Skip to content
/ prod Public

Basic command line VPS provisioning and configuration/controlling tool.

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ppearson/prod

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

102 Commits
doc/rst
doc/rst
 
 
examples
examples
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
Changelog.md
Changelog.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
TODO.md
TODO.md
 
 

Repository files navigation

Prod

Copyright 2021-2025 Peter Pearson.

Prod is a basic command line VPS provisioning and controlling (configuration / orchestration) tool, partially intended as a vehicle to learn the Rust programming language with a new project, as well as to learn about HTTP web services from VPS providers, although also to scratch an itch of making my own basic version of a VPS provisioning and configuration tool, approximating some functionality of tools like Terraform and Ansible and re-learn some Linux system administration theory / practices by automating some of it.

Prod's current functionality includes limited support for Provisioning cloud VPS instances (with several providers supported to a limited degree), as well as support for Controlling the servers (running commands on them to configure them) afterwards, based off YAML scripts describing actions and properties of what is desired.

It's still very much work-in-progress, although it is functional to a basic degree for provisioning, and the configuration/control side of things is more functional and is what I'm concentrating on mostly now.

Control functionality can utilise either the ssh2 crate (which depends on openssl) or the ssh-rs crate, and this can be controlled with features in Cargo.toml, or disabled completely.

Provisioning

Prod currently has limited provisioning support for creating and destroying VPS instances with the following 'providers':

  • Binary Lane
  • Vultr
  • Linode
  • Digital Ocean

Prod can also list available instance types, locations and OS images for the various providers.

In the near future the plan is to add support for creating other types of instances (high-perf compute, GPU, etc), as well as provisioning block storage, in addition to DNS and network configuration from these providers where possible, and maybe other things.

Example Provision recipe file, which will create a $5 Vultr cloud instance in Sydney, running Debian Linux 11:

# Create a Vultr $5 instance in Sydney running Debian 11
provider: vultr
action: createInstance

plan: vc2-1c-1gb
region: syd
# debian 11 x64
os_id: 477

To perform a provision, set the environment variable to control the private API key for the provider you want to use (Vultr in this example) - you will need to create your own for the respective provider:

export PROD_VULTR_API_KEY=AN259_USE_YOUR_OWN_NYMK4HNKSFE5HEDEG3434T

and then run:

./prod provision ~/prod/examples/provision/vultr_create_instance_small_sydney.txt

which will eventually start the instance:

Vultr instance created, id: 98ckefb8b-983f-859g-829503-68295ag ...
Waiting for instance to spool up...
Have instance IP: 144.33.109.42
Waiting for server to finish install/setup...
Cloud instance created successfully:

id:             98ckefb8b-983f-859g-829503-68295ag
ip:             144.33.109.42                       
root_password:  mbk49nf9genk

Controlling

Controlling currently consists of running actions, such as adding new users, installing packages, copying files, editing files, adding firewall rules and starting services. Control access to servers/hosts is via SSH control streams, and both password and public/private key authentication methods are supported.

Control scripts are currently YAML files which control which actions to run, and the parameters for them. Debian and Fedora Linux action providers are currently supported.

Below is an example control script which adds a new user, installs fail2ban, stops the fail2ban service, creates local copies of the fail2ban config and jail files, edits the local copy, starts the fail2ban service, then adds a new firewall rule and enables public key authentication to sshd and disables password authentication to sshd. Other examples can be found in the examples/control/ directory.

---
provider: linux_debian
host: $PROMPT
user: root
actions:
- addUser:
    username: MrUser
    password: DontForgetThePassword
    extraGroups:
    - sudo
- installPackages:
    packages:
    - "fail2ban"
- systemCtl:
    service: "fail2ban"
    action: stop
- copyPath:
    sourcePath: /etc/fail2ban/fail2ban.conf
    destPath: /etc/fail2ban/fail2ban.local
- copyPath:
    sourcePath: /etc/fail2ban/jail.conf
    destPath: /etc/fail2ban/jail.local
- editFile:
    backup: false
    filepath: "/etc/fail2ban/jail.local"
    insertLine:
      position: below
      matchString: '[sshd]'
      insertString: 'enabled: true'
      matchType: startsWith
      onceOnly: true
      reportFailure: false
    replaceLine:
      matchString: 'bantime  = 10m'
      replaceString: 'bantime  = 120m'
      matchType: startsWith
      onceOnly: true
      reportFailure: false
- systemCtl:
    service: "fail2ban"
    action: start
- systemCtl:
    service: "fail2ban"
    action: restart
- firewall:
    type: ufw
    enabled: true
    rules:
    - "allow ssh"
    - "allow 80/tcp"
- configureSSH:
    passwordAuthentication: false
    pubKeyAuthentication: true

To run a control script, run:

./prod control <control_script_path.yaml>

About

Basic command line VPS provisioning and configuration/controlling tool.

Topics

infrastructure rust devops automation control configuration sysadmin provisioning provisioner infrastructure-automation

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

3 tags

Languages