This is check automation of infrastructure that students are supposed to setup in AWS Cloud. Related to CIS4083. Short infrastructure description:
- VPC with private and public subnets are created
- OpenVPN server is set up in public subnet with staff password as is specified in assignment.
- Ubuntu machine with staff ssh key
- Windows RDP with correctly installed user and disabled NLA Enhanced security.
Configuration config.json contains additional parameters.
- -v - verbose mode with all output of ovpn download, vpn connect, ssh and rdp.
- --gui - runs ovpn download with gui. Default is headless mode to run on servers.
- --server - starts web server on port specified in config.json. Exposes UI and also web endpoint to check config from command line with curl. Without --server all parameters are taken from config.json.
Example of curl requests to tester server:
curl -X POST -H "Content-Type: application/json" -d '{"login":"<id>","vpnServer":"1.2.3.4","sshServer":"10.0.1.60","rdpServer":"10.0.1.52"}' http://localhost:3001/vpn-vpc
Web UI is used by students to check their infrastructure without requesting TAs. Scores and tries are logged. Best score could be used for assignment grading.
The vpc-tester.yaml is the template to create the instance of tester with CloudFormation stack. It requires set of parameters to be specified. For instance, the bucket name under same account is required. This bucket should contain the csv file with students in format specified bellow. Also it should contain staff key to be installed on the instance. Provided in the bucket information will be downloaded to the instance at initialization.
Environment init
This section is intended for TAs to create tester for students before assignment starts. Currently there is no automation of tester infrastructure setup - possible Dockerisation or CloudFormation script.
Prerequisites (check init.sh script for hints)
- Ubuntu AMI
- apt-get openvpn
- install latest nodes and npm
- git this repo
- npm install
- Install puppeteer dependencies
- Create systemd service with usf-vpn-vpc.service
- IMPORTANT: copy staff pem private key into file system of tester and specify in config the path to it - to check ssh connection.
- IMPORTANT: copy students.csv file into cwd of server (TODO: put this into config). Format should be next:
Student,ID,Login
"Student Name 1",id1,login1
"Student Name 2",id2,login2
...
- Review and edit config.json on tester. Specify path to key, pass phrase for it, setup from assignment, timeouts and rubric points.
Content of students.csv could be taken from canvas. This file plays role of authorisation database to run checks. TAs could add separate records for them to check tester setup.
All attempts are logged into stats.json (or file specified in config.json). This file could be used at the end to get bests scores of students.
Add staff key into permanent ssh config: ~/.ssh/config. Modify assignment to ask students to add testing server to security group.