cloudfoundry · s4heid · Feb 6, 2025 · Feb 13, 2025 · Feb 18, 2025 · Mar 5, 2025
diff --git a/ci/assets/terraform/integration/template.tf b/ci/assets/terraform/integration/template.tf
@@ -339,6 +339,17 @@ resource "azurerm_public_ip" "azure_ip_integration_in_additional_rg" {
   allocation_method   = "Static"
 }
 
+resource "azurerm_shared_image_gallery" "compute_gallery" {
+  name                = replace(var.env_name, "-", "")
+  resource_group_name = azurerm_resource_group.azure_default_rg.name
+  location            = var.location
+  description         = "Shared Image Gallery for Integration Tests"
+}
+
+output "compute_gallery_name" {
+  value = azurerm_shared_image_gallery.compute_gallery.name
+}
+
 output "environment" {
   value = var.azure_environment
 }

diff --git a/ci/tasks/run-integration.sh b/ci/tasks/run-integration.sh
@@ -35,6 +35,7 @@ export BOSH_AZURE_APPLICATION_SECURITY_GROUP=$(echo ${metadata} | jq -e --raw-ou
 export BOSH_AZURE_APPLICATION_GATEWAY_NAME=$(echo ${metadata} | jq -e --raw-output ".application_gateway_name")
 export BOSH_AZURE_DEFAULT_USER_ASSIGNED_IDENTITY_NAME=$(echo ${metadata} | jq -e --raw-output ".default_user_assigned_identity_name")
 export BOSH_AZURE_USER_ASSIGNED_IDENTITY_NAME=$(echo ${metadata} | jq -e --raw-output ".user_assigned_identity_name")
+export BOSH_AZURE_COMPUTE_GALLERY_NAME=$(echo ${metadata} | jq -e --raw-output ".compute_gallery_name")
 export BOSH_AZURE_SSH_PUBLIC_KEY=${SSH_PUBLIC_KEY}
 
 export BOSH_AZURE_STEMCELL_PATH=$(realpath stemcell/*.tgz)

diff --git a/jobs/azure_cpi/spec b/jobs/azure_cpi/spec
@@ -101,6 +101,11 @@ properties:
       -----BEGIN CERTIFICATE-----
       MII...
       -----END CERTIFICATE-----
+  azure.compute_gallery_name:
+    description: The name of the Compute Gallery to use for creating VMs
+  azure.compute_gallery_replicas:
+    description: The number of replicas to use for Compute Gallery images
+    default: 3
 
   ntp:
     description: List of ntp server IPs. pool.ntp.org attempts to return IPs closest to your location, but you can still specify if needed.

diff --git a/jobs/azure_cpi/templates/cpi.json.erb b/jobs/azure_cpi/templates/cpi.json.erb
@@ -100,6 +100,13 @@
   end.else_if_p('nats') do
     params['cloud']['properties']['agent']['mbus'] = "nats://#{p('nats.user')}:#{p('nats.password')}@#{p(['agent.nats.address', 'nats.address'])}:#{p('nats.port')}"
   end
-
+
+  if_p('azure.compute_gallery_name') do |gallery|
+    params['cloud']['properties']['azure']['compute_gallery_name'] = gallery
+    if_p('azure.compute_gallery_replicas') do |replicas|
+      params['cloud']['properties']['azure']['compute_gallery_replicas'] = replicas
+    end
+  end
+
   JSON.dump(params)
 %>
diff --git a/src/bosh_azure_cpi/lib/cloud/azure/cloud.rb b/src/bosh_azure_cpi/lib/cloud/azure/cloud.rb
@@ -36,6 +36,8 @@ def initialize(options, api_version = 1)
 
       @use_managed_disks = _azure_config.use_managed_disks
 
+      @use_compute_gallery = !_azure_config.compute_gallery_name.nil?
+
       _init_cpi_lock_dir
 
       @props_factory = Bosh::AzureCloud::PropsFactory.new(@config)
@@ -82,7 +84,7 @@ def create_stemcell(image_path, cloud_properties)
         @telemetry_manager.monitor('create_stemcell', extras: extras) do
           if has_light_stemcell_property?(cloud_properties)
             @light_stemcell_manager.create_stemcell(cloud_properties)
-          elsif @use_managed_disks
+          elsif @use_compute_gallery || @use_managed_disks
             @stemcell_manager2.create_stemcell(image_path, cloud_properties)
           else
             @stemcell_manager.create_stemcell(image_path, cloud_properties)
@@ -108,7 +110,7 @@ def delete_stemcell(stemcell_cid)
         @telemetry_manager.monitor('delete_stemcell', id: stemcell_cid) do
           if is_light_stemcell_cid?(stemcell_cid)
             @light_stemcell_manager.delete_stemcell(stemcell_cid)
-          elsif @use_managed_disks
+          elsif @use_compute_gallery || @use_managed_disks
             @stemcell_manager2.delete_stemcell(stemcell_cid)
           else
             @stemcell_manager.delete_stemcell(stemcell_cid)
@@ -839,7 +841,7 @@ def _init_azure
 
       @stemcell_manager        = Bosh::AzureCloud::StemcellManager.new(@blob_manager, @meta_store, @storage_account_manager)
       @disk_manager2           = Bosh::AzureCloud::DiskManager2.new(@azure_client)
-      @stemcell_manager2       = Bosh::AzureCloud::StemcellManager2.new(@blob_manager, @meta_store, @storage_account_manager, @azure_client)
+      @stemcell_manager2       = Bosh::AzureCloud::StemcellManager2.new(_azure_config, @blob_manager, @meta_store, @storage_account_manager, @azure_client)
       @light_stemcell_manager  = Bosh::AzureCloud::LightStemcellManager.new(@blob_manager, @storage_account_manager, @azure_client)
       @vm_manager              = Bosh::AzureCloud::VMManager.new(_azure_config, @disk_manager, @disk_manager2, @azure_client, @storage_account_manager, @stemcell_manager, @stemcell_manager2, @light_stemcell_manager)
       @instance_type_mapper    = Bosh::AzureCloud::InstanceTypeMapper.new

diff --git a/src/bosh_azure_cpi/lib/cloud/azure/models/config.rb b/src/bosh_azure_cpi/lib/cloud/azure/models/config.rb
@@ -77,6 +77,8 @@ class AzureConfig
     attr_reader :ssh_user, :ssh_public_key
     attr_reader :stemcell_api_version
     attr_reader :use_default_account_for_cleaning
+    attr_reader :compute_gallery_name
+    attr_reader :compute_gallery_replicas
 
     def initialize(azure_config_hash)
       @environment = azure_config_hash['environment']
@@ -126,6 +128,10 @@ def initialize(azure_config_hash)
       # https://github.com/cloudfoundry/bosh/blob/v268.5.0/src/bosh-director/lib/cloud/external_cpi.rb#L86
       @stemcell_api_version = azure_config_hash.key?('vm') ? azure_config_hash['vm']['stemcell']['api_version'] : 2
       raise "Stemcell must support api version 2 or higher" if @stemcell_api_version < 2
+
+      @compute_gallery_name = azure_config_hash['compute_gallery_name']
+      # Azure suggests 1:20 ratio for replicas to vms, but at least 3 replicas are recommended for productions images
+      @compute_gallery_replicas = azure_config_hash.fetch('compute_gallery_replicas', 3)
     end
 
     def managed_identity_enabled?

diff --git a/src/bosh_azure_cpi/lib/cloud/azure/restapi/azure_client.rb b/src/bosh_azure_cpi/lib/cloud/azure/restapi/azure_client.rb
@@ -84,6 +84,7 @@ class AzureClient
     REST_API_AVAILABILITY_SETS           = 'availabilitySets'
     REST_API_DISKS                       = 'disks'
     REST_API_DISK_ENCRYPTION_SETS        = 'diskEncryptionSets'
+    REST_API_GALLERIES                   = 'galleries'
     REST_API_IMAGES                      = 'images'
     REST_API_SNAPSHOTS                   = 'snapshots'
     REST_API_VM_IMAGE                    = 'vmimage'
@@ -2073,6 +2074,147 @@ def get_max_fault_domains_for_location(location)
       sku_for_location['capabilities'].find { |capability| capability['name'] == 'MaximumPlatformFaultDomainCount' }['value'].to_i
     end
 
+    # Create or Update a Compute Gallery Image Definition
+    #
+    # @param [String] gallery_name - Name of gallery.
+    # @param [String] image_definition - Name of gallery image.
+    # @param [Hash] params - Parameters for creating the gallery image definition.
+    # ==== Params
+    # Required key/value pairs are:
+    # * +:location+ - String. The location where the gallery image definition will be created.
+    # * +:publisher+ - String. The publisher of the image definition.
+    # * +:offer+ - String. The offer of the image definition.
+    # * +:sku+ - String. The sku of the image definition.
+    # * +:osType+ - String. The osType of the image definition.
+    # Optional key/value pairs are:
+    # * +:tags+ - Hash. The tags of the gallery image definition.
+    # * +:hyperVGeneration+ - String. The hyperVGeneration of the image definition.
+    #
+    # @See https://learn.microsoft.com/en-us/rest/api/compute/gallery-images/create-or-update?view=rest-compute-2024-07-01&tabs=HTTP
+    #
+    def create_gallery_image_definition(gallery_name, image_definition, params)
+      url = rest_api_url(REST_API_PROVIDER_COMPUTE, REST_API_GALLERIES, name: gallery_name) + "/#{REST_API_IMAGES}/#{image_definition}"
+
+      required_params = %w(location publisher offer sku osType)
+      required_params.each do |param|
+        raise ArgumentError, "Missing required parameter '#{param}'" unless params.key?(param)
+      end
+
+      image_definition_params = {
+        'location' => params['location'],
+        'tags' => params['tags'],
+        'properties' => {
+          'identifier' => {
+            'publisher' => params['publisher'],
+            'offer' => params['offer'],
+            'sku' => params['sku'],
+          },
+          'osState' => 'Generalized',
+          'osType' => params['osType'],
+          'hyperVGeneration' => params.fetch('hyperVGeneration', 'V1')
+        }
+      }.compact
+      image_definition_params['properties'].compact!
+
+      @logger.debug("Creating / updating new gallery image definition: '#{url}' with params: #{image_definition_params}")
+      http_put(url, image_definition_params, { 'api-version' => '2024-03-03' })
+    end
+
+    # Create or Update a Compute Gallery Image Version
+    #
+    # @param [String] gallery_name - Name of gallery.
+    # @param [String] image_definition - Name of gallery image.
+    # @param [String] version - Name of gallery image version.
+    # @param [Hash] params - Parameters for creating the gallery image version.
+    # ==== Params
+    # Required key/value pairs are:
+    # * +:location+             - String. The location where the gallery image version will be created.
+    # * +:blob_uri+             - String. The blob uri of the image version.
+    # * +:storage_account_name+ - String. The storage account name of the image version.
+    # * +:image_id+             - String. The image id of the image version.
+    # Optional key/value pairs are:
+    # * +:tags+ - Hash. The tags of the gallery image version.
+    #
+    # @See https://learn.microsoft.com/en-us/rest/api/compute/gallery-image-versions/create-or-update?view=rest-compute-2024-11-04&tabs=HTTP
+    #
+    def create_gallery_image_version(gallery_name, image_definition, version, params)
+      url = rest_api_url(REST_API_PROVIDER_COMPUTE, REST_API_GALLERIES, name: gallery_name) + "/#{REST_API_IMAGES}/#{image_definition}/versions/#{version}"
+
+      raise ArgumentError, "Missing required parameter 'location'" unless params.key?('location')
+
+      profile = {}
+      if params.key?('blob_uri') && params.key?('storage_account_name')
+        profile['osDiskImage'] = {
+          'source' => {
+              'id' => rest_api_url(REST_API_PROVIDER_STORAGE, 'storageAccounts', name: params['storage_account_name']),
+              'uri' => params['blob_uri']
+          }
+        }
+      end
+
+      replica_count = params['replica_count'] || 1
+      target_regions = (params['target_regions'] || [params['location']]).map { |r| { 'name' => r } }
+      image_version_params = {
+        'location' => params['location'],
+        'tags' => params['tags'],
+        'properties' => {
+          'publishingProfile' => {
+            'replicaCount' => replica_count,
+            'targetRegions' => target_regions
+          },
+          'storageProfile' => profile,
+        },
+      }.compact
+
+      @logger.debug("Creating / updating new gallery image version: '#{url}' with params: #{image_version_params}")
+      response = http_put(url, image_version_params, { 'api-version' => '2024-03-03' })
+      result = JSON.parse(response.body, symbolize_keys: false) unless response.body.nil? || response.body == ''
+
+      parse_gallery_image(result)
+    end
+
+    # Delete a gallery image version
+    #
+    # @param [String] gallery_name - Name of gallery.
+    # @param [String] image_definition - Name of gallery image.
+    # @param [String] version - Name of gallery image version.
+    # @return [Boolean]
+    # @raise [AzureError] if the operation fails
+    #
+    # @See https://learn.microsoft.com/en-us/rest/api/compute/gallery-image-versions/delete?view=rest-compute-2024-07-01&tabs=HTTP
+    #
+    def delete_gallery_image_version(gallery_name, image_definition, version)
+      url = rest_api_url(REST_API_PROVIDER_COMPUTE, REST_API_GALLERIES, name: gallery_name) + "/#{REST_API_IMAGES}/#{image_definition}/versions/#{version}"
+
+      @logger.debug("Deleting gallery image version '#{version}' in the gallery image '#{image_definition}' of the gallery '#{gallery_name}'")
+      http_delete(url)
+    end
+
+    # Get a gallery image version by searching for matching tags
+    #
+    # @param [String] gallery_name - Name of gallery.
+    # @param [Hash] tags - Tags to match against gallery image version tags.
+    # @return [Hash] The gallery image version that matches the tags
+    #
+    # @See https://learn.microsoft.com/en-us/rest/api/resources/resources/list
+    #
+    def get_gallery_image_version_by_tags(gallery_name, tags)
+      @logger.debug("Searching in gallery '#{gallery_name}' for images with tags: #{tags}")
+      return nil if gallery_name.nil? || gallery_name.empty?
+
+      tag_filters = tags.map { |key, value| "tagName eq '#{key}' and tagValue eq '#{value}'" }.join(' and ')
+      url = "/subscriptions/#{@azure_config.subscription_id}/resourceGroups/#{@azure_config.resource_group_name}/resources"
+      result = get_resource_by_id(url, {'$filter' => tag_filters})
+      return nil if result.nil? || result['value'].nil?
+
+      result['value'].each do |resource|
+        next if resource['type'] != "#{REST_API_PROVIDER_COMPUTE}/#{REST_API_GALLERIES}/#{REST_API_IMAGES}/versions"
+        # As the resource does not contain the targetRegion, we need to do one more request to get the full resource
+        image_version = get_resource_by_id(resource['id'])
+        return parse_gallery_image(image_version)
+      end
+    end
+
     private
 
     # @return [Hash]
@@ -2150,6 +2292,27 @@ def parse_platform_image(result)
       image
     end
 
+    # @return [Hash, nil]
+    def parse_gallery_image(result)
+      image = nil
+      unless result.nil?
+        image = {}
+        image[:id] = result['id']
+        if result['id']&.include?('/images/')
+          image[:gallery_name] = result['id'].split('/galleries/').last.split('/images/').first
+          image[:image_definition] = result['id'].split('/images/').last.split('/versions/').first
+        end
+        image[:name]          = result['name']
+        image[:location]      = result['location']
+        image[:tags]          = result['tags']
+        image[:replica_count] = result.dig('properties', 'publishingProfile', 'replicaCount')
+
+        targetRegions = result.dig('properties', 'publishingProfile', 'targetRegions')
+        image[:target_regions] = targetRegions.map { |h| h['name'] } unless targetRegions.nil?
+      end
+      image
+    end
+
     # @return [Hash, nil]
     def parse_network_interface(result, recursive: true)
       interface = nil
@@ -2454,6 +2617,8 @@ def http_url(url, params = {})
                                 AZURE_RESOURCE_PROVIDER_COMPUTE_DISK
                               elsif url.include?(REST_API_SNAPSHOTS)
                                 AZURE_RESOURCE_PROVIDER_COMPUTE_SNAPSHOT
+                              elsif url.include?(REST_API_GALLERIES)
+                                AZURE_RESOURCE_PROVIDER_COMPUTE_GALLERY
                               else
                                 AZURE_RESOURCE_PROVIDER_COMPUTE
                               end