diff --git a/azure/create-inject.sh b/azure/create-inject.sh
new file mode 100644
index 0000000..a6eef34
--- /dev/null
+++ b/azure/create-inject.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+group="injection"
+storage_account="${group}"
+
+location="westeurope"
+
+vm_name="$1"
+
+vm_size="Standard_DS5_v2"
+vm_subnet="/subscriptions/49b7f681-8efc-4689-8524-870fc0c1db09/resourceGroups/swh-resource/providers/Microsoft.Network/virtualNetworks/swh-vnet/subnets/default"
+vm_diagnostics="http://swhresourcediag966.blob.core.windows.net/"
+
+vm_user="injection"
+vm_sshkey="~/.ssh/id_rsa.inria.pub"
+
+vm_ndisks=11
+
+if ! azure group show "$group" >/dev/null; then
+    azure group create "$group" "$location"
+fi
+
+if ! azure storage account show -g "$group" "$storage_account"; then
+    azure storage account create -g "$group" -l "$location" "$storage_account"
+fi
+
+azure vm create \
+      -g "${group}" \
+      -n "${vm_name}" \
+      -l "${location}" \
+      -y Linux -Q credativ:Debian:8:latest \
+      -S "${vm_subnet}" \
+      -f "${vm_name}-if" \
+      -i "${vm_name}-public" --public-ip-domain-name "swh${vm_name}" --public-ip-idletimeout 30 \
+      -u "${vm_user}" -M "${vm_sshkey}" \
+      -o "${storage_account}" \
+      -z "${vm_size}" \
+      --boot-diagnostics-storage-uri "${vm_diagnostics}"
+
+for disk in $(seq 1 "${vm_ndisks}"); do
+    azure vm disk attach-new \
+          -g "${group}" \
+          -n "${vm_name}" \
+          -z 1023 \
+          -d "${vm_name}-data${disk}.vhd" \
+          -l "${disk}" \
+          -o "${storage_account}"
+done
+
+vm_hostname="swh${vm_name}.${location}.cloudapp.azure.com"
+scp -i "${vm_sshkey}" provision-inject.sh "${vm_user}@${vm_hostname}:"
+ssh -i "${vm_sshkey}" "${vm_user}@${vm_hostname}" sudo bash provision-inject.sh
diff --git a/azure/create-vm.sh b/azure/create-vm.sh
new file mode 100755
index 0000000..edc4e9a
--- /dev/null
+++ b/azure/create-vm.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+worker=${1-worker01}
+zone=westeurope
+resource_prefix=euwest
+resource_group="${resource_prefix}-workers"
+image=credativ:Debian:9:latest
+# pub_key=~/.ssh/id-rsa-swhworker.pub
+pub_key=~/.ssh/id_rsa.inria.pub
+
+# "default" subnet in the "swh-vnet" virtual network of the "swh-resource" resource group
+subnet=/subscriptions/49b7f681-8efc-4689-8524-870fc0c1db09/resourceGroups/swh-resource/providers/Microsoft.Network/virtualNetworks/swh-vnet/subnets/default
+
+# Change for virtual machine size. Standard_DS = SSD; Standard_S = Standard disk
+# size=Standard_DS11_v2
+size=Standard_DS2_v2
+
+# SSD
+disk_group="${resource_prefix}workersdisks"
+# Standard
+# disk_group="${resource_prefix}stddisks"
+
+diagnostics_resource=swhresourcediag966
+
+azure vm create \
+      -g "${resource_group}" \
+      -n "${worker}-${resource_prefix}" \
+      -l "${zone}" \
+      -y Linux -Q "${image}" \
+      -S "${subnet}" -f "${worker}-${resource_prefix}-if" \
+      -u testadmin -M "${pub_key}" \
+      -o "${disk_group}" \
+      -z "${size}" \
+      --boot-diagnostics-storage-uri "http://${diagnostics_resource}.blob.core.windows.net/"
diff --git a/azure/provision-inject.sh b/azure/provision-inject.sh
new file mode 100644
index 0000000..e7c3f70
--- /dev/null
+++ b/azure/provision-inject.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cat >> /home/injection/.ssh/authorized_keys <<EOF
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9VE8ET+Iow9GzGnQc8Gup2LI5AvOb5aO29ZF28bVgnPyrOPOYWxVTArt1r5rWNXqboqN5PSJ35XtLQPl5amAbFnLlk3eUxsO71HdeM4ZVPNyotQVqXMQNMnnNzyjH8SVPWjYT8Ehf0tcuuY4PDMapqpw6FAxalon5/LK+nL889Ol5990GcXZFbNljJAWFVLQYkzZhfxe5RL94yn4vZi5g+emd1hfOETWKpSCgtftFEvT0v1sqpMOBrj67uC0mL3S0C6YblZSU5thZaiOvxgAcCHwKcPrXnKKyvhCsMciAbhOPGV/n+7O692aXTLzFtOZqXROEhivGX2Z7ldBuiySx olasd@uffizi
+EOF
+
+cat > /etc/apt/sources.list.d/softwareheritage.list <<EOF
+deb [trusted=yes] http://debian.internal.softwareheritage.org/ jessie main
+EOF
+
+cat > /etc/apt/preferences.d/objstorage_cloud.pref <<EOF
+Explanation: Pin python3-azure-storage dependencies to backports
+Package: python3-cffi python3-cryptography python3-pkg-resources python3-pyasn1 python3-setuptools
+Pin: release n=jessie-backports
+Pin-Priority: 990
+EOF
+
+apt-get update
+apt-get -y dist-upgrade
+apt-get -y install mdadm rabbitmq-server python3-swh.objstorage.cloud python3-swh.storage.archiver python3-swh.scheduler
+
+exit 0
+
+for disk in /dev/sd[c-m]; do
+    sfdisk $disk <<EOF
+unit: sectors
+
+/dev/sdc1 : start=     2048, size=2145384448, Id=fd
+/dev/sdc2 : start=        0, size=        0, Id= 0
+/dev/sdc3 : start=        0, size=        0, Id= 0
+/dev/sdc4 : start=        0, size=        0, Id= 0
+EOF
+done;
+mdadm --create /dev/md0 --level 0 --raid-devices 11 /dev/sd[c-m]1
+/usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf
+update-initramfs -k all -u
diff --git a/azure/provision-vm-azure-step1.sh b/azure/provision-vm-azure-step1.sh
new file mode 100755
index 0000000..80692f0
--- /dev/null
+++ b/azure/provision-vm-azure-step1.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# as a first step, connect to the newly vm created
+# $ ssh -i ~/.ssh/id_rsa_inria testadmin@<worker>
+# then as root
+# $ sudo su -
+# first add a generated pass
+# $ passwd
+
+# Then permit root connection with ssh
+sed -e 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' -i /etc/ssh/sshd_config
+sed -e 's/PasswordAuthentication no/PasswordAuthentication yes/g' -i /etc/ssh/sshd_config
+systemctl restart sshd.service
+
+# disconnect from the current connection
+# $ logout
+# reconnect as root
+# scp the provision-vm.sh script to the root user of the vm
+# $ scp provision-vm.sh root@<worker>
+# connect to the vm
+# $ ssh root@<worker>
+# $ chmod +x provision-vm.sh
+# trigger the script provision-vm.sh
+# $ ./provision-vm.sh
diff --git a/azure/provision-vm.sh b/azure/provision-vm.sh
new file mode 100755
index 0000000..ff1509d
--- /dev/null
+++ b/azure/provision-vm.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+set -ex
+
+cd /
+
+ORIG_HOSTNAME="$(hostname)"
+HOSTNAME=${ORIG_HOSTNAME/-*/}.euwest.azure
+
+IP=$(ip a | grep 192 | awk '{print $2}' | awk -F/ '{print $1}')
+
+apt-get update
+apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade
+
+echo $HOSTNAME > /etc/hostname
+hostnamectl set-hostname $HOSTNAME
+cat >> /etc/hosts << EOF
+$IP $HOSTNAME.internal.softwareheritage.org $HOSTNAME
+
+192.168.100.100 db
+192.168.100.101 uffizi
+192.168.100.31 moma
+EOF
+
+mkdir -p /etc/resolvconf/resolv.conf.d
+echo search internal.softwareheritage.org > /etc/resolvconf/resolv.conf.d/tail
+apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install resolvconf nfs-common
+
+apt-get update
+
+apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade
+apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install augeas-tools puppet
+
+
+# FIXME: Is this useful?
+augtool << "EOF"
+set /files/etc/puppet/puppet.conf/main/pluginsync true
+set /files/etc/puppet/puppet.conf/main/server pergamon.internal.softwareheritage.org
+save
+EOF
+
+mkdir -p /etc/facter/facts.d
+echo location=azure_euwest > /etc/facter/facts.d/location.txt
+
+service puppet stop
+systemctl disable puppet.service
+puppet agent --enable
+
+augtool << "EOF"
+set /files/etc/puppet/puppet.conf/agent/server pergamon.internal.softwareheritage.org
+set /files/etc/puppet/puppet.conf/agent/report true
+set /files/etc/puppet/puppet.conf/agent/pluginsync true
+save
+EOF
+
+rm -rf /root/.ssh
+
+deluser testadmin
+rm -rf /home/testadmin
+
+puppet agent --test || true
+
+reboot