Add WS2025 SIG image

    - Adds commands for Windows Server 2025 SIG images
    - Adds Purchase Plan info for Azure Market Place Images

 #   - Adds Purchase Plan info for Azure Market Place Images

images/capi/Makefile

@@ -643,6 +643,7 @@ build-azure-sig-azurelinux-3: ## Builds Azure Linux 3 Azure managed image in Sha
 build-azure-sig-rhel-8: ## Builds RHEL 8 Azure managed image in Shared Image Gallery
 build-azure-sig-windows-2019-containerd: ## Builds Windows Server 2019 with containerd Azure managed image in Shared Image Gallery
 build-azure-sig-windows-2022-containerd: ## Builds Windows Server 2022 with containerd Azure managed image in Shared Image Gallery
+build-azure-sig-windows-2025-containerd: ## Builds Windows Server 2025 with containerd Azure managed image in Shared Image Gallery
 build-azure-sig-windows-2019-containerd-cvm: ## Builds Windows Server 2019 with containerd CVM Azure managed image in Shared Image Gallery
 build-azure-sig-windows-2022-containerd-cvm: ## Builds Windows Server 2022 with containerd CVM Azure managed image in Shared Image Gallery
 build-azure-vhd-ubuntu-2004: ## Builds Ubuntu 20.04 VHD image for Azure
@@ -871,6 +872,7 @@ validate-azure-sig-ubuntu-2204: ## Validates Ubuntu 22.04 Azure managed image in
 validate-azure-sig-ubuntu-2404: ## Validates Ubuntu 24.04 Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-windows-2019-containerd: ## Validate Windows Server 2019 with containerd Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-windows-2022-containerd: ## Validate Windows Server 2022 with containerd Azure managed image in Shared Image Gallery Packer config
+validate-azure-sig-windows-2025-containerd: ## Validate Windows Server 2025 with containerd Azure managed image in Shared Image Gallery Packer config
 validate-azure-sig-windows-annual-containerd: ## Validate Windows Server Annual Channel with containerd Azure managed image in Shared Image Gallery Packer config
 validate-azure-vhd-centos-7: ## Validates CentOS 7 VHD image Azure Packer config
 validate-azure-vhd-mariner-2: ## Validates Azure Linux 2 VHD image Azure Packer config

images/capi/azure_targets.sh

@@ -1,7 +1,7 @@
 VHD_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 azurelinux-3 rhel-8 windows-2019-containerd windows-2022-containerd"
 VHD_CI_TARGETS="ubuntu-2204 ubuntu-2404 mariner-2 windows-2019-containerd windows-2022-containerd"
-SIG_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 azurelinux-3 rhel-8 windows-2019-containerd windows-2022-containerd flatcar"
-SIG_CI_TARGETS="ubuntu-2204 ubuntu-2404 mariner-2 windows-2019-containerd windows-2022-containerd flatcar"
+SIG_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 azurelinux-3 rhel-8 windows-2019-containerd windows-2022-containerd windows-2025-containerd flatcar"
+SIG_CI_TARGETS="ubuntu-2204 ubuntu-2404 mariner-2 windows-2019-containerd windows-2022-containerd windows-2025-containerd flatcar"
 SIG_GEN2_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 centos-7 mariner-2 azurelinux-3 flatcar"
 SIG_GEN2_CI_TARGETS="ubuntu-2204 ubuntu-2404 mariner-2 flatcar"
 SIG_CVM_TARGETS="ubuntu-2004 ubuntu-2204 ubuntu-2404 windows-2019-containerd windows-2022-containerd"

images/capi/packer/azure/packer-windows.json

@@ -60,6 +60,11 @@
       "name": "sig-{{user `build_name`}}",
       "os_disk_size_gb": "{{user `os_disk_size_gb`}}",
       "os_type": "Windows",
+      "plan_info": {
+        "plan_name": "{{user `plan_image_sku`}}",
+        "plan_product": "{{user `plan_image_offer`}}",
+        "plan_publisher": "{{user `plan_image_publisher`}}"
+      },
       "private_virtual_network_with_public_ip": "{{user `private_virtual_network_with_public_ip`}}",
       "shared_gallery_image_version_exclude_from_latest": "{{ user `exclude_from_latest` }}",
       "shared_image_gallery": {
@@ -154,7 +159,9 @@
       "inspect": "{{user `goss_inspect_mode`}}",
       "remote_folder": "{{user `goss_remote_folder`}}",
       "remote_path": "{{user `goss_remote_path`}}",
+      "retry_timeout": "{{user `goss_retry_timeout`}}",
       "skip_install": "{{user `goss_skip_install`}}",
+      "sleep": "{{user `goss_sleep`}}",
       "target_os": "Windows",
       "tests": [
         "{{user `goss_tests_dir`}}"

images/capi/packer/azure/scripts/init-sig.sh

@@ -40,6 +40,41 @@ az sig create --resource-group ${RESOURCE_GROUP_NAME} --gallery-name ${GALLERY_N
 
 SECURITY_TYPE_CVM_SUPPORTED_FEATURE="SecurityType=ConfidentialVmSupported"
 
+SIG_TARGET=$1
+
+
+#################################################################################
+##### TODO: [SEPTEMBER 2024] Remove purchase plan info when the image is GA #####
+# Creating Azure VMs from a Marketplace Image requires a Purchase Plan
+# https://learn.microsoft.com/en-us/azure/virtual-machines/marketplace-images
+# HACK: Extract purchase plan info from the target json. We want to avoid changing the Prow jobs YAML files to add these
+# values as environment variables.
+TARGET_JSON="$(realpath packer/azure/$SIG_TARGET.json)"
+DISTRIBUTION=$(jq -r '.distribution' "$TARGET_JSON")
+DISTRIBUTION_VERSION=$(jq -r '.distribution_version' "$TARGET_JSON")
+
+if [[ "$DISTRIBUTION" == "windows" && "$DISTRIBUTION_VERSION" == "2025" ]]; then
+  PLAN_PUBLISHER=$(jq -r '.plan_image_publisher' "$TARGET_JSON")
+  PLAN_OFFER=$(jq -r '.plan_image_offer' "$TARGET_JSON")
+  PLAN_NAME=$(jq -r '.plan_image_sku' "$TARGET_JSON")
+  PLAN_VERSION=${PLAN_VERSION:-"latest"}
+
+  # Proceed only if all plan details are available
+  # WHY? Build fails with: "You have not accepted the legal terms on this subscription"
+  if [[ "$PLAN_PUBLISHER" != "null" && "$PLAN_OFFER" != "null" && "$PLAN_NAME" != "null" ]]; then
+    PLAN_URN="${PLAN_PUBLISHER}:${PLAN_OFFER}:${PLAN_NAME}:$(echo $PLAN_VERSION)"
+    echo "Plan info: ${PLAN_URN}"
+
+    # Retrieve the terms and check acceptance status
+    if [[ "$(az vm image terms show --urn "$PLAN_URN" | jq -r '.accepted')" != "true" ]]; then
+      echo "Accepting terms for image URN: ${PLAN_URN}"
+      az vm image terms accept --urn "$PLAN_URN"
+    fi
+  fi
+fi
+############# END: SECTION TO BE REMOVED AFTER IMAGE IS GA ###################
+##############################################################################
+
 create_image_definition() {
   az sig image-definition create \
     --resource-group ${RESOURCE_GROUP_NAME} \
@@ -50,11 +85,12 @@ create_image_definition() {
     --sku ${SIG_SKU:-$2} \
     --hyper-v-generation ${3} \
     --os-type ${4} \
-    --features ${5:-''}
+    --features ${5:-''} \
+    --plan-name ${PLAN_NAME} \
+    --plan-product ${PLAN_OFFER} \
+    --plan-publisher ${PLAN_PUBLISHER}
 }
 
-SIG_TARGET=$1
-
 case ${SIG_TARGET} in
   ubuntu-2004)
     create_image_definition ${SIG_TARGET} "20_04-lts" "V1" "Linux"
@@ -83,6 +119,9 @@ case ${SIG_TARGET} in
   windows-2022-containerd)
     create_image_definition ${SIG_TARGET} "win-2022-containerd" "V1" "Windows"
   ;;
+  windows-2025-containerd)
+    create_image_definition ${SIG_TARGET} "win-2025-containerd" "V2" "Windows"
+  ;;
   windows-annual-containerd)
     create_image_definition ${SIG_TARGET} "win-annual-containerd" "V1" "Windows"
   ;;

images/capi/packer/azure/windows-2025-containerd.json

@@ -0,0 +1,18 @@
+{
+  "additional_registry_images": "false",
+  "additional_registry_images_list": "",
+  "build_name": "windows-2025-containerd",
+  "distribution": "windows",
+  "distribution_version": "2025",
+  "image_offer": "microsoftserveroperatingsystems-previews",
+  "image_publisher": "MicrosoftWindowsServer",
+  "image_sku": "windows-server-2025-azure-edition-hotpatch",
+  "image_version": "latest",
+  "load_additional_components": "false",
+  "plan_image_offer": "microsoftserveroperatingsystems-previews",
+  "plan_image_publisher": "microsoftwindowsserver",
+  "plan_image_sku": "windows-server-2025-azure-edition-hotpatch",
+  "runtime": "containerd",
+  "vm_size": "Standard_D4s_v3",
+  "windows_updates_kbs": ""
+}

images/capi/packer/config/goss-args.json

@@ -7,7 +7,9 @@
   "goss_inspect_mode": "false",
   "goss_remote_folder": "",
   "goss_remote_path": "",
+  "goss_retry_timeout": "240s",
   "goss_skip_install": "false",
+  "goss_sleep": "2s",
   "goss_tests_dir": "packer/goss",
   "goss_url": "",
   "goss_vars_file": "packer/goss/goss-vars.yaml",

images/capi/packer/goss/goss-command.yaml

@@ -231,12 +231,16 @@ command:
     stdout:
     - "C:\\Windows\\System32\\CCGAKVPlugin.dll"
     timeout: 30000
+  {{if ne .Vars.distribution_version "2025"}}
+  # TODO: [SEPTEMEBER 2024] Known issue in Windows Server 2025 preview image.
+  # WIP to fix the bug: The property value is null/empty
   Key Vault gMSA CCG interface is registered:
     exec: powershell -command "(Get-Item 'HKLM:SOFTWARE\Classes\Interface\{6ECDA518-2010-4437-8BC3-46E752B7B172}') | Ft -autosize -wrap"
     exit-status: 0
     stdout:
     - "ICcgDomainAuthCredentials"
     timeout: 30000
+  {{end}}
 {{end}}
 
 {{ if ne .Vars.ssh_source_url "" }}

images/capi/packer/goss/goss-package.yaml

@@ -73,6 +73,11 @@ package:
 {{end}}
 {{end}}
 
+
+#################################################################################
+######## TODO: [SEPTEMBER 2024] Revert timeout to 60000ms after image GA ########
+# The WS2025 preview image build is failing due to timeout issues when running 
+# PowerShell command to Get Windows Features.
 {{ if eq .Vars.OS "windows"}} # Windows
 # Workaround until windows features are added to goss
 command:
@@ -82,7 +87,7 @@ command:
     exit-status: 0
     stdout: {{range $vers.expected}}
     - {{.}}
-    timeout: 60000
+    timeout: 120000 # Give it enough time to retry if it fails
     {{end}}
 {{end}}
 {{end}}