euca2ools.ini (5)
NAME
euca2ools.ini -- configuration for euca2ools
DESCRIPTION
euca2ools.ini files are used to configure the euca2ools suite of command line tools. They store the locations of the services for the commands to contact, the security credentials to use to authenticate to them, and other configuration options as well.
FILE FORMAT
euca2ools.ini is broken into a number of sections. Sections are denoted by section headers, which consist of section names surrounded by square braces. Within each section, an option is set by listing its name, an ``='' sign, and its value. For example, the following enables debugging for all commands by setting the ``debug'' option in the ``global'' section to ``true'':
[global]
debug = true
Most sections have user-defined names. Such a section's name is defined by a second word in its header. Named sections provide a means of choosing different configuration using the command line. For example, the following defines two regions with different URLs for their EC2 services that one can select using the --region command line option:
[region us-east-1]
ec2-url = https://ec2.us-east-1.amazonaws.com/
[region eu-west-1]
ec2-url = https://ec2.eu-west-1.amazonaws.com/
Named sections can contain ``*'' wildcards, which makes them act as fallbacks when options are not available in sections with more specific names that contain fewer wildcards. Sections with more specific names take precedence over those with less specific names. ``*'' sections function as defaults when the value for an option cannot be found anywhere else.
Named sections can also be organized into groups by choosing names for groups and prepending section names with them, separated by ``:'' characters. When combined with wildcards, this allows one to specify defaults for several sections at once and then override them as needed as in the following example:
[region aws:*]
certificate = /usr/share/euca2ools/certs/cert-ec2.pem
verify-ssl = true
[region aws:us-gov-west-1]
certificate = /usr/share/euca2ools/certs/cert-ec2-gov.pem
Finally, options in named sections may refer to other sections by using the use keyword followed by the section name to refer to. This differs from simply duplicating the option from the other section in that commands that are sensitive to the name of the section the option came from, such as those that use AWS signature version 4, will be able to determine which section an option originates from.
REGION SELECTION
The --region option provided by most euca2ools commands allows one to control the user section and the region section those commands use to find configuration data by supplying it with a user name, a region name, or both in one of the following formats:
o --region REGION
o --region USER@
o --region USER@REGION
The AWS_DEFAULT_REGION environment variable works the same way, but with lower priority.
OPTIONS
Global section
The global section contains settings that affect all commands.
debug When set to true, enable debugging for all commands. When set to color, enable debugging for all commands and additionally colorize debug output based on severity level.
default-region
The name of the region to use when no region is otherwise specified.
max-retries
The maximum number of times commands should retry their requests to the server before giving up. The default is 2.
timeout
The amount of time, in seconds, to wait for the server to respond to requests before giving up. The default is 30.
User section
A user section contains information that is specific to an identity in the cloud, usually an IAM user.
account-id
The account's 12-digit ID number.
key-id The user's access key ID to use for authentication. Access key IDs come paired with secret keys; the ID specified with this option must correspond to the secret key specified with the secret-key option.
secret-key
The user's secret key to use for authentication. Secret keys come paired with access key IDs; the secret key specified with this option must correspond to the access key ID specified with the key-id option.
certificate
The file name containing the user's signing certificate. This is used only by commands that bundle images: euca-bundle-and-upload-image(1), euca-bundle-image(1), euca-bundle-vol(1), euca-install-image(1), and euimage-install-pack(1).
private-key
The file name containing the private key for the user's signing certificate. This is used only by commands that bundle and unbundle images: euca-bundle-and-upload-image(1), euca-bundle-image(1), euca-bundle-vol(1), euca-download-and-unbundle(1), euca-install-image(1), euca-unbundle(1), and euimage-install-pack(1).
Region section
A region section contains information that is specific to a cloud region, such as a Eucalyptus installation or an Amazon Web Services region.
SERVICE-url
The URL to use to contact the service with the name SERVICE. For a list of valid service names, see euca2ools(7).
user The user section to use for this region when no other user is otherwise specified.
certificate
The file name containing the cloud's image-bundling certificate. This is used only by commands that bundle images: euca-bundle-and-upload-image(1), euca-bundle-image(1), euca-bundle-vol(1), euca-install-image(1), and euimage-install-pack(1).
s3-force-sigv4
Force commands that access the s3 service to use AWS signature version 4. The default is false.
s3-location-constraint
The location constraint needed to create buckets in the region's object storage service.
verify-ssl
Whether or not to verify the server's SSL certificates. The default is false.
vpn-stylesheet
The location of the XSLT stylesheet for euca-create-vpn-connection(1) or euca-describe-vpn-connections(1) to use to reformat VPN connection information. If the location is an HTTP or HTTPS URL it will be downloaded as needed. If it contains ``{format}'' that will be replaced with the desired format.
NOTES
Commands that create access keys can format their output in the form of a euca2ools.ini file, simplifying the process of distributing access keys and URL information to users. This can replace the ``eucarc'' files generated by eucalyptus's 'euca_conf --get-credentials' command.
FILES
euca2ools.ini configuration data are read from files in alphabetical order in the following locations:
1. /etc/euca2ools/euca2ools.ini
2. /etc/euca2ools/conf.d/*.ini
3. ~/.euca/*.ini
In cases where the same option is defined in more than one file, the file that appears last in this list will take precedence.
SEE ALSO
euca2ools(7)
HISTORY
euca2ools.ini first appeared in euca2ools 3.0.