Using Microsoft Azure with Juju
Juju already has knowledge of the Azure cloud, which means adding your Azure account to Juju is quick and easy.
You can see more specific information on Juju’s Azure support (e.g. the supported regions) by running:
juju show-cloud azure
To ensure that Juju’s information is up to date (e.g. new region support), you can update Juju’s public cloud data by running:
juju update-public-clouds
Adding credentials
The Credentials page offers a full treatment of credential management.
Several steps are required to add Azure credentials to Juju:
- Install the CLI tool
- Log in to Azure
- Import the credentials
Azure account credentials have been reported to expire. If a previously working setup suddenly behaves as if incorrect credentials are being used then you may need to update the credentials on the controller. See Updating remote credentials for guidance.
Alternately, you can use your credentials with Juju as a Service, where charms can be deployed within a graphical environment that comes equipped with a ready-made controller.
A Note on Permissions in Locked Down Environments
As of this writing, the Azure account needs, at minimum, the following permissions, in order to enable fully automated provisioning of Virtual Machines with attached storage with Juju. (In most public cloud environments, you’ll have these permissions by default, and can skip this section.)
Microsoft.Compute/skus (read)
Microsoft.Resources/subscriptions/resourceGroups (read, write, delete)
Microsoft.Resources/deployments/ (write/read/delete/cancel/validate)
Microsoft.Network/networkSecurityGroups (write, read, delete, other - join)
Microsoft.Network/virtualNetworks/ (write, read, delete)
Microsoft.Compute/virtualMachineScaleSets/ (write, read, delete, other - start action, other - deallocate action, other - restart action, other powerOff action)
Microsoft.Network/virtualNetworks/subnets/ (read, write, delete, other - join)
Microsoft.Compute/availabilitySets (write, read, delete)
Microsoft.Network/publicIPAddresses (write, read, delete, other - join - optional for public services)
Microsoft.Network/networkInterfaces (write, read, delete, other - join)
Microsoft.Compute/virtualMachines (write, read, delete, other - start, power off, restart, deallocate)
Microsoft.Compute/disks (write, read, delete)
Install the CLI tool
You will need to import your Azure credentials into Juju using the Azure CLI 2.0 tool from Microsoft.
Ubuntu/Linux users can install Azure CLI 2.0 with the following command:
curl -L https://aka.ms/InstallAzureCli | bash
For instructions that cover installing Azure CLI on Microsoft Windows and Apple macOS, see Microsoft’s Install Azure CLI 2.0 documentation.
If the installer encounters any difficulties it will let you know. Examples include the inability to find your system’s Python interpreter or missing software dependencies. Run any commands that the installer suggests in order to rectify these deficiencies. You may need to prepend sudo
to some commands (only do this if needed). After each command, rerun the above curl
command. Accept the suggested default answers to any questions it may ask (by just pressing ‘Enter’).
The following commands were run (May 21, 2019) prior to the curl
command on Ubuntu 18.04.2 LTS and the command completed without error:
sudo ln -s /usr/bin/python3 /usr/bin/python
sudo apt install python3-distutils gcc python3-dev
At the end you will be asked to run exec -l $SHELL
to restart your shell.
Verify that the tool is properly installed by running az --version
.
Log in to Azure
Log in to your Azure account in order to display the credentials that you will, in turn, provide to Juju:
az login
This will output a URL and a code, for example:
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code D6FRLOY6U to authenticate.
After entering the code the web site should show ‘Microsoft Azure Cross-platform Command Line Interface’. Press the ‘Continue’ button. The resulting page will ask you to “Pick an account”. This is just the email address that you’ve associated with your Azure account. Click on it. You are now logged in to your Azure account.
Import the credentials
Back on the command line, the output from az login
should now display your Azure account information:
[
{
"cloudName": "AzureCloud",
"id": "f717c8c1-8e5e-4d38-be7f-ed1e1c879e18",
"isDefault": true,
"name": "Pay-As-You-Go",
"state": "Enabled",
"tenantId": "0fb95fd9-f42f-4c78-94c9-e3d01c2bc5af",
"user": {
"name": "javierlarin72@gmail.com",
"type": "user"
}
}
]
Now initiate the process to import your Azure credentials into Juju:
juju add-credential azure
You will first be asked for an arbitrary credential name (e.g. ‘ubuntu’). Secondly, you will be asked to select an ‘Auth Type’ from among the following two methods:
- interactive
- service-principal-secret
The default choice is interactive
and it is the recommended method. It is far quicker and easier than the manual service-principal-secret
method. Here, we’ll assume that ‘interactive’ has been chosen.
For guidance on the manual method, see Manually adding Azure credentials. Use this method if the interactive option fails, or if you want to automate the configuration process.
You then will be asked for your subscription id. In the example above, it is ‘f717c8c1-8e5e-4d38-be7f-ed1e1c879e18’. The recommended way is to simply press ‘Enter’ and let the tool automatically retrieve what’s needed. If you do so, after a few seconds you will see the following (assuming ‘ubuntu’ is the credential name):
Credential "ubuntu" added locally for cloud "azure".
You may once again be asked to visit the https://microsoft.com/devicelogin site and enter a code. In this case it is important to verify that the credential process is complete before closing the authentication window.
You can also verify that the credentials were successfully added by running juju credentials
.
Creating a controller
You are now ready to create a Juju controller for cloud ‘azure’:
juju bootstrap azure azure-controller
Above, the name given to the new controller is ‘azure-controller’. Azure will provision an instance to run the controller on.
This will result in the controller environment being visible in the Azure portal.
For a detailed explanation and examples of the bootstrap
command see the Creating a controller page.
Azure specific features
Juju supports Azure availability sets. See the Application high availability page for more details.
Azure accounts are initially limited to 10 cores (trial accounts can be even lower). You will need to file a support ticket with Azure to raise your quota limit.
Next steps
A controller is created with two models - the ‘controller’ model, which should be reserved for Juju’s internal operations, and a model named ‘default’, which can be used for deploying user workloads.
See these pages for ideas on what to do next:
Last updated 4 months ago.