configuring vm with terraform and cloud-init in an Azure Env

Hi i'm a newby so forgive me if i make an error, I'm very new to cloud-init and know terraform but not intimately. I'm using terraform cloud to provision my vm. this is my first encounter with custom_data . the issue i'm having is that i'm trying to not only do an installation of ansible on said vm. but i also want to copy a keyfile to /.ssh/ pls note not a public key!. i'm aware of the security implications and this is just a proof of concept in a secure environment. here is how i have setup my terraform;

from within my resource group; resource "azurerm_linux_virtual_machine" "ansible-vm" { name = "ansible-vm" resource_group_name = azurerm_resource_group.ansible_rg.name location = azurerm_resource_group.ansible_rg.location size = "Standard_B2ms" admin_username = "adminuser" network_interface_ids = [azurerm_network_interface.ans-nic[1].id] admin_password = var.admin_password disable_password_authentication = false

admin_ssh_key { username = "adminuser" public_key = file("${path.module}/files/id_rsa.pub") } custom_data = base64encode(<<-CLOUD_INIT #cloud-config write_files: - path: /tmp/install_ansible.sh content: | #!/bin/bash LINUX_VM_IP="${azurerm_linux_virtual_machine.linux-vm.private_ip_address}" MSSQL_VM_IP="${azurerm_network_interface.ans-nic[2].ip_configuration[0].private_ip_address}" # Update package lists sudo apt-get update # Install required packages sudo apt-get install -y software-properties-common

      # Add Ansible repository
      sudo apt-add-repository --yes --update ppa:ansible/ansible

      # Update package lists again
      sudo apt-get update

      # Install Ansible
      sudo apt-get install -y ansible

      # Install python-winrm
      sudo apt-get install -y python3-winrm

      # Check if Python 3.7 is already installed
      if ! command -v python3.7 >/dev/null 2>&1; then
        # Install Python 3.7
        sudo apt-get install -y python3.7
      fi

      # Create a backup of the current hosts file
      sudo cp /etc/ansible/hosts /etc/ansible/hosts.bak

      # Add the IP addresses to the Ansible hosts file
      echo "[webservers]
      ${azurerm_linux_virtual_machine.linux-vm.private_ip_address} ansible_python_interpreter=/usr/bin/python3

      [databases]
      ${azurerm_network_interface.ans-nic[2].ip_configuration[0].private_ip_address} ansible_python_interpreter=/usr/bin/python3" | sudo tee /etc/ansible/hosts

      # Run your Ansible playbook using the dynamic inventory file
      ansible -i /etc/ansible/hosts all -m ping > /tmp/ansible_check.log
      ansible-playbook -i /etc/ansible/hosts your_playbook.yml

• path: /var/lib/cloud/instance/scripts/part-001 content: | #!/bin/bash bash /tmp/install_ansible.sh permissions: "0755" CLOUD_INIT

  )

This code block works but when i try and add the code to creat a new file on the remote vm, the whole script fails, i think it is a syntax issue but not sure, and also not sure if i should be adding a data resource as well. here is my code which fails; custom_data = base64encode(<<-CLOUD_INIT #cloud-config write_files: - path: /tmp/install_ansible.sh content: | #!/bin/bash LINUX_VM_IP="${azurerm_linux_virtual_machine.linux-vm.private_ip_address}" MSSQL_VM_IP="${azurerm_network_interface.ans-nic[2].ip_configuration[0].private_ip_address}" # Update package lists sudo apt-get update # Install required packages sudo apt-get install -y software-properties-common

      # Add Ansible repository
      sudo apt-add-repository --yes --update ppa:ansible/ansible

      # Update package lists again
      sudo apt-get update

      # Install Ansible
      sudo apt-get install -y ansible

      # Install python-winrm
      sudo apt-get install -y python3-winrm

      # Check if Python 3.7 is already installed
      if ! command -v python3.7 >/dev/null 2>&1; then
        # Install Python 3.7
        sudo apt-get install -y python3.7
      fi

      # Create a backup of the current hosts file
      sudo cp /etc/ansible/hosts /etc/ansible/hosts.bak

      # Add the IP addresses to the Ansible hosts file
      echo "[webservers]
      ${azurerm_linux_virtual_machine.linux-vm.private_ip_address} ansible_python_interpreter=/usr/bin/python3

      [databases]
      ${azurerm_network_interface.ans-nic[2].ip_configuration[0].private_ip_address} ansible_python_interpreter=/usr/bin/python3" | sudo tee /etc/ansible/hosts

      # Run your Ansible playbook using the dynamic inventory file
      ansible -i /etc/ansible/hosts all -m ping > /tmp/ansible_check.log
      ansible-playbook -i /etc/ansible/hosts your_playbook.yml
      
      
  

  - path: ~/.ssh/id_rsa
    content: | 
    -----BEGIN OPENSSH PRIVATE KEY-----
    *******************i trying to copy
    -----END OPENSSH PRIVATE KEY-----

    owner: adminuser:adminuser
    permissions: '0400'  

  - path: /var/lib/cloud/instance/scripts/part-001
    content: |
      #!/bin/bash
      bash /tmp/install_ansible.sh
    permissions: "0755"
CLOUD_INIT

)

this project is using ubuntu 18.04lts & terraform ~>3.36.0. I would appreciate some pointers on how to get my script to enable to create the second file and still perform the other tasks shown. much regards

resource "azurerm_resource_group" "ansible_rg" {
  name     = "my-ansible-rg"
  location = "East US"
}

resource "azurerm_virtual_network" "ansible_vnet" {
  name                = "my-ansible-vnet"
  resource_group_name = azurerm_resource_group.ansible_rg.name
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.ansible_rg.location
}

resource "azurerm_subnet" "ansible_subnet" {
  name                 = "my-ansible-subnet"
  resource_group_name  = azurerm_resource_group.ansible_rg.name
  virtual_network_name = azurerm_virtual_network.ansible_vnet.name
  address_prefixes     = ["10.0.1.0/24"]
}

resource "azurerm_network_interface" "ans-nic" {
  count               = 2
  name                = "my-nic-${count.index}"
  location            = azurerm_resource_group.ansible_rg.location
  resource_group_name = azurerm_resource_group.ansible_rg.name

  ip_configuration {
    name                          = "testconfiguration1"
    subnet_id                     = azurerm_subnet.ansible_subnet.id
    private_ip_address_allocation = "Dynamic"
  }
}

resource "azurerm_linux_virtual_machine" "ansible_vm" {
  count                = 2
  name                 = "my-vm-${count.index}"
  resource_group_name  = azurerm_resource_group.ansible_rg.name
  location             = azurerm_resource_group.ansible_rg.location
  size                 = "Standard_B2ms"
  admin_username       = "adminuser"
  network_interface_ids = [azurerm_network_interface.ans-nic[count.index].id]
  admin_password       = var.admin_password
  disable_password_authentication = false

  admin_ssh_key {
    username   = "adminuser"
    public_key = file("${path.module}/files/id_rsa.pub")
  }

  custom_data = base64encode(<<CLOUD_INIT
#cloud-config
write_files:
  - path: /tmp/install_ansible.sh
    content: |
      #!/bin/bash
      LINUX_VM_IP="${azurerm_linux_virtual_machine.ansible_vm[count.index].private_ip_address}"
      MSSQL_VM_IP="${azurerm_network_interface.ans-nic[count.index].ip_configuration[0].private_ip_address}"
      # Rest of your script here...

  - path: /home/adminuser/.ssh/id_rsa
    content: |
      -----BEGIN OPENSSH PRIVATE KEY-----
      Your private SSH key content here
      -----END OPENSSH PRIVATE KEY-----
    owner: adminuser:adminuser
    permissions: '0400'

  - path: /var/lib/cloud/instance/scripts/part-001
    content: |
      #!/bin/bash
      bash /tmp/install_ansible.sh
    permissions: "0755"
CLOUD_INIT
)
}

variable "admin_password" {
  description = "Admin password for the VM"
  type        = string
}

added the necessary Azure resources (azurerm_resource_group, azurerm_virtual_network, azurerm_subnet, azurerm_network_interface) to create a basic network configuration for your VM. This is needed for the VM to have connectivity.