InfoScale™ Cluster Server 9.0 Bundled Agents Reference Guide - Linux
- Introducing bundled agents
- Storage agents
- DiskGroup agent
- DiskGroupSnap agent
- Notes for DiskGroupSnap agent
- Sample configurations for DiskGroupSnap agent
- Volume agent
- VolumeSet agent
- Sample configurations for VolumeSet agent
- LVMLogicalVolume agent
- LVMVolumeGroup agent
- LVMVolumeGroup agent notes
- Sample configurations for LVMVolumeGroup agent
- Mount agent
- Sample configurations for Mount agent
- VMwareDisks agent
- SFCache agent
- Network agents
- About the network agents
- IP agent
- NIC agent
- Notes for the NIC agent
- Sample configurations for NIC agent
- IPMultiNIC agent
- MultiNICA agent
- IP Conservation Mode (ICM) for MultiNICA agent
- Performance Mode (PM) for MultiNICA agent
- Sample configurations for MultiNICA agent
- DNS agent
- Agent notes for DNS agent
- About using the VCS DNS agent on UNIX with a secure Windows DNS server
- Sample configurations for DNS agent
- AWSIP agent
- AWSRoute53 agent
- AzureDNSZone agent
- File share agents
- NFS agent
- NFSRestart agent
- Share agent
- About the Samba agents
- NetBios agent
- Service and application agents
- Apache HTTP server agent
- Application agent
- Notes for Application agent
- Sample configurations for Application agent
- AzureAuth agent
- CoordPoint agent
- KVMGuest agent
- Notes for KVMGuest agent
- Sample configurations for KVMGuest environment
- Sample configurations for RHEV environment
- Process agent
- Usage notes for Process agent
- Sample configurations for Process agent
- ProcessOnOnly agent
- RestServer agent
- Infrastructure and support agents
- Testing agents
- Replication agents
- RVG agent
- RVGPrimary agent
- RVGSnapshot
- RVGShared agent
- RVGLogowner agent
- RVGSharedPri agent
- VFRJob agent
- Dependencies for VFRJob agent
- Notes for the VFRJob agent
AzureAuth agent
You may need to perform different operations in Azure such as updating a resource record set, attaching an Azure data disk, or assigning a private IP to a network interface. Performing any operations on Azure resources requires that you authenticate yourself as an authorized Azure user.
AzureAuth agent authenticates the Azure subscription using service principal credentials.
AzureAuth agent is a persistent resource that monitors the validity of service principal credentials.
Note:
For using managed identify-based authentication, refer to the following:
Create the service principal from the Azure portal and assign the application to a role. For details, refer to the Microsoft Azure documentation.
Ensure that the credentials that are passed on to the AzureAuth agent have at least the minimum required role assigned to service principal.
The minimum roles that are required for each agent are:
AzureIP: Network Contributor and Virtual Machine Contributor
AzureDisk
Un-Managed Disks: Virtual Machine Contributor
Managed Disks: Contributor
AzureDNSZone: DNS Zone Contributor
Obtain the authentication keys (SubscriptionId, ClientId, SecretKey, and TenantId).
Ensure that the virtual machine has access to the internet, which is required to install the necessary Python modules.
Install Python SDK for Azure on all cluster nodes.
Python SDK can be installed with pip as follows:
# /opt/VRTSpython/bin/pip install azure-common==1.1.28
# /opt/VRTSpython/bin/pip install azure-core==1.26.4
# /opt/VRTSpython/bin/pip install azure-identity==1.12.0
# /opt/VRTSpython/bin/pip install azure-mgmt-compute==29.1.0
# /opt/VRTSpython/bin/pip install azure-mgmt-core==1.4.0
# /opt/VRTSpython/bin/pip install azure-mgmt-dns==8.0.0
# /opt/VRTSpython/bin/pip install azure-mgmt-network==23.0.0
# /opt/VRTSpython/bin/pip install azure-storage-blob==12.16.0
# /opt/VRTSpython/bin/pip install msrestazure==0.6.4
To install Azure Python SDK, the following packages are required:
libffi-devel
gcc
openssl-devel
To support Azure Private DNS Zone, following API must be installed:
azure-mgmt-privatedns.
The AzureAuth agent is not dependent on any other resources.
Monitor | Validates the service principal credentials with Azure. |
ONLINE | Indicates that the service principal credentials are valid. |
UNKNOWN | Indicates that one of the following is true:
|
Table: Required attributes
Attribute | Description |
---|---|
SubscriptionId | Identifier that uniquely identifies your Azure subscription. Type and dimension: string-scalar |
ClientId | Identifier of the Azure Active Directory (AAD) Application. Type and dimension: string-scalar |
SecretKey | Authentication key that is generated for the AAD application. You must encrypt this secret key using the vcsencrypt -agent command. Type and dimension: string-scalar |
TenantId | Identifier of the AAD directory in which you created the application. Type and dimension: string-scalar |
type AzureAuth ( static str ArgList[] = { SubscriptionId, ClientId, SecretKey, TenantId } static str Operations = None str SubscriptionId str ClientId str SecretKey str TenantId )
AzureAuth Auth_Res ( SubscriptionId = 2dfgg136-fgh6-40dd-b616-c1e9abdf1d63 ClientId = 123456-d10a-4704-8986-beb86739104d SecretKey = fntPgnUnhTprQrqrnRonSlhPhrQpiNtrItpRhnGrrNklFngLs TenantId = 12345-0528-4308-brf03-6667d61dd0e3 )
To obtain the Azure authentication keys
- Log in to the Azure portal.
- Perform the following to obtain the authentication keys :
Task
Procedure
To obtain the SubscriptionId
In the left navigation pane, click Subscriptions. A list of your subscriptions is displayed along with the subscription IDs.
Copy and provide this Id as SubscriptionId to the AzureAuth agent.
To obtain the TenantID
In the left navigation panel, click Azure Active Directory.
On the page that opens, click Properties.
Copy the Directory ID.
Provided this Id as TenantID to the AzureAuth agent.
To obtain the ClientId
In the left navigation panel, click Azure Active Directory.
On the page that opens, click App registrations.
Search and select your application (service principal) from the list of applications.
Copy the Application ID.
Provide this Id as the ClientId to the AzureAuth agent.
To obtain the SecretKey
From App registrations in Azure Active Directory, search and select your application.
Under Settings, select Keys.
Provide a description of the key, and the expiry duration for the key.
Click Save. The key is displayed.
Note:
Ensure that you copy and store the key value. You cannot retrieve the key later.
Encrypt the key using:
vcsencrypt -agent < Secret Key>.
Provide the encrypted key to the AzureAuth agent as the SecretKey.