Use cloud-init to update and install packages in a Linux VM in Azure

This article shows you how to use cloud-init to update packages on a Linux virtual machine (VM) or virtual machine scale sets (VMSS) at provisioning time in Azure. These cloud-init scripts run on first boot once the resources have been provisioned by Azure. For more information about how cloud-init works natively in Azure and the supported Linux distros, see cloud-init overview

Update a VM with cloud-init

For security purposes, you may want to configure a VM to apply the latest updates on first boot. As cloud-init works across different Linux distros, there is no need to specify apt or yum for the package manager. Instead, you define package_upgrade and let the cloud-init process determine the appropriate mechanism for the distro in use. This workflow allows you to use the same cloud-init scripts across distros.

To see upgrade process in action, create a file in your current shell named cloud_init_upgrade.txt and paste the following configuration. For this example, create the file in the Cloud Shell not on your local machine. You can use any editor you wish. Enter sensible-editor cloud_init_upgrade.txt to create the file and see a list of available editors. Choose #1 to use the nano editor. Make sure that the whole cloud-init file is copied correctly, especially the first line.

#cloud-config
package_upgrade: true
packages:
- httpd

Before deploying this image, you need to create a resource group with the az group create command. An Azure resource group is a logical container into which Azure resources are deployed and managed. The following example creates a resource group named myResourceGroup in the eastus location.

az group create --name myResourceGroup --location eastus

Now, create a VM with az vm create and specify the cloud-init file with --custom-data cloud_init_upgrade.txt as follows:

az vm create \
  --resource-group myResourceGroup \
  --name centos74 \
  --image OpenLogic:CentOS:7-CI:latest \
  --custom-data cloud_init_upgrade.txt \
  --generate-ssh-keys 

SSH to the public IP address of your VM shown in the output from the preceding command. Enter your own publicIpAddress as follows:

ssh <publicIpAddress>

Run the package management tool and check for updates.

sudo yum update

As cloud-init checked for and installed updates on boot, there should be no additional updates to apply. You see the update process, number of altered packages as well as the installation of httpd by running yum history and review the output similar to the one below.

Loaded plugins: fastestmirror, langpacks
ID     | Command line             | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
     3 | -t -y install httpd      | 2018-04-20 22:42 | Install        |    5
     2 | -t -y upgrade            | 2018-04-20 22:38 | I, U           |   65
     1 |                          | 2017-12-12 20:32 | Install        |  522

Next steps

For additional cloud-init examples of configuration changes, see the following: