Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

First obtain an Azure subscription, then generate an RSA private key and create a self-signed certificate using the key. Then register your self-signed certificate in Microsoft Azure.

Obtain a Subscription ID

Register in Microsoft Azure and obtain a subscription ID, for example.

2f301f4e-32d4-abcd-ae3a-dc0fe95f2877

Generate an RSA private key

Replace "azure_cert" and "private_key_password" with your own values.

Code Block
$ openssl genrsa -des3 -passout pass:private_key_password -out azure_cert.pass.key 2048
$ openssl rsa -passin pass:private_key_password -in azure_cert.pass.key -out azure_cert.key
$ rm azure_cert.pass.key

Example

An example of these steps is:

Code Block
04:03:29 ~/.ssh$  openssl genrsa -des3 -passout pass:private_key_password -out azure_cert.pass.key 2048
Generating RSA private key, 2048 bit long modulus
...........+++
............................+++
e is 65537 (0x10001)
Code Block
04:03:39 ~/.ssh$ openssl rsa -passin pass:private_key_password -in azure_cert.pass.key -out azure_cert.key
writing RSA key
Code Block
04:04:57 ~/.ssh$ rm azure_cert.pass.key

Generate a self-signed certificate

Generate a self-signed certificate that is signed using the generated key.

Replace "azure_cert" with your own value as above.

Openssl will prompt you for details. Azure does not use these details but some of them may be useful in identifying your certificate in the Azure portal.

Code Block
$ openssl req -new -key azure_cert.key -out azure_cert.csr
$ openssl x509 -req -days 365 -in azure_cert.csr -signkey azure_cert.key -out azure_cert.crt
$ openssl x509 -in azure_cert.crt -outform der -out azure_cert.cer

An example of these steps is:

Code Block
04:07:26 ~/.ssh$ openssl req -new -key azure_cert.key -out azure_cert.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:private_key_password
An optional company name []:
Code Block
04:09:42 ~/.ssh$ openssl x509 -req -days 365 -in azure_cert.csr -signkey azure_cert.key -out azure_cert.crt
Signature ok
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
Getting Private key
Code Block
04:10:47 ~/.ssh$ openssl x509 -in azure_cert.crt -outform der -out azure_cert.cer

Register credentials in Azure  

  1. In Azure: Upload certificate to management portal in your subscription as explained here http://msdn.microsoft.com/en-us/library/azure/gg551722.aspx
    1. Go to Settings > Management certificates
    2. Upload your azure_cert.cer file

Add credentials to your tenant 

...

Enter the Access KeyID in the format: {AZURE_SUBSCRIPTION_ID}#{CERTIFICATE} - where {CERTIFICATE} is the content of azure_cert.crt

Code Block
2f301f4e-32d4-abcd-ae3a-dc0fe95f2877#-----BEGIN CERTIFICATE-----
MIIDszCCApugAwIBAgIJAIK3rG0KhXRoMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAkVTMRIwEAYDVQQIDAlCYXJjZWxvbmExEjAQBgNVBAcMCUJhcmNlbG9uYTEP
MA0GA1UECgwGQWJpcXVvMQ8wDQYDVQQLDAZBYmlxdW8xFzAVBgNVBAMMDkRhbmll
bCBFc3RldmV6MB4XDTE0MDgxOTA5Mjg0MVoXDTE1MDgxOTA5Mjg0MVowcDELMAkG
A1UEBhMCRVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBAGA1UEBwwJQmFyY2Vsb25h
MQ8wDQYDVQQKDAZBYmlxdW8xDzANBgNVBAsMBkFiaXF1bzEXMBUGA1UEAwwORGFu
aWVsIEVzdGV2ZXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCueyyw
PB7AIxRVAmPFQXUgTqXRoifj8DIrcLrRTuqs/f4EtzenfJEQNPwDxChN9/VbmpGZ
cMqsue2pJ6Dzu2IHKZgK0gfCq3c7JGuyy9FVaXkqDZJ4dQoNdVpZGs6ElFybgmMr
UuSxPM2ZhWbRvJoiXc9nhm+Xunj9U0PSJPR6s5GLb6ij8mG/vq5Je50lBVdmVhpW
Fs4i3idhvsNjAvyO+rgLSfey8PM1UD5rNVQn8MnT3nuq/lXGLlL97EhexZA8am5z
asdfasdfasdfasdfasdfasdfasdfaP/CWJxd9I/hBdal0eAStKzWe3HeDiKldn+K
/eTpeG0+TBIyZcnDAgMBAAGjUDBOMB0GA1UdDgQWBBSkF8cJnnj+i1rCfVdbFaaX
Qlcm3zAfBgNVHSMEGDAWgBSkF8cJnnj+i1rCfVdbFaaXQlcm3zAMBgNVHRMEBTAD
AQH/MA0GCSqGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw5nnCNa2EIOQGG3OI
aw+SrEqNlbAryfVsZU3IIFEixMMfuR1D1nH1dg7BFTm0auWKarkSYsI0iHcPX3PE
ba77GZ3nCVA7GSw1lx7ZapjGTct/bmh97Z0g3CB77uJipUJh7/ZbDQ3ykAAWpJGF
pDWvIVGZQvwPADxvMKqYc132wFOe0xHqDOgM24PuJh00uu3fpDfJodlz+nowlsTY
Bkzd2V7Tg5nKZYZAXLmBXbIsMMdgJZEL7pTicUyHsXeRLFjPBQ5L9UDINGhLz2i5
S0nviS/RzzMdgIpjZrpHbAN5nQPUMNxVhmxOAVHf5vTk9BKtNCd/
-----END CERTIFICATE-----

Enter the Secret access key in the format {PRIVATE_KEY_FOR _CERTIFICATE} - where {PRIVATE_KEY_FOR _CERTIFICATE} is the content of azure_cert.key

...

Table of Contents

Info

This page describes how to obtain:

  1. Compute credentials for standard accounts and for customers of resellers.

  2. Billing/pricing credentials for standard accounts

For CSP accounts, see Obtain Azure ARM pricing credentials for CSP.

For billing only access for reseller customers, see Add credentials of Azure reseller customers for billing only

Introduction

To work with Azure compute in Abiquo, you'll need to add credentials to your Abiquo enterprise. You can add one set of credentials from one subscription only to each Abiquo enterprise.

  1. Create an Azure Subscription.

    1. You may require separate credentials for some groups of regions, for example, regions in China.

  2. Follow this guide, which describes how to obtain the details of the subscription and create an Application.

  3. After you follow this guide, you'll have the following Azure attributes:

    1. Subscription ID

    2. Application ID

    3. Tenant ID

    4. Application password

    5. Offer ID (optional) for pricing credentials

Note

To use the platform's billing features only (without the compute features), you do not need an ARM application. See Add credentials of reseller customers for billing only

Note

Abiquo provides these instructions as a guide only and we update them occasionally. 

Abiquo recommends that customers follow the instructions of the cloud provider, for example, at the time of writing for Azure:

...

Obtain details of your Azure subscription

To obtain details of your Azure subscription, do the following steps.

  1. Log in to the Azure portal

  2. From the Home view, click the Subscriptions icon. Or in the search box in the top menu bar, enter Subscriptions. Then select Subscriptions

  3. Click on your subscription

    (info) If the subscription does not display, check that you have selected the correct directory. Click on the directory name in the top right corner. From here you can switch directory

    Obtain details of your Azure subscriptionImage Added
  4. Save the Subscription ID to enter in the Abiquo credentials.

  5. If you purchased the subscription directly from Azure, you can also save the Offer ID for the pricing credentials.  

Create an ARM application using Azure portal

Abiquo uses the ARM application ID to access the ARM API and compute features.

Info

To use the platform's billing features only (without the compute features), you do not need an ARM application. See Add credentials of Azure reseller customers for billing only

To create an ARM application using the Azure Portal and obtain details of the application, do these steps.

  1. Log in to the Azure portal

  2. From the Home view, click the Azure Active Directory icon. Or in the search box, enter Azure Active Directory. Select Azure Active Directory

  3. Click App registrations

  4. Click New registration

    Go to App registrations and new registrationImage Added
  5. To register the application, enter a Name, select the Supported account types, and enter a URL. The value of the URL will not be used, so it could be any URL. Click Register

    Register an applicationImage Added
  6. Save the Application (client) ID and the Directory (tenant) ID, because you will need to configure them in Abiquo. Then click Certificates & secrets.

     Save the Application ID and the Directory ID and then go to Certificates and secretsImage Added

  7. To configure the password for the application, click New client secret, which will open the Add a client secret section. Enter a Description and an Expiry duration, then click Add

     Add a client secretImage Added

    The Azure portal will display the password ONCE ONLY. You must use this password in Abiquo, so make sure to save it, because Azure will not display it again.

     Save the application passwordImage Added
  8. Go to the Subscriptions menu, select the subscription you want to associate the application with, and add a new permission for it with these steps.

    1. Select Access control (IAM)

    2. Click Add

    3. Click Add role assignment

    4. In the dialog, select the Contributor role, and in the Select box, enter the name of the application. Then click Save.

      Assign the application to a subscriptionImage Added
  9. Go to the Subscriptions menu and select Resource providers

    1. Search for the Microsoft.Compute provider and click Register to add it for the subscription if it is not already added

    2. Search for the Microsoft.Network provider and click Register to add it for the subscription if it is not already added

Add the Azure ARM compute credentials to Abiquo

Before you add credentials, an administrator must create at least one compatible public cloud region in Azure ARM, and allow your enterprise to access this region. Some regions may require separate credentials, for example regions in China, and you will need to obtain credentials and create these regions separately. See Create a public cloud region .

To connect Abiquo to your Azure ARM account, add the Azure ARM credentials obtained in the above steps to Abiquo, with the following steps.

  1. Log in to Abiquo

  2. Go to Users view

  3. Edit the enterprise and go to Credentials → Public

  4. Select the Azure ARM provider, and enter the credentials in the following format.

    1. Access key ID:

      Code Block
      subscription-id#app-id#tenant-id

      This means you should enter the Subscription ID, Application ID and Tenant ID, as a single string and separate each element with a '#'. For example: 

      Code Block
      566058dd-80bc-4ccc-8d6e-e9ac00c4b4a1#8927a710-4f4d-4d11-811c-94c36e9b2c3f#fbb96b71-f92c-4f78-acf7-cd88bdee36b1

    2. Secret access key: Enter the password for the Application.

  5. Click Add account

...

Add the Azure pricing credentials to Abiquo for standard accounts

Info

This section applies to standard accounts, which were obtained directly from Microsoft and not through a reseller.

For CSP accounts, see Obtain Azure ARM pricing credentials for CSP

Before you add credentials, your administrator must create at least one compatible public cloud region in Azure ARM, and allow your enterprise to access this region. Some regions may require separate credentials, for example regions in China, and you will need to obtain credentials and create these regions separately. See Create a public cloud region

For Azure, the format of the pricing credentials identity for standard Azure accounts is as follows.

  • Access key ID:

    Code Block
    normal#subscription-id#app-id#tenant-id#offer-durable-id

    The text string normal# indicates a standard account. We recommend that you specify the normal# text string, even though it is the default option.

    The offer-Durable-ID is the Offer ID from the Azure portal. See Display Azure billing data  for billing dashboard instructions.  

  • Secret access key: Enter the password for the Application