Search <book_title>...

Cluster Server 8.0 Bundled Agents Reference Guide - Windows

Last Published: 2021-12-21

Product(s): InfoScale & Storage Foundation (8.0)

Platform: Windows

AzureAuth agent

To perform any operation on Azure resources, such as updating a resource record set, attaching an Azure data disk, assigning a private IP to a Network Interface, and so on requires you to authenticate that you are an authorized Azure user.

AzureAuth agent authenticates the Azure subscription using service principal credentials.

AzureAuth agent is a persistent resource that monitors the validity of service principal credentials.

Prerequisites

Create the service principal from the Azure portal and assign the application to a role. For details, refer to the Microsoft Azure documentation.
Ensure that the credentials that are passed on to the AzureAuth agent have at least the minimum required role assigned to service principal.
The minimum roles required for each agent are:
- AzureIP: Network Contributor and Virtual Machine Contributor
- AzureDisk
  - Un-Managed Disks: Virtual Machine Contributor
  - Managed Disks: Contributor
- AzureDNSZone: DNS Zone Contributor
Obtain the authentication keys (SubscriptionId, ClientId, SecretKey, and TenantId).
See “To obtain the Azure authentication keys”.
Ensure that the virtual machine has access to the internet, which is required to install the necessary Python modules.
Upgrade pip to 21.1.2.
C:\Program Files\Veritas\VRTSPython>python -m pip install --upgrade pip==21.1.2
Install Python SDK for Azure on all cluster nodes.
Python SDK can be installed with pip as follows:
C:\Program Files\Veritas\VRTSPython>python -m pip install azure-common==1.1.25
C:\Program Files\Veritas\VRTSPython>python -m pip install azure-core==1.10.0
C:\Program Files\Veritas\VRTSPython>python -m pip install azure-identity==1.4.1
C:\Program Files\Veritas\VRTSPython>python -m pip install azure-mgmt-compute==19.0.0
C:\Program Files\Veritas\VRTSPython>python -m pip install azure-mgmt-core==1.2.2
C:\Program Files\Veritas\VRTSPython>python -m pip install azure-mgmt-dns==8.0.0
C:\Program Files\Veritas\VRTSPython>python -m pip install azure-mgmt-network==17.1.0
C:\Program Files\Veritas\VRTSPython>python -m pip install azure-storage-blob==12.8.0
C:\Program Files\Veritas\VRTSPython>python -m pip install msrestazure==0.6.4

Dependency

The AzureAuth agent is not dependent on any other resources.

Agent functions

Monitor

Validates the service principal credentials with Azure.

State definitions

ONLINE	Indicates that the service principal credentials are valid.
UNKNOWN	Indicates that one of the following is true: The service principal credentials are invalid The service principal credentials were modified or deleted after the resource reported ONLINE The service principal credentials are expired

Attributes

Table: Required attributes

Attribute	Description
SubscriptionId	Identifier that uniquely identifies your Azure subscription. Type and dimension: string-scalar
ClientId	Identifier of the Azure Active Directory (AAD) Application. Type and dimension: string-scalar
SecretKey	Authentication key generated for the AAD application. You must encrypt this secret key using the vcsencrypt -agent command. Type and dimension: string-scalar
TenantId	Identifier of the AAD directory in which you created the application. Type and dimension: string-scalar

Resource type definition

type AzureAuth (
    static i18nstr ArgList[] = { SubscriptionId, ClientId, SecretKey, 
      TenantId }
    static str Operations = None
    str SubscriptionId
    str ClientId
    str SecretKey
    str TenantId
)

Sample configuration

AzureAuth Auth_Res (
    SubscriptionId = 2dfgg136-fgh6-40dd-b616-c1e9abdf1d63
    ClientId = 123456-d10a-4704-8986-beb86739104d
    SecretKey = fntPgnUnhTprQrqrnRonSlhPhrQpiNtrItpRhnGrrNklFngLs
    TenantId = 12345-0528-4308-brf03-6667d61dd0e3
)

Obtaining authentication keys

To obtain the Azure authentication keys

Perform the following to obtain the authentication keys :

Task	Procedure
To obtain the SubscriptionId	In the left navigation pane, click Subscriptions. A list of your subscriptions is displayed along with the subscription IDs. Copy and provide this Id as SubscriptionId to the AzureAuth agent.
To obtain the TenantID	In the left navigation panel, click Azure Active Directory. On the page that opens, click Properties. Copy the Directory ID. Provided this Id as TenantID to the AzureAuth agent.
To obtain the ClientId	In the left navigation panel, click Azure Active Directory. On the page that opens, click App registrations. Search and select your application (service principal) from the list of applications. Copy the Application ID. Provide this Id as the ClientId to the AzureAuth agent.
To obtain the SecretKey	From App registrations in Azure Active Directory, search and select your application. Under Settings, select Keys. Provide a description of the key, and the expiry duration for the key. Click Save. The key is displayed. Note: Ensure that you copy and store the key value. You cannot retrieve the key later. Encrypt the key using: vcsencrypt -agent < Secret Key>. Provide the encrypted key to the AzureAuth agent as the SecretKey.