Skip to content

Instantly share code, notes, and snippets.

@weltonrodrigo

weltonrodrigo/vm-deallocate-itself.md

Created October 29, 2022 13:54
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save weltonrodrigo/6540cac402536c8a771ee4f92f5fdc9e to your computer and use it in GitHub Desktop.
Save weltonrodrigo/6540cac402536c8a771ee4f92f5fdc9e to your computer and use it in GitHub Desktop.
Download ZIP
Configure a Azure VM to deallocate itself on shutdown
Raw
vm-deallocate-itself.md

How to configure an Azure VM to self deallocate on shutdown?

At the Azure Portal:

  1. Activate system identity for the vm: VM -> identity -> System assigned -> Status ON -> Save
  2. Give the VM permission to manage itself -> VM -> IAM -> Add role assignment -> Virtual Machine Contributor -> Managed Identity -> Find the VM identity you just activated

At the machine:

  1. Install azure cli with
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
  1. Test the azure cli with az login --identity this should return a JSON.
  2. Add the following file at /lib/systemd/system/deallocate-on-shutdown.service replacing <virtual_machine_name> and <resource_group>:
[Unit]
Description=Deallocate VM on shutdown
After=multi-user.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecStop=bash -c 'az login --identity && az vm deallocate -n <virtual_machine_name> -g <resource_group>'

[Install]
WantedBy=multi-user.target
  1. Enable this unit with sudo systemctl enable deallocate-on-shutdown.service
  2. Start the unit with sudo systemctl start deallocate-on-shutdown.service
  3. Test the unit by issuing a shutdown sudo shutdown -n now
  4. Check at the Azure Portal that the VM is indeed deallocating.

The explanation

You still pay for stopped VMs.

How Microsoft Azure Deallocate VM vs. Stop VM States Differ:

Azure’s Stopped State When you are logged in to the operating system of an Azure VM, you can issue a command to shut down the server. This will kick you out of the OS and stop all processes, but will maintain the allocated hardware (including the IP addresses currently assigned). If you find the VM in the Azure console, you’ll see the state listed as “Stopped”. The biggest thing you need to know about this state is that you are still being charged by the hour for this instance.

Azure’s Deallocated State The other way to stop your virtual machine is through Azure itself, whether that’s through the console, Powershell, or the Azure CLI. When you stop a VM through Azure, rather than through the OS, it goes into a “Stopped (deallocated)” state. This means that any non-static public IPs will be released, but you’ll also stop paying for the VM’s compute costs. This is a great way to save money on your Azure costs when you don’t need those VMs running, and is the state that ParkMyCloud puts your VMs in when they are parked.

You can run az vm deallocate -n <virtual_machine_name> -g <virtual_machine_group> before the shutdown to free the resources,this will also send a shutdown command to operational system. You can also deallocate from the Azure Portal after shutdown.

To automatize this process and make the virtual machine deallocate itself on shutdown, you can create a systemd unit to execute az deallocate when the shutdown process begin.

This is based on this post: systemd Shutdown Units

Note that this will give the VM full access to itself, so this may be a security risk if this vm is exposed to the internet, as an attacker with shell access to the vm can delete the VM. If this is a concern to you, you can create a custom rule with only the Microsoft.Compute/virtualMachines/deallocate/action permission

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment