Juju is an open source service modeling and orchestration management tool developed by Canonical Ltd., the company behind Ubuntu. Juju allows software to be quickly deployed, integrated and scaled on a wide choice of cloud services or servers. One of those clouds is, of course, Microsoft Azure.
Juju is one of the new cloud orchestration solutions that are really interesting and that every DevOps, IT should have a look (and use). We can describe Juju has a cloud DevOps program that works at a higher level than Puppet, Chef, Ansible or Salt. Why higher ? Simply because Juju works above them. It’s meant to model, configure and manage services, not machines.
The main objective of this blog post is to explain how to configure Juju 2.x to use Azure as a Cloud Provider and how to start using Juju.
Very important: I will use here Juju 2.X with Linux VM. Why Juju 2.x ? The answer is very simple : Juju 1.x can connect and use Azure but only the Azure Service Model (ASM) that is the old architecture. Last year, a new architecture called ARM (Azure Resource Manager) was globally available and this new architecture is now the right way to use and deploy resources on Azure.
Note: Juju is available on Linux, Mac OS X and Windows –> https://jujucharms.com/docs/devel/reference-releases (go to the bottom of the web page and download version 2.x and not 1.25.x).
- You need a Microsoft Azure Subscription (Sign up for a FREE trial and get $200 to spend on Microsoft Azure cloud computing services)
- You need an Azure Active Directory (If you do know anything about Azure AD, juste go there)
Step 1: Create and prepare an Linux Ubuntu VM running in Azure
Connect to the Azure Portal, Search Ubuntu in Azure Market Place. Select the latest version.
Once VM is deployed and running. Connect it using SSH.
Create a SSH key pair inside the VM :
ssh-keygen -t rsa -b 2048
Step 2: Set up Juju 2.x
sudo add-apt-repository ppa:juju/devel
sudo apt update
sudo apt install juju
Step 3: Add a Microsoft Subscription and Azure Credentials to Juju
List the cloud providers available in Juju
Be aware: Chinese Regions are different (they are operated by ViaNet21 a third party and not directly by Microsoft) and are considered as a special cloud provider.
List Azure regions and associated enpoints
juju show-cloud azure
If the region list is not up to date (it can happen because new Azure regions are or will be available like for example UK, Canada ou South Korea), you can update it with the following command :
To list the credentials that Juju can use to “talk” with cloud providers like Azure, use the following command :
In this example, there are no credentials available for Azure. Next operations will be to connect Juju with at least on Azure Subscription.
To to do that, you need first to setup Azure CLI (Microsoft Azure cross platform command line Interface). This tool needs and uses nodeJS.
sudo apt-get install -y nodejs-legacy npm
sudo npm install -g azure-cli
Switch to ARM (Azure Resource Manager) mode. This is mandatory to be able to use commands for Azure Active Directory.
azure config mode arm
Connect to an Azure subscription
Open a web browser, navigate to https://aka.ms/devicelogin copy and paste the code provided by the azure login command.
Then authenticate yourself with an administrative account of the Azure Subscription. those credentials can be a Azure AD Account or a Microsoft Account.
List the resources providers available on the Azure Subscription
azure provider list
Check that Compute, Network and Storage providers are registered for the Subscription. If not (status is Unregistered), then register those providers using the following commands (Special thanks to Nicolas from Canonical for this really valuable information (if providers are not registered, then you will have many issues).
azure provider register Microsoft.Compute
azure provider register Microsoft.Network
azure provider register Microsoft.Storage
List Azure Subscription that are managed by your account
azure account list
Copy the Azure subscription ID into a variable
Choose a strong password and put it into a variable
In the Azure Active Directory associated with the subscription, create an application (here URL is not important, you can type what you want)
azure ad app create –name “stan3ubuntu.example.com” –home-page “http://stan3ubuntu.example.com” –identifier-uris “http://stan3ubuntu.example.com” –password $APP_PASSWORD
Copy the application ID into a variable
Then create a Service Principal for this application
More information about Service Principal: Application Objects and Service Principal Objects
azure ad sp create $APP_ID
Copy the object ID into a variable
Assign an owner role
azure role assignment create –objectId $OBJ_ID -o Owner -c /subscriptions/$SUB_ID/
List Azure subscription in Juju
azure account show
Copy the Tenant ID (1 Tenant can have many subscriptions) into a variable
Check that authentication done using Service Principal (created previously) is working
azure login -u “$APP_ID” -p “$APP_PASSWORD” –service-principal –tenant “$TENANT_ID”
juju add-credential azure
List credentials availables in Juju
Select the credential to use by default in Juju
juju set-default-credential azure email@example.com
Step 4 : Create a new Juju Controller and default models in an Azure region
juju bootstrap mycloud azure/northeurope
Once deployment is done (it takes between 10 to 15 minutes), you can list Juju controllers :
At this time, there is still no application deployed:
It’s very interesting to spend few minutes on Azure Portal to visualize all resources that were created by Juju 2.x controller bootstrap. We can see that 2 resource groups were created (1 by model) with the following name convention:
juju-admin-model-xxxxxxxxxxxxxxxx or juju-controller-model-xxxxxxxxxxxx: this resource group contains all resources related to the Juju Controller VM
juju-default-model-xxxxxxxxxxxxxxxx : this resource group contains all resources related to VMs that are running applications deployed by Juju.
Note: with Juju 2.x it now possible to create additional model. Each new model will create and use a dedicated resource group with a name like this: juju-modelname-xxxxxxxxxxxxxxx
In our example, we can see 2 resource groups in North Europe region (Dublin)
Resource group juju-controller-model-xxxx contains Juju controler VM’s resources.
Resource group juju-default-model-xxxx contains at this time only 3 resources: an Azure Storage Account, an Azure Virtual Network and a Network Security Group.
Step 5: An application deployment with Juju 2.x
A very simple example to illustrate Juju application deployment: here I will deploy a Mediawiki (standard example used in Canonical Documentation). This application is composed of 2 virtual machines: A mediawiki ans a MySQL)
juju deploy mediawiki-single
To check the status of the application deployment:
Wait a little bit until everything is started and running
juju gui –show-credentials
Open a Web Browser and navigate to Juju GUI
Go back on Azure Portal to see all resources that were created by Juju 2.x during application deployment. Have a look on Network Security Groups –> SSH should be the only allowed inbound traffic.
Open TCP 80 port by adding an NSG inbound rule via the following Juju command:
juju expose mediawiki
Check public IP of Mediawiki
Connect to mediawiki portal
That’s all. Now you can continue with Juju and more advanced applications and services to model and deploy.
Deploying applications: https://jujucharms.com/docs/devel/charms-deploying