Skip to content

Commit 2390d04

Browse files
Squashed commit of the following:
commit cbde23d Author: bwatrous <[email protected]> Date: Tue Jan 7 17:47:25 2025 -0800 Added CycleCloud 8.7.0 Release Notes (#425) commit 2d1e105 Author: Vinil Vadakkepurakkal <[email protected]> Date: Mon Jan 6 21:15:31 2025 +0530 updating the cloud bursting docs with latest info (#411) * updating the docs with latest info Updating the cyclecloud slurm bursting document and images * updating links and details & toc * Update slurm-cloud-bursting-setup.md Updating some details for Centralized user management and network ports * Update slurm-cloud-bursting-setup.md NFS server details updated * updating the relative paths and diagram * Updated ms.date --------- Co-authored-by: Padmalatha Somashiandan <[email protected]> commit cf47be5 Author: Xavier Pillons <[email protected]> Date: Mon Dec 16 15:31:01 2024 +0100 Latest release notes for CCWS (#420) * Latest release notes for CCWS * fix wrong links commit 2d2c528 Author: Doug Clayton <[email protected]> Date: Mon Dec 9 13:38:36 2024 -0500 Add information on port 9443 SSL (#417) * Add information on port 9443 SSL --------- Co-authored-by: Doug Clayton <[email protected]> commit a36b7ea Author: Doug Clayton <[email protected]> Date: Mon Dec 9 12:14:01 2024 -0500 Factor out role definition into separate file and make it complete (#412) Co-authored-by: Doug Clayton <[email protected]> commit f5e3d91 Author: bwatrous <[email protected]> Date: Fri Dec 6 11:03:15 2024 -0800 Update CycleCloud News with 8.6.5 version (#416) commit 5b1bf0d Author: Xavier Pillons <[email protected]> Date: Wed Nov 27 18:54:11 2024 +0100 CCWS : How to create a tunnel with Bastion to connect to CC Portal (#415) * Create an SSH tunnel * update TOC * update as suggested * Updated with minor edits * Incorporated review feedback comments --------- Co-authored-by: Padmalatha Somashiandan <[email protected]> commit 28752c3 Author: Doug Clayton <[email protected]> Date: Thu Nov 21 16:09:37 2024 -0500 8.6.5 release notes (#413) Co-authored-by: Doug Clayton <[email protected]> commit 5eb89294b8f0f33dccbdbba9bcfc3cc063395fc1 Merge: 1a5f09c deca72a Author: Shujing Zhang <[email protected]> Date: Wed Nov 6 11:54:59 2024 +0800 Merge pull request #414 from MicrosoftDocs/cleanup-script-ignore-build Merging pull request #414 commit deca72ac03592ed203ca10a262feb2c43af7e828 Author: Shujing Zhang <[email protected]> Date: Wed Nov 6 11:54:50 2024 +0800 Delete .openpublishing.build.ps1 commit 1a5f09c Author: Doug Clayton <[email protected]> Date: Wed Oct 23 15:58:49 2024 -0400 Add workaround for issue in 8.6.4 (#409) Co-authored-by: Doug Clayton <[email protected]>
1 parent 1018e09 commit 2390d04

File tree

14 files changed

+404
-226
lines changed

14 files changed

+404
-226
lines changed

articles/cyclecloud/cluster-references/volume-reference.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
title: Cluster Template Reference - Volumes
33
description: Read reference material for including volumes in cluster templates to be used with Azure CycleCloud. A volume represents an Azure Disk.
44
author: adriankjohnson
5-
ms.date: 07/15/2024
5+
ms.date: 01/07/2025
66
ms.author: adjohnso
77
ms.topic: conceptual
88
ms.service: azure-cyclecloud
@@ -44,7 +44,7 @@ Attribute | Type | Definition
4444
------ | ----- | ----------
4545
Size | String | (Required) Size of disk in GB
4646
VolumeId | String | Resource id for existing Azure Disk.
47-
StorageAccountType | String | UltraSSD_LRS, Premium_LRS, StandardSSD_LRS, Standard_LRS ([Azure Disk Types](/azure/virtual-machines/linux/disks-types)) If not set, defaults to Standard_LRS or Premium_LRS depending on VM size capabilities.
47+
StorageAccountType | String | UltraSSD_LRS, Premium_LRS, StandardSSD_LRS, Standard_LRS, PremiumV2_LRS ([Azure Disk Types](/azure/virtual-machines/linux/disks-types)) If not set, defaults to Standard_LRS or Premium_LRS depending on VM size capabilities.
4848
DiskIOPSReadWrite | Integer | Provisioned IOPS see [Ultra Disks](/azure/virtual-machines/linux/disks-types#ultra-disk)
4949
DiskMBPSReadWrite | Integer | Disk throughput MB/s see [Ultra Disks](/azure/virtual-machines/linux/disks-types#ultra-disk)
5050
Azure.Lun | Integer | Override the auto-assigned LUN ID.

articles/cyclecloud/how-to/managed-identities.md

Lines changed: 15 additions & 71 deletions
Original file line numberDiff line numberDiff line change
@@ -32,90 +32,34 @@ It is still possible to enter the standard set of credentials by simply unchecki
3232

3333
The simplest option (with sufficient access rights) is to assign the Contributor Role for the Subscription to the CycleCloud VM as a System-Assigned Managed Identity. However, the Contributor Role has a higher privilege level than CycleCloud requires. A [custom Role](/azure/role-based-access-control/custom-roles) may be created and assigned to the VM.
3434

35-
A sufficient policy for most CycleCloud features is posted below.
35+
This role covers all CycleCloud features:
3636

37-
```json
38-
{
39-
"assignableScopes": [
40-
"/"
41-
],
42-
"description": "CycleCloud Orchestrator Role",
43-
"permissions": [
44-
{
45-
"actions": [
46-
"Microsoft.Commerce/RateCard/read",
47-
"Microsoft.Compute/*/read",
48-
"Microsoft.Compute/availabilitySets/*",
49-
"Microsoft.Compute/disks/*",
50-
"Microsoft.Compute/images/read",
51-
"Microsoft.Compute/locations/usages/read",
52-
"Microsoft.Compute/register/action",
53-
"Microsoft.Compute/skus/read",
54-
"Microsoft.Compute/virtualMachines/*",
55-
"Microsoft.Compute/virtualMachineScaleSets/*",
56-
"Microsoft.Compute/virtualMachineScaleSets/virtualMachines/*",
57-
"Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
58-
"Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/read",
59-
"Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/write",
60-
"Microsoft.Network/*/read",
61-
"Microsoft.Network/locations/*/read",
62-
"Microsoft.Network/networkInterfaces/read",
63-
"Microsoft.Network/networkInterfaces/write",
64-
"Microsoft.Network/networkInterfaces/delete",
65-
"Microsoft.Network/networkInterfaces/join/action",
66-
"Microsoft.Network/networkSecurityGroups/read",
67-
"Microsoft.Network/networkSecurityGroups/write",
68-
"Microsoft.Network/networkSecurityGroups/delete",
69-
"Microsoft.Network/networkSecurityGroups/join/action",
70-
"Microsoft.Network/publicIPAddresses/read",
71-
"Microsoft.Network/publicIPAddresses/write",
72-
"Microsoft.Network/publicIPAddresses/delete",
73-
"Microsoft.Network/publicIPAddresses/join/action",
74-
"Microsoft.Network/register/action",
75-
"Microsoft.Network/virtualNetworks/read",
76-
"Microsoft.Network/virtualNetworks/subnets/read",
77-
"Microsoft.Network/virtualNetworks/subnets/join/action",
78-
"Microsoft.Resources/deployments/read",
79-
"Microsoft.Resources/subscriptions/resourceGroups/read",
80-
"Microsoft.Resources/subscriptions/resourceGroups/resources/read",
81-
"Microsoft.Resources/subscriptions/operationresults/read",
82-
"Microsoft.Storage/*/read",
83-
"Microsoft.Storage/checknameavailability/read",
84-
"Microsoft.Storage/register/action",
85-
"Microsoft.Storage/storageAccounts/read",
86-
"Microsoft.Storage/storageAccounts/listKeys/action",
87-
"Microsoft.Storage/storageAccounts/write"
88-
],
89-
"dataActions": [],
90-
"notActions": [],
91-
"notDataActions": []
92-
}
93-
],
94-
"Name": "CycleCloud",
95-
"roleType": "CustomRole",
96-
"type": "Microsoft.Authorization/roleDefinitions"
97-
}
98-
```
37+
:::code language="json" source="../includes/custom-role.json":::
38+
39+
Make sure to replace `<SubscriptionId>` with your subscription id. This role is scoped to a subscription, but it can be scoped to a single resource group if preferred. Note also that the name must be unique to the tenant.
9940

10041
> [!IMPORTANT]
101-
> The use of a custom role requires an Azure AD Premium P1 license. To find the right license for your requirements, see [Comparing generally available features of the Free, Basic, and Premium editions.](https://azure.microsoft.com/pricing/details/active-directory/)
42+
> The use of a custom role requires an Microsoft Entra ID P1 license. To find the right license for your requirements, see [Microsoft Entra plans and pricing](https://azure.microsoft.com/pricing/details/active-directory/).
10243
10344
#### Optional Permissions
10445

105-
To enable CycleCloud to assign Managed Identities to VMs it creates within clusters, add the following ``"actions"``:
46+
If you are scoping CycleCloud to use a single resource group per cluster, you can remove the following from `actions`:
47+
48+
```json
49+
"Microsoft.Resources/subscriptions/resourceGroups/write",
50+
"Microsoft.Resources/subscriptions/resourceGroups/delete",
51+
```
52+
53+
If you are not using CycleCloud to assign Managed Identities to VMs it creates within clusters, you can remove the following from `actions`:
10654

10755
```json
10856
"Microsoft.Authorization/*/read",
10957
"Microsoft.Authorization/roleAssignments/*",
11058
"Microsoft.Authorization/roleDefinitions/*",
11159
```
11260

113-
To enable CycleCloud to create and manage Resource Groups per cluster (recommended, if allowed by policy), add the following ``"actions"``:
114-
```json
115-
"Microsoft.Resources/subscriptions/resourceGroups/read",
116-
"Microsoft.Resources/subscriptions/resourceGroups/write",
117-
"Microsoft.Resources/subscriptions/resourceGroups/delete",
118-
```
61+
> [!WARNING]
62+
> Future versions of CycleCloud will require the ability to assign Managed Identities to VMs, so removing these permissions is not recommended.
11963
12064
#### Creating the Role
12165

0 commit comments

Comments
 (0)