Search code examples

Terraform azurerm_virtual_machine_extension

I'm using azurerm_virtual_machine_extension to bootstrap some virtual machines in azure.

All examples i've found show using something similar to:

settings = <<SETTINGS
    "fileUris": [ "}" ],
    "commandToExecute": "bash"

While this works, my issue is i'm having to publicly host script for use with fileUris. Is there an option within settings that will allow me to send local file contents from my terraform folder?

Something like:

settings = <<SETTINGS
    "file": [ ${file("./script.txt")} ],
    "commandToExecute": "bash"



  • Yes We Can!


    In protected_settings, use "script".


    terraform script

    provider "azurerm" {
    resource "azurerm_virtual_machine_extension" "vmext" {
        resource_group_name     = "${var.resource_group_name}"
        location                = "${var.location}"
        name                    = "${var.hostname}-vmext"
        virtual_machine_name = "${var.hostname}"
        publisher            = "Microsoft.Azure.Extensions"
        type                 = "CustomScript"
        type_handler_version = "2.0"
        protected_settings = <<PROT
            "script": "${base64encode(file(var.scfile))}"


    variable resource_group_name {
        type = string
        default = "ORA"
    variable location {
        type = string
        default = "eastus"
    variable hostname {
        type = string
        default = "ora"
    variable scfile{
        type = string
        default = "yum.bash"

    bash script

    mkdir -p ~/download
    cd ~/download
    rpm -ivh epel-release-latest-7.noarch.rpm
    yum -y install cowsay
    cowsay ExaGridDba



    [terraform@terra stackoverflow]$ terraform apply
    An execution plan has been generated and is shown below.
    Resource actions are indicated with the following symbols:
      + create
    Terraform will perform the following actions:
      # azurerm_virtual_machine_extension.vmex0 will be created
      + resource "azurerm_virtual_machine_extension" "vmex0" {
          + id                   = (known after apply)
          + location             = "eastus"
          + name                 = "ora-vmext"
          + protected_settings   = (sensitive value)
          + publisher            = "Microsoft.Azure.Extensions"
          + resource_group_name  = "ORA"
          + tags                 = (known after apply)
          + type                 = "CustomScript"
          + type_handler_version = "2.0"
          + virtual_machine_name = "ora"
    Plan: 1 to add, 0 to change, 0 to destroy.
    Do you want to perform these actions?
      Terraform will perform the actions described above.
      Only 'yes' will be accepted to approve.
      Enter a value: yes
    azurerm_virtual_machine_extension.vmex0: Creating...
    azurerm_virtual_machine_extension.vmex0: Still creating... [10s elapsed]
    azurerm_virtual_machine_extension.vmex0: Still creating... [20s elapsed]
    azurerm_virtual_machine_extension.vmex0: Still creating... [30s elapsed]
    azurerm_virtual_machine_extension.vmex0: Still creating... [40s elapsed]
    azurerm_virtual_machine_extension.vmex0: Still creating... [50s elapsed]
    azurerm_virtual_machine_extension.vmex0: Still creating... [1m0s elapsed]
    azurerm_virtual_machine_extension.vmex0: Still creating... [1m10s elapsed]
    azurerm_virtual_machine_extension.vmex0: Still creating... [1m20s elapsed]
    azurerm_virtual_machine_extension.vmex0: Still creating... [1m30s elapsed]
    azurerm_virtual_machine_extension.vmex0: Still creating... [1m40s elapsed]
    azurerm_virtual_machine_extension.vmex0: Still creating... [1m50s elapsed]
    azurerm_virtual_machine_extension.vmex0: Still creating... [2m0s elapsed]
    azurerm_virtual_machine_extension.vmex0: Creation complete after 2m1s [id=/subscriptions/7fe8a9c3-0812-42e2-9733-3f567308a0d0/resourceGroups/ORA/providers/Microsoft.Compute/virtualMachines/ora/extensions/ora-vmext]
    Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

    stdout on the target

    [root@ora ~]# cat /var/lib/waagent/custom-script/download/0/stdout
    Preparing...                          ########################################
    Updating / installing...
    epel-release-7-12                     ########################################
    Loaded plugins: langpacks, ulninfo
    Resolving Dependencies
    --> Running transaction check
    ---> Package cowsay.noarch 0:3.04-4.el7 will be installed
    --> Finished Dependency Resolution
    Dependencies Resolved
     Package          Arch             Version                 Repository      Size
     cowsay           noarch           3.04-4.el7              epel            42 k
    Transaction Summary
    Install  1 Package
    Total download size: 42 k
    Installed size: 77 k
    Downloading packages:
    Public key for cowsay-3.04-4.el7.noarch.rpm is not installed
    Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : cowsay-3.04-4.el7.noarch                                     1/1
      Verifying  : cowsay-3.04-4.el7.noarch                                     1/1
      cowsay.noarch 0:3.04-4.el7
    < ExaGridDba >
            \   ^__^
             \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||


    1. The script size limit is 262144 bytes base64 encoded, or 196608 bytes.
    2. "#!" determines the interpreter. "#!/bin/python" would start a python script.
    3. These azurerm_virtual_machine_extension parameters are not required:
      • settings
      • fileUris
      • commandToExecute
      • storageAccountName
      • storageAccountKey
    4. protected_settings parameter "script" might not be mentioned in the Terraform documentation. Please refer to Use the Azure Custom Script Extension Version 2 with Linux virtual machines
    5. azurerm_virtual_machine_extension may be used during VM creation, or as a standalone administrative tool.


    In Azure VM, it is possible to run a script without referring to a blob storage account.