diff --git a/docs/tre-templates/shared-services/cyclecloud.md b/docs/tre-templates/shared-services/cyclecloud.md index e92f67ea29..147d136354 100644 --- a/docs/tre-templates/shared-services/cyclecloud.md +++ b/docs/tre-templates/shared-services/cyclecloud.md @@ -64,7 +64,7 @@ ls /etc/yum.repos.d/*.repo | xargs sed -i "s,# baseurl=https://repo.almalinux.or yum -y install epel-release ls /etc/yum.repos.d/*.repo | xargs sed -i 's/metalink/# metalink/g' -ls /etc/yum.repos.d/*.repo | xargs sed -i "s,#baseurl=https://download.fedoraproject.org/,baseurl=https://nexus-$TRE_ID.$REGION.cloudapp.azure.com/repository/fedoraproject/,g" +ls /etc/yum.repos.d/*.repo | xargs sed -i "s,#baseurl=https://download.example/pub/epel/,baseurl=https://nexus-$TRE_ID.$REGION.cloudapp.azure.com/repository/fedoraproject/pub/epel/,g" yum -y install python3 python3-pip @@ -83,6 +83,8 @@ gpgcheck=1 gpgkey=https://nexus-$TRE_ID.$REGION.cloudapp.azure.com/repository/microsoft-keys/microsoft.asc EOF +rpm --import https://nexus-$TRE_ID.$REGION.cloudapp.azure.com/repository/almalinux/almalinux/RPM-GPG-KEY-AlmaLinux + ``` - Click Save. diff --git a/templates/shared_services/cyclecloud/porter.yaml b/templates/shared_services/cyclecloud/porter.yaml index 6e539d1e62..df1a57d4eb 100644 --- a/templates/shared_services/cyclecloud/porter.yaml +++ b/templates/shared_services/cyclecloud/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-cyclecloud -version: 0.5.6 +version: 0.6.3 description: "An Azure TRE Shared Service Template for Azure Cyclecloud" registry: azuretre dockerfile: Dockerfile.tmpl @@ -53,6 +53,11 @@ outputs: applyTo: - install - upgrade + - name: shared_subnet_address_prefixes + type: string + applyTo: + - install + - upgrade mixins: @@ -67,10 +72,6 @@ install: description: "Deploy Cyclecloud shared service" vars: tre_id: ${ bundle.parameters.tre_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } - arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_use_msi: ${ bundle.parameters.arm_use_msi } tre_resource_id: ${ bundle.parameters.id } arm_environment: ${ bundle.parameters.arm_environment } backendConfig: @@ -80,16 +81,13 @@ install: key: ${ bundle.parameters.id } outputs: - name: connection_uri + - name: shared_subnet_address_prefixes upgrade: - terraform: description: "Update Cyclecloud shared service" vars: tre_id: ${ bundle.parameters.tre_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } - arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_use_msi: ${ bundle.parameters.arm_use_msi } tre_resource_id: ${ bundle.parameters.id } arm_environment: ${ bundle.parameters.arm_environment } backendConfig: @@ -99,16 +97,13 @@ upgrade: key: ${ bundle.parameters.id } outputs: - name: connection_uri + - name: shared_subnet_address_prefixes uninstall: - terraform: description: "Delete the Cyclecloud shared service" vars: tre_id: ${ bundle.parameters.tre_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } - arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_use_msi: ${ bundle.parameters.arm_use_msi } tre_resource_id: ${ bundle.parameters.id } arm_environment: ${ bundle.parameters.arm_environment } backendConfig: diff --git a/templates/shared_services/cyclecloud/template_schema.json b/templates/shared_services/cyclecloud/template_schema.json index cc2b88dd80..8a5031a514 100644 --- a/templates/shared_services/cyclecloud/template_schema.json +++ b/templates/shared_services/cyclecloud/template_schema.json @@ -4,8 +4,200 @@ "type": "object", "title": "Azure CycleCloud", "description": "Azure CycleCloud is an enterprise-friendly tool for orchestrating and managing High Performance Computing (HPC) environments on Azure.", - "required": [ - ], + "required": [], "properties": { + "display_name": { + "type": "string", + "title": "Name for the shared service", + "description": "The name of the shared service to be displayed to users", + "default": "CycleCloud", + "updateable": true + }, + "description": { + "type": "string", + "title": "Description of the shared service", + "description": "Description of the shared service", + "default": "Manage HPC environments on Azure", + "updateable": true + }, + "overview": { + "type": "string", + "title": "Workspace Service Overview", + "description": "Long form description of the shared service, in markdown syntax", + "default": "Azure CycleCloud is an enterprise-friendly tool for orchestrating and managing High Performance Computing (HPC) environments on Azure.", + "updateable": true + } + }, + "pipeline": { + "install": [ + { + "stepId": "main" + }, + { + "stepId": "42024559-3a88-4518-b1ea-713aebc91cfd", + "stepTitle": "Add CycleCloud rule collection to firewall", + "resourceTemplateName": "tre-shared-service-firewall", + "resourceType": "shared-service", + "resourceAction": "upgrade", + "properties": [ + { + "name": "network_rule_collections", + "type": "array", + "arraySubstitutionAction": "replace", + "arrayMatchField": "name", + "value": { + "name": "nrc_svc_{{ resource.id }}_cyclecloud", + "action": "Allow", + "rules": [ + { + "name": "Cyclecloud_Dependancies", + "description": "Cyclecloud Dependancies", + "source_addresses": "{{ resource.properties.shared_subnet_address_prefixes }}", + "destination_addresses": [ + "AzureResourceManager" + ], + "destination_ports": [ + "443" + ], + "protocols": [ + "TCP" + ] + } + ] + } + }, + { + "name": "rule_collections", + "type": "array", + "arraySubstitutionAction": "replace", + "arrayMatchField": "name", + "value": { + "name": "arc_svc_{{ resource.id }}_cyclecloud", + "action": "Allow", + "rules": [ + { + "name": "cyclecloud", + "description": "CycleCloud", + "protocols": [ + { + "port": "443", + "type": "Https" + } + ], + "target_fqdns": [ + "github.com", + "api.github.com", + "codeload.github.com", + "objects.githubusercontent.com" + ], + "source_addresses": "{{ resource.properties.shared_subnet_address_prefixes }}" + } + ] + } + } + ] + } + ], + "upgrade": [ + { + "stepId": "main" + }, + { + "stepId": "c3f95f9f-d125-4937-9403-84e4957a26b8", + "stepTitle": "Add CycleCloud rule collection from firewall", + "resourceTemplateName": "tre-shared-service-firewall", + "resourceType": "shared-service", + "resourceAction": "upgrade", + "properties": [ + { + "name": "network_rule_collections", + "type": "array", + "arraySubstitutionAction": "replace", + "arrayMatchField": "name", + "value": { + "name": "nrc_svc_{{ resource.id }}_cyclecloud", + "action": "Allow", + "rules": [ + { + "name": "Cyclecloud_Dependancies", + "description": "Cyclecloud Dependancies", + "source_addresses": "{{ resource.properties.shared_subnet_address_prefixes }}", + "destination_addresses": [ + "AzureResourceManager" + ], + "destination_ports": [ + "443" + ], + "protocols": [ + "TCP" + ] + } + ] + } + }, + { + "name": "rule_collections", + "type": "array", + "arraySubstitutionAction": "replace", + "arrayMatchField": "name", + "value": { + "name": "arc_svc_{{ resource.id }}_cyclecloud", + "action": "Allow", + "rules": [ + { + "name": "cyclecloud", + "description": "CycleCloud", + "protocols": [ + { + "port": "443", + "type": "Https" + } + ], + "target_fqdns": [ + "github.com", + "api.github.com", + "codeload.github.com", + "objects.githubusercontent.com" + ], + "source_addresses": "{{ resource.properties.shared_subnet_address_prefixes }}" + } + ] + } + } + ] + } + ], + "uninstall": [ + { + "stepId": "c3f95f9f-d125-4937-9403-84e4957a26a8", + "stepTitle": "Remove CycleCloud rule collection from firewall", + "resourceTemplateName": "tre-shared-service-firewall", + "resourceType": "shared-service", + "resourceAction": "upgrade", + "properties": [ + { + "name": "network_rule_collections", + "type": "array", + "arraySubstitutionAction": "remove", + "arrayMatchField": "name", + "value": { + "name": "nrc_svc_{{ resource.id }}_cyclecloud" + } + }, + { + "name": "rule_collections", + "type": "array", + "arraySubstitutionAction": "remove", + "arrayMatchField": "name", + "value": { + "name": "arc_svc_{{ resource.id }}_cyclecloud" + } + } + ] + }, + { + "stepId": "main" + } + ] } } diff --git a/templates/shared_services/cyclecloud/terraform/outputs.tf b/templates/shared_services/cyclecloud/terraform/outputs.tf index d30aeb6dbf..d6b7b5c87d 100644 --- a/templates/shared_services/cyclecloud/terraform/outputs.tf +++ b/templates/shared_services/cyclecloud/terraform/outputs.tf @@ -1,3 +1,7 @@ output "connection_uri" { value = "https://${azurerm_private_dns_zone.cyclecloud.name}" } + +output "shared_subnet_address_prefixes" { + value = data.azurerm_subnet.shared.address_prefixes +}