Using Microsoft Azure with Juju

Juju already has knowledge of the Azure cloud, which means adding your Azure account to Juju is quick and easy.

You can see more specific information on Juju’s Azure support (e.g. the supported regions) by running:

juju show-cloud azure

To ensure that Juju’s information is up to date (e.g. new region support), you can update Juju’s public cloud data by running:

juju update-public-clouds

Adding credentials

The Credentials page offers a full treatment of credential management.

Several steps are required to add Azure credentials to Juju:

• Install the CLI tool
• Log in to Azure
• Import the credentials

Alternately, you can use your credentials with Juju as a Service, where charms can be deployed within a graphical environment that comes equipped with a ready-made controller.

A Note on Permissions in Locked Down Environments

As of this writing, the Azure account needs, at minimum, the following permissions, in order to enable fully automated provisioning of Virtual Machines with attached storage with Juju. (In most public cloud environments, you’ll have these permissions by default, and can skip this section.)

Microsoft.Compute/skus (read) 
Microsoft.Resources/subscriptions/resourceGroups (read, write, delete) 
Microsoft.Resources/deployments/ (write/read/delete/cancel/validate)
Microsoft.Network/networkSecurityGroups (write, read, delete, other - join)
Microsoft.Network/virtualNetworks/ (write, read, delete) 
Microsoft.Compute/virtualMachineScaleSets/ (write, read, delete, other -  start action, other - deallocate action, other - restart action, other powerOff action) 
Microsoft.Network/virtualNetworks/subnets/ (read, write, delete, other - join)
Microsoft.Compute/availabilitySets (write, read, delete)
Microsoft.Network/publicIPAddresses (write, read, delete, other - join - optional for public services)
Microsoft.Network/networkInterfaces (write, read, delete, other - join)
Microsoft.Compute/virtualMachines (write, read, delete, other - start, power off, restart, deallocate) 
Microsoft.Compute/disks (write, read, delete)

Install the CLI tool

You will need to import your Azure credentials into Juju using the Azure CLI 2.0 tool from Microsoft.

Ubuntu/Linux users can install Azure CLI 2.0 with the following command:

curl -L https://aka.ms/InstallAzureCli | bash

If the installer encounters any difficulties it will let you know. Examples include the inability to find your system’s Python interpreter or missing software dependencies. Run any commands that the installer suggests in order to rectify these deficiencies. You may need to prepend sudo to some commands (only do this if needed). After each command, rerun the above curl command. Accept the suggested default answers to any questions it may ask (by just pressing ‘Enter’).

At the end you will be asked to run exec -l $SHELL to restart your shell.

Verify that the tool is properly installed by running az --version.

Log in to Azure

Log in to your Azure account in order to display the credentials that you will, in turn, provide to Juju:

az login

This will output a URL and a code, for example:

To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code D6FRLOY6U to authenticate.

After entering the code the web site should show ‘Microsoft Azure Cross-platform Command Line Interface’. Press the ‘Continue’ button. The resulting page will ask you to “Pick an account”. This is just the email address that you’ve associated with your Azure account. Click on it. You are now logged in to your Azure account.

Import the credentials

Back on the command line, the output from az login should now display your Azure account information:

[
  {
    "cloudName": "AzureCloud",
    "id": "f717c8c1-8e5e-4d38-be7f-ed1e1c879e18",
    "isDefault": true,
    "name": "Pay-As-You-Go",
    "state": "Enabled",
    "tenantId": "0fb95fd9-f42f-4c78-94c9-e3d01c2bc5af",
    "user": {
      "name": "javierlarin72@gmail.com",
      "type": "user"
    }
  }
]

Now initiate the process to import your Azure credentials into Juju:

juju add-credential azure

You will first be asked for an arbitrary credential name (e.g. ‘ubuntu’). Secondly, you will be asked to select an ‘Auth Type’ from among the following two methods:

• interactive
• service-principal-secret

The default choice is interactive and it is the recommended method. It is far quicker and easier than the manual service-principal-secret method. Here, we’ll assume that ‘interactive’ has been chosen.

You then will be asked for your subscription id. In the example above, it is ‘f717c8c1-8e5e-4d38-be7f-ed1e1c879e18’. The recommended way is to simply press ‘Enter’ and let the tool automatically retrieve what’s needed. If you do so, after a few seconds you will see the following (assuming ‘ubuntu’ is the credential name):

Credential "ubuntu" added locally for cloud "azure".

You can also verify that the credentials were successfully added by running juju credentials.

Creating a controller

You are now ready to create a Juju controller for cloud ‘azure’:

juju bootstrap azure azure-controller

Above, the name given to the new controller is ‘azure-controller’. Azure will provision an instance to run the controller on.

This will result in the controller environment being visible in the Azure portal.

For a detailed explanation and examples of the bootstrap command see the Creating a controller page.

Azure specific features

Juju supports Azure availability sets. See the Application high availability page for more details.

Next steps

A controller is created with two models - the ‘controller’ model, which should be reserved for Juju’s internal operations, and a model named ‘default’, which can be used for deploying user workloads.

See these pages for ideas on what to do next:

• Juju models
• Applications and charms