terraform-ibm-modules · nupurg-ibm · Jun 11, 2024 · Jun 10, 2024
@@ -1,3 +1,12 @@
 # More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
 version: "v1"
-CRA_TARGETS: []
+CRA_TARGETS:
+  - CRA_TARGET: "solutions/hpc"
+    CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json"
+    PROFILE_ID: "1c13d739-e09e-4bf4-8715-dd82e4498041" # SCC profile ID (currently set to CIS IBM Cloud Foundations Benchmark 1.0.0 profile).
+    CRA_ENVIRONMENT_VARIABLES:
+        TF_VAR_cluster_id: "HPC-LSF-1"
+        TF_VAR_reservation_id: "Contract-IBM-WES-DA"
+        TF_VAR_bastion_ssh_keys: "[\"geretain-hpc\"]"
+        TF_VAR_compute_ssh_keys: "[\"geretain-hpc\"]"
+        TF_VAR_remote_allowed_ips: "[\"49.207.216.50\"]"
@@ -51,8 +51,8 @@
                         "authority": "scc-v3",
                         "profiles": [
                             {
-                                "profile_name": "IBM Cloud Framework for Financial Services",
-                                "profile_version": "1.6.0"
+                                "profile_name": "CIS IBM Cloud Foundations Benchmark",
+                                "profile_version": "1.0.0"
                             }
                         ]
                     },
@@ -110,6 +110,55 @@
                         {
                             "key": "cluster_prefix"
                         },
+                        {
+                            "key": "observability_atracker_on_cos_enable"
+                        },
+                        {
+                            "key": "observability_monitoring_enable"
+                        },
+                        {
+                            "key": "observability_monitoring_on_compute_nodes_enable"
+                        },
+                        {
+                            "key": "observability_monitoring_plan",
+                            "default_value": "graduated-tier",
+                            "options": [
+                                {
+                                    "displayname": "graduated-tier",
+                                    "value": "graduated-tier"
+                                },
+                                {
+                                    "displayname": "lite",
+                                    "value": "lite"
+                                }
+                            ]
+                        },
+                        {
+                            "key": "scc_enable"
+                        },
+                        {
+                            "key": "scc_profile"
+                        },
+                        {
+                            "key": "scc_profile_version"
+                        },
+                        {
+                            "key": "scc_location"
+                        },
+                        {
+                            "key": "scc_event_notification_plan",
+                            "default_value": "lite",
+                            "options": [
+                                {
+                                    "displayname": "lite",
+                                    "value": "lite"
+                                },
+                                {
+                                    "displayname": "standard",
+                                    "value": "standard"
+                                }
+                            ]
+                        },
                         {
                             "key": "vpc_cidr"
                         },
@@ -147,7 +196,19 @@
                             "key": "login_image_name"
                         },
                         {
-                            "key": "custom_file_shares"
+                            "key": "custom_file_shares",
+                            "type": "array",
+                            "default_value": "[\n  {\n    \"mount_path\": \"/mnt/vpcstorage/tools\",\n    \"size\": 100,\n    \"iops\": 2000\n  },\n  {\n    \"mount_path\": \"/mnt/vpcstorage/data\",\n    \"size\": 100,\n    \"iops\": 6000\n  },\n  {\n    \"mount_path\": \"/mnt/scale/tools\",\n    \"nfs_share\": \"\"\n  }\n]\n",
+                            "display_name": "JSON",
+                            "required": false,
+                            "custom_config": {
+                                "type": "json_editor",
+                                "grouping": "deployment",
+                                "original_grouping": "deployment",
+                                "config_constraints": {
+                                    "type": "mixed"
+                                }
+                            }
                         },
                         {
                             "key": "storage_security_group_id"
@@ -167,29 +228,6 @@
                         {
                             "key": "cos_instance_name"
                         },
-                        {
-                            "key": "observability_atracker_on_cos_enable"
-                        },
-                        {
-                            "key": "observability_monitoring_enable"
-                        },
-                        {
-                            "key": "observability_monitoring_on_compute_nodes_enable"
-                        },
-                        {
-                            "key": "observability_monitoring_plan",
-                            "default_value": "graduated-tier",
-                            "options": [
-                                {
-                                    "displayname": "graduated-tier",
-                                    "value": "graduated-tier"
-                                },
-                                {
-                                    "displayname": "lite",
-                                    "value": "lite"
-                                }
-                            ]
-                        },
                         {
                             "key": "enable_vpc_flow_logs"
                         },
@@ -205,32 +243,6 @@
                         {
                             "key": "kms_key_name"
                         },
-                        {
-                            "key": "scc_enable"
-                        },
-                        {
-                            "key": "scc_profile"
-                        },
-                        {
-                            "key": "scc_profile_version"
-                        },
-                        {
-                            "key": "scc_location"
-                        },
-                        {
-                            "key": "scc_event_notification_plan",
-                            "default_value": "lite",
-                            "options": [
-                                {
-                                    "displayname": "lite",
-                                    "value": "lite"
-                                },
-                                {
-                                    "displayname": "standard",
-                                    "value": "standard"
-                                }
-                            ]
-                        },
                         {
                             "key": "hyperthreading_enabled"
                         },
@@ -273,6 +285,9 @@
                         {
                             "key": "skip_iam_authorization_policy"
                         },
+                        {
+                            "key": "skip_iam_share_authorization_policy"
+                        },
                         {
                             "key": "existing_certificate_instance"
                         },
@@ -373,7 +388,7 @@
                                 "description": "Yes"
                             },
                             {
-                                "title": "Simplifies risk management and demonstrates regulatory compliance with Financial Services",
+                                "title": "Simplifies risk management and demonstrates regulatory compliance with CIS IBM Cloud Foundations Benchmark Services",
                                 "description": "Yes"
                             },
                             {

@@ -390,6 +390,7 @@ EOF
 
 # 7. Create resource template for ibmcloudhpc templates
 # Define the output JSON file path
+
 ibmcloudhpc_templates="$LSF_RC_IBMCLOUDHPC_CONF/ibmcloudhpc_templates.json"
 
 # Initialize an empty JSON string
@@ -400,6 +401,11 @@ for region in "eu-de" "us-east" "us-south"; do
   if [ "$region" = "$regionName" ]; then
     # Loop through the core counts
     for i in 2 4 8 16 32 48 64 96 128 176; do
+      if [ "$i" -gt 128 ] && [ "$region" != "us-south" ]; then
+        # Skip creating templates with more than 128 cores for non us-south regions
+        continue
+      fi
+
       ncores=$((i / 2))
       if [ "$region" = "eu-de" ] || [ "$region" = "us-east" ]; then
         family="mx2"
@@ -430,6 +436,11 @@ for region in "eu-de" "us-east" "us-south"; do
       # Split the family string into an array and iterate over it
       IFS=',' read -ra families <<< "$family"
       for fam in "${families[@]}"; do
+        # Check if the core count is valid for the family
+        if [ "$fam" = "mx2" ] && [ "$i" -gt 128 ]; then
+          continue
+        fi
+
         templateId="Template-${cluster_prefix}-$((1000+i))-$fam"  # Add family to templateId
         if [ "$fam" = "mx2" ]; then
           maxmem_val="$maxmem_mx2"  # Use mx2 specific maxmem value

@@ -1,9 +1,9 @@
 locals {
   image_region_map = {
-    "hpcaas-lsf10-rhel88-v6" = {
-      "us-east"  = "r014-7c8ff827-42f9-4e52-8ac5-0cabfa83cc08"
-      "eu-de"    = "r010-ef5c9c76-88c9-461a-9ea9-ae3483b12463"
-      "us-south" = "r006-56948288-f03a-452f-a4e8-13c9523e5aac"
+    "hpcaas-lsf10-rhel88-v7" = {
+      "us-east"  = "r014-68a7ad8a-c513-418e-a30c-9a04ce0a144a"
+      "eu-de"    = "r010-b392ff76-fb8c-4b0f-9fef-fba89eb3ee5b"
+      "us-south" = "r006-86f207dd-7029-4705-9222-0f5499387734"
     },
     "hpcaas-lsf10-rhel88-compute-v5" = {
       "us-east"  = "r014-deb34fb1-edbf-464c-9af3-7efa2efcff3f"

@@ -25,3 +25,8 @@ output "cloud_monitoring_prws_url" {
   value       = "https://ingest.prws.${var.location}.monitoring.cloud.ibm.com/prometheus/remote/write"
   description = "IBM Cloud Monitoring Prometheus Remote Write ingestion url"
 }
+
+output "cloud_monitoring_url" {
+  value       = var.cloud_monitoring_provision ? "https://cloud.ibm.com/observe/embedded-view/monitoring/${module.observability_instance.cloud_monitoring_guid}" : null
+  description = "IBM Cloud Monitoring URL"
+}
@@ -111,7 +111,7 @@
 | <a name="input_login_image_name"></a> [login\_image\_name](#input\_login\_image\_name) | Name of the custom image that you want to use to create virtual server instances in your IBM Cloud account to deploy the IBM Cloud HPC cluster login node. By default, the solution uses a RHEL 8-8 OS image with additional software packages mentioned [here](https://cloud.ibm.com/docs/ibm-spectrum-lsf#create-custom-image). The solution also offers, Ubuntu 22-04 OS base image (hpcaas-lsf10-ubuntu2204-compute-v4). If you would like to include your application-specific binary files, follow the instructions in [ Planning for custom images ](https://cloud.ibm.com/docs/vpc?topic=vpc-planning-custom-images) to create your own custom image and use that to build the IBM Cloud HPC cluster through this offering. | `string` | `"hpcaas-lsf10-rhel88-compute-v5"` | no |
 | <a name="input_login_node_instance_type"></a> [login\_node\_instance\_type](#input\_login\_node\_instance\_type) | Specify the virtual server instance profile type to be used to create the login node for the IBM Cloud HPC cluster. For choices on profile types, see [Instance profiles](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles). | `string` | `"bx2-2x8"` | no |
 | <a name="input_login_subnet_id"></a> [login\_subnet\_id](#input\_login\_subnet\_id) | Provide the list of existing subnet ID under the existing VPC, where the login/bastion server will be provisioned. One subnet id is required as input value for the creation of login node and bastion in the same zone as the management nodes. Note: Provide a different subnet id for login\_subnet\_id, do not overlap or provide the same subnet id that was already provided for cluster\_subnet\_ids. | `string` | `null` | no |
-| <a name="input_management_image_name"></a> [management\_image\_name](#input\_management\_image\_name) | Name of the custom image that you want to use to create virtual server instances in your IBM Cloud account to deploy the IBM Cloud HPC cluster management nodes. By default, the solution uses a RHEL88 base image with additional software packages mentioned [here](https://cloud.ibm.com/docs/ibm-spectrum-lsf#create-custom-image). If you would like to include your application-specific binary files, follow the instructions in [ Planning for custom images ](https://cloud.ibm.com/docs/vpc?topic=vpc-planning-custom-images) to create your own custom image and use that to build the IBM Cloud HPC cluster through this offering. | `string` | `"hpcaas-lsf10-rhel88-v6"` | no |
+| <a name="input_management_image_name"></a> [management\_image\_name](#input\_management\_image\_name) | Name of the custom image that you want to use to create virtual server instances in your IBM Cloud account to deploy the IBM Cloud HPC cluster management nodes. By default, the solution uses a RHEL88 base image with additional software packages mentioned [here](https://cloud.ibm.com/docs/ibm-spectrum-lsf#create-custom-image). If you would like to include your application-specific binary files, follow the instructions in [ Planning for custom images ](https://cloud.ibm.com/docs/vpc?topic=vpc-planning-custom-images) to create your own custom image and use that to build the IBM Cloud HPC cluster through this offering. | `string` | `"hpcaas-lsf10-rhel88-v7"` | no |
 | <a name="input_management_node_count"></a> [management\_node\_count](#input\_management\_node\_count) | Number of management nodes. This is the total number of management nodes. Enter a value between 1 and 10. | `number` | `3` | no |
 | <a name="input_management_node_instance_type"></a> [management\_node\_instance\_type](#input\_management\_node\_instance\_type) | Specify the virtual server instance profile type to be used to create the management nodes for the IBM Cloud HPC cluster. For choices on profile types, see [Instance profiles](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles). | `string` | `"bx2-16x64"` | no |
 | <a name="input_observability_atracker_on_cos_enable"></a> [observability\_atracker\_on\_cos\_enable](#input\_observability\_atracker\_on\_cos\_enable) | Enable Activity tracker service instance connected to Cloud Object Storage (COS). All the events will be stored into COS so that customers can connect to it and read those events or ingest them in their system. | `bool` | `true` | no |

@@ -232,12 +232,11 @@ locals {
 
 # locals needed for ssh connection
 locals {
-  ssh_forward_host = (var.app_center_high_availability ? "pac.${var.dns_domain_name.compute}" : "localhost")
-  ssh_forwards     = "-L 8443:${local.ssh_forward_host}:8443 -L 6080:${local.ssh_forward_host}:6080"
+  ssh_forward_host = (var.app_center_high_availability ? "pac.${var.dns_domain_name.compute}" : local.management_private_ip)
+  ssh_forwards     = "-L 8443:${local.ssh_forward_host}:8443 -L 6080:${local.ssh_forward_host}:6080 -L 8444:${local.ssh_forward_host}:8444"
   ssh_jump_host    = local.bastion_instance_public_ip != null ? local.bastion_instance_public_ip : var.enable_fip ? module.bootstrap.bastion_fip[0] : module.bootstrap.bastion_primary_ip
   ssh_jump_option  = "-J ubuntu@${local.ssh_jump_host}"
-  ssh_host         = var.app_center_high_availability ? local.login_private_ips[0] : local.management_private_ip
-  ssh_cmd          = "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ServerAliveInterval=5 -o ServerAliveCountMax=1 ${local.ssh_forwards} ${local.ssh_jump_option} lsfadmin@${local.ssh_host}"
+  ssh_cmd          = "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ServerAliveInterval=5 -o ServerAliveCountMax=1 ${local.ssh_forwards} ${local.ssh_jump_option} lsfadmin@${join(",", local.login_private_ips)}"
 }
 
 # Existing bastion Variables

@@ -87,3 +87,8 @@ output "ldap_ips" {
   description = "LDAP nodes have these IPs:"
   value       = local.print_extra_outputs ? local.ldap_private_ips : null
 }
+
+output "cloud_monitoring_url" {
+  value       = var.observability_monitoring_enable ? module.cloud_monitoring_instance_creation.cloud_monitoring_url : null
+  description = "IBM Cloud Monitoring URL"
+}
@@ -176,7 +176,7 @@ variable "login_node_instance_type" {
 }
 variable "management_image_name" {
   type        = string
-  default     = "hpcaas-lsf10-rhel88-v6"
+  default     = "hpcaas-lsf10-rhel88-v7"
   description = "Name of the custom image that you want to use to create virtual server instances in your IBM Cloud account to deploy the IBM Cloud HPC cluster management nodes. By default, the solution uses a RHEL88 base image with additional software packages mentioned [here](https://cloud.ibm.com/docs/ibm-spectrum-lsf#create-custom-image). If you would like to include your application-specific binary files, follow the instructions in [ Planning for custom images ](https://cloud.ibm.com/docs/vpc?topic=vpc-planning-custom-images) to create your own custom image and use that to build the IBM Cloud HPC cluster through this offering."
 
 }

@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"math/rand"
@@ -17,7 +18,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/IBM/go-sdk-core/core"
+	"github.com/IBM/go-sdk-core/v5/core"
 	"github.com/IBM/secrets-manager-go-sdk/secretsmanagerv2"
 	"github.com/stretchr/testify/assert"
 	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper"
@@ -723,3 +724,44 @@ func GetDnsCustomResolverIds(outputs map[string]interface{}) (string, string) {
 	}
 	return instanceId, customResolverId
 }
+
+// Configuration struct matches the structure of your JSON data
+type Configuration struct {
+	ClusterID             string   `json:"ClusterID"`
+	ReservationID         string   `json:"ReservationID"`
+	ClusterPrefixName     string   `json:"ClusterPrefixName"`
+	ResourceGroup         string   `json:"ResourceGroup"`
+	KeyManagement         string   `json:"KeyManagement"`
+	DnsDomainName         string   `json:"DnsDomainName"`
+	Zones                 string   `json:"Zones"`
+	HyperthreadingEnabled bool     `json:"HyperthreadingEnabled"`
+	BastionIP             string   `json:"bastionIP"`
+	ManagementNodeIPList  []string `json:"managementNodeIPList"`
+	LoginNodeIP           string   `json:"loginNodeIP"`
+	LdapServerIP          string   `json:"LdapServerIP"`
+	LdapDomain            string   `json:"LdapDomain"`
+	LdapAdminPassword     string   `json:"LdapAdminPassword"`
+	LdapUserName          string   `json:"LdapUserName"`
+	LdapUserPassword      string   `json:"LdapUserPassword"`
+	AppCenterEnabledOrNot string   `json:"APPCenterEnabledOrNot"`
+	SshKeyPath            string   `json:"ssh_key_path"`
+}
+
+// ParseConfig reads a JSON file from the given file path and parses it into a Configuration struct
+func ParseConfig(filePath string) (*Configuration, error) {
+	// Read the entire content of the file
+	byteValue, err := os.ReadFile(filePath)
+	if err != nil {
+		return nil, fmt.Errorf("error reading file %s: %w", filePath, err)
+	}
+
+	// Unmarshal the JSON data into the Configuration struct
+	var config Configuration
+	err = json.Unmarshal(byteValue, &config)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing JSON from file %s: %w", filePath, err)
+	}
+
+	// Return the configuration struct and nil error on success
+	return &config, nil
+}