Skip to content

feat: migrate Packer templates to HCL2 #7689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
zachary-bailey wants to merge 61 commits into
base: main
Choose a base branch
from
Draft

feat: migrate Packer templates to HCL2 #7689

Show file tree
Hide file tree
Changes from 53 commits
Commits
Show all changes
61 commits
Select commit Hold shift + click to select a range
878d6ab
fix
zachary-bailey Jan 15, 2026
ec9eb1d
fix
zachary-bailey Jan 15, 2026
ae4bd66
fix
zachary-bailey Jan 15, 2026
bbf594a
fix
zachary-bailey Jan 15, 2026
2813ae6
fix
zachary-bailey Jan 15, 2026
b64a1e2
fix
zachary-bailey Jan 16, 2026
fda2c78
fix
zachary-bailey Jan 16, 2026
b1e5562
fix: handle cvm with locals
zachary-bailey Jan 16, 2026
5780d39
fix
zachary-bailey Jan 16, 2026
7c2414a
fix
zachary-bailey Jan 16, 2026
5320b51
fix
zachary-bailey Jan 16, 2026
254cc73
fix
zachary-bailey Jan 16, 2026
3743cd1
fix
zachary-bailey Jan 16, 2026
d624b2b
fix
zachary-bailey Jan 16, 2026
ddfd448
fix
zachary-bailey Jan 16, 2026
d4c47c6
fix
zachary-bailey Jan 16, 2026
560285a
fix
zachary-bailey Jan 16, 2026
27d56e3
fix
zachary-bailey Jan 16, 2026
621fc07
fix
zachary-bailey Jan 16, 2026
e7408e0
fix
zachary-bailey Jan 16, 2026
eb944b6
fix
zachary-bailey Jan 16, 2026
67a3c1e
fix
zachary-bailey Jan 16, 2026
c981a91
fix
zachary-bailey Jan 16, 2026
1870755
fix
zachary-bailey Jan 16, 2026
3ea4815
fix
zachary-bailey Jan 16, 2026
633a7a7
fix
zachary-bailey Jan 16, 2026
817fa00
fix
zachary-bailey Jan 16, 2026
98bc715
fix
zachary-bailey Jan 16, 2026
df13038
fix
zachary-bailey Jan 16, 2026
6d5b1ac
fix
zachary-bailey Jan 16, 2026
467561c
fix
zachary-bailey Jan 16, 2026
abe288d
fix
zachary-bailey Jan 16, 2026
17ff89b
fix
zachary-bailey Jan 16, 2026
6a35887
fix
zachary-bailey Jan 16, 2026
d69fbbf
fix
zachary-bailey Jan 16, 2026
ec0086d
fix
zachary-bailey Jan 16, 2026
2a736db
fix
zachary-bailey Jan 16, 2026
f59ea5b
fix
zachary-bailey Jan 16, 2026
71a4ac9
fix
zachary-bailey Jan 16, 2026
b93f353
fix
zachary-bailey Jan 16, 2026
388cb7d
fix
zachary-bailey Jan 16, 2026
7ed7b8f
Merge branch 'main' into zb/migrateToHCL2
zachary-bailey Jan 20, 2026
65b9fb7
fix
zachary-bailey Jan 20, 2026
ba1fa16
fix
zachary-bailey Jan 20, 2026
873008b
fix
zachary-bailey Jan 20, 2026
8e5f620
fix
zachary-bailey Jan 20, 2026
9d2fc52
fix
zachary-bailey Jan 20, 2026
7823d1c
fux
zachary-bailey Jan 20, 2026
88ee1fd
fix
zachary-bailey Jan 20, 2026
54e81bc
fix
zachary-bailey Jan 20, 2026
32f79df
Merge branch 'main' into zb/migrateToHCL2
zachary-bailey Jan 27, 2026
5530482
fix
zachary-bailey Jan 27, 2026
5685aaf
fix
zachary-bailey Jan 27, 2026
0db2de7
Merge branch 'main' into zb/migrateToHCL2
zachary-bailey Jan 28, 2026
660f285
fix
zachary-bailey Jan 28, 2026
ecbf762
fix
zachary-bailey Jan 28, 2026
8b61c2c
fix
zachary-bailey Jan 28, 2026
354b240
fix
zachary-bailey Jan 28, 2026
87d67b2
fix
zachary-bailey Jan 28, 2026
a4e24c6
fix
zachary-bailey Jan 28, 2026
3b0d6d9
fix
zachary-bailey Jan 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 12 additions & 22 deletions packer.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,13 @@ build-packer: generate-prefetch-scripts build-aks-node-controller build-lister-b
ifeq (${ARCHITECTURE},ARM64)
@echo "${MODE}: Building with Hyper-v generation 2 ARM64 VM"
ifeq (${OS_SKU},Ubuntu)
@echo "Using packer template file vhd-image-builder-arm64-gen2.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-arm64-gen2.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else ifeq (${OS_SKU},CBLMariner)
@echo "Using packer template file vhd-image-builder-mariner-arm64.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner-arm64.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else ifeq (${OS_SKU},AzureLinux)
@echo "Using packer template file vhd-image-builder-mariner-arm64.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner-arm64.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else ifeq (${OS_SKU},Flatcar)
@echo "Using packer template file vhd-image-builder-flatcar-arm64.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-flatcar-arm64.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else
$(error OS_SKU was invalid ${OS_SKU})
endif
Expand All @@ -36,26 +32,20 @@ else
endif
ifeq (${OS_SKU},Ubuntu)
ifeq ($(findstring cvm,$(FEATURE_FLAGS)),cvm)
@echo "Using packer template file vhd-image-builder-cvm.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-cvm.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else
@echo "Using packer template file vhd-image-builder-base.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-base.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
endif
else ifeq (${OS_SKU},CBLMariner)
@echo "Using packer template file vhd-image-builder-mariner.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else ifeq (${OS_SKU},AzureLinux)
ifeq ($(findstring cvm,$(FEATURE_FLAGS)),cvm)
@echo "Using packer template file vhd-image-builder-mariner-cvm.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner-cvm.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else
@echo "Using packer template file vhd-image-builder-mariner.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
endif
else ifeq (${OS_SKU},Flatcar)
@echo "Using packer template file vhd-image-builder-flatcar.json"
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-flatcar.json
@packer build -timestamp-ui -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
else
$(error OS_SKU was invalid ${OS_SKU})
endif
Expand Down Expand Up @@ -87,10 +77,10 @@ az-login:
@az account set -s ${SUBSCRIPTION_ID}

init-packer:
@./vhdbuilder/packer/produce-packer-settings.sh ${AZCLI_VERSION_OVERRIDE}
@./vhdbuilder/packer/buildconfig/produce-packer-settings.sh ${AZCLI_VERSION_OVERRIDE}

run-packer: az-login
@packer init ./vhdbuilder/packer/packer-plugin.pkr.hcl && packer version && ($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-packer | tee -a packer-output)
@packer init ./vhdbuilder/packer/buildconfig/build.pkr.hcl && packer version && ($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-packer | tee -a packer-output)
Copy link

Copilot AI Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The packer init command should target the directory containing all HCL files (buildconfig) rather than just build.pkr.hcl. The correct command should be:

packer init ./vhdbuilder/packer/buildconfig

This ensures all .pkr.hcl files in the directory are properly initialized.

Suggested change
@packer init ./vhdbuilder/packer/buildconfig/build.pkr.hcl && packer version && ($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-packer | tee -a packer-output)
@packer init ./vhdbuilder/packer/buildconfig && packer version && ($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-packer | tee -a packer-output)

Copilot uses AI. Check for mistakes.

run-imagecustomizer: az-login
@($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-imagecustomizer | tee -a packer-output)
Expand Down
168 changes: 168 additions & 0 deletions vhdbuilder/packer/buildconfig/build.pkr.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,168 @@
// This build block is used for all Linux VHD builds with Packer
build {
sources = ["source.azure-arm.nodelifecycle-image-builder"]

provisioner "shell" {
inline = ["sudo mkdir -p /opt/azure/containers", "sudo mkdir -p /opt/scripts", "sudo mkdir -p /opt/certs"]
}

// These files are common to all VHDs, and will be uploaded to the Packer VM regardless of distro
dynamic "provisioner" {
for_each = "${local.common_file_upload}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dynamic provisioner blocks use "${local.common_file_upload}" with unnecessary string interpolation. In HCL2, for_each expects a map or set directly, so this should be written as 'for_each = local.common_file_upload' without the quotes and interpolation markers.

Copilot uses AI. Check for mistakes.
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
}
}

// Ubuntu-specific file uploads
dynamic "provisioner" {
for_each = "${local.ubuntu_file_upload}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dynamic provisioner blocks use "${local.ubuntu_file_upload}" with unnecessary string interpolation. In HCL2, for_each expects a map or set directly, so this should be written as 'for_each = local.ubuntu_file_upload' without the quotes and interpolation markers.

Suggested change
for_each = "${local.ubuntu_file_upload}"
for_each = local.ubuntu_file_upload

Copilot uses AI. Check for mistakes.
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "ubuntu"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The when condition is checking "os_sku" but should be checking "os_version" to match the logic in the locals block (line 15 of variables.pkr.hcl) which uses os_version for Ubuntu detection. This mismatch will cause Ubuntu-specific files to not be uploaded when they should be.

Suggested change
when = lower(var.os_sku) == "ubuntu"
when = lower(var.os_version) == "ubuntu"

Copilot uses AI. Check for mistakes.
}
Comment on lines +28 to +29
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The conditional 'when' should use 'only_on' in HCL2 Packer provisioners, not 'when'. The 'when' attribute doesn't exist in Packer HCL2 syntax. To conditionally execute provisioners based on variable values, you should use the 'only' or 'except' attributes with build sources, or handle the condition within the provisioner script itself.

Copilot uses AI. Check for mistakes.
}

// AzureLinux-specific file uploads
dynamic "provisioner" {
for_each = "${local.azlinux_file_upload}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dynamic provisioner blocks use "${local.azlinux_file_upload}" with unnecessary string interpolation. In HCL2, for_each expects a map or set directly, so this should be written as 'for_each = local.azlinux_file_upload' without the quotes and interpolation markers.

Suggested change
for_each = "${local.azlinux_file_upload}"
for_each = local.azlinux_file_upload

Copilot uses AI. Check for mistakes.
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "cblmariner"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The when condition is checking "os_sku" but the variable being used should likely match what determines AzureLinux/CBLMariner distribution. The logic may need to check os_version or a combination of conditions. Additionally, the condition checks for "cblmariner" but this provisioner block is labeled for "AzureLinux-specific" files, which suggests a potential naming mismatch.

Suggested change
when = lower(var.os_sku) == "cblmariner"
when = lower(var.os_sku) == "azlinux"

Copilot uses AI. Check for mistakes.
}
}

// Flatcar-specific file uploads
dynamic "provisioner" {
for_each = "${local.flatcar_file_upload}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dynamic provisioner blocks use "${local.flatcar_file_upload}" with unnecessary string interpolation. In HCL2, for_each expects a map or set directly, so this should be written as 'for_each = local.flatcar_file_upload' without the quotes and interpolation markers.

Copilot uses AI. Check for mistakes.
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "flatcar"
Comment on lines 22 to 52
Copy link

Copilot AI Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The when attribute is not valid for dynamic provisioners in Packer. The conditional logic should be implemented using a conditional expression in the for_each itself:

for_each = lower(var.os_sku) == "flatcar" ? local.flatcar_file_upload : []
Suggested change
for_each = "${local.ubuntu_file_upload}"
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "ubuntu"
}
}
// AzureLinux-specific file uploads
dynamic "provisioner" {
for_each = "${local.azlinux_file_upload}"
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "cblmariner"
}
}
// Flatcar-specific file uploads
dynamic "provisioner" {
for_each = "${local.flatcar_file_upload}"
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "flatcar"
for_each = lower(var.os_sku) == "ubuntu" ? local.ubuntu_file_upload : []
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
}
}
// AzureLinux-specific file uploads
dynamic "provisioner" {
for_each = lower(var.os_sku) == "cblmariner" ? local.azlinux_file_upload : []
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
}
}
// Flatcar-specific file uploads
dynamic "provisioner" {
for_each = lower(var.os_sku) == "flatcar" ? local.flatcar_file_upload : []
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination

Copilot uses AI. Check for mistakes.
Comment on lines 22 to 52
Copy link

Copilot AI Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The when attribute is not a valid attribute for dynamic provisioners in Packer. The conditional logic should be implemented using a conditional expression in the for_each itself. For example:

for_each = lower(var.os_sku) == "ubuntu" ? local.ubuntu_file_upload : []

This pattern should be applied to all conditionally executed provisioners (Ubuntu, AzureLinux, and Flatcar).

Suggested change
for_each = "${local.ubuntu_file_upload}"
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "ubuntu"
}
}
// AzureLinux-specific file uploads
dynamic "provisioner" {
for_each = "${local.azlinux_file_upload}"
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "cblmariner"
}
}
// Flatcar-specific file uploads
dynamic "provisioner" {
for_each = "${local.flatcar_file_upload}"
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "flatcar"
for_each = lower(var.os_sku) == "ubuntu" ? local.ubuntu_file_upload : []
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
}
}
// AzureLinux-specific file uploads
dynamic "provisioner" {
for_each = lower(var.os_sku) == "cblmariner" ? local.azlinux_file_upload : []
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
}
}
// Flatcar-specific file uploads
dynamic "provisioner" {
for_each = lower(var.os_sku) == "flatcar" ? local.flatcar_file_upload : []
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination

Copilot uses AI. Check for mistakes.
Comment on lines 22 to 52
Copy link

Copilot AI Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The when attribute is not valid for dynamic provisioners in Packer. The conditional logic should be implemented using a conditional expression in the for_each itself:

for_each = lower(var.os_sku) == "cblmariner" ? local.azlinux_file_upload : []
Suggested change
for_each = "${local.ubuntu_file_upload}"
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "ubuntu"
}
}
// AzureLinux-specific file uploads
dynamic "provisioner" {
for_each = "${local.azlinux_file_upload}"
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "cblmariner"
}
}
// Flatcar-specific file uploads
dynamic "provisioner" {
for_each = "${local.flatcar_file_upload}"
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "flatcar"
for_each = lower(var.os_sku) == "ubuntu" ? local.ubuntu_file_upload : []
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
}
}
// AzureLinux-specific file uploads
dynamic "provisioner" {
for_each = lower(var.os_sku) == "cblmariner" ? local.azlinux_file_upload : []
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
}
}
// Flatcar-specific file uploads
dynamic "provisioner" {
for_each = lower(var.os_sku) == "flatcar" ? local.flatcar_file_upload : []
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The when condition is checking "os_sku" but should be checking "os_version" to match the logic in the locals block (line 15 of variables.pkr.hcl) which uses os_version for Flatcar detection. This mismatch will cause Flatcar-specific files to not be uploaded when they should be.

Suggested change
when = lower(var.os_sku) == "flatcar"
when = lower(var.os_version) == "flatcar"

Copilot uses AI. Check for mistakes.
}
}

Comment on lines 22 to 55
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The conditional logic for the when attribute is incorrect. In HCL2, conditionals should use a boolean expression directly, but here lower(var.os_sku) == "ubuntu" returns a boolean, which should work. However, verify that the when attribute is supported in this context, as it's not a standard Packer provisioner attribute. The correct approach would be to wrap the entire dynamic block with a conditional or use only at the build level.

Suggested change
for_each = "${local.ubuntu_file_upload}"
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "ubuntu"
}
}
// AzureLinux-specific file uploads
dynamic "provisioner" {
for_each = "${local.azlinux_file_upload}"
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "cblmariner"
}
}
// Flatcar-specific file uploads
dynamic "provisioner" {
for_each = "${local.flatcar_file_upload}"
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
when = lower(var.os_sku) == "flatcar"
}
}
for_each = lower(var.os_sku) == "ubuntu" ? local.ubuntu_file_upload : []
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
}
}
// AzureLinux-specific file uploads
dynamic "provisioner" {
for_each = lower(var.os_sku) == "cblmariner" ? local.azlinux_file_upload : []
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
}
}
// Flatcar-specific file uploads
dynamic "provisioner" {
for_each = lower(var.os_sku) == "flatcar" ? local.flatcar_file_upload : []
content {
type = "file"
source = provisioner.value.source
destination = provisioner.value.destination
}
}

Copilot uses AI. Check for mistakes.
// Architecture-specific aks-node-controller upload
provisioner "file" {
destination = "${var.aks_node_controller}"
source = "/home/packer/aks-node-controller"
Copy link

Copilot AI Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The source and destination are swapped. In a file provisioner, the source should be the local file path and destination should be the remote path. Currently, the aks-node-controller binary path (which should be the source) is set as the destination, and the remote path is set as the source. This should be:

source      = "${local.aks_node_controller}"
destination = "/home/packer/aks-node-controller"
Suggested change
destination = "${var.aks_node_controller}"
source = "/home/packer/aks-node-controller"
source = "${local.aks_node_controller}"
destination = "/home/packer/aks-node-controller"

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incorrect provisioner file configuration. The destination and source parameters are swapped. According to Packer documentation, for file provisioners, source should be the local path and destination should be the remote path. Here, var.aks_node_controller appears to be a local file path but is assigned to destination, while /home/packer/aks-node-controller should be the destination on the VM.

Suggested change
destination = "${var.aks_node_controller}"
source = "/home/packer/aks-node-controller"
source = "/home/packer/aks-node-controller"
destination = "${var.aks_node_controller}"

Copilot uses AI. Check for mistakes.
}


// Build Process begins
// pre-install-dependencies.sh, install-dependencies.sh, post-install-dependencies.sh, and list-images.sh are run in order, typically with reboots and file downloads in between
provisioner "shell" {
inline = ["/bin/bash -ux /home/packer/pre-install-dependencies.sh"]
environment_vars = [
FEATURE_FLAGS=${var.feature_flags},
BUILD_NUMBER=${var.build_number},
BUILD_ID=${var.build_id},
COMMIT=${var.commit},
HYPERV_GENERATION=${var.hyperv_generation},
CONTAINER_RUNTIME=${var.container_runtime},
TELEPORTD_PLUGIN_DOWNLOAD_URL=${var.teleportd_plugin_download_url},
ENABLE_FIPS=${var.enable_fips},
IMG_SKU=${var.img_sku},
UA_TOKEN=${var.ua_token},
VHD_BUILD_TIMESTAMP=${local.vhd_build_timestamp}
Copy link

Copilot AI Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The local variable vhd_build_timestamp is referenced but never defined in the variables.pkr.hcl file. This will cause a Packer error. You need to add a local or variable definition for vhd_build_timestamp.

Copilot uses AI. Check for mistakes.
]
}

provisioner "shell" {
expect_disconnect = true
inline = "${local.reboot_command}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The inline command is using string interpolation for a list value. In HCL2, when 'inline' expects a list, you should use array syntax. Change this from 'inline = "${local.reboot_command}"' to 'inline = [local.reboot_command]' (without quotes and with square brackets).

Suggested change
inline = "${local.reboot_command}"
inline = [local.reboot_command]

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unnecessary string interpolation. Change inline = "${local.reboot_command}" to inline = [local.reboot_command] since inline expects a list of strings, not a single interpolated string.

Suggested change
inline = "${local.reboot_command}"
inline = [local.reboot_command]

Copilot uses AI. Check for mistakes.
pause_after = "60s"
skip_clean = true
}

provisioner "shell" {
inline = ["/bin/bash -ux /home/packer/install-dependencies.sh"]
environment_vars = [
FEATURE_FLAGS=${var.feature_flags},
BUILD_NUMBER=${var.build_number},
BUILD_ID=${var.build_id},
COMMIT=${var.commit},
HYPERV_GENERATION=${var.hyperv_generation},
CONTAINER_RUNTIME=${var.container_runtime},
TELEPORTD_PLUGIN_DOWNLOAD_URL=${var.teleportd_plugin_download_url},
ENABLE_FIPS=${var.enable_fips},
IMG_SKU=${var.img_sku},
PRIVATE_PACKAGES_URL=${var.private_packages_url},
VHD_BUILD_TIMESTAMP=${local.vhd_build_timestamp}
]
}

provisioner "shell" {
inline = ["sudo /bin/bash /home/packer/generate-disk-usage.sh"]
}

dynamic "provisioner" {
for_each = "${local.midway_file_downloads}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dynamic provisioner blocks use "${local.midway_file_downloads}" with unnecessary string interpolation. In HCL2, for_each expects a map or set directly, so this should be written as 'for_each = local.midway_file_downloads' without the quotes and interpolation markers.

Suggested change
for_each = "${local.midway_file_downloads}"
for_each = local.midway_file_downloads

Copilot uses AI. Check for mistakes.
content {
type = "file"
direction = "download"
source = provisioner.value.source
destination = provisioner.value.destination
}
}

provisioner "shell" {
expect_disconnect = true
inline = "${local.reboot_command}"
Comment on lines 84 to 123
Copy link

Copilot AI Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unnecessary string interpolation. The expression "${local.reboot_command}" can be simplified to local.reboot_command since it's already a string value. The same simplification can be applied throughout this file where single values are wrapped in string interpolation without additional text.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unnecessary string interpolation. Change inline = "${local.reboot_command}" to inline = [local.reboot_command] since inline expects a list of strings, not a single interpolated string.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The inline parameter expects an array but the value is incorrectly wrapped in string interpolation syntax. It should be inline = [local.reboot_command] instead of inline = "${local.reboot_command}" to properly pass an array of commands to the shell provisioner.

Copilot uses AI. Check for mistakes.
pause_after = "60s"
skip_clean = true
}

provisioner "shell" {
inline = ["/bin/bash -ux /home/packer/post-install-dependencies.sh"]
environment_vars = [
FEATURE_FLAGS=${var.feature_flags},
BUILD_NUMBER=${var.build_number},
BUILD_ID=${var.build_id},
COMMIT=${var.commit},
HYPERV_GENERATION=${var.hyperv_generation},
CONTAINER_RUNTIME=${var.container_runtime},
TELEPORTD_PLUGIN_DOWNLOAD_URL=${var.teleportd_plugin_download_url},
ENABLE_FIPS=${var.enable_fips},
IMG_SKU=${var.img_sku}
]
}

provisioner "shell" {
inline = ["/bin/bash -ux /home/packer/list-images.sh"]
environment_vars = [
SKU_NAME=${var.sku_name},
IMAGE_VERSION=${var.image_version},
CONTAINER_RUNTIME=${var.container_runtime}
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The environment variable assignments are missing quotes around the variable references. In HCL2 shell provisioners, environment_vars should be strings in the format "KEY=value". Change these lines to use proper quoting, for example: "SKU_NAME=${var.sku_name}" instead of SKU_NAME=${var.sku_name}.

Suggested change
SKU_NAME=${var.sku_name},
IMAGE_VERSION=${var.image_version},
CONTAINER_RUNTIME=${var.container_runtime}
"SKU_NAME=${var.sku_name}",
"IMAGE_VERSION=${var.image_version}",
"CONTAINER_RUNTIME=${var.container_runtime}"

Copilot uses AI. Check for mistakes.
]
}

dynamic "provisioner" {
for_each = "${local.post_build_file_downloads}"
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dynamic provisioner blocks use "${local.post_build_file_downloads}" with unnecessary string interpolation. In HCL2, for_each expects a map or set directly, so this should be written as 'for_each = local.post_build_file_downloads' without the quotes and interpolation markers.

Suggested change
for_each = "${local.post_build_file_downloads}"
for_each = local.post_build_file_downloads

Copilot uses AI. Check for mistakes.
content {
type = "file"
direction = "download"
source = provisioner.value.source
destination = provisioner.value.destination
}
}

provisioner "shell" {
inline = ["sudo rm /opt/azure/vhd-build-performance-data.json", "sudo rm /opt/azure/vhd-grid-compatibility-data.json", "sudo rm /var/log/bcc_installation.log"]
}

provisioner "shell" {
inline = ["sudo /bin/bash -eux /home/packer/cis.sh", "sudo /bin/bash -eux /opt/azure/containers/cleanup-vhd.sh", "sudo /usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync || exit 125"]
}

error-cleanup-provisioner "shell" {
inline = ["sudo /bin/bash /home/packer/generate-disk-usage.sh"]
}
}
54 changes: 54 additions & 0 deletions vhdbuilder/packer/buildconfig/dynamic-provisioners/azlinux_file_upload.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
{
"files": [
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/cse_install_mariner.sh",
"destination": "/home/packer/provision_installs_distro.sh"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/cse_helpers_mariner.sh",
"destination": "/home/packer/provision_source_distro.sh"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/mariner-package-update.sh",
"destination": "/home/packer/mariner-package-update.sh"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/package-update.service",
"destination": "/home/packer/snapshot-update.service"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/package-update.timer",
"destination": "/home/packer/snapshot-update.timer"
},
{
"type": "file",
"source": "vhdbuilder/scripts/linux/mariner/tool_installs_mariner.sh",
"destination": "/home/packer/tool_installs_distro.sh"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/pam-d-system-auth",
"destination": "/home/packer/pam-d-system-auth"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/pam-d-system-password",
"destination": "/home/packer/pam-d-system-password"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/mariner/update_certs_mariner.service",
"destination": "/home/packer/update_certs.service"
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/update_certs.service",
"destination": "/home/packer/update_certs.service"
Comment on lines +47 to +51
Copy link

Copilot AI Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate file entry detected. The file "update_certs.service" is being uploaded twice with the same destination path. Lines 44-47 upload from "mariner/update_certs_mariner.service" and lines 48-52 upload from "update_certs.service", both to the same destination "/home/packer/update_certs.service". This will cause the second upload to overwrite the first. You should remove one of these entries or verify which source file is correct.

Suggested change
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/update_certs.service",
"destination": "/home/packer/update_certs.service"

Copilot uses AI. Check for mistakes.
Comment on lines +47 to +51
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both file entries upload to the same destination /home/packer/update_certs.service, but from different sources. The second upload will overwrite the first one. This appears to be a duplicate or conflicting configuration. Verify which source file is the correct one to use for Azure Linux/Mariner builds.

Suggested change
},
{
"type": "file",
"source": "parts/linux/cloud-init/artifacts/update_certs.service",
"destination": "/home/packer/update_certs.service"

Copilot uses AI. Check for mistakes.
}
]
}
Loading
Loading