Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CLI - Gen2+TLVM As default - New VM with minimal Inputs

See original GitHub issue

Related command

Resource Provider

Microsoft.Compute/virtualMachines

Description of Feature or Work Requested

Gen2+TLVM as default (Preferred)

As part of making compute layer secure for customers to deploy workloads, request is to make Trusted Launch (GA Date: November 2021) as default deployment option in CLI. Following changes will need to be made for same:

Scenario 1 - User runs az vm create with minimal parameters.

Present Behavior Updated Behavior post change
New VM with minimal parameters:
  1. User runs command az vm create --name vmname --resource-group rgname.
  2. User gets prompted for value of --image parameter. User provides specific image ID or URNAlias
  3. CLI creates VM with size Standard_DS1_v2.
 Updated default parameters:
  1. User runs command az vm create --name vmname --resource-group rgname.
  2. CLI takes default value for --image parameter as MicrosoftWindowsServer:WindowsServer:2022-datacenter-azure-edition:latest i.e., no prompt for user for value of --image parameter.
  3. Following parameters are set by default:
    • --enable-secure-boot with value true
    • --enable-vtpm with value true
    • --security-type with value TrustedLaunch
  4. CLI creates VM with size Standard_DS1_v2 and default values for parameters mentioned in Step 2 & 3

Notification Message if needed to be provided to end users prior to making changes - Starting xx/xx/xxxx az vm create command will deploy Trusted Launch VM by default. To know more about Trusted Launch, please visit https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch

Scenario 2 - User runs az vmss create with minimal parameters.

Present Behavior Updated Behavior post change
New VMSS with minimal parameters:
  1. User runs command az vmss create --name vmssname --resource-group rgname.
  2. User gets prompted for value of --image parameter. User provides specific image ID or URNAlias
  3. CLI creates VMSS with size Standard_DS1_v2.
 Updated default parameters:
  1. runs command az vmss create --name vmssname --resource-group rgname.
  2. CLI takes default value for --image parameter as MicrosoftWindowsServer:WindowsServer:2022-datacenter-azure-edition:latest i.e., no prompt for user for value of --image parameter.
  3. Following parameters are set by default:
    • --enable-secure-boot with value true
    • --enable-vtpm with value true
    • --security-type with value TrustedLaunch
  4. CLI creates VMSS with size Standard_DS1_v2 and default values for parameters mentioned in Step 2 & 3

Notification Message if needed to be provided to end users prior to making changes - Starting xx/xx/xxxx az vmss create command will deploy Trusted Launch VM by default. To know more about Trusted Launch, please visit https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch

NOTE: Please review limitations Trusted Launch VM Limitations to assess any impact for CLI users.

Minimum API Version Required

2021-11-01

Swagger PR link

Compute Swagger 2021-11-01

Request Example

Target Date

2022-10-10

Additional context

  • Target date for implementing notification for user is to match ignite event scheduled for 2022-10-12
  • My understanding is before change is implemented, user will need to be provided with notification, hence target date for implementation of the changes is Build event 2023 (May 2023)
  • Multiple Trusted Launch VM limitations will be tentatively addressed before actual implementation date of May 2023.
  • VM Size / SKU capability to support Gen2 or Trusted Launch VM can be queried using API Resource SKU List API
    • For Gen2 refer to property HyperVGeneration with supported value of v2
    • For trusted launch VM, refer to property TrustedLaunchSupportDisabled set to true, for sizes which support Gen2 but not Trusted Launch.
  • Image capability to support Gen2 or Trusted Launch VM can be queried using API Virtual Machines Images GET API
  • TLVM-as-default implementation in Azure Portal is planned for December 2022.

Issue Analytics

  • State:open
  • Created a year ago
  • Reactions:1
  • Comments:6 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
AjKundnanicommented, Nov 29, 2022

@AjKundnani OK, got it. Please also update the default OS Image in the feature description~

Done, thanks.

1reaction
AjKundnanicommented, Aug 5, 2022

@AjKundnani In fact, when users only execute the az vm create --name vmname --resource-group rgname command without other parameters, CLI will prompt incorrect usage: --image IMAGE | --attach-os-disk DISK This is because at present, users can also create a VM by attaching the OS disk without using the --image parameter, such as execute vm create -g {rg} -n vm2 --attach-os-disk {disk_uri} --os-type linux --use-unmanaged-disk. And it is similar for VMSS.

So I want to confirm whether these default behaviors only take effect when the user has neither passed in --image parameter nor --attach-os-disk parameter?

@zhoxing-ms That is correct, for this scenario we assume user has not passed values to parameter --image nor for --attach-os-disk. For scenario where users will pass specific values (and other scenarios), I’ll be submitting different request. #23450

Read more comments on GitHub >

github_iconTop Results From Across the Web

New-VM Command | VMware PowerCLI Reference
Required Parameter Name Type Position required Name String named optional AdvancedOption AdvancedOption named optional AlternateGuestName String named
Read more >
Azure support for generation 2 VMs - Azure Virtual Machines
In the Azure portal or Azure CLI, you can create generation 2 VMs from a Marketplace image that supports UEFI boot. Azure portal....
Read more >
get-virtual-machine — AWS CLI 1.27.32 Command Reference
--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input...
Read more >
Chapter 3. Configuring Virtual Machines - VirtualBox
Use the Create Virtual Machine wizard. An optional step in the wizard enables you to configure unattended installation. You can specify the default...
Read more >
qm(1) - Proxmox VE
For VM templates, we try to create a linked clone by default. --name <string> ... Use the order= sub-property as usage with no...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

CLI - Gen2+TLVM As Default - New VM with image parameter

Next page

az keyvault list does not show newly created key vault