Skip to content

Latest commit

 

History

History
153 lines (114 loc) · 7.55 KB

README.md

File metadata and controls

153 lines (114 loc) · 7.55 KB
Raw

Description

This module creates the basic security infrastructure of an HTCondor pool in Google Cloud.

NOTE: This module was previously named htcondor-configure. The interface and responsibilities of this module have changed significantly. Please review the example and modify your blueprints accordingly.

Security setup

This module will take the following actions:

  • store an HTCondor Pool password in Google Cloud Secret Manager
    • will generate a new password if one is not supplied
  • create service accounts for an HTCondor Access Point and Central Manager

It is expected to be used with the htcondor-install and htcondor-execute-point modules.

Example

The following code snippet uses this module to create a startup script that installs HTCondor software and configures an HTCondor Central Manager. A full example can be found in the examples README.

- id: network1
  source: modules/network/pre-existing-vpc

- id: htcondor_install
  source: community/modules/scripts/htcondor-install

- id: htcondor_setup
  source: community/modules/scheduler/htcondor-setup
  use:
  - network1

- id: htcondor_secrets
  source: community/modules/scheduler/htcondor-pool-secrets
  use:
  - htcondor_setup

- id: htcondor_cm
  source: community/modules/scheduler/htcondor-central-manager
  use:
  - network1
  - htcondor_secrets
  - htcondor_setup
  settings:
    instance_image:
      project: $(vars.project_id)
      family: $(vars.new_image_family)
  outputs:
  - central_manager_name

High Availability

This module supports high availability modes of the HTCondor Central Manager and of the Access Points via Managed Instance Groups (MIG). Please see htcondor-central-manager and htcondor-access-point for details.

Support

HTCondor is maintained by the Center for High Throughput Computing at the University of Wisconsin-Madison. Support for HTCondor is available via:

License

Copyright 2022 Google LLC

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

 http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Requirements

Name Version
terraform >= 0.13.0
google >= 3.83

Providers

Name Version
google >= 3.83

Modules

Name Source Version
access_point_service_account terraform-google-modules/service-accounts/google ~> 4.2
central_manager_service_account terraform-google-modules/service-accounts/google ~> 4.2
execute_point_service_account terraform-google-modules/service-accounts/google ~> 4.2
health_check_firewall_rule terraform-google-modules/network/google//modules/firewall-rules ~> 6.0
htcondor_bucket terraform-google-modules/cloud-storage/google ~> 4.0

Resources

Name Type
google_compute_subnetwork.htcondor data source

Inputs

Name Description Type Default Required
access_point_roles Project-wide roles for HTCondor Access Point service account list(string) 
[
  "roles/compute.instanceAdmin",
  "roles/monitoring.metricWriter",
  "roles/logging.logWriter",
  "roles/storage.objectViewer"
]
 no
central_manager_roles Project-wide roles for HTCondor Central Manager service account list(string) 
[
  "roles/monitoring.metricWriter",
  "roles/logging.logWriter",
  "roles/storage.objectViewer"
]
 no
deployment_name HPC Toolkit deployment name. HTCondor cloud resource names will include this value. string n/a yes
execute_point_roles Project-wide roles for HTCondor Execute Point service account list(string) 
[
  "roles/monitoring.metricWriter",
  "roles/logging.logWriter",
  "roles/storage.objectViewer"
]
 no
labels Labels to add to resources. List key, value pairs. map(string) n/a yes
project_id Project in which HTCondor pool will be created string n/a yes
region Default region for creating resources string n/a yes
subnetwork_self_link The self link of the subnetwork in which Central Managers will be placed. string n/a yes

Outputs

Name Description
access_point_service_account_email HTCondor Access Point Service Account (e-mail format)
central_manager_service_account_email HTCondor Central Manager Service Account (e-mail format)
execute_point_service_account_email HTCondor Execute Point Service Account (e-mail format)
htcondor_bucket_name Name of the HTCondor configuration bucket