Deployment values
The following deployment values can be used to configure the Spectrum LSF cluster instance on IBM Cloud®:
| Value | Description | Is it required? | Default value |
|---|---|---|---|
enable_app_center |
Set to true to enable the IBM Spectrum LSF Application Center GUI (default: false). System requirements for IBM Spectrum LSF Application Center Version 10.2 Fix Pack 14. | No | false |
app_center_gui_pwd |
Password for IBM Spectrum LSF Application Center GUI. Note: Password should be at least 8 characters, must have one number, one lowercase letter, one uppercase letter, and at least one special character. | No | "" |
app_center_high_availability |
Set to false to disable the IBM Spectrum LSF Application Center GUI High Availability (default: true). If the value is set as true, provide a certificate instance crn under existing_certificate_instance value for the VPC load
balancer to enable HTTPS connections certificate instance requirements. |
No | true |
app_center_existing_certificate_instance |
When app_center_high_availability is enable/set as true, the Application Center will be configured for high availability and requires a Application Load Balancer Front End listener to use a certificate CRN value stored in the
Secret Manager. Provide the valid existing_certificate_instance to configure the Application load balancer. |
No | "" |
bastion_ssh_keys |
Provide the list of SSH key names configured in your IBM Cloud account to establish a connection to the Spectrum LSF bastion and login node. Make sure the SSH key exists in the same resource group and region where the cluster is being provisioned. To pass multiple SSH keys, use the format ["key-name-1", "key-name-2"]. If you don't have an SSH key in your IBM Cloud account, you can create one by following the provided SSH Keys. | Yes | None |
cluster_prefix |
The prefix is used to name the IBM Cloud LSF cluster and the resources provisioned to build the cluster instance. Each Spectrum LSF cluster must have a unique name, so ensure the prefix is distinct. It must begin with a lowercase letter and can only include lowercase letters, digits, and hyphens. Hyphens must be followed by a lowercase letter or digit, with no leading, trailing, or consecutive hyphens. The prefix length must be less than 16 characters. | No | "hpc-lsf" |
cluster_name |
Provide a unique cluster name that LSF uses to configure and group the cluster. Without this name, LSF cannot form a cluster, and the initial deployments will fail. The cluster name can be up to 39 alphanumeric characters and may include underscores (_), hyphens (-), and periods (.). Spaces and other special characters are not allowed. Avoid using the name of any host or user as the cluster name. Note that the cluster name cannot be changed after deployment. | Yes | None |
cluster_subnet_ids |
Provide the list of existing subnet ID under the existing VPC where the cluster will be provisioned. One subnet ID is required as input value. The management nodes, file storage shares, and compute nodes will be deployed in the same zone. | No | [] |
compute_ssh_keys |
Provide the list of SSH key names configured in your IBM Cloud account to establish a connection to the Spectrum LSF cluster node. Ensure the SSH key is present in the same resource group and region where the cluster is being provisioned. To pass multiple SSH keys, use the format ["key-name-1", "key-name-2"]. If you do not have an SSH key in your IBM Cloud account, create one by following the provided instructions SSH Keys. | Yes | None |
compute_image_name |
Name of the custom image that you want to use to create virtual server instances in your IBM Cloud account to deploy the IBM Cloud Spectrum LSF cluster compute (static/dynamic) nodes. By default, the solution uses a RHEL 8-10 base OS image with additional software packages mentioned here. If you would like to include your application-specific binary files, follow the instructions in Planning for custom images to create your own custom image and use that to build the lsf cluster through this offering. | No | "hpcaas-lsf10-rhel810-compute-v8" |
custom_file_shares |
Provide details for customizing your shared file storage layout, including mount points, sizes in GB, and IOPS ranges for up to five file shares. Each file share size in GB supports a different IOPS range. If the cluster requires creating more than 256 dynamic nodes, only provide the details of the NFS share and use "/mnt/lsf" as the mount path for the internal file share. If not, a default VPC file share will be created, which supports up to 256 nodes. For more information, see file share IOPS value. | No | [{"mount_path": "/mnt/vpcstorage/tools", "size": 100,"iops": 2000},{"mount_path": "/mnt/vpcstorage/data","size": 100,"iops": 6000},{"mount_path": "/mnt/scale/tools","nfs_share": ""}] |
cos_instance_name |
Provide the name of the existing COS instance where the logs for the enabled functionalities will be stored. | No | "" |
cos_expiration_days |
Specify the retention period for objects in COS buckets by setting the number of days after their creation for automatic expiration. This configuration helps manage storage efficiently by removing outdated or unnecessary data, reducing storage costs, and maintaining data lifecycle policies. Ensure that the specified duration aligns with your data retention and compliance requirements. | No | 30 |
dns_instance_id |
Provide the ID of an existing IBM Cloud DNS service instance to avoid creating a new one. Note: If dns_instance_id is not set to null, a new DNS zone will be created within the specified DNS service instance. |
No | "" |
dns_domain_name |
IBM Cloud DNS Services domain name to be used for the IBM Spectrum LSF cluster. | No | {compute = "lsf.com"} |
dns_custom_resolver_id |
Provide the ID of existing IBM Cloud DNS custom resolver to skip creating a new custom resolver. If the value is set to null, a new DNS custom resolver is created and associated to the VPC. Note: A VPC can be associated only to a single custom resolver, provide the ID of custom resolver if it is already associated to the VPC. | No | "" |
enable_cos_integration |
Set to true to create an extra cos bucket to integrate with HPC cluster deployment. | No | false |
enable_vpc_flow_logs |
This flag determines whether VPC flow logs are enabled. When set to true, a flow log collector will be created to capture and monitor network traffic data within the VPC. Enabling flow logs provides valuable insights for troubleshooting, performance monitoring, and security auditing by recording information about the traffic passing through your VPC. Consider enabling this feature to enhance visibility and maintain robust network management practices. | No | true |
enable_fip |
The solution supports multiple ways to connect to your IBM Spectrum LSF cluster. For example, using a login node, or using VPN or direct connection. If connecting to the lsf cluster using VPN or direct connection, set this value to false. | No | true |
enable_ldap |
Set this option to true to enable LDAP for IBM Spectrum LSF, with the default value set to false. | No | false |
enable_dedicated_host |
Set this option to true to enable dedicated hosts for the VSI created for workload servers. The default value is false. When a dedicated host is enabled, the solution supports only static worker nodes with a single profile, and multiple profile combinations are not supported. For example, you can select a profile from a single family, such as bx2, cx2, or mx2. If you are provisioning a static cluster with a third-generation profile, ensure that dedicated hosts are supported in the chosen regions, as not all regions support dedicated hosts for third-gen profiles. To learn more about dedicated host, click here | No | false |
existing_bastion_instance_name |
Provide the name of the bastion instance. If none given then new bastion will be created. | No | "" |
existing_bastion_instance_public_ip |
Provide the public IP address of the bastion instance to establish the remote connection. | No | "" |
existing_bastion_security_group_id |
Specify the security group ID for the bastion server. This ID will be added as an allowlist rule on the HPC cluster nodes to facilitate secure SSH connections through the bastion node. By restricting access through a bastion server, this setup enhances security by controlling and monitoring entry points into the cluster environment. Ensure that the specified security group is correctly configured to permit only authorized traffic for secure and efficient management of cluster resources. | No | "" |
existing_bastion_ssh_private_key |
Provide the private SSH key (named id_rsa) used during the creation and configuration of the bastion server to securely authenticate and connect to the bastion server. This allows access to internal network resources from a secure entry point. Note: The corresponding public SSH key (named id_rsa.pub) must already be available in the ~/.ssh/authorized_keys file on the bastion host to establish authentication. | No | "" |
hyperthreading_enabled |
Enabling this setting (true by default) allows hyper-threading on the nodes of the cluster, improving overall processing efficiency by permitting each CPU core to execute multiple threads simultaneously. If set to false, hyperthreading will be disabled, which may be preferable for certain workloads requiring dedicated, non-threaded CPU resources for optimal performance. Carefully consider the nature of your computational tasks when configuring this option to achieve the best balance between performance and resource utilization. | No | true |
ibmcloud_api_key |
IBM Cloud API key for the IBM Cloud account where the IBM Spectrum LSF cluster needs to be deployed. For more information on how to create an API key, see Managing user API keys. | Yes | None |
key_management |
Set the value as key_protect to enable user managed encryption for boot volume and file share. If the key_management is set as null, IBM Cloud resources will be always be encrypted through provider managed. |
No | "key_protect" |
kms_instance_name |
Provide the name of the existing Key Protect instance associated with the Key Management Service. Note: To use existing kms_instance_name set key_management as key_protect. The name can be found under the details of the KMS, see View key-protect ID. | No | "" |
kms_key_name |
Provide the existing kms key name that you want to use for the IBM Spectrum LSF cluster. Note: kms_key_name to be considered only if key_management value is set as key_protect (for example kms_key_name: my-encryption-key). |
No | "" |
login_subnet_id |
Provide the list of existing subnet ID under the existing VPC, where the login/bastion server will be provisioned. One subnet ID is required as input value for the creation of login node and bastion in the same zone as the management nodes. Note: Provide a different subnet ID for login_subnet_id, do not overlap or provide the same subnet ID that was already provided for cluster_subnet_ids. | No | "" |
login_node_instance_type |
Specify the virtual server instance profile type to be used to create the login node for the IBM Spectrum LSF cluster. For choices on profile types, see Instance profiles. | No | "bx2-2x8" |
login_image_name |
Name of the custom image that you want to use to create virtual server instances in your IBM Cloud account to deploy the IBM Cloud Spectrum LSF cluster login node. By default, the solution uses a RHEL 8-10 OS image with additional software packages mentioned here. If you would like to include your application-specific binary files, follow the instructions in Planning for custom images to create your own custom image and use that to build the lsf cluster through this offering. | No | "hpcaas-lsf10-rhel810-compute-v8" |
ldap_basedns |
The dns domain name is used for configuring the LDAP server. If an LDAP server is already in existence, ensure to provide the associated DNS domain name. | No | "lsf.com" |
ldap_server |
Provide the IP address for the existing LDAP server. If no address is given, a new LDAP server will be created. | No | "" |
ldap_server_cert |
Provide the existing LDAP server certificate. This value is required if the ldap_server variable is not set to null. If the certificate is not provided or is invalid, the LDAP configuration may fail. For more information on
how to create or obtain the certificate, refer existing LDAP server certificate. |
No | "" |
ldap_admin_password |
The LDAP administrative password should be 8 to 20 characters long, with a mix of at least three alphabetic characters, including one uppercase and one lowercase letter. It must also include two numerical digits and at least one special character from (~@_+:) are required. It is important to avoid including the username in the password for enhanced security.[This value is ignored for an existing LDAP server]. | No | "" |
ldap_user_name |
Custom LDAP User for performing cluster operations. Note: Username should be between 4 to 32 characters, (any combination of lowercase and uppercase letters).[This value is ignored for an existing LDAP server] | No | "" |
ldap_user_password |
The LDAP user password should be 8 to 20 characters long, with a mix of at least three alphabetic characters, including one uppercase and one lowercase letter. It must also include two numerical digits and at least one special character from (~@_+:) are required.It is important to avoid including the username in the password for enhanced security.[This value is ignored for an existing LDAP server]. | No | "" |
ldap_vsi_profile |
Specify the virtual server instance profile type to be used to create the ldap node for the IBM Spectrum LSF cluster. For choices on profile types, see Instance profiles. | No | "cx2-2x4" |
ldap_vsi_osimage_name |
Image name to be used for provisioning the LDAP instances. By default ldap server are created on Ubuntu based OS flavour. | No | "ibm-ubuntu-22-04-4-minimal-amd64-3" |
management_image_name |
Name of the custom image that you want to use to create virtual server instances in your IBM Cloud account to deploy the IBM Cloud Spectrum LSF cluster management nodes. By default, the solution uses a RHEL810 base image with additional software packages mentioned here. If you would like to include your application-specific binary files, follow the instructions in Planning for custom images to create your own custom image and use that to build the lsf cluster through this offering. | No | "hpc-lsf10-rhel810-v1" |
management_node_instance_type |
Specify the virtual server instance profile type to be used to create the management nodes for the IBM Cloud LSF cluster. For choices on profile types, see Instance profiles. | No | "bx2-16x64" |
management_node_count |
Specify the total number of management nodes, with a value between 1 and 10. | No | 3 |
observability_atracker_enable |
Configures Activity Tracker Event Routing to determine how audit events routed. While multiple Activity Tracker Event Routing can be created, only one is needed to capture all events. If an existing Activity Tracker is already integrated with a COS bucket or IBM Cloud Logs instance, set this value to false to avoid creating redundant trackers. All events can then be monitored and accessed through the existing tracker. | No | true |
observability_atracker_target_type |
Determines where all events can be stored based on the user input. Select the desired target type to retrieve or capture events into your system. | No | "cloudlogs" |
observability_logs_enable_for_management |
Set this value as false to disable the IBM Cloud Logs integration. If enabled, infrastructure and LSF application logs from management nodes will be captured. | No | false |
observability_logs_enable_for_compute |
Set this value as false to disables the IBM Cloud Logs integration. If enabled, infrastructure and LSF application logs from compute nodes (static nodes or worker nodes) will be captured. | No | false |
observability_enable_platform_logs |
Setting this value as true creates a tenant in the same region in which the IBM® Cloud Logs instance is provisioned to enable platform logs for that region. Note: You can only have 1 tenant per region in an account. | No | false |
observability_enable_metrics_routing |
Enable the metrics routing to manage metrics at the account level by configuring targets and routes that define how the data points are routed. | No | false |
observability_logs_retention_period |
The number of days IBM Cloud Logs retains the logs data in priority insights. By default the value is set as 7, but the allowed values are 14, 30, 60, and 90. | No | 7 |
observability_monitoring_enable |
Set this value as false to disable the IBM Cloud Monitoring integration. If enabled, infrastructure and LSF application metrics only from management nodes will be captured. | No | true |
observability_monitoring_on_compute_nodes_enable |
Set this value as false to disable IBM Cloud Monitoring integration. If enabled, infrastructure metrics from both static and dynamic compute nodes will be captured. | No | false |
observability_monitoring_plan |
This is a type of service plan for IBM Cloud Monitoring instance. You can choose one of the following: lite or graduated-tier. For all details visit IBM Cloud Monitoring Service Plans. | No | "graduated-tier" |
existing_resource_group |
Specify the name of the existing resource group in your IBM Cloud account where VPC resources will be deployed. By default, the resource group is set to 'Default.' In some older accounts, it may be 'default,' so verify the resource group name before proceeding. If the value is set to "null", the automation will create two separate resource groups: 'workload-rg' and 'service-rg.' For more details, see Managing resource groups. | No | Default |
remote_allowed_ips |
Comma-separated list of IP addresses that can access the IBM Spectrum LSF cluster instance through an SSH interface. For security purposes, provide the public IP addresses assigned to the devices that are authorized to establish SSH connections (for example, ["169.45.117.34"]). To fetch the IP address of the device, use https://ipv4.icanhazip.com/. | Yes | None |
storage_security_group_id |
Provide the storage security group ID from the Spectrum Scale storage cluster if the mount_path in the cluster_file_share variable is set to use Scale fileset mount points. This security group is essential for establishing connections
between the Spectrum LSF cluster nodes and NFS mount points, ensuring the nodes can access the specified mount points. |
No | "" |
scc_enable |
Flag to enable SCC instance creation. If true, an instance of SCC (Security and Compliance Center) will be created. | No | true |
scc_profile |
Profile to be set on the SCC instance (accepting empty, 'CIS IBM Cloud Foundations Benchmark v1.1.0' and 'IBM Cloud Framework for Financial Services') | No | "CIS IBM Cloud Foundations Benchmark" |
scc_location |
Location where the SCC instance is provisioned (possible choices 'us-south', 'eu-de', 'ca-tor', 'eu-es') | No | "us-south" |
scc_event_notification_plan |
Event Notifications Instance plan to be used (it is used with S.C.C. instance), possible values 'lite' and 'standard'. | No | "lite" |
skip_iam_block_storage_authorization_policy |
When using an existing KMS instance name, set this value to true if authorization is already enabled between KMS instance and the block storage volume. Otherwise, default is set to false. Ensuring proper authorization avoids access issues during deployment.For more information on how to create authorization policy manually, see creating authorization policies for block storage volume. | No | false |
skip_iam_share_authorization_policy |
When using an existing KMS instance name, set this value to true if authorization is already enabled between KMS instance and the VPC file share. Otherwise, default is set to false. Ensuring proper authorization avoids access issues during deployment.For more information on how to create authorization policy manually, see creating authorization policies for VPC file share. | No | false |
skip_flowlogs_s2s_auth_policy |
When using an existing COS instance, set this value to true if authorization is already enabled between COS instance and the flow logs service. Otherwise, default is set to false. Ensuring proper authorization avoids access issues during deployment. | No | false |
vpc_name |
Name of an existing VPC in which the cluster resources will be deployed. If no value is given, then a new VPC will be provisioned for the cluster. Learn more. | No | "" |
vpc_cidr |
Creates the address prefix for the new VPC, when the vpc_name variable is empty. The VPC requires an address prefix for creation of subnet in a single zone. The subnet are created with the specified CIDR blocks. For more information, see Setting IP ranges. | No | "10.241.0.0/18" |
vpc_cluster_private_subnets_cidr_blocks |
Provide the CIDR block required for the creation of the compute cluster's private subnet. One CIDR block is required. If using a hybrid environment, modify the CIDR block to avoid conflicts with any on-premises CIDR blocks. Ensure the selected CIDR block size can accommodate the maximum number of management and dynamic compute nodes expected in your cluster. For more information on CIDR block size selection, refer to the documentation, see Choosing IP ranges for your VPC. | No | "10.241.0.0/20" |
vpc_cluster_login_private_subnets_cidr_blocks |
Provide the CIDR block required for the creation of the login cluster's private subnet. Only one CIDR block is needed. If using a hybrid environment, modify the CIDR block to avoid conflicts with any on-premises CIDR blocks. Since the login subnet is used only for the creation of login virtual server instances, provide a CIDR range of /28. | No | "10.241.16.0/28" |
vpn_enabled |
Set the value as true to deploy a VPN gateway for VPC in the cluster. | No | false |
worker_node_instance_type |
The minimum number of worker nodes represents the static nodes provisioned during cluster creation. The solution supports different instance types, so specify the node count based on the requirements for each instance profile. For dynamic node provisioning, the automation will select the first profile from the list. Ensure sufficient account-level capacity if specifying a higher instance profile.. For choices on profile types, see Instance profiles. | No | [{"count": 0,"instance_type": "bx2-4x16"},{"count": 0,"instance_type": "cx2-8x16"}] |
worker_node_max_count |
The maximum number of worker nodes that can be deployed in the Spectrum LSF cluster. In order to use the Resource Connector feature to dynamically
create and delete worker nodes based on workload demand, the value selected for this parameter must be larger than the total count of worker_node_instance_type. If you plan to deploy only static worker nodes in the LSF cluster. |
No | 10 |
zones |
Specify the IBM Cloud zone within the chosen region where the IBM Spectrum LSF cluster will be deployed. A single zone input is required, and the management nodes, file storage shares, and compute nodes will all be provisioned in this zone. Learn more. | No | "us-east-1" |