juju gui #54

Supports: trusty


Web GUI for Juju

Juju GUI Charm

This charm makes it easy to deploy a Juju GUI into an existing environment.

Supported Browsers

The Juju GUI supports recent releases of the Chrome, Chromium, Firefox, Safari and Internet Explorer web browsers.

Demo and Staging Servers

The Juju GUI runs a Demo environment on demo.jujucharms.com. From there, you can browse charms, try the GUI, and build an example environment to export for use elsewhere.

A staging server is also available, running the latest and greatest version.

Deploying the Juju GUI using Juju Quickstart

Juju Quickstart is an opinionated command-line tool that quickly starts Juju and the GUI, whether you've never installed Juju or you have an existing Juju environment running.

For installation on precise and utopic, you'll need to enable the Juju PPA by first executing:

sudo add-apt-repository ppa:juju/stable
sudo apt-get update
sudo apt-get install juju-quickstart

For trusty the PPA is not required and you simply need to install it with:

sudo apt-get install juju-quickstart

At this point, just running juju-quickstart will deploy the Juju GUI. When possible, Quickstart conserves resources by installing the GUI on the bootstrap node. This colocation is not possible when using a local (LXC) environment.

Quickstart ends by opening the browser and automatically logging the user into the GUI, to observe and manage the environment visually. By default, the deployment uses self-signed certificates. The browser will ask you to accept a security exception once.

Deploying the Juju GUI the traditional way

Deploying the Juju GUI can be accomplished using Juju itself.

You need a configured and bootstrapped Juju environment: see the Juju docs about getting started, and then run the usual bootstrap command.

juju bootstrap

Next, you simply need to deploy the charm and expose it.

juju deploy juju-gui
juju expose juju-gui

The instructions above cause you to use a separate machine to work with the GUI. If you'd like to reduce your machine footprint (and perhaps your costs), you can colocate the GUI with the Juju bootstrap node, e.g.:

juju deploy juju-gui --to 0

Finally, you need to identify the GUI's URL. It can take a few minutes for the GUI to be built and to start; this command will let you see when it is ready to go by giving you regular status updates:

watch juju status

Eventually, at the end of the status you will see something that looks like this:

    charm: cs:trusty/juju-gui-42
    exposed: true
    relations: {}
        agent-state: started
        machine: 1
        - 80/tcp
        - 443/tcp
        public-address: ec2-www-xxx-yyy-zzz.compute-1.amazonaws.com

That means you can go to the public-address in my browser via HTTPS (https://ec2-www-xxx-yyy-zzz.compute-1.amazonaws.com/ in this example), and start configuring the rest of Juju with the GUI. You should see a similar web address. Accessing the GUI via HTTP will redirect to using HTTPS.

By default, the deployment uses self-signed certificates. The browser will ask you to accept a security exception once.

You will see a login form with the username field prefilled to "admin". The password is the same as your Juju environment's admin-secret. The login screen includes hints about where to find the environment's password.

Deploying behind a firewall

When using the default options the charm uses the network connection only for installing Deb packages from the default Ubuntu repositories. For this reason the charm can be deployed behind a firewall in the usual way.

The Juju GUI server

While the Juju GUI itself is a client-side JavaScript application, the charm installation also involves configuring and starting a GUI server, which is required to serve the application files and to enable some advanced features, so that using the GUI results in a seamless and powerful experience. This server is called GUI server or builtin server.

The builtin server is already included in the charm. For this reason, it does not require any external dependencies. The builtin server provides the following functionalities:

  1. It serves the Juju GUI static files, including support for ETags and basic server side URL routing.
  2. It supports running the GUI over TLS (HTTPS) or in insecure mode (HTTP).
  3. It redirects secure WebSocket connections established by the browser to the real Juju API endpoint. This way the GUI can connect the WebSocket to the host and port where it is currently running, so that the already accepted self signed certificate is reused and the connection succeeds.
  4. It supports running the Juju GUI browser tests if the charm is configured accordingly.
  5. It exposes an API for bundles deployment. This way bundles can be deployed very easily using the GUI, by selecting a bundle from the GUI browser or just dragging and dropping a bundle YAML file to the GUI canvas.
  6. It allows for logging in into the GUI via a timed token. This is used, for instance, by Juju Quickstart to allow automatic user's authentication.
  7. It supports deploying local charms by proxying browser HTTPS connections to the Juju HTTPS API backend. This also includes retrieving and listing local charms' files.
  8. By default, it listens on port 443 for HTTPS secure connections, and redirects port 80 requests to port 443. The port where the server is listening can be changed using the charm configuration "port" option.

Contacting the Developers

If you run into problems with the charm, please feel free to contact us on the Juju mailing list, or on Freenode's IRC network on #juju. We're not always around (working hours in Europe and North America are your best bets), but if you send us a mail or ping "jujugui" we will eventually get back to you.

If you want to help develop the charm, please see the charm's HACKING.md.


(string) Set the GUI server log level. Possible values are debug, info, warning and error. The log file is placed in /var/log/upstart/guiserver.log.
(boolean) Configure the GUI to use locally cached fonts, rather than the Google CDN as supplied by the Google fonts API. The CDN is faster in almost every circumstance except local (LXC) environments, and so it is the default; but if a browser is running the GUI on a closed network, using cached fonts will let the GUI load much faster and render properly.
(string) The URL of the charm store API service. This option supersedes the charmworld-url option above.
(string) The version of the charmstore API to use.
(string) The URL of the charm catalog site ("charmworld") from which charm catalog data will be drawn.
(string) The log file where stdout and stderr should be sent for all commands that are run by charm hooks.
(boolean) Enables the GUI in Storefront mode
(boolean) Enables Google tag manager tracking.
(boolean) Enables gzip compressed responses from the gui.
(boolean) There are deployment modes for Juju GUI which are not intended as regular use mode. In these cases, login/logout are disabled and instead there is a link to jujucharms.com.
(boolean) Enables interactive login to an identity-manager, if applicable.
(string) Publicly accessible URL of a Juju Environment Manager.
(string) The version of the Juju Environment Manager API to use.
(string) The version of Juju tools used for the charm deployment. If left empty, the Juju version is dynamically retrieved.
(boolean) Whether or not the console should be enabled for the browser.
(boolean) Run Juju GUI in debug mode, serving the uncompressed GUI source files.
(string) The help text shown to the user on the login screen. If not provided, a default message is used, suggesting how to find the login credentials.
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you are running multiple environments with the same services in them this allows you to differentiate between them.
(string) If given, the password to use for the environment to immediately connect. Do not set unless you understand and accept the risks.
(int) Supply a different port to host the GUI on besides the default 80 and 443. If the provided port is not a valid TCP port (ranging from 1 to 65535) the defaults are used.
(boolean) Whether or not the GUI is in read-only mode. Note that read-only mode is advisory, and enforced only in the client. If someone can access the websocket and has the password, they can send commands over the websocket to mutate the environment.
(string) The charm depends on several software packages that are not packaged in Ubuntu. In order to ensure that only versions known to work with our charm are used, there is a single PPA where all packages are kept. The juju-gui-charmers team supports 'stable' and 'devel' versions. Only stable should be used for production. For enterprise deployments that do not allow access to resources outside of their control, the location can be any specification as long as it is recognizable by 'add-apt-repository'.
(boolean) Run using an in-memory sandbox rather than a real Juju backend. Sandbox is a client side construct running entirely in the client. Sandbox does not currently support imported environment simulation.
(boolean) Set to false to serve the GUI over an insecure HTTP connection. Do not set unless you understand and accept the risks.
(boolean) Whether or not the GUI unit tests are exposed. If this option is enabled, unit tests can be run in the browser by visiting the URL "https://[Juju GUI address]/test/".
(string) The contents of the certificate file to be used in SSL connections to the GUI. Both ssl-cert-contents and ssl-key-contents must be provided. If not, cetificates will be automatically generated.
(string) The path to the directory where the SSL certificates are stored.
(string) The contents of the private key file to be used in SSL connections to the GUI. Both ssl-cert-contents and ssl-key-contents must be provided. If not, cetificates will be automatically generated.
(boolean) Force the client to use secure ("wss") or unsecure ("ws") WebSockets. If left unset, secure WebSockets are used based on the secure option: if secure is True the "wss" protocol is used, othewise the "ws" one is used.