fix: Custom File Share support for Login node<br>Scale Support for >250 dynamic worker nodes<br>Updated catalog.json to have the dropdown for ssh keys(#167)

Author: nupurg-ibm

.catalog-onboard-pipeline.yaml

@@ -8,7 +8,7 @@ offerings:
   offering_id: bf3c07f8-5a62-4289-8ea0-94dbb2b410e6
   # list all of the variations (flavors) you have included in the ibm_catalog.json
   variations:
-    - name: Cluster-with-LSF-v10.1.0.14
+    - name: Cluster-with-LSF
       mark_ready: false # have pipeline mark as visible if validation passes
       install_type: fullstack # ensure value matches what is in ibm_catalog.json (fullstack or extension)
       destroy_resources_on_failure: false # defaults to false if not specified so resources can be inspected to debug failures during validation

hpcaas-arch-1.5.0.svg

@@ -43,8 +43,8 @@
             ],
             "flavors": [
                 {
-                    "label": "Cluster-with-LSF-v10.1.0.14",
-                    "name": "Cluster-with-LSF-v10.1.0.14",
+                    "label": "Cluster with LSF v10.1.0.14",
+                    "name": "Cluster-with-LSF",
                     "install_type": "fullstack",
                     "working_directory": "solutions/hpc",
                     "compliance": {
@@ -72,10 +72,36 @@
                             "key": "cluster_id"
                         },
                         {
-                            "key": "bastion_ssh_keys"
+                            "key": "bastion_ssh_keys",
+                            "type": "array",
+                            "default_value": "",
+                            "display_name": "VPC SSH Key",
+                            "required": true,
+                            "custom_config": {
+                                "type": "vpc_ssh_key",
+                                "grouping": "deployment",
+                                "original_grouping": "deployment",
+                                "config_constraints": {
+                                    "selection": "multi_select",
+                                    "valueType": "name"
+                                }
+                            }
                         },
                         {
-                            "key": "compute_ssh_keys"
+                            "key": "compute_ssh_keys",
+                            "type": "array",
+                            "default_value": "",
+                            "display_name": "VPC SSH Key",
+                            "required": true,
+                            "custom_config": {
+                                "type": "vpc_ssh_key",
+                                "grouping": "deployment",
+                                "original_grouping": "deployment",
+                                "config_constraints": {
+                                    "selection": "multi_select",
+                                    "valueType": "name"
+                                }
+                            }
                         },
                         {
                             "key": "remote_allowed_ips"
@@ -317,12 +343,6 @@
                         }
                     ],
                     "iam_permissions": [
-                        {
-                            "role_crns": [
-                                "crn:v1:bluemix:public:iam::::serviceRole:Manager"
-                            ],
-                            "service_name": "schematics"
-                        },
                         {
                             "role_crns": [
                                 "crn:v1:bluemix:public:iam::::serviceRole:writer"
@@ -343,21 +363,28 @@
                         },
                         {
                             "role_crns": [
-                                "crn:v1:bluemix:public:iam::::role:Administrator"
+                                "crn:v1:bluemix:public:iam::::role:Editor"
                             ],
-                            "service_name": "project"
+                            "service_name": "is.vpc"
                         },
                         {
                             "role_crns": [
                                 "crn:v1:bluemix:public:iam::::role:Editor"
                             ],
-                            "service_name": "is.vpc"
+                            "service_name": "dns-svcs"
                         },
                         {
+                            "service_name": "is.flow-log-collector",
                             "role_crns": [
                                 "crn:v1:bluemix:public:iam::::role:Editor"
-                            ],
-                            "service_name": "dns-svcs"
+                            ]
+                        },
+                        {
+                            "service_name": "sysdig-monitor",
+                            "role_crns": [
+                                "crn:v1:bluemix:public:iam::::serviceRole:Manager",
+                                "crn:v1:bluemix:public:iam::::role:Administrator"
+                            ]
                         }
                     ],
                     "architecture": {
@@ -377,7 +404,7 @@
                             },
                             {
                                 "title": "Reduces failure events by using multizone regions",
-                                "description": "Yes"
+                                "description": "No"
                             },
                             {
                                 "title": "Collects and stores Internet Protocol (IP) traffic information with Activity Tracker and Flow Logs",
@@ -393,7 +420,7 @@
                             },
                             {
                                 "title": "Uses Floating IP address for access through the public internet",
-                                "description": "No"
+                                "description": "Yes"
                             }
                         ],
                         "diagrams": [

hpcaas-arch-1.6.svg

@@ -162,6 +162,11 @@ LSF_RSH="ssh -o 'PasswordAuthentication no' -o 'StrictHostKeyChecking no'"
 EOT
   sed -i "s/LSF_MASTER_LIST=.*/LSF_MASTER_LIST=\"${mgmt_hostnames}\"/g" $LSF_CONF_FILE
 
+  # Updating the worker node count to 2000 when no VPC file share is declared.
+  if [[ $vpc_file_share_count == 0 ]]; then
+    sed -i 's/THRESHOLD\[250\]/THRESHOLD\[2000\]/' $LSF_CONF_FILE
+  fi
+
   if [ "$hyperthreading" == true ]; then
     ego_define_ncpus="threads"
   else
@@ -572,7 +577,7 @@ dns_domain="${dns_domain}"
 ManagementHostNames="${mgmt_hostnames}"
 lsf_public_key="${cluster_public_key_content}"
 hyperthreading=${hyperthreading}
-nfs_server_with_mount_path="${nfs_server_with_mount_path}"
+nfs_server_with_mount_path=""
 custom_file_shares="${custom_file_shares}"
 custom_mount_paths="${custom_mount_paths}"
 login_ip_address="${login_ip}"
@@ -634,8 +639,6 @@ echo "Setting LSF share"
 # Setup file share
 if [ -n "${nfs_server_with_mount_path}" ]; then
   echo "File share ${nfs_server_with_mount_path} found"
-  # Create a data directory for sharing HPC workload data       ### is this used?
-  mkdir -p "${LSF_TOP}/data"
   nfs_client_mount_path="/mnt/lsf"
   rm -rf "${nfs_client_mount_path}"
   mkdir -p "${nfs_client_mount_path}"
@@ -674,6 +677,13 @@ if [ -n "${nfs_server_with_mount_path}" ]; then
   ln -fs "${nfs_client_mount_path}/gui-conf" "${LSF_SUITE_GUI_CONF}"
   chown -R lsfadmin:root "${LSF_SUITE_GUI_CONF}"
 
+  # Create a data directory for sharing HPC workload data
+  if [ "$on_primary" == "true" ]; then
+    mkdir -p "${nfs_client_mount_path}/data"
+    ln -s "${nfs_client_mount_path}/data" "$LSF_TOP/work/data"
+    chown -R lsfadmin:root "$LSF_TOP/work/data"
+  fi
+
   # VNC Sessions
   if [ "$on_primary" == "true" ]; then
     mkdir -p "${nfs_client_mount_path}/repository-path"

ibm_catalog.json

@@ -36,6 +36,7 @@ hyperthreading="${hyperthreading}"
 network_interface=${network_interface}
 dns_domain="${dns_domain}"
 mount_path="${mount_path}"
+vpc_file_share_count="${vpc_file_share_count}"
 custom_file_shares="${custom_file_shares}"
 custom_mount_paths="${custom_mount_paths}"
 contract_id="${contract_id}"

modules/landing_zone_vsi/configuration_steps/configure_management_vsi.sh

@@ -25,6 +25,8 @@ data "template_file" "login_user_data" {
     cluster_private_key_content = local.enable_management ? module.compute_key[0].private_key_content : ""
     cluster_public_key_content  = local.enable_management ? module.compute_key[0].public_key_content : ""
     mount_path                  = var.share_path
+    custom_mount_paths          = join(" ", concat(local.vpc_file_share[*]["mount_path"], local.nfs_file_share[*]["mount_path"]))
+    custom_file_shares          = join(" ", concat([for file_share in var.file_share : file_share], local.nfs_file_share[*]["nfs_share"]))
     enable_ldap                 = var.enable_ldap
     rc_cidr_block               = local.bastion_subnets[0].cidr
     cluster_prefix              = var.prefix
@@ -78,6 +80,7 @@ data "template_file" "management_values" {
     network_interface             = local.vsi_interfaces[0]
     dns_domain                    = var.dns_domain_names["compute"]
     mount_path                    = var.share_path
+    vpc_file_share_count          = var.vpc_file_share_count
     custom_mount_paths            = join(" ", concat(local.vpc_file_share[*]["mount_path"], local.nfs_file_share[*]["mount_path"]))
     custom_file_shares            = join(" ", concat([for file_share in var.file_share : file_share], local.nfs_file_share[*]["nfs_share"]))
     contract_id                   = var.contract_id

modules/landing_zone_vsi/configuration_steps/management_values.tpl

@@ -15,6 +15,8 @@ dns_domain="${dns_domain}"
 cluster_private_key_content="${cluster_private_key_content}"
 cluster_public_key_content="${cluster_public_key_content}"
 mount_path="${mount_path}"
+custom_mount_paths="${custom_mount_paths}"
+custom_file_shares="${custom_file_shares}"
 enable_ldap="${enable_ldap}"
 network_interface=""${network_interface}""
 rc_cidr_block="${rc_cidr_block}"

modules/landing_zone_vsi/template_files.tf

@@ -15,7 +15,8 @@ LSF_CONF=$LSF_TOP/conf
 LSF_HOSTS_FILE="/etc/hosts"
 
 nfs_server_with_mount_path=${mount_path}
-
+custom_mount_paths="${custom_mount_paths}"
+custom_file_shares="${custom_file_shares}"
 
 # Setup logs for user data
 echo "START $(date '+%Y-%m-%d %H:%M:%S')" >> $logfile
@@ -107,10 +108,9 @@ EOT
   sh $command && (crontab -l 2>/dev/null; echo "@reboot $command") | crontab -
 fi
 
-# Setup LSF
-echo "Setting LSF share." >> $logfile
-# Setup file share
+# Setup Default LSF Share
 if [ -n "${nfs_server_with_mount_path}" ]; then
+  echo "Setting Default LSF share." >> $logfile
   echo "File share ${nfs_server_with_mount_path} found" >> $logfile
   nfs_client_mount_path="/mnt/lsf"
   rm -rf "${nfs_client_mount_path}"
@@ -133,11 +133,38 @@ if [ -n "${nfs_server_with_mount_path}" ]; then
     ln -fs "${nfs_client_mount_path}/$dir" "${LSF_TOP}"
     chown -R lsfadmin:root "${LSF_TOP}"
   done
+  echo "Setting Default LSF share is completed." >> $logfile
 else
   echo "No mount point value found, exiting!" >> $logfile
   exit 1
 fi
-echo "Setting LSF share is completed." >> $logfile
+
+# Setup Custom File shares
+if [ -n "${custom_file_shares}" ]; then
+  echo "Setting custom file shares." >> $logfile
+  echo "Custom file share ${custom_file_shares} found"  >> $logfile
+  file_share_array=(${custom_file_shares})
+  mount_path_array=(${custom_mount_paths})
+  length=${#file_share_array[@]}
+  for (( i=0; i<length; i++ )); do
+    rm -rf "${mount_path_array[$i]}"
+    mkdir -p "${mount_path_array[$i]}"
+    # Mount LSF TOP
+    mount -t nfs -o sec=sys "${file_share_array[$i]}" "${mount_path_array[$i]}"
+    # Verify mount
+    if mount | grep "${file_share_array[$i]}"; then
+      echo "Mount found"
+    else
+      echo "No mount found"
+      rm -rf "${mount_path_array[$i]}"
+    fi
+    # Update permission to 777 for all users to access
+    chmod 777 "${mount_path_array[$i]}"
+    # Update mount to fstab for automount
+    echo "${file_share_array[$i]} ${mount_path_array[$i]} nfs rw,sec=sys,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,_netdev 0 0 " >> /etc/fstab
+    echo "Setting custom file shares is completed." >> $logfile
+  done
+fi
 
 echo "source ${LSF_CONF}/profile.lsf" >> "${lsfadmin_home_dir}"/.bashrc
 echo "source ${LSF_CONF}/profile.lsf" >> /root/.bashrc

modules/landing_zone_vsi/templates/login_user_data.tpl

@@ -236,6 +236,11 @@ variable "file_share" {
   description = "VPC file share mount points considering the ip address and the file share name"
 }
 
+variable "vpc_file_share_count" {
+  type        = number
+  description = "Requested number of VPC file shares."
+}
+
 variable "login_private_ips" {
   description = "Login private IPs"
   type        = string