1
0

azurearm.rst 15 KB


  1. ==============================
  2. Getting Started With Azure ARM
  3. ==============================
  4. .. versionadded:: 2016.11.0
  5. Azure is a cloud service by Microsoft providing virtual machines, SQL services,
  6. media services, and more. Azure ARM (aka, the Azure Resource Manager) is a next
  7. generation version of the Azure portal and API. This document describes how to
  8. use Salt Cloud to create a virtual machine on Azure ARM, with Salt installed.
  9. More information about Azure is located at `http://www.windowsazure.com/
  10. <http://www.windowsazure.com/>`_.
  11. Dependencies
  12. ============
  13. * `azure <https://pypi.org/project/azure>`_ >= 2.0.0rc6
  14. * `azure-common <https://pypi.org/project/azure-common>`_ >= 1.1.4
  15. * `azure-mgmt <https://pypi.org/project/azure-mgmt>`_ >= 0.30.0rc6
  16. * `azure-mgmt-compute <https://pypi.org/project/azure-mgmt-compute>`_ >= 0.33.0
  17. * `azure-mgmt-network <https://pypi.org/project/azure-mgmt-network>`_ >= 0.30.0rc6
  18. * `azure-mgmt-resource <https://pypi.org/project/azure-mgmt-resource>`_ >= 0.30.0
  19. * `azure-mgmt-storage <https://pypi.org/project/azure-mgmt-storage>`_ >= 0.30.0rc6
  20. * `azure-mgmt-web <https://pypi.org/project/azure-mgmt-web>`_ >= 0.30.0rc6
  21. * `azure-storage <https://pypi.org/project/azure-storage>`_ >= 0.32.0
  22. * `msrestazure <https://pypi.org/project/msrestazure/>`_ >= 0.4.21
  23. * A Microsoft Azure account
  24. * `Salt <https://github.com/saltstack/salt>`_
  25. Installation Tips
  26. =================
  27. Because the ``azure`` library requires the ``cryptography`` library, which is
  28. compiled on-the-fly by ``pip``, you may need to install the development tools
  29. for your operating system.
  30. Before you install ``azure`` with ``pip``, you should make sure that the
  31. required libraries are installed.
  32. Debian
  33. ------
  34. For Debian and Ubuntu, the following command will ensure that the required
  35. dependencies are installed:
  36. .. code-block:: bash
  37. sudo apt-get install build-essential libssl-dev libffi-dev python-dev
  38. Red Hat
  39. -------
  40. For Fedora and RHEL-derivatives, the following command will ensure that the
  41. required dependencies are installed:
  42. .. code-block:: bash
  43. sudo yum install gcc libffi-devel python-devel openssl-devel
  44. Configuration
  45. =============
  46. Set up the provider config at ``/etc/salt/cloud.providers.d/azurearm.conf``:
  47. .. code-block:: yaml
  48. # Note: This example is for /etc/salt/cloud.providers.d/azurearm.conf
  49. my-azurearm-config:
  50. driver: azurearm
  51. master: salt.example.com
  52. subscription_id: 01234567-890a-bcde-f012-34567890abdc
  53. # https://apps.dev.microsoft.com/#/appList
  54. username: <username>@<subdomain>.onmicrosoft.com
  55. password: verybadpass
  56. location: westus
  57. resource_group: my_rg
  58. # Optional
  59. network_resource_group: my_net_rg
  60. cleanup_disks: True
  61. cleanup_vhds: True
  62. cleanup_data_disks: True
  63. cleanup_interfaces: True
  64. custom_data: 'This is custom data'
  65. expire_publisher_cache: 604800 # 7 days
  66. expire_offer_cache: 518400 # 6 days
  67. expire_sku_cache: 432000 # 5 days
  68. expire_version_cache: 345600 # 4 days
  69. expire_group_cache: 14400 # 4 hours
  70. expire_interface_cache: 3600 # 1 hour
  71. expire_network_cache: 3600 # 1 hour
  72. Cloud Profiles
  73. ==============
  74. Set up an initial profile at ``/etc/salt/cloud.profiles``:
  75. .. code-block:: yaml
  76. azure-ubuntu-pass:
  77. provider: my-azure-config
  78. image: Canonical|UbuntuServer|14.04.5-LTS|14.04.201612050
  79. size: Standard_D1_v2
  80. location: eastus
  81. ssh_username: azureuser
  82. ssh_password: verybadpass
  83. azure-ubuntu-key:
  84. provider: my-azure-config
  85. image: Canonical|UbuntuServer|14.04.5-LTS|14.04.201612050
  86. size: Standard_D1_v2
  87. location: eastus
  88. ssh_username: azureuser
  89. ssh_publickeyfile: /path/to/ssh_public_key.pub
  90. azure-win2012:
  91. provider: my-azure-config
  92. image: MicrosoftWindowsServer|WindowsServer|2012-R2-Datacenter|latest
  93. size: Standard_D1_v2
  94. location: westus
  95. win_username: azureuser
  96. win_password: verybadpass
  97. These options are described in more detail below. Once configured, the profile
  98. can be realized with a salt command:
  99. .. code-block:: bash
  100. salt-cloud -p azure-ubuntu newinstance
  101. This will create an salt minion instance named ``newinstance`` in Azure. If
  102. the command was executed on the salt-master, its Salt key will automatically
  103. be signed on the master.
  104. Once the instance has been created with salt-minion installed, connectivity to
  105. it can be verified with Salt:
  106. .. code-block:: bash
  107. salt newinstance test.version
  108. Profile Options
  109. ===============
  110. The following options are currently available for Azure ARM.
  111. provider
  112. --------
  113. The name of the provider as configured in
  114. `/etc/salt/cloud.providers.d/azure.conf`.
  115. image
  116. -----
  117. Required. The name of the image to use to create a VM. Available images can be
  118. viewed using the following command:
  119. .. code-block:: bash
  120. salt-cloud --list-images my-azure-config
  121. As you will see in ``--list-images``, image names are comprised of the following
  122. fields, separated by the pipe (``|``) character:
  123. .. code-block:: yaml
  124. publisher: For example, Canonical or MicrosoftWindowsServer
  125. offer: For example, UbuntuServer or WindowsServer
  126. sku: Such as 14.04.5-LTS or 2012-R2-Datacenter
  127. version: Such as 14.04.201612050 or latest
  128. It is possible to specify the URL or resource ID path of a custom image that you
  129. have access to, such as:
  130. .. code-block:: yaml
  131. https://<mystorage>.blob.core.windows.net/system/Microsoft.Compute/Images/<mystorage>/template-osDisk.01234567-890a-bcdef0123-4567890abcde.vhd
  132. or:
  133. .. code-block:: yaml
  134. /subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/myRG/providers/Microsoft.Compute/images/myImage
  135. size
  136. ----
  137. Required. The name of the size to use to create a VM. Available sizes can be
  138. viewed using the following command:
  139. .. code-block:: bash
  140. salt-cloud --list-sizes my-azure-config
  141. location
  142. --------
  143. Required. The name of the location to create a VM in. Available locations can
  144. be viewed using the following command:
  145. .. code-block:: bash
  146. salt-cloud --list-locations my-azure-config
  147. ssh_username
  148. ------------
  149. Required for Linux. The admin user to add on the instance. It is also used to log
  150. into the newly-created VM to install Salt.
  151. ssh_keyfile
  152. -----------
  153. Required if using SSH key authentication. The path on the Salt master to the SSH private
  154. key used during the minion bootstrap process.
  155. ssh_publickeyfile
  156. -----------------
  157. Use either ``ssh_publickeyfile`` or ``ssh_password``. The path on the Salt master to the
  158. SSH public key which will be pushed to the Linux VM.
  159. ssh_password
  160. ------------
  161. Use either ``ssh_publickeyfile`` or ``ssh_password``. The password for the admin user on
  162. the newly-created Linux virtual machine.
  163. win_username
  164. ------------
  165. Required for Windows. The user to use to log into the newly-created Windows VM
  166. to install Salt.
  167. win_password
  168. ------------
  169. Required for Windows. The password to use to log into the newly-created Windows
  170. VM to install Salt.
  171. win_installer
  172. -------------
  173. Required for Windows. The path to the Salt installer to be uploaded.
  174. resource_group
  175. --------------
  176. Required. The resource group that all VM resources (VM, network interfaces,
  177. etc) will be created in.
  178. network_resource_group
  179. ----------------------
  180. Optional. If specified, then the VM will be connected to the virtual network
  181. in this resource group, rather than the parent resource group of the instance.
  182. The VM interfaces and IPs will remain in the configured ``resource_group`` with
  183. the VM.
  184. network
  185. -------
  186. Required. The virtual network that the VM will be spun up in.
  187. subnet
  188. ------
  189. Optional. The subnet inside the virtual network that the VM will be spun up in.
  190. Default is ``default``.
  191. allocate_public_ip
  192. ------------------
  193. Optional. Default is ``False``. If set to ``True``, a public IP will
  194. be created and assigned to the VM.
  195. load_balancer
  196. -------------
  197. Optional. The load-balancer for the VM's network interface to join. If
  198. specified the backend_pool option need to be set.
  199. backend_pool
  200. ------------
  201. Optional. Required if the load_balancer option is set. The load-balancer's
  202. Backend Pool the VM's network interface will join.
  203. iface_name
  204. ----------
  205. Optional. The name to apply to the VM's network interface. If not supplied, the
  206. value will be set to ``<VM name>-iface0``.
  207. dns_servers
  208. -----------
  209. Optional. A **list** of the DNS servers to configure for the network interface
  210. (will be set on the VM by the DHCP of the VNET).
  211. .. code-block:: yaml
  212. my-azurearm-profile:
  213. provider: azurearm-provider
  214. network: mynetwork
  215. dns_servers:
  216. - 10.1.1.4
  217. - 10.1.1.5
  218. availability_set
  219. ----------------
  220. Optional. If set, the VM will be added to the specified availability set.
  221. volumes
  222. -------
  223. Optional. A list of dictionaries describing data disks to attach to the
  224. instance can be specified using this setting. The data disk dictionaries are
  225. passed entirely to the `Azure DataDisk object
  226. <https://docs.microsoft.com/en-us/python/api/azure.mgmt.compute.v2017_12_01.models.datadisk?view=azure-python>`_,
  227. so ad-hoc options can be handled as long as they are valid properties of the
  228. object.
  229. .. code-block:: yaml
  230. volumes:
  231. - disk_size_gb: 50
  232. caching: ReadWrite
  233. - disk_size_gb: 100
  234. caching: ReadWrite
  235. managed_disk:
  236. storage_account_type: Standard_LRS
  237. cleanup_disks
  238. -------------
  239. Optional. Default is ``False``. If set to ``True``, disks will be cleaned up
  240. when the VM that they belong to is deleted.
  241. cleanup_vhds
  242. ------------
  243. Optional. Default is ``False``. If set to ``True``, VHDs will be cleaned up
  244. when the VM and disk that they belong to are deleted. Requires ``cleanup_disks``
  245. to be set to ``True``.
  246. cleanup_data_disks
  247. ------------------
  248. Optional. Default is ``False``. If set to ``True``, data disks (non-root
  249. volumes) will be cleaned up whtn the VM that they are attached to is deleted.
  250. Requires ``cleanup_disks`` to be set to ``True``.
  251. cleanup_interfaces
  252. ------------------
  253. Optional. Default is ``False``. Normally when a VM is deleted, its associated
  254. interfaces and IPs are retained. This is useful if you expect the deleted VM
  255. to be recreated with the same name and network settings. If you would like
  256. interfaces and IPs to be deleted when their associated VM is deleted, set this
  257. to ``True``.
  258. userdata
  259. --------
  260. Optional. Any custom cloud data that needs to be specified. How this data is
  261. used depends on the operating system and image that is used. For instance,
  262. Linux images that use ``cloud-init`` will import this data for use with that
  263. program. Some Windows images will create a file with a copy of this data, and
  264. others will ignore it. If a Windows image creates a file, then the location
  265. will depend upon the version of Windows. This will be ignored if the
  266. ``userdata_file`` is specified.
  267. userdata_file
  268. -------------
  269. Optional. The path to a file to be read and submitted to Azure as user data.
  270. How this is used depends on the operating system that is being deployed. If
  271. used, any ``userdata`` setting will be ignored.
  272. userdata_sendkeys
  273. -----------------
  274. Optional. Set to ``True`` in order to generate salt minion keys and provide
  275. them as variables to the userdata script when running it through the template
  276. renderer. The keys can be referenced as ``{{opts['priv_key']}}`` and
  277. ``{{opts['pub_key']}}``.
  278. userdata_template
  279. -----------------
  280. Optional. Enter the renderer, such as ``jinja``, to be used for the userdata
  281. script template.
  282. wait_for_ip_timeout
  283. -------------------
  284. Optional. Default is ``600``. When waiting for a VM to be created, Salt Cloud
  285. will attempt to connect to the VM's IP address until it starts responding. This
  286. setting specifies the maximum time to wait for a response.
  287. wait_for_ip_interval
  288. --------------------
  289. Optional. Default is ``10``. How long to wait between attempts to connect to
  290. the VM's IP.
  291. wait_for_ip_interval_multiplier
  292. -------------------------------
  293. Optional. Default is ``1``. Increase the interval by this multiplier after
  294. each request; helps with throttling.
  295. expire_publisher_cache
  296. ----------------------
  297. Optional. Default is ``604800``. When fetching image data using
  298. ``--list-images``, a number of web calls need to be made to the Azure ARM API.
  299. This is normally very fast when performed using a VM that exists inside Azure
  300. itself, but can be very slow when made from an external connection.
  301. By default, the publisher data will be cached, and only updated every ``604800``
  302. seconds (7 days). If you need the publisher cache to be updated at a different
  303. frequency, change this setting. Setting it to ``0`` will turn off the publisher
  304. cache.
  305. expire_offer_cache
  306. ------------------
  307. Optional. Default is ``518400``. See ``expire_publisher_cache`` for details on
  308. why this exists.
  309. By default, the offer data will be cached, and only updated every ``518400``
  310. seconds (6 days). If you need the offer cache to be updated at a different
  311. frequency, change this setting. Setting it to ``0`` will turn off the publiser
  312. cache.
  313. expire_sku_cache
  314. ----------------
  315. Optional. Default is ``432000``. See ``expire_publisher_cache`` for details on
  316. why this exists.
  317. By default, the sku data will be cached, and only updated every ``432000``
  318. seconds (5 days). If you need the sku cache to be updated at a different
  319. frequency, change this setting. Setting it to ``0`` will turn off the sku
  320. cache.
  321. expire_version_cache
  322. --------------------
  323. Optional. Default is ``345600``. See ``expire_publisher_cache`` for details on
  324. why this exists.
  325. By default, the version data will be cached, and only updated every ``345600``
  326. seconds (4 days). If you need the version cache to be updated at a different
  327. frequency, change this setting. Setting it to ``0`` will turn off the version
  328. cache.
  329. expire_group_cache
  330. ------------------
  331. Optional. Default is ``14400``. See ``expire_publisher_cache`` for details on
  332. why this exists.
  333. By default, the resource group data will be cached, and only updated every
  334. ``14400`` seconds (4 hours). If you need the resource group cache to be updated
  335. at a different frequency, change this setting. Setting it to ``0`` will turn
  336. off the resource group cache.
  337. expire_interface_cache
  338. ----------------------
  339. Optional. Default is ``3600``. See ``expire_publisher_cache`` for details on
  340. why this exists.
  341. By default, the interface data will be cached, and only updated every ``3600``
  342. seconds (1 hour). If you need the interface cache to be updated at a different
  343. frequency, change this setting. Setting it to ``0`` will turn off the interface
  344. cache.
  345. expire_network_cache
  346. --------------------
  347. Optional. Default is ``3600``. See ``expire_publisher_cache`` for details on
  348. why this exists.
  349. By default, the network data will be cached, and only updated every ``3600``
  350. seconds (1 hour). If you need the network cache to be updated at a different
  351. frequency, change this setting. Setting it to ``0`` will turn off the network
  352. cache.
  353. Other Options
  354. =============
  355. Other options relevant to Azure ARM.
  356. storage_account
  357. ---------------
  358. Required for actions involving an Azure storage account.
  359. storage_key
  360. -----------
  361. Required for actions involving an Azure storage account.
  362. Show Instance
  363. =============
  364. This action is a thin wrapper around ``--full-query``, which displays details on
  365. a single instance only. In an environment with several machines, this will save
  366. a user from having to sort through all instance data, just to examine a single
  367. instance.
  368. .. code-block:: bash
  369. salt-cloud -a show_instance myinstance