Deployment prerequisites

Azure

In order to deploy this project, you need to have an active Microsoft Azure account and subscription.

Step 1: Sign up for a free trial (optional)

Azure provides a 30-day free trial for new customers. Sign up for the trial here.

Terraform

Step 2: Download the Azure publish settings file

In order to manage resources in Azure, Terraform needs a credential file called publish settings file from Azure.

Download it from https://manage.windowsazure.com/publishsettings.
Rename the file to secret.publishsettings and place in the /terraform/ directory in the repository.

WARNING: The Azure publish settings file is a sensitive file. Please make sure you store these safely, as they contain credentials to administer your Azure subscription and services.

Step 3: Choose a prefix for your Azure environment

Azure requires unique names for some of the services. To make sure we have somewhat unique names, we add a prefix to the services we create with Terraform.

If you are not the affiliated with Kidsakoder (which is the default prefix), then please change the prefix in the step below.
- Edit the value of the prefix_name in /terraform/variables.tf.

Salt Cloud

Step 3: Create Azure management certificates for Salt Cloud

In order for Salt Cloud to authenticate with Azure to manage virtual machines, it needs a couple of certificates.

WARNING: Please make sure you store these safely, as they contain credentials to administer your Azure subscription and services. If either certificates are compromised, you'll need to revoke the management certificate in the Azure management portal.

How to generate the management certificates

Generate azure.pem by running the following in a terminal:

openssl req -x509 -nodes -days 1068 -newkey rsa:4096 -keyout azure.pem -out azure.pem

Generate azure.pem from azure.cer by running the following in a terminal:

openssl x509 -inform pem -in azure.pem -outform der -out azure.cer

Windows: In order to run the commands below, you may need to use a terminal from Git Shell, Git for Windows, Cmder, or one of the virtual machines created by Vagrant.

Where to store the management certificates

Place azure.pem in /saltstack/salt/cloud/files/. The .pem file will be distributed to the Salt Master so it can create and destroy VMs.
The azure.cer certificate needs to be uploaded the classic Azure portal.
- Go the the classic Azure portal, then the Settings page, then the Management Certificates tab, click the Upload a Management Certificate.

Step 4: Add Azure information to Salt Cloud pillar

In order for Salt Cloud to create machines in Azure, we need to specify which Azure subscription and storage service we will be using.

Open the Cloud pillar file, /saltstack/pillar/cloud.sls, and edit the following fields:

`subscription_id`

You can find the Azure Subscription ID either in:

The subscription page in the Azure Portal
Or you can open the Publish Settings file from step 1.

`media_link`

The media_Link is the URL of the storage container in Azure and it generally looks like:

http://nameofstorageservice.blob.core.windows.net/vhds

You can find the name of the storage service by:

Running the command terraform plan in a terminal in the /terraform/ directory.
Looking for the name variable in the module.site.azure_storage_service.default section of the output.

Here is an example of the output:

+ module.site.azure_storage_service.default
    account_type:  "" => "Standard_GRS"
    label:         "" => "Made by Terraform."
    location:      "" => "North Europe"
    name:          "" => "kidsakoderstorage"
    primary_key:   "" => ""
    secondary_key: "" => ""
    url:           "" => ""

Step 5: Setup SSH keys

In order to securely access the virtual machines we create in Azure, we'll use SSH keys for authentication. Salt will distribute the public key to all the virtual machines we create so they can easily be accessed.

What is key-based authentication: Key-based authentication uses two keys, one "public" key that anyone is allowed to see, and another "private" key that only the owner is allowed to see. To securely communicate using key-based authentication, one needs to create a key pair, securely store the private key on the computer one wants to log in from, and store the public key on the computer one wants to log in to.

How to generate SSH keys

We need to generate a pair of SSH keys which consists of:

A private key file called kidsakoder
A public key file called kidsakoder.pub

To create the pair of keys, and run the following command in a terminal. Remember to change the email address:

ssh-keygen -t rsa -b 4096 -f kidsakoder -C "[email protected]"

Windows: In order to run the commands below, you may need to use Git Shell, Git for Windows, Cmder, or one of the virtual machines created by Vagrant.

Storing the keys

WARNING: Please make sure to store the keys safely as they grant access to the machines.

The SSH keys need to be stored in the correct places:

Place the public key, kidsakoder.pub, in /saltstack/salt/common/files/
Place the private key, kidsakoder, in the .ssh directory in your home directory. If it's not there, then just create it.

Windows: In Windows the .ssh directory is usually in your user directory, i.e. C:\Users\John\

Setting up your SSH configuration

In order for SSH to know which key to use, it is helpful to add it to your SSH configuration.

Create a file called config in your .ssh directory. If it is already there, add the following lines to the end.

Note: The kidsakoder part of the HostName is the prefix set in step 3. Change it if necessary.

Windows

Host master
  HostName kidsakoder-master.cloudapp.net
  User kidsakoder
  IdentityFile "C:\Users\YourUsernameHere\.ssh\kidsakoder"

Linux/OS X

Host master
  HostName kidsakoder-master.cloudapp.net
  User kidsakoder
  IdentityFile ~/.ssh/kidsakoder

Provide feedback

Saved searches

Use saved searches to filter your results more quickly