Azure ARM Compute Driver Documentation

Azure driver allows you to integrate with Microsoft Azure Virtual Machines provider using the Azure Resource Management (ARM) API.


Azure Virtual Machine service allows you to launch Windows and Linux virtual servers in many datacenters across the world.

Connecting to Azure

To connect to Azure you need your tenant ID and subscription ID. Using the Azure cross platform CLI, use az account list to get these values.

Creating a Service Principal

The following directions are based on

az ad app create --display-name "<Your Application Display Name>" --identifier-uris "<https://YouApplicationUri>" --password <Your_Password>
az ad sp create --id "<Application_Id>"
az role assignment create --assignee "<Object_Id>" --role Owner --scope /subscriptions/{subscriptionId}/

Instantiating a driver

Use <Application_Id> for “key” and the <Your_Password> for “secret”.

Once you have the tenant id, subscription id, application id (“key”), and password (“secret”), you can create an AzureNodeDriver:

from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver

cls = get_driver(Provider.AZURE_ARM)
driver = cls(tenant_id='tenant_id',
             key='application_id', secret='password')

Alternate Cloud Environments

You can select an alternate cloud environment using the “cloud_environment” parameter to AzureNodeDriver constructor. Available alternate cloud environments are ‘AzureChinaCloud’, ‘AzureUSGovernment’ and ‘AzureGermanCloud’. You can also supply explicit endpoints by providing a dict with the keys ‘resourceManagerEndpointUrl’, ‘activeDirectoryEndpointUrl’, ‘activeDirectoryResourceId’ and ‘storageEndpointSuffix’.

API Docs

class libcloud.compute.drivers.azure_arm.AzureNodeDriver(tenant_id, subscription_id, key, secret, secure=True, host=None, port=None, api_version=None, region=None, **kwargs)[source]

Compute node driver for Azure Resource Manager.

attach_volume(node, volume, ex_lun=None, ex_vhd_uri=None, ex_vhd_create=False, **ex_kwargs)[source]

Attach a volume to node.

  • node (Node) – A node to attach volume.
  • volume (StorageVolume) – A volume to attach.
  • ex_lun (int) – Specifies the logical unit number (LUN) location for the data drive in the virtual machine. Each data disk must have a unique LUN.
  • ex_vhd_uri (str) – Attach old-style unmanaged disk from VHD blob. (optional)
  • ex_vhd_create (bool) – Create a new VHD blob for unmanaged disk. (optional)
Return type:



alias of libcloud.common.azure_arm.AzureResourceManagementConnection

copy_image(source_region, node_image, name, description=None)

Copies an image from a source region to the current region.

  • source_region (str) – Region to copy the node from.
  • node_image (NodeImage:) – NodeImage to copy.
  • name (str) – name for new image.
  • description – description for new image.
Return type:



NodeImage instance on success.

create_image(node, name, description=None)

Creates an image from a node object.

  • node (Node) – Node to run the task on.
  • name (description) – name for new image.
  • description – description for new image.
Return type:



NodeImage instance on success.


Create a new key pair object.

Parameters:name (str) – Key pair name.
Return type:KeyPair object
create_node(name, size, image, auth, ex_resource_group, ex_storage_account=None, ex_blob_container='vhds', location=None, ex_user_name='azureuser', ex_network=None, ex_subnet=None, ex_nic=None, ex_tags={}, ex_customdata='', ex_use_managed_disks=False, ex_disk_size=None, ex_storage_account_type='Standard_LRS')[source]

Create a new node instance. This instance will be started automatically.

This driver supports the ssh_key feature flag for created_node so you can upload a public key into the new instance:

>>> from libcloud.compute.drivers.azure_arm import AzureNodeDriver
>>> driver = AzureNodeDriver(...)
>>> auth = NodeAuthSSHKey('pubkey data here')
>>> node = driver.create_node("test_node", auth=auth)

This driver also supports the password feature flag for create_node so you can set a password:

>>> driver = AzureNodeDriver(...)
>>> auth = NodeAuthPassword('mysecretpassword')
>>> node = driver.create_node("test_node", auth=auth, ...)

If you don’t provide the auth argument libcloud will assign a password:

>>> driver = AzureNodeDriver(...)
>>> node = driver.create_node("test_node", ...)
>>> password = node.extra["properties"]                            ["osProfile"]["adminPassword"]
  • name (str) – String with a name for this new node (required)
  • size (NodeSize) – The size of resources allocated to this node. (required)
  • image (AzureImage) – OS Image to boot on node. (required)
  • location – Which data center to create a node in.

(if None, use default location specified as ‘region’ in __init__) :type location: NodeLocation

  • auth (NodeAuthSSHKey or NodeAuthPassword) – Initial authentication information for the node (optional)
  • ex_resource_group – The resource group in which to create the

node :type ex_resource_group: str

Parameters:ex_storage_account – The storage account id in which to store

the node’s disk image. Note: when booting from a user image (AzureVhdImage) the source image and the node image must use the same storage account. :type ex_storage_account: str

Parameters:ex_blob_container – The name of the blob container on the

storage account in which to store the node’s disk image (optional, default “vhds”) :type ex_blob_container: str

Parameters:ex_user_name – User name for the initial admin user

(optional, default “azureuser”) :type ex_user_name: str

Parameters:ex_network – The virtual network the node will be attached to.

Must provide either ex_network (to create a default NIC for the node on the given network) or ex_nic (to supply the NIC explicitly). :type ex_network: str

Parameters:ex_subnet – If ex_network is provided, the subnet of the

virtual network the node will be attached to. Optional, default is the “default” subnet. :type ex_subnet: str

Parameters:ex_nic – A virtual NIC to attach to this Node, from

ex_create_network_interface or ex_get_nic. Must provide either ex_nic (to supply the NIC explicitly) or ex_network (to create a default NIC for the node on the given network). :type ex_nic: AzureNic

  • ex_tags (dict) – Optional tags to associate with this node.
  • ex_customdata (str) – Custom data that will be placed in the file /var/lib/waagent/CustomData articles/virtual-machines-how-to-inject-custom-data/
  • ex_use_managed_disks (bool) – Enable this feature to have Azure automatically manage the availability of disks to provide data redundancy and fault tolerance, without creating and managing storage accounts on your own. Managed disks may not be available in all regions (default False).
  • ex_disk_size (int) – Custom OS disk size in GB
  • ex_storage_account_type (str) – The Storage Account type, ``Standard_LRS``(HDD disks) or ``Premium_LRS``(SSD disks).

The newly created node.

Return type:


create_volume(size, name, location=None, snapshot=None, ex_resource_group=None, ex_account_type=None, ex_tags=None)[source]

Create a new managed volume.

  • size (int) – Size of volume in gigabytes.
  • name (str) – Name of the volume to be created.
  • location (NodeLocation) – Which data center to create a volume in. (required)
  • snapshot (VolumeSnapshot) – Snapshot from which to create the new volume.
  • ex_resource_group (str) – The name of resource group in which to create the volume. (required)
  • ex_account_type (str) – The Storage Account type, ``Standard_LRS``(HDD disks) or ``Premium_LRS``(SSD disks).
  • ex_tags (dict) – Optional tags to associate with this resource.

The newly created volume.

Return type:


create_volume_snapshot(volume, name=None, location=None, ex_resource_group=None, ex_tags=None)[source]

Create snapshot from volume.

  • volume (:class`StorageVolume`) – Instance of StorageVolume.
  • name (str) – Name of snapshot. (required)
  • location (NodeLocation) – Which data center to create a volume in. (required)
  • ex_resource_group (str) – The name of resource group in which to create the snapshot. (required)
  • ex_tags (dict) – Optional tags to associate with this resource.
Return type:



Deletes a node image from a provider.

Parameters:node_image (NodeImage) – Node image object.
Returns:True if delete_image was successful, False otherwise.
Return type:bool

Delete an existing key pair.

Parameters:key_pair (KeyPair) – Key pair object.
Return type:bool
deploy_node(deploy, ssh_username='root', ssh_alternate_usernames=None, ssh_port=22, ssh_timeout=10, ssh_key=None, ssh_key_password=None, auth=None, timeout=300, max_tries=3, ssh_interface='public_ips', at_exit_func=None, wait_period=5, **create_node_kwargs)

Create a new node, and start deployment.

In order to be able to SSH into a created node access credentials are required.

A user can pass either a NodeAuthPassword or NodeAuthSSHKey to the auth argument. If the create_node implementation supports that kind if credential (as declared in self.features['create_node']) then it is passed on to create_node. Otherwise it is not passed on to create_node and it is only used for authentication.

If the auth parameter is not supplied but the driver declares it supports generates_password then the password returned by create_node will be used to SSH into the server.

Finally, if the ssh_key_file is supplied that key will be used to SSH into the server.

This function may raise a DeploymentException, if a create_node call was successful, but there is a later error (like SSH failing or timing out). This exception includes a Node object which you may want to destroy if incomplete deployments are not desirable.

>>> from libcloud.compute.drivers.dummy import DummyNodeDriver
>>> from libcloud.compute.deployment import ScriptDeployment
>>> from libcloud.compute.deployment import MultiStepDeployment
>>> from libcloud.compute.base import NodeAuthSSHKey
>>> driver = DummyNodeDriver(0)
>>> key = NodeAuthSSHKey('...') # read from file
>>> script = ScriptDeployment("yum -y install emacs strace tcpdump")
>>> msd = MultiStepDeployment([key, script])
>>> def d():
...     try:
...         driver.deploy_node(deploy=msd)
...     except NotImplementedError:
...         print ("not implemented for dummy driver")
>>> d()
not implemented for dummy driver

Deploy node is typically not overridden in subclasses. The existing implementation should be able to handle most such.

  • deploy (Deployment) – Deployment to run once machine is online and available to SSH.
  • ssh_username (str) – Optional name of the account which is used when connecting to SSH server (default is root)
  • ssh_alternate_usernames (list) – Optional list of ssh usernames to try to connect with if using the default one fails
  • ssh_port (int) – Optional SSH server port (default is 22)
  • ssh_timeout (float) – Optional SSH connection timeout in seconds (default is 10)
  • auth (NodeAuthSSHKey or NodeAuthPassword) – Initial authentication information for the node (optional)
  • ssh_key (str or list of str) – A path (or paths) to an SSH private key with which to attempt to authenticate. (optional)
  • ssh_key_password (str) – Optional password used for encrypted keys.
  • timeout (int) – How many seconds to wait before timing out. (default is 600)
  • max_tries (int) – How many times to retry if a deployment fails before giving up (default is 3)
  • ssh_interface (str) – The interface to wait for. Default is ‘public_ips’, other option is ‘private_ips’.
  • at_exit_func (func) –

    Optional atexit handler function which will be registered and called with created node if user cancels the deploy process (e.g. CTRL+C), after the node has been created, but before the deploy process has finished.

    This method gets passed in two keyword arguments:

    • driver -> node driver in question
    • node -> created Node object

    Keep in mind that this function will only be called in such scenario. In case the method finishes (this includes throwing an exception), at exit handler function won’t be called.

  • wait_period (int) – How many seconds to wait between each iteration while waiting for node to transition into running state and have IP assigned. (default is 5)
destroy_node(node, ex_destroy_nic=True, ex_destroy_vhd=True, ex_poll_qty=10, ex_poll_wait=10)[source]

Destroy a node.

  • node (Node) – The node to be destroyed
  • ex_destroy_nic – Destroy the NICs associated with

this node (default True). :type node: bool

Parameters:ex_destroy_vhd – Destroy the OS disk blob associated with

this node (default True). :type node: bool

Parameters:ex_poll_qty – Number of retries checking if the node

is gone, destroying the NIC or destroying the VHD (default 10). :type node: int

Parameters:ex_poll_wait – Delay in seconds between retries (default 10).
Returns:True if the destroy was successful, raises exception

otherwise. :rtype: bool


Delete a volume.


Delete a snapshot.

detach_volume(volume, ex_node=None)[source]

Detach a managed volume from a node.

ex_check_ip_address_availability(resource_group, network, ip_address)[source]

Checks whether a private IP address is available for use. Also returns an object that contains the available IPs in the subnet.

  • resource_group (str) – The resource group to check the ip address in.
  • network (AzureNetwork) – The virtual network.
  • ip_address (str) – The private IP address to be verified.
ex_create_network_interface(name, subnet, resource_group, location=None, public_ip=None)[source]

Create a virtual network interface (NIC).

  • name (str) – Name of the NIC resource
  • subnet (AzureSubnet) – The subnet to attach the NIC
  • resource_group (str) – The resource group to create the NIC
  • location – The location at which to create the NIC

(if None, use default location specified as ‘region’ in __init__) :type location: NodeLocation

Parameters:public_ip – Associate a public IP resource with this NIC

(optional). :type public_ip: AzureIPAddress

Returns:The newly created NIC
Return type:AzureNic
ex_create_network_security_group(name, resource_group, location=None)[source]

Update tags on any resource supporting tags.

  • name (str) – Name of the network security group to create
  • resource_group – The resource group to create the network

security group in :type resource_group: str

Parameters:location – The location at which to create the network security

group (if None, use default location specified as ‘region’ in __init__) :type location: NodeLocation

ex_create_public_ip(name, resource_group, location=None, public_ip_allocation_method=None)[source]

Create a public IP resources.

  • name (str) – Name of the public IP resource
  • resource_group (str) – The resource group to create the public IP
  • location – The location at which to create the public IP

(if None, use default location specified as ‘region’ in __init__) :type location: NodeLocation

Parameters:public_ip_allocation_method – Call ex_create_public_ip with

public_ip_allocation_method=”Static” to create a static public IP address :type public_ip_allocation_method: str

Returns:The newly created public ip object
Return type:AzureIPAddress
ex_create_tags(resource, tags, replace=False)[source]

Update tags on any resource supporting tags.

  • resource (str or Azure object with an id attribute.) – The resource to update.
  • tags (dict) – The tags to set.
  • replace – If true, replace all tags with the new tags.

If false (default) add or update tags. :type replace: bool

ex_delete_network_security_group(name, resource_group, location=None)[source]

Update tags on any resource supporting tags.

  • name (str) – Name of the network security group to delete
  • resource_group – The resource group to create the network

security group in :type resource_group: str

Parameters:location – The location at which to create the network security

group (if None, use default location specified as ‘region’ in __init__) :type location: NodeLocation


Delete a public ip address resource.

Parameters:public_ip (.AzureIPAddress) – Public ip address resource to delete

Delete a resource.


Destroy a NIC.

Parameters:nic (.AzureNic) – The NIC to destroy.
Returns:True on success
Return type:bool

Fetch information about a NIC.

Parameters:id (str) – The complete resource path to the NIC resource.
Returns:The NIC object
Return type:AzureNic

Fetch information about a node.

Parameters:id (str) – The complete resource path to the node resource.
Returns:The Node object
Return type:Node

Fetch information about a public IP resource.

Parameters:id (``str`) – The complete resource path to the public IP resource.
Returns:The public ip object
Return type:AzureIPAddress
ex_get_ratecard(offer_durable_id, currency='USD', locale='en-US', region='US')[source]

Get rate card

Parameters:offer_durable_id – ID of the offer applicable for this

user account. (e.g. “0026P”) See :type offer_durable_id: str

  • currency (str) – Desired currency for the response (default: “USD”)
  • locale (str) – Locale (default: “en-US”)
  • region (str) – Region (two-letter code) (default: “US”)

A dictionary of rates whose ID’s correspond to nothing at all

Return type:



Fetch information about a snapshot.

Parameters:id (str) – The complete resource path to the snapshot resource.
Returns:The VolumeSnapshot object
Return type:VolumeSnapshot
ex_get_storage_account_keys(resource_group, storage_account)[source]

Get account keys required to access to a storage account (using AzureBlobsStorageDriver).

  • resource_group (str) – The resource group containing the storage account
  • storage_account (str) – Storage account to access

The account keys, in the form {“key1”: “XXX”, “key2”: “YYY”}

Return type:



Fetch information about a volume.

Parameters:id (str) – The complete resource path to the volume resource.
Returns:The StorageVolume object
Return type:StorageVolume

List node image versions in a sku.

Parameters:sku – The complete resource path to a sku (as returned by

ex_list_skus) :type publisher: str

Returns:A list of tuples in the form

(“version id”, “version name”) :rtype: list


List network security groups.

Parameters:resource_group – List security groups in a specific resource

group. :type resource_group: str

Returns:A list of network security groups.
Return type:list of AzureNetworkSecurityGroup

List virtual networks.

Returns:A list of virtual networks.
Return type:list of AzureNetwork

List available virtual network interface controllers in a resource group

Parameters:resource_group (str) – List NICS in a specific resource group containing the NICs(optional).
Returns:A list of NICs.
Return type:list of AzureNic

List node image offers from a publisher.

Parameters:publisher – The complete resource path to a publisher

(as returned by ex_list_publishers) :type publisher: str

Returns:A list of tuples in the form

(“offer id”, “offer name”) :rtype: list


List public IP resources.

Parameters:resource_group (str) – List public IPs in a specific resource group.
Returns:List of public ip objects
Return type:list of AzureIPAddress

List node image publishers.

Parameters:location – The location at which to list publishers

(if None, use default location specified as ‘region’ in __init__) :type location: NodeLocation

Returns:A list of tuples in the form

(“publisher id”, “publisher name”) :rtype: list


List resource groups.

Returns:A list of resource groups.
Return type:list of AzureResourceGroup

List node image skus in an offer.

Parameters:offer – The complete resource path to an offer (as returned by

ex_list_offers) :type offer: str

Returns:A list of tuples in the form

(“sku id”, “sku name”) :rtype: list


List subnets of a virtual network.

Parameters:network (AzureNetwork) – The virtual network containing the subnets.
Returns:A list of subnets.
Return type:list of AzureSubnet
ex_resize_volume(volume, new_size, resource_group)[source]

Resize a volume.

  • volume (StorageVolume) – A volume to resize.
  • new_size (int) – The new size to resize the volume to in Gib.
  • resource_group (str) – The name of the resource group in which to create the volume.
ex_run_command(node, command, filerefs=[], timestamp=0, storage_account_name=None, storage_account_key=None, location=None)[source]

Run a command on the node as root.

Does not require ssh to log in, uses Windows Azure Agent (waagent) running on the node.

  • node (:class:.Node) – The node on which to run the command.
  • command – The actual command to run. Note this is parsed

into separate arguments according to shell quoting rules but is executed directly as a subprocess, not a shell command. :type command: str

Parameters:filerefs – Optional files to fetch by URI from Azure blob store

(must provide storage_account_name and storage_account_key), or regular HTTP. :type command: list of str

Parameters:location – The location of the virtual machine

(if None, use default location specified as ‘region’ in __init__) :type location: NodeLocation

  • storage_account_name (str) – The storage account from which to fetch files in filerefs
  • storage_account_key (str) – The storage key to authorize to the blob store.

list of NodeLocation

ex_update_network_profile_of_node(node, network_profile)[source]

Update the network profile of a node. This method can be used to attach or detach a NIC to a node.

  • node (Node) – A node to attach the network interface to.
  • network_profile (dict) – The new network profile to update.
ex_update_nic_properties(network_interface, resource_group, properties)[source]

Update the properties of an already existing virtual network interface (NIC).

  • network_interface (AzureNic) – The NIC to update.
  • resource_group (str) – The resource group to check the ip address in.
  • properties (dict) – The dictionary of the NIC’s properties

The NIC object

Return type:


get_image(image_id, location=None)[source]

Returns a single node image from a provider.

Parameters:image_id – Either an image urn in the form

Publisher:Offer:Sku:Version or a Azure blob store URI in the form pointing to a VHD file. :type image_id: str

Parameters:location – The location at which to search for the image

(if None, use default location specified as ‘region’ in __init__) :type location: NodeLocation

:rtype AzureImage: or AzureVhdImage: :return: AzureImage or AzureVhdImage instance on success.


Retrieve a single key pair.

Parameters:name (str) – Name of the key pair to retrieve.
Return type:KeyPair
import_key_pair_from_file(name, key_file_path)

Import a new public key from string.

  • name (str) – Key pair name.
  • key_file_path (str) – Path to the public key file.
Return type:

KeyPair object

import_key_pair_from_string(name, key_material)

Import a new public key from string.

  • name (str) – Key pair name.
  • key_material (str) – Public key material.
Return type:

KeyPair object

list_images(location=None, ex_publisher=None, ex_offer=None, ex_sku=None, ex_version=None)[source]

List available VM images to boot from.

Parameters:location – The location at which to list images

(if None, use default location specified as ‘region’ in __init__) :type location: NodeLocation

Parameters:ex_publisher – Filter by publisher, or None to list

all publishers. :type ex_publisher: str

  • ex_offer (str) – Filter by offer, or None to list all offers.
  • ex_sku (str) – Filter by sku, or None to list all skus.
  • ex_version (str) – Filter by version, or None to list all versions.

list of node image objects.

Return type:

list of AzureImage


List all the available key pair objects.

Return type:list of KeyPair objects

List data centers available with the current subscription.

Returns:list of node location objects
Return type:list of NodeLocation
list_nodes(ex_resource_group=None, ex_fetch_nic=True, ex_fetch_power_state=True)[source]

List all nodes.

  • ex_resource_group (str) – The resource group to list all nodes from.
  • ex_fetch_nic – Fetch NIC resources in order to get

IP address information for nodes. If True, requires an extra API call for each NIC of each node. If False, IP addresses will not be returned. :type ex_fetch_nic: bool

Parameters:ex_fetch_power_state – Fetch node power state. If True, requires

an extra API call for each node. If False, node state will be returned based on provisioning state only. :type ex_fetch_power_state: bool

Returns:list of node objects
Return type:list of Node

List available VM sizes.

Parameters:location – The location at which to list sizes

(if None, use default location specified as ‘region’ in __init__) :type location: NodeLocation

Returns:list of node size objects
Return type:list of NodeSize

Lists all the snapshots under a resource group or subscription.

Parameters:ex_resource_group (str) – The identifier of your subscription where the managed snapshots are located (optional).
Return type:list of VolumeSnapshot

List snapshots for a storage volume.

Return type:list of VolumeSnapshot

Lists all the disks under a resource group or subscription.

Parameters:ex_resource_group (str) – The identifier of your subscription where the managed disks are located.
Return type:list of StorageVolume

Reboot a node.

Parameters:node (Node) – The node to be rebooted
Returns:True if the reboot was successful, otherwise False
Return type:bool

Start a stopped node.

Parameters:node (Node) – The node to be started
stop_node(node, ex_deallocate=True)[source]

Stop a running node.

  • node (Node) – The node to be stopped
  • deallocate – If True (default) stop and then deallocate the node

(release the hardware allocated to run the node). If False, stop the node but maintain the hardware allocation. If the node is not deallocated, the subscription will continue to be billed as if it were running. :type deallocate: bool

wait_until_running(nodes, wait_period=5, timeout=600, ssh_interface='public_ips', force_ipv4=True, ex_list_nodes_kwargs=None)

Block until the provided nodes are considered running.

Node is considered running when it’s state is “running” and when it has at least one IP address assigned.

  • nodes (list of Node) – List of nodes to wait for.
  • wait_period (int) – How many seconds to wait between each loop iteration. (default is 3)
  • timeout (int) – How many seconds to wait before giving up. (default is 600)
  • ssh_interface (str) – Which attribute on the node to use to obtain an IP address. Valid options: public_ips, private_ips. Default is public_ips.
  • force_ipv4 (bool) – Ignore IPv6 addresses (default is True).
  • ex_list_nodes_kwargs (dict) – Optional driver-specific keyword arguments which are passed to the list_nodes method.

[(Node, ip_addresses)] list of tuple of Node instance and list of ip_address on success.

Return type:

list of tuple