No More Hustleporn: Google Engineer Attempts to Use GCP
Tweet by Sophie, indistinguishable from random noise
https://twitter.com/SchmiegSophie
Leading Cryptography (ISE) at Google. Algebraic Geometer. All opinions are my own. Isogenist. Schatzführerin des Oxfordkommakomitees.
Will I, a Google engineer, who hasn't used "the Cloud" ever, be able to figure out to host a Terraria server in GCP before either the $300 free credits or my patience run out?
Let's find out!
(when I say "Google engineer" I mean that in the loosest sense of the word, I mostly make money by yelli^H^H err friendly talking to people about hash functions, how they really want to use a PRF for that, and asking them if they have heard about our salvation, Tink)
The documentation so far pushes hard for me to already start the $300 thing, but what if I waste all that money on a single managed NAT? (I hear those are expensive)
Okay, I guess we will need compute. Since the Terraria server is supposed to host me sisters and me, the smallest size seems to be fine
We can always to autoscale. Autoscale is a thing, right?
Oh nice, the verification code SMS uses verified SMS. I designed the crypto for that one, in order to be sure that Google won't learn the content of the SMS.
I think Google might have learned the content of this SMS, though.
It is important to give good feedback to the product managers.
It is important to confuse the very same product managers.
Oh nice, the tutorial overview site gives monthly cost estimates.
It seems that $300 will be able to host a lot of Terraria
It automatically named my tutorial project. That won't do, I need to rename that.
Okay, now I need to select where I host it. There doesn't seem to be an Iceland region, so somewhere in Canada is probably the best idea for something that is supposed to have a decent ping to the West Coast and Europe
Neat, my instance comes with persistent disk. That makes the whole thing a lot easier. I was afraid I'd need to figure out colos^H^H^H GCS in order to actually store the game state.
It wants to use default encryption by default. This Terraria server thing seems to be too easy, so I've decided that that won't do, and we need CMEK, to keep the very confidential server state secure.
I guess that will require a Cloud KMS key.
Let's see if it takes a month to get that one (little inside joke)
Setting up a Cloud KMS key is certainly not the path the tutorial intents for you to take. Do people just not need keys?
Found it. I can "import" keys, instead of letting the server generate them for me, but for that I would have to touch the key with my filthy hands. The key should only ever know the cold touch of silicone, so generated is the right choice here.
Ugh a key ring isn't a key set, a "key" is a key set. I guess it is less confusing for normal people.
Okay, but which one is that? Do I really need to look it up in the white paper to learn my bounds? I might encrypt this image 4 billion times in 90 days, who knows?
On a more positive note, it took substantially less than a month to create.
With that done, back to my instance I'm kinda surprised that this worked and was so easy.
Next will be the firewall. First I need to find out which port Terraria's server wants to use
Hmm the options seem to only be http and https, I will need advanced settings here
I guess I can just tell Terraria to use port 80, and use http for now.
And create!
Oh it does a browser ssh. I'd prefer using my shell, but I guess that works
*hacker voice*: I'm in
An unexpected problem: The terraria.org website does not want me to copy the hyperlink to the dedicated server (will it even be the Linux server?)
Okay, the locally downloaded zip file contains a Linux server. Off to inspect element because somehow my right click is broken.
Well this explains why my right click is broken. WTF?!?
Will I now really have to figure out how to scp something to the instance, because terraria can't do proper web sites?
Wait in order to do that I'm supposed to first upload it into a Cloud bucket? I guess I first try my luck with scp
Which means I need to ssh from my shell instead of the web client
This isn't exactly intuitive, but I found it
This identity thing is hard and not intuitive. Who could have guessed that identity is hard?
@saraislet says that of course I need IAM to ssh into my instance, but really it's just about this little file, in my opinion.
What the actual fuck?!? Like kudos for making sshing into prod really hard, but without borgcfg I kind of need to be able to do that!
Very tempted to just use the "not recommended" route that seems to just put the ssh key into known hosts
Why?!? Who thought this was the way we do this?
@saraislet is offering to help, but I see the AWS console on her screen from here!
The default suggesting to add an ssh key is to run a command, which seems not very useful, given that I'd need to ssh there first. But I can use the project metadata
Added an ssh key. I think. Let's test it.
Remember this is all because terraria.org doesn't have an easily available URL to curl
Of course. It couldn't have been this easy.
So it seems like I have to run the gcloud command thing, but I also can't run the gcloud command thing.
Another path appears: There seems to be a way to upload files with the browser thingy.
So I guess I'll abandon the ssh thing for now, apparently "ssh into your server" isn't something that normal users want to do.
Modern problems require modern solutions.
And transfer finished. Let's run that thing (setting the port to 80)
Well, first, let's install unzip, since the Terraria server is in the evil compression format
Actually first first apt-get update (Sarai insisted)
Ladies and Gentlemen, an unzipped Terraria server!
I have questions. Like, why are there so many files called .dll in a folder called "Linux"?
More promising news
Less promising news
It seems to not like binding port 80. This will complicate things. Let's see if I can get port 7777 to open up.
I guess I could have known that, port 80 is privileged, I'd need to run as root, but even I won't run a Terraria server as root (and least not yet, not ruling that out for later)
Do I really believe this will work?
I guess I can delete the http rule now
Next step: actually create my Terraria character since I haven't played that game since 2014.
Not all problems are Cloud related.
Also, does this mean it worked?!?!?!?!?
Success!
Meanwhile, in Europe: amazement (the last time, about a decade ago, I set up a root server for this purpose, which took much longer)
And, since @saraislet won't shut up about it. Here is the design doc for the server. Written after launch, because I'm classy.
docs.google.com/document/d/1ju…
