Enable authentication to Azure Batch via Azure Active Directory (AAD)
complete
Drew DiPalma
Add Azure AAD-enabled authentication to Azure Credentials set. This will enable Seqera Platform to authenticate as a Service Principal when creating Azure compute resources or accessing Azure storage.
Currently, Azure uses account names and keys for accessing Azure.
Azure Batch comes in two flavors:
- Batch managed: The batch service manages VMs so everything is done 'under' the batch account. Uses keys for authentication
- User Subscription: The VMs etc are run in the user account under one subscription, which is more flexible. Only uses AAD for authentication.
An alternative to using account keys, as supported by Nextflow, would be to use a service principal which has the correct permissions. We would have a similar page but with options to add:
- A batch account name
- A storage account name
- An Azure location
- A service principal ID (Directory tenant ID)
- A tenant ID (Application Tenant ID)
- A service principal secret (Client secret value)
Rob Newman
Additional information in Github: https://github.com/seqeralabs/nf-tower-cloud/issues/5440
Rob Newman
This post was marked as
complete
Rob Newman
in progress
O
Olive Bovid
Hi Rob, Is there any estimated time for when this feature will be ready?
Rob Newman
Hi Olive Bovid: The Nextflow component parts have been added/updated and merged. Now we need to add to Seqera Platform. It will depend upon other competing priorities, but hopefully in Q3 2024.
Rob Newman
planned
Rob Newman
evaluating
Drew DiPalma
under review
Rob Newman
Merged in a post:
Support Vnet selection for Azure Compute Environment: Batch Forge
A
Additional Alligator
We have strict VNet/Subnet connectivity requirements between our internal services. For example, our private Gitlab and artifactory services require specific routing and firewall rules for any other VNet/subnet to work.
This means that all Seqera Platform resources have to use specific VNet/subnets to get access to Gitlab, especially the Azure Batch pool.
Even though this can be achieved with a manual Azure Batch pool, we would prefer to have the ability to select the VNet + subnet for the "Batch forge" pool.
Drew DiPalma
Merged in a post:
Azure Batch Configuration: Active Directory support
E
Effective Penguin
Our Azure Batch configuration changed from using Azure Batch account keys and storage keys to using Active Directory (AD) authentication. Currently, there is no way to add active directory fields (
servicePrincipalID
, servicePrincipalSecret
, and tenantId
) to the Seqera Platform when configuring Azure Batch.When will Active Directory Authentication be supported by the Seqera Platform (it's already supported by NextFlow > 22.11.0-edge)?
Rob Newman
Additional information in Github: https://github.com/seqeralabs/nf-tower-cloud/issues/5440