Create a gallery image for Azure Marketplace

Alexey Bokov@abokov

Contents• Seller dashboard• Publish dashboard• Create Virtual Machines for Marketplace

Getting started : there’s a marketplace

Inside current portal

Inside new portal

And one more : vmdepot.msopentech.com

Not really a marketplaceBut repo for “open sourced” VMs

Publishing offer: how it works1. Company registration as a seller with Microsoft

• Completed in the Microsoft Seller Dashboard• Once you register your company, you can continue working in parallel while the verification of your registration is completed by the Seller

Dashboard team

2. Build and certify VM image • This step and all subsequent steps are completed in the Azure Publishing Portal

3. Create offer, input marketing content, and define pricing in Publishing Portal4. Test in staging and go-live

Seller portal : Used to register the company information once. Publisher portal : Used to publish and manage the offer.

Microsoft Azure Marketplace Publication Guidelines : aka.ms/am-guideline

sellerdashboard.microsoft.comMicrosoft Seller Dashboard• Used to register the company information once. • The registrant must be a valid representative of the company, and must provide their

personal information as a way to validate their identity. • The person registering must use a Microsoft Account that is shared for the company,

and the same account must be used in the Azure Publishing Portal.

<demo for sellerdashboard.microsoft.com >

publish.windowsazure.com Azure Publishing Portal• Used to publish and manage the offer. • The same company Microsoft Account that was used in the Seller Dashboard

registration must be used here. • Additional users can be added to assist once the master publisher account has been

created.

<demo for publish.windowsazure.com >

Create Virtual Machine for MarketplaceTerminology:• SKU (StockKeeping Unit) means VM Image• VM Image contain OS disk + some amount of data disks ( may be zero ) –

for each disk it own VHD is required ( even for empty data disk ).• VHD means Virtual Hard Disk• VHDx means another Hyper-V format, not supported by Azure. There’s

Convert-VHD tools for make conversion between formats.

Add offer1. Log in to the Publishing Portal (publish.windowsazure.com)

using your seller account.2. Enter the Virtual Machines tab of the Publishing Portal. In the

prompted entry field, enter your offer name, and create. Under seller account, enter your namespace.

3. Add any other administrators you want to be able to work with the publishing portal.

Add offer

Define SKU1. Add a SKU. It will require an identifier, which will be used in the

URL. This will need to be unique within your Publishing Profile, but there is no risk of identifier collision with other publishers.

2. Add a summary description for your SKU. This will be read by humans in the UX, so it is advised to make it easily readable. This information does not need to be locked until "Push to Staging". Until then, you are free to edit it.

3. If you are using Windows-based SKUs, follow the suggested links to acquire the approved versions of Windows Server.

Define SKU

Common thoughts1. Your VM image (aka SKU) should works on all existing ( and future) VM sizes – from

A0 ( one shared CPU core, 0.75 GB RAM) up to G5 (32 CPU cores, 448 GB RAM ).2. Data disks can be as large as 1 TB. Data disk VHDs should be created as a fixed

format VHD, but also be sparse. 3. When deciding on the disk size, please keep in mind that end users cannot resize

VHDs within an image.4. Data disks can be empty or contain data

What’s next1.Create Linux VHD2.Create Windows VHD3.Register VHD in publisher portal4.Certify it

Create Linux VM 1. VHD2. Azure Linux agent ( waagent ) and required libs/packages 3. Kernel and Logical Volume Manager (LVM) 4. Network and SSH daemon5. Security tips 6. Generalize image

Note: if you use image from Gallery like ‘official Ubuntu’ – just to step 6 ( as soon as image is already well prepared )

1. Create Linux VM : VHD1. Linux OS VHD: The Linux OS VHD in your VM Image should be created as a 30GB —

50GB fixed format VHD. 2. No, It cannot be less than 30GB. If the physical size is less than VHD size, the VHD

should be sparse. 3. Linux VHDs larger than 50GB will be considered on a case by case basis.

Documentation : aka.ms/linux-vhd

2. Create Linux VM: waagent and libs1. The Azure Linux agent (waagent) provides key functions for deploying Linux IaaS deployment in

Azure, such as image provisioning and networking capabilities.

2. You can get this agent from repos ( RPM or Deb packages ) : aka.ms/linux-distros3. Source code: github.com/Azure/WALinuxAgent

1. Copy 'waagent' file to /usr/sbin 2. chmod 755 /usr/sbin/waagent; /usr/sbin/waagent install3. Agent config is placed here: /etc/waagent.conf4. Read manual

4. Check latest Linux Integration Services (LIS) driver is installed, current v4.0: aka.ms/lis-v45. Magical Kernel Patch for Azure I/O ( usually included in latests distros, take care about non-listed

kernels )6. Python 2.6+ and pyasn1 ( Abstract Syntax Notation v1) package7. OpenSLL v1.0+

Azure Linux Agent user guide: aka.ms/waagent-guide

3. Create Linux VM: Kernel and LVM1. OS has to be placed on single root partition2. SWAP space (if it needed ) can be created on the local resource disk with the Linux Agent

by enable swap in /etc/waagent.conf. It will automatically use the resource disk (which comes with every VM) to create the swap. There's no need to create a disk for it. More info : bokov.net/weblog/azure/configure-linux-in-azure

3. Serial console output must be always enabled even if you not allow any SSH to your VM ( and our support may provide you output from serial console )

4. Add good enough timeout for mounting cloud based storage device5. Add this to kernel boot line “console=ttyS0 earlyprintk=ttyS0 rootdelay=300”6. Do not :

• Do not use LVM Logical Volume Manager• Do not use swap on OS or data disk

4. Create Linux VM: network and SSH1. We recommend enable SSH for the end user, add keep live into sshd_config

by ClientAliveInterval settings - acceptable range of ClientAliveInterval is 30 to 235, recommended 180.

2. Networking configuration should use ifcfg-eth0 file and manage it via the ifup/ifdown

3. Make sure that network device is brought up on boot and uses DHCP4. Do not:• Do not install Network Manager package - it conflicts with waagent.• No custom network configuration and resolv.conf file ( please “rm /etc/resolv.conf” ).• Do not configure IPv6 – it’s not supported yet.

5. Create Linux VM: Security1. Do classics : install all security patches for your distribution ( sudo apt-get update;sudo

apt-get upgrade) / follow distribution security guidelines / clean up bash history2. Please take care about root - the image should not contain a root password (!!!!!!) –

delete it and check /etc/shadow and /etc/passwd.3. Add firewall i.e. include iptables, but do not enable any rules – default expectation from

customer is that they may easily enable it right after VM is started.4. Do not:

• Store your Azure account credentials on VM image (!!!!!)• Do not create default accounts, which remain the same, across provisioning instances• A lot of other stupid things

6. Create Linux VM: Generalize Image1. OS VHD must be deprovisioned: “waagent deprovision”. This command does:

• Removes the nameserver configuration in /etc/resolv.conf• Removes cached DHCP client leases• Resets host name to localhost.localdomain

2. We recommend setting /etc/waagent.conf to ensure the following actions are also completed:• Remove all SSH host keys: Provisioning.RegenerateSshHostKeyPair='y'• Remore root password from /etc/shadow : Provisioning.DeleteRootPassword='y‘

Example of /etc/waagent.conf # Azure Linux Agent Configuration Role.StateConsumer=None Role.ConfigurationConsumer=None Role.TopologyConsumer=NoneProvisioning.Enabled=yProvisioning.DeleteRootPassword=nProvisioning.RegenerateSshHostKeyPair=yProvisioning.SshHostKeyPairType=rsaProvisioning.MonitorHostName=yResourceDisk.Format=yResourceDisk.Filesystem=ext4ResourceDisk.MountPoint=/mnt/resource ResourceDisk.EnableSwap=n ResourceDisk.SwapSizeMB=0LBProbeResponder=yLogs.Verbose=nOS.RootDeviceScsiTimeout=300OS.OpensslPath=None

Azure Linux Agent user guide:

aka.ms/waagent-guide

Cool things Linux1. Custom data and cloud-init – way to inject a script or other metadata into a Microsoft

Azure virtual machine at provision time:

bokov.net/weblog/azure/configure-linux-in-azure/2. Non-endorsed Linux distros : aka.ms/another-linux

Create Windows VM 1.Choose base image2.Run image3.Customize VM using RDP and PowerShell4.Configure5.Generalize image

1. Create Windows VM: choose base image

1. The OS VHD for your VM Image must be based on a Microsoft Azure-approved base image, containing Windows Server or SQL Server.

2. To begin, create a VM from one of the following images, located at the Microsoft Azure Portal (portal.azure.com):1. Windows Server 2012 R2 Datacenter, 2012 Datacenter, 2008 R2 SP12. SQL Server 2014 Enterprise/Standard/Web3. SQL Server 2012 SP2 Enterprise/Standard/Web4. SQL Server 2008 R2 SP2 Enterprise/Standard/Web5. These links can also be found in the Publishing Portal under the SKU page.

3. Main idea is that you may use Windows Server Images published on September 8, 2014 and later.

1. Create Windows VM: choose base image

Current list of approved images in publish.windowsazure.com

2. Create Windows VM: run image1. Actually what you do is create VM under Azure portal, that’s all.2. Hints:• Choose US-* region for deployment, it would helps during certification

process because when you will submit your image for certification team

• Do all thing in cloud, create/customize/configure VM on-premise under Hyper-V technically correct and will work if you follow documentation, but we don’t recommend it in most cases. Reality is that using on-premise for this purpose makes whole process much longer and brings very hard-to-find issues when VM is finally goes to cloud.

3. Create Windows VM: Customize VM using RDP and PowerShell

1. RDP is recommended way to develop on your VM.

3. Create Windows VM: Customize VM using RDP and PowerShell

1. You can use powershell to access your VM (download RDP file to c:\tools

>>Get-AzureAccount>>Get-AzureVM>>Get-AzureRemoteDesktopFile -ServiceName "abokov-ws2012DC" -Name "abokov-ws2012DC" -LocalPath "C:\tools\abokov-ws2012DC.rdp" ServiceName

Name

4. Create Windows VM: configure1. The Windows OS VHD in your VM Image should be created as a 128 GB fixed format VHD. If

the physical size is less than 128GB, the VHD should be sparse. Base images of

recommended Windows Server are already meet this, just don’t charge defaults.

2. Install patches, especially critical and security

3. No configuration should rely on drives other than C:\ or D:\, since these are the only two

drives that are always guaranteed to exist. C:\ is the OS disk and D:\ is the temporary local

disk.

4. Don’t keep your Azure credentials inside images

4. Create Windows VM: generalize1. Windows images should be sysprep’ed - run command line ( not PowerShell! ), change

directory to “c:\windows\system32\sysprep”2. “sysprep.exe /generalize /oobe /shutdown”3. Remote Desktop Connection will be closed immediately4. Wait for generalize and shutdown…

4. Create Windows VM: generalizeWhen it finished – go to management panel for VHD URL

Deploy a VM from your generalized VHDs

1. Generalized OS VHD from Azure storage account can be registered as a user

VM Image with which to test. You cannot directly deploy the VM by providing

generalized VHD URL.

2. You need to use the Create VM Image Rest API to register VHDs as a VM

Image.

3. There’s two options for that: Invoke-WebRequest or Save-AzureVMIMage

Option 1 – Invoke-WebRequest# Image Parameters to Specify

$ImageName='myVMImage' $Label='IMAGE_LABEL‘ $Description='My VM Image to Test' $osCaching='ReadWrite' $os = 'Windows' $state = 'Generalized' $osMediaLink = 'http://mystorageaccount.blob.core.windows.net/vhds/myOSvhd.vhd' $dataCaching='None' $lun='1' $dataMediaLink='http://mystorageaccount.blob.core.windows.net/vhds/mydatavhd.vhd' # Subscription Related Properties $SrvMngtEndPoint='https://management.core.windows.net' $subscription = Get-AzureSubscription -Current -ExtendedDetails $certificate = $subscription.Certificate $SubId = $subscription.SubscriptionId $body = "" + "" + $ImageName + "" + "" + $Label + "" + "" + $Description + "" + "" + "" + $osCaching + "" +"" + $state + "" +"" + $os + "" +"" + $osMediaLink + "" + "" "" + "" +"" + $dataCaching + "" + "" + $lun + "" +"" + $dataMediaLink + "" + "" + "" + "" $uri = $SrvMngtEndPoint + "/" + $SubId + "/" + "services/vmimages" $headers = @{"x-ms-version" = "2014-06-01"} $response = Invoke-WebRequest -Uri $uri -ContentType "application/xml" -Body $body -Certificate $certificate -Headers $headers -Method POST if ($response.StatusCode -ge 200 -and $response.StatusCode -lt 300) { echo "Accepted" } else { echo "Not Accepted" }

Option 2 - Save-AzureVMImage

Save-AzureVMImage –ServiceName “myServiceName” –Name “myVMtoCapture” –OSState “Generalized” –ImageName “myAwesomeVMImage” –ImageLabel “This is my Virtual Machine Image” -Verbose

Now it’s there

Generate SAS URI1. The SAS URI created should adhere to the following requirements

• When generating SAS URIs for your VHDs, List and Read-Only permissions are sufficient. Do not provide

Write or Delete access.

• The duration for access should be a minimum of 7 business days from when the SAS URI is created.

• To avoid immediate errors due to clock skews, specify a time 15 minutes before the current time.

2. You can use AzureStorageExplorer tool : AzureStorageExplorer.codeplex.com

AzureStorageExplorer (add Storage account)

AzureStorageExplorer: generate SAS URI

AzureStorageExplorer: save SAS URI to publisherportal

Certification processThis process includes running a special certification tool, uploading the verification results to the Azure container where your VHDs reside, adding an offer, defining your SKU, and submitting your VM Image for certification.1. Download Certification tool2. Connect to your image

1. Linux : choose SSH authentication ( DNS + username/password)2. Windows : use FQDN ( Fully Qualified Domain Name +

username/password ) 3. Run tool4. Send results to Microsoft (contact

Certification process

Certification process – tests execution

Certification process – true anywhere

Certification process – true anywhere

Certification process – report

Certification process – report

Certification process – final step

More details: aka.ms/azure-cert

Summary• There’s some formalities with registration• Create VM based on VM images from Azure gallery is quite

easy• Certification process took some time• Nevertheless it might took time to make publishing,

keeping in touch with folks from Microsoft helps a LOT