diff --git a/README.md b/README.md index 9e69b6f..e4cd669 100644 --- a/README.md +++ b/README.md @@ -7,3 +7,6 @@ packer build srw-cluster.pkr.hcl -var "date=4May2023" ### AWS LandDA configuration: vi srw-cluster.pkr.hcl #edit line 141: from srw-cluster-start-script.sh to landda-cluster-container-start-script.sh packer build srw-cluster.pkr.hcl -var "date=4May2023" + +### Required Software +Version 3.7.1 of AWS ParallelCluster \ No newline at end of file diff --git a/scripts/bastion-jumphost.template.yaml b/scripts/bastion-jumphost.template.yaml new file mode 100644 index 0000000..1a5f125 --- /dev/null +++ b/scripts/bastion-jumphost.template.yaml @@ -0,0 +1,1023 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: >- + AWS CloudFormation template for deploying Linux bastion hosts from a launch template into an + existing VPC. (qs-1qup6ra99) +Metadata: + QuickStartDocumentation: + EntrypointName: Launch into an existing VPC + Order: 2 + LICENSE: Apache License, Version 2.0 + LintSpellExclude: + - onlyssmaccess + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Network configuration + Parameters: + - VPCID + - PublicSubnet1ID + - PublicSubnet2ID + - RemoteAccessCIDR + - Label: + default: IAM configuration + Parameters: + - RolePath + - PermissionsBoundaryArn + - Label: + default: Amazon EC2 configuration + Parameters: + - KeyPairName + - BastionAMIOS + - BastionInstanceType + - RootVolumeSize + - Label: + default: Linux bastion configuration + Parameters: + - NumBastionHosts + - OndemandPercentage + - BastionHostName + - BastionTenancy + - EnableBanner + - BastionBanner + - EnableTCPForwarding + - EnableX11Forwarding + - Label: + default: Alternative configurations + Parameters: + - AlternativeInitializationScript + - OSImageOverride + - AlternativeIAMRole + - EnvironmentVariables + - Label: + default: AWS Quick Start configuration + Parameters: + - QSS3BucketName + - QSS3KeyPrefix + - QSS3BucketRegion + ParameterLabels: + AlternativeIAMRole: + default: Alternative IAM role + AlternativeInitializationScript: + default: Alternative initialization script URL + BastionAMIOS: + default: Bastion AMI operating system + BastionHostName: + default: Bastion host Name + BastionTenancy: + default: Bastion tenancy + BastionBanner: + default: SSH banner content file URL + BastionInstanceType: + default: Bastion instance type + EnableBanner: + default: Bastion banner + EnableTCPForwarding: + default: TCP forwarding + EnableX11Forwarding: + default: X11 forwarding + EnvironmentVariables: + default: Environment variables + KeyPairName: + default: Key pair name + NumBastionHosts: + default: Number of bastion hosts + OndemandPercentage: + default: On-demand percentage + OSImageOverride: + default: Operating system override + PublicSubnet1ID: + default: Public subnet 1 ID + PublicSubnet2ID: + default: Public subnet 2 ID + QSS3BucketName: + default: Quick Start S3 bucket name + QSS3BucketRegion: + default: Quick Start S3 bucket Region + QSS3KeyPrefix: + default: Quick Start S3 key prefix + RemoteAccessCIDR: + default: Allowed bastion external access CIDR + VPCID: + default: VPC ID + RootVolumeSize: + default: Root volume size + PermissionsBoundaryArn: + default: Permissions boundary ARN + RolePath: + default: Role path +Parameters: + BastionAMIOS: + Type: String + Description: The Linux distribution for the AMI to be used for the bastion host instances. + AllowedValues: + - Amazon-Linux2-HVM + - Amazon-Linux2-HVM-ARM + - CentOS-7-HVM + - Ubuntu-Server-20.04-LTS-HVM + - Ubuntu-Server-22.04-LTS-HVM + - Ubuntu-Server-22.04-LTS-HVM-ARM + - SUSE-SLES-15-HVM + Default: Amazon-Linux2-HVM + BastionHostName: + Type: String + Description: The value used for the name tag of the bastion host. + Default: LinuxBastion + BastionBanner: + Type: String + Description: >- + Amazon S3 object URL for the text file with the content to display upon + SSH login. The bastion host must have permission to download the file + from the S3 bucket. + AllowedPattern: ^(s3:\/\/[0-9a-z]+([0-9a-z-]*[0-9a-z])*/.+)?$ + ConstraintDescription: >- + Must be either a valid Amazon S3 object URL + (example: s3://bucket/key/file.txt) or empty. + Default: '' + BastionTenancy: + Type: String + Description: Bastion VPC tenancy (dedicated or default). + AllowedValues: + - dedicated + - default + Default: default + BastionInstanceType: + Type: String + Description: Amazon EC2 instance type for the bastion instances. + Default: t3.micro + EnableBanner: + Type: String + Description: Choose "true" to display a banner when connecting to the bastion using SSH. + AllowedValues: + - 'true' + - 'false' + Default: 'false' + EnableTCPForwarding: + Type: String + Description: Choose "true" to enable TCP forwarding. + AllowedValues: + - 'true' + - 'false' + Default: 'false' + EnableX11Forwarding: + Type: String + Description: Choose "true" to enable X11 forwarding. + AllowedValues: + - 'true' + - 'false' + Default: 'false' + KeyPairName: + Type: String + Description: + Name of an existing public/private key pair. If you do not have one in this AWS Region, + please create it before continuing. If left empty, AWS Systems Manager Session Manager can still be used to connect to the instance. + Default: 'epic_workshop' + NumBastionHosts: + Type: String + Description: The number of bastion hosts to create. The maximum number is four. + AllowedValues: + - 1 + - 2 + - 3 + - 4 + Default: 1 + OndemandPercentage: + Type: Number + Description: >- + Percentage of on-demand instances versus spot instances. With the + default of 100, the ratio will be 100% on-demand instances and 0% spot + instances. + Default: 100 + PublicSubnet1ID: + Type: AWS::EC2::Subnet::Id + Description: >- + ID of the public subnet 1 that you want to provision the first bastion + into (for example, subnet-a0246dcd). If RemoteAccessCIDR is set to + 'disabled-onlyssmaccess', enter the ID of a private subnet instead. + PublicSubnet2ID: + Type: AWS::EC2::Subnet::Id + Description: >- + ID of the public subnet 2 that you want to provision the second bastion + into (for example, subnet-e3246d8e). If RemoteAccessCIDR is set to + 'disabled-onlyssmaccess', enter the ID of a private subnet instead. + QSS3BucketName: + Type: String + Description: Name of the S3 bucket for your copy of the Quick Start assets. + Keep the default name unless you are customizing the template. + Changing the name updates code references to point to a new Quick + Start location. This name can include numbers, lowercase letters, + and hyphens, but do not start or end with a hyphen (-). + See https://aws-quickstart.github.io/option1.html. + MinLength: 3 + MaxLength: 63 + AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$ + ConstraintDescription: + The Quick Start bucket name can include numbers, lowercase + letters, uppercase letters, and hyphens (-). It cannot start or end with a + hyphen (-). + Default: aws-ia + QSS3BucketRegion: + Type: String + Description: The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value. + Default: us-east-1 + QSS3KeyPrefix: + Type: String + Description: + S3 key prefix that is used to simulate a directory for your copy of the + Quick Start assets. Keep the default prefix unless you are customizing + the template. Changing this prefix updates code references to point to + a new Quick Start location. This prefix can include numbers, lowercase + letters, uppercase letters, hyphens (-), and forward slashes (/). End + with a forward slash. + See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html + and https://aws-quickstart.github.io/option1.html. + AllowedPattern: ^([0-9a-zA-Z-.]+/)*$ + ConstraintDescription: + The Quick Start S3 key prefix can include numbers, lowercase letters, + uppercase letters, hyphens (-), and forward slashes (/). + Default: cfn-ps-linux-bastion/ + RemoteAccessCIDR: + Type: String + Description: Allowed CIDR block for external SSH access to the bastions. + AllowedPattern: ^disabled-onlyssmaccess$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + ConstraintDescription: CIDR block parameter must be disabled-onlyssmaccess or in the format "x.x.x.x/x". + Default: disabled-onlyssmaccess + VPCID: + Type: AWS::EC2::VPC::Id + Description: ID of the VPC (for example, vpc-0343606e). + AlternativeInitializationScript: + Type: String + Description: >- + HTTPS format Amazon S3 object URL for your custom initialization script + to run during setup. The bastion host must have permission to download + the file from the S3 bucket. + AllowedPattern: ^https.*|^$ + ConstraintDescription: >- + Must be either a valid Amazon S3 object URL + (example: https://bucket/key/file.txt) or empty. + Default: '' + OSImageOverride: + Type: String + Description: The Region-specific image to use for the instance. + Default: '' + AlternativeIAMRole: + Type: String + Description: + An existing IAM role name to attach to the bastion. If left blank, + a new role will be created. + Default: '' + EnvironmentVariables: + Type: String + Description: A comma-separated list of environment variables for use in + bootstrapping. Variables must be in the format "key=value". "Value" cannot + contain commas. + Default: '' + RootVolumeSize: + Type: Number + Description: The size in GB for the root EBS volume. + Default: 10 + PermissionsBoundaryArn: + Type: String + Description: Will be attached to all created IAM roles to satisfy security requirements. + Default: '' + RolePath: + Type: String + Description: Will be attached to all created IAM roles to satisfy security requirements. + Default: '' +Rules: + SubnetsInVPC: + Assertions: + - Assert: + Fn::EachMemberIn: + - !ValueOfAll [AWS::EC2::Subnet::Id, VpcId] + - Fn::RefAll: AWS::EC2::VPC::Id + AssertDescription: All subnets must exist in the VPC. + ArmInstance: + RuleCondition: !Contains + - - Amazon-Linux2-HVM-ARM + - Amazon-Linux2023-ARM + - Ubuntu-Server-22.04-LTS-HVM-ARM + - !Ref BastionAMIOS + Assertions: + - Assert: !Contains + - - t4g.nano + - t4g.micro + - t4g.small + - t4g.medium + - t4g.large + - t4g.xlarge + - t4g.2xlarge + - m6g.medium + - m6g.large + - m6g.xlarge + - m6g.2xlarge + - !Ref BastionInstanceType + AssertDescription: >- + You selected an ARM AMI operating system, so you must also enter an + ARM instance type, such as t4g.micro. For additional details, see + https://aws.amazon.com/ec2/instance-types/. + X86_64Instance: + RuleCondition: !Not + - !Contains + - - Amazon-Linux2-HVM-ARM + - Amazon-Linux2023-ARM + - Ubuntu-Server-22.04-LTS-HVM-ARM + - !Ref BastionAMIOS + Assertions: + - Assert: !Not + - !Contains + - - t4g.nano + - t4g.micro + - t4g.small + - t4g.medium + - t4g.large + - t4g.xlarge + - t4g.2xlarge + - m6g.medium + - m6g.large + - m6g.xlarge + - m6g.2xlarge + - !Ref BastionInstanceType + AssertDescription: >- + You selected a x86_64 AMI operating system, so you must also enter a + x86_64 instance type, such as t3.micro. For additional details, see + https://aws.amazon.com/ec2/instance-types/. +Mappings: + AWSAMIRegionMap: + af-south-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0e7ff6dec8807b69f + SLES15SP4HVM: ami-0a35402bec1746848 + ap-east-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-09f998aa76774295f + SLES15SP4HVM: ami-099cd35f1029fbb43 + ap-northeast-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0fd48c6031f8700df + SLES15SP4HVM: ami-00d23bc0982358a0d + ap-northeast-2: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-09e2a570cb404b37e + SLES15SP4HVM: ami-0f98e55603dce84bb + ap-northeast-3: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-02483871b467662e6 + SLES15SP4HVM: ami-07a1a21ded97351e1 + ap-south-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0763cf792771fe1bd + SLES15SP4HVM: ami-05972b154774b3b6c + ap-south-2: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + # CENTOS7HVM: + SLES15SP4HVM: ami-0b279671a9fefe89e + ap-southeast-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-00d785f1c099d5a0e + SLES15SP4HVM: ami-018d29ba42690f33f + ap-southeast-2: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0cf5f53cea16d8cbf + SLES15SP4HVM: ami-05d71c3dc5d752707 + ap-southeast-3: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0dc1b02193df64768 + SLES15SP4HVM: ami-005899737135b4201 + ap-southeast-4: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + # CENTOS7HVM: + SLES15SP4HVM: ami-02a07742261ace7bf + ca-central-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0ca3e32c623d61bdf + SLES15SP4HVM: ami-0912e39d9b4e048b8 + eu-central-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0b4c74d41ee4bed78 + SLES15SP4HVM: ami-09fbf1068ddc2adff + eu-central-2: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0e7ae4065721cafb3 + SLES15SP4HVM: ami-0ff8a4906f42e343f + eu-north-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-08998a9a61da37c77 + SLES15SP4HVM: ami-0f065384dc57a404b + eu-south-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0ce6f8b3dbadf3b41 + SLES15SP4HVM: ami-079eaadb2d6edc8fc + eu-south-2: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0f4cbddb1f35cb43c + SLES15SP4HVM: ami-0ef8cea6abf7043a6 + eu-west-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0c1f3a8058fde8814 + SLES15SP4HVM: ami-0a896b04a8a52170e + eu-west-2: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-036e229aa5fa198ba + SLES15SP4HVM: ami-0756f59576219f593 + eu-west-3: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0eb3117f2ccc34ba6 + SLES15SP4HVM: ami-07d54cb8ada9f50a1 + me-central-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0f3bfe072614fef65 + SLES15SP4HVM: ami-0e58a0202165f87c2 + me-south-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-03a968cc818f19908 + SLES15SP4HVM: ami-0509ec04da2a424ae + sa-east-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-04384c010169ed8d3 + SLES15SP4HVM: ami-0a2100b654065fdd0 + us-east-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-002070d43b0a4f171 + SLES15SP4HVM: ami-0c544bda9765444c2 + us-east-2: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-05a36e1502605b4aa + SLES15SP4HVM: ami-05e886c9f13122451 + us-west-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-0dee0f906cf114191 + SLES15SP4HVM: ami-00c7ea5602814d691 + us-west-2: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}' + US2204HVMARM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id}}' + CENTOS7HVM: ami-08c191625cfb7ee61 + SLES15SP4HVM: ami-0a8bcde34acb334ab + us-gov-east-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: ami-0cfbbbb41dd6a9cad + US2204HVM: ami-0c4bea13c0e0c588f + US2204HVMARM: ami-0dbcf7fc866b67aed + CENTOS7HVM: ami-00c6b007ba906a530 + # SLES15SP4HVM: + us-gov-west-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: ami-0b152eed9cb83f2bd + US2204HVM: ami-0585fd40760ad42a3 + US2204HVMARM: ami-0f0aac22ded9e2425 + CENTOS7HVM: ami-08b470dba6016d395 + # SLES15SP4HVM: + cn-north-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: ami-0ee7de898385f3816 + US2204HVM: ami-0e3f9b0ee702d8037 + US2204HVMARM: ami-0577c50047809e101 + CENTOS7HVM: ami-0860d3f26ee044bb9 + # SLES15SP4HVM: + cn-northwest-1: + AMZNLINUX2: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}' + AMZNLINUX2ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2}}' + AMZNLINUX2023: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64}}' + AMZNLINUX2023ARM: '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64}}' + US2004HVM: ami-0d18cf3d76f53fd2a + US2204HVM: ami-0e28271fed7614688 + US2204HVMARM: ami-0e1c2b33dbe3c33cc + CENTOS7HVM: ami-01cb2ecea35798f3f + # SLES15SP4HVM: + LinuxAMINameMap: + Amazon-Linux2-HVM: + Code: AMZNLINUX2 + OS: Amazon + Amazon-Linux2-HVM-ARM: + Code: AMZNLINUX2ARM + OS: Amazon + Amazon-Linux2023: + Code: AMZNLINUX2023 + OS: Amazon + Amazon-Linux2023-ARM: + Code: AMZNLINUX2023ARM + OS: Amazon + CentOS-7-HVM: + Code: CENTOS7HVM + OS: CentOS + Ubuntu-Server-20.04-LTS-HVM: + Code: US2004HVM + OS: Ubuntu + Ubuntu-Server-22.04-LTS-HVM: + Code: US2204HVM + OS: Ubuntu + Ubuntu-Server-22.04-LTS-HVM-ARM: + Code: US2204HVMARM + OS: Ubuntu + SUSE-SLES-15-HVM: + Code: SLES15SP4HVM + OS: SLES +Conditions: + RolePathProvided: !Not [!Equals ['', !Ref RolePath]] + PermissionsBoundaryProvided: !Not [!Equals ['', !Ref PermissionsBoundaryArn]] + 2BastionConditionHost: !Or [!Equals [!Ref NumBastionHosts, 2], !Condition 3BastionCondition, !Condition 4BastionCondition] + 3BastionConditionHost: !Or [!Equals [!Ref NumBastionHosts, 3], !Condition 4BastionCondition] + 4BastionConditionHost: !Equals [!Ref NumBastionHosts, 4] + 2BastionCondition: !And [!Condition HasRemoteCIDR, !Condition 2BastionConditionHost] + 3BastionCondition: !And [!Condition HasRemoteCIDR, !Condition 3BastionConditionHost] + 4BastionCondition: !And [!Condition HasRemoteCIDR, !Condition 4BastionConditionHost] + HasRemoteCIDR: !Not [!Equals [!Ref RemoteAccessCIDR, disabled-onlyssmaccess]] + UseAlternativeInitialization: !Not [!Equals [!Ref AlternativeInitializationScript, '']] + CreateIAMRole: !Equals [!Ref AlternativeIAMRole, ''] + UseOSImageOverride: !Not [!Equals [!Ref OSImageOverride, '']] + UsingDefaultBucket: !Equals [!Ref QSS3BucketName, aws-ia] + DefaultBanner: !Equals [!Ref BastionBanner, ''] + UseKeyPair: !Not [!Equals [!Ref KeyPairName, '']] +Resources: + BastionMainLogGroup: + Type: AWS::Logs::LogGroup + SSHMetricFilter: + Type: AWS::Logs::MetricFilter + Properties: + LogGroupName: !Ref BastionMainLogGroup + FilterPattern: ON FROM USER PWD + MetricTransformations: + - MetricName: SSHCommandCount + MetricValue: 1 + MetricNamespace: !Sub AWSQuickStart/${AWS::StackName} + BastionHostRole: + Condition: CreateIAMRole + Type: AWS::IAM::Role + Properties: + Path: !If [RolePathProvided, !Ref RolePath, !Ref AWS::NoValue] + PermissionsBoundary: + !If [PermissionsBoundaryProvided, !Ref PermissionsBoundaryArn, !Ref AWS::NoValue] + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: sts:AssumeRole + Principal: + Service: + - !Sub ec2.${AWS::URLSuffix} + ManagedPolicyArns: + - !Sub arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore + - !Sub arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy + BastionHostPolicy: + Type: AWS::IAM::Policy + Condition: CreateIAMRole + Properties: + PolicyName: BastionPolicy + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: ListQSS3BucketObjects + Effect: Allow + Action: s3:ListBucket + Resource: !Sub + - arn:${AWS::Partition}:s3:::${S3Bucket} + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + - Sid: GetQSS3Objects + Effect: Allow + Action: + - s3:GetObject + - s3:GetObjectVersion + Resource: !Sub + - arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}* + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + - Sid: WriteToCloudWatchLogs + Effect: Allow + Action: + - logs:CreateLogStream + - logs:GetLogEvents + - logs:PutLogEvents + - logs:DescribeLogGroups + - logs:DescribeLogStreams + - logs:PutRetentionPolicy + - logs:PutMetricFilter + - logs:CreateLogGroup + Resource: !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${BastionMainLogGroup}:* + - Sid: UpdateParameterStore + Effect: Allow + Action: + - ssm:PutParameter + - ssm:DeleteParameter + Resource: !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/bastion_public_key + - Sid: Global + Effect: Allow + Action: + - ec2:DescribeAddresses + Resource: '*' + - !If + - HasRemoteCIDR + - Sid: AssociateStackEips + Effect: Allow + Action: + - ec2:AssociateAddress + Resource: '*' + Condition: + StringEquals: + ec2:ResourceTag/aws:cloudformation:stack-id: !Ref AWS::StackId + - !Ref AWS::NoValue + Roles: + - !If [CreateIAMRole, !Ref BastionHostRole, !Ref AlternativeIAMRole] + BastionHostProfile: + Type: AWS::IAM::InstanceProfile + Properties: + Roles: + - !If [CreateIAMRole, !Ref BastionHostRole, !Ref AlternativeIAMRole] + Path: !If [CreateIAMRole, /, /account-managed/] + EIP1: + Type: AWS::EC2::EIP + Condition: HasRemoteCIDR + Properties: + Domain: vpc + EIP2: + Type: AWS::EC2::EIP + Condition: 2BastionCondition + Properties: + Domain: vpc + EIP3: + Type: AWS::EC2::EIP + Condition: 3BastionCondition + Properties: + Domain: vpc + EIP4: + Type: AWS::EC2::EIP + Condition: 4BastionCondition + Properties: + Domain: vpc + BastionLaunchTemplate: + Type: AWS::EC2::LaunchTemplate + Metadata: + AWS::CloudFormation::Authentication: + S3AccessCreds: + type: S3 + roleName: !If [CreateIAMRole, !Ref BastionHostRole, !Ref AlternativeIAMRole] + buckets: + - !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + AWS::CloudFormation::Init: + config: + files: + /tmp/auditd.rules: + mode: 000550 + owner: root + group: root + content: | + -a exit,always -F arch=b64 -S execve + -a exit,always -F arch=b32 -S execve + /tmp/auditing_configure.sh: + source: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/auditing_configure.sh + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] + mode: 000550 + owner: root + group: root + authentication: S3AccessCreds + /tmp/bastion_bootstrap.sh: + source: !If + - UseAlternativeInitialization + - !Ref AlternativeInitializationScript + - !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/bastion_bootstrap.sh + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] + mode: 000550 + owner: root + group: root + authentication: S3AccessCreds + commands: + a-add_auditd_rules: + cwd: /tmp/ + env: + BASTION_OS: !FindInMap [LinuxAMINameMap, !Ref BastionAMIOS, OS] + command: ./auditing_configure.sh + b-bootstrap: + cwd: /tmp/ + env: + REGION: !Sub ${AWS::Region} + URL_SUFFIX: !Sub ${AWS::URLSuffix} + BANNER_REGION: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] + command: !Sub + - ./bastion_bootstrap.sh --banner ${BannerUrl} --enable ${EnableBanner} --tcp-forwarding ${EnableTCPForwarding} --x11-forwarding ${EnableX11Forwarding} + - BannerUrl: !If + - DefaultBanner + - !Sub + - s3://${S3Bucket}/${QSS3KeyPrefix}scripts/banner_message.txt + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + - !Ref BastionBanner + Properties: + LaunchTemplateData: + Placement: + Tenancy: !Ref BastionTenancy + KeyName: !If [UseKeyPair, !Ref KeyPairName, !Ref AWS::NoValue] + ImageId: !If + - UseOSImageOverride + - !Ref OSImageOverride + - !FindInMap [AWSAMIRegionMap, !Ref AWS::Region, !FindInMap [LinuxAMINameMap, !Ref BastionAMIOS, Code]] + InstanceType: !Ref BastionInstanceType + IamInstanceProfile: + Arn: !GetAtt BastionHostProfile.Arn + NetworkInterfaces: + - DeviceIndex: 0 + AssociatePublicIpAddress: false + Groups: + - !Ref BastionSecurityGroup + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref RootVolumeSize + VolumeType: gp2 + Encrypted: true + DeleteOnTermination: true + UserData: + Fn::Base64: !Sub + - | + #!/usr/bin/env bash + set -x + for e in $(echo "${EnvironmentVariables}" | tr ',' ' '); do + export $e + echo "$e" >> /root/.bashrc + done + export PATH=$PATH:/usr/local/bin + yum install -y git unzip wget curl || apt-get install -y git unzip wget curl || zypper -n install git unzip wget curl + + #cfn signaling functions + cfn_fail() { + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource BastionAutoScalingGroup + exit 1 + } + + cfn_success() { + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource BastionAutoScalingGroup + exit 0 + } + + pushd /tmp + + if [[ "a$(which aws)" == "a" ]] + then + echo "Installing AWS CLI..." + uname=$(uname -m) + wget -nv -O "./awscliv2.zip" "https://awscli.amazonaws.com/awscli-exe-linux-$uname.zip" + unzip -q ./awscliv2.zip + ./aws/install + fi + + until aws s3 cp --no-progress --region ${AWS::Region} "s3://${S3Bucket}/${QSS3KeyPrefix}scripts/cfn-tools.sh" . + do + echo "Retrying..." + done + source ./cfn-tools.sh + + popd /tmp + + su ec2-user -c 'ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa' + aws ssm delete-parameter --name bastion_public_key --region us-east-1 || true + aws ssm put-parameter --region us-east-1 --name bastion_public_key --type String --value "$(cat /home/ec2-user/.ssh/id_rsa.pub)" + + qs_update-os || qs_err; + qs_bootstrap_pip || qs_err " pip bootstrap failed "; + qs_aws-cfn-bootstrap || qs_err " cfn bootstrap failed "; + + EIP_LIST="${EIP1},${EIP2},${EIP3},${EIP4}" + CLOUDWATCHGROUP=${BastionMainLogGroup} + cfn-init -v --stack '${AWS::StackName}' --resource BastionLaunchTemplate --region ${AWS::Region} || cfn_fail + [ $(qs_status) == 0 ] && cfn_success || cfn_fail + - EIP1: !If [HasRemoteCIDR, !Ref EIP1, 'Null'] + EIP2: !If [2BastionCondition, !Ref EIP2, 'Null'] + EIP3: !If [3BastionCondition, !Ref EIP3, 'Null'] + EIP4: !If [4BastionCondition, !Ref EIP4, 'Null'] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + BastionSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: Enables SSH Access to Bastion Hosts + VpcId: !Ref VPCID + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: 0.0.0.0/0 + BastionEC2Instance: + Type: AWS::EC2::Instance + Properties: + KeyName: !Ref KeyPairName + NetworkInterfaces: + - DeviceIndex: 0 + PrivateIpAddress: 137.75.93.46 + SubnetId: !Ref PublicSubnet1ID + LaunchTemplate: + LaunchTemplateId: !Ref BastionLaunchTemplate + Version: '1' + Tags: + - Key: Name + Value: BastionJumphost +Outputs: + EIP1: + Condition: HasRemoteCIDR + Description: Elastic IP 1 for bastion. + Value: !Ref EIP1 + Export: + Name: !Sub ${AWS::StackName}-EIP1 + EIP2: + Condition: 2BastionCondition + Description: Elastic IP 2 for bastion. + Value: !Ref EIP2 + Export: + Name: !Sub ${AWS::StackName}-EIP2 + EIP3: + Condition: 3BastionCondition + Description: Elastic IP 3 for bastion. + Value: !Ref EIP3 + Export: + Name: !Sub ${AWS::StackName}-EIP3 + EIP4: + Condition: 4BastionCondition + Description: Elastic IP 4 for bastion. + Value: !Ref EIP4 + Export: + Name: !Sub ${AWS::StackName}-EIP4 + CloudWatchLogs: + Description: CloudWatch Logs GroupName. Your SSH logs will be stored here. + Value: !Ref BastionMainLogGroup + Export: + Name: !Sub ${AWS::StackName}-CloudWatchLogs + BastionSecurityGroupID: + Description: Bastion security group ID. + Value: !Ref BastionSecurityGroup + Export: + Name: !Sub ${AWS::StackName}-BastionSecurityGroupID + BastionHostRole: + Description: Bastion IAM role name. + Value: !If [CreateIAMRole, !Ref BastionHostRole, !Ref AlternativeIAMRole] + Export: + Name: !Sub ${AWS::StackName}-BastionHostRole + Postdeployment: + Description: See the deployment guide for post-deployment steps. + Value: https://fwd.aws/YqpXk? diff --git a/scripts/deployment/cluster_start_script_v3.sh b/scripts/deployment/cluster_start_script_v3.sh index 4913982..c0c0343 100644 --- a/scripts/deployment/cluster_start_script_v3.sh +++ b/scripts/deployment/cluster_start_script_v3.sh @@ -32,3 +32,6 @@ chown -R ubuntu /home/ubuntu/ufs-srweather-app echo 'Deleting crontab entries' crontab -u ubuntu -r + +echo 'Installing Bastion Key' +aws ssm get-parameter --region us-east-1 --name bastion_public_key | jq -r .Parameter.Value >> ~/.ssh/authorized_keys \ No newline at end of file diff --git a/scripts/deployment/generateClusters.sh b/scripts/deployment/generateClusters.sh old mode 100644 new mode 100755 index 1cc6afe..bcf5bc0 --- a/scripts/deployment/generateClusters.sh +++ b/scripts/deployment/generateClusters.sh @@ -1,4 +1,4 @@ for i in $(seq 1 1 1) do - pcluster create-cluster --region us-east-1 --cluster-name srwv2-cluster-$i --cluster-configuration srwcluster_nodeconfig_v1.yaml --rollback-on-failure false --debug - done \ No newline at end of file + pcluster create-cluster --region us-east-1 --cluster-name srwv22-cluster-$i --cluster-configuration srwcluster_nodeconfig_v1.yaml --rollback-on-failure false --debug + done diff --git a/scripts/deployment/software_deployments/image_build_container_ams24.sh b/scripts/deployment/software_deployments/image_build_container_ams24.sh new file mode 100644 index 0000000..7edb308 --- /dev/null +++ b/scripts/deployment/software_deployments/image_build_container_ams24.sh @@ -0,0 +1,90 @@ +###install go### +wget https://go.dev/dl/go1.21.6.linux-amd64.tar.gz +tar -xvf go1.21.6.linux-amd64.tar.gz +cd go +export PATH=$PATH:/home/ubuntu/go/bin +export GOPATH=/home/ubuntu/go +export GOBIN=/home/ubuntu/go/bin + +###Install singularity### +cd /home/ubuntu +wget https://github.com/sylabs/singularity/releases/download/v3.11.0/singularity-ce-3.11.0.tar.gz +tar -xzf singularity-ce-3.11.0.tar.gz +cd singularity-ce-3.11.0/ +sudo apt-get install libseccomp-dev +sudo apt-get update +sudo apt-get install libglib2.0-dev +./mconfig && make -C ./builddir && sudo make -C ./builddir install + +###Build the container image### +cd /home/ubuntu +sudo singularity build --sandbox ubuntu20.04-intel-srwapp docker://noaaepic/ubuntu20.04-intel-srwapp:release-public-v2.2.0 + +###Upgrade lmod/Lua### +cd /home/ubuntu +sudo apt install lua5.3 +sudo apt remove lua5.2 +wget https://sourceforge.net/projects/lmod/files/Lmod-8.6.tar.bz2 +tar xvfj Lmod-8.6.tar.bz2 +cd Lmod-8.6 +./configure --prefix=/opt/apps +sudo make install +source /opt/apps/lmod/lmod/init/bash + +###Install ruby and ruby-dev### +cd /home/ubuntu +sudo apt-get install ruby +sudo apt-get install ruby-dev + +###Install miniconda### +cd /home/ubuntu +git clone -b feature/ufs_srw_public_2.2.0 https://github.com/NOAA-EPIC/miniconda3.git +cd miniconda3/ +sed -i "s|lustre|home\/ubuntu|g" miniconda3template.lua +./miniconda3_install.sh /home/ubuntu/miniconda3 4.12.0 +./miniconda3_regional_workflow_env.sh /home/ubuntu/miniconda3 4.12.0 +./miniconda3_workflow_tools_env.sh /home/ubuntu/miniconda3 4.12.0 +./miniconda3_regional_workflow_cmaq_env.sh /home/ubuntu/miniconda3 4.12.0 +# Load the module: +module use /home/ubuntu/miniconda3/modulefiles +module load miniconda3/4.12.0 +cd /home/ubuntu/miniconda3/4.12.0/lib/ +mv libtinfo.so.6 libtinfo.so.6_bac + +###Install rocoto### +cd /home/ubuntu +PREFIX="/home/ubuntu/rocoto" +mkdir -p $PREFIX && cd $PREFIX +git clone -b 1.3.6 https://github.com/christopherwharrop/rocoto.git 1.3.6 +cd 1.3.6 +./INSTALL 2>&1 | tee rocoto-1.3.6.install.log +# Prepare a modulefile for rocoto +cd $PREFIX +export ROCOTOBIN=$PREFIX/1.3.6/bin +export ROCOTOLIB=$PREFIX/1.3.6/lib +mkdir $PREFIX/modulefiles +mkdir $PREFIX/modulefiles/rocoto +touch $PREFIX/modulefiles/rocoto/1.3.6.lua +cat > modulefiles/rocoto/1.3.6.lua << EOF +help([[ + Set environment variables for rocoto workflow manager) +]]) + +-- Make sure another version of the same package is not already loaded +conflict("rocoto") + +-- Set environment variables +prepend_path("PATH","$ROCOTOBIN") +prepend_path("LD_LIBRARY_PATH","$ROCOTOLIB") +EOF +# Verify the module could be loaded: +module use /$PREFIX/modulefiles +module load rocoto/1.3.6 + +###Add needed data### +cd /scratch +wget https://noaa-ufs-srw-pds.s3.amazonaws.com/current_srw_release_data/fix_data.tgz +tar xfz fix_data.tgz +wget https://noaa-ufs-srw-pds.s3.amazonaws.com/current_srw_release_data/gst_data.tgz +tar xfz gst_data.tgz +# After untaring the files, directories ./fix and ./input_model_data diff --git a/scripts/deployment/srwcluster_nodeconfig_v1.yaml b/scripts/deployment/srwcluster_nodeconfig_v1.yaml index 7cce117..c64a5a5 100644 --- a/scripts/deployment/srwcluster_nodeconfig_v1.yaml +++ b/scripts/deployment/srwcluster_nodeconfig_v1.yaml @@ -3,11 +3,11 @@ Region: us-east-1 Image: Os: ubuntu2004 - CustomAmi: ami-030cf29e6d5d8724a #Must modify + CustomAmi: ami-08100890884d98d9d #Must modify HeadNode: InstanceType: c5.2xlarge Networking: - SubnetId: ami-030cf29e6d5d8724a #Must modify + SubnetId: subnet-078043a467c391dfd #Must modify (public subnet) Ssh: KeyName: epic_workshop LocalStorage: @@ -18,10 +18,11 @@ HeadNode: Throughput: 1000 Iam: AdditionalIamPolicies: - - Policy: arn:aws:iam::aws:policy/AmazonS3FullAccess + - Policy: arn:aws:iam::aws:policy/AmazonS3FullAccess + - Policy: arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore CustomActions: OnNodeConfigured: - Script: s3://epic.sandbox.srw/cluster_start_script_v3.sh #Must modify + Script: s3://epic-srw-sandbox/cluster_start_script_v3.sh #Must modify Scheduling: Scheduler: slurm SlurmSettings: @@ -45,13 +46,13 @@ Scheduling: MaxCount: 2 Networking: SubnetIds: - - subnet-04d911e4b55853ef7 #Must modify + - subnet-07bd52a747ba1e525 #Must modify AssignPublicIp: true PlacementGroup: Enabled: true CustomActions: OnNodeConfigured: - Script: s3://epic.sandbox.srw/cluster_start_script_v3.sh #Must modify + Script: s3://epic-srw-sandbox/cluster_start_script_v3.sh #Must modify SharedStorage: - MountDir: /scratch Name: ebs diff --git a/scripts/srw-cluster-start-script.sh b/scripts/srw-cluster-start-script.sh index 84a642e..e1750f6 100644 --- a/scripts/srw-cluster-start-script.sh +++ b/scripts/srw-cluster-start-script.sh @@ -137,3 +137,94 @@ cd /opt/ufs-srweather-app/build cmake -DCMAKE_CXX_COMPILER=mpiicpc -DCMAKE_C_COMPILER=mpiicc -DCMAKE_FC_COMPILER=mpiifort -DCMAKE_INSTALL_PREFIX=.. .. make -j 8 echo "UFS SRW App build completed!" +###install go### +echo 'Installing Go' +wget https://go.dev/dl/go1.21.6.linux-amd64.tar.gz +tar -xvf go1.21.6.linux-amd64.tar.gz +cd go +export PATH=$PATH:/home/ubuntu/go/bin +export GOPATH=/home/ubuntu/go +export GOBIN=/home/ubuntu/bin +###Install singularity### +echo 'Installing Singularity' +cd /home/ubuntu +wget https://github.com/sylabs/singularity/releases/download/v3.11.0/singularity-ce-3.11.0.tar.gz +tar -xzf singularity-ce-3.11.0.tar.gz +cd singularity-ce-3.11.0/ +sudo apt-get install libseccomp-dev +sudo apt-get update +sudo apt-get install libglib2.0-dev +./mconfig && make -C ./builddir && sudo make -C ./builddir install +###Build the container image### +echo 'Installing Container' +cd /home/ubuntu +sudo singularity build --sandbox ubuntu20.04-intel-srwapp docker://noaaepic/ubuntu20.04-intel-srwapp:release-public-v2.2.0 +###Upgrade lmod/Lua### +echo 'Installing Lmod/Lua' +cd /home/ubuntu +sudo apt install lua5.3 +sudo apt remove lua5.2 +wget https://sourceforge.net/projects/lmod/files/Lmod-8.6.tar.bz2 +tar xvfj Lmod-8.6.tar.bz2 +cd Lmod-8.6 +./configure --prefix=/opt/apps +sudo make install +source /opt/apps/lmod/lmod/init/bash +###Install ruby and ruby-dev### +echo 'Installing Ruby' +cd /home/ubuntu +sudo apt-get install ruby +sudo apt-get install ruby-dev +###Install miniconda### +echo 'Installing Miniconda' +cd /home/ubuntu +git clone -b feature/ufs_srw_public_2.2.0 https://github.com/NOAA-EPIC/miniconda3.git +cd miniconda3/ +sed -i "s|lustre|home\/ubuntu|g" miniconda3template.lua +./miniconda3_install.sh /home/ubuntu/miniconda3 4.12.0 +./miniconda3_regional_workflow_env.sh /home/ubuntu/miniconda3 4.12.0 +./miniconda3_workflow_tools_env.sh /home/ubuntu/miniconda3 4.12.0 +./miniconda3_regional_workflow_cmaq_env.sh /home/ubuntu/miniconda3 4.12.0 +# Load the module: +module use /home/ubuntu/miniconda3/modulefiles +module load miniconda3/4.12.0 +cd /home/ubuntu/miniconda3/4.12.0/lib/ +mv libtinfo.so.6 libtinfo.so.6_bac +###Install rocoto### +echo 'Installing rocoto' +cd /home/ubuntu +PREFIX="/home/ubuntu/rocoto" +mkdir -p $PREFIX && cd $PREFIX +git clone -b 1.3.6 https://github.com/christopherwharrop/rocoto.git 1.3.6 +cd 1.3.6 +./INSTALL 2>&1 | tee rocoto-1.3.6.install.log +# Prepare a modulefile for rocoto +cd $PREFIX +export ROCOTOBIN=$PREFIX/1.3.6/bin +export ROCOTOLIB=$PREFIX/1.3.6/lib +mkdir $PREFIX/modulefiles +mkdir $PREFIX/modulefiles/rocoto +touch $PREFIX/modulefiles/rocoto/1.3.6.lua +cat > modulefiles/rocoto/1.3.6.lua << EOF +help([[ + Set environment variables for rocoto workflow manager) +]]) + +-- Make sure another version of the same package is not already loaded +conflict("rocoto") + +-- Set environment variables +prepend_path("PATH","$ROCOTOBIN") +prepend_path("LD_LIBRARY_PATH","$ROCOTOLIB") +EOF +# Verify the module could be loaded: +module use /$PREFIX/modulefiles +module load rocoto/1.3.6 +###Add needed data### +echo 'Installing Data' +cd /data +wget https://noaa-ufs-srw-pds.s3.amazonaws.com/current_srw_release_data/fix_data.tgz +tar xfz fix_data.tgz +wget https://noaa-ufs-srw-pds.s3.amazonaws.com/current_srw_release_data/gst_data.tgz +tar xfz gst_data.tgz +# After untaring the files, directories ./fix and ./input_model_data \ No newline at end of file diff --git a/srw-cluster.pkr.hcl b/srw-cluster.pkr.hcl index ea2fb04..20b29f8 100644 --- a/srw-cluster.pkr.hcl +++ b/srw-cluster.pkr.hcl @@ -2,6 +2,10 @@ # Variables for AWS builders ### +locals { + now = formatdate("YYYYMMDD-hhmmss", timestamp()) +} + #Add multiple regions: default = ["us-east-1","us-east-2"] variable "aws_ami_regions" { description = "List of regions to copy the AMIs to. Tags and attributes are copied along with the AMIs" @@ -46,9 +50,9 @@ variable "aws_source_ami_filter_ubuntu_2004_hvm" { owners = list(string) }) default = { - name = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" + name = "aws-parallelcluster-3.7.1-ubuntu-2004-lts-hvm-x86_64-202309151532 2023-09-15T15-36-35.608Z" owners = [ - "099720109477" + "247102896272" ] } } @@ -59,6 +63,7 @@ variable "aws_temporary_security_group_source_cidrs" { default = ["0.0.0.0/0"] } + ### # Variables for Azure builders ### @@ -88,7 +93,7 @@ variable "root_volume_size" { ### source "amazon-ebs" "base" { - ami_name = "srw-cluster-{{date}}.x86_64-gp3" + ami_name = "srw-cluster-${local.now}.x86_64-gp3" ami_regions = var.aws_ami_regions ami_users = var.aws_ami_users ami_groups = var.aws_ami_groups @@ -111,8 +116,8 @@ source "amazon-ebs" "base" { ssh_pty = true ssh_timeout = "60m" ssh_username = var.aws_ssh_username - subnet_id = "subnet-04bae583ce498ab48" - tags = { Name = "SRW-Cluster-{{date}}" } + subnet_id = "subnet-04d911e4b55853ef7" + tags = { Name = "SRW-Cluster-${local.now}" } temporary_security_group_source_cidrs = var.aws_temporary_security_group_source_cidrs } diff --git a/test.py b/test.py new file mode 100644 index 0000000..bcae1f6 --- /dev/null +++ b/test.py @@ -0,0 +1 @@ +import pygrib \ No newline at end of file