Application Development Azure

OpenTofu on Ubuntu 24.04 on Azure User Guide

| Product: OpenTofu on Ubuntu 24.04 LTS on Azure

Overview

OpenTofu is the open-source, community-driven fork of Terraform for infrastructure as code, governed by the Linux Foundation. Declare your infrastructure in HCL and OpenTofu plans and applies the changes across hundreds of providers - Azure, AWS, Kubernetes and more - with state management, modules and a full plan/apply workflow. The cloudimg image installs OpenTofu 1.12.3 system-wide as a ready-to-use command-line workstation and CI runner, with a pre-initialised worked example so you can run a plan within seconds of logging in. This is a command-line product - there is no web UI. Backed by 24/7 cloudimg support.

What is included:

  • OpenTofu 1.12.3 installed at /usr/local/bin/tofu
  • A pre-initialised worked example at /opt/opentofu/example (random + local providers, providers cached)
  • A per-user writable copy at ~/opentofu-example for every login user
  • unzip and git for archives and module sources
  • A login banner pointing at the example and the user guide
  • Ubuntu 24.04 LTS base with latest security patches at build time
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet + subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is plenty for a CLI workstation. NSG inbound: allow 22/tcp from your management network. OpenTofu reaches out to the OpenTofu provider registry over HTTPS to fetch any providers not already cached.

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for OpenTofu by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22). Then Review + create -> Create.

Step 2 - Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name opentofu \
  --image <marketplace-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --ssh-key-values ~/.ssh/id_ed25519.pub \
  --vnet-name <your-vnet> --subnet <your-subnet> \
  --public-ip-sku Standard

Step 3 - Connect to your VM

ssh azureuser@<vm-public-ip>

Step 4 - Confirm OpenTofu is installed

tofu version

It reports OpenTofu v1.12.3 and the provider platform.

Step 5 - Initialise the worked example

Every login user gets a writable copy of the example at ~/opentofu-example. Initialise it (the providers are pre-cached, so this is instant and works offline):

[ -d ~/opentofu-example ] || cp -r /opt/opentofu/example ~/opentofu-example
cd ~/opentofu-example && tofu init

You get OpenTofu has been successfully initialized!.

Step 6 - Plan

See what OpenTofu would create:

cd ~/opentofu-example && tofu plan

The plan shows two resources to add - a random_pet name and a local_file - ending with Plan: 2 to add, 0 to change, 0 to destroy.

Step 7 - Apply

Create the resources:

cd ~/opentofu-example && tofu apply -auto-approve && cat hello.txt

OpenTofu reports Apply complete! Resources: 2 added, prints the pet_name output, and hello.txt contains a greeting with the random resource name.

Step 8 - Tear the example down

cd ~/opentofu-example && tofu destroy -auto-approve

OpenTofu reports Destroy complete! Resources: 2 destroyed.

Step 9 - Manage real infrastructure

Replace main.tf with your own configuration and add a provider. For Azure, add the azurerm provider and authenticate the VM with a managed identity or az login, then tofu init to download it:

terraform {
  required_providers {
    azurerm = {
      source  = "registry.opentofu.org/hashicorp/azurerm"
      version = "~> 4.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "rg-opentofu-demo"
  location = "eastus"
}

Store state remotely (e.g. an Azure Storage backend) for team use, and drive OpenTofu from CI by running tofu init, tofu plan and tofu apply non-interactively.

Maintenance

  • Reference template: the read-only example lives at /opt/opentofu/example; your writable copy is ~/opentofu-example.
  • Upgrades: download a newer OpenTofu release and replace /usr/local/bin/tofu.
  • Providers: tofu init fetches and caches providers per project; pin versions in required_providers.
  • Security patches: unattended-upgrades remains enabled so the OS continues to receive security updates automatically.

Support

cloudimg provides 24/7 expert support for this image. Contact support@cloudimg.co.uk.