-
Notifications
You must be signed in to change notification settings - Fork 10
Configuration
The first time the utility is executed it performs the following tasks:
- Creates a config directory located at $HOME/.cloud
- Copies a sample configuration file,
config.ini
, to the new dir - Displays a message instructing the user to edit
config.ini
config.ini
is formatted using ini syntax, and is pre-populated with sample credentials and configuration for all supported cloud providers. While editing the file, it's important to not change variable names (the left side of the '=' symbol).
Config file overview:
- It's broken into sections and each sectio name has
[]
around it. - There is always a section titled
[info]
- It contains a single variable,
providers
that lists cloud provider accounts. - This is described in the INFO SECTION on this page
- It contains a single variable,
- Each account listed in
providers
must have a corresponding section of the same name.- Each of these sections contains credentials for the named account.
- This is described in the PROVIDER SECTION on this page
- The
[info]
section contains theproviders
variable-
providers
is a comma-separated list of cloud provider accounts
-
- Include an entry in
providers
for each cloud-provider-account to use- provider entries must be specified with these names:
alicloud
,aws
,azure
,gcp
- do not use spaces after commas
- provider entries must be specified with these names:
[info]
# Example specifying aws account and azure account:
providers = aws,azure
# Example that specifies an account for all supported providers:
providers = alicloud,aws,azure,gcp
- multiple accounts per provider is specified by adding a second entry to
providers
- Additional accounts for a provider can be defined by appending a numeric suffix to the provider name
- for example:
aws2
specifies a 2nd AWS account
- for example:
- only include provider name and numeric suffixes, otherwise it the credentials will not be recognized
- Additional accounts for a provider can be defined by appending a numeric suffix to the provider name
[info]
# Example specifying two aws accounts and one azure account:
providers = aws,aws2,azure
- each entry in
providers
must have a corresponding section of the same name containing the credentials for that account - the specific credential variables required for each provider vary
- they are listed in the example file and described below in "PROVIDER SPECIFIC CREDENTIAL INFORMATION"
Basic example of an aws account listed in providers
and a corresponding credentials section
[info]
providers = aws
[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-1
More advanced example:
- two aws accounts and azure listed in
providers
- corresponding credentials sections for each
- this example illustrates configuring mcc to use the same aws credentials in multiple regions
[info]
providers = aws,aws2,azure
[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-2
[aws2]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-east-1
[azure]
az_tenant_id = a3b7de99-6c36-e71f-e7d7-c5a1eefd9c01
az_sub_id = 2ac1b147-fdca-947c-4907-3f302a667100
az_app_id = ee16ad1d-d266-bffa-031c-008ab40d971e
az_app_sec = 22918C9e1cCC7665a+b3e4052f942630aE979CF68/v=
specifies your Alibaba Cloud security credentials and default datacenter region. Alibaba Cloud region list
# [alicloud] SECTION REQUIRED if alicloud is listed in providers
[alicloud]
ali_region = cn-hangzhou
ali_access_key_id = EXCEWDYSWRP7VZOW
ali_access_key_secret = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQ
specifies your AWS security credentials and default datacenter region. Information on AWS Credentials
# [aws] SECTION REQUIRED if aws is listed in providers
[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-1
specifies your Azure Tenant-ID, Subscription-ID, Application-ID and Application-Secret. Creating an Azure Service Principal
# [azure] SECTION REQUIRED if azure is listed in providers
[azure]
az_tenant_id = a3b7de99-6c36-e71f-e7d7-c5a1eefd9c01
az_sub_id = 2ac1b147-fdca-947c-4907-3f302a667100
az_app_id = ee16ad1d-d266-bffa-031c-008ab40d971e
az_app_sec = 22918C9e1cCC7665a+b3e4052f942630aE979CF68/v=
GCP supports two authentication types, Service-Account and Application Information on Setting up Service Account Authentication
- Service Account authentication is the default method if not specified
- The authentication type is specified with
gcp_auth_type
and setting toS
orA
- The parameters required for each authentication type are described below
Requires that the service account key (a json file) copied or sym-linked to the mcc
config dir, $HOME/.cloud
# [gcp] SECTION REQUIRED if gcp is listed in providers
# Service Account Authentication Method (default)
[gcp]
gcp_auth_type = S # may be ommited for Service Account Authentication
gcp_proj_id = sampleproject-634368
gcp_svc_acct_email = [email protected]
gcp_pem_file = SampleProject-72fcfdb29717.json
The first time the program is run when using Application Authentication:
- A URL is displayed in the terminal session
- this URL must be opened in a web-browser where an access-code is displayed
- copy the code from the web browser and paste it into the terminal session
- GCP will then authenticate
mcc
, and normal execution will continue
Credentials required when using Application Authentication
# [gcp] SECTION REQUIRED if gcp is listed in providers
# Application Authentication Method
[gcp]
gcp_auth_type = A
gcp_proj_id = sampleproject-634368
gcp_client_id = 12345678911-LZXcWZmyzU3v3qNPPJNEimoKgh9Wruo4.apps.googleusercontent.com
gcp_client_sec = t4ugvWTocssrVtX448tDEWBW