1. Home
  2. Docs
  3. ClusterControl
  4. User Guide (GUI v2)
  5. Settings


Provides an interface to manage cloud credentials, user settings, and licenses inside ClusterControl.

Cloud Storage Credentials

Manages resources and credentials for supported cloud providers. Note that this new feature requires two modules called clustercontrol-cloud and clustercontrol-clud. The former is a helper daemon that extends CMON’s capability of cloud communication, while the latter is a file manager client to upload and download files on cloud instances. Both packages are dependencies of the clustercontrol UI package, which will be installed automatically if does not exist.

The credentials that have been set up here can be used to:

  • Manage cloud resources (instances, virtual network, subnet) – ClusterControl GUI v1
  • Deploy databases in the cloud – ClusterControl GUI v1
  • Upload backup to cloud storage – ClusterControl GUI v1 and v2.

To create a cloud profile, click on Add cloud storage credentials and follow the wizard accordingly. Supported cloud providers are:

  • Amazon Web Service
  • Google Cloud Platform
  • Microsoft Azure
  • S3 Compatible Storage Provider

Amazon Web Services

The stored AWS credential will be used by ClusterControl to list out Amazon EC2 instances, spin new instances when deploying a cluster, and upload/download backups to AWS S3.

To create an access key for your AWS account root user:

  1. Use your AWS account email address and password to sign in to the AWS Management Console as the AWS account root user.
  2. On the IAM Dashboard page, choose your account name in the navigation bar, and then choose My Security Credentials.
  3. If you see a warning about accessing the security credentials for your AWS account, choose to Continue to Security Credentials.
  4. Expand the Access keys (access key ID and secret access key) section.
  5. Choose Create New Access Key. Then choose Download Key File to save the access key ID and secret access key to a file on your computer. After you close the dialog box, you can’t retrieve this secret access key again.
Field Description
Name Credential name.
AWS Key ID Your AWS Access Key ID as described on this page. You can get this from the AWS IAM Management console.
AWS Key Secret Your AWS Secret Access Key as described on this page. You can get this from the AWS IAM Management console.
Default Region Choose the default AWS region for this credential.
Comment (Optional) Description of the credential.

Google Cloud

To create a service account:

  1. Open the Service Accounts page in the Cloud Platform Console.
  2. Select your project and click Continue.
  3. In the left navigation, click Service accounts.
  4. Look for the service account for which you wish to create a key, click on the vertical ellipses button in that row, and click Create key.
  5. Select JSON as the Key type and click Create
Field Description
Name Credential name.
Read from JSON The service account definition in JSON format.
Comment (Optional) Description of the credential.

Microsoft Azure

In order to provide access to Azure services, you need to register an application and grant it access to your Azure resources.

  1. Create an application:
    1. log in to Microsoft Azure portal → Azure Active Directory → App registrations → New application registration.
    2. Provide a name and URL for the application. Select “Web app / API” for the type of application you want to create.
    3. After specifying the values, click Create.
  2. Get application ID and authentication key:
    1. From App registrations in Azure Active Directory, select your application.
    2. Copy the Application ID. You should pass that value as application_id.
    3. To generate an authentication key, select Manage → Certificates & secrets → New client secret.
    4. Provide a description of the key and a duration for the key. When done, select Save.
    5. After saving the key, the value of the key is displayed. Copy this value because you are not able to retrieve the key later. Pass this value as client_secret.
  3. Get tenant ID:
    1. Go to Microsoft Azure portal → Azure Active Directory → Properties for your Azure AD tenant.
    2. Copy the Directory ID. Pass this value as tenant_id.
  4. Get subscription ID:
    1. Go to Microsoft Azure portal → Subscriptions.
    2. Select your subscription from the list.
    3. Copy the Subscription ID. Pass this value as subscription_id.
  5. Create a resource group:
    1. Go to Microsoft Azure portal → Resource groups → Add.
    2. Fill in the values and click Create.
    3. Copy the Resource group name and use it as resource_group in the credentials.
    4. Wait until the Resource group is created and click Go to Resource group → Access control (IAM) → Add → Add Role Assignment.
    5. Select Contributor as a Role then put your application’s name into the search input and select it from the list.
    6. Click Save.
  6. Create a storage account (for Upload Backup to Cloud feature):
    1. Go to Microsoft Azure portal → Storage accounts → Add.
    2. Fill in the Name and select Blob storage as Account kind.
    3. Copy the Name value and use it as storage_account in credentials.
    4. Select Enabled for Secure transfer required, select Subscription and Resource group (use the same Resource group as in the previous steps).
    5. Select the storage Location and then click Create.

Finally, create a new text file on your workstation and copy all the required information retrieved from the previous steps in a JSON format. For example:


Then, when configuring the Azure credentials, load the above text file under Read from JSON field. Take note that storage_account value is optional.

The uploaded backup will be available under BLOB CONTAINERS storage. You can verify its existence in the cloud by going to Microsoft Azure portal → Storage Accounts → {your storage account} → Storage Explorer → BLOB CONTAINERS.

Field Description
Name Credential name.
Read from JSON The service account definition in JSON format.
Comment (Optional) Description of the credential.

S3-Compatible Storage Provider

ClusterControl 1.9.0 introduces support for any cloud storage provider that supports AWS’s S3-compatible object storage API.

Field Description
Name Credential name.
Endpoint The S3-compatible endpoint in {host}:{port} format. For OpenStack Swift, see this.
Region The region name. This field is optional.
Access Key The access key given by the cloud provider identity access management console.
Secret Key The secret for the defined Access Key.
Use SSL Whether to use plain HTTP or HTTPS.
Comment Description of the credential. This field is optional.


Manages current user profile settings. Click on the Settings button to configure the email address, first name, last name, and time zone for the current user. All timestamp values displayed by ClusterControl will be converted to the current user’s time zone accordingly. Click on the Change Password button to change the user password.



ClusterControl introduces a new license format on v1.7.1 (the new license key format contains only a long-encrypted string). If you are having the older format, contact the account manager, or email our sales department at [email protected] to get a new license.

For users with a valid subscription (Advanced and Enterprise), enter your license key by clicking on the Enter a license key button to unlock additional features based on the subscription. The license string contains information about the license type, company/affiliation, email, expiration date, and the total number of licensed nodes.

The following example is license information that one would get from us:

Email: [email protected]
Company: Severalnines AB
Expiration Date: 2019-04-23
Licensed Nodes: 1
License Key: ewogICAgImNvbXBhbnkiOiAiU2V2ZXJhbG5pbmPkIEFCIiwKICAgICJlbWFpbF9hZGRyZXNzIjog

Only paste the license key string (starting after the License Key:  part) into the license text field. Once applied, restart the CMON service to load the new license information:

$ systemctl restart cmon # systemd
$ service cmon restart # SysVinit

When the license expires, ClusterControl defaults back to the Community Edition. For features comparison, please refer to the ClusterControl product page.

If you would like to force the existing enterprise edition to the community edition (commonly to test out and compare different editions during trial), you can truncate the license table on the ClusterControl host manually. On the ClusterControl server, run:

$ mysql -uroot -p cmon -e "TRUNCATE TABLE cmon.license"
$ systemctl restart cmon

Once a trial license is truncated and cmon is restarted, there is no way to re-activate the same trial license anymore.

Was this article helpful to you? Yes No