Miasma Azure
Azure API plugin for the miasma cloud library
Current support matrix
Model | Create | Read | Update | Delete |
---|---|---|---|---|
AutoScale | ||||
BlockStorage | ||||
Compute | ||||
DNS | ||||
LoadBalancer | ||||
Network | ||||
Orchestration | X | X | X | X |
Queues | ||||
Storage | X | X | X | X |
Configuration via Microsoft Azure portal
Below you will find the steps to configure a Account Active Directory and Subscriptions via the New Azure Resource Manager (ARM) Portal so they can be accessed and managed with this miasma based cloud library.
Credentials for the Azure Resource Manager require some setup within Azure due to OAuth2 requirements. To setup an OAuth2 application and storage configuration allowing miasma to function properly, perform the following steps listed below using the Azure portal hosted on the following URL: https://portal.azure.com
IMPORTANT - Your user account will need to Azure Active Directory domain adminstrator and have owner
role within the subscriptions which you wish to deploy Infrastructure with using this libary.
1. Setting the Azure Blob storage account
You will also need to setup a Azure Blob storage account to hold the ARM template & other configuration files. The easiest way to create an Azure storage account is by using the Azure portal for detailed instructions, see Create a storage account. You can also create an Azure storage account by using the latest Azure CLI.
When you create a storage account, Azure generates two 512-bit storage access keys, which are used for authentication when the storage account is accessed. Your need to set the environment variable AZURE_BLOB_SECRET_KEY
to use one of the storage access keys and in additon your need to set the environment variable AZURE_BLOB_ACCOUNT_NAME
to the name you gave your Azure Blob storage account.
2. Setting the Azure region for your deployments
The AZURE_REGION
environment variable is simply the Azure region (westus
, eastus
, etc.) where you want to deploy your infrastructure within the Microsoft Azure Cloud platform. The list of regions can be viewed via the Azure CLI. Once you have signed in to the CLI tool you can get the list of current Azure regions by running the following command az account list-locations
. You will need to use the name
property for the specific region you wish to use.
3. Getting the Azure Active Directory ID
- Start at the Azure portal dashboard
- Click
Browse
to open available service list - Click
Azure Active Directory
to open AD service - Choose desired directory and then open
Properties
- Copy the
Directory ID
value - Set the
AZURE_TENANT_ID
environment variable to use the copied value
4. Getting the Azure Subscription ID
- Start at the Azure portal dashboard
- Click
Browse
to open available service list - Click
Subscriptions
to open the subscriptions management blade - Choose desired subscription and then open
Properties
- Copy the
Subscription ID
value - Set the
AZURE_SUBSCRIPTION_ID
environment variable to use the copied value
5. Creating an Azure Active Directory OAuth2 application
- Start at the Azure portal dashboard
- . Click
Browse
to open available service list - Click
Azure Active Directory
to open AD service - Choose desired directory and then open
App registrations
- At the top of the blade click
+ ADD
- Add a friendly name for the application e.g.
SparkleFormation
- Select
Web app / API
for the application type - Enter
http://localhost
for the sign-on URL - Then click
CREATE
the bottom of the blade. - Open
App registrations
blade - Find your application you created (e.g.
SparkleFormation
) - Choose desired application and then click the
Properties
option. - Copy the
Application ID
value - Set the
AZURE_CLIENT_ID
environment variable to use the copied value
6. Setting OAuth2 application required permissions
- Start at the Azure portal dashboard
- Click
Browse
to open available service list - Click
Azure Active Directory
to open AD service - Choose desired directory and then open
App registrations
- Next select the newly create application (e.g.
SparkleFormation
) - Locate the section named
Required permissions
. - At the top of the blade click
+ ADD
- Open the
1. Select an API
blade - Select the
Windows Azure Service Management API
- Click
Select
at the the bottom of the blade - Next open the
2. Select permissions
blade - Check the box next to
Access Azure Service Management as organization users
- Click
Select
at the the bottom of the blade - Click
Done
to finish adding the permission
7. Creating a client secret key for the OAuth2 application
- Start at the Azure portal dashboard
- Click
Browse
to open available service list - Click
Azure Active Directory
to open AD service - Choose desired directory and then open
App registrations
- Next select the newly create application (e.g.
SparkleFormation
) - Locate the section named
keys
. - For the description put in your full name or some other useful identifier.
- Select
1 year
,2 years
ornever expire
from the drop down. - Click
SAVE
at the top of the screen - Copy the key value as it only visible until you leave this blade.
- Set the
AZURE_CLIENT_SECRET
environment variable to use the copied value
8. Granting Azure Subscription role to the OAuth2 application
- Start at the Azure portal dashboard
- Click
Browse
to open available service list - Click
Subscriptions
to open the subscriptions management blade - Click desired subscription and then open
Access Control (IAM)
- Click
Add
and select an appropriate role (Owner
role recommended) - Type in the name of the application (e.g.
SparkleFormation
) in the search box. - Click on the appropriate user in the list and then click
Select
- Click
OK
in the Add Access panel. - The changes will now be saved
SparkleFormation CLI configuration example
Below is an example of SparkleFormation CLI .sfn
file credentials tailed to use this cloud libary. The azure_root_orchestration_container
property defaults to "miasma-orchestration-templates" if not configured.
Configuration.new do
credentials do
provider :azure
azure_tenant_id ENV['AZURE_TENANT_ID']
azure_client_id ENV['AZURE_CLIENT_ID']
azure_subscription_id ENV['AZURE_SUBSCRIPTION_ID']
azure_client_secret ENV['AZURE_CLIENT_SECRET']
azure_region ENV['AZURE_REGION']
azure_blob_account_name ENV['AZURE_BLOB_ACCOUNT_NAME']
azure_blob_secret_key ENV['AZURE_BLOB_SECRET_KEY']
azure_root_orchestration_container ENV['AZURE_ROOT_ORCHESTRATION_CONTAINER']
end
end
Info
- Repository: https://github.com/miasma-rb/miasma-azure