Run bastion_startup.sh as a startup script

GoogleCloudPlatform · Aug 15, 2023 · cc899ef · cc899ef
1 parent b6bc0b0
commit cc899ef
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 113 deletions.
diff --git a/solutions_builder/template_root/terraform/stages/1-bootstrap/main.tf b/solutions_builder/template_root/terraform/stages/1-bootstrap/main.tf
@@ -48,6 +48,12 @@ module "vpc_network" {
   secondary_ranges_services = var.secondary_ranges_services
 }
 
+# The startup script continues to run while the jump host is deemed ready
+# It may take a up to 15 minutes for the script to complete
+data "template_file" "startup_script" {
+  template = file("${path.module}/../scripts/bastion_startup.sh")
+}
+
 module "bastion_host" {
   depends_on                = [module.vpc_network]
   source                    = "../../modules/bastion"
@@ -56,6 +62,7 @@ module "bastion_host" {
   zone                      = var.zone
   vpc_network_self_link     = module.vpc_network[0].network_self_link
   vpc_subnetworks_self_link = module.vpc_network[0].subnets_self_link[0]
+  startup_script            = data.template_file.startup_script.rendered
 }
 
 # add timer to avoid errors on new project creation and API enables

diff --git a/solutions_builder/template_root/terraform/stages/2-foundation/setup.bash b/solutions_builder/template_root/terraform/stages/2-foundation/setup.bash
diff --git a/solutions_builder/template_root/terraform/stages/scripts/bastion_startup.sh b/solutions_builder/template_root/terraform/stages/scripts/bastion_startup.sh
@@ -21,7 +21,7 @@ cd /tmp
 # Update system packages
 sudo apt-get update -y && sudo apt-get autoremove -y
 sudo DEBIAN_FRONTEND=noninteractive apt-get upgrade -yq
-sudo apt-get install apt-transport-https python3-pip pipenv redis-tools -y
+sudo apt-get install apt-transport-https python3-pip pipenv redis-tools unzip -y
 
 sudo addgroup --system docker
 sudo snap install docker && sudo snap start docker

diff --git a/solutions_builder/template_root/terraform/stages/scripts/setup.bash b/solutions_builder/template_root/terraform/stages/scripts/setup.bash
@@ -0,0 +1,26 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Copy bootstrap terraform state to tfstate-bucket
+gsutil cp ../project_bootstrap/terraform.tfstate gs://"${PROJECT_ID}"-tfstate/env/bootstrap/terraform.tfstate
+
+# Enable deletion protection for the jump host
+gcloud compute instances update jump-host --deletion-protection --project="${PROJECT_ID}"
+
+# SCP github directory to jump host
+TEMPLATE_ROOT=$(cd ../../.. && pwd)
+gcloud compute scp "${TEMPLATE_ROOT}" jump-host:~ --zone="${ZONE}" --tunnel-through-iap --project="${PROJECT_ID}"
+
+# Log onto the jump host using IAP and start tmux
+gcloud compute ssh jump-host --zone="${ZONE}" --tunnel-through-iap --project="${PROJECT_ID}"