anjuna-azure-cli disk
Creates disk images for Azure Confidential VM from a Docker image
You must be logged in to a valid Azure account permitted to access the cloud storage.
Use the az account show command to confirm that you are logged in.
If you are not logged in, consider using the az login command to initialize your az session.
|
DESCRIPTION
Creating an Azure Confidential VM requires an Azure-compatible disk-image.
The tool anjuna-azure-cli disk supports the following commands for working with disk images:
-
createto locally build VHD disk images -
uploadto upload locally built disk images to the Azure cloud storage -
deleteto remove disk images uploaded to the Azure cloud storage
CREATE
anjuna-azure-cli disk create [FLAGS]
The disk creation command currently requires root permissions. This can be achieved by
running the anjuna-azure-cli disk create command as root or by running the command with sudo.
If the command is not run with root permissions, using sudo will be attempted, which may
prompt for your user account password, and requires that your user account have sudo access.
|
FLAGS
--docker-uri Name of the Docker image, required (format: "NAME[:TAG]") --disk Path to the VHD disk image to create (default: disk.vhd) --disk-size Size of the data disk in bytes (default: 512 MiB) --kernel Path to the kernel blob to use (default: /opt/anjuna/azure/blob/bzImage) --ramfs Path to the initrd image blob to use (default: /opt/anjuna/azure/blob/initramfs.img) --save-measurements string Path to output file for saving the generated measurements in JSON format --signing-key string Path to signing key used to sign image (a PEM encoded RSA private key)
The Docker container can be specified by:
-
a Docker URI to any Docker registry you have access to (Docker Hub, Azure Container Registry, Artifactory Docker Registry, etc.)
-
a local URI (for example
hello-world:latest)
When using a Docker Registry, you must handle the authentication to that
registry before invoking the anjuna-azure-cli disk create command.
The only required parameter is --docker-uri. The other parameters are optional
and have default values.
After executing the command, a VHD disk image is created. By default, the name
of the file is disk.vhd (if not specified by the --disk command-line option).
UPLOAD
anjuna-azure-cli disk upload [FLAGS]
This command uploads the local disk image to an Azure Storage Container and creates a shared image in an Azure Shared Image Gallery. The Shared Image is saved as an 'Image Version' of a pre-existing 'Image Definition'.
You will need to have the following resources ready before you issue the upload command.
The anjuna-azure-cli command does not create the resources.
-
Resource Group
-
Storage Account
-
Storage Container
-
Image Gallery
-
Image Definition (settings shown below)
Azure requires some resources to be created in the same region/location.
Uploading the disk is a two-step operation, with step one uploading the disk to the storage container, and step two creating an Image Version.
anjuna-azure-cli combines these steps.
Azure requires the disk and the Image Version to be in the same region.
The disk is associated with the location of the storage container.
If no location or region is set, the Image Version is associated with an inherited location.
Therefore, to prevent unexpected errors, it is advisable to provide an explicit location or target-region on the anjuna-azure-cli command line.
|
Image Definition Settings
The Azure Image Definition must have the following settings to be used with anjuna-azure-cli disk upload:
Architecture: "x64"
Features: {
SecurityType: "ConfidentialVmSupported"
}
HyperVGeneration: "V2"
OsState: "Specialized"
OsType: "Linux"
FLAGS
--disk string path to the local disk to upload (default "disk.vhd") --image-definition string the Azure Image Definition to be updated (default: uses the value passed by --image-name) --image-gallery string the Azure Image Definition's parent shared image gallery --image-name string name of the uploaded disk image (default "disk.vhd") --image-version string the image version to be created --resource-group string the Azure resource group to be used for the artifacts needed for this operation -a, --storage-account string Storage account for the uploaded images --storage-container string Storage container to upload the disks to --location string (Optional) the location to associate with your resources --subscription-id string (Optional) Azure subscription ID to use --target-regions <region>[=<replica count>][=<storage account type>] (Optional) Use (<region>[=<replica count>][=<storage account type>]) to set regions and associated properties
Also read:
|
EXAMPLE
$ az sig image-definition show -g my-tests -r my_image_gallery --gallery-image-definition my_linux_image
{
"architecture": "x64",
"description": "",
"disallowed": {
"diskTypes": []
},
"endOfLifeDate": null,
"eula": null,
"features": [
{
"name": "SecurityType",
"value": "ConfidentialVmSupported"
}
],
"hyperVGeneration": "V2",
"id": "/subscriptions/****/resourceGroups/my-tests/providers/Microsoft.Compute/galleries/my_image_gallery/images/my_linux_image",
"identifier": {
"offer": "CVMGA",
"publisher": "Anjuna",
"sku": "mylinuxos"
},
"location": "eastus",
"name": "my_linux_image",
"osState": "Specialized",
"osType": "Linux",
"privacyStatementUri": null,
"provisioningState": "Succeeded",
"purchasePlan": null,
"recommended": {
"memory": {
"max": null,
"min": null
},
"vCpUs": {
"max": null,
"min": null
}
},
"releaseNoteUri": null,
"resourceGroup": "my-tests",
"tags": {},
"type": "Microsoft.Compute/galleries/images"
}
$ anjuna-azure-cli disk upload \
--disk hello-world-disk.vhd \
--image-name hello-world-disk.vhd \
--storage-account mystorageaccount \
--storage-container mystoragecontainer \
--resource-group myresourcegroup \
--image-gallery my_image_gallery \
--image-definition my_linux_image \
--image-version 0.1.0 \
--location eastus \
--subscription-id 123abcde-1234-1234-1234-12345678
DELETE
This command removes disk images previously uploaded to a storage container in the Azure cloud storage.
anjuna-azure-cli disk delete [FLAGS]