which to choose in Azure VM terraform - custom data, VM extension resource or provisioner to install packages and softwares via commands

Question

I want to provision a Azure VM (Windows) in terraform, with a package installation of python, pip, java JDK, and more with IIS software deployment. All this installation should be done by commands or scripts. these scripts should work with a config file where I can give variable or parameters for PowerShell arguments, config file is in repository.

After some research I got 3 ways to move ahead with my provisioning.

1. Custom data attribute in VM resource block.
2. Azure VM extension resource block.(Custom Script)
3. Provisioner block in VM resource. I want to choose one of these, but I am confused which will be better for my situation to handle error, exceptions and complete installation.

Choosing parameters:

1. Error handling (logs generation to debug)
2. Successful installation with config file
3. secure data in script file. Can someone suggest me what should I use and how, which will be more suitable??

Answer 1

which to choose in Azure VM terraform - custom data, VM extension resource or provisioner to install packages and softwares via commands

To install Python, pip, and Java JDK on the VM, you can run a script using the CustomScriptExtension extension. To deploy software to IIS, you can use the WebDeployExtension extension.

Save the PowerShell script to an Azure blob and copy its URL. Then, paste the URL in the fileUris section.

Here is the PowerShell Script to install Python, pip, and Java JDK on the VM.

Script.ps1

    New-Item -Type Directory -Path 'c:\' -Name Java
    # JDK Instalation
    
   invoke-webrequest -uri 'https://download.oracle.com/java/21/latest/jdk-21_windows-x64_bin.msi' -OutFile 'C:\Java\jdk-21_windows-x64_bin.msi' 
    Start-Process -FilePath 'c:\Java\jdk-21_windows-x64_bin.msi' /qn -Wait
    # Python
    
    Invoke-WebRequest -Uri "https://www.python.org/ftp/python/3.7.0/python-3.7.0.exe" -OutFile "C:\Java\python-3.7.0.exe"
    
    c:/Java/python-3.7.0.exe /qn -Wait
    # Install pip (included with Python)
    
    python -m ensurepip
    # Install IIS
    
    Install-WindowsFeature -Name Web-Server -IncludeManagementTools

Terraform Script

    provider "azurerm" {
      features {}
    }
    
    resource "azurerm_resource_group" "example" {
      name     = "windows-resources"
      location = "East US"
    }
    
    resource "azurerm_virtual_network" "example" {
      name                = "windows-network"
      address_space       = ["10.0.0.0/16"]
      location            = azurerm_resource_group.example.location
      resource_group_name = azurerm_resource_group.example.name
    }
    
    resource "azurerm_subnet" "example" {
      name                 = "internal"
      resource_group_name  = azurerm_resource_group.example.name
      virtual_network_name = azurerm_virtual_network.example.name
      address_prefixes     = ["10.0.2.0/24"]
    }
    
    resource "azurerm_network_interface" "example" {
      name                = "windows-nic"
      location            = azurerm_resource_group.example.location
      resource_group_name = azurerm_resource_group.example.name
    
      ip_configuration {
        name                          = "internal"
        subnet_id                     = azurerm_subnet.example.id
        private_ip_address_allocation = "Dynamic"
      }
    }
    
    
    resource "azurerm_windows_virtual_machine" "example" {
      name                = "windows-machine"
      resource_group_name = azurerm_resource_group.example.name
      location            = azurerm_resource_group.example.location
      size                = "Standard_DS1_v2"
      admin_username      = "adminuser"
      admin_password      = "P@$$w0rd1234!"
      network_interface_ids = [
        azurerm_network_interface.example.id,
      ]
    
      os_disk {
        caching              = "ReadWrite"
        storage_account_type = "Standard_LRS"
      }
    
        encryption_at_host_enabled = true
    
      source_image_reference {
        publisher = "MicrosoftWindowsServer"
        offer     = "WindowsServer"
        sku       = "2016-Datacenter"
        version   = "latest"
      }
    }
    
    resource "azurerm_virtual_machine_extension" "example" {
      name                 = "customScript"
      virtual_machine_id   = azurerm_windows_virtual_machine.example.id
      publisher            = "Microsoft.Compute"
      type                 = "CustomScriptExtension"
      type_handler_version = "1.10"
    
      settings = <<SETTINGS
        {
            "fileUris": ["https://samplestoragevm.blob.core.windows.net/vmstorage/Script.ps1"],
            "commandToExecute": "powershell.exe -ExecutionPolicy Unrestricted -File Script.ps1"
        }
    SETTINGS
    }

Terraform Apply:

Reference: azurerm_virtual_machine_extension