1EUCA2OOLS.INI LOCAL EUCA2OOLS.INI
2
4 euca2ools.ini — configuration for euca2ools
5
7 euca2ools.ini files are used to configure the euca2ools suite of command
8 line tools. They store the locations of the services for the commands to
9 contact, the security credentials to use to authenticate to them, and
10 other configuration options as well.
11
13 euca2ools.ini is broken into a number of sections. Sections are denoted
14 by section headers, which consist of section names surrounded by square
15 braces. Within each section, an option is set by listing its name, an
16 “=” sign, and its value. For example, the following enables debugging
17 for all commands by setting the “debug” option in the “global” section to
18 “true”:
19
20 [global]
21 debug = true
22
23 Most sections have user-defined names. Such a section's name is defined
24 by a second word in its header. Named sections provide a means of choos‐
25 ing different configuration using the command line. For example, the
26 following defines two regions with different URLs for their EC2 services
27 that one can select using the --region command line option:
28
29 [region us-east-1]
30 ec2-url = https://ec2.us-east-1.amazonaws.com/
31
32 [region eu-west-1]
33 ec2-url = https://ec2.eu-west-1.amazonaws.com/
34
35 Named sections can contain “*” wildcards, which makes them act as fall‐
36 backs when options are not available in sections with more specific names
37 that contain fewer wildcards. Sections with more specific names take
38 precedence over those with less specific names. “*” sections function as
39 defaults when the value for an option cannot be found anywhere else.
40
41 Named sections can also be organized into groups by choosing names for
42 groups and prepending section names with them, separated by “:” charac‐
43 ters. When combined with wildcards, this allows one to specify defaults
44 for several sections at once and then override them as needed as in the
45 following example:
46
47 [region aws:*]
48 certificate = /usr/share/euca2ools/certs/cert-ec2.pem
49 verify-ssl = true
50
51 [region aws:us-gov-west-1]
52 certificate = /usr/share/euca2ools/certs/cert-ec2-gov.pem
53
54 Finally, options in named sections may refer to other sections by using
55 the use keyword followed by the section name to refer to. This differs
56 from simply duplicating the option from the other section in that com‐
57 mands that are sensitive to the name of the section the option came from,
58 such as those that use AWS signature version 4, will be able to determine
59 which section an option originates from.
60
62 The --region option provided by most euca2ools commands allows one to
63 control the user section and the region section those commands use to
64 find configuration data by supplying it with a user name, a region name,
65 or both in one of the following formats:
66
67 · --region REGION
68 · --region USER@
69 · --region USER@REGION
70
71 The EUCA_DEFAULT_REGION and AWS_DEFAULT_REGION environment variables work
72 the same way, but with lower priority.
73
75 Global section
76 The global section contains settings that affect all commands.
77
78 debug When set to true, enable debugging for all commands. When set to
79 color, enable debugging for all commands and additionally col‐
80 orize debug output based on severity level.
81
82 default-region
83 The name of the region to use when no region is otherwise speci‐
84 fied.
85
86 max-retries
87 The maximum number of times commands should retry their requests
88 to the server before giving up. The default is 2.
89
90 timeout
91 The amount of time, in seconds, to wait for the server to respond
92 to requests before giving up. The default is 30.
93
94 User section
95 A user section contains information that is specific to an identity in
96 the cloud, usually an IAM user.
97
98 account-id
99 The account's 12-digit ID number.
100
101 key-id The user's access key ID to use for authentication. Access key
102 IDs come paired with secret keys; the ID specified with this
103 option must correspond to the secret key specified with the
104 secret-key option.
105
106 secret-key
107 The user's secret key to use for authentication. Secret keys
108 come paired with access key IDs; the secret key specified with
109 this option must correspond to the access key ID specified with
110 the key-id option.
111
112 certificate
113 The file name containing the user's signing certificate. This is
114 used only by commands that bundle images:
115 euca-bundle-and-upload-image(1), euca-bundle-image(1),
116 euca-bundle-vol(1), euca-install-image(1), and
117 euimage-install-pack(1).
118
119 private-key
120 The file name containing the private key for the user's signing
121 certificate. This is used only by commands that bundle and
122 unbundle images: euca-bundle-and-upload-image(1),
123 euca-bundle-image(1), euca-bundle-vol(1),
124 euca-download-and-unbundle(1), euca-install-image(1),
125 euca-unbundle(1), and euimage-install-pack(1).
126
127 Region section
128 A region section contains information that is specific to a cloud region,
129 such as a Eucalyptus installation or an Amazon Web Services region.
130
131 SERVICE-url
132 The URL to use to contact the service with the name SERVICE. For
133 a list of valid service names, see euca2ools(7).
134
135 user The user section to use for this region when no other user is
136 otherwise specified.
137
138 certificate
139 The file name containing the cloud's image-bundling certificate.
140 This is used only by commands that bundle images:
141 euca-bundle-and-upload-image(1), euca-bundle-image(1),
142 euca-bundle-vol(1), euca-install-image(1), and
143 euimage-install-pack(1).
144
145 s3-force-sigv4
146 Force commands that access the s3 service to use AWS signature
147 version 4. The default is false.
148
149 s3-location-constraint
150 The location constraint needed to create buckets in the region's
151 object storage service.
152
153 verify-ssl
154 Whether or not to verify the server's SSL certificates. The
155 default is false.
156
157 vpn-stylesheet
158 The location of the XSLT stylesheet for
159 euca-create-vpn-connection(1) or euca-describe-vpn-connections(1)
160 to use to reformat VPN connection information. If the location
161 is an HTTP or HTTPS URL it will be downloaded as needed. If it
162 contains “{format}” that will be replaced with the desired for‐
163 mat.
164
166 Commands that create access keys can format their output in the form of a
167 euca2ools.ini file, simplifying the process of distributing access keys
168 and URL information to users. This can replace the “eucarc” files gener‐
169 ated by eucalyptus's ‘euca_conf --get-credentials’ command.
170
172 euca2ools.ini configuration data are read from files in alphabetical
173 order in the following locations:
174
175 1. /etc/euca2ools/euca2ools.ini
176 2. /etc/euca2ools/conf.d/*.ini
177 3. ~/.euca/*.ini
178
179 In cases where the same option is defined in more than one file, the file
180 that appears last in this list will take precedence.
181
183 euca2ools(7)
184
186 euca2ools.ini first appeared in euca2ools 3.0.
187
188euca2ools 3.4 June 20, 2019 euca2ools 3.4