Cross model relations (CMR) enable relations to span models, clouds and controllers. Intended use cases include:
- use a central vault server for shared secrets
- maintaining a data warehouse centrally, making it accessible to others
- using a central identity service, such as Keystone, in multiple models
- using multiple models to support different components of a single OpenStack instance
Example usage
As a simple example, let’s say that we want a single certificate authority to issue certificates for all models under our control. The ~containers/easyrsa charm is well suited for that task. As an implementation detail, it requires very few system resources and therefore we specify very small minimal application constraints:
Step 1: Add model
Issue the add-model command:
juju add-model ca
Output:
Added 'ca' model on <cloud>/<region> with credential <credential> for user <user>
Step 3: Deploy application
Issue the deploy command with the ~containers/easyrsa. (The tilde sigil indicates user account).
juju deploy ~containers/easyrsa --constraints="mem=128 cores=1"
Producing:
Located charm "cs:~containers/easyrsa-278".
Deploying charm "cs:~containers/easyrsa-278".
Step 4: Offer relation
To make the relation available to other models, use juju offer. juju offer requires that the endpoint is specified explicitly, as many charms support multiple relation endpoints.
juju offer easyrsa:client
Output:
Application "easyrsa" endpoints [client] available at "<user>/ca.easyrsa"
Step 5: Check
The export-bundle command produces a YAML file that is able to be used to inspect the entire deployment.
juju export-bundle
series: bionic
applications:
easyrsa:
charm: cs:~containers/easyrsa-278
num_units: 1
to:
- "0"
constraints: cpu-cores=1 mem=128
machines:
"0":
constraints: cpu-cores=1 mem=128
--- # overlay.yaml
applications:
easyrsa:
offers:
easyrsa:
endpoints:
- client
acl:
admin: admin
The overlay.yaml section now includes an offer from the easyrsa application. “Overlay” is a term that originates from “overlay bundles” which enable bundles to be customised without altering the original.
Step 6: Relate from another model
Similar to step 1, we start with a fresh model:
juju add-model message-bus
Produces:
Added 'message-bus' model on <cloud>/<region> with credential <credential> for user <user>
Let’s deploy our dummy workload - a RabbitMQ instance:
juju deploy rabbitmq-server
Located charm "cs:rabbitmq-server-95".
Deploying charm "cs:rabbitmq-server-95".
Now use the consume command to relate the two applications:
juju consume <user>/ca.easyrsa
After a few seconds, you should receive this output:
Added <user>/ca.easyrsa as easyrsa
Check relation status
juju export-bundle
series: bionic
saas:
easyrsa:
url: can-tsm:admin/yaml-ex.easyrsa
applications:
rabbitmq-server:
charm: cs:rabbitmq-server-95
num_units: 1
to:
- "0"
machines:
"0": {}
Learn more
Further reading, including links to discussions about users putting this into practice: