Unable to use CIS Windows Image as base for PackerBuild@1 task in Azure DevOps
Jithin Joy
21
Reputation points
I'm trying to use a CIS (Center for Internet Security) hardened Windows image as a base image to build a custom managed image using packer build task in Azure DevOps (PackerBuild@1).
- task: PackerBuild@1
name: BuildImage
displayName: 'Build immutable image'
inputs:
templateType: builtin
ConnectedServiceName: $(AzureServiceConnection)
isManagedImage: true
managedImageName: wsrte-$(imageVersionPrefix)-$(Build.BuildId)
location: uksouth
storageAccountName: $(imageStorageAccountName)
azureResourceGroup: $(imageResourceGroup)
baseImage: 'center-for-internet-security-inc:cis-windows-server:cis-windows-server2019-l2-gen1:windows'
packagePath: ValidPath/file
deployScriptPath: deployScript.ps1
skipTempFileCleanupDuringVMDeprovision: false
Unfortunately, it fails and the I can see the below error message in Azure DevOps:
==> azure-arm: polling after CreateOrUpdate: Code="DeploymentFailed" Message="At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details." Target="/subscriptions/dd826d9c-b0a2-408a-a4dc-230352883355/resourceGroups/pkr-Resource-Group-wqadfnezxo/providers/Microsoft.Resources/deployments/pkrdpwqadfnezxo" Details=[{"code":"ResourceDeploymentFailure","details":[{"code":"VMMarketplaceInvalidInput","message":"Creating a virtual machine from Marketplace image or a custom image sourced from a Marketplace image requires Plan information in the request. VM: '/subscriptions/dd826d9c-b0a2-408a-a4dc-230352883355/resourceGroups/pkr-Resource-Group-wqadfnezxo/providers/Microsoft.Compute/virtualMachines/pkrvmwqadfnezxo'."}],"message":"The resource write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'.","target":"/subscriptions/dd826d9c-b0a2-408a-a4dc-230352883355/resourceGroups/pkr-Resource-Group-wqadfnezxo/providers/Microsoft.Compute/virtualMachines/pkrvmwqadfnezxo"}]
Do I need to do something specific to make sure I'm able to use this particular image?
Note:
As seen in one of the document, I did accept the VM image terms using the below CLI command but still it fails:
az vm image terms accept --urn center-for-internet-security-inc:cis-windows-server:cis-windows-server2019-l2-gen1:latest