Get cloud instances with your favourite software pre-loaded

Scaleway now has a STARDUST1-S Instance Type "STARDUST1-S" 1 vCPU, 1 GB of RAM, 1 IPv4 address, 10GB storage, up-to 100Mbps Bandwidth. €0.0025/hour.

Having support for this would be by far the lowest cost option to use with inlets for European customers. It would be nice to add support for Amsterdam regions as well.

This PR introdcue OVHcloud as new cloud provisoner for inlets*

OVH

https://www.ovh.com/

OVH, legally OVH Groupe SAS, is a French cloud computing company which offers VPS, dedicated servers and other web services. As of 2016 OVH owned the world's largest data center in surface area. As of 2019, it was the largest hosting provider in Europe, and the third largest in the world based on physical servers.[1]

Signed-off-by: Engin Diri [email protected]

[1] https://en.wikipedia.org/wiki/OVHcloud

Signed-off-by: Ze Chen [email protected]

This change is to upgrade the Azure management modules SDK (services/**/mgmt/**) to Azure resource management SDK (sdk/resourcemanager/**/arm**).

This is the migration guide I followed to make this change: https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/MIGRATION_GUIDE.md

How this was tested

Added local path of cloud-provision into inletsctl/go.mod

replace github.com/inlets/cloud-provision =>/home/testuser/go/src/github.com/zechenbit/cloud-provision 

Run inletsctl

inletsctl_create create --provider=azure --subscription-id=<id> --region=eastus --access-token-file=client_cred_owner.json
Using provider: azure
Requesting host: festive-raman6 in eastus, from azure
2022/10/03 18:13:07 Provisioning host with Azure
2022/10/03 18:13:07 Creating resource group inlets-festive-raman6
2022/10/03 18:13:10 Resource group created inlets-festive-raman6
2022/10/03 18:13:10 Creating deployment deployment-8f9948dc-8c4d-4fff-93b7-1077ff5c6a7c
Host: inlets-festive-raman6|deployment-8f9948dc-8c4d-4fff-93b7-1077ff5c6a7c, status: active
[1/500] Host: inlets-festive-raman6|deployment-8f9948dc-8c4d-4fff-93b7-1077ff5c6a7c, status: Running
.......
[20/500] Host: inlets-festive-raman6|deployment-8f9948dc-8c4d-4fff-93b7-1077ff5c6a7c, status: Running
[21/500] Host: inlets-festive-raman6|deployment-8f9948dc-8c4d-4fff-93b7-1077ff5c6a7c, status: active
inlets Pro TCP (0.9.9) server summary:
  IP: 20.163.153.184
  Auth-token: 3WzZaHNahhOvRNtkhwQ9fcSYhm0dTuzRy1iJ1C8482SAiWEABodPaflBPU1VRZfn

Command:

# Obtain a license at https://inlets.dev/pricing
# Store it at $HOME/.inlets/LICENSE or use --help for more options

# Give a single value or comma-separated
export PORTS="8000"

# Where to route traffic from the inlets server
export UPSTREAM="localhost"

inlets-pro tcp client --url "wss://20.163.153.184:8123" \
  --token "3WzZaHNahhOvRNtkhwQ9fcSYhm0dTuzRy1iJ1C8482SAiWEABodPaflBPU1VRZfn" \
  --upstream $UPSTREAM \
  --ports $PORTS

To delete:
  inletsctl delete --provider azure --id "inlets-festive-raman6|deployment-8f9948dc-8c4d-4fff-93b7-1077ff5c6a7c"

Run inlets-pro

export PORTS="8000"
export UPSTREAM="localhost"

/usr/local/bin/inlets-pro tcp client --url "wss://20.163.153.184:8123" \
  --token "3WzZaHNahhOvRNtkhwQ9fcSYhm0dTuzRy1iJ1C8482SAiWEABodPaflBPU1VRZfn" \
  --upstream $UPSTREAM \
  --ports $PORTS

2022/10/03 18:29:15 Licensed to: **************
2022/10/03 18:29:15 Upstream server: localhost, for ports: 8000
inlets-pro TCP client. Copyright OpenFaaS Ltd 2022
INFO[2022/10/03 18:29:17] Connecting to proxy                           url="wss://20.163.153.184:8123/connect"
INFO[2022/10/03 18:29:18] Connection established                        client_id=7a1039939f3943c58150c8a3d17a1cc0

The GCE provisioner requires a GCP service account with two roles:

• roles/compute.admin
• roles/iam.serviceAccountUser

The first role makes sense, but the second one was a surprise to me. Looking at gce.go, I discovered that the VM is created with a "service account VM" (a service account that is mounted into the VM and allows for GCP API calls):

https://github.com/inlets/cloud-provision/blob/9626406375488183630d2b3904deeaf12445531e/provision/gce.go#L94-L101

Should we drop this mounted service account and update the documentation (see sections inlets-operator and inletsctl) to only require roles/compute.admin?

The Linode provider add a prefix to the label

https://github.com/inlets/cloud-provision/blob/f58cc468f6b080abbf246d88415aee7eefd52406/provision/linode.go#L90

which could conflict with the max lable length of the Linode API (https://www.linode.com/docs/api/linode-instances/)

Should be removed and to be sure trimmed down to 32 chars.

Hi,

i get following errors, when using the Equinix Metal Provisioner:

1. Default Region am1 does not exist

Using provider: equinix-metal
Requesting host: reverent-khayyam0 in ams1, from equinix-metal
2021/07/27 06:31:29 [DEBUG] POST https://api.equinix.com/metal/v1/projects/xx/devices
POST https://api.equinix.com/metal/v1/projects/xxx/devices: 422 ams1 is not a valid facility 

2. You can not create an Equinix Metal Server without an SSH Key anymore:

Using provider: equinix-metal
Requesting host: magical-johnson8 in fr2, from equinix-metal
2021/07/27 06:36:30 [DEBUG] POST https://api.equinix.com/metal/v1/projects/xxx/devices
POST https://api.equinix.com/metal/v1/projects/xxx/devices: 422 must have at least one SSH key or explicitly send no_ssh_keys option 

See -> https://feedback.equinixmetal.com/platform/p/allow-to-deploy-servers-without-ssh-key And new API for the no_ssh_keys option -> https://metal.equinix.com/developers/api/devices/#devices-createdevice

For issue 2 we need to update the Go lib -> 0.17.0

Currently the session token field is defaulted to "". This makes it impossible to use temporary session creds in inletsctl as AWS expects key, secret & token.

This change adds a new parameter to NewEC2Provisioner to pass the session token through which is subsequenty used in NewStaticCredentials.

Signed-off-by: Richard Gee [email protected]

Signed-off-by: Engin Diri [email protected]

Valuable Feedback from @jsiebens

@dirien @alexellis fyi, deleting an instance by IP instead of ID is missing in this new provider

in the #10 PR.

This PR adds the missing functionality.

To create a civo instance, you need to assign a default network to it. Otherwise, it will not create the instance.

In addition, we need to handle the region too, as different regions have different default networks.

This issue popped up during handling the https://github.com/inlets/inletsctl/issues/95

Signed-off-by: Engin Diri [email protected]

When deleting an exit sever on linode, we should remove the startupscript too.

If a sever can not be created, for whatever reasons we should also delete any orphan startupscripts.

Signed-off-by: Tim Luimes [email protected]

Enables the ability for the ec2 client session to be authenticated using methods provided by the aws SDK's default credential chain when the accessKey and secretKey aren't provided.

https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html "When you initialize a new service client without providing any credential arguments, the SDK uses the default credential provider chain to find AWS credentials. The SDK uses the first provider in the chain that returns credentials without an error. The default provider chain looks for credentials in the following order:

Environment variables.

Shared credentials file.

If your application uses an ECS task definition or RunTask API operation, IAM role for tasks.

If your application is running on an Amazon EC2 instance, IAM role for Amazon EC2."

At this moment, many provisioners have some specific, hard-coded references to inlets. Like tags or firewall rules. Referring to this repository: https://github.com/inlets/provision-cloudinit-go, removing those references and making the provisioners more generic, they can be used as a library by others.

Expected Behaviour

Most provisioners create cloud host with hard-coded inlets references, like tags.

Current Behaviour

The provisioners can be used by others without creating inlets tags.

Possible Solution

Pass the inlets references to the provisioners as arguments. I'm aware this can be a tedious task, as there are many provisioners and they all have a target cloud specific implementation.

Steps to Reproduce (for bugs)

N/A

Context

Playing around with the provisioners as a library, I've noticed that the cloud hosts are tagged with "inlets"., while I was creating other, non-inlets relared hosts.

Your Environment

• inlets version inlets --version N/A
• Docker/Kubernetes version docker version / kubectl version: N/A
• Operating System and version (e.g. Linux, Windows, MacOS): N/A
• Link to your project or a code example to reproduce issue: https://github.com/inlets/provision-cloudinit-go