packer-plugin-azure icon indicating copy to clipboard operation
packer-plugin-azure copied to clipboard
verified publisher icon hashicorp

Exclude from latest flag is ignored

Open tsvietOK opened this issue 1 year ago • 2 comments

Overview of the Issue

I am trying to build Azure image with a set flag shared_gallery_image_version_exclude_from_latest to "true". At the end of the build packer shows -> SIG image version exclude from latest : 'true', but the published image actually marked as latest: image

Reproduction Steps

  1. Create json template
  2. To the builder add "shared_gallery_image_version_exclude_from_latest": "true"
  3. Run packer build
  4. At the end of the build make sure it contains line -> SIG image version exclude from latest : 'true'
  5. Check for image "Exclude from latest" parameter in Azure

Plugin and Packer version

Packer v1.11.0 Plugin v2.1.7

Simplified Packer Buildfile

File

Operating system and Environment details

Windows Server 2022 x64 (MicrosoftWindowsServer, WindowsServer, 2022-datacenter-g2)

Log Fragments and crash.log files

==> azure-arm.build image: Publishing to Shared Image Gallery ...
==> azure-arm.build image:  -> Source ID used for SIG publish        : '/subscriptions/...'
==> azure-arm.build image:  -> SIG publish resource group            : 'imagesRG'
==> azure-arm.build image:  -> SIG gallery name                      : 'gallery'
==> azure-arm.build image:  -> SIG image name                        : 'image-def-update'
==> azure-arm.build image:  -> SIG image version                     : '1.0.0'
==> azure-arm.build image:  -> SIG target regions                    : '[westeurope]'
==> azure-arm.build image:  -> SIG storage account type              : ''
==> azure-arm.build image:  -> SIG image version endoflife date      : ''
==> azure-arm.build image:  -> SIG image version exclude from latest : 'true'
==> azure-arm.build image:  -> Shared Gallery Image Version ID : '/subscriptions/...'
==> azure-arm.build image:

tsvietOK avatar Jul 26 '24 09:07 tsvietOK

@tsvietOK I am having trouble reproducing this error, are you still experiencing this? The page you posted a screenshot of can be edited without making it clear that it's been modified, if you check on the Overview page on ACG, it shows the static element, can you confirm if you're still seeing this on images build? I wonder if there was a upstream Azure API issue that got resolved between when you opened the issue and today

Screenshot 2024-08-26 at 9 53 30 AM

JenGoldstrich avatar Aug 26 '24 16:08 JenGoldstrich

Currently we use a workaround. We use az-cli to exclude published image version from the latest. I will try to check this issue again later this week.

tsvietOK avatar Aug 26 '24 17:08 tsvietOK

Hey @tsvietOK I am going to close this issue now since I was unable to reproduce and I haven't heard back, please re-open this issue if you are still running into this.

JenGoldstrich avatar Nov 04 '24 23:11 JenGoldstrich

@JenGoldstrich this is happening to me as well. Same behavior. It happens when using shared_image_gallery_destination in packer files. All new versions created are set as "latest". Please reopen.

AMontanez-bhs avatar Nov 14 '24 19:11 AMontanez-bhs

Hey @AMontanez-bhs I am not able to reproduce this, however I think I know why y'all are thinking this exclude from latest flag is ignored.

I created a SIG version today using the newest released version of the Azure plugin, and excludeFromlatest, which is an Azure API field, was passed in correctly to the Azure API. I can see this when calling the azure CLI directly for information about this image build, these are Azure API fields I am showing

{
  "id": "{hidden}",
  "location": "southcentralus",
  "name": "1.0.0",
  "provisioningState": "Succeeded",
  "publishingProfile": {
    "endOfLifeDate": null,
    "excludeFromLatest": true,
    "publishedDate": "2024-11-14T20:53:45.770424+00:00",
    "replicaCount": 1,
    "replicationMode": "Full",
    "storageAccountType": "Standard_LRS",
    "targetExtendedLocations": null,
    "targetRegions": [
      {
        "encryption": null,
        "excludeFromLatest": null,
        "name": "South Central US",
        "regionalReplicaCount": 1,
        "storageAccountType": "Standard_LRS"
      }
    ]
  },
  "replicationStatus": null,
  "resourceGroup": "jennatest",
  "safetyProfile": {
    "allowDeletionOfReplicatedLocations": false,
    "policyViolations": null,
    "reportedForPolicyViolation": false
  },
  "securityProfile": null,
  "storageProfile": {
    "dataDiskImages": null,
    "osDiskImage": {
      "hostCaching": "ReadWrite",
      "sizeInGb": 127,
      "source": {
        "id": null,
        "storageAccountId": null,
        "uri": null
      }
    },
    "source": {
      "communityGalleryImageId": null,
      "id": null,
      "virtualMachineId": "{hidden}"
    }
  },
  "tags": null,
  "type": "Microsoft.Compute/galleries/images/versions"
}

With exclude from latest marked true on the Azure API. However in the attached screenshot I see that this verison is marked as latest still on the ACG page. Is this what y'all mean by the image is marked as latest, that the UI displays this as the latest version? When I try to build a VM using the a SIG gallery with the exclude from altest flag set on all versions, it errors correctly as expected. So the image is excluded from latest. I think latest version here on the UI is different from querying for the image version of a gallery image, which makes little sense, but it appears that is how the Azure API works.

Screenshot 2024-11-14 at 1 16 55 PM Screenshot 2024-11-14 at 1 17 45 PM Screenshot 2024-11-14 at 1 21 35 PM

I think latest version on the UI here just means the newest SIG version, not necessarily the image that appears when you query a VM using latest.

If I am wrong please confirm this by providing the following

1.) A full build template 2.) The output of the Azure CLI command az sig image-version show command targeting your image, for me that was az sig image-version show -g jennatest -r jenna_acctestgallery -i jenna-windows-sig -e 1.0.0 3.) The output of the full az sig image-version list command targeted at that gallery image, to make sure no other images are set to latest 4.) A screenshot or output showing that VM creation is able to pull this image from the latest version. As I said I believe this is just misleading on the Azure UI part. Excluding an image from latest means if you request the latest image on VM creation, you won't get this image, and that's the behavior I'm seeing (even if the UI makes this confusing)

This could also be related to our target region config, as you see its exclude_from_latest is set as null, but generally for target region null values use the build regions values in the API, so I don't think this is the case.

JenGoldstrich avatar Nov 14 '24 21:11 JenGoldstrich

@JenGoldstrich Could you please share a screenshot of what you have if you open a specific image version and open Configuration tab? Like the screenshot I have in the PR description.

tsvietOK avatar Nov 15 '24 10:11 tsvietOK

Hi @JenGoldstrich ! Thanks for the quick reply.

I've attached all the stuff you request, let me know if there is something wrong or you need more detailed outputs.

I'm running packer in a GitHub workflow for building images. So as I mentioned the packer parameter does not work. Even the azure CLI is not working when I try a workaround.

I was working with this templates couple of weeks ago and the behavior was different. I could clearly see all new created versions after the latest one and I had to manually set this new versions as latest to be used. Now all images created are "set" as latest in the UI whatever you try.

1 - source.pkr.hcl.txt 2 - output show.txt 3 - output list.txt 4 - VM creation

AMontanez-bhs avatar Nov 15 '24 10:11 AMontanez-bhs

Yes so, in your Azure CLI output I can see excludeFromLatest": true,, the Packer Azure plugin is correctly sending the Azure API this value

When you try to create a virtual machine from that latest image, it doesn't work as all images have been marked as excluded from latest

The ACG UI makes this confusing by labeling something as the "latest version" even though it has been excluded from latest, this seems like an Azure compute gallery discrepancy issue.

Does that answer your issue in that you can see that the Azure plugin is sending the correct value to Azure, and the built version can't be used for when building with the latest image in a VM? If so I think this can be closed as it does not appear to be a plugin bug.

JenGoldstrich avatar Nov 15 '24 17:11 JenGoldstrich

Ok, yes. You are right. You can close it. I'll keep an eye if there is something wrong again.

AMontanez-bhs avatar Nov 18 '24 13:11 AMontanez-bhs

@tsvietOK my bad I missed your message,

I've included my screenshot, but I don't think this is a super meaningful test, this is not a static UI element, and a UI glitching here wouldn't surprise me.

Screenshot 2024-11-18 at 9 27 24 AM

If you re-test this issue and are still experiencing it, please let me know but include the same steps I asked from @AMontanez-bhs here https://github.com/hashicorp/packer-plugin-azure/issues/433#issuecomment-2477443897

The big thing here is checking the Azure API and not the UI for this, and trying to create a VM image with "latest", if the Azure UI displays this value incorrectly there's not much we can do, however if we can verify the plugin is sending the correct API value, and its not being set on the API, then we have a genuine issue as the plugin may be sending the wrong value, or something might have changed in the upstream Azure API.

Please re-open this issue if you re-test it and check the API and see the wrong value being sent in, or if you are able to build a VM using that image from latest.

JenGoldstrich avatar Nov 18 '24 17:11 JenGoldstrich