A cloud development environment you can customize with a wide range of tools.
- Overview
- Table of contents
- Requirements
- How-to
- Tools
- Extras
- Q&A
- What are the recommended Ubuntu images?
- How to SSH into an instance?
- How do I fix the broad permissions error when trying to ssh to my instance on Windows from Powershell?
- How secure are my cloud credentials?
- How to remote ssh from VS Code?
- How to pick the right EC2 instance (AWS)
- How to send files from my host to my instance?
- Contributions
- Windows or MacOs
- OpenSSH is necessary for SSH access into the instance, specifically the client part.
-
Download the latest binary according to your operative system and architecture.
-
Add the
kumo.exe
binary to your PATH -
Create a new dir and a
kumo.config.yaml
file (For now we are only compatible with AWS)Cloud: aws AWS: AccessKeyId: CUSTOM_VALUE SecretAccessKey: CUSTOM_VALUE IamProfile: CUSTOM_VALUE UserIds: - "CUSTOM_VALUE" #Quotes here are important Region: CUSTOM_VALUE EC2: Instance: Type: CUSTOM_VALUE Volume: Type: CUSTOM_VALUE Size: CUSTOM_VALUE AMI: Base: Filter: ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20230516 RootDeviceType: ebs VirtualizationType: hvm Owners: - "099720109477" User: ubuntu Name: CUSTOM_VALUE User: CUSTOM_VALUE Home: CUSTOM_VALUE Password: CUSTOM_VALUE Tools: - CUSTOM_VALUES - CUSTOM_VALUE - SEE REFERENCE BELOW Git: Username: CUSTOM_VALUE Email: CUSTOM_VALUE GitHub: PersonalAccessTokenClassic: xxxxxxxxxxxxx #optional Up: AmiId: CUSTOM_VALUE #Optional, in case you want to deploy an ami other than the last built
-
At the root of your project, run the following commands:
kumo build kumo up kumo destroy
-
Boom! You've succesfully completed an entire workflow for building, deploying and destroying a development environment
Assumming you've already ran kumo build
and kumo up
.
Once kumo completes, follow these steps:
- SSH into your instance with
ssh -i kumossh kumo
- If you are on Windows, please refer to the Q&A section for guidance on how to fix the broad permissions error when trying to SSH to your instance from PowerShell.
- If you want a remote ssh session on VSCode please refer to Q&A
- If you want to remove your AMI, you can do so from your cloud management console. We follow the same philoshophy as Packer. You build it, you manage it.
Add them to your kumo.config.yaml
file as follows:
Tools:
- aws
- node_js
Please note that there are several tools listed below. Some of these tools may have specific requirements such as CPU, RAM, or disk space. Before building an AMI, it is recommended to consult their respective documentations for any specific requirements.
If you require a specific level of customization, you can find all the playbooks located at ~/kumo/packer/ansible/playbooks
Make sure to add the appropriate tags to your environment file, and if needed, refer to the playbooks to customize your setup accordingly.
Add aws
.
Ensure the following are present at the environment file:
AWS:
AccessKeyId: CUSTOM_VALUE
SecretAccessKey: CUSTOM_VALUE
Add docker
.
Add pulumi
.
Add helm
.
Add kubectl
.
Add docker
and minikube
. The order matters as docker
is a dependency.
Add dotnet
.
It installs dotnet-sdk-7.0
under the hood. If you need to change this, go to ~/kumo/packer/ansible/playbooks/programming_languages/dotnet.yml
and change it on:
tasks:
- name: Install dotnet sdk
ansible.builtin.apt:
name: <CHANGE_ME_HERE_TO_THE_RIGHT_VERSION>
update_cache: yes
Please note that dotnet follows a different approach for version management. For more information on how to select the correct version, please read the official documentation.
If you have made the necessary changes to the dotnet.yml
file and specified the correct version, save the file. The dotnet-sdk-7.0
will be installed according to the updated configuration.
Add go
.
Refer to the official Go documentation to learn how to manage multiple Go versions effectively. This guide provides detailed instructions on installing and managing multiple Go versions on your system.
Additionally, you can also check out this Stack Overflow thread, which explains how to alias multiple Go versions. This technique allows you to switch between different Go versions easily.
Add node_js
.
It installs nvm, which is a popular tool for managing multiple versions of Node.js.
Once nvm is installed, you can use it to install and manage multiple Node.js versions on your system. By using nvm commands, you can easily switch between different node versions based on your requirements.
Add python
to tools.
It installs miniconda which is a lightweight version of anaconda. Miniconda allows you to manage multiple Python versions, virtual environments, and packages efficiently.
If you prefer a different miniconda version, you can refer to the download page for alternative options. Once you have chosen the appropriate version, make the following changes in the ~/kumo/packer/ansible/playbooks/programming_languages/python.yml
file:
vars:
x86_64:
anaconda_url: <ADEQUATE_URL>
anaconda_sha256: <ADEQUATE_SHA256>
aarch64:
anaconda_url: <ADEQUATE_URL>
anaconda_sha256: <ADEQUATE_SHA256>
Additionally, modify the following section:
- name: Ensure needed python version for Anaconda3 is present
ansible.builtin.apt:
name: <ADEQUATE_PYTHON_VERSION>
update_cache: yes
Replace <ADEQUATE_URL>
, <ADEQUATE_SHA256>
, and <ADEQUATE_PYTHON_VERSION>
with the appropriate values based on the miniconda version you choose.
The reason we suggest using miniconda is to save storage space from the start. Installing anaconda requires at least 3GB of storage, which would require deploying an AMI with a larger volume. The decision to use additional storage is up to you.
Add ruby
.
Manage versions with rbenv.
Add rust
.
Manage versions with rustup-init.
Add starship
.
For more information, please consult its official documentation.
Add github
to tools and automate the process of adding SSH keys.
-
Update your environment file
.env
by adding the following line:GitHub: PersonalAccessTokenClassic: CUSTOM_VALUE
-
Make sure to replace
<CUSTOM_VALUE>
with the appropriate value for your personal access token. -
Grant the necessary permissions to the token. At a minimum, the following permissions are required: "repo" and "admin:public_key".
-
Test your connection using the following command:
ssh -T git@github.com
When prompted, type yes
and press enter. You should receive a message similar to the following:
Hi <YOUR_GITHUB_USER>! You've successfully authenticated, but GitHub does not provide shell access.
If you're looking for some handy Unix aliases, you're in luck! We have included a collection of useful aliases that you can use. To costumize them, navigate to the ~/kumo/packer/ansible/playbooks/base/linux_aliases.yml file
We haven't forgotten about Git! In fact, we have also included some helpful Git aliases for you to use. To costumize them, go to the ~/kumo/packer/ansible/playbooks/base/git.yml
file. These aliases will make your Git commands more efficient and easier to remember.
When choosing an image on any cloud, it is important to consider various factors. While technically any available image can be picked, some may require additional considerations. If you have successfully tried a new image, we encourage you to open an issue or initiate a pull request to add it to the list.
For now, here is a list of recommended images:
AMI:
Base:
Filter: ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20230516
RootDeviceType: ebs
VirtualizationType: hvm
Owners:
- "099720109477"
User: ubuntu
-
Install the OpenSSH client on your local machine.
-
Open the command prompt or terminal and run the following command:
ssh -F kumokey kumo
-
When prompted to add your instance URL to the list of known hosts, type
yes
and press enter.
How do I fix the broad permissions error when trying to ssh to my instance on Windows from Powershell?
In you kumossh
generated after running kumo up
. Look for the identity file path:
Host kumo
HostName 35.89.173.162
IdentityFile "some/path" # <-- This
User dev
Port 22
StrictHostKeyChecking no
PasswordAuthentication no
IdentitiesOnly yes
LogLevel error
Run the following command from a PowerShell admin shell. You only need to do this once unless you removed the SSH key file.
Make sure the username is the same that will be sshing into the ec2 instance, otherwise change it to the appropiate one.
icacls "some/path" /inheritance:r /grant:r "$($env:USERNAME):(R,W,D)"
The approach we took to secure your credentials is based on architectural decisions rather than heavy reliance on encryption and decryption.
- To limit access to your instances, we control access based on your local IP and security groups.
- So it is recommended that you give the least amount of permissions to your cloud credentials.
- This also simplifies our workflow, as we do not have to depend on third-party vaults.
- In the unlikely event that an attacker gains access to your cloud keys, you can restrict their impact by granting only the necessary permissions for a specific task.
- We encourage you to set up alerts or other monitoring mechanisms to provide early detection of any unauthorized activity.
- Remember, it is important not to use admin nor root level credentials to further enhance security.
Please note that the information provided above specifically accounts for placing the values inside a cloud instance using Ansible. It does not cover how Packer utilizes these credentials for initial communication with a cloud provider.
We had the option to use tools such as Ansible Vault or Hashicorp Vault for securing credentials. However, we decided against them due to the following reasons:
- Complexity of Local Installation: Using Ansible Vault would require this tool to be locally installed, which could increase complexity, especially considering cross-compatibility issues on Windows and MacOS.
- Cost: Hashicorp Vault is not free, and even the open-source version adds complexity that would only be necessary for a small portion of the utility of this tool.
By avoiding these tools, we aim to simplify the setup and maintenance process, ensuring a smoother experience for both contributors and users.
We prioritize a simple setup process for your convenience. Therefore, we stuck to the following principles:
- Minimize External Dependencies: Having to set up secrets on a 3rd party app right from the start can hinder the development experience.
- Focus on Cloud Provider Credentials: By limiting the permissions of your cloud provider credentials, you remain in control of ensuring they have the correct permissions. This puts the responsibility squarely on your own shoulders.
Our aim is to strike a balance between simplicity and security, providing you with a streamlined and efficient development experience while maintaining control over the permissions granted to your cloud provider credentials.
-
Ensure that you have the Remote - SSH extension installed in your VS Code. You can find and install it from the Extensions view (
Ctrl+Shift+X
or View -> Extensions). -
Once the extension is installed, click on the Extensions view button and search for "Remote - SSH". Click on the "Install" button to install the extension.
-
Next, open the Command Palette in VS Code by pressing
Ctrl+Shift+P
(or View -> Command Palette). Type "Remote-SSH: Open Configuration File" and select the option from the list. This will open the SSH config file in the editor. -
Copy and paste the fields from the
kumossh
file generated after runningkumo up
:Host cloud_dev HostName ip-of-your-instance IdentityFile "path/to/private-key" User picked-user Port 22 StrictHostKeyChecking no PasswordAuthentication no IdentitiesOnly yes LogLevel INFO
-
Save the SSH config file after adding the configuration.
-
Go back to the Command Palette (
Ctrl+Shift+P
) and type "Remote-SSH: Connect to Host". You should see the list of configured SSH hosts from the SSH config file. Refresh if needed. -
Select the desired host from the list. It will attempt to establish an SSH connection to the remote machine using the provided configuration.
-
If everything is set up correctly, a new window will open in VS Code connected to the remote machine via SSH.
To help you make a decision based on factors such as cost and development needs, here are some tools that you can use:
scp -F ./kumossh /path/to/local/file1 /file2
Works both on powershell and bash.
We would appreciate your assistance in making this project more usable and cross-compatible. There are two ways you can contribute:
- Open an Issue: If you come across any problems or have suggestions for improvement, please open up an issue describing your concern or idea.
- Submit a Pull Request via Forking: If you have implemented changes or enhancements and want to share them with us, fork the project, make your modifications, and then submit a pull request.
In our project, we aim to achieve the following objectives:
- Streamlined Cloud Development Setup: We strive to provide a simple setup process for your cloud development environment, minimizing the number of commands required. Please note that in order to use our tools effectively, you should already have your cloud credentials set up.
- Cross-Compatibility with Ubuntu: While we welcome other Linux distributions, our primary goal is to ensure compatibility with at least 8 different working Ubuntu images.
- Windows and MacOS Compatibility: Our project aims to be compatible with both Windows and MacOS environments, allowing users to work seamlessly across different operating systems.
- Cloud Provider Compatibility: We want our tools to be compatible with major cloud providers such as AWS, Google, and Azure, enabling you to work with your preferred provider.
- Consistent User Experience: We value a single user experience across different platforms, ensuring a seamless and intuitive workflow.
- Multiple Version Handling: Our project supports multiple versions of specific tools, enabling flexibility and accommodating diverse requirements.
- Security and Shared Responsibility: We prioritize security and advocate for shared responsibility when it comes to managing cloud keys. It is crucial to maintain a secure and controlled environment.
- Preference for Essential Tools: We prefer tools that are essential for productive development across all platforms, extending beyond the scope of simple installation commands. Additionally, we encourage leveraging Docker or related technologies for easy accessibility.
- Readable documentation: Our project emphasizes the importance of clear and concise documentation. By providing well-documented resources, we aim to enhance understanding and assist users in utilizing our tools effectively.
- Go Zen: Throughtout the initial prototying phase we noticed that the more we tried to go agaist the goish way of doing things, the more redesigning was needed. Aiming for immutability, functional oriented, monads, cloning, etc although amazing for robust and declarative code they are not by default in Go and go against the language nature. Long story short, accept Go by what it is and don't try to make it behave like another language unless you want to shoot yourself in the foot.