Configuring models

A model influences all the machines that Juju creates within it and, in turn, the applications that get deployed onto those machines. It is therefore a very powerful feature to be able to configure at the model level. Model configuration consists of a collection of keys and their respective values. An explanation of how to both view and set these key:value pairs is provided below. Notable examples are provided at the end.

Getting and setting values

You can display the current model settings by running the command:

juju model-config

This will include all the currently set key values - whether they were set by you, inherited as a default value or dynamically set by Juju.

A key's value may be set for the current model using the same command:

juju model-config no-proxy=jujucharms.com

It is also possible to specify a list of key-value pairs:

juju model-config test-mode=true enable-os-upgrade=false

Note: Juju does not currently check that the provided key is a valid setting, so make sure you spell it correctly.

To set a null value:

juju model-config apt-mirror=""

To return a value to the default setting the --reset flag is used, along with the key name:

juju model-config --reset test-mode

After deployment, the model-defaults command allows a user to display the configuration values for a model as well as set default values that all new models will use. These values can even be specified for each cloud region instead of just the controller.

To set a default value for 'ftp-proxy', for instance, you would enter the following:

juju model-defaults ftp-proxy=10.0.0.1:8000

To see both the default values and what they've been changed to, you would use:

juju model-defaults

To set default values for all new models in a specific controller region, state the region in the command, shown here using the same example settings as our previous model-config key-value pairs example above:

juju model-defaults us-east-1 test-mode=true enable-os-upgrade=false

Model settings can also be made when creating a new controller via either the --config or --model-default options. The difference being that --config affects just the 'controller' and 'default' models while --model-default affects all models, including any future ones. Below we use the --config option:

juju bootstrap --config image-stream=daily lxd lxd-daily

See Creating a controller for in-depth coverage on how to create a controller.

Note that these defaults can be overridden, on a per-model basis, during the invocation of the add-model command (option --config) as well as by resetting specific options to their original defaults through the use of the model-config command (option --reset).

Both the model-config and model-defaults commands can read key value pairs from a YAML-formatted file. For example:

juju model-config no-proxy=jujucharms.com more-config-values.yaml

List of model keys

The table below lists all the model keys which may be assigned a value. Some of these keys deserve further explanation. These are explored in the sections below the table.

Key Type Default Valid values Purpose
agent-metadata-url string The URL of the private stream.
agent-stream string released released/devel/proposed The stream to use for deploy/upgrades of agents. See additional info below.
agent-version string The patch number to use for agents. See additional info below.
apt-ftp-proxy string The APT FTP proxy for the model.
apt-http-proxy string The APT HTTP proxy for the model.
apt-https-proxy string The APT HTTPS proxy for the model.
apt-mirror string The APT mirror for the model. See additional info below.
automatically-retry-hooks bool true Set the policy on retying failed hooks. See additional info below.
container-image-metadata-url string url Corresponds to 'image-metadata-url' (see below) for cloud-hosted KVM guests or LXD containers. Not needed for the localhost cloud.
container-image-stream string url Corresponds to 'image-stream' (see below) for cloud-hosted KVM guests or LXD containers. Not needed for the localhost cloud.
container-inherit-properties string Set cloudinit parameters to be inherited from a Juju machine to its hosted containers. See additional info below.
container-networking-method string local/provider/fan The FAN networking mode to use. Default values can be provider-specific.
default-series string valid series name, e.g. 'xenial' The default series of Ubuntu to use for deploying charms.
development bool false Set whether the model is in development mode.
disable-network-management bool false Set whether to give network control to the provider instead of Juju controlling configuration. See additional info below.
enable-os-refresh-update bool true Set whether newly provisioned instances should run their respective OS's update capability. See additional info below.
enable-os-upgrade bool true Set whether newly provisioned instances should run their respective OS's upgrade capability. See additional info below.
extra-info string This is a string to store any user-desired additional metadata.
fan-config string overlay_CIDR=underlay_CIDR The FAN overlay and underlay networks in CIDR notation (space-separated).
firewall-mode string instance instance/global/none The mode to use for network firewalling. See additional info below.
ftp-proxy string url The FTP proxy value to configure on instances, in the FTP_PROXY environment variable.
http-proxy string url The HTTP proxy value to configure on instances, in the HTTP_PROXY environment variable.
https-proxy string url The HTTPS proxy value to configure on instances, in the HTTPS_PROXY environment variable.
ignore-machine-addresses bool false When true, the machine worker will not look up or discover any machine addresses.
image-metadata-url string url The URL at which the metadata used to locate OS image ids is located.
image-stream string The simplestreams stream used to identify which image ids to search when starting an instance. See additional info below.
logforward-enabled bool false Set whether the log forward function is enabled.
logging-config string The configuration string to use when configuring Juju agent logging (see this link for details).
max-status-history-age string 72h, etc. The maximum age for status history entries before they are pruned, in a human-readable time format.
max-status-history-size string 400M, 5G, etc. The maximum size for the status history collection, in human-readable memory format.
no-proxy string List of domain addresses not to be proxied (comma-separated).
provisioner-harvest-mode string destroyed all/none/unknown/destroyed Set what to do with unknown machines. See additional info below.
proxy-ssh bool false Set whether SSH commands should be proxied through the API server.
resource-tags string none A space-separated list of key=value pairs used to apply as tags on supported cloud models.
ssl-hostname-verification bool true Set whether SSL hostname verification is enabled.
test-mode bool false Set whether the model is intended for testing. If true, accessing the charm store does not affect statistical data of the store.
transmit-vendor-metrics bool true Set whether the controller will send metrics collected from this model for use in anonymized aggregate analytics.
update-status-hook-interval string 5m 30s, 6m, 1hr, etc. The run frequency of the update-status hook. The value has a random +/- 20% offset applied to avoid hooks for all units firing at once. Value change only honoured during controller and model creation (bootstrap --config and add-model --config).
vpc-id string The virtual private cloud (VPC) ID for use when configuring a new model to be deployed to a specific VPC during add-model.

APT mirror

The APT packaging system is used to install and upgrade software on machines provisioned in the model, and many charms also use APT to install software for the applications they deploy. It is possible to set a specific mirror for the APT packages to use, by setting 'apt-mirror':

juju model-config apt-mirror=http://archive.ubuntu.com/ubuntu/

To restore the default behaviour you would run:

juju model-config --reset apt-mirror

The apt-mirror option is often used to point to a local mirror. The Working offline page covers mirrors, proxies, and other aspects related to network-restricted environments.

APT updates and upgrades with faster machine provisioning

When Juju provisions a machine, its default behaviour is to upgrade existing packages to their latest version. If your OS images are fresh and/or your deployed applications do not require the latest package versions, you can disable upgrades in order to provision machines faster.

Two Boolean configuration options are available to disable APT updates and upgrades: enable-os-refresh-update (apt-get update) and enable-os-upgrade (apt-get upgrade), respectively.

enable-os-refresh-update: false
enable-os-upgrade: false

You may also want to just update the package list to ensure a charm has the latest software available to it by disabling upgrades but enabling updates.

Disable network management

This can only be used with MAAS models and should otherwise be set to 'false' (default) unless you want to take over network control from Juju because you have unique and well-defined needs. Setting this to 'true' with MAAS gives you the same behaviour with containers as you already have with other providers: one machine-local address on a single network interface, bridged to the default bridge.

Firewall mode

Modes available include:

  • instance: Requests the use of an individual firewall per instance.
  • global: Uses a single firewall for all instances (access for a network port is enabled to one instance if any instance requires that port).
  • none: Requests that no firewalling should be performed inside the model, which is useful for clouds without support for either global or per instance security groups.

Juju lifecycle and harvesting

Juju keeps state on the running model and it can harvest (remove) machines which it deems are no longer required. This can help reduce running costs and keep the model tidy. Harvesting is guided by what "harvesting mode" has been set.

A Juju machine can be in one of four states:

  • Alive: The machine is running and being used.
  • Dying: The machine is in the process of being terminated by Juju, but hasn't yet finished.
  • Dead: The machine has been successfully brought down by Juju, but is still being tracked for removal.
  • Unknown: The machine exists, but Juju knows nothing about it.

Juju can be in one of several harvesting modes, in order of most conservative to most aggressive:

  • none: Machines will never be harvested. This is a good choice if machines are managed via a process outside of Juju.
  • destroyed: Machines will be harvested if i) Juju "knows" about them and ii) they are 'Dead'.
  • unknown: Machines will be harvested if Juju does not "know" about them ('Unknown' state). Use with caution in a mixed environment or one which may contain multiple instances of Juju.
  • all: Machines will be harvested if Juju considers them to be 'destroyed' or 'unknown'.

The default mode is destroyed.

Below, the harvest mode key for the current model is set to 'none':

juju model-config provisioner-harvest-mode=none

Retrying failed hooks

Prior to version 2.0, hooks returning an error would block until the user ran a command to retry them manually:

juju resolved unit-name/#

From version 2.0, Juju will automatically retry hooks periodically - there is an exponential backoff, so hooks will be retried after 5, 10, 20, 40 seconds up to a period of 5 minutes, and then every 5 minutes. The logic behind this is that some hook errors are caused by timing issues or the temporary unavailability of other applications - automatic retry enables the Juju model to heal itself without troubling the user.

However, in some circumstances, such as debugging charms, this behaviour can be distracting and unwelcome. For this reason, it is possible to set the automatically-retry-hooks option to 'false' to disable this behaviour. In this case, users will have to manually retry any hook which fails, using the command above, as with earlier versions of Juju.

Note: Even with the automatic retry enabled, it is still possible to use the juju resolved unit-name/# command to retry manually.

Image streams

Juju, by default, uses the slow-changing 'released' images when provisioning machines. However, the image-stream option can be set to 'daily' to use more up-to-date images, thus shortening the time it takes to perform APT package upgrades.

Agent versions and streams

A full definition of an agent is provided on the Concepts and terms page.

The agent-stream option specifies the "stream" to use when a Juju agent is to be installed or upgraded. This setting reflects the general stability of the software and defaults to 'released', indicating that only the latest stable version is to be used.

To run the upcoming stable release (before it has passed the normal QA process) you can set:

agent-stream: proposed

For testing purposes, you can use the latest unstable version by setting:

agent-stream: devel

The agent-version option specifies a "patch version" for the agent that is to be installed on a new controller relative to the Juju client's current major.minor version (Juju uses a major.minor.patch numbering scheme).

For example, Juju 2.3.2 means major version 2, minor version 3, and patch version 2. On a client system with this release of Juju installed, the machine agent's version for a newly-created controller would be the same. To specify a patch version of 1 (instead of 2), the following would be run:

juju bootstrap aws --agent-version='2.3.1'

If a patch version is available that is greater than that of the client then it can be targeted in this way:

juju bootstrap aws --auto-upgrade

Container inheritance

The container-inherit-properties key allows a limited set of cloudinit parameters enabled on a Juju machine to be inherited by any hosted containers. The machine and container must be running the same series.

The parameters are:

  • apt-primary
  • apt-security
  • apt-sources
  • ca-certs

Note: The 'apt-security' parameter is not available for the 'trusty' series.

For instance:

juju model-config container-inherit-properties="ca-certs, apt-primary"