Azure Connection Configuration

For this scenario to work, the following two conditions must be met:

  1. OpeNgine operator (a person doing the installation of OpeNgine) is an Owner of the target Azure Subscription and a member of the Application Administrators role in Azure AD.

  2. OpeNgine service principal is eligible to be assigned the Contributor role on the Subscription level.

Step 1. Configure service principals and security settings.

  • Sign in to with your user account.

  • Open Cloud Shell and run the following az commands to create AAD SP and assign it appropriate permissions on the subscription level.

    # Check your Subscription name and ID, make sure you're singed in to the correct subscription. Note down the SubscriptionID and TenantID, you'll need them later.
    az account list --query '[].{SubscriptionName:name,SubscriptionID:id,TenantID:tenantId}' -o table
    # Create an app and service principal in AAD + grant this SP the Contributor role on the entire Subscription.
    az ad sp create-for-rbac --name "OpeNgine_SPN" --role Contributor
  • Note down appID and password. Use these values to configure your local environment variables.

    AZURE_SECRET = password

Step 2. Configure environment variables.

# Configure env variables for Ansible (required to provision a Storage Account)
  export AZURE_CLIENT_ID=<enter your appID here>
  export AZURE_SECRET=<enter your secret here>
  export AZURE_SUBSCRIPTION_ID=<enter your SubscriptionID here>
  export AZURE_TENANT=<enter your TenantID here>
# Configure env variables for Terraform
  export ARM_CLIENT_ID=<enter your appID here>
  export ARM_CLIENT_SECRET=<enter your secret here>
  export ARM_SUBSCRIPTION_ID=<enter your SubscriptionID here>
  export ARM_TENANT_ID=<enter your TenantID here>
  export ARM_USE_MSI=true
# Set AZURE_PROJECT to the name of your project. This name is used to compose a name for the storage account in Azure, therefore it must not contain punctuation or special characters. Also, lenght of this string combined with length of your environment name must not exceed 17 characters.
  export AZURE_PROJECT=OpeNgineMulti
# Configure Azure DevOps settings
  export AZURE_DEVOPS_PROJECT_NAME=<enter your Azure DevOps Project name>
  export AZURE_DEVOPS_ORG=<Name of your Azure DevOps ogranization>
  export AZURE_DEVOPS_REPO_NAME=<Name of your Azure DevOps Repository>
  export AZURE_ACR_CLIENT_ID=<appID that has push/pull permissions to the existing ACR)
  export AZURE_ACR_CLIENT_SECRET=<appID secret>
  export AZURE_DEVOPS_EXT_PAT=<enter your PAT (can be generated under My Account on>
  export AZURE_DEVOPS_USER=<enter your email address>