Merge branch 'main' into cot/deploy_into_existing_subnets

dspace-group · May 23, 2024 · 755d10a · 755d10a
2 parents 94ee7c9 + aaaccf3
commit 755d10a
Show file tree

Hide file tree

Showing 10 changed files with 95 additions and 14 deletions.
diff --git a/.github/workflows/qualitygate.yml b/.github/workflows/qualitygate.yml
@@ -35,13 +35,13 @@ jobs:
 
       - name: Terraform validate
         run: terraform validate
-        
+
       - name: Init TFLint
         run: tflint --init
 
       - name: Terraform lint Root
         run: tflint
-      
+
       - name: Terraform lint SIMPHERA Base
         run: tflint --config ../../.tflint.hcl --chdir ./modules/simphera_aws_instance
 
@@ -64,7 +64,6 @@ jobs:
            working-dir: .
            config-file: tfvars.hcl.terraform-docs.yml
            output-file: terraform.tfvars.example
-           output-format: tfvars hcl
            output-method: replace
            template: |
              {{ .Content }}
@@ -79,5 +78,5 @@ jobs:
           output-method: replace
           template: |
             {{ .Content }}
-          git-push: "true"  
+          git-push: "true"
 
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -22,7 +22,7 @@ repos:
     -   id: tfsec
         name: tfsec
         entry: --entrypoint /src/hooks/tfsec.sh aquasec/tfsec:v1.28
-        language: docker_image                         
+        language: docker_image
 -   repo: local
     hooks:
     -   id: terraform_docs

diff --git a/README.md b/README.md
@@ -38,7 +38,7 @@ Charges may apply for the following AWS resources and services:
 | Amazon Simple Storage Service | Binary artifacts are stored in an S3 bucket. | Yes |
 | Amazon Elastic File System | Binary artifacts are stored temporarily in EFS. | Yes |
 | AWS Key Management Service (AWS KMS) | Encryption for Kubernetes secrets is enabled by default. | |
-| Amazon Elastic Compute Cloud | Optionally, you can deploy a dSPACE license server on an EC2 instance. Alternatively, you can deploy the server on external infrastructure. ||
+| Amazon Elastic Compute Cloud | Optionally, you can deploy a dSPACE license server on an EC2 instance. Alternatively, you can deploy the server on external infrastructure. For additional information, please contact our support team. ||
 | Amazon CloudWatch | Metrics and container logs to CloudWatch. It is recommended to deploy the dSPACE monitoring stack in Kubernetes.||
 
 ## Usage Instructions
@@ -467,6 +467,7 @@ Important: During credentials rotation, SIMPHERA will not be available for a sho
 | <a name="module_eks"></a> [eks](#module\_eks) | git::https://github.com/aws-ia/terraform-aws-eks-blueprints.git | v4.32.1 |
 | <a name="module_eks-addons"></a> [eks-addons](#module\_eks-addons) | git::https://github.com/aws-ia/terraform-aws-eks-blueprints.git//modules/kubernetes-addons | v4.32.1 |
 | <a name="module_security_group"></a> [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4 |
+| <a name="module_security_group_license_server"></a> [security\_group\_license\_server](#module\_security\_group\_license\_server) | terraform-aws-modules/security-group/aws | ~> 4 |
 | <a name="module_simphera_instance"></a> [simphera\_instance](#module\_simphera\_instance) | ./modules/simphera_aws_instance | n/a |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | v3.11.0 |
 
@@ -532,6 +533,7 @@ Important: During credentials rotation, SIMPHERA will not be available for a sho
 |------|-------------|------|---------|:--------:|
 | <a name="input_cloudwatch_retention"></a> [cloudwatch\_retention](#input\_cloudwatch\_retention) | Global cloudwatch retention period for the EKS, VPC, SSM, and PostgreSQL logs. | `number` | `7` | no |
 | <a name="input_cluster_autoscaler_helm_config"></a> [cluster\_autoscaler\_helm\_config](#input\_cluster\_autoscaler\_helm\_config) | Cluster Autoscaler Helm Config | `any` | <pre>{<br>  "version": "9.28.0"<br>}</pre> | no |
+| <a name="input_codemeter"></a> [codemeter](#input\_codemeter) | Download link for codemeter rpm package. | `string` | `"https://www.wibu.com/support/user/user-software/file/download/13346.html?tx_wibudownloads_downloadlist%5BdirectDownload%5D=directDownload&tx_wibudownloads_downloadlist%5BuseAwsS3%5D=0&cHash=8dba7ab094dec6267346f04fce2a2bcd"` | no |
 | <a name="input_enable_aws_for_fluentbit"></a> [enable\_aws\_for\_fluentbit](#input\_enable\_aws\_for\_fluentbit) | Install FluentBit to send container logs to CloudWatch. | `bool` | `false` | no |
 | <a name="input_enable_ingress_nginx"></a> [enable\_ingress\_nginx](#input\_enable\_ingress\_nginx) | Enable Ingress Nginx add-on | `bool` | `false` | no |
 | <a name="input_enable_patching"></a> [enable\_patching](#input\_enable\_patching) | Scans license server EC2 instance and EKS nodes for updates. Installs patches on license server automatically. EKS nodes need to be updated manually. | `bool` | `false` | no |
@@ -552,9 +554,11 @@ Important: During credentials rotation, SIMPHERA will not be available for a sho
 | <a name="input_licenseServer"></a> [licenseServer](#input\_licenseServer) | Specifies whether a license server VM will be created. | `bool` | `false` | no |
 | <a name="input_linuxExecutionNodeCountMax"></a> [linuxExecutionNodeCountMax](#input\_linuxExecutionNodeCountMax) | The maximum number of Linux nodes for the job execution | `number` | `10` | no |
 | <a name="input_linuxExecutionNodeCountMin"></a> [linuxExecutionNodeCountMin](#input\_linuxExecutionNodeCountMin) | The minimum number of Linux nodes for the job execution | `number` | `0` | no |
+| <a name="input_linuxExecutionNodeDiskSize"></a> [linuxExecutionNodeDiskSize](#input\_linuxExecutionNodeDiskSize) | The disk size in GiB of the nodes for the job execution | `number` | `200` | no |
 | <a name="input_linuxExecutionNodeSize"></a> [linuxExecutionNodeSize](#input\_linuxExecutionNodeSize) | The machine size of the Linux nodes for the job execution, user must check the availability of the instance types for the region. The list is ordered by priority where the first instance type gets the highest priority. Instance types must fulfill the following requirements: 64 GB RAM, 16 vCPUs, at least 110 IPs, at least 2 availability zones. | `list(string)` | <pre>[<br>  "m6a.4xlarge",<br>  "m5a.4xlarge",<br>  "m5.4xlarge",<br>  "m6i.4xlarge",<br>  "m4.4xlarge",<br>  "m7i.4xlarge",<br>  "m7a.4xlarge"<br>]</pre> | no |
 | <a name="input_linuxNodeCountMax"></a> [linuxNodeCountMax](#input\_linuxNodeCountMax) | The maximum number of Linux nodes for the regular services | `number` | `12` | no |
 | <a name="input_linuxNodeCountMin"></a> [linuxNodeCountMin](#input\_linuxNodeCountMin) | The minimum number of Linux nodes for the regular services | `number` | `1` | no |
+| <a name="input_linuxNodeDiskSize"></a> [linuxNodeDiskSize](#input\_linuxNodeDiskSize) | The disk size in GiB of the nodes for the regular services | `number` | `200` | no |
 | <a name="input_linuxNodeSize"></a> [linuxNodeSize](#input\_linuxNodeSize) | The machine size of the Linux nodes for the regular services, user must check the availability of the instance types for the region. The list is ordered by priority where the first instance type gets the highest priority. Instance types must fulfill the following requirements: 64 GB RAM, 16 vCPUs, at least 110 IPs, at least 2 availability zones. | `list(string)` | <pre>[<br>  "m6a.4xlarge",<br>  "m5a.4xlarge",<br>  "m5.4xlarge",<br>  "m6i.4xlarge",<br>  "m4.4xlarge",<br>  "m7i.4xlarge",<br>  "m7a.4xlarge"<br>]</pre> | no |
 | <a name="input_maintainance_duration"></a> [maintainance\_duration](#input\_maintainance\_duration) | How long in hours for the maintenance window. | `number` | `3` | no |
 | <a name="input_map_accounts"></a> [map\_accounts](#input\_map\_accounts) | Additional AWS account numbers to add to the aws-auth ConfigMap | `list(string)` | `[]` | no |

diff --git a/hooks/terraform_docs.sh b/hooks/terraform_docs.sh
@@ -1,4 +1,4 @@
 #!/bin/sh
-terraform-docs markdown table --output-file README.md --output-mode inject . 
+terraform-docs markdown table --output-file README.md --output-mode inject .
 terraform-docs -c tfvars.hcl.terraform-docs.yml .
-terraform-docs -c tfvars.json.terraform-docs.yml .
+terraform-docs tfvars json .
diff --git a/license-server.tf b/license-server.tf
@@ -12,6 +12,16 @@ resource "aws_instance" "license_server" {
     http_endpoint = "enabled"
     http_tokens   = "required" # Require session token for Instance Metadata Service Version 2 (IMDSv2)
   }
+  user_data = <<-EOF
+                #!/bin/bash
+                yum update -y
+                wget -O CodeMeter.rpm "${var.codemeter}"
+                yum -y localinstall CodeMeter.rpm
+                systemctl stop codemeter
+                sed -i -e '/IsNetworkServer=/ s/=.*/=1/' /etc/wibu/CodeMeter/Server.ini
+                systemctl start codemeter
+                systemctl enable codemeter
+                EOF
 
   lifecycle {
     ignore_changes = [
@@ -26,12 +36,7 @@ data "aws_ami" "amazon_linux_kernel5" {
 
   filter {
     name   = "name"
-    values = ["amzn2-ami-kernel-5*"]
-  }
-
-  filter {
-    name   = "block-device-mapping.volume-type"
-    values = ["gp2"]
+    values = ["al2023-ami-202*"]
   }
 
   filter {
@@ -104,3 +109,32 @@ resource "aws_iam_instance_profile" "license_server_profile" {
   name  = local.license_server_instance_profile
   role  = aws_iam_role.license_server_role[0].name
 }
+
+module "security_group_license_server" {
+  count       = var.licenseServer ? 1 : 0
+  source      = "terraform-aws-modules/security-group/aws"
+  version     = "~> 4"
+  name        = "${var.infrastructurename}-license-server"
+  description = "License server security group"
+  vpc_id      = module.vpc.vpc_id
+  tags        = var.tags
+  ingress_with_source_security_group_id = [
+    {
+      type                     = "ingress"
+      from_port                = 22350
+      to_port                  = 22350
+      protocol                 = "tcp"
+      description              = "Inbound TCP on port 22350 from kubernetes nodes security group"
+      source_security_group_id = module.eks.cluster_primary_security_group_id
+    },
+  ]
+  egress_with_cidr_blocks = [
+    {
+      from_port   = 0
+      to_port     = 0
+      protocol    = "-1"
+      description = "allow all outbound traffic"
+      cidr_blocks = "0.0.0.0/0"
+    },
+  ]
+}
diff --git a/locals.tf b/locals.tf
@@ -41,6 +41,7 @@ locals {
       desired_size    = var.linuxNodeCountMin
       max_size        = var.linuxNodeCountMax
       min_size        = var.linuxNodeCountMin
+      disk_size       = var.linuxNodeDiskSize
     },
     "execnodes" = {
       node_group_name = "execnodes"
@@ -49,6 +50,7 @@ locals {
       desired_size    = var.linuxExecutionNodeCountMin
       max_size        = var.linuxExecutionNodeCountMax
       min_size        = var.linuxExecutionNodeCountMin
+      disk_size       = var.linuxExecutionNodeDiskSize
       k8s_labels = {
         "purpose" = "execution"
       }

diff --git a/terraform.json.example b/terraform.json.example
@@ -3,6 +3,7 @@
   "cluster_autoscaler_helm_config": {
     "version": "9.28.0"
   },
+  "codemeter": "https://www.wibu.com/support/user/user-software/file/download/13346.html?tx_wibudownloads_downloadlist%5BdirectDownload%5D=directDownload&tx_wibudownloads_downloadlist%5BuseAwsS3%5D=0&cHash=8dba7ab094dec6267346f04fce2a2bcd",
   "enable_aws_for_fluentbit": false,
   "enable_ingress_nginx": false,
   "enable_patching": false,
@@ -27,6 +28,7 @@
   "licenseServer": false,
   "linuxExecutionNodeCountMax": 10,
   "linuxExecutionNodeCountMin": 0,
+  "linuxExecutionNodeDiskSize": 200,
   "linuxExecutionNodeSize": [
     "m6a.4xlarge",
     "m5a.4xlarge",
@@ -38,6 +40,7 @@
   ],
   "linuxNodeCountMax": 12,
   "linuxNodeCountMin": 1,
+  "linuxNodeDiskSize": 200,
   "linuxNodeSize": [
     "m6a.4xlarge",
     "m5a.4xlarge",

diff --git a/terraform.tfvars.example b/terraform.tfvars.example
@@ -7,6 +7,9 @@ cluster_autoscaler_helm_config = {
   "version": "9.28.0"
 }
 
+# Download link for codemeter rpm package.
+codemeter = "https://www.wibu.com/support/user/user-software/file/download/13346.html?tx_wibudownloads_downloadlist%5BdirectDownload%5D=directDownload&tx_wibudownloads_downloadlist%5BuseAwsS3%5D=0&cHash=8dba7ab094dec6267346f04fce2a2bcd"
+
 # Install FluentBit to send container logs to CloudWatch.
 enable_aws_for_fluentbit = false
 
@@ -71,6 +74,9 @@ linuxExecutionNodeCountMax = 10
 # The minimum number of Linux nodes for the job execution
 linuxExecutionNodeCountMin = 0
 
+# The disk size in GiB of the nodes for the job execution
+linuxExecutionNodeDiskSize = 200
+
 # The machine size of the Linux nodes for the job execution, user must check the availability of the instance types for the region. The list is ordered by priority where the first instance type gets the highest priority. Instance types must fulfill the following requirements: 64 GB RAM, 16 vCPUs, at least 110 IPs, at least 2 availability zones.
 linuxExecutionNodeSize = [
   "m6a.4xlarge",
@@ -88,6 +94,9 @@ linuxNodeCountMax = 12
 # The minimum number of Linux nodes for the regular services
 linuxNodeCountMin = 1
 
+# The disk size in GiB of the nodes for the regular services
+linuxNodeDiskSize = 200
+
 # The machine size of the Linux nodes for the regular services, user must check the availability of the instance types for the region. The list is ordered by priority where the first instance type gets the highest priority. Instance types must fulfill the following requirements: 64 GB RAM, 16 vCPUs, at least 110 IPs, at least 2 availability zones.
 linuxNodeSize = [
   "m6a.4xlarge",

diff --git a/tfvars.hcl.terraform-docs.yml b/tfvars.hcl.terraform-docs.yml
@@ -1,2 +1,14 @@
+# Original template for content: https://github.com/terraform-docs/terraform-docs/blob/v0.16.0/format/templates/tfvars_hcl.tmpl
+
+formatter: asciidoc
+content: |
+  {{ if .Module.Inputs -}}
+    {{- range $index, $element := .Module.Inputs }}
+      {{ if $element.Description -}}
+        # {{ tostring $element.Description }}
+      {{ end -}}
+      {{ $element.Name }} = {{ $element.GetValue }}
+    {{ end -}}
+  {{- end -}}
 settings:
   description: true
diff --git a/variables.tf b/variables.tf
@@ -28,6 +28,12 @@ variable "linuxNodeCountMax" {
   default     = 12
 }
 
+variable "linuxNodeDiskSize" {
+  type        = number
+  description = "The disk size in GiB of the nodes for the regular services"
+  default     = 200
+}
+
 variable "linuxExecutionNodeSize" {
   type        = list(string)
   description = "The machine size of the Linux nodes for the job execution, user must check the availability of the instance types for the region. The list is ordered by priority where the first instance type gets the highest priority. Instance types must fulfill the following requirements: 64 GB RAM, 16 vCPUs, at least 110 IPs, at least 2 availability zones."
@@ -46,6 +52,12 @@ variable "linuxExecutionNodeCountMax" {
   default     = 10
 }
 
+variable "linuxExecutionNodeDiskSize" {
+  type        = number
+  description = "The disk size in GiB of the nodes for the job execution"
+  default     = 200
+}
+
 variable "gpuNodePool" {
   type        = bool
   description = "Specifies whether an additional node pool for gpu job execution is added to the kubernetes cluster"
@@ -118,6 +130,12 @@ variable "licenseServer" {
   default     = false
 }
 
+variable "codemeter" {
+  type        = string
+  description = "Download link for codemeter rpm package."
+  default     = "https://www.wibu.com/support/user/user-software/file/download/13346.html?tx_wibudownloads_downloadlist%5BdirectDownload%5D=directDownload&tx_wibudownloads_downloadlist%5BuseAwsS3%5D=0&cHash=8dba7ab094dec6267346f04fce2a2bcd"
+}
+
 variable "kubernetesVersion" {
   type        = string
   description = "The version of the EKS cluster."