Skip to content

Configuration

Robert Peteuil edited this page Oct 29, 2018 · 13 revisions

The first time the utility is executed it performs the following tasks:

  • Creates a config directory located at $HOME/.cloud
  • Copies a sample configuration file, config.ini, to the new dir
  • Displays a message instructing the user to edit config.ini

editing config.ini - mcc's configuration file

config.ini is formatted using ini syntax, and is pre-populated with sample credentials and configuration for all supported cloud providers. While editing the file, it's important to not change variable names (the left side of the '=' symbol).

Config file overview:

  • It's broken into sections and each section name is surrounded by [].
  • There must be a section named [info]
    • This section must contain a variable named providers.
      • providers is a comma separated string of cloud provider accounts.
    • Described in the INFO SECTION on this page
  • There must be a section for each account listed in providers with a matching name.
    • These sections contains credentials for the named provider and account.
    • Described in the PROVIDER SECTION on this page

THE [info] SECTION - specifying accounts

  • The [info] section contains the providers variable
    • providers is a comma-separated list of cloud provider accounts
  • Include an entry in providers for each cloud-provider-account
    • provider entries are specified using these values: alicloud, aws, azure, gcp
  • Specify additional accounts for a provider by appending a numeric suffix to the provider name
    • example: aws2 specifies 2nd AWS account
  • Syntax
    • do not include spaces after commas
    • only use defined provider names and numeric suffixes
[info]

# Example with aws account and azure account:
providers = aws,azure

# Example with one account for each supported providers:
providers = alicloud,aws,azure,gcp

# Example specifying two AWS accounts and one Azure account:
providers = aws,aws2,azure

THE PROVIDER SECTIONS - specifying account credentials

  • each entry in providers must have a corresponding section with the same name
  • corresponding sections contain credentials for each account
  • credential variable names differ by provider, described in
    • section below "PROVIDER SPECIFIC CREDENTIAL INFORMATION"
    • example sections in example config.ini

Basic example of an aws account listed in providers and a corresponding credentials section

[info]
providers = aws

[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-1

More advanced example:

  • two AWS accounts and one Azure account listed in providers
  • corresponding credentials sections for each
    • common configuration for using AWS in multiple regions (with same credentials)
[info]
providers = aws,aws2,azure

[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-2

[aws2]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-east-1

[azure]
az_tenant_id = a3b7de99-6c36-e71f-e7d7-c5a1eefd9c01
az_sub_id = 2ac1b147-fdca-947c-4907-3f302a667100
az_app_id = ee16ad1d-d266-bffa-031c-008ab40d971e
az_app_sec = 22918C9e1cCC7665a+b3e4052f942630aE979CF68/v=

PROVIDER SPECIFIC CREDENTIAL INFORMATION

[alicloud]

specifies your Alibaba Cloud security credentials and default datacenter region. Alibaba Cloud region list

# [alicloud] SECTION REQUIRED if alicloud is listed in providers

[alicloud]
ali_region = cn-hangzhou
ali_access_key_id = EXCEWDYSWRP7VZOW
ali_access_key_secret = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQ

[aws]

specifies your AWS security credentials and default datacenter region. Information on AWS Credentials

# [aws] SECTION REQUIRED if aws is listed in providers

[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-1

[azure]

specifies your Azure Tenant-ID, Subscription-ID, Application-ID and Application-Secret. Creating an Azure Service Principal

# [azure] SECTION REQUIRED if azure is listed in providers

[azure]
az_tenant_id = a3b7de99-6c36-e71f-e7d7-c5a1eefd9c01
az_sub_id = 2ac1b147-fdca-947c-4907-3f302a667100
az_app_id = ee16ad1d-d266-bffa-031c-008ab40d971e
az_app_sec = 22918C9e1cCC7665a+b3e4052f942630aE979CF68/v=

[gcp]

GCP supports two authentication types: Service-Account and Application

  • Service Account authentication is the default
  • Specify "Application" authentication by adding gcp_auth_type = A

[gcp] Service Account authentication - Setting up Service Account Authentication

The "service account key" specified in gcp_pem_file must be copied or linked to the config dir $HOME/.cloud

# [gcp] SECTION REQUIRED if gcp is listed in providers

# Service Account Authentication Method (default)

[gcp]
gcp_proj_id = sampleproject-634368
gcp_svc_acct_email = 12345678911-compute@developer.gserviceaccount.com
gcp_pem_file = SampleProject-72fcfdb29717.json

[gcp] Application authentication

When using Application Authentication the following occurs during the first execution:

  • A URL is displayed in the terminal session
  • this URL must be opened in a web-browser where an access-code is displayed
  • copy the code from the web browser and paste it into the terminal session
  • GCP will then authenticate mcc, and normal execution will continue

Credentials required when using Application Authentication

# [gcp] SECTION REQUIRED if gcp is listed in providers

# Application Authentication Method

[gcp]
gcp_auth_type = A   # variable and "A" value required to force Application Authentication
gcp_proj_id = sampleproject-634368
gcp_client_id = 12345678911-LZXcWZmyzU3v3qNPPJNEimoKgh9Wruo4.apps.googleusercontent.com
gcp_client_sec = t4ugvWTocssrVtX448tDEWBW