Adding New VM Images, Regions, and Instances

The Cloudera Director Azure Plugin supports adding new VM images, regions, and instances by modifying configuration files. For more information see Cloudera Director Azure Plugin Config Files on the Cloudera GitHub site.

See the Cloudera Reference Architecture for Microsoft Azure Deployments for the latest supported VM images, Azure regions, and instance types.

Configuring and Deploying to Azure US Government and Azure Germany Regions

Configuring and Deploying to Azure U.S. Government Regions

For configuring and deploying to Azure U.S. Government regions, the following non-default values must be used for Cloudera Director environment configuration:
aadUrl: "https://login-us.microsoftonline.com/"
mgmtUrl: "https://management.core.usgovcloudapi.net/"
armUrl: "https://management.usgovcloudapi.net/"

Configuring and Deploying to Azure Germany Regions

The following non-default values must be used for Director Environment Configuration:

aadUrl: "https://login.microsoftonline.de/"
mgmtUrl: "https://management.core.cloudapi.de/"
armUrl: "https://management.microsoftazure.de/"

Azure Germany API endpoints use a newer CA root certificate authority called D-TRUST. For more information, see the JDK release note New DTrust certificates added to root CAs and the section Certificate Changes: New DTrust certificates added to root CAs in the Oracle Java 7 Release Notes. This newer CA root certificate authority is not currently trusted by the default JDK that is installed via the Cloudera repository, jdk1.7.0_67-cloudera.

In order for the plugin to work with Azure Germany, the JDK cacerts file must be replaced with a link to a newer version that includes the appropriate certificate with the following steps:
  1. Confirm that /etc/pki/java/cacerts exists and contains the appropriate cert using keytool (keytool -list -v -keystore /etc/pki/java/cacerts). The necessary key is the one with CN=D-TRUST Root Class 3 CA 2 2009 SHA256: y
  2. sudo mv
    /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts
    /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts.original
  3. sudo ln -s /etc/pki/java/cacerts
    /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts
  4. You may have to restart Director to get it to pickup the new trusted cert database.
The images.conf file must be updated to reference the proper VM image for deployment in Azure Germany. If you have not already created an images.conf file, you can download it as follows:
sudo -i
cd /var/lib/cloudera-director-plugins/azure-provider-1.3.0/etc/
wget https://raw.githubusercontent.com/cloudera/director-scripts/master/azure-plugin-config/images.conf
Find and edit the following section:
# This is the CentOS 6.7 image published by Cloudera
cloudera-centos-6-latest {
   publisher: cloudera
   offer: cloudera-centos-6
   sku: CLOUDERA-CENTOS-6
   version: latest
}
...and change it to:
# This is the CentOS 6.7 image published by Cloudera
   cloudera-centos-6-latest {
   publisher: cloudera
   offer: cloudera-centos-os
   sku: 6_7
   version: latest
}