100Automations / futureautomations

Half-baked ideas for automation, full-baked ideas for automation, as well as anything in between.
GNU General Public License v2.0
1 stars 1 forks source link

"Switch on-off" automation proposal #14

Open NivenPrasad opened 3 years ago

NivenPrasad commented 3 years ago

Overview

What kind of repetitive thing do you have to do often and what is the benefit of automating it? some HFLA projects use a bastion host for securing access to private resources (like databases or servers that do not face the public internet).

Running this bastion server all the time costs money, even though it's not always being used. This automation would set a timed or trigger-able action to launch and/or destroy one of these bastion servers when needed.

Ownership of Idea

Current State

"As-is" most likely something manual but could be partially automated

Future Development

Action Items/Research

Stakeholders

Impact - who benefits and how? hfla projects using bastion hosts (ballotnav, 311, others?) will save $$ each month on hosting bill

Anticipated outcomes

Resources/Instructions

Language

Platform

Automation triggers (What starts it? What's it responding to?)

Input required (How much manual or custom input is required?)

a person should be able launch a bastion server by some github action -- an issue? a pr? a label? I dunno!

Output

(What's the desired result? What do we not want to see?)

Project size

jafow commented 3 years ago

this is open for grabs I can help guide on it. it might be really fun!

akibrhast commented 3 years ago

Would like to grab this!

mattyweb commented 3 years ago

Adding some background here:

The bastion works great. we use it for secure access to the DB. the client i use (Postico) can be configured to SSH tunnel so it's a seamless process to connect. Occasionally I set up a tunnel from a terminal.

I connect for 2 reasons really.

  1. I'm developing/tuning a new query and want to see how it's going to perform in production on what's now approaching 7 million records.
  2. I just did a release that includes a schema change and I want to run an alembic migration. Sometimes I need to undo and redo the migration.

The challenge is that the bastion as currently configured is in an auto-scaling group so it's designed to make it impossible to turn off. I can manually reconfigure the auto-scaling group but Terraform will change it back on the next push.

The solution is deceptively simple. all that's needed to fix it is to set the min number of instances to 0 instead of 1 in the auto-scaling group. However, since it's a project referenced by a project referenced by a project and there are no variables to control this that's easier said than done...

akibrhast commented 3 years ago

Possible Resources

https://github.com/hackforla/311-data/tree/dev/server/terraform

akibrhast commented 3 years ago

More Context Regarding this as mentioned by - @jafow

akibrhast commented 3 years ago

A little bit of googling based on what you last mentioned @jafow . I came upon this

The conclusion of that article is basically they have a button that allows one to scale down to 0 or suspend an ASG

So what you are looking for is

  1. A github trigger of type workflow-dispatch(a manual trigger)
  2. With input 0 or 1
  3. Use ubuntu latest
  4. download aws cli
  5. retrieve relevant aws keys from github secrets
  6. Using aws cli and keys from github secrets
  7. 0 sets the scale of ASG's to 0, turning it off
  8. 1 set's the ASG to it's original initial configuration
  9. done
akibrhast commented 3 years ago

After talking to @darpham . It seems like this is about the extent of the workflow file that is going to be needed to control the asg of the server

https://github.com/akibrhast/github-actions-test/blob/master/.github/workflows/bastion_state_manager.yml

image

akibrhast commented 3 years ago

Unassigning myself from this for the moment since I have not heard a response back on this in the last month and not sure where to go from here.