This project is a set of tools that allow to deploy virtual machines with various proxy applications (Dante, Tinyproxy, Tor) in such clouds as Amazon, Google, Yandex. It can be handy when you have to check your apps from different parts of the world. This set shouldn't be considered as a "production tool", but rather as a "development tool". This set can be easily adapted for any task, when you need something up and running in clouds.
In-use:
alpine linux, ansible, apache, awscli, dante, dnsmasq, packer, postgres, powerdns, poweradmin, supervisord, terraform, tinyproxy, tor, qemu-kvm, ubuntu.
The project consists of two docker images:
- livelace/terraform-multicloud-proxy-bootstrap - primary tool for creation, deployment and destroying clouds infrastructures.
- livelace/terraform-multicloud-proxy-dns - optional tool for registering deployed virtual machines in DNS.
Typical workflow:
- Create configuration.
- Build virtual machines images.
- Deploy cloud infrastructure.
- Destroy cloud infrastructure.
- Linux host with Docker (you can use already built images or you could build them yourself).
- CPU with AMD-v/VT-x (virtualization is needed for image building, it's too slow to do that without).
- Cloud credentials with appropriate permissions.
Get help information:
docker run -ti --rm -e UID=$UID \
-v $(pwd)/conf:/conf \
-v $(pwd)/data:/data \
ghcr.io/livelace/terraform-multicloud-proxy-bootstrap help
Some commands can be run with a specific cloud as an argument.
Initialize sample configuration:
docker run -ti --rm -e UID=$UID \
-v $(pwd)/conf:/conf \
-v $(pwd)/data:/data \
ghcr.io/livelace/terraform-multicloud-proxy-bootstrap init
This will generate and place into "/conf" directory:
- Sample configuration (inventory-sample.ini with comments).
- SSH keys (random generated).
- Password for root (random generated).
Generate configurations:
docker run -ti --rm -e UID=$UID \
-v $(pwd)/conf:/conf \
-v $(pwd)/data:/data \
ghcr.io/livelace/terraform-multicloud-proxy-bootstrap genconf
This will produce different configurations for above mentioned apps and place all those stuff into "/data" directory.
Repeat this command if you change something in the configuration file.
Build virtual machines images:
docker run -ti --rm -e UID=$UID \
--privileged \
-v /dev/kvm:/dev/kvm \
-v $(pwd)/conf:/conf \
-v $(pwd)/data:/data \
ghcr.io/livelace/terraform-multicloud-proxy-bootstrap build
This will produce virtual machines images with individual settings for every cloud provider and place those images into "/data/packer/images".
Don't forget to rebuild images if you change some settings in the configuration file (SSH keys, port numbers, white lists etc.).
Deploy clouds infrastructures:
docker run -ti --rm -e UID=$UID \
-v $(pwd)/conf:/conf \
-v $(pwd)/data:/data \
ghcr.io/livelace/terraform-multicloud-proxy-bootstrap deploy
This will take some time for deploying virtual machines inside clouds (Amazon is the slowest one, because of its image importing mechanism). If something goes wrong - just "destroy" infrastructure, fix the problems and try again.
Destroy clouds infrastructures:
docker run -ti --rm -e UID=$UID \
-v $(pwd)/conf:/conf \
-v $(pwd)/data:/data \
ghcr.io/livelace/terraform-multicloud-proxy-bootstrap destroy
This will destroy every object in clouds that were produced during deployment.
Some additional information about service accounts creation which are needed for performing operations inside clouds (don't use your primary accounts, furthermore, it's much better to use dedicated projects). For more details see the official documentations (Amazon, Google, Yandex).
Amazon:
Managing Amazon IAM permissions polices are out of scope of this project, you have to review resources declared in the configuration file and adjust your permissions settings by yourself. And don't forget to review some information about image importing.
Google:
gcloud iam service-accounts create "terraform-multicloud-proxy-sa"
gcloud iam service-accounts list
gcloud iam service-accounts keys create \
--iam-account "terraform-multicloud-proxy-sa@<PROJECT>.iam.gserviceaccount.com" \
~/terraform-multicloud-proxy-sa-google.json
gcloud projects add-iam-policy-binding "<PROJECT>" \
--member "serviceAccount:terraform-multicloud-proxy-sa@<PROJECT>.iam.gserviceaccount.com" \
--role "roles/editor"
Yandex:
yc resource-manager cloud list
yc resource-manager folder list
yc iam service-account create \
--cloud-id "<CLOUD_ID>" \
--folder-id "<FOLDER_ID>" \
"terraform-multicloud-proxy-sa"
yc iam key create \
--service-account-name "terraform-multicloud-proxy-sa" \
--output ~/terraform-multicloud-proxy-sa-yandex.json
yc resource-manager folder add-access-binding "<FOLDER_NAME>" \
--subject "serviceAccount:<SERVICE_ACCOUNT_ID>" \
--role "editor"
yc iam access-key create \
--service-account-name "terraform-multicloud-proxy-sa"