Merge pull request #197413 from cynthn/prepare-linux

Linux prepare doc

Author: jborsecnik

articles/virtual-machines/generalize.md

@@ -6,7 +6,7 @@ ms.service: virtual-machines
 ms.subservice: imaging
 ms.workload: infrastructure-services
 ms.topic: how-to
-ms.date: 03/24/2022
+ms.date: 05/13/2022
 ms.author: cynthn
 ms.custom: portal
 
@@ -21,6 +21,20 @@ Generalizing removes machine specific information so the image can be used to cr
 
 ## Linux
 
+Distribution specific instructions for preparing Linux images for Azure are available here:
+- [Generic steps](./linux/create-upload-generic.md)
+- [CentOS](./linux/create-upload-centos.md)
+- [Debian](./linux/debian-create-upload-vhd.md)
+- [Flatcar](./linux/flatcar-create-upload-vhd.md)
+- [FreeBSD](./linux/freebsd-intro-on-azure.md)
+- [Oracle Linux](./linux/oracle-create-upload-vhd.md)
+- [OpenBSD](./linux/create-upload-openbsd.md)
+- [Red Hat](./linux/redhat-create-upload-vhd.md)
+- [SUSE](./linux/suse-create-upload-vhd.md)
+- [Ubuntu](./linux/create-upload-ubuntu.md)
+
+The following instructions only cover setting the VM to generalized. We recommend you follow the distro specific instructions for production workloads.
+
 First you'll deprovision the VM by using the Azure VM agent to delete machine-specific files and data. Use the `waagent` command with the `-deprovision+user` parameter on your source Linux VM. For more information, see the [Azure Linux Agent user guide](./extensions/agent-linux.md). This process can't be reversed.
 
 1. Connect to your Linux VM with an SSH client.
@@ -51,7 +65,7 @@ az vm generalize \
    --name myVM
 ```
 
-## Windows 
+## Windows
 
 Sysprep removes all your personal account and security information, and then prepares the machine to be used as an image. For information about Sysprep, see [Sysprep overview](/windows-hardware/manufacture/desktop/sysprep--system-preparation--overview).
 

articles/virtual-machines/image-version.md

@@ -6,7 +6,7 @@ ms.service: virtual-machines
 ms.subservice: gallery
 ms.topic: how-to
 ms.workload: infrastructure
-ms.date: 04/26/2022
+ms.date: 05/13/2022
 ms.author: saraic
 ms.reviewer: cynthn
 ms.custom: 
@@ -43,6 +43,24 @@ Allowed characters for the image version are numbers and periods. Numbers must b
 
 When working through this article, replace the resource names where needed.
 
+For [generalized](generalize.md) images, see the OS specific guidance before capturing the image:
+   
+   - **Linux**
+     - [Generic steps](./linux/create-upload-generic.md)
+     - [CentOS](./linux/create-upload-centos.md)
+     - [Debian](./linux/debian-create-upload-vhd.md)
+     - [Flatcar](./linux/flatcar-create-upload-vhd.md)
+     - [FreeBSD](./linux/freebsd-intro-on-azure.md)
+     - [Oracle Linux](./linux/oracle-create-upload-vhd.md)
+     - [OpenBSD](./linux/create-upload-openbsd.md)
+     - [Red Hat](./linux/redhat-create-upload-vhd.md)
+     - [SUSE](./linux/suse-create-upload-vhd.md)
+     - [Ubuntu](./linux/create-upload-ubuntu.md)
+
+   - **Windows**
+   
+      If you plan to run Sysprep before uploading your virtual hard disk (VHD) to Azure for the first time, make sure you have [prepared your VM](./windows/prepare-for-upload-vhd-image.md).  
+
 ## Community gallery (preview)
 
 > [!IMPORTANT]
@@ -54,7 +72,7 @@ When working through this article, replace the resource names where needed.
 
 If you will be sharing your images using a [community gallery (preview)](azure-compute-gallery.md#community), make sure that you create your gallery, image definitions, and image versions in the same region. 
 
-When users search for community gallery images, only the latest version of an image are shown.
+When users search for community gallery images, only the latest version of an image is shown.
 
 
 ## Create an image 
@@ -110,7 +128,7 @@ You can also capture an existing VM as an image, from the portal. For more infor
 
 Image definitions create a logical grouping for images. They are used to manage information about the image versions that are created within them.
 
-Create an image definition in a gallery using [az sig image-definition create](/cli/azure/sig/image-definition#az-sig-image-definition-create). Make sure your image definition is the right type. If you have generalized the VM (using Sysprep for Windows, or waagent -deprovision for Linux) then you should create a generalized image definition using `--os-state generalized`. If you want to use the VM without removing existing user accounts, create a specialized image definition using `--os-state specialized`.
+Create an image definition in a gallery using [az sig image-definition create](/cli/azure/sig/image-definition#az-sig-image-definition-create). Make sure your image definition is the right type. If you have [generalized](generalize.md) the VM (using `waagent -deprovision` for Linux, or Sysprep for Windows) then you should create a generalized image definition using `--os-state generalized`. If you want to use the VM without removing existing user accounts, create a specialized image definition using `--os-state specialized`.
 
 For more information about the parameters you can specify for an image definition, see [Image definitions](shared-image-galleries.md#image-definitions).
 

articles/virtual-machines/linux/create-upload-generic.md

@@ -1,15 +1,15 @@
 ---
-title: Create and upload a Linux VHD 
-description: Learn to create and upload an Azure virtual hard disk (VHD) that contains a Linux operating system.
+title: Prepare Linux for imaging
+description: Learn to prepare a Linux system to be used for an image in Azure.
 author: srijang
 ms.service: virtual-machines
 ms.collection: linux
 ms.topic: how-to
-ms.date: 11/17/2021
+ms.date: 05/13/2022
 ms.author: srijangupta
 
 ---
-# Information for Non-endorsed Distributions
+# Information for community supported and non-endorsed distributions
 
 **Applies to:** :heavy_check_mark: Linux VMs :heavy_check_mark: Flexible scale sets 
 
@@ -18,17 +18,7 @@ The Azure platform SLA applies to virtual machines running the Linux OS only whe
 * [Linux on Azure - Endorsed Distributions](endorsed-distros.md)
 * [Support for Linux images in Microsoft Azure](https://support.microsoft.com/kb/2941892)
 
-All distributions running on Azure have a number of prerequisites. This article can't be comprehensive, as every distribution is different. Even if you meet all the criteria below, you may need to significantly tweak your Linux system for it to run properly.
-
-We recommend that you start with one of the [Linux on Azure Endorsed Distributions](endorsed-distros.md). The following articles show you how to prepare the various endorsed Linux distributions that are supported on Azure:
-
-- [CentOS-based Distributions](create-upload-centos.md)
-- [Debian Linux](debian-create-upload-vhd.md)
-- [Flatcar Container Linux](flatcar-create-upload-vhd.md)
-- [Oracle Linux](oracle-create-upload-vhd.md)
-- [Red Hat Enterprise Linux](redhat-create-upload-vhd.md)
-- [SLES & openSUSE](suse-create-upload-vhd.md)
-- [Ubuntu](create-upload-ubuntu.md)
+All other, non-Azure Marketplace, distributions running on Azure have a number of prerequisites. This article can't be comprehensive, as every distribution is different. Even if you meet all the criteria below, you may need to significantly tweak your Linux system for it to run properly.
 
 This article focuses on general guidance for running your Linux distribution on Azure.
 
@@ -47,10 +37,9 @@ This article focuses on general guidance for running your Linux distribution on
 7. Don't configure a swap partition on the OS disk. The Linux agent can be configured to create a swap file on the temporary resource disk, as described in the following steps.
 
 8. All VHDs on Azure must have a virtual size aligned to 1 MB (1024 × 1024 bytes). When converting from a raw disk to VHD you must ensure that the raw disk size is a multiple of 1 MB before conversion, as described in the following steps.
+9. Use the most up-to-date distribution version, packages, and software.
+8. Remove users and system accounts, public keys, sensitive data, unnecessary software and application.
 
-> [!NOTE]
-> Make sure **'udf'** (cloud-init >= 21.2) and **'vfat'** modules are enable. Blocklisting the udf module will cause a provisioning failure and backlisting vfat module will cause both provisioning and boot failures. **_Cloud-init < 21.2 are not affected and does not require this change._**
-> 
 
 
 ### Installing kernel modules without Hyper-V
@@ -73,9 +62,9 @@ The mechanism for rebuilding the initrd or initramfs image may vary depending on
 
 ### Resizing VHDs
 VHD images on Azure must have a virtual size aligned to 1 MB.  Typically, VHDs created using Hyper-V are aligned correctly.  If the VHD isn't aligned correctly, you may receive an error message similar to the following when you try to create an image from your VHD.
-
-* The VHD http:\//\<mystorageaccount>.blob.core.windows.net/vhds/MyLinuxVM.vhd has an unsupported virtual size of 21475270656 bytes. The size must be a whole number (in MBs).
-
+   ```outout
+   The VHD http:\//\<mystorageaccount>.blob.core.windows.net/vhds/MyLinuxVM.vhd has an unsupported virtual size of 21475270656 bytes. The size must be a whole number (in MBs).
+   ```
 In this case, resize the VM using either the Hyper-V Manager console or the [Resize-VHD](/powershell/module/hyper-v/resize-vhd) PowerShell cmdlet.  If you aren't running in a Windows environment, we recommend using `qemu-img` to convert (if needed) and resize the VHD.
 
 > [!NOTE]
@@ -160,42 +149,171 @@ The [Azure Linux Agent](../extensions/agent-linux.md) `waagent` provisions a Lin
 * In some cases, the Azure Linux Agent may not be compatible with NetworkManager. Many of the RPM/deb packages provided by distributions configure NetworkManager as a conflict to the waagent package. In these cases, it will uninstall NetworkManager when you install the Linux agent package.
 * The Azure Linux Agent must be at or above the [minimum supported version](https://support.microsoft.com/en-us/help/4049215/extensions-and-virtual-machine-agent-minimum-version-support).
 
+> [!NOTE]
+> Make sure **'udf'** (cloud-init >= 21.2) and **'vfat'** modules are enable. Blocklisting the udf module will cause a provisioning failure and backlisting vfat module will cause both provisioning and boot failures. **_Cloud-init < 21.2 are not affected and does not require this change._**
+> 
+
 ## General Linux System Requirements
 
 1. Modify the kernel boot line in GRUB or GRUB2 to include the following parameters, so that all console messages are sent to the first serial port. These messages can assist Azure support with debugging any issues.
     ```  
-    console=ttyS0,115200n8 earlyprintk=ttyS0,115200 rootdelay=300
+    GRUB_CMDLINE_LINUX="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 net.ifnames=0"
     ```
     We also recommend *removing* the following parameters if they exist.
     ```  
     rhgb quiet crashkernel=auto
     ```
     Graphical and quiet boot isn't useful in a cloud environment, where we want all logs sent to the serial port. The `crashkernel` option may be left configured if needed, but note that this parameter reduces the amount of available memory in the VM by at least 128 MB, which may be problematic for smaller VM sizes.
 
+2.	After you are done editing /etc/default/grub, run the following command to rebuild the grub configuration:
+    ```bash
+    sudo grub2-mkconfig -o /boot/grub2/grub.cfg
+    ```
+1. Add Hyper-V modules both initrd and initramfs instructions (Dracut).
+1. Rebuild initrd or initramfs
+   **Initramfs**
+   ```bash
+   cp /boot/initramfs-$(uname -r).img /boot/initramfs-[latest kernel version ].img.bak 
+   dracut -f -v /boot/initramfs-[latest kernel version ].img  [depending on the version of grub] 
+   grub-mkconfig -o /boot/grub/grub.cfg 
+   grub2-mkconfig -o /boot/grub2/grub.cfg 
+   ```
+
+   **Initrd**
+   ```bash
+   mv /boot/[initrd kernel] /boot/[initrd kernel]-old 
+   mkinitrd /boot/initrd.img-[initrd kernel]-generic /boot/[initrd kernel]-generic-old 
+   update-initramfs -c -k [initrd kernel] 
+   update-grub 
+   ```
+1. Ensure that the SSH server is installed, and configured to start at boot time. This configuration is usually the default.
 1. Install the Azure Linux Agent.
-  
-    The Azure Linux Agent is required for provisioning a Linux image on Azure.  Many distributions provide the agent as an RPM or .deb package (the package is typically called WALinuxAgent or walinuxagent).  The agent can also be installed manually by following the steps in the [Linux Agent Guide](../extensions/agent-linux.md).
-
-1. Ensure that the SSH server is installed, and configured to start at boot time.  This configuration is usually the default.
-
-1. Don't create swap space on the OS disk.
-  
-    The Azure Linux Agent can automatically configure swap space using the local resource disk that is attached to the VM after provisioning on Azure. The local resource disk is a *temporary* disk, and might be emptied when the VM is deprovisioned. After installing the Azure Linux Agent (step 2 above), modify the following parameters in /etc/waagent.conf as needed.
-    ```  
-        ResourceDisk.Format=y
-        ResourceDisk.Filesystem=ext4
-        ResourceDisk.MountPoint=/mnt/resource
-        ResourceDisk.EnableSwap=y
-        ResourceDisk.SwapSizeMB=2048    ## NOTE: Set this to your desired size.
+   The Azure Linux Agent is required for provisioning a Linux image on Azure.  Many distributions provide the agent as an RPM or .deb package (the package is typically called WALinuxAgent or walinuxagent).  The agent can also be installed manually by following the steps in the [Linux Agent Guide](../extensions/agent-linux.md).
+   
+   Install the Azure Linux Agent, cloud-init and other necessary utilities by running the following command:
+
+   **Redhat/Centos**
+   ```bash
+   sudo yum install -y [waagent] cloud-init cloud-utils-growpart gdisk hyperv-daemons
+   ```
+   **Ubuntu/Debian**
+   ```bash
+   sudo apt install walinuxagent cloud-init cloud-utils-growpart gdisk hyperv-daemons
+   ```
+   **Suse**
+   ```bash
+   sudo zypper install python-azure-agent cloud-init cloud-utils-growpart gdisk hyperv-daemons
+   ```
+   Then enable the agent and cloud-init on all distributions using:
+   ```bash
+   sudo systemctl enable waagent.service
+   sudo systemctl enable cloud-init.service
+   ```
+
+
+1. Don't create swap space on the OS disk. The Azure Linux Agent can automatically configure swap space using the local resource disk that is attached to the VM after provisioning on Azure. The local resource disk is a temporary disk, and might be emptied when the VM is deprovisioned. After installing the Azure Linux Agent, modify the following parameters in /etc/waagent.conf as needed.
     ```
-1. Run the following commands to deprovision the virtual machine.
-  
+    ResourceDisk.Format=y
+    ResourceDisk.Filesystem=ext4
+    ResourceDisk.MountPoint=/mnt/resource
+    ResourceDisk.EnableSwap=y
+    ResourceDisk.SwapSizeMB=2048    ## NOTE: Set this to your desired size.
+    ```
+
+9.	Configure cloud-init to handle the provisioning:
+    1. Configure waagent for cloud-init:
+       ```bash
+       sed -i 's/Provisioning.Agent=auto/Provisioning.Agent=cloud-init/g' /etc/waagent.conf
+       sed -i 's/ResourceDisk.Format=y/ResourceDisk.Format=n/g' /etc/waagent.conf
+       sed -i 's/ResourceDisk.EnableSwap=y/ResourceDisk.EnableSwap=n/g' /etc/waagent.conf
+       ```
+       If you are migrating a specific virtual machine and do not wish to create a generalized image, set `Provisioning.Agent=disabled` in the `/etc/waagent.conf` config.
+    1. Configure mounts:
+       ```
+       echo "Adding mounts and disk_setup to init stage"
+       sed -i '/ - mounts/d' /etc/cloud/cloud.cfg
+       sed -i '/ - disk_setup/d' /etc/cloud/cloud.cfg
+       sed -i '/cloud_init_modules/a\\ - mounts' /etc/cloud/cloud.cfg
+       sed -i '/cloud_init_modules/a\\ - disk_setup' /etc/cloud/cloud.cfg
+    2. Configure Azure datasource:
+       ```
+       echo "Allow only Azure datasource, disable fetching network setting via IMDS"
+       cat > /etc/cloud/cloud.cfg.d/91-azure_datasource.cfg <<EOF
+       datasource_list: [ Azure ]
+       datasource:
+          Azure:
+            apply_network_config: False
+       EOF
+       ```
+    3. If configured, remove existing swapfile:
+       ```
+       if [[ -f /mnt/resource/swapfile ]]; then
+       echo "Removing swapfile" #RHEL uses a swapfile by defaul
+       swapoff /mnt/resource/swapfile
+       rm /mnt/resource/swapfile -f
+       fi
+       ```
+   4.	Configure cloud-init logging:
+         ```
+         echo "Add console log file"
+         cat >> /etc/cloud/cloud.cfg.d/05_logging.cfg <<EOF
+
+         # This tells cloud-init to redirect its stdout and stderr to
+         # 'tee -a /var/log/cloud-init-output.log' so the user can see output
+         # there without needing to look on the console.
+         output: {all: '| tee -a /var/log/cloud-init-output.log'}
+         EOF
+         ```
+
+10.	Swap configuration. Do not create swap space on the operating system disk.
+     Previously, the Azure Linux Agent automatically configured swap space by using the local resource disk that is attached to the virtual machine after the virtual machine is provisioned on Azure. However, this is now handled by cloud-init, you must not use the Linux Agent to format the resource disk create the swap file, modify the following parameters in /etc/waagent.conf appropriately:
+     ``` 
+     ResourceDisk.Format=n
+     ResourceDisk.EnableSwap=n
      ```
-     sudo waagent -force -deprovision
-     export HISTSIZE=0
-     logout
-     ```  
+     If you want to mount, format and create swap you can either:
+        1. Pass this in as a cloud-init config every time you create a VM through `customdata`. This is the recommended method.
+        2. Use a cloud-init directive baked into the image that will do this every time the VM is created.
+           ```
+           echo 'DefaultEnvironment="CLOUD_CFG=/etc/cloud/cloud.cfg.d/00-azure-swap.cfg"' >> /etc/systemd/system.conf
+           cat > /etc/cloud/cloud.cfg.d/00-azure-swap.cfg << EOF
+           #cloud-config
+           # Generated by Azure cloud image build
+           disk_setup:
+             ephemeral0:
+               table_type: mbr
+               layout: [66, [33, 82]]
+               overwrite: True
+           fs_setup:
+             - device: ephemeral0.1
+               filesystem: ext4
+             - device: ephemeral0.2
+               filesystem: swap
+           mounts:
+             - ["ephemeral0.1", "/mnt"]
+             - ["ephemeral0.2", "none", "swap", "sw,nofail,x-systemd.requires=cloud-init.service,x-systemd.device-timeout=2", "0", "0"]
+           EOF
+           ```
+	
+1. Deprovision.
+   > [!CAUTION]
+   > If you are migrating a specific virtual machine and do not wish to create a generalized image, skip the deprovision step. Running the command waagent -force -deprovision+user will render the source machine unusable, this step is intended only to create a generalized image.
+
+   Run the following commands to deprovision the virtual machine.
+  
+   ```
+   # sudo rm -f /var/log/waagent.log
+   # sudo cloud-init clean
+   # waagent -force -deprovision+user
+   # rm -f ~/.bash_history
+   # export HISTSIZE=0
+   # logout
+   ```  
+   
    > [!NOTE]
    > On Virtualbox you may see the following error after running `waagent -force -deprovision` that says `[Errno 5] Input/output error`. This error message is not critical and can be ignored.
 
-* Shut down the virtual machine and upload the VHD to Azure.
+1. Shut down the virtual machine and upload the VHD to Azure.
+
+## Next Steps
+[Create a Linux VM from a custom disk with the Azure CLI](upload-vhd.md).