Azure Stack is Microsoft’s Azure Cloud for on-premises environments. Azure Stack contains the core Azure services, allowing organizations to take advantage of Azure’s offerings with the security, compliance, and financial benefits of hosting it in their own data-centers.
- Virtual Machine Provisioning
- Backups / Snapshots
- Resource Group Sync & Selection
- Network Sync & Selection
- Security Group Sync & Selection
- Storage Account Sync & Selection
- Marketplace Search and Provisioning
- Remote Console
- Periodic Synchronization
- Lifecycle Management and Resize
- Availability Set Support
- Azure Load Balancers
- Azure Storage
- Docker Host Provisioning & Management
- Service Plan Sync
- Pricing Sync with markup options
- Cost Estimator
Combine these features with public Azure and Morpheus can provide a single pane of glass and self service portal for managing instances scattered across both Azure offerings.
Azure Stack Accessibility¶
By default, the Azure Stack management url’s are not accessible from an external network. Port mappings and DNS must be configured for communication between the Morpheus Appliance and Azure Stack.
In order to communicate with Azure Stack, Morpheus must be able to reach the internal Azure Stack network. The Azure Stack Portal needs to be exposed to the Morpheus Appliances’ network with corresponding entries added to DNS.
One option to expose the Internal Azure Stack network to the Morpheus Appliances’ network is to use the ‘Expose-AzureStackPortal.ps1’ powershell script from https://gallery.technet.microsoft.com/scriptcenter/Expose-the-Azure-Stack-7ef68b19. An Azure Stack Port Mapping Tool is also available.
Below is a sample output from the script for reference:
[Admin Portal] Created port mappings on 10.30.23.120 to 192.168.102.8 [Admin Portal] Ports: 13011 30015 13001 13010 13021 13020 443 13003 12646 12647 12648 12649 12650 12495 13026 12499 [Admin Portal] DNS: 10.30.23.120 - adminportal.local.azurestack.external adminmanagement.local.azurestack.external [Tenant Portal] Created port mappings on 10.30.23.121 to 192.168.102.10 [Tenant Portal] Ports: 13011 30015 13001 13010 13021 13020 443 13003 12646 12647 12648 12649 12650 12495 13026 12499 [Tenant Portal] DNS: 10.30.23.121 - portal.local.azurestack.external management.local.azurestack.external [Blob Storage] Created port mappings on 10.30.23.122 to 192.168.102.4 [Blob Storage] Ports: 80 443 [Blob Storage] DNS: 10.30.23.122 *.blob.local.azurestack.external VERBOSE: DNS delegation/forwarding is optional, change the DNS records on MAS-DC01 manually (dnsmgmt.msc from Host). [DNS Delegation] Created port mappings on 10.30.23.120 to 192.168.200.224 [DNS Delegation] Ports: 53 (TCP/UDP) [DNS Delegation] DNS: local.azurestack.external NS 10.30.23.120 [DNS Delegation] Change records on MAS-DC01 manually if you plan to use DNS forwarding. [DNS Delegation] Change records back to the original internal IPs before running this script again. VERBOSE: App Service detected and external IP's specified, creating mappings.... [App Service API] Created port mappings on 10.30.23.123 to 192.168.102.17 [App Service API] Ports: 443 [App Service API] DNS: 10.30.23.123 api.appservice.local.azurestack.external [App Service Apps] Created port mappings on 10.30.23.124 to 192.168.102.15 [App Service Apps] Ports: 80 443 21 990 [App Service Apps] DNS: 10.30.23.124 *.appservice.local.azurestack.external
Azure Stack Resources¶
The following resources need to be created and configured inside Azure Stack for successful provisioning:
- Resource Group(s)
- Virtual Network(s)
- Storage Account(s)
- Network Security Group(s)
- Inbound ports open from Morpheus Appliance: 22, 5985, 3389
- Outbound ports open to Morpheus Appliance: 80, 443
Proper Network and Network Security Group configuration is required for Morpheus agent install, communication, and remote console access. Other configurations, such as docker instances, will need the appropriate ports opened as well.
Required Credentials & Permissions¶
Credentials to integrate Morpheus with Azure Stack are located in both the public Azure Portal and the Private Azure Stack Portal. The Azure Active Directory Application used must be an owner of the Azure Stack subscription.
- Azure Portal:
- Azure Active Directory Application Credentials
- Directory ID
- Management URL
- Identity Resource URL
- Application ID
- Key Value
- Azure Stack Portal:
- Azure Stack Subscription ID
- Active Directory App from Azure portal added as owner of the Azure Stack Subscription in Azure Stack.
Adding an Azure Stack Cloud¶
In the Morpheus UI, navigate to
Infrastructure -> Cloudsand Select + CREATE CLOUD
Select AZURE STACK (PRIVATE) from the Clouds list and select NEXT
In the Configure section, enter:
Internal name for the Cloud in Morpheus
(Optional) Can be used to specify the location of the Cloud or add a description.
- Determines Tenant visibility for the Cloud.
- Private: Access to the Cloud is limited to the assigned Tenant (Master Tenant by default)
- Public: Access to the Cloud can be configured for Tenants in their Tenant Role permissions.
- IDENTITY URL
- MANAGEMENT URL*
Azure AD Azure Stack Administrator app or Microsoft Azure Stack Administrator app url. Example: https://adminmanagement.local.azurestack.external/
- IDENTITY RESOURCE URL
Azure AD Azure Stack Administrator App ID URI Example: https://adminmanagement.xxxxxxx.onmicrosoft.com/4a80e607-4259-4ac6-83e2-2fabeaf2eh83
- BASE DOMAIN
This should match the base domain in your Management url. Example: local.azurestack.external
- SUBSCRIPTION ID
Subscription ID from Azure Stack portal (this is different from the Subscription ID in you Azure portal used when configuring Azure Stack)
- TENANT ID
This is the Directory ID from the Azure AD directory
- CLIENT ID
Application ID of Azure AD app with Azure Stack permissions granted, and has been added as an owner of the Azure Stack subscription (in the Azure Stack portal).
- CLIENT SECRET
Key Value of Application ID used above
Once all credentials are entered and validated, the Location and Resource Group fields will populate.
Select an Azure Stack region for the cloud to scope to. This typically will be “local”.
- Resource Group
Select All or a single Resource Group to scope the cloud to. Selecting a single Resource Group will only sync resources in that Resource Group and disable Resource Group selection during provisioning. All will sync all resources and allow specifying the Resource Group during provisioning.
- Inventory Existing Instances
If enabled, existing Virtual Machines will be inventoried and appear as unmanaged Virtual Machines in Morpheus .
The Azure Stack cloud is ready to be added to a group and saved. Additional configuration options available:
All fields and options can be edited after the Cloud is created.
- Advanced Options
- Specify a default domain for instances provisioned to this Cloud.
- SCALE PRIORITY
- Specifies the priority with which an instance will scale into the cloud. A lower priority number means this cloud integration will take scale precedence over other cloud integrations in the group.
- APPLIANCE URL
- Alternate Appliance url for scenarios when the default Appliance URL (configured in admin -> settings) is not reachable or resolvable for Instances provisioned in this cloud. The Appliance URL is used for Agent install and reporting.
- TIME ZONE
- Configures the time zone on provisioned VM’s if necessary.
- DATACENTER ID
- Used for differentiating pricing among multiple datacenters. Leave blank unless prices are properly configured.
- HYPER-CONVERGED ENABLED
- Not applicable for Azure Stack
- DNS INTEGRATION
- Records for instances provisioned in this cloud will be added to selected DNS integration.
- SERVICE REGISTRY
- Services for instances provisioned in this cloud will be added to selected Service Registry integration.
- CONFIG MANAGEMENT
- Select a Chef, Salt, Ansible or Puppet integration to be used with this Cloud.
- AGENT INSTALL MODE
- SSH / WINRM: Morpheus will use SSH or WINRM for Agent install.
- Cloud-Init (when available): Morpheus will utilize Cloud-Init or Cloudbase-Init for agent install when provisioning images with Cloud-Init/Cloudbase-Init installed. Morpheus will fall back on SSH or WINRM if cloud-init is not installed on the provisioned image.
- API PROXY
- Required when a Proxy Server blocks communication between the Morpheus Appliance and the Cloud. Proxies can be added in the Infrastructure -> Networks -> Proxies tab.
- Provisioning Options
- API PROXY
- Required when a Proxy Server blocks communication between an Instance and the Morpheus Appliance. Proxies can be added in the Infrastructure -> Networks -> Proxies tab.
- Bypass Proxy for Appliance URL
- Enable to bypass proxy settings (if added) for Instance Agent communication to the Appliance URL.
- USER DATA (LINUX)
- Add cloud-init user data using bash syntax.
Once all options are configured, select NEXT to add the cloud to a Group.
A Group must be specified or created for the new Cloud to be added to. Clouds can be added to additional Groups or removed from Groups after being created.
- USE EXISTING
- Add the new Cloud to an exiting Group in Morpheus .
- CREATE NEW
- Creates a new Group in Morpheus and adds the Cloud to the Group.
Confirm all settings are correct and select COMPLETE. The Azure Stack Cloud will be added, and Morpheus will perform the initial cloud sync of:
- Virtual Machines (if Inventory Existing Instances is enabled)
- Virtual Images/Blueprints
- Network Security Groups
- Storage Accounts
- Marketplace Catalog
- Availability Sets
Synced Networks can be configured or deactivated from the Networks section in this Clouds detail page, or in the Infrastructure -> Networks section.