-
Notifications
You must be signed in to change notification settings - Fork 10
Configuration
The first time the utility is executed it performs the following setup tasks:
- Creates its config directory {HOME}/.cloud
- Copies a sample config.ini file to the new config dir
- Instructs the user to add their credential information to config.ini
- The sample config.ini contains sample configuration data, and extensive comments describing how to add your real data.
Notes while editing the config.ini file:
- do not change the names of the keys (titles left of the '=' symbol)
- lines with comments may be deleted (lines beginning with #)
The config.ini file uses basic ini syntax, and includes an [info] section and a section for each cloud provider account.
- The
[info]section contains a single entry that lists the cloud provider accounts thatmccwill use. - each provider-account section contains the credentials for that account
- find the
[info]section and theprovidersetting-
providersis a comma-separated list of the cloud provider accounts thatmccwill use
-
- add each cloud-provider-account to the
providersentry- specify providers using these names:
alicloud,aws,azure,gcp - only include providers for which you have valid credentials
- do not place spaces after the commas in the
providerslist - for example, to use AWS and azure, the entry should be
providers = aws,azure
- specify providers using these names:
- multiple account per provider is supported and explained after the example below
[info]
# Example specifying aws account and azure account:
providers = aws,azure
# Example that specifies an account for all supported providers:
providers = alicloud,aws,azure,gcp- multiple accounts for a provider is specified by adding a second entry to
providers- begin the second entry with the provider name:
alicloud,aws,azure,gcp - end it with a numeric suffix
- example:
aws2specifies a 2nd AWS account - only include the provider name followed by numbers - otherwise it will fail to be recognized
- begin the second entry with the provider name:
[info]
# Example specifying two aws accounts and one azure account:
providers = aws,aws2,azure- each entry in the
providerssetting must have a section of the same name that contains the authentication credentials for that provider account - the settings required for each provider are described in the "PROVIDER SPECIFIC CREDENTIAL INFORMATION" section below
Basic example of an aws account listed in providers and a corresponding credentials section
[info]
providers = aws
[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-1More advanced example: two aws accounts and azure listed in providers and a corresponding credentials sections for each. (note: in this example, the aws accounts use the same credentials, but specify different regions.)
[info]
providers = aws,aws2,azure
[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-2
[aws2]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-east-1
[azure]
az_tenant_id = a3b7de99-6c36-e71f-e7d7-c5a1eefd9c01
az_sub_id = 2ac1b147-fdca-947c-4907-3f302a667100
az_app_id = ee16ad1d-d266-bffa-031c-008ab40d971e
az_app_sec = 22918C9e1cCC7665a+b3e4052f942630aE979CF68/v=specifies your Alibaba Cloud security credentials and default datacenter region. Alibaba Cloud region list
# [alicloud] SECTION REQUIRED if alicloud is listed in providers
[alicloud]
ali_region = cn-hangzhou
ali_access_key_id = EXCEWDYSWRP7VZOW
ali_access_key_secret = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQspecifies your AWS security credentials and default datacenter region. Information on AWS Credentials
# [aws] SECTION REQUIRED if aws is listed in providers
[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-1
specifies your Azure Tenant-ID, Subscription-ID, Application-ID and Application-Secret. Creating an Azure Service Principal
# [azure] SECTION REQUIRED if azure is listed in providers
[azure]
az_tenant_id = a3b7de99-6c36-e71f-e7d7-c5a1eefd9c01
az_sub_id = 2ac1b147-fdca-947c-4907-3f302a667100
az_app_id = ee16ad1d-d266-bffa-031c-008ab40d971e
az_app_sec = 22918C9e1cCC7665a+b3e4052f942630aE979CF68/v=GCP supports two authentication types, Service-Account and Application Information on Setting up Service Account Authentication
- Service Account authentication is the default method if not specified
- The authentication type is specified with
gcp_auth_typeand setting toSorA - The parameters required for each authentication type are described below
Requires that the service account key (a json file) copied or moved to the mcc config dir
# [gcp] SECTION REQUIRED if gcp is listed in providers
# Service Account Authentication Method (default)
[gcp]
gcp_auth_type = S # may be ommited for Service Account Authentication
gcp_proj_id = sampleproject-634368
gcp_svc_acct_email = [email protected]
gcp_pem_file = SampleProject-72fcfdb29717.jsonThe first time the program is run when using Application Authentication:
- A URL is displayed in the terminal session
- this URL must be opened in a web-browser where an access-code is displayed
- copy the code from the web browser and paste it into the terminal session
- GCP will then authenticate
mcc, and normal execution will continue
[gcp] credentials required when using Application Authentication
# [gcp] SECTION REQUIRED if gcp is listed in providers
# Application Authentication Method
[gcp]
gcp_auth_type = A
gcp_proj_id = sampleproject-634368
gcp_client_id = 12345678911-LZXcWZmyzU3v3qNPPJNEimoKgh9Wruo4.apps.googleusercontent.com
gcp_client_sec = t4ugvWTocssrVtX448tDEWBW