Chaos Toolkit Extension for Microsoft Azure
Project description
Chaos Toolkit Extension for Azure
This project is a collection of actions and probes, gathered as an extension to the Chaos Toolkit. It targets the Microsoft Azure platform.
Install
This package requires Python 3.5+
To be used from your experiment, this package must be installed in the Python environment where chaostoolkit already lives.
$ pip install -U chaostoolkit-azure
Usage
To use the probes and actions from this package, add the following to your experiment file:
{
"type": "action",
"name": "start-service-factory-chaos",
"provider": {
"type": "python",
"module": "chaosazure.vm.actions",
"func": "stop_machines",
"secrets": ["azure"],
"arguments": {
"parameters": {
"TimeToRunInSeconds": 45
}
}
}
}
That's it!
Please explore the code to see existing probes and actions.
Configuration
This extension uses the Azure SDK libraries under the hood. The Azure SDK library expects that you have a tenant and client identifier, as well as a client secret and subscription, that allows you to authenticate with the Azure resource management API.
Configuration values for the Chaos Toolkit Extension for Azure can come from several sources:
- Experiment file
- Azure credential file
The extension will first try to load the configuration from the experiment file. If configuration is not provided in the experiment file, it will try to load it from the Azure credential file.
Credentials
-
Secrets in the Experiment file
{ "secrets": { "azure": { "client_id": "your-super-secret-client-id", "client_secret": "your-even-more-super-secret-client-secret", "tenant_id": "your-tenant-id" } } }
You can retrieve secretes as well from environment or HashiCorp vault.
If you are not working with Public Global Azure, e.g. China Cloud You can set the cloud environment.
{ "client_id": "your-super-secret-client-id", "client_secret": "your-even-more-super-secret-client-secret", "tenant_id": "your-tenant-id", "azure_cloud": "AZURE_CHINA_CLOUD" }
Available cloud names:
- AZURE_CHINA_CLOUD
- AZURE_GERMAN_CLOUD
- AZURE_PUBLIC_CLOUD
- AZURE_US_GOV_CLOUD
-
Secrets in the Azure credential file
You can retrieve a credentials file with your subscription ID already in place by signing in to Azure using the az login command followed by the az ad sp create-for-rbac command
az login az ad sp create-for-rbac --sdk-auth > credentials.json
credentials.json:
{ "subscriptionId": "<azure_aubscription_id>", "tenantId": "<tenant_id>", "clientId": "<application_id>", "clientSecret": "<application_secret>", "activeDirectoryEndpointUrl": "https://login.microsoftonline.com", "resourceManagerEndpointUrl": "https://management.azure.com/", "activeDirectoryGraphResourceId": "https://graph.windows.net/", "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/", "galleryEndpointUrl": "https://gallery.azure.com/", "managementEndpointUrl": "https://management.core.windows.net/" }
Store the path to the file in an environment variable called AZURE_AUTH_LOCATION and make sure that your experiment does NOT contain
secretssection.
Subscription
Additionally you need to provide the Azure subscription id.
-
Subscription id in the experiment file
{ "configuration": { "azure_subscription_id": "your-azure-subscription-id" } }
Configuration may be as well retrieved from an environment.
An old, but deprecated way of doing it was as follows, this still works but should not be favoured over the previous approaches as it's not the Chaos Toolkit way to pass structured configurations.
{ "configuration": { "azure": { "subscription_id": "your-azure-subscription-id" } } }
-
Subscription id in the Azure credential file
Credential file described in the previous "Credential" section contains as well subscription id. If AZURE_AUTH_LOCATION is set and subscription id is NOT set in the experiment definition, extension will try to load it from the credential file.
Putting it all together
Here is a full example for an experiment containing secrets and configuration:
{
"version": "1.0.0",
"title": "...",
"description": "...",
"tags": ["azure", "kubernetes", "aks", "node"],
"configuration": {
"azure_subscription_id": "xxx"
},
"secrets": {
"azure": {
"client_id": "xxx",
"client_secret": "xxx",
"tenant_id": "xxx"
}
},
"steady-state-hypothesis": {
"title": "Services are all available and healthy",
"probes": [
{
"type": "probe",
"name": "consumer-service-must-still-respond",
"tolerance": 200,
"provider": {
"type": "http",
"url": "https://some-url/"
}
}
]
},
"method": [
{
"type": "action",
"name": "restart-node-at-random",
"provider": {
"type": "python",
"module": "chaosazure.machine.actions",
"func": "restart_machines",
"secrets": ["azure"],
"config": ["azure_subscription_id"]
}
}
],
"rollbacks": []
}
Contribute
If you wish to contribute more functions to this package, you are more than welcome to do so. Please, fork this project, make your changes following the usual PEP 8 code style, sprinkling with tests and submit a PR for review.
The Chaos Toolkit projects require all contributors must sign a Developer Certificate of Origin on each commit they would like to merge into the master branch of the repository. Please, make sure you can abide by the rules of the DCO before submitting a PR.
Develop
If you wish to develop on this project, make sure to install the development dependencies. But first, create a virtual environment and then install those dependencies.
$ pip install -r requirements-dev.txt -r requirements.txt
Then, point your environment to this directory:
$ python setup.py develop
Now, you can edit the files and they will be automatically be seen by your
environment, even when running from the chaos command locally.
Test
To run the tests for the project execute the following:
$ pytest
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file chaostoolkit-azure-0.8.0.tar.gz.
File metadata
- Download URL: chaostoolkit-azure-0.8.0.tar.gz
- Upload date:
- Size: 19.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.23.0 setuptools/40.6.3 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.5.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
74fa0c2232e830762b8ae55e0c11b628af955c37f501d7fd1bcf1af48849e0e9
|
|
| MD5 |
d6a6adedf016193332b6b0bc6a7393eb
|
|
| BLAKE2b-256 |
0fa49f9f25a86491065e3d2bc4850cd0d04f2f816771789d1bacd0d9830bce02
|
File details
Details for the file chaostoolkit_azure-0.8.0-py3-none-any.whl.
File metadata
- Download URL: chaostoolkit_azure-0.8.0-py3-none-any.whl
- Upload date:
- Size: 24.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.23.0 setuptools/40.6.3 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.5.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7a01bff090672b6aaece48d2d02286b20a8d82b29195cbc8ccd51477265e5d50
|
|
| MD5 |
280734c46b3d3ae696c21988e35a783c
|
|
| BLAKE2b-256 |
ff8773a445ad9e539565f41ea0216d7d30a7c5bcc68353218ddbf4b94e4c1604
|
