Management Host
Prerequisites
CCME deployment can be done with the basic CCME automation configuration or manually. Even with the automated deployment, you still have the possibility to manually modify the CCME and AWS ParallelCluster configuration of your clusters.
The CCME_x.y.z directory contains the following files and directories:
deployCCME.sh: the script to start the Management Host
roles.ccme.conf: the configuration file for the CCME Roles Stack (CRS)
deployment.ccme.conf: the configuration file for the CCME Management Host (CMH)
dependencies.yaml: the version of the dependencies used in CCME
CCME/: the scripts to configure a CCME cluster
management/: the scripts to deploy the Management Host and associated services
doc/: this documentation
You will first need to untar the CCME_x.y.z.tar.gz archive to get access to the code on your
local machine (which needs to have access to AWS and have the AWS CLI installed and configured):
mkdir "CCME_x.y.z"
tar xvf "CCME_x.y.z.tar.gz" -C "CCME_x.y.z"
cd "CCME_x.y.z"
deployCCME.sh
This is the script that you need to use to deploy the initial stacks for the CCME roles, the Management Host and the associated services.
$ ../../deployCCME.sh --help
Usage: deployCCME.sh [-h|--help] [-r|--create-roles-stack] [-m|--create-management-stack] [-cr|--conf-roles <crs_conf_file>] [-cm|--conf-management <cmh_conf_file>] [-n|--name <stack_name>] [-u|--update] [-nr|--no-rollback] [-p|--profile <aws_profile>]
deployCCME can be used to update the CCME bucket set in <conf_file> and/or to deploy a CCME Management Host
Options :
-r|--create-roles-stack Create CCME Roles Stack (CRS) with a name built with the prefix 'CRS-' and the selected -n|--name option
-m|--create-management-host Create CCME Management Host (CMH) with a name built with the the prefix 'CMH-' and the -n|--name option
-ur|--update-roles-stack Update the deployed CCME Roles Stack (CRS) named with the -n|--name option
-um|--update-management-host Update the deployed CCME Management Host (CMH) named with the -n|--name option
-cr|--conf-roles <crs_conf_file> Reads a configuration file for the CCME Roles Stack (CRS)
-cm|--conf-management <cmh_conf_file> Reads a configuration file for the CCME Management Host (CMH) and update action
-n|--name <stack_name> Defines the name of the stack deployed by the script (default is CCME)
-u|--update Updates the CCME bucket
-nr|--no-rollback Disables rollback of the CMH creation stack in CloudFormation when the stack fails
-p|--profile <aws_profile> Use non-default AWS credentials profile with aws commmand
-h/--help Help
CCME Roles Stack (CRS)
CRS Configuration
The configuration of the “CCME Roles Stack” is described in the roles.ccme.conf file:
1#### CONFIGURATION FILE for the CCME Roles Stack (CRS) automatic setup ####
2
3#### IAM Configuration
4# iam_path_prefix defines the prefix of the IAM roles created by the stack
5# The expected value is a string prefix like "ccme" or "parallelcluster".
6# Setting this variable is OPTIONAL.
7# Default: parallelcluster
8# iam_path_prefix=
9
10# enable_route53_access defines the possibility of Route53 creation and usage
11# for each cluster.
12# Setting this variable is OPTIONAL.
13# Value: true or false
14# Default: true
15# enable_route53_access=
16
17
18# enable_fsx_s3_access defines the possibility of FSx to access to s3 buckets
19# Setting this variable is OPTIONAL.
20# Value: true or false
21# Default: false
22# enable_fsx_s3_access=
23
24
25# fsx_s3_buckets defines the prefix of the IAM roles created by the stack
26# The expected value in the ARN of an IAM role. Check the documentation for more information about this role.
27# Setting this variable is OPTIONAL.
28# Default: parallelcluster
29# fsx_s3_buckets=
30
31# ccme_bucket_path is the BucketName:BucketKey where BucketName is the name of an existing s3 bucket
32# and where CCME machinery will be stored at the "BucketKey" path to be used to manage clusters.
33# E.g.: "ccme-bucket:subfolder1/subfolder2/subfolder3/"
34# Subfolder must end with a '/'
35# Setting this variable is MANDATORY. No default value exists.
36ccme_bucket_path=
37
38# ccme_data_bucket is the Name of an existing s3 bucket where common user data is accessed by users on any cluster.
39# Setting this variable is MANDATORY.
40# No default value exists.
41ccme_data_bucket=
42
43# ccme_efs is the ARN of an existing efs
44# Setting this variable is OPTIONAL.
45# No default value exists.
46# E.g.: ccme_efs=arn:aws:elasticfilesystem:eu-west-1:012345678910:file-system/fs-0f114ed124c21fec3
47# ccme_efs=
48
49# ccme_admin_sns_topic_arn define the admin SNS topic ARN you want to
50# deliver information about the cluster when it is ready to be used.
51# For example, you can configure your SNS topic to deliver the information
52# by email to the administrator of the platform
53# Setting this variable is OPTIONAL.
54# No default value exists.
55# E.g.: arn:aws:sns:REGION:ACCOUNT:TOPICNAME
56ccme_admin_sns_topic_arn=
57
58# ccme_secret_prefix defines the prefix of the secret that will be used
59# for the ActiveDirectory ReadOnlyUser and optionally administrator.
60# Setting this variable is OPTIONAL.
61# Default value is "ccme-".
62ccme_secret_prefix=
63
64# ccme_cluster_prefix defines the prefix of the future clusters
65# Used to restrict rights to CloudWatch dashboards
66# Setting this variable is OPTIONAL.
67# Default value is "ccme-".
68ccme_cluster_prefix=
69
70#### KMS Encryption
71# enable_kms_encryption defines the usage of KMS for storage encryption
72# When set to true the EBS, FSx, S3 ... will use the encryption key variables
73# Setting this variable is OPTIONAL.
74# Value: true or false
75# Default: false
76# enable_kms_encryption=
77
78# The following variables define the ARN of KMS keys used to encrypt storages or
79# communications on multiple services used by CCME.
80# Setting these variables is mandatory if enable_kms_encryption=true
81# Value: ARN of existing KMS key
82# No default value exists.
83# CMH EBS encryption
84# ccme_kms_cmh=
85# Clusters EBS encryption
86# ccme_kms_clusters=
87# FSx encryption
88# ccme_kms_fsx=
89# S3 encryption
90# ccme_kms_s3=
91# SNS encryption
92# ccme_kms_sns=
93# Secrets Manager encryption
94# ccme_kms_secrets=
You can modify and use this example configuration file or you can create a new
file based on it. This configuration file is then used to deploy the CCME
Management Host through the script named deployCCME.sh.
Deployment
The following command will create all the IAM roles needed for CCME and on a CCME Roles Stack.
$ ./deployCCME.sh --create-roles-stack --conf-roles "my-ccme.roles.ccme.conf" --name "my-ccme"
**** CCME Roles Deployment - START ****
{
"StackId": "arn:aws:cloudformation:eu-west-1:012345678910:stack/CRS-my-ccme/af11b1e0-9a5a-11ed-ab69-06562ac4f907"
}
**** CCME Roles Deployment - END ****
CCME Management Host (CMH)
CMH Configuration
The configuration of the “CCME Management Host” is described in the deployment.ccme.conf file:
1#### CONFIGURATION FILE for the CCME Management Host (CMH) automatic setup ####
2
3#### IAM Configuration
4# management_stack_role defines the IAM role ARN that will be attached to the Management Stack.
5# The expected value in the ARN of an IAM role. Check the documentation for more information about this role.
6# This parameter corresponds to the output "ParallelClusterUserRole" of the CCME Roles Stack (CRS)
7# Setting this variable is MANDATORY. No default value exists.
8# Update Policy: This setting can be changed during an update.
9management_stack_role=
10
11# ccme_management_instance_profile defines the CCME Management Host (CMH) AWS IAM Instance Profile ARN
12# This parameter corresponds to the output "ParallelClusterUserInstanceProfile" of the CCME Roles Stack (CRS)
13# Setting this variable is MANDATORY. No default value exists.
14# Update Policy: This setting can be changed during an update.
15ccme_management_instance_profile=
16
17# ccme_management_lambda_role defines the ApplicationLoadBalancer Lambda AWS IAM Role ARN
18# This parameter corresponds to the output "ccmeAlbLambdaRole" of the CCME Roles Stack (CRS)
19# Setting this variable is MANDATORY. No default value exists.
20# Update Policy: This setting can be changed during an update.
21ccme_management_lambda_role=
22
23# ccme_cluster_lambda_role defines the ParallelCluster Lambda AWS IAM Role ARN
24# This parameter corresponds to the output "CustomLambdaResourcesRoleSlurm" of the CCME Roles Stack (CRS)
25# Setting this variable is MANDATORY. No default value exists.
26# Update Policy: If this setting is changed, the update is not allowed.
27# ccme_cluster_lambda_role=
28
29# ccme_cluster_headnode_instance_profile defines the HeadNode AWS IAM Instance Profile ARN
30# This parameter corresponds to the output "HeadNodeInstanceProfileSlurm" of the CCME Roles Stack (CRS)
31# Setting this variable is MANDATORY. No default value exists.
32# Update Policy: If this setting is changed, the update is not allowed.
33# ccme_cluster_headnode_instance_profile=
34
35# ccme_cluster_compute_instance_profile defines the Compute Nodes AWS IAM Instance profile ARN
36# This parameter corresponds to the output "ComputeNodeInstanceProfileSlurm" of the CCME Roles Stack (CRS)
37# Setting this variable is MANDATORY. No default value exists.
38# Update Policy: If this setting is changed, the update is not allowed.
39# ccme_cluster_compute_instance_profile=
40
41#### Global Configuration
42# debug is a boolean variable. When set to true, the stack does not automatically "rollback" after any failure.
43# Default value: false
44# Update Policy: This setting can be changed during an update.
45debug=false
46
47# timezone is a string variable. It configures the timezone for the CMH and the clusters
48# Setting this variable is MANDATORY.
49# Default value: 'Europe/Paris'
50# Update Policy: This setting can be changed during an update and requires to update the deployed clusters with the updated setting.
51timezone='Europe/Paris'
52
53# ccme_tags defines a list of tags associated to the CMH stack
54# Default value: no tag
55# Pattern: ("Key=your_key,Value=your_value" "Key=your_key,Value=your_value")
56# tags=("Key=your_key,Value=your_value" "Key=your_key,Value=your_value")
57# Update Policy: This setting can be changed during an update and requires to update the deployed clusters with the updated setting.
58
59# management_host_os defines the operating system of the CCME Management Host (CMH)
60# Allowed values for this variable are the following:
61# - al2023
62# - rhel8
63# Default value: al2023
64# Update Policy: This setting can be changed during an update. WARNING: A new CMH instance will be created.
65management_host_os=al2023
66
67# management_host_ami defines the AMI for the CMH instance
68# Setting this variable is OPTIONAL.
69# Default value: NONE
70# Update Policy: This setting can be changed during an update. WARNING: A new CMH instance will be created.
71# management_host_ami=
72
73# management_host_instance_type defines the instance type that will be configured as a CMH
74# Only AWS EC2 x86_64 instance type is allowed.
75# Default value: t2.micro
76# Update Policy: This setting can be changed during an update.
77management_host_instance_type=t2.micro
78
79#### Network Configuration
80# vpc defines the VPC where the CMH should be setup. The expected value is an existing VPCId.
81# Setting this variable is MANDATORY. No default value exists.
82# Update Policy: If this setting is changed, the update is not allowed.
83vpc=
84
85# public_subnets defines the Primary and Secondary subnets (created in 2 different AZs)
86# where the Application Load Balancer should be setup.
87# The expected values is a pair of existing SubnetId.
88# Setting this variable is MANDATORY. No default value exists.
89# Update Policy: This setting can be changed during an update and requires to update the deployed clusters with the updated setting.
90public_subnets=( "" "" )
91
92# private_subnets defines the Primary and Secondary subnets (created in 2 different AZs)
93# where the Active Directory and CCME Management Host should be setup.
94# The expected values is a pair of existing SubnetId.
95# Setting this variable is MANDATORY. No default value exists.
96# Update Policy: If this setting is changed, the update is not allowed.
97private_subnets=( "" "" )
98
99# additional_security_group defines one optional additional security group
100# to the CMH and clusters.
101# Setting this variable is OPTIONAL.
102# Default value: NONE
103# Update Policy: This setting can be changed during an update and requires to update the deployed clusters with the updated setting.
104additional_security_group=NONE
105
106# management_host_ip defines the address of an Elastic IP (if you already have one to use for your CMH)
107# If the default value is used, CCME will request a new Elastic IP to attach it to the CMH.
108# Set "NONE" to not assign a public IP.
109# Default value: 0.0.0.0
110# Update Policy: This setting can be changed during an update.
111management_host_ip=0.0.0.0
112
113
114#### Security Configuration
115# alb_ssl_certificate defines the SSL certificate used by the Application Load Balancer being the entry point to CCME.
116# The expected value in the ARN of a SSL certificate stored in AWS Certificate Manager (ACM).
117# Setting this variable is MANDATORY. No default value exists.
118# Update Policy: This setting can be changed during an update.
119alb_ssl_certificate=
120
121# application_load_balancer_scheme defines if the Application Load Balancer (ALB) is "internet-facing" or "internal"
122# Default value: 'internet-facing'
123# Update Policy: If this setting is changed, the update is not allowed.
124application_load_balancer_scheme=internet-facing
125
126# application_load_balancer_arn defines the application load balancer used to forward the
127# portal and the visualization of CCME to the end users.
128# The expected value is the ARN of the choosen Application Load Balancer
129# Setting this variable is OPTIONAL.
130# Default value: NONE
131# Update Policy: This setting can be changed during an update and requires to update the deployed clusters with the updated setting.
132application_load_balancer_arn=NONE
133
134# application_load_balancer_ingress_cidr specifies the CIDR-formatted IP range for ingress connections to the ALB.
135# Setting this variable is OPTIONAL.
136# Default value: 0.0.0.0/0
137# Update Policy: This setting can be changed during an update.
138# application_load_balancer_ingress_cidr=0.0.0.0/0
139
140# secrets_manager_prefix defines the prefix of the secrets stored in the Secrets Service Manager
141# CCME requires AWS Secrets, it requires to register each secret with a name starting by the same prefix.
142# Default value: NONE
143# E.g.: "ccme-prefix"
144# E.g. of secret using this prefix: "arn:aws:secretsmanager:eu-west-1:012345678910:secret:ccme-prefix-adreadonlyuser.password-7dFt5"
145# Update Policy: This setting can be changed during an update and requires to update the deployed clusters with the updated setting.
146secrets_manager_prefix=
147
148# ccme_proxy defines the optional proxy for CMH and clusters
149# Setting this variable is OPTIONAL.
150# Default value: NONE
151# E.g.: "https://url_of_proxy/"
152# Update Policy: This setting can be changed during an update and requires to update the deployed clusters with the updated setting.
153ccme_proxy=
154
155# ccme_no_proxy defines the optional list of no_proxy delimited by comma for CMH and clusters
156# Setting this variable is OPTIONAL.
157# Default value: NONE
158# E.g.: "my.domain1,my.domain2"
159# Update Policy: This setting can be changed during an update and requires to update the deployed clusters with the updated setting.
160ccme_no_proxy=
161
162# ccme_repository_pip defines a private pip repository
163# Setting this variable is OPTIONAL.
164# Default value: NONE
165# E.g.: "https://url_of_pip_repo"
166# Update Policy: This setting can be changed during an update and requires to update the deployed clusters with the updated setting.
167ccme_repository_pip=
168
169# management_host_keypair is the Name of an existing EC2 key pair that should be used to connect to the CMH with SSH.
170# Setting this variable is OPTIONAL. No default value exists.
171# If you do not specify a key pair or set the value to NONE, you can't connect to the instance
172# unless you choose an AMI providing another way to log in.
173# Update Policy: If this setting is changed, the update is not allowed.
174management_host_keypair=
175
176# management_host_authorized_group defines the AD groups of users which are allowed to login to your CMH.
177# If the default value is used, no filter is applied and everyone in AD is authorized to login.
178# Default value: NONE
179# Update Policy: This setting can be changed during an update.
180management_host_authorized_group=NONE
181
182# management_host_sudo_group defines the AD group of users which is allowed to use sudo on your CMH.
183# If the default value is used, no group from the AD is authorized to use sudo.
184# Default value: NONE
185# Update Policy: This setting can be changed during an update.
186management_host_sudo_group=NONE
187
188
189#### Storage Configuration
190# ccme_bucket_path is the BucketName:BucketKey where BucketName is the name of an existing s3 bucket
191# and where CCME machinery will be stored at the "BucketKey" path to be used to manage clusters.
192# E.g.: "ccme-bucket:subfolder1/subfolder2/subfolder3/"
193# Subfolder must end with a '/'
194# Setting this variable is MANDATORY. No default value exists.
195# Update Policy for BucketName: If this setting is changed, the update is not allowed.
196# Update Policy for BucketKey: If this setting is changed, the update is allowed for the CMH stack, but not the clusters.
197ccme_bucket_path=
198
199# ccme_data_bucket is the Name of an existing s3 bucket where common user data is accessed by users on any cluster.
200# Setting this variable is MANDATORY. No default value exists.
201# Update Policy: This setting can be changed during an update.
202ccme_data_bucket=
203
204
205#### Active Directory Configuration
206# active_directory_name defines the Domain Name of your Active Directory.
207# If the value is NONE, then no Active Directory is deployed
208# Default value: ccme.ad
209# Update Policy: This setting can be changed during an update only if the previous and the new values are set for internal Active Directory.
210active_directory_name=
211
212# active_directory_ips defines the list of IPs of the Active Directory.
213# When the default (NONE) value is used, a new AWS-managed Active Directory is created and the CMH is configured to use it.
214# Otherwise, the format is a comma separated list of IPS. E.g., 10.0.0.1,10.0.0.2
215# Default value: NONE
216# Update Policy: This setting can be changed during an update and requires to update the deployed clusters with the updated setting.
217active_directory_ips=NONE
218
219# active_directory_readonlyuser_dn defines the distinguished name of ReadOnlyUser account in your AD.
220# The expected value in the preexisting ARN is a "cn=string,OU=string,DC=string,DC=string".
221# Setting this variable differently than 'ReadOnlyUser' default value is MANDATORY ONLY IF the AD used for CCME is preexisting.
222# Default value: ReadOnlyUser
223# Update Policy: This setting can be changed during an update and requires to update the deployed clusters with the updated setting.
224active_directory_read_only_user_dn='ReadOnlyUser'
225
226# active_directory_read_only_user_password_secret_arn defines the password of ReadOnlyUser accounts in your AD.
227# The expected value in the preexisting ARN of a plaintext string stored in AWS Secrets Manager (ASM).
228# Setting this variable is MANDATORY. No default value exists.
229# E.g.: active_directory_read_only_user_password_secret_arn=arn:aws:secretsmanager:eu-west-1:012345678910:secret:ccme-prefix-adadmin.password-3nSOf
230# Update Policy: This setting can be changed during an update and requires to update the deployed clusters with the updated setting.
231active_directory_read_only_user_password_secret_arn=
232
233# active_directory_admin_password_secret_arn defines the password of Admin accounts in your AD.
234# The expected value in the preexisting ARN of a plaintext string stored in AWS Secrets Manager (ASM).
235# Setting this variable is MANDATORY ONLY IF the AD creation is automated
236# E.g.: active_directory_admin_password_secret_arn=arn:aws:secretsmanager:eu-west-1:012345678910:secret:ccme-prefix-adreadonlyuser.password-7dFt5
237# Update Policy: If this setting is changed, the update is not allowed.
238active_directory_admin_password_secret_arn=
239
240#### KMS Encryption
241# enable_kms_encryption defines the usage of KMS for storage encryption
242# When set to true the EBS, FSx, S3 ... will use the encryption key variables
243# Setting this variable is OPTIONAL.
244# Value: true or false
245# Default: false
246# Update Policy: If this setting is changed, the update is not allowed.
247# enable_kms_encryption=
248
249# The following variables define the ARN of KMS keys used to encrypt storages or
250# communications on multiple services used by CCME.
251# Setting these variables is mandatory if enable_kms_encryption=true
252# Value: ARN of existing KMS key
253# No default value exists.
254# CMH EBS encryption
255# Update Policy: If this setting is changed, the update is not allowed.
256# ccme_kms_cmh=
257# Clusters EBS encryption
258# Update Policy: If this setting is changed, the update is not allowed.
259# ccme_kms_clusters=
260# Additional KMS key for CMH and Clusters encryption
261# ccme_kms_additional_key=
262# FSx encryption
263# Update Policy: If this setting is changed, the update is not allowed.
264# ccme_kms_fsx=
265# S3 encryption
266# Update Policy: This setting can be changed during an update if the CCME Role Stack allows access to the resource ARN.
267# ccme_kms_s3=
268# SNS encryption
269# Update Policy: This setting can be changed during an update if the CCME Role Stack allows access to the resource ARN.
270# ccme_kms_sns=
You can modify and use this example configuration file or you can create a new
file based on it. This configuration file is then used to deploy the CCME
Management Host through the script named deployCCME.sh.
Resources
The resources deployed in your AWS account by the CCME Management Host are:
An AWS Lambda with a log group in
/ccme/ccme-lambda-alb-${StackId}An AWS EC2 instance as CCME Management Host
Optional
An Active Directory
An Application Load Balancer
Multiple AWS EC2 security-groups
Those resources are named using ccme as prefix and -Stack_id as suffix.
Example for the resource LambdaALB, the resource is named: ccmeLambdaALB-7225f980-0a8a-11ee-81f0-06c4c07a0d95:
ccmeas prefixA variable information related to the resource:
LambdaALBin this caseThe
stack_idof the CMH stack and a suffix preceded by a-:-7225f980-0a8a-11ee-81f0-06c4c07a0d95in our case
The only exception for this rule is related to the Application Load Balancer (ALB).
The ALB is using -Stack_name instead of the -Stack_id as suffix due to restrictions on the length of the name of the ALB
Deployment
The following command will create all the environment needed for CCME and create a Management Host named my_ccme_mgt_host.
First it will upload all the source code of CCME to the ccme_bucket_path as specified in the deployment.ccme.conf file,
this is mandatory on a first deployment. For further deployments, you can directly reuse the same bucket if no code change has been made.
$ ./deployCCME.sh --update --create-management-host --conf-management "my-ccme.deployment.ccme.conf" --name "my-ccme"
**** CCME Bucket Update - START ****
**** CCME Bucket Update - END ****
**** CCME ManagementHost Deployment - START ****
{
"StackId": "arn:aws:cloudformation:eu-west-1:012345678910:stack/CMH-my-ccme/bf11b1e0-9a5a-11ed-ab69-06562ac4f907"
}
**** CCME ManagementHost Deployment - END ****
Customization
Custom Ansible Scripts
On top of CCME specific configurations, you can integrate your own custom scripts to CCME Management Host.
To deploy a CMH embedding and executing your own custom scripts, you must place them in
the management/custom directory and synchronize this directory in the S3 bucket.
You can provide your own Ansible playbooks to add specific configurations to the CMH, they must
have the following naming convention: management/custom/install-*-management.yaml.
Custom ParallelCluster configuration files
On top of the ParallelCluster example configuration files provided with CCME, you can provide your own Jinja template along with a set of parameters to generate your own configuration files.
To do so, you just need to:
add your templates in
management/customand name them with the following pattern*.pcluster.config.j2,add any specific configuration variable in the
management/custom/pcluster.vars.yamlfile (YAML format). All variables in this file will be assigned under thecustomvariable. This means that if you declaremyvar: myval, it will be available ascustom.myvarin you*.pcluster.config.j2files.
management/custom/custom.pcluster.config.j2
1Region: '{{ AWS_REGION }}'
2CustomS3Bucket: '{{ CCME_CLUSTER_S3BUCKET }}'
3{%if CCME_CLUSTER_LAMBDA_ROLE != "NONE"%}
4Iam:
5 Roles:
6 LambdaFunctionsRole: '{{ CCME_CLUSTER_LAMBDA_ROLE }}'
7 # If the role associated to the cluster includes a custom IAM path prefix,
8 # replace "parallelcluster" by the custom IAM path prefix.
9 ResourcePrefix: "parallelcluster"
10{% endif %}
11Image:
12 Os: alinux2
13Tags:
14{% for key, value in CCME_TAGS.items() %}
15{% if "aws:" not in key and key != "Name" %}
16 - Key: {{ key }}
17 Value: {{ value }}
18{% endif %}
19{% endfor %}
20SharedStorage:
21 - Name: shared
22 StorageType: Ebs
23 MountDir: shared
24 EbsSettings:
25{% if "NONE" not in CCME_CLUSTER_KMS_EBS %}
26 Encrypted: true
27 KmsKeyId: {{ CCME_CLUSTER_KMS_EBS }}
28{% else %}
29 Encrypted: false
30{% endif %}
31HeadNode:
32 InstanceType: {{ custom.headinsttype }}
33 Networking:
34 SubnetId: '{{ CCME_SUBNET }}'
35 SecurityGroups:
36 - '{{ CCME_PRIVATE_SG }}'
37{%if CCME_PROXY is defined and CCME_PROXY and CCME_PROXY != "NONE"%}
38 Proxy:
39 HttpProxyAddress: '{{ CCME_PROXY }}'
40{% endif %}
41 Ssh:
42 KeyName: '{{ AWS_KEYNAME }}'
43 CustomActions:
44 OnNodeStart:
45 Script: s3://{{ CCME_SOURCES }}CCME/sbin/pre-install.sh
46 Args:
47 - CCME_CMH_NAME={{ CCME_CMH_NAME }}
48 - CCME_S3FS={{ CCME_DATA_BUCKET }}
49 - CCME_JSLOGS_BUCKET={{ CCME_DATA_BUCKET }}
50{%if CCME_NO_PROXY is defined and CCME_NO_PROXY and CCME_NO_PROXY != "NONE"%}
51 - CCME_NO_PROXY={{ CCME_NO_PROXY }}
52{% endif %}
53 # - CCME_OIDC=default
54 # - CCME_USER_HOME=/shared-filesystem/home/%u
55 # - CCME_DNS=NONE
56 - CCME_WIN_LAUNCH_TEMPLATE_ID={{ CCME_WIN_LAUNCH_TEMPLATE_ID }}
57 # - CCME_WIN_AMI=NONE
58 # - CCME_WIN_INSTANCE_TYPE=NONE
59 # - CCME_WIN_INACTIVE_SESSION_TIME=600
60 # - CCME_WIN_NO_SESSION_TIME=600
61 # - CCME_WIN_NO_BROKER_COMMUNICATION_TIME=600
62 # - CCME_EF_ADMIN_GROUP=
63 # - CCME_EF_ADMIN_PASSWORD=
64{%if CCME_REPOSITORY_PIP is defined and CCME_REPOSITORY_PIP and CCME_REPOSITORY_PIP != "NONE"%}
65 - CCME_REPOSITORY_PIP={{ CCME_REPOSITORY_PIP }}
66{% endif %}
67 OnNodeConfigured:
68 Script: s3://{{ CCME_SOURCES }}CCME/sbin/post-install.sh
69 OnNodeUpdated:
70 Script: s3://{{ CCME_SOURCES }}CCME/sbin/update-install.sh
71 Iam:
72 InstanceProfile: '{{ CCME_CLUSTER_HEADNODE_INSTANCE_PROFILE }}'
73Scheduling:
74 Scheduler: slurm
75 SlurmSettings:
76 Dns:
77 # If the role associated to the cluster is not authorized to use Route 53,
78 # set "DisableManagedDns" to true.
79 DisableManagedDns: False
80 SlurmQueues:
81{% for queue in custom.queues %}
82 - Name: {{ queue.Name }}
83 CapacityType: ONDEMAND
84 ComputeResources:
85{% for cr in queue.InstanceTypes %}
86 - Name: {{ cr | replace('.', '') }}
87 InstanceType: {{ cr }}
88 MinCount: 0
89 MaxCount: 10
90{% endfor %}
91 CustomActions:
92 OnNodeStart:
93 Script: s3://{{ CCME_SOURCES }}CCME/sbin/pre-install.sh
94 OnNodeConfigured:
95 Script: s3://{{ CCME_SOURCES }}CCME/sbin/post-install.sh
96 Iam:
97 InstanceProfile: '{{ CCME_CLUSTER_COMPUTE_INSTANCE_PROFILE }}'
98 Networking:
99 SubnetIds:
100 - '{{ CCME_SUBNET }}'
101 SecurityGroups:
102 - '{{ CCME_COMPUTE_SG }}'
103{%if CCME_PROXY is defined and CCME_PROXY and CCME_PROXY != "NONE"%}
104 Proxy:
105 HttpProxyAddress: '{{ CCME_PROXY }}'
106{% endif %}
107{% endfor %}
108{%if CCME_AD_DIR_NAME != "NONE"%}
109DirectoryService:
110 DomainName: {{ CCME_AD_DIR_NAME }}
111 DomainAddr: {% for adip in CCME_AD_IPS.split(',') %}{% if adip == CCME_AD_IPS.split(',')[0] %}ldap://{{ adip }}{% else %},ldap://{{ adip }}{% endif %}{% endfor %}{{''}}
112 PasswordSecretArn: {{ CCME_AD_READ_ONLY_USER_PASSWORD }}
113 DomainReadOnlyUser: {% if CCME_AD_ORIGIN == "external" %}{{ CCME_AD_READ_ONLY_USER_DN }}{% elif CCME_AD_ORIGIN == "internal" %}cn=ReadOnlyUser,ou=Users,ou={{ CCME_AD_DIR_NAME.split('.')[0] }}{% for addn in CCME_AD_DIR_NAME.split('.') %},dc={{ addn }}{% endfor %}{% endif %}{{''}}
114 LdapTlsReqCert: never
115 # LdapAccessFilter
116 AdditionalSssdConfigs:
117 # debug_level: "0x1ff"
118 ldap_auth_disable_tls_never_use_in_production: True
119{% endif %}
120Imds:
121 ImdsSupport: v2.0
122DevSettings:
123 Timeouts:
124 HeadNodeBootstrapTimeout: 2400
125 ComputeNodeBootstrapTimeout: 1800
management/custom/pcluster.vars.yaml
1################################################################################
2# Copyright (c) 2017-2024 UCit SAS
3# All Rights Reserved
4#
5# This software is the confidential and proprietary information
6# of UCit SAS ("Confidential Information").
7# You shall not disclose such Confidential Information
8# and shall use it only in accordance with the terms of
9# the license agreement you entered into with UCit.
10################################################################################
11# This file can be used to set custom variables used to render the *.pcluster.conf.j2 templates
12# All variables in this file will be assigned under the "custom" variable.
13# This means that if you declare "myvar: myval", it will be available as custom.myvar
14headinsttype: t3.xlarge
15queues:
16 - Name: basic-slurm
17 InstanceTypes:
18 - c5n.18xlarge
19 - c5n.xlarge
20 - Name: dcv-gpu
21 InstanceTypes:
22 - g4dn.xlarge
Connection
There are two network possibilities to connect to the Management Host: - From authorized IP / CIDR with a Public IP attributed to the CCME Management Host - From authorized IP / CIDR with a Private IP, using an instance in the same VPC (e.g.: bastion, proxy/bounce server…)
There are two user possibilities to connect to the Management Host:
CCME Admin user:
ec2-userUser from the ActiveDirectory
Must be in the group authorized to connect to the Management Host, as defined by the variable “management_host_authorized_group” of the configuration file described in the section “Configuration”
The required information are:
Username (
ManagementHostUser): available in the CloudFormation output of the CCME ManagementHost stackssh key: For the local user named
ec2-userpassword: For user from the Active Directory
IP address: are available in the CloudFormation output of the CCME ManagementHost stack
Public IP (
ManagementHostPublicIP)Private IP (
ManagementHostPrivateIP)
You can retrieve the output from the Management Host stack from the AWS Console as in this example:
Key |
Value |
Description |
|---|---|---|
|
10.0.0.32 |
Private IP Address of the Management Host |
|
54.122.171.48 |
Public IP address of the ManagementHost |
|
ec2-user |
User of the Management Host |