Configuration

The first time the utility is executed it performs the following tasks:

• Creates a config directory located at $HOME/.cloud
• Copies a sample configuration file, config.ini, to the new dir
• Displays a message instructing the user to edit config.ini

editing config.ini - mcc's configuration file

config.ini is formatted using ini syntax, and is pre-populated with sample credentials and configuration for all supported cloud providers. While editing the file, it's important to not change variable names (the left side of the '=' symbol).

Config file overview:

• It's broken into sections and each sectio name has [] around it.
• There is always a section titled [info]
  • It contains a single variable, providers that lists cloud provider accounts.
  • This is described in the INFO SECTION on this page
• Each account listed in providers must have a corresponding section of the same name.
  • Each of these sections contains credentials for the named account.
  • This is described in the PROVIDER SECTION on this page

THE [info] SECTION - specifying accounts

• The [info] section contains the providers variable
  • providers is a comma-separated list of cloud provider accounts
• Include an entry in providers for each cloud-provider-account to use
  • provider entries must be specified with these names: alicloud, aws, azure, gcp
  • do not use spaces after commas

[info]

# Example specifying aws account and azure account:
providers = aws,azure

# Example that specifies an account for all supported providers:
providers = alicloud,aws,azure,gcp

• multiple accounts per provider is specified by adding a second entry to providers
  • Additional accounts for a provider can be defined by appending a numeric suffix to the provider name
    • for example: aws2 specifies a 2nd AWS account
  • only include provider name and numeric suffixes, otherwise it the credentials will not be recognized

[info]

# Example specifying two aws accounts and one azure account:
providers = aws,aws2,azure

THE PROVIDER SECTIONS - specifying account credentials

• each entry in providers must have a corresponding section of the same name containing the credentials for that account
• the specific credential variables required for each provider vary
• they are listed in the example file and described below in "PROVIDER SPECIFIC CREDENTIAL INFORMATION"

Basic example of an aws account listed in providers and a corresponding credentials section

[info]
providers = aws

[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-1

More advanced example:

• two aws accounts and azure listed in providers
• corresponding credentials sections for each
• this example illustrates configuring mcc to use the same aws credentials in multiple regions

[info]
providers = aws,aws2,azure

[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-2

[aws2]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-east-1

[azure]
az_tenant_id = a3b7de99-6c36-e71f-e7d7-c5a1eefd9c01
az_sub_id = 2ac1b147-fdca-947c-4907-3f302a667100
az_app_id = ee16ad1d-d266-bffa-031c-008ab40d971e
az_app_sec = 22918C9e1cCC7665a+b3e4052f942630aE979CF68/v=

PROVIDER SPECIFIC CREDENTIAL INFORMATION

[alicloud]

specifies your Alibaba Cloud security credentials and default datacenter region. Alibaba Cloud region list

# [alicloud] SECTION REQUIRED if alicloud is listed in providers

[alicloud]
ali_region = cn-hangzhou
ali_access_key_id = EXCEWDYSWRP7VZOW
ali_access_key_secret = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQ

[aws]

specifies your AWS security credentials and default datacenter region. Information on AWS Credentials

# [aws] SECTION REQUIRED if aws is listed in providers

[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-1

[azure]

specifies your Azure Tenant-ID, Subscription-ID, Application-ID and Application-Secret. Creating an Azure Service Principal

# [azure] SECTION REQUIRED if azure is listed in providers

[azure]
az_tenant_id = a3b7de99-6c36-e71f-e7d7-c5a1eefd9c01
az_sub_id = 2ac1b147-fdca-947c-4907-3f302a667100
az_app_id = ee16ad1d-d266-bffa-031c-008ab40d971e
az_app_sec = 22918C9e1cCC7665a+b3e4052f942630aE979CF68/v=

[gcp]

GCP supports two authentication types, Service-Account and Application Information on Setting up Service Account Authentication

• Service Account authentication is the default method if not specified
• The authentication type is specified with gcp_auth_type and setting to S or A
• The parameters required for each authentication type are described below

[gcp] Service Account authentication

Requires that the service account key (a json file) copied or sym-linked to the mcc config dir, $HOME/.cloud

# [gcp] SECTION REQUIRED if gcp is listed in providers

# Service Account Authentication Method (default)

[gcp]
gcp_auth_type = S   # may be ommited for Service Account Authentication
gcp_proj_id = sampleproject-634368
gcp_svc_acct_email = [email protected]
gcp_pem_file = SampleProject-72fcfdb29717.json

[gcp] Application authentication

The first time the program is run when using Application Authentication:

• A URL is displayed in the terminal session
• this URL must be opened in a web-browser where an access-code is displayed
• copy the code from the web browser and paste it into the terminal session
• GCP will then authenticate mcc, and normal execution will continue

Credentials required when using Application Authentication

# [gcp] SECTION REQUIRED if gcp is listed in providers

# Application Authentication Method

[gcp]
gcp_auth_type = A
gcp_proj_id = sampleproject-634368
gcp_client_id = 12345678911-LZXcWZmyzU3v3qNPPJNEimoKgh9Wruo4.apps.googleusercontent.com
gcp_client_sec = t4ugvWTocssrVtX448tDEWBW