Adding New VM Images, Custom VM Images, Regions, and Instances

The Cloudera Director Azure Plugin supports adding new VM images, regions, and instances by modifying configuration files. For more information see Cloudera Director Azure Plugin Config Files on the Cloudera GitHub site.

See the Cloudera Reference Architecture for Microsoft Azure Deployments for the latest supported VM images, Azure regions, and instance types.

Configuring and Deploying to Azure US Government and Azure Germany Regions

Configuring and Deploying to Azure U.S. Government Regions

Azure U.S. Government is supported with no additional configuration needed. Just select azure-us-government in the Azure Cloud Environment field when adding a new environment.

Configuring and Deploying to Azure Germany Regions

Azure Germany is supported with additional steps. Select azure-germany in the Azure Cloud Environment field when adding a new environment and follow the steps below.

Azure Germany API endpoints use a newer CA root certificate authority called D-TRUST. For more information, see the JDK release note New DTrust certificates added to root CAs and the section Certificate Changes: New DTrust certificates added to root CAs in the Oracle Java 7 Release Notes. This newer CA root certificate authority is not currently trusted by the default JDK that is installed via the Cloudera repository, jdk1.7.0_67-cloudera.

In order for the plugin to work with Azure Germany, the JDK cacerts file must be replaced with a link to a newer version that includes the appropriate certificate with the following steps:
  1. Confirm that /etc/pki/java/cacerts exists and contains the appropriate cert using keytool (keytool -list -v -keystore /etc/pki/java/cacerts). The necessary key is the one with CN=D-TRUST Root Class 3 CA 2 2009 SHA256: y
  2. sudo mv
    /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts
    /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts.original
  3. sudo ln -s /etc/pki/java/cacerts
    /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts
  4. You may have to restart Director to get it to pickup the new trusted cert database.

Deploying Clusters with Custom Images

Deploying custom images is supported by updating instance template fields:
  1. Set the Image field to be the Resource Id for the custom image. The Resource Id is on the Custom Image’s Overview pane and is in the format (replace italicized words with your actual values):
    /subscriptions/subscription-id/resourceGroups/resource-group-name/providers/Microsoft.Compute/images/custom-image-name
  2. Set the Use Custom Managed VM Image field to Yes.
  3. Set the Custom VM Image purchase plan field in this format (replace italicized words with your actual values):
    /publisher/value/product/value/name/value
    If there’s no plan leave the field blank.