Using the Microsoft Azure public cloud
Juju already has knowledge of the Azure cloud, which means adding your Azure account to Juju is quick and easy.
You can see more specific information on Juju's Azure support (e.g. the supported regions) by running:
juju show-cloud azure
If at any point you believe Juju's information is out of date (e.g. Azure just announced support for a new region), you can update Juju's public cloud data by running:
juju update-clouds
Credentials
Before you can use Azure with Juju, you will need to import your Azure account credentials into Juju and retrieving those credentials is easy, thanks to Microsoft's Azure CLI 2.0.
Ubuntu/Linux users can install Azure CLI 2.x with the following command:
curl -L https://aka.ms/InstallAzureCli | bash
Accept the default options when asked for install locations and allow the
installer to update your $PATH. Finally, run exec -l $SHELL to restart your
shell. Typing az --version will show you now have Azure CLI 2.x installed.
For instructions that cover installing Azure CLI on Microsoft Windows and Apple macOS, see Microsoft's Install Azure CLI 2.0 documentation.
With Azure CLI installed, you can login to your Azure account by entering the following command:
az login
The above command will prompt you to open a browser with a specific URL and enter a provided authentication code.
After entering the code and pressing continue, you will be asked to select the Microsoft account you'd like associated with the Azure CLI.
Back on the command line, the output from az login will have concluded by
displaying the credentials for your account:
[
{
"cloudName": "AzureCloud",
"id": "f717c8c1-8e5e-4d38-be7f-ed1e1c879e18",
"isDefault": true,
"name": "Pay-As-You-Go",
"state": "Enabled",
"tenantId": "0fb95fd9-f42f-4c78-94c9-e3d01c2bc5af",
"user": {
"name": "javierlarin72@gmail.com",
"type": "user"
}
}
]
Your Azure credentials can now be added to Juju by running the command:
juju add-credential azure
You will first be asked for an arbitrary credential name, which you choose for yourself. This will be how you remember and refer to this Azure credential in Juju. The second question will ask you to select an 'Auth Type' from the following two options:
- interactive
- service-principal-secret
The default option is interactive and you can either type 'interactive' or
press 'Enter' to continue.
The 'interactive' option is far quicker and easier than manually adding credentials via the 'service-principal-secret' option, but instructions for this are covered in the Manually adding credentials section below. Follow this manual process if the 'interactive' option fails, or you want to configure automated testing in a new environment.
You then will be asked for your Azure subscription id (id from the
az login credentials output, as shown above). Entering this is optional, as your Azure
credentials will be automatically retrieved by Juju by pressing enter.
Once the authentication is successful, you will see the following:
Credentials added for cloud azure.
If you want to check that the credentials were successfully added, use the
juju credentials command. You will see your Azure credentials listed.
You can now start using Juju with your Azure cloud.
Create controller
juju bootstrap azure mycloud
A successful bootstrap will result in the controller environment being visible in the Azure portal.
Note: By default new Azure accounts are limited to 10 cores. You may need to file a support ticket with Azure to raise this limit for your account if you are deploying many or large applications.
Manually adding credentials
The manual option is useful if Juju fails to automatically gather your credentials, or if you want to automate the process within a testing environment.
Selecting the service-principal-secret authentication option when running
juju add-credential azure will require you to configure and retrieve specific
details from your Azure cloud:
- application-id
- subscription-id
- application-password
In the sections below, we will assign each of these a variable name. When you enter them into the command, replace the variable name we give with the actual ID that corresponds to the variable.
Note:
Make sure you have the Azure CLI installed and that you've used az login
to authorize the session. See Credentials above for more
details.
subscription-id
List your account. Note the subscription ID, the SUB_ID.
az account list
SUB_ID will appear on the line labelled id:
[
{
"cloudName": "AzureCloud",
"id": "f717c8c1-8e5e-4d38-be7f-ed1e1c879e18",
"isDefault": true,
"name": "Pay-As-You-Go",
"state": "Enabled",
"tenantId": "0fb95fd9-f42f-4c78-94c9-e3d01c2bc5af",
"user": {
"name": "javierlarin72@gmail.com",
"type": "user"
}
}
]
In our sample, SUB_ID is the second line line, so:
SUB_ID=f717c8c1-8e5e-4d38-be7f-ed1e1c879e18
application-password and application-id
Create a password for the application to use. In our sample:
APP_PASSWORD=some_password
Now create an Active Directory (Kerberos) server principal and grant the required resource permissions by assigning a role of Owner:
az ad sp create-for-rbac --name "ubuntu.example.com" --password $APP_PASSWORD --role Owner
The --name option is arbitrary but you should use a unique value that makes
sense for your environment. The command output will be similar to the
following:
{
"appId": "01dfe0e9-f088-4d00-9fcf-2129de64d5d3",
"displayName": "ubuntu.example.com",
"name": "http://ubuntu.example.com",
"password": "$APP_PASSWORD",
"tenant": "0fb95fd9-f42f-4c78-94c9-e3d01c2bc5af"
}
We'll be using the value that follows appId as APP_ID and tenant as TENANT_ID.
You can now test these values by logging in using the application principal as your identity:
az login --service-principal \
-u "$APP_NAME" \
-p "$APP_PASSWORD" \
--tenant "$TENANT_ID"
Command output will look similar to the following:
[
{
"cloudName": "AzureCloud",
"id": "49d8c50b-e693-4be8-b906-c7a859149486",
"isDefault": true,
"name": "Pay-As-You-Go",
"state": "Enabled",
"tenantId": "0fb95fd9-f42f-4c78-94c9-e3d01c2bc5af",
"user": {
"name": "http://ubuntu2.example.com",
"type": "servicePrincipal"
}
}
]
You can now run the interactive juju add-credential azure command. Select
service-principal-secret as the Auth Type, and supply the following details,
discovered above, when asked:
- APP_ID
- SUB_ID
- APP_PASSWORD
A typical add-credential step-through will look similar to the following:
Enter credential name: az-manual
Auth Types
interactive
service-principal-secret
Select auth type [interactive]: service-principal-secret
Enter application-id: http://ubuntu.example.com
Enter subscription-id: 49d8c50b-e693-4be8-b906-c7a859149486
Enter application-password: $APP_PASSWORD
Credentials added for cloud azure.
You can now create the controller.
Alternately, you can also use this credential with Juju as a Service and create and deploy your model using its GUI.
Note:
If you add more than one credential, you will also need to set the
default one to use with juju set-default-credential
Compatibility with older versions of Juju
Juju 2.x support for Azure is backwards compatible with older versions of Juju but supports several additional features, in particular, support for unit placement (i.e. units can be deployed to specific existing machines). In lieu of this, the old default behaviour is used: units of an application will be allocated to machines in an application-specific Availability Set. Read the Azure SLA to learn how availability sets affect uptime guarantees.