Azure · xpillons · Feb 20, 2024 · Feb 16, 2024 · Feb 16, 2024 · Feb 19, 2024
diff --git a/bicep/azhop.bicep b/bicep/azhop.bicep
@@ -39,14 +39,16 @@ var resourcePostfix = '${uniqueString(subscription().subscriptionId, azhopResour
 var enablePublicIP = contains(azhopConfig, 'locked_down_network') ? azhopConfig.locked_down_network.public_ip : true
 var jumpboxSshPort = deployJumpbox ? (contains(azhopConfig.jumpbox, 'ssh_port') ? azhopConfig.jumpbox.ssh_port : 22) : 22
 var deployerSshPort = deployDeployer ? (contains(azhopConfig.deployer, 'ssh_port') ? azhopConfig.deployer.ssh_port : 22) : 22
-var incomingSSHPort = deployDeployer ? deployerSshPort : jumpboxSshPort
+var ccportalSshPort = cycleCloudAsDeployer ? (contains(azhopConfig.cyclecloud, 'ssh_port') ? azhopConfig.cyclecloud.ssh_port : 22) : 22
+var incomingSSHPort = deployDeployer ? deployerSshPort : (cycleCloudAsDeployer ?  ccportalSshPort : jumpboxSshPort )
 
 
 var deployLustre = contains(azhopConfig, 'lustre') && contains(azhopConfig.lustre, 'create') ? azhopConfig.lustre.create : false
 var deployJumpbox = contains(azhopConfig, 'jumpbox') ? true : false
 var deployDeployer = contains(azhopConfig, 'deployer') ? true : false
 var deployGrafana = contains(azhopConfig, 'monitoring') && contains(azhopConfig.monitoring, 'grafana') ? azhopConfig.monitoring.grafana : true
 var deployOnDemand = contains(azhopConfig, 'ondemand') ? true : false
+var cycleCloudAsDeployer = contains(azhopConfig, 'cyclecloud') && contains(azhopConfig.cyclecloud, 'use_as_deployer') ? azhopConfig.cyclecloud.use_as_deployer : false
 
 var useExistingAD = contains(azhopConfig, 'domain') ? azhopConfig.domain.use_existing_dc : false
 var userAuth = contains(azhopConfig, 'authentication') && contains(azhopConfig.authentication, 'user_auth') ? azhopConfig.authentication.user_auth : 'ad'
@@ -317,6 +319,8 @@ var config = {
         osdisksku: 'StandardSSD_LRS'
         image: 'cyclecloud_base'
         pip: enablePublicIP && !deployOnDemand
+        sshPort: cycleCloudAsDeployer ? incomingSSHPort : 22
+        deploy_script: cycleCloudAsDeployer ? replace(replace(loadTextContent('install.sh'), '__INSERT_AZHOP_BRANCH__', branchName), '__SSH_PORT__', string(incomingSSHPort)) : ''
         datadisks: [
           {
             name: '${vmNamesMap.ccportal}-datadisk0'
@@ -327,12 +331,16 @@ var config = {
           }
         ]
         identity: {
+          keyvault: cycleCloudAsDeployer ? {
+            secret_permissions: [ 'All' ]
+          } : {}
           roles: [
             'Contributor'
           ]
         }
         asgs: union(
           [ 'asg-ssh', 'asg-cyclecloud' ],
+          cycleCloudAsDeployer ? [ 'asg-jumpbox', 'asg-deployer' ] : [],
           (userAuth == 'ad') ? ['asg-ad-client'] : [],
           deployGrafana ? ['asg-telegraf'] : []
         )
@@ -432,17 +440,17 @@ var config = {
   )
 
   asg_names: union([ 'asg-ssh', 'asg-jumpbox', 'asg-sched', 'asg-cyclecloud', 'asg-cyclecloud-client', 'asg-nfs-client' ],
-    deployLustre        ? [ 'asg-lustre-client' ] : [],
-    deployGrafana       ? [ 'asg-grafana', 'asg-telegraf' ] : [],
-    (userAuth == 'ad')  ? ['asg-rdp', 'asg-ad', 'asg-ad-client'] : [],
-    deployOnDemand      ? ['asg-ondemand']: [],
-    createDatabase      ? ['asg-mariadb-client']: [],
-    deployDeployer      ? ['asg-deployer']: []
+    deployLustre                           ? [ 'asg-lustre-client' ] : [],
+    deployGrafana                          ? [ 'asg-grafana', 'asg-telegraf' ] : [],
+    (userAuth == 'ad')                     ? ['asg-rdp', 'asg-ad', 'asg-ad-client'] : [],
+    deployOnDemand                         ? ['asg-ondemand']: [],
+    createDatabase                         ? ['asg-mariadb-client']: [],
+    deployDeployer || cycleCloudAsDeployer ? ['asg-deployer']: []
   )
 
   service_ports: {
     All: ['0-65535']
-    Bastion: (incomingSSHPort == 22) ? ['22, 3389'] : ['22', string(incomingSSHPort), '3389']
+    Bastion: (incomingSSHPort == 22) ? ['22', '3389'] : ['22', string(incomingSSHPort), '3389']
     Web: ['443', '80']
     Ssh: ['22']
     HubSsh: [string(incomingSSHPort)]
@@ -1052,13 +1060,14 @@ output azhopInventory object = {
           ansible_ssh_port: incomingSSHPort
           ansible_ssh_common_args: ''
         }
-      } : {
+      } : {},
+      deployDeployer ? {
         deployer : {
           ansible_host: azhopVm[indexOf(map(vmItems, item => item.key), 'deployer')].outputs.privateIp
           ansible_ssh_port: incomingSSHPort
           ansible_ssh_common_args: ''
         }
-      },
+      } : {},
       config.deploy_grafana ? {
         grafana: {
           ansible_host: azhopVm[indexOf(map(vmItems, item => item.key), 'grafana')].outputs.privateIp

diff --git a/bicep/install.sh b/bicep/install.sh
@@ -1,6 +1,13 @@
 #!/bin/bash
 set -eo pipefail
 
+read_os()
+{
+    os_release=$(cat /etc/os-release | grep "^ID\=" | cut -d'=' -f 2 | xargs)
+    os_maj_ver=$(cat /etc/os-release | grep "^VERSION_ID\=" | cut -d'=' -f 2 | xargs)
+    full_version=$(cat /etc/os-release | grep "^VERSION\=" | cut -d'=' -f 2 | xargs)
+}
+
 retry_command() {
     local cmd=$1
     local retries=${2:-5}
@@ -26,18 +33,32 @@ retry_command() {
     set -eo pipefail
     return 1
 }
+read_os
 
-echo "* apt updating"
-retry_command "apt update"
+# echo "* apt updating"
+# retry_command "apt update"
 
 echo "* Update SSH port"
 sed -i 's/^#Port 22/Port __SSH_PORT__/' /etc/ssh/sshd_config
 systemctl restart sshd
 
-echo "* Installing git"
-retry_command "apt install -y git"
+case $os_release in
+    centos|rhel|almalinux)
+        echo "* Installing git"
+        retry_command "yum install -y git"
+        ;;
+    ubuntu)
+        echo "* Installing git"
+        retry_command "apt install -y git"
+        ;;
+    *)
+        echo "Unsupported OS"
+        ;;
+esac
+
 
 echo "* Cloning az-hop repo"
+cd /opt
 if [ -e az-hop ]; then
     rm -rf az-hop
 fi
@@ -111,16 +132,6 @@ sed -i "s/__ADMIN_PASSWORD__/$(sed 's/[&/\]/\\&/g' <<< $admin_pass)/g" $azhop_ro
 
 jq .azhopPackerOptions.value azhopOutputs.json > $azhop_root/packer/options.json
 
-# We probably don't want to build custom images as part of the cloud-init step
-# if [ "$(jq -r .azhopConfig.value.features.sig azhopOutputs.json)" == "true" ]; then
-#     echo "* Building images"
-#     cd $azhop_root/packer
-#     ./build_image.sh -i azhop-compute-centos-7.9.json
-#     ./build_image.sh -i azhop-desktop-centos-7.9.json
-# fi
-
-
-
 echo "* Generating passwords"
 cd $azhop_root
 ./create_passwords.sh

diff --git a/config.schema.json b/config.schema.json
@@ -607,6 +607,15 @@
                 "plan": {
                     "description": "Image plan specification (when needed for the image). Terms must be accepted prior to deployment",
                     "type": "string"
+                },
+                "ssh_port": {
+                    "description": "Defaults to 22. Change this to, e.g., 2222, if security policies (like 'zero trust') in your tenant automatically block access to port 22 from the internet",
+                    "type": "integer"
+                },
+                "use_as_deployer": {
+                    "description": "If set to true, will use the CycleCloud VM as the deployer VM",
+                    "type": "boolean",
+                    "default": false
                 }
             },
             "required": [

diff --git a/config.tpl.yml b/config.tpl.yml
@@ -259,6 +259,9 @@ cyclecloud:
   # Optional: use Ubuntu for the CycleCloud VM (default: linux_base_image)
   # image: "canonical:0001-com-ubuntu-server-focal:20_04-lts-gen2:latest"
   # plan: publisher:product:name
+  # Change this to, e.g., 2222, if security policies (like "zero trust") in your tenant automatically block access to port 22 from the internet
+  # ssh_port: 2222
+  # use_as_deployer: true # default to false - to be used when deploying without a deployer VM
 
 # Lustre cluster is optional and can be used to create a Lustre cluster in the environment.
 lustre:

diff --git a/marketplace/solution/cc-slurm-workspace/marketplace_config.yml b/marketplace/solution/cc-slurm-workspace/marketplace_config.yml
@@ -93,16 +93,15 @@ linux_base_image: almalinux:almalinux-x86_64:8_7-gen2:latest # publisher:offer:s
 bastion:
   create: "[steps('network').bastion]"
 
-deployer:
-  vm_size: Standard_B2ms
-  ssh_port: "[int(steps('otherSettings').deployerSshPort)]"
 scheduler:
   vm_size: "[steps('scheduler').vmsize]"
 cyclecloud:
   vm_size: "[basics('CycleCloudVmSize')]"
   image: azurecyclecloud:azure-cyclecloud:cyclecloud8-gen2:8.4.220231009
   # az vm image terms accept --publisher azurecyclecloud --offer azure-cyclecloud --plan cyclecloud8-gen2
   plan: azurecyclecloud:azure-cyclecloud:cyclecloud8-gen2
+  ssh_port: "[int(steps('otherSettings').deployerSshPort)]"
+  use_as_deployer: true
 
 users:
   - { name: hpcuser, uid: 10001 }
@@ -145,7 +144,7 @@ autoscale:
 queues:
   - name: htc
     vm_size: "[steps('Partitions').HTCSection.vmsize]"
-    max_count: "[steps('Partitions').HTCSection.NodeNumber)]"
+    max_count: "[steps('Partitions').HTCSection.NodeNumber]"
     image: "[steps('Partitions').HTCSection.ImageName]"
     ColocateNodes: false
   - name: hpc

diff --git a/marketplace/solution/cc-slurm-workspace/ui_definition.json b/marketplace/solution/cc-slurm-workspace/ui_definition.json
@@ -22,7 +22,7 @@
         "label": "CycleCloud VM Size",
         "toolTip": "Select a size for the CycleCloud VM",
         "recommendedSizes": [
-          "Standard_B2ms"
+          "Standard_D4as_v4"
         ],
         "options": {
           "hideDiskTypeFilter": true
@@ -393,7 +393,7 @@
             "label": "Size",
             "toolTip": "Select a size for the Scheduler VM",
             "recommendedSizes": [
-              "Standard_B2ms"
+              "Standard_D4as_v4"
             ],
             "options": {
               "hideDiskTypeFilter": true
@@ -478,8 +478,10 @@
                   "hideDiskTypeFilter": true
                 },
                 "osPlatform": "Linux",
-                "visible": true
-              },
+                "visible": true,
+                "required": true,
+                "validationMessage": "VMSize is required."
+            },
               {
                 "name": "NodeNumber",
                 "type": "Microsoft.Common.Slider",
@@ -490,7 +492,9 @@
                 "min": 0,
                 "max": 512,
                 "step": 4,
-                "visible": true
+                "visible": true,
+                "required": true,
+                "validationMessage": "Number of nodes is required"
               },      
               {
                 "name": "ImageName",
@@ -514,7 +518,7 @@
                     }
                   ],
                   "required": true,
-                  "validationMessage": "A choice is required."
+                  "validationMessage": "Image Name is required."
                 }
               }
             ]
@@ -536,7 +540,9 @@
                   "hideDiskTypeFilter": true
                 },
                 "osPlatform": "Linux",
-                "visible": true
+                "visible": true,
+                "required": true,
+                "validationMessage": "VMSize is required."
               },
               {
                 "name": "NodeNumber",
@@ -548,7 +554,9 @@
                 "min": 0,
                 "max": 100,
                 "step": 2,
-                "visible": true
+                "visible": true,
+                "required": true,
+                "validationMessage": "Number of nodes is required"
               },
               {
                 "name": "ImageName",
@@ -572,7 +580,7 @@
                     }
                   ],
                   "required": true,
-                  "validationMessage": "A choice is required."
+                  "validationMessage": "Image Name is required."
                 }
               }
             ]
@@ -596,7 +604,9 @@
                   "hideDiskTypeFilter": true
                 },
                 "osPlatform": "Linux",
-                "visible": true
+                "visible": true,
+                "required": true,
+                "validationMessage": "VMSize is required."
               },
               {
                 "name": "NodeNumber",
@@ -608,7 +618,9 @@
                 "min": 0,
                 "max": 100,
                 "step": 2,
-                "visible": true
+                "visible": true,
+                "required": true,
+                "validationMessage": "Number of nodes is required"
               },
               {
                 "name": "ImageName",
@@ -632,7 +644,7 @@
                     }
                   ],
                   "required": true,
-                  "validationMessage": "A choice is required."
+                  "validationMessage": "Image Name is required."
                 }
               }
             ]
@@ -665,7 +677,7 @@
               "name": "deployerSshPort",
               "type": "Microsoft.Common.TextBox",
               "label": "Deployer SSH Port",
-              "defaultValue": "[if(steps('network').publicIp,8822,22)]",
+              "defaultValue": "[if(steps('network').publicIp,if(steps('network').bastion, 22, 8822),22)]",
               "toolTip": "SSH port for the deployer VM.",
               "constraints": {
                 "required": true,