Skip to content

▶️ Server on Demand Appliance (Google Compute Engine) - Cloud Build with Terraform and Ansible Showcase

License

Notifications You must be signed in to change notification settings

Cyclenerd/google-cloud-server-on-demand

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Server on Demand Appliance (Google Compute Engine)

Get your own Google Compute Engine virtual machine (VM) with the simple push of a button.

Image: Server on Demand Appliance at DIGITAL X 2023

This project is intended to show how quickly and easily virtual machines can be configured and set up using Google Cloud and Infrastructure as Code (IaC) tools. You have the choice between four Linux based operating systems. You trigger a continuous integration / continuous deployment (CI/CD) pipeline by pressing a button. A virtual machine is then provisioned and installed for you in the Google Cloud. In the background, Google Cloud Build uses Terraform and Ansible to build your own VM. You will get your own user login data printed on a receipt and you can log in via SSH after a few minutes.

Image: Terraform and Ansible

This project also shows you how well the Google Cloud can scale. Tested with over 150 VMs. 700 VMs is the default limit.

🤔 Why

I saw the Shells on Demand Appliance "SODA" from National Upcycled Computing Collective (NUCC) at the DEF CON 30 conference in Las Vegas. Unfortunately not in person but in this YouTube video.

TL;DR: It's a vending machine. You pay, press a button and get your own virtual machine (VM).

Image: Shells on Demand Appliance at DEF CON 30

Image Source: @strangepartscom, @Zhoratrope

I was quite impressed and excited by the idea. I wanted something like this too. Unfortunately, I don't have enough space and I don't even have a real vending machine either.

Thanks to Google and the Internet, the hardware does not have to be physically located in a vending machine. The hardware can be located in one of the many Google Cloud data centers. This saves a lot of space and you only need the buttons and a thermal receipt printer to have a similar setup to the SODA vending machine. That's exactly what I did with this project.

🚀 Technology

Badge: Google Cloud Badge: Terraform Badge: Packer Badge: Ansible Badge: Raspberry Pi

The following technologies are used:

Google Cloud Platform
Terraform
Packer
Ansible
  • apt
  • command
  • copy
  • dnf
  • file
  • get_url
  • git
  • uri
  • user
  • zypper
Raspberry Pi

All components put together correctly result in the Server on Demand Appliance Google Cloud version.

🪄 Process of creating a VM

Badge: Fedora Badge: Ubuntu Badge: Debian Badge: openSUSE

soda-printing.mp4

📺 YouTube Video

In order to create a VM, many steps are carried out. Everything goes very fast. While the user is already holding his paper with login information, further steps are executed in the cloud.

Drawing: SODA Google Compute Engine version

Raspberry Pi:

  1. User presses one of the four buttons
    • 🔵 Blue : Fedora Linux
    • 🟡 Yellow : Ubuntu LTS
    • 🔴 Red : Debian GNU/Linux
    • 🟢 Green : openSUSE
  2. Message is published to Cloud Pub/Sub topic
  3. Paper receipt with login information is printed

Google Cloud Platform:

  1. Pub/Sub triggers Cloud Build
  2. A Cloud Build job is started
    1. Cloud Build downloads Docker container image with tools (Google Cloud CLI, Terraform, Ansible)
    2. Required scripts are loaded from the Cloud Source Repository
      • Effective June 17, 2024, Cloud Source Repositories isn't available to new customers!
      • If your organization hasn't previously used Cloud Source Repositories, you can't enable the API or use Cloud Source Repositories.
    3. Pub/Sub message is read and evaluated
  3. Terraform creates the infrastructure
    • Static public IP is registered
    • DNS entry is created
    • VM with disk and operating system is created
    • Custom OS image is used
    • Cloud Scheduler to destroy infrastructure is scheduled
    • Terraform state is stored in a Google Cloud Storage bucket
  4. Ansible takes care of configuring the operating system
    • Set up user (username and password)

Machine configuration

The following configuration is used by default:

Costs:

Estimated cost per e2-micro VM, without guarantee:

$ 1h $ 3h
CPU and memory 0.0092 0.03
Disk (25GB)¹ 0.0034 0.01
Static public IP 0.0034 0.01
Total 0.0160 0.05

¹ Balanced persistent disk: 0.1 USD per 1 GB and month, 25 GB per month = 2.50 USD, one month = 730 hours, 2.50 USD / 730h = 0.0034 USD, 0.0034 USD * 3h = 0.010 USD for 25 GB for 3h

There are other small costs for:

  • Cloud Build build time
  • Source Repository users
  • Cloud Scheduler jobs
  • Cloud DNS managed zone
  • Network Internet egress traffic

Source: Google Cloud Pricing Calculator

🚀 Setup

1. Clone

Clone this repository:

git clone https://github.com/Cyclenerd/google-cloud-shells-on-demand.git
cd google-cloud-shells-on-demand

2. Google Cloud Platform

Please follow the instructions in the folder gcp.

cd gcp

3. Raspberry Pi

Please follow the instructions in the folder pi.

cd pi

🔦 Further functions

In addition to creating the infrastructure, there are a few other functions.

Automatic expiration

After a defined time (default 3 hours), your VM and its entire infrastructure will be deleted.

Image: Cloud Scheduler

This is triggered by a Cloud Scheduler set up during the creation of the VM. A Cloud Build job then takes care of the destruction of the VM and its infrastructure. This works because an extra separate Terraform state is saved for each VM.

You can adjust the expiration time (minutes) in terraform.tfvars in the gcp directory.

# Expires in minutes
expires = "180"

Back on

After logging in to your VM via SSH, you can become root. Then you can do anything, even shut down the VM:

sudo poweroff

Image: Cloud Build

If you do this, a event will be saved in the Google Cloud audit log and a new Cloud Build job will be triggered.

This Cloud Build job then starts your VM again. Feel free to test it 😊.

Cloud Build notifications

Get notified via Discord and/or Pushover when a Cloud Build job is failed (ERROR) or timed out (TIMEOUT).

Discord

Get notified via Discord:

Image: Discord

  1. Create an Discord webhook URL for your Discord channel: https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks

    The webhook URL should look similar to the following:

    https://discord.com/api/webhooks/[WEBHOOK-ID]/[WEBHOOK-TOKEN]
    
  2. Add the Discord webhook URL to terraform.tfvars in gcp directory:

    discord-webhook-url = "https://discord.com/api/webhooks/[WEBHOOK-ID]/[WEBHOOK-TOKEN]"
    
  3. Deploy Cloud Function

    terraform apply

You can test the notification with the manual Cloud Build trigger simulate-error.

Pushover

Get notified via Pushover:

Image: Pushover

  1. Register your application, set its name and upload an icon, and get an API token in return: https://pushover.net/apps/build

    Example icon:

    Image: Pushover icon

    MazeNL77, CC BY 3.0, via Wikimedia Commons

  2. Add your Pushover user/group key (not e-mail address) and the application's API token/key to terraform.tfvars in gcp directory:

    pushover-user-key = "[PUSHOVER-USER-KEY]"
    pushover-api-token = "[PUSHOVER-API-TOKEN]"
    
  3. Deploy Cloud Function

    terraform apply

You can test the notification with the manual Cloud Build trigger simulate-error.

Raspberry Pi CPU temp. monitoring

The CPU of the Raspberry Pi can get hot in the wooden box. For safety and documentation, the CPU temperature is logged and can be monitored.

Image: CPU temp. monitoring

Monitoring dashboards

Two custom monitoring dashboards are set up:

Raspberry Pi

Image: Raspberry Pi monitoring dashbaord

VMs

Image: VMs monitoring dashbaord

Artifact Registry repository

You can use the Artifact Registry as a location for the Docker container image. The image then does not have to be downloaded from Docker Hub during the Cloud Build jobs.

Image: Copy container

  1. Copy the image by running the manual trigger copy-image.

  2. Replace cyclenerd/cloud-tools-container:latest with [LOCATION]-docker.pkg.dev/[PROJECT_ID]/cointainer/cloud-tools-container:latest in the Cloud Build YAML files (i.e. create.yml) in folder the cloudbuild.

  3. Push changes to Cloud Source repository:

    git push cloudsource

❤️ Contributing

Have a patch that will benefit this project? Awesome! Follow these steps to have it accepted.

  1. Please read how to contribute.
  2. Fork this Git repository and make your changes.
  3. Create a Pull Request.
  4. Incorporate review feedback to your changes.
  5. Accepted!

📜 License

All files in this repository are under the Apache License, Version 2.0 unless noted otherwise.

Please note:

  • No warranty
  • No official Google product