How to use Azure VM metadata service to automate post-provisioning metadata configuration in your IaC for VMSS

TL;DR: Find out how to use cloud-init for Linux VMs and Azure Custom Script Extension for Home windows VMs to create a .env file on the VM containing VM metadata from Azure VM metadata service when utilizing Azure VM Scale Units

When utilizing Virtual Machines or Virtual Machine Scale Sets on Azure, it usually turns into extraordinarily helpful to have sure VM metadata accessible to your functions. This sort of metadata (like ID, title, non-public IP, and so forth.) will get normaly generated on the provisioning time, and having an automatic approach for functions to entry these will turn out to be useful.

Azure offers a tremendous service referred to as the Azure VM metadata service, which could be accessed from inside a VM to retrieve a all VM particular data.

 curl -s -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/occasion?api-version=2021-02-01" | jq

Whereas this command is beneficial, integrating it into your Infrastructure as Code (IaC) can automate the method and guarantee scalability.

On this weblog, we’ll discover bundle the VM metadata service name right into a script, retailer the metadata in a file, and incorporate this course of into each Home windows and Linux VMs in a VMSS setup.

Making a Generalized Metadata Retrieval Script

When wanting on the VM metadata service endpoint from Azure, the whole lot apart from the IP seems to be generic. Nonetheless, upon nearer studying of the Azure documentation, it’s talked about that this “magic” IP is similar for all VMs.

“Azure’s occasion metadata service is a RESTful endpoint out there to all IaaS VMs created by way of the brand new Azure Useful resource Supervisor. [..] The [VM metadata service] endpoint is obtainable at a widely known non-routable IP handle (169.254.169.254) that may be accessed solely from throughout the VM.”

This permits us to simply bundle the decision up in a script and output the metadata in our wanted format. For the sake of this weblog, we’ll merely create a file that may comprise the data we’d like.

Let’s proceed with the implementation particulars for each Home windows and Linux VMs. The complete code could be discovered here.

Home windows VMs: Using Azure Customized Script Extension

For Home windows VMs, the Azure Custom Script Extension is a strong device to execute post-provisioning scripts. Inside the script, we are able to use the VM metadata service to retrieve the VM title and retailer it in a file beneath C: referred to as vm-metadata.env.

# vm-metadata.ps1vm-metadata.ps1
$vmName = Invoke-RestMethod -Headers @{"Metadata"="true"} -Methodology GET -Uri "http://169.254.169.254/metadata/occasion/compute/title?api-version=2021-02-01&format=textual content"
"VM_NAME=$vmName" | Out-File -FilePath C:vm-metadata.env -Append

Within the IaC definition, the above script could be handed both by way of an Azure storage account or from GitHub.

useful resource vmss 'Microsoft.Compute/virtualMachineScaleSets@2022-03-01' = {
  title: vmssName
  location: location
  ...
  properties: {
    singlePlacementGroup: null
    platformFaultDomainCount: 1
    virtualMachineProfile: {
      extensionProfile: {
        extensions: [ {
            name: 'CustomScriptExtension'
            properties: {
              publisher: 'Microsoft.Compute'
              type: 'CustomScriptExtension'
              typeHandlerVersion: '1.10'
              settings: {
                commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File vm-metadata.ps1'
                fileUris: [ '<link-to-file>' ]
              }
            }
          } ]
      }
    }
    ...
  }
}

Linux VMs: Harnessing cloud-init

For Linux VMs, leveraging the native cloud-init device simplifies the method.

Word: We may, nonetheless, additionally use the identical Azure Custom Script Extension as we did for Home windows right here. Take a look at the docs for that here.

Amongst many different issues, the [cloud-init] definition permits you to specify a number of instructions within the runcmd part, which ought to run after the preliminary startup. Identical to for the PowerShell script, the VM metadata is known as and the extracted VM title is saved within the vm-metadata.env file.

#cloud-config
runcmd:
  -  vmName=$(curl -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/occasion/compute/title?api-version=2021-02-01&format=textual content") && echo "VM_NAME=${vmName}" >> vm-metadata.env

Much like common VMs, the VMSS permits you to set the customData property when defining your OS profile. It behaves the identical approach because it does for a VM deployment with cloud-init, anticipating the file to be handed as a base64-encoded string.

param cloudInitScript string = loadFileAsBase64('./cloud-init.yaml')

...

useful resource vmss 'Microsoft.Compute/virtualMachineScaleSets@2022-03-01' = {
  title: '${prefix}-vmss'
  location: location
  dependsOn: [
    vmssLB
    vmssNSG
  ]
  sku: {
    title: 'Standard_DS1_v2'
    capability: 1
  }
  properties: {
    singlePlacementGroup: null
    platformFaultDomainCount: 1
    virtualMachineProfile: {
      osProfile: {
        computerNamePrefix: 'vmss'
        adminUsername: 'azureuser'
        adminPassword: adminPassword
        customData: cloudInitScript
      }
      ...

    }
    ...
  }
}

And with that, you know the way to retrieve VM metadata values to your functions from a VM in your VMSS pool in an computerized trend 🙂