Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Cloud-Init to Automate the Initialization of vSRX 3.0 Instances in Microsoft Azure Cloud



Cloud-init is an open-source service for automating the initialization of a cloud instance at startup . Cloud-init is designed to support multiple different cloud environments. With cloud-init support, the same virtual machine (VM) image can be directly used in multiple cloud instances without any modification.

Cloud-init support in a VM instance runs at provisioning time (first-time boot) and initializes the VM instance according to the specified user data file. The vSRX initialization information is fetched from user data and metadata by cloud-init, then cloud-init applies them according to the module configuration. Cloud-init supports user data in different formats, such as cloud config data, bash script, and so on. If user data is passed as cloud configuration data, then you must follow the YAML syntax. A user-data file is a special key in the metadata service that contains a file that cloud-aware applications in the vSRX instance can access upon a first-time boot.

With cloud-init you can set a default locale, set an instance hostname, add SSH keys to a user’s .ssh/authorized_keys and use the keys when you log in, and configure network devices.

Cloud-init is capable of fetching data from three different sources:

  • User data—Data passed by the user during provisioning in a user data file. The mechanism by which you can pass information contained in a local file to an instance at launch time. A typical use case is to pass something like a shell script or cloud configuration data as user data.

    The supported formats for user data are Shell scripts, Include files, and cloud configuration data (in YAML syntax).

  • Metadata—Cloud platforms run metadata server that hosts user data. VM on boot up access the meta-data server and fetches the user-data from the metadata server. This configuration has to be supported by the cloud platform. This configuration data comes from the stack that creates the configuration drive. Typical metadata includes server name, instance ID, display name, and other cloud-specific details.

  • Config-file system—Data retrieved from a data source and saved to /var/lib/cloud/.

The cloud-init functions are:

  • Search the local data source to get the metadata and user data

  • Search the network data source (configuration file) to get the metadata and user data. The metadata ovf-env.xml file can be found under /var/lib/waagent, and the user data can be found under /var/lib/cloud/instance. Cloud-init reads the metadata and user data, calls the related handlers to handle the data, and exits.

  • Execute configuration modules.

Starting in Junos OS Release 20.2R1, cloud-init support is added on vSRX 3.0 for autoconfiguration on Azure. Cloud-init package (version 18.4) is imported on vSRX 3.0 and is called during the initial boot process of vSRX3.0 on Azure. This service helps you simplify configuring new vSRX 3.0 instances operating in Azure according to the specified user-data file.

Cloud-init GUI feature is not available on Azure portal. You can use cloud-init on vSRX 3.0 only through the Azure CLI.

Cloud-init package is imported as Python libraries and is started on vSRX 3.0 when you start the initialization script of vSRX 3.0. Because cloud-init is mainly used for the initialization configuration of an instance, it is only needed to run for the initial startup. When you create a vSRX instance, the cloud-init service on Azure passes the user data to initialize new vSRX instances, which can contain some basic configurations of vSRX. The cloud-config data passed as user data must be in the YAML format. The user data is then fetched by vSRX 3.0 running on Azure and during the initial boot-up sequence, the vSRX instance processes the cloud-init request.

At the end of each stage, cloud-init runs through all the modules listed in the configuration file to configure the VM.

For customized initialization of vSRX instance in Azure, cloud-init gets the metadata and performs the provisioning job instead of WALinuxAgent.

Details of the interactions between the Juniper vSRX 3.0 Azure deployment script ( and cloud-init for user definition are:

  • If you define the same user in both the parameter.json file and the YAML file, then the password defined in the parameter.json file (password1) will take effect and the SSH public key defined in YAML file will be merged.


    Currently SSH public key cannot be used in parameter file.

  • If the same user is defined in both the parameter.json file and the YAML file through write_files, then the password defined in the YAML file (password4) will take effect and the SSH public key defined in the YAML file will be merged.

    For example:

    • parameter.json file with username + password3 (and SSH public key)

    • YAML file (write_file): username + password4

  • If the same user is defined in the parameter.json file and in the YAML file by the users and through write_files, then password defined in YAML file using write_files (password7) will take effect and the SSH public key defined in YAML file will be merged

    For example:

    • parameter.json file: username + password5

    • YAML file (users): username + password6

    • YAML file (write_files): username + password7

Benefits of Using Cloud-Init

Benefits of cloud-init support in Microsoft Azure cloud infrastructures for VM provisioning are:

  • If Azure has enabled and integrated cloud-init into the base images, then no additional settings are required to enable the cloud-init process.

  • Can contain rich configurations that simplify the automation of instance initialization.

  • Cloud-init configurations applied to VMs do not have time constraints and do not cause a deployment failure by timing out.

  • If you do not include the required custom data for VM provisioning, then cloud-init takes the minimal VM provisioning parameters required to provision the VM and completes the deployment with the defaults.

Sample Configurations for Cloud-Init User Data

This section provides you samples of user-data passed in the cloud-init service.

Installing License on vSRX 3.0 Through Cloud-Init

To pass the license details to the cloud-init service, use the YAML configuration:

Configuring SSH Public Key Authentication on vSRX 3.0 Through Cloud-Init (Simple)

To pass the license details to the cloud-init service, use the YAML configuration:

Configuring SSH Public Key Authentication on vSRX 3.0 Through Cloud-Init (Comprehensive)