mirror of
https://github.com/hashicorp/packer.git
synced 2026-05-28 04:35:38 -04:00
Update documentation
This commit is contained in:
Paul Meyer
parent
aa29facdae
commit
812a2dfb95
2 changed files with 32 additions and 36 deletions
|
|
@ -204,37 +204,12 @@ Make sure that `GROUPNAME` and `LOCATION` are the same as above. Also, ensure
|
|||
that `GROUPNAME` is less than 24 characters long and contains only lowercase
|
||||
letters and numbers.
|
||||
|
||||
### Create an Application
|
||||
|
||||
An application represents a way to authorize access to the Azure API. Note that
|
||||
you will need to specify a URL for your application (this is intended to be
|
||||
used for OAuth callbacks) but these do not actually need to be valid URLs.
|
||||
|
||||
First pick APPNAME, APPURL and PASSWORD:
|
||||
|
||||
``` shell
|
||||
APPNAME=packer.test
|
||||
APPURL=packer.test
|
||||
PASSWORD=xxx
|
||||
```
|
||||
|
||||
Password is your `client_secret` and can be anything you like. I recommend
|
||||
using `openssl rand -base64 24`.
|
||||
|
||||
``` shell
|
||||
$ az ad app create \
|
||||
--display-name $APPNAME \
|
||||
--identifier-uris $APPURL \
|
||||
--homepage $APPURL \
|
||||
--password $PASSWORD
|
||||
```
|
||||
|
||||
### Create a Service Principal
|
||||
|
||||
You cannot directly grant permissions to an application. Instead, you create a
|
||||
service principal and assign permissions to the service principal. To create a
|
||||
service principal for use with Packer, run the below command specifying the
|
||||
subscription. This will grant Packer the contributor role to the subscription.
|
||||
A service principal acts on behalf of an application (Packer) on your Azure
|
||||
subscription. To create an application and service principal for use with
|
||||
Packer, run the below command specifying the subscription. This will grant
|
||||
Packer the contributor role to the subscription.
|
||||
The output of this command is your service principal credentials, save these in
|
||||
a safe place as you will need these to configure Packer.
|
||||
|
||||
|
|
@ -263,8 +238,13 @@ pre-configured roles via:
|
|||
$ az role definition list --output json | jq ".[] | {name:.roleName, description:.description}"
|
||||
```
|
||||
|
||||
If you would rather use a certificate to autenticate your service principal,
|
||||
please follow the [Azure Active Directory documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad).
|
||||
|
||||
### Configuring Packer
|
||||
|
||||
Now (finally) everything has been setup in Azure and our service principal has
|
||||
been created. You can use the output from creating your service principal in
|
||||
your template.
|
||||
your template. Use the value from the `appId` field above as a value for
|
||||
`client_id` in your configuration and set `client_secret` to the `password`
|
||||
value from above.
|
||||
|
|
|
|||
|
|
@ -35,12 +35,15 @@ addition to the options listed here, a
|
|||
[communicator](/docs/templates/communicator.html) can be configured for this
|
||||
builder.
|
||||
|
||||
### Required ( unless instance has [managed identities](/docs/builders/azure-setup.html#managed-identities-for-azure-resources) enabled):
|
||||
|
||||
- `client_id` (string) The Active Directory service principal associated with
|
||||
your builder.
|
||||
|
||||
- `client_secret` (string) The password or secret for your service principal.
|
||||
### Required options for authentication:
|
||||
If you're running packer on an Azure VM with a [managed identity](/docs/builders/azure-setup.html#managed-identities-for-azure-resources)
|
||||
you don't need to specify any additional configuration options.
|
||||
If you would like to use interactive user authentication, you should specify
|
||||
`subscription_id` only. Packer will use cached credentials or redirect you
|
||||
to a website to log in.
|
||||
If you want to use a [service principal](/docs/builders/azure-setup.html#create-a-service-principal)
|
||||
you should specify `subscription_id`, `client_id` and one of `client_secret`,
|
||||
`client_cert_path` or `client_jwt`.
|
||||
|
||||
- `subscription_id` (string) Subscription under which the build will be
|
||||
performed. **The service principal specified in `client_id` must have full
|
||||
|
|
@ -48,6 +51,19 @@ builder.
|
|||
specified in which case it needs to have owner access to the existing
|
||||
resource group specified in build\_resource\_group\_name parameter.**
|
||||
|
||||
- `client_id` (string) The Active Directory service principal associated with
|
||||
your builder.
|
||||
|
||||
- `client_secret` (string) The password or secret for your service principal.
|
||||
|
||||
- `client_cert_path` (string) The location of a PEM file containing a
|
||||
certificate and private key for service principal.
|
||||
|
||||
- `client_jwt` (string) The bearer JWT assertion signed using a certificate
|
||||
associated with your service principal principal. See [Azure Active
|
||||
Directory docs](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials)
|
||||
for more information.
|
||||
|
||||
### Required:
|
||||
|
||||
- `image_publisher` (string) PublisherName for your base image. See
|
||||
|
|
|
|||
Loading…
Reference in a new issue