Azure · zachary-bailey · Jan 15, 2026 · Jan 15, 2026 · Jan 15, 2026 · Jan 15, 2026
@@ -12,17 +12,13 @@ build-packer: generate-prefetch-scripts build-aks-node-controller build-lister-b
 ifeq (${ARCHITECTURE},ARM64)
 	@echo "${MODE}: Building with Hyper-v generation 2 ARM64 VM"
 ifeq (${OS_SKU},Ubuntu)
-	@echo "Using packer template file vhd-image-builder-arm64-gen2.json"
-	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-arm64-gen2.json
+	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
 else ifeq (${OS_SKU},CBLMariner)
-	@echo "Using packer template file vhd-image-builder-mariner-arm64.json"
-	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner-arm64.json
+	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
 else ifeq (${OS_SKU},AzureLinux)
-	@echo "Using packer template file vhd-image-builder-mariner-arm64.json"
-	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner-arm64.json
+	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
 else ifeq (${OS_SKU},Flatcar)
-	@echo "Using packer template file vhd-image-builder-flatcar-arm64.json"
-	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-flatcar-arm64.json
+	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
 else
 	$(error OS_SKU was invalid ${OS_SKU})
 endif
@@ -36,26 +32,20 @@ else
 endif
 ifeq (${OS_SKU},Ubuntu)
 ifeq ($(findstring cvm,$(FEATURE_FLAGS)),cvm)
-	@echo "Using packer template file vhd-image-builder-cvm.json"
-	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-cvm.json
+	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
 else
-	@echo "Using packer template file vhd-image-builder-base.json"
-	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-base.json
+	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
 endif
 else ifeq (${OS_SKU},CBLMariner)
-	@echo "Using packer template file vhd-image-builder-mariner.json"
-	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner.json
+	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
 else ifeq (${OS_SKU},AzureLinux)
 ifeq ($(findstring cvm,$(FEATURE_FLAGS)),cvm)
-	@echo "Using packer template file vhd-image-builder-mariner-cvm.json"
-	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner-cvm.json
+	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
 else
-	@echo "Using packer template file vhd-image-builder-mariner.json"
-	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-mariner.json
+	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
 endif
 else ifeq (${OS_SKU},Flatcar)
-	@echo "Using packer template file vhd-image-builder-flatcar.json"
-	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/vhd-image-builder-flatcar.json
+	@packer build -timestamp-ui  -var-file=vhdbuilder/packer/settings.json vhdbuilder/packer/buildconfig
 else
 	$(error OS_SKU was invalid ${OS_SKU})
 endif
@@ -87,10 +77,10 @@ az-login:
 	@az account set -s ${SUBSCRIPTION_ID}
 
 init-packer:
-	@./vhdbuilder/packer/produce-packer-settings.sh ${AZCLI_VERSION_OVERRIDE}
+	@./vhdbuilder/packer/buildconfig/produce-packer-settings.sh ${AZCLI_VERSION_OVERRIDE}
 
 run-packer: az-login
-	@packer init ./vhdbuilder/packer/packer-plugin.pkr.hcl && packer version && ($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-packer | tee -a packer-output)
+	@packer init ./vhdbuilder/packer/buildconfig && packer version && ($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-packer | tee -a packer-output)
 
 run-imagecustomizer: az-login
 	@($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-imagecustomizer | tee -a packer-output)

@@ -0,0 +1,174 @@
+// This build block is used for all Linux VHD builds with Packer
+build {
+  sources = ["source.azure-arm.nodelifecycle-image-builder"]
+
+  provisioner "shell" {
+    inline = ["sudo mkdir -p /opt/azure/containers", "sudo mkdir -p /opt/scripts", "sudo mkdir -p /opt/certs"]
+  }
+
+  // These files are common to all VHDs, and will be uploaded to the Packer VM regardless of distro
+  dynamic "provisioner" {
+    for_each = "${local.common_file_upload}"
+    content {
+      labels = ["azure-arm.nodelifecycle-image-builder"]
+      type        = "file"
+      source      = provisioner.value.source
+      destination = provisioner.value.destination
+    }
+  }
+
+  // Ubuntu-specific file uploads
+  dynamic "provisioner" {
+    for_each = "${local.ubuntu_file_upload}"
-    for_each = "${local.ubuntu_file_upload}"
+    for_each = local.ubuntu_file_upload
-    for_each = "${local.ubuntu_file_upload}"
+    for_each = local.ubuntu_file_upload
+    content {
+      labels = ["azure-arm.nodelifecycle-image-builder"]
+      type        = "file"
+      source      = provisioner.value.source
+      destination = provisioner.value.destination
+      when        = lower(var.os_sku) == "ubuntu"
-      when        = lower(var.os_sku) == "ubuntu"
+      when        = lower(var.os_version) == "ubuntu"
-      when        = lower(var.os_sku) == "ubuntu"
+      when        = lower(var.os_version) == "ubuntu"
+    }
+  }
+
+  // AzureLinux-specific file uploads
+  dynamic "provisioner" {
+    for_each = "${local.azlinux_file_upload}"
-    for_each = "${local.azlinux_file_upload}"
+    for_each = local.azlinux_file_upload
-    for_each = "${local.azlinux_file_upload}"
+    for_each = local.azlinux_file_upload
+    content {
+      labels = ["azure-arm.nodelifecycle-image-builder"]
+      type        = "file"
+      source      = provisioner.value.source
+      destination = provisioner.value.destination
+      when        = lower(var.os_sku) == "cblmariner"
-      when        = lower(var.os_sku) == "cblmariner"
+      when        = lower(var.os_sku) == "azlinux"
-      when        = lower(var.os_sku) == "cblmariner"
+      when        = lower(var.os_sku) == "azlinux"
+    }
+  }
+
+  // Flatcar-specific file uploads
+  dynamic "provisioner" {
+    for_each = "${local.flatcar_file_upload}"
+    content {
+      labels = ["azure-arm.nodelifecycle-image-builder"]
+      type        = "file"
+      source      = provisioner.value.source
+      destination = provisioner.value.destination
+      when        = lower(var.os_sku) == "flatcar"
-      when        = lower(var.os_sku) == "flatcar"
+      when        = lower(var.os_version) == "flatcar"
-      when        = lower(var.os_sku) == "flatcar"
+      when        = lower(var.os_version) == "flatcar"
+    }
+  }
+
+  // Architecture-specific aks-node-controller upload
+  provisioner "file" {
+    destination = "${var.aks_node_controller}"
+    source      = "/home/packer/aks-node-controller"
-    destination = "${var.aks_node_controller}"
-    source      = "/home/packer/aks-node-controller"
+    source      = "${local.aks_node_controller}"
+    destination = "/home/packer/aks-node-controller"
-    destination = "${var.aks_node_controller}"
-    source      = "/home/packer/aks-node-controller"
+    source      = "/home/packer/aks-node-controller"
+    destination = "${var.aks_node_controller}"
-    destination = "${var.aks_node_controller}"
-    source      = "/home/packer/aks-node-controller"
+    source      = "${local.aks_node_controller}"
+    destination = "/home/packer/aks-node-controller"
-    destination = "${var.aks_node_controller}"
-    source      = "/home/packer/aks-node-controller"
+    source      = "/home/packer/aks-node-controller"
+    destination = "${var.aks_node_controller}"
+  }
+
+
+  // Build Process begins
+  // pre-install-dependencies.sh, install-dependencies.sh, post-install-dependencies.sh, and list-images.sh are run in order, typically with reboots and file downloads in between
+  provisioner "shell" {
+    inline = ["/bin/bash -ux /home/packer/pre-install-dependencies.sh"]
+    environment_vars = [
+      "FEATURE_FLAGS=${var.feature_flags}",
+      "BUILD_NUMBER=${var.build_number}",
+      "BUILD_ID=${var.build_id}",
+      "COMMIT=${var.commit}",
+      "HYPERV_GENERATION=${var.hyperv_generation}",
+      "CONTAINER_RUNTIME=${var.container_runtime}",
+      "TELEPORTD_PLUGIN_DOWNLOAD_URL=${var.teleportd_plugin_download_url}",
+      "ENABLE_FIPS=${var.enable_fips}",
+      "IMG_SKU=${var.img_sku}",
+      "UA_TOKEN=${var.ua_token}",
+      "VHD_BUILD_TIMESTAMP=${local.vhd_build_timestamp}"
+    ]
+  }
+
+  provisioner "shell" {
+    expect_disconnect = true
+    inline            = "${local.reboot_command}"
-    inline            = "${local.reboot_command}"
+    inline            = [local.reboot_command]
-    inline            = "${local.reboot_command}"
+    inline            = [local.reboot_command]
-    inline            = "${local.reboot_command}"
+    inline            = [local.reboot_command]
-    inline            = "${local.reboot_command}"
+    inline            = [local.reboot_command]
+    pause_after       = "60s"
+    skip_clean        = true
+  }
+
+  provisioner "shell" {
+    inline = ["/bin/bash -ux /home/packer/install-dependencies.sh"]
+    environment_vars = [
+      "FEATURE_FLAGS=${var.feature_flags}",
+      "BUILD_NUMBER=${var.build_number}",
+      "BUILD_ID=${var.build_id}",
+      "COMMIT=${var.commit}",
+      "HYPERV_GENERATION=${var.hyperv_generation}",
+      "CONTAINER_RUNTIME=${var.container_runtime}",
+      "TELEPORTD_PLUGIN_DOWNLOAD_URL=${var.teleportd_plugin_download_url}",
+      "ENABLE_FIPS=${var.enable_fips}",
+      "IMG_SKU=${var.img_sku}",
+      "PRIVATE_PACKAGES_URL=${var.private_packages_url}",
+      "VHD_BUILD_TIMESTAMP=${local.vhd_build_timestamp}"
-      "VHD_BUILD_TIMESTAMP=${local.vhd_build_timestamp}"
+      "VHD_BUILD_TIMESTAMP=${var.vhd_build_timestamp}"
-      "VHD_BUILD_TIMESTAMP=${local.vhd_build_timestamp}"
+      "VHD_BUILD_TIMESTAMP=${var.vhd_build_timestamp}"
+    ]
+  }
+
+  provisioner "shell" {
+    inline = ["sudo /bin/bash /home/packer/generate-disk-usage.sh"]
+  }
+
+  dynamic "provisioner" {
+    for_each = "${local.midway_file_downloads}"
-    for_each = "${local.midway_file_downloads}"
+    for_each = local.midway_file_downloads
-    for_each = "${local.midway_file_downloads}"
+    for_each = local.midway_file_downloads
+    content {
+      labels = ["azure-arm.nodelifecycle-image-builder"]
+      type        = "file"
+      direction   = "download"
+      source      = provisioner.value.source
+      destination = provisioner.value.destination
+    }
+  }
+
+  provisioner "shell" {
+    expect_disconnect = true
+    inline            = "${local.reboot_command}"
+    pause_after       = "60s"
+    skip_clean        = true
+  }
+
+  provisioner "shell" {
+    inline = ["/bin/bash -ux /home/packer/post-install-dependencies.sh"]
+    environment_vars = [
+      "FEATURE_FLAGS=${var.feature_flags}",
+      "BUILD_NUMBER=${var.build_number}",
+      "BUILD_ID=${var.build_id}",
+      "COMMIT=${var.commit}",
+      "HYPERV_GENERATION=${var.hyperv_generation}",
+      "CONTAINER_RUNTIME=${var.container_runtime}",
+      "TELEPORTD_PLUGIN_DOWNLOAD_URL=${var.teleportd_plugin_download_url}",
+      "ENABLE_FIPS=${var.enable_fips}",
+      "IMG_SKU=${var.img_sku}"
+    ]
+  }
+
+  provisioner "shell" {
+    inline = ["/bin/bash -ux /home/packer/list-images.sh"]
+    environment_vars = [
+      "SKU_NAME=${var.sku_name}",
+      "IMAGE_VERSION=${var.image_version}",
+      "CONTAINER_RUNTIME=${var.container_runtime}"
+    ]
+  }
+
+  dynamic "provisioner" {
+    for_each = "${local.post_build_file_downloads}"
-    for_each = "${local.post_build_file_downloads}"
+    for_each = local.post_build_file_downloads
-    for_each = "${local.post_build_file_downloads}"
+    for_each = local.post_build_file_downloads
+    content {
+      labels = ["azure-arm.nodelifecycle-image-builder"]
+      type        = "file"
+      direction   = "download"
+      source      = provisioner.value.source
+      destination = provisioner.value.destination
+    }
+  }
+
+  provisioner "shell" {
+    inline = ["sudo rm /opt/azure/vhd-build-performance-data.json", "sudo rm /opt/azure/vhd-grid-compatibility-data.json", "sudo rm /var/log/bcc_installation.log"]
+  }
+
+  provisioner "shell" {
+    inline = ["sudo /bin/bash -eux /home/packer/cis.sh", "sudo /bin/bash -eux /opt/azure/containers/cleanup-vhd.sh", "sudo /usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync || exit 125"]
+  }
+
+  error-cleanup-provisioner "shell" {
+    inline = ["sudo /bin/bash /home/packer/generate-disk-usage.sh"]
+  }
+}
@@ -0,0 +1,54 @@
+{
+  "files": [
+    {
+      "type": "file",
+      "source": "parts/linux/cloud-init/artifacts/mariner/cse_install_mariner.sh",
+      "destination": "/home/packer/provision_installs_distro.sh"
+    },
+    {
+      "type": "file",
+      "source": "parts/linux/cloud-init/artifacts/mariner/cse_helpers_mariner.sh",
+      "destination": "/home/packer/provision_source_distro.sh"
+    },
+    {
+      "type": "file",
+      "source": "parts/linux/cloud-init/artifacts/mariner/mariner-package-update.sh",
+      "destination": "/home/packer/mariner-package-update.sh"
+    },
+    {
+      "type": "file",
+      "source": "parts/linux/cloud-init/artifacts/mariner/package-update.service",
+      "destination": "/home/packer/snapshot-update.service"
+    },
+    {
+      "type": "file",
+      "source": "parts/linux/cloud-init/artifacts/mariner/package-update.timer",
+      "destination": "/home/packer/snapshot-update.timer"
+    },
+    {
+      "type": "file",
+      "source": "vhdbuilder/scripts/linux/mariner/tool_installs_mariner.sh",
+      "destination": "/home/packer/tool_installs_distro.sh"
+    },
+    {
+      "type": "file",
+      "source": "parts/linux/cloud-init/artifacts/mariner/pam-d-system-auth",
+      "destination": "/home/packer/pam-d-system-auth"
+    },
+    {
+      "type": "file",
+      "source": "parts/linux/cloud-init/artifacts/mariner/pam-d-system-password",
+      "destination": "/home/packer/pam-d-system-password"
+    },
+    {
+      "type": "file",
+      "source": "parts/linux/cloud-init/artifacts/mariner/update_certs_mariner.service",
+      "destination": "/home/packer/update_certs.service"
+    },
+    {
+      "type": "file",
+      "source": "parts/linux/cloud-init/artifacts/update_certs.service",
+      "destination": "/home/packer/update_certs.service"
-    },
-    {
-      "type": "file",
-      "source": "parts/linux/cloud-init/artifacts/update_certs.service",
-      "destination": "/home/packer/update_certs.service"
-    },
-    {
-      "type": "file",
-      "source": "parts/linux/cloud-init/artifacts/update_certs.service",
-      "destination": "/home/packer/update_certs.service"
-    },
-    {
-      "type": "file",
-      "source": "parts/linux/cloud-init/artifacts/update_certs.service",
-      "destination": "/home/packer/update_certs.service"
-    },
-    {
-      "type": "file",
-      "source": "parts/linux/cloud-init/artifacts/update_certs.service",
-      "destination": "/home/packer/update_certs.service"
+    }
+  ]
+}