โถ๏ธ Server on Demand Appliance (Google Compute Engine) - Cloud Build with Terraform and Ansible Showcase
APACHE-2.0 License
Get your own Google Compute Engine virtual machine (VM) with the simple push of a button.
This project is intended to show how quickly and easily virtual machines can be configured and set up using Google Cloud and Infrastructure as Code (IaC) tools. You have the choice between four Linux based operating systems. You trigger a continuous integration / continuous deployment (CI/CD) pipeline by pressing a button. A virtual machine is then provisioned and installed for you in the Google Cloud. In the background, Google Cloud Build uses Terraform and Ansible to build your own VM. You will get your own user login data printed on a receipt and you can log in via SSH after a few minutes.
This project also shows you how well the Google Cloud can scale. Tested with over 150 VMs. 700 VMs is the default limit.
I saw the Shells on Demand Appliance "SODA" from National Upcycled Computing Collective (NUCC) at the DEF CON 30 conference in Las Vegas. Unfortunately not in person but in this YouTube video.
TL;DR: It's a vending machine. You pay, press a button and get your own virtual machine (VM).
Image Source: @strangepartscom, @Zhoratrope
I was quite impressed and excited by the idea. I wanted something like this too. Unfortunately, I don't have enough space and I don't even have a real vending machine either.
Thanks to Google and the Internet, the hardware does not have to be physically located in a vending machine. The hardware can be located in one of the many Google Cloud data centers. This saves a lot of space and you only need the buttons and a thermal receipt printer to have a similar setup to the SODA vending machine. That's exactly what I did with this project.
The following technologies are used:
All components put together correctly result in the Server on Demand Appliance Google Cloud version.
https://user-images.githubusercontent.com/176242/205736692-b19bca68-a94c-4e95-8c32-79a9f7dfc7a9.mp4
In order to create a VM, many steps are carried out. Everything goes very fast. While the user is already holding his paper with login information, further steps are executed in the cloud.
Raspberry Pi:
Google Cloud Platform:
The following configuration is used by default:
e2-micro
europe-west1
(Belgium)Costs:
Estimated cost per e2-micro
VM, without guarantee:
$ 1h | $ 3h | |
---|---|---|
CPU and memory | 0.0092 |
0.03 |
Disk (25GB)ยน | 0.0034 |
0.01 |
Static public IP | 0.0034 |
0.01 |
Total | 0.0160 |
0.05 |
ยน Balanced persistent disk: 0.1 USD per 1 GB and month, 25 GB per month = 2.50 USD, one month = 730 hours, 2.50 USD / 730h = 0.0034 USD, 0.0034 USD * 3h = 0.010 USD for 25 GB for 3h
There are other small costs for:
Source: Google Cloud Pricing Calculator
Clone this repository:
git clone https://github.com/Cyclenerd/google-cloud-shells-on-demand.git
cd google-cloud-shells-on-demand
Please follow the instructions in the folder gcp.
cd gcp
Please follow the instructions in the folder pi.
cd pi
In addition to creating the infrastructure, there are a few other functions.
After a defined time (default 3 hours), your VM and its entire infrastructure will be deleted.
This is triggered by a Cloud Scheduler set up during the creation of the VM. A Cloud Build job then takes care of the destruction of the VM and its infrastructure. This works because an extra separate Terraform state is saved for each VM.
You can adjust the expiration time (minutes) in terraform.tfvars
in the gcp
directory.
# Expires in minutes
expires = "180"
After logging in to your VM via SSH, you can become root. Then you can do anything, even shut down the VM:
sudo poweroff
If you do this, a event will be saved in the Google Cloud audit log and a new Cloud Build job will be triggered.
This Cloud Build job then starts your VM again. Feel free to test it ๐.
Get notified via Discord and/or Pushover when a Cloud Build job is failed (ERROR
) or timed out (TIMEOUT
).
Get notified via Discord:
Create an Discord webhook URL for your Discord channel: https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks
The webhook URL should look similar to the following:
https://discord.com/api/webhooks/[WEBHOOK-ID]/[WEBHOOK-TOKEN]
Add the Discord webhook URL to terraform.tfvars
in gcp
directory:
discord-webhook-url = "https://discord.com/api/webhooks/[WEBHOOK-ID]/[WEBHOOK-TOKEN]"
Deploy Cloud Function
terraform apply
You can test the notification with the manual Cloud Build trigger simulate-error
.
Get notified via Pushover:
Register your application, set its name and upload an icon, and get an API token in return: https://pushover.net/apps/build
Example icon:
MazeNL77, CC BY 3.0, via Wikimedia Commons
Add your Pushover user/group key (not e-mail address) and the application's API token/key to terraform.tfvars
in gcp
directory:
pushover-user-key = "[PUSHOVER-USER-KEY]"
pushover-api-token = "[PUSHOVER-API-TOKEN]"
Deploy Cloud Function
terraform apply
You can test the notification with the manual Cloud Build trigger simulate-error
.
The CPU of the Raspberry Pi can get hot in the wooden box. For safety and documentation, the CPU temperature is logged and can be monitored.
Two custom monitoring dashboards are set up:
You can use the Artifact Registry as a location for the Docker container image. The image then does not have to be downloaded from Docker Hub during the Cloud Build jobs.
Copy the image by running the manual trigger copy-image
.
Replace cyclenerd/cloud-tools-container:latest
with [LOCATION]-docker.pkg.dev/[PROJECT_ID]/cointainer/cloud-tools-container:latest
in the Cloud Build YAML files (i.e. create.yml
) in folder the cloudbuild.
Push changes to Cloud Source repository:
git push cloudsource
Have a patch that will benefit this project? Awesome! Follow these steps to have it accepted.
All files in this repository are under the Apache License, Version 2.0 unless noted otherwise.
Please note: