-bailey Jan 16, 2026
fda2c78
fix
zachary-bailey Jan 16, 2026
b1e5562
fix: handle cvm with locals
zachary-bailey Jan 16, 2026
5780d39
fix
zachary-bailey Jan 16, 2026
7c2414a
fix
zachary-bailey Jan 16, 2026
5320b51
fix
zachary-bailey Jan 16, 2026
254cc73
fix
zachary-bailey Jan 16, 2026
3743cd1
fix
zachary-bailey Jan 16, 2026
d624b2b
fix
zachary-bailey Jan 16, 2026
ddfd448
fix
zachary-bailey Jan 16, 2026
d4c47c6
fix
zachary-bailey Jan 16, 2026
560285a
fix
zachary-bailey Jan 16, 2026
27d56e3
fix
zachary-bailey Jan 16, 2026
621fc07
fix
zachary-bailey Jan 16, 2026
e7408e0
fix
zachary-bailey Jan 16, 2026
eb944b6
fix
zachary-bailey Jan 16, 2026
67a3c1e
fix
zachary-bailey Jan 16, 2026
c981a91
fix
zachary-bailey Jan 16, 2026
1870755
fix
zachary-bailey Jan 16, 2026
3ea4815
fix
zachary-bailey Jan 16, 2026
633a7a7
fix
zachary-bailey Jan 16, 2026
817fa00
fix
zachary-bailey Jan 16, 2026
98bc715
fix
zachary-bailey Jan 16, 2026
df13038
fix
zachary-bailey Jan 16, 2026
6d5b1ac
fix
zachary-bailey Jan 16, 2026
467561c
fix
zachary-bailey Jan 16, 2026
abe288d
fix
zachary-bailey Jan 16, 2026
17ff89b
fix
zachary-bailey Jan 16, 2026
6a35887
fix
zachary-bailey Jan 16, 2026
d69fbbf
fix
zachary-bailey Jan 16, 2026
ec0086d
fix
zachary-bailey Jan 16, 2026
2a736db
fix
zachary-bailey Jan 16, 2026
f59ea5b
fix
zachary-bailey Jan 16, 2026
71a4ac9
fix
zachary-bailey Jan 16, 2026
b93f353
fix
zachary-bailey Jan 16, 2026
388cb7d
fix
zachary-bailey Jan 16, 2026
7ed7b8f
Merge branch 'main' into zb/migrateToHCL2
zachary-bailey Jan 20, 2026
65b9fb7
fix
zachary-bailey Jan 20, 2026
ba1fa16
fix
zachary-bailey Jan 20, 2026
873008b
fix
zachary-bailey Jan 20, 2026
8e5f620
fix
zachary-bailey Jan 20, 2026
9d2fc52
fix
zachary-bailey Jan 20, 2026
7823d1c
fux
zachary-bailey Jan 20, 2026
88ee1fd
fix
zachary-bailey Jan 20, 2026
54e81bc
fix
zachary-bailey Jan 20, 2026
32f79df
Merge branch 'main' into zb/migrateToHCL2
zachary-bailey Jan 27, 2026
5530482
fix
zachary-bailey Jan 27, 2026
5685aaf
fix
zachary-bailey Jan 27, 2026
0db2de7
Merge branch 'main' into zb/migrateToHCL2
zachary-bailey Jan 28, 2026
660f285
fix
zachary-bailey Jan 28, 2026
ecbf762
fix
zachary-bailey Jan 28, 2026
8b61c2c
fix
zachary-bailey Jan 28, 2026
354b240
fix
zachary-bailey Jan 28, 2026
87d67b2
fix
zachary-bailey Jan 28, 2026
a4e24c6
fix
zachary-bailey Jan 28, 2026
3b0d6d9
fix
zachary-bailey Jan 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 12 additions & 22 deletions packer.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,13 @@ build-packer: generate-prefetch-scripts build-aks-node-controller build-lister-b
ifeq (${ARCHITECTURE},ARM64)
@echo "${MODE}: Building with Hyper-v generation 2 ARM64 VM"
ifeq (${OS_SKU},Ubuntu)
@echo "Using packer template file vhd-image-builder-arm64-gen2.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-arm64-gen2.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else ifeq (${OS_SKU},CBLMariner)
@echo "Using packer template file vhd-image-builder-mariner-arm64.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner-arm64.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else ifeq (${OS_SKU},AzureLinux)
@echo "Using packer template file vhd-image-builder-mariner-arm64.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner-arm64.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else ifeq (${OS_SKU},Flatcar)
@echo "Using packer template file vhd-image-builder-flatcar-arm64.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-flatcar-arm64.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else
$(error OS_SKU was invalid ${OS_SKU})
endif
Expand All @@ -36,26 +32,20 @@ else
endif
ifeq (${OS_SKU},Ubuntu)
ifeq ($(findstring cvm,$(FEATURE_FLAGS)),cvm)
@echo "Using packer template file vhd-image-builder-cvm.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-cvm.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else
@echo "Using packer template file vhd-image-builder-base.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-base.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
endif
else ifeq (${OS_SKU},CBLMariner)
@echo "Using packer template file vhd-image-builder-mariner.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else ifeq (${OS_SKU},AzureLinux)
ifeq ($(findstring cvm,$(FEATURE_FLAGS)),cvm)
@echo "Using packer template file vhd-image-builder-mariner-cvm.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner-cvm.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else
@echo "Using packer template file vhd-image-builder-mariner.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
endif
else ifeq (${OS_SKU},Flatcar)
@echo "Using packer template file vhd-image-builder-flatcar.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-flatcar.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else
$(error OS_SKU was invalid ${OS_SKU})
endif
Expand Down Expand Up @@ -87,10 +77,10 @@ az-login:
@az account set -s ${SUBSCRIPTION_ID}

init-packer:
@./vhdbuilder/packer/produce-packer-settings.sh ${AZCLI_VERSION_OVERRIDE}
@./vhdbuilder/packer/buildconfig/produce-packer-settings.sh ${AZCLI_VERSION_OVERRIDE}

run-packer: az-login
@packer init ./vhdbuilder/packer/packer-plugin.pkr.hcl && packer version && ($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-packer | tee -a packer-output)
@packer init ./vhdbuilder/packer/buildconfig && packer version && ($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-packer | tee -a packer-output)

run-imagecustomizer: az-login
@($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-imagecustomizer | tee -a packer-output)
Expand Down
174 changes: 174 additions & 0 deletions vhdbuilder/packer/buildconfig/build.pkr.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,174 @@
// This build block is used for all Linux VHD builds with Packer
build {
sources = ["source.azure-arm.nodelifecycle-image-builder"]

provisioner "shell" {
inline = ["sudo mkdir -p /opt/azure/containers", "sudo mkdir -p /opt/scripts", "sudo mkdir -p /opt/certs"]
}

// These files are common to all VHDs, and will be uploaded to the Packer VM regardless of distro
dynamic "provisioner" {
for_each = "${local.common_file_upload}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dynamic provisioner blocks use "${local.common_file_upload}" with unnecessary string interpolation. In HCL2, for_each expects a map or set directly, so this should be written as 'for_each = local.common_file_upload' without the quotes and interpolation markers.

Copilot uses AI. Check for mistakes.
labels = ["azure-arm.nodelifecycle-image-builder"]
Comment on lines +10 to +12
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The labels for dynamic provisioners should only contain the provisioner type, not include the source name. The labels should be ["file"] instead of ["azure-arm.nodelifecycle-image-builder"]. This pattern appears throughout the build block but is inconsistent with standard Packer HCL2 syntax for dynamic blocks.

Copilot uses AI. Check for mistakes.
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
}
}

// Ubuntu-specific file uploads
dynamic "provisioner" {
for_each = "${local.ubuntu_file_upload}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dynamic provisioner blocks use "${local.ubuntu_file_upload}" with unnecessary string interpolation. In HCL2, for_each expects a map or set directly, so this should be written as 'for_each = local.ubuntu_file_upload' without the quotes and interpolation markers.

Suggested change
for_each = "${local.ubuntu_file_upload}"
for_each = local.ubuntu_file_upload

Copilot uses AI. Check for mistakes.
labels = ["azure-arm.nodelifecycle-image-builder"]
Comment on lines +21 to +23
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The labels for dynamic provisioners should only contain the provisioner type, not include the source name. The labels should be ["file"] instead of ["azure-arm.nodelifecycle-image-builder"]. This pattern appears throughout the build block but is inconsistent with standard Packer HCL2 syntax for dynamic blocks.

Copilot uses AI. Check for mistakes.
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "ubuntu"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The when condition is checking "os_sku" but should be checking "os_version" to match the logic in the locals block (line 15 of variables.pkr.hcl) which uses os_version for Ubuntu detection. This mismatch will cause Ubuntu-specific files to not be uploaded when they should be.

Suggested change
when = lower(var.os_sku) == "ubuntu"
when = lower(var.os_version) == "ubuntu"

Copilot uses AI. Check for mistakes.
}
Comment on lines +28 to +29
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The conditional 'when' should use 'only_on' in HCL2 Packer provisioners, not 'when'. The 'when' attribute doesn't exist in Packer HCL2 syntax. To conditionally execute provisioners based on variable values, you should use the 'only' or 'except' attributes with build sources, or handle the condition within the provisioner script itself.

Copilot uses AI. Check for mistakes.
}

// AzureLinux-specific file uploads
dynamic "provisioner" {
for_each = "${local.azlinux_file_upload}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dynamic provisioner blocks use "${local.azlinux_file_upload}" with unnecessary string interpolation. In HCL2, for_each expects a map or set directly, so this should be written as 'for_each = local.azlinux_file_upload' without the quotes and interpolation markers.

Suggested change
for_each = "${local.azlinux_file_upload}"
for_each = local.azlinux_file_upload

Copilot uses AI. Check for mistakes.
labels = ["azure-arm.nodelifecycle-image-builder"]
Comment on lines +33 to +35
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The labels for dynamic provisioners should only contain the provisioner type, not include the source name. The labels should be ["file"] instead of ["azure-arm.nodelifecycle-image-builder"]. This pattern appears throughout the build block but is inconsistent with standard Packer HCL2 syntax for dynamic blocks.

Copilot uses AI. Check for mistakes.
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "cblmariner"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The when condition is checking "os_sku" but the variable being used should likely match what determines AzureLinux/CBLMariner distribution. The logic may need to check os_version or a combination of conditions. Additionally, the condition checks for "cblmariner" but this provisioner block is labeled for "AzureLinux-specific" files, which suggests a potential naming mismatch.

Suggested change
when = lower(var.os_sku) == "cblmariner"
when = lower(var.os_sku) == "azlinux"

Copilot uses AI. Check for mistakes.
}
}

// Flatcar-specific file uploads
dynamic "provisioner" {
for_each = "${local.flatcar_file_upload}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dynamic provisioner blocks use "${local.flatcar_file_upload}" with unnecessary string interpolation. In HCL2, for_each expects a map or set directly, so this should be written as 'for_each = local.flatcar_file_upload' without the quotes and interpolation markers.

Copilot uses AI. Check for mistakes.
labels = ["azure-arm.nodelifecycle-image-builder"]
Comment on lines +45 to +47
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The labels for dynamic provisioners should only contain the provisioner type, not include the source name. The labels should be ["file"] instead of ["azure-arm.nodelifecycle-image-builder"]. This pattern appears throughout the build block but is inconsistent with standard Packer HCL2 syntax for dynamic blocks.

Copilot uses AI. Check for mistakes.
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "flatcar"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The when condition is checking "os_sku" but should be checking "os_version" to match the logic in the locals block (line 15 of variables.pkr.hcl) which uses os_version for Flatcar detection. This mismatch will cause Flatcar-specific files to not be uploaded when they should be.

Suggested change
when = lower(var.os_sku) == "flatcar"
when = lower(var.os_version) == "flatcar"

Copilot uses AI. Check for mistakes.
}
}

// Architecture-specific aks-node-controller upload
provisioner "file" {
destination = "${local.aks_node_controller}"
source = "/home/packer/aks-node-controller"
}


// Build Process begins
// pre-install-dependencies.sh, install-dependencies.sh, post-install-dependencies.sh, and list-images.sh are run in order, typically with reboots and file downloads in between
provisioner "shell" {
inline = ["/bin/bash -ux /home/packer/pre-install-dependencies.sh"]
environment_vars = [
"FEATURE_FLAGS=${var.feature_flags}",
"BUILD_NUMBER=${var.build_number}",
"BUILD_ID=${var.build_id}",
"COMMIT=${var.commit}",
"HYPERV_GENERATION=${var.hyperv_generation}",
"CONTAINER_RUNTIME=${var.container_runtime}",
"TELEPORTD_PLUGIN_DOWNLOAD_URL=${var.teleportd_plugin_download_url}",
"ENABLE_FIPS=${var.enable_fips}",
"IMG_SKU=${var.img_sku}",
"UA_TOKEN=${var.ua_token}",
"VHD_BUILD_TIMESTAMP=${local.vhd_build_timestamp}"
]
}

provisioner "shell" {
expect_disconnect = true
inline = "${local.reboot_command}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The inline command is using string interpolation for a list value. In HCL2, when 'inline' expects a list, you should use array syntax. Change this from 'inline = "${local.reboot_command}"' to 'inline = [local.reboot_command]' (without quotes and with square brackets).

Suggested change
inline = "${local.reboot_command}"
inline = [local.reboot_command]

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unnecessary string interpolation. Change inline = "${local.reboot_command}" to inline = [local.reboot_command] since inline expects a list of strings, not a single interpolated string.

Suggested change
inline = "${local.reboot_command}"
inline = [local.reboot_command]

Copilot uses AI. Check for mistakes.
pause_after = "60s"
skip_clean = true
}

provisioner "shell" {
inline = ["/bin/bash -ux /home/packer/install-dependencies.sh"]
environment_vars = [
"FEATURE_FLAGS=${var.feature_flags}",
"BUILD_NUMBER=${var.build_number}",
"BUILD_ID=${var.build_id}",
"COMMIT=${var.commit}",
"HYPERV_GENERATION=${var.hyperv_generation}",
"CONTAINER_RUNTIME=${var.container_runtime}",
"TELEPORTD_PLUGIN_DOWNLOAD_URL=${var.teleportd_plugin_download_url}",
"ENABLE_FIPS=${var.enable_fips}",
"IMG_SKU=${var.img_sku}",
"PRIVATE_PACKAGES_URL=${var.private_packages_url}",
"VHD_BUILD_TIMESTAMP=${local.vhd_build_timestamp}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incorrect variable reference. vhd_build_timestamp should be referenced as var.vhd_build_timestamp instead of local.vhd_build_timestamp. The value comes from the settings.json file as a variable, not a local value computed at runtime.

Suggested change
"VHD_BUILD_TIMESTAMP=${local.vhd_build_timestamp}"
"VHD_BUILD_TIMESTAMP=${var.vhd_build_timestamp}"

Copilot uses AI. Check for mistakes.
]
}

provisioner "shell" {
inline = ["sudo /bin/bash /home/packer/generate-disk-usage.sh"]
}

dynamic "provisioner" {
for_each = "${local.midway_file_downloads}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dynamic provisioner blocks use "${local.midway_file_downloads}" with unnecessary string interpolation. In HCL2, for_each expects a map or set directly, so this should be written as 'for_each = local.midway_file_downloads' without the quotes and interpolation markers.

Suggested change
for_each = "${local.midway_file_downloads}"
for_each = local.midway_file_downloads

Copilot uses AI. Check for mistakes.
labels = ["azure-arm.nodelifecycle-image-builder"]
Comment on lines +110 to +112
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The labels for dynamic provisioners should only contain the provisioner type, not include the source name. The labels should be ["file"] instead of ["azure-arm.nodelifecycle-image-builder"]. This pattern appears throughout the build block but is inconsistent with standard Packer HCL2 syntax for dynamic blocks.

Copilot uses AI. Check for mistakes.
content {
type = "file"
direction = "download"
source = provisioner.value.source
destination = provisioner.value.destination
}
}

provisioner "shell" {
expect_disconnect = true
inline = "${local.reboot_command}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unnecessary string interpolation. Change inline = "${local.reboot_command}" to inline = [local.reboot_command] since inline expects a list of strings, not a single interpolated string.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The inline parameter expects an array but the value is incorrectly wrapped in string interpolation syntax. It should be inline = [local.reboot_command] instead of inline = "${local.reboot_command}" to properly pass an array of commands to the shell provisioner.

Copilot uses AI. Check for mistakes.
pause_after = "60s"
skip_clean = true
}

provisioner "shell" {
inline = ["/bin/bash -ux /home/packer/post-install-dependencies.sh"]
environment_vars = [
"FEATURE_FLAGS=${var.feature_flags}",
"BUILD_NUMBER=${var.build_number}",
"BUILD_ID=${var.build_id}",
"COMMIT=${var.commit}",
"HYPERV_GENERATION=${var.hyperv_generation}",
"CONTAINER_RUNTIME=${var.container_runtime}",
"TELEPORTD_PLUGIN_DOWNLOAD_URL=${var.teleportd_plugin_download_url}",
"ENABLE_FIPS=${var.enable_fips}",
"IMG_SKU=${var.img_sku}"
]
}

provisioner "shell" {
inline = ["/bin/bash -ux /home/packer/list-images.sh"]
environment_vars = [
"SKU_NAME=${var.sku_name}",
"IMAGE_VERSION=${var.image_version}",
"CONTAINER_RUNTIME=${var.container_runtime}"
]
}

dynamic "provisioner" {
for_each = "${local.post_build_file_downloads}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dynamic provisioner blocks use "${local.post_build_file_downloads}" with unnecessary string interpolation. In HCL2, for_each expects a map or set directly, so this should be written as 'for_each = local.post_build_file_downloads' without the quotes and interpolation markers.

Suggested change
for_each = "${local.post_build_file_downloads}"
for_each = local.post_build_file_downloads

Copilot uses AI. Check for mistakes.
labels = ["azure-arm.nodelifecycle-image-builder"]
Comment on lines +152 to +154
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The labels for dynamic provisioners should only contain the provisioner type, not include the source name. The labels should be ["file"] instead of ["azure-arm.nodelifecycle-image-builder"]. This pattern appears throughout the build block but is inconsistent with standard Packer HCL2 syntax for dynamic blocks.

Copilot uses AI. Check for mistakes.
content {
type = "file"
direction = "download"
source = provisioner.value.source
destination = provisioner.value.destination
}
}

provisioner "shell" {
inline = ["sudo rm /opt/azure/vhd-build-performance-data.json", "sudo rm /opt/azure/vhd-grid-compatibility-data.json", "sudo rm /var/log/bcc_installation.log"]
}

provisioner "shell" {
inline = ["sudo /bin/bash -eux /home/packer/cis.sh", "sudo /bin/bash -eux /opt/azure/containers/cleanup-vhd.sh", "sudo /usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync || exit 125"]
}

error-cleanup-provisioner "shell" {
inline = ["sudo /bin/bash /home/packer/generate-disk-usage.sh"]
}
}
54 changes: 54 additions & 0 deletions vhdbuilder/packer/buildconfig/dynamic-provisioners/azlinux_file_upload.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
{
"files": [
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/cse_install_mariner.sh",
"destination": "/home/packer/provision_installs_distro.sh"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/cse_helpers_mariner.sh",
"destination": "/home/packer/provision_source_distro.sh"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/mariner-package-update.sh",
"destination": "/home/packer/mariner-package-update.sh"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/package-update.service",
"destination": "/home/packer/snapshot-update.service"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/package-update.timer",
"destination": "/home/packer/snapshot-update.timer"
},
{
"type": "file",
"source": "vhdbuilder/scripts/linux/mariner/tool_installs_mariner.sh",
"destination": "/home/packer/tool_installs_distro.sh"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/pam-d-system-auth",
"destination": "/home/packer/pam-d-system-auth"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/pam-d-system-password",
"destination": "/home/packer/pam-d-system-password"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/update_certs_mariner.service",
"destination": "/home/packer/update_certs.service"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/update_certs.service",
"destination": "/home/packer/update_certs.service"
Comment on lines +47 to +51
Copy link

Copilot AI Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate file entry detected. The file "update_certs.service" is being uploaded twice with the same destination path. Lines 44-47 upload from "mariner/update_certs_mariner.service" and lines 48-52 upload from "update_certs.service", both to the same destination "/home/packer/update_certs.service". This will cause the second upload to overwrite the first. You should remove one of these entries or verify which source file is correct.

Suggested change
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/update_certs.service",
"destination": "/home/packer/update_certs.service"

Copilot uses AI. Check for mistakes.
Comment on lines +47 to +51
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both file entries upload to the same destination /home/packer/update_certs.service, but from different sources. The second upload will overwrite the first one. This appears to be a duplicate or conflicting configuration. Verify which source file is the correct one to use for Azure Linux/Mariner builds.

Suggested change
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/update_certs.service",
"destination": "/home/packer/update_certs.service"

Copilot uses AI. Check for mistakes.
}
]
}
Loading
Loading