v2.0.3 - support for dedicated hosts and scale storage (#10)

* v2.0.3 - support for dedicated hosts and scale storage
IBM-Cloud · Aug 9, 2022 · a7f418f · a7f418f
1 parent 90c52c5
commit a7f418f
Show file tree

Hide file tree

Showing 35 changed files with 2,341 additions and 497 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,17 @@
 # **CHANGELOG**
 
+## **2.0.3**
+### ENHANCEMENTS
+- Support dedicated hosts for static worker nodes.
+- Support for Spectrum Scale storage nodes.
+
+### **BUG FIXES**
+- Fixed bug related to Http data source body deprecation.
+- Fixed bug related to Ansible version 2.10 upgrade.
+
+### **CHANGES**
+- Removed the input parameter "region" to match with other offerings.
+
 ## **2.0.2**
 ### **BUG FIXES**
 - Fix for custom image lookup error.
@@ -22,4 +34,4 @@
 - Fix for error "No image found with name" if the image name is not found in the image mapping file.
 
 ## **1.0.0**
-- Initial Release.
+- Initial Release.
diff --git a/README.md b/README.md
diff --git a/image-map.tf b/image-map.tf
@@ -1,6 +1,5 @@
 locals {
         image_region_map = {
-
           "hpcc-lsf10-cent77-jul2221-v6" = {
             "us-south" = "r006-68478a2e-4abc-4bfb-9e4f-a6fb3b9b235f"
             "us-east" = "r014-4ccae2ea-b286-451b-9667-7e36d759aa5b"
@@ -48,5 +47,16 @@ locals {
             "ca-tor" = "r038-d83b89eb-dbdf-444c-80a5-a8434ad202ab"
             "br-sao" = "r042-f9c46fad-0022-4ca9-b716-096748affab7"
           }
+          "hpcc-lsf10-scale5131-rhel84-060822-v1" = {
+            "eu-de"   = "r010-12fc0cbb-a4c4-4fcc-a23a-f16aac05d4c9"
+            "us-east" = "r014-c234f6c7-1ee5-4e53-a41a-95d12d002267"
+            "us-south"= "r006-72c72135-e316-4859-bd04-59dfbfc49f7e"
+            "jp-tok"  = "r022-21a19e42-db68-4ab1-a2b3-b08a30e0cd0f"
+            "eu-gb"   = "r018-f79c488a-dddf-4a80-84db-c8e67707c5ab"
+            "jp-osa"  = "r034-3bccbe09-02f5-4ae8-ad60-5b127dfabb26"
+            "ca-tor"  = "r038-2fa9bef2-869e-41c8-ae67-18d2c4ed7f8f"
+            "au-syd"  = "r026-2af8be22-3994-42db-838c-e2be6eefb0fc"
+            "br-sao"  = "r042-4ba7845d-9ae7-4f4f-9c5b-dac25278bb10"
+          }
         }
-}
+}
diff --git a/outputs.tf b/outputs.tf
@@ -2,9 +2,14 @@
 # Copyright (C) IBM Corp. 2021 All Rights Reserved.
 # Licensed under the Apache License v2.0
 ###################################################
-
+/*
+Note: Below are the user names used to login to each nodes:
+      lsfadmin = controller/controller_candidate/workernode
+      root     = scale_storage_nodes
+      Where ever we see the variable name set as controller, that is equivalent to management. These changes are done as part of https://zenhub.ibm.com/workspaces/hpccluster-5fca9ac6798f26158474cd14/issues/workload-eng-services/hpccluster/1261
+*/
 output "ssh_command" {
-  value = "ssh -J root@${ibm_is_floating_ip.login_fip.address}  lsfadmin@${ibm_is_instance.master[0].primary_network_interface[0].primary_ipv4_address}"
+  value = "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -J root@${ibm_is_floating_ip.login_fip.address} lsfadmin@${ibm_is_instance.controller[0].primary_network_interface[0].primary_ipv4_address}"
 }
 
 output "vpc_name" {
@@ -15,6 +20,10 @@ output "vpn_config_info" {
   value = var.vpn_enabled ? "IP: ${ibm_is_vpn_gateway.vpn[0].public_ip_address}, CIDR: ${ibm_is_subnet.subnet.ipv4_cidr_block}, UDP ports: 500, 4500": null
 }
 
-output "image_map_entry_found" {
-  value = "${local.image_mapping_entry_found} --  - ${var.image_name}"
+output "region_name" {
+  value = data.ibm_is_region.region.name
+}
+
+output "spectrum_scale_storage_ssh_command" {
+  value = var.spectrum_scale_enabled ? "ssh -J root@${ibm_is_floating_ip.login_fip.address} root@${ibm_is_instance.spectrum_scale_storage[0].primary_network_interface[0].primary_ipv4_address}": null
 }
diff --git a/provider.tf b/provider.tf
@@ -8,13 +8,17 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.30.0"
+      version = "1.41.0"
+    }
+    http = {
+      source = "hashicorp/http"
+      version = "3.0.1"
     }
   }
 }
 
 # Or we can switch the region via export IC_REGION="eu-gb"
 provider "ibm" {
   ibmcloud_api_key = var.api_key
-  region           = var.region
+  region           = local.region_name
 }
diff --git a/resources/common/remove_security_rule.py b/resources/common/remove_security_rule.py
@@ -0,0 +1,55 @@
+import requests
+import json
+import argparse
+
+TOKEN_URL = "https://iam.cloud.ibm.com/identity/token"
+BASE_CLOUD_URL = "https://{region}.iaas.cloud.ibm.com"
+
+
+def get_access_token(api_key):
+    headers = {
+        'content-type': 'application/x-www-form-urlencoded',
+        'accept': 'application/json',
+    }
+    body = {
+        "grant_type": "urn:ibm:params:oauth:grant-type:apikey",
+        "apikey": api_key
+    }
+    try:
+        res_token = requests.post(url=TOKEN_URL, headers=headers, data=body)
+        res_token.raise_for_status()
+        return json.loads(res_token.content)
+    except (requests.ConnectionError, requests.HTTPError) as err:
+        raise err
+
+
+def delete_security_group_rule(region, access_token, security_group_id, security_group_rule_id):
+    url = f"{BASE_CLOUD_URL.format(region=region)}/v1/security_groups/{security_group_id}/rules/{security_group_rule_id}"
+    params = (
+        ('version', '2021-12-14'),
+        ('generation', '2'),
+    )
+    headers = {
+        "Authorization": f"Bearer {access_token}"
+    }
+    response = requests.delete(url=url, params=params, headers=headers)
+    response.raise_for_status()
+    return response.status_code
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description='Optional app description')
+    parser.add_argument('--region', type=str, dest='region',
+                        help='ibmcloud region', required=True)
+    parser.add_argument('--apikey', type=str, dest='apikey',
+                        help='ibmcloud apikey', required=True)
+    parser.add_argument('--sg_id', type=str, dest='sg_id',
+                        help='security group id', required=True)
+    parser.add_argument('--sg_rule_id', type=str, dest='sg_rule_id',
+                        help="security_group_rule_id", required=True)
+    args = parser.parse_args()
+
+    res = get_access_token(args.apikey)
+    delete_security_group_rule(region=args.region, access_token=res.get("access_token"),
+                               security_group_id=args.sg_id,
+                               security_group_rule_id=args.sg_rule_id)
diff --git a/resources/ibmcloud/security/security_tcp_rule.tf b/resources/ibmcloud/security/security_tcp_rule.tf
@@ -0,0 +1,34 @@
+###################################################
+# Copyright (C) IBM Corp. 2022 All Rights Reserved.
+# Licensed under the Apache License v2.0
+###################################################
+/*
+    Creates TCP specific security group rule.
+*/
+terraform {
+  required_providers {
+    ibm = {
+      source = "IBM-Cloud/ibm"
+    }
+  }
+}
+
+variable "security_group_id" {}
+variable "sg_direction" {}
+variable "remote_ip_addr" {}
+
+resource "ibm_is_security_group_rule" "itself" {
+  count = length(var.remote_ip_addr)
+  group     = var.security_group_id
+  direction = var.sg_direction
+  remote    = var.remote_ip_addr[count.index]
+
+    tcp {
+      port_min = 22
+      port_max = 22
+    }
+}
+
+output "security_rule_id" {
+  value = ibm_is_security_group_rule.itself[*].rule_id
+}
diff --git a/resources/scale_common/add_permission/add_permission.tf b/resources/scale_common/add_permission/add_permission.tf
@@ -0,0 +1,59 @@
+###################################################
+# Copyright (C) IBM Corp. 2022 All Rights Reserved.
+# Licensed under the Apache License v2.0
+###################################################
+
+variable "login_ip" {}
+variable "bastion_ssh_private_key" {}
+variable "compute_instances_by_ip" {}
+variable "scale_mount_point" {}
+
+
+locals {
+  cloud_playbook_path = format("%s/%s", "${path.module}/ansible_playbook/", "add_permission.yml")
+  inventory_file_path = format("%s", "${path.module}/ansible_playbook/inventory_file")
+  compute_instances_ip = join(",",jsondecode(var.compute_instances_by_ip))
+  vsi_ip = format("%s\n%s", "[add_permission]", replace(local.compute_instances_ip, ",", "\n" ))
+}
+
+resource "local_file" "inventory" {
+    content     = local.vsi_ip
+    filename = "${path.module}/ansible_playbook/inventory_file"
+}
+
+
+resource "null_resource" "call_add_permission_mountpoint_playbook" {
+  connection {
+    bastion_host = var.login_ip
+    user         = "root"
+    host         = "0.0.0.0"
+    private_key  = file(var.bastion_ssh_private_key)
+  }
+
+  provisioner "ansible" {
+    plays {
+      playbook {
+        file_path = local.cloud_playbook_path
+      }
+      inventory_file = local.inventory_file_path
+      verbose        = true
+      extra_vars = {
+        "ansible_python_interpreter" : "/usr/bin/python3",
+        "scale_cluster_definition_path" : local.inventory_file_path
+        "mount_point": var.scale_mount_point
+        "user_name": "lsfadmin"
+      }
+    }
+    ansible_ssh_settings {
+      insecure_no_strict_host_key_checking         = true
+      insecure_bastion_no_strict_host_key_checking = false
+      connect_timeout_seconds                      = 90
+      user_known_hosts_file                        = ""
+      bastion_user_known_hosts_file                = ""
+    }
+  }
+  depends_on = [local_file.inventory]
+  triggers = {
+    build = timestamp()
+  }
+}
diff --git a/resources/scale_common/add_permission/ansible_playbook/add_permission.yml b/resources/scale_common/add_permission/ansible_playbook/add_permission.yml
@@ -0,0 +1,6 @@
+---
+- hosts: add_permission
+
+  tasks:
+    - name: Add lsfadmin allow rights
+      shell: chown {{ user_name }} {{ mount_point }}