MyGit

livelace/terraform-multicloud-proxy

Fork: 0 Star: 1 (更新于 2024-11-28 20:34:15)

license: 暂无

Language: Jinja .

This project is a set of tools that allow to deploy virtual machines with various proxy applications (Dante, Tinyproxy, Tor) in such clouds as Amazon, Google, Yandex.

GitHub网址

Description:

This project is a set of tools that allow to deploy virtual machines with various proxy applications (Dante, Tinyproxy, Tor) in such clouds as Amazon, Google, Yandex. It can be handy when you have to check your apps from different parts of the world. This set shouldn't be considered as a "production tool", but rather as a "development tool". This set can be easily adapted for any task, when you need something up and running in clouds.

In-use:

alpine linux, ansible, apache, awscli, dante, dnsmasq, packer, postgres, powerdns, poweradmin, supervisord, terraform, tinyproxy, tor, qemu-kvm, ubuntu.

The project consists of two docker images:

  1. livelace/terraform-multicloud-proxy-bootstrap - primary tool for creation, deployment and destroying clouds infrastructures.
  2. livelace/terraform-multicloud-proxy-dns - optional tool for registering deployed virtual machines in DNS.

Typical workflow:

  1. Create configuration.
  2. Build virtual machines images.
  3. Deploy cloud infrastructure.
  4. Destroy cloud infrastructure.

Requirements:

  1. Linux host with Docker (you can use already built images or you could build them yourself).
  2. CPU with AMD-v/VT-x (virtualization is needed for image building, it's too slow to do that without).
  3. Cloud credentials with appropriate permissions.

Usage:

Get help information:

docker run -ti --rm -e UID=$UID \
    -v $(pwd)/conf:/conf \
    -v $(pwd)/data:/data \
    ghcr.io/livelace/terraform-multicloud-proxy-bootstrap help

Some commands can be run with a specific cloud as an argument.

Initialize sample configuration:

docker run -ti --rm -e UID=$UID \
    -v $(pwd)/conf:/conf \
    -v $(pwd)/data:/data \
    ghcr.io/livelace/terraform-multicloud-proxy-bootstrap init

This will generate and place into "/conf" directory:

  1. Sample configuration (inventory-sample.ini with comments).
  2. SSH keys (random generated).
  3. Password for root (random generated).

Generate configurations:

docker run -ti --rm -e UID=$UID \
    -v $(pwd)/conf:/conf \
    -v $(pwd)/data:/data \
    ghcr.io/livelace/terraform-multicloud-proxy-bootstrap genconf

This will produce different configurations for above mentioned apps and place all those stuff into "/data" directory.
Repeat this command if you change something in the configuration file.

Build virtual machines images:

docker run -ti --rm -e UID=$UID \
    --privileged \
    -v /dev/kvm:/dev/kvm \
    -v $(pwd)/conf:/conf \
    -v $(pwd)/data:/data \
    ghcr.io/livelace/terraform-multicloud-proxy-bootstrap build

This will produce virtual machines images with individual settings for every cloud provider and place those images into "/data/packer/images".
Don't forget to rebuild images if you change some settings in the configuration file (SSH keys, port numbers, white lists etc.).

Deploy clouds infrastructures:

docker run -ti --rm -e UID=$UID \
    -v $(pwd)/conf:/conf \
    -v $(pwd)/data:/data \
    ghcr.io/livelace/terraform-multicloud-proxy-bootstrap deploy

This will take some time for deploying virtual machines inside clouds (Amazon is the slowest one, because of its image importing mechanism). If something goes wrong - just "destroy" infrastructure, fix the problems and try again.

Destroy clouds infrastructures:

docker run -ti --rm -e UID=$UID \
    -v $(pwd)/conf:/conf \
    -v $(pwd)/data:/data \
    ghcr.io/livelace/terraform-multicloud-proxy-bootstrap destroy

This will destroy every object in clouds that were produced during deployment.

Cloud credentials:

Some additional information about service accounts creation which are needed for performing operations inside clouds (don't use your primary accounts, furthermore, it's much better to use dedicated projects). For more details see the official documentations (Amazon, Google, Yandex).

Amazon:

Managing Amazon IAM permissions polices are out of scope of this project, you have to review resources declared in the configuration file and adjust your permissions settings by yourself. And don't forget to review some information about image importing.

Google:

gcloud iam service-accounts create "terraform-multicloud-proxy-sa"

gcloud iam service-accounts list

gcloud iam service-accounts keys create \
    --iam-account "terraform-multicloud-proxy-sa@<PROJECT>.iam.gserviceaccount.com" \
    ~/terraform-multicloud-proxy-sa-google.json

gcloud projects add-iam-policy-binding "<PROJECT>" \
  --member "serviceAccount:terraform-multicloud-proxy-sa@<PROJECT>.iam.gserviceaccount.com" \
  --role "roles/editor"

Yandex:

yc resource-manager cloud list

yc resource-manager folder list

yc iam service-account create \
    --cloud-id "<CLOUD_ID>" \
    --folder-id "<FOLDER_ID>" \
    "terraform-multicloud-proxy-sa" 

yc iam key create \
    --service-account-name "terraform-multicloud-proxy-sa" \
    --output ~/terraform-multicloud-proxy-sa-yandex.json

yc resource-manager folder add-access-binding "<FOLDER_NAME>" \
    --subject "serviceAccount:<SERVICE_ACCOUNT_ID>" \
    --role "editor" 

yc iam access-key create \
    --service-account-name "terraform-multicloud-proxy-sa"

最近版本更新:(数据更新于 2024-10-23 10:06:20)

主题(topics):

alpine-linux, ansible, apache, awscli, dante, dnsmasq, packer, postgres, poweradmin, powerdns, qemu-kvm, supervisord, terraform, tinyproxy, tor, ubuntu

livelace/terraform-multicloud-proxy同语言 Jinja最近更新仓库

2024-09-11 20:29:37 hassio-addons/addon-adguard-home

2024-08-11 02:42:05 netbootxyz/netboot.xyz

2024-07-03 05:53:58 ansible/awx-operator

2024-01-23 17:21:23 ANXS/postgresql

2023-11-07 01:10:20 kubernetes-sigs/kubespray

2022-08-22 21:29:48 lsgalves/ansible-role-ipban