Install the nRF Asset Tracker into your Azure account

Note

The setup process in Azure is more complicated when compared to the AWS continuous integration setup since it involves many manual steps that cannot be automated. If you have ideas to simplify the process, provide your input.

To install the nRF Asset Tracker into your Azure account, complete the following steps:

1. Export the identifier of the subscription that contains the nRF Asset Tracker resources to a new .envrc file (used with direnv):

   # add to .envrc
   export SUBSCRIPTION_ID="Subscription ID"
   

2. Choose a resource group name for the solution and export it as RESOURCE_GROUP. In this example, nrfassettracker is used as the resource group name.

   # add to .envrc
   export RESOURCE_GROUP="nrfassettracker"
   

3. Choose a name for the solution and export it as APP_NAME. Use a short name (not more than 16 characters) composed of numbers and lowercase letters only. In this example, nrfassettracker is used as the application name.

   # add to .envrc
   export APP_NAME="nrfassettracker"
   

4. Choose a unique name for the storage account and export it as STORAGE_ACCOUNT_NAME. Storage account names must be between 3 and 24 characters and may contain numbers and lowercase letters only. In this example, nrfassettracker is used as the storage account name.

   # add to .envrc
   export STORAGE_ACCOUNT_NAME="nrfassettracker"
   

5. Configure your preferred location (you can list the locations using az account list-locations) and export it on the environment variable LOCATION. In this example, northeurope is used as the location name.

   # add to .envrc
   export LOCATION="northeurope"
   

6. Run the following command to allow the changed file:

   direnv allow
   

7. Make sure that you have enabled the right subscription by using the following commands:

   az account set --subscription $SUBSCRIPTION_ID
   # Verify that it is set to default
   az account list --output table
   

8. Create the resource group for the solution:

   az group create --subscription $SUBSCRIPTION_ID -l $LOCATION -n ${RESOURCE_GROUP:-nrfassettracker}
   

9. Register the namespace in the subscription for creating an Azure Active Directory B2C in the next step:

   az provider register --namespace Microsoft.AzureActiveDirectory
   

10. Follow the tutorial for creating an Azure Active Directory B2C. On the creation screen, select the resource group you have created above. Currently, it is not possible to create an Active Directory B2C and application through the ARM template (see GitHub issue).

11. Save the initial domain name of the created Active Directory B2C to the environment variable B2C_TENANT. In this example, nrfassettrackerusers is used as the initial domain name.

    # add to .envrc
    export B2C_TENANT="nrfassettrackerusers"
    

12. Select User flows, create the user flow for sign up and sign in (recommended version), and make sure to name the userflow as B2C_1_signup_signin.

13. Follow the instructions in the tutorial for registering a web application in Azure Active Directory B2C and register a web application. Use https://<your APP_NAME>app.z16.web.core.windows.net/ as the redirect URL.

14. Select Authentication, enable the implicit grant and hybrid flows for Access tokens and ID tokens and click Save.

15. Save the application (client) id to the environment variable APP_REG_CLIENT_ID in the .envrc file:

    # add to .envrc
    export APP_REG_CLIENT_ID=...
    

16. Grant the app registration directory API permissions for the function app:

    1. Click Expose an API.
    2. Set the Application ID URI field to api and click Save and continue.
    3. Create a new scope with the following values and click Add a scope:
       • Scope name - nrfassettracker.admin
       • Admin consent display name - Administrator access to the nRF Asset Tracker API
       • Admin consent description - Allows administrator access to all resources exposed through the nRF Asset Tracker API
    4. Click API permissions and then click + Add a permission. Under My APIs, select the app registration.
    5. Enable the nrfassettracker.admin permission and click Add permission.
    6. Click Grant admin consent for <your B2C directory>.

17. Run the following command to allow the changed file:

    direnv allow
    

18. Deploy the solution by running the following commands:

    az deployment group create --resource-group ${RESOURCE_GROUP:-nrfassettracker} \
       --mode Complete \
       --name initial-setup \
       --template-file azuredeploy.json \
       --parameters \
          appName=${APP_NAME:-nrfassettracker} \
          storageAccountName=${STORAGE_ACCOUNT_NAME:-nrfassettracker} \
          appRegistrationClientId=$APP_REG_CLIENT_ID \
          b2cTenant=$B2C_TENANT \
          keyVaultName=${APP_NAME:-nrfassettracker}
    # Currently it is not possible to enable website hosting through the ARM template
    az storage blob service-properties update \
       --account-name ${STORAGE_ACCOUNT_NAME:-nrfassettracker} \
       --static-website --index-document index.html
    # Deploy the functions
    node scripts/pack-app.js
    az functionapp deployment source config-zip -g ${RESOURCE_GROUP:-nrfassettracker} -n ${APP_NAME:-nrfassettracker}api --src dist/functionapp.zip
    

    If the command gives an error, you can find the detailed log message using the printed tracking ID and the following command:

    az monitor activity-log list --correlation-id "tracking ID" \
       | jq '.[].properties.statusMessage | fromjson'
    

    It can take a few minutes for the detailed log message to be populated.

    If the error message does not include a tracking ID, navigate to the resource group in the Azure portal and review the deployments. There is a failed deployment called initial-setup. Examine its error details.