Squashed commit of the following:

commit cbde23d
Author: bwatrous <[email protected]>
Date:   Tue Jan 7 17:47:25 2025 -0800

    Added CycleCloud 8.7.0 Release Notes (#425)

commit 2d1e105
Author: Vinil Vadakkepurakkal <[email protected]>
Date:   Mon Jan 6 21:15:31 2025 +0530

    updating the cloud bursting docs with latest info (#411)

    * updating the docs with latest info

    Updating the cyclecloud slurm bursting document and images

    * updating links and details & toc

    * Update slurm-cloud-bursting-setup.md

    Updating some details for Centralized user management and network ports

    * Update slurm-cloud-bursting-setup.md

    NFS server details updated

    * updating the relative paths and diagram

    * Updated ms.date

    ---------

    Co-authored-by: Padmalatha Somashiandan <[email protected]>

commit cf47be5
Author: Xavier Pillons <[email protected]>
Date:   Mon Dec 16 15:31:01 2024 +0100

    Latest release notes for CCWS (#420)

    * Latest release notes for CCWS

    * fix wrong links

commit 2d2c528
Author: Doug Clayton <[email protected]>
Date:   Mon Dec 9 13:38:36 2024 -0500

    Add information on port 9443 SSL (#417)

    * Add information on port 9443 SSL

    ---------

    Co-authored-by: Doug Clayton <[email protected]>

commit a36b7ea
Author: Doug Clayton <[email protected]>
Date:   Mon Dec 9 12:14:01 2024 -0500

    Factor out role definition into separate file and make it complete (#412)

    Co-authored-by: Doug Clayton <[email protected]>

commit f5e3d91
Author: bwatrous <[email protected]>
Date:   Fri Dec 6 11:03:15 2024 -0800

    Update CycleCloud News with 8.6.5 version (#416)

commit 5b1bf0d
Author: Xavier Pillons <[email protected]>
Date:   Wed Nov 27 18:54:11 2024 +0100

    CCWS : How to create a tunnel with Bastion to connect to CC Portal (#415)

    * Create an SSH tunnel

    * update TOC

    * update as suggested

    * Updated with minor edits

    * Incorporated review feedback comments

    ---------

    Co-authored-by: Padmalatha Somashiandan <[email protected]>

commit 28752c3
Author: Doug Clayton <[email protected]>
Date:   Thu Nov 21 16:09:37 2024 -0500

    8.6.5 release notes (#413)

    Co-authored-by: Doug Clayton <[email protected]>

commit 5eb89294b8f0f33dccbdbba9bcfc3cc063395fc1
Merge: 1a5f09c deca72a
Author: Shujing Zhang <[email protected]>
Date:   Wed Nov 6 11:54:59 2024 +0800

    Merge pull request #414 from MicrosoftDocs/cleanup-script-ignore-build

    Merging pull request #414

commit deca72ac03592ed203ca10a262feb2c43af7e828
Author: Shujing Zhang <[email protected]>
Date:   Wed Nov 6 11:54:50 2024 +0800

    Delete .openpublishing.build.ps1

commit 1a5f09c
Author: Doug Clayton <[email protected]>
Date:   Wed Oct 23 15:58:49 2024 -0400

    Add workaround for issue in 8.6.4 (#409)

    Co-authored-by: Doug Clayton <[email protected]>

Author: adriankjohnson

articles/cyclecloud/cluster-references/volume-reference.md

@@ -2,7 +2,7 @@
 title: Cluster Template Reference - Volumes
 description: Read reference material for including volumes in cluster templates to be used with Azure CycleCloud. A volume represents an Azure Disk.
 author: adriankjohnson
-ms.date: 07/15/2024
+ms.date: 01/07/2025
 ms.author: adjohnso
 ms.topic: conceptual
 ms.service: azure-cyclecloud
@@ -44,7 +44,7 @@ Attribute | Type | Definition
 ------ | ----- | ----------
 Size | String | (Required) Size of disk in GB
 VolumeId | String | Resource id for existing Azure Disk.
-StorageAccountType | String | UltraSSD_LRS, Premium_LRS, StandardSSD_LRS, Standard_LRS ([Azure Disk Types](/azure/virtual-machines/linux/disks-types)) If not set, defaults to Standard_LRS or Premium_LRS depending on VM size capabilities.
+StorageAccountType | String | UltraSSD_LRS, Premium_LRS, StandardSSD_LRS, Standard_LRS, PremiumV2_LRS ([Azure Disk Types](/azure/virtual-machines/linux/disks-types)) If not set, defaults to Standard_LRS or Premium_LRS depending on VM size capabilities.
 DiskIOPSReadWrite | Integer | Provisioned IOPS see [Ultra Disks](/azure/virtual-machines/linux/disks-types#ultra-disk)
 DiskMBPSReadWrite | Integer | Disk throughput MB/s see [Ultra Disks](/azure/virtual-machines/linux/disks-types#ultra-disk) 
 Azure.Lun | Integer | Override the auto-assigned LUN ID.

articles/cyclecloud/how-to/managed-identities.md

@@ -32,90 +32,34 @@ It is still possible to enter the standard set of credentials by simply unchecki
 
 The simplest option (with sufficient access rights) is to assign the Contributor Role for the Subscription to the CycleCloud VM as a System-Assigned Managed Identity.  However, the Contributor Role has a higher privilege level than CycleCloud requires.  A [custom Role](/azure/role-based-access-control/custom-roles) may be created and assigned to the VM.
 
-A sufficient policy for most CycleCloud features is posted below.
+This role covers all CycleCloud features:
 
-```json
-{
-    "assignableScopes": [
-      "/"
-    ],
-    "description": "CycleCloud Orchestrator Role",
-    "permissions": [
-      {
-        "actions": [
-          "Microsoft.Commerce/RateCard/read",
-          "Microsoft.Compute/*/read",
-          "Microsoft.Compute/availabilitySets/*",
-          "Microsoft.Compute/disks/*",
-          "Microsoft.Compute/images/read",
-          "Microsoft.Compute/locations/usages/read",
-          "Microsoft.Compute/register/action",
-          "Microsoft.Compute/skus/read",
-          "Microsoft.Compute/virtualMachines/*",
-          "Microsoft.Compute/virtualMachineScaleSets/*",
-          "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/*",
-          "Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
-          "Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/read",
-          "Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/write",
-          "Microsoft.Network/*/read",
-          "Microsoft.Network/locations/*/read",
-          "Microsoft.Network/networkInterfaces/read",
-          "Microsoft.Network/networkInterfaces/write",
-          "Microsoft.Network/networkInterfaces/delete",
-          "Microsoft.Network/networkInterfaces/join/action",
-          "Microsoft.Network/networkSecurityGroups/read",
-          "Microsoft.Network/networkSecurityGroups/write",
-          "Microsoft.Network/networkSecurityGroups/delete",
-          "Microsoft.Network/networkSecurityGroups/join/action",
-          "Microsoft.Network/publicIPAddresses/read",
-          "Microsoft.Network/publicIPAddresses/write",
-          "Microsoft.Network/publicIPAddresses/delete",
-          "Microsoft.Network/publicIPAddresses/join/action",
-          "Microsoft.Network/register/action",
-          "Microsoft.Network/virtualNetworks/read",
-          "Microsoft.Network/virtualNetworks/subnets/read",
-          "Microsoft.Network/virtualNetworks/subnets/join/action",
-          "Microsoft.Resources/deployments/read",
-          "Microsoft.Resources/subscriptions/resourceGroups/read",
-          "Microsoft.Resources/subscriptions/resourceGroups/resources/read",
-          "Microsoft.Resources/subscriptions/operationresults/read",
-          "Microsoft.Storage/*/read",
-          "Microsoft.Storage/checknameavailability/read",
-          "Microsoft.Storage/register/action",
-          "Microsoft.Storage/storageAccounts/read",
-          "Microsoft.Storage/storageAccounts/listKeys/action",
-          "Microsoft.Storage/storageAccounts/write"
-        ],
-        "dataActions": [],
-        "notActions": [],
-        "notDataActions": []
-      }
-    ],
-    "Name": "CycleCloud",
-    "roleType": "CustomRole",
-    "type": "Microsoft.Authorization/roleDefinitions"
-}
-```
+:::code language="json" source="../includes/custom-role.json":::
+
+Make sure to replace `<SubscriptionId>` with your subscription id. This role is scoped to a subscription, but it can be scoped to a single resource group if preferred. Note also that the name must be unique to the tenant.
 
 > [!IMPORTANT]
-> The use of a custom role requires an Azure AD Premium P1 license. To find the right license for your requirements, see [Comparing generally available features of the Free, Basic, and Premium editions.](https://azure.microsoft.com/pricing/details/active-directory/)
+> The use of a custom role requires an Microsoft Entra ID P1 license. To find the right license for your requirements, see [Microsoft Entra plans and pricing](https://azure.microsoft.com/pricing/details/active-directory/).
 
 #### Optional Permissions
 
-To enable CycleCloud to assign Managed Identities to VMs it creates within clusters, add the following ``"actions"``:
+If you are scoping CycleCloud to use a single resource group per cluster, you can remove the following from `actions`:
+
+```json
+          "Microsoft.Resources/subscriptions/resourceGroups/write",
+          "Microsoft.Resources/subscriptions/resourceGroups/delete",
+```
+
+If you are not using CycleCloud to assign Managed Identities to VMs it creates within clusters, you can remove the following from `actions`:
 
 ```json
           "Microsoft.Authorization/*/read",
           "Microsoft.Authorization/roleAssignments/*",
           "Microsoft.Authorization/roleDefinitions/*",
 ```
 
-To enable CycleCloud to create and manage Resource Groups per cluster (recommended, if allowed by policy), add the following ``"actions"``:
-```json
-          "Microsoft.Resources/subscriptions/resourceGroups/read",
-          "Microsoft.Resources/subscriptions/resourceGroups/write",
-          "Microsoft.Resources/subscriptions/resourceGroups/delete",
-```
+> [!WARNING]
+> Future versions of CycleCloud will require the ability to assign Managed Identities to VMs, so removing these permissions is not recommended.
 
 #### Creating the Role