Last active
March 28, 2017 19:48
-
-
Save benjaminchodroff/c7a9df33a1e495eff7ebb21891bcfcc6 to your computer and use it in GitHub Desktop.
QingCloud automated VPC bastion host creation and deletion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pip install --upgrade qingcloud-cli | |
| # CLI documentation: https://docs.qingcloud.com/cli/index.html | |
| # API documentation: https://docs.qingcloud.com/api/index.html | |
| # CLI Source: https://github.com/yunify/qingcloud-cli | |
| # Python SDK Source: https://github.com/yunify/qingcloud-sdk-python | |
| #Provision SubAccount in master account manual - log in, create an access key, and install the python CLI for qingcloud with your key, secret, and zone set in ~/.qingcloud/config.yaml | |
| #Create security group | |
| securitygroup=$( qingcloud iaas create-security-group --security_group_name "securitygroup-0000" | python -c 'import json,sys;print(json.load(sys.stdin)["security_group_id"]);' ) | |
| #Add security group rules (Ping and SSH) | |
| qingcloud iaas add-security-group-rules --security_group $securitygroup --rules '[{"security_group_rule_name":"ping","protocol":"icmp","priority":"0","action":"accept","val2":"0","val1":"8"},{"security_group_rule_name":"ssh","protocol":"tcp","priority":"1","action":"accept","val2":"22","val1":"22"}]' | |
| #Apply security group rules | |
| qingcloud iaas apply-security-group --security_group_id $securitygroup | |
| #Provision vxnet | |
| vxnet=$( qingcloud iaas create-vxnets --count 1 --vxnet_name vxnet-0000 | python -c 'import json,sys;print(json.load(sys.stdin)["vxnets"][0]);' ) | |
| #Provision router | |
| router=$( qingcloud iaas create-routers -c 1 --router_name router-0000 --vpc_network "172.16.100.0/16" --router_type 3 --security_group $securitygroup | python -c 'import json,sys;print(json.load(sys.stdin)["routers"][0]);' ) | |
| #Associate vxnet to router | |
| qingcloud iaas join-router --router $router --vxnet $vxnet --ip_network '172.16.100.0/24' | |
| #Provision 100GB volume | |
| volume=$( qingcloud iaas create-volumes --size 100 --type 3 --count 1 --volume_name svolume-0000 | python -c 'import json,sys;print(json.load(sys.stdin)["volumes"][0]);' ) | |
| #Find all public images that are centos 7.2 | |
| qingcloud iaas describe-images --provider system --visibility public --os_family centos --processor_type 64bit --status available --search_word 7.2 | |
| #Find my images | |
| qingcloud iaas describe-images | |
| #Create keypair | |
| keypair=$( qingcloud iaas create-keypair --keypair_name 'benjamin.chodroff@sevenstarworld.cn' --mode user --encrypt_method ssh-rsa --public_key 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpCiBDJgvmHprt/mvu8sNFSsIisiJ+wO+vLxm12LnJ+UsvQ0XO665z04d7xLS5IkaFuQJWVeje6ahk09JCQtcra7iWg3KGUw3+pfocHG6V0S8cZmlIwtmvGGRq1oso2Wd2KcVjfQiSaalf3g6fMQOEWhf5h4FOXndKS2CBQFlCsZlHe/693BkvGvey6ePbhQ9ETmFZLHusoSmDgemkgG6EE895jlDwSz8lv5ij3MiAdOOM2GGGjGAvOsCeubhX1iIqdo15A+OfMXMtQWtF2mrHCtFiAQ5j4Ff9XT41Yg35RR+XYbYuzJ2eAobz//p2OAg6Bamt6wfRL/UpSG/N1vhP benjamin.chodroff@sevenstarworld.cn' | python -c 'import json,sys;print(json.load(sys.stdin)["keypair_id"]);' ) | |
| #Provision bastion host instance | |
| instance=$( qingcloud iaas run-instances --count 1 --image_id centos7x64d --instance_class 1 --cpu 2 --memory 4096 --instance_name instance0000.vw.sevenstarworld.cn --vxnets $vxnet --login_mode keypair --login_keypair $keypair --hostname instance0000.vw.sevenstarworld.cn | python -c 'import json,sys;print(json.load(sys.stdin)["instances"][0]);' ) | |
| #Associate volume to instance | |
| qingcloud iaas attach-volumes --instance $instance --volumes $volume | |
| #Create Elastic IP | |
| eip=$( qingcloud iaas allocate-eips --bandwidth 100 --billing-mode traffic --count 1 --need_icp 0 --eip_name bastion | python -c 'import json,sys;print(json.load(sys.stdin)["eips"][0]);' ) | |
| #Assign Elastic IP to router | |
| qingcloud iaas modify-router-attributes --router $router --eip $eip | |
| #Update router | |
| qingcloud iaas update-routers --routers $router | |
| #Open up SSH to bastion host | |
| qingcloud iaas add-router-statics --router $router --statics '[{"router_static_name":"ssh","val4":"tcp","val1":"22","val2":"172.16.100.2","val3":"22","static_type":"1"}]' | |
| #Apply static routes to port forward ssh to bastion host | |
| qingcloud iaas update-routers --routers $router | |
| #Get EIP ip address | |
| ip=$( qingcloud iaas describe-eips --eips $eip | python -c 'import json,sys;print(json.load(sys.stdin)["eip_set"][0]["eip_addr"]);' ) | |
| #SSH to bastion host | |
| ssh -i ~/.ssh/id_rsa root@$ip | |
| ### YOU ARE IN THE BASTION HOST IN THE VPC ### | |
| #Teardown | |
| #Remove Elastic IP from router | |
| qingcloud iaas modify-router-attributes -r $router --eip "" | |
| #Update Router | |
| qingcloud iaas update-routers --routers $router | |
| #Release EIP | |
| qingcloud iaas release-eips --eips $eip | |
| #Delete bastion host instance | |
| qingcloud iaas terminate-instances --instances $instance | |
| #Delete volume | |
| qingcloud iaas delete-volumes --volumes $volume | |
| #Delete keypair | |
| qingcloud iaas delete-keypairs --keypairs $keypair | |
| #Remove vxnet from router | |
| qingcloud iaas leave-router --router $router --vxnets $vxnet | |
| #Delete VPC router | |
| qingcloud iaas delete-routers --routers $router | |
| #Delete vxnet | |
| qingcloud iaas delete-vxnets --vxnets $vxnet | |
| #Delete security group | |
| qingcloud iaas delete-security-groups --security_groups $securitygroup |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment