Create a new VM image version from an existing image version using Azure Image Builder in Linux

Applies to: ✔️ Linux VMs ✔️ Flexible scale sets

This article shows you how to take an existing image version in a Shared Image Gallery, update it, and publish it as a new image version to the gallery.

We will be using a sample .json template to configure the image. The .json file we are using is here: helloImageTemplateforSIGfromSIG.json.

Register the features

To use Azure Image Builder, you need to register the feature.

Check your registration.

az provider show -n Microsoft.VirtualMachineImages | grep registrationState
az provider show -n Microsoft.KeyVault | grep registrationState
az provider show -n Microsoft.Compute | grep registrationState
az provider show -n Microsoft.Storage | grep registrationState
az provider show -n Microsoft.Network | grep registrationState

If they do not say registered, run the following:

az provider register -n Microsoft.VirtualMachineImages
az provider register -n Microsoft.Compute
az provider register -n Microsoft.KeyVault
az provider register -n Microsoft.Storage
az provider register -n Microsoft.Network

Set variables and permissions

If you used Create an image and distribute to a Shared Image Gallery to create your Shared Image Gallery, you've already created some of the variables we need. If not, please setup some variables to be used for this example.

# Resource group name 
sigResourceGroup=ibLinuxGalleryRG
# Gallery location 
location=westus2
# Additional region to replicate the image version to 
additionalregion=eastus
# Name of the shared image gallery 
sigName=myIbGallery
# Name of the image definition to use
imageDefName=myIbImageDef
# image distribution metadata reference name
runOutputName=aibSIGLinuxUpdate

Create a variable for your subscription ID.

subscriptionID=$(az account show --query id --output tsv)

Get the image version that you want to update.

sigDefImgVersionId=$(az sig image-version list \
   -g $sigResourceGroup \
   --gallery-name $sigName \
   --gallery-image-definition $imageDefName \
   --subscription $subscriptionID --query [].'id' -o tsv)

Create a user-assigned identity and set permissions on the resource group

As you had set the user-identity up in the previous example, you just need to get the Resource ID of it, this will then be appended to the template.

#get identity used previously
imgBuilderId=$(az identity list -g $sigResourceGroup --query "[?contains(name, 'aibBuiUserId')].id" -o tsv)

If you already have your own Shared Image Gallery, and did not follow the previous example, you will need to assign permissions for Image Builder to access the Resource Group, so it can access the gallery. Please review the steps in the Create an image and distribute to a Shared Image Gallery example.

Modify helloImage example

You can review the example we are about to use by opening the .json file here: helloImageTemplateforSIGfromSIG.json along with the Image Builder template reference.

Download the .json example and configure it with your variables.

curl https://raw.githubusercontent.com/azure/azvmimagebuilder/master/quickquickstarts/8_Creating_a_Custom_Linux_Shared_Image_Gallery_Image_from_SIG/helloImageTemplateforSIGfromSIG.json -o helloImageTemplateforSIGfromSIG.json
sed -i -e "s/<subscriptionID>/$subscriptionID/g" helloImageTemplateforSIGfromSIG.json
sed -i -e "s/<rgName>/$sigResourceGroup/g" helloImageTemplateforSIGfromSIG.json
sed -i -e "s/<imageDefName>/$imageDefName/g" helloImageTemplateforSIGfromSIG.json
sed -i -e "s/<sharedImageGalName>/$sigName/g" helloImageTemplateforSIGfromSIG.json
sed -i -e "s%<sigDefImgVersionId>%$sigDefImgVersionId%g" helloImageTemplateforSIGfromSIG.json
sed -i -e "s/<region1>/$location/g" helloImageTemplateforSIGfromSIG.json
sed -i -e "s/<region2>/$additionalregion/g" helloImageTemplateforSIGfromSIG.json
sed -i -e "s/<runOutputName>/$runOutputName/g" helloImageTemplateforSIGfromSIG.json
sed -i -e "s%<imgBuilderId>%$imgBuilderId%g" helloImageTemplateforSIGfromSIG.json

Create the image

Submit the image configuration to the VM Image Builder Service.

az resource create \
    --resource-group $sigResourceGroup \
    --properties @helloImageTemplateforSIGfromSIG.json \
    --is-full-object \
    --resource-type Microsoft.VirtualMachineImages/imageTemplates \
    -n helloImageTemplateforSIGfromSIG01

Start the image build.

az resource invoke-action \
     --resource-group $sigResourceGroup \
     --resource-type  Microsoft.VirtualMachineImages/imageTemplates \
     -n helloImageTemplateforSIGfromSIG01 \
     --action Run 

Wait until the image has been built and replication before moving on to the next step.

Create the VM

az vm create \
  --resource-group $sigResourceGroup \
  --name aibImgVm001 \
  --admin-username azureuser \
  --location $location \
  --image "/subscriptions/$subscriptionID/resourceGroups/$sigResourceGroup/providers/Microsoft.Compute/galleries/$sigName/images/$imageDefName/versions/latest" \
  --generate-ssh-keys

Create an SSH connection to the VM using the public IP address of the VM.

ssh azureuser@<pubIp>

You should see the image was customized with a "Message of the Day" as soon as your SSH connection is established.

*******************************************************
**            This VM was built from the:            **
**      !! AZURE VM IMAGE BUILDER Custom Image !!    **
**         You have just been Customized :-)         **
*******************************************************

Type exit to close the SSH connection.

You can also list the image versions that are now available in your gallery.

az sig image-version list -g $sigResourceGroup -r $sigName -i $imageDefName -o table

Next steps

To learn more about the components of the .json file used in this article, see Image builder template reference.