Skip to content

Custom image support for HPC solution #187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 21, 2024
Merged

Custom image support for HPC solution #187

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d6d10c6
adding custom image builder code base
Oct 9, 2024
0ba1677
updating codebase to incorporate feedback comments
Oct 17, 2024
784361a
Delete tests/utilities/report.go
nupurg-ibm Oct 17, 2024
b972c68
Merge branch 'main' into 9-oct
nupurg-ibm Oct 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
141 changes: 0 additions & 141 deletions tools/image-builder/compute-rhel.sh
View file
Open in desktop

This file was deleted.

36 changes: 36 additions & 0 deletions tools/image-builder/datasource.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
data "ibm_is_vpc" "existing_vpc" {
count = var.vpc_name != null ? 1 : 0
name = var.vpc_name
}

data "ibm_is_vpc" "vpc" {
name = local.vpc_name
# Depends on creation of new VPC or look up of existing VPC based on value of var.vpc_name,
depends_on = [module.landing_zone, data.ibm_is_vpc.existing_vpc]
}

data "ibm_is_subnet" "existing_subnet" {
count = (var.vpc_name != null && var.subnet_id != null) ? 1 : 0
identifier = var.subnet_id
}

data "ibm_resource_instance" "kms_instance" {
count = (var.key_management == "key_protect" && var.kms_instance_name != null) ? 1 : 0
name = var.kms_instance_name
service = "kms"
}

data "ibm_kms_key" "kms_key" {
count = (var.key_management == "key_protect" && var.kms_key_name != null) ? 1 : 0
instance_id = data.ibm_resource_instance.kms_instance[0].id
key_name = var.kms_key_name
}

data "ibm_is_image" "packer" {
name = "ibm-redhat-8-8-minimal-amd64-6"
}

data "ibm_is_ssh_key" "packer" {
for_each = toset(var.ssh_keys)
name = each.key
}
68 changes: 68 additions & 0 deletions tools/image-builder/input_validation.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
###################################################
# Copyright (C) IBM Corp. 2023 All Rights Reserved.
# Licensed under the Apache License v2.0
###################################################

# This file contains the complete information on all the validations performed from the code during the generate plan process
# Validations are performed to make sure, the appropriate error messages are displayed to user in-order to provide required input parameter

locals {
# validation for the boot volume encryption toggling.
validate_enable_customer_managed_encryption = anytrue([alltrue([var.kms_key_name != null, var.kms_instance_name != null]), (var.kms_key_name == null), (var.key_management != "key_protect")])
validate_enable_customer_managed_encryption_msg = "Please make sure you are passing the kms_instance_name if you are passing kms_key_name."
# tflint-ignore: terraform_unused_declarations
validate_enable_customer_managed_encryption_chk = regex(
"^${local.validate_enable_customer_managed_encryption_msg}$",
(local.validate_enable_customer_managed_encryption ? local.validate_enable_customer_managed_encryption_msg : ""))

# validation for the boot volume encryption toggling.
validate_null_customer_managed_encryption = anytrue([alltrue([var.kms_instance_name == null, var.key_management != "key_protect"]), (var.key_management == "key_protect")])
validate_null_customer_managed_encryption_msg = "Please make sure you are setting key_management as key_protect if you are passing kms_instance_name, kms_key_name."
# tflint-ignore: terraform_unused_declarations
validate_null_customer_managed_encryption_chk = regex(
"^${local.validate_null_customer_managed_encryption_msg}$",
(local.validate_null_customer_managed_encryption ? local.validate_null_customer_managed_encryption_msg : ""))

# Validate existing packer subnet should be the subset of vpc_name entered
validate_subnet_id_vpc_msg = "Provided packer subnet should be within the vpc entered."
validate_subnet_id_vpc = anytrue([var.subnet_id == null, var.subnet_id != null && var.vpc_name != null ? alltrue([for subnet_id in [var.subnet_id] : contains(data.ibm_is_vpc.existing_vpc[0].subnets[*].id, subnet_id)]) : false])
# tflint-ignore: terraform_unused_declarations
validate_subnet_id_vpc_chk = regex("^${local.validate_subnet_id_vpc_msg}$",
(local.validate_subnet_id_vpc ? local.validate_subnet_id_vpc_msg : ""))

# Validate existing packer subnet should be in the appropriate zone.
validate_subnet_id_zone_msg = "Provided packer subnet should be in appropriate zone."
validate_subnet_id_zone = anytrue([var.subnet_id == null, var.subnet_id != null && var.vpc_name != null ? alltrue([data.ibm_is_subnet.existing_subnet[0].zone == var.zones[0]]) : false])
# tflint-ignore: terraform_unused_declarations
validate_subnet_id_zone_chk = regex("^${local.validate_subnet_id_zone_msg}$",
(local.validate_subnet_id_zone ? local.validate_subnet_id_zone_msg : ""))

# Validate existing packer subnet public gateways
validate_subnet_name_pg_msg = "Provided existing packer subnet should have public gateway attached."
validate_subnet_name_pg = anytrue([var.subnet_id == null, var.subnet_id != null && var.vpc_name != null ? (data.ibm_is_subnet.existing_subnet[0].public_gateway != "") : false])
# tflint-ignore: terraform_unused_declarations
validate_subnet_name_pg_chk = regex("^${local.validate_subnet_name_pg_msg}$",
(local.validate_subnet_name_pg ? local.validate_subnet_name_pg_msg : ""))

# Validate existing vpc public gateways
validate_existing_vpc_pgw_msg = "Provided existing vpc should have the public gateways created in the provided zones."
validate_existing_vpc_pgw = anytrue([(var.vpc_name == null), alltrue([var.vpc_name != null, var.subnet_id != null]), alltrue([var.vpc_name != null, var.subnet_id == null, length(local.zone_1_pgw_ids) > 0])])
# tflint-ignore: terraform_unused_declarations
validate_existing_vpc_pgw_chk = regex("^${local.validate_existing_vpc_pgw_msg}$",
(local.validate_existing_vpc_pgw ? local.validate_existing_vpc_pgw_msg : ""))

# Validate the subnet_id user input value
validate_subnet_id_msg = "If the packer subnet_id is provided, the user should also provide the vpc_name."
validate_subnet_id = anytrue([var.vpc_name != null && var.subnet_id != null, var.subnet_id == null])
# tflint-ignore: terraform_unused_declarations
validate_subnet_id_chk = regex("^${local.validate_subnet_id_msg}$",
(local.validate_subnet_id ? local.validate_subnet_id_msg : ""))

# Validate security_group_id user input value
validate_security_group_id_msg = "If existing security_group_id is provided, the user should also specify vpc_name that has that security group ID."
validate_security_group_id = anytrue([var.vpc_name != null && var.security_group_id != "", var.security_group_id == ""])
# tflint-ignore: terraform_unused_declarations
validate_security_group_id_chk = regex("^${local.validate_security_group_id_msg}$",
(local.validate_security_group_id ? local.validate_security_group_id_msg : ""))

}
Loading