juju2: format of clouds.yaml for juju add-cloud

Tue May 3 13:28:57 UTC 2016

On 03/05/16 23:09, Andreas Hasenack wrote:
> On Wed, Apr 20, 2016 at 7:07 PM, Andrew Wilkins <
> andrew.wilkins at canonical.com> wrote:
> 
>> On Thu, Apr 21, 2016 at 2:44 AM Andreas Hasenack <andreas at canonical.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I was trying to add another "cloud" so that I could have multiple MAAS
>>> servers available to bootstrap on, without having to type the MAAS IP
>>> everytime in the bootstrap command line, and pass --credential.
>>>
>>> Some reading lead me to juju add-cloud, but the documentation only has
>>> examples for openstack clouds, like:
>>>
>>> clouds:
>>>   <cloud_name>:
>>>     type: <type_of_cloud>
>>>     regions:
>>>       <region-name>:
>>>         endpoint: <https://xxx.yyy.zzz:35574/v3.0/>
>>>         auth-types: <[access-key, oauth, userpass]>
>>>
>>>
>>> That does not translate immediately to a MAAS configuration. I asked for
>>> help on IRC and mgz provided me with this syntax:
>>>
>>> clouds:
>>>   some-name:
>>>     type: maas
>>>     auth-types: [oauth1]
>>>     endpoint: 'http://<IP>/MAAS/'
>>>
>>>
>>> Are there other options that could be used here, specific to the "maas"
>>> type? What about other cloud types, what changes in this template?
>>>
>>
>> Everything that you can use is used here:
>> http://streams.canonical.com/juju/public-clouds.syaml. So the things in
>> there of note are "storage-endpoint" and "regions".
>>
>>
> 
> What's "domain-name"?
> andreas at nsn7:~$ juju add-credential cistack
>   credential name: cistack
>   auth-type: userpass
>   username: andreas
>   password:
>   tenant-name: andreas
>   domain-name: ?????
> credentials added for cloud cistack
> 
> It's not used in http://streams.canonical.com/juju/public-clouds.syaml, nor
> is it documented in
> https://jujucharms.com/docs/devel/clouds#specifying-additional-clouds. I

The syaml referred to above is for cloud definitions. The command being run is
for adding a credential. The credential data model is different to clouds. The
type of cloud though (eg openstack vs aws vs google) determine what credential
attributes are valid. "domain-name" is used for keystone v3 authentication. It
is optional and not needed for keystone v2. Whether to enter it or not depends
entirely on your openstack setup.

> can take a guess (DNS domain name), but I don't know where and how it's
> used. juju1 didn't have that, and nor does the novarc file given to me by
> horizon.
> 

Yes, only Juju v2 supports keystone 3.

As a reminder, the release notes sent out with each beta explain it:

https://jujucharms.com/docs/devel/temp-release-notes#keystone-3-support-in-openstack

### Keystone 3 support in Openstack.

Juju now supports Openstack with Keystone Identity provider V3. Keystone
3 brings a new attribute to our credentials, "domain-name"
(OS_DOMAIN_NAME) which is optional. If "domain-name" is present (and
user/password too) juju will use V3 authentication by default. In other
cases where only user and password is present, it will query Openstack
as to what identity providers are supported, and their endpoints. V3
will be tried and, if it works, set as the identity provider or else it
will settle for V2, the previous standard.