Azure Plugin
Get the latest docs
You are looking at documentation for an older release. Not what you want? Go to the current release documentation.
The Azure plugin enables you to use Cloudify to manage cloud resources on Azure. See below for currently supported resource types.
This documentation covers the superficial usage via node types. For more information on the Python code see the Python documentation. These can be generated using Sphinx.
Plugin Requirements
- Python Versions 2.7.x.
- Azure account
Compatibility
The Azure plugin is tested against these Azure API Versions:
RESOURCES = ‘2016-02-01’
STORAGE = ‘2015-06-15’
NETWORK = ‘2016-03-30’
COMPUTE = ‘2016-03-30’
Azure Plugin Configuration
The Azure plugin requires credentials and endpoint setup information in order to authenticate and interact with Azure.
Providing Credentials as Secrets
It is recommended that you store your credentials as secrets. You can do this using the CLI. Secrets can then be accessed inside your blueprints, as follows:
resource_group:
type: cloudify.azure.nodes.ResourceGroup
properties:
name: my_resource_group
location: { get_secret: location }
azure_config:
subscription_id: { get_secret: subscription_id }
tenant_id: { get_secret: tenant_id }
client_id: { get_secret: client_id }
client_secret: { get_secret: client_secret }
Providing Credentials as Environment Variables that are not Stored as Secrets
If you do not use secret storage, you must provide the following credentials as environment variables:
azure_config:
subscription_id: { subscription_id }
tenant_id: { tenant_id }
client_id: { client_id }
client_secret: { client_secret }
Types
The following are node type definitions. Nodes describe resources in your cloud infrastructure. For more information, see node types.
Common Properties
All cloud resource nodes have common properties:
namelocationtagsretry_afterBecause Azure’s API is asynchronous, the value indicates the interval between retries.
Properties
Each time that you manage a resource with Cloudify, one or more clients are created by Cloudify through the Azure API. You specify the configuration for these clients using the azure_config property. It should be a dictionary, with the following values:
Your Azure API access credentials
subscription_idtenant_idclient_idclient_secret
See the cloudify.datatypes.azure.Config data type definition in the plugin’s plugin.yaml.
cloudify.azure.nodes.ResourceGroup
Derived From: cloudify.nodes.Root
Properties:
See the Common Properties section.
Example
This example shows adding resource parameters, and explicitly defining the azure_config.
resourcegroup:
type: cloudify.azure.nodes.ResourceGroup
properties:
name: {concat:[ { get_input: resource_prefix }, rg ] }
location: { get_input: location }
azure_config:
subscription_id: { get_input: subscription_id }
tenant_id: { get_input: tenant_id }
client_id: { get_input: client_id }
client_secret: { get_input: client_secret }
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates a resource group.cloudify.interfaces.lifecycle.deleteDeletes a resource group.
cloudify.azure.nodes.storage.StorageAccount
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.resource_configS dictionary with the following key:accountTypeA storage account type.
See the Common Properties section.
Example
This example shows adding storage parameters, and explicitly defining the azure_config.
storageaccount:
type: cloudify.azure.nodes.storage.StorageAccount
properties:
name: mysa01
location: { get_input: location }
retry_after: { get_input: retry_after }
resource_config:
accountType: Standard_LRS
azure_config: *azure_config
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates a storage account.cloudify.interfaces.lifecycle.deleteDeletes a storage account.
cloudify.azure.nodes.network.VirtualNetwork
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.resource_configA dictionary with the following keys:addressSpace:addressPrefixesA list of address prefixes.
dhcpOptionsA list of DHCP options.subnetsA list of subnets.
See the Common Properties section.
Example
This example shows adding virtual network parameters, and explicitly defining the azure_config.
virtual_network:
type: cloudify.azure.nodes.network.VirtualNetwork
properties:
name: myvnet01
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates a network.cloudify.interfaces.lifecycle.deleteDeletes a network.
cloudify.azure.nodes.network.Subnet
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.virtual_network_nameThe name of the network in which the subnet is to be created.resource_configA dictionary with the following keys:addressPrefixThe address prefix to use.networkSecurityGroupThe name of a security group to attach, if one exists.routeTableThe name of a route table to use, if one exists.
See the Common Properties section.
Example
This example shows adding subnet parameters, and explicitly defining the azure_config.
subnet:
type: cloudify.azure.nodes.network.Subnet
properties:
name: mysubnet
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
resource_config:
addressPrefix: { get_input: subnet_private_cidr }
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates a subnet.cloudify.interfaces.lifecycle.deleteDeletes a subnet.
cloudify.azure.nodes.network.NetworkSecurityGroup
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.resource_configA dictionary with the following key:securityRulesAn optional list of rules.
See the Common Properties section.
Example
This example shows adding security group parameters, and explicitly defining the azure_config.
networksecuritygroup:
type: cloudify.azure.nodes.network.NetworkSecurityGroup
properties:
name: mynsg
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
resource_config:
securityRules:
- name: nsr_ssh
properties:
description: SSH access
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: 22
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
priority: 100
access: Allow
direction: Inbound
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates a network security group.cloudify.interfaces.lifecycle.deleteDeletes a network security group.
cloudify.azure.nodes.network.NetworkSecurityRule
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.network_security_group_nameThe name of the security group in which to create the resource.resource_configA dictionary with the following keys:descriptionA string to describe the rule.protocolEither TCP or UDP.sourcePortRangeAn integer between 1 and 65535.destinationPortRangeAn integer between 1 and 65535 that is greater thansourcePortRange.sourceAddressPrefixThe source address prefix of the network, subnet, or IP.destinationAddressPrefixThe destination address prefix of the network, subnet, or NIC.accessEitherAlloworDeny.priorityA unique number.directionEitherInboundorOutbound.
See the Common Properties section.
Example
This example shows adding security group rule parameters, and explicitly defining the azure_config.
network_security_rule:
type: cloudify.azure.nodes.network.NetworkSecurityRule
properties:
name: mocknsr
location: eastus
azure_config: *azure_config
network_security_group_name: mocknsg
resource_config:
description: RDP access
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: 3389
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
priority: 100
access: Allow
direction: Inbound
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates a network security group rule.cloudify.interfaces.lifecycle.deleteDeletes a network security group rule.
cloudify.azure.nodes.network.RouteTable
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.network_security_group_nameThe name of the security group in which to create the resource.resource_configA dictionary with the following key:routesAn optional list of routes.
See the Common Properties section.
Example
This example shows adding route table parameters, and explicitly defining the azure_config.
routetable:
type: cloudify.azure.nodes.network.RouteTable
properties:
name: myrt
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates a route table.cloudify.interfaces.lifecycle.deleteDeletes a route table.
cloudify.azure.nodes.network.Route
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.route_table_nameThe name of the route table tin which to create the rule.resource_configA dictionary with the following keys:addressPrefixThe destination CIDR to which to route the appnextHopTypeThe type of Azure hop to which the packet is to be be sent.nextHopIpAddressAn optional IP address to which packets are to be forwarded.
See the Common Properties section.
Example
This example shows adding route rule parameters, and explicitly defining the azure_config.
internetroute:
type: cloudify.azure.nodes.network.Route
properties:
name: myir
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
resource_config:
addressPrefix: 0.0.0.0/0
nextHopType: Internet
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates the route rule.cloudify.interfaces.lifecycle.deleteDeletes the route rule.
cloudify.azure.nodes.network.IPConfiguration
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.resource_configA dictionary with the following key:privateIPAddressStatic, private IP addressprivateIPAllocationMethodDefines how a private IP address is assigned. Options areStaticorDynamic.
See the Common Properties section.
Example
This example shows adding route IP configuration parameters, and explicitly defining the azure_config.
ubuntuipconfig:
type: cloudify.azure.nodes.network.IPConfiguration
properties:
name: myuic
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
resource_config:
privateIPAllocationMethod: Dynamic
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates the route IP configuration.cloudify.interfaces.lifecycle.deleteDeletes the route IP configuration.
cloudify.azure.nodes.network.PublicIPAddress
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.resource_configA dictionary with the following keys:publicIPAllocationMethodStaticorDynamic.idleTimeoutInMinutesThe timeout (in minutes) for the TCP idle connection.domainNameLabelThe concatenation of the domain name label and the regionalized DNS zone, resulting in the fully qualified domain name associated with the public IP address.reverseFqdnA fully qualified domain name that resolves to this public IP address.
See the Common Properties section.
Example
This example shows adding public IP address parameters, and explicitly defining the azure_config.
ubuntuipconfig:
type: cloudify.azure.nodes.network.IPConfiguration
properties:
name: myuic
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
resource_config:
privateIPAllocationMethod: Dynamic
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates the public IP address.cloudify.interfaces.lifecycle.deleteDeletes the public IP address.
cloudify.azure.nodes.compute.AvailabilitySet
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.resource_configA dictionarey with the following keys:platformUpdateDomainCountSpecifies the number of update domains that are used.platformFaultDomainCountSpecifies the number of fault domains that are used.
See the Common Properties section.
Example
This example shows adding availability set parameters, and explicitly defining the azure_config.
availabilityset:
type: cloudify.azure.nodes.compute.AvailabilitySet
properties:
name: myac
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates the availability set.cloudify.interfaces.lifecycle.deleteDeletes the availability set.
cloudify.azure.nodes.compute.VirtualMachine
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.use_public_ipTriggers the deployment to use the public IP (if available) of the resource for Cloudify Agent connections.resource_configSee: https://msdn.microsoft.com/en-us/library/azure/mt163591.aspx.hardwareProfilestorageProfileosProfile
ipProperty specifying the IP address of the resource to use for the agent installer.os_familyProperty specifying the type of operating system family.
See the Common Properties section.
Example
This example shows adding VM parameters, and explicitly defining the azure_config.
host:
type: cloudify.azure.nodes.compute.VirtualMachine
properties:
name: myhost
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
os_family: { get_input: os_family_linux }
use_public_ip: false
resource_config:
hardwareProfile:
vmSize: { get_input: standard_a2_size }
storageProfile:
imageReference:
publisher: { get_input: image_publisher_centos_final }
offer: { get_input: image_offer_centos_final }
sku: { get_input: image_sku_centos_final }
version: { get_input: image_version_centos_final }
osProfile:
computerName: { get_property: [SELF, name] }
adminUsername: { get_input: username_centos_final }
adminPassword: { get_input: password }
linuxConfiguration:
ssh:
publicKeys:
- path: { get_input: authorized_keys_centos }
keyData: { get_input: keydata }
disablePasswordAuthentication: { get_input: public_key_auth_only }
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates the VM.cloudify.interfaces.lifecycle.configureConfigures the VM.commands_to_executeInput. The command that theCustomScriptExtensionextension executes.file_urisThe SAS URL from which to download the script.
cloudify.interfaces.lifecycle.deleteDeletes the VM.
cloudify.azure.nodes.compute.VirtualMachineExtension
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.virtual_machine_nameThe VM to use.resource_config:publisherExtensions publisher.ext_typeType.typeHandlerVersionType handler version.settingsAccepts the file_uri and commands to execute objects. See the Common Properties section.
Example
This example shows adding VM extension parameters, and explicitly defining the azure_config.
webserver:
type: cloudify.azure.nodes.compute.VirtualMachineExtension
properties:
name: vm1_webserver
location: { get_input: location }
retry_after: { get_input: retry_after }
resource_config:
publisher: Microsoft.Powershell
ext_type: DSC
typeHandlerVersion: '2.8'
settings:
ModulesUrl: https://www.example.com/modules.zip
ConfigurationFunction: windows-iis-webapp.ps1\CloudifyExample
Properties:
MachineName: { get_property: [vm1, name] }
WebServerPort: { get_input: webserver_port }
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates the VM extension.cloudify.interfaces.lifecycle.deleteDeletes the VM extension.
cloudify.azure.nodes.network.LoadBalancer
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.resource_config:frontendIPConfigurationsA Load balancer that can include one or more front-end IP addresses, (virtual IPs).backendAddressPoolsThe IP addresses associated with the virtual machine NIC.loadBalancingRulesA rule property that maps a specific front-end IP and port combination to a set of back-end IP addresses and port combination.inboundNatRulesNAT rules that define the inbound traffic flowing through the front-end IP and distributed to the back end IP.
See the Common Properties section.
Example
This example shows adding load balancer parameters, and explicitly defining the azure_config.
loadbalancer:
type: cloudify.azure.nodes.network.LoadBalancer
properties:
name: mylb
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
relationships:
- type: cloudify.azure.relationships.contained_in_resource_group
target: resourcegroup
- type: cloudify.azure.relationships.connected_to_ip_configuration
target: loadbalanceripcfg
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates a load balancer.cloudify.interfaces.lifecycle.deleteDeletes a load balancer.
cloudify.azure.nodes.network.LoadBalancer.BackendAddressPool
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resourceload_balancer_nameThe name of the load balancer within which to create the pool.
See the Common Properties section.
Example
This example shows adding load balancer pool parameters, and explicitly defining the azure_config.
loadbalancerbackendpool:
type: cloudify.azure.nodes.network.LoadBalancer.BackendAddressPool
properties:
name: mylb
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
relationships:
- type: cloudify.azure.relationships.contained_in_load_balancer
target: loadbalancer
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates a load balancer pool.cloudify.interfaces.lifecycle.deleteDeletes a load balancer pool.
cloudify.azure.nodes.network.LoadBalancer.Probe
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.load_balancer_nameThe name of the load balancer within which to create the pool.resource_configprotocolIP Protocol.portPort.requestPathRequest URI.intervalInSecondsInterval between probes.numberofProbesNumber of probes.
See the Common Properties section.
Example
This example shows adding load balancer probe parameters, and explicitly defining the azure_config.
loadbalancerprobe:
type: cloudify.azure.nodes.network.LoadBalancer.Probe
properties:
name: lbprobe
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
resource_config:
protocol: Http
port: { get_input: webserver_port }
requestPath: index.html
relationships:
- type: cloudify.azure.relationships.contained_in_load_balancer
target: loadbalancer
- type: cloudify.relationships.depends_on
target: loadbalancerbackendpool
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates a load balancer probe.cloudify.interfaces.lifecycle.deleteDeletes a load balancer probe.
cloudify.azure.nodes.network.LoadBalancer.IncomingNATRule
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.load_balancer_nameThe name of the load balancer within which to create the pool.resource_configprotocolIP protocol.frontendPortInbound port.backendPortOutbound port.
See the Common Properties section.
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates a NAT Rule.cloudify.interfaces.lifecycle.deleteDeletes a NAT Rule.
cloudify.azure.nodes.network.LoadBalancer.Rule
Derived From: cloudify.nodes.Root
Properties:
resource_group_nameThe name of the resource group in which to create the resource.load_balancer_nameThe name of the load balancer within which to create the pool.resource_configprotocolIP port.frontendPortInbound port.backendPortOutbound port.enableFloatingIPEnables a floating IP address.idleTimeoutInMinutesHow long to wait before a timeout.loadDistributionThe size of the load to distribute.
See the Common Properties section.
Example
This example shows adding load balancer rule parameters, and explicitly defining the azure_config.
loadbalancerrule:
type: cloudify.azure.nodes.network.LoadBalancer.Rule
properties:
name: mylbrule
location: { get_input: location }
retry_after: { get_input: retry_after }
azure_config: *azure_config
resource_config:
protocol: Tcp
backendPort: { get_input: webserver_port }
frontendPort: { get_input: loadbalancer_port }
relationships:
- type: cloudify.azure.relationships.contained_in_load_balancer
target: loadbalancer
- type: cloudify.azure.relationships.connected_to_ip_configuration
target: loadbalanceripcfg
- type: cloudify.azure.relationships.connected_to_lb_be_pool
target: loadbalancerbackendpool
- type: cloudify.azure.relationships.connected_to_lb_probe
target: loadbalancerprobe
Mapped Operations:
cloudify.interfaces.lifecycle.createCreates a load balancer rule.cloudify.interfaces.lifecycle.deleteDeletes a load balancer rule.
Relationships
See relationships.
The following plugin relationship operations are defined in the Azure plugin:
cloudify.azure.relationships.contained_in_resource_groupSets a dependency between the resource and the resource group in which it is contained.cloudify.azure.relationships.contained_in_virtual_networkSets a dependency between the resource and the virtual network in which it is contained.cloudify.azure.relationships.contained_in_network_security_groupSets a dependency between the resource and the network security group in which it is contained.cloudify.azure.relationships.contained_in_route_tableSets a dependency between the resource and the route table in which it is contained.cloudify.azure.relationships.contained_in_load_balancerSets a dependency between the resource and the load balancer.cloudify.azure.relationships.network_security_group_attached_to_subnetAttaches a network security group to a subnet.cloudify.azure.relationships.route_table_attached_to_subnetAttaches a network route table to a subnet.cloudify.azure.relationships.nic_connected_to_network_security_groupAttaches a NIC to a network security group.cloudify.azure.relationships.ip_configuration_connected_to_subnetSets a dependency between an IP configuration and a subnet.cloudify.azure.relationships.ip_configuration_connected_to_public_ipSets a dependency between an IP configuration and a public IP.cloudify.azure.relationships.connected_to_storage_accountSets a dependency between the resource and a storage account.cloudify.azure.relationships.connected_to_availability_setSets a dependency between the resource and an availability set.cloudify.azure.relationships.connected_to_ip_configurationSets a dependency between the resource and an IP configuration.cloudify.azure.relationships.connected_to_nicSets a dependency between the resource and a NIC.cloudify.azure.relationships.connected_to_lb_be_poolSets a dependency between the resource and a load balancer pool.cloudify.azure.relationships.connected_to_lb_probeSets a dependency between the resource and a load balancer probe.cloudify.azure.relationships.vmx_contained_in_vmSets a dependency between a VM extension and a VM.cloudify.azure.relationships.nic_connected_to_lb_be_poolSets a dependency between a NIC and a load balancer pool.
Types Common Behaviors
Using Existing Resources
You can use existing resources on Azure, regardless of whether they have been created by a different Cloudify deployment or outside of Cloudify.
All Cloudify Azure types have a property named use_external_resource, for which the default value is false. When set to true, the plugin applies different semantics for each of the operations executed on the relevant node’s instances:
If use_external_resource is set to true in the blueprint, the name must be that resource’s name in Azure.
This behavior is common to all resource types:
createIfuse_external_resourceistrue,the plugin checks if the resource is available in your account.deleteIfuse_external_resourceistrue, the plugin checks if the resource is available in your account.