Azure Providers
Adding Azure Providers
ManageIQ supports Microsoft Azure providers. Before ManageIQ can be authenticated to Microsoft Azure, you must complete a series of prerequisite steps using the Azure portal; see Create Active Directory application and service principal account using the Azure portal. Follow the steps to set up an Azure Active Directory (Azure AD) and assign the required permissions to it, then create an Azure Active Directory application, and obtain the Application ID (Client ID), Directory ID (Tenant ID), Subscription ID, and Key Value (Client Key) that are required to add and connect to the Azure instance as a provider in ManageIQ. Currently, all of these steps can be performed using either the Azure Resource Manager or Service Manager (Classic) mode.
Note:
In the steps described in Create Active Directory application and service principal account using the Azure portal:
-
The Application ID obtained during Get Application ID and Authentication Key is your Client ID. In the same section, after providing a description and a duration for the key, the VALUE displayed after clicking Save is your Client Key. If you choose an expiring key, make sure to note the expiration date, as you will need to generate a new key before that day in order to avoid an interruption.
-
The Directory ID obtained during Get Tenant ID is your Tenant ID. In Azure Active Directory (Azure AD), a tenant is a dedicated instance of the Azure AD service and is representative of an organization. It houses the users in a company and the information about them - their user profile data, permissions, groups, applications, and other information related to an organization and its security. To allow Azure AD users to sign in to your application, you must register your application in a tenant of your own which is assigned a Tenant ID (Directory ID).
-
During Assign Application to Role, select the Contributor role and not the Reader role.
-
To obtain your Subscription ID, log in to the Azure portal and click Subscriptions on the slide-out menu on the left. Find the appropriate subscription and see your Azure Subscription ID associated with it. Note that if the Subscriptions tab is not visible, then click on More services > to find it. The Azure Subscription ID is like a billing unit for all of the services consumed in your Azure account, including virtual machines and storage. The Subscription ID is in the form of a Globally Unique Identifier (GUID).
So, after a service principal account (instance of an application in a directory) has been created using the Azure portal, the following four pieces of information will be available within the Azure AD module.
-
Directory ID (Tenant ID)
-
Subscription ID
-
Application ID (Client ID)
-
Client Key
You can now use these values in the procedure below to add an Azure cloud instance as a provider to ManageIQ.
To Add an Azure Cloud Provider:
-
Browse to menu: Compute > Clouds > Providers.
-
Click Configuration, then click (Add a New Cloud Provider).
-
Enter a Name for the provider.
-
From the Type list, select Azure.
-
Select a region from the Region list. One provider will be created for the selected region.
-
Enter Tenant ID.
-
Enter Subscription ID.
-
Enter Zone.
-
In the Credentials section, enter the Client ID and Client Key; click Validate.
-
Click Add.
Adding Azure Cloud Regions
ManageIQ allows administrators to add additional Azure cloud regions on the appliance server. You can use this capability to add new regions that have been set up since ManageIQ was released. Once added the region it will be available when creating a new Azure provider.
-
Click (Configuration).
-
Click on the Settings accordion, then click ManageIQ Region at the top.
-
Click on the Advanced tab.
-
Search for
:ems_azure:
, and enter the regions you want to add under:additional_regions:
.Example. To add hypothetical `lunar-base-1` `lunar-base-2` regions: :ems_azure: :additional_regions: :lunar-base-1: :name: lunar-base-1 :description: Lunar Base 1 :lunar-base-2: :name: lunar-base-2 :description: Lunar Base 2
-
Click Save.
Disabling Azure Cloud Regions
ManageIQ allows administrators to disable Azure cloud regions on the appliance server. You can use this capability to disable certain classified regions. Once disabled, the region will not be available when adding a new Azure provider.
-
Click (Configuration).
-
Click on the Settings accordion, then click Zones.
-
Click the zone where the ManageIQ server is located, then click on the EVM server.
-
Click on the Advanced tab.
-
Search for
:ems_azure:
, and enter the regions you want to disable under:disabled_regions:
.Example. To disable the `us-gov-arizona` and `us-gov-texas` regions: :ems_azure: :disabled_regions: - us-gov-arizona - us-gov-texas
-
Click Save.