15572: More information about setting up Azure credentials

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>

diff --git a/doc/install/install-dispatch-cloud.html.textile.liquid b/doc/install/install-dispatch-cloud.html.textile.liquid
index f6d0a6c6116c26f9cee96f76ea2309df7be35535..af75b877928e96d0542e276430f18d2bc3edae1a 100644 (file)
--- a/doc/install/install-dispatch-cloud.html.textile.liquid
+++ b/doc/install/install-dispatch-cloud.html.textile.liquid
@@ -101,7 +101,7 @@ Add or update the following portions of your cluster configuration file, @/etc/a
 </code></pre>
 </notextile>
 
-Minimal configuration example for Amazon EC2:
+h4. Minimal configuration example for Amazon EC2
 
 <notextile>
 <pre><code>    Containers:
@@ -109,18 +109,18 @@ Minimal configuration example for Amazon EC2:
         ImageID: ami-01234567890abcdef
         Driver: ec2
         DriverParameters:
-          AccessKeyID: EALMF21BJC7MKNF9FVVR
-          SecretAccessKey: yKJAPmoCQOMtYWzEUQ1tKTyrocTcbH60CRvGP3pM
+          AccessKeyID: XXXXXXXXXXXXXXXXXXXX
+          SecretAccessKey: YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
           SecurityGroupIDs:
           - sg-0123abcd
           SubnetID: subnet-0123abcd
           Region: us-east-1
           EBSVolumeType: gp2
-          AdminUsername: debian
+          AdminUsername: arvados
 </code></pre>
 </notextile>
 
-Minimal configuration example for Azure:
+h4. Minimal configuration example for Azure
 
 <notextile>
 <pre><code>    Containers:
@@ -130,7 +130,7 @@ Minimal configuration example for Azure:
         DriverParameters:
           SubscriptionID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
           ClientID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
-          ClientSecret: 2WyXt0XFbEtutnf2hp528t6Wk9S5bOHWkRaaWwavKQo=
+          ClientSecret: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
           TenantID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
           CloudEnvironment: AzurePublicCloud
           ResourceGroup: zzzzz
@@ -144,6 +144,40 @@ Minimal configuration example for Azure:
 </code></pre>
 </notextile>
 
+Get the @SubscriptionID@ and @TenantID@:
+
+<pre>
+$ az account list
+[
+  {
+    "cloudName": "AzureCloud",
+    "id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX",
+    "isDefault": true,
+    "name": "Your Subscription",
+    "state": "Enabled",
+    "tenantId": "YYYYYYYY-YYYY-YYYY-YYYYYYYY",
+    "user": {
+      "name": "you@example.com",
+      "type": "user"
+    }
+  }
+]
+</pre>
+
+You will need to create a "service principal" to use as a delegated authority for API access.
+
+<pre>
+$ az ad app create --display-name "Arvados Dispatch Cloud (ClusterID)" --homepage "https://arvados.org" --identifier-uris "https://ClusterID.example.com" --end-date 2299-12-31 --password <Your_Password>
+$ az ad sp create "<appId>"
+(appId is part of the response of the previous command)
+$ az role assignment create --assignee "<objectId>" --role Owner --scope /subscriptions/{subscriptionId}/
+(objectId is part of the response of the previous command)
+</pre>
+
+@ClientID@ is the 'appId' value.
+
+@ClientSecret@ is what was provided as <Your_Password>.
+
 h3. Test your configuration
 
 Run the @cloudtest@ tool to verify that your configuration works. This creates a new cloud VM, confirms that it boots correctly and accepts your configured SSH private key, and shuts it down.