In my previous post I wrote about launching a CentOS 7 Virtual Machine in Azure using Terraform .

As you can see from my original configuration I was adding a password and my own user. This worked well, the machine launched and I could access it as expect and sudo to root.

However, when it came to using Terraforms built-in provisioner I started to have problems as the commands I was running need root privileges, when I tried using sudo it would sit there waiting for the password to entered.

After doing a little reading I found that if I was to launch the Virtual Machine with a SSH Key I would be able to get passwordless sudo access.

Checking through Terraform documentation it hinted that I could use an uploaded key when launching the VM by using the ssh_key_thumbprint variable. Great, where do I upload my key?

A few hours and much head scratching later I had it sorted.

First of all, you don’t upload keys. Instead, you will need to convert your key to pem file and then a certificate. You can do that using the commands below (replace the paths as needed);

Adding a SSH Key to Azure 1/1
opoepnesnsslslrexq50-9x50o9ut-fkoerymd.esrsh-/iind_~r/sDaes-kntoodpe/smy-Cdearyts.p3e6m5-onuetwk~e/yDersskat:o2p0/4m8yCeorutt.c/eDresktop/myCert.pem

Once you have your certificate file it’s time to upload it. This is where things got confusing, the only obvious place I could find clicking around the interface was Settings -> Management Certificates which made complete sense to me coming from an AWS background. I uploaded it, launched my Virtual Machine using Terraform and it failed to find the thumbprint so it was back to Google.

After a while I realised as I was launching my Virtual Machine into a “Cloud Service” and that I had to add the certificate there.

a screenshot of a computergraphical user interface, text, applicationgraphical user interface

Once I had uploaded the certificate to the Cloud Service I was able to launch the Virtual Machine using the ssh_key_thumbprint variable, the provisioner was able to connect and finally execute sudo without having to provide the password.