Azure Linux Virtual Machine

This module creates a Linux Virtual Machine.

Following tags are automatically set with default values: env, stack, os_family, os_distribution, os_version.

This module will also enforce some standard by default:

• Azure Monitor agent extension is deployed
• A backup policy attached to the VM
• Patch management in place with Update Center

Requirements

EncryptionAtHost feature must be enabled for disk security.

$ az feature register --namespace Microsoft.Compute --name EncryptionAtHost

Global versioning rule for Claranet Azure modules

Module version	Terraform version	OpenTofu version	AzureRM version
>= 8.x.x	Unverified	1.8.x	>= 4.0
>= 7.x.x	1.3.x		>= 3.0
>= 6.x.x	1.x		>= 3.0
>= 5.x.x	0.15.x		>= 2.0
>= 4.x.x	0.13.x / 0.14.x		>= 2.0
>= 3.x.x	0.12.x		>= 2.0
>= 2.x.x	0.12.x		< 2.0
< 2.x.x	0.11.x		< 2.0

Contributing

If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.

More details are available in the CONTRIBUTING.md file.

Usage

This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module. More details about variables set by the terraform-wrapper available in the documentation.

⚠️ Since modules version v8.0.0, we do not maintain/check anymore the compatibility with Hashicorp Terraform. Instead, we recommend to use OpenTofu.

resource "azurerm_availability_set" "main" {
  name                = "${var.stack}-${var.client_name}-${module.azure_region.location_short}-${var.environment}-as"
  location            = module.azure_region.location
  resource_group_name = module.rg.name
  managed             = true
}

module "vm" {
  source  = "claranet/linux-vm/azurerm"
  version = "x.x.x"

  location            = module.azure_region.location
  location_short      = module.azure_region.location_short
  client_name         = var.client_name
  environment         = var.environment
  stack               = var.stack
  resource_group_name = module.rg.name

  subnet         = module.subnet
  vm_size        = "Standard_B2als_v2"
  admin_username = var.vm_administrator_login
  ssh_public_key = var.ssh_public_key

  diagnostics_storage_account_name = module.run.logs_storage_account_name
  azure_monitor_data_collection_rule = {
    id = module.run.data_collection_rule_id
  }

  # Set to null to deactivate backup
  backup_policy = {
    id = module.run.vm_backup_policy_id
  }

  patch_mode                     = "AutomaticByPlatform"
  maintenance_configurations_ids = [module.run.maintenance_configurations["Donald"].id, module.run.maintenance_configurations["Hammer"].id]

  availability_set = azurerm_availability_set.main
  # or use Availability Zone
  # zone_id = 1

  vm_image = {
    publisher = "Canonical"
    offer     = "ubuntu-24_04-lts"
    sku       = "server"
    version   = "latest"
  }

  # The feature must be activated upstream:
  # az feature register --namespace Microsoft.Compute --name EncryptionAtHost --subscription <subscription_id_or_name>
  encryption_at_host_enabled = true

  storage_data_disk_config = {
    appli_data_disk = {
      name                 = "appli_data_disk"
      disk_size_gb         = 512
      lun                  = 0
      storage_account_type = "Standard_LRS"
      extra_tags = {
        some_data_disk_tag = "some_data_disk_tag_value"
      }
    }
    logs_disk = {
      # Used to define Logical Unit Number (LUN) parameter
      lun          = 10
      disk_size_gb = 64
      caching      = "ReadWrite"
      extra_tags = {
        some_data_disk_tag = "some_data_disk_tag_value"
      }
    }
  }
}

Providers

Name	Version
azapi	~> 2.0
azurecaf	>= 1.2.28
azurerm	~> 4.31

Modules

Name	Source	Version
azure_region	claranet/regions/azurerm	>= 7.2.0

Resources

Name	Type
azapi_resource_action.main	resource
azurerm_backup_protected_vm.main	resource
azurerm_linux_virtual_machine.main	resource
azurerm_maintenance_assignment_virtual_machine.main	resource
azurerm_managed_disk.main	resource
azurerm_monitor_data_collection_rule_association.main	resource
azurerm_network_interface.main	resource
azurerm_network_interface_application_gateway_backend_address_pool_association.main	resource
azurerm_network_interface_backend_address_pool_association.main	resource
azurerm_public_ip.main	resource
azurerm_role_assignment.rbac_admin_login	resource
azurerm_role_assignment.rbac_user_login	resource
azurerm_virtual_machine_data_disk_attachment.main	resource
azurerm_virtual_machine_extension.azure_monitor_agent	resource
azurerm_virtual_machine_extension.entra_ssh_login	resource
azurecaf_name.disk	data source
azurecaf_name.nic	data source
azurecaf_name.pub_ip	data source
azurecaf_name.vm	data source
azurerm_managed_disk.vm_os_disk	data source
azurerm_public_ip.public_ip	data source

Inputs

Name	Description	Type	Default	Required
admin_password	Password for the administrator account of the Virtual Machine.	string	null	no
admin_username	Username for Virtual Machine administrator account.	string	n/a	yes
application_gateway_attachment	ID of the Application Gateway Backend Pool to attach the Virtual Machine to.	object({ id = string })	null	no
availability_set	ID of the availability set in which host the Virtual Machine.	object({ id = string })	null	no
azure_monitor_agent_auto_upgrade_enabled	Automatically update agent when publisher releases a new version of the agent.	bool	false	no
azure_monitor_agent_version	Azure Monitor Agent extension version	string	"1.21"	no
azure_monitor_data_collection_rule	Data Collection Rule ID from Azure Monitor for metrics and logs collection. Used with new monitoring agent, set to null to disable.	object({ id = string })	n/a	yes
backup_policy	Backup policy parameters from the Recovery Vault to attach the Virtual Machine to (value to null to disable backup).	object({ id = string exclude_disk_luns = optional(list(number), []) })	n/a	yes
client_name	Client name/account used in naming.	string	n/a	yes
computer_name	Custom name for the Virtual Machine Hostname. vm_name if not set.	string	""	no
custom_data	The Base64-Encoded Custom Data which should be used for this Virtual Machine. Changing this forces a new resource to be created.	string	null	no
custom_dns_label	The DNS label to use for public access. Virtual Machine name if not set. DNS will be <label>.<region>.cloudapp.azure.com.	string	""	no
custom_name	Custom name for the Virtual Machine. Generated if not set.	string	""	no
custom_public_ip_address	Public IP to attach to the Virtual Machine. if not provided, a new Public IP will be created.	object({ id = string })	null	no
dcr_custom_name	Custom name for Data collection rule association.	string	null	no
default_tags_enabled	Option to enable or disable default tags.	bool	true	no
diagnostics_storage_account_name	Name of the Storage Account in which store boot diagnostics.	string	n/a	yes
disable_password_authentication	Option to disable or enable password authentication if admin password is not set.	bool	true	no
disk_controller_type	Specifies the Disk Controller Type used for this Virtual Machine. Possible values are SCSI and NVMe.	string	null	no
disk_encryption_set_id	ID of the disk encryption set to use to encrypt VM disks.	string	null	no
dns_servers	A list of IP Addresses defining the DNS Servers which should be used for this Network Interface.	list(string)	null	no
encryption_at_host_enabled	Should all disks (including the temporary disk) attached to the Virtual Machine be encrypted by enabling Encryption at Host? List of compatible Virtual Machine sizes.	bool	true	no
entra_ssh_login_admin_objects_ids	Entra ID (aka AAD) objects IDs allowed to connect as administrator on the Virtual Machine.	list(string)	[]	no
entra_ssh_login_enabled	Enable SSH logins with Entra ID (aka AAD).	bool	false	no
entra_ssh_login_extension_version	Virtual Machine extension version for Entra ID (aka AAD) SSH Login extension.	string	"1.0"	no
entra_ssh_login_user_objects_ids	Entra ID (aka AAD) objects IDs allowed to connect as standard user on the Virtual Machine.	list(string)	[]	no
environment	Project environment.	string	n/a	yes
extensions_extra_tags	Extra tags to set on the VM extensions.	map(string)	{}	no
extra_tags	Extra tags to set on each created resource.	map(string)	{}	no
identity	Map with identity block informations as described here.	object({ type = string identity_ids = list(string) })	{ "identity_ids": [], "type": "SystemAssigned" }	no
ip_configuration_custom_name	Custom name for the IP config of the NIC. Generated if not set.	string	null	no
load_balancer_attachment	ID of the Load Balancer Backend Pool to attach the Virtual Machine to.	object({ id = string })	null	no
location	Azure location.	string	n/a	yes
location_short	Short string for Azure location.	string	n/a	yes
maintenance_configurations_ids	List of maintenance configurations to attach to this VM.	list(string)	[]	no
monitoring_agent_enabled	true to use and deploy the Azure Monitor Agent.	bool	true	no
name_prefix	Optional prefix for the generated name.	string	""	no
name_suffix	Optional suffix for the generated name.	string	""	no
nic_accelerated_networking_enabled	Should Accelerated Networking be enabled?	bool	true	no
nic_custom_name	Custom name for the NIC interface. Generated if not set.	string	null	no
nic_extra_tags	Extra tags to set on the network interface.	map(string)	{}	no
nic_ip_forwarding_enabled	Whether IP Forwarding is enabled on the Network Interface.	bool	false	no
os_disk_caching	Specifies the caching requirements for the OS Disk.	string	"ReadWrite"	no
os_disk_custom_name	Custom name for OS disk. Generated if not set.	string	null	no
os_disk_extra_tags	Extra tags to set on the OS disk.	map(string)	{}	no
os_disk_size_gb	Specifies the size of the OS disk in gigabytes.	string	null	no
os_disk_storage_account_type	The Type of Storage Account which should back this the Internal OS Disk. Possible values are Standard_LRS, StandardSSD_LRS, Premium_LRS, StandardSSD_ZRS and Premium_ZRS.	string	"Premium_ZRS"	no
os_disk_tagging_enabled	Should OS disk tagging be enabled? Defaults to true.	bool	true	no
patch_mode	Specifies the mode of in-guest patching to this Linux Virtual Machine. Possible values are AutomaticByPlatform and ImageDefault. Compatibility list is available here.	string	"AutomaticByPlatform"	no
patching_reboot_setting	Specifies the reboot setting for platform scheduled patching. Possible values are Always, IfRequired and Never.	string	"IfRequired"	no
public_ip_custom_name	Custom name for Public IP. Generated if not set.	string	null	no
public_ip_enabled	Should a Public IP be attached to the Virtual Machine?	bool	false	no
public_ip_extra_tags	Extra tags to set on the public IP resource.	map(string)	{}	no
public_ip_zones	Zones for public IP attached to the Virtual Machine. Can be null if no zone distpatch.	list(number)	[ 1, 2, 3 ]	no
resource_group_name	Resource group name.	string	n/a	yes
secure_boot_enabled	Specifies if Secure Boot is enabled for the Virtual Machine. Defaults to true. Changing this forces a new resource to be created.	bool	true	no
spot_instance_enabled	true to deploy Virtual Machine as a Spot Instance.	bool	false	no
spot_instance_eviction_policy	Specifies what should happen when the Virtual Machine is evicted for price reasons when using a Spot instance. At this time the only supported value is Deallocate. Changing this forces a new resource to be created.	string	"Deallocate"	no
spot_instance_max_bid_price	The maximum price you're willing to pay for this Virtual Machine in US Dollars; must be greater than the current spot price. -1 If you don't want the Virtual Machine to be evicted for price reasons.	number	-1	no
ssh_private_key	SSH private key.	string	null	no
ssh_public_key	SSH public key.	string	null	no
stack	Project stack name.	string	n/a	yes
static_private_ip	Static private IP. Private IP is dynamic if not set.	string	null	no
storage_data_disk_config	Map of objects to configure storage data disk(s).	map(object({ name = optional(string) create_option = optional(string, "Empty") disk_iops_read_only = optional(number) disk_mbps_read_only = optional(number) disk_iops_read_write = optional(number) disk_mbps_read_write = optional(number) disk_size_gb = number lun = optional(number) caching = optional(string, "ReadWrite") storage_account_type = optional(string, "StandardSSD_ZRS") source_resource_id = optional(string) extra_tags = optional(map(string), {}) }))	{}	no
subnet	ID of the Subnet where the Virtual Machine is created.	object({ id = string })	n/a	yes
ultra_ssd_enabled	Specifies whether Ultra Disks is enabled (UltraSSD_LRS storage type for data disks).	bool	null	no
user_data	The Base64-Encoded User Data which should be used for this Virtual Machine.	string	null	no
vm_image	Virtual Machine source image information. See https://www.terraform.io/docs/providers/azurerm/r/virtual_machine.html#storage_image_reference. This variable cannot be used if vm_image_id is already defined.	object({ publisher = string offer = string sku = string version = optional(string, "latest") })	{ "offer": "Ubuntu", "publisher": "Canonical", "sku": "22_04-lts", "version": "latest" }	no
vm_image_id	The ID of the image which this Virtual Machine should be created from. This variable supersedes the vm_image variable if not null.	string	null	no
vm_plan	Virtual Machine plan image information. See [documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine#plan. This variable has to be used for BYOS image. Before using BYOS image, you need to accept legal plan terms.	object({ name = string product = string publisher = string })	null	no
vm_size	Size (SKU) of the Virtual Machine to create.	string	n/a	yes
vtpm_enabled	Specifies if vTPM (virtual Trusted Platform Module) and Trusted Launch is enabled for the Virtual Machine. Defaults to true. Changing this forces a new resource to be created.	bool	true	no
zone_id	Index of the Availability Zone which the Virtual Machine should be allocated in.	number	null	no

Outputs

Name	Description
admin_password	Virtual Machine admin password.
admin_ssh_private_key	Virtual Machine admin SSH private key.
admin_ssh_public_key	Virtual Machine admin SSH public key.
admin_username	Virtual Machine admin username.
hostname	Hostname of the Virtual Machine.
id	ID of the Virtual Machine.
identity_principal_id	Linux Virtual Machine system identity principal ID.
ip_address_id	Public IP ID of the Virtual Machine.
name	Name of the Virtual Machine.
nic_id	ID of the Network Interface Configuration attached to the Virtual Machine.
nic_ip_configuration_name	Name of the IP Configuration for the Network Interface Configuration attached to the Virtual Machine.
nic_name	Name of the Network Interface Configuration attached to the Virtual Machine.
private_ip_address	Private IP address of the Virtual Machine.
public_domain_name_label	Public DNS of the Virtual Machine.
public_ip_address	Public IP address of the Virtual Machine.
resource	Linux Virtual Machine resource object.
resource_maintenance_configuration_assignment	Maintenance configuration assignment resource object.
resource_os_disk	Virtual Machine OS disk resource object.
resource_public_ip	VM Public IP resource object.
terraform_module	Information about this Terraform module

Related documentation

Microsoft Azure documentation: docs.microsoft.com/en-us/azure/virtual-machines/linux/