kgorskowski/cloud-init.tpl

## cloud-init.tpl
#cloud-config

# Ensure that walinuxagent starts after cloud-init finished. That prevents the DevOps Agent starting before the Docker Daemon is ready and logged in to jfrog
bootcmd:
  - mkdir -p /etc/systemd/system/walinuxagent.service.d
  - echo "[Unit]\nAfter=cloud-final.service" > /etc/systemd/system/walinuxagent.service.d/override.conf
  - sed "s/After=multi-user.target//g" /lib/systemd/system/cloud-final.service > /etc/systemd/system/cloud-final.service
  - systemctl daemon-reload

groups:
  - docker

# Create AzDevOps user before the install script and add to docker group. Then we can log in to jfrog registry before the Agent is installed and started.
users:
  - default
  - name: AzDevOps
    groups: docker

system_info:
  default_user:
    groups: [docker]

runcmd:

 # get archive with DevOps Agent dependencies from jfrog
 # packaged mirror of dependencies defined in https://github.com/microsoft/azure-pipelines-agent/blob/ea34833f3c92be22dfbd84882cc8156aa3dcd0e0/src/Misc/layoutbin/installdependencies.sh
  - curl -sSf -u "${JFROG_USERNAME}:${JFROG_PASSWORD}" 'https://domain.jfrog.io/artifactory/our-project/software/rpms/vsts-agent/vsts-agent-dependencies.tar' | tar -xvf -
  - dpkg -i *.deb
  - rm *.deb

# download docker ce, cli and containerd packages from jfrog and install in correct order
  - curl -sSf -u "${JFROG_USERNAME}:${JFROG_PASSWORD}" -O 'https://domain.jfrog.io/artifactory/our-project/software/rpms/docker-ce/containerd.io_${CONTAINERD_VERSION}.deb'
  - curl -sSf -u "${JFROG_USERNAME}:${JFROG_PASSWORD}" -O 'https://domain.jfrog.io/artifactory/our-project/software/rpms/docker-ce/docker-ce-cli_${DOCKER_VERSION}.deb'
  - curl -sSf -u "${JFROG_USERNAME}:${JFROG_PASSWORD}" -O 'https://domain.jfrog.io/artifactory/our-project/software/rpms/docker-ce/docker-ce_${DOCKER_VERSION}.deb'
  - dpkg -i containerd.io_${CONTAINERD_VERSION}.deb
  - dpkg -i docker-ce-cli_${DOCKER_VERSION}.deb
  - dpkg -i docker-ce_${DOCKER_VERSION}.deb
  - rm *.deb

# login to jfrog docker registry as AzDevOps user
  - mkdir -p /home/AzDevOps/.docker
  - export DOCKER_AUTH=${JFROG_USERNAME}:${JFROG_PASSWORD}
  - export DOCKER_AUTH_B64=$(echo -n $DOCKER_AUTH | base64 -w0)
  - echo "{\"auths\":{\"our-registry.jfrog.io\":{\"auth\":\"$(echo -n $DOCKER_AUTH_B64)\"}}}" > /home/AzDevOps/.docker/config.json
  - chown -R AzDevOps:AzDevOps /home/AzDevOps/.docker

## main.tf
data "template_file" "cloud-init" {
  template = file("./cloud-init.tpl")
    vars = {
    JFROG_USERNAME     = var.jfrog_user
    JFROG_PASSWORD     = var.jfrog_password
    DOCKER_VERSION     = var.docker_version
    CONTAINERD_VERSION = var.containerd_version
  }
}
	#cloud-config

	# Ensure that walinuxagent starts after cloud-init finished. That prevents the DevOps Agent starting before the Docker Daemon is ready and logged in to jfrog
	bootcmd:
	- mkdir -p /etc/systemd/system/walinuxagent.service.d
	- echo "[Unit]\nAfter=cloud-final.service" > /etc/systemd/system/walinuxagent.service.d/override.conf
	- sed "s/After=multi-user.target//g" /lib/systemd/system/cloud-final.service > /etc/systemd/system/cloud-final.service
	- systemctl daemon-reload

	groups:
	- docker

	# Create AzDevOps user before the install script and add to docker group. Then we can log in to jfrog registry before the Agent is installed and started.
	users:
	- default
	- name: AzDevOps
	groups: docker

	system_info:
	default_user:
	groups: [docker]

	runcmd:

	# get archive with DevOps Agent dependencies from jfrog
	# packaged mirror of dependencies defined in https://github.com/microsoft/azure-pipelines-agent/blob/ea34833f3c92be22dfbd84882cc8156aa3dcd0e0/src/Misc/layoutbin/installdependencies.sh
	- curl -sSf -u "${JFROG_USERNAME}:${JFROG_PASSWORD}" 'https://domain.jfrog.io/artifactory/our-project/software/rpms/vsts-agent/vsts-agent-dependencies.tar' \| tar -xvf -
	- dpkg -i *.deb
	- rm *.deb

	# download docker ce, cli and containerd packages from jfrog and install in correct order
	- curl -sSf -u "${JFROG_USERNAME}:${JFROG_PASSWORD}" -O 'https://domain.jfrog.io/artifactory/our-project/software/rpms/docker-ce/containerd.io_${CONTAINERD_VERSION}.deb'
	- curl -sSf -u "${JFROG_USERNAME}:${JFROG_PASSWORD}" -O 'https://domain.jfrog.io/artifactory/our-project/software/rpms/docker-ce/docker-ce-cli_${DOCKER_VERSION}.deb'
	- curl -sSf -u "${JFROG_USERNAME}:${JFROG_PASSWORD}" -O 'https://domain.jfrog.io/artifactory/our-project/software/rpms/docker-ce/docker-ce_${DOCKER_VERSION}.deb'
	- dpkg -i containerd.io_${CONTAINERD_VERSION}.deb
	- dpkg -i docker-ce-cli_${DOCKER_VERSION}.deb
	- dpkg -i docker-ce_${DOCKER_VERSION}.deb
	- rm *.deb

	# login to jfrog docker registry as AzDevOps user
	- mkdir -p /home/AzDevOps/.docker
	- export DOCKER_AUTH=${JFROG_USERNAME}:${JFROG_PASSWORD}
	- export DOCKER_AUTH_B64=$(echo -n $DOCKER_AUTH \| base64 -w0)
	- echo "{\"auths\":{\"our-registry.jfrog.io\":{\"auth\":\"$(echo -n $DOCKER_AUTH_B64)\"}}}" > /home/AzDevOps/.docker/config.json
	- chown -R AzDevOps:AzDevOps /home/AzDevOps/.docker
	data "template_file" "cloud-init" {
	template = file("./cloud-init.tpl")
	vars = {
	JFROG_USERNAME = var.jfrog_user
	JFROG_PASSWORD = var.jfrog_password
	DOCKER_VERSION = var.docker_version
	CONTAINERD_VERSION = var.containerd_version
	}
	}