in installer/resources/src/install_soca.py [0:0]
def get_install_parameters():
# Retrieve User Specified Variables
print("\n====== Validating SOCA Parameters ======\n")
install_parameters["cluster_name"] = get_input(f"[Step 1/{total_install_phases}] {install_phases[1]}", args.name,None, str)
while len(install_parameters["cluster_name"]) < 3 or len(install_parameters["cluster_name"]) > 11:
print(f"{fg('red')}SOCA cluster name must greater than 3 chars and shorter than 11 characters (soca- is automatically added as a prefix) {attr('reset')}")
install_parameters["cluster_name"] = get_input(f"[Step 1/{total_install_phases}] {install_phases[1]}", None, None, str)
# Sanitize cluster name (remove any non alphanumerical character) or generate random cluster identifier
sanitized_cluster_id = re.sub(r"\W+", "-", install_parameters["cluster_name"])
sanitized_cluster_id = re.sub(r"soca-", "", sanitized_cluster_id) # remove soca- if specified by the user
install_parameters["cluster_id"] = f"soca-{sanitized_cluster_id.lower()}" # do not remove soca- prefix or DCV IAM permission will not be working.
install_parameters["bucket"] = get_input(f"[Step 2/{total_install_phases}] {install_phases[2]}", args.bucket, None,
str)
while check_bucket_permission(install_parameters["bucket"]) is False:
install_parameters["bucket"] = get_input(f"[Step 2/{total_install_phases}] {install_phases[2]}", None, None, str)
install_parameters["ldap_user"] = get_input(f"[Step 3/{total_install_phases}] {install_phases[3]}", args.ldap_user, None, str)
while len(install_parameters["ldap_user"]) < 5 or not install_parameters["ldap_user"].isalnum():
print(f"{fg('red')}LDAP user must be 5 characters mins and can only contains alphanumeric.{attr('reset')}")
install_parameters["ldap_user"] = get_input(f"[Step 3/{total_install_phases}] {install_phases[3]}", None, None, str)
if install_props.Config.directoryservice.provider == "activedirectory":
while install_parameters["ldap_user"].lower() == "admin":
print(f"{fg('yellow')} To prevent conflict with Directory Service, the first SOCA user cannot be named admin. Please pick a different name.{attr('reset')}")
install_parameters["ldap_user"] = get_input(f"[Step 3/{total_install_phases}] {install_phases[3]}", None, None, str)
create_ldap_user = default_ldap_user_password()
while create_ldap_user is False:
create_ldap_user = default_ldap_user_password()
# Encode password to avoid any special char error while running bash CDK
install_parameters["ldap_password"] = (base64.b64encode(install_parameters["ldap_password"].encode("utf-8"))).decode("utf-8")
install_parameters["base_os"] = get_input(f"[Step 5/{total_install_phases}] {install_phases[5]}", args.base_os,["amazonlinux2", "centos7", "rhel7"], str)
install_parameters["ssh_keypair"] = get_input(f"[Step 6/{total_install_phases}] {install_phases[6]}", args.ssh_keypair, accepted_aws_values["accepted_keypairs"], str)
# Validate the prefix list id
if args.prefix_list_id:
try:
found_prefix_list_id = ec2.describe_managed_prefix_lists(PrefixListIds=[args.prefix_list_id])['PrefixLists'][0]['PrefixListId']
if found_prefix_list_id != args.prefix_list_id:
raise RuntimeError(f"Found prefix list {found_prefix_list_id} does not match {args.prefix_list_id}. This is a programming error; please create an issue.")
else:
install_parameters["prefix_list_id"] = args.prefix_list_id
except Exception as e:
print(f"{fg('red')}Error. {args.prefix_list_id} not found. Check that it exists and starts with pl-.\nException:\n{e} {attr('reset')}")
sys.exit(1)
install_parameters["custom_ami"] = args.custom_ami if args.custom_ami else None
# Network Configuration
cidr_regex = r'^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$'
if not args.vpc_cidr:
choice_vpc = get_input(f"[Step 7/{total_install_phases}] {install_phases[7]}", None, ["new", "existing"], str)
if choice_vpc == "new":
install_parameters["vpc_cidr"] = get_input("What CIDR do you want to use your your VPC? We recommend 10.0.0.0/16", args.vpc_cidr, None, str)
while not re.match(cidr_regex, install_parameters["vpc_cidr"]):
print(f"{fg('red')} Invalid CIDR {install_parameters['vpc_cidr']}. Format must be x.x.x.x/x (eg: 10.0.0.0/16){attr('reset')}")
install_parameters["vpc_cidr"] = get_input("What CIDR do you want to use your your VPC? We recommend 10.0.0.0/16", None, None, str)
else:
# List all VPCs running on AWS account
existing_vpc = FindExistingResource(install_parameters["region"], install_parameters["client_ip"]).find_vpc()
if existing_vpc["success"] is True:
install_parameters["vpc_id"] = existing_vpc["message"]["id"]
install_parameters["vpc_cidr"] = existing_vpc["message"]["cidr"]
else:
sys.exit(1)
# List all Subnets
public_subnets = FindExistingResource(install_parameters["region"],
install_parameters["client_ip"]).get_subnets(install_parameters["vpc_id"], "public", [])
if public_subnets["success"] is True:
install_parameters["public_subnets"] = base64.b64encode(str(public_subnets["message"]).encode("utf-8")).decode("utf-8")
else:
print(f"{fg('red')}Error: {public_subnets['message']} {attr('reset')}")
sys.exit(1)
private_subnets = FindExistingResource(install_parameters["region"],
install_parameters["client_ip"]).get_subnets(install_parameters["vpc_id"], "private", public_subnets["message"])
if private_subnets["success"] is True:
install_parameters["private_subnets"] = base64.b64encode(str(private_subnets["message"]).encode("utf-8")).decode("utf-8")
else:
print(f"{fg('red')}Error: {private_subnets['message']} {attr('reset')}")
sys.exit(1)
vpc_azs = []
for subnet in public_subnets["message"] + private_subnets["message"]:
az = subnet.split(",")[1]
if az not in vpc_azs:
vpc_azs.append(az)
install_parameters["vpc_azs"] = ",".join(vpc_azs)
else:
install_parameters["vpc_cidr"] = args.vpc_cidr
while not re.match(cidr_regex, install_parameters["vpc_cidr"]):
print(f"{fg('red')} Invalid CIDR {install_parameters['vpc_cidr']}. Format must be x.x.x.x/x (eg: 10.0.0.0/16){attr('reset')}")
install_parameters["vpc_cidr"] = get_input("What CIDR do you want to use your your VPC? We recommend 10.0.0.0/16", None, None, str)
# Security Groups Configuration (only possible if user use an existing VPC)
if install_parameters["vpc_id"]:
choice_security_groups = get_input(f"[Step 8/{total_install_phases}] {install_phases[8]}", None, ["new", "existing"], str)
if choice_security_groups == "existing":
scheduler_sg = FindExistingResource(install_parameters["region"],
install_parameters["client_ip"]).get_security_groups(install_parameters["vpc_id"], "scheduler", [])
if scheduler_sg["success"] is True:
install_parameters["scheduler_sg"] = scheduler_sg["message"]
else:
print(f"{fg('red')}Error: {scheduler_sg['message']} {attr('reset')}")
sys.exit(1)
compute_node_sg = FindExistingResource(install_parameters["region"],
install_parameters["client_ip"]).get_security_groups(install_parameters["vpc_id"], "compute nodes", install_parameters["scheduler_sg"])
if compute_node_sg["success"] is True:
install_parameters["compute_node_sg"] = compute_node_sg["message"]
else:
print(f"{fg('red')}Error: {compute_node_sg['message']} {attr('reset')}")
sys.exit(1)
if install_props.Config.network.vpc_interface_endpoints:
vpc_endpoint_sg = FindExistingResource(install_parameters["region"],
install_parameters["client_ip"]).get_security_groups(install_parameters["vpc_id"], "vpc endpoints", install_parameters["scheduler_sg"])
if vpc_endpoint_sg["success"] is True:
install_parameters["vpc_endpoint_sg"] = vpc_endpoint_sg["message"]
else:
print(f"{fg('red')}Error: {vpc_endpoint_sg['message']} {attr('reset')}")
sys.exit(1)
else:
vpc_endpoint_sg = None
# Filesystem Configuration (only possible if user use an existing VPC)
if install_parameters["vpc_id"]:
choice_filesystem = get_input(f"[Step 9/{total_install_phases}] {install_phases[9]}", None, ["new", "existing"],str)
if choice_filesystem == "existing":
# List FS
fs_apps = FindExistingResource(install_parameters["region"], install_parameters["client_ip"]).get_fs("/apps", install_parameters["vpc_id"])
if fs_apps["success"] is True:
install_parameters["fs_apps_provider"] = fs_apps["provider"]
install_parameters["fs_apps"] = fs_apps["message"]
else:
print(f"{fg('red')}Error: {fs_apps['message']} {attr('reset')}")
sys.exit(1)
fs_data = FindExistingResource(install_parameters["region"], install_parameters["client_ip"]).get_fs("/data", install_parameters["vpc_id"], selected_fs=install_parameters["fs_apps"])
if fs_data["success"] is True:
install_parameters["fs_data_provider"] = fs_data["provider"]
install_parameters["fs_data"] = fs_data["message"]
if install_parameters["fs_data"] == install_parameters["fs_apps"]:
print(f"{fg('red')}Error: EFS/FSx for Lustre /apps and /data must be different {attr('reset')}")
sys.exit(1)
else:
print(f"{fg('red')}Error: {fs_data['message']} {attr('reset')}")
sys.exit(1)
# Verify SG permissions
if install_parameters["fs_apps"] or install_parameters["scheduler_sg"]:
FindExistingResource(install_parameters["region"], install_parameters["client_ip"]).validate_sg_rules(install_parameters, check_fs=True if install_parameters["fs_apps"] else False)
# AWS Directory Service Managed Active Directory configuration (only possible when using existing VPC)
if install_props.Config.directoryservice.provider == "activedirectory":
if install_parameters["vpc_id"]:
choice_mad = get_input(f"[Step 10/{total_install_phases}] {install_phases[10]}", None, ["new", "existing"],str)
if choice_mad == "existing":
directory_service = FindExistingResource(install_parameters["region"],
install_parameters["client_ip"]).find_directory_services(install_parameters["vpc_id"])
if directory_service["success"] is True:
install_parameters["directory_service_ds_user"] = get_input(f"Username of a domain user with admin permissions?", None, None, str)
install_parameters["directory_service_ds_user_password"] = get_input(f"Password of the domain user with admin permissions", None, None, str)
install_parameters["directory_service"] = directory_service["message"]["id"]
install_parameters["directory_service_shortname"] = directory_service["message"]["netbios"]
install_parameters["directory_service_name"] = directory_service["message"]["name"]
install_parameters["directory_service_dns"] = directory_service["message"]["dns"]
else:
print(f"{fg('red')}Error: {directory_service['message']} {attr('reset')}")
sys.exit(1)
# ElasticSearch Configuration (only possible when using existing VPC)
if install_parameters["vpc_id"]:
choice_es = get_input(f"[Step 11/{total_install_phases}] {install_phases[11]}", None, ["new", "existing"], str)
if choice_es == "existing":
elasticsearch_cluster = FindExistingResource(install_parameters["region"],
install_parameters["client_ip"]).find_elasticsearch(install_parameters["vpc_id"])
if elasticsearch_cluster["success"] is True:
install_parameters["es_endpoint"] = elasticsearch_cluster["message"]["endpoint"]
else:
print(f"{fg('red')}Error: {elasticsearch_cluster['message']} {attr('reset')}")
sys.exit(1)
else:
install_parameters["es_endpoint"] = None
# IAM Roles configuration (only possible when using existing VPC)
if install_parameters["vpc_id"]:
choice_iam_roles = get_input(f"[Step 12/{total_install_phases}] {install_phases[12]}", None, ["new", "existing"], str)
if choice_iam_roles == "existing":
scheduler_role = FindExistingResource(install_parameters["region"],
install_parameters["client_ip"]).get_iam_roles("scheduler")
if scheduler_role["success"] is True:
install_parameters["scheduler_role_name"] = scheduler_role["message"]["name"]
install_parameters["scheduler_role_arn"] = scheduler_role["message"]["arn"]
else:
print(f"{fg('red')}Error: {scheduler_role['message']} {attr('reset')}")
sys.exit(1)
if get_input(f"Was this role generated by a previous SOCA deployment? If yes, are you also using the same S3 bucket?", None, ["yes", "no"], str) == "yes":
install_parameters["scheduler_role_from_previous_soca_deployment"] = True
else:
get_input(f"[IMPORTANT] Make sure this role is assumed by 'ec2.amazon.com' and 'ssm.amazonaws.com'\n Type ok to continue ...", None, ["ok"], str, color="yellow")
compute_node_role = FindExistingResource(install_parameters["region"],
install_parameters["client_ip"]).get_iam_roles("compute nodes",
selected_roles=[install_parameters["scheduler_role_name"]])
if compute_node_role["success"] is True:
install_parameters["compute_node_role_name"] = compute_node_role["message"]["name"]
install_parameters["compute_node_role_arn"] = compute_node_role["message"]["arn"]
else:
print(f"{fg('red')}Error: {compute_node_role['message']} {attr('reset')}")
sys.exit(1)
if get_input(f"Was this role generated by a previous SOCA deployment?", None, ["yes", "no"], str) == "yes":
install_parameters["compute_node_role_from_previous_soca_deployment"] = True
else:
get_input(f"[IMPORTANT] Make sure this role is assumed by 'ec2.amazon.com' and 'ssm.amazonaws.com'\n Type ok to continue ...", None, ["ok"], str, color="yellow")
spotfleet_role = FindExistingResource(install_parameters["region"],
install_parameters["client_ip"]).get_iam_roles("spot fleet",
selected_roles=[install_parameters["scheduler_role_name"], install_parameters["compute_node_role_name"]])
if spotfleet_role["success"] is True:
install_parameters["spotfleet_role_name"] = spotfleet_role["message"]["name"]
install_parameters["spotfleet_role_arn"] = spotfleet_role["message"]["arn"]
else:
print(f"{fg('red')}Error: {spotfleet_role['message']} {attr('reset')}")
sys.exit(1)
if get_input(f"Was this role generated by a previous SOCA deployment?", None, ["yes", "no"], str) == "yes":
install_parameters["spotfleet_role_from_previous_soca_deployment"] = True
else:
get_input(f"[IMPORTANT] Make sure this role is assumed by 'spotfleet.amazonaws.com'\n Type ok to continue ...",None, ["ok"], str, color="yellow")