1

I created Azure Managed Application. I used managed images in mainTemplate.json to create new VMs, like in example:

{
    "type": "Microsoft.Compute/images",
    "apiVersion": "2018-04-01",
    "name": "front-image",
    "location": "[parameters('location')]",
    "properties": {
        "storageProfile": {
            "osDisk": {
                "osType": "linux",
                "osState": "Generalized",
                "blobUri": "[concat('https://sdfasdfasdf.blob.core.windows.net/images/myserver.vhd')]",
                "caching": "ReadWrite",
                "storageAccountType": "Standard_LRS"
            }
        }
    }
}, {
    "apiVersion": "2016-04-30-preview",
    "type": "Microsoft.Compute/virtualMachines",
    "name": "myserver",
    "location": "[parameters('location')]",
    "dependsOn": ["myserver-nic", "myserver-images"],
    "properties": {
        "storageProfile": {
            "imageReference": {
                "id": "[resourceId('Microsoft.Compute/images', 'myserver-image')]"
            }
        },
        ...
    }
}

This work well in Service catalog. But when I trying deploy application from Azure Marketplace, I have next error:

The source blob https://sdfasdfasdf.blob.core.windows.net/images/myserver.vhd does not belong to a storage account in subscription ****** .

In Azure FAQ I found next:

Q: Can I use a VHD file in an Azure storage account to create a managed disk with a different subscription?

A: Yes.

What I doing wrong?

FiftiN
  • 740
  • 1
  • 7
  • 27
  • I found similar question on azure forum, but without answer: https://social.msdn.microsoft.com/Forums/azure/en-US/b3fd409a-7c46-4827-a18a-f9227b800c35/custom-vhd-in-managed-applications?forum=WAVirtualMachinesforWindows – FiftiN Jan 23 '19 at 14:56
  • actually not sure about that FAQ. are they both in the same region? – 4c74356b41 Jan 23 '19 at 21:00
  • Yes, it is, both in centralus – FiftiN Jan 23 '19 at 21:10
  • weird, well anyway, i only know of that way of doing that (they one i described in the answer) – 4c74356b41 Jan 24 '19 at 05:45

3 Answers3

1

this can only work with some quirks. basically you need to do something akin to this. So use some sort of third party mechanism to create an image in the customer subscription. you cannot use images across subscriptions (at least at the time of writing).

4c74356b41
  • 69,186
  • 6
  • 100
  • 141
  • Thank you! It works, but I can't understand how. I found image TransferVM-osdisk.vhd in storage account. Where did he come from? – FiftiN Jan 23 '19 at 20:56
  • there is a script in that first vm that does that, you can explore that solution I've linked to get better understanding – 4c74356b41 Jan 23 '19 at 20:58
  • It works for Service catalog, but not for Marketplace. Now I have next error: The client --- with object id -- does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/---/resourcegroups/mystorageaccountrg/providers/Microsoft.Storage/storageAccounts/mystorageaccount'. – FiftiN Jan 24 '19 at 09:40
  • yeah, thats just not enough permissions. if you want to store that vhd in your blob in your storage account - that has to be a publicly available blob – 4c74356b41 Jan 24 '19 at 09:45
  • This template not required public access to blob. ARM retrieves access key from source account storage and provide it to ps1 script which uses it to access. Problem with access to account storage from ARM. In settings of Marketplace app I specified group ID with Owner right as Principal. – FiftiN Jan 24 '19 at 09:53
  • this storage account is supposed to be in your subscription tenant. there is no way that works. – 4c74356b41 Jan 24 '19 at 09:58
  • Thank you. As result - blob (image) must have public access to be copied by Marketplace App to other subscription's storage. This is regrettable. – FiftiN Jan 24 '19 at 10:20
  • 1
    well, since this is a public offering (marketplace), doesnt make any difference (kinda). – 4c74356b41 Jan 24 '19 at 10:23
  • Offtop: Can't understand what kind of Managed App can to sell on Azure Marketplace if can't put custom image to it? :) – FiftiN Jan 24 '19 at 10:29
  • 1
    well, there are many ways of looking at that, i personally despise custom images (too much hassle for no gain). my approach is: use basic images and configure them. – 4c74356b41 Jan 24 '19 at 10:37
1

It seems something is wrong with access level to the blob container. Check it please, it should be public, not private. So you should not store any secrets in your image.

Denis Subbotin
  • 46
  • 1
1

This is not allowed in the Marketplace (will fail certification). Any vm images used in a marketplace offer (managed app or solution template) must be published to the Azure Marketplace as a VM offer. It can be hidden (so users don't deploy the image directly) but still needs to be in the marketplace.

bmoore-msft
  • 8,376
  • 20
  • 22
  • Thank you. How (if it possible) I can use images from VM offer in my Managed App published in Marketplace? – FiftiN Jan 25 '19 at 05:52
  • Another question how I can hide VM offer from Marketplace? – FiftiN Jan 25 '19 at 06:44
  • 1
    You have 2 options - one is to use a "private" offer, which means you would whitelist subscriptions to have access to it - the other is to just mark the VM image as hidden when published. Hidden images are still available programmatically, but not in any UX. – bmoore-msft Jan 29 '19 at 00:12
  • Thank you for the answer. I created VM offer and added my VMs to it. Marks them hidden. It works for me. – FiftiN Mar 03 '19 at 17:29
  • This doesn't seem to work for us - hiding the image now makes the Azure App fail – Dave Clarke Sep 20 '19 at 13:31
  • if you want to shoot me an email with your offerId I can take a look... – bmoore-msft Sep 21 '19 at 17:14