kitchen-azurerm
kitchen-azurerm is a driver for the popular test harness Test Kitchen that allows Microsoft Azure resources to be provisioned before testing. This driver uses the new Microsoft Azure Resource Management REST API via the azure-sdk-for-ruby.
This version has been tested on Windows, macOS, and Ubuntu. If you encounter a problem on your platform, please raise an issue.
Quick-start
Installation
This plugin ships in Chef Workstation out of the box so there is no need to install it when using Chef Workstation[https://downloads.chef.io/products/workstation].
If you're not using Chef Workstation and need to install the plugin as a gem run:
$ gem install kitchen-azurerm
Configuration
For the driver to interact with the Microsoft Azure Resource management REST API, a Service Principal needs to be configured with Contributor rights against the specific subscription being targeted. Using an Organizational (AAD) account and related password is no longer supported. To create a Service Principal and apply the correct permissions, you will need to create an Azure service principal with the Azure CLI using the Azure CLI. Make sure you stay within the section titled 'Authenticate service principal with password - Azure CLI'.
If the above is TLDR then try this after az login
using your target subscription ID and the desired SP name:
# Create a Service Principal using the desired subscription id from the command above
az ad sp create-for-rbac --name="kitchen-azurerm" --role="Contributor" --scopes="/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
#Output
#
#{
# "appId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", <- Also known as the Client ID
# "displayName": "azure-cli-2018-12-12-14-15-39",
# "name": "http://azure-cli-2018-12-12-14-15-39",
# "password": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
# "tenant": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
#}
NOTE: Don't forget to save the values from the output -- most importantly the password
.
You will also need to ensure you have an active Azure subscription (you can get started for free or use your MSDN Subscription).
You are now ready to configure kitchen-azurerm to use the credentials from the service principal you created above. You will use four elements from the steps in that article:
- Subscription ID: available from the Azure portal
- Client ID: this will be the Application Id from the application in step 2.
- Client Secret/Password: this will be the password you supplied in the command in step 2.
- Tenant ID: use the command detailed in "Manually provide credentials through Azure CLI" step 1 to get the TenantId.
Using a text editor, open or create the file ~/.azure/credentials
and add the following section, noting there is one section per Subscription ID. Make sure you save the file with UTF-8 encoding
[ADD-YOUR-AZURE-SUBSCRIPTION-ID-HERE-IN-SQUARE-BRACKET]
client_id = "your-azure-client-id-here"
client_secret = "your-client-secret-here"
tenant_id = "your-azure-tenant-id-here"
If preferred, you may also set the following environment variables, however this would be incompatible with supporting multiple Azure subscriptions.
AZURE_CLIENT_ID="your-azure-client-id-here"
AZURE_CLIENT_SECRET="your-client-secret-here"
AZURE_TENANT_ID="your-azure-tenant-id-here"
Note that the environment variables, if set, take preference over the values in a configuration file.
After adjusting your ~/.azure/credentials
file you will need to adjust your kitchen.yml
file to leverage the azurerm driver. Use the following examples to achieve this, then check your configuration with standard kitchen commands. For example,
% kitchen list
Instance Driver Provisioner Verifier Transport Last Action Last Error
wsus-windows-2019 Azurerm ChefZero Inspec Winrm <Not Created> <None>
wsus-windows-2016 Azurerm ChefZero Inspec Winrm <Not Created> <None>
Driver Properties
The following properties are able to be specified in the driver
section of the Test Kitchen configuration:
subscription_id (required)
- string : Reads string from
ENV["AZURE_SUBSCRIPTION_ID"]
or must be specified if not present inENV
.- Default Value:
ENV["AZURE_SUBSCRIPTION_ID"]
- Default Value:
azure_environment
- string : Name of Azure environment to use.
machine_size (required)
- string : Machine size to use for instances created.
location (required)
- string : Azure location to use, example
"Central US"
azure_resource_group_prefix
- string : Prefix to use for the resource group configuration which will be created.
- Default Value:
"kitchen-"
- Default Value:
azure_resource_group_suffix
- string : Optional suffix to append to resource group name.
- Default Value:
""
- Default Value:
azure_resource_group_name
- string : Optional override for base name of the Azure Resource group which is created, uses prefix and suffix.
- Default Value:
""
- Default Value:
explicit_resource_group_name
- string : Optional explicit resource group name, does not use
azure_resource_group_prefix
/azure_resource_group_suffix
- Default Value:
""
- Default Value:
destroy_explicit_resource_group
- boolean : Used for cleanup with
explicit_resource_group_name
- Default Value:
true
- Default Value:
destroy_explicit_resource_group_tags
- boolean : Used for cleanup with
explicit_resource_group_name
- Default Value:
true
- Default Value:
destroy_resource_group_contents
- boolean : Can be used when you want to destroy the resources within a resource group without destroying the resource group itself. For example, the following configuration options used in combination would use an existing resource group (or create one if it doesn't exist) and will destroy the contents of the resource group in the
kitchen destroy
phase. If you wish to destroy the empty resource group created after you empty the resource group with this flag you can now set thedestroy_explicit_resource_group
to "true" to destroy the empty resource group.- Default Value:
false
- Default Value:
resource_group_tags
- hash : Optional hash of tags to pass to resource group
driver:
name: azurerm
resource_group_tags:
tag1: tag1value
image_urn
- string : Image URN to use for vm creation. List can be found using
az
cli - [https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage#list-popular-images]- Default Value:
"Canonical:UbuntuServer:14.04.3-LTS:latest"
- Default Value:
image_url
- string : (unmanaged disks only) can be used to specify a custom vhd
- This VHD must be in the same storage account as the disks of the VM, therefore
existing_storage_account_blob_url
must also be set anduse_managed_disks
must be set to false.
- This VHD must be in the same storage account as the disks of the VM, therefore
image_id
- string : (managed disks only) can be used to specify an image by id (managed disk). This works only with managed disks.
use_ephemeral_osdisk
- boolean : Optional flag to use ephermeal disk for instances.
- Default Value:
false
- Default Value:
os_disk_size_gb
- string : Optional override of os disk size for instances.
os_type
- string : Should be specified when os type is not
linux
- Default Value:
"linux"
- Default Value:
custom_data
- string : Optional custom data which may be specified for instances [https://docs.microsoft.com/en-us/azure/virtual-machines/custom-data].
- Value can be a file or the data itself, this module handles base64 encoding for you.
username
- string : Username to use for connecting to instances.
- Default Value:
"azure"
- Default Value:
password
- string : Optional password to use for connecting to instances.
- Default Value:
SecureRandom.base64(25)
(Randomly generated 24 digit password)
- Default Value:
vm_name
- string : Optional name for vm instances to create.
- Default Value:
"tk-#{SecureRandom.hex(6)[0..11]}"
(Randomly generated 12 character name prefixed withtk-
)
- Default Value:
nic_name
- string : Optional name to provide for nic, if not specified then nic name will be
"nic-#{config[:vm_name]}"
.
vnet_id
- string : Optional
vnet
to provide. If novnet
is chosen then public IP will be assigned using default values.
subnet_id
- string : Optional subnet to provide, should be used with
vnet_id
.
public_ip
- boolean : Option to specify if a public IP should be assigned. In default configuration if all other options are left at default then a public IP will be assigned, due to
vnet_id
having no value.- Default Value:
false
- Default Value:
public_ip_sku
- string : Optional string to change the SKU of allocated public IP address. Defaults to
Basic
.- Default Value:
"Basic"
- Default Value:
storage_account_type
- string : Optional storage account type.
- Default Value:
"Standard_LRS"
- Default Value:
existing_storage_account_blob_url
- string : Used with private image specification, the URL of the existing storage account (blob) (without container)
existing_storage_account_container
- string : Used with private image specification, the Container Name for OS Images (blob)
boot_diagnostics_enabled
- boolean : Whether to enable (true) or disable (false) boot diagnostics. Default: true (requires Standard storage).
- Default Value:
true
- Default Value:
winrm_powershell_script
string : By default on Windows machines, a PowerShell script runs that enables WinRM over the SSL transport, for Basic, Negotiate and CredSSP connections. To supply your own PowerShell script (e.g. to enable HTTP), use the
winrm_powershell_script
parameter. Windows 2008 R2 example:platforms: - name: windows2008-r2 driver_config: image_urn: MicrosoftWindowsServer:WindowsServer:2008-R2-SP1:latest winrm_powershell_script: |- winrm quickconfig -q winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="512"}' winrm set winrm/config '@{MaxTimeoutms="1800000"}' winrm set winrm/config/service '@{AllowUnencrypted="true"}' winrm set winrm/config/service/auth '@{Basic="true"}'
pre_deployment_template
- string : Optional path to name of pre-deployment template to use.
pre_deployment_parameters
- hash : Optional parameters to pass to pre-deployment template.
post_deployment_template
- string : Optional path to name of post-deployment template to use.
post_deployment_parameters
- hash : Optional parameters to pass to post-deployment template.
plan
- hash : Optional JSON object which allows you to define plan information when creating VMs from Marketplace images. Please refer to Deploy an image with Marketplace terms for more details. Not all Marketplace images support programmatic deployment, and support is controlled by the image publisher.
vm_tags
- hash : Optional hash of vm tags to populate.
use_managed_disks
- boolean : Must be set to
true
to usedata_disks
property.- Default Value:
true
- Default Value:
data_disks
array : Additional disks to configure for instances.
platforms: - name: windows2016-noformat driver: image_urn: MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest data_disks: - lun: 0 disk_size_gb: 128 - lun: 1 disk_size_gb: 128 - lun: 2 disk_size_gb: 128
format_data_disks
- boolean : Run format operations on attached data disks
- Default Value:
false
- Default Value:
format_data_disks_powershell_script
- boolean : Customize the content of format operations for attached
data_disks
- Default Value:
false
- Default Value:
system_assigned_identity
- boolean : Whether to enable system assigned identity for the vm.
- Default Value:
false
- Default Value:
user_assigned_identities
- hash : An object whose keys are resource IDs for user identities to associate with the Virtual Machine and whose values are empty objects, or empty to disable user assigned identities.
deployment_sleep
- string : Time in seconds to sleep at the end of deployment before fetching details.
- Default Value:
10
- Default Value:
secret_url
- string : used with connecting to Azure Key Vault
vault_name
- string : used with connecting to Azure Key Vault
vault_resource_group
- string : used with connecting to Azure Key Vault
azure_api_retries
- string : Number of times to retry connections to Azure API.
- Default Value:
5
- Default Value:
use_fqdn_hostname
- boolean : When true, Kitchen will use the FQDN that is assigned to the Virtual Machine. When false, kitchen will use the public IP address of the machine. This may overcome issues with Corporate firewalls or VPNs blocking Public IP addresses.
- Default Value:
false
- Default Value:
kitchen.yml example 1 - Linux/Ubuntu
Here's an example kitchen.yml
file that provisions an Ubuntu Server, using Chef Zero as the provisioner and SSH as the transport. Note that if the key does not exist at the specified location, it will be created. Also note that if ssh_key
is supplied, Test Kitchen will use this in preference to any default/configured passwords that are supplied.
---
driver:
name: azurerm
subscription_id: 'your-azure-subscription-id-here'
location: 'West Europe'
machine_size: 'Standard_D1'
transport:
ssh_key: ~/.ssh/id_kitchen-azurerm
provisioner:
name: chef_zero
platforms:
- name: ubuntu-14.04
driver:
image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest
vm_name: trusty-vm
suites:
- name: default
attributes:
Concurrent execution
Concurrent execution of create/converge/destroy is supported via the --concurrency parameter. Each machine is created in its own Azure Resource Group so it has no shared lifecycle with the other machines in the test run. To take advantage of parallel execution use the following command:
kitchen test --concurrency <n>
Where n is the number of threads to create. Note that any failure (e.g. an AzureOperationError) will cause the whole test to fail, though resources already in creation will continue to be created.
kitchen.yml example 2 - Windows
Here's a further example kitchen.yml
file that will provision a Windows Server 2019 [smalldisk] instance, using WinRM as the transport. An ephemeral os disk is used. The resource created in Azure will enable itself for remote access at deployment time (it does this by customizing the machine at provisioning time) and tags the Azure Resource Group with metadata using the resource_group_tags
property. Notice that the vm_tags
and resource_group_tags
properties use a simple key : value
structure per line:
---
driver:
name: azurerm
subscription_id: 'your-subscription-id-here'
location: 'West Europe'
machine_size: 'Standard_DS2_v2'
provisioner:
name: chef_zero
platforms:
- name: windows2019
driver:
image_urn: MicrosoftWindowsServer:WindowsServer:2019-Datacenter-smalldisk:latest
use_ephemeral_osdisk: true
resource_group_tags:
project: 'My Cool Project'
contact: '[email protected]'
vm_tags:
my_tag: its value
another_tag: its awesome value
transport:
name: winrm
suites:
- name: default
attributes:
kitchen.yml example 3 - "pre-deployment" ARM template
The following example introduces the pre_deployment_template
and pre_deployment_parameters
properties in the configuration file.
You can use this capability to execute an ARM template containing Azure resources to provision before the system under test is created.
In the example the ARM template in the file predeploy.json
would be executed with the parameters that are specified under pre_deployment_parameters
.
These resources will be created in the same Azure Resource Group as the VM under test, and therefore will be destroyed when you type kitchen destroy
.
---
driver:
name: azurerm
subscription_id: 'your-azure-subscription-id-here'
location: 'West Europe'
machine_size: 'Standard_D1'
pre_deployment_template: predeploy.json
pre_deployment_parameters:
test_parameter: 'This is a test.'
transport:
ssh_key: ~/.ssh/id_kitchen-azurerm
provisioner:
name: chef_zero
platforms:
- name: ubuntu-1404
driver:
image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest
suites:
- name: default
run_list:
- recipe[kitchen-azurerm-demo::default]
attributes:
Example predeploy.json:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"test_parameter": {
"type": "string",
"defaultValue": ""
}
},
"variables": {
},
"resources": [
{
"name": "uniqueinstancenamehere01",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01-preview",
"properties": {
"version": "12.0",
"administratorLogin": "azure",
"administratorLoginPassword": "P2ssw0rd"
}
}
],
"outputs": {
"parameter testing": {
"type": "string",
"value": "[parameters('test_parameter')]"
}
}
}
kitchen.yml example 4 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios)
The following example introduces the vnet_id
and subnet_id
properties under "driver" in the configuration file. This can be applied at the top level, or per platform.
You can use this capability to create the VM on an existing virtual network and subnet created in a different resource group.
In this case, the public IP address is not used unless public_ip
is set to true
---
driver:
name: azurerm
subscription_id: 'your-azure-subscription-id-here'
location: 'West Europe'
machine_size: 'Standard_D1'
transport:
ssh_key: ~/.ssh/id_kitchen-azurerm
provisioner:
name: chef_zero
platforms:
- name: ubuntu-1404
driver:
image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest
vnet_id: /subscriptions/b6e7eee9-YOUR-GUID-HERE-03ab624df016/resourceGroups/pendrica-infrastructure/providers/Microsoft.Network/virtualNetworks/pendrica-arm-vnet
subnet_id: subnet-10.1.0
suites:
- name: default
attributes:
kitchen.yml example 5 - deploy VM to existing virtual network/subnet with a Standard SKU public IP (use for ExpressRoute/VPN scenarios)
The following example introduces the vnet_id
and subnet_id
properties under "driver" in the configuration file. This can be applied at the top level, or per platform.
You can use this capability to create the VM on an existing virtual network and subnet created in a different resource group.
This enables scenarios that require a Standard SKU public IP resource, for example when a NAT gateway is present on the target subnet.
---
driver:
name: azurerm
subscription_id: 'your-azure-subscription-id-here'
location: 'West Europe'
machine_size: 'Standard_D1'
transport:
ssh_key: ~/.ssh/id_kitchen-azurerm
provisioner:
name: chef_zero
platforms:
- name: ubuntu-1404
driver:
image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest
vnet_id: /subscriptions/b6e7eee9-YOUR-GUID-HERE-03ab624df016/resourceGroups/pendrica-infrastructure/providers/Microsoft.Network/virtualNetworks/pendrica-arm-vnet
subnet_id: subnet-10.1.0
public_ip: true
public_ip_sku: Standard
suites:
- name: default
attributes:
kitchen.yml example 6 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios) with Private Managed Image
This example is the same as above, but uses a private managed image to provision the vm.
Note: The image must be available first. On deletion the disk and everything is removed.
---
driver:
name: azurerm
subscription_id: 'your-azure-subscription-id-here'
location: 'West Europe'
machine_size: 'Standard_D1'
transport:
ssh_key: ~/.ssh/id_kitchen-azurerm
provisioner:
name: chef_zero
platforms:
- name: ubuntu-1404
driver:
image_id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/RESGROUP/providers/Microsoft.Compute/images/IMAGENAME
vnet_id: /subscriptions/b6e7eee9-YOUR-GUID-HERE-03ab624df016/resourceGroups/pendrica-infrastructure/providers/Microsoft.Network/virtualNetworks/pendrica-arm-vnet
subnet_id: subnet-10.1.0
use_managed_disk: true
suites:
- name: default
attributes:
kitchen.yml example 7 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios) with Private Classic OS Image
This example a classic Custom VM Image (aka a VHD file) is used. As the Image VHD must be in the same storage account then the disk of the instance, the os disk is created in an existing image account.
Note: When the resource group ís deleted, the os disk is left in the existing storage account blob. You must clean up manually.
This example will:
- use the customized image https://yourstorageaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/Cent7_P4-osDisk.170dd1b7-7dc3-4496-b248-f47c49f63965.vhd (can be built with packer)
- set the disk url of the vm to https://yourstorageaccount.blob.core.windows.net/vhds/osdisk-kitchen-XXXXX.vhd
- set the os type to linux
---
driver:
name: azurerm
subscription_id: 'your-azure-subscription-id-here'
location: 'West Europe'
machine_size: 'Standard_D1'
transport:
ssh_key: ~/.ssh/id_kitchen-azurerm
provisioner:
name: chef_zero
platforms:
- name: ubuntu-1404
driver:
image_url: https://yourstorageaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/Cent7_P4-osDisk.170dd1b7-7dc3-4496-b248-f47c49f63965.vhd
existing_storage_account_blob_url: https://yourstorageaccount.blob.core.windows.net
os_type: linux
use_managed_disk: false
vnet_id: /subscriptions/b6e7eee9-YOUR-GUID-HERE-03ab624df016/resourceGroups/pendrica-infrastructure/providers/Microsoft.Network/virtualNetworks/pendrica-arm-vnet
subnet_id: subnet-10.1.0
suites:
- name: default
attributes:
kitchen.yml example 8 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios) with Private Classic OS Image and providing custom data and extra large os disk
This is the same as above, but uses custom data to customize the instance.
Note: Custom data can be custom data or a file to custom data. Please also note that if you use winrm communication to non-nano windows servers custom data is not supported, as winrm is enabled via custom data.
---
driver:
name: azurerm
subscription_id: 'your-azure-subscription-id-here'
location: 'West Europe'
machine_size: 'Standard_D1'
transport:
ssh_key: ~/.ssh/id_kitchen-azurerm
provisioner:
name: chef_zero
platforms:
- name: ubuntu-1404
driver:
image_url: https://yourstorageaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/Cent7_P4-osDisk.170dd1b7-7dc3-4496-b248-f47c49f63965.vhd
existing_storage_account_blob_url: https://yourstorageaccount.blob.core.windows.net
os_type: linux
use_managed_disk: false
vnet_id: /subscriptions/b6e7eee9-YOUR-GUID-HERE-03ab624df016/resourceGroups/pendrica-infrastructure/providers/Microsoft.Network/virtualNetworks/pendrica-arm-vnet
subnet_id: subnet-10.1.0
os_disk_size_gb: 100
#custom_data: /tmp/customdata.txt
custom_data: |
#cloud-config
fqdn: myhostname
preserve_hostname: false
runcmd:
- yum install -y telnet
suites:
- name: default
attributes:
kitchen.yml example 9 - Windows 2016 VM with additional data disks
This example demonstrates how to add 3 additional Managed data disks to a Windows Server 2016 VM. Not supported with legacy (pre-managed disk) storage accounts.
Note the availability of a format_data_disks
option (default: false
). When set to true, a PowerShell script will execute at first boot to initialize and format the disks with an NTFS filesystem. This option does not affect Linux machines.
---
driver:
name: azurerm
subscription_id: 'your-azure-subscription-id-here'
location: 'West Europe'
machine_size: 'Standard_F2s'
provisioner:
name: chef_zero
platforms:
- name: windows2016-noformat
driver:
image_urn: MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest
data_disks:
- lun: 0
disk_size_gb: 128
- lun: 1
disk_size_gb: 128
- lun: 2
disk_size_gb: 128
# format_data_disks: false
suites:
- name: default
attributes:
kitchen.yml example 10 - "post-deployment" ARM template with MSI authentication
The following example introduces the post_deployment_template
and post_deployment_parameters
properties in the configuration file.
You can use this capability to execute an ARM template containing Azure resources to provision after the system under test is created.
In the example the ARM template in the file postdeploy.json
would be executed with the parameters that are specified under post_deployment_parameters
.
These resources will be created in the same Azure Resource Group as the VM under test, and therefore will be destroyed when you type kitchen destroy
.
---
driver:
name: azurerm
subscription_id: 'your-azure-subscription-id-here'
location: 'West Europe'
machine_size: 'Standard_D1'
post_deployment_template: postdeploy.json
post_deployment_parameters:
test_parameter: 'This is a test.'
transport:
ssh_key: ~/.ssh/id_kitchen-azurerm
provisioner:
name: chef_zero
platforms:
- name: ubuntu-1404
driver:
image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest
suites:
- name: default
attributes:
Example postdeploy.json to enable MSI extention on VM:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "String"
},
"location": {
"type": "String"
},
"msiExtensionName": {
"type": "String"
}
},
"resources": [
{
"type": "Microsoft.Compute/virtualMachines",
"name": "[parameters('vmName')]",
"apiVersion": "2017-12-01",
"location": "[parameters('location')]",
"identity": {
"type": "systemAssigned"
}
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat( parameters('vmName'), '/' , parameters('msiExtensionName') )]",
"apiVersion": "2017-12-01",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.ManagedIdentity",
"type": "[parameters('msiExtensionName')]",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"port": 50342
}
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
]
}
]
}
kitchen.yml example 11 - Enabling Managed Service Identities
This example demonstrates how to enable a System Assigned Identity and User Assigned Identities on a Kitchen VM. Any combination of System and User assigned identities may be enabled, and multiple User Assigned Identities can be supplied.
See the Managed identities for Azure resources documentation for more information on using Managed Service Identities.
---
driver:
name: azurerm
subscription_id: 'your-azure-subscription-id-here'
location: 'West Europe'
machine_size: 'Standard_D1'
transport:
ssh_key: ~/.ssh/id_kitchen-azurerm
provisioner:
name: chef_zero
platforms:
- name: ubuntu-1404
driver:
image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest
system_assigned_identity: true
user_assigned_identities:
- /subscriptions/4801fa9d-YOUR-GUID-HERE-b265ff49ce21/resourcegroups/test-kitchen-user/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-kitchen-user
suites:
- name: default
attributes:
kitchen.yml example 12 - deploy VM with key vault certificate
This following example introduces secret_url
, vault_name
, and vault_resource_group
properties under "driver" in the configuration file. You can use this capability to create a VM with a specified key vault certificate.
---
driver:
name: azurerm
subscription_id: 'your-azure-subscription-id-here'
location: 'CentralUS'
machine_size: 'Standard_D2s_v3'
secret_url: 'https://YOUR-SECRET-PATH'
vault_name: 'YOUR-VAULT-NAME'
vault_group_name: 'YOUR-VAULT-GROUP-NAME'
transport:
name: winrm
elevated: true
provisioner:
name: chef_zero
platforms:
- name: win2012R2-sql2016
driver:
image_urn: MicrosoftSQLServer:SQL2016SP2-WS2012R2:SQLDEV:latest
suites:
- name: default
attributes:
Support for Government and Sovereign Clouds (China and Germany)
Starting with v0.9.0 this driver has support for Azure Government and Sovereign Clouds via the use of the azure_environment
setting. Valid Azure environments are Azure
, AzureUSGovernment
, AzureChina
and AzureGermanCloud
Note that the use_managed_disks
option should be set to false until supported by AzureUSGovernment.
Example kitchen.yml for Azure US Government cloud
---
driver:
name: azurerm
subscription_id: 'your-azure-subscription-id-here'
azure_environment: 'AzureUSGovernment'
location: 'US Gov Iowa'
machine_size: 'Standard_D2_v2_Promo'
use_managed_disks: false
provisioner:
name: chef_zero
verifier:
name: inspec
platforms:
- name: ubuntu1604
driver:
image_urn: Canonical:UbuntuServer:16.04-LTS:latest
transport:
ssh_key: ~/.ssh/id_kitchen-azurerm
suites:
- name: default
How to retrieve the image_urn
You can use the azure (azure-cli) command line tools to interrogate for the Urn. All 4 parts of the Urn must be specified, though the last part can be changed to "latest" to indicate you always wish to provision the latest operating system and patches.
$ azure vm image list "West Europe" Canonical UbuntuServer
This will return a list like the following, from which you can derive the Urn. this list has been shortened for readability
data: Publisher Offer Sku Version Location Urn
data: --------- ------------ ----------------- --------------- ---------- --------------------------------------------------------
data: Canonical UbuntuServer 12.04.5-LTS 12.04.201507301 westeurope Canonical:UbuntuServer:12.04.5-LTS:12.04.201507301
data: Canonical UbuntuServer 12.04.5-LTS 12.04.201507311 westeurope Canonical:UbuntuServer:12.04.5-LTS:12.04.201507311
data: Canonical UbuntuServer 12.04.5-LTS 12.04.201508190 westeurope Canonical:UbuntuServer:12.04.5-LTS:12.04.201508190
data: Canonical UbuntuServer 12.04.5-LTS 12.04.201509060 westeurope Canonical:UbuntuServer:12.04.5-LTS:12.04.201509060
data: Canonical UbuntuServer 12.04.5-LTS 12.04.201509090 westeurope Canonical:UbuntuServer:12.04.5-LTS:12.04.201509090
data: Canonical UbuntuServer 12.10 12.10.201212180 westeurope Canonical:UbuntuServer:12.10:12.10.201212180
data: Canonical UbuntuServer 14.04.3-DAILY-LTS 14.04.201509110 westeurope Canonical:UbuntuServer:14.04.3-DAILY-LTS:14.04.201509110
data: Canonical UbuntuServer 14.04.3-DAILY-LTS 14.04.201509160 westeurope Canonical:UbuntuServer:14.04.3-DAILY-LTS:14.04.201509160
data: Canonical UbuntuServer 14.04.3-DAILY-LTS 14.04.201509220 westeurope Canonical:UbuntuServer:14.04.3-DAILY-LTS:14.04.201509220
data: Canonical UbuntuServer 14.04.3-LTS 14.04.201508050 westeurope Canonical:UbuntuServer:14.04.3-LTS:14.04.201508050
data: Canonical UbuntuServer 14.04.3-LTS 14.04.201509080 westeurope Canonical:UbuntuServer:14.04.3-LTS:14.04.201509080
data: Canonical UbuntuServer 15.04 15.04.201506161 westeurope Canonical:UbuntuServer:15.04:15.04.201506161
data: Canonical UbuntuServer 15.04 15.04.201507070 westeurope Canonical:UbuntuServer:15.04:15.04.201507070
data: Canonical UbuntuServer 15.04 15.04.201507220 westeurope Canonical:UbuntuServer:15.04:15.04.201507220
data: Canonical UbuntuServer 15.04 15.04.201507280 westeurope Canonical:UbuntuServer:15.04:15.04.201507280
data: Canonical UbuntuServer 15.10-DAILY 15.10.201509170 westeurope Canonical:UbuntuServer:15.10-DAILY:15.10.201509170
data: Canonical UbuntuServer 15.10-DAILY 15.10.201509180 westeurope Canonical:UbuntuServer:15.10-DAILY:15.10.201509180
data: Canonical UbuntuServer 15.10-DAILY 15.10.201509190 westeurope Canonical:UbuntuServer:15.10-DAILY:15.10.201509190
data: Canonical UbuntuServer 15.10-DAILY 15.10.201509210 westeurope Canonical:UbuntuServer:15.10-DAILY:15.10.201509210
data: Canonical UbuntuServer 15.10-DAILY 15.10.201509220 westeurope Canonical:UbuntuServer:15.10-DAILY:15.10.201509220
info: vm image list command OK
Contributing
Contributions to the project are welcome via submitting Pull Requests.
- Fork it ( https://github.com/test-kitchen/kitchen-azurerm/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request
Author
Stuart Preston
License and Copyright
Copyright 2015-2021, Chef Software, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.