playbooks

home / skills / hashicorp / agent-skills / azure-image-builder

azure-image-builder skill

/packer/builders/skills/azure-image-builder

This skill helps you build Azure managed images and Compute Gallery assets using Packer, streamlining custom VM image creation for Azure deployments.

npx playbooks add skill hashicorp/agent-skills --skill azure-image-builder

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
4.1 KB
---
name: azure-image-builder
description: Build Azure managed images and Azure Compute Gallery images with Packer. Use when creating custom images for Azure VMs.
---

# Azure Image Builder

Build Azure managed images and Azure Compute Gallery images using Packer's `azure-arm` builder.

**Reference:** [Azure ARM Builder](https://developer.hashicorp.com/packer/integrations/hashicorp/azure/latest/components/builder/arm)

> **Note:** Building Azure images incurs costs (compute, storage, data transfer). Builds typically take 15-45 minutes depending on provisioning and OS.

## Basic Managed Image

```hcl
packer {
  required_plugins {
    azure = {
      source  = "github.com/hashicorp/azure"
      version = "~> 2.0"
    }
  }
}

variable "client_id" {
  type      = string
  sensitive = true
}

variable "client_secret" {
  type      = string
  sensitive = true
}

variable "subscription_id" {
  type = string
}

variable "tenant_id" {
  type = string
}

variable "resource_group" {
  type    = string
  default = "packer-images-rg"
}

locals {
  timestamp = regex_replace(timestamp(), "[- TZ:]", "")
}

source "azure-arm" "ubuntu" {
  client_id       = var.client_id
  client_secret   = var.client_secret
  subscription_id = var.subscription_id
  tenant_id       = var.tenant_id

  managed_image_resource_group_name = var.resource_group
  managed_image_name                = "my-app-${local.timestamp}"

  os_type         = "Linux"
  image_publisher = "Canonical"
  image_offer     = "0001-com-ubuntu-server-jammy"
  image_sku       = "22_04-lts-gen2"

  location = "East US"
  vm_size  = "Standard_B2s"

  azure_tags = {
    Name      = "my-app"
    BuildDate = local.timestamp
  }
}

build {
  sources = ["source.azure-arm.ubuntu"]

  provisioner "shell" {
    inline = [
      "sudo apt-get update",
      "sudo apt-get upgrade -y",
    ]
  }
}
```

## Azure Compute Gallery

```hcl
source "azure-arm" "ubuntu" {
  client_id       = var.client_id
  client_secret   = var.client_secret
  subscription_id = var.subscription_id
  tenant_id       = var.tenant_id

  os_type         = "Linux"
  image_publisher = "Canonical"
  image_offer     = "0001-com-ubuntu-server-jammy"
  image_sku       = "22_04-lts-gen2"

  location = "East US"
  vm_size  = "Standard_B2s"

  shared_image_gallery_destination {
    resource_group       = "gallery-rg"
    gallery_name         = "myImageGallery"
    image_name           = "ubuntu-webapp"
    image_version        = "1.0.${formatdate("YYYYMMDD", timestamp())}"
    replication_regions  = ["East US", "West US 2"]
    storage_account_type = "Standard_LRS"
  }
}
```

## Authentication

### Service Principal
```bash
# Create service principal
az ad sp create-for-rbac \
  --name "packer-sp" \
  --role Contributor \
  --scopes /subscriptions/<subscription-id>

# Set environment variables
export ARM_CLIENT_ID="<client-id>"
export ARM_CLIENT_SECRET="<client-secret>"
export ARM_SUBSCRIPTION_ID="<subscription-id>"
export ARM_TENANT_ID="<tenant-id>"
```

### Managed Identity
```hcl
source "azure-arm" "ubuntu" {
  use_azure_cli_auth = true
  subscription_id    = var.subscription_id
  # ... rest of configuration
}
```

## Build Commands

```bash
# Set authentication
export ARM_CLIENT_ID="your-client-id"
export ARM_CLIENT_SECRET="your-client-secret"
export ARM_SUBSCRIPTION_ID="your-subscription-id"
export ARM_TENANT_ID="your-tenant-id"

# Initialize plugins
packer init .

# Validate template
packer validate .

# Build image
packer build .
```

## Common Issues

**Authentication Failed**
- Verify service principal credentials
- Ensure Contributor role on resource group
- Check subscription and tenant IDs

**Compute Gallery Version Exists**
- Image versions are immutable
- Use unique version numbers with date/build number
- Cannot overwrite existing versions

**Timeout During Provisioning**
- Check network connectivity from build VM
- Verify NSG rules allow required traffic
- Increase timeout if needed

## References

- [Azure ARM Builder](https://developer.hashicorp.com/packer/integrations/hashicorp/azure/latest/components/builder/arm)
- [Azure Compute Gallery](https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery)

Overview

This skill builds Azure managed images and Azure Compute Gallery images using Packer's azure-arm builder. It automates VM provisioning, software installation, and image capture so you get repeatable, versioned VM images for Azure. Use it to produce custom Linux or Windows images optimized for deployment at scale.

How this skill works

The skill configures an azure-arm Packer source with Azure credentials, base image details, VM size, and location. It runs a temporary build VM, applies provisioners (shell, scripts, or configuration management), then either creates a managed image or publishes a version into an Azure Compute Gallery. Authentication uses a Service Principal or Azure CLI/Managed Identity.

When to use it

  • Create standardized golden images for production or testing environments.
  • Publish versioned images to Azure Compute Gallery for regional replication and scale.
  • Automate OS hardening, software installs, and configuration before VM deployment.
  • Replace manual VM cloning with repeatable, automated image builds.
  • Integrate image creation into CI/CD pipelines for immutable infrastructure.

Best practices

  • Use a Service Principal with least-privilege roles or managed identity to limit scope.
  • Keep image versions immutable; include timestamp or build number in the version string.
  • Minimize the number of provisioner steps in the image; offload ephemeral setup to startup scripts where possible.
  • Use shared image gallery for regional replication and to manage image lifecycle.
  • Monitor build costs and cleanup temporary resources to avoid unexpected charges.

Example use cases

  • Build a hardened Ubuntu image with corporate packages and security patches applied.
  • Publish a webserver image to Compute Gallery with versions per release date for blue/green deployments.
  • Automate Windows Server image creation with preinstalled roles and configuration.
  • Integrate Packer image builds into CI pipelines to produce artifact versions per commit.

FAQ

How do I authenticate Packer to Azure?

Use a Service Principal (ARM_CLIENT_* env vars) or enable Azure CLI/managed identity by setting use_azure_cli_auth. Ensure the identity has appropriate Contributor or specific resource permissions.

How do I avoid image version conflicts in Compute Gallery?

Image versions are immutable. Use unique version strings (date + build number) or increment versions per build to prevent collisions.