Juju is an open source service modeling and orchestration management tool developed by Canonical Ltd., the company behind Ubuntu. Juju allows software to be quickly deployed, integrated and scaled on a wide choice of cloud services or servers. One of those clouds is, of course, Microsoft Azure.

Juju is one of the new cloud orchestration solutions that are really interesting and that every DevOps, IT should have a look (and use). We can describe Juju has a cloud DevOps program that works at a higher level than Puppet, Chef, Ansible or Salt. Why higher ? Simply because Juju works above them. It’s meant to model, configure and manage services, not machines.

The main objective of this blog post is to explain how to configure Juju 2.x to use Azure as a Cloud Provider and how to start using Juju.

Very important: I will use here Juju 2.X with Linux VM. Why Juju 2.x ? The answer is very simple : Juju 1.x can connect and use Azure but only the Azure Service Model (ASM) that is the old architecture. Last year, a new architecture called ARM (Azure Resource Manager) was globally available and this new architecture is now the right way to use and deploy resources on Azure.

Note: Juju is available on Linux, Mac OS X and Windows –> https://jujucharms.com/docs/devel/reference-releases (go to the bottom of the web page and download version 2.x and not 1.25.x).

Mandatory prerequisites:

• You need a Microsoft Azure Subscription (Sign up for a FREE trial and get $200 to spend on Microsoft Azure cloud computing services)
• You need an Azure Active Directory (If you do know anything about Azure AD, juste go there)

Step 1: Create and prepare an Linux Ubuntu VM running in Azure

Connect to the Azure Portal, Search Ubuntu in Azure Market Place. Select the latest version.

Once VM is deployed and running. Connect it using SSH.

Create a SSH key pair inside the VM :
ssh-keygen -t rsa -b 2048

Step 2: Set up  Juju 2.x

sudo add-apt-repository ppa:juju/devel

sudo apt update

sudo apt install juju

Step 3: Add a Microsoft Subscription and Azure Credentials to Juju

List the cloud providers available in Juju
juju list-clouds

Be aware: Chinese Regions are different (they are operated by ViaNet21 a third party and not directly by Microsoft) and are considered as a special cloud provider.

List Azure regions and associated enpoints
juju show-cloud azure

If the region list is not up to date (it can happen because new Azure regions are or will be available like for example UK, Canada ou South Korea), you can update it with the following command :

juju update-clouds

To list the credentials that Juju can use to “talk” with cloud providers like Azure, use the following command :
juju list-credentials

In this example, there are no credentials available for Azure. Next operations will be to connect Juju with at least on Azure Subscription.

To to do that, you need first to setup Azure CLI (Microsoft Azure cross platform command line Interface). This tool needs and uses nodeJS.
sudo apt-get install -y nodejs-legacy npm
sudo npm install -g azure-cli

Switch to ARM (Azure Resource Manager) mode. This is mandatory to be able to use commands for Azure Active Directory.

azure config mode arm

Connect to an Azure subscription
azure login

Open a web browser, navigate to https://aka.ms/devicelogin copy and paste the code provided by the azure login command.

Then authenticate yourself with an administrative account of the Azure Subscription. those credentials can be a Azure AD Account or a Microsoft Account.

List the resources providers available on the Azure Subscription

azure provider list

Check that Compute, Network and Storage providers are registered for the Subscription. If not (status is Unregistered), then register those providers using the following commands (Special thanks to Nicolas from Canonical for this really valuable information (if providers are not registered, then you will have many issues).

azure provider register Microsoft.Compute
azure provider register Microsoft.Network
azure provider register Microsoft.Storage

List Azure Subscription that are managed by your account
azure account list

Copy the Azure subscription ID into a variable
SUB_ID=f885b031-4059-xxxx-xxxx-eb77ae16cc26

Choose a strong password and put it into a variable
APP_PASSWORD=Monmotdepasse2016

In the Azure Active Directory associated with the subscription, create an application (here URL is not important, you can type what you want)

azure ad app create –name “stan3ubuntu.example.com” –home-page “http://stan3ubuntu.example.com” –identifier-uris “http://stan3ubuntu.example.com” –password $APP_PASSWORD

Copy the application ID into a variable
APP_ID=0ed3dc9c-eaf6-4912-a5a7-a74673ad5034

Then create a Service Principal for this application

More information about Service Principal: Application Objects and Service Principal Objects

azure ad sp create $APP_ID

Copy the object ID into a variable
OBJ_ID=15126205-7d3c-4143-9973-ad9999a8c314

Assign an owner role
azure role assignment create –objectId $OBJ_ID -o Owner -c /subscriptions/$SUB_ID/

List Azure subscription in Juju
azure account show

Copy the Tenant ID (1 Tenant can have many subscriptions) into a variable
TENANT_ID=72f988bf-86f1-41af-91ab-2d7cd011db47

Check that authentication done using Service Principal (created previously) is working
azure login -u “$APP_ID” -p “$APP_PASSWORD” –service-principal –tenant “$TENANT_ID”

juju add-credential azure

List credentials availables in Juju
juju list-credentials

Select the credential to use by default in Juju
juju set-default-credential azure squasta@microsoft.com

Step 4 : Create a new Juju Controller and default models in an Azure region

juju bootstrap mycloud azure/northeurope

Once deployment is done (it takes between 10 to 15 minutes), you can list Juju controllers :

juju list-controllers

At this time, there is still no application deployed:

juju status

It’s very interesting to spend few minutes on Azure Portal to visualize all resources that were created by Juju 2.x controller bootstrap. We can see that 2 resource groups were created (1 by model) with the following name convention:

juju-admin-model-xxxxxxxxxxxxxxxx or juju-controller-model-xxxxxxxxxxxx: this resource group contains all resources related to the Juju Controller VM

juju-default-model-xxxxxxxxxxxxxxxx : this resource group contains all resources related to VMs that are running applications deployed by Juju.

Note: with Juju 2.x it now possible to create additional model. Each new model will create and use a dedicated resource group with a name like this: juju-modelname-xxxxxxxxxxxxxxx

In our example, we can see 2 resource groups in North Europe region (Dublin)

Resource group juju-controller-model-xxxx contains Juju controler VM’s resources.

Resource group juju-default-model-xxxx contains at this time only 3 resources: an Azure Storage Account, an Azure Virtual Network and a Network Security Group.

Step 5: An application deployment with Juju 2.x

A very simple example to illustrate Juju application deployment: here I will deploy a Mediawiki (standard example used in Canonical Documentation). This application is composed of 2 virtual machines: A mediawiki ans a MySQL)

juju deploy mediawiki-single

To check the status of the application deployment:

juju status

Wait a little bit until everything is started and running

juju gui –show-credentials

Open a Web Browser and navigate to Juju GUI

Go back on Azure Portal to see all resources that were created by Juju 2.x during application deployment. Have a look on Network Security Groups –> SSH should be the only allowed inbound traffic.

Open TCP 80 port by adding an NSG inbound rule via the following Juju command:

juju expose mediawiki

Check public IP of Mediawiki

Connect to mediawiki portal

That’s all. Now you can continue with Juju and more advanced applications and services to model and deploy.

Deploying applications: https://jujucharms.com/docs/devel/charms-deploying

— Stanislas Quastana —