Quickstart: Cloud Demo Infrastructure
Feature: 007-cloud-demo-infra Date: 2026-02-15
Prerequisites
Local Tools
| Tool | Version | Installation |
|---|---|---|
| Terraform | 1.5+ | brew install terraform |
| Ansible | 2.15+ | brew install ansible |
| hcloud CLI | latest | brew install hcloud (optional, for debugging) |
Hetzner Cloud Account
- Create account at https://console.hetzner.cloud/
- Create a new project (e.g., "rcd-demo")
- Generate API token: Security β API Tokens β Generate API Token
- Save token securely (shown only once)
SSH Key
Ensure you have an SSH keypair:
# Check for existing key
ls ~/.ssh/id_ed25519.pub || ls ~/.ssh/id_rsa.pub
# Generate if needed (Ed25519 recommended)
ssh-keygen -t ed25519 -C "your@email.com"
Setup
1. Configure Hetzner Token
# Option A: Environment variable (session)
export HCLOUD_TOKEN="your-api-token-here"
# Option B: Add to shell profile (persistent)
echo 'export HCLOUD_TOKEN="your-api-token-here"' >> ~/.zshrc
source ~/.zshrc
2. Initialize Terraform
cd /Users/kellycaylor/dev/rcd-cui
cd infra/terraform
terraform init
Usage
Spin Up Demo Cluster
cd /Users/kellycaylor/dev/rcd-cui
make demo-cloud-up
This will: 1. Create 4 VMs in Hetzner US West (Hillsboro) 2. Configure private network (10.0.0.0/24) 3. Generate Ansible inventory 4. Run provisioning playbook (FreeIPA, Slurm, Wazuh, NFS) 5. Display SSH connection info
Expected output:
π Starting demo cluster provisioning...
π Estimated cost:
- 4 VMs: β¬0.030/hour (~β¬0.72/day)
- Network: β¬0.00 (included)
β³ Creating infrastructure... (2-3 minutes)
β
Terraform apply complete
β³ Running Ansible provisioning... (15-20 minutes)
β
Provisioning complete
π Demo cluster ready!
SSH access:
ssh root@<mgmt01-ip> # Management node
ssh root@<login01-ip> # Login node
Run scenarios from: demo/playbooks/
Tear Down Demo Cluster
make demo-cloud-down
This will: 1. Show resource count 2. Prompt for confirmation 3. Destroy all VMs and network 4. Confirm billing stopped
Expected output:
ποΈ Preparing to destroy demo cluster...
Resources to destroy:
- 4 servers (mgmt01, login01, compute01, compute02)
- 1 network (demo-network)
- 1 SSH key (demo-key)
β οΈ This action cannot be undone.
Continue? [y/N] y
β³ Destroying resources...
β
All resources destroyed
π° Billing stopped. Cluster ran for 2h 15m (estimated cost: β¬0.07)
Check Cluster Status
make demo-cloud-status
Running Demo Scenarios
After cluster is up, run scenarios exactly as with Vagrant:
cd /Users/kellycaylor/dev/rcd-cui/demo/vagrant
# Use cloud inventory instead of local
export ANSIBLE_INVENTORY=../../infra/terraform/inventory.yml
# Scenario A: Project Onboarding
ansible-playbook ../playbooks/scenario-a-onboard.yml
# Scenario B: Compliance Drift
ansible-playbook ../playbooks/scenario-b-drift.yml --tags detect
# Scenario C: Auditor Package
ansible-playbook ../playbooks/scenario-c-audit.yml
# Scenario D: Node Lifecycle
ansible-playbook ../playbooks/scenario-d-lifecycle.yml --tags add
Cost Reference
| Duration | Estimated Cost |
|---|---|
| 1 hour | β¬0.03 |
| Half day (4h) | β¬0.12 |
| Full day (8h) | β¬0.24 |
| Forgot overnight (12h) | β¬0.36 |
| Left running 1 week | ~β¬5.00 |
Tip: TTL warnings appear after 4 hours. Always run make demo-cloud-down when finished.
Troubleshooting
"HCLOUD_TOKEN not set"
export HCLOUD_TOKEN="your-api-token-here"
"No SSH key found"
# Check key exists
ls ~/.ssh/id_ed25519.pub
# Or specify custom path
export DEMO_SSH_KEY=/path/to/your/key.pub
"Cluster already exists"
A cluster is already running. Tear it down first:
make demo-cloud-down
Terraform state corrupted
cd infra/terraform
rm -rf .terraform terraform.tfstate*
terraform init
Ansible provisioning fails
Check connectivity first:
# Get IPs from Terraform
cd infra/terraform
terraform output
# Test SSH
ssh root@<mgmt01-ip>
Re-run provisioning only:
cd demo/vagrant
ANSIBLE_INVENTORY=../../infra/terraform/inventory.yml \
ansible-playbook ../playbooks/provision.yml
Compute nodes unreachable
Compute nodes don't have public IPs. Access via ProxyJump:
ssh -J root@<mgmt01-ip> root@10.0.0.31 # compute01
ssh -J root@<mgmt01-ip> root@10.0.0.32 # compute02
Workshop Mode (Multiple Attendees)
To give workshop attendees SSH access:
- Collect their public SSH keys
- Add to login01:
ssh root@<login01-ip>
cat >> /root/.ssh/authorized_keys << 'EOF'
<attendee1-public-key>
<attendee2-public-key>
EOF
- Share the login01 IP with attendees
- They can then interact with Slurm and shared storage
Note: All access is revoked when you run make demo-cloud-down.