This section is about understanding models with multiple users.
When an administrator adds a model, by default, the cloud credentials used throughout the model will be those that the admin used to create the controller and the SSH keys copied across the model will be those of the controller model. The administrator can override these defaults with the appropriate command options.
The model creator becomes, by default, the model owner. However, the creation process does allow for owner designation.
Add model 'mymodel' (in the current controller):
juju add-model mymodel
Add model 'mymodel' and designate user 'tron' as the owner:
juju add-model --owner=tron mymodel
See Adding a model for details on adding models.
An administrator can use the
grant command to grant a user either read or write
access to any model.
read: a user can view the state of a model with the
write: a user can both view the state of a model and make any changes required, though they can't create, backup or destroy models.
To give 'bob' read-only access to the model 'mymodel', for example, the administrator would enter the following:
juju grant bob read mymodel
To give 'jim' write access to the same model, the administrator would use the following:
juju grant jim write mymodel
See Users for details on available commands.
Note: Each user has control over naming the models they own. This means
it is possible for two users,
claire, to each have a model with
the same name,
foo. This could cause difficulty when
claire needs to access
jane's model. Because of this, it is possible to refer to models
<owner>/<model> in place of just the model name. For example,
can get the status of the model using
juju status -m jane/foo.
A controller is a special kind of model that acts as the management node for each cloud environment. Properly managed access to any controller is critical to the security and stability of your cloud and all its models.
In addition to the two levels of user access for models, three further levels of access are used to manage access to Juju's controllers:
login: the standard access level for any user, enabling them to connect to a cloud and access any permitted models.
add-model: in addition to login access, a user is also be permitted to add and remove new models.
superuser: grants a user the same permissions as an administrator and complete control over the deployed environment.
grant syntax for controller access is the same as model
access, only without the need to specify a model. With no controller specified,
the current controller will be assumed the target:
juju grant jim add-model
A controller can be specified using the
--controller argument followed by the
name of the controller:
juju grant jim add-model --controller admin-lxd
users command can be used to list all users registered to a controller, along
with their access levels. The output will look similar to the following:
Controller: admin-lxd Name Display name Access Date created Last connection admin* admin superuser 2016-11-14 just now bob login 1 hour ago 58 minutes ago jim add-model 2016-11-14 58 minutes ago
It is possible to give a user access to a controller without creating a local account for them. Linking the controller to the external identity manager, such as the Ubuntu SSO, in this way provides the benefit of convenience, as the authentication system used may also be used for other systems. This reduces the number of login credentials that users must remember across multiple systems.
To do this, these criteria must first be met:
- The user must already have an account on an external identity manager
- The controller must have been created (bootstrapped) using the identity
configuration option, like here where we use the URL for the Ubuntu SSO
- The user must first log in to http://jujucharms.com at least once before attempting to log in to Juju as an external user
- The user must install Juju on the machine from which they will access the controller
On the controller, you grant Frances access to add models using:
juju grant frances@external addmodel
!!!Note: the '@external' is required as it indicates where the credential comes from, as opposed to '@local'.
You can allow anyone with an Ubuntu SSO account to create models on this controller like this:
juju grant everyone@external addmodel
Sharing controller information must be done directly between the controller
owner and the external user, such as via email, and manually adding the
controller information to the local user's
in Ubuntu and other Linux distributions and the similar location in other OSes.
The external user will log in from their machine with
juju login -u <username>.
They will be directed to the URL for the external identity provider so that
they may log in there and then will be granted access to the controller.
For the external user to create models from the controller, they must have credentials for that provider, for example, GCE or AWS. Any models created by this user will use these credentials.
juju add-model test --credential gce
To learn more about credentials, see credentials.
The 'revoke' command is used to remove a user's access to either a model or a controller. To revoke 'add-model' controller access for user 'jim', you would use the following:
juju revoke jim add-model
revoke command has been issued, a user's access will reduce to the
next lower access level. With the above example, user 'jim' would have have
'add-model' access reduced to 'login' access on the controller. This also means
that if a user has write access to a model, the following command would revoke
both read and write access:
juju revoke bob read mymodel
Note: The admin user has credentials stored in the controller and will be able to perform functions on any model. However, a regular user who has been given 'add-model' permissions may need to specify which credential to use when logging in to a model for the first time. To specify a credential, run 'juju add-credential'.