From bcbe81e8730b6af4166cc7bad43996db50f567ee Mon Sep 17 00:00:00 2001 From: Luca Cozzuto Date: Tue, 1 Oct 2024 11:43:38 +0200 Subject: [PATCH] removing --- TODO.md | 6 - terraform/awsbatch/base.tf | 114 ---------- terraform/awsbatch/batch.tf | 183 --------------- terraform/awsbatch/config.sh | 30 --- terraform/awsbatch/ec2init.sh.tpl | 38 ---- terraform/awsbatch/outputs.tf | 23 -- terraform/awsbatch/security.tf | 361 ------------------------------ terraform/awsbatch/version.tf | 3 - 8 files changed, 758 deletions(-) delete mode 100644 TODO.md delete mode 100644 terraform/awsbatch/base.tf delete mode 100644 terraform/awsbatch/batch.tf delete mode 100644 terraform/awsbatch/config.sh delete mode 100644 terraform/awsbatch/ec2init.sh.tpl delete mode 100644 terraform/awsbatch/outputs.tf delete mode 100644 terraform/awsbatch/security.tf delete mode 100644 terraform/awsbatch/version.tf diff --git a/TODO.md b/TODO.md deleted file mode 100644 index 15cb67d..0000000 --- a/TODO.md +++ /dev/null @@ -1,6 +0,0 @@ -# Missing - -- [ ] A good documentation written as readthedocs -- [ ] Replacing Tombo with a faster option -- [ ] Improving the speed of the latest stage of mop_mod -- [ ] Add steps for assembly / quantification diff --git a/terraform/awsbatch/base.tf b/terraform/awsbatch/base.tf deleted file mode 100644 index acdae67..0000000 --- a/terraform/awsbatch/base.tf +++ /dev/null @@ -1,114 +0,0 @@ -// base.tf - -variable "profile" { - type = string - default = "default" -} - -variable "credentials" { - type = string -} - -variable "region" { - type = string -} - -variable "key_name" { - type = string -} - -variable "ami_entrypoint" { - type = string -} - -variable "ec2_password" { - type = string -} - -variable "instance_type" { - type = string - default = "t2.micro" -} - -variable "instance_volume_size" { - type = number - default = 10 -} - -variable "destroy_bucket" { - type = bool - default = true -} - -variable "bucket_acl" { - type = string - default = "private" -} - -variable "instance_count" { - type = number - default = 2 -} - -variable "repourl" { - type = string - default = "https://github.com/biocorecrg/MOP2" -} - -variable "bucket_prefix" { - type = string - default = "class-bucket" -} - - -provider "aws" { - profile = var.profile - shared_credentials_file = var.credentials - region = var.region -} - -// Random resource for naming -resource "random_string" "rand" { - length = 8 - special = false -} - -// You may define an entry point for convenience - -resource "aws_instance" "classroom" { - - ami = var.ami_entrypoint - count = var.instance_count - instance_type = var.instance_type - iam_instance_profile = aws_iam_instance_profile.Multiprofile.name - key_name = var.key_name - security_groups = ["allow_ssh-${random_string.rand.result}", "allow_http-${random_string.rand.result}", "allow_shiny-${random_string.rand.result}"] - user_data = templatefile("ec2init.sh.tpl", { region = var.region, ec2_password = var.ec2_password, bucket_acl = var.bucket_acl, bucket_prefix = var.bucket_prefix, repourl = var.repourl, rand = random_string.rand.result, count = count.index + 1 }) - root_block_device { - volume_size = var.instance_volume_size - } - - // We add additional sleep time for allowing creation and proper set up of image - provisioner "local-exec" { - command = "sleep 5" - } - - // Let's wait all buckets to be created first. It could be even tried one by one - depends_on = [aws_s3_bucket.class-bucket, aws_iam_instance_profile.Multiprofile] - - tags = { - name = "classroom-${count.index + 1}" - } - -} - -resource "aws_s3_bucket" "class-bucket" { - count = var.instance_count - bucket = format("%s-%s", var.bucket_prefix, count.index + 1) - acl = var.bucket_acl - force_destroy = var.destroy_bucket - - tags = { - name = format("%s-%s", var.bucket_prefix, count.index + 1) - } -} diff --git a/terraform/awsbatch/batch.tf b/terraform/awsbatch/batch.tf deleted file mode 100644 index 9f74cae..0000000 --- a/terraform/awsbatch/batch.tf +++ /dev/null @@ -1,183 +0,0 @@ -//batch.tf - -variable "ami_batch" { - type = string -} - -variable "ami_batch_gpu" { - type = string -} - -variable "bid_percentage" { - type = number - default = 50 -} - -variable "bid_percentage_gpu" { - type = number - default = 50 -} - -variable "max_vcpus" { - type = number - default = 16 -} - -variable "min_vcpus" { - type = number - default = 0 -} - -variable "desired_vcpus" { - type = number - default = 0 -} - -variable "instance_batch" { - type = list(string) - default = ["optimal"] -} - -variable "instance_batch_gpu" { - type = list(string) - default = ["p3"] -} - - -variable "compute_environment_name" { - type = string - default = "nf-compute-spot" -} - -variable "compute_environment_type" { - type = string - default = "SPOT" -} - -variable "compute_environment_name_gpu" { - type = string - default = "nf-compute-spot-gpu" -} - -variable "compute_environment_type_gpu" { - type = string - default = "SPOT" -} - - -variable "subnets" { - type = list(string) - default = ["subnet-8a280df7", "subnet-c54d6588", "subnet-b85ab5d2"] -} - -variable "queue_name" { - type = string - default = "spot" -} - -variable "queue_name_gpu" { - type = string - default = "spot-gpu" -} - - -resource "aws_batch_compute_environment" "nf-compute-spot" { - - compute_environment_name = format("%s-%s", var.compute_environment_name, random_string.rand.result) - - compute_resources { - instance_role = aws_iam_instance_profile.ComputeInstanceProfile.arn - - image_id = var.ami_batch - - max_vcpus = var.max_vcpus - min_vcpus = var.min_vcpus - desired_vcpus = var.desired_vcpus - - instance_type = var.instance_batch - - subnets = var.subnets - - type = var.compute_environment_type - - spot_iam_fleet_role = (var.compute_environment_type == "SPOT" ? aws_iam_role.ClusterFleetRole.arn : null) - - bid_percentage = (var.compute_environment_type == "SPOT" ? var.bid_percentage : null) - - security_group_ids = [aws_security_group.allow_all.id] - - } - - service_role = aws_iam_role.ClusterRole.arn - type = "MANAGED" - depends_on = [aws_iam_policy_attachment.AWSBatchServiceRole-policy-attachment] - - tags = { - name = "nf-cluster" - } -} - -resource "aws_batch_compute_environment" "nf-compute-spot-gpu" { - - compute_environment_name = format("%s-%s", var.compute_environment_name_gpu, random_string.rand.result) - - compute_resources { - instance_role = aws_iam_instance_profile.ComputeInstanceProfile.arn - - image_id = var.ami_batch_gpu - - max_vcpus = var.max_vcpus - min_vcpus = var.min_vcpus - desired_vcpus = var.desired_vcpus - - instance_type = var.instance_batch_gpu - - subnets = var.subnets - - type = var.compute_environment_type_gpu - - spot_iam_fleet_role = (var.compute_environment_type_gpu == "SPOT" ? aws_iam_role.ClusterFleetRole.arn : null) - - bid_percentage = (var.compute_environment_type_gpu == "SPOT" ? var.bid_percentage_gpu : null) - - - security_group_ids = [aws_security_group.allow_all.id] - - } - - service_role = aws_iam_role.ClusterRole.arn - type = "MANAGED" - depends_on = [aws_iam_policy_attachment.AWSBatchServiceRole-policy-attachment] - - tags = { - name = "nf-cluster-gpu" - } -} - -resource "aws_batch_job_queue" "spot" { - - name = var.queue_name - state = "ENABLED" - priority = 1 - compute_environments = [aws_batch_compute_environment.nf-compute-spot.arn] - - depends_on = [aws_batch_compute_environment.nf-compute-spot] - - tags = { - name = "nf-queue" - } -} - -resource "aws_batch_job_queue" "spot-gpu" { - - name = var.queue_name_gpu - state = "ENABLED" - priority = 1 - compute_environments = [aws_batch_compute_environment.nf-compute-spot-gpu.arn] - - depends_on = [aws_batch_compute_environment.nf-compute-spot-gpu] - tags = { - name = "nf-queue-gpu" - } -} - diff --git a/terraform/awsbatch/config.sh b/terraform/awsbatch/config.sh deleted file mode 100644 index 40d1bd2..0000000 --- a/terraform/awsbatch/config.sh +++ /dev/null @@ -1,30 +0,0 @@ -export TF_VAR_key_name=key-nf -# Modify instance type to fit more needs if desired: https://aws.amazon.com/ec2/instance-types/t2/ -export TF_VAR_instance_type=t2.small -# Image used for entrypoint -export TF_VAR_ami_entrypoint=ami-0cf1f74891140b374 -# Image used for setting in the cluster -export TF_VAR_ami_batch=ami-06b8c6e4fe388181d -export TF_VAR_ami_batch_gpu=ami-06b8c6e4fe388181d -# Region -export TF_VAR_region=eu-central-1 -export TF_VAR_profile=default -# If lower bid percentage, it will take longer to run in AWS Batch, but it will be cheaper -export TF_VAR_bid_percentage=90 -export TF_VAR_credentials=/home/myuser/.aws/credentials -export TF_VAR_ec2_password=sshpassword -export TF_VAR_instance_count=1 -export TF_VAR_instance_volume_size=45 -export TF_VAR_bucket_acl=public-read -export TF_VAR_bucket_prefix=mop2-bucket -export TF_VAR_compute_environment_name=nf-compute -export TF_VAR_compute_environment_name_gpu=nf-compute-gpu -export TF_VAR_queue_name=mop -export TF_VAR_queue_name_gpu=mop-gpu -export TF_VAR_compute_environment_type=SPOT -export TF_VAR_compute_environment_type_gpu=EC2 -export TF_VAR_instance_batch='["optimal"]' -export TF_VAR_instance_batch_gpu='["p3"]' -export TF_VAR_subnets='["subnet-8a280df7", "subnet-c54d6588", "subnet-b85ab5d2"]' -export TF_VAR_repourl=https://github.com/biocorecrg/MOP2 -export AWS_ACCOUNT_ID=$(aws sts get-caller-identity|jq .Account|tr -d \") diff --git a/terraform/awsbatch/ec2init.sh.tpl b/terraform/awsbatch/ec2init.sh.tpl deleted file mode 100644 index d848558..0000000 --- a/terraform/awsbatch/ec2init.sh.tpl +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -# Let's update first -sudo yum update -y - -sudo mkdir -p /mnt/${bucket_prefix}-${count} - -sudo s3fs -o iam_role="Multiaccess-${rand}" -o url="https://s3-${region}.amazonaws.com/" -o endpoint=${region} -o dbglevel=info -o umask=0022 -o uid=1000 -o gid=1000 -o curldbg -o allow_other -o default_acl=${bucket_acl} -o use_cache=/tmp ${bucket_prefix}-${count} /mnt/${bucket_prefix}-${count} - -sudo sed -i '/^PasswordAuthentication/c\PasswordAuthentication yes' /etc/ssh/sshd_config - -sudo echo "ec2-user:${ec2_password}"|chpasswd - -sudo systemctl restart sshd - -mkdir -p /home/ec2-user/git - -# Git of MoP2 - -cd /home/ec2-user/git; git clone --recurse-submodules ${repourl} - -sudo chown -R ec2-user:ec2-user /home/ec2-user/git - -# This is for Singularity - -sudo yum install -y debootstrap - -# Let's record .bash_history for activity tracking - -cat <> /home/ec2-user/.bashrc -HISTFILESIZE=400000000 -HISTSIZE=10000 -PROMPT_COMMAND="history -a" -shopt -s histappend -EOF - -# We clean above history -rm /home/ec2-user/.bash_history; touch /home/ec2-user/.bash_history; chown ec2-user:ec2-user /home/ec2-user/.bash_history; diff --git a/terraform/awsbatch/outputs.tf b/terraform/awsbatch/outputs.tf deleted file mode 100644 index e14b4a8..0000000 --- a/terraform/awsbatch/outputs.tf +++ /dev/null @@ -1,23 +0,0 @@ -output "public_dns" { - value = aws_instance.classroom.*.public_dns -} - -output "instance_id" { - value = aws_instance.classroom.*.id -} - -output "bucket_name" { - value = aws_s3_bucket.class-bucket.*.bucket -} - -output "queue" { - value = aws_batch_job_queue.spot.name -} - -output "queue_gpu" { - value = aws_batch_job_queue.spot-gpu.name -} - -output "rand_string" { - value = random_string.rand.result -} diff --git a/terraform/awsbatch/security.tf b/terraform/awsbatch/security.tf deleted file mode 100644 index 1f2ad68..0000000 --- a/terraform/awsbatch/security.tf +++ /dev/null @@ -1,361 +0,0 @@ -//security.tf - -resource "aws_security_group" "allow_ssh" { - - name = "allow_ssh-${random_string.rand.result}" - description = "default ssh (22) access with Terraform" - ingress { - cidr_blocks = [ - "0.0.0.0/0" - ] - from_port = 22 - to_port = 22 - protocol = "tcp" - } - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } -} - -resource "aws_security_group" "allow_http" { - - name = "allow_http-${random_string.rand.result}" - description = "default HTTP (80) access with Terraform" - ingress { - cidr_blocks = [ - "0.0.0.0/0" - ] - from_port = 80 - to_port = 80 - protocol = "tcp" - } - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } -} - -resource "aws_security_group" "allow_shiny" { - - name = "allow_shiny-${random_string.rand.result}" - description = "default shiny (3838) access with Terraform" - ingress { - cidr_blocks = [ - "0.0.0.0/0" - ] - from_port = 3838 - to_port = 3838 - protocol = "tcp" - } - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } -} - -resource "aws_security_group" "allow_all" { - - name = "allow_all-${random_string.rand.result}" - description = "default VPC security group with Terraform" - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } -} - -// Role for the cluster -resource "aws_iam_role" "ClusterRole" { - name = "ClusterRole-${random_string.rand.result}" - assume_role_policy = jsonencode({ - "Version" : "2012-10-17", - "Statement" : [ - { - "Effect" : "Allow", - "Principal" : { - "Service" : "batch.amazonaws.com" - }, - "Action" : "sts:AssumeRole" - }, - { - "Effect" : "Allow", - "Principal" : { - "Service" : "ec2.amazonaws.com" - }, - "Action" : "sts:AssumeRole" - } - ] - }) - -} - -// Role for the cluster nodes -resource "aws_iam_role" "ComputeInstanceRole" { - name = "ComputeInstanceRole-${random_string.rand.result}" - assume_role_policy = jsonencode({ - "Version" : "2012-10-17", - "Statement" : [ - { - "Effect" : "Allow", - "Principal" : { - "Service" : "ec2.amazonaws.com" - }, - "Action" : "sts:AssumeRole" - } - ] - }) - -} - -// Additional role for fleeting cluster nodes -resource "aws_iam_role" "ClusterFleetRole" { - name = "ClusterFleetRole-${random_string.rand.result}" - assume_role_policy = jsonencode({ - "Version" : "2012-10-17", - "Statement" : [ - { - "Sid" : "", - "Effect" : "Allow", - "Principal" : { - "Service" : "spotfleet.amazonaws.com" - }, - "Action" : "sts:AssumeRole" - }, - { - "Effect" : "Allow", - "Principal" : { - "Service" : "ec2.amazonaws.com" - }, - "Action" : "sts:AssumeRole" - } - ] - }) - -} - -// Role for the entrypoint -resource "aws_iam_role" "Multiaccess" { - name = "Multiaccess-${random_string.rand.result}" - assume_role_policy = jsonencode({ - "Version" : "2012-10-17", - "Statement" : [ - { - "Effect" : "Allow", - "Principal" : { - "Service" : "batch.amazonaws.com" - }, - "Action" : "sts:AssumeRole" - }, - { - "Effect" : "Allow", - "Principal" : { - "Service" : "ec2.amazonaws.com" - }, - "Action" : "sts:AssumeRole" - } - ] - }) - -} - -resource "aws_iam_instance_profile" "ComputeInstanceProfile" { - name = "ComputeInstanceProfile-${random_string.rand.result}" - role = aws_iam_role.ComputeInstanceRole.name -} - -resource "aws_iam_instance_profile" "Multiprofile" { - name = "Multiprofile-${random_string.rand.result}" - role = aws_iam_role.Multiaccess.name -} - -resource "aws_iam_policy_attachment" "AWSBatchServiceRole-policy-attachment" { - - name = "AWSBatchServiceRole-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole" - groups = [] - users = [] - roles = [aws_iam_role.ClusterRole.name, aws_iam_role.Multiaccess.name] - -} - -resource "aws_iam_policy_attachment" "AWSTransferLoggingAccess-policy-attachment" { - - name = "AWSTransferLoggingAccess-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess" - groups = [] - users = [] - roles = [aws_iam_role.ClusterRole.name] - -} - -resource "aws_iam_policy_attachment" "AmazonEC2ContainerServiceAutoscaleRole-policy-attachment" { - - name = "AmazonEC2ContainerServiceAutoscaleRole-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole" - groups = [] - users = [] - roles = [aws_iam_role.ClusterRole.name] - -} - -resource "aws_iam_policy_attachment" "CloudWatchLogsFullAccess-policy-attachment" { - - name = "CloudWatchLogsFullAccess-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess" - groups = [] - users = [] - roles = [aws_iam_role.ClusterRole.name, aws_iam_role.Multiaccess.name] - -} - -resource "aws_iam_policy_attachment" "AmazonEC2ContainerServiceforEC2Role-policy-attachment" { - - name = "AmazonEC2ContainerServiceforEC2Role-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" - groups = [] - users = [] - roles = [aws_iam_role.ClusterRole.name, aws_iam_role.ComputeInstanceRole.name] - -} - -resource "aws_iam_policy_attachment" "AmazonEC2ContainerServiceRole-policy-attachment" { - - name = "AmazonEC2ContainerServiceRole-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole" - groups = [] - users = [] - roles = [aws_iam_role.ClusterRole.name] - -} - -resource "aws_iam_policy_attachment" "AmazonEC2ContainerRegistryFullAccess-policy-attachment" { - - name = "AmazonEC2ContainerRegistryFullAccess-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess" - groups = [] - users = [] - roles = [aws_iam_role.ClusterRole.name] - -} - -resource "aws_iam_policy_attachment" "AmazonECS_FullAccess-policy-attachment" { - - name = "AmazonECS_FullAccess-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/AmazonECS_FullAccess" - groups = [] - users = [] - roles = [aws_iam_role.ClusterRole.name] - -} - - -resource "aws_iam_policy_attachment" "AmazonEC2FullAccess-policy-attachment" { - - name = "AmazonEC2FullAccess-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/AmazonEC2FullAccess" - groups = [] - users = [] - roles = [aws_iam_role.Multiaccess.name] - -} - -resource "aws_iam_policy_attachment" "AWSBatchServiceEventTargetRole-policy-attachment" { - - name = "AWSBatchServiceEventTargetRole-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceEventTargetRole" - groups = [] - users = [] - roles = [aws_iam_role.Multiaccess.name] - -} - -resource "aws_iam_policy_attachment" "AmazonS3FullAccess-policy-attachment" { - - name = "AmazonS3FullAccess-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess" - groups = [] - users = [] - roles = [aws_iam_role.ClusterRole.name, aws_iam_role.Multiaccess.name, aws_iam_role.ComputeInstanceRole.name] - -} - -resource "aws_iam_policy_attachment" "CloudWatchFullAccess-policy-attachment" { - - name = "CloudWatchFullAccess-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/CloudWatchFullAccess" - groups = [] - users = [] - roles = [aws_iam_role.Multiaccess.name] - -} - -resource "aws_iam_policy_attachment" "AmazonSSMManagedInstanceCore-policy-attachment" { - - name = "AmazonSSMManagedInstanceCore-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" - groups = [] - users = [] - roles = [aws_iam_role.Multiaccess.name] - -} - -resource "aws_iam_policy_attachment" "AWSBatchFullAccess-policy-attachment" { - - name = "AWSBatchFullAccess-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/AWSBatchFullAccess" - groups = [] - users = [] - roles = [aws_iam_role.Multiaccess.name] - -} - -resource "aws_iam_policy_attachment" "CloudWatchEventsFullAccess-policy-attachment" { - - name = "CloudWatchEventsFullAccess-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess" - groups = [] - users = [] - roles = [aws_iam_role.Multiaccess.name] - -} - -resource "aws_iam_policy_attachment" "AmazonEC2SpotFleetTaggingRole-policy-attachment" { - - name = "AmazonEC2SpotFleetTaggingRole-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole" - groups = [] - users = [] - roles = [aws_iam_role.ClusterFleetRole.name] - -} - -resource "aws_iam_policy_attachment" "AmazonEC2SpotFleetAutoscaleRole-policy-attachment" { - - name = "AmazonEC2SpotFleetAutoscaleRole-policy-attachment-${random_string.rand.result}" - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole" - groups = [] - users = [] - roles = [aws_iam_role.ClusterFleetRole.name] - -} - - - -// THIS MAY BE NEEDED. Spot service_linked_role -// resource "aws_iam_service_linked_role" "spot_service_linked_role" { -// aws_service_name = "spot.amazonaws.com" -// } diff --git a/terraform/awsbatch/version.tf b/terraform/awsbatch/version.tf deleted file mode 100644 index c2ab80a..0000000 --- a/terraform/awsbatch/version.tf +++ /dev/null @@ -1,3 +0,0 @@ -terraform { - required_version = ">=0.14" -}