iSharkFly-Docs
/
packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5604 from carlosonunez/patch-1 

Add instructions for the Python client.
This commit is contained in:
SwampDragons 2017-11-20 09:57:44 -08:00 committed by GitHub
parent 247da61ad1 a8ff095059
commit 61d8274096
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 91 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
website/source/docs/builders/azure-setup.html.md
View File

@ -63,6 +63,14 @@ If you already have node.js installed you can use `npm` to install `azure-cli`:
$ npm install -g azure-cli --no-progress $ npm install -g azure-cli --no-progress
``` ```
You can also use the Python-based Azure CLI in Docker. It also comes with `jq` pre-installed:
```shell
$ docker run -it azuresdk/azure-cli-python
```
As there are differences between the node.js client and the Python client, we've included commands for the Python client underneath each node.js command.
## Guided Setup ## Guided Setup
The Packer project includes a [setup script](https://github.com/hashicorp/packer/blob/master/contrib/azure-setup.sh) that can help you setup your account. It uses an interactive bash script to log you into Azure, name your resources, and export your Packer configuration. The Packer project includes a [setup script](https://github.com/hashicorp/packer/blob/master/contrib/azure-setup.sh) that can help you setup your account. It uses an interactive bash script to log you into Azure, name your resources, and export your Packer configuration.
@ -80,6 +88,32 @@ $ azure config mode arm
$ azure login -u USERNAME $ azure login -u USERNAME
``` ```
If you're using the Python client:
```shell
$ az login
# To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code CODE_PROVIDED to authenticate
```
Once you've completed logging in, you should get a JSON array like the one below:
```shell
[
{
"cloudName": "AzureCloud",
"id": "$uuid",
"isDefault": false,
"name": "Pay-As-You-Go",
"state": "Enabled",
"tenantId": "$tenant_uuid",
"user": {
"name": "my_email@anywhere.com",
"type": "user"
}
}
]
```
Get your account information Get your account information
``` shell ``` shell
@ -88,6 +122,11 @@ $ azure account set ACCOUNTNAME
$ azure account show --json | jq -r ".[] | .id" $ azure account show --json | jq -r ".[] | .id"
``` ```
Python:
```shell
$ az account set "$(az account list | jq -r '.[].name')"
```
-> Throughout this document when you see a command pipe to `jq` you may instead omit `--json` and everything after it, but the output will be more verbose. For example you can simply run `azure account list` instead. -> Throughout this document when you see a command pipe to `jq` you may instead omit `--json` and everything after it, but the output will be more verbose. For example you can simply run `azure account list` instead.
This will print out one line that look like this: This will print out one line that look like this:
@ -107,6 +146,12 @@ $ azure location list
$ azure group create -n GROUPNAME -l LOCATION $ azure group create -n GROUPNAME -l LOCATION
``` ```
Python:
```shell
$ az group create -n GROUPNAME -l LOCATION
```
Your storage account (below) will need to use the same `GROUPNAME` and `LOCATION`. Your storage account (below) will need to use the same `GROUPNAME` and `LOCATION`.
### Create a Storage Account ### Create a Storage Account
@ -121,9 +166,15 @@ $ azure storage account create \
--kind storage STORAGENAME --kind storage STORAGENAME
``` ```
-> `LRS` is meant as a literal "LRS" and not as a variable. Python:
Make sure that `GROUPNAME` and `LOCATION` are the same as above. ```shell
$ az storage account create -n STORAGENAME -g GROUPNAME -l LOCATION --sku Standard_LRS
```
-> `LRS` and `Standard_LRS` are meant as literal "LRS" or "Standard_LRS" and not as variables.
Make sure that `GROUPNAME` and `LOCATION` are the same as above. Also, ensure that `GROUPNAME` is less than 24 characters long and contains only lowercase letters and numbers.
### Create an Application ### Create an Application
@ -137,6 +188,12 @@ $ azure ad app create \
-p PASSWORD -p PASSWORD
``` ```
Python:
```shell
az ad app create --display-name APPNAME --identifier-uris APPURL --homepage APPURL --password PASSWORD
```
Password is your `client_secret` and can be anything you like. I recommend using `openssl rand -base64 24`. Password is your `client_secret` and can be anything you like. I recommend using `openssl rand -base64 24`.
### Create a Service Principal ### Create a Service Principal
@ -153,6 +210,13 @@ $ azure ad app list --json \
$ azure ad sp create --applicationId APPID $ azure ad sp create --applicationId APPID
``` ```
Python:
```shell
$ id=$(az ad app list | jq -r '.[] | select(.displayName == "Packer") | .appId')
$ az ad sp create --appid "$id"
```
### Grant Permissions to Your Application ### Grant Permissions to Your Application
Finally, we will associate the proper permissions with our application's service principal. We're going to assign the `Owner` role to our Packer application and change the scope to manage our whole subscription. (The `Owner` role can be scoped to a specific resource group to further reduce the scope of the account.) This allows Packer to create temporary resource groups for each build. Finally, we will associate the proper permissions with our application's service principal. We're going to assign the `Owner` role to our Packer application and change the scope to manage our whole subscription. (The `Owner` role can be scoped to a specific resource group to further reduce the scope of the account.) This allows Packer to create temporary resource groups for each build.
@ -164,6 +228,13 @@ $ azure role assignment create \
-c /subscriptions/SUBSCRIPTIONID -c /subscriptions/SUBSCRIPTIONID
``` ```
Python:
```shell
# NOTE: Trying to assign the role to the service principal by name directly yields a HTTP 400 error. See: https://github.com/Azure/azure-cli/issues/4911
$ az role assignment create --assignee "$(az ad sp list | jq -r '.[] | select(.displayName == "APPNAME") | .objectId')" --role Owner
```
There are a lot of pre-defined roles and you can define your own with more granular permissions, though this is out of scope. You can see a list of pre-configured roles via: There are a lot of pre-defined roles and you can define your own with more granular permissions, though this is out of scope. You can see a list of pre-configured roles via:
``` shell ``` shell
@ -175,6 +246,23 @@ $ azure role list --json \
Now (finally) everything has been setup in Azure. Let's get our configuration keys together: Now (finally) everything has been setup in Azure. Let's get our configuration keys together:
Python:
```shell
$ cat <<EOF
> {
> "subscription_id": $(az account show | jq '.id'),
> "client_id": $(az ad app list | jq '.[] | select(.displayName == "Packer") | .appId'),
> "client_secret": "$password",
> "location": "$location",
> "tenant_id": $(az account show | jq '.tenantId')
> "object_id": $(az ad app list | jq '.[] | select(.displayName == "Packer") | .objectId')
> }
> EOF
```
node.js:
Get `subscription_id`: Get `subscription_id`:
``` shell ``` shell
@ -189,6 +277,7 @@ $ azure ad app list --json \
| jq '.[] | select(.displayName | contains("APPNAME")) | .appId' | jq '.[] | select(.displayName | contains("APPNAME")) | .appId'
``` ```
Get `client_secret` Get `client_secret`
This cannot be retrieved. If you forgot this, you will have to delete and re-create your service principal and the associated permissions. This cannot be retrieved. If you forgot this, you will have to delete and re-create your service principal and the associated permissions.