Fixing vni resource group placement issue and custom image builder bug

ibm_catalog.json

@@ -372,7 +372,18 @@
                             "key": "worker_node_max_count"
                         },
                         {
-                            "key": "worker_node_instance_type"
+                            "key": "worker_node_instance_type",
+                            "type": "array",
+                            "default_value": "[\n  {\n    \"count\": 0,\n    \"instance_type\": \"bx2-4x16\"\n  },\n  {\n    \"count\": 0,\n    \"instance_type\": \"cx2-8x16\"\n  }\n]",
+                            "required": false,
+                            "custom_config": {
+                                "type": "json_editor",
+                                "grouping": "deployment",
+                                "original_grouping": "deployment",
+                                "config_constraints": {
+                                    "type": "mixed"
+                                }
+                            }
                         },
                         {
                             "key": "enable_dedicated_host"
@@ -396,7 +407,6 @@
                             "key": "custom_file_shares",
                             "type": "array",
                             "default_value": "[\n  {\n    \"mount_path\": \"/mnt/vpcstorage/tools\",\n    \"size\": 100,\n    \"iops\": 2000\n  },\n  {\n    \"mount_path\": \"/mnt/vpcstorage/data\",\n    \"size\": 100,\n    \"iops\": 6000\n  },\n  {\n    \"mount_path\": \"/mnt/scale/tools\",\n    \"nfs_share\": \"\"\n  }\n]\n",
-                            "display_name": "JSON",
                             "required": false,
                             "custom_config": {
                                 "type": "json_editor",
@@ -485,7 +495,6 @@
                         {
                             "key": "existing_bastion_ssh_private_key",
                             "type": "multiline_secure_value",
-                            "display_name": "Multiline secure value",
                             "required": false,
                             "custom_config": {
                                 "grouping": "deployment",

modules/bootstrap/datasource.tf

@@ -2,11 +2,6 @@ data "ibm_is_image" "bastion" {
   name = local.bastion_image_name
 }
 
-data "ibm_is_ssh_key" "bastion" {
-  for_each = toset(var.ssh_keys)
-  name     = each.key
-}
-
 # Existing Bastion details
 data "ibm_is_instance" "bastion_instance_name" {
   count = var.bastion_instance_name != null ? 1 : 0

modules/bootstrap/locals.tf

@@ -30,8 +30,6 @@ locals {
 
   bastion_image_id = data.ibm_is_image.bastion.id
 
-  bastion_ssh_keys = [for name in var.ssh_keys : data.ibm_is_ssh_key.bastion[name].id]
-
   bastion_sg_variable_cidr_list = var.network_cidr
   # Security group rules
   # TODO: Fix SG rules

modules/bootstrap/main.tf

@@ -45,7 +45,7 @@ module "existing_bastion_sg_update" {
 module "bastion_vsi" {
   count                         = var.bastion_instance_name != null ? 0 : 1
   source                        = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                       = "4.5.0"
+  version                       = "5.0.0"
   vsi_per_subnet                = 1
   create_security_group         = false
   security_group                = null
@@ -55,7 +55,7 @@ module "bastion_vsi" {
   resource_group_id             = var.resource_group
   enable_floating_ip            = true
   security_group_ids            = module.bastion_sg[*].security_group_id
-  ssh_key_ids                   = local.bastion_ssh_keys
+  ssh_key_ids                   = var.ssh_keys
   subnets                       = length(var.bastion_subnets) == 2 ? [local.bastion_subnets[1]] : [local.bastion_subnets[0]]
   tags                          = local.tags
   user_data                     = data.template_file.bastion_user_data.rendered

modules/landing_zone/main.tf

@@ -1,7 +1,7 @@
 module "landing_zone" {
   count                                  = var.enable_landing_zone ? 1 : 0
   source                                 = "terraform-ibm-modules/landing-zone/ibm"
-  version                                = "6.6.3"
+  version                                = "7.4.3"
   prefix                                 = local.prefix
   region                                 = local.region
   tags                                   = local.tags

modules/landing_zone_vsi/datasource.tf

@@ -13,11 +13,6 @@ data "ibm_is_image" "login" {
   count = local.login_image_mapping_entry_found ? 0 : 1
 }
 
-data "ibm_is_ssh_key" "compute" {
-  for_each = toset(var.compute_ssh_keys)
-  name     = each.key
-}
-
 data "ibm_is_region" "region" {
   name = local.region
 }
@@ -30,11 +25,6 @@ data "ibm_is_instance_profile" "worker_node" {
   name = var.worker_node_instance_type[0].instance_type
 }
 
-data "ibm_is_ssh_key" "bastion" {
-  for_each = toset(var.ssh_keys)
-  name     = each.key
-}
-
 data "ibm_is_image" "ldap_vsi_image" {
   name  = var.ldap_vsi_osimage_name
   count = var.ldap_basedns != null && var.ldap_server == "null" ? 1 : 0

modules/landing_zone_vsi/locals.tf

@@ -12,8 +12,6 @@ locals {
   login_node_name               = format("%s-%s", local.prefix, "login")
   management_node_name          = format("%s-%s", local.prefix, "mgmt")
   worker_node_name              = format("%s-%s", local.prefix, "worker")
-  compute_ssh_keys              = [for name in var.compute_ssh_keys : data.ibm_is_ssh_key.compute[name].id]
-  management_ssh_keys           = local.compute_ssh_keys
   ldap_enable                   = var.enable_ldap == true && var.ldap_server == "null" ? 1 : 0
   #  enable_worker_vsi             = var.solution == "lsf" && var.worker_node_min_count >= 0 ? var.worker_node_min_count : 0
   # products = var.solution == "lsf" && var.enable_app_center ? "lsf,lsf-app-center" : "lsf"
@@ -141,7 +139,6 @@ locals {
   rc_profile             = data.ibm_is_instance_profile.worker_node.name
 
   bastion_subnets        = var.bastion_subnets
-  bastion_ssh_keys       = [for name in var.ssh_keys : data.ibm_is_ssh_key.bastion[name].id]
   ldap_server            = var.enable_ldap == true && var.ldap_server == "null" ? length(module.ldap_vsi) > 0 ? var.ldap_primary_ip[0] : null : var.ldap_server
   ldap_server_cert       = var.enable_ldap == true && var.ldap_server_cert != "null" ? var.ldap_server_cert : "null"
   ldap_instance_image_id = var.enable_ldap == true && var.ldap_server == "null" ? data.ibm_is_image.ldap_vsi_image[0].id : "null"

modules/landing_zone_vsi/main.tf

@@ -57,7 +57,7 @@ module "nfs_storage_sg" {
 module "management_vsi" {
   count                         = 1
   source                        = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                       = "4.5.0"
+  version                       = "5.0.0"
   vsi_per_subnet                = 1
   create_security_group         = false
   security_group                = null
@@ -67,7 +67,7 @@ module "management_vsi" {
   resource_group_id             = var.resource_group
   enable_floating_ip            = false
   security_group_ids            = module.compute_sg[*].security_group_id
-  ssh_key_ids                   = local.management_ssh_keys
+  ssh_key_ids                   = var.compute_ssh_keys
   subnets                       = [local.compute_subnets[0]]
   tags                          = local.tags
   user_data                     = "${data.template_file.management_user_data.rendered} ${file("${path.module}/templates/lsf_management.sh")}"
@@ -80,12 +80,12 @@ module "management_vsi" {
 module "management_candidate_vsi" {
   count                         = var.management_node_count - 1
   source                        = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                       = "4.5.0"
+  version                       = "5.0.0"
   create_security_group         = false
   security_group                = null
   security_group_ids            = module.compute_sg[*].security_group_id
   vpc_id                        = var.vpc_id
-  ssh_key_ids                   = local.management_ssh_keys
+  ssh_key_ids                   = var.compute_ssh_keys
   subnets                       = [local.compute_subnets[0]]
   resource_group_id             = var.resource_group
   enable_floating_ip            = false
@@ -103,7 +103,7 @@ module "management_candidate_vsi" {
 module "worker_vsi" {
   count                         = length(local.flattened_worker_nodes)
   source                        = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                       = "4.5.0"
+  version                       = "5.0.0"
   vsi_per_subnet                = 1
   create_security_group         = false
   security_group                = null
@@ -113,7 +113,7 @@ module "worker_vsi" {
   resource_group_id             = var.resource_group
   enable_floating_ip            = false
   security_group_ids            = module.compute_sg[*].security_group_id
-  ssh_key_ids                   = local.management_ssh_keys
+  ssh_key_ids                   = var.compute_ssh_keys
   subnets                       = [local.compute_subnets[0]]
   tags                          = local.tags
   user_data                     = "${data.template_file.worker_user_data.rendered} ${file("${path.module}/templates/static_worker_vsi.sh")}"
@@ -129,7 +129,7 @@ module "worker_vsi" {
 module "login_vsi" {
   #  count                         = 1
   source                        = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                       = "4.5.0"
+  version                       = "5.0.0"
   vsi_per_subnet                = 1
   create_security_group         = false
   security_group                = null
@@ -139,7 +139,7 @@ module "login_vsi" {
   resource_group_id             = var.resource_group
   enable_floating_ip            = false
   security_group_ids            = [var.bastion_security_group_id]
-  ssh_key_ids                   = local.bastion_ssh_keys
+  ssh_key_ids                   = var.bastion_ssh_keys
   subnets                       = length(var.bastion_subnets) == 2 ? [local.bastion_subnets[1]] : [local.bastion_subnets[0]]
   tags                          = local.tags
   user_data                     = "${data.template_file.login_user_data.rendered} ${file("${path.module}/templates/login_vsi.sh")}"
@@ -153,7 +153,7 @@ module "login_vsi" {
 module "ldap_vsi" {
   count                         = local.ldap_enable
   source                        = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                       = "4.5.0"
+  version                       = "5.0.0"
   vsi_per_subnet                = 1
   create_security_group         = false
   security_group                = null
@@ -163,7 +163,7 @@ module "ldap_vsi" {
   resource_group_id             = var.resource_group
   enable_floating_ip            = false
   security_group_ids            = module.compute_sg[*].security_group_id
-  ssh_key_ids                   = local.management_ssh_keys
+  ssh_key_ids                   = var.compute_ssh_keys
   subnets                       = [local.compute_subnets[0]]
   tags                          = local.tags
   user_data                     = var.enable_ldap == true && var.ldap_server == "null" ? "${data.template_file.ldap_user_data[0].rendered} ${file("${path.module}/templates/ldap_user_data.sh")}" : ""

modules/landing_zone_vsi/template_files.tf

@@ -94,7 +94,7 @@ data "template_file" "management_values" {
     image_id                      = local.compute_image_from_data ? data.ibm_is_image.compute[0].id : local.new_compute_image_id
     subnet_id                     = local.compute_subnets[0].crn
     security_group_id             = module.compute_sg[0].security_group_id
-    sshkey_id                     = join(",", local.compute_ssh_keys)
+    sshkey_id                     = join(",", var.compute_ssh_keys)
     region_name                   = data.ibm_is_region.region.name
     zone_name                     = var.zones[0]
     vpc_id                        = var.vpc_id

modules/landing_zone_vsi/variables.tf

@@ -261,7 +261,7 @@ variable "bastion_subnets" {
   description = "Subnets to launch the bastion host."
 }
 
-variable "ssh_keys" {
+variable "bastion_ssh_keys" {
   type        = list(string)
   description = "The key pair to use to access the host."
 }

solutions/hpc/datasource.tf

@@ -84,3 +84,13 @@ resource "ibm_is_subnet_public_gateway_attachment" "zone_1_attachment" {
 data "ibm_is_dedicated_host_profiles" "worker" {
   count = var.enable_dedicated_host ? 1 : 0
 }
+
+data "ibm_is_ssh_key" "bastion" {
+  for_each = toset(var.bastion_ssh_keys)
+  name     = each.key
+}
+
+data "ibm_is_ssh_key" "compute" {
+  for_each = toset(var.compute_ssh_keys)
+  name     = each.key
+}

solutions/hpc/locals.tf

@@ -70,7 +70,8 @@ locals {
 
 # locals needed for file-storage
 locals {
-
+  compute_ssh_keys = [for name in var.compute_ssh_keys : data.ibm_is_ssh_key.compute[name].id]
+  bastion_ssh_keys = [for name in var.bastion_ssh_keys : data.ibm_is_ssh_key.bastion[name].id]
   # dependency: landing_zone_vsi -> file-share
   compute_subnet_id         = local.compute_subnets[0].id
   compute_security_group_id = module.landing_zone_vsi[0].compute_sg_id

solutions/hpc/main.tf

@@ -34,7 +34,7 @@ module "bootstrap" {
   vpc_id                        = local.vpc_id
   network_cidr                  = var.vpc_name != null && length(var.cluster_subnet_ids) > 0 ? local.existing_subnet_cidrs : split(",", var.vpc_cidr)
   bastion_subnets               = local.bastion_subnets
-  ssh_keys                      = var.bastion_ssh_keys
+  ssh_keys                      = local.bastion_ssh_keys
   allowed_cidr                  = local.allowed_cidr
   kms_encryption_enabled        = local.kms_encryption_enabled
   boot_volume_encryption_key    = local.boot_volume_encryption_key
@@ -95,7 +95,7 @@ module "landing_zone_vsi" {
   compute_private_key_content                      = local.compute_private_key_content
   bastion_private_key_content                      = local.bastion_ssh_private_key != null ? local.bastion_ssh_private_key : local.bastion_private_key_content
   compute_subnets                                  = local.compute_subnets
-  compute_ssh_keys                                 = var.compute_ssh_keys
+  compute_ssh_keys                                 = local.compute_ssh_keys
   management_image_name                            = var.management_image_name
   compute_image_name                               = var.compute_image_name
   login_image_name                                 = var.login_image_name
@@ -114,7 +114,7 @@ module "landing_zone_vsi" {
   mount_path                                       = var.custom_file_shares
   login_node_instance_type                         = var.login_node_instance_type
   bastion_subnets                                  = local.bastion_subnets
-  ssh_keys                                         = var.bastion_ssh_keys
+  bastion_ssh_keys                                 = local.bastion_ssh_keys
   enable_ldap                                      = var.enable_ldap
   ldap_basedns                                     = var.ldap_basedns
   login_private_ips                                = join("", local.login_private_ips)

solutions/hpc/version.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.71.3"
+      version = "1.77.0"
     }
     null = {
       source  = "hashicorp/null"