Linode launches "one-click app marketplace" — put Sandstorm in it?

[Kevin Reid]

Linode, provider of virtual machines for many people's private web hosts and such, just announced their "one-click app marketplace" which is apparently a pretty wrapper around some simple installation scripts.

Since the current barrier to using Sandstorm is needing a machine to put your own instance on, would it be worthwhile to make it easy to deploy Sandstorm this way?

[Jacob Weisz]

I think that would be excellent. Probably the biggest question would be how to get the correct configuration into Sandstorm: If people are using Sandcats we need to get a Sandcats address and an email address into the script somehow.

--

  Jacob Weisz

  in...@jacobweisz.com

On Thu, Apr 2, 2020, at 4:15 PM, Kevin Reid wrote:

Linode, provider of virtual machines for many people's private web hosts and such, just announced their "one-click app marketplace" which is apparently a pretty wrapper around some simple installation scripts.

Since the current barrier to using Sandstorm is needing a machine to put your own instance on, would it be worthwhile to make it easy to deploy Sandstorm this way?

--

You received this message because you are subscribed to the Google Groups "Sandstorm Development" group.

To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/CANkSj9WZyJg8uxzKFbwJFU-dSwL_t04y4N_QjDNiUAGz%3DawsRA%40mail.gmail.com.

[Kevin Reid]

On Thu, Apr 2, 2020 at 2:18 PM Jacob Weisz <in...@jacobweisz.com> wrote:

I think that would be excellent. Probably the biggest question would be how to get the correct configuration into Sandstorm: If people are using Sandcats we need to get a Sandcats address and an email address into the script somehow.

They have a feature for prompting the user for variable values before the script starts.

[Jacob Weisz]

Should be pretty trivial to get this working then, and I think it'd be a great first step.

--

  Jacob Weisz

  in...@jacobweisz.com

[Dan Krol]

How does this affect a hypothetical sponsorship from them down the line? This is sort of what we were hoping to arrange with one of these companies, except now it's sort of generic and anyone can set up one of these.

--
You received this message because you are subscribed to the Google Groups "Sandstorm Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/07108a90-ba83-42c8-ac6d-ba480f0a655b%40www.fastmail.com.

[Jacob Weisz]

I think any sort of financial partnership would take the form of some sort of marketing exposure. For instance, a hosting provider might be interested in supporting Sandstorm if we were specifically recommending people try it out via Linode, and possibly getting Sandstorm users a nice promotional price or something. I would imagine having a one-click install for them would be a prerequisite for any sort of marketing arrangement, not something we'd want to hold back on prior to an agreement.

--

  Jacob Weisz

  in...@jacobweisz.com

[Jim Garrison]

Is anybody working on this?  I just looked through some of their existing "community StackScripts," and https://github.com/hwdsl2/setup-ipsec-vpn was one that seems worthy of aspiring to. It includes buttons to deploy to Linode, DigitalOcean, and Azure.  Even a simple script to be able to deploy to one of these easily would, I think, be very useful for people that are unfamiliar with the command line.

To unsubscribe from this group and stop receiving emails from it, send an email to sandst...@googlegroups.com.

[Jacob Weisz]

I think everyone agrees it'd be great to do this, and not an insurmountable task, but nobody's taken the lead on doing it.

--

  Jacob Weisz

  goo...@jacobweisz.com

To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/9f337324-5057-4009-95ad-6ffe9fb941d6%40googlegroups.com.

[Jim Garrison]

I should have been more clear: I am essentially volunteering to take a first pass at this. If anybody else already has a work in progress, please let me know.

You received this message because you are subscribed to a topic in the Google Groups "Sandstorm Development" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sandstorm-dev/A8qCNUJXMOs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sandstorm-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/48dcc534-1c1d-4839-9a33-f2db11b9dbc7%40www.fastmail.com.

[Jacob Weisz]

Awesome! (I was kinda hoping this is why you were asking, but I did not want to presume.) By all means, let the list know if there's anything you run into, or some way the install script could be improved to enable this better.

--

  Jacob Weisz

  goo...@jacobweisz.com

[Jim Garrison]

Hello,

I managed to create a working proof of concept for a single-click Sandstorm deploy on Linode.  The script itself is available at https://cloud.linode.com/stackscripts/666020 (requires Linode login), and a corresponding repository is at https://github.com/garrison/sandstorm-linode-stackscript

A few notes:

- The official Sandstorm installer is written as an interactive script, and it deliberately fails if run from a script instead of the terminal.  (Actually, if one passes the "-d" flag to the script, one can get a default setup without interaction; unfortunately, this default setup results in a development server, not a production server.)  For now, I am invoking the official, interactive script by calling it using empty-expect.  This package is available on Ubuntu 18.04 but not 20.04, so for this reason alone the install currently uses Ubuntu 18.04 as its base image.  Ideally, the official Sandstorm install script should be modified to allow a non-interactive production install by passing it environment variables.  However, waiting for this would have prevented me from having working code today; hence, empty-expect as a stopgap measure.

- Once the script finishes, it is necessary to ssh to the server and run 'sandstorm admin-token' to get the login URL.

- Ideally, it would also be possible to skip Sandcats and use a domain of one's choosing, now that Let's Encrypt allows wildcard certificates.  However, use of Sandcats seems baked into the install script, at least on the surface.  When I typed "none" at the prompt to decline Sandcats on a production server, it suggested http://localhost:6080 (i.e., http on a non-standard port) as a potential install URL.  I admit that the script might have worked fine if I just typed in my own domain name after setting up the DNS appropriately, but it didn't look promising, and I didn't try further, in part because...  Even if the Sandstorm install script is able to work with custom domains, there is a bit of a chicken and egg problem: it is unclear what IP address one should set the DNS records to until the machine is created, but the Let's Encrypt challenge will error if the DNS records do not exist by the time the script reaches that point.  So, to make this one-click install method work with a custom domain, it will be necessary to periodically check whether DNS is set up as expected and to wait until it is before invoking the Let's Encrypt challenge.

- Right now, the script does not use GPG to check that the Sandstorm install script has a valid signature, but it does fetch it over https.  Also on the subject of trust, the StackScript requires one to trust me on some level, but Linode displays the entire contents of the script on the deployment page, so it is auditable there.  The actual deployment script also exists on the new server at /root/StackScript.

- I also looked into a few other cloud providers for their automated install offerings.  DigitalOcean provides a "Marketplace" for deployment images, but it is based on images rather than scripts (see https://github.com/digitalocean/marketplace-partners#getting-started-creating-your-droplet-based-1-click-app), which is, from my perspective, a black box as far as auditability goes.  I also briefly considered Azure, but it seems that they are not price competitive with DigitalOcean and Linode for small instances.

Jim

[Adam Bliss]

On Sun, Aug 30, 2020, 17:00 Jim Garrison <j...@garrison.cc> wrote:

I managed to create a working proof of concept for a single-click Sandstorm deploy on Linode.  

Very cool! Thanks for sharing this!

Would you be willing to open Github issues for the changes you need to the installation script?

  

--Adam

[Jacob Weisz]

I think Sandcats may be an adequate "secure setup solution" for new users, even if they intend to switch to their own domain shortly after install. It is possible to set up Let's Encrypt from the CLI with Sandstorm now, though it sounds like you're saying that it wouldn't help, because the user would need to set up their DNS mid-script-run from the sound of it.

--

  Jacob Weisz

  goo...@jacobweisz.com

--

You received this message because you are subscribed to the Google Groups "Sandstorm Development" group.

To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/CAEAeJWx6vM7eOT%2Bjc6LAoDVtnkR0t-vdN0-G-x1idvNW8Uqk6w%40mail.gmail.com.