On Wed, Apr 27, 2016 at 6:43 PM, Andreas Hasenack <andr...@canonical.com> wrote:
> On Wed, Apr 27, 2016 at 10:59 AM, John Meinel <j...@arbash-meinel.com> > wrote: > >> ... >> >> >>> >>>> As noted, the number of times you have to bootstrap should be going >>>> down, and if you are bootstrapping different-but-similar, then you again >>>> have a single config that can be reused. >>>> >>> >>> I'd love to be able to share a controller node with my colleagues. I >>> tried setting that up and creating a juju user, but in the end that user's >>> MAAS nodes were all allocated to "me" in MAAS, which was a bit unexpected. >>> The person running juju commands had his own MAAS credentials setup. Until >>> that is not setup, I can't keep a MAAS node allocated to my user 24/7, it's >>> an expensive resource. I need to play with this shared controller idea a >>> bit more. >>> >>> >>> >> Were they using the same model or had they created their own model to >> work in? It may be that you had given them Admin rights on the controller, >> which meant that "juju add-model" then uses the admin credentials by >> default. I've heard that users that aren't admin but can create models are >> being prompted for what credentials should be used for this model. >> > > They were not admins. This is what I did, from memory: > - bootstrapped on MAAS > - created a model for user foo > - created user foo, with --share for that model > - granted user foo write access acl to model foo > - sent the register line to the user > > That user already had a cloud for this MAAS server, with credentials. He > ran the register command, then deployed services. The MAAS nodes that got > these services were under my name, not his. > > Unfortunately, for the 2.0 series the credentials used to manage machines are tied to the model. He'll need to create a different model (juju add-model --credentials XXX) to create machines with different credentials. The problem is that generally visibility between machines/security groups/etc is not guaranteed between credentials on various providers. (Consider Virtual Private Cloud on AWS, different credentials may not even have the same network for machines to communicate to eachother.) It might be something that we can look into, but it requires a bunch of updates at the minimum (we'd need to start tracking individual credentials per machine, being able to handle split results when listing machines with each set of credentials, etc.) > >> So even if they are Admin, we do have: >> juju create-model --credential BLAH >> >> Which he can use to override the default credentials so that machines he >> provisions show up under his account. I do believe that this is a recent >> introduction in 2.0-beta. I do believe that we are currently modeling that >> all machines in a given model are provisioned with the same credentials. We >> may come back to this, but AIUI that is the plan for 2.0-final. >> >> > Cool. I'm on beta6 now, was on beta5 or earlier when I tried the above. > > Again, it is "model" level granularity, but you should be able to give him a space where he can manage his machines separately from yours, and have them show up that way in MaaS as well. John =:->
-- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
