Get your own Google Compute Engine virtual machine (VM) with the simple push of a button.
This project is intended to show how quickly and easily virtual machines can be configured and set up using Google Cloud and Infrastructure as Code (IaC) tools. You have the choice between four Linux based operating systems. You trigger a continuous integration / continuous deployment (CI/CD) pipeline by pressing a button. A virtual machine is then provisioned and installed for you in the Google Cloud. In the background, Google Cloud Build uses Terraform and Ansible to build your own VM. You will get your own user login data printed on a receipt and you can log in via SSH after a few minutes.
This project also shows you how well the Google Cloud can scale. Tested with over 150 VMs. 700 VMs is the default limit.
I saw the Shells on Demand Appliance "SODA" from National Upcycled Computing Collective (NUCC) at the DEF CON 30 conference in Las Vegas. Unfortunately not in person but in this YouTube video.
TL;DR: It's a vending machine. You pay, press a button and get your own virtual machine (VM).
Image Source: @strangepartscom, @Zhoratrope
I was quite impressed and excited by the idea. I wanted something like this too. Unfortunately, I don't have enough space and I don't even have a real vending machine either.
Thanks to Google and the Internet, the hardware does not have to be physically located in a vending machine. The hardware can be located in one of the many Google Cloud data centers. This saves a lot of space and you only need the buttons and a thermal receipt printer to have a similar setup to the SODA vending machine. That's exactly what I did with this project.
The following technologies are used:
Google Cloud Platform
Terraform
Packer
Ansible
- apt
- command
- copy
- dnf
- file
- get_url
- git
- uri
- user
- zypper
Raspberry Pi
All components put together correctly result in the Server on Demand Appliance Google Cloud version.
soda-printing.mp4
In order to create a VM, many steps are carried out. Everything goes very fast. While the user is already holding his paper with login information, further steps are executed in the cloud.
Raspberry Pi:
- User presses one of the four buttons
- 🔵 Blue : Fedora Linux
- 🟡 Yellow : Ubuntu LTS
- 🔴 Red : Debian GNU/Linux
- 🟢 Green : openSUSE
- Message is published to Cloud Pub/Sub topic
- Paper receipt with login information is printed
Google Cloud Platform:
- Pub/Sub triggers Cloud Build
- A Cloud Build job is started
- Cloud Build downloads Docker container image with tools (Google Cloud CLI, Terraform, Ansible)
- Required scripts are loaded from the Cloud Source Repository
- Effective June 17, 2024, Cloud Source Repositories isn't available to new customers!
- If your organization hasn't previously used Cloud Source Repositories, you can't enable the API or use Cloud Source Repositories.
- Pub/Sub message is read and evaluated
- Terraform creates the infrastructure
- Static public IP is registered
- DNS entry is created
- VM with disk and operating system is created
- Custom OS image is used
- Cloud Scheduler to destroy infrastructure is scheduled
- Terraform state is stored in a Google Cloud Storage bucket
- Ansible takes care of configuring the operating system
- Set up user (username and password)
The following configuration is used by default:
- Machine type:
e2-micro
- vCPU: 2 shared Intel (x86/64)
- Memory: 1 GB
- Disk:
- Type: Balanced persistent disk (SSD)
- Size: 25 GB
- External IP address: Premium
- Region:
europe-west1
(Belgium)
Costs:
Estimated cost per e2-micro
VM, without guarantee:
$ 1h | $ 3h | |
---|---|---|
CPU and memory | 0.0092 |
0.03 |
Disk (25GB)¹ | 0.0034 |
0.01 |
Static public IP | 0.0034 |
0.01 |
Total | 0.0160 |
0.05 |
¹ Balanced persistent disk: 0.1 USD per 1 GB and month, 25 GB per month = 2.50 USD, one month = 730 hours, 2.50 USD / 730h = 0.0034 USD, 0.0034 USD * 3h = 0.010 USD for 25 GB for 3h
There are other small costs for:
- Cloud Build build time
- Source Repository users
- Cloud Scheduler jobs
- Cloud DNS managed zone
- Network Internet egress traffic
Source: Google Cloud Pricing Calculator
Clone this repository:
git clone https://github.com/Cyclenerd/google-cloud-shells-on-demand.git
cd google-cloud-shells-on-demand
Please follow the instructions in the folder gcp.
cd gcp
Please follow the instructions in the folder pi.
cd pi
In addition to creating the infrastructure, there are a few other functions.
After a defined time (default 3 hours), your VM and its entire infrastructure will be deleted.
This is triggered by a Cloud Scheduler set up during the creation of the VM. A Cloud Build job then takes care of the destruction of the VM and its infrastructure. This works because an extra separate Terraform state is saved for each VM.
You can adjust the expiration time (minutes) in terraform.tfvars
in the gcp
directory.
# Expires in minutes
expires = "180"
After logging in to your VM via SSH, you can become root. Then you can do anything, even shut down the VM:
sudo poweroff
If you do this, a event will be saved in the Google Cloud audit log and a new Cloud Build job will be triggered.
This Cloud Build job then starts your VM again. Feel free to test it 😊.
Get notified via Discord and/or Pushover when a Cloud Build job is failed (ERROR
) or timed out (TIMEOUT
).
Get notified via Discord:
-
Create an Discord webhook URL for your Discord channel: https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks
The webhook URL should look similar to the following:
https://discord.com/api/webhooks/[WEBHOOK-ID]/[WEBHOOK-TOKEN]
-
Add the Discord webhook URL to
terraform.tfvars
ingcp
directory:discord-webhook-url = "https://discord.com/api/webhooks/[WEBHOOK-ID]/[WEBHOOK-TOKEN]"
-
Deploy Cloud Function
terraform apply
You can test the notification with the manual Cloud Build trigger simulate-error
.
Get notified via Pushover:
-
Register your application, set its name and upload an icon, and get an API token in return: https://pushover.net/apps/build
Example icon:
MazeNL77, CC BY 3.0, via Wikimedia Commons
-
Add your Pushover user/group key (not e-mail address) and the application's API token/key to
terraform.tfvars
ingcp
directory:pushover-user-key = "[PUSHOVER-USER-KEY]" pushover-api-token = "[PUSHOVER-API-TOKEN]"
-
Deploy Cloud Function
terraform apply
You can test the notification with the manual Cloud Build trigger simulate-error
.
The CPU of the Raspberry Pi can get hot in the wooden box. For safety and documentation, the CPU temperature is logged and can be monitored.
Two custom monitoring dashboards are set up:
You can use the Artifact Registry as a location for the Docker container image. The image then does not have to be downloaded from Docker Hub during the Cloud Build jobs.
-
Copy the image by running the manual trigger
copy-image
. -
Replace
cyclenerd/cloud-tools-container:latest
with[LOCATION]-docker.pkg.dev/[PROJECT_ID]/cointainer/cloud-tools-container:latest
in the Cloud Build YAML files (i.e.create.yml
) in folder the cloudbuild. -
Push changes to Cloud Source repository:
git push cloudsource
Have a patch that will benefit this project? Awesome! Follow these steps to have it accepted.
- Please read how to contribute.
- Fork this Git repository and make your changes.
- Create a Pull Request.
- Incorporate review feedback to your changes.
- Accepted!
All files in this repository are under the Apache License, Version 2.0 unless noted otherwise.
Please note:
- No warranty
- No official Google product