forked from GoogleCloudPlatform/cluster-toolkit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
194 lines (175 loc) · 6.66 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "project_id" {
description = "Project in which the HPC deployment will be created"
type = string
}
variable "deployment_name" {
description = "Name of the HPC deployment, used to name GCS bucket for startup scripts."
type = string
}
variable "region" {
description = "The region to deploy to"
type = string
}
variable "gcs_bucket_path" {
description = "The GCS path for storage bucket and the object, starting with `gs://`."
type = string
default = null
}
variable "bucket_viewers" {
description = "Additional service accounts or groups, users, and domains to which to grant read-only access to startup-script bucket (leave unset if using default Compute Engine service account)"
type = list(string)
default = []
validation {
condition = alltrue([
for u in var.bucket_viewers : length(regexall("^(allUsers$|allAuthenticatedUsers$|user:|group:|serviceAccount:|domain:)", u)) > 0
])
error_message = "Bucket viewer members must begin with user/group/serviceAccount/domain following https://cloud.google.com/iam/docs/reference/rest/v1/Policy#Binding"
}
}
variable "debug_file" {
description = "Path to an optional local to be written with 'startup_script'."
type = string
default = null
}
variable "labels" {
description = "Labels for the created GCS bucket. Key-value pairs."
type = map(string)
}
variable "runners" {
description = <<EOT
List of runners to run on remote VM.
Runners can be of type ansible-local, shell or data.
A runner must specify one of 'source' or 'content'.
All runners must specify 'destination'. If 'destination' does not include a
path, it will be copied in a temporary folder and deleted after running.
Runners may also pass 'args', which will be passed as argument to shell runners only.
EOT
type = list(map(string))
validation {
condition = alltrue([
for r in var.runners : contains(keys(r), "type")
])
error_message = "All runners must declare a type."
}
validation {
condition = alltrue([
for r in var.runners : contains(keys(r), "destination")
])
error_message = "All runners must declare a destination name (even without a path)."
}
validation {
condition = length(distinct([for r in var.runners : r["destination"]])) == length(var.runners)
error_message = "All startup-script runners must have a unique destination."
}
validation {
condition = alltrue([
for r in var.runners : r["type"] == "ansible-local" || r["type"] == "shell" || r["type"] == "data"
])
error_message = "The 'type' must be 'ansible-local', 'shell' or 'data'."
}
# this validation tests that exactly 1 or other of source/content have been
# set to anything (including null)
validation {
condition = alltrue([
for r in var.runners :
can(r["content"]) != can(r["source"])
])
error_message = "A runner must specify either 'content' or 'source', but never both."
}
# this validation tests that at least 1 of source/content are non-null
# can fail either by not having been set all or by being set to null
validation {
condition = alltrue([
for r in var.runners :
lookup(r, "content", lookup(r, "source", null)) != null
])
error_message = "A runner must specify a non-null 'content' or 'source'."
}
default = []
}
variable "enable_docker_world_writable" {
description = "Configure Docker daemon to be writable by all users (if var.install_docker is set to true)."
type = bool
default = false
nullable = false
}
variable "install_docker" {
description = "Install Docker command line tool and daemon."
type = bool
default = false
nullable = false
}
variable "install_cloud_ops_agent" {
description = "Warning: Consider using `install_stackdriver_agent` for better performance. Run Google Ops Agent installation script if set to true."
type = bool
default = false
}
variable "install_stackdriver_agent" {
description = "Run Google Stackdriver Agent installation script if set to true. Preferred over ops agent for performance."
type = bool
default = false
}
variable "install_ansible" {
description = "Run Ansible installation script if either set to true or unset and runner of type 'ansible-local' are used."
type = bool
default = null
}
variable "configure_ssh_host_patterns" {
description = <<EOT
If specified, it will automate ssh configuration by:
- Defining a Host block for every element of this variable and setting StrictHostKeyChecking to 'No'.
Ex: "hpc*", "hpc01*", "ml*"
- The first time users log-in, it will create ssh keys that are added to the authorized keys list
This requires a shared /home filesystem and relies on specifying the right prefix.
EOT
type = list(string)
default = []
}
# tflint-ignore: terraform_unused_declarations
variable "prepend_ansible_installer" {
description = <<EOT
DEPRECATED. Use `install_ansible=false` to prevent ansible installation.
EOT
type = bool
default = null
validation {
condition = var.prepend_ansible_installer == null
error_message = "The variable prepend_ansible_installer has been removed. Use install_ansible instead"
}
}
variable "ansible_virtualenv_path" {
description = "Virtual environment path in which to install Ansible"
type = string
default = "/usr/local/ghpc-venv"
validation {
condition = can(regex("^(/[\\w-]+)+$", var.ansible_virtualenv_path))
error_message = "var.ansible_virtualenv_path must be an absolute path to a directory without spaces or special characters"
}
}
variable "http_proxy" {
description = "Web (http and https) proxy configuration for pip, apt, and yum/dnf and interactive shells"
type = string
default = ""
nullable = false
}
variable "http_no_proxy" {
description = "Domains for which to disable http_proxy behavior. Honored only if var.http_proxy is set"
type = string
default = ".google.com,.googleapis.com,metadata.google.internal,localhost,127.0.0.1"
nullable = false
}