To deploy nodes
For YugabyteDB Anywhere (YBA) to be able to deploy and manage YugabyteDB clusters, you need to provide YBA with privileges on your cloud infrastructure to create, delete, and modify VMs, mount and unmount disk volumes, and so on.
The more permissions that you can provide, the more YBA can automate.
Azure
The following permissions are required for the Azure resource group where you will deploy.
Network Contributor
Virtual Machine Contributor
To grant the required access, you can do one of the following:
-
Register an application in the Azure portal so the Microsoft identity platform can provide authentication and authorization services for your application. Registering your application establishes a trust relationship between your application and the Microsoft identity platform.
-
Assign a managed identity to the Azure VM hosting YugabyteDB Anywhere.
For information on assigning roles to applications, see Assign a role to an application; and assigning roles for managed identities, see Assign Azure roles using the Azure portal in the Microsoft Azure documentation.
If you are registering an application, record the following information about your service account. You will need to provide this information later to YBA.
| Save for later | To configure |
|---|---|
| Service account details | Azure cloud provider |
| Client ID: | |
| Client Secret: | |
| Resource Group: | |
| Subscription ID: | |
| Tenant ID: |
Managing SSH keys for VMs
When creating VMs on the public cloud, YugabyteDB requires SSH keys to access the VM. You can manage the SSH keys for VMs in two ways:
- YBA managed keys. When YBA creates VMs, it will generate and manage the SSH key pair.
- Provide a custom key pair. Create your own custom SSH keys and upload the SSH keys when you create the provider.
If you will be using your own custom SSH keys, then ensure that you have them when installing YBA and creating your public cloud provider.
| Save for later | To configure |
|---|---|
| Custom SSH keys | Azure provider |