title | description | author | tags | date_published |
---|---|---|---|---|
Sending connection notifications to Slack from Compute Engine |
Learn how to send notifications to Slack with incoming webhooks from Compute Engine. |
tswast |
Compute Engine, Slack |
2016-09-22 |
Tim Swast | Developer Programs Engineer | Google
Contributed by Google employees.
This tutorial demonstrates how to send a Slack notification when someone connects to a Compute Engine instance with SSH.
Compute Engine provides virtual machine instances with support for Linux and Windows operating systems, billed at minute-level increments.
Slack is a messaging application for working with teams, and it provides a rich set of APIs to integrate with your applications.
- Send a request to a Slack incoming webhook.
- Add a Pluggable Authentication Modules (PAM) hook to run a script on SSH logins.
-
Create a Linux Compute Engine instance. You can follow the Compute Engine Linux quickstart guide to create one.
When choosing a machine size, note that the Google Cloud free tier includes 1 f1-micro instance per month. This tutorial requires very little CPU or memory resources.
-
Create a new Slack team, or use an team where you have permissions to add integrations.
This tutorial uses billable components of Google Cloud including Compute Engine. Use the Pricing Calculator to estimate the costs for your usage.
Slack is free for up to 10 apps and integrations. Check the Slack pricing page for details.
Connect to your Compute Engine instance. The easiest way to do this is to use the SSH button from Cloud Console.
From the instance, clone the sample code repository and change to the notify
directory.
git clone https://github.com/GoogleCloudPlatform/slack-samples.git
cd slack-samples/notify
If git is not installed, download and extract the code.
# Alternative if git is not installed.
wget https://github.com/GoogleCloudPlatform/slack-samples/archive/master.tar.gz
tar -xzf master.tar.gz
cd slack-samples-master/notify
An incoming webhook creates an HTTPS endpoint where you can send messages. These messages will post the the configured channel or direct message.
- Create a new Slack app.
- Give the app a name, such as "SSH Notifier".
- Choose the Slack team where you want it installed.
- Select the Slack incoming webhook feature in the Add
features and functionality section.
- Click the Off switch in the upper right-hand corner to activate the incoming webhooks feature. The switch will turn green to indicate the feature is now On.
- Click the Add new webhook to team button at the bottom of the incoming
webhooks feature page.
- In the authorization dialog, select the channel where you want the SSH notifications to appear, such as #cloud or #botdev.
- You should now see a webhook URL, like
https://hooks.slack.com/services/T000000/B00000/XXXXXXXX
. Copy it to your clipboard by clicking the Copy button. - Switch back to the SSH connection on the Compute Engine instance.
-
Write the webhook URL to a file called
slack-hook
in thenotify
directory.echo 'https://hooks.slack.com/services/T000000/B00000/XXXXXXXX' > slack-hook
-
Be careful with your webhook URL. Treat it like you would any other secret token. Do not store tokens in version control or share them publicly.
This section explains the script used to send notifications to Slack. It should be easy to understand if you are familiar with Bash syntax. You may skip to the Testing the notification script section if you only wish to try out the code.
Examine the login-notify.sh
script.
First, it sets a variable with the location of this script. This will allow it
to load the slack-hook
file so long as it is in the same directory as the
script.
script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
Then it checks to see what kind of authentication event is happening. The script notifies on all events except closing an SSH connection.
if [[ $PAM_TYPE != "close_session" ]] ; then
Then it constructs a plain-text message to send. The message include the username and remote IP address.
host=$(hostname)
message="SSH Login: ${PAM_USER} from ${PAM_RHOST} on ${host}"
It reads the webhook URL from the slack-hook
file.
hook=$(cat "${script_dir}/slack-hook")
Finally, it send a POST HTTP request with the message to the Slack webhook.
curl -X POST --data-urlencode "payload={\"text\": \"${message}\"}" "${hook}"
fi
Test the script by setting the PAM_USER
and PAM_RHOST
variables and running
the script from the Compute Engine instance SSH terminal.
PAM_USER=$USER PAM_RHOST=testhost ./login-notify.sh
You should receive a Slack message notifying you that there as a login from
testhost
.
A PAM hook can run a script to run whenever someone SSHs into the machine.
-
Verify that SSH is using PAM by making sure there is a line
UsePAM yes
in the/etc/ssh/sshd_config
file.grep UsePAM /etc/ssh/sshd_config
If you do not see
UsePAM yes
or it is commented out with a#
, you can use whatever text editor you would like to edit the file. This tutorial usesnano
.sudo nano /etc/ssh/sshd_config
-
Use the
install.sh
script to set up the PAM hook.sudo ./install.sh
-
Keep this SSH window open in case something went wrong.
-
Verify that you can login from another SSH terminal.
You should receive another notification on Slack, indicating that you just connected.
To prevent unnecessary charges, clean up the resources created for this tutorial.
- Explore the other Slack APIs.
- Check out the other Slack samples for Google Cloud