217 lines
8.4 KiB
Markdown
217 lines
8.4 KiB
Markdown
# First run 🏃
|
|
|
|
What will happen on your system on first run? well, SecDep will create a `.env` file in the root directory of the project. This file is needed to store the authentication values needed to access the cloud providers. You will be asked for every needed value for every supported provider and if you don't need one you should just press enter to leave it's respecting values empty.
|
|
|
|
You can also run `python3 secdep.py --init <provider>` where `<provider>` is either gce, azure or aws to initialize the `.env` file for a specific provider only.
|
|
|
|
### Configuration ⚙️
|
|
|
|
Should you ever change your mind you can always edit the `.env` file manually or run `python3 secdep.py -e` or `python3 secdep.py --edit` to change the values you want.
|
|
|
|
### Key Creation 🔐
|
|
|
|
Then a public and a private ssh key will be generated and stored in the root of the directory. The public key will be added to the `~/.ssh/authorized_keys` file of a secdep user that will be created on the virtual machines. The private key will be used to connect to the virtual machines.
|
|
|
|
# Creating a virtual machine 🖥️
|
|
|
|
To create a virtual machine you can run `python3 secdep.py -P <provider> -c` or `python3 secdep.py --provider <provider> --create` where `<provider>` is either gce, azure or aws.
|
|
|
|
You will be asked to enter some information regarding the virtual machine you want to create such as
|
|
|
|
1. The name
|
|
2. The size
|
|
3. The image
|
|
4. The location
|
|
|
|
and then you will be shown the chosen values and asked to confirm the creation of the virtual machine.
|
|
|
|
# Skipping the confirmation and some options 🙅
|
|
|
|
If you want to skip the confirmation or some of the asked values you can specify them using command line flags as so
|
|
|
|
1. `-n <name>` or `--name <name>` to specify the name
|
|
2. `-s <size>` or `--size <size>` to specify the size
|
|
3. `-i <image>` or `--image <image>` to specify the image
|
|
4. `-g <region>` or `--region <region>` to specify the location
|
|
5. `-y` or `--yes` to skip the confirmation
|
|
|
|
You will be asked for the values you didn't specify.
|
|
|
|
A note on the `-g` or `--region` flag. It is used for Azure and GCE and it is used to specify the region. For AWS it is derived from the image because they are region specific.
|
|
|
|
A full example looks like this
|
|
|
|
`python3 secdep.py -P <provider> -c -n <name> -s <size> -i <image> -g <region> -y`
|
|
|
|
or with specific values
|
|
|
|
## GCE
|
|
|
|
`python3 secdep.py -P gce -c -n test-node -g us-central1-a -s f1-micro -i debian-10-buster-v20230306 -y`
|
|
|
|
## Azure
|
|
|
|
`python3 secdep.py -P azure -c -n test-node -s Standard_B1ls -i Debian:debian-11:11:0.20221219.1234 -g eastus -y`
|
|
|
|
## AWS
|
|
|
|
`python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-0246e87085c5c98e3 -y`
|
|
|
|
# Finding valid values for the flags 🕵️
|
|
|
|
If you want to find valid values for the image you can run `python3 secdep.py -P <provider> -I -p` or `python3 secdep.py --provider <provider> --listimages --print` where `<provider>` is either gce, azure or aws.
|
|
|
|
Same goes for the `-S -p` or `--listsizes --print` flag for the sizes and the `-G -p` or `--listlocations --print` flag for the location.
|
|
|
|
## AWS image example output
|
|
|
|
`python3 secdep.py -P aws -I -p`
|
|
|
|
`<NodeImage: id=ami-0eb2c4104acb437b2, name=debian-10-amd64-20221224-1239, driver=Amazon EC2 ...>`
|
|
|
|
You can see that the image id is `ami-0eb2c4104acb437b2` and the name is `debian-10-amd64-20221224-1239`.
|
|
|
|
What you'll need to specify is the image id.
|
|
|
|
## GCE image example output
|
|
|
|
`python3 secdep.py -P gce -I -p`
|
|
|
|
`<NodeImage: id=992739542793186627, name=debian-10-buster-v20230306, driver=Google Compute Engine ...>`
|
|
|
|
Here you will need the name of the image.
|
|
|
|
## Azure image example output
|
|
|
|
`python3 secdep.py -P azure -I -p`
|
|
|
|
`<AzureImage: id=Debian:debian-11:11:0.20221219.1234, name=Debian debian-11 11 0.20221219.1234, location=eastus>`
|
|
|
|
Here you will need the id of the image.
|
|
|
|
## AWS size example output
|
|
|
|
`python3 secdep.py -P aws -S -p`
|
|
|
|
`<NodeSize: id=t3.micro, name=t3.micro, ram=1024, disk=0, bandwidth=0, price=0.0204, driver=Amazon EC2 ...>`
|
|
|
|
Here you will need the id of the size.
|
|
|
|
## GCE size example output
|
|
|
|
`python3 secdep.py -P gce -S -p`
|
|
|
|
`<NodeSize: id=1000, name=f1-micro, ram=614 disk=0 bandwidth=0 price=None driver=Google Compute Engine ...>`
|
|
|
|
Here you will need the name of the size.
|
|
|
|
## Azure size example output
|
|
|
|
`python3 secdep.py -P azure -S -p`
|
|
|
|
`<NodeSize: id=Standard_B1ls, name=Standard_B1ls, ram=512 disk=4.0 bandwidth=0 price=0 driver=Azure Virtual machines ...>`
|
|
|
|
Here you will need the id of the size.
|
|
|
|
## AWS location example output
|
|
|
|
`python3 secdep.py -P aws -G -p`
|
|
|
|
`<EC2NodeLocation: id=0, name=us-east-1a, country=USA, availability_zone=<ExEC2AvailabilityZone: name=us-east-1a, zone_state=available, region_name=us-east-1> driver=Amazon EC2>`
|
|
|
|
That is actually here for demonstration purposes because AWS doesn't have locations. The location is derived from the image.
|
|
|
|
## GCE location example output
|
|
|
|
`python3 secdep.py -P gce -G -p`
|
|
|
|
`<NodeLocation: id=2000, name=us-central1-a, country=us, driver=Google Compute Engine>`
|
|
|
|
We get the name of the location.
|
|
|
|
## Azure location example output
|
|
|
|
`python3 secdep.py -P azure -G -p`
|
|
|
|
`<NodeLocation: id=eastus, name=East US, country=Virginia, USA, driver=Azure Virtual machines>`
|
|
|
|
We get the id of the location.
|
|
|
|
# Listing virtual machines 🧮
|
|
|
|
To list the virtual machines you can run `python3 secdep.py -P <provider> -l` or `python3 secdep.py --provider <provider> --list`.
|
|
|
|
You can also do the same without the provider flag to list all the virtual machines from all the providers.
|
|
|
|
The print flag also works with the list flag like this `python3 secdep.py -P <provider> -l -p` or `python3 secdep.py --provider <provider> --list --print`.
|
|
|
|
# Deleting a virtual machine 🗑️
|
|
|
|
To delete a virtual machine you perform an action with the -a or --action flag.
|
|
|
|
When the action is `delete`, you choose one of the virtual machines from the list and it will be deleted. Combined with the provider flag it lists all the virtual machines from that one provider.
|
|
|
|
`python3 secdep.py -P <provider> -a delete`
|
|
|
|
or
|
|
|
|
`python3 secdep.py -a delete`
|
|
|
|
If you want to delete them all in either case you can use the `deleteall` action instead of the delete
|
|
|
|
Same goes for stop, start and reboot.
|
|
|
|
# Using actions more efficiently ⚖️
|
|
|
|
Possible actions are `delete`, `stop`, `start`, `reboot` and all of them with the `all` suffix.
|
|
|
|
Essentially, an action that does not end with `all` will ask you to choose a virtual machine from the list and perform the action on that one.
|
|
|
|
That means that there is an intermediate step where you choose the virtual machine from the list.
|
|
|
|
If you know you only have one virtual machine you could use the `<action>all` action to skip the confirmation step.
|
|
|
|
For example, if you know you only have one virtual machine with the gce provider you can run `python3 secdep.py -P gce -a deleteall` to delete it.
|
|
|
|
That way we skipped not only the confirmation step but also looking for more virtual machines from azure and aws.
|
|
|
|
If you only use one provider you should always specify the provider flag to never have to look for virtual machines from the others.
|
|
|
|
Especially in the case of aws, it is highly beneficial to specify the `--awsregion` flag to not go through all the regions.
|
|
|
|
Another example would be if you want to stop all the virtual machines from a specific aws region.
|
|
|
|
To do that you can simply run `python3 secdep.py -P aws --awsregion <region> -a stopall` where `<region>` is the region you want to stop the virtual machines from.
|
|
|
|
# SSHing into a virtual machine 🚀
|
|
|
|
* Interactive TUI programs such as `vim` and similar will not work.
|
|
|
|
If you can, prefer a better ssh client.
|
|
|
|
To SSH into a virtual machine you get the choice from `python3 secdep.py -ssh` or `python3 secdep.py -P gce -ssh` to only choose from the gce instances.
|
|
|
|
# Generating shell completion scripts 🐚
|
|
|
|
To generate shell completion scripts you can run
|
|
|
|
`python3 secdep.py --print-completion zsh`
|
|
|
|
or
|
|
|
|
`python3 secdep.py --print-completion bash`
|
|
|
|
according to your shell of choice.
|
|
|
|
To use the completion scripts you need to put them in the right place for each shell after we save the output to a file.
|
|
|
|
For example, if you are using zsh and you aliased the command to `secdep` you can run
|
|
|
|
`secdep --print-completion zsh > _secdep && sudo mv _secdep /usr/share/zsh/site-functions`
|
|
|
|
Then when you reload your shell you can use the completion scripts.
|
|
|
|
For bash the command would be `secdep --print-completion bash > secdep && sudo mv secdep /etc/bash_completion.d`
|
|
|
|
Then make sure in your `.bashrc` or `.bash_profile` you have `source /etc/bash_completion.d/secdep` and reload your shell
|