7.6 KiB
First run 🏃
What will happen on your system on first run? well, SecDep will create a .env file in the root directory of the project. This file is needed to store the authentication values needed to access the cloud providers. You will be asked for every needed value for every supported provider and if you don't need one you should just press enter to leave it's respecting values empty.
You can also run python3 secdep.py --init <provider> where <provider> is either gce, azure or aws to initialize the .env file for a specific provider only.
Configuration ⚙️
Should you ever change your mind you can always edit the .env file manually or run python3 secdep.py -v or python3 secdep.py --values to change the values you want.
Key Creation 🔐
Then a public and a private ssh key will be generated and stored in the root of the directory. The public key will be added to the ~/.ssh/authorized_keys file of a secdep user that will be created on the virtual machines. The private key will be used to connect to the virtual machines.
Creating a virtual machine 🖥️
To create a virtual machine you can run python3 secdep.py -P <provider> -c or python3 secdep.py --provider <provider> --create where <provider> is either gce, azure or aws.
You will be asked to enter some information regarding the virtual machine you want to create such as
- The name
- The size
- The image
- The location
and then you will be shown the chosen values and asked to confirm the creation of the virtual machine.
Skipping the confirmation and some options 🙅
If you want to skip the confirmation or some of the asked values you can specify them using command line flags as so
-n <name>or--name <name>to specify the name-s <size>or--size <size>to specify the size-i <image>or--image <image>to specify the image-g <region>or--region <region>to specify the location-yor--yesto skip the confirmation
You will be asked for the values you didn't specify.
A note on the -g or --region flag. It is used for Azure and GCE and it is used to specify the region. For AWS it is derived from the image because they are region specific.
A full example looks like this
python3 secdep.py -P <provider> -c -n <name> -s <size> -i <image> -g <region> -y
or with specific values
GCE
python3 secdep.py -P gce -c -n test-node -g us-central1-a -s f1-micro -i debian-10-buster-v20230306 -y
Azure
python3 secdep.py -P azure -c -n test-node -s Standard_B1ls -i Debian:debian-11:11:0.20221219.1234 -g eastus -y
AWS
python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-0246e87085c5c98e3 -y
Finding valid values for the flags 🕵️
If you want to find valid values for the image you can run python3 secdep.py -P <provider> -I -p or python3 secdep.py --provider <provider> --listimages --print where <provider> is either gce, azure or aws.
Same goes for the -S -p or --listsizes --print flag for the sizes and the -G -p or --listlocations --print flag for the location.
AWS image example output
python3 secdep.py -P aws -I -p
<NodeImage: id=ami-0eb2c4104acb437b2, name=debian-10-amd64-20221224-1239, driver=Amazon EC2 ...>
You can see that the image id is ami-0eb2c4104acb437b2 and the name is debian-10-amd64-20221224-1239.
What you'll need to specify is the image id.
GCE image example output
python3 secdep.py -P gce -I -p
<NodeImage: id=992739542793186627, name=debian-10-buster-v20230306, driver=Google Compute Engine ...>
Here you will need the name of the image.
Azure image example output
python3 secdep.py -P azure -I -p
<AzureImage: id=Debian:debian-11:11:0.20221219.1234, name=Debian debian-11 11 0.20221219.1234, location=eastus>
Here you will need the id of the image.
AWS size example output
python3 secdep.py -P aws -S -p
<NodeSize: id=t3.micro, name=t3.micro, ram=1024, disk=0, bandwidth=0, price=0.0204, driver=Amazon EC2 ...>
Here you will need the id of the size.
GCE size example output
python3 secdep.py -P gce -S -p
<NodeSize: id=1000, name=f1-micro, ram=614 disk=0 bandwidth=0 price=None driver=Google Compute Engine ...>
Here you will need the name of the size.
Azure size example output
python3 secdep.py -P azure -S -p
<NodeSize: id=Standard_B1ls, name=Standard_B1ls, ram=512 disk=4.0 bandwidth=0 price=0 driver=Azure Virtual machines ...>
Here you will need the id of the size.
AWS location example output
python3 secdep.py -P aws -G -p
<EC2NodeLocation: id=0, name=us-east-1a, country=USA, availability_zone=<ExEC2AvailabilityZone: name=us-east-1a, zone_state=available, region_name=us-east-1> driver=Amazon EC2>
That is actually here for demonstration purposes because AWS doesn't have locations. The location is derived from the image.
GCE location example output
python3 secdep.py -P gce -G -p
<NodeLocation: id=2000, name=us-central1-a, country=us, driver=Google Compute Engine>
We get the name of the location.
Azure location example output
python3 secdep.py -P azure -G -p
<NodeLocation: id=eastus, name=East US, country=Virginia, USA, driver=Azure Virtual machines>
We get the id of the location.
Listing virtual machines 🧮
To list the virtual machines you can run python3 secdep.py -P <provider> -l or python3 secdep.py --provider <provider> --list.
You can also do the same without the provider flag to list all the virtual machines from all the providers.
The print flag also works with the list flag like this python3 secdep.py -P <provider> -l -p or python3 secdep.py --provider <provider> --list --print.
Deleting a virtual machine 🗑️
To delete a virtual machine you perform an action with the -a or --action flag.
When the action is delete, you choose one of the virtual machines from the list and it will be deleted. Combined with the provider flag it lists all the virtual machines from that one provider.
python3 secdep.py -P <provider> -a delete
or
python3 secdep.py -a delete
If you want to delete them all in either case you can use the deleteall action instead of the delete
Same goes for stop, start and reboot.
Using actions more efficiently ⚖️
Possible actions are delete, stop, start, reboot and all of them with the all suffix.
Essentially, an action that does not end with all will ask you to choose a virtual machine from the list and perform the action on that one.
That means that there is an intermediate step where you choose the virtual machine from the list.
If you know you only have one virtual machine you could use the <action>all action to skip the confirmation step.
For example, if you know you only have one virtual machine with the gce provider you can run python3 secdep.py -P gce -a deleteall to delete it.
That way we skipped not only the confirmation step but also looking for more virtual machines from azure and aws.
If you only use one provider you should always specify the provider flag to never have to look for virtual machines from the others.
Especially in the case of aws, it is highly beneficial to specify the --awsregion flag to not go through all the regions.
Another example would be if you want to stop all the virtual machines from a specific aws region.
To do that you can simply run python3 secdep.py -P aws --awsregion <region> -a stopall where <region> is the region you want to stop the virtual machines from.
SSHing into a virtual machine 🚀
- Interactive TUI programs such as
vimand similar will not work.
If you can, prefer a better ssh client.
To SSH into a virtual machine you get the choice from python3 secdep.py -ssh or python3 secdep.py -P gce -ssh to only choose from the gce instances.