Skip to content

Latest commit

 

History

History
172 lines (137 loc) · 8.46 KB

README.md

File metadata and controls

172 lines (137 loc) · 8.46 KB
Raw

Description

This module is responsible for the following actions:

  • store an HTCondor Pool password in Google Cloud Secret Manager
    • will generate a new password if one is not supplied
  • create a secret in Google Cloud Secret Manager in which the HTCondor central manager can place IDTOKENs (JWT Authorizations) for execute points to download
  • create a Toolkit runner for the central manager
    • download the POOL password / signing key
    • create a local IDTOKEN for itself
    • upload the execute point IDTOKEN secret
  • create a Toolkit runner for access points
    • download the POOL password / signing key
    • create a local IDTOKEN for itself
  • create a Toolkit runner for execute points
    • Fetch the IDTOKEN secret generated by the central manager

It is expected to be used with the htcondor-install and htcondor-execute-point modules.

Example

The following code snippet uses this module to create a startup script that installs HTCondor software and configures an HTCondor Central Manager. A full example can be found in the examples README.

- id: network1
  source: modules/network/pre-existing-vpc

- id: htcondor_install
  source: community/modules/scripts/htcondor-install

- id: htcondor_setup
  source: community/modules/scheduler/htcondor-setup
  use:
  - network1

- id: htcondor_secrets
  source: community/modules/scheduler/htcondor-pool-secrets
  use:
  - htcondor_setup 

  - id: htcondor_startup_central_manager
    source: modules/scripts/startup-script
    settings:
      runners:
      - $(htcondor_install.install_htcondor_runner)
      - $(htcondor_secrets.central_manager_runner)
      - $(htcondor_setup.central_manager_runner)

- id: htcondor_cm
  source: modules/compute/vm-instance
  use:
  - network1
  - htcondor_startup_central_manager
  settings:
    name_prefix: cm0
    machine_type: c2-standard-4
    disable_public_ips: true
    service_account:
      email: $(htcondor_setup.central_manager_service_account)
      scopes:
      - cloud-platform
    network_interfaces:
    - network: null
      subnetwork: $(network1.subnetwork_self_link)
      subnetwork_project: $(vars.project_id)
      network_ip: $(htcondor_setup.central_manager_internal_ip)
      stack_type: null
      access_config: []
      ipv6_access_config: []
      alias_ip_range: []
      nic_type: VIRTIO_NET
      queue_count: null
  outputs:
  - internal_ip

Support

HTCondor is maintained by the Center for High Throughput Computing at the University of Wisconsin-Madison. Support for HTCondor is available via:

License

Copyright 2023 Google LLC

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

 http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Requirements

Name Version
terraform >= 1.3.0
google >= 4.84
random >= 3.0

Providers

Name Version
google >= 4.84
random >= 3.0

Modules

No modules.

Resources

Name Type
google_secret_manager_secret.execute_point_idtoken resource
google_secret_manager_secret.pool_password resource
google_secret_manager_secret_iam_member.access_point resource
google_secret_manager_secret_iam_member.central_manager_idtoken resource
google_secret_manager_secret_iam_member.central_manager_password resource
google_secret_manager_secret_iam_member.execute_point resource
google_secret_manager_secret_version.pool_password resource
random_password.pool resource

Inputs

Name Description Type Default Required
access_point_service_account_email HTCondor access point service account e-mail string n/a yes
central_manager_service_account_email HTCondor access point service account e-mail string n/a yes
deployment_name Cluster Toolkit deployment name. HTCondor cloud resource names will include this value. string n/a yes
execute_point_service_account_email HTCondor access point service account e-mail string n/a yes
labels Labels to add to resources. List key, value pairs. map(string) n/a yes
pool_password HTCondor Pool Password string null no
project_id Project in which HTCondor pool will be created string n/a yes
trust_domain Trust domain for HTCondor pool (if not supplied, will be set based on project_id) string "" no
user_managed_replication Replication parameters that will be used for defined secrets 
list(object({
    location     = string
    kms_key_name = optional(string)
  }))
 [] no

Outputs

Name Description
access_point_runner Toolkit Runner to download pool secrets to an HTCondor access point
central_manager_runner Toolkit Runner to download pool secrets to an HTCondor central manager
execute_point_runner Toolkit Runner to download pool secrets to an HTCondor execute point
pool_password_secret_id Google Cloud Secret Manager ID containing HTCondor Pool Password
windows_startup_ps1 PowerShell script to download pool secrets to an HTCondor execute point