Feature Highlight: Cross-model relations


#1

Cross model relations (CMR) enable relations to span models, clouds and controllers. Intended use cases include:

  • use a central vault server for shared secrets
  • maintaining a data warehouse centrally, making it accessible to others
  • using a central identity service, such as Keystone, in multiple models
  • using multiple models to support different components of a single OpenStack instance


Example usage

As a simple example, let’s say that we want a single certificate authority to issue certificates for all models under our control. The ~containers/easyrsa charm is well suited for that task. As an implementation detail, it requires very few system resources and therefore we specify very small minimal application constraints:

Step 1: Add model

Issue the add-model command:

juju add-model ca

Output:

Added 'ca' model on <cloud>/<region> with credential <credential> for user <user>

Step 3: Deploy application

Issue the deploy command with the ~containers/easyrsa. (The tilde sigil indicates user account).

juju deploy ~containers/easyrsa --constraints="mem=128 cores=1"

Producing:

Located charm "cs:~containers/easyrsa-278".
Deploying charm "cs:~containers/easyrsa-278".

Step 4: Offer relation

To make the relation available to other models, use juju offer. juju offer requires that the endpoint is specified explicitly, as many charms support multiple relation endpoints.

juju offer easyrsa:client

Output:

Application "easyrsa" endpoints [client] available at "<user>/ca.easyrsa"

Step 5: Check

The export-bundle command produces a YAML file that is able to be used to inspect the entire deployment.

juju export-bundle
series: bionic
applications:
  easyrsa:
    charm: cs:~containers/easyrsa-278
    num_units: 1
    to:
    - "0"
    constraints: cpu-cores=1 mem=128
machines:
  "0":
    constraints: cpu-cores=1 mem=128
--- # overlay.yaml
applications:
  easyrsa:
    offers:
      easyrsa:
        endpoints:
        - client
        acl:
          admin: admin

The overlay.yaml section now includes an offer from the easyrsa application. “Overlay” is a term that originates from “overlay bundles” which enable bundles to be customised without altering the original.

Step 6: Relate from another model

Similar to step 1, we start with a fresh model:

juju add-model message-bus

Produces:

Added 'message-bus' model on <cloud>/<region> with credential <credential> for user <user>

Let’s deploy our dummy workload - a RabbitMQ instance:

juju deploy rabbitmq-server
Located charm "cs:rabbitmq-server-95".
Deploying charm "cs:rabbitmq-server-95".

Now use the consume command to relate the two applications:

juju consume <user>/ca.easyrsa

After a few seconds, you should receive this output:

Added <user>/ca.easyrsa as easyrsa

Check relation status

juju export-bundle
series: bionic
saas:
  easyrsa:
    url: can-tsm:admin/yaml-ex.easyrsa
applications:
  rabbitmq-server:
    charm: cs:rabbitmq-server-95
    num_units: 1
    to:
    - "0"
machines:
  "0": {}

Learn more

Further reading, including links to discussions about users putting this into practice: