This is the process I used to build a CBL-Mariner ISO file. For those unaware, CBL-Mariner is a Linux distribution created by Microsoft for use in Azure and with edge devices. This document is heavily sourced from the CBL-Mariner quick start guide.
Prerequisites:
A Linux distribution with the following tools installed:
- git
- make
- tar
- wget
- curl
- rpm
- qemu-img
- golang
- genisoimage
- python3
- bison
- gawk
For my environment, I’m running Rocky Linux 8.4 (Green Obsidian) in a virtual machine. Since this is the only purpose for this machine, I’ve only installed the base system. You can use any *NIX operating system you like as long as it has the above tools available, but I decided to use an RPM-based distribution for ease of use.
Install Rocky Linux 8.4
As a reference it took me approximately 7 minutes to install Rocky in a VM. (Just note this for later).
After returning after reboot, I logged in and executed ip addr show to get the local IP Address.
Once I had the IP, I connected with an SSH client (Solar-PuTTY)
Building the ISO
Install Prerequisite Packages
sudo yum -y install git make tar wget curl rpm qemu-img golang genisoimage python3 bison gawk
Clone CBL-Mariner repository
git clone https://github.com/microsoft/CBL-Mariner.git
Change to the repository folder and flag the 1.0-stable version as my checkout.
cd CBL-Mariner git checkout 1.0-stable
Move to the toolkit folder
cd toolkit
Execute the build command.
sudo make iso REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/full.json
The build command contains a ‘toolchain’ which lists other programs you’ll need for the image and pulls them down. This is not a small set of downloads – just be aware.
The ISO will be generated and saved in ../out/images/full as full-1.0.yyyyMMdd.hhmm.iso
The sha256 checksum for my ISO is 167433c1d68d5345720a4d0ad7683f0bcf3614a484239bb178b0de4ef16734a0
Copy the ISO file off somewhere so you can grab it.
Double-check the ISO to make sure the hash matches.
You no longer need your Linux VM, so it can be shutdown if you are limited on resources.
Installing CBL-Mariner
Build a VM with an empty hard drive and tell it to boot from your fresh shiny ISO file. There are some other provisos about secure boot, but in Hyper-V, you just change the Secure Boot Template to "Microsoft UEFI Certificate Authority" and that's all you need.
This is a real time video of my install.
Install time... ... ... 28 seconds. it took me longer to setup the install than it took to install it.
So what can you do in CBL Mariner?
Install PowerShell
sudo yum -y install powershell
Install the openssh-server (so you can SSH to it)
sudo yum -y install openssh-server
sudo systemctl enable sshd && sudo systemctl start sshd
Install the Orion Agent (from the tar.gz file)
