Simple service to monitor the succesful ssh login count on client machines.
(This was my assignment in a job interview for infra team and this is my first attempt of using TF, so the directory structure is not very tidy :p.
p.s. Hafizh, if you read this, try to implement the script using ansible and docker!)
- Terraform
- Google Cloud Platform account
-
(Optional) Create a new GCP project.
-
Note the project ID (not the project name), it will be used later
-
Click the navbar, choose
API & Services
>Library
, then search and make sure these following services are enabled:- Compute Engine API
- Cloud SQL
- Cloud SQL Admin API
-
Click the navbar, choose
IAM & Admin
>Service Accounts
, then create a new service account with these following setup:- On
Service account details
section, fill theService account name
with any name, then clickCreate and Continue
- On
Grant this service account access to project
section, click theSelect a role dropdown
, hover to theBasic
option below theQuick access
on the left side, then click on theEditor
on the right side, then clickContinue
. - Skip the
Grant users access to this service account (optiional)
section, clickDone
.
- On
-
After the Service Account is created, click the service account, click the
Key
tab, click theADD KEY
button, chooseJSON
, and then clickCreate
. This action will download the private key; note the location and move it to this repo's root folder later
-
Clone this repo or unzip this repo's archive. You should see these following files.
-
Important: Ensure all files use LF instead of CRLF as line break, especially if you are on Windows machine.
-
Move the private key that was created previously to this project, so it should look like this:
-
Open
terraform.tfvars
and fill the variablesproject
: the project ID (not the project name) that will be used to contain the resources.credential_name
: name of the private key that was downloaded previously.bucket name
: arbitrary name that will be used to create a bucket. As bucket name needs to be globally unique, please modify the name as needed.region
andzone
: region and zone where the resources will be located.database_admin_password
: password for accessing database instance.node_count
: number of client machines that will be provisioned.
The
terraform.tfvars
should look like this -
Open the
server.config
and fill thepassword
field with the same value asdatabase_admin_password
from the previous step. -
Run
terraform init
. -
Run
terraform validate
, ensure that the configuration is valid -
Run
terraform apply
and after confirmation prompt is displayed, inputyes
; or alternatively runterraform apply -auto-approve
instead -
Wail for about 15 minutes until all of the resources are created.
-
Troubleshoot
- If the choosen zone does not have enough resources available, please choose another zone in
terraform.tvars
file. - If the bucket name already exist, please choose another name in
terraform.tvars
file. - If the SQL instance can not be created because the name has been used before in the last week, open the
main.tf
file and replace all of the occurance of the instance name in the line 25 (the default issql-db-instance-1
) to another name (such assql-db-instance-2
) - Run
terraform apply
again to re-provision the resources.
- If the choosen zone does not have enough resources available, please choose another zone in
-
After the resources have been created, note the outputs. The
api_path
will be used to retrieve the information. Please wait for another 5-8 minutes until the server script is finished. -
(Optional) To make sure the server script is finished, log in to alpha-server from the GCP console and run:
sudo su - ls
You should see
log.txt
file, if not exist wait for another minute and then runtail -f log.txt
The command above should print the progress to the terminal.
Wait until the script is finished.
-
Open the link that was printed in step 11. As the initial state, the response should be empty.
-
Log in with ssh from the GCP console to a client machine.
-
Try to hit the API again, now the response should countain key-pair values in which the key is client's hostname and the value is the ssh login count.
-
Try to log in with ssh from the GCP console to another client machine. Another key-pair should exist in the response.
-
Try to log in with ssh from the GCP console to the first client machine. The count should be increased the response.
After logged in to all of the client machine:
-
Idempotency proof: try to run
terraform apply
. There should be a prompt that says that no changes are needed.- Note: there might be a resource change when you run
terraform apply
for the first time after step 17, but you can try it again a few time after that and no resources change should occur afterwards. Verify by reloading the API link and try to log in by using SSH again.
- Note: there might be a resource change when you run