Updating Windows and create a new Image Version for Azure Virtual Desktop automated.
Updating Windows and create a new Image Version for Azure Virtual Desktop DevOps Pipelines.
Hi Welcome back! Today I want to talk about a tricky point that always bothers me when managing and setting up an Azure Virtual Desktop in combination with a Shared Image from the Azure Compute Gallery, namely updating and running Windows Updates.
Why do I always find this a difficult point regarding maintenance? The answer is simple, it takes a lot of manual work when you have to spin up a machine, manually run the updates, sysprep it and then capture it back to the Azure Compute Gallery.
Are there no alternatives? Yes, but these also have disadvantages, for example you can use the Azure Update Manager and run updates on the machines instead of on the original image, but in the event of a disaster you must first update all machines again to bring everything up to date. The principle of one shared "golden" image no longer applies, which is why I do not use this method.
Ofcourse there are 3th party solutions that can do the same for you, but I looked for an option within my own technologies that I know can fine-tune myself.
So I would like to take you through the process of providing an image with the latest Windows updates.
Where do we begin.
We will of course start with the basics and that is of course an Azure Virtual Desktop environment with an Azure Compute Gallery, which I have already deployed in my environment. If you have not yet set this up and would like to know how to do this, I would like to refer you to one of my previous blogs. In this blog, an Azure Virtual Desktop is installed using an Azure DevOps Pipeline.
In addition to the environment that you proably already deployed, we will of course use a DevOps Pipeline, so you will also need to have a DevOps environment that makes it possible to run Pipelines.
You can use Microsoft hosted agents, which are free and allow you to run a maximum number of hours per month, for this you must create an organization within DevOps and request the free tier from Microsoft.
As an alternative you can use self-hosted agents for more capabilities, my friend Simon Lee has written a very good blog about this how to set this up.
Finally, we of course use yaml files that make it possible to set up the Pipelines in this yaml file I use:
- Azure CLI
- Powershell
Let's explain the process.
Let me explain the process:
- First we deploy a virtual machine based on the latest image, which will retrieve and install the updates.
- We will do a first check for Windows Updates and install the necessary updates.
- We will do a second check for Windows Updates and install the necessary updates.
- We will do a last check and output the history with installed updates and clean-up some folders.
- It will create a snapshot of the disk.
- When the snapshot is done it will start the sysprep process.
- Capture the image and store it as a new version in the Azure Compute Gallery.
We need some specific powershell modules namely:
- Az.Accounts
- Az.Compute
- pswindowsupdate
For this modules we need to install the package provider NuGet so that we can download and install the PSWindowsupdate module, this will be done in the yaml file, I will explain a little bit more when we dive further in the yaml file.
If you want to know more about the specific capabilities of PSWindowsUpdate, you can find more documentation about this on this GitHub site.
Let's check the yaml file.
You can find the full file in my repository, please adjust it like you want but let's break it down and view the first step:
We are using the "Credentials" group that is connected to the library, in this library the credentials and secrets are stored for the app registration that is connected with Azure DevOps, but also the local admin and password for the installation VM.
I use input parameters to start the pipeline and use this as namingconvention to get my resources in Azure.
1name: update-windows
2
3trigger:
4 branches:
5 include:
6 - main
7
8pr:
9 branches:
10 include:
11 - main
12
13variables:
14 - group: "Credentials"
15
16parameters:
17 - name: deploymentType
18 displayName: "Select the deployment type"
19 type: string
20 default: "sub"
21 values:
22 - tenant
23 - mg
24 - sub
25 - group
26
27 - name: subscriptionId
28 displayName: "Azure Subscription"
29 type: string
30 default: ""
31
32 - name: productType
33 displayName: "Select the product type"
34 type: string
35 default: "avd"
36 values:
37 - avd
38
39 - name: environmentType
40 displayName: "Select the environment"
41 type: string
42 values:
43 - prod
44 - acc
45 - dev
46 - test
47
48 - name: location
49 displayName: "Select the location"
50 type: string
51 default: "westeurope"
52 values:
53 - westeurope
54 - northeurope
55
56 - name: vmName
57 displayName: "Name of the VM"
58 type: string
59 default: ""
60
61 - name: vmSize
62 displayName: "Size of the VM"
63 type: string
64 default: "Standard_D2s_v3"
65
66 - name: imageVersion
67 displayName: "fill in the image version name like 2025.03.14"
68 type: string
69 default: "2025.03.14"
If we are going further in the file we are going to deploy the Virtual Machine,
- We do this step using Azure CLI.
- First we log in to the environment based and set the subscription
az account set - The location will be checked based on the input variables (keep in mind that you need to check your own avd environment).
- Virtual Machine name will be declared based on the input variables.
- The Resource group will be declared based on the input variables.
- The latest version will be picked in the Image Gallery based on a query.
- NIC will be created.
- Virtual Machine will be created.
1stages:
2 - stage: DeployVMs
3 displayName: "Deploy VMs using the latest image"
4 jobs:
5 - job: BuildVMs
6 displayName: "Build Virtual Machines"
7 pool:
8 vmImage: "ubuntu-latest"
9 steps:
10 - task: AzureCLI@2
11 displayName: "Create VMs"
12 inputs:
13 azureSubscription: "AVDPipelines"
14 scriptType: bash
15 scriptLocation: inlineScript
16 inlineScript: |
17
18 az login --service-principal --username $(AVDPipelines) --password $(Secret) --tenant $(tenantId)
19
20 if [ $? -ne 0 ]; then
21 echo "Azure login failed. Please check the service principal credentials."
22 exit 1
23 fi
24 echo "Azure login successful."
25
26 az account set --subscription ${{ parameters.subscriptionId }}
27
28 locationShortCode=""
29 case "${{ parameters.location }}" in
30 "westeurope") locationShortCode="weu" ;;
31 "northeurope") locationShortCode="neu" ;;
32 *) echo "Unknown location: ${{ parameters.location }}"; exit 1 ;;
33 esac
34
35 vmname="${{ parameters.vmName }}"
36 if [[ -z "$vmname" ]]; then
37 echo "Error: VM Name cannot be empty."
38 exit 1
39 fi
40
41 resourceGroupName="rg-${{ parameters.productType }}-${{ parameters.environmentType }}-${locationShortCode}"
42
43
44 sigImageVersion=$(az sig image-version list \
45 --resource-group $resourceGroupName \
46 --gallery-name "gal${{ parameters.productType }}${{ parameters.environmentType }}${locationShortCode}" \
47 --gallery-image-definition "img-${{ parameters.productType }}-${{ parameters.environmentType }}-${locationShortCode}" \
48 --query "[].{Version:name}" -o tsv | sort -V | tail -n 1)
49
50 if [[ -z "$sigImageVersion" ]]; then
51 echo "Error: Could not find the latest image version."
52 exit 1
53 fi
54
55 username="adm_installuser"
56 nicName="nic-$vmname"
57
58 echo "NIC Name: $nicName"
59
60
61 subnetId=$(az network vnet subnet show \
62 --resource-group $resourceGroupName \
63 --vnet-name "vnet-${{ parameters.productType }}-${{ parameters.environmentType }}-${locationShortCode}" \
64 --name "snet-${{ parameters.productType }}" \
65 --query id -o tsv)
66
67 echo "Subnet ID: $subnetId"
68
69
70 az network nic create \
71 --resource-group $resourceGroupName \
72 --name $nicName \
73 --subnet $subnetId \
74 --accelerated-networking true
75
76
77 az vm create \
78 --resource-group $resourceGroupName \
79 --name $vmname \
80 --image "/subscriptions/${{ parameters.subscriptionId }}/resourceGroups/${resourceGroupName}/providers/Microsoft.Compute/galleries/gal${{ parameters.productType }}${{ parameters.environmentType }}${locationShortCode}/images/img-${{ parameters.productType }}-${{ parameters.environmentType }}-${locationShortCode}/versions/$sigImageVersion" \
81 --admin-username $username \
82 --size ${{ parameters.vmSize }} \
83 --authentication-type password \
84 --admin-password $(ADMIN_PASSWORD) \
85 --nics $nicName \
86 --security-type TrustedLaunch \
87 --public-ip-address "" \
88 --license-type Windows_Server \
89 --nsg-rule None
90
91 echo "VM '$vmname' created successfully."
Next we will do the first Windows Update steps.
- We use Powershell for these steps.
- First we intall and import the modules to make connection with the Azure environment.
- We connect to the Azure environment using the credentials stored in the library, if you want to call these values you need to use this format
$(yourvaluehere). - It installs the necessary NuGet package and PSWindowsUpdate on the installation machine.
Get-WindowsUpdate -MicrosoftUpdateis being used to output every available update.Invoke-AzVMRunCommandwill be used to execute the command on the installation machine.
1- stage: check_Windows_Updates
2 displayName: "Check First Time for Windows Updates"
3 jobs:
4 - job: checkWindowsUpdates
5 displayName: "Check First Time for Windows Updates"
6 pool:
7 vmImage: "windows-latest"
8 steps:
9 - task: PowerShell@2
10 inputs:
11 azureSubscription: "AVDPipelines"
12 targetType: 'inline'
13 script: |
14 # Ensure required Az modules are installed
15 Write-Output "Installing Az modules..."
16 Install-Module -Name Az.Accounts -Force -Scope CurrentUser -AllowClobber
17 Install-Module -Name Az.Compute -Force -Scope CurrentUser -AllowClobber
18 Import-Module Az.Accounts
19 Import-Module Az.Compute
20 Write-Output "Az modules installed successfully."
21
22 # Connect to Azure Account
23 Write-Output "Connecting to Azure..."
24 $passwd = ConvertTo-SecureString $(Secret) -AsPlainText -Force
25 $pscredential = New-Object System.Management.Automation.PSCredential('$(AVDPipelines)', $passwd)
26 Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant $(tenantId)
27 Write-Output "Connected to Azure."
28
29 # Set the Azure subscription context
30 Write-Output "Setting Azure subscription context..."
31 Set-AzContext -Subscription "$(subscriptionId)"
32 Write-Output "Subscription context set."
33
34 # Define VM details
35 $vmname = "${{ parameters.vmName }}"
36 $locationShortCode = if ("${{ parameters.location }}" -eq "westeurope") { "weu" } else { "neu" }
37 $resourceGroupName = "rg-${{ parameters.productType }}-${{ parameters.environmentType }}-$locationShortCode"
38
39 # Run Windows Update Check
40 $script = @'
41 Write-Output "Checking for Windows Updates..."
42 Try {
43 Install-PackageProvider -Name NuGet -Force -ErrorAction Stop
44 Install-Module -Name PSWindowsUpdate -Force -ErrorAction Stop
45 powershell.exe -ExecutionPolicy Bypass -Command "Import-Module PSWindowsUpdate"
46
47 Write-Output "Checking for available updates..."
48 $updates = Get-WindowsUpdate -MicrosoftUpdate -IgnoreReboot -ErrorAction Stop
49 }
50 Catch {
51 Write-Output "Error checking updates: $_"
52 Exit 1
53 }
54
55 if ($updates) {
56 Write-Output "The following updates are available:"
57 $updates | ForEach-Object { Write-Output "Title: $($_.Title) | KB: $($_.KBArticle) | Size: $($_.Size) | Severity: $($_.MsrcSeverity)" }
58 } else {
59 Write-Output "No updates available."
60 }
61 '@
62
63 $updateResult = Invoke-AzVMRunCommand -ResourceGroupName $resourceGroupName -Name $vmname -CommandId "RunPowerShellScript" -ScriptString $script
64
65 Write-Output "Windows update check completed."
66 $updateResult.Value | ForEach-Object {
67 Write-Output "Code : $($_.Code)"
68 Write-Output "Level : $($_.Level)"
69 Write-Output "DisplayStatus : $($_.DisplayStatus)"
70 Write-Output "Message : $($_.Message)"
71 Write-Output "Time : $($_.Time)"
72 }
Let's check the installation step.
Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -IgnoreReboot -Confirm:$falseis used to install the updates
1- task: PowerShell@2
2 displayName: "Install Windows Updates & Reboot VM"
3 inputs:
4 azureSubscription: "AVDPipelines"
5 targetType: 'inline'
6 script: |
7 Write-Output "Installing Windows Updates..."
8 # Define VM details
9 $vmname = "${{ parameters.vmName }}"
10 $locationShortCode = if ("${{ parameters.location }}" -eq "westeurope") { "weu" } else { "neu" }
11 $resourceGroupName = "rg-${{ parameters.productType }}-${{ parameters.environmentType }}-$locationShortCode"
12
13 $installScript = @'
14 Write-Output "Installing updates..."
15
16 Try {
17 Install-PackageProvider -Name NuGet -Force -ErrorAction Stop
18 Install-Module -Name PSWindowsUpdate -Force -ErrorAction Stop
19 powershell.exe -ExecutionPolicy Bypass -Command "Import-Module PSWindowsUpdate"
20
21 Write-Output "Starting update installation..."
22 Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -IgnoreReboot -Confirm:$false
23 Write-Output "Updates installed successfully."
24 }
25 Catch {
26 Write-Output "Error during update installation: $_"
27 Exit 1
28 }
29
30 Write-Output "Rebooting VM..."
31 restart-computer -Force
32 '@
33
34 Invoke-AzVMRunCommand -ResourceGroupName $resourceGroupName -Name $vmname -CommandId "RunPowerShellScript" -ScriptString $installScript
35
36 Write-Output "VM reboot initiated."
This step will repeat itself two times, in the last step it will give a history of the installed updates.
The reason why I do it in multiple steps is because of the 60 minute running time limit per job for a Microsoft hosted agent else you can also create a loop to do all those windows updates steps in one job, or use your own self hosted devops agents.
Get-WUHistoryis used to show the installed updates.
1- stage: check_Windows_Updates_last_time
2 displayName: "Check Windows Updates last time and clean up"
3 jobs:
4 - job: checkWindowsUpdatesLastTime
5 displayName: "Check Windows Updates last time and clean up"
6 pool:
7 vmImage: "windows-latest"
8 steps:
9 - task: PowerShell@2
10 inputs:
11 azureSubscription: "AVDPipelines"
12 targetType: 'inline'
13 script: |
14 # Ensure required Az modules are installed
15 Write-Output "Installing Az modules..."
16 Install-Module -Name Az.Accounts -Force -Scope CurrentUser -AllowClobber
17 Install-Module -Name Az.Compute -Force -Scope CurrentUser -AllowClobber
18 Import-Module Az.Accounts
19 Import-Module Az.Compute
20 Write-Output "Az modules installed successfully."
21
22 # Connect to Azure Account
23 Write-Output "Connecting to Azure..."
24 $passwd = ConvertTo-SecureString $(Secret) -AsPlainText -Force
25 $pscredential = New-Object System.Management.Automation.PSCredential('$(AVDPipelines)', $passwd)
26 Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant $(tenantId)
27 Write-Output "Connected to Azure."
28
29 # Set the Azure subscription context
30 Write-Output "Setting Azure subscription context..."
31 Set-AzContext -Subscription "$(subscriptionId)"
32 Write-Output "Subscription context set."
33
34 # Define VM details
35 $vmname = "${{ parameters.vmName }}"
36 $locationShortCode = if ("${{ parameters.location }}" -eq "westeurope") { "weu" } else { "neu" }
37 $resourceGroupName = "rg-${{ parameters.productType }}-${{ parameters.environmentType }}-$locationShortCode"
38
39 # Run Windows Update Check
40 $script = @'
41 Write-Output "Checking for Windows Updates..."
42 Try {
43 Install-PackageProvider -Name NuGet -Force -ErrorAction Stop
44 Install-Module -Name PSWindowsUpdate -Force -ErrorAction Stop
45 powershell.exe -ExecutionPolicy Bypass -Command "Import-Module PSWindowsUpdate"
46
47 Write-Output "Checking for available updates..."
48 $updates = Get-WindowsUpdate -MicrosoftUpdate -IgnoreReboot -ErrorAction Stop
49 }
50 Catch {
51 Write-Output "Error checking updates: $_"
52 Exit 1
53 }
54
55 if ($updates) {
56 Write-Output "The following updates are available:"
57 $updates | ForEach-Object { Write-Output "Title: $($_.Title) | KB: $($_.KBArticle) | Size: $($_.Size) | Severity: $($_.MsrcSeverity)" }
58 } else {
59 Write-Output "No updates available."
60 }
61 # Get Windows Update history
62 Write-Output "Fetching Windows Update history..."
63 $updateHistory = Get-WUHistory
64 if ($updateHistory) {
65 $updateHistory | ForEach-Object { Write-Output "Date: $($_.Date) | Title: $($_.Title) | Status: $($_.ResultCode)" }
66 } else {
67 Write-Output "No update history found."
68 }
69 '@
70
71 # Execute script on Azure VM
72 $updateResult = Invoke-AzVMRunCommand -ResourceGroupName $resourceGroupName -Name $vmname -CommandId "RunPowerShellScript" -ScriptString $script
73
74 # Output results
75 Write-Output "Windows update check completed."
76 $updateResult.Value | ForEach-Object {
77 Write-Output "Code : $($_.Code)"
78 Write-Output "Level : $($_.Level)"
79 Write-Output "DisplayStatus : $($_.DisplayStatus)"
80 Write-Output "Message : $($_.Message)"
81 Write-Output "Time : $($_.Time)"
82 }
Windows Updates is done, now let's create a snapshot of the disk.
- For the naming it will create a timestamp.
timestamp=$(date -u +"%Y%m%dT%H%M%SZ") snapshotName="snapshot-bs-${timestamp}-${{ parameters.productType }}-${{ parameters.environmentType }}-${locationShortCode}"
1- stage: Take_snapshot_of_the_Disk
2 displayName: "Create a snapshot of the current disk"
3 jobs:
4 - job: Take_snapshot_of_the_Disk
5 displayName: "Create a snapshot of the current disk"
6 pool:
7 vmImage: "ubuntu-latest"
8 steps:
9 - task: Bash@3
10 displayName: Azure CLI Login
11 inputs:
12 targetType: "inline"
13 script: |
14 # Install Azure CLI
15 sudo apt-get update
16 sudo apt-get install -y libicu-dev curl
17 curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
18
19 # Login to Azure
20 az login --service-principal --username $(AVDPipelines) --password $(Secret) --tenant $(tenantId)
21
22 if [ $? -ne 0 ]; then
23 echo "Azure login failed. Please check the service principal credentials."
24 exit 1
25 fi
26 echo "Azure login successful."
27
28 # Confirm subscription
29 az account show
30
31 # Define parameters
32 locationShortCode=""
33 case "${{ parameters.location }}" in
34 "westeurope") locationShortCode="weu" ;;
35 "northeurope") locationShortCode="neu" ;;
36 *) echo "Unknown location: ${{ parameters.location }}"; exit 1 ;;
37 esac
38
39 # Define variables
40 resourceGroupName="rg-${{ parameters.productType }}-${{ parameters.environmentType }}-${locationShortCode}"
41 location="${{ parameters.location }}"
42 vmName="${{ parameters.vmName }}"
43
44 # Fetch the disk name dynamically from the VM
45 diskName=$(az vm show \
46 --name "$vmName" \
47 --resource-group "$resourceGroupName" \
48 --query "storageProfile.osDisk.name" -o tsv)
49
50 if [ -z "$diskName" ]; then
51 echo "Error: Unable to retrieve the OS disk name for VM $vmName in resource group $resourceGroupName."
52 exit 1
53 fi
54
55 echo "Found OS Disk: $diskName"
56
57 # Define snapshot name with timestamp
58 timestamp=$(date -u +"%Y%m%dT%H%M%SZ") # Get current UTC time
59 snapshotName="snapshot-bs-${timestamp}-${{ parameters.productType }}-${{ parameters.environmentType }}-${locationShortCode}"
60
61 # Create a snapshot
62 az snapshot create \
63 --name "$snapshotName" \
64 --resource-group "$resourceGroupName" \
65 --location "$location" \
66 --source "$diskName" \
67 --output json
68
69 if [ $? -ne 0 ]; then
70 echo "Failed to create snapshot $snapshotName."
71 exit 1
72 fi
73
74 echo "Snapshot $snapshotName created successfully in resource group $resourceGroupName."
It will sysprep the machine.
1- stage: Sysprep_the_VM
2 displayName: "Sysprep the machine"
3 jobs:
4 - job: Sysprep_the_VM
5 displayName: "Sysprep the machine"
6 pool:
7 vmImage: "ubuntu-latest"
8 steps:
9 - task: Bash@3
10 displayName: Azure CLI Login
11 inputs:
12 targetType: "inline"
13 script: |
14 # Install Azure CLI
15 sudo apt-get update
16 sudo apt-get install -y libicu-dev curl
17 curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
18
19 # Login to Azure
20 az login --service-principal --username $(AVDPipelines) --password $(Secret) --tenant $(tenantId)
21
22 if [ $? -ne 0 ]; then
23 echo "Azure login failed. Please check the service principal credentials."
24 exit 1
25 fi
26 echo "Azure login successful."
27
28 # Confirm subscription
29 az account show
30
31 # Define parameters
32 locationShortCode=""
33 case "${{ parameters.location }}" in
34 "westeurope") locationShortCode="weu" ;;
35 "northeurope") locationShortCode="neu" ;;
36 *) echo "Unknown location: ${{ parameters.location }}"; exit 1 ;;
37 esac
38
39 # Define variables
40 resourceGroupName="rg-${{ parameters.productType }}-${{ parameters.environmentType }}-${locationShortCode}"
41 vmName="${{ parameters.vmName }}"
42 version="${{ parameters.imageVersion }}"
43
44 # Sysprep the machine
45 echo "Sysprepping the machine $vmName in resource group $resourceGroupName."
46 az vm run-command invoke \
47 --command-id RunPowerShellScript \
48 --name "$vmName" \
49 --resource-group "$resourceGroupName" \
50 --scripts "Start-Process -FilePath 'C:\\Windows\\System32\\Sysprep\\Sysprep.exe' -ArgumentList '/generalize /shutdown /oobe' -Wait -NoNewWindow"
51
52 if [ $? -ne 0 ]; then
53 echo "Failed to sysprep the VM $vmName."
54 exit 1
55 fi
56
57 echo "Sysprep operation completed for VM $vmName."
And after the sysprep it will capture it and store it to the Azure Compute Gallery.
- It will give the name based on the input parameter
version="${{ parameters.imageVersion }}".
1- stage: Capture_Image_Save_It_To_Gallery
2 displayName: "Capture the image and save it to the gallery"
3 jobs:
4 - job: Capture_Image_Save_It_To_Gallery
5 displayName: "Capture the image and save it to the gallery"
6 pool:
7 vmImage: "ubuntu-latest"
8 steps:
9 - task: Bash@3
10 displayName: Azure CLI Login
11 inputs:
12 targetType: "inline"
13 script: |
14 # Install Azure CLI
15 sudo apt-get update
16 sudo apt-get install -y libicu-dev curl
17 curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
18
19 # Login to Azure
20 az login --service-principal --username $(AVDPipelines) --password $(Secret) --tenant $(tenantId)
21
22 if [ $? -ne 0 ]; then
23 echo "Azure login failed. Please check the service principal credentials."
24 exit 1
25 fi
26 echo "Azure login successful."
27
28 # Confirm subscription
29 az account show
30
31 # Define parameters
32 locationShortCode=""
33 case "${{ parameters.location }}" in
34 "westeurope") locationShortCode="weu" ;;
35 "northeurope") locationShortCode="neu" ;;
36 *) echo "Unknown location: ${{ parameters.location }}"; exit 1 ;;
37 esac
38
39 # Define variables
40 resourceGroupName="rg-${{ parameters.productType }}-${{ parameters.environmentType }}-${locationShortCode}"
41 location="${{ parameters.location }}"
42 vmName="${{ parameters.vmName }}"
43 imageGalleryName="gal${{ parameters.productType }}${{ parameters.environmentType }}${locationShortCode}" # Name of the image gallery
44
45 # Display imageGalleryName for confirmation
46 echo "Image Gallery Name: $imageGalleryName"
47
48 # Generate image name dynamically with timestamp
49 imageName="img-${{ parameters.productType }}-${{ parameters.environmentType }}-${locationShortCode}"
50 echo "Image Name: $imageName"
51
52 version="${{ parameters.imageVersion }}"
53 echo "Image Version: $version"
54
55 # Step 1: Deallocate the VM
56 echo "Deallocating the VM $vmName in resource group $resourceGroupName..."
57 az vm deallocate --resource-group "$resourceGroupName" --name "$vmName"
58
59 if [ $? -ne 0 ]; then
60 echo "Failed to deallocate VM $vmName."
61 exit 1
62 fi
63 echo "VM $vmName deallocated successfully."
64
65 # Step 2: Generalize the VM
66 echo "Generalizing the VM $vmName..."
67 az vm generalize --resource-group "$resourceGroupName" --name "$vmName"
68
69 if [ $? -ne 0 ]; then
70 echo "Failed to generalize VM $vmName."
71 exit 1
72 fi
73 echo "VM $vmName generalized successfully."
74
75 # Step 3: Get the VM resource ID
76 echo "Retrieving the resource ID for the VM..."
77 vmResourceId=$(az vm show \
78 --resource-group "$resourceGroupName" \
79 --name "$vmName" \
80 --query "id" \
81 --output tsv)
82
83 if [ $? -ne 0 ]; then
84 echo "Failed to retrieve VM resource ID."
85 exit 1
86 fi
87
88 echo "VM Resource ID: $vmResourceId"
89
90 # Step 4: Create the image version in the image gallery
91 echo "Creating image version in the gallery..."
92 az sig image-version create \
93 --resource-group "$resourceGroupName" \
94 --gallery-name "$imageGalleryName" \
95 --gallery-image-definition "$imageName" \
96 --gallery-image-version "$version" \
97 --virtual-machine "$vmResourceId" \
98
99
100 if [ $? -ne 0 ]; then
101 echo "Failed to create image version in the gallery."
102 exit 1
103 fi
104
105 echo "Image version created successfully in gallery $imageGalleryName."
As an final part, we are going to clean up the virtual machine in the environment .
1- stage: Delete_Installation_Machine
2 displayName: "Delete the installation machine"
3 jobs:
4 - job: Delete_Installation_Machine
5 displayName: "Delete the installation machine"
6 pool:
7 vmImage: "ubuntu-latest"
8 steps:
9 - task: Bash@3
10 displayName: Azure CLI Login and Resource Deletion
11 inputs:
12 targetType: "inline"
13 script: |
14 # Install Azure CLI
15 sudo apt-get update
16 sudo apt-get install -y libicu-dev curl
17 curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
18
19 # Login to Azure
20 az login --service-principal --username $(AVDPipelines) --password $(Secret) --tenant $(tenantId)
21
22 if [ $? -ne 0 ]; then
23 echo "Azure login failed. Please check the service principal credentials."
24 exit 1
25 fi
26 echo "Azure login successful."
27
28 # Confirm subscription
29 az account show
30
31 # Define parameters
32 locationShortCode=""
33 case "${{ parameters.location }}" in
34 "westeurope") locationShortCode="weu" ;;
35 "northeurope") locationShortCode="neu" ;;
36 *) echo "Unknown location: ${{ parameters.location }}"; exit 1 ;;
37 esac
38
39 # Define variables
40 resourceGroupName="rg-${{ parameters.productType }}-${{ parameters.environmentType }}-${locationShortCode}"
41 vmName="${{ parameters.vmName }}"
42
43 echo "Deleting Virtual Machine: $vmName from Resource Group: $resourceGroupName"
44
45 # Get the attached resources
46 osDiskId=$(az vm show --name $vmName --resource-group $resourceGroupName --query "storageProfile.osDisk.managedDisk.id" -o tsv)
47 dataDiskIds=$(az vm show --name $vmName --resource-group $resourceGroupName --query "storageProfile.dataDisks[].managedDisk.id" -o tsv)
48 nicIds=$(az vm show --name $vmName --resource-group $resourceGroupName --query "networkProfile.networkInterfaces[].id" -o tsv)
49
50 # Delete the Virtual Machine
51 az vm delete --name $vmName --resource-group $resourceGroupName --yes --no-wait
52 echo "Virtual Machine $vmName deleted."
53
54 # Delete the OS Disk
55 if [ -n "$osDiskId" ]; then
56 echo "Deleting OS Disk: $osDiskId"
57 az disk delete --ids $osDiskId --yes --no-wait
58 fi
59
60 # Delete Data Disks
61 if [ -n "$dataDiskIds" ]; then
62 echo "Deleting Data Disks: $dataDiskIds"
63 for diskId in $dataDiskIds; do
64 az disk delete --ids $diskId --yes --no-wait
65 done
66 fi
67
68 # Delete NICs
69 if [ -n "$nicIds" ]; then
70 echo "Deleting Network Interfaces: $nicIds"
71 for nicId in $nicIds; do
72 az network nic delete --ids $nicId
73 done
74 fi
75
76 echo "Cleanup completed for VM $vmName."
How we setup the pipeline and where to find the complete file?
In an early blog I already describe how to set-up a DevOps pipeline, you can find the document here.
You can find the whole yaml file in the Bicep Automation repository.
Conclusion.
Ultimately, using this technique we have an updated image that is stored in the Azure Compute Gallery. I use this method quite often now and it helps me to get an up-to-date image in an automated way. Of course you still have to spin up new machines using the new version, but with the preview function session host configuration update this can be done very easily.
I hope you find this blog about updating an image useful. If you have any comments and/or questions, please let me know via one of my social media channels.