Merge branch 'v2.7.3' of https://github.com/oci-hpc/oci-hpc-clusternetwork-dev into v2.7.3

arnaudfroidmont · arnaudfroidmont · commit 070e4a7076d3 · 2021-09-20T15:58:34.000+02:00
diff --git a/bastion.tf b/bastion.tf
@@ -36,8 +36,8 @@ resource "oci_core_instance" "bastion" {
   display_name        = "${local.cluster_name}-bastion"
 
   freeform_tags = {
-    "cluster_name" = "local.cluster_name"
-    "parent_cluster" = "local.cluster_name"
+    "cluster_name" = local.cluster_name
+    "parent_cluster" = local.cluster_name
   }
 
   metadata = {
@@ -172,6 +172,8 @@ resource "null_resource" "cluster" {
       compute = var.node_count > 0 ? zipmap(local.cluster_instances_names, local.cluster_instances_ips) : zipmap([],[])
       public_subnet = data.oci_core_subnet.public_subnet.cidr_block, 
       private_subnet = data.oci_core_subnet.private_subnet.cidr_block, 
+      rdma_network = cidrhost(var.rdma_subnet, 0),
+      rdma_netmask = cidrnetmask(var.rdma_subnet),
       nfs = var.node_count > 0 ? local.cluster_instances_names[0] : "",
       home_nfs = var.home_nfs,
       scratch_nfs = var.use_scratch_nfs && var.node_count > 0,
diff --git a/iam.tf b/iam.tf
@@ -0,0 +1,35 @@
+resource "oci_identity_policy" "clusters_policy" {
+    count = var.create_iam ? 1 : 0
+    compartment_id = var.tenancy_ocid
+    description = "Policy for cluster ${local.cluster_name}"
+    name = "cluster-policy-${local.cluster_name}"
+    statements = [ 
+        "allow service compute_management to use tag-namespace in tenancy",
+        "allow service compute_management to manage compute-management-family in tenancy",
+        "allow service compute_management to read app-catalog-listing in tenancy"
+    ]
+}
+
+resource "oci_identity_policy" "cluster_policy" {
+    count = var.create_dynamic_group ? 1 : 0
+    compartment_id = var.tenancy_ocid
+    description = "Policy for cluster ${local.cluster_name}"
+    name = "cluster-policy-${local.cluster_name}"
+    statements = [ 
+        "Allow dynamic-group ${local.dynamic_group_name} to manage app-catalog-listing in tenancy",
+        "Allow dynamic-group ${local.dynamic_group_name} to use tag-namespace in tenancy",
+        "Allow dynamic-group ${local.dynamic_group_name} to manage compute-management-family in compartment id ${var.targetCompartment}",
+        "Allow dynamic-group ${local.dynamic_group_name} to manage instance-family in compartment id ${var.targetCompartment}",
+        "Allow dynamic-group ${local.dynamic_group_name} to manage volume-family in compartment id ${var.targetCompartment}",
+        "Allow dynamic-group ${local.dynamic_group_name} to use virtual-network-family in compartment id ${var.vcn_compartment}"
+
+    ]
+}
+
+resource "oci_identity_dynamic_group" "cluster_group" {
+    count = var.create_dynamic_group ? 1 : 0
+    compartment_id = var.tenancy_ocid
+    description = "Dynamic group for cluster ${local.cluster_name}"
+    name = local.dynamic_group_name
+    matching_rule = "Any { instance.id = '${oci_core_instance.bastion.id}' }"
+}
diff --git a/inventory.tpl b/inventory.tpl
@@ -13,8 +13,8 @@ bastion
 compute
 [all:vars]
 ansible_connection=ssh
-rdma_network=192.168.168.0
-rdma_netmask=255.255.252.0
+rdma_network=${rdma_network}
+rdma_netmask=${rdma_netmask}
 public_subnet=${public_subnet} 
 private_subnet=${private_subnet}
 nvme_path=/mnt/localdisk/
@@ -47,4 +47,4 @@ autoscaling_monitoring=${autoscaling_monitoring}
 autoscaling_mysql_service=${autoscaling_mysql_service}
 monitoring_mysql_ip=${monitoring_mysql_ip}
 admin_password = ${admin_password}
-admin_username = ${admin_username}
+admin_username = ${admin_username}
diff --git a/schema.yaml b/schema.yaml
@@ -116,8 +116,9 @@ variableGroups:
       - ${private_subnet_id}
       - ${vcn_subnet}
       - ${public_subnet}
-      - ${additional_subnet}
       - ${private_subnet}
+      - ${rdma_subnet}
+      - ${additional_subnet}
   - title: "Software"
     variables:
       - ${slurm}
@@ -146,6 +147,7 @@ variables:
     title: "target compartment"
     type: oci:identity:compartment:id
     default: ${compartment_ocid}
+    required: true
   ad:
     type: oci:identity:availabilitydomain:name
     visible: complexExpression
@@ -157,18 +159,17 @@ variables:
   ssh_key:
     type: oci:core:ssh:publickey
     title: "Public SSH key"
+    description: "Public SSH key"
     required: true
   use_custom_name:
     type: boolean
     title: "use custom cluster name"
     description: "Use custom name for the cluster"
-    required: true
     default: false
   ldap:
     type: boolean
     title: "Configure LDAP authentication from bastion"
     description: "When selected nodes will be configured to use LDAP authentication. User and group management can be performed using cluster commands."
-    required: true
     default: true
   cluster_name:
     title: "Name of the cluster"
@@ -190,6 +191,8 @@ variables:
     type: oci:core:instanceshape:name
     dependsOn:
       compartmentId: ${targetCompartment}
+    required: true
+    default: VM.Standard2.4
   bastion_ocpus:
     type: integer
     description: Number of OCPU's for flex shape
@@ -211,7 +214,7 @@ variables:
           - eq: 
             - ${bastion_shape}
             - "VM.Standard.A1.Flex"
-    required: false
+    required: true
   bastion_custom_memory: 
     title: Use custom memory size
     type: boolean
@@ -256,16 +259,13 @@ variables:
               - "VM.Standard.A1.Flex"
         - and: 
             - ${bastion_custom_memory}
-    required: false
-
+    required: true
 
-    
   use_standard_image:
     type: boolean
     title: "use standard bastion image"
     description: >
       "Use standard bastion image, otherwise provide custom image OCID"
-    required: true
     default: true
     visible: 
       and: 
@@ -286,6 +286,7 @@ variables:
     description: "Custom image ID for Bastion"
     type: string
     default: "opc"
+    required: true
     visible:
       not:
         - ${use_standard_image}
@@ -300,6 +301,7 @@ variables:
         - ${unsupported_bastion}
         - not: 
             - ${use_standard_image}
+    default: "image.ocid"
   
   bastion_image_compartment:
     title: "bastion image compartment"
@@ -338,7 +340,6 @@ variables:
       and:
         - ${use_advanced}
     default: false
-    required: true
   bastion_block_volume_size:
     required: true
     type: integer
@@ -386,6 +387,7 @@ variables:
       and:
         - ${use_advanced}
         - ${use_cluster_nfs}
+    reguired: true
   cluster_network:
     title: Use cluster network
     type: boolean
@@ -409,6 +411,7 @@ variables:
   instance_pool_shape:
     title: "Shape of the Compute Nodes"
     required: true
+    default: "VM.Standard2.4"
     type: oci:core:instanceshape:name
     dependsOn:
       compartmentId: ${targetCompartment}
@@ -439,7 +442,7 @@ variables:
           - eq: 
             - ${instance_pool_shape}
             - "VM.Standard.A1.Flex"
-    required: false
+    required: true
 
   instance_pool_custom_memory: 
     title: Use custom memory size
@@ -485,7 +488,7 @@ variables:
               - "VM.Standard.A1.Flex"
         - and: 
             - ${instance_pool_custom_memory}
-    required: false
+    required: true
 
   node_count:
     required: true
@@ -496,9 +499,8 @@ variables:
     description: "Number of Compute Instances (Permanent Cluster when autoscaling)"
 
   hyperthreading:
-    required: true
     type: boolean
-    title: "Keep Hyperthreading enabled"
+    title: "Hyperthreading enabled"
     default: true
     description: "When unchecked SMT will be disabled" 
 
@@ -514,7 +516,6 @@ variables:
     type: boolean
     title: "use marketplace image"
     description: "Use marketplace image, otherwise provide custom image OCID"
-    required: true
     default: true
 
   marketplace_listing:
@@ -627,13 +628,15 @@ variables:
         - ${cluster_network}
         - ${use_advanced}
         - ${use_scratch_nfs}
+    required: true
   scratch_nfs_type_pool:
     type: enum
     title: "Scratch storage configuration"
     enum:
       - "none"
       - "block"
     default: "none"
+    required: true
     visible:
       and: 
         - not:
@@ -701,6 +704,7 @@ variables:
     title: "NFS scratch space mount point"
     description: "Path to NFS share"
     default: "/nfs/scratch"
+    required: true
     type: string
     visible:
       and:
@@ -711,7 +715,6 @@ variables:
     title: "Use Existing VCN"
     description: "Use existing VCN or create new one"
     default: false
-    required: true
   vcn_compartment:
     title: "VCN compartment"
     type: oci:identity:compartment:id
@@ -734,13 +737,15 @@ variables:
       vcnId: ${vcn_id}
       hidePrivateSubnet: true
     visible: ${use_existing_vcn}
+    required: true
   private_subnet_id:
     type: oci:core:subnet:id
     dependsOn:
       compartmentId: ${vcn_compartment}
       vcnId: ${vcn_id}
       hidePublicSubnet: true
     visible: ${use_existing_vcn}
+    required: true
   vcn_subnet:
     type: string
     title: "VCN IP range"
@@ -768,6 +773,12 @@ variables:
     visible:
       not:
         - ${use_existing_vcn}
+  rdma_subnet:
+    type: string
+    title: "RDMA subnet IP range"
+    default: "192.168.168.0/22"
+    description: "Must be the same size as private subnet"
+    required: true
   private_subnet:
     type: string
     title: "Private subnet IP range"
@@ -783,9 +794,9 @@ variables:
     default: "0.0.0.0/0"
     description: "Allowed SSH network in CIDR notation"
     required: true
-    visible:
-      not:
-        - ${use_existing_vcn}
+#   visible:
+#     not:
+#       - ${use_existing_vcn}
   slurm:
     type: boolean
     title: "Install SLURM"
@@ -796,6 +807,7 @@ variables:
     type: String
     title: "Queue Name"
     default: "compute"
+    required: true
     description: "Add the permanent cluster to a specific queue, workq is the default queue" 
     visible:
         - ${slurm}
@@ -875,6 +887,7 @@ variables:
     description: "Compartment to add the FSS Mount Target and File System"
     type: oci:identity:compartment:id
     default: ${targetCompartment}
+    required: true
     visible: 
       and:
         - ${add_nfs}
@@ -891,6 +904,7 @@ variables:
     default: ${ad}
     description: "FSS Availability Domain"
     title: "FSS Availability Domain"
+    required: true
         
   nfs_target_path:
     type: string
@@ -900,10 +914,12 @@ variables:
     visible: 
       and:
         - ${add_nfs}
+    required: true
   nfs_source_IP:
     type: string
     title: "NFS server IP"
     default: "0.0.0.0"
+    required: true
     description: "IP address of the NFS server"
     visible: 
       and:
@@ -916,6 +932,7 @@ variables:
     default: "/app"
     description: "Value of the path on the NFS server"
     visible: ${add_nfs}
+    required: true
   nfs_options:
     type: string
     title: "Options"
@@ -930,16 +947,17 @@ variables:
     type: string
     title: "MySQL Shape Name"
     default: "MySQL.VM.Standard.E3.1.16GB"
+    required: true
     description: "MySQL Shape Name"
     visible: 
       and:
         - ${autoscaling_mysql_service} 
     
-
   admin_username:
     type: string
     title: "MySQL Monitoring username"
     default: "admin"
+    required: true
     description: ""
     visible: 
       and:
@@ -952,6 +970,7 @@ variables:
     visible: 
       and:
         - ${autoscaling_mysql_service}
+    required: true
 
   autoscaling_monitoring:
     type: boolean
@@ -970,4 +989,5 @@ variables:
     visible: 
       and:
         - ${autoscaling}
-        - ${autoscaling_monitoring}
+        - ${autoscaling_monitoring}
+
diff --git a/variables.tf b/variables.tf
