DigitalOcean Fellowship Program

Check out my blog post on DigitalOcean’s blog site about the DigitalOcean fellowship program.  This program is all about mentorship and raising a performing team with the mentor / mentee relationship:

https://blog.digitalocean.com/mentoring-engineers-through-an-engineering-fellowship-program/

0 to Cloud, Using DigitalOcean and Terraform to Start Working in the Cloud

Introduction

I get asked a lot about how to get started with cloud computing. As most of you already know, this is a very broad question  (you have probably been asked the same thing).

I decided to write a short guide to make it easy for someone to get started working with a cloud instance. This shell script, using Terraform and DigitalOcean, will hopefully fulfill that goal.

Getting Started

Requirements:

  1. A DigitalOcean account and API Key (See this post under “How To Generate a Personal Access Token”)
  2. 64 bit Ubuntu System (virtual or physical) – Next few steps are all on this system
  3. Update your repos: sudo apt-get update
  4. Install git:  sudo apt-get -y install git
  5. Pull the repo we will be working with: git clone https://github.com/tspiegs/0toCloud
  6. Move into the new directory: cd 0toCloud

Execution

NOTE:  NEVER, EVER run a script that someone gives you without knowing what it does.   If you can not figure out what the script is doing, then ask someone. This is critically important with a script like this one, which will be asking for your sudo credentials. Please make sure you know what it is doing.

This is the beauty of this 0toCloud script.  Simply type: ./0tocloud.sh and hit enter.  This will start the process of creating your cloud instance (called a droplet by DigitalOcean).  Depending on how your system is configured, the script may ask for a few pieces of info.  After which, as long as everything looks good, your new droplet will start to build.

Building and setting up the droplet will take up to 5 minutes so, just let it go.  After it is finished, you should see a set of information with an IP address. Try to SSH to that IP address by typing: ssh root@theipaddress. You can also view the IP address in a web browser to see an Nginx setup page.

You should now have a startup webpage and a working cloud instance that you can play with!

What The Hell Is This Doing!?

OK let’s go through a bit of the important code here block by block.  Follow along by typing: less ./0tocloud.sh

while [ "$1" != "" ]; do
    case $1 in
        -d | --distro )         shift
                                distro=$1
                                ;;
        -h | --hostname )       shift
                                hostname=$1
                                ;;
        -p | --plan )           plan=1
                                ;;
        -r | --refresh )        refresh=1
                                ;;
        --help )                usage
                                exit
                                ;;
        -D | --destroy )        destroy=1
                                ;;
        * )                     usage
                                exit 1
    esac
    shift
done

These are our possible arguments. Simply running: ./0tocloud.sh will start a droplet for you, but if you want to edit specific attributes of this droplet, you can do so by passing arguments to the script. For example: ./0tocloud.sh -h nginxtestserver will start a droplet with the hostname “nginxtestserver”. We also see that you can use “./0tocloud.sh -D” to destroy the instances you have already created.

type terraform >/dev/null 2>&1 || { echo "Dowloading and setting up Terraform" \
wget https://dl.bintray.com/mitchellh/terraform/terraform_0.5.1_linux_amd64.zip \
echo "unzipping terrform!" \
sudo unzip terraform_0.5.1_linux_amd64.zip -d /usr/bin/
}

This bit is going to check that Terraform is installed on your computer (you can find more information at terraform.io). If Terraform is not installed, this will grab the .zip file from their website and unzip the files into your /usr/bin/ so “terraform” can be used like any other linux command. Note: This is one of a few parts that will require sudo access.

if [ -a ~/.ssh/id_rsa.pub ]; then
  echo "public ssh key file exists, continuing"
else
  echo "~/.ssh/id_rsa.pub does not exists.  Would you like to create it? yes or no"
  read creatersa
  if [[ $creatersa == "yes" || $creatersa == "y" ]]; then
    echo "creating rsa key pair"
    ssh-keygen -t rsa
  else
    echo "rsa key pair needs to be created.  Place rsa key in ~/.ssh/id_rsa.pub or rerun this program and type yes to make a new key pair"
    exit
  fi
fi

This block is checking if you have an RSA key pair. This is needed for SSH access. If you do not have a key pair located in ~/.ssh/ directory then it will start the process of making a key pair for you. NEVER share your id_rsa. This is your private key. The only key that should ever be moved from your local machine is the id_rsa.pub as this is the public side of the key.

if [ -z "$DO_PAT" ]; then
  echo "no PAT variable exists" #manually enter the key
  echo "enter your DigitalOcean API Key to start setting up your new droplet"
  read DOKey
else
  echo "pat exist"
  DOKey=$(echo $DO_PAT)
fi

This will check if you have a variable called $DO_PAT which has your API Key. If this variable is not set, you will need to manually enter your API Key every time you run 0tocloud.sh. To set the variable, use something like this (but obviously with your specific API Key):

 echo declare -x DO_PAT=\'yourapikeyhere\';. ~/.bashrc 

That is an optional step. You can easily just paste your API Key in each time you run the script.

sshkeyFP=$(ssh-keygen -lf ~/.ssh/id_rsa.pub | awk '{print $2}')
curlkeystatus=$(curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $DOKey"  "https://api.digitalocean.com/v2/account/keys" | grep -ci $sshkeyFP)
if [ $curlkeystatus -eq 0 ]
then
  echo "Putting your SSH key in DO"
  sshkeypub=$(cat ~/.ssh/id_rsa.pub)
  apijson=$(echo "{\"name\":\"My SSH Public Key\",\"public_key\":\"$sshkeypub\"}")
  curl -X POST -H 'Content-Type: application/json' -H "Authorization: Bearer $DOKey" -d "$apijson" "https://api.digitalocean.com/v2/account/keys"
elif [ $curlkeystatus -eq 1 ]; then
  echo "SSH Key properly in DO account, Continuing…."
else
  echo "can't detect ssh key status, something is VERY wrong here……"
fi

Now that we are sure that we have an RSA key pair and the DO API Key, we can see if the public key is in our DO account. We use the DigitalOcean API to verify. If the public RSA key is not in our DigitalOcean account, this block will automatically place it there for easy SSH access to our droplets.

if [ $destroy -eq 1 ] >/dev/null 2>&1; then
  terraform destroy -var "do_token=${DOKey}" -var "ssh_fingerprint=${sshkeyFP}" -var "do_distro=${distro}" -var "do_hostname=${hostname}"
  exit 1
fi

if [ $plan -eq 1 ] >/dev/null 2>&1; then
  terraform plan -var "do_token=${DOKey}" -var "ssh_fingerprint=${sshkeyFP}" -var "do_distro=${distro}" -var "do_hostname=${hostname}"
  exit 1
fi

if [ $refresh -eq 1 ] >/dev/null 2>&1; then
  terraform refresh -var "do_token=${DOKey}" -var "ssh_fingerprint=${sshkeyFP}" -var "do_distro=${distro}" -var "do_hostname=${hostname}"
  exit 1
fi
#now starting terraform magic and creating the instance

terraform apply -var "do_token=${DOKey}" -var "ssh_fingerprint=${sshkeyFP}" -var "do_distro=${distro}" -var "do_hostname=${hostname}"

terraform show

Finally, these are the Terraform commands that will actually run to create, show, or destroy our droplets.

PLAY PLAY PLAY!

Now its time to experiment with the files. Play with the different arguments for the shell script 0tocloud.sh. Type: ./0tocloud.sh –help to see the available usage. Take a look at the other files in the repo such as form.tf (this is the terraform file telling the droplet what to do). Don’t forget to destroy your cloud instances at the end if you do not want your cloud bill piling up! The great part about this is that they are very easy to create and destroy.

Thanks a lot for reading. I will be adding much more in the future when I have time. Next up, I will be playing with a bastion host and security of our droplets.