Updating main branch with the latest contents of private repo develop branch

.catalog-onboard-pipeline.yaml

@@ -2,13 +2,13 @@
 apiVersion: v1
 offerings:
 # below is an example of a Deployable Architecture (DA) solution
-- name: terraform-ibm-modules-terraform-ibm-hpc-ad6e71e # must match the offering name in the ibm_catalog.json
+- name: deploy-arch-ibm-hpc # must match the offering name in the ibm_catalog.json
   kind: solution
-  catalog_id: fe9d2e76-5ada-44af-821f-b437dcc80f71
-  offering_id: 468c5a1c-1f1d-4e5a-b5b3-ec646b1bd298
+  catalog_id: 8611e025-10b2-488e-8261-a7f584a5114b
+  offering_id: bf3c07f8-5a62-4289-8ea0-94dbb2b410e6
   # list all of the variations (flavors) you have included in the ibm_catalog.json
   variations:
-    - name: advanced
+    - name: Cluster-with-LSF-v10.1.0.14
       mark_ready: false # have pipeline mark as visible if validation passes
       install_type: fullstack # ensure value matches what is in ibm_catalog.json (fullstack or extension)
       destroy_resources_on_failure: false # defaults to false if not specified so resources can be inspected to debug failures during validation

.github/settings.yml

@@ -26,4 +26,4 @@ repository:
 
   # Uncomment this topics property
   # and add a comma-separated list of topics to set on the repo.
-  topics: terraform, ibm-cloud, terraform-module, hpc, high-performance-computing, deployable-architecture
+  topics: terraform, ibm-cloud, terraform-module, hpc, high-performance-computing

.github/workflows/ci.yml

@@ -8,7 +8,7 @@ on:
 
 jobs:
   call-terraform-ci-pipeline:
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci-v2.yml@v1.21.9
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci-v2.yml@v1.18.2
     secrets: inherit
     with:
       craSCCv2: true

.github/workflows/release.yml

@@ -8,5 +8,5 @@ on:
 
 jobs:
   call-terraform-release-pipeline:
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-release.yml@v1.21.9
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-release.yml@v1.18.2
     secrets: inherit

.gitignore

@@ -15,6 +15,7 @@ crash.log
 # to change depending on the environment.
 #
 *.tfvars
+*.ini
 
 # Ignore files for local testing
 test.tf
@@ -51,3 +52,6 @@ terraform.rc
 
 # Visual Studio Code
 .vscode/
+
+# tweaks used locally
+localtweak__*

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-12-09T05:22:51Z",
+  "generated_at": "2024-04-08T15:16:34Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

CHANGELOG.md

@@ -0,0 +1,40 @@
+# **CHANGELOG**
+
+## **1.4.1**
+- HA variable name change for application centre.
+- Cluster Status remote execution completion depends on the cloud init status successful status.
+
+## **1.4.0**
+- Support for Deployable architecture framework code base.
+- Support for existing DNS service instance and DNS custom resolvers.
+- Default support for Customer-managed encryption through IBM Key Protect for IBM Cloud.
+- Support Existing VPC and mandate for having three subnets with existing subnets scenario.
+- Support for different SSH keys attribute for login node and cluster nodes for establishing connections.
+- Support for creation of New resource groups.
+
+## **1.3.1**
+- Bug Fixes for the support of ldap users to access Aplication centre URL.
+
+## **1.3.0**
+- Support for dedicate LSF login client node to monitor/manage LSF cluster.
+- Support for LDAP users to access the LSF cluster nodes and also access to Application centre GUI with LDAP username and password.
+
+## **1.2.0**
+- Support for Boot drive encryption for dynamic worker nodes.
+- Support of OpenLDAP integration for user authentication.
+
+## **1.1.1**
+- Support for Application Center through VNC (remote) consoles.
+
+## **1.1.0**
+- Enable LSF Application Center support.
+- Support Boot drive encryption for management and storage nodes.
+- Support for dynamic compute nodes creation across two availability zones.
+- Enable VPC flow flog support.
+- Cross zone VPC file share access.
+- Support existing subnets of an existing VPC.
+- Support for Contract ID and Cluster ID.
+- Multi instance profile support for dynamic compute nodes.
+
+## **1.0.0**
+- Initial Release.

commitlint.config.js

@@ -0,0 +1,5 @@
+module.exports = {
+    extends: [
+        '@commitlint/config-angular'
+    ]
+}

cra-config.yaml

@@ -1,6 +1,6 @@
 # More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
 version: "v1"
 CRA_TARGETS:
-  - CRA_TARGET: "examples/basic"
+  - CRA_TARGET: "solutions/hpc"
     CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json"
-    PROFILE_ID: "0e6e7b5a-817d-4344-ab6f-e5d7a9c49520" # SCC profile ID (currently set to the FSCloud 1.4.0 profile).
+    PROFILE_ID: "bfacb71d-4b84-41ac-9825-e8a3a3eb7405" # SCC profile ID (currently set to IBM Cloud Framework for Financial Services 1.6.0 profile).

examples/basic/README.md

@@ -8,4 +8,3 @@ The text below should describe exactly what resources are provisioned / configur
 
 An end-to-end basic example that will provision the following:
 - A new resource group if one is not passed in.
-- A new Cloud Object Storage instance.

examples/basic/main.tf

@@ -4,13 +4,14 @@ locals {
 }
 
 module "hpc_basic_example" {
-  source           = "../.."
-  ibmcloud_api_key = var.ibmcloud_api_key
-  prefix           = var.prefix
-  zones            = var.zones
-  resource_group   = var.resource_group
-  bastion_ssh_keys = var.ssh_keys
-  login_ssh_keys   = var.ssh_keys
-  compute_ssh_keys = var.ssh_keys
-  storage_ssh_keys = var.ssh_keys
+  source             = "../../solutions/hpc"
+  ibmcloud_api_key   = var.ibmcloud_api_key
+  resource_group     = var.resource_group
+  cluster_prefix     = var.cluster_prefix
+  zones              = var.zones
+  bastion_ssh_keys   = var.bastion_ssh_keys
+  compute_ssh_keys   = var.compute_ssh_keys
+  remote_allowed_ips = var.remote_allowed_ips
+  cluster_id         = var.cluster_id
+  contract_id        = var.contract_id
 }

examples/basic/outputs.tf

@@ -1,8 +1,13 @@
-# Future use
-/*
-output "hpc_basic_example_output" {
+###################################################
+# Copyright (C) IBM Corp. 2024 All Rights Reserved.
+# Licensed under the Apache License v2.0
+###################################################
+
+##############################################################################
+# Outputs
+##############################################################################
+
+output "cluster_info" {
   value       = module.hpc_basic_example
-  sensitive   = true
-  description = "SSH command to connect to HPC cluster"
+  description = "Hpcaas cluster information."
 }
-*/

examples/basic/variables.tf

@@ -1,7 +1,3 @@
-##############################################################################
-# Account Variables
-##############################################################################
-
 variable "ibmcloud_api_key" {
   description = "IBM Cloud API Key that will be used for authentication in scripts run in this module. Only required if certain options are required."
   type        = string
@@ -16,36 +12,78 @@ variable "resource_group" {
   description = "String describing resource groups to create or reference"
   type        = string
   # TODO: Temp fix
-  default = "geretain-hpc-rg"
+  default = "Default"
 }
 
 ##############################################################################
 # Module Level Variables
 ##############################################################################
 
-variable "prefix" {
-  description = "A unique identifier for resources. Must begin with a letter and end with a letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters."
+variable "cluster_prefix" {
+  description = "Prefix that is used to name the IBM Cloud HPC cluster and IBM Cloud resources that are provisioned to build the IBM Cloud HPC cluster instance. You cannot create more than one instance of the IBM Cloud HPC cluster with the same name. Ensure that the name is unique."
   type        = string
-  default     = "tim-hpc"
+  default     = "hpcaas"
+
   validation {
     error_message = "Prefix must begin and end with a letter and contain only letters, numbers, and - characters."
-    condition     = can(regex("^([A-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.prefix))
+    condition     = can(regex("^([A-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.cluster_prefix))
   }
 }
 
 variable "zones" {
-  description = "Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions."
+  description = "IBM Cloud zone names within the selected region where the IBM Cloud HPC cluster should be deployed. Two zone names are required as input value and supported zones for eu-de are eu-de-2, eu-de-3 and for us-east us-east-1, us-east-3. The management nodes and file storage shares will be deployed to the first zone in the list. Compute nodes will be deployed across both first and second zones, where the first zone in the list will be considered as the most preferred zone for compute nodes deployment. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-creating-a-vpc-in-a-different-region#get-zones-using-the-cli)."
   type        = list(string)
-  # TODO: Temp fix
-  default = ["ca-tor-1"]
+  validation {
+    condition     = length(var.zones) == 2
+    error_message = "Provide list of zones to deploy the cluster."
+  }
 }
 
+variable "cluster_id" {
+  type        = string
+  description = "Ensure that you have received the cluster ID from IBM technical sales. A unique identifer for HPC cluster used by IBM Cloud HPC to differentiate different HPC clusters within the same contract. This can be up to 39 alphanumeric characters including the underscore (_), the hyphen (-), and the period (.) characters. You cannot change the cluster ID after deployment."
+  validation {
+    condition     = 0 < length(var.cluster_id) && length(var.cluster_id) < 40 && can(regex("^[a-zA-Z0-9_.-]+$", var.cluster_id))
+    error_message = "The ID can be up to 39 alphanumeric characters including the underscore (_), the hyphen (-), and the period (.) characters. Other special characters and spaces are not allowed."
+  }
+}
+
+variable "contract_id" {
+  type        = string
+  sensitive   = true
+  description = "Ensure that you have received the contract ID from IBM technical sales. Contract ID is a unique identifier to distinguish different IBM Cloud HPC service agreements. It must start with a letter and can only contain letters, numbers, hyphens (-), or underscores (_)."
+  validation {
+    condition     = can(regex("^[a-zA-Z][a-zA-Z0-9-_]*$", var.contract_id))
+    error_message = "Contract ID must start with a letter and can only contain letters, numbers, hyphens (-), or underscores (_)."
+  }
+}
 ##############################################################################
 # Access Variables
 ##############################################################################
-variable "ssh_keys" {
+
+variable "bastion_ssh_keys" {
   type        = list(string)
-  description = "The key pair to use to access the bastion host."
-  # TODO: Temp fix
-  default = ["geretain-hpc-ssh-key"]
+  description = "List of names of the SSH keys that is configured in your IBM Cloud account, used to establish a connection to the IBM Cloud HPC bastion and login node. Ensure that the SSH key is present in the same resource group and region where the cluster is being provisioned. If you do not have an SSH key in your IBM Cloud account, create one by according to [SSH Keys](https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys)."
+}
+
+variable "compute_ssh_keys" {
+  type        = list(string)
+  description = "List of names of the SSH keys that is configured in your IBM Cloud account, used to establish a connection to the IBM Cloud HPC cluster node. Ensure that the SSH key is present in the same resource group and region where the cluster is being provisioned. If you do not have an SSH key in your IBM Cloud account, create one by according to [SSH Keys](https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys)."
+}
+
+variable "remote_allowed_ips" {
+  type        = list(string)
+  description = "Comma-separated list of IP addresses that can access the IBM Cloud HPC cluster instance through an SSH interface. For security purposes, provide the public IP addresses assigned to the devices that are authorized to establish SSH connections (for example, [\"169.45.117.34\"]). To fetch the IP address of the device, use [https://ipv4.icanhazip.com/](https://ipv4.icanhazip.com/)."
+  validation {
+    condition = alltrue([
+      for o in var.remote_allowed_ips : !contains(["0.0.0.0/0", "0.0.0.0"], o)
+    ])
+    error_message = "For security, provide the public IP addresses assigned to the devices authorized to establish SSH connections. Use https://ipv4.icanhazip.com/ to fetch the ip address of the device."
+  }
+  validation {
+    condition = alltrue([
+      for a in var.remote_allowed_ips : can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|2[0-9]|1[0-9]|[0-9]))?$", a))
+    ])
+    error_message = "The provided IP address format is not valid. Check if the IP address contains a comma instead of a dot, and ensure there are double quotation marks between each IP address range if using multiple IP ranges. For multiple IP address, use the format [\"169.45.117.34\",\"128.122.144.145\"]."
+  }
 }

examples/basic/version.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3, < 1.7"
+  required_version = ">= 1.3, < 1.6"
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"

examples/complete/version.tf

@@ -1,12 +1,12 @@
 terraform {
-  required_version = ">= 1.3.0, <1.7.0"
+  required_version = ">= 1.3.0, <1.6.0"
 
   # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
   # module's version.tf (usually a basic example), and 1 example that will always use the latest provider version.
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.49.0, < 2.0.0"
+      version = ">= 1.56.2"
     }
   }
 }