Using Microsoft Azure with Juju - advanced
This page is dedicated to more advanced topics related to using Microsoft Azure with Juju. The main page is here.
Manually adding Azure credentials
The manual option is useful if Juju fails to automatically gather your credentials, or if you want to automate the process.
Gathering values
We will need values for the following bits of information:
- application-id
- subscription-id
- application-password
- application-name
- tenant-id
In the sections below, we will assign each of these a variable name. When you enter them into the command, replace the variable name we give with the actual ID that corresponds to the variable.
Important: This process requires the Azure CLI tool to be installed and used to successfully log in to Azure prior to Juju configuration. See Install the CLI tool and Log in to Azure respectively.
subscription-id
List your account. Note the subscription ID, the SUB_ID.
az account list
SUB_ID will appear on the line labelled id:
[ { "cloudName": "AzureCloud", "id": "f717c8c1-8e5e-4d38-be7f-ed1e1c879e18", "isDefault": true, "name": "Pay-As-You-Go", "state": "Enabled", "tenantId": "0fb95fd9-f42f-4c78-94c9-e3d01c2bc5af", "user": { "name": "javierlarin72@gmail.com", "type": "user" } } ]
In our sample, SUB_ID is the second line line, so:
SUB_ID=f717c8c1-8e5e-4d38-be7f-ed1e1c879e18
application-password and application name
Create a password for the application to use. You will also need to come up with an arbitrary application name (typically an internet domain). In our example:
APP_PASSWORD=some_password APP_NAME=ubuntu.example.com
Now create an Active Directory (Kerberos) service principal and assign it a role of Owner:
az ad sp create-for-rbac --name "$APP_NAME" --password $APP_PASSWORD --role Owner
The command output will be similar to the following:
{ "appId": "01dfe0e9-f088-4d00-9fcf-2129de64d5d3", "displayName": "ubuntu.example.com", "name": "http://ubuntu.example.com", "password": "some_password", "tenant": "0fb95fd9-f42f-4c78-94c9-e3d01c2bc5af" }
Note: For more in-depth information, see Microsoft's Azure CLI documentation on Role-Based Access Control (RBAC) and the above commmand's syntax.
application-id and tenant-id
From the previous output we'll be using the value that follows appId as APP_ID and tenant as TENANT_ID. Hence:
APP_ID=01dfe0e9-f088-4d00-9fcf-2129de64d5d3 TENANT_ID=0fb95fd9-f42f-4c78-94c9-e3d01c2bc5af
Verification of values
You can now verify the values we've collected by logging in using the application principal as your identity:
az login --service-principal -u http://"$APP_NAME" -p "$APP_PASSWORD" --tenant "$TENANT_ID"
Command output will look similar to the following:
[ { "cloudName": "AzureCloud", "id": "f717c8c1-8e5e-4d38-be7f-ed1e1c879e18", "isDefault": true, "name": "Pay-As-You-Go", "state": "Enabled", "tenantId": "0fb95fd9-f42f-4c78-94c9-e3d01c2bc5af", "user": { "name": "http://ubuntu.example.com", "type": "servicePrincipal" } } ]
Add credentials
One benefit of adding credentials manually is the ability to automate the
process. We will therefore use a file (here called creds.yaml) to store our
information:
credentials: azure: az-manual4: auth-type: service-principal-secret application-id: 01dfe0e9-f088-4d00-9fcf-2129de64d5d3 subscription-id: f717c8c1-8e5e-4d38-be7f-ed1e1c879e18 application-password: some_password
Now run the following command to add your Azure credentials to Juju:
juju add-credential -f creds.yaml azure
Next steps
You should now continue reading the main Using Microsoft Azure with Juju page at the controller-creation step.
Note: If you add more than one credential you will need to either specify one while creating the controller (juju bootstrap --credential) or set a default (juju set-default-credential) before doing so.