azure

package
v0.0.0-...-56cb166 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 19, 2025 License: AGPL-3.0 Imports: 69 Imported by: 0

Documentation

Overview

Package azure implements the Azure provider, registered with the environs registry under the name "azure". The provider implements the github.com/juju/juju/environs.Environ interface, which defines methods for provisioning compute, network, and storage resources.

This document describes some key implementation details specific to the Azure provider.

SDK

The provider implementation is built using the Azure SDK.

Models

The provider creates each model, including the controller model, in a separate resource group. The resource group is named after the model using the pattern juju-<model name>-uuid and contains all artefacts for the model, including:

  • virtual machines
  • disks
  • networks and subnets
  • security groups and rules
  • public IP addresses
  • availability sets
  • key vaults

When a user destroys a model, the provider deletes the model's resource group.

Provisioning resources

During bootstrap, a deployment API client is used to deploy an Azure resource manager template which contains all compute, network, and storage resources for the controller. After bootstrap, the provider creates API clients for the resource types managed by Juju. All API clients use the same options which define the retry and logging behaviour.

Resiliency

Unlike most other providers, the Azure provider does not currently support availability zones. Instead, for each application, the provider creates an Azure availability set named after the application.

When a machine is created to host a unit of the application, the machine will join that availability set. Azure ensures that machines in an availability set are not automatically rebooted at the same time (i.e. for infrastructure upgrades), and are allocated to redundant hardware, to avoid faults bringing down all application units simultaneously.

At the same time, it is important to note that availability sets are scoped to a single Azure region. Thus, they are designed to protect against failures within that region but do not provide protection against a regional outage.

Availability sets are similar to "availability zones", but dissimilar enough that they do not fit into Juju's abstraction of zones. In particular, charms cannot query what "zone" they are in on Azure.

Instances

In Azure, Juju machines are represented by virtual machine instances. Due to Azure requirements, there are some peculiarities relating to the listing and deletion of instances that requires some explanation. To prevent leaking resources, the provider must continue to report instances until all of the associated resources are deleted: VM, NIC, public IP address, etc. The most obvious thing to do would be to delete the VM last, but this is not possible. A VM must have at least one NIC attached; it is not possible to delete a NIC while it is attached to a VM. Thus the NICs must be deleted after the VM. When we delete an instance, we first delete the VM and then the remaining resources. We leave the NICs last, and tag NICs with the name (instance ID) of the machines they were created for, so that their presence indicates the presence of an instance in spite of there being no corresponding Virtual Machine.

Networking

Each model has its own Azure virtual network called (by default) "juju-internal-network", and a single 10.0.0.0/16 subnet within that network called (by default) "juju-internal-subnet". Note that these networks are not routable between models; Juju agents will communicate with the controllers using their public addresses. Each machine is created with a single NIC, attached to the internal subnet. Unless the "allocate-public-ip" constraint is set to false, the NIC is assigned an Azure public IP address.

Exposing applications

Each model is given its own Azure network security group called "juju-internal-nsg", attached to the model's Azure virtual network. The rules provide the allowed ingress to model applications according to what ports should be opened once the application is exposed.

Encrypted disks

Where an encrypted disk is required for workload storage, the provider creates an Azure disk encryption set and Azure key vault according to the requirements of the Juju storage pool created to define the encrypted disk configuration.

Index

Constants

View Source 
const (
	// ProviderType defines the Azure provider.
	ProviderType = "azure"
)

Variables

This section is empty.

Functions

func NewEnvironProvider 

func NewEnvironProvider(config ProviderConfig) (*azureEnvironProvider, error)

NewEnvironProvider returns a new EnvironProvider for Azure.

func NewProvider 

func NewProvider(config ProviderConfig) (environs.CloudEnvironProvider, error)

NewProvider instantiates and returns the Azure EnvironProvider using the given configuration.

Types

type AzureCLI 

type AzureCLI interface {
	ListAccounts() ([]azurecli.Account, error)
	FindAccountsWithCloudName(name string) ([]azurecli.Account, error)
	ShowAccount(subscription string) (*azurecli.Account, error)
	ListClouds() ([]azurecli.Cloud, error)
}

type AzureRenderer 

type AzureRenderer struct{}

func (AzureRenderer) Render 

func (AzureRenderer) Render(cfg cloudinit.CloudConfig, os ostype.OSType) ([]byte, error)

type ProviderConfig 

type ProviderConfig struct {
	// Sender is the autorest.Sender that will be used by Azure
	// clients. If sender is nil, the default HTTP client sender
	// will be used. Used for testing.
	Sender policy.Transporter

	// RequestInspector will be used to inspect Azure requests
	// if it is non-nil. Used for testing.
	RequestInspector policy.Policy

	// Retry is set by tests to limit the default retries.
	Retry policy.RetryOptions

	// CreateTokenCredential is set by tests to create a token.
	CreateTokenCredential func(appId, appPassword, tenantID string, opts azcore.ClientOptions) (azcore.TokenCredential, error)

	// RetryClock is used for retrying some operations, like
	// waiting for deployments to complete.
	//
	// Retries due to rate-limiting are handled by the go-autorest
	// package, which uses "time" directly. We cannot mock the
	// waiting in that case.
	RetryClock clock.Clock

	// GneerateSSHKey is a functio nused to generate a new SSH
	// key pair for provisioning Linux machines.
	GenerateSSHKey func(comment string) (private, public string, _ error)

	// ServicePrincipalCreator is the interface used to create service principals.
	ServicePrincipalCreator ServicePrincipalCreator

	// AzureCLI is the interface the to Azure CLI (az) command.
	AzureCLI AzureCLI

	// LoadBalancerSkuName is the load balancer SKU name.
	// Legal values are determined by the Azure SDK.
	LoadBalancerSkuName string
}

ProviderConfig contains configuration for the Azure providers.

func (ProviderConfig) Validate 

func (cfg ProviderConfig) Validate() error

Validate validates the Azure provider configuration.

type ServicePrincipalCreator 

type ServicePrincipalCreator interface {
	InteractiveCreate(sdkCtx context.Context, stderr io.Writer, params azureauth.ServicePrincipalParams) (appid, spid, password string, _ error)
	Create(sdkCtx context.Context, params azureauth.ServicePrincipalParams) (appid, spid, password string, _ error)
}

Source Files

View all Source files

Directories

Path Synopsis
internal
armtemplates
azureauth
azurecli
azuretesting
errorutils
imageutils
iputils
tracing

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.