This page refers to Cross model relations. See that page for background information.
In this example, we supply a CMR infrastructure “out of the box” with a few nimble commands and then proceed to query, poke, analyse, and finally extend it by addressing firewall concerns.
This scenario describes a MediaWiki deployment, based upon multiple (LXD) controllers, used by a non-admin user, and consumed by a single model.
Build the infrastructure
The infrastructure is built in this way:
juju bootstrap localhost lxd-cmr-1
juju add-model cmr-model-1
juju deploy mysql
juju offer mysql:db
juju bootstrap localhost lxd-cmr-2
juju add-model cmr-model-2
juju deploy mediawiki
juju add-relation mediawiki:db lxd-cmr-1:admin/cmr-model-1.mysql
status command provides a summary of what offers have been made. Here we’ll apply it to the model ‘cmr-model-1’ in the ‘lxd-cmr-1’ controller:
juju status --relations -m lxd-cmr-1:cmr-model-1
Model Controller Cloud/Region Version SLA Timestamp
cmr-model-1 lxd-cmr-1 localhost/localhost 2.4-beta4 unsupported 18:32:57Z
App Version Status Scale Charm Store Rev OS Notes
mysql 5.7.22 active 1 mysql jujucharms 58 ubuntu
Unit Workload Agent Machine Public address Ports Message
mysql/0* active idle 0 10.252.47.60 3306/tcp Ready
Machine State DNS Inst id Series AZ Message
0 started 10.252.47.60 juju-68c45a-0 xenial Running
Offer Application Charm Rev Connected Endpoint Interface Role
mysql mysql mysql 58 1/1 db mysql provider
Relation provider Requirer Interface Type Message
mysql:cluster mysql:cluster mysql-ha peer
In the ‘Offer’ section, the ‘Connected’ column shows the number of active connections to the offer and the total number of connections/relations (including those suspended).
offers command (alias
juju list-offers) shows similar information. However, it also allows for several formats, each of which displays different kinds of information.
The ‘summary’ format provides information very similar to that gained via the
status command (it adds the offer URL):
juju offers --format summary -m lxd-cmr-1:cmr-model-1
Offer Application Charm Connected Store URL Endpoint Interface Role
mysql mysql cs:mysql-58 1/1 lxd-cmr-1 admin/cmr-model-1.mysql db mysql provider
The ‘yaml’ format shows additional information, such as who is allowed to access the offer and what ingress subnets are required to allow traffic from the consuming model:
juju offers --format yaml -m lxd-cmr-1:cmr-model-1
- source-model-uuid: 4f032e24-4912-4620-894e-0b8f5324465c
The ‘tabular’ format (the default) shows each relation (connection) to the offer from the consuming model:
juju offers -m lxd-cmr-1:cmr-model-1
Offer User Relation id Status Endpoint Interface Role Ingress subnets
mysql admin 1 joined db mysql provider 10.252.47.222/32
This command can also filter what offers are included in the result. Note that, for brevity, the scenario model is not specified in the below examples.
To list all offers for a given application:
juju offers --application mysql
To list all offers for a given interface:
juju offers --interface mysql
To list all offers for a given user who has created a relation to the offer:
juju offers --connected-user <user name>
To list all offers for a given user who can consume the offer:
juju offers --format summary --allowed-consumer <user name>
The above command is best run with
--format summary as the intent is to see, for a given user, what offers they might relate to, regardless of whether there are existing relations (which is what the tabular view shows).
To list a specific offer (here named ‘mysql’):
juju offers mysql
juju show-offer command gives details about a specific offer:
juju show-offer lxd-cmr-1:admin/cmr-model-1.mysql
Store URL Access Description Endpoint Interface Role
lxd-cmr-1 admin/cmr-model-1.mysql admin MySQL is a fast, stable and true multi-user, db mysql provider
multi-threaded SQL database server. SQL
(Structured Query Language) is the most
popular database query language in the world.
Notice how this command takes the offer URL as the argument. The controller portion (‘lxd-cmr-1’) can be omitted if the current controller contains the offer. In the same vein, if the offer resides in the current model then just the short name can be used (‘cmr-model-1.mysql’).
For more details, including which users can access the offer, use the ‘yaml’ format.
A non-admin user with read/consume access can also view an offer’s details, but they won’t see user ACL information.
Offers can be searched based on various criteria:
- URL (or part thereof)
- offer name
- model name
- interface name
The results will show information about the offer, including the ACL permissions (of the user making the query).
To find all offers on controller
juju find-offers lxd-cmr-1:
Store URL Access Interfaces
lxd-cmr-1 admin/cmr-model-1.mysql admin mysql:db
The ‘yaml’ format will display extra information, including users who can access the offer (if an admin is making the query). Below we show this, in addition to searching by offer name:
juju find-offers lxd-cmr-1: --offer mysql --format yaml
To find offers in model
cmr-model-1 on controller
juju find-offers lxd-cmr-1:cmr-model-1
Relating to offers from behind a firewall
Let the consuming model in this scenario be protected by a firewall that NATs all outgoing traffic to the single IPv4 address of 184.108.40.206/32.
Here, the admin on the offering side decided to create a whitelist consisting of a range of addresses known to cover the consuming side:
juju set-firewall-rule juju-application-offer --whitelist 220.127.116.11/16
Now request to have the single NAT address contact the offer:
juju add-relation mediawiki:db lxd-cmr-1:admin/cmr-model-1.mysql --via 18.104.22.168/32