Skip to content

Commit

Permalink
Merge pull request #248 from lcy0321/add_shielded_instance_config_sup…
Browse files Browse the repository at this point in the history 
…port

Add support for modifying the configuration of Shielded VM
  • Loading branch information
@Temikus
Temikus authored Dec 7, 2020
2 parents 07cb7ca + c2f1925 commit 2caac50
Show file tree
Hide file tree
Showing 5 changed files with 212 additions and 149 deletions.
35 changes: 19 additions & 16 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ The maintainers for this plugin are @temikus(primary), @erjohnso(backup).
* Boot Google Compute Engine instances.
* SSH into the instances.
* Provision the instances with any built-in Vagrant provisioner.
* Synced folder support via Vagrant's
* Synced folder support via Vagrant's
[rsync action](https://www.vagrantup.com/docs/synced-folders/rsync.html).
* Define zone-specific configurations so Vagrant can manage machines in
multiple zones.
Expand Down Expand Up @@ -73,8 +73,8 @@ Service Account for API Access.
## Quick Start

After installing the plugin (instructions above), the quickest way to get
started is to actually use a dummy Google box from Atlas and specify all the
details manually within a `config.vm.provider` block.
started is to actually use a dummy Google box from Atlas and specify all the
details manually within a `config.vm.provider` block.

So first, make a Vagrantfile that looks like the following, filling in
your information where necessary:
Expand All @@ -86,9 +86,9 @@ Vagrant.configure("2") do |config|
config.vm.provider :google do |google, override|
google.google_project_id = "YOUR_GOOGLE_CLOUD_PROJECT_ID"
google.google_json_key_location = "/path/to/your/private-key.json"

google.image_family = 'ubuntu-1604-lts'

override.ssh.username = "USERNAME"
override.ssh.private_key_path = "~/.ssh/id_rsa"
#override.ssh.private_key_path = "~/.ssh/google_compute_engine"
Expand All @@ -99,10 +99,10 @@ end

And then run `vagrant up --provider=google`.

This will start a latest version of Ubuntu 16.04 LTS instance in the
`us-central1-f` zone, with an `n1-standard-1` machine, and the `"default"`
network within your project. And assuming your SSH information (see below) was
filled in properly within your Vagrantfile, SSH and provisioning will work as
This will start a latest version of Ubuntu 16.04 LTS instance in the
`us-central1-f` zone, with an `n1-standard-1` machine, and the `"default"`
network within your project. And assuming your SSH information (see below) was
filled in properly within your Vagrantfile, SSH and provisioning will work as
well.

Note that normally a lot of this boilerplate is encoded within the box file,
Expand Down Expand Up @@ -165,13 +165,13 @@ configuration for this provider.
This provider exposes quite a few provider-specific configuration options:

* `google_json_key_location` - The location of the JSON private key file matching your
Service Account.
Service Account.
(Can also be configured with `GOOGLE_JSON_KEY_LOCATION` environment variable.)
* `google_project_id` - The Project ID for your Google Cloud Platform account.
* `google_project_id` - The Project ID for your Google Cloud Platform account.
(Can also be configured with `GOOGLE_PROJECT_ID` environment variable.)
* `image` - The image name to use when booting your instance.
* `image_family` - Specify an "image family" to pull the latest image from. For example: `centos-7`
will pull the most recent CentOS 7 image. For more info, refer to
* `image_family` - Specify an "image family" to pull the latest image from. For example: `centos-7`
will pull the most recent CentOS 7 image. For more info, refer to
[Google Image documentation](https://cloud.google.com/compute/docs/images#image_families).
* `image_project_id` - The ID of the GCP project to search for the `image` or `image_family`.
* `instance_group` - Unmanaged instance group to add the machine to. If one
Expand Down Expand Up @@ -206,8 +206,8 @@ will pull the most recent CentOS 7 image. For more info, refer to
utility aliases, for example:
`['storage-full', 'bigquery', 'https://www.googleapis.com/auth/compute']`.
* `service_account` - The IAM service account email to use for the instance.
* `additional_disks` - An array of additional disk configurations. `disk_size` is default to `10`GB;
`disk_name` is default to `name` + "-additional-disk-#{index}"; `disk_type` is default to `pd-standard`;
* `additional_disks` - An array of additional disk configurations. `disk_size` is default to `10`GB;
`disk_name` is default to `name` + "-additional-disk-#{index}"; `disk_type` is default to `pd-standard`;
`autodelete_disk` is default to `true`. Here is an example of configuration.
```ruby
[{
Expand All @@ -233,6 +233,9 @@ will pull the most recent CentOS 7 image. For more info, refer to

google.on_host_maintenance = "TERMINATE"
```
* `enable_secure_boot` - For [Shielded VM](https://cloud.google.com/security/shielded-cloud/shielded-vm), whether to enable Secure Boot.
* `enable_vtpm` - For [Shielded VM](https://cloud.google.com/security/shielded-cloud/shielded-vm), whether to enable vTPM.
* `enable_integrity_monitoring` - For [Shielded VM](https://cloud.google.com/security/shielded-cloud/shielded-vm), whether to enable Integrity monitoring.

These can be set like typical provider-specific configuration:

Expand Down Expand Up @@ -293,7 +296,7 @@ emit a warning, but will otherwise boot the GCE machine.
## Synced Folders

Since plugin version 2.0, this is implemented via built-in `SyncedFolders` action.
See Vagrant's [rsync action](https://www.vagrantup.com/docs/synced-folders/rsync.html)
See Vagrant's [rsync action](https://www.vagrantup.com/docs/synced-folders/rsync.html)
documentation for more info.

## Development
Expand Down
162 changes: 86 additions & 76 deletions lib/vagrant-google/action/run_instance.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,67 +42,73 @@ def call(env) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
zone = env[:machine].provider_config.zone

# Get the configs
zone_config = env[:machine].provider_config.get_zone_config(zone)
image = zone_config.image
image_family = zone_config.image_family
image_project_id = zone_config.image_project_id
instance_group = zone_config.instance_group
name = zone_config.name
machine_type = zone_config.machine_type
disk_size = zone_config.disk_size
disk_name = zone_config.disk_name
disk_type = zone_config.disk_type
network = zone_config.network
network_project_id = zone_config.network_project_id
subnetwork = zone_config.subnetwork
metadata = zone_config.metadata
labels = zone_config.labels
tags = zone_config.tags
can_ip_forward = zone_config.can_ip_forward
use_private_ip = zone_config.use_private_ip
external_ip = zone_config.external_ip
network_ip = zone_config.network_ip
preemptible = zone_config.preemptible
auto_restart = zone_config.auto_restart
on_host_maintenance = zone_config.on_host_maintenance
autodelete_disk = zone_config.autodelete_disk
service_account_scopes = zone_config.scopes
service_account = zone_config.service_account
project_id = zone_config.google_project_id
additional_disks = zone_config.additional_disks
accelerators = zone_config.accelerators
zone_config = env[:machine].provider_config.get_zone_config(zone)
image = zone_config.image
image_family = zone_config.image_family
image_project_id = zone_config.image_project_id
instance_group = zone_config.instance_group
name = zone_config.name
machine_type = zone_config.machine_type
disk_size = zone_config.disk_size
disk_name = zone_config.disk_name
disk_type = zone_config.disk_type
network = zone_config.network
network_project_id = zone_config.network_project_id
subnetwork = zone_config.subnetwork
metadata = zone_config.metadata
labels = zone_config.labels
tags = zone_config.tags
can_ip_forward = zone_config.can_ip_forward
use_private_ip = zone_config.use_private_ip
external_ip = zone_config.external_ip
network_ip = zone_config.network_ip
preemptible = zone_config.preemptible
auto_restart = zone_config.auto_restart
on_host_maintenance = zone_config.on_host_maintenance
autodelete_disk = zone_config.autodelete_disk
service_account_scopes = zone_config.scopes
service_account = zone_config.service_account
project_id = zone_config.google_project_id
additional_disks = zone_config.additional_disks
accelerators = zone_config.accelerators
enable_secure_boot = zone_config.enable_secure_boot
enable_vtpm = zone_config.enable_vtpm
enable_integrity_monitoring = zone_config.enable_integrity_monitoring

# Launch!
env[:ui].info(I18n.t("vagrant_google.launching_instance"))
env[:ui].info(" -- Name: #{name}")
env[:ui].info(" -- Project: #{project_id}")
env[:ui].info(" -- Type: #{machine_type}")
env[:ui].info(" -- Disk type: #{disk_type}")
env[:ui].info(" -- Disk size: #{disk_size} GB")
env[:ui].info(" -- Disk name: #{disk_name}")
env[:ui].info(" -- Image: #{image}")
env[:ui].info(" -- Image family: #{image_family}")
env[:ui].info(" -- Image Project: #{image_project_id}") if image_project_id
env[:ui].info(" -- Instance Group: #{instance_group}")
env[:ui].info(" -- Zone: #{zone}") if zone
env[:ui].info(" -- Network: #{network}") if network
env[:ui].info(" -- Network Project: #{network_project_id}") if network_project_id
env[:ui].info(" -- Subnetwork: #{subnetwork}") if subnetwork
env[:ui].info(" -- Metadata: '#{metadata}'")
env[:ui].info(" -- Labels: '#{labels}'")
env[:ui].info(" -- Network tags: '#{tags}'")
env[:ui].info(" -- IP Forward: #{can_ip_forward}")
env[:ui].info(" -- Use private IP: #{use_private_ip}")
env[:ui].info(" -- External IP: #{external_ip}")
env[:ui].info(" -- Network IP: #{network_ip}")
env[:ui].info(" -- Preemptible: #{preemptible}")
env[:ui].info(" -- Auto Restart: #{auto_restart}")
env[:ui].info(" -- On Maintenance: #{on_host_maintenance}")
env[:ui].info(" -- Autodelete Disk: #{autodelete_disk}")
env[:ui].info(" -- Scopes: #{service_account_scopes}") if service_account_scopes
env[:ui].info(" -- Service Account: #{service_account}") if service_account
env[:ui].info(" -- Additional Disks:#{additional_disks}")
env[:ui].info(" -- Accelerators: #{accelerators}")
env[:ui].info(" -- Name: #{name}")
env[:ui].info(" -- Project: #{project_id}")
env[:ui].info(" -- Type: #{machine_type}")
env[:ui].info(" -- Disk type: #{disk_type}")
env[:ui].info(" -- Disk size: #{disk_size} GB")
env[:ui].info(" -- Disk name: #{disk_name}")
env[:ui].info(" -- Image: #{image}")
env[:ui].info(" -- Image family: #{image_family}")
env[:ui].info(" -- Image Project: #{image_project_id}") if image_project_id
env[:ui].info(" -- Instance Group: #{instance_group}")
env[:ui].info(" -- Zone: #{zone}") if zone
env[:ui].info(" -- Network: #{network}") if network
env[:ui].info(" -- Network Project: #{network_project_id}") if network_project_id
env[:ui].info(" -- Subnetwork: #{subnetwork}") if subnetwork
env[:ui].info(" -- Metadata: '#{metadata}'")
env[:ui].info(" -- Labels: '#{labels}'")
env[:ui].info(" -- Network tags: '#{tags}'")
env[:ui].info(" -- IP Forward: #{can_ip_forward}")
env[:ui].info(" -- Use private IP: #{use_private_ip}")
env[:ui].info(" -- External IP: #{external_ip}")
env[:ui].info(" -- Network IP: #{network_ip}")
env[:ui].info(" -- Preemptible: #{preemptible}")
env[:ui].info(" -- Auto Restart: #{auto_restart}")
env[:ui].info(" -- On Maintenance: #{on_host_maintenance}")
env[:ui].info(" -- Autodelete Disk: #{autodelete_disk}")
env[:ui].info(" -- Scopes: #{service_account_scopes}") if service_account_scopes
env[:ui].info(" -- Service Account: #{service_account}") if service_account
env[:ui].info(" -- Additional Disks: #{additional_disks}")
env[:ui].info(" -- Accelerators: #{accelerators}")
env[:ui].info(" -- Secure Boot: #{enable_secure_boot}") if enable_secure_boot
env[:ui].info(" -- vTPM: #{enable_vtpm}") if enable_vtpm
env[:ui].info(" -- Integrity Monitoring: #{enable_integrity_monitoring}") if enable_integrity_monitoring

# Munge image config
if image_family
Expand Down Expand Up @@ -144,6 +150,9 @@ def call(env) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
:accelerator_count => accelerator_count })
end

# Munge shieldedInstance config
shielded_instance_config = { :enable_secure_boot => enable_secure_boot, :enable_vtpm => enable_vtpm, :enable_integrity_monitoring => enable_integrity_monitoring }

begin
request_start_time = Time.now.to_i
disk = nil
Expand Down Expand Up @@ -258,24 +267,25 @@ def call(env) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
end

defaults = {
:name => name,
:zone => zone,
:machine_type => machine_type,
:disk_size => disk_size,
:disk_type => disk_type,
:image => image,
:network_interfaces => network_interfaces,
:metadata => { :items => metadata.each.map { |k, v| {:key => k.to_s, :value => v.to_s} } },
:labels => labels,
:tags => { :items => tags },
:can_ip_forward => can_ip_forward,
:use_private_ip => use_private_ip,
:external_ip => external_ip,
:network_ip => network_ip,
:disks => disks,
:scheduling => scheduling,
:service_accounts => service_accounts,
:guest_accelerators => accelerators_url
:name => name,
:zone => zone,
:machine_type => machine_type,
:disk_size => disk_size,
:disk_type => disk_type,
:image => image,
:network_interfaces => network_interfaces,
:metadata => { :items => metadata.each.map { |k, v| {:key => k.to_s, :value => v.to_s} } },
:labels => labels,
:tags => { :items => tags },
:can_ip_forward => can_ip_forward,
:use_private_ip => use_private_ip,
:external_ip => external_ip,
:network_ip => network_ip,
:disks => disks,
:scheduling => scheduling,
:service_accounts => service_accounts,
:guest_accelerators => accelerators_url,
:shielded_instance_config => shielded_instance_config,
}
server = env[:google_compute].servers.create(defaults)
@logger.info("Machine '#{zone}:#{name}' created.")
Expand Down
Loading

0 comments on commit 2caac50

Please sign in to comment.