-
Notifications
You must be signed in to change notification settings - Fork 10
Configuration
The first time the utility is executed it performs the following tasks:
- Creates a config directory for
mcc
located at $HOME/.cloud - Copies a sample configuration file,
config.ini
, to the new dir - Displays a message instructing the user to edit
config.ini
config.ini
is formatted using ini syntax, and is pre-populated with sample credentials and configuration for all supported cloud providers. While editing the file, it's important to not change variable names (the variable names are on the left side of the '=' symbol).
It's broken into sections (items with []
around them) and entries (items under each section). There is a section titles [info]
and additional sections for each cloud provider account.
- The
[info]
section contains a single variable (providers
) that lists cloud provider accounts. - For each item listed in
providers
, the must be a corresponding section of the same name. - each provider-account section contains the credentials for that account
- In the
[info]
section find theproviders
variable-
providers
is a comma-separated list of cloud provider accounts to use
-
- append an entry to
providers
for each cloud-provider-account to use- provider entries are specified with these names:
alicloud
,aws
,azure
,gcp
- do not place spaces after the commas in the
providers
list - for example, to use AWS and azure, the entry should be
providers = aws,azure
- only include providers that you intend to use with
mcc
- provider entries are specified with these names:
[info]
# Example specifying aws account and azure account:
providers = aws,azure
# Example that specifies an account for all supported providers:
providers = alicloud,aws,azure,gcp
- multiple accounts per provider is specified by adding a second entry to
providers
- begin the second entry with the provider name:
alicloud
,aws
,azure
,gcp
- end it with a numeric suffix
- example:
aws2
specifies a 2nd AWS account - only include the provider name followed by numbers - otherwise it will fail to be recognized
- begin the second entry with the provider name:
[info]
# Example specifying two aws accounts and one azure account:
providers = aws,aws2,azure
- each entry in
providers
must have a corresponding section of the same name containing the credentials for that account - the settings required for each provider are described in the "PROVIDER SPECIFIC CREDENTIAL INFORMATION" section
Basic example of an aws account listed in providers
and a corresponding credentials section
[info]
providers = aws
[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-1
More advanced example:
- two aws accounts and azure listed in
providers
- corresponding credentials sections for each
- note: in this example, the aws accounts specify different regions but use the same credentials
[info]
providers = aws,aws2,azure
[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-2
[aws2]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-east-1
[azure]
az_tenant_id = a3b7de99-6c36-e71f-e7d7-c5a1eefd9c01
az_sub_id = 2ac1b147-fdca-947c-4907-3f302a667100
az_app_id = ee16ad1d-d266-bffa-031c-008ab40d971e
az_app_sec = 22918C9e1cCC7665a+b3e4052f942630aE979CF68/v=
specifies your Alibaba Cloud security credentials and default datacenter region. Alibaba Cloud region list
# [alicloud] SECTION REQUIRED if alicloud is listed in providers
[alicloud]
ali_region = cn-hangzhou
ali_access_key_id = EXCEWDYSWRP7VZOW
ali_access_key_secret = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQ
specifies your AWS security credentials and default datacenter region. Information on AWS Credentials
# [aws] SECTION REQUIRED if aws is listed in providers
[aws]
aws_access_key_id = EXCEWDYSWRP7VZOW4VAW
aws_secret_access_key = CHVsdhV+YgBEjJuZsJNstLGgRY43kZggNHQEh/JK
aws_default_region = us-west-1
specifies your Azure Tenant-ID, Subscription-ID, Application-ID and Application-Secret. Creating an Azure Service Principal
# [azure] SECTION REQUIRED if azure is listed in providers
[azure]
az_tenant_id = a3b7de99-6c36-e71f-e7d7-c5a1eefd9c01
az_sub_id = 2ac1b147-fdca-947c-4907-3f302a667100
az_app_id = ee16ad1d-d266-bffa-031c-008ab40d971e
az_app_sec = 22918C9e1cCC7665a+b3e4052f942630aE979CF68/v=
GCP supports two authentication types, Service-Account and Application Information on Setting up Service Account Authentication
- Service Account authentication is the default method if not specified
- The authentication type is specified with
gcp_auth_type
and setting toS
orA
- The parameters required for each authentication type are described below
Requires that the service account key (a json file) copied or moved to the mcc
config dir
# [gcp] SECTION REQUIRED if gcp is listed in providers
# Service Account Authentication Method (default)
[gcp]
gcp_auth_type = S # may be ommited for Service Account Authentication
gcp_proj_id = sampleproject-634368
gcp_svc_acct_email = [email protected]
gcp_pem_file = SampleProject-72fcfdb29717.json
The first time the program is run when using Application Authentication:
- A URL is displayed in the terminal session
- this URL must be opened in a web-browser where an access-code is displayed
- copy the code from the web browser and paste it into the terminal session
- GCP will then authenticate
mcc
, and normal execution will continue
[gcp]
credentials required when using Application Authentication
# [gcp] SECTION REQUIRED if gcp is listed in providers
# Application Authentication Method
[gcp]
gcp_auth_type = A
gcp_proj_id = sampleproject-634368
gcp_client_id = 12345678911-LZXcWZmyzU3v3qNPPJNEimoKgh9Wruo4.apps.googleusercontent.com
gcp_client_sec = t4ugvWTocssrVtX448tDEWBW