azurerm

Azure Resource Manager Cloud Module

Added in version 2016.11.0.

Changed in version 2019.2.0.

The Azure Resource Manager cloud module is used to control access to Microsoft Azure Resource Manager

configuration:

Required provider parameters:

if using username and password:

  • subscription_id

  • username

  • password

if using a service principal:

  • subscription_id

  • tenant

  • client_id

  • secret

if using Managed Service Identity authentication:

  • subscription_id

Optional provider parameters:

cloud_environment:
Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:

  • AZURE_PUBLIC_CLOUD (default)

  • AZURE_CHINA_CLOUD

  • AZURE_US_GOV_CLOUD

  • AZURE_GERMAN_CLOUD

  • HTTP base URL for a custom endpoint, such as Azure Stack. The /metadata/endpoints path will be added to the URL.

userdata and userdata_file:

Azure Resource Manager uses a separate VirtualMachineExtension object to pass userdata scripts to the virtual machine. Arbitrary shell commands can be passed via the userdata parameter, or via a file local to the Salt Cloud system using the userdata_file parameter. Note that the local file is not treated as a script by the extension, so “one-liners” probably work best. If greater functionality is desired, a web-hosted script file can be specified via userdata_file: https://raw.githubusercontent.com/account/repo/master/azure-script.py, which will be executed on the system after VM creation. For Windows systems, script files ending in .ps1 will be executed with powershell.exe. The userdata parameter takes precedence over the userdata_file parameter when creating the custom script extension.

Not to be confused with `user_data <https://learn.microsoft.com/en-us/azure/virtual-machines/user-data>`_, which only holds static content.

win_installer:

This parameter, which holds the local path to the Salt Minion installer package, is used to determine if the virtual machine type will be “Windows”. Only set this parameter on profiles which install Windows operating systems.

user_data:

Added in version 4.2.0.

Plain string representing user data. It should not be base64 encoded, as that will be done by Salt.

custom_data:

Added in version 4.2.0.

Older version of user_data. See custom data. It should not be base64 encoded, as that will be done by Salt.

identity_type:

Added in version 4.2.0.

The type of identity used for the virtual machine. The type SystemAssigned, UserAssigned includes both an implicitly created identity and a set of user assigned identities. If left undefined will remove any identities from the virtual machine. Known values are: SystemAssigned, UserAssigned, SystemAssigned, UserAssigned, and undefined.

user_assigned_identities:

Added in version 4.2.0.

The list of user identities associated with the Virtual Machine. Requires identity_type to be either SystemAssigned, UserAssigned or UserAssigned.

Value is a a map of Managed Identity ID to dict of principal_id and client_id.

Example:

user_assigned_identities:
  "/subscriptions/[redacted]/resourcegroups/[redacted]/providers/Microsoft.ManagedIdentity/userAssignedIdentities/[redacted]":
      client_id: "[redacted]"
      principal_id: "[redacted]"
public_ip_sku:

Added in version 4.3.0.

SKU of a public IP address.

Defaults to Basic, possible options are Standard or Basic. Basic SKU will be deprecated soon. See more <https://azure.microsoft.com/en-us/updates?id=upgrade-to-standard-sku-public-ip-addresses-in-azure-by-30-september-2025-basic-sku-will-be-retired>.

public_ip_allocation_method:

Added in version 4.3.0.

Defaults to Dynamic, possible options are Static and Dynamic.

If public_ip_sku is Standard then this must be Static.

Example /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/azure.conf configuration:

my-azure-config with username and password:
  driver: azurerm
  subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
  username: larry
  password: 123pass

Or my-azure-config with service principal:
  driver: azurerm
  subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
  tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
  client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
  secret: XXXXXXXXXXXXXXXXXXXXXXXX
  cloud_environment: AZURE_US_GOV_CLOUD

azure-config-with-cleanup-options:
  drive: azurerm
  subscription_id: "[redacted]"
  cleanup_disks: True
  cleanup_vhds: True
  cleanup_osdisks: True
  cleanup_datadisks: True
  cleanup_interfaces: True
  cleanup_public_ips: True

The Service Principal can be created with the new Azure CLI with:

az ad sp create-for-rbac -n "http://<yourappname>" --role <role> --scopes <scope>

For example, this creates a service principal with ‘owner’ role for the whole subscription:

az ad sp create-for-rbac           -n "http://mysaltapp"           --role owner           --scopes /subscriptions/3287abc8-f98a-c678-3bde-326766fd3617

Note: review the details of Service Principals. Owner role is more than you normally need, and you can restrict scope to a resource group or individual resources.

Example /etc/salt/cloud.profiles or /etc/salt/cloud.profiles.d/azure.conf configuration:

my-vm-profile:
  provider: my-azure-config
  image: "[redacted]"
  resource_group: super-duper
  location: brazilsouth
  size: Standard_A4_v2
  network: awesome
  subnet: opossum
  allocate_public_ip: True
  public_ip_sku: "Standard"
  public_ip_allocation_method: "Static"
  identity_type: "UserAssigned"
  user_assigned_identities:
    "/subscriptions/[redacted]/resourcegroups/[redacted]/providers/Microsoft.ManagedIdentity/userAssignedIdentities/[redacted]":
      client_id: "[redacted]"
      principal_id: "[redacted]"
  custom_data: '{ "some":"json" }'
  user_data: 'Or even just a text file'
  tags:
    awesome: opossum
saltext.azurerm.clouds.azurerm.__virtual__()[source]

Check for Azure configurations.

saltext.azurerm.clouds.azurerm.get_api_versions(call=None, kwargs=None)[source]

Get a resource type api versions

saltext.azurerm.clouds.azurerm.get_resource_by_id(resource_id, api_version, extract_value=None)[source]

Get an Azure Resource Manager resource by id

saltext.azurerm.clouds.azurerm.get_configured_provider()[source]

Return the first configured provider instance.

saltext.azurerm.clouds.azurerm.get_dependencies()[source]

Warn if dependencies aren’t met.

saltext.azurerm.clouds.azurerm.get_conn(client_type)[source]

Return a connection object for a client type.

saltext.azurerm.clouds.azurerm.get_conn_dict()[source]

Return a connection auth dictionary.

saltext.azurerm.clouds.azurerm.get_location(call=None, kwargs=None)[source]

Return the location that is configured for this provider

saltext.azurerm.clouds.azurerm.avail_locations(call=None)[source]

Return a dict of all available regions.

saltext.azurerm.clouds.azurerm.avail_images(call=None)[source]

Return a dict of all available images on the provider

saltext.azurerm.clouds.azurerm.avail_sizes(call=None)[source]

Return a list of sizes available from the provider

saltext.azurerm.clouds.azurerm.list_nodes(call=None)[source]

List VMs on this Azure account

saltext.azurerm.clouds.azurerm.get_node_full(name, resource_group_name, call=None)[source]

Get single VM on the subscription and resource group with full information

saltext.azurerm.clouds.azurerm.list_nodes_full(call=None)[source]

List all VMs on the subscription with full information

saltext.azurerm.clouds.azurerm.list_resource_groups(call=None)[source]

List resource groups associated with the subscription

saltext.azurerm.clouds.azurerm.show_instance(name, call=None)[source]

Show the details from Azure Resource Manager concerning an instance

saltext.azurerm.clouds.azurerm.show_instance_in_resource_group(name, resource_group_name, call=None)[source]

Show the details from Azure Resource Manager concerning an instance in specific resource group

saltext.azurerm.clouds.azurerm.delete_interface(call=None, kwargs=None)[source]

Delete a network interface.

saltext.azurerm.clouds.azurerm.create_network_interface(call=None, kwargs=None)[source]

Create a network interface.

saltext.azurerm.clouds.azurerm.request_instance(vm_, kwargs=None)[source]

Request a VM from Azure.

saltext.azurerm.clouds.azurerm.create(vm_)[source]

Create a single VM from a data dict.

saltext.azurerm.clouds.azurerm.destroy(name, call=None, kwargs=None)[source]

Destroy a VM.

CLI Examples:

salt-cloud -d myminion
salt-cloud -a destroy myminion service_name=myservice
saltext.azurerm.clouds.azurerm.list_storage_accounts(call=None)[source]

List storage accounts within the subscription.

saltext.azurerm.clouds.azurerm.list_blobs(call=None, kwargs=None)[source]

List blobs.

saltext.azurerm.clouds.azurerm.delete_blob(call=None, kwargs=None)[source]

Delete a blob from a container.

saltext.azurerm.clouds.azurerm.delete_managed_disk(call=None, kwargs=None)[source]

Delete a managed disk from a resource group.

saltext.azurerm.clouds.azurerm.list_virtual_networks(call=None)[source]

List virtual networks.

saltext.azurerm.clouds.azurerm.list_subnets(call=None, kwargs=None)[source]

List subnets in a virtual network.

saltext.azurerm.clouds.azurerm.create_or_update_vmextension(call=None, kwargs=None)[source]

Added in version 2019.2.0.

Create or update a VM extension object “inside” of a VM object.

required kwargs:
extension_name: myvmextension
virtual_machine_name: myvm
settings: {"commandToExecute": "hostname"}
optional kwargs:
resource_group: < inferred from cloud configs >
location: < inferred from cloud configs >
publisher: < default: Microsoft.Azure.Extensions >
virtual_machine_extension_type: < default: CustomScript >
type_handler_version: < default: 2.0 >
auto_upgrade_minor_version: < default: True >
protected_settings: < default: None >
saltext.azurerm.clouds.azurerm.stop(name, call=None)[source]

Added in version 2019.2.0.

Stop (deallocate) a VM

CLI Examples:

salt-cloud -a stop myminion
saltext.azurerm.clouds.azurerm.start(name, call=None)[source]

Added in version 2019.2.0.

Start a VM

CLI Examples:

salt-cloud -a start myminion