diff --git a/.secrets.baseline b/.secrets.baseline index c7cfd369..c19782fb 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2024-04-08T15:16:34Z", + "generated_at": "2025-03-14T12:32:22Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -76,7 +76,94 @@ "name": "TwilioKeyDetector" } ], - "results": {}, + "results": { + "samples/configs/hpc_catalog_values.json": [ + { + "hashed_secret": "5073c7ac17500ef0678aebc7138a996b4f75d623", + "is_secret": true, + "is_verified": false, + "line_number": 2, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "1f5e25be9b575e9f5d39c82dfd1d9f4d73f1975c", + "is_secret": true, + "is_verified": false, + "line_number": 50, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "b295b04949a98dc50ba65adcddd588077b93ab3c", + "is_secret": true, + "is_verified": false, + "line_number": 66, + "type": "Secret Keyword", + "verified_result": null + } + ], + "solutions/custom/override.json": [ + { + "hashed_secret": "850264135744c21e30d6336ed7bf047d2e82af8b", + "is_secret": true, + "is_verified": false, + "line_number": 85, + "type": "Secret Keyword", + "verified_result": null + } + ], + "solutions/hpcaas/override.json": [ + { + "hashed_secret": "850264135744c21e30d6336ed7bf047d2e82af8b", + "is_secret": true, + "is_verified": false, + "line_number": 69, + "type": "Secret Keyword", + "verified_result": null + } + ], + "solutions/lsf/override.json": [ + { + "hashed_secret": "850264135744c21e30d6336ed7bf047d2e82af8b", + "is_secret": true, + "is_verified": false, + "line_number": 69, + "type": "Secret Keyword", + "verified_result": null + } + ], + "solutions/scale/override.json": [ + { + "hashed_secret": "850264135744c21e30d6336ed7bf047d2e82af8b", + "is_secret": true, + "is_verified": false, + "line_number": 63, + "type": "Secret Keyword", + "verified_result": null + } + ], + "solutions/slurm/override.json": [ + { + "hashed_secret": "850264135744c21e30d6336ed7bf047d2e82af8b", + "is_secret": true, + "is_verified": false, + "line_number": 69, + "type": "Secret Keyword", + "verified_result": null + } + ], + "solutions/symphony/override.json": [ + { + "hashed_secret": "850264135744c21e30d6336ed7bf047d2e82af8b", + "is_secret": true, + "is_verified": false, + "line_number": 69, + "type": "Secret Keyword", + "verified_result": null + } + ] + }, "version": "0.13.1+ibm.62.dss", "word_list": { "file": null, diff --git a/datasource.tf b/datasource.tf index 4f893a4a..dff8ad33 100644 --- a/datasource.tf +++ b/datasource.tf @@ -1,52 +1,53 @@ # Future use /* -data "ibm_is_region" "itself" { +data "ibm_is_region" "region" { name = local.region } -data "ibm_is_zone" "itself" { +data "ibm_is_zone" "zone" { name = var.zones[0] - region = data.ibm_is_region.itself.name + region = data.ibm_is_region.region.name } */ -data "ibm_is_vpc" "itself" { - count = var.vpc == null ? 0 : 1 - name = var.vpc +data "ibm_is_vpc" "existing_vpc" { + count = var.vpc_name != null ? 1 : 0 + name = var.vpc_name } + /* -data "ibm_is_subnet" "itself" { +data "ibm_is_subnet" "subnet" { count = length(local.subnets) identifier = local.subnets[count.index]["id"] } */ -data "ibm_resource_group" "resource_group" { - count = var.resource_group == null ? 0 : 1 - name = var.resource_group +data "ibm_resource_group" "existing_resource_group" { + count = var.existing_resource_group == null ? 0 : 1 + name = var.existing_resource_group } data "ibm_is_subnet" "existing_compute_subnets" { - count = var.vpc != null && var.compute_subnets != null ? 1 : 0 + count = var.vpc_name != null && var.compute_subnets != null ? 1 : 0 name = var.compute_subnets[count.index] } data "ibm_is_subnet" "existing_storage_subnets" { - count = var.vpc != null && var.storage_subnets != null ? 1 : 0 + count = var.vpc_name != null && var.storage_subnets != null ? 1 : 0 name = var.storage_subnets[count.index] } data "ibm_is_subnet" "existing_protocol_subnets" { - count = var.vpc != null && var.protocol_subnets != null ? 1 : 0 + count = var.vpc_name != null && var.protocol_subnets != null ? 1 : 0 name = var.protocol_subnets[count.index] } data "ibm_is_subnet" "existing_client_subnets" { - count = var.vpc != null && var.client_subnets != null ? 1 : 0 + count = var.vpc_name != null && var.client_subnets != null ? 1 : 0 name = var.client_subnets[count.index] } data "ibm_is_subnet" "existing_bastion_subnets" { - count = var.vpc != null && var.bastion_subnets != null ? 1 : 0 + count = var.vpc_name != null && var.bastion_subnets != null ? 1 : 0 name = var.bastion_subnets[count.index] -} \ No newline at end of file +} diff --git a/examples/create_vpc/modules/landing_zone_vpc/datasource.tf b/examples/create_vpc/modules/landing_zone_vpc/datasource.tf index 130d351e..32f4c883 100644 --- a/examples/create_vpc/modules/landing_zone_vpc/datasource.tf +++ b/examples/create_vpc/modules/landing_zone_vpc/datasource.tf @@ -1,3 +1,3 @@ -data "ibm_resource_group" "itself" { - name = var.resource_group +data "ibm_resource_group" "existing_resource_group" { + name = var.existing_resource_group } diff --git a/examples/create_vpc/modules/landing_zone_vpc/locals.tf b/examples/create_vpc/modules/landing_zone_vpc/locals.tf index a896e598..ad8d9715 100644 --- a/examples/create_vpc/modules/landing_zone_vpc/locals.tf +++ b/examples/create_vpc/modules/landing_zone_vpc/locals.tf @@ -21,7 +21,7 @@ locals { var.allowed_cidr # var.network_cidr ]) - resource_group_id = var.resource_group != null ? data.ibm_resource_group.itself.id : "" + resource_group_id = var.existing_resource_group != null ? data.ibm_resource_group.existing_resource_group.id : "" # Region and Zone calculations region = join("-", slice(split("-", var.zones[0]), 0, 2)) diff --git a/examples/create_vpc/modules/landing_zone_vpc/variables.tf b/examples/create_vpc/modules/landing_zone_vpc/variables.tf index 207f24a5..954feac4 100644 --- a/examples/create_vpc/modules/landing_zone_vpc/variables.tf +++ b/examples/create_vpc/modules/landing_zone_vpc/variables.tf @@ -13,7 +13,7 @@ variable "ibmcloud_api_key" { # Resource Groups Variables ############################################################################## -variable "resource_group" { +variable "existing_resource_group" { description = "String describing resource groups to create or reference" type = string default = null diff --git a/examples/create_vpc/modules/landing_zone_vpc/version.tf b/examples/create_vpc/modules/landing_zone_vpc/version.tf index 87b0e3f2..a1697e97 100644 --- a/examples/create_vpc/modules/landing_zone_vpc/version.tf +++ b/examples/create_vpc/modules/landing_zone_vpc/version.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" diff --git a/examples/create_vpc/solutions/hpc/main.tf b/examples/create_vpc/solutions/hpc/main.tf index 8dae8965..7045346c 100644 --- a/examples/create_vpc/solutions/hpc/main.tf +++ b/examples/create_vpc/solutions/hpc/main.tf @@ -1,13 +1,13 @@ module "create_vpc" { - source = "../../modules/landing_zone_vpc" - allowed_cidr = var.remote_allowed_ips - ibmcloud_api_key = var.ibmcloud_api_key - ssh_keys = var.bastion_ssh_keys - prefix = var.cluster_prefix - resource_group = var.resource_group - zones = var.zones - network_cidr = var.vpc_cidr - bastion_subnets_cidr = var.vpc_cluster_login_private_subnets_cidr_blocks - compute_subnets_cidr = var.vpc_cluster_private_subnets_cidr_blocks - enable_hub = var.enable_hub + source = "../../modules/landing_zone_vpc" + allowed_cidr = var.remote_allowed_ips + ibmcloud_api_key = var.ibmcloud_api_key + ssh_keys = var.bastion_ssh_keys + prefix = var.cluster_prefix + existing_resource_group = var.existing_resource_group + zones = var.zones + network_cidr = var.vpc_cidr + bastion_subnets_cidr = var.vpc_cluster_login_private_subnets_cidr_blocks + compute_subnets_cidr = var.vpc_cluster_private_subnets_cidr_blocks + enable_hub = var.enable_hub } diff --git a/examples/create_vpc/solutions/hpc/variables.tf b/examples/create_vpc/solutions/hpc/variables.tf index ed625bb1..be6e257f 100644 --- a/examples/create_vpc/solutions/hpc/variables.tf +++ b/examples/create_vpc/solutions/hpc/variables.tf @@ -16,13 +16,13 @@ variable "ibmcloud_api_key" { # Resource Groups Variables ############################################################################## -variable "resource_group" { +variable "existing_resource_group" { description = "Resource group name from your IBM Cloud account where the VPC resources should be deployed. Note. If the resource group value is set as null, automation creates two different RG with the name (workload-rg and service-rg). For additional information on resource groups, see [Managing resource groups](https://cloud.ibm.com/docs/account?topic=account-rgs)." type = string default = "Default" validation { - condition = var.resource_group != null - error_message = "If you want to provide null for resource_group variable, it should be within double quotes." + condition = var.existing_resource_group != null + error_message = "If you want to provide null for existing_resource_group variable, it should be within double quotes." } } diff --git a/examples/create_vpc/solutions/hpc/version.tf b/examples/create_vpc/solutions/hpc/version.tf index 87b0e3f2..a1697e97 100644 --- a/examples/create_vpc/solutions/hpc/version.tf +++ b/examples/create_vpc/solutions/hpc/version.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" diff --git a/locals.tf b/locals.tf index 4311679b..be1ed0a7 100644 --- a/locals.tf +++ b/locals.tf @@ -15,18 +15,19 @@ locals { # locals needed for deployer locals { # dependency: landing_zone -> deployer - vpc_id = var.vpc == null ? one(module.landing_zone.vpc_id) : var.vpc_id - vpc = var.vpc == null ? one(module.landing_zone.vpc_name) : var.vpc + vpc_id = var.vpc_name == null ? one(module.landing_zone.vpc_id) : data.ibm_is_vpc.existing_vpc[0].id + vpc_name = var.vpc_name == null ? one(module.landing_zone.vpc_name) : var.vpc_name bastion_subnets = module.landing_zone.bastion_subnets kms_encryption_enabled = var.key_management != null ? true : false boot_volume_encryption_key = var.key_management != null ? one(module.landing_zone.boot_volume_encryption_key)["crn"] : null existing_kms_instance_guid = var.key_management != null ? module.landing_zone.key_management_guid : null cos_data = var.enable_bastion ? [] : module.landing_zone.cos_buckets_data # Future use + # When we implement the existing bastion concept we need the changes to implemented like below. Which is already there on our LSF DA # skip_iam_authorization_policy = true + # skip_iam_authorization_policy = var.bastion_instance_name != null ? false : local.skip_iam_authorization_policy } - # locals needed for landing_zone_vsi locals { # dependency: landing_zone -> deployer -> landing_zone_vsi @@ -35,10 +36,7 @@ locals { bastion_private_key_content = module.deployer.bastion_private_key_content deployer_hostname = var.enable_bastion ? flatten(module.deployer.deployer_vsi_data[*].list)[0].name : "" - deployer_ip = module.deployer.deployer_ip - - compute_public_key_contents = module.deployer.compute_public_key_content - compute_private_key_contents = module.deployer.compute_private_key_content + deployer_ip = module.deployer.deployer_ip # Existing subnets details existing_compute_subnets = [ @@ -81,21 +79,21 @@ locals { } ] - existing_bastion_subnets = [ - for subnet in data.ibm_is_subnet.existing_bastion_subnets : - { - cidr = subnet.ipv4_cidr_block - id = subnet.id - name = subnet.name - zone = subnet.zone - } - ] + # existing_bastion_subnets = [ + # for subnet in data.ibm_is_subnet.existing_bastion_subnets : + # { + # cidr = subnet.ipv4_cidr_block + # id = subnet.id + # name = subnet.name + # zone = subnet.zone + # } + # ] # dependency: landing_zone -> landing_zone_vsi - client_subnets = var.vpc != null && var.client_subnets != null ? local.existing_client_subnets : module.landing_zone.client_subnets - compute_subnets = var.vpc != null && var.compute_subnets != null ? local.existing_compute_subnets : module.landing_zone.compute_subnets - storage_subnets = var.vpc != null && var.storage_subnets != null ? local.existing_storage_subnets : module.landing_zone.storage_subnets - protocol_subnets = var.vpc != null && var.protocol_subnets != null ? local.existing_protocol_subnets : module.landing_zone.protocol_subnets + client_subnets = var.vpc_name != null && var.client_subnets != null ? local.existing_client_subnets : module.landing_zone.client_subnets + compute_subnets = var.vpc_name != null && var.compute_subnets != null ? local.existing_compute_subnets : module.landing_zone.compute_subnets + storage_subnets = var.vpc_name != null && var.storage_subnets != null ? local.existing_storage_subnets : module.landing_zone.storage_subnets + protocol_subnets = var.vpc_name != null && var.protocol_subnets != null ? local.existing_protocol_subnets : module.landing_zone.protocol_subnets storage_subnet = [for subnet in local.storage_subnets : subnet.name] protocol_subnet = [for subnet in local.protocol_subnets : subnet.name] @@ -105,19 +103,12 @@ locals { #boot_volume_encryption_key = var.key_management != null ? one(module.landing_zone.boot_volume_encryption_key)["crn"] : null #skip_iam_authorization_policy = true - #resource_group_id = data.ibm_resource_group.itself.id - #vpc_id = var.vpc == null ? module.landing_zone.vpc_id[0] : data.ibm_is_vpc.itself[0].id - #vpc_crn = var.vpc == null ? module.landing_zone.vpc_crn[0] : data.ibm_is_vpc.itself[0].crn } # locals needed for file-storage locals { - # dependency: landing_zone -> file-storage - #vpc_id = var.vpc == null ? one(module.landing_zone.vpc_id) : var.vpc - #boot_volume_encryption_key = var.key_management != null ? one(module.landing_zone.boot_volume_encryption_key)["crn"] : null - # dependency: landing_zone_vsi -> file-share - compute_subnet_id = var.vpc == null && var.compute_subnets == null ? local.compute_subnets[0].id : [for subnet in data.ibm_is_subnet.existing_compute_subnets : subnet.id][0] + compute_subnet_id = var.vpc_name == null && var.compute_subnets == null ? local.compute_subnets[0].id : [for subnet in data.ibm_is_subnet.existing_compute_subnets : subnet.id][0] compute_security_group_id = var.enable_deployer ? [] : module.landing_zone_vsi[0].compute_sg_id management_instance_count = sum(var.management_instances[*]["count"]) default_share = local.management_instance_count > 0 ? [ @@ -142,41 +133,36 @@ locals { # locals needed for DNS locals { # dependency: landing_zone -> DNS - resource_group = var.resource_group == null ? "workload-rg" : var.resource_group + # resource_group = var.existing_resource_group == null ? "workload-rg" : var.existing_resource_group resource_group_ids = { - # management_rg = var.resource_group == null ? module.landing_zone.resource_group_id[0]["management-rg"] : one(values(one(module.landing_zone.resource_group_id))) - service_rg = var.resource_group == null ? module.landing_zone.resource_group_id[0]["service-rg"] : data.ibm_resource_group.resource_group[0].id - workload_rg = var.resource_group == null ? module.landing_zone.resource_group_id[0]["workload-rg"] : data.ibm_resource_group.resource_group[0].id + # management_rg = var.existing_resource_group == null ? module.landing_zone.resource_group_id[0]["management-rg"] : one(values(one(module.landing_zone.resource_group_id))) + service_rg = var.existing_resource_group == null ? module.landing_zone.resource_group_id[0]["service-rg"] : data.ibm_resource_group.existing_resource_group[0].id + workload_rg = var.existing_resource_group == null ? module.landing_zone.resource_group_id[0]["workload-rg"] : data.ibm_resource_group.existing_resource_group[0].id } # resource_group_id = one(values(one(module.landing_zone.resource_group_id))) - vpc_crn = var.vpc == null ? one(module.landing_zone.vpc_crn) : one(data.ibm_is_vpc.itself[*].crn) + vpc_crn = var.vpc_name == null ? one(module.landing_zone.vpc_crn) : one(data.ibm_is_vpc.existing_vpc[*].crn) # TODO: Fix existing subnet logic - #subnets_crn = var.vpc == null ? module.landing_zone.subnets_crn : ### + #subnets_crn = var.vpc_name == null ? module.landing_zone.subnets_crn : ### existing_compute_subnet_crns = [for subnet in data.ibm_is_subnet.existing_compute_subnets : subnet.crn] existing_storage_subnet_crns = [for subnet in data.ibm_is_subnet.existing_storage_subnets : subnet.crn] existing_protocol_subnet_crns = [for subnet in data.ibm_is_subnet.existing_protocol_subnets : subnet.crn] existing_client_subnet_crns = [for subnet in data.ibm_is_subnet.existing_client_subnets : subnet.crn] existing_bastion_subnet_crns = [for subnet in data.ibm_is_subnet.existing_bastion_subnets : subnet.crn] - subnets_crn = concat(local.existing_compute_subnet_crns, local.existing_storage_subnet_crns, local.existing_protocol_subnet_crns, local.existing_client_subnet_crns, local.existing_bastion_subnet_crns) - # subnets_crn = var.vpc == null && var.compute_subnets == null ? module.landing_zone.subnets_crn : concat(local.existing_subnet_crns, module.landing_zone.subnets_crn) - #subnets = flatten([local.compute_subnets, local.storage_subnets, local.protocol_subnets]) - #subnets_crns = data.ibm_is_subnet.itself[*].crn - # subnets_crn = module.landing_zone.subnets_crn - #boot_volume_encryption_key = var.key_management != null ? one(module.landing_zone.boot_volume_encryption_key)["crn"] : null + subnets_crn = concat(local.existing_compute_subnet_crns, local.existing_storage_subnet_crns, local.existing_protocol_subnet_crns, local.existing_client_subnet_crns, local.existing_bastion_subnet_crns) + # subnets_crn = var.vpc_name == null && var.compute_subnets == null ? module.landing_zone.subnets_crn : concat(local.existing_subnet_crns, module.landing_zone.subnets_crn) + # subnets = flatten([local.compute_subnets, local.storage_subnets, local.protocol_subnets]) + # subnets_crns = data.ibm_is_subnet.itself[*].crn + # subnets_crn = module.landing_zone.subnets_crn + # boot_volume_encryption_key = var.key_management != null ? one(module.landing_zone.boot_volume_encryption_key)["crn"] : null # dependency: landing_zone_vsi -> file-share } -data "external" "get_hostname" { - program = ["sh", "-c", "echo '{\"name\": \"'$(hostname)'\", \"ipv4_address\": \"'$(hostname -I | awk '{print $1}')'\"}'"] -} - - # locals needed for dns-records locals { # dependency: dns -> dns-records dns_instance_id = var.enable_deployer ? "" : module.dns[0].dns_instance_id - dns_custom_resolver_id = var.enable_deployer ? "" : module.dns[0].dns_custom_resolver_id + # dns_custom_resolver_id = var.enable_deployer ? "" : module.dns[0].dns_custom_resolver_id dns_zone_map_list = var.enable_deployer ? [] : module.dns[0].dns_zone_maps compute_dns_zone_id = one(flatten([ for dns_zone in local.dns_zone_map_list : values(dns_zone) if one(keys(dns_zone)) == var.dns_domain_names["compute"] @@ -200,7 +186,7 @@ locals { ] compute_dns_records = [ - for instance in concat(local.compute_instances, local.deployer_instances): + for instance in concat(local.compute_instances, local.deployer_instances) : { name = instance["name"] rdata = instance["ipv4_address"] @@ -234,19 +220,19 @@ locals { locals { bastion_fip = module.deployer.bastion_fip compute_private_key_path = var.enable_bastion ? "${path.root}/../../modules/ansible-roles/compute_id_rsa" : "${path.root}/modules/ansible-roles/compute_id_rsa" #checkov:skip=CKV_SECRET_6 - storage_private_key_path = var.enable_bastion ? "${path.root}/../../modules/ansible-roles/storage_id_rsa" : "${path.root}/modules/ansible-roles/storage_id_rsa" #checkov:skip=CKV_SECRET_6 - compute_playbook_path = var.enable_bastion ? "${path.root}/../../modules/ansible-roles/compute_ssh.yaml" : "${path.root}/modules/ansible-roles/compute_ssh.yaml" - storage_playbook_path = var.enable_bastion ? "${path.root}/../../modules/ansible-roles/storage_ssh.yaml" : "${path.root}/modules/ansible-roles/storage_ssh.yaml" + # storage_private_key_path = var.enable_bastion ? "${path.root}/../../modules/ansible-roles/storage_id_rsa" : "${path.root}/modules/ansible-roles/storage_id_rsa" #checkov:skip=CKV_SECRET_6 + compute_playbook_path = var.enable_bastion ? "${path.root}/../../modules/ansible-roles/compute_ssh.yaml" : "${path.root}/modules/ansible-roles/compute_ssh.yaml" + # storage_playbook_path = var.enable_bastion ? "${path.root}/../../modules/ansible-roles/storage_ssh.yaml" : "${path.root}/modules/ansible-roles/storage_ssh.yaml" } # file Share OutPut locals { - fileshare_name_mount_path_map = var.enable_deployer ? {} : module.file_storage[0].name_mount_path_map + fileshare_name_mount_path_map = var.enable_deployer ? {} : module.file_storage[0].name_mount_path_map } # details needed for json file locals { - json_inventory_path = var.enable_bastion ? "${path.root}/../../modules/ansible-roles/all.json" : "${path.root}/modules/ansible-roles/all.json" + json_inventory_path = var.enable_bastion ? "${path.root}/../../modules/ansible-roles/all.json" : "${path.root}/modules/ansible-roles/all.json" management_nodes = var.enable_deployer ? [] : (flatten([module.landing_zone_vsi[0].management_vsi_data]))[*]["name"] compute_nodes = var.enable_deployer ? [] : (flatten([module.landing_zone_vsi[0].compute_vsi_data]))[*]["name"] compute_nodes_list = var.enable_deployer ? [] : (length(local.compute_nodes) > 0 ? [format("%s-[001:%s]", join("-", slice(split("-", local.compute_nodes[0]), 0, length(split("-", local.compute_nodes[0])) - 1)), split("-", local.compute_nodes[length(local.compute_nodes) - 1])[length(split("-", local.compute_nodes[length(local.compute_nodes) - 1])) - 1])] : local.compute_nodes) #(length(local.compute_nodes) >= 10 ? [format("%s-00[%d:%d]", regex("^(.*?)-\\d+$", local.compute_nodes[0])[0], 1, length(local.compute_nodes))] : local.compute_nodes) @@ -255,33 +241,6 @@ locals { db_hosts = var.enable_deployer ? [] : [local.management_nodes[0]] # Without Pac HA ha_shared_dir = "/mnt/lsf/shared" nfs_install_dir = "none" - Enable_Monitoring = false + enable_monitoring = false lsf_deployer_hostname = var.deployer_hostname #data.external.get_hostname.result.name #var.enable_bastion ? "" : flatten(module.deployer.deployer_vsi_data[*].list)[0].name } - -locals { - schematics_inputs_path = "/tmp/.schematics/solution_terraform.auto.tfvars.json" - remote_inputs_path = format("%s/terraform.tfvars.json", "/tmp") - deployer_path = "/opt/ibm" - remote_terraform_path = format("%s/terraform-ibm-hpc", local.deployer_path) - remote_ansible_path = format("%s/terraform-ibm-hpc", local.deployer_path) - da_hpc_repo_url = "https://github.com/terraform-ibm-modules/terraform-ibm-hpc.git" - da_hpc_repo_tag = "develop" ###### change it to main in future - zones = jsonencode(var.zones) - list_compute_ssh_keys = jsonencode(local.compute_ssh_keys) - list_storage_ssh_keys = jsonencode(local.storage_ssh_keys) - list_storage_instances = jsonencode(var.storage_instances) - list_management_instances = jsonencode(var.management_instances) - list_protocol_instances = jsonencode(var.protocol_instances) - list_compute_instances = jsonencode(var.static_compute_instances) - list_client_instances = jsonencode(var.client_instances) - allowed_cidr = jsonencode(var.allowed_cidr) - list_storage_subnets = jsonencode(length(local.storage_subnet) == 0 ? null : local.storage_subnet) - list_protocol_subnets = jsonencode(length(local.protocol_subnet) == 0 ? null : local.protocol_subnet) - list_compute_subnets = jsonencode(length(local.compute_subnet) == 0 ? null : local.compute_subnet) - list_client_subnets = jsonencode(length(local.client_subnet) == 0 ? null : local.client_subnet) - list_bastion_subnets = jsonencode(length(local.bastion_subnet) == 0 ? null : local.bastion_subnet) - dns_domain_names = jsonencode(var.dns_domain_names) - compute_public_key_content = local.compute_public_key_contents != null ? jsonencode(base64encode(local.compute_public_key_contents)) : "" - compute_private_key_content = local.compute_private_key_contents != null ? jsonencode(base64encode(local.compute_private_key_contents)) : "" -} \ No newline at end of file diff --git a/main.tf b/main.tf index e1b8c012..39b784b0 100644 --- a/main.tf +++ b/main.tf @@ -3,13 +3,11 @@ module "landing_zone" { enable_landing_zone = var.enable_landing_zone allowed_cidr = var.allowed_cidr compute_subnets_cidr = var.compute_subnets_cidr - clusters = var.clusters cos_instance_name = var.cos_instance_name enable_atracker = var.observability_atracker_enable && (var.observability_atracker_target_type == "cos") ? true : false enable_cos_integration = var.enable_cos_integration enable_vpc_flow_logs = var.enable_vpc_flow_logs enable_vpn = var.enable_vpn - hpcs_instance_name = var.hpcs_instance_name key_management = var.key_management kms_instance_name = var.kms_instance_name kms_key_name = var.kms_key_name @@ -22,10 +20,10 @@ module "landing_zone" { prefix = var.prefix protocol_instances = var.protocol_instances protocol_subnets_cidr = var.protocol_subnets_cidr - resource_group = var.resource_group + existing_resource_group = var.existing_resource_group storage_instances = var.storage_instances storage_subnets_cidr = var.storage_subnets_cidr - vpc = var.vpc + vpc_name = var.vpc_name vpn_peer_address = var.vpn_peer_address vpn_peer_cidr = var.vpn_peer_cidr vpn_preshared_key = var.vpn_preshared_key @@ -34,13 +32,15 @@ module "landing_zone" { skip_flowlogs_s2s_auth_policy = var.skip_flowlogs_s2s_auth_policy skip_kms_s2s_auth_policy = var.skip_kms_s2s_auth_policy observability_logs_enable = var.observability_logs_enable_for_management || var.observability_logs_enable_for_compute || (var.observability_atracker_enable && var.observability_atracker_target_type == "cloudlogs") ? true : false + # hpcs_instance_name = var.hpcs_instance_name + # clusters = var.clusters } module "deployer" { source = "./modules/deployer" - resource_group = var.resource_group + scheduler = var.scheduler + existing_resource_group = var.existing_resource_group prefix = var.prefix - zones = var.zones vpc_id = local.vpc_id network_cidr = var.network_cidr enable_bastion = var.enable_bastion @@ -56,23 +56,17 @@ module "deployer" { boot_volume_encryption_key = local.boot_volume_encryption_key existing_kms_instance_guid = local.existing_kms_instance_guid skip_iam_authorization_policy = var.skip_iam_authorization_policy - static_compute_instances = var.static_compute_instances - management_instances = var.management_instances dns_domain_names = var.dns_domain_names - } module "landing_zone_vsi" { count = var.enable_deployer == false ? 1 : 0 source = "./modules/landing_zone_vsi" - resource_group = var.resource_group + existing_resource_group = var.existing_resource_group prefix = var.prefix - zones = var.zones vpc_id = local.vpc_id bastion_security_group_id = var.bastion_security_group_id bastion_public_key_content = local.bastion_public_key_content - compute_public_key_content = var.compute_public_key_content - compute_private_key_content= var.compute_private_key_content client_subnets = local.client_subnets client_ssh_keys = local.client_ssh_keys client_instances = var.client_instances @@ -93,120 +87,50 @@ module "landing_zone_vsi" { enable_bastion = var.enable_bastion } - -resource "local_sensitive_file" "prepare_tf_input" { - count = var.enable_deployer == true ? 1 : 0 - content = < 0 || local.static_compute_instance_count > 0 -} \ No newline at end of file +} diff --git a/modules/deployer/main.tf b/modules/deployer/main.tf index 48fb77dd..5f1e26ec 100644 --- a/modules/deployer/main.tf +++ b/modules/deployer/main.tf @@ -1,9 +1,3 @@ -module "compute_key" { - count = local.enable_deployer && local.enable_compute ? 1 : 0 - source = "./../key" - private_key_path = var.enable_bastion ? "${path.root}/../../modules/ansible-roles/compute_id_rsa" : "${path.root}/modules/ansible-roles/compute_id_rsa" #checkov:skip=CKV_SECRET_6 -} - module "ssh_key" { count = local.enable_bastion ? 1 : 0 source = "./../key" @@ -21,11 +15,10 @@ module "bastion_sg" { vpc_id = var.vpc_id } - module "bastion_vsi" { count = var.enable_bastion ? 1 : 0 source = "terraform-ibm-modules/landing-zone-vsi/ibm" - version = "4.2.0" + version = "4.6.0" vsi_per_subnet = 1 create_security_group = false security_group = null @@ -49,7 +42,7 @@ module "bastion_vsi" { module "deployer_vsi" { count = local.enable_deployer ? 1 : 0 source = "terraform-ibm-modules/landing-zone-vsi/ibm" - version = "4.2.0" + version = "4.6.0" vsi_per_subnet = 1 create_security_group = false security_group = null diff --git a/modules/deployer/outputs.tf b/modules/deployer/outputs.tf index 6ecf495c..18c4d484 100644 --- a/modules/deployer/outputs.tf +++ b/modules/deployer/outputs.tf @@ -1,9 +1,11 @@ output "bastion_vsi_data" { - value = module.bastion_vsi[*] + description = "Bastion VSI data" + value = module.bastion_vsi[*] } output "deployer_vsi_data" { - value = module.deployer_vsi[*] + description = "Deployer VSI data" + value = module.deployer_vsi[*] } output "bastion_fip" { @@ -32,15 +34,3 @@ output "bastion_private_key_content" { sensitive = true value = one(module.ssh_key[*].private_key_content) } - -output "compute_public_key_content" { - description = "Compute public key content" - sensitive = true - value = one(module.compute_key[*].public_key_content) -} - -output "compute_private_key_content" { - description = "Compute private key content" - sensitive = true - value = one(module.compute_key[*].private_key_content) -} \ No newline at end of file diff --git a/modules/deployer/template_files.tf b/modules/deployer/template_files.tf index 7569a41a..467a047d 100644 --- a/modules/deployer/template_files.tf +++ b/modules/deployer/template_files.tf @@ -8,11 +8,8 @@ data "template_file" "bastion_user_data" { data "template_file" "deployer_user_data" { template = file("${path.module}/templates/deployer_user_data.tpl") vars = { - bastion_public_key_content = local.enable_bastion ? module.ssh_key[0].public_key_content : "" - compute_dns_domain = local.enable_bastion ? local.compute_dns_domain : "" - compute_interfaces = local.enable_bastion ? local.compute_interfaces : "" - compute_public_key_content = local.enable_bastion ? module.compute_key[0].public_key_content : "" - compute_private_key_content = local.enable_bastion ? module.compute_key[0].private_key_content : "" - + bastion_public_key_content = local.enable_bastion ? module.ssh_key[0].public_key_content : "" + compute_dns_domain = local.enable_bastion ? local.compute_dns_domain : "" + compute_interfaces = local.enable_bastion ? local.compute_interfaces : "" } } diff --git a/modules/deployer/templates/deployer_user_data.tpl b/modules/deployer/templates/deployer_user_data.tpl index 5648dba2..cbc70174 100644 --- a/modules/deployer/templates/deployer_user_data.tpl +++ b/modules/deployer/templates/deployer_user_data.tpl @@ -24,9 +24,6 @@ systemctl restart NetworkManager echo "${bastion_public_key_content}" >> /home/$USER/.ssh/authorized_keys echo "StrictHostKeyChecking no" >> /home/$USER/.ssh/config echo "StrictHostKeyChecking no" >> ~/.ssh/config -echo "${compute_public_key_content}" >> ~/.ssh/authorized_keys -echo "${compute_private_key_content}" > ~/.ssh/id_rsa -chmod 600 ~/.ssh/id_rsa # # setup env # # TODO: Conditional installation (python3, terraform & ansible) diff --git a/modules/deployer/variables.tf b/modules/deployer/variables.tf index 1b89ae38..6a026851 100644 --- a/modules/deployer/variables.tf +++ b/modules/deployer/variables.tf @@ -2,7 +2,7 @@ # Resource Groups Variables ############################################################################## -variable "resource_group" { +variable "existing_resource_group" { description = "String describing resource groups to create or reference" type = string default = null @@ -22,11 +22,6 @@ variable "prefix" { } } -variable "zones" { - description = "Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions." - type = list(string) -} - ############################################################################## # VPC Variables ############################################################################## @@ -42,6 +37,15 @@ variable "network_cidr" { default = "10.0.0.0/8" } +############################################################################## +# Offering Variations +############################################################################## +variable "scheduler" { + type = string + default = null + description = "Select one of the scheduler (LSF/Symphony/Slurm/null)" +} + ############################################################################## # Access Variables ############################################################################## @@ -131,28 +135,6 @@ variable "skip_iam_authorization_policy" { description = "Set to false if authorization policy is required for VPC block storage volumes to access kms. This can be set to true if authorization policy already exists. For more information on how to create authorization policy manually, see [creating authorization policies for block storage volume](https://cloud.ibm.com/docs/vpc?topic=vpc-block-s2s-auth&interface=ui)." } -variable "management_instances" { - type = list( - object({ - profile = string - count = number - image = string - }) - ) - description = "Number of instances to be launched for management." -} - -variable "static_compute_instances" { - type = list( - object({ - profile = string - count = number - image = string - }) - ) - description = "Total Number of instances to be launched for compute cluster." -} - variable "dns_domain_names" { type = object({ compute = string diff --git a/modules/deployer/version.tf b/modules/deployer/version.tf index cde6b069..e44fa0a2 100644 --- a/modules/deployer/version.tf +++ b/modules/deployer/version.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" diff --git a/modules/dns/datasource.tf b/modules/dns/datasource.tf new file mode 100644 index 00000000..a1511959 --- /dev/null +++ b/modules/dns/datasource.tf @@ -0,0 +1,9 @@ +data "ibm_dns_zones" "conditional" { + count = var.dns_instance_id != null ? 1 : 0 + instance_id = var.dns_instance_id +} + +data "ibm_dns_zones" "dns_zones" { + instance_id = local.dns_instance_id + depends_on = [ibm_dns_zone.dns_zone] +} diff --git a/modules/dns/locals.tf b/modules/dns/locals.tf new file mode 100644 index 00000000..880cc870 --- /dev/null +++ b/modules/dns/locals.tf @@ -0,0 +1,9 @@ +locals { + dns_domain_names = flatten([setsubtract(var.dns_domain_names == null ? [] : var.dns_domain_names, flatten(data.ibm_dns_zones.conditional[*].dns_zones[*]["name"]))]) + + dns_zone_maps = [for zone in data.ibm_dns_zones.dns_zones.dns_zones : { + (zone["name"]) = zone["zone_id"] + } if contains(var.dns_domain_names, zone["name"])] + + dns_instance_id = var.dns_instance_id == null ? ibm_resource_instance.resource_instance[0].guid : var.dns_instance_id +} diff --git a/modules/dns/main.tf b/modules/dns/main.tf index ba5fcd73..9f331174 100644 --- a/modules/dns/main.tf +++ b/modules/dns/main.tf @@ -1,4 +1,4 @@ -resource "ibm_resource_instance" "itself" { +resource "ibm_resource_instance" "resource_instance" { count = var.dns_instance_id == null ? 1 : 0 name = format("%s-dns-instance", var.prefix) resource_group_id = var.resource_group_id @@ -7,11 +7,7 @@ resource "ibm_resource_instance" "itself" { plan = "standard-dns" } -locals { - dns_instance_id = var.dns_instance_id == null ? ibm_resource_instance.itself[0].guid : var.dns_instance_id -} - -resource "ibm_dns_custom_resolver" "itself" { +resource "ibm_dns_custom_resolver" "dns_custom_resolver" { count = var.dns_custom_resolver_id == null ? 1 : 0 name = format("%s-custom-resolver", var.prefix) instance_id = local.dns_instance_id @@ -26,33 +22,13 @@ resource "ibm_dns_custom_resolver" "itself" { } } -data "ibm_dns_zones" "conditional" { - count = var.dns_instance_id != null ? 1 : 0 - instance_id = var.dns_instance_id -} - -locals { - dns_domain_names = flatten([setsubtract(var.dns_domain_names == null ? [] : var.dns_domain_names, flatten(data.ibm_dns_zones.conditional[*].dns_zones[*]["name"]))]) -} - -resource "ibm_dns_zone" "itself" { +resource "ibm_dns_zone" "dns_zone" { count = length(local.dns_domain_names) instance_id = local.dns_instance_id name = local.dns_domain_names[count.index] } -data "ibm_dns_zones" "itself" { - instance_id = local.dns_instance_id - depends_on = [ibm_dns_zone.itself] -} - -locals { - dns_zone_maps = [for zone in data.ibm_dns_zones.itself.dns_zones : { - (zone["name"]) = zone["zone_id"] - } if contains(var.dns_domain_names, zone["name"])] -} - -resource "ibm_dns_permitted_network" "itself" { +resource "ibm_dns_permitted_network" "dns_permitted_network" { count = length(var.dns_domain_names) instance_id = local.dns_instance_id vpc_crn = var.vpc_crn diff --git a/modules/dns/outputs.tf b/modules/dns/outputs.tf index 39022f0c..a137bb52 100644 --- a/modules/dns/outputs.tf +++ b/modules/dns/outputs.tf @@ -5,7 +5,7 @@ output "dns_instance_id" { output "dns_custom_resolver_id" { description = "DNS custom resolver ID" - value = var.dns_custom_resolver_id == null ? one(ibm_dns_custom_resolver.itself[*].id) : var.dns_custom_resolver_id + value = var.dns_custom_resolver_id == null ? one(ibm_dns_custom_resolver.dns_custom_resolver[*].id) : var.dns_custom_resolver_id } output "dns_zone_maps" { diff --git a/modules/dns/version.tf b/modules/dns/version.tf index e9f640ef..3ce71d7a 100644 --- a/modules/dns/version.tf +++ b/modules/dns/version.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" diff --git a/modules/dns_record/datasource.tf b/modules/dns_record/datasource.tf new file mode 100644 index 00000000..748dbfb8 --- /dev/null +++ b/modules/dns_record/datasource.tf @@ -0,0 +1,3 @@ +data "ibm_dns_zones" "dns_zones" { + instance_id = var.dns_instance_id +} diff --git a/modules/dns_record/locals.tf b/modules/dns_record/locals.tf new file mode 100644 index 00000000..ac7ff13c --- /dev/null +++ b/modules/dns_record/locals.tf @@ -0,0 +1,5 @@ +locals { + dns_domain_name = [ + for zone in data.ibm_dns_zones.dns_zones.dns_zones : zone["name"] if zone["zone_id"] == var.dns_zone_id + ] +} diff --git a/modules/dns_record/main.tf b/modules/dns_record/main.tf index aa84e997..8c9c89e2 100644 --- a/modules/dns_record/main.tf +++ b/modules/dns_record/main.tf @@ -1,13 +1,3 @@ -data "ibm_dns_zones" "itself" { - instance_id = var.dns_instance_id -} - -locals { - dns_domain_name = [ - for zone in data.ibm_dns_zones.itself.dns_zones : zone["name"] if zone["zone_id"] == var.dns_zone_id - ] -} - resource "ibm_dns_resource_record" "a" { count = length(var.dns_records) instance_id = var.dns_instance_id diff --git a/modules/dns_record/version.tf b/modules/dns_record/version.tf index e9f640ef..3ce71d7a 100644 --- a/modules/dns_record/version.tf +++ b/modules/dns_record/version.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" diff --git a/modules/file_storage/locals.tf b/modules/file_storage/locals.tf deleted file mode 100644 index c31aeaa7..00000000 --- a/modules/file_storage/locals.tf +++ /dev/null @@ -1,4 +0,0 @@ -locals { - # Region and Zone calculations - region = join("-", slice(split("-", var.zone), 0, 2)) -} diff --git a/modules/file_storage/outputs.tf b/modules/file_storage/outputs.tf index 7f265e54..ddf923c5 100644 --- a/modules/file_storage/outputs.tf +++ b/modules/file_storage/outputs.tf @@ -8,5 +8,5 @@ output "mount_path" { output "name_mount_path_map" { description = "Mount path name and its path map" - value = { for mount_details in flatten([ibm_is_share_mount_target.share_target_vpc, ibm_is_share_mount_target.share_target_sg]) : split("-", mount_details.name)[length(split("-", mount_details.name)) - 4] => mount_details.mount_path } -} \ No newline at end of file + value = { for mount_details in flatten([ibm_is_share_mount_target.share_target_vpc, ibm_is_share_mount_target.share_target_sg]) : split("-", mount_details.name)[length(split("-", mount_details.name)) - 4] => mount_details.mount_path } +} diff --git a/modules/file_storage/version.tf b/modules/file_storage/version.tf index e9f640ef..3ce71d7a 100644 --- a/modules/file_storage/version.tf +++ b/modules/file_storage/version.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" diff --git a/modules/inventory/main.tf b/modules/inventory/main.tf index b63bf85d..04340def 100644 --- a/modules/inventory/main.tf +++ b/modules/inventory/main.tf @@ -1,9 +1,4 @@ -# resource "local_sensitive_file" "itself" { -# content = join("\n", var.hosts,) -# filename = var.inventory_path -# } - -resource "local_sensitive_file" "itself" { +resource "local_sensitive_file" "mount_path_file" { content = <> /root/.ssh/config + echo "${local.compute_public_key_content}" >> /root/.ssh/authorized_keys + EOT + } + + triggers = { + build = timestamp() + } +} + module "storage_key" { count = local.enable_storage ? 1 : 0 source = "./../key" @@ -65,7 +88,7 @@ resource "ibm_is_security_group_rule" "add_comp_sg_comp" { module "client_vsi" { count = length(var.client_instances) source = "terraform-ibm-modules/landing-zone-vsi/ibm" - version = "4.2.0" + version = "4.6.0" vsi_per_subnet = var.client_instances[count.index]["count"] create_security_group = false security_group = null @@ -88,7 +111,7 @@ module "client_vsi" { module "management_vsi" { count = length(var.management_instances) source = "terraform-ibm-modules/landing-zone-vsi/ibm" - version = "4.2.0" + version = "4.6.0" vsi_per_subnet = var.management_instances[count.index]["count"] create_security_group = false security_group = null @@ -113,7 +136,7 @@ module "management_vsi" { module "compute_vsi" { count = length(var.static_compute_instances) source = "terraform-ibm-modules/landing-zone-vsi/ibm" - version = "4.2.0" + version = "4.6.0" vsi_per_subnet = var.static_compute_instances[count.index]["count"] create_security_group = false security_group = null @@ -138,7 +161,7 @@ module "compute_vsi" { module "storage_vsi" { count = length(var.storage_instances) source = "terraform-ibm-modules/landing-zone-vsi/ibm" - version = "4.2.0" + version = "4.6.0" vsi_per_subnet = var.storage_instances[count.index]["count"] create_security_group = false security_group = null @@ -164,7 +187,7 @@ module "storage_vsi" { module "protocol_vsi" { count = length(var.protocol_instances) source = "terraform-ibm-modules/landing-zone-vsi/ibm" - version = "4.2.0" + version = "4.6.0" vsi_per_subnet = var.protocol_instances[count.index]["count"] create_security_group = false security_group = null diff --git a/modules/landing_zone_vsi/outputs.tf b/modules/landing_zone_vsi/outputs.tf index ff13f57f..25c3bd40 100644 --- a/modules/landing_zone_vsi/outputs.tf +++ b/modules/landing_zone_vsi/outputs.tf @@ -27,3 +27,15 @@ output "compute_sg_id" { description = "Compute SG id" value = module.compute_sg[*].security_group_id } + +output "compute_public_key_content" { + description = "Compute public key content" + sensitive = true + value = one(module.compute_key[*].public_key_content) +} + +output "compute_private_key_content" { + description = "Compute private key content" + sensitive = true + value = one(module.compute_key[*].private_key_content) +} diff --git a/modules/landing_zone_vsi/template_files.tf b/modules/landing_zone_vsi/template_files.tf index ca7ebab6..77d61c14 100644 --- a/modules/landing_zone_vsi/template_files.tf +++ b/modules/landing_zone_vsi/template_files.tf @@ -2,8 +2,8 @@ data "template_file" "client_user_data" { template = file("${path.module}/templates/client_user_data.tpl") vars = { bastion_public_key_content = var.bastion_public_key_content != null ? var.bastion_public_key_content : "" - client_public_key_content = local.enable_client ? var.compute_public_key_content != null ? var.compute_public_key_content : "" : "" - client_private_key_content = local.enable_client ? var.compute_private_key_content != null ? var.compute_private_key_content : "" : "" + client_public_key_content = local.enable_client ? local.compute_public_key_content != null ? local.compute_public_key_content : "" : "" + client_private_key_content = local.enable_client ? local.compute_private_key_content != null ? local.compute_private_key_content : "" : "" client_interfaces = var.storage_type == "scratch" ? local.vsi_interfaces[0] : local.bms_interfaces[0] client_dns_domain = var.dns_domain_names["compute"] } @@ -13,8 +13,8 @@ data "template_file" "management_user_data" { template = file("${path.module}/templates/management_user_data.tpl") vars = { bastion_public_key_content = var.bastion_public_key_content != null ? var.bastion_public_key_content : "" - management_public_key_content = local.enable_management ? var.compute_public_key_content != null ? var.compute_public_key_content : "" : "" - management_private_key_content = local.enable_management ? var.compute_private_key_content != null ? var.compute_private_key_content : "" : "" + management_public_key_content = local.enable_management ? local.compute_public_key_content != null ? local.compute_public_key_content : "" : "" + management_private_key_content = local.enable_management ? local.compute_private_key_content != null ? local.compute_private_key_content : "" : "" management_interfaces = var.storage_type == "scratch" ? local.vsi_interfaces[0] : local.bms_interfaces[0] management_dns_domain = var.dns_domain_names["compute"] } @@ -24,8 +24,8 @@ data "template_file" "compute_user_data" { template = file("${path.module}/templates/compute_user_data.tpl") vars = { bastion_public_key_content = var.bastion_public_key_content != null ? var.bastion_public_key_content : "" - compute_public_key_content = local.enable_compute ? var.compute_public_key_content != null ? var.compute_public_key_content : "" : "" - compute_private_key_content = local.enable_compute ? var.compute_private_key_content != null ? var.compute_private_key_content : "" : "" + compute_public_key_content = local.enable_compute ? local.compute_public_key_content != null ? local.compute_public_key_content : "" : "" + compute_private_key_content = local.enable_compute ? local.compute_private_key_content != null ? local.compute_private_key_content : "" : "" compute_interfaces = var.storage_type == "scratch" ? local.vsi_interfaces[0] : local.bms_interfaces[0] compute_dns_domain = var.dns_domain_names["compute"] # TODO: Fix me diff --git a/modules/landing_zone_vsi/templates/compute_user_data.tpl b/modules/landing_zone_vsi/templates/compute_user_data.tpl index 2fdb9bb0..2fc14b81 100644 --- a/modules/landing_zone_vsi/templates/compute_user_data.tpl +++ b/modules/landing_zone_vsi/templates/compute_user_data.tpl @@ -17,9 +17,9 @@ sed -i -e "s/^/no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command= # input parameters echo "${bastion_public_key_content}" >> ~/.ssh/authorized_keys -echo "${compute_public_key_content}" | base64 --decode >> ~/.ssh/authorized_keys +echo "${compute_public_key_content}" >> ~/.ssh/authorized_keys echo "StrictHostKeyChecking no" >> ~/.ssh/config -echo "${compute_private_key_content}" | base64 --decode > ~/.ssh/id_rsa +echo "${compute_private_key_content}" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa # network setup diff --git a/modules/landing_zone_vsi/templates/management_user_data.tpl b/modules/landing_zone_vsi/templates/management_user_data.tpl index 1db5be80..8488c692 100644 --- a/modules/landing_zone_vsi/templates/management_user_data.tpl +++ b/modules/landing_zone_vsi/templates/management_user_data.tpl @@ -17,9 +17,9 @@ sed -i -e "s/^/no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command= # input parameters echo "${bastion_public_key_content}" >> ~/.ssh/authorized_keys -echo "${management_public_key_content}" | base64 --decode >> ~/.ssh/authorized_keys +echo "${management_public_key_content}" >> ~/.ssh/authorized_keys echo "StrictHostKeyChecking no" >> ~/.ssh/config -echo "${management_private_key_content}" | base64 --decode > ~/.ssh/id_rsa +echo "${management_private_key_content}" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa # network setup diff --git a/modules/landing_zone_vsi/variables.tf b/modules/landing_zone_vsi/variables.tf index bb965cb1..e1500246 100644 --- a/modules/landing_zone_vsi/variables.tf +++ b/modules/landing_zone_vsi/variables.tf @@ -11,7 +11,7 @@ variable "storage_type" { # Resource Groups Variables ############################################################################## -variable "resource_group" { +variable "existing_resource_group" { description = "String describing resource groups to create or reference" type = string default = null @@ -31,10 +31,10 @@ variable "prefix" { } } -variable "zones" { - description = "Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions." - type = list(string) -} +# variable "zones" { +# description = "Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions." +# type = list(string) +# } ############################################################################## # VPC Variables @@ -169,19 +169,19 @@ variable "dynamic_compute_instances" { description = "MaxNumber of instances to be launched for compute cluster." } -variable "compute_gui_username" { - type = string - default = "admin" - sensitive = true - description = "GUI user to perform system management and monitoring tasks on compute cluster." -} +# variable "compute_gui_username" { +# type = string +# default = "admin" +# sensitive = true +# description = "GUI user to perform system management and monitoring tasks on compute cluster." +# } -variable "compute_gui_password" { - type = string - default = "hpc@IBMCloud" - sensitive = true - description = "Password for compute cluster GUI" -} +# variable "compute_gui_password" { +# type = string +# default = "hpc@IBMCloud" +# sensitive = true +# description = "Password for compute cluster GUI" +# } ############################################################################## # Scale Storage Variables @@ -299,22 +299,22 @@ variable "boot_volume_encryption_key" { # TODO: Auth Server (LDAP/AD) Variables ############################################################################## -variable "compute_public_key_content" { - type = string - sensitive = true - default = null - description = "Compute security key content." -} +# variable "compute_public_key_content" { +# type = string +# sensitive = true +# default = null +# description = "Compute security key content." +# } -variable "compute_private_key_content" { - type = string - sensitive = true - default = null - description = "Compute security key content." -} +# variable "compute_private_key_content" { +# type = string +# sensitive = true +# default = null +# description = "Compute security key content." +# } variable "enable_bastion" { type = bool default = true description = "The solution supports multiple ways to connect to your HPC cluster for example, using bastion node, via VPN or direct connection. If connecting to the HPC cluster via VPN or direct connection, set this value to false." -} \ No newline at end of file +} diff --git a/modules/landing_zone_vsi/version.tf b/modules/landing_zone_vsi/version.tf index 801a2da5..85708b52 100644 --- a/modules/landing_zone_vsi/version.tf +++ b/modules/landing_zone_vsi/version.tf @@ -3,24 +3,24 @@ ############################################################################## terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" # Use "greater than or equal to" range for root level modules required_providers { ibm = { source = "IBM-Cloud/ibm" version = ">= 1.68.1, < 2.0.0" } - random = { - source = "hashicorp/random" - version = ">= 3.4.3, < 4.0.0" + local = { + source = "hashicorp/local" + version = "~> 2" } - time = { - source = "hashicorp/time" - version = ">= 0.9.1, < 1.0.0" + null = { + source = "hashicorp/null" + version = ">= 3.0.0" } - ansible = { - source = "ansible/ansible" - version = "~> 1.3.0" + template = { + source = "hashicorp/template" + version = "~> 2" } } } diff --git a/modules/observability_instance/main.tf b/modules/observability_instance/main.tf index 586260a5..e6369884 100644 --- a/modules/observability_instance/main.tf +++ b/modules/observability_instance/main.tf @@ -5,7 +5,7 @@ locals { } module "observability_instance" { - count = var.enable_deployer ? 1 : 0 + count = var.enable_deployer ? 1 : 0 # Replace "master" with a GIT release version to lock into a specific release source = "terraform-ibm-modules/observability-instances/ibm" version = "3.3.1" diff --git a/modules/observability_instance/variables.tf b/modules/observability_instance/variables.tf index 2a80cbbf..a40667ab 100644 --- a/modules/observability_instance/variables.tf +++ b/modules/observability_instance/variables.tf @@ -90,4 +90,4 @@ variable "enable_deployer" { type = bool default = false description = "Deployer should be only used for better deployment performance" -} \ No newline at end of file +} diff --git a/modules/observability_instance/versions.tf b/modules/observability_instance/versions.tf index af85229c..882585d2 100644 --- a/modules/observability_instance/versions.tf +++ b/modules/observability_instance/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" diff --git a/modules/playbook/main.tf b/modules/playbook/main.tf index c3aeab5c..fb4730c6 100644 --- a/modules/playbook/main.tf +++ b/modules/playbook/main.tf @@ -51,7 +51,6 @@ EOT filename = var.playbook_path } - resource "null_resource" "run_playbook" { count = var.inventory_path != null ? 1 : 0 provisioner "local-exec" { @@ -69,7 +68,7 @@ resource "null_resource" "run_lsf_playbooks" { provisioner "local-exec" { interpreter = ["/bin/bash", "-c"] - command = <" + "VAR1": "" }, { - "VAR2":"" + "VAR2": "" } ], "variablestore": [ @@ -55,12 +55,11 @@ "description": "IBM Cloud API key for the IBM Cloud account where the IBM Cloud HPC cluster needs to be deployed. For more information on how to create an API key, see [Managing user API keys](https://cloud.ibm.com/docs/account?topic=account-userapikey)." }, { - "name": "resource_group", + "name": "existing_resource_group", "value": "Default", "type": "string", "secure": false, "description": "Specify the existing resource group name from your IBM Cloud account where the VPC resources should be deployed. By default, the resource group name is set to 'Default.' Note that in some older accounts, the resource group name may be 'default,' so please validate the resource_group name before deployment. If the resource group value is set to the string \"null\", the automation will create two different resource groups named 'workload-rg' and 'service-rg.' For more information on resource groups, refer to Managing resource groups." - }, { "name": "zones", @@ -77,7 +76,7 @@ "description": "Prefix that is used to name the IBM Cloud HPC cluster and IBM Cloud resources that are provisioned to build the IBM Cloud HPC cluster instance. You cannot create more than one instance of the IBM Cloud HPC cluster with the same name. Ensure that the name is unique. Prefix must start with a lowercase letter and contain only lowercase letters, digits, and hyphens in between. Hyphens must be followed by at least one lowercase letter or digit. There are no leading, trailing, or consecutive hyphens.Character length for cluster_prefix should be less than 16." }, { - "name": "cluster_id", + "name": "cluster_name", "value": "Please fill here", "type": "string", "secure": false, @@ -208,7 +207,6 @@ "type": "string", "secure": false, "description": "Name of the custom image that you want to use to create virtual server instances in your IBM Cloud account to deploy the IBM Cloud HPC cluster dynamic compute nodes. By default, the solution uses a RHEL 8-8 OS image with additional software packages mentioned [here](https://cloud.ibm.com/docs/ibm-spectrum-lsf#create-custom-image). The solution also offers, Ubuntu 22-04 OS base image (hpcaas-lsf10-ubuntu2204-compute-v7). If you would like to include your application-specific binary files, follow the instructions in [ Planning for custom images ](https://cloud.ibm.com/docs/vpc?topic=vpc-planning-custom-images) to create your own custom image and use that to build the IBM Cloud HPC cluster through this offering." - }, { "name": "login_image_name", @@ -229,7 +227,7 @@ "value": "bx2-16x64", "type": "string", "secure": false, - "description" : "Specify the virtual server instance profile type to be used to create the management nodes for the IBM Cloud HPC cluster. For choices on profile types, see [Instance profiles](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles)." + "description": "Specify the virtual server instance profile type to be used to create the management nodes for the IBM Cloud HPC cluster. For choices on profile types, see [Instance profiles](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles)." }, { "name": "management_node_count", @@ -245,11 +243,12 @@ "secure": false, "description": "Mount points and sizes in GB and IOPS range of file shares that can be used to customize shared file storage layout. Provide the details for up to 5 shares. Each file share size in GB supports different range of IOPS. For more information, see [file share IOPS value](https://cloud.ibm.com/docs/vpc?topic=vpc-file-storage-profiles&interface=ui)" }, - { "name": "storage_security_group_id", + { + "name": "storage_security_group_id", "value": "__NULL__", "type": "string", "secure": false, - "description" : "Provide the security group id that is created from Scale storage, if the nfs_share is not equal to null from cluster_file_share variable." + "description": "Provide the security group id that is created from Scale storage, if the nfs_share is not equal to null from cluster_file_share variable." }, { "name": "hyperthreading_enabled", @@ -300,13 +299,15 @@ "secure": true, "description": "Password for IBM Spectrum LSF Application Center GUI. Note: Password should be at least 8 characters, must have one number, one lowercase letter, one uppercase letter, and at least one special character." }, - { "name": "app_center_high_availability", + { + "name": "app_center_high_availability", "value": "true", "type": "bool", "secure": false, "description": "Set to false to disable the IBM Spectrum LSF Application Center GUI High Availability (default: true)." }, - { "name": "existing_certificate_instance", + { + "name": "existing_certificate_instance", "value": "", "type": "string", "secure": false, @@ -438,7 +439,8 @@ "secure": false, "description": "Event Notifications Instance plan to be used (it's used with S.C.C. instance), possible values 'lite' and 'standard'" }, - { "name": "observability_monitoring_enable", + { + "name": "observability_monitoring_enable", "value": "false", "type": "bool", "secure": false, @@ -456,35 +458,35 @@ "value": "graduated-tier", "type": "string", "secure": false, - "description" : "Type of service plan for IBM Cloud Monitoring instance. You can choose one of the following: lite, graduated-tier. For all details visit [IBM Cloud Monitoring Service Plans](https://cloud.ibm.com/docs/monitoring?topic=monitoring-service_plans)." + "description": "Type of service plan for IBM Cloud Monitoring instance. You can choose one of the following: lite, graduated-tier. For all details visit [IBM Cloud Monitoring Service Plans](https://cloud.ibm.com/docs/monitoring?topic=monitoring-service_plans)." }, { "name": "bastion_instance_name", "value": "__NULL__", "type": "string", "secure": false, - "description" : "Provide the name of the bastion instance. If none given then new bastion will be created." + "description": "Provide the name of the bastion instance. If none given then new bastion will be created." }, { "name": "bastion_instance_public_ip", "value": "__NULL__", "type": "string", "secure": false, - "description" : "Provide the public ip address of the bastion instance to establish the remote connection." + "description": "Provide the public ip address of the bastion instance to establish the remote connection." }, { "name": "bastion_security_group_id", "value": "__NULL__", "type": "string", "secure": false, - "description" : "Provide the security group ID of the bastion server. This security group ID will be added as an allowlist rule on the HPC cluster nodes to establish an SSH connection through the bastion node." + "description": "Provide the security group ID of the bastion server. This security group ID will be added as an allowlist rule on the HPC cluster nodes to establish an SSH connection through the bastion node." }, { "name": "bastion_ssh_private_key", "value": "__NULL__", "type": "string", "secure": false, - "description" : "Provide the private SSH key (named id_rsa) used during the creation and configuration of the bastion server to securely authenticate and connect to the bastion server. This allows access to internal network resources from a secure entry point. Note: The corresponding public SSH key (named id_rsa.pub) must already be available in the ~/.ssh/authorized_keys file on the bastion host to establish authentication." + "description": "Provide the private SSH key (named id_rsa) used during the creation and configuration of the bastion server to securely authenticate and connect to the bastion server. This allows access to internal network resources from a secure entry point. Note: The corresponding public SSH key (named id_rsa.pub) must already be available in the ~/.ssh/authorized_keys file on the bastion host to establish authentication." } ] } diff --git a/solutions/custom/README.md b/solutions/custom/README.md index 6ee238a5..e69de29b 100644 --- a/solutions/custom/README.md +++ b/solutions/custom/README.md @@ -1,83 +0,0 @@ -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.3 | -| [ansible](#requirement\_ansible) | ~> 1.3.0 | -| [ibm](#requirement\_ibm) | >= 1.68.1, < 2.0.0 | - -## Providers - -| Name | Version | -|------|---------| -| [ibm](#provider\_ibm) | 1.70.1 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [lsf](#module\_lsf) | ./../.. | n/a | - -## Resources - -| Name | Type | -|------|------| -| [ibm_is_vpc.itself](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_vpc) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [allowed\_cidr](#input\_allowed\_cidr) | Network CIDR to access the VPC. This is used to manage network ACL rules for accessing the cluster. | `list(string)` | n/a | yes | -| [bastion\_ssh\_keys](#input\_bastion\_ssh\_keys) | The key pair to use to access the bastion host. | `list(string)` | `null` | no | -| [bastion\_subnets\_cidr](#input\_bastion\_subnets\_cidr) | Subnet CIDR block to launch the bastion host. | `list(string)` | 
[
  "10.0.0.0/24"
]
| no | -| [client\_instances](#input\_client\_instances) | Number of instances to be launched for client. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | -| [client\_ssh\_keys](#input\_client\_ssh\_keys) | The key pair to use to launch the client host. | `list(string)` | `null` | no | -| [client\_subnets\_cidr](#input\_client\_subnets\_cidr) | Subnet CIDR block to launch the client host. | `list(string)` | 
[
  "10.10.10.0/24",
  "10.20.10.0/24",
  "10.30.10.0/24"
]
| no | -| [compute\_gui\_password](#input\_compute\_gui\_password) | Password for compute cluster GUI | `string` | `"hpc@IBMCloud"` | no | -| [compute\_gui\_username](#input\_compute\_gui\_username) | GUI user to perform system management and monitoring tasks on compute cluster. | `string` | `"admin"` | no | -| [compute\_ssh\_keys](#input\_compute\_ssh\_keys) | The key pair to use to launch the compute host. | `list(string)` | `null` | no | -| [compute\_subnets\_cidr](#input\_compute\_subnets\_cidr) | Subnet CIDR block to launch the compute cluster host. | `list(string)` | 
[
  "10.10.20.0/24",
  "10.20.20.0/24",
  "10.30.20.0/24"
]
| no | -| [cos\_instance\_name](#input\_cos\_instance\_name) | Exiting COS instance name | `string` | `null` | no | -| [deployer\_instance\_profile](#input\_deployer\_instance\_profile) | Deployer should be only used for better deployment performance | `string` | `"mx2-4x32"` | no | -| [dns\_custom\_resolver\_id](#input\_dns\_custom\_resolver\_id) | IBM Cloud DNS custom resolver id. | `string` | `null` | no | -| [dns\_domain\_names](#input\_dns\_domain\_names) | IBM Cloud HPC DNS domain names. | 
object({
    compute  = string
    storage  = string
    protocol = string
  })
| 
{
  "compute": "comp.com",
  "protocol": "ces.com",
  "storage": "strg.com"
}
| no | -| [dns\_instance\_id](#input\_dns\_instance\_id) | IBM Cloud HPC DNS service instance id. | `string` | `null` | no | -| [dynamic\_compute\_instances](#input\_dynamic\_compute\_instances) | MaxNumber of instances to be launched for compute cluster. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 1024,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | -| [enable\_atracker](#input\_enable\_atracker) | Enable Activity tracker | `bool` | `true` | no | -| [enable\_bastion](#input\_enable\_bastion) | The solution supports multiple ways to connect to your HPC cluster for example, using bastion node, via VPN or direct connection. If connecting to the HPC cluster via VPN or direct connection, set this value to false. | `bool` | `true` | no | -| [enable\_cos\_integration](#input\_enable\_cos\_integration) | Integrate COS with HPC solution | `bool` | `true` | no | -| [enable\_deployer](#input\_enable\_deployer) | Deployer should be only used for better deployment performance | `bool` | `false` | no | -| [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Enable Activity tracker | `bool` | `true` | no | -| [enable\_vpn](#input\_enable\_vpn) | The solution supports multiple ways to connect to your HPC cluster for example, using bastion node, via VPN or direct connection. If connecting to the HPC cluster via VPN, set this value to true. | `bool` | `false` | no | -| [file\_shares](#input\_file\_shares) | Custom file shares to access shared storage | 
list(
    object({
      mount_path = string,
      size       = number,
      iops       = number
    })
  )
| 
[
  {
    "iops": 1000,
    "mount_path": "/mnt/binaries",
    "size": 100
  },
  {
    "iops": 1000,
    "mount_path": "/mnt/data",
    "size": 100
  }
]
| no | -| [hpcs\_instance\_name](#input\_hpcs\_instance\_name) | Hyper Protect Crypto Service instance | `string` | `null` | no | -| [ibm\_customer\_number](#input\_ibm\_customer\_number) | Comma-separated list of the IBM Customer Number(s) (ICN) that is used for the Bring Your Own License (BYOL) entitlement check. For more information on how to find your ICN, see [What is my IBM Customer Number (ICN)?](https://www.ibm.com/support/pages/what-my-ibm-customer-number-icn). | `string` | n/a | yes | -| [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | IBM Cloud API Key that will be used for authentication in scripts run in this module. Only required if certain options are required. | `string` | n/a | yes | -| [key\_management](#input\_key\_management) | null/key\_protect/hs\_crypto | `string` | `"key_protect"` | no | -| [management\_instances](#input\_management\_instances) | Number of instances to be launched for management. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | -| [network\_cidr](#input\_network\_cidr) | Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning. | `string` | `"10.0.0.0/8"` | no | -| [nsd\_details](#input\_nsd\_details) | Storage scale NSD details | 
list(
    object({
      profile  = string
      capacity = optional(number)
      iops     = optional(number)
    })
  )
| 
[
  {
    "capacity": 100,
    "iops": 1000,
    "profile": "custom"
  }
]
| no | -| [override](#input\_override) | Override default values with custom JSON template. This uses the file `override.json` to allow users to create a fully customized environment. | `bool` | `false` | no | -| [override\_json\_string](#input\_override\_json\_string) | Override default values with a JSON object. Any JSON other than an empty string overrides other configuration changes. | `string` | `null` | no | -| [placement\_strategy](#input\_placement\_strategy) | VPC placement groups to create (null / host\_spread / power\_spread) | `string` | `null` | no | -| [prefix](#input\_prefix) | A unique identifier for resources. Must begin with a letter and end with a letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. | `string` | `"lsf"` | no | -| [protocol\_instances](#input\_protocol\_instances) | Number of instances to be launched for protocol hosts. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | -| [protocol\_subnets\_cidr](#input\_protocol\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `list(string)` | 
[
  "10.10.40.0/24",
  "10.20.40.0/24",
  "10.30.40.0/24"
]
| no | -| [resource\_group](#input\_resource\_group) | String describing resource groups to create or reference | `string` | `"Default"` | no | -| [ssh\_keys](#input\_ssh\_keys) | The key pair to use to access the HPC cluster. | `list(string)` | `null` | no | -| [static\_compute\_instances](#input\_static\_compute\_instances) | Min Number of instances to be launched for compute cluster. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 1,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | -| [storage\_gui\_password](#input\_storage\_gui\_password) | Password for storage cluster GUI | `string` | `"hpc@IBMCloud"` | no | -| [storage\_gui\_username](#input\_storage\_gui\_username) | GUI user to perform system management and monitoring tasks on storage cluster. | `string` | `"admin"` | no | -| [storage\_instances](#input\_storage\_instances) | Number of instances to be launched for storage cluster. | 
list(
    object({
      profile         = string
      count           = number
      image           = string
      filesystem_name = optional(string)
    })
  )
| 
[
  {
    "count": 2,
    "filesystem_name": "fs1",
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | -| [storage\_ssh\_keys](#input\_storage\_ssh\_keys) | The key pair to use to launch the storage cluster host. | `list(string)` | `null` | no | -| [storage\_subnets\_cidr](#input\_storage\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `list(string)` | 
[
  "10.10.30.0/24",
  "10.20.30.0/24",
  "10.30.30.0/24"
]
| no | -| [vpc](#input\_vpc) | Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc) | `string` | `null` | no | -| [vpn\_peer\_address](#input\_vpn\_peer\_address) | The peer public IP address to which the VPN will be connected. | `string` | `null` | no | -| [vpn\_peer\_cidr](#input\_vpn\_peer\_cidr) | The peer CIDRs (e.g., 192.168.0.0/24) to which the VPN will be connected. | `list(string)` | `null` | no | -| [vpn\_preshared\_key](#input\_vpn\_preshared\_key) | The pre-shared key for the VPN. | `string` | `null` | no | -| [zones](#input\_zones) | Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions. | `list(string)` | n/a | yes | - -## Outputs - -No outputs. diff --git a/solutions/custom/catalogValidationValues.json.template b/solutions/custom/catalogValidationValues.json.template index a5642a41..2aea8d9e 100644 --- a/solutions/custom/catalogValidationValues.json.template +++ b/solutions/custom/catalogValidationValues.json.template @@ -2,6 +2,6 @@ "ibmcloud_api_key": $VALIDATION_APIKEY, "prefix": $PREFIX, "zones": "[\"ca-tor-1\"]", - "resource_group": "geretain-hpc-rg", + "existing_resource_group": "geretain-hpc-rg", "ssh_keys": "[\"geretain-hpc-ssh-key\"]" } diff --git a/solutions/custom/datasource.tf b/solutions/custom/datasource.tf deleted file mode 100644 index f6fada1e..00000000 --- a/solutions/custom/datasource.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Future use -/* -data "ibm_is_region" "itself" { - name = local.region -} - -data "ibm_is_zone" "itself" { - name = var.zones[0] - region = data.ibm_is_region.itself.name -} -*/ - -data "ibm_is_vpc" "itself" { - count = var.vpc == null ? 0 : 1 - name = var.vpc -} -/* -data "ibm_is_subnet" "itself" { - count = length(local.subnets) - identifier = local.subnets[count.index]["id"] -} -*/ diff --git a/solutions/custom/locals.tf b/solutions/custom/locals.tf index dbb3b8ac..7139423a 100644 --- a/solutions/custom/locals.tf +++ b/solutions/custom/locals.tf @@ -4,7 +4,6 @@ locals { region = join("-", slice(split("-", var.zones[0]), 0, 2)) } - locals { override_json_path = abspath("./override.json") override = { @@ -17,10 +16,9 @@ locals { override_type = var.override_json_string == null ? "override" : "override_json_string" } - locals { config = { - resource_group = var.resource_group + existing_resource_group = var.existing_resource_group allowed_cidr = var.allowed_cidr deployer_instance_profile = var.deployer_instance_profile ssh_keys = var.ssh_keys @@ -60,18 +58,17 @@ locals { storage_instances = var.storage_instances storage_ssh_keys = var.storage_ssh_keys storage_subnets_cidr = var.storage_subnets_cidr - vpc = var.vpc + vpc_name = var.vpc_name vpn_peer_address = var.vpn_peer_address vpn_peer_cidr = var.vpn_peer_cidr vpn_preshared_key = var.vpn_preshared_key } } - # Compile Environment for Config output locals { env = { - resource_group = lookup(local.override[local.override_type], "resource_group", local.config.resource_group) + existing_resource_group = lookup(local.override[local.override_type], "existing_resource_group", local.config.existing_resource_group) allowed_cidr = lookup(local.override[local.override_type], "allowed_cidr", local.config.allowed_cidr) deployer_instance_profile = lookup(local.override[local.override_type], "deployer_instance_profile", local.config.deployer_instance_profile) ssh_keys = lookup(local.override[local.override_type], "ssh_keys", local.config.ssh_keys) @@ -111,7 +108,7 @@ locals { storage_instances = lookup(local.override[local.override_type], "storage_instances", local.config.storage_instances) storage_ssh_keys = lookup(local.override[local.override_type], "storage_ssh_keys", local.config.storage_ssh_keys) storage_subnets_cidr = lookup(local.override[local.override_type], "storage_subnets_cidr", local.config.storage_subnets_cidr) - vpc = lookup(local.override[local.override_type], "vpc", local.config.vpc) + vpc_name = lookup(local.override[local.override_type], "vpc_name", local.config.vpc_name) vpn_peer_address = lookup(local.override[local.override_type], "vpn_peer_address", local.config.vpn_peer_address) vpn_peer_cidr = lookup(local.override[local.override_type], "vpn_peer_cidr", local.config.vpn_peer_cidr) vpn_preshared_key = lookup(local.override[local.override_type], "vpn_preshared_key", local.config.vpn_preshared_key) diff --git a/solutions/custom/main.tf b/solutions/custom/main.tf index 65524926..977baf10 100644 --- a/solutions/custom/main.tf +++ b/solutions/custom/main.tf @@ -6,12 +6,10 @@ module "custom" { allowed_cidr = var.allowed_cidr prefix = local.env.prefix ssh_keys = local.env.ssh_keys - resource_group = local.env.resource_group + existing_resource_group = local.env.existing_resource_group deployer_instance_profile = local.env.deployer_instance_profile bastion_ssh_keys = local.env.bastion_ssh_keys bastion_subnets_cidr = local.env.bastion_subnets_cidr - compute_gui_password = local.env.compute_gui_password - compute_gui_username = local.env.compute_gui_username compute_ssh_keys = local.env.compute_ssh_keys compute_subnets_cidr = local.env.compute_subnets_cidr cos_instance_name = local.env.cos_instance_name @@ -26,11 +24,9 @@ module "custom" { enable_vpc_flow_logs = local.env.enable_vpc_flow_logs enable_vpn = local.env.enable_vpn file_shares = local.env.file_shares - hpcs_instance_name = local.env.hpcs_instance_name key_management = local.env.key_management client_instances = local.env.client_instances client_ssh_keys = local.env.client_ssh_keys - client_subnets_cidr = local.env.client_subnets_cidr management_instances = local.env.management_instances network_cidr = local.env.network_cidr nsd_details = local.env.nsd_details @@ -38,13 +34,18 @@ module "custom" { protocol_instances = local.env.protocol_instances protocol_subnets_cidr = local.env.protocol_subnets_cidr static_compute_instances = local.env.static_compute_instances - storage_gui_password = local.env.storage_gui_password - storage_gui_username = local.env.storage_gui_username storage_instances = local.env.storage_instances storage_ssh_keys = local.env.storage_ssh_keys storage_subnets_cidr = local.env.storage_subnets_cidr - vpc = local.env.vpc + vpc_name = local.env.vpc_name vpn_peer_address = local.env.vpn_peer_address vpn_peer_cidr = local.env.vpn_peer_cidr vpn_preshared_key = local.env.vpn_preshared_key + + # compute_gui_password = local.env.compute_gui_password + # compute_gui_username = local.env.compute_gui_username + # client_subnets_cidr = local.env.client_subnets_cidr + # hpcs_instance_name = local.env.hpcs_instance_name + # storage_gui_password = local.env.storage_gui_password + # storage_gui_username = local.env.storage_gui_username } diff --git a/solutions/custom/outputs.tf b/solutions/custom/outputs.tf index 36ac8c82..f178ca4b 100644 --- a/solutions/custom/outputs.tf +++ b/solutions/custom/outputs.tf @@ -1,3 +1,4 @@ output "custom" { - value = module.custom + description = "Custom details" + value = module.custom } diff --git a/solutions/custom/override.json b/solutions/custom/override.json index 87173e8c..53e0527d 100644 --- a/solutions/custom/override.json +++ b/solutions/custom/override.json @@ -1,118 +1,118 @@ { - "prefix":"lsf", - "resource_group": "Default", - "vpc": null, - "network_cidr":"10.0.0.0/8", - "placement_strategy":null, - "enable_bastion":true, - "enable_deployer":false, - "deployer_instance_profile":"mx2-4x32", - "bastion_ssh_keys": null, - "bastion_subnets_cidr":[ - "10.0.0.0/24" - ], - "enable_vpn":false, - "vpn_peer_cidr":null, - "vpn_peer_address":null, - "vpn_preshared_key":null, - "client_subnets_cidr":[ - "10.10.10.0/24" - ], - "client_ssh_keys": null, - "client_instances":[ - { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" - } - ], - "compute_subnets_cidr":[ - "10.10.20.0/24", - "10.20.20.0/24", - "10.30.20.0/24" - ], - "compute_ssh_keys": null, - "management_instances":[ - { - "profile":"cx2-2x4", - "count":3, - "image":"ibm-redhat-8-10-minimal-amd64-2" - } - ], - "static_compute_instances":[ - { - "profile":"cx2-2x4", - "count":0, - "image":"ibm-redhat-8-10-minimal-amd64-2" - } - ], - "dynamic_compute_instances":[ - { - "profile":"cx2-2x4", - "count":5000, - "image":"ibm-redhat-8-10-minimal-amd64-2" - } - ], - "compute_gui_username":"admin", - "compute_gui_password": "hpc@IBMCloud", - "storage_subnets_cidr":[ - "10.10.30.0/24", - "10.20.30.0/24", - "10.30.30.0/24" - ], - "storage_ssh_keys": null, - "storage_instances":[ - { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" - } - ], - "protocol_subnets_cidr":[ - "10.10.40.0/24", - "10.20.40.0/24", - "10.30.40.0/24" - ], - "protocol_instances":[ - { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" - } - ], - "colocate_protocol_instances":false, - "storage_gui_username":"admin", - "storage_gui_password": "hpc@IBMCloud", - "nsd_details":[ + "prefix": "lsf", + "existing_resource_group": "Default", + "vpc_name": null, + "network_cidr": "10.0.0.0/8", + "placement_strategy": null, + "enable_bastion": true, + "enable_deployer": false, + "deployer_instance_profile": "mx2-4x32", + "bastion_ssh_keys": null, + "bastion_subnets_cidr": [ + "10.0.0.0/24" + ], + "enable_vpn": false, + "vpn_peer_cidr": null, + "vpn_peer_address": null, + "vpn_preshared_key": null, + "client_subnets_cidr": [ + "10.10.10.0/24" + ], + "client_ssh_keys": null, + "client_instances": [ + { + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" + } + ], + "compute_subnets_cidr": [ + "10.10.20.0/24", + "10.20.20.0/24", + "10.30.20.0/24" + ], + "compute_ssh_keys": null, + "management_instances": [ + { + "profile": "cx2-2x4", + "count": 3, + "image": "ibm-redhat-8-10-minimal-amd64-2" + } + ], + "static_compute_instances": [ + { + "profile": "cx2-2x4", + "count": 0, + "image": "ibm-redhat-8-10-minimal-amd64-2" + } + ], + "dynamic_compute_instances": [ + { + "profile": "cx2-2x4", + "count": 5000, + "image": "ibm-redhat-8-10-minimal-amd64-2" + } + ], + "compute_gui_username": "admin", + "compute_gui_password": "hpc@IBMCloud", + "storage_subnets_cidr": [ + "10.10.30.0/24", + "10.20.30.0/24", + "10.30.30.0/24" + ], + "storage_ssh_keys": null, + "storage_instances": [ + { + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" + } + ], + "protocol_subnets_cidr": [ + "10.10.40.0/24", + "10.20.40.0/24", + "10.30.40.0/24" + ], + "protocol_instances": [ + { + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" + } + ], + "colocate_protocol_instances": false, + "storage_gui_username": "admin", + "storage_gui_password": "hpc@IBMCloud", + "nsd_details": [ + { + "capacity": 100, + "iops": 1000, + "profile": "custom" + } + ], + "file_shares": [ + { + "mount_path": "/mnt/binaries", + "size": 100, + "iops": 1000 + }, { - "capacity":100, - "iops":1000, - "profile":"custom" + "mount_path": "/mnt/data", + "size": 100, + "iops": 1000 } ], - "file_shares":[ - { - "mount_path":"/mnt/binaries", - "size":100, - "iops":1000 - }, - { - "mount_path":"/mnt/data", - "size":100, - "iops":1000 - } - ], - "dns_instance_id":null, - "dns_custom_resolver_id":null, - "dns_domain_names":{ - "compute":"comp.com", - "storage":"strg.com", - "protocol":"ces.com" - }, - "enable_cos_integration":true, - "cos_instance_name":null, - "enable_atracker":true, - "enable_vpc_flow_logs":true, - "key_management":"key_protect", - "hpcs_instance_name":null - } + "dns_instance_id": null, + "dns_custom_resolver_id": null, + "dns_domain_names": { + "compute": "comp.com", + "storage": "strg.com", + "protocol": "ces.com" + }, + "enable_cos_integration": true, + "cos_instance_name": null, + "enable_atracker": true, + "enable_vpc_flow_logs": true, + "key_management": "key_protect", + "hpcs_instance_name": null +} diff --git a/solutions/custom/variables.tf b/solutions/custom/variables.tf index fdc200a1..0d5c235b 100644 --- a/solutions/custom/variables.tf +++ b/solutions/custom/variables.tf @@ -58,7 +58,7 @@ variable "prefix" { ############################################################################## # Resource Groups Variables ############################################################################## -variable "resource_group" { +variable "existing_resource_group" { type = string default = "Default" description = "String describing resource groups to create or reference" @@ -68,7 +68,7 @@ variable "resource_group" { ############################################################################## # VPC Variables ############################################################################## -variable "vpc" { +variable "vpc_name" { type = string default = null description = "Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc)" @@ -303,11 +303,11 @@ variable "protocol_instances" { description = "Number of instances to be launched for protocol hosts." } -variable "colocate_protocol_instances" { - type = bool - default = true - description = "Enable it to use storage instances as protocol instances" -} +# variable "colocate_protocol_instances" { +# type = bool +# default = true +# description = "Enable it to use storage instances as protocol instances" +# } variable "storage_gui_username" { type = string @@ -392,65 +392,65 @@ variable "dns_domain_names" { ############################################################################## # Auth Variables ############################################################################## -variable "enable_ldap" { - type = bool - default = false - description = "Set this option to true to enable LDAP for IBM Cloud HPC, with the default value set to false." -} - -variable "ldap_basedns" { - type = string - default = "ldapscale.com" - description = "The dns domain name is used for configuring the LDAP server. If an LDAP server is already in existence, ensure to provide the associated DNS domain name." -} - -variable "ldap_server" { - type = string - default = null - description = "Provide the IP address for the existing LDAP server. If no address is given, a new LDAP server will be created." -} - -variable "ldap_admin_password" { - type = string - sensitive = true - default = "hpc@IBMCloud" - description = "The LDAP administrative password should be 8 to 20 characters long, with a mix of at least three alphabetic characters." -} - -variable "ldap_user_name" { - type = string - default = "admin" - description = "Custom LDAP User for performing cluster operations. Note: Username should be between 4 to 32 characters." -} - -variable "ldap_user_password" { - type = string - sensitive = true - default = "hpc@IBMCloud" - description = "The LDAP user password should be 8 to 20 characters long, with a mix of at least three alphabetic character." -} - -variable "ldap_ssh_keys" { - type = list(string) - default = null - description = "Name of the SSH key configured in your IBM Cloud account that is used to establish a connection to the LDAP Server." -} - -variable "ldap_instances" { - type = list( - object({ - profile = string - count = number - image = string - }) - ) - default = [{ - profile = "bx2-2x8" - count = 0 - image = "ibm-redhat-8-10-minimal-amd64-2" - }] - description = "Number of instances to be launched for ldap hosts." -} +# variable "enable_ldap" { +# type = bool +# default = false +# description = "Set this option to true to enable LDAP for IBM Cloud HPC, with the default value set to false." +# } + +# variable "ldap_basedns" { +# type = string +# default = "ldapscale.com" +# description = "The dns domain name is used for configuring the LDAP server. If an LDAP server is already in existence, ensure to provide the associated DNS domain name." +# } + +# variable "ldap_server" { +# type = string +# default = null +# description = "Provide the IP address for the existing LDAP server. If no address is given, a new LDAP server will be created." +# } + +# variable "ldap_admin_password" { +# type = string +# sensitive = true +# default = "hpc@IBMCloud" +# description = "The LDAP administrative password should be 8 to 20 characters long, with a mix of at least three alphabetic characters." +# } + +# variable "ldap_user_name" { +# type = string +# default = "admin" +# description = "Custom LDAP User for performing cluster operations. Note: Username should be between 4 to 32 characters." +# } + +# variable "ldap_user_password" { +# type = string +# sensitive = true +# default = "hpc@IBMCloud" +# description = "The LDAP user password should be 8 to 20 characters long, with a mix of at least three alphabetic character." +# } + +# variable "ldap_ssh_keys" { +# type = list(string) +# default = null +# description = "Name of the SSH key configured in your IBM Cloud account that is used to establish a connection to the LDAP Server." +# } + +# variable "ldap_instances" { +# type = list( +# object({ +# profile = string +# count = number +# image = string +# }) +# ) +# default = [{ +# profile = "bx2-2x8" +# count = 0 +# image = "ibm-redhat-8-10-minimal-amd64-2" +# }] +# description = "Number of instances to be launched for ldap hosts." +# } ############################################################################## # Encryption Variables @@ -501,117 +501,117 @@ variable "enable_vpc_flow_logs" { ############################################################################## # Scale specific Variables ############################################################################## -variable "filesystem_config" { - type = list(object({ - filesystem = string - block_size = string - default_data_replica = number - default_metadata_replica = number - max_data_replica = number - max_metadata_replica = number - mount_point = string - })) - default = null - description = "File system configurations." -} - -variable "filesets_config" { - type = list(object({ - fileset = string - filesystem = string - junction_path = string - client_mount_path = string - quota = number - })) - default = null - description = "Fileset configurations." -} - -variable "afm_instances" { - type = list( - object({ - profile = string - count = number - image = string - }) - ) - default = [{ - profile = "bx2-2x8" - count = 0 - image = "ibm-redhat-8-10-minimal-amd64-2" - }] - description = "Number of instances to be launched for afm hosts." -} - -variable "afm_cos_config" { - type = list(object({ - afm_fileset = string, - mode = string, - cos_instance = string, - bucket_name = string, - bucket_region = string, - cos_service_cred_key = string, - bucket_type = string, - bucket_storage_class = string - })) - default = null - description = "AFM configurations." -} +# variable "filesystem_config" { +# type = list(object({ +# filesystem = string +# block_size = string +# default_data_replica = number +# default_metadata_replica = number +# max_data_replica = number +# max_metadata_replica = number +# mount_point = string +# })) +# default = null +# description = "File system configurations." +# } + +# variable "filesets_config" { +# type = list(object({ +# fileset = string +# filesystem = string +# junction_path = string +# client_mount_path = string +# quota = number +# })) +# default = null +# description = "Fileset configurations." +# } + +# variable "afm_instances" { +# type = list( +# object({ +# profile = string +# count = number +# image = string +# }) +# ) +# default = [{ +# profile = "bx2-2x8" +# count = 0 +# image = "ibm-redhat-8-10-minimal-amd64-2" +# }] +# description = "Number of instances to be launched for afm hosts." +# } + +# variable "afm_cos_config" { +# type = list(object({ +# afm_fileset = string, +# mode = string, +# cos_instance = string, +# bucket_name = string, +# bucket_region = string, +# cos_service_cred_key = string, +# bucket_type = string, +# bucket_storage_class = string +# })) +# default = null +# description = "AFM configurations." +# } ############################################################################## # LSF specific Variables ############################################################################## -variable "cluster_id" { - type = string - default = "HPCCluster" - description = "Unique ID of the cluster used by LSF for configuration of resources. This can be up to 39 alphanumeric characters." - validation { - condition = 0 < length(var.cluster_id) && length(var.cluster_id) < 40 && can(regex("^[a-zA-Z0-9_.-]+$", var.cluster_id)) - error_message = "The ID can be up to 39 alphanumeric characters including the underscore (_), the hyphen (-), and the period (.) characters." - } -} - -variable "enable_hyperthreading" { - type = bool - default = true - description = "Setting this to true will enable hyper-threading in the worker nodes of the cluster (default). Otherwise, hyper-threading will be disabled." -} - -variable "enable_dedicated_host" { - type = bool - default = false - description = "Set to true to use dedicated hosts for compute hosts (default: false)." -} - -variable "dedicated_host_placement" { - type = string - default = "spread" - description = "Specify 'pack' or 'spread'. The 'pack' option will deploy VSIs on one dedicated host until full before moving on to the next dedicated host." - validation { - condition = var.dedicated_host_placement == "spread" || var.dedicated_host_placement == "pack" - error_message = "Supported values for dedicated_host_placement: spread or pack." - } -} - -variable "enable_app_center" { - type = bool - default = false - description = "Set to true to install and enable use of the IBM Spectrum LSF Application Center GUI." -} - -variable "app_center_gui_password" { - type = string - default = "hpc@IBMCloud" - sensitive = true - description = "Password for IBM Spectrum LSF Application Center GUI." -} - -variable "app_center_db_password" { - type = string - default = "hpc@IBMCloud" - sensitive = true - description = "Password for IBM Spectrum LSF Application Center database GUI." -} +# variable "cluster_name" { +# type = string +# default = "HPCCluster" +# description = "Unique ID of the cluster used by LSF for configuration of resources. This can be up to 39 alphanumeric characters." +# validation { +# condition = 0 < length(var.cluster_name) && length(var.cluster_name) < 40 && can(regex("^[a-zA-Z0-9_.-]+$", var.cluster_name)) +# error_message = "The ID can be up to 39 alphanumeric characters including the underscore (_), the hyphen (-), and the period (.) characters." +# } +# } + +# variable "enable_hyperthreading" { +# type = bool +# default = true +# description = "Setting this to true will enable hyper-threading in the worker nodes of the cluster (default). Otherwise, hyper-threading will be disabled." +# } + +# variable "enable_dedicated_host" { +# type = bool +# default = false +# description = "Set to true to use dedicated hosts for compute hosts (default: false)." +# } + +# variable "dedicated_host_placement" { +# type = string +# default = "spread" +# description = "Specify 'pack' or 'spread'. The 'pack' option will deploy VSIs on one dedicated host until full before moving on to the next dedicated host." +# validation { +# condition = var.dedicated_host_placement == "spread" || var.dedicated_host_placement == "pack" +# error_message = "Supported values for dedicated_host_placement: spread or pack." +# } +# } + +# variable "enable_app_center" { +# type = bool +# default = false +# description = "Set to true to install and enable use of the IBM Spectrum LSF Application Center GUI." +# } + +# variable "app_center_gui_password" { +# type = string +# default = "hpc@IBMCloud" +# sensitive = true +# description = "Password for IBM Spectrum LSF Application Center GUI." +# } + +# variable "app_center_db_password" { +# type = string +# default = "hpc@IBMCloud" +# sensitive = true +# description = "Password for IBM Spectrum LSF Application Center database GUI." +# } ############################################################################## # Symphony specific Variables @@ -624,93 +624,96 @@ variable "app_center_db_password" { ############################################################################## # Landing Zone Variables ############################################################################## -variable "clusters" { - default = null - description = "A list describing clusters workloads to create" - type = list( - object({ - name = string # Name of Cluster - vpc_name = string # Name of VPC - subnet_names = list(string) # List of vpc subnets for cluster - workers_per_subnet = number # Worker nodes per subnet. - machine_type = string # Worker node flavor - kube_type = string # iks or openshift - kube_version = optional(string) # Can be a version from `ibmcloud ks versions` or `default` - entitlement = optional(string) # entitlement option for openshift - secondary_storage = optional(string) # Secondary storage type - pod_subnet = optional(string) # Portable subnet for pods - service_subnet = optional(string) # Portable subnet for services - resource_group = string # Resource Group used for cluster - cos_name = optional(string) # Name of COS instance Required only for OpenShift clusters - access_tags = optional(list(string), []) - boot_volume_crk_name = optional(string) # Boot volume encryption key name - disable_public_endpoint = optional(bool, true) # disable cluster public, leaving only private endpoint - disable_outbound_traffic_protection = optional(bool, false) # public outbound access from the cluster workers - cluster_force_delete_storage = optional(bool, false) # force the removal of persistent storage associated with the cluster during cluster deletion - operating_system = string # The operating system of the workers in the default worker pool. See https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions#openshift_versions_available . - kms_wait_for_apply = optional(bool, true) # make terraform wait until KMS is applied to master and it is ready and deployed - verify_cluster_network_readiness = optional(bool, true) # Flag to run a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false. - use_ibm_cloud_private_api_endpoints = optional(bool, true) # Flag to force all cluster related api calls to use the IBM Cloud private endpoints. - import_default_worker_pool_on_create = optional(bool) # (Advanced users) Whether to handle the default worker pool as a stand-alone ibm_container_vpc_worker_pool resource on cluster creation. Only set to false if you understand the implications of managing the default worker pool as part of the cluster resource. Set to true to import the default worker pool as a separate resource. Set to false to manage the default worker pool as part of the cluster resource. - allow_default_worker_pool_replacement = optional(bool) # (Advanced users) Set to true to allow the module to recreate a default worker pool. Only use in the case where you are getting an error indicating that the default worker pool cannot be replaced on apply. Once the default worker pool is handled as a stand-alone ibm_container_vpc_worker_pool, if you wish to make any change to the default worker pool which requires the re-creation of the default pool set this variable to true - labels = optional(map(string)) # A list of labels that you want to add to the default worker pool. - addons = optional(object({ # Map of OCP cluster add-on versions to install - debug-tool = optional(string) - image-key-synchronizer = optional(string) - openshift-data-foundation = optional(string) - vpc-file-csi-driver = optional(string) - static-route = optional(string) - cluster-autoscaler = optional(string) - vpc-block-csi-driver = optional(string) - ibm-storage-operator = optional(string) - }), {}) - manage_all_addons = optional(bool, false) # Instructs Terraform to manage all cluster addons, even if addons were installed outside of the module. If set to 'true' this module will destroy any addons that were installed by other sources. - kms_config = optional( - object({ - crk_name = string # Name of key - private_endpoint = optional(bool) # Private endpoint - }) - ) - worker_pools = optional( - list( - object({ - name = string # Worker pool name - vpc_name = string # VPC name - workers_per_subnet = number # Worker nodes per subnet - flavor = string # Worker node flavor - subnet_names = list(string) # List of vpc subnets for worker pool - entitlement = optional(string) # entitlement option for openshift - secondary_storage = optional(string) # Secondary storage type - boot_volume_crk_name = optional(string) # Boot volume encryption key name - operating_system = string # The operating system of the workers in the worker pool. See https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions#openshift_versions_available . - labels = optional(map(string)) # A list of labels that you want to add to all the worker nodes in the worker pool. - }) - ) - ) - }) - ) -} +# variable "clusters" { +# default = null +# description = "A list describing clusters workloads to create" +# type = list( +# object({ +# name = string # Name of Cluster +# vpc_name = string # Name of VPC +# subnet_names = list(string) # List of vpc subnets for cluster +# workers_per_subnet = number # Worker nodes per subnet. +# machine_type = string # Worker node flavor +# kube_type = string # iks or openshift +# kube_version = optional(string) # Can be a version from `ibmcloud ks versions` or `default` +# entitlement = optional(string) # entitlement option for openshift +# secondary_storage = optional(string) # Secondary storage type +# pod_subnet = optional(string) # Portable subnet for pods +# service_subnet = optional(string) # Portable subnet for services +# existing_resource_group = string # Resource Group used for cluster +# cos_name = optional(string) # Name of COS instance Required only for OpenShift clusters +# access_tags = optional(list(string), []) +# boot_volume_crk_name = optional(string) # Boot volume encryption key name +# disable_public_endpoint = optional(bool, true) # disable cluster public, leaving only private endpoint +# disable_outbound_traffic_protection = optional(bool, false) # public outbound access from the cluster workers +# cluster_force_delete_storage = optional(bool, false) # force the removal of persistent storage associated with the cluster during cluster deletion +# operating_system = string # The operating system of the workers in the default worker pool. See https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions#openshift_versions_available . +# kms_wait_for_apply = optional(bool, true) # make terraform wait until KMS is applied to master and it is ready and deployed +# verify_cluster_network_readiness = optional(bool, true) # Flag to run a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false. +# use_ibm_cloud_private_api_endpoints = optional(bool, true) # Flag to force all cluster related api calls to use the IBM Cloud private endpoints. +# import_default_worker_pool_on_create = optional(bool) # (Advanced users) Whether to handle the default worker pool as a stand-alone ibm_container_vpc_worker_pool resource on cluster creation. Only set to false if you understand the implications of managing the default worker pool as part of the cluster resource. Set to true to import the default worker pool as a separate resource. Set to false to manage the default worker pool as part of the cluster resource. +# allow_default_worker_pool_replacement = optional(bool) # (Advanced users) Set to true to allow the module to recreate a default worker pool. Only use in the case where you are getting an error indicating that the default worker pool cannot be replaced on apply. Once the default worker pool is handled as a stand-alone ibm_container_vpc_worker_pool, if you wish to make any change to the default worker pool which requires the re-creation of the default pool set this variable to true +# labels = optional(map(string)) # A list of labels that you want to add to the default worker pool. +# addons = optional(object({ # Map of OCP cluster add-on versions to install +# debug-tool = optional(string) +# image-key-synchronizer = optional(string) +# openshift-data-foundation = optional(string) +# vpc-file-csi-driver = optional(string) +# static-route = optional(string) +# cluster-autoscaler = optional(string) +# vpc-block-csi-driver = optional(string) +# ibm-storage-operator = optional(string) +# }), {}) +# manage_all_addons = optional(bool, false) # Instructs Terraform to manage all cluster addons, even if addons were installed outside of the module. If set to 'true' this module will destroy any addons that were installed by other sources. +# kms_config = optional( +# object({ +# crk_name = string # Name of key +# private_endpoint = optional(bool) # Private endpoint +# }) +# ) +# worker_pools = optional( +# list( +# object({ +# name = string # Worker pool name +# vpc_name = string # VPC name +# workers_per_subnet = number # Worker nodes per subnet +# flavor = string # Worker node flavor +# subnet_names = list(string) # List of vpc subnets for worker pool +# entitlement = optional(string) # entitlement option for openshift +# secondary_storage = optional(string) # Secondary storage type +# boot_volume_crk_name = optional(string) # Boot volume encryption key name +# operating_system = string # The operating system of the workers in the worker pool. See https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions#openshift_versions_available . +# labels = optional(map(string)) # A list of labels that you want to add to all the worker nodes in the worker pool. +# }) +# ) +# ) +# }) +# ) +# } ############################################################################## # Terraform generic Variables ############################################################################## -variable "TF_PARALLELISM" { - type = string - default = "250" - description = "Limit the number of concurrent operation." -} - -variable "TF_VERSION" { - type = string - default = "1.9" - description = "The version of the Terraform engine that's used in the Schematics workspace." -} - -variable "TF_LOG" { - type = string - default = "ERROR" - description = "The Terraform log level used for output in the Schematics workspace." -} +# tflint-ignore: all +# variable "TF_PARALLELISM" { +# type = string +# default = "250" +# description = "Limit the number of concurrent operation." +# } + +# tflint-ignore: all +# variable "TF_VERSION" { +# type = string +# default = "1.9" +# description = "The version of the Terraform engine that's used in the Schematics workspace." +# } + +# tflint-ignore: all +# variable "TF_LOG" { +# type = string +# default = "ERROR" +# description = "The Terraform log level used for output in the Schematics workspace." +# } ############################################################################## # Override JSON diff --git a/solutions/custom/version.tf b/solutions/custom/version.tf index e081bcc1..93f82bed 100644 --- a/solutions/custom/version.tf +++ b/solutions/custom/version.tf @@ -1,14 +1,10 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" version = ">= 1.68.1, < 2.0.0" } - ansible = { - source = "ansible/ansible" - version = "~> 1.3.0" - } } } diff --git a/solutions/hpcaas/README.md b/solutions/hpcaas/README.md index 6ee238a5..31b1a927 100644 --- a/solutions/hpcaas/README.md +++ b/solutions/hpcaas/README.md @@ -3,26 +3,21 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [ansible](#requirement\_ansible) | ~> 1.3.0 | | [ibm](#requirement\_ibm) | >= 1.68.1, < 2.0.0 | ## Providers -| Name | Version | -|------|---------| -| [ibm](#provider\_ibm) | 1.70.1 | +No providers. ## Modules | Name | Source | Version | |------|--------|---------| -| [lsf](#module\_lsf) | ./../.. | n/a | +| [hpcaas](#module\_hpcaas) | ./../.. | n/a | ## Resources -| Name | Type | -|------|------| -| [ibm_is_vpc.itself](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_vpc) | data source | +No resources. ## Inputs @@ -30,14 +25,14 @@ |------|-------------|------|---------|:--------:| | [allowed\_cidr](#input\_allowed\_cidr) | Network CIDR to access the VPC. This is used to manage network ACL rules for accessing the cluster. | `list(string)` | n/a | yes | | [bastion\_ssh\_keys](#input\_bastion\_ssh\_keys) | The key pair to use to access the bastion host. | `list(string)` | `null` | no | -| [bastion\_subnets\_cidr](#input\_bastion\_subnets\_cidr) | Subnet CIDR block to launch the bastion host. | `list(string)` | 
[
  "10.0.0.0/24"
]
| no | +| [bastion\_subnets\_cidr](#input\_bastion\_subnets\_cidr) | Subnet CIDR block to launch the bastion host. | `string` | `"10.0.0.0/24"` | no | | [client\_instances](#input\_client\_instances) | Number of instances to be launched for client. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [client\_ssh\_keys](#input\_client\_ssh\_keys) | The key pair to use to launch the client host. | `list(string)` | `null` | no | -| [client\_subnets\_cidr](#input\_client\_subnets\_cidr) | Subnet CIDR block to launch the client host. | `list(string)` | 
[
  "10.10.10.0/24",
  "10.20.10.0/24",
  "10.30.10.0/24"
]
| no | +| [client\_subnets\_cidr](#input\_client\_subnets\_cidr) | Subnet CIDR block to launch the client host. | `string` | `"10.10.10.0/24"` | no | | [compute\_gui\_password](#input\_compute\_gui\_password) | Password for compute cluster GUI | `string` | `"hpc@IBMCloud"` | no | | [compute\_gui\_username](#input\_compute\_gui\_username) | GUI user to perform system management and monitoring tasks on compute cluster. | `string` | `"admin"` | no | | [compute\_ssh\_keys](#input\_compute\_ssh\_keys) | The key pair to use to launch the compute host. | `list(string)` | `null` | no | -| [compute\_subnets\_cidr](#input\_compute\_subnets\_cidr) | Subnet CIDR block to launch the compute cluster host. | `list(string)` | 
[
  "10.10.20.0/24",
  "10.20.20.0/24",
  "10.30.20.0/24"
]
| no | +| [compute\_subnets\_cidr](#input\_compute\_subnets\_cidr) | Subnet CIDR block to launch the compute cluster host. | `string` | `"10.10.20.0/24"` | no | | [cos\_instance\_name](#input\_cos\_instance\_name) | Exiting COS instance name | `string` | `null` | no | | [deployer\_instance\_profile](#input\_deployer\_instance\_profile) | Deployer should be only used for better deployment performance | `string` | `"mx2-4x32"` | no | | [dns\_custom\_resolver\_id](#input\_dns\_custom\_resolver\_id) | IBM Cloud DNS custom resolver id. | `string` | `null` | no | @@ -50,34 +45,35 @@ | [enable\_deployer](#input\_enable\_deployer) | Deployer should be only used for better deployment performance | `bool` | `false` | no | | [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Enable Activity tracker | `bool` | `true` | no | | [enable\_vpn](#input\_enable\_vpn) | The solution supports multiple ways to connect to your HPC cluster for example, using bastion node, via VPN or direct connection. If connecting to the HPC cluster via VPN, set this value to true. | `bool` | `false` | no | +| [existing\_resource\_group](#input\_existing\_resource\_group) | String describing resource groups to create or reference | `string` | `"Default"` | no | | [file\_shares](#input\_file\_shares) | Custom file shares to access shared storage | 
list(
    object({
      mount_path = string,
      size       = number,
      iops       = number
    })
  )
| 
[
  {
    "iops": 1000,
    "mount_path": "/mnt/binaries",
    "size": 100
  },
  {
    "iops": 1000,
    "mount_path": "/mnt/data",
    "size": 100
  }
]
| no | | [hpcs\_instance\_name](#input\_hpcs\_instance\_name) | Hyper Protect Crypto Service instance | `string` | `null` | no | | [ibm\_customer\_number](#input\_ibm\_customer\_number) | Comma-separated list of the IBM Customer Number(s) (ICN) that is used for the Bring Your Own License (BYOL) entitlement check. For more information on how to find your ICN, see [What is my IBM Customer Number (ICN)?](https://www.ibm.com/support/pages/what-my-ibm-customer-number-icn). | `string` | n/a | yes | | [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | IBM Cloud API Key that will be used for authentication in scripts run in this module. Only required if certain options are required. | `string` | n/a | yes | -| [key\_management](#input\_key\_management) | null/key\_protect/hs\_crypto | `string` | `"key_protect"` | no | +| [key\_management](#input\_key\_management) | Set the value as key\_protect to enable customer managed encryption for boot volume and file share. If the key\_management is set as null, IBM Cloud resources will be always be encrypted through provider managed. | `string` | `"key_protect"` | no | | [management\_instances](#input\_management\_instances) | Number of instances to be launched for management. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [network\_cidr](#input\_network\_cidr) | Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning. | `string` | `"10.0.0.0/8"` | no | -| [nsd\_details](#input\_nsd\_details) | Storage scale NSD details | 
list(
    object({
      profile  = string
      capacity = optional(number)
      iops     = optional(number)
    })
  )
| 
[
  {
    "capacity": 100,
    "iops": 1000,
    "profile": "custom"
  }
]
| no | | [override](#input\_override) | Override default values with custom JSON template. This uses the file `override.json` to allow users to create a fully customized environment. | `bool` | `false` | no | | [override\_json\_string](#input\_override\_json\_string) | Override default values with a JSON object. Any JSON other than an empty string overrides other configuration changes. | `string` | `null` | no | | [placement\_strategy](#input\_placement\_strategy) | VPC placement groups to create (null / host\_spread / power\_spread) | `string` | `null` | no | | [prefix](#input\_prefix) | A unique identifier for resources. Must begin with a letter and end with a letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. | `string` | `"lsf"` | no | | [protocol\_instances](#input\_protocol\_instances) | Number of instances to be launched for protocol hosts. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | -| [protocol\_subnets\_cidr](#input\_protocol\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `list(string)` | 
[
  "10.10.40.0/24",
  "10.20.40.0/24",
  "10.30.40.0/24"
]
| no | -| [resource\_group](#input\_resource\_group) | String describing resource groups to create or reference | `string` | `"Default"` | no | +| [protocol\_subnets\_cidr](#input\_protocol\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `string` | `"10.10.40.0/24"` | no | | [ssh\_keys](#input\_ssh\_keys) | The key pair to use to access the HPC cluster. | `list(string)` | `null` | no | | [static\_compute\_instances](#input\_static\_compute\_instances) | Min Number of instances to be launched for compute cluster. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 1,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [storage\_gui\_password](#input\_storage\_gui\_password) | Password for storage cluster GUI | `string` | `"hpc@IBMCloud"` | no | | [storage\_gui\_username](#input\_storage\_gui\_username) | GUI user to perform system management and monitoring tasks on storage cluster. | `string` | `"admin"` | no | | [storage\_instances](#input\_storage\_instances) | Number of instances to be launched for storage cluster. | 
list(
    object({
      profile         = string
      count           = number
      image           = string
      filesystem_name = optional(string)
    })
  )
| 
[
  {
    "count": 2,
    "filesystem_name": "fs1",
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | | [storage\_ssh\_keys](#input\_storage\_ssh\_keys) | The key pair to use to launch the storage cluster host. | `list(string)` | `null` | no | -| [storage\_subnets\_cidr](#input\_storage\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `list(string)` | 
[
  "10.10.30.0/24",
  "10.20.30.0/24",
  "10.30.30.0/24"
]
| no | +| [storage\_subnets\_cidr](#input\_storage\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `string` | `"10.10.30.0/24"` | no | | [vpc](#input\_vpc) | Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc) | `string` | `null` | no | | [vpn\_peer\_address](#input\_vpn\_peer\_address) | The peer public IP address to which the VPN will be connected. | `string` | `null` | no | | [vpn\_peer\_cidr](#input\_vpn\_peer\_cidr) | The peer CIDRs (e.g., 192.168.0.0/24) to which the VPN will be connected. | `list(string)` | `null` | no | | [vpn\_preshared\_key](#input\_vpn\_preshared\_key) | The pre-shared key for the VPN. | `string` | `null` | no | -| [zones](#input\_zones) | Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions. | `list(string)` | n/a | yes | +| [zone](#input\_zone) | Zone where VPC will be created. | `string` | n/a | yes | ## Outputs -No outputs. +| Name | Description | +|------|-------------| +| [hpcaas](#output\_hpcaas) | HPCaaS details | diff --git a/solutions/hpcaas/catalogValidationValues.json.template b/solutions/hpcaas/catalogValidationValues.json.template index a5642a41..a50f2c75 100644 --- a/solutions/hpcaas/catalogValidationValues.json.template +++ b/solutions/hpcaas/catalogValidationValues.json.template @@ -1,7 +1,7 @@ { "ibmcloud_api_key": $VALIDATION_APIKEY, "prefix": $PREFIX, - "zones": "[\"ca-tor-1\"]", - "resource_group": "geretain-hpc-rg", + "zones": "[\"ca-tor-1\"]", + "existing_resource_group": "geretain-hpc-rg", "ssh_keys": "[\"geretain-hpc-ssh-key\"]" } diff --git a/solutions/hpcaas/datasource.tf b/solutions/hpcaas/datasource.tf deleted file mode 100644 index f6fada1e..00000000 --- a/solutions/hpcaas/datasource.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Future use -/* -data "ibm_is_region" "itself" { - name = local.region -} - -data "ibm_is_zone" "itself" { - name = var.zones[0] - region = data.ibm_is_region.itself.name -} -*/ - -data "ibm_is_vpc" "itself" { - count = var.vpc == null ? 0 : 1 - name = var.vpc -} -/* -data "ibm_is_subnet" "itself" { - count = length(local.subnets) - identifier = local.subnets[count.index]["id"] -} -*/ diff --git a/solutions/hpcaas/locals.tf b/solutions/hpcaas/locals.tf index f61d69eb..4d7d2766 100644 --- a/solutions/hpcaas/locals.tf +++ b/solutions/hpcaas/locals.tf @@ -1,10 +1,9 @@ # locals needed for ibm provider locals { # Region and Zone calculations - region = join("-", slice(split("-", var.zone), 0, 2)) + region = join("-", slice(split("-", var.zones[0]), 0, 2)) } - locals { override_json_path = abspath("./override.json") override = { @@ -17,10 +16,9 @@ locals { override_type = var.override_json_string == null ? "override" : "override_json_string" } - locals { config = { - resource_group = var.resource_group + existing_resource_group = var.existing_resource_group allowed_cidr = var.allowed_cidr deployer_instance_profile = var.deployer_instance_profile ssh_keys = var.ssh_keys @@ -59,18 +57,17 @@ locals { storage_instances = var.storage_instances storage_ssh_keys = var.storage_ssh_keys storage_subnets_cidr = var.storage_subnets_cidr - vpc = var.vpc + vpc_name = var.vpc_name vpn_peer_address = var.vpn_peer_address vpn_peer_cidr = var.vpn_peer_cidr vpn_preshared_key = var.vpn_preshared_key } } - # Compile Environment for Config output locals { env = { - resource_group = lookup(local.override[local.override_type], "resource_group", local.config.resource_group) + existing_resource_group = lookup(local.override[local.override_type], "existing_resource_group", local.config.existing_resource_group) allowed_cidr = lookup(local.override[local.override_type], "allowed_cidr", local.config.allowed_cidr) deployer_instance_profile = lookup(local.override[local.override_type], "deployer_instance_profile", local.config.deployer_instance_profile) ssh_keys = lookup(local.override[local.override_type], "ssh_keys", local.config.ssh_keys) @@ -109,7 +106,7 @@ locals { storage_instances = lookup(local.override[local.override_type], "storage_instances", local.config.storage_instances) storage_ssh_keys = lookup(local.override[local.override_type], "storage_ssh_keys", local.config.storage_ssh_keys) storage_subnets_cidr = lookup(local.override[local.override_type], "storage_subnets_cidr", local.config.storage_subnets_cidr) - vpc = lookup(local.override[local.override_type], "vpc", local.config.vpc) + vpc_name = lookup(local.override[local.override_type], "vpc_name", local.config.vpc_name) vpn_peer_address = lookup(local.override[local.override_type], "vpn_peer_address", local.config.vpn_peer_address) vpn_peer_cidr = lookup(local.override[local.override_type], "vpn_peer_cidr", local.config.vpn_peer_cidr) vpn_preshared_key = lookup(local.override[local.override_type], "vpn_preshared_key", local.config.vpn_preshared_key) diff --git a/solutions/hpcaas/main.tf b/solutions/hpcaas/main.tf index f20ffee8..7409fd08 100644 --- a/solutions/hpcaas/main.tf +++ b/solutions/hpcaas/main.tf @@ -2,16 +2,14 @@ module "hpcaas" { source = "./../.." scheduler = "HPCaaS" ibm_customer_number = var.ibm_customer_number - zones = [var.zone] + zones = var.zones allowed_cidr = var.allowed_cidr prefix = local.env.prefix ssh_keys = local.env.ssh_keys - resource_group = local.env.resource_group + existing_resource_group = local.env.existing_resource_group deployer_instance_profile = local.env.deployer_instance_profile bastion_ssh_keys = local.env.bastion_ssh_keys bastion_subnets_cidr = [local.env.bastion_subnets_cidr] - compute_gui_password = local.env.compute_gui_password - compute_gui_username = local.env.compute_gui_username compute_ssh_keys = local.env.compute_ssh_keys compute_subnets_cidr = [local.env.compute_subnets_cidr] cos_instance_name = local.env.cos_instance_name @@ -26,24 +24,27 @@ module "hpcaas" { enable_vpc_flow_logs = local.env.enable_vpc_flow_logs enable_vpn = local.env.enable_vpn file_shares = local.env.file_shares - hpcs_instance_name = local.env.hpcs_instance_name key_management = local.env.key_management client_instances = local.env.client_instances client_ssh_keys = local.env.client_ssh_keys - client_subnets_cidr = [local.env.client_subnets_cidr] management_instances = local.env.management_instances network_cidr = local.env.network_cidr placement_strategy = local.env.placement_strategy protocol_instances = local.env.protocol_instances protocol_subnets_cidr = [local.env.protocol_subnets_cidr] static_compute_instances = local.env.static_compute_instances - storage_gui_password = local.env.storage_gui_password - storage_gui_username = local.env.storage_gui_username storage_instances = local.env.storage_instances storage_ssh_keys = local.env.storage_ssh_keys storage_subnets_cidr = [local.env.storage_subnets_cidr] - vpc = local.env.vpc + vpc_name = local.env.vpc_name vpn_peer_address = local.env.vpn_peer_address vpn_peer_cidr = local.env.vpn_peer_cidr vpn_preshared_key = local.env.vpn_preshared_key + + # compute_gui_password = local.env.compute_gui_password + # compute_gui_username = local.env.compute_gui_username + # hpcs_instance_name = local.env.hpcs_instance_name + # client_subnets_cidr = [local.env.client_subnets_cidr] + # storage_gui_password = local.env.storage_gui_password + # storage_gui_username = local.env.storage_gui_username } diff --git a/solutions/hpcaas/outputs.tf b/solutions/hpcaas/outputs.tf index 43448084..54fa4c3d 100644 --- a/solutions/hpcaas/outputs.tf +++ b/solutions/hpcaas/outputs.tf @@ -1,3 +1,4 @@ output "hpcaas" { - value = module.hpcaas + description = "HPCaaS details" + value = module.hpcaas } diff --git a/solutions/hpcaas/override.json b/solutions/hpcaas/override.json index 95ac2e44..2d53374c 100644 --- a/solutions/hpcaas/override.json +++ b/solutions/hpcaas/override.json @@ -1,95 +1,95 @@ { - "prefix":"hpcaas", - "resource_group": "Default", - "vpc": null, - "network_cidr":"10.0.0.0/8", - "placement_strategy":null, - "ssh_keys":null, - "enable_bastion":true, - "enable_deployer":false, - "deployer_instance_profile":"mx2-4x32", + "prefix": "hpcaas", + "existing_resource_group": "Default", + "vpc_name": null, + "network_cidr": "10.0.0.0/8", + "placement_strategy": null, + "ssh_keys": null, + "enable_bastion": true, + "enable_deployer": false, + "deployer_instance_profile": "mx2-4x32", "bastion_ssh_keys": null, - "bastion_subnets_cidr":"10.0.0.0/24", - "enable_vpn":false, - "vpn_peer_cidr":null, - "vpn_peer_address":null, - "vpn_preshared_key":null, - "client_subnets_cidr":"10.10.10.0/24", + "bastion_subnets_cidr": "10.0.0.0/24", + "enable_vpn": false, + "vpn_peer_cidr": null, + "vpn_peer_address": null, + "vpn_preshared_key": null, + "client_subnets_cidr": "10.10.10.0/24", "client_ssh_keys": null, - "client_instances":[ + "client_instances": [ { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "compute_subnets_cidr":"10.10.20.0/24", + "compute_subnets_cidr": "10.10.20.0/24", "compute_ssh_keys": null, - "management_instances":[ + "management_instances": [ { - "profile":"cx2-2x4", - "count":3, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 3, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "static_compute_instances":[ + "static_compute_instances": [ { - "profile":"cx2-2x4", - "count":0, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 0, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "dynamic_compute_instances":[ + "dynamic_compute_instances": [ { - "profile":"cx2-2x4", - "count":5000, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 5000, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "compute_gui_username":"admin", + "compute_gui_username": "admin", "compute_gui_password": "hpc@IBMCloud", - "storage_subnets_cidr":"10.10.30.0/24", + "storage_subnets_cidr": "10.10.30.0/24", "storage_ssh_keys": null, - "storage_instances":[ + "storage_instances": [ { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "protocol_subnets_cidr":"10.10.40.0/24", - "protocol_instances":[ + "protocol_subnets_cidr": "10.10.40.0/24", + "protocol_instances": [ { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "storage_gui_username":"admin", + "storage_gui_username": "admin", "storage_gui_password": "hpc@IBMCloud", - "file_shares":[ + "file_shares": [ { - "mount_path":"/mnt/binaries", - "size":100, - "iops":1000 + "mount_path": "/mnt/binaries", + "size": 100, + "iops": 1000 }, { - "mount_path":"/mnt/data", - "size":100, - "iops":1000 + "mount_path": "/mnt/data", + "size": 100, + "iops": 1000 } ], - "dns_instance_id":null, - "dns_custom_resolver_id":null, - "dns_domain_names":{ - "compute":"comp.com", - "storage":"strg.com", - "protocol":"ces.com" + "dns_instance_id": null, + "dns_custom_resolver_id": null, + "dns_domain_names": { + "compute": "comp.com", + "storage": "strg.com", + "protocol": "ces.com" }, - "enable_cos_integration":true, - "cos_instance_name":null, - "enable_atracker":true, - "enable_vpc_flow_logs":true, - "key_management":"key_protect", - "hpcs_instance_name":null + "enable_cos_integration": true, + "cos_instance_name": null, + "enable_atracker": true, + "enable_vpc_flow_logs": true, + "key_management": "key_protect", + "hpcs_instance_name": null } diff --git a/solutions/hpcaas/variables.tf b/solutions/hpcaas/variables.tf index f7fe9167..ec411dfb 100644 --- a/solutions/hpcaas/variables.tf +++ b/solutions/hpcaas/variables.tf @@ -23,9 +23,10 @@ variable "ibmcloud_api_key" { ############################################################################## # Cluster Level Variables ############################################################################## -variable "zone" { - type = string - description = "Zone where VPC will be created." +variable "zones" { + type = list(string) + default = ["us-south-1", "us-south-2", "us-south-3"] + description = "Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions." } variable "ssh_keys" { @@ -52,7 +53,7 @@ variable "prefix" { ############################################################################## # Resource Groups Variables ############################################################################## -variable "resource_group" { +variable "existing_resource_group" { type = string default = "Default" description = "String describing resource groups to create or reference" @@ -62,10 +63,10 @@ variable "resource_group" { ############################################################################## # VPC Variables ############################################################################## -variable "vpc" { +variable "vpc_name" { type = string default = null - description = "Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc)" + description = "Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc_name)" } variable "network_cidr" { diff --git a/solutions/hpcaas/version.tf b/solutions/hpcaas/version.tf index e081bcc1..93f82bed 100644 --- a/solutions/hpcaas/version.tf +++ b/solutions/hpcaas/version.tf @@ -1,14 +1,10 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" version = ">= 1.68.1, < 2.0.0" } - ansible = { - source = "ansible/ansible" - version = "~> 1.3.0" - } } } diff --git a/solutions/lsf/README.md b/solutions/lsf/README.md index 6ee238a5..056eddaf 100644 --- a/solutions/lsf/README.md +++ b/solutions/lsf/README.md @@ -3,14 +3,11 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [ansible](#requirement\_ansible) | ~> 1.3.0 | | [ibm](#requirement\_ibm) | >= 1.68.1, < 2.0.0 | ## Providers -| Name | Version | -|------|---------| -| [ibm](#provider\_ibm) | 1.70.1 | +No providers. ## Modules @@ -20,64 +17,84 @@ ## Resources -| Name | Type | -|------|------| -| [ibm_is_vpc.itself](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_vpc) | data source | +No resources. ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [allowed\_cidr](#input\_allowed\_cidr) | Network CIDR to access the VPC. This is used to manage network ACL rules for accessing the cluster. | `list(string)` | n/a | yes | +| [bastion\_image](#input\_bastion\_image) | The image to use to deploy the bastion host. | `string` | `"ibm-ubuntu-22-04-3-minimal-amd64-1"` | no | +| [bastion\_instance\_profile](#input\_bastion\_instance\_profile) | Deployer should be only used for better deployment performance | `string` | `"cx2-4x8"` | no | | [bastion\_ssh\_keys](#input\_bastion\_ssh\_keys) | The key pair to use to access the bastion host. | `list(string)` | `null` | no | -| [bastion\_subnets\_cidr](#input\_bastion\_subnets\_cidr) | Subnet CIDR block to launch the bastion host. | `list(string)` | 
[
  "10.0.0.0/24"
]
| no | +| [bastion\_subnets\_cidr](#input\_bastion\_subnets\_cidr) | Subnet CIDR block to launch the bastion host. | `string` | `"10.0.0.0/24"` | no | | [client\_instances](#input\_client\_instances) | Number of instances to be launched for client. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [client\_ssh\_keys](#input\_client\_ssh\_keys) | The key pair to use to launch the client host. | `list(string)` | `null` | no | -| [client\_subnets\_cidr](#input\_client\_subnets\_cidr) | Subnet CIDR block to launch the client host. | `list(string)` | 
[
  "10.10.10.0/24",
  "10.20.10.0/24",
  "10.30.10.0/24"
]
| no | +| [client\_subnets\_cidr](#input\_client\_subnets\_cidr) | Subnet CIDR block to launch the client host. | `string` | `"10.10.10.0/24"` | no | | [compute\_gui\_password](#input\_compute\_gui\_password) | Password for compute cluster GUI | `string` | `"hpc@IBMCloud"` | no | | [compute\_gui\_username](#input\_compute\_gui\_username) | GUI user to perform system management and monitoring tasks on compute cluster. | `string` | `"admin"` | no | | [compute\_ssh\_keys](#input\_compute\_ssh\_keys) | The key pair to use to launch the compute host. | `list(string)` | `null` | no | -| [compute\_subnets\_cidr](#input\_compute\_subnets\_cidr) | Subnet CIDR block to launch the compute cluster host. | `list(string)` | 
[
  "10.10.20.0/24",
  "10.20.20.0/24",
  "10.30.20.0/24"
]
| no | +| [compute\_subnets\_cidr](#input\_compute\_subnets\_cidr) | Subnet CIDR block to launch the compute cluster host. | `string` | `"10.10.20.0/24"` | no | | [cos\_instance\_name](#input\_cos\_instance\_name) | Exiting COS instance name | `string` | `null` | no | -| [deployer\_instance\_profile](#input\_deployer\_instance\_profile) | Deployer should be only used for better deployment performance | `string` | `"mx2-4x32"` | no | +| [deployer\_image](#input\_deployer\_image) | The image to use to deploy the deployer host. | `string` | `"ibm-redhat-8-10-minimal-amd64-2"` | no | +| [deployer\_instance\_profile](#input\_deployer\_instance\_profile) | Deployer should be only used for better deployment performance | `string` | `"bx2-8x32"` | no | | [dns\_custom\_resolver\_id](#input\_dns\_custom\_resolver\_id) | IBM Cloud DNS custom resolver id. | `string` | `null` | no | | [dns\_domain\_names](#input\_dns\_domain\_names) | IBM Cloud HPC DNS domain names. | 
object({
    compute  = string
    storage  = string
    protocol = string
  })
| 
{
  "compute": "comp.com",
  "protocol": "ces.com",
  "storage": "strg.com"
}
| no | | [dns\_instance\_id](#input\_dns\_instance\_id) | IBM Cloud HPC DNS service instance id. | `string` | `null` | no | | [dynamic\_compute\_instances](#input\_dynamic\_compute\_instances) | MaxNumber of instances to be launched for compute cluster. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 1024,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | -| [enable\_atracker](#input\_enable\_atracker) | Enable Activity tracker | `bool` | `true` | no | | [enable\_bastion](#input\_enable\_bastion) | The solution supports multiple ways to connect to your HPC cluster for example, using bastion node, via VPN or direct connection. If connecting to the HPC cluster via VPN or direct connection, set this value to false. | `bool` | `true` | no | | [enable\_cos\_integration](#input\_enable\_cos\_integration) | Integrate COS with HPC solution | `bool` | `true` | no | | [enable\_deployer](#input\_enable\_deployer) | Deployer should be only used for better deployment performance | `bool` | `false` | no | | [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Enable Activity tracker | `bool` | `true` | no | | [enable\_vpn](#input\_enable\_vpn) | The solution supports multiple ways to connect to your HPC cluster for example, using bastion node, via VPN or direct connection. If connecting to the HPC cluster via VPN, set this value to true. | `bool` | `false` | no | +| [existing\_resource\_group](#input\_existing\_resource\_group) | String describing resource groups to create or reference | `string` | `"Default"` | no | | [file\_shares](#input\_file\_shares) | Custom file shares to access shared storage | 
list(
    object({
      mount_path = string,
      size       = number,
      iops       = number
    })
  )
| 
[
  {
    "iops": 1000,
    "mount_path": "/mnt/binaries",
    "size": 100
  },
  {
    "iops": 1000,
    "mount_path": "/mnt/data",
    "size": 100
  }
]
| no | | [hpcs\_instance\_name](#input\_hpcs\_instance\_name) | Hyper Protect Crypto Service instance | `string` | `null` | no | | [ibm\_customer\_number](#input\_ibm\_customer\_number) | Comma-separated list of the IBM Customer Number(s) (ICN) that is used for the Bring Your Own License (BYOL) entitlement check. For more information on how to find your ICN, see [What is my IBM Customer Number (ICN)?](https://www.ibm.com/support/pages/what-my-ibm-customer-number-icn). | `string` | n/a | yes | | [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | IBM Cloud API Key that will be used for authentication in scripts run in this module. Only required if certain options are required. | `string` | n/a | yes | -| [key\_management](#input\_key\_management) | null/key\_protect/hs\_crypto | `string` | `"key_protect"` | no | +| [key\_management](#input\_key\_management) | Set the value as key\_protect to enable customer managed encryption for boot volume and file share. If the key\_management is set as null, IBM Cloud resources will be always be encrypted through provider managed. | `string` | `"key_protect"` | no | +| [kms\_instance\_name](#input\_kms\_instance\_name) | Provide the name of the existing Key Protect instance associated with the Key Management Service. Note: To use existing kms\_instance\_name set key\_management as key\_protect. The name can be found under the details of the KMS, see [View key-protect ID](https://cloud.ibm.com/docs/key-protect?topic=key-protect-retrieve-instance-ID&interface=ui). | `string` | `null` | no | +| [kms\_key\_name](#input\_kms\_key\_name) | Provide the existing kms key name that you want to use for the IBM Cloud HPC cluster. Note: kms\_key\_name to be considered only if key\_management value is set as key\_protect.(for example kms\_key\_name: my-encryption-key). | `string` | `null` | no | | [management\_instances](#input\_management\_instances) | Number of instances to be launched for management. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [network\_cidr](#input\_network\_cidr) | Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning. | `string` | `"10.0.0.0/8"` | no | -| [nsd\_details](#input\_nsd\_details) | Storage scale NSD details | 
list(
    object({
      profile  = string
      capacity = optional(number)
      iops     = optional(number)
    })
  )
| 
[
  {
    "capacity": 100,
    "iops": 1000,
    "profile": "custom"
  }
]
| no | +| [observability\_atracker\_enable](#input\_observability\_atracker\_enable) | Activity Tracker Event Routing to configure how to route auditing events. While multiple Activity Tracker instances can be created, only one tracker is needed to capture all events. Creating additional trackers is unnecessary if an existing Activity Tracker is already integrated with a COS bucket. In such cases, set the value to false, as all events can be monitored and accessed through the existing Activity Tracker. | `bool` | `true` | no | +| [observability\_atracker\_target\_type](#input\_observability\_atracker\_target\_type) | All the events will be stored in either COS bucket or Cloud Logs on the basis of user input, so customers can retrieve or ingest them in their system. | `string` | `"cloudlogs"` | no | +| [observability\_enable\_metrics\_routing](#input\_observability\_enable\_metrics\_routing) | Enable metrics routing to manage metrics at the account-level by configuring targets and routes that define where data points are routed. | `bool` | `false` | no | +| [observability\_enable\_platform\_logs](#input\_observability\_enable\_platform\_logs) | Setting this to true will create a tenant in the same region that the Cloud Logs instance is provisioned to enable platform logs for that region. NOTE: You can only have 1 tenant per region in an account. | `bool` | `false` | no | +| [observability\_logs\_enable\_for\_compute](#input\_observability\_logs\_enable\_for\_compute) | Set false to disable IBM Cloud Logs integration. If enabled, infrastructure and LSF application logs from Compute Nodes will be ingested. | `bool` | `false` | no | +| [observability\_logs\_enable\_for\_management](#input\_observability\_logs\_enable\_for\_management) | Set false to disable IBM Cloud Logs integration. If enabled, infrastructure and LSF application logs from Management Nodes will be ingested. | `bool` | `false` | no | +| [observability\_logs\_retention\_period](#input\_observability\_logs\_retention\_period) | The number of days IBM Cloud Logs will retain the logs data in Priority insights. Allowed values: 7, 14, 30, 60, 90. | `number` | `7` | no | +| [observability\_monitoring\_enable](#input\_observability\_monitoring\_enable) | Set false to disable IBM Cloud Monitoring integration. If enabled, infrastructure and LSF application metrics from Management Nodes will be ingested. | `bool` | `true` | no | +| [observability\_monitoring\_on\_compute\_nodes\_enable](#input\_observability\_monitoring\_on\_compute\_nodes\_enable) | Set false to disable IBM Cloud Monitoring integration. If enabled, infrastructure metrics from Compute Nodes will be ingested. | `bool` | `false` | no | +| [observability\_monitoring\_plan](#input\_observability\_monitoring\_plan) | Type of service plan for IBM Cloud Monitoring instance. You can choose one of the following: lite, graduated-tier. For all details visit [IBM Cloud Monitoring Service Plans](https://cloud.ibm.com/docs/monitoring?topic=monitoring-service_plans). | `string` | `"graduated-tier"` | no | | [override](#input\_override) | Override default values with custom JSON template. This uses the file `override.json` to allow users to create a fully customized environment. | `bool` | `false` | no | | [override\_json\_string](#input\_override\_json\_string) | Override default values with a JSON object. Any JSON other than an empty string overrides other configuration changes. | `string` | `null` | no | | [placement\_strategy](#input\_placement\_strategy) | VPC placement groups to create (null / host\_spread / power\_spread) | `string` | `null` | no | | [prefix](#input\_prefix) | A unique identifier for resources. Must begin with a letter and end with a letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. | `string` | `"lsf"` | no | | [protocol\_instances](#input\_protocol\_instances) | Number of instances to be launched for protocol hosts. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | -| [protocol\_subnets\_cidr](#input\_protocol\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `list(string)` | 
[
  "10.10.40.0/24",
  "10.20.40.0/24",
  "10.30.40.0/24"
]
| no | -| [resource\_group](#input\_resource\_group) | String describing resource groups to create or reference | `string` | `"Default"` | no | +| [protocol\_subnets\_cidr](#input\_protocol\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `string` | `"10.10.40.0/24"` | no | +| [scc\_enable](#input\_scc\_enable) | Flag to enable SCC instance creation. If true, an instance of SCC (Security and Compliance Center) will be created. | `bool` | `true` | no | +| [scc\_event\_notification\_plan](#input\_scc\_event\_notification\_plan) | Event Notifications Instance plan to be used (it's used with S.C.C. instance), possible values 'lite' and 'standard'. | `string` | `"lite"` | no | +| [scc\_location](#input\_scc\_location) | Location where the SCC instance is provisioned (possible choices 'us-south', 'eu-de', 'ca-tor', 'eu-es') | `string` | `"us-south"` | no | +| [scc\_profile](#input\_scc\_profile) | Profile to be set on the SCC Instance (accepting empty, 'CIS IBM Cloud Foundations Benchmark' and 'IBM Cloud Framework for Financial Services') | `string` | `"CIS IBM Cloud Foundations Benchmark v1.1.0"` | no | +| [skip\_flowlogs\_s2s\_auth\_policy](#input\_skip\_flowlogs\_s2s\_auth\_policy) | Skip auth policy between flow logs service and COS instance, set to true if this policy is already in place on account. | `bool` | `false` | no | +| [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to false if authorization policy is required for VPC block storage volumes to access kms. This can be set to true if authorization policy already exists. For more information on how to create authorization policy manually, see [creating authorization policies for block storage volume](https://cloud.ibm.com/docs/vpc?topic=vpc-block-s2s-auth&interface=ui). | `bool` | `false` | no | +| [skip\_kms\_s2s\_auth\_policy](#input\_skip\_kms\_s2s\_auth\_policy) | Skip auth policy between KMS service and COS instance, set to true if this policy is already in place on account. | `bool` | `false` | no | | [ssh\_keys](#input\_ssh\_keys) | The key pair to use to access the HPC cluster. | `list(string)` | `null` | no | | [static\_compute\_instances](#input\_static\_compute\_instances) | Min Number of instances to be launched for compute cluster. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 1,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [storage\_gui\_password](#input\_storage\_gui\_password) | Password for storage cluster GUI | `string` | `"hpc@IBMCloud"` | no | | [storage\_gui\_username](#input\_storage\_gui\_username) | GUI user to perform system management and monitoring tasks on storage cluster. | `string` | `"admin"` | no | | [storage\_instances](#input\_storage\_instances) | Number of instances to be launched for storage cluster. | 
list(
    object({
      profile         = string
      count           = number
      image           = string
      filesystem_name = optional(string)
    })
  )
| 
[
  {
    "count": 2,
    "filesystem_name": "fs1",
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | | [storage\_ssh\_keys](#input\_storage\_ssh\_keys) | The key pair to use to launch the storage cluster host. | `list(string)` | `null` | no | -| [storage\_subnets\_cidr](#input\_storage\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `list(string)` | 
[
  "10.10.30.0/24",
  "10.20.30.0/24",
  "10.30.30.0/24"
]
| no | +| [storage\_subnets\_cidr](#input\_storage\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `string` | `"10.10.30.0/24"` | no | | [vpc](#input\_vpc) | Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc) | `string` | `null` | no | | [vpn\_peer\_address](#input\_vpn\_peer\_address) | The peer public IP address to which the VPN will be connected. | `string` | `null` | no | | [vpn\_peer\_cidr](#input\_vpn\_peer\_cidr) | The peer CIDRs (e.g., 192.168.0.0/24) to which the VPN will be connected. | `list(string)` | `null` | no | | [vpn\_preshared\_key](#input\_vpn\_preshared\_key) | The pre-shared key for the VPN. | `string` | `null` | no | -| [zones](#input\_zones) | Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions. | `list(string)` | n/a | yes | +| [zone](#input\_zone) | Zone where VPC will be created. | `string` | n/a | yes | ## Outputs -No outputs. +| Name | Description | +|------|-------------| +| [lsf](#output\_lsf) | LSF details | diff --git a/solutions/lsf/catalogValidationValues.json.template b/solutions/lsf/catalogValidationValues.json.template index a5642a41..2aea8d9e 100644 --- a/solutions/lsf/catalogValidationValues.json.template +++ b/solutions/lsf/catalogValidationValues.json.template @@ -2,6 +2,6 @@ "ibmcloud_api_key": $VALIDATION_APIKEY, "prefix": $PREFIX, "zones": "[\"ca-tor-1\"]", - "resource_group": "geretain-hpc-rg", + "existing_resource_group": "geretain-hpc-rg", "ssh_keys": "[\"geretain-hpc-ssh-key\"]" } diff --git a/solutions/lsf/datasource.tf b/solutions/lsf/datasource.tf deleted file mode 100644 index f6fada1e..00000000 --- a/solutions/lsf/datasource.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Future use -/* -data "ibm_is_region" "itself" { - name = local.region -} - -data "ibm_is_zone" "itself" { - name = var.zones[0] - region = data.ibm_is_region.itself.name -} -*/ - -data "ibm_is_vpc" "itself" { - count = var.vpc == null ? 0 : 1 - name = var.vpc -} -/* -data "ibm_is_subnet" "itself" { - count = length(local.subnets) - identifier = local.subnets[count.index]["id"] -} -*/ diff --git a/solutions/lsf/locals.tf b/solutions/lsf/locals.tf index e25da8b4..495b27b0 100644 --- a/solutions/lsf/locals.tf +++ b/solutions/lsf/locals.tf @@ -1,10 +1,9 @@ # locals needed for ibm provider locals { # Region and Zone calculations - region = join("-", slice(split("-", var.zone), 0, 2)) + region = join("-", slice(split("-", var.zones[0]), 0, 2)) } - locals { override_json_path = abspath("./override.json") override = { @@ -17,10 +16,9 @@ locals { override_type = var.override_json_string == null ? "override" : "override_json_string" } - locals { config = { - resource_group = var.resource_group + existing_resource_group = var.existing_resource_group allowed_cidr = var.allowed_cidr deployer_instance_profile = var.deployer_instance_profile ssh_keys = var.ssh_keys @@ -62,7 +60,7 @@ locals { storage_instances = var.storage_instances storage_ssh_keys = var.storage_ssh_keys storage_subnets_cidr = var.storage_subnets_cidr - vpc = var.vpc + vpc_name = var.vpc_name vpn_peer_address = var.vpn_peer_address vpn_peer_cidr = var.vpn_peer_cidr vpn_preshared_key = var.vpn_preshared_key @@ -80,7 +78,6 @@ locals { observability_monitoring_plan = var.observability_monitoring_plan scc_enable = var.scc_enable scc_profile = var.scc_profile - # scc_profile_version = var.scc_profile_version scc_location = var.scc_location scc_event_notification_plan = var.scc_event_notification_plan skip_flowlogs_s2s_auth_policy = var.skip_flowlogs_s2s_auth_policy @@ -88,15 +85,15 @@ locals { skip_kms_s2s_auth_policy = var.skip_kms_s2s_auth_policy # New Variables - ibmcloud_api_key = var.ibmcloud_api_key + ibmcloud_api_key = var.ibmcloud_api_key + # scc_profile_version = var.scc_profile_version } } - # Compile Environment for Config output locals { env = { - resource_group = lookup(local.override[local.override_type], "resource_group", local.config.resource_group) + existing_resource_group = lookup(local.override[local.override_type], "existing_resource_group", local.config.existing_resource_group) allowed_cidr = lookup(local.override[local.override_type], "allowed_cidr", local.config.allowed_cidr) deployer_instance_profile = lookup(local.override[local.override_type], "deployer_instance_profile", local.config.deployer_instance_profile) ssh_keys = lookup(local.override[local.override_type], "ssh_keys", local.config.ssh_keys) @@ -138,7 +135,7 @@ locals { storage_instances = lookup(local.override[local.override_type], "storage_instances", local.config.storage_instances) storage_ssh_keys = lookup(local.override[local.override_type], "storage_ssh_keys", local.config.storage_ssh_keys) storage_subnets_cidr = lookup(local.override[local.override_type], "storage_subnets_cidr", local.config.storage_subnets_cidr) - vpc = lookup(local.override[local.override_type], "vpc", local.config.vpc) + vpc_name = lookup(local.override[local.override_type], "vpc_name", local.config.vpc_name) vpn_peer_address = lookup(local.override[local.override_type], "vpn_peer_address", local.config.vpn_peer_address) vpn_peer_cidr = lookup(local.override[local.override_type], "vpn_peer_cidr", local.config.vpn_peer_cidr) vpn_preshared_key = lookup(local.override[local.override_type], "vpn_preshared_key", local.config.vpn_preshared_key) @@ -156,13 +153,14 @@ locals { observability_monitoring_plan = lookup(local.override[local.override_type], "observability_monitoring_plan", local.config.observability_monitoring_plan) scc_enable = lookup(local.override[local.override_type], "scc_enable", local.config.scc_enable) scc_profile = lookup(local.override[local.override_type], "scc_profile", local.config.scc_profile) - # scc_profile_version = lookup(local.override[local.override_type], "scc_profile_version", local.config.scc_profile_version) scc_location = lookup(local.override[local.override_type], "scc_location", local.config.scc_location) scc_event_notification_plan = lookup(local.override[local.override_type], "scc_event_notification_plan", local.config.scc_event_notification_plan) skip_flowlogs_s2s_auth_policy = lookup(local.override[local.override_type], "skip_flowlogs_s2s_auth_policy", local.config.skip_flowlogs_s2s_auth_policy) skip_iam_authorization_policy = lookup(local.override[local.override_type], "skip_iam_authorization_policy", local.config.skip_iam_authorization_policy) skip_kms_s2s_auth_policy = lookup(local.override[local.override_type], "skip_kms_s2s_auth_policy", local.config.skip_kms_s2s_auth_policy) # New Variables - ibmcloud_api_key = lookup(local.override[local.override_type], "ibmcloud_api_key", local.config.ibmcloud_api_key) + ibmcloud_api_key = lookup(local.override[local.override_type], "ibmcloud_api_key", local.config.ibmcloud_api_key) + # scc_profile_version = lookup(local.override[local.override_type], "scc_profile_version", local.config.scc_profile_version) + } } diff --git a/solutions/lsf/main.tf b/solutions/lsf/main.tf index 99750186..443a8023 100644 --- a/solutions/lsf/main.tf +++ b/solutions/lsf/main.tf @@ -1,74 +1,75 @@ module "lsf" { - source = "./../.." - scheduler = "LSF" - ibm_customer_number = var.ibm_customer_number - zones = [var.zone] - allowed_cidr = var.allowed_cidr - prefix = local.env.prefix - ssh_keys = local.env.ssh_keys - resource_group = local.env.resource_group - bastion_ssh_keys = local.env.bastion_ssh_keys - bastion_subnets_cidr = [local.env.bastion_subnets_cidr] - compute_gui_password = local.env.compute_gui_password - compute_gui_username = local.env.compute_gui_username - compute_ssh_keys = local.env.compute_ssh_keys - compute_subnets_cidr = [local.env.compute_subnets_cidr] - cos_instance_name = local.env.cos_instance_name - dns_custom_resolver_id = local.env.dns_custom_resolver_id - dns_instance_id = local.env.dns_instance_id - dns_domain_names = local.env.dns_domain_names - dynamic_compute_instances = local.env.dynamic_compute_instances - enable_bastion = local.env.enable_bastion - bastion_image = local.env.bastion_image - bastion_instance_profile = local.env.bastion_instance_profile - enable_deployer = local.env.enable_deployer - deployer_image = local.env.deployer_image - deployer_instance_profile = local.env.deployer_instance_profile - enable_cos_integration = local.env.enable_cos_integration - enable_vpc_flow_logs = local.env.enable_vpc_flow_logs - enable_vpn = local.env.enable_vpn - file_shares = local.env.file_shares - hpcs_instance_name = local.env.hpcs_instance_name - key_management = local.env.key_management - client_instances = local.env.client_instances - client_ssh_keys = local.env.client_ssh_keys - client_subnets_cidr = [local.env.client_subnets_cidr] - management_instances = local.env.management_instances - network_cidr = local.env.network_cidr - placement_strategy = local.env.placement_strategy - protocol_instances = local.env.protocol_instances - protocol_subnets_cidr = [local.env.protocol_subnets_cidr] - static_compute_instances = local.env.static_compute_instances - storage_gui_password = local.env.storage_gui_password - storage_gui_username = local.env.storage_gui_username - storage_instances = local.env.storage_instances - storage_ssh_keys = local.env.storage_ssh_keys - storage_subnets_cidr = [local.env.storage_subnets_cidr] - vpc = local.env.vpc - vpn_peer_address = local.env.vpn_peer_address - vpn_peer_cidr = local.env.vpn_peer_cidr - vpn_preshared_key = local.env.vpn_preshared_key - kms_instance_name = local.env.kms_instance_name - kms_key_name = local.env.kms_key_name - observability_atracker_enable = local.env.observability_atracker_enable - observability_atracker_target_type = local.env.observability_atracker_target_type - observability_monitoring_enable = local.env.observability_monitoring_enable - observability_logs_enable_for_management = local.env.observability_logs_enable_for_management - observability_logs_enable_for_compute = local.env.observability_logs_enable_for_compute - observability_enable_platform_logs = local.env.observability_enable_platform_logs - observability_enable_metrics_routing = local.env.observability_enable_metrics_routing - observability_logs_retention_period = local.env.observability_logs_retention_period - observability_monitoring_on_compute_nodes_enable = local.env.observability_monitoring_on_compute_nodes_enable - observability_monitoring_plan = local.env.observability_monitoring_plan - scc_enable = local.env.scc_enable - scc_profile = local.env.scc_profile - # scc_profile_version = local.env.scc_profile_version - scc_location = local.env.scc_location - scc_event_notification_plan = local.env.scc_event_notification_plan - skip_flowlogs_s2s_auth_policy = local.env.skip_flowlogs_s2s_auth_policy - skip_iam_authorization_policy = local.env.skip_iam_authorization_policy - skip_kms_s2s_auth_policy = local.env.skip_kms_s2s_auth_policy + source = "./../.." + scheduler = "LSF" + ibm_customer_number = var.ibm_customer_number + zones = var.zones + allowed_cidr = var.allowed_cidr + prefix = local.env.prefix + ssh_keys = local.env.ssh_keys + existing_resource_group = local.env.existing_resource_group + bastion_ssh_keys = local.env.bastion_ssh_keys + bastion_subnets_cidr = [local.env.bastion_subnets_cidr] + compute_ssh_keys = local.env.compute_ssh_keys + compute_subnets_cidr = [local.env.compute_subnets_cidr] + cos_instance_name = local.env.cos_instance_name + dns_custom_resolver_id = local.env.dns_custom_resolver_id + dns_instance_id = local.env.dns_instance_id + dns_domain_names = local.env.dns_domain_names + dynamic_compute_instances = local.env.dynamic_compute_instances + enable_bastion = local.env.enable_bastion + bastion_image = local.env.bastion_image + bastion_instance_profile = local.env.bastion_instance_profile + enable_deployer = local.env.enable_deployer + deployer_image = local.env.deployer_image + deployer_instance_profile = local.env.deployer_instance_profile + enable_cos_integration = local.env.enable_cos_integration + enable_vpc_flow_logs = local.env.enable_vpc_flow_logs + enable_vpn = local.env.enable_vpn + file_shares = local.env.file_shares + key_management = local.env.key_management + client_instances = local.env.client_instances + client_ssh_keys = local.env.client_ssh_keys + management_instances = local.env.management_instances + network_cidr = local.env.network_cidr + placement_strategy = local.env.placement_strategy + protocol_instances = local.env.protocol_instances + protocol_subnets_cidr = [local.env.protocol_subnets_cidr] + static_compute_instances = local.env.static_compute_instances + storage_instances = local.env.storage_instances + storage_ssh_keys = local.env.storage_ssh_keys + storage_subnets_cidr = [local.env.storage_subnets_cidr] + vpc_name = local.env.vpc_name + vpn_peer_address = local.env.vpn_peer_address + vpn_peer_cidr = local.env.vpn_peer_cidr + vpn_preshared_key = local.env.vpn_preshared_key + kms_instance_name = local.env.kms_instance_name + kms_key_name = local.env.kms_key_name + observability_atracker_enable = local.env.observability_atracker_enable + observability_atracker_target_type = local.env.observability_atracker_target_type + observability_monitoring_enable = local.env.observability_monitoring_enable + observability_logs_enable_for_management = local.env.observability_logs_enable_for_management + observability_logs_enable_for_compute = local.env.observability_logs_enable_for_compute + observability_enable_platform_logs = local.env.observability_enable_platform_logs + observability_enable_metrics_routing = local.env.observability_enable_metrics_routing + observability_logs_retention_period = local.env.observability_logs_retention_period + observability_monitoring_plan = local.env.observability_monitoring_plan + scc_enable = local.env.scc_enable + scc_profile = local.env.scc_profile + scc_location = local.env.scc_location + scc_event_notification_plan = local.env.scc_event_notification_plan + skip_flowlogs_s2s_auth_policy = local.env.skip_flowlogs_s2s_auth_policy + skip_iam_authorization_policy = local.env.skip_iam_authorization_policy + skip_kms_s2s_auth_policy = local.env.skip_kms_s2s_auth_policy # New Variables - ibmcloud_api_key = local.env.ibmcloud_api_key + ibmcloud_api_key = local.env.ibmcloud_api_key + + # compute_gui_password = local.env.compute_gui_password + # compute_gui_username = local.env.compute_gui_username + # hpcs_instance_name = local.env.hpcs_instance_name + # client_subnets_cidr = [local.env.client_subnets_cidr] + # storage_gui_password = local.env.storage_gui_password + # storage_gui_username = local.env.storage_gui_username + # observability_monitoring_on_compute_nodes_enable = local.env.observability_monitoring_on_compute_nodes_enable + # scc_profile_version = local.env.scc_profile_version } diff --git a/solutions/lsf/outputs.tf b/solutions/lsf/outputs.tf index aac8ff51..67bc44e4 100644 --- a/solutions/lsf/outputs.tf +++ b/solutions/lsf/outputs.tf @@ -1,6 +1,6 @@ output "lsf" { - value = module.lsf.file_storage - #sensitive = true + description = "LSF details" + value = module.lsf.file_storage } # output "ssh_to_compute" { @@ -10,4 +10,4 @@ output "lsf" { # output "lsf" { # value = module.lsf -# } \ No newline at end of file +# } diff --git a/solutions/lsf/override.json b/solutions/lsf/override.json index 3b749691..1638e104 100644 --- a/solutions/lsf/override.json +++ b/solutions/lsf/override.json @@ -1,113 +1,113 @@ { - "prefix":"lsf", - "resource_group": "Default", - "vpc": null, - "network_cidr":"10.0.0.0/8", - "placement_strategy":null, - "ssh_keys":null, - "enable_bastion":true, - "enable_deployer":false, - "deployer_instance_profile":"mx2-4x32", - "bastion_ssh_keys": null, - "bastion_subnets_cidr":"10.0.0.0/24", - "enable_vpn":false, - "vpn_peer_cidr":null, - "vpn_peer_address":null, - "vpn_preshared_key":null, - "client_subnets_cidr":"10.10.10.0/24", - "client_ssh_keys": null, - "client_instances":[ - { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" - } - ], - "compute_subnets_cidr":"10.10.20.0/24", - "compute_ssh_keys": null, - "management_instances":[ - { - "profile":"cx2-2x4", - "count":3, - "image":"ibm-redhat-8-10-minimal-amd64-2" - } - ], - "static_compute_instances":[ - { - "profile":"cx2-2x4", - "count":0, - "image":"ibm-redhat-8-10-minimal-amd64-2" - } - ], - "dynamic_compute_instances":[ - { - "profile":"cx2-2x4", - "count":5000, - "image":"ibm-redhat-8-10-minimal-amd64-2" - } - ], - "compute_gui_username":"admin", - "compute_gui_password": "hpc@IBMCloud", - "storage_subnets_cidr":"10.10.30.0/24", - "storage_ssh_keys": null, - "storage_instances":[ - { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" - } - ], - "protocol_subnets_cidr":"10.10.40.0/24", - "protocol_instances":[ - { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" - } - ], - "storage_gui_username":"admin", - "storage_gui_password": "hpc@IBMCloud", - "file_shares":[ - { - "mount_path":"/mnt/binaries", - "size":100, - "iops":1000 - }, - { - "mount_path":"/mnt/data", - "size":100, - "iops":1000 - } - ], - "dns_instance_id":null, - "dns_custom_resolver_id":null, - "dns_domain_names":{ - "compute":"comp.com", - "storage":"strg.com", - "protocol":"ces.com" - }, - "enable_cos_integration":true, - "cos_instance_name":null, - "enable_vpc_flow_logs":true, - "key_management":"key_protect", - "hpcs_instance_name":null, - "kms_instance_name":null, - "kms_key_name":null, - "observability_atracker_enable":true, - "observability_atracker_target_type":"cloudlogs", - "observability_monitoring_enable":true, - "observability_logs_enable_for_management":false, - "observability_logs_enable_for_compute":false, - "observability_enable_platform_logs":false, - "observability_enable_metrics_routing":false, - "observability_logs_retention_period":7, - "observability_monitoring_on_compute_nodes_enable":false, - "observability_monitoring_plan":"graduated-tier", - "scc_enable":true, - "scc_profile":"CIS IBM Cloud Foundations Benchmark v1.1.0", - "scc_location":"us-south", - "scc_event_notification_plan":"lite", - "skip_flowlogs_s2s_auth_policy":false, - "skip_kms_s2s_auth_policy":false, - "skip_iam_authorization_policy":false - } + "prefix": "lsf", + "existing_resource_group": "Default", + "vpc_name": null, + "network_cidr": "10.0.0.0/8", + "placement_strategy": null, + "ssh_keys": null, + "enable_bastion": true, + "enable_deployer": false, + "deployer_instance_profile": "mx2-4x32", + "bastion_ssh_keys": null, + "bastion_subnets_cidr": "10.0.0.0/24", + "enable_vpn": false, + "vpn_peer_cidr": null, + "vpn_peer_address": null, + "vpn_preshared_key": null, + "client_subnets_cidr": "10.10.10.0/24", + "client_ssh_keys": null, + "client_instances": [ + { + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" + } + ], + "compute_subnets_cidr": "10.10.20.0/24", + "compute_ssh_keys": null, + "management_instances": [ + { + "profile": "cx2-2x4", + "count": 3, + "image": "ibm-redhat-8-10-minimal-amd64-2" + } + ], + "static_compute_instances": [ + { + "profile": "cx2-2x4", + "count": 0, + "image": "ibm-redhat-8-10-minimal-amd64-2" + } + ], + "dynamic_compute_instances": [ + { + "profile": "cx2-2x4", + "count": 5000, + "image": "ibm-redhat-8-10-minimal-amd64-2" + } + ], + "compute_gui_username": "admin", + "compute_gui_password": "hpc@IBMCloud", + "storage_subnets_cidr": "10.10.30.0/24", + "storage_ssh_keys": null, + "storage_instances": [ + { + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" + } + ], + "protocol_subnets_cidr": "10.10.40.0/24", + "protocol_instances": [ + { + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" + } + ], + "storage_gui_username": "admin", + "storage_gui_password": "hpc@IBMCloud", + "file_shares": [ + { + "mount_path": "/mnt/binaries", + "size": 100, + "iops": 1000 + }, + { + "mount_path": "/mnt/data", + "size": 100, + "iops": 1000 + } + ], + "dns_instance_id": null, + "dns_custom_resolver_id": null, + "dns_domain_names": { + "compute": "comp.com", + "storage": "strg.com", + "protocol": "ces.com" + }, + "enable_cos_integration": true, + "cos_instance_name": null, + "enable_vpc_flow_logs": true, + "key_management": "key_protect", + "hpcs_instance_name": null, + "kms_instance_name": null, + "kms_key_name": null, + "observability_atracker_enable": true, + "observability_atracker_target_type": "cloudlogs", + "observability_monitoring_enable": true, + "observability_logs_enable_for_management": false, + "observability_logs_enable_for_compute": false, + "observability_enable_platform_logs": false, + "observability_enable_metrics_routing": false, + "observability_logs_retention_period": 7, + "observability_monitoring_on_compute_nodes_enable": false, + "observability_monitoring_plan": "graduated-tier", + "scc_enable": true, + "scc_profile": "CIS IBM Cloud Foundations Benchmark v1.1.0", + "scc_location": "us-south", + "scc_event_notification_plan": "lite", + "skip_flowlogs_s2s_auth_policy": false, + "skip_kms_s2s_auth_policy": false, + "skip_iam_authorization_policy": false +} diff --git a/solutions/lsf/variables.tf b/solutions/lsf/variables.tf index cff1228d..83287bae 100644 --- a/solutions/lsf/variables.tf +++ b/solutions/lsf/variables.tf @@ -23,9 +23,10 @@ variable "ibmcloud_api_key" { ############################################################################## # Cluster Level Variables ############################################################################## -variable "zone" { - type = string - description = "Zone where VPC will be created." +variable "zones" { + type = list(string) + default = ["us-south-1", "us-south-2", "us-south-3"] + description = "Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions." } variable "ssh_keys" { @@ -52,7 +53,7 @@ variable "prefix" { ############################################################################## # Resource Groups Variables ############################################################################## -variable "resource_group" { +variable "existing_resource_group" { type = string default = "Default" description = "String describing resource groups to create or reference" @@ -62,7 +63,7 @@ variable "resource_group" { ############################################################################## # VPC Variables ############################################################################## -variable "vpc" { +variable "vpc_name" { type = string default = null description = "Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc)" @@ -148,7 +149,7 @@ variable "enable_deployer" { variable "deployer_image" { type = string - default = "ibm-redhat-8-10-minimal-amd64-2" + default = "jay-lsf-new-image" description = "The image to use to deploy the deployer host." } @@ -263,57 +264,57 @@ variable "compute_gui_password" { description = "Password for compute cluster GUI" } -variable "cluster_id" { - type = string - default = "HPCCluster" - description = "Unique ID of the cluster used by LSF for configuration of resources. This can be up to 39 alphanumeric characters." - validation { - condition = 0 < length(var.cluster_id) && length(var.cluster_id) < 40 && can(regex("^[a-zA-Z0-9_.-]+$", var.cluster_id)) - error_message = "The ID can be up to 39 alphanumeric characters including the underscore (_), the hyphen (-), and the period (.) characters." - } -} +# variable "cluster_name" { +# type = string +# default = "HPCCluster" +# description = "Unique ID of the cluster used by LSF for configuration of resources. This can be up to 39 alphanumeric characters." +# validation { +# condition = 0 < length(var.cluster_name) && length(var.cluster_name) < 40 && can(regex("^[a-zA-Z0-9_.-]+$", var.cluster_name)) +# error_message = "The ID can be up to 39 alphanumeric characters including the underscore (_), the hyphen (-), and the period (.) characters." +# } +# } -variable "enable_hyperthreading" { - type = bool - default = true - description = "Setting this to true will enable hyper-threading in the worker nodes of the cluster (default). Otherwise, hyper-threading will be disabled." -} +# variable "enable_hyperthreading" { +# type = bool +# default = true +# description = "Setting this to true will enable hyper-threading in the worker nodes of the cluster (default). Otherwise, hyper-threading will be disabled." +# } -variable "enable_dedicated_host" { - type = bool - default = false - description = "Set to true to use dedicated hosts for compute hosts (default: false)." -} +# variable "enable_dedicated_host" { +# type = bool +# default = false +# description = "Set to true to use dedicated hosts for compute hosts (default: false)." +# } -variable "dedicated_host_placement" { - type = string - default = "spread" - description = "Specify 'pack' or 'spread'. The 'pack' option will deploy VSIs on one dedicated host until full before moving on to the next dedicated host." - validation { - condition = var.dedicated_host_placement == "spread" || var.dedicated_host_placement == "pack" - error_message = "Supported values for dedicated_host_placement: spread or pack." - } -} +# variable "dedicated_host_placement" { +# type = string +# default = "spread" +# description = "Specify 'pack' or 'spread'. The 'pack' option will deploy VSIs on one dedicated host until full before moving on to the next dedicated host." +# validation { +# condition = var.dedicated_host_placement == "spread" || var.dedicated_host_placement == "pack" +# error_message = "Supported values for dedicated_host_placement: spread or pack." +# } +# } -variable "enable_app_center" { - type = bool - default = false - description = "Set to true to install and enable use of the IBM Spectrum LSF Application Center GUI." -} +# variable "enable_app_center" { +# type = bool +# default = false +# description = "Set to true to install and enable use of the IBM Spectrum LSF Application Center GUI." +# } -variable "app_center_gui_password" { - type = string - default = "hpc@IBMCloud" - sensitive = true - description = "Password for IBM Spectrum LSF Application Center GUI." -} +# variable "app_center_gui_password" { +# type = string +# default = "hpc@IBMCloud" +# sensitive = true +# description = "Password for IBM Spectrum LSF Application Center GUI." +# } -variable "app_center_db_password" { - type = string - default = "hpc@IBMCloud" - sensitive = true - description = "Password for IBM Spectrum LSF Application Center database GUI." -} +# variable "app_center_db_password" { +# type = string +# default = "hpc@IBMCloud" +# sensitive = true +# description = "Password for IBM Spectrum LSF Application Center database GUI." +# } ############################################################################## # Storage Scale Variables @@ -480,11 +481,11 @@ variable "cos_instance_name" { description = "Exiting COS instance name" } -variable "enable_atracker" { - type = bool - default = true - description = "Enable Activity tracker" -} +# variable "enable_atracker" { +# type = bool +# default = true +# description = "Enable Activity tracker" +# } variable "enable_vpc_flow_logs" { type = bool diff --git a/solutions/lsf/version.tf b/solutions/lsf/version.tf index e081bcc1..93f82bed 100644 --- a/solutions/lsf/version.tf +++ b/solutions/lsf/version.tf @@ -1,14 +1,10 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" version = ">= 1.68.1, < 2.0.0" } - ansible = { - source = "ansible/ansible" - version = "~> 1.3.0" - } } } diff --git a/solutions/scale/README.md b/solutions/scale/README.md index 6ee238a5..7561b14c 100644 --- a/solutions/scale/README.md +++ b/solutions/scale/README.md @@ -3,81 +3,77 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [ansible](#requirement\_ansible) | ~> 1.3.0 | | [ibm](#requirement\_ibm) | >= 1.68.1, < 2.0.0 | ## Providers -| Name | Version | -|------|---------| -| [ibm](#provider\_ibm) | 1.70.1 | +No providers. ## Modules | Name | Source | Version | |------|--------|---------| -| [lsf](#module\_lsf) | ./../.. | n/a | +| [scale](#module\_scale) | ./../.. | n/a | ## Resources -| Name | Type | -|------|------| -| [ibm_is_vpc.itself](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_vpc) | data source | +No resources. ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [allowed\_cidr](#input\_allowed\_cidr) | Network CIDR to access the VPC. This is used to manage network ACL rules for accessing the cluster. | `list(string)` | n/a | yes | +| [bastion\_image](#input\_bastion\_image) | The image to use to deploy the bastion host. | `string` | `"ibm-ubuntu-22-04-3-minimal-amd64-1"` | no | +| [bastion\_instance\_profile](#input\_bastion\_instance\_profile) | Deployer should be only used for better deployment performance | `string` | `"cx2-4x8"` | no | | [bastion\_ssh\_keys](#input\_bastion\_ssh\_keys) | The key pair to use to access the bastion host. | `list(string)` | `null` | no | -| [bastion\_subnets\_cidr](#input\_bastion\_subnets\_cidr) | Subnet CIDR block to launch the bastion host. | `list(string)` | 
[
  "10.0.0.0/24"
]
| no | +| [bastion\_subnets\_cidr](#input\_bastion\_subnets\_cidr) | Subnet CIDR block to launch the bastion host. | `string` | `"10.0.0.0/24"` | no | | [client\_instances](#input\_client\_instances) | Number of instances to be launched for client. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [client\_ssh\_keys](#input\_client\_ssh\_keys) | The key pair to use to launch the client host. | `list(string)` | `null` | no | -| [client\_subnets\_cidr](#input\_client\_subnets\_cidr) | Subnet CIDR block to launch the client host. | `list(string)` | 
[
  "10.10.10.0/24",
  "10.20.10.0/24",
  "10.30.10.0/24"
]
| no | +| [client\_subnets\_cidr](#input\_client\_subnets\_cidr) | Subnet CIDR block to launch the client host. | `string` | `"10.10.10.0/24"` | no | | [compute\_gui\_password](#input\_compute\_gui\_password) | Password for compute cluster GUI | `string` | `"hpc@IBMCloud"` | no | | [compute\_gui\_username](#input\_compute\_gui\_username) | GUI user to perform system management and monitoring tasks on compute cluster. | `string` | `"admin"` | no | +| [compute\_instances](#input\_compute\_instances) | Total Number of instances to be launched for compute cluster. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 3,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [compute\_ssh\_keys](#input\_compute\_ssh\_keys) | The key pair to use to launch the compute host. | `list(string)` | `null` | no | -| [compute\_subnets\_cidr](#input\_compute\_subnets\_cidr) | Subnet CIDR block to launch the compute cluster host. | `list(string)` | 
[
  "10.10.20.0/24",
  "10.20.20.0/24",
  "10.30.20.0/24"
]
| no | +| [compute\_subnets\_cidr](#input\_compute\_subnets\_cidr) | Subnet CIDR block to launch the compute cluster host. | `string` | `"10.10.20.0/24"` | no | | [cos\_instance\_name](#input\_cos\_instance\_name) | Exiting COS instance name | `string` | `null` | no | +| [deployer\_image](#input\_deployer\_image) | The image to use to deploy the deployer host. | `string` | `"ibm-redhat-8-10-minimal-amd64-2"` | no | | [deployer\_instance\_profile](#input\_deployer\_instance\_profile) | Deployer should be only used for better deployment performance | `string` | `"mx2-4x32"` | no | | [dns\_custom\_resolver\_id](#input\_dns\_custom\_resolver\_id) | IBM Cloud DNS custom resolver id. | `string` | `null` | no | | [dns\_domain\_names](#input\_dns\_domain\_names) | IBM Cloud HPC DNS domain names. | 
object({
    compute  = string
    storage  = string
    protocol = string
  })
| 
{
  "compute": "comp.com",
  "protocol": "ces.com",
  "storage": "strg.com"
}
| no | | [dns\_instance\_id](#input\_dns\_instance\_id) | IBM Cloud HPC DNS service instance id. | `string` | `null` | no | -| [dynamic\_compute\_instances](#input\_dynamic\_compute\_instances) | MaxNumber of instances to be launched for compute cluster. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 1024,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [enable\_atracker](#input\_enable\_atracker) | Enable Activity tracker | `bool` | `true` | no | | [enable\_bastion](#input\_enable\_bastion) | The solution supports multiple ways to connect to your HPC cluster for example, using bastion node, via VPN or direct connection. If connecting to the HPC cluster via VPN or direct connection, set this value to false. | `bool` | `true` | no | | [enable\_cos\_integration](#input\_enable\_cos\_integration) | Integrate COS with HPC solution | `bool` | `true` | no | | [enable\_deployer](#input\_enable\_deployer) | Deployer should be only used for better deployment performance | `bool` | `false` | no | | [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Enable Activity tracker | `bool` | `true` | no | | [enable\_vpn](#input\_enable\_vpn) | The solution supports multiple ways to connect to your HPC cluster for example, using bastion node, via VPN or direct connection. If connecting to the HPC cluster via VPN, set this value to true. | `bool` | `false` | no | -| [file\_shares](#input\_file\_shares) | Custom file shares to access shared storage | 
list(
    object({
      mount_path = string,
      size       = number,
      iops       = number
    })
  )
| 
[
  {
    "iops": 1000,
    "mount_path": "/mnt/binaries",
    "size": 100
  },
  {
    "iops": 1000,
    "mount_path": "/mnt/data",
    "size": 100
  }
]
| no | +| [existing\_resource\_group](#input\_existing\_resource\_group) | String describing resource groups to create or reference | `string` | `"Default"` | no | | [hpcs\_instance\_name](#input\_hpcs\_instance\_name) | Hyper Protect Crypto Service instance | `string` | `null` | no | | [ibm\_customer\_number](#input\_ibm\_customer\_number) | Comma-separated list of the IBM Customer Number(s) (ICN) that is used for the Bring Your Own License (BYOL) entitlement check. For more information on how to find your ICN, see [What is my IBM Customer Number (ICN)?](https://www.ibm.com/support/pages/what-my-ibm-customer-number-icn). | `string` | n/a | yes | | [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | IBM Cloud API Key that will be used for authentication in scripts run in this module. Only required if certain options are required. | `string` | n/a | yes | -| [key\_management](#input\_key\_management) | null/key\_protect/hs\_crypto | `string` | `"key_protect"` | no | -| [management\_instances](#input\_management\_instances) | Number of instances to be launched for management. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | +| [key\_management](#input\_key\_management) | Set the value as key\_protect to enable customer managed encryption for boot volume and file share. If the key\_management is set as null, IBM Cloud resources will be always be encrypted through provider managed. | `string` | `"key_protect"` | no | | [network\_cidr](#input\_network\_cidr) | Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning. | `string` | `"10.0.0.0/8"` | no | -| [nsd\_details](#input\_nsd\_details) | Storage scale NSD details | 
list(
    object({
      profile  = string
      capacity = optional(number)
      iops     = optional(number)
    })
  )
| 
[
  {
    "capacity": 100,
    "iops": 1000,
    "profile": "custom"
  }
]
| no | | [override](#input\_override) | Override default values with custom JSON template. This uses the file `override.json` to allow users to create a fully customized environment. | `bool` | `false` | no | | [override\_json\_string](#input\_override\_json\_string) | Override default values with a JSON object. Any JSON other than an empty string overrides other configuration changes. | `string` | `null` | no | | [placement\_strategy](#input\_placement\_strategy) | VPC placement groups to create (null / host\_spread / power\_spread) | `string` | `null` | no | -| [prefix](#input\_prefix) | A unique identifier for resources. Must begin with a letter and end with a letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. | `string` | `"lsf"` | no | +| [prefix](#input\_prefix) | A unique identifier for resources. Must begin with a letter and end with a letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. | `string` | `"scale"` | no | | [protocol\_instances](#input\_protocol\_instances) | Number of instances to be launched for protocol hosts. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | -| [protocol\_subnets\_cidr](#input\_protocol\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `list(string)` | 
[
  "10.10.40.0/24",
  "10.20.40.0/24",
  "10.30.40.0/24"
]
| no | -| [resource\_group](#input\_resource\_group) | String describing resource groups to create or reference | `string` | `"Default"` | no | +| [protocol\_subnets\_cidr](#input\_protocol\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `string` | `"10.10.40.0/24"` | no | | [ssh\_keys](#input\_ssh\_keys) | The key pair to use to access the HPC cluster. | `list(string)` | `null` | no | -| [static\_compute\_instances](#input\_static\_compute\_instances) | Min Number of instances to be launched for compute cluster. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 1,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [storage\_gui\_password](#input\_storage\_gui\_password) | Password for storage cluster GUI | `string` | `"hpc@IBMCloud"` | no | | [storage\_gui\_username](#input\_storage\_gui\_username) | GUI user to perform system management and monitoring tasks on storage cluster. | `string` | `"admin"` | no | -| [storage\_instances](#input\_storage\_instances) | Number of instances to be launched for storage cluster. | 
list(
    object({
      profile         = string
      count           = number
      image           = string
      filesystem_name = optional(string)
    })
  )
| 
[
  {
    "count": 2,
    "filesystem_name": "fs1",
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | +| [storage\_instances](#input\_storage\_instances) | Number of instances to be launched for storage cluster. | 
list(
    object({
      profile    = string
      count      = number
      image      = string
      filesystem = optional(string)
    })
  )
| 
[
  {
    "count": 2,
    "filesystem": "fs1",
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | | [storage\_ssh\_keys](#input\_storage\_ssh\_keys) | The key pair to use to launch the storage cluster host. | `list(string)` | `null` | no | -| [storage\_subnets\_cidr](#input\_storage\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `list(string)` | 
[
  "10.10.30.0/24",
  "10.20.30.0/24",
  "10.30.30.0/24"
]
| no | +| [storage\_subnets\_cidr](#input\_storage\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `string` | `"10.10.30.0/24"` | no | | [vpc](#input\_vpc) | Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc) | `string` | `null` | no | | [vpn\_peer\_address](#input\_vpn\_peer\_address) | The peer public IP address to which the VPN will be connected. | `string` | `null` | no | | [vpn\_peer\_cidr](#input\_vpn\_peer\_cidr) | The peer CIDRs (e.g., 192.168.0.0/24) to which the VPN will be connected. | `list(string)` | `null` | no | | [vpn\_preshared\_key](#input\_vpn\_preshared\_key) | The pre-shared key for the VPN. | `string` | `null` | no | -| [zones](#input\_zones) | Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions. | `list(string)` | n/a | yes | +| [zone](#input\_zone) | Zone where VPC will be created. | `string` | n/a | yes | ## Outputs -No outputs. +| Name | Description | +|------|-------------| +| [scale](#output\_scale) | Scale details | diff --git a/solutions/scale/catalogValidationValues.json.template b/solutions/scale/catalogValidationValues.json.template index a5642a41..2aea8d9e 100644 --- a/solutions/scale/catalogValidationValues.json.template +++ b/solutions/scale/catalogValidationValues.json.template @@ -2,6 +2,6 @@ "ibmcloud_api_key": $VALIDATION_APIKEY, "prefix": $PREFIX, "zones": "[\"ca-tor-1\"]", - "resource_group": "geretain-hpc-rg", + "existing_resource_group": "geretain-hpc-rg", "ssh_keys": "[\"geretain-hpc-ssh-key\"]" } diff --git a/solutions/scale/datasource.tf b/solutions/scale/datasource.tf deleted file mode 100644 index f6fada1e..00000000 --- a/solutions/scale/datasource.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Future use -/* -data "ibm_is_region" "itself" { - name = local.region -} - -data "ibm_is_zone" "itself" { - name = var.zones[0] - region = data.ibm_is_region.itself.name -} -*/ - -data "ibm_is_vpc" "itself" { - count = var.vpc == null ? 0 : 1 - name = var.vpc -} -/* -data "ibm_is_subnet" "itself" { - count = length(local.subnets) - identifier = local.subnets[count.index]["id"] -} -*/ diff --git a/solutions/scale/locals.tf b/solutions/scale/locals.tf index 7ef13079..b9664d1b 100644 --- a/solutions/scale/locals.tf +++ b/solutions/scale/locals.tf @@ -1,10 +1,9 @@ # locals needed for ibm provider locals { # Region and Zone calculations - region = join("-", slice(split("-", var.zone), 0, 2)) + region = join("-", slice(split("-", var.zones[0]), 0, 2)) } - locals { override_json_path = abspath("./override.json") override = { @@ -17,10 +16,9 @@ locals { override_type = var.override_json_string == null ? "override" : "override_json_string" } - locals { config = { - resource_group = var.resource_group + existing_resource_group = var.existing_resource_group allowed_cidr = var.allowed_cidr deployer_instance_profile = var.deployer_instance_profile ssh_keys = var.ssh_keys @@ -60,7 +58,7 @@ locals { storage_instances = var.storage_instances storage_ssh_keys = var.storage_ssh_keys storage_subnets_cidr = var.storage_subnets_cidr - vpc = var.vpc + vpc_name = var.vpc_name vpn_peer_address = var.vpn_peer_address vpn_peer_cidr = var.vpn_peer_cidr vpn_preshared_key = var.vpn_preshared_key @@ -71,7 +69,7 @@ locals { # Compile Environment for Config output locals { env = { - resource_group = lookup(local.override[local.override_type], "resource_group", local.config.resource_group) + existing_resource_group = lookup(local.override[local.override_type], "existing_resource_group", local.config.existing_resource_group) allowed_cidr = lookup(local.override[local.override_type], "allowed_cidr", local.config.allowed_cidr) ssh_keys = lookup(local.override[local.override_type], "ssh_keys", local.config.ssh_keys) bastion_ssh_keys = lookup(local.override[local.override_type], "bastion_ssh_keys", local.config.bastion_ssh_keys) @@ -110,7 +108,7 @@ locals { storage_instances = lookup(local.override[local.override_type], "storage_instances", local.config.storage_instances) storage_ssh_keys = lookup(local.override[local.override_type], "storage_ssh_keys", local.config.storage_ssh_keys) storage_subnets_cidr = lookup(local.override[local.override_type], "storage_subnets_cidr", local.config.storage_subnets_cidr) - vpc = lookup(local.override[local.override_type], "vpc", local.config.vpc) + vpc_name = lookup(local.override[local.override_type], "vpc_name", local.config.vpc_name) vpn_peer_address = lookup(local.override[local.override_type], "vpn_peer_address", local.config.vpn_peer_address) vpn_peer_cidr = lookup(local.override[local.override_type], "vpn_peer_cidr", local.config.vpn_peer_cidr) vpn_preshared_key = lookup(local.override[local.override_type], "vpn_preshared_key", local.config.vpn_preshared_key) diff --git a/solutions/scale/main.tf b/solutions/scale/main.tf index dbc45c6a..b3a8f20c 100644 --- a/solutions/scale/main.tf +++ b/solutions/scale/main.tf @@ -2,15 +2,13 @@ module "scale" { source = "./../.." scheduler = null ibm_customer_number = var.ibm_customer_number - zones = [var.zone] + zones = var.zones allowed_cidr = var.allowed_cidr prefix = local.env.prefix ssh_keys = local.env.ssh_keys - resource_group = local.env.resource_group + existing_resource_group = local.env.existing_resource_group bastion_ssh_keys = local.env.bastion_ssh_keys bastion_subnets_cidr = [local.env.bastion_subnets_cidr] - compute_gui_password = local.env.compute_gui_password - compute_gui_username = local.env.compute_gui_username compute_ssh_keys = local.env.compute_ssh_keys compute_subnets_cidr = [local.env.compute_subnets_cidr] cos_instance_name = local.env.cos_instance_name @@ -27,23 +25,26 @@ module "scale" { enable_cos_integration = local.env.enable_cos_integration enable_vpc_flow_logs = local.env.enable_vpc_flow_logs enable_vpn = local.env.enable_vpn - hpcs_instance_name = local.env.hpcs_instance_name key_management = local.env.key_management client_instances = local.env.client_instances client_ssh_keys = local.env.client_ssh_keys - client_subnets_cidr = [local.env.client_subnets_cidr] network_cidr = local.env.network_cidr placement_strategy = local.env.placement_strategy protocol_instances = local.env.protocol_instances protocol_subnets_cidr = [local.env.protocol_subnets_cidr] static_compute_instances = local.env.compute_instances - storage_gui_password = local.env.storage_gui_password - storage_gui_username = local.env.storage_gui_username storage_instances = local.env.storage_instances storage_ssh_keys = local.env.storage_ssh_keys storage_subnets_cidr = [local.env.storage_subnets_cidr] - vpc = local.env.vpc + vpc_name = local.env.vpc_name vpn_peer_address = local.env.vpn_peer_address vpn_peer_cidr = local.env.vpn_peer_cidr vpn_preshared_key = local.env.vpn_preshared_key + + # compute_gui_password = local.env.compute_gui_password + # compute_gui_username = local.env.compute_gui_username + # hpcs_instance_name = local.env.hpcs_instance_name + # client_subnets_cidr = [local.env.client_subnets_cidr] + # storage_gui_password = local.env.storage_gui_password + # storage_gui_username = local.env.storage_gui_username } diff --git a/solutions/scale/outputs.tf b/solutions/scale/outputs.tf index 0756d967..18baf74d 100644 --- a/solutions/scale/outputs.tf +++ b/solutions/scale/outputs.tf @@ -1,3 +1,4 @@ output "scale" { - value = module.scale + description = "Scale details" + value = module.scale } diff --git a/solutions/scale/override.json b/solutions/scale/override.json index b30d5ab1..c55761d5 100644 --- a/solutions/scale/override.json +++ b/solutions/scale/override.json @@ -1,125 +1,125 @@ { - "prefix":"scale", - "resource_group": "Default", - "vpc": null, - "network_cidr":"10.0.0.0/8", - "placement_strategy":null, - "ssh_keys":null, - "enable_bastion":true, - "enable_deployer":true, - "deployer_instance_profile":"mx2-4x32", + "prefix": "scale", + "existing_resource_group": "Default", + "vpc_name": null, + "network_cidr": "10.0.0.0/8", + "placement_strategy": null, + "ssh_keys": null, + "enable_bastion": true, + "enable_deployer": true, + "deployer_instance_profile": "mx2-4x32", "bastion_ssh_keys": null, - "bastion_subnets_cidr":"10.0.0.0/24", - "enable_vpn":false, - "vpn_peer_cidr":null, - "vpn_peer_address":null, - "vpn_preshared_key":null, - "client_subnets_cidr":"10.10.10.0/24", + "bastion_subnets_cidr": "10.0.0.0/24", + "enable_vpn": false, + "vpn_peer_cidr": null, + "vpn_peer_address": null, + "vpn_preshared_key": null, + "client_subnets_cidr": "10.10.10.0/24", "client_ssh_keys": null, - "client_instances":[ + "client_instances": [ { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "compute_subnets_cidr":"10.10.20.0/24", + "compute_subnets_cidr": "10.10.20.0/24", "compute_ssh_keys": null, - "compute_instances":[ + "compute_instances": [ { - "profile":"cx2-2x4", - "count":3, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 3, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "compute_gui_username":"admin", + "compute_gui_username": "admin", "compute_gui_password": "hpc@IBMCloud", - "storage_subnets_cidr":"10.10.30.0/24", + "storage_subnets_cidr": "10.10.30.0/24", "storage_ssh_keys": null, - "storage_instances":[ + "storage_instances": [ { - "profile":"cx2-2x4", - "count":10, - "image":"ibm-redhat-8-10-minimal-amd64-2", + "profile": "cx2-2x4", + "count": 10, + "image": "ibm-redhat-8-10-minimal-amd64-2", "filesystem": "fs1" }, { - "profile":"cx2-2x4", - "count":10, - "image":"ibm-redhat-8-10-minimal-amd64-2", + "profile": "cx2-2x4", + "count": 10, + "image": "ibm-redhat-8-10-minimal-amd64-2", "filesystem": "fs2" } ], - "protocol_subnets_cidr":"10.10.40.0/24", - "protocol_instances":[ + "protocol_subnets_cidr": "10.10.40.0/24", + "protocol_instances": [ { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], "colocate_protocol_instances": true, - "storage_gui_username":"admin", + "storage_gui_username": "admin", "storage_gui_password": "hpc@IBMCloud", "filesystem_config": [ { - "filesystem":"fs1", - "block_size":"4M", - "default_data_replica":2, - "default_metadata_replica":2, - "max_data_replica":3, - "max_metadata_replica":3, - "mount_point":"/ibm/fs1" + "filesystem": "fs1", + "block_size": "4M", + "default_data_replica": 2, + "default_metadata_replica": 2, + "max_data_replica": 3, + "max_metadata_replica": 3, + "mount_point": "/ibm/fs1" } ], "filesets_config": [ { - "fileset":"fileset1", - "filesystem":"fs1", - "junction_path":"/ibm/fs1/fileset1", - "client_mount_path":"/mnt", - "quota" :100 + "fileset": "fileset1", + "filesystem": "fs1", + "junction_path": "/ibm/fs1/fileset1", + "client_mount_path": "/mnt", + "quota": 100 }, { - "fileset":"fileset2", - "filesystem":"fs1", - "junction_path":"/ibm/fs1/fileset1", - "client_mount_path":"/mnt", - "quota" :0 + "fileset": "fileset2", + "filesystem": "fs1", + "junction_path": "/ibm/fs1/fileset1", + "client_mount_path": "/mnt", + "quota": 0 } ], - "afm_instances":[ + "afm_instances": [ { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "afm_cos_config":[ + "afm_cos_config": [ { - "afm_fileset":"afm_fileset", - "mode":"iw", - "cos_instance":null, - "bucket_name":null, - "bucket_region":"us-south", - "cos_service_cred_key":"", - "bucket_storage_class":"smart", - "bucket_type":"region_location" + "afm_fileset": "afm_fileset", + "mode": "iw", + "cos_instance": null, + "bucket_name": null, + "bucket_region": "us-south", + "cos_service_cred_key": "", + "bucket_storage_class": "smart", + "bucket_type": "region_location" } ], - "nsd_details":null, - "dns_instance_id":null, - "dns_custom_resolver_id":null, - "dns_domain_names":{ - "compute":"comp.com", - "storage":"strg.com", - "protocol":"ces.com" + "nsd_details": null, + "dns_instance_id": null, + "dns_custom_resolver_id": null, + "dns_domain_names": { + "compute": "comp.com", + "storage": "strg.com", + "protocol": "ces.com" }, - "enable_cos_integration":true, - "cos_instance_name":null, - "enable_atracker":true, - "enable_vpc_flow_logs":true, - "key_management":"key_protect", - "hpcs_instance_name":null, + "enable_cos_integration": true, + "cos_instance_name": null, + "enable_atracker": true, + "enable_vpc_flow_logs": true, + "key_management": "key_protect", + "hpcs_instance_name": null, "clusters": null } diff --git a/solutions/scale/variables.tf b/solutions/scale/variables.tf index b197f2d0..0ea09079 100644 --- a/solutions/scale/variables.tf +++ b/solutions/scale/variables.tf @@ -23,9 +23,10 @@ variable "ibmcloud_api_key" { ############################################################################## # Cluster Level Variables ############################################################################## -variable "zone" { - type = string - description = "Zone where VPC will be created." +variable "zones" { + type = list(string) + default = ["us-south-1", "us-south-2", "us-south-3"] + description = "Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions." } variable "ssh_keys" { @@ -52,7 +53,7 @@ variable "prefix" { ############################################################################## # Resource Groups Variables ############################################################################## -variable "resource_group" { +variable "existing_resource_group" { type = string default = "Default" description = "String describing resource groups to create or reference" @@ -62,7 +63,7 @@ variable "resource_group" { ############################################################################## # VPC Variables ############################################################################## -variable "vpc" { +variable "vpc_name" { type = string default = null description = "Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc)" @@ -148,7 +149,7 @@ variable "enable_deployer" { variable "deployer_image" { type = string - default = "ibm-redhat-8-10-minimal-amd64-2" + default = "jay-lsf-new-image" description = "The image to use to deploy the deployer host." } @@ -286,11 +287,11 @@ variable "protocol_instances" { description = "Number of instances to be launched for protocol hosts." } -variable "colocate_protocol_instances" { - type = bool - default = true - description = "Enable it to use storage instances as protocol instances" -} +# variable "colocate_protocol_instances" { +# type = bool +# default = true +# description = "Enable it to use storage instances as protocol instances" +# } variable "storage_gui_username" { type = string @@ -306,85 +307,85 @@ variable "storage_gui_password" { description = "Password for storage cluster GUI" } -variable "filesystem_config" { - type = list(object({ - filesystem = string - block_size = string - default_data_replica = number - default_metadata_replica = number - max_data_replica = number - max_metadata_replica = number - mount_point = string - })) - default = [{ - filesystem = "fs1" - block_size = "4M" - default_data_replica = 2 - default_metadata_replica = 2 - max_data_replica = 3 - max_metadata_replica = 3 - mount_point = "/ibm/fs1" - }] - description = "File system configurations." -} - -variable "filesets_config" { - type = list(object({ - fileset = string - filesystem = string - junction_path = string - client_mount_path = string - quota = number - })) - default = [{ - fileset = "fileset1" - filesystem = "fs1" - junction_path = "/ibm/fs1/fileset1" - client_mount_path = "/mnt" - quota = 100 - }] - description = "Fileset configurations." -} - -variable "afm_instances" { - type = list( - object({ - profile = string - count = number - image = string - }) - ) - default = [{ - profile = "bx2-2x8" - count = 0 - image = "ibm-redhat-8-10-minimal-amd64-2" - }] - description = "Number of instances to be launched for afm hosts." -} - -variable "afm_cos_config" { - type = list(object({ - afm_fileset = string, - mode = string, - cos_instance = string, - bucket_name = string, - bucket_region = string, - cos_service_cred_key = string, - bucket_type = string, - bucket_storage_class = string - })) - default = [{ - afm_fileset = "afm_fileset" - mode = "iw" - cos_instance = null - bucket_name = null - bucket_region = "us-south" - cos_service_cred_key = "" - bucket_storage_class = "smart" - bucket_type = "region_location" - }] - description = "AFM configurations." -} +# variable "filesystem_config" { +# type = list(object({ +# filesystem = string +# block_size = string +# default_data_replica = number +# default_metadata_replica = number +# max_data_replica = number +# max_metadata_replica = number +# mount_point = string +# })) +# default = [{ +# filesystem = "fs1" +# block_size = "4M" +# default_data_replica = 2 +# default_metadata_replica = 2 +# max_data_replica = 3 +# max_metadata_replica = 3 +# mount_point = "/ibm/fs1" +# }] +# description = "File system configurations." +# } + +# variable "filesets_config" { +# type = list(object({ +# fileset = string +# filesystem = string +# junction_path = string +# client_mount_path = string +# quota = number +# })) +# default = [{ +# fileset = "fileset1" +# filesystem = "fs1" +# junction_path = "/ibm/fs1/fileset1" +# client_mount_path = "/mnt" +# quota = 100 +# }] +# description = "Fileset configurations." +# } + +# variable "afm_instances" { +# type = list( +# object({ +# profile = string +# count = number +# image = string +# }) +# ) +# default = [{ +# profile = "bx2-2x8" +# count = 0 +# image = "ibm-redhat-8-10-minimal-amd64-2" +# }] +# description = "Number of instances to be launched for afm hosts." +# } + +# variable "afm_cos_config" { +# type = list(object({ +# afm_fileset = string, +# mode = string, +# cos_instance = string, +# bucket_name = string, +# bucket_region = string, +# cos_service_cred_key = string, +# bucket_type = string, +# bucket_storage_class = string +# })) +# default = [{ +# afm_fileset = "afm_fileset" +# mode = "iw" +# cos_instance = null +# bucket_name = null +# bucket_region = "us-south" +# cos_service_cred_key = "" +# bucket_storage_class = "smart" +# bucket_type = "region_location" +# }] +# description = "AFM configurations." +# } ############################################################################## # DNS Variables diff --git a/solutions/scale/version.tf b/solutions/scale/version.tf index e081bcc1..93f82bed 100644 --- a/solutions/scale/version.tf +++ b/solutions/scale/version.tf @@ -1,14 +1,10 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" version = ">= 1.68.1, < 2.0.0" } - ansible = { - source = "ansible/ansible" - version = "~> 1.3.0" - } } } diff --git a/solutions/slurm/README.md b/solutions/slurm/README.md index 6ee238a5..c024d9b1 100644 --- a/solutions/slurm/README.md +++ b/solutions/slurm/README.md @@ -3,26 +3,21 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [ansible](#requirement\_ansible) | ~> 1.3.0 | | [ibm](#requirement\_ibm) | >= 1.68.1, < 2.0.0 | ## Providers -| Name | Version | -|------|---------| -| [ibm](#provider\_ibm) | 1.70.1 | +No providers. ## Modules | Name | Source | Version | |------|--------|---------| -| [lsf](#module\_lsf) | ./../.. | n/a | +| [slurm](#module\_slurm) | ./../.. | n/a | ## Resources -| Name | Type | -|------|------| -| [ibm_is_vpc.itself](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_vpc) | data source | +No resources. ## Inputs @@ -30,14 +25,14 @@ |------|-------------|------|---------|:--------:| | [allowed\_cidr](#input\_allowed\_cidr) | Network CIDR to access the VPC. This is used to manage network ACL rules for accessing the cluster. | `list(string)` | n/a | yes | | [bastion\_ssh\_keys](#input\_bastion\_ssh\_keys) | The key pair to use to access the bastion host. | `list(string)` | `null` | no | -| [bastion\_subnets\_cidr](#input\_bastion\_subnets\_cidr) | Subnet CIDR block to launch the bastion host. | `list(string)` | 
[
  "10.0.0.0/24"
]
| no | +| [bastion\_subnets\_cidr](#input\_bastion\_subnets\_cidr) | Subnet CIDR block to launch the bastion host. | `string` | `"10.0.0.0/24"` | no | | [client\_instances](#input\_client\_instances) | Number of instances to be launched for client. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [client\_ssh\_keys](#input\_client\_ssh\_keys) | The key pair to use to launch the client host. | `list(string)` | `null` | no | -| [client\_subnets\_cidr](#input\_client\_subnets\_cidr) | Subnet CIDR block to launch the client host. | `list(string)` | 
[
  "10.10.10.0/24",
  "10.20.10.0/24",
  "10.30.10.0/24"
]
| no | +| [client\_subnets\_cidr](#input\_client\_subnets\_cidr) | Subnet CIDR block to launch the client host. | `string` | `"10.10.10.0/24"` | no | | [compute\_gui\_password](#input\_compute\_gui\_password) | Password for compute cluster GUI | `string` | `"hpc@IBMCloud"` | no | | [compute\_gui\_username](#input\_compute\_gui\_username) | GUI user to perform system management and monitoring tasks on compute cluster. | `string` | `"admin"` | no | | [compute\_ssh\_keys](#input\_compute\_ssh\_keys) | The key pair to use to launch the compute host. | `list(string)` | `null` | no | -| [compute\_subnets\_cidr](#input\_compute\_subnets\_cidr) | Subnet CIDR block to launch the compute cluster host. | `list(string)` | 
[
  "10.10.20.0/24",
  "10.20.20.0/24",
  "10.30.20.0/24"
]
| no | +| [compute\_subnets\_cidr](#input\_compute\_subnets\_cidr) | Subnet CIDR block to launch the compute cluster host. | `string` | `"10.10.20.0/24"` | no | | [cos\_instance\_name](#input\_cos\_instance\_name) | Exiting COS instance name | `string` | `null` | no | | [deployer\_instance\_profile](#input\_deployer\_instance\_profile) | Deployer should be only used for better deployment performance | `string` | `"mx2-4x32"` | no | | [dns\_custom\_resolver\_id](#input\_dns\_custom\_resolver\_id) | IBM Cloud DNS custom resolver id. | `string` | `null` | no | @@ -50,34 +45,35 @@ | [enable\_deployer](#input\_enable\_deployer) | Deployer should be only used for better deployment performance | `bool` | `false` | no | | [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Enable Activity tracker | `bool` | `true` | no | | [enable\_vpn](#input\_enable\_vpn) | The solution supports multiple ways to connect to your HPC cluster for example, using bastion node, via VPN or direct connection. If connecting to the HPC cluster via VPN, set this value to true. | `bool` | `false` | no | +| [existing\_resource\_group](#input\_existing\_resource\_group) | String describing resource groups to create or reference | `string` | `"Default"` | no | | [file\_shares](#input\_file\_shares) | Custom file shares to access shared storage | 
list(
    object({
      mount_path = string,
      size       = number,
      iops       = number
    })
  )
| 
[
  {
    "iops": 1000,
    "mount_path": "/mnt/binaries",
    "size": 100
  },
  {
    "iops": 1000,
    "mount_path": "/mnt/data",
    "size": 100
  }
]
| no | | [hpcs\_instance\_name](#input\_hpcs\_instance\_name) | Hyper Protect Crypto Service instance | `string` | `null` | no | | [ibm\_customer\_number](#input\_ibm\_customer\_number) | Comma-separated list of the IBM Customer Number(s) (ICN) that is used for the Bring Your Own License (BYOL) entitlement check. For more information on how to find your ICN, see [What is my IBM Customer Number (ICN)?](https://www.ibm.com/support/pages/what-my-ibm-customer-number-icn). | `string` | n/a | yes | | [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | IBM Cloud API Key that will be used for authentication in scripts run in this module. Only required if certain options are required. | `string` | n/a | yes | -| [key\_management](#input\_key\_management) | null/key\_protect/hs\_crypto | `string` | `"key_protect"` | no | +| [key\_management](#input\_key\_management) | Set the value as key\_protect to enable customer managed encryption for boot volume and file share. If the key\_management is set as null, IBM Cloud resources will be always be encrypted through provider managed. | `string` | `"key_protect"` | no | | [management\_instances](#input\_management\_instances) | Number of instances to be launched for management. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [network\_cidr](#input\_network\_cidr) | Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning. | `string` | `"10.0.0.0/8"` | no | -| [nsd\_details](#input\_nsd\_details) | Storage scale NSD details | 
list(
    object({
      profile  = string
      capacity = optional(number)
      iops     = optional(number)
    })
  )
| 
[
  {
    "capacity": 100,
    "iops": 1000,
    "profile": "custom"
  }
]
| no | | [override](#input\_override) | Override default values with custom JSON template. This uses the file `override.json` to allow users to create a fully customized environment. | `bool` | `false` | no | | [override\_json\_string](#input\_override\_json\_string) | Override default values with a JSON object. Any JSON other than an empty string overrides other configuration changes. | `string` | `null` | no | | [placement\_strategy](#input\_placement\_strategy) | VPC placement groups to create (null / host\_spread / power\_spread) | `string` | `null` | no | | [prefix](#input\_prefix) | A unique identifier for resources. Must begin with a letter and end with a letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. | `string` | `"lsf"` | no | | [protocol\_instances](#input\_protocol\_instances) | Number of instances to be launched for protocol hosts. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | -| [protocol\_subnets\_cidr](#input\_protocol\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `list(string)` | 
[
  "10.10.40.0/24",
  "10.20.40.0/24",
  "10.30.40.0/24"
]
| no | -| [resource\_group](#input\_resource\_group) | String describing resource groups to create or reference | `string` | `"Default"` | no | +| [protocol\_subnets\_cidr](#input\_protocol\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `string` | `"10.10.40.0/24"` | no | | [ssh\_keys](#input\_ssh\_keys) | The key pair to use to access the HPC cluster. | `list(string)` | `null` | no | | [static\_compute\_instances](#input\_static\_compute\_instances) | Min Number of instances to be launched for compute cluster. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 1,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [storage\_gui\_password](#input\_storage\_gui\_password) | Password for storage cluster GUI | `string` | `"hpc@IBMCloud"` | no | | [storage\_gui\_username](#input\_storage\_gui\_username) | GUI user to perform system management and monitoring tasks on storage cluster. | `string` | `"admin"` | no | | [storage\_instances](#input\_storage\_instances) | Number of instances to be launched for storage cluster. | 
list(
    object({
      profile         = string
      count           = number
      image           = string
      filesystem_name = optional(string)
    })
  )
| 
[
  {
    "count": 2,
    "filesystem_name": "fs1",
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | | [storage\_ssh\_keys](#input\_storage\_ssh\_keys) | The key pair to use to launch the storage cluster host. | `list(string)` | `null` | no | -| [storage\_subnets\_cidr](#input\_storage\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `list(string)` | 
[
  "10.10.30.0/24",
  "10.20.30.0/24",
  "10.30.30.0/24"
]
| no | +| [storage\_subnets\_cidr](#input\_storage\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `string` | `"10.10.30.0/24"` | no | | [vpc](#input\_vpc) | Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc) | `string` | `null` | no | | [vpn\_peer\_address](#input\_vpn\_peer\_address) | The peer public IP address to which the VPN will be connected. | `string` | `null` | no | | [vpn\_peer\_cidr](#input\_vpn\_peer\_cidr) | The peer CIDRs (e.g., 192.168.0.0/24) to which the VPN will be connected. | `list(string)` | `null` | no | | [vpn\_preshared\_key](#input\_vpn\_preshared\_key) | The pre-shared key for the VPN. | `string` | `null` | no | -| [zones](#input\_zones) | Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions. | `list(string)` | n/a | yes | +| [zone](#input\_zone) | Zone where VPC will be created. | `string` | n/a | yes | ## Outputs -No outputs. +| Name | Description | +|------|-------------| +| [slurm](#output\_slurm) | Slurm details | diff --git a/solutions/slurm/catalogValidationValues.json.template b/solutions/slurm/catalogValidationValues.json.template index a5642a41..2aea8d9e 100644 --- a/solutions/slurm/catalogValidationValues.json.template +++ b/solutions/slurm/catalogValidationValues.json.template @@ -2,6 +2,6 @@ "ibmcloud_api_key": $VALIDATION_APIKEY, "prefix": $PREFIX, "zones": "[\"ca-tor-1\"]", - "resource_group": "geretain-hpc-rg", + "existing_resource_group": "geretain-hpc-rg", "ssh_keys": "[\"geretain-hpc-ssh-key\"]" } diff --git a/solutions/slurm/datasource.tf b/solutions/slurm/datasource.tf deleted file mode 100644 index f6fada1e..00000000 --- a/solutions/slurm/datasource.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Future use -/* -data "ibm_is_region" "itself" { - name = local.region -} - -data "ibm_is_zone" "itself" { - name = var.zones[0] - region = data.ibm_is_region.itself.name -} -*/ - -data "ibm_is_vpc" "itself" { - count = var.vpc == null ? 0 : 1 - name = var.vpc -} -/* -data "ibm_is_subnet" "itself" { - count = length(local.subnets) - identifier = local.subnets[count.index]["id"] -} -*/ diff --git a/solutions/slurm/locals.tf b/solutions/slurm/locals.tf index f61d69eb..4d7d2766 100644 --- a/solutions/slurm/locals.tf +++ b/solutions/slurm/locals.tf @@ -1,10 +1,9 @@ # locals needed for ibm provider locals { # Region and Zone calculations - region = join("-", slice(split("-", var.zone), 0, 2)) + region = join("-", slice(split("-", var.zones[0]), 0, 2)) } - locals { override_json_path = abspath("./override.json") override = { @@ -17,10 +16,9 @@ locals { override_type = var.override_json_string == null ? "override" : "override_json_string" } - locals { config = { - resource_group = var.resource_group + existing_resource_group = var.existing_resource_group allowed_cidr = var.allowed_cidr deployer_instance_profile = var.deployer_instance_profile ssh_keys = var.ssh_keys @@ -59,18 +57,17 @@ locals { storage_instances = var.storage_instances storage_ssh_keys = var.storage_ssh_keys storage_subnets_cidr = var.storage_subnets_cidr - vpc = var.vpc + vpc_name = var.vpc_name vpn_peer_address = var.vpn_peer_address vpn_peer_cidr = var.vpn_peer_cidr vpn_preshared_key = var.vpn_preshared_key } } - # Compile Environment for Config output locals { env = { - resource_group = lookup(local.override[local.override_type], "resource_group", local.config.resource_group) + existing_resource_group = lookup(local.override[local.override_type], "existing_resource_group", local.config.existing_resource_group) allowed_cidr = lookup(local.override[local.override_type], "allowed_cidr", local.config.allowed_cidr) deployer_instance_profile = lookup(local.override[local.override_type], "deployer_instance_profile", local.config.deployer_instance_profile) ssh_keys = lookup(local.override[local.override_type], "ssh_keys", local.config.ssh_keys) @@ -109,7 +106,7 @@ locals { storage_instances = lookup(local.override[local.override_type], "storage_instances", local.config.storage_instances) storage_ssh_keys = lookup(local.override[local.override_type], "storage_ssh_keys", local.config.storage_ssh_keys) storage_subnets_cidr = lookup(local.override[local.override_type], "storage_subnets_cidr", local.config.storage_subnets_cidr) - vpc = lookup(local.override[local.override_type], "vpc", local.config.vpc) + vpc_name = lookup(local.override[local.override_type], "vpc_name", local.config.vpc_name) vpn_peer_address = lookup(local.override[local.override_type], "vpn_peer_address", local.config.vpn_peer_address) vpn_peer_cidr = lookup(local.override[local.override_type], "vpn_peer_cidr", local.config.vpn_peer_cidr) vpn_preshared_key = lookup(local.override[local.override_type], "vpn_preshared_key", local.config.vpn_preshared_key) diff --git a/solutions/slurm/main.tf b/solutions/slurm/main.tf index b2d8e2a0..a379e1b6 100644 --- a/solutions/slurm/main.tf +++ b/solutions/slurm/main.tf @@ -1,17 +1,15 @@ module "slurm" { source = "./../.." - scheduler = "slurm" + scheduler = "Slurm" ibm_customer_number = var.ibm_customer_number - zones = [var.zone] + zones = var.zones allowed_cidr = var.allowed_cidr prefix = local.env.prefix ssh_keys = local.env.ssh_keys - resource_group = local.env.resource_group + existing_resource_group = local.env.existing_resource_group deployer_instance_profile = local.env.deployer_instance_profile bastion_ssh_keys = local.env.bastion_ssh_keys bastion_subnets_cidr = [local.env.bastion_subnets_cidr] - compute_gui_password = local.env.compute_gui_password - compute_gui_username = local.env.compute_gui_username compute_ssh_keys = local.env.compute_ssh_keys compute_subnets_cidr = [local.env.compute_subnets_cidr] cos_instance_name = local.env.cos_instance_name @@ -26,24 +24,27 @@ module "slurm" { enable_vpc_flow_logs = local.env.enable_vpc_flow_logs enable_vpn = local.env.enable_vpn file_shares = local.env.file_shares - hpcs_instance_name = local.env.hpcs_instance_name key_management = local.env.key_management client_instances = local.env.client_instances client_ssh_keys = local.env.client_ssh_keys - client_subnets_cidr = [local.env.client_subnets_cidr] management_instances = local.env.management_instances network_cidr = local.env.network_cidr placement_strategy = local.env.placement_strategy protocol_instances = local.env.protocol_instances protocol_subnets_cidr = [local.env.protocol_subnets_cidr] static_compute_instances = local.env.static_compute_instances - storage_gui_password = local.env.storage_gui_password - storage_gui_username = local.env.storage_gui_username storage_instances = local.env.storage_instances storage_ssh_keys = local.env.storage_ssh_keys storage_subnets_cidr = [local.env.storage_subnets_cidr] - vpc = local.env.vpc + vpc_name = local.env.vpc_name vpn_peer_address = local.env.vpn_peer_address vpn_peer_cidr = local.env.vpn_peer_cidr vpn_preshared_key = local.env.vpn_preshared_key + + # compute_gui_password = local.env.compute_gui_password + # compute_gui_username = local.env.compute_gui_username + # hpcs_instance_name = local.env.hpcs_instance_name + # client_subnets_cidr = [local.env.client_subnets_cidr] + # storage_gui_password = local.env.storage_gui_password + # storage_gui_username = local.env.storage_gui_username } diff --git a/solutions/slurm/outputs.tf b/solutions/slurm/outputs.tf index ced66306..ae50c7ab 100644 --- a/solutions/slurm/outputs.tf +++ b/solutions/slurm/outputs.tf @@ -1,3 +1,4 @@ output "slurm" { - value = module.slurm + description = "Slurm details" + value = module.slurm } diff --git a/solutions/slurm/override.json b/solutions/slurm/override.json index d20fb7fc..548f258f 100644 --- a/solutions/slurm/override.json +++ b/solutions/slurm/override.json @@ -1,95 +1,95 @@ { - "prefix":"slurm", - "resource_group": "Default", - "vpc": null, - "network_cidr":"10.0.0.0/8", - "placement_strategy":null, - "ssh_keys":null, - "enable_bastion":true, - "enable_deployer":false, - "deployer_instance_profile":"mx2-4x32", + "prefix": "slurm", + "existing_resource_group": "Default", + "vpc_name": null, + "network_cidr": "10.0.0.0/8", + "placement_strategy": null, + "ssh_keys": null, + "enable_bastion": true, + "enable_deployer": false, + "deployer_instance_profile": "mx2-4x32", "bastion_ssh_keys": null, - "bastion_subnets_cidr":"10.0.0.0/24", - "enable_vpn":false, - "vpn_peer_cidr":null, - "vpn_peer_address":null, - "vpn_preshared_key":null, - "client_subnets_cidr":"10.10.10.0/24", + "bastion_subnets_cidr": "10.0.0.0/24", + "enable_vpn": false, + "vpn_peer_cidr": null, + "vpn_peer_address": null, + "vpn_preshared_key": null, + "client_subnets_cidr": "10.10.10.0/24", "client_ssh_keys": null, - "client_instances":[ + "client_instances": [ { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "compute_subnets_cidr":"10.10.20.0/24", + "compute_subnets_cidr": "10.10.20.0/24", "compute_ssh_keys": null, - "management_instances":[ + "management_instances": [ { - "profile":"cx2-2x4", - "count":3, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 3, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "static_compute_instances":[ + "static_compute_instances": [ { - "profile":"cx2-2x4", - "count":0, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 0, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "dynamic_compute_instances":[ + "dynamic_compute_instances": [ { - "profile":"cx2-2x4", - "count":5000, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 5000, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "compute_gui_username":"admin", + "compute_gui_username": "admin", "compute_gui_password": "hpc@IBMCloud", - "storage_subnets_cidr":"10.10.30.0/24", + "storage_subnets_cidr": "10.10.30.0/24", "storage_ssh_keys": null, - "storage_instances":[ + "storage_instances": [ { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "protocol_subnets_cidr":"10.10.40.0/24", - "protocol_instances":[ + "protocol_subnets_cidr": "10.10.40.0/24", + "protocol_instances": [ { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "storage_gui_username":"admin", + "storage_gui_username": "admin", "storage_gui_password": "hpc@IBMCloud", - "file_shares":[ + "file_shares": [ { - "mount_path":"/mnt/binaries", - "size":100, - "iops":1000 + "mount_path": "/mnt/binaries", + "size": 100, + "iops": 1000 }, { - "mount_path":"/mnt/data", - "size":100, - "iops":1000 + "mount_path": "/mnt/data", + "size": 100, + "iops": 1000 } ], - "dns_instance_id":null, - "dns_custom_resolver_id":null, - "dns_domain_names":{ - "compute":"comp.com", - "storage":"strg.com", - "protocol":"ces.com" + "dns_instance_id": null, + "dns_custom_resolver_id": null, + "dns_domain_names": { + "compute": "comp.com", + "storage": "strg.com", + "protocol": "ces.com" }, - "enable_cos_integration":true, - "cos_instance_name":null, - "enable_atracker":true, - "enable_vpc_flow_logs":true, - "key_management":"key_protect", - "hpcs_instance_name":null + "enable_cos_integration": true, + "cos_instance_name": null, + "enable_atracker": true, + "enable_vpc_flow_logs": true, + "key_management": "key_protect", + "hpcs_instance_name": null } diff --git a/solutions/slurm/variables.tf b/solutions/slurm/variables.tf index f7fe9167..a455c903 100644 --- a/solutions/slurm/variables.tf +++ b/solutions/slurm/variables.tf @@ -23,9 +23,10 @@ variable "ibmcloud_api_key" { ############################################################################## # Cluster Level Variables ############################################################################## -variable "zone" { - type = string - description = "Zone where VPC will be created." +variable "zones" { + type = list(string) + default = ["us-south-1", "us-south-2", "us-south-3"] + description = "Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions." } variable "ssh_keys" { @@ -52,7 +53,7 @@ variable "prefix" { ############################################################################## # Resource Groups Variables ############################################################################## -variable "resource_group" { +variable "existing_resource_group" { type = string default = "Default" description = "String describing resource groups to create or reference" @@ -62,7 +63,7 @@ variable "resource_group" { ############################################################################## # VPC Variables ############################################################################## -variable "vpc" { +variable "vpc_name" { type = string default = null description = "Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc)" diff --git a/solutions/slurm/version.tf b/solutions/slurm/version.tf index e081bcc1..93f82bed 100644 --- a/solutions/slurm/version.tf +++ b/solutions/slurm/version.tf @@ -1,14 +1,10 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" version = ">= 1.68.1, < 2.0.0" } - ansible = { - source = "ansible/ansible" - version = "~> 1.3.0" - } } } diff --git a/solutions/symphony/README.md b/solutions/symphony/README.md index 6ee238a5..5628cd7c 100644 --- a/solutions/symphony/README.md +++ b/solutions/symphony/README.md @@ -3,26 +3,21 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [ansible](#requirement\_ansible) | ~> 1.3.0 | | [ibm](#requirement\_ibm) | >= 1.68.1, < 2.0.0 | ## Providers -| Name | Version | -|------|---------| -| [ibm](#provider\_ibm) | 1.70.1 | +No providers. ## Modules | Name | Source | Version | |------|--------|---------| -| [lsf](#module\_lsf) | ./../.. | n/a | +| [symphony](#module\_symphony) | ./../.. | n/a | ## Resources -| Name | Type | -|------|------| -| [ibm_is_vpc.itself](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_vpc) | data source | +No resources. ## Inputs @@ -30,14 +25,14 @@ |------|-------------|------|---------|:--------:| | [allowed\_cidr](#input\_allowed\_cidr) | Network CIDR to access the VPC. This is used to manage network ACL rules for accessing the cluster. | `list(string)` | n/a | yes | | [bastion\_ssh\_keys](#input\_bastion\_ssh\_keys) | The key pair to use to access the bastion host. | `list(string)` | `null` | no | -| [bastion\_subnets\_cidr](#input\_bastion\_subnets\_cidr) | Subnet CIDR block to launch the bastion host. | `list(string)` | 
[
  "10.0.0.0/24"
]
| no | +| [bastion\_subnets\_cidr](#input\_bastion\_subnets\_cidr) | Subnet CIDR block to launch the bastion host. | `string` | `"10.0.0.0/24"` | no | | [client\_instances](#input\_client\_instances) | Number of instances to be launched for client. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [client\_ssh\_keys](#input\_client\_ssh\_keys) | The key pair to use to launch the client host. | `list(string)` | `null` | no | -| [client\_subnets\_cidr](#input\_client\_subnets\_cidr) | Subnet CIDR block to launch the client host. | `list(string)` | 
[
  "10.10.10.0/24",
  "10.20.10.0/24",
  "10.30.10.0/24"
]
| no | +| [client\_subnets\_cidr](#input\_client\_subnets\_cidr) | Subnet CIDR block to launch the client host. | `string` | `"10.10.10.0/24"` | no | | [compute\_gui\_password](#input\_compute\_gui\_password) | Password for compute cluster GUI | `string` | `"hpc@IBMCloud"` | no | | [compute\_gui\_username](#input\_compute\_gui\_username) | GUI user to perform system management and monitoring tasks on compute cluster. | `string` | `"admin"` | no | | [compute\_ssh\_keys](#input\_compute\_ssh\_keys) | The key pair to use to launch the compute host. | `list(string)` | `null` | no | -| [compute\_subnets\_cidr](#input\_compute\_subnets\_cidr) | Subnet CIDR block to launch the compute cluster host. | `list(string)` | 
[
  "10.10.20.0/24",
  "10.20.20.0/24",
  "10.30.20.0/24"
]
| no | +| [compute\_subnets\_cidr](#input\_compute\_subnets\_cidr) | Subnet CIDR block to launch the compute cluster host. | `string` | `"10.10.20.0/24"` | no | | [cos\_instance\_name](#input\_cos\_instance\_name) | Exiting COS instance name | `string` | `null` | no | | [deployer\_instance\_profile](#input\_deployer\_instance\_profile) | Deployer should be only used for better deployment performance | `string` | `"mx2-4x32"` | no | | [dns\_custom\_resolver\_id](#input\_dns\_custom\_resolver\_id) | IBM Cloud DNS custom resolver id. | `string` | `null` | no | @@ -50,34 +45,35 @@ | [enable\_deployer](#input\_enable\_deployer) | Deployer should be only used for better deployment performance | `bool` | `false` | no | | [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Enable Activity tracker | `bool` | `true` | no | | [enable\_vpn](#input\_enable\_vpn) | The solution supports multiple ways to connect to your HPC cluster for example, using bastion node, via VPN or direct connection. If connecting to the HPC cluster via VPN, set this value to true. | `bool` | `false` | no | +| [existing\_resource\_group](#input\_existing\_resource\_group) | String describing resource groups to create or reference | `string` | `"Default"` | no | | [file\_shares](#input\_file\_shares) | Custom file shares to access shared storage | 
list(
    object({
      mount_path = string,
      size       = number,
      iops       = number
    })
  )
| 
[
  {
    "iops": 1000,
    "mount_path": "/mnt/binaries",
    "size": 100
  },
  {
    "iops": 1000,
    "mount_path": "/mnt/data",
    "size": 100
  }
]
| no | | [hpcs\_instance\_name](#input\_hpcs\_instance\_name) | Hyper Protect Crypto Service instance | `string` | `null` | no | | [ibm\_customer\_number](#input\_ibm\_customer\_number) | Comma-separated list of the IBM Customer Number(s) (ICN) that is used for the Bring Your Own License (BYOL) entitlement check. For more information on how to find your ICN, see [What is my IBM Customer Number (ICN)?](https://www.ibm.com/support/pages/what-my-ibm-customer-number-icn). | `string` | n/a | yes | | [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | IBM Cloud API Key that will be used for authentication in scripts run in this module. Only required if certain options are required. | `string` | n/a | yes | -| [key\_management](#input\_key\_management) | null/key\_protect/hs\_crypto | `string` | `"key_protect"` | no | +| [key\_management](#input\_key\_management) | Set the value as key\_protect to enable customer managed encryption for boot volume and file share. If the key\_management is set as null, IBM Cloud resources will be always be encrypted through provider managed. | `string` | `"key_protect"` | no | | [management\_instances](#input\_management\_instances) | Number of instances to be launched for management. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [network\_cidr](#input\_network\_cidr) | Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning. | `string` | `"10.0.0.0/8"` | no | -| [nsd\_details](#input\_nsd\_details) | Storage scale NSD details | 
list(
    object({
      profile  = string
      capacity = optional(number)
      iops     = optional(number)
    })
  )
| 
[
  {
    "capacity": 100,
    "iops": 1000,
    "profile": "custom"
  }
]
| no | | [override](#input\_override) | Override default values with custom JSON template. This uses the file `override.json` to allow users to create a fully customized environment. | `bool` | `false` | no | | [override\_json\_string](#input\_override\_json\_string) | Override default values with a JSON object. Any JSON other than an empty string overrides other configuration changes. | `string` | `null` | no | | [placement\_strategy](#input\_placement\_strategy) | VPC placement groups to create (null / host\_spread / power\_spread) | `string` | `null` | no | | [prefix](#input\_prefix) | A unique identifier for resources. Must begin with a letter and end with a letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. | `string` | `"lsf"` | no | | [protocol\_instances](#input\_protocol\_instances) | Number of instances to be launched for protocol hosts. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 2,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | -| [protocol\_subnets\_cidr](#input\_protocol\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `list(string)` | 
[
  "10.10.40.0/24",
  "10.20.40.0/24",
  "10.30.40.0/24"
]
| no | -| [resource\_group](#input\_resource\_group) | String describing resource groups to create or reference | `string` | `"Default"` | no | +| [protocol\_subnets\_cidr](#input\_protocol\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `string` | `"10.10.40.0/24"` | no | | [ssh\_keys](#input\_ssh\_keys) | The key pair to use to access the HPC cluster. | `list(string)` | `null` | no | | [static\_compute\_instances](#input\_static\_compute\_instances) | Min Number of instances to be launched for compute cluster. | 
list(
    object({
      profile = string
      count   = number
      image   = string
    })
  )
| 
[
  {
    "count": 1,
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "cx2-2x4"
  }
]
| no | | [storage\_gui\_password](#input\_storage\_gui\_password) | Password for storage cluster GUI | `string` | `"hpc@IBMCloud"` | no | | [storage\_gui\_username](#input\_storage\_gui\_username) | GUI user to perform system management and monitoring tasks on storage cluster. | `string` | `"admin"` | no | | [storage\_instances](#input\_storage\_instances) | Number of instances to be launched for storage cluster. | 
list(
    object({
      profile         = string
      count           = number
      image           = string
      filesystem_name = optional(string)
    })
  )
| 
[
  {
    "count": 2,
    "filesystem_name": "fs1",
    "image": "ibm-redhat-8-10-minimal-amd64-2",
    "profile": "bx2-2x8"
  }
]
| no | | [storage\_ssh\_keys](#input\_storage\_ssh\_keys) | The key pair to use to launch the storage cluster host. | `list(string)` | `null` | no | -| [storage\_subnets\_cidr](#input\_storage\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `list(string)` | 
[
  "10.10.30.0/24",
  "10.20.30.0/24",
  "10.30.30.0/24"
]
| no | +| [storage\_subnets\_cidr](#input\_storage\_subnets\_cidr) | Subnet CIDR block to launch the storage cluster host. | `string` | `"10.10.30.0/24"` | no | | [vpc](#input\_vpc) | Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc) | `string` | `null` | no | | [vpn\_peer\_address](#input\_vpn\_peer\_address) | The peer public IP address to which the VPN will be connected. | `string` | `null` | no | | [vpn\_peer\_cidr](#input\_vpn\_peer\_cidr) | The peer CIDRs (e.g., 192.168.0.0/24) to which the VPN will be connected. | `list(string)` | `null` | no | | [vpn\_preshared\_key](#input\_vpn\_preshared\_key) | The pre-shared key for the VPN. | `string` | `null` | no | -| [zones](#input\_zones) | Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions. | `list(string)` | n/a | yes | +| [zone](#input\_zone) | Zone where VPC will be created. | `string` | n/a | yes | ## Outputs -No outputs. +| Name | Description | +|------|-------------| +| [symphony](#output\_symphony) | Symphony details | diff --git a/solutions/symphony/catalogValidationValues.json.template b/solutions/symphony/catalogValidationValues.json.template index a5642a41..2aea8d9e 100644 --- a/solutions/symphony/catalogValidationValues.json.template +++ b/solutions/symphony/catalogValidationValues.json.template @@ -2,6 +2,6 @@ "ibmcloud_api_key": $VALIDATION_APIKEY, "prefix": $PREFIX, "zones": "[\"ca-tor-1\"]", - "resource_group": "geretain-hpc-rg", + "existing_resource_group": "geretain-hpc-rg", "ssh_keys": "[\"geretain-hpc-ssh-key\"]" } diff --git a/solutions/symphony/datasource.tf b/solutions/symphony/datasource.tf deleted file mode 100644 index f6fada1e..00000000 --- a/solutions/symphony/datasource.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Future use -/* -data "ibm_is_region" "itself" { - name = local.region -} - -data "ibm_is_zone" "itself" { - name = var.zones[0] - region = data.ibm_is_region.itself.name -} -*/ - -data "ibm_is_vpc" "itself" { - count = var.vpc == null ? 0 : 1 - name = var.vpc -} -/* -data "ibm_is_subnet" "itself" { - count = length(local.subnets) - identifier = local.subnets[count.index]["id"] -} -*/ diff --git a/solutions/symphony/locals.tf b/solutions/symphony/locals.tf index f61d69eb..67d953d9 100644 --- a/solutions/symphony/locals.tf +++ b/solutions/symphony/locals.tf @@ -1,7 +1,7 @@ # locals needed for ibm provider locals { # Region and Zone calculations - region = join("-", slice(split("-", var.zone), 0, 2)) + region = join("-", slice(split("-", var.zones[0]), 0, 2)) } @@ -20,7 +20,7 @@ locals { locals { config = { - resource_group = var.resource_group + existing_resource_group = var.existing_resource_group allowed_cidr = var.allowed_cidr deployer_instance_profile = var.deployer_instance_profile ssh_keys = var.ssh_keys @@ -59,7 +59,7 @@ locals { storage_instances = var.storage_instances storage_ssh_keys = var.storage_ssh_keys storage_subnets_cidr = var.storage_subnets_cidr - vpc = var.vpc + vpc_name = var.vpc_name vpn_peer_address = var.vpn_peer_address vpn_peer_cidr = var.vpn_peer_cidr vpn_preshared_key = var.vpn_preshared_key @@ -70,7 +70,7 @@ locals { # Compile Environment for Config output locals { env = { - resource_group = lookup(local.override[local.override_type], "resource_group", local.config.resource_group) + existing_resource_group = lookup(local.override[local.override_type], "existing_resource_group", local.config.existing_resource_group) allowed_cidr = lookup(local.override[local.override_type], "allowed_cidr", local.config.allowed_cidr) deployer_instance_profile = lookup(local.override[local.override_type], "deployer_instance_profile", local.config.deployer_instance_profile) ssh_keys = lookup(local.override[local.override_type], "ssh_keys", local.config.ssh_keys) @@ -109,7 +109,7 @@ locals { storage_instances = lookup(local.override[local.override_type], "storage_instances", local.config.storage_instances) storage_ssh_keys = lookup(local.override[local.override_type], "storage_ssh_keys", local.config.storage_ssh_keys) storage_subnets_cidr = lookup(local.override[local.override_type], "storage_subnets_cidr", local.config.storage_subnets_cidr) - vpc = lookup(local.override[local.override_type], "vpc", local.config.vpc) + vpc_name = lookup(local.override[local.override_type], "vpc_name", local.config.vpc_name) vpn_peer_address = lookup(local.override[local.override_type], "vpn_peer_address", local.config.vpn_peer_address) vpn_peer_cidr = lookup(local.override[local.override_type], "vpn_peer_cidr", local.config.vpn_peer_cidr) vpn_preshared_key = lookup(local.override[local.override_type], "vpn_preshared_key", local.config.vpn_preshared_key) diff --git a/solutions/symphony/main.tf b/solutions/symphony/main.tf index d2ba6cea..b93d7c11 100644 --- a/solutions/symphony/main.tf +++ b/solutions/symphony/main.tf @@ -1,17 +1,15 @@ module "symphony" { source = "./../.." - scheduler = "symphony" + scheduler = "Symphony" ibm_customer_number = var.ibm_customer_number - zones = [var.zone] + zones = var.zones allowed_cidr = var.allowed_cidr prefix = local.env.prefix ssh_keys = local.env.ssh_keys - resource_group = local.env.resource_group + existing_resource_group = local.env.existing_resource_group deployer_instance_profile = local.env.deployer_instance_profile bastion_ssh_keys = local.env.bastion_ssh_keys bastion_subnets_cidr = [local.env.bastion_subnets_cidr] - compute_gui_password = local.env.compute_gui_password - compute_gui_username = local.env.compute_gui_username compute_ssh_keys = local.env.compute_ssh_keys compute_subnets_cidr = [local.env.compute_subnets_cidr] cos_instance_name = local.env.cos_instance_name @@ -26,24 +24,27 @@ module "symphony" { enable_vpc_flow_logs = local.env.enable_vpc_flow_logs enable_vpn = local.env.enable_vpn file_shares = local.env.file_shares - hpcs_instance_name = local.env.hpcs_instance_name key_management = local.env.key_management client_instances = local.env.client_instances client_ssh_keys = local.env.client_ssh_keys - client_subnets_cidr = [local.env.client_subnets_cidr] management_instances = local.env.management_instances network_cidr = local.env.network_cidr placement_strategy = local.env.placement_strategy protocol_instances = local.env.protocol_instances protocol_subnets_cidr = [local.env.protocol_subnets_cidr] static_compute_instances = local.env.static_compute_instances - storage_gui_password = local.env.storage_gui_password - storage_gui_username = local.env.storage_gui_username storage_instances = local.env.storage_instances storage_ssh_keys = local.env.storage_ssh_keys storage_subnets_cidr = [local.env.storage_subnets_cidr] - vpc = local.env.vpc + vpc_name = local.env.vpc_name vpn_peer_address = local.env.vpn_peer_address vpn_peer_cidr = local.env.vpn_peer_cidr vpn_preshared_key = local.env.vpn_preshared_key + + # compute_gui_password = local.env.compute_gui_password + # compute_gui_username = local.env.compute_gui_username + # hpcs_instance_name = local.env.hpcs_instance_name + # client_subnets_cidr = [local.env.client_subnets_cidr] + # storage_gui_password = local.env.storage_gui_password + # storage_gui_username = local.env.storage_gui_username } diff --git a/solutions/symphony/outputs.tf b/solutions/symphony/outputs.tf index de3bde19..7affaab0 100644 --- a/solutions/symphony/outputs.tf +++ b/solutions/symphony/outputs.tf @@ -1,3 +1,4 @@ output "symphony" { - value = module.symphony + description = "Symphony details" + value = module.symphony } diff --git a/solutions/symphony/override.json b/solutions/symphony/override.json index 585d1a8e..78c15f67 100644 --- a/solutions/symphony/override.json +++ b/solutions/symphony/override.json @@ -1,95 +1,95 @@ { - "prefix":"symphony", - "resource_group": "Default", - "vpc": null, - "network_cidr":"10.0.0.0/8", - "placement_strategy":null, - "ssh_keys":null, - "enable_bastion":true, - "enable_deployer":false, - "deployer_instance_profile":"mx2-4x32", + "prefix": "symphony", + "existing_resource_group": "Default", + "vpc_name": null, + "network_cidr": "10.0.0.0/8", + "placement_strategy": null, + "ssh_keys": null, + "enable_bastion": true, + "enable_deployer": false, + "deployer_instance_profile": "mx2-4x32", "bastion_ssh_keys": null, - "bastion_subnets_cidr":"10.0.0.0/24", - "enable_vpn":false, - "vpn_peer_cidr":null, - "vpn_peer_address":null, - "vpn_preshared_key":null, - "client_subnets_cidr":"10.10.10.0/24", + "bastion_subnets_cidr": "10.0.0.0/24", + "enable_vpn": false, + "vpn_peer_cidr": null, + "vpn_peer_address": null, + "vpn_preshared_key": null, + "client_subnets_cidr": "10.10.10.0/24", "client_ssh_keys": null, - "client_instances":[ + "client_instances": [ { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "compute_subnets_cidr":"10.10.20.0/24", + "compute_subnets_cidr": "10.10.20.0/24", "compute_ssh_keys": null, - "management_instances":[ + "management_instances": [ { - "profile":"cx2-2x4", - "count":3, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 3, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "static_compute_instances":[ + "static_compute_instances": [ { - "profile":"cx2-2x4", - "count":0, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 0, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "dynamic_compute_instances":[ + "dynamic_compute_instances": [ { - "profile":"cx2-2x4", - "count":5000, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 5000, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "compute_gui_username":"admin", + "compute_gui_username": "admin", "compute_gui_password": "hpc@IBMCloud", - "storage_subnets_cidr":"10.10.30.0/24", + "storage_subnets_cidr": "10.10.30.0/24", "storage_ssh_keys": null, - "storage_instances":[ + "storage_instances": [ { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "protocol_subnets_cidr":"10.10.40.0/24", - "protocol_instances":[ + "protocol_subnets_cidr": "10.10.40.0/24", + "protocol_instances": [ { - "profile":"cx2-2x4", - "count":2, - "image":"ibm-redhat-8-10-minimal-amd64-2" + "profile": "cx2-2x4", + "count": 2, + "image": "ibm-redhat-8-10-minimal-amd64-2" } ], - "storage_gui_username":"admin", + "storage_gui_username": "admin", "storage_gui_password": "hpc@IBMCloud", - "file_shares":[ + "file_shares": [ { - "mount_path":"/mnt/binaries", - "size":100, - "iops":1000 + "mount_path": "/mnt/binaries", + "size": 100, + "iops": 1000 }, { - "mount_path":"/mnt/data", - "size":100, - "iops":1000 + "mount_path": "/mnt/data", + "size": 100, + "iops": 1000 } ], - "dns_instance_id":null, - "dns_custom_resolver_id":null, - "dns_domain_names":{ - "compute":"comp.com", - "storage":"strg.com", - "protocol":"ces.com" + "dns_instance_id": null, + "dns_custom_resolver_id": null, + "dns_domain_names": { + "compute": "comp.com", + "storage": "strg.com", + "protocol": "ces.com" }, - "enable_cos_integration":true, - "cos_instance_name":null, - "enable_atracker":true, - "enable_vpc_flow_logs":true, - "key_management":"key_protect", - "hpcs_instance_name":null + "enable_cos_integration": true, + "cos_instance_name": null, + "enable_atracker": true, + "enable_vpc_flow_logs": true, + "key_management": "key_protect", + "hpcs_instance_name": null } diff --git a/solutions/symphony/variables.tf b/solutions/symphony/variables.tf index f7fe9167..a455c903 100644 --- a/solutions/symphony/variables.tf +++ b/solutions/symphony/variables.tf @@ -23,9 +23,10 @@ variable "ibmcloud_api_key" { ############################################################################## # Cluster Level Variables ############################################################################## -variable "zone" { - type = string - description = "Zone where VPC will be created." +variable "zones" { + type = list(string) + default = ["us-south-1", "us-south-2", "us-south-3"] + description = "Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions." } variable "ssh_keys" { @@ -52,7 +53,7 @@ variable "prefix" { ############################################################################## # Resource Groups Variables ############################################################################## -variable "resource_group" { +variable "existing_resource_group" { type = string default = "Default" description = "String describing resource groups to create or reference" @@ -62,7 +63,7 @@ variable "resource_group" { ############################################################################## # VPC Variables ############################################################################## -variable "vpc" { +variable "vpc_name" { type = string default = null description = "Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc)" diff --git a/solutions/symphony/version.tf b/solutions/symphony/version.tf index e081bcc1..93f82bed 100644 --- a/solutions/symphony/version.tf +++ b/solutions/symphony/version.tf @@ -1,14 +1,10 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" version = ">= 1.68.1, < 2.0.0" } - ansible = { - source = "ansible/ansible" - version = "~> 1.3.0" - } } } diff --git a/tools/image-builder/locals.tf b/tools/image-builder/locals.tf index 5c9dbe7b..431fc4ab 100644 --- a/tools/image-builder/locals.tf +++ b/tools/image-builder/locals.tf @@ -8,8 +8,8 @@ locals { vpc_id = var.vpc_name == null ? module.landing_zone.vpc_data[0].vpc_id : data.ibm_is_vpc.existing_vpc[0].id # Resource group calculation # If user defined then use existing else create new - create_resource_group = var.resource_group == "null" ? true : false - resource_groups = var.resource_group == "null" ? [ + create_resource_group = var.existing_resource_group == "null" ? true : false + resource_groups = var.existing_resource_group == "null" ? [ { name = "${local.prefix}-service-rg", create = local.create_resource_group, @@ -22,12 +22,12 @@ locals { } ] : [ { - name = var.resource_group, + name = var.existing_resource_group, create = local.create_resource_group } ] # For the variables looking for resource group names only (transit_gateway, key_management, atracker) - resource_group = var.resource_group == "null" ? "${local.prefix}-service-rg" : var.resource_group + resource_group = var.existing_resource_group == "null" ? "${local.prefix}-service-rg" : var.existing_resource_group region = join("-", slice(split("-", var.zones[0]), 0, 2)) zones = ["zone-1", "zone-2", "zone-3"] active_zones = [ @@ -93,7 +93,7 @@ locals { } ] : null prefix = local.name - resource_group = var.resource_group == "null" ? "${local.prefix}-workload-rg" : var.resource_group + resource_group = var.existing_resource_group == "null" ? "${local.prefix}-workload-rg" : var.existing_resource_group clean_default_security_group = true clean_default_acl = true # flow_logs_bucket_name = var.enable_vpc_flow_logs ? "vpc-flow-logs-bucket" : null @@ -150,8 +150,8 @@ locals { packer_floating_ip = var.enable_fip ? local.packer_vsi_data[0]["floating_ip"] : null packer_resource_groups = { - service_rg = var.resource_group == "null" ? module.landing_zone.resource_group_data["${var.prefix}-service-rg"] : one(values(module.landing_zone.resource_group_data)) - workload_rg = var.resource_group == "null" ? module.landing_zone.resource_group_data["${var.prefix}-workload-rg"] : one(values(module.landing_zone.resource_group_data)) + service_rg = var.existing_resource_group == "null" ? module.landing_zone.resource_group_data["${var.prefix}-service-rg"] : one(values(module.landing_zone.resource_group_data)) + workload_rg = var.existing_resource_group == "null" ? module.landing_zone.resource_group_data["${var.prefix}-workload-rg"] : one(values(module.landing_zone.resource_group_data)) } vsi = [] @@ -163,7 +163,7 @@ locals { vpc_name = local.name subnet_name = (var.vpc_name != null && var.subnet_id != null) ? data.ibm_is_subnet.existing_subnet[0].name : "subnet" mode = "policy" - resource_group = var.resource_group == "null" ? "${local.prefix}-service-rg" : var.resource_group + resource_group = var.existing_resource_group == "null" ? "${local.prefix}-service-rg" : var.existing_resource_group } ] : [] diff --git a/tools/image-builder/main.tf b/tools/image-builder/main.tf index 65396615..3c1433d2 100644 --- a/tools/image-builder/main.tf +++ b/tools/image-builder/main.tf @@ -1,6 +1,6 @@ module "landing_zone" { source = "terraform-ibm-modules/landing-zone/ibm" - version = "5.27.0" + version = "7.3.1" prefix = local.prefix region = local.region tags = local.tags @@ -75,7 +75,7 @@ data "local_file" "encoded_compute_content" { module "packer_vsi" { source = "terraform-ibm-modules/landing-zone-vsi/ibm" - version = "4.0.1" + version = "4.6.0" vsi_per_subnet = 1 image_id = local.packer_image_id machine_type = local.packer_machine_type diff --git a/tools/image-builder/template_files.tf b/tools/image-builder/template_files.tf index 30874ad7..c112055c 100644 --- a/tools/image-builder/template_files.tf +++ b/tools/image-builder/template_files.tf @@ -13,11 +13,11 @@ data "template_file" "packer_user_data" { encoded_compute = data.local_file.encoded_compute_content.content target_dir = "/var" prefix = var.prefix - cluster_id = var.cluster_id + cluster_name = var.cluster_name reservation_id = var.reservation_id catalog_validate_ssh_key = var.ssh_keys[0] zones = join(",", var.zones) - resource_group = var.resource_group + existing_resource_group = var.existing_resource_group private_catalog_id = var.private_catalog_id } } diff --git a/tools/image-builder/templates/packer_user_data.tpl b/tools/image-builder/templates/packer_user_data.tpl index 9ed0385a..cd0e8bd0 100644 --- a/tools/image-builder/templates/packer_user_data.tpl +++ b/tools/image-builder/templates/packer_user_data.tpl @@ -109,7 +109,7 @@ curl -fsSL https://clis.cloud.ibm.com/install/linux | sh ibmcloud plugin install infrastructure-service ibmcloud login --apikey ${ibm_api_key} -r ${vpc_region} echo "========== Uploading SSH key to IBM cloud =========" -ibmcloud is key-create $CICD_SSH_KEY @/HPCaaS/artifacts/.ssh/id_rsa.pub --resource-group-name ${resource_group} +ibmcloud is key-create $CICD_SSH_KEY @/HPCaaS/artifacts/.ssh/id_rsa.pub --resource-group-name ${existing_resource_group} cd /HPCaaS/terraform-ibm-hpc/tools/tests git submodule update --init @@ -130,9 +130,9 @@ echo "========== Executing Go function to validate the image through HPC deploym export TF_VAR_ibmcloud_api_key=${ibm_api_key} if [ "${private_catalog_id}" ]; then - PREFIX=${prefix} CLUSTER_ID=${cluster_id} RESERVATION_ID=${reservation_id} SSH_FILE_PATH="/HPCaaS/artifacts/.ssh/id_rsa" REMOTE_ALLOWED_IPS=$PACKER_FIP SSH_KEYS=$CICD_SSH_KEY CATALOG_VALIDATE_SSH_KEY=${catalog_validate_ssh_key} ZONES=${zones} RESOURCE_GROUP=${resource_group} COMPUTE_IMAGE_NAME=${image_name} PRIVATE_CATALOG_ID=${private_catalog_id} VPC_ID=${vpc_id} SUBNET_ID=${vpc_subnet_id} SOURCE_IMAGE_NAME=${source_image_name} go test -v -timeout 900m -parallel 4 -run "TestRunHpcDeploymentForCustomImageBuilder" | tee hpc_log_$(date +%d-%m-%Y-%H-%M-%S).log + PREFIX=${prefix} CLUSTER_NAME=${cluster_name} RESERVATION_ID=${reservation_id} SSH_FILE_PATH="/HPCaaS/artifacts/.ssh/id_rsa" REMOTE_ALLOWED_IPS=$PACKER_FIP SSH_KEYS=$CICD_SSH_KEY CATALOG_VALIDATE_SSH_KEY=${catalog_validate_ssh_key} ZONES=${zones} EXISTING_RESOURCE_GROUP=${existing_resource_group} COMPUTE_IMAGE_NAME=${image_name} PRIVATE_CATALOG_ID=${private_catalog_id} VPC_ID=${vpc_id} SUBNET_ID=${vpc_subnet_id} SOURCE_IMAGE_NAME=${source_image_name} go test -v -timeout 900m -parallel 4 -run "TestRunHpcDeploymentForCustomImageBuilder" | tee hpc_log_$(date +%d-%m-%Y-%H-%M-%S).log else - PREFIX=${prefix} CLUSTER_ID=${cluster_id} RESERVATION_ID=${reservation_id} SSH_FILE_PATH="/HPCaaS/artifacts/.ssh/id_rsa" REMOTE_ALLOWED_IPS=$PACKER_FIP SSH_KEYS=$CICD_SSH_KEY ZONES=${zones} RESOURCE_GROUP=${resource_group} COMPUTE_IMAGE_NAME=${image_name} SOURCE_IMAGE_NAME=${source_image_name} go test -v -timeout 900m -parallel 4 -run "TestRunHpcDeploymentForCustomImageBuilder" | tee hpc_log_$(date +%d-%m-%Y-%H-%M-%S).log + PREFIX=${prefix} CLUSTER_NAME=${cluster_name} RESERVATION_ID=${reservation_id} SSH_FILE_PATH="/HPCaaS/artifacts/.ssh/id_rsa" REMOTE_ALLOWED_IPS=$PACKER_FIP SSH_KEYS=$CICD_SSH_KEY ZONES=${zones} EXISTING_RESOURCE_GROUP=${existing_resource_group} COMPUTE_IMAGE_NAME=${image_name} SOURCE_IMAGE_NAME=${source_image_name} go test -v -timeout 900m -parallel 4 -run "TestRunHpcDeploymentForCustomImageBuilder" | tee hpc_log_$(date +%d-%m-%Y-%H-%M-%S).log fi echo "========== Deleting the SSH key =========" diff --git a/tools/image-builder/variables.tf b/tools/image-builder/variables.tf index b4a63fe5..e044ede0 100644 --- a/tools/image-builder/variables.tf +++ b/tools/image-builder/variables.tf @@ -16,7 +16,7 @@ variable "ibmcloud_api_key" { # Resource Groups Variables ############################################################################## -variable "resource_group" { +variable "existing_resource_group" { description = "Specify the existing resource group name from your IBM Cloud account where the VPC resources should be deployed. By default, the resource group name is set to 'Default.' Note that in some older accounts, the resource group name may be 'default,' so please validate the resource_group name before deployment. If the resource group value is set to the string \"null\", the automation will create two different resource groups named 'workload-rg' and 'service-rg.' For more information on resource groups, refer to Managing resource groups." type = string default = "Default" @@ -188,11 +188,11 @@ variable "enable_fip" { } # tflint-ignore: terraform_unused_declarations -variable "cluster_id" { +variable "cluster_name" { type = string description = "Ensure that you have received the cluster ID from IBM technical sales. A unique identifer for HPC cluster used by IBM Cloud HPC to differentiate different HPC clusters within the same reservations. This can be up to 39 alphanumeric characters including the underscore (_), the hyphen (-), and the period (.) characters. You cannot change the cluster ID after deployment." validation { - condition = 0 < length(var.cluster_id) && length(var.cluster_id) < 40 && can(regex("^[a-zA-Z0-9_.-]+$", var.cluster_id)) + condition = 0 < length(var.cluster_name) && length(var.cluster_name) < 40 && can(regex("^[a-zA-Z0-9_.-]+$", var.cluster_name)) error_message = "The Cluster ID can be up to 39 alphanumeric characters including the underscore (_), the hyphen (-), and the period (.) characters. Other special characters and spaces are not allowed." } } diff --git a/tools/image-builder/version.tf b/tools/image-builder/version.tf index c02c9667..0fa51187 100644 --- a/tools/image-builder/version.tf +++ b/tools/image-builder/version.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" diff --git a/variables.tf b/variables.tf index 78029634..2b1de5c2 100644 --- a/variables.tf +++ b/variables.tf @@ -55,7 +55,7 @@ variable "allowed_cidr" { description = "Network CIDR to access the VPC. This is used to manage network ACL rules for accessing the cluster." } -variable "resource_group" { +variable "existing_resource_group" { type = string default = "Default" description = "String describing resource groups to create or reference" @@ -65,7 +65,7 @@ variable "resource_group" { ############################################################################## # VPC Variables ############################################################################## -variable "vpc" { +variable "vpc_name" { type = string default = null description = "Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc)" @@ -167,7 +167,6 @@ variable "deployer_instance_profile" { description = "Deployer should be only used for better deployment performance" } - ############################################################################## # Compute Variables ############################################################################## @@ -177,11 +176,11 @@ variable "client_subnets" { description = "Name of an existing subnets in which the cluster resources will be deployed. If no value is given, then new subnet(s) will be provisioned for the cluster. [Learn more](https://cloud.ibm.com/docs/vpc)" } -variable "client_subnets_cidr" { - type = list(string) - default = ["10.10.10.0/24", "10.20.10.0/24", "10.30.10.0/24"] - description = "Subnet CIDR block to launch the client host." -} +# variable "client_subnets_cidr" { +# type = list(string) +# default = ["10.10.10.0/24", "10.20.10.0/24", "10.30.10.0/24"] +# description = "Subnet CIDR block to launch the client host." +# } variable "client_ssh_keys" { type = list(string) @@ -271,19 +270,19 @@ variable "dynamic_compute_instances" { description = "MaxNumber of instances to be launched for compute cluster." } -variable "compute_gui_username" { - type = string - default = "admin" - sensitive = true - description = "GUI user to perform system management and monitoring tasks on compute cluster." -} +# variable "compute_gui_username" { +# type = string +# default = "admin" +# sensitive = true +# description = "GUI user to perform system management and monitoring tasks on compute cluster." +# } -variable "compute_gui_password" { - type = string - default = "hpc@IBMCloud" - sensitive = true - description = "Password for compute cluster GUI" -} +# variable "compute_gui_password" { +# type = string +# default = "hpc@IBMCloud" +# sensitive = true +# description = "Password for compute cluster GUI" +# } ############################################################################## # Storage Variables @@ -352,25 +351,25 @@ variable "protocol_instances" { description = "Number of instances to be launched for protocol hosts." } -variable "colocate_protocol_instances" { - type = bool - default = true - description = "Enable it to use storage instances as protocol instances" -} +# variable "colocate_protocol_instances" { +# type = bool +# default = true +# description = "Enable it to use storage instances as protocol instances" +# } -variable "storage_gui_username" { - type = string - default = "admin" - sensitive = true - description = "GUI user to perform system management and monitoring tasks on storage cluster." -} +# variable "storage_gui_username" { +# type = string +# default = "admin" +# sensitive = true +# description = "GUI user to perform system management and monitoring tasks on storage cluster." +# } -variable "storage_gui_password" { - type = string - default = "hpc@IBMCloud" - sensitive = true - description = "Password for storage cluster GUI" -} +# variable "storage_gui_password" { +# type = string +# default = "hpc@IBMCloud" +# sensitive = true +# description = "Password for storage cluster GUI" +# } variable "nsd_details" { type = list( @@ -458,11 +457,11 @@ variable "kms_key_name" { description = "Provide the existing kms key name that you want to use for the IBM Cloud HPC cluster. Note: kms_key_name to be considered only if key_management value is set as key_protect.(for example kms_key_name: my-encryption-key)." } -variable "hpcs_instance_name" { - type = string - default = null - description = "Hyper Protect Crypto Service instance" -} +# variable "hpcs_instance_name" { +# type = string +# default = null +# description = "Hyper Protect Crypto Service instance" +# } variable "skip_flowlogs_s2s_auth_policy" { type = bool @@ -506,123 +505,123 @@ variable "enable_vpc_flow_logs" { ############################################################################## # Scale specific Variables ############################################################################## -variable "filesystem_config" { - type = list( - object({ - filesystem = string - block_size = string - default_data_replica = number - default_metadata_replica = number - max_data_replica = number - max_metadata_replica = number - mount_point = string - }) - ) - default = null - description = "File system configurations." -} +# variable "filesystem_config" { +# type = list( +# object({ +# filesystem = string +# block_size = string +# default_data_replica = number +# default_metadata_replica = number +# max_data_replica = number +# max_metadata_replica = number +# mount_point = string +# }) +# ) +# default = null +# description = "File system configurations." +# } -variable "filesets_config" { - type = list( - object({ - fileset = string - filesystem = string - junction_path = string - client_mount_path = string - quota = number - }) - ) - default = null - description = "Fileset configurations." -} +# variable "filesets_config" { +# type = list( +# object({ +# fileset = string +# filesystem = string +# junction_path = string +# client_mount_path = string +# quota = number +# }) +# ) +# default = null +# description = "Fileset configurations." +# } -variable "afm_instances" { - type = list( - object({ - profile = string - count = number - image = string - }) - ) - default = [{ - profile = "bx2-2x8" - count = 0 - image = "ibm-redhat-8-10-minimal-amd64-2" - }] - description = "Number of instances to be launched for afm hosts." -} +# variable "afm_instances" { +# type = list( +# object({ +# profile = string +# count = number +# image = string +# }) +# ) +# default = [{ +# profile = "bx2-2x8" +# count = 0 +# image = "ibm-redhat-8-10-minimal-amd64-2" +# }] +# description = "Number of instances to be launched for afm hosts." +# } -variable "afm_cos_config" { - type = list( - object({ - afm_fileset = string, - mode = string, - cos_instance = string, - bucket_name = string, - bucket_region = string, - cos_service_cred_key = string, - bucket_type = string, - bucket_storage_class = string - }) - ) - default = null - description = "AFM configurations." -} +# variable "afm_cos_config" { +# type = list( +# object({ +# afm_fileset = string, +# mode = string, +# cos_instance = string, +# bucket_name = string, +# bucket_region = string, +# cos_service_cred_key = string, +# bucket_type = string, +# bucket_storage_class = string +# }) +# ) +# default = null +# description = "AFM configurations." +# } ############################################################################## # LSF specific Variables ############################################################################## -variable "cluster_id" { - type = string - default = "HPCCluster" - description = "Unique ID of the cluster used by LSF for configuration of resources. This can be up to 39 alphanumeric characters." - validation { - condition = 0 < length(var.cluster_id) && length(var.cluster_id) < 40 && can(regex("^[a-zA-Z0-9_.-]+$", var.cluster_id)) - error_message = "The ID can be up to 39 alphanumeric characters including the underscore (_), the hyphen (-), and the period (.) characters." - } -} +# variable "cluster_id" { +# type = string +# default = "HPCCluster" +# description = "Unique ID of the cluster used by LSF for configuration of resources. This can be up to 39 alphanumeric characters." +# validation { +# condition = 0 < length(var.cluster_id) && length(var.cluster_id) < 40 && can(regex("^[a-zA-Z0-9_.-]+$", var.cluster_id)) +# error_message = "The ID can be up to 39 alphanumeric characters including the underscore (_), the hyphen (-), and the period (.) characters." +# } +# } -variable "enable_hyperthreading" { - type = bool - default = true - description = "Setting this to true will enable hyper-threading in the worker nodes of the cluster (default). Otherwise, hyper-threading will be disabled." -} +# variable "enable_hyperthreading" { +# type = bool +# default = true +# description = "Setting this to true will enable hyper-threading in the worker nodes of the cluster (default). Otherwise, hyper-threading will be disabled." +# } -variable "enable_dedicated_host" { - type = bool - default = false - description = "Set to true to use dedicated hosts for compute hosts (default: false)." -} +# variable "enable_dedicated_host" { +# type = bool +# default = false +# description = "Set to true to use dedicated hosts for compute hosts (default: false)." +# } -variable "dedicated_host_placement" { - type = string - default = "spread" - description = "Specify 'pack' or 'spread'. The 'pack' option will deploy VSIs on one dedicated host until full before moving on to the next dedicated host." - validation { - condition = var.dedicated_host_placement == "spread" || var.dedicated_host_placement == "pack" - error_message = "Supported values for dedicated_host_placement: spread or pack." - } -} +# variable "dedicated_host_placement" { +# type = string +# default = "spread" +# description = "Specify 'pack' or 'spread'. The 'pack' option will deploy VSIs on one dedicated host until full before moving on to the next dedicated host." +# validation { +# condition = var.dedicated_host_placement == "spread" || var.dedicated_host_placement == "pack" +# error_message = "Supported values for dedicated_host_placement: spread or pack." +# } +# } -variable "enable_app_center" { - type = bool - default = false - description = "Set to true to install and enable use of the IBM Spectrum LSF Application Center GUI." -} +# variable "enable_app_center" { +# type = bool +# default = false +# description = "Set to true to install and enable use of the IBM Spectrum LSF Application Center GUI." +# } -variable "app_center_gui_password" { - type = string - default = "hpc@IBMCloud" - sensitive = true - description = "Password for IBM Spectrum LSF Application Center GUI." -} +# variable "app_center_gui_password" { +# type = string +# default = "hpc@IBMCloud" +# sensitive = true +# description = "Password for IBM Spectrum LSF Application Center GUI." +# } -variable "app_center_db_password" { - type = string - default = "hpc@IBMCloud" - sensitive = true - description = "Password for IBM Spectrum LSF Application Center database GUI." -} +# variable "app_center_db_password" { +# type = string +# default = "hpc@IBMCloud" +# sensitive = true +# description = "Password for IBM Spectrum LSF Application Center database GUI." +# } ############################################################################## # Symphony specific Variables @@ -632,97 +631,6 @@ variable "app_center_db_password" { # Slurm specific Variables ############################################################################## -############################################################################## -# Landing Zone Variables -############################################################################## -variable "clusters" { - default = null - description = "A list describing clusters workloads to create" - type = list( - object({ - name = string # Name of Cluster - vpc_name = string # Name of VPC - subnet_names = list(string) # List of vpc subnets for cluster - workers_per_subnet = number # Worker nodes per subnet. - machine_type = string # Worker node flavor - kube_type = string # iks or openshift - kube_version = optional(string) # Can be a version from `ibmcloud ks versions` or `default` - entitlement = optional(string) # entitlement option for openshift - secondary_storage = optional(string) # Secondary storage type - pod_subnet = optional(string) # Portable subnet for pods - service_subnet = optional(string) # Portable subnet for services - resource_group = string # Resource Group used for cluster - cos_name = optional(string) # Name of COS instance Required only for OpenShift clusters - access_tags = optional(list(string), []) - boot_volume_crk_name = optional(string) # Boot volume encryption key name - disable_public_endpoint = optional(bool, true) # disable cluster public, leaving only private endpoint - disable_outbound_traffic_protection = optional(bool, false) # public outbound access from the cluster workers - cluster_force_delete_storage = optional(bool, false) # force the removal of persistent storage associated with the cluster during cluster deletion - operating_system = string # The operating system of the workers in the default worker pool. See https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions#openshift_versions_available . - kms_wait_for_apply = optional(bool, true) # make terraform wait until KMS is applied to master and it is ready and deployed - verify_cluster_network_readiness = optional(bool, true) # Flag to run a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false. - use_ibm_cloud_private_api_endpoints = optional(bool, true) # Flag to force all cluster related api calls to use the IBM Cloud private endpoints. - import_default_worker_pool_on_create = optional(bool) # (Advanced users) Whether to handle the default worker pool as a stand-alone ibm_container_vpc_worker_pool resource on cluster creation. Only set to false if you understand the implications of managing the default worker pool as part of the cluster resource. Set to true to import the default worker pool as a separate resource. Set to false to manage the default worker pool as part of the cluster resource. - allow_default_worker_pool_replacement = optional(bool) # (Advanced users) Set to true to allow the module to recreate a default worker pool. Only use in the case where you are getting an error indicating that the default worker pool cannot be replaced on apply. Once the default worker pool is handled as a stand-alone ibm_container_vpc_worker_pool, if you wish to make any change to the default worker pool which requires the re-creation of the default pool set this variable to true - labels = optional(map(string)) # A list of labels that you want to add to the default worker pool. - addons = optional(object({ # Map of OCP cluster add-on versions to install - debug-tool = optional(string) - image-key-synchronizer = optional(string) - openshift-data-foundation = optional(string) - vpc-file-csi-driver = optional(string) - static-route = optional(string) - cluster-autoscaler = optional(string) - vpc-block-csi-driver = optional(string) - ibm-storage-operator = optional(string) - }), {}) - manage_all_addons = optional(bool, false) # Instructs Terraform to manage all cluster addons, even if addons were installed outside of the module. If set to 'true' this module will destroy any addons that were installed by other sources. - kms_config = optional( - object({ - crk_name = string # Name of key - private_endpoint = optional(bool) # Private endpoint - }) - ) - worker_pools = optional( - list( - object({ - name = string # Worker pool name - vpc_name = string # VPC name - workers_per_subnet = number # Worker nodes per subnet - flavor = string # Worker node flavor - subnet_names = list(string) # List of vpc subnets for worker pool - entitlement = optional(string) # entitlement option for openshift - secondary_storage = optional(string) # Secondary storage type - boot_volume_crk_name = optional(string) # Boot volume encryption key name - operating_system = string # The operating system of the workers in the worker pool. See https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions#openshift_versions_available . - labels = optional(map(string)) # A list of labels that you want to add to all the worker nodes in the worker pool. - }) - ) - ) - }) - ) -} - -############################################################################## -# Terraform generic Variables -############################################################################## -variable "TF_PARALLELISM" { - type = string - default = "250" - description = "Limit the number of concurrent operation." -} - -variable "TF_VERSION" { - type = string - default = "1.9" - description = "The version of the Terraform engine that's used in the Schematics workspace." -} - -variable "TF_LOG" { - type = string - default = "ERROR" - description = "The Terraform log level used for output in the Schematics workspace." -} - ############################################################################## # Observability Variables ############################################################################## @@ -783,11 +691,11 @@ variable "observability_logs_retention_period" { } } -variable "observability_monitoring_on_compute_nodes_enable" { - description = "Set false to disable IBM Cloud Monitoring integration. If enabled, infrastructure metrics from Compute Nodes will be ingested." - type = bool - default = false -} +# variable "observability_monitoring_on_compute_nodes_enable" { +# description = "Set false to disable IBM Cloud Monitoring integration. If enabled, infrastructure metrics from Compute Nodes will be ingested." +# type = bool +# default = false +# } variable "observability_monitoring_plan" { description = "Type of service plan for IBM Cloud Monitoring instance. You can choose one of the following: lite, graduated-tier. For all details visit [IBM Cloud Monitoring Service Plans](https://cloud.ibm.com/docs/monitoring?topic=monitoring-service_plans)." @@ -855,49 +763,23 @@ variable "enable_landing_zone" { description = "Run landing zone module." } -variable "vpc_id" { - type = string - default = null - description = "ID of an existing VPC in which the cluster resources will be deployed." -} - -variable "bastion_fip" { - type = string - default = null - description = "bastion fip" -} - -variable "compute_public_key_content" { - type = string - sensitive = true - default = null - description = "Compute security key content." -} - -variable "compute_private_key_content" { - type = string - sensitive = true - default = null - description = "Compute security key content." -} - variable "enable_atracker" { type = bool default = false description = "Enable Activity tracker" } -variable "cloud_logs_data_bucket" { - type = list(string) - default = [] - description = "" -} +# variable "cloud_logs_data_bucket" { +# type = list(string) +# default = [] +# description = "" +# } -variable "cloud_metrics_data_bucket" { - type = list(string) - default = [] - description = "" -} +# variable "cloud_metrics_data_bucket" { +# type = list(string) +# default = [] +# description = "" +# } variable "bastion_security_group_id" { type = string @@ -915,4 +797,4 @@ variable "deployer_ip" { type = string default = null description = "deployer node ip" -} \ No newline at end of file +} diff --git a/version.tf b/version.tf index 834c7c72..7615eacf 100644 --- a/version.tf +++ b/version.tf @@ -3,25 +3,16 @@ ############################################################################## terraform { - required_version = ">= 1.3" - # Use "greater than or equal to" range for root level modules + required_version = ">= 1.9.0" required_providers { ibm = { source = "IBM-Cloud/ibm" version = ">= 1.68.1, < 2.0.0" } - random = { - source = "hashicorp/random" - version = ">= 3.4.3, < 4.0.0" - } time = { source = "hashicorp/time" version = ">= 0.9.1, < 1.0.0" } - ansible = { - source = "ansible/ansible" - version = "~> 1.3.0" - } } }