Building CBL-Mariner ISO Step-by-Step

This is the process I used to build a CBL-Mariner ISO file.  For those unaware, CBL-Mariner is a Linux distribution created by Microsoft for use in Azure and with edge devices.  This document is heavily sourced from the CBL-Mariner quick start guide.


A Linux distribution with the following tools installed:

  • git
  • make
  • tar
  • wget
  • curl
  • rpm
  • qemu-img
  • golang
  • genisoimage
  • python3
  • bison
  • gawk

For my environment, I’m running Rocky Linux 8.4 (Green Obsidian) in a virtual machine.  Since this is the only purpose for this machine, I’ve only installed the base system.  You can use any *NIX operating system you like as long as it has the above tools available, but I decided to use an RPM-based distribution for ease of use.

Install Rocky Linux 8.4

Rocky Linux 8.4 Installer

As a reference it took me approximately 7 minutes to install Rocky in a VM.  (Just note this for later).

After returning after reboot, I logged in and executed ip addr show to get the local IP Address.

Once I had the IP, I connected with an SSH client (Solar-PuTTY)

Building the ISO

Install Prerequisite Packages

sudo yum -y install git make tar wget curl rpm qemu-img golang genisoimage python3 bison gawk

Clone CBL-Mariner repository

git clone

Change to the repository folder and flag the 1.0-stable version as my checkout.

cd CBL-Mariner
git checkout 1.0-stable

Move to the toolkit folder

cd toolkit

Execute the build command.

sudo make iso REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/full.json

The build command contains a ‘toolchain’ which lists other programs you’ll need for the image and pulls them down.  This is not a small set of downloads – just be aware.

The ISO will be generated and saved in ../out/images/full as full-1.0.yyyyMMdd.hhmm.iso

The sha256 checksum for my ISO is 167433c1d68d5345720a4d0ad7683f0bcf3614a484239bb178b0de4ef16734a0

Copy the ISO file off somewhere so you can grab it.

Double-check the ISO to make sure the hash matches.

You no longer need your Linux VM, so it can be shutdown if you are limited on resources.

Installing CBL-Mariner

Build a VM with an empty hard drive and tell it to boot from your fresh shiny ISO file.  There are some other provisos about secure boot, but in Hyper-V, you just change the Secure Boot Template to "Microsoft UEFI Certificate Authority" and that's all you need.

This is a real time video of my install.

Install time... ... ... 28 seconds. it took me longer to setup the install than it took to install it.

So what can you do in CBL Mariner?

Install PowerShell

sudo yum -y install powershell

Install the openssh-server (so you can SSH to it)

sudo yum -y install openssh-server

sudo systemctl enable sshd && sudo systemctl start sshd

Install the Orion Agent (from the tar.gz file)

Parents Reply
  • Long story short - I don't really know.  It looks like if you hook up the correct repositories, then anything is possible.  I even got Database Performance Analyzer (DPA) running on it, but decided not to write about it because it's not a supported platform - just something I did for fun.

No Data