© Copyright 2024, Intel Corporation
This module provides the functionality to ensure that you are utilizing Intel's latest generation processor in the creation of a virtual machine in GCP.
This collection included 3 roles and 4 playbooks.
Role:- Ansible roles are a way to reuse and organize your Ansible code. They are self-contained units that contain all the files and configuration needed to automate a specific task. Roles are defined using a directory structure with specific directories for tasks, variables, files, templates, and other artifacts. This structure makes it easy to find and reuse code, and it also makes it easy to extend behaviour of roles.
To use a role in an Ansible playbook, you simply need to list it in the roles section of the playbook. Ansible will then automatically load the role and execute its tasks.
For this module, there are 3 roles.
- gcp_linux_fastchat_simple It creates GCP C3 4th Gen Xeon(code named Sapphire Rapids) & Intel® Optimized Cloud Recipe for FastChat
- gcp_linux_stable_diffusion It creates GCP C3 4th Gen Xeon(code named Sapphire Rapids) & Intel® Optimized Cloud Recipe for Stable Diffusion
- gcp_rhel_vm It creates a Red Hat Enterprise Linux (RHEL) VM on the Intel Sapphire Rapids CPU with an Intel Sapphire Rapids c3-standard-4.
** **Playbook:- An Ansible playbook is a YAML file that describes the tasks, are composed of a series of plays, which are groups of tasks that are executed in a specific order. Each play defines a set of tasks that should be executed on a specific group of hosts. Playbooks can also include variables, which can be used to store data that is used by the tasks. This makes it easy to reuse playbooks for different environments and configurations. for this module. For this module, there are 4 playbooks:
- Playbook intel_gcp_vm.yml - Used to create an GCP VM, it uses Terraform module terraform-intel-gcp-vm and being called by Ansible module community.general.terraform
- Playbook intel_gcp_linux_fastchat_simple.yml - It executes role called gcp_linux_fastchat_simple
- Playbook intel_gcp_linux_stable_diffusion.yml - It executes role called gcp_linux_stable_diffusion
- Playbook intel_gcp_rhel_vm.yml - It executes role called gcp_rhel_vm
.
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── galaxy.yml
├── hosts
├── playbooks
│ ├── intel_gcp_linux_fastchat_simple.yml
│ ├── intel_gcp_linux_stable_diffusion.yml
│ └── intel_gcp_rhel_vm.yml
├── README.md
├── requirements.txt
├── requirements.yml
├── roles
│ ├── gcp_linux_fastchat_simple
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── meta
│ │ │ └── main.yml
│ │ ├── README.md
│ │ ├── tasks
│ │ │ ├── cloud_init_config.yml
│ │ │ ├── download_tf_module.yml
│ │ │ ├── fastchat.yml
│ │ │ ├── fw_security.yml
│ │ │ ├── main.yml
│ │ │ └── read_tfstate.yml
│ │ ├── tests
│ │ │ ├── inventory
│ │ │ └── test.yml
│ │ └── vars
│ │ └── main.yml
│ ├── gcp_linux_stable_diffusion
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── files
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── meta
│ │ │ └── main.yml
│ │ ├── README.md
│ │ ├── tasks
│ │ │ ├── cloud_init_config.yml
│ │ │ ├── download_tf_module.yml
│ │ │ ├── fw_security.yml
│ │ │ ├── main.yml
│ │ │ ├── read_tfstate.yml
│ │ │ └── stable_diffusion.yml
│ │ ├── templates
│ │ ├── tests
│ │ │ ├── inventory
│ │ │ └── test.yml
│ │ └── vars
│ │ └── main.yml
│ └── gcp_rhel_vm
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ ├── download_tf_module.yml
│ │ ├── main.yml
│ │ ├── output.yml
│ │ └── rhel_vm.yml
│ ├── templates
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ └── vars
│ └── main.yml
└── security.md
Name | Version |
---|---|
Terraform | =1.5.7 |
Google Cloud CLI | ~> 455.0.0 |
Random | ~>3.4.3 |
Ansible Core | ~>2.14.2 |
Ansible | ~>7.2.0-1 |
Requests | ~> 2.18.4 |
Google-auth | ~>1.3.0 |
Cryptography | ~>41.0.5 |
Note:
- Install requirements using
requirements.txt
andrequirements.yml
, Use below command:pip3 install -r requirements.txt ansible-galaxy install -r requirements.yml
- Above role requires
Terraform
as we are executing terraform module terraform-intel-gcp-vm using Ansible module called community.general.terraform
-
Case 1:- When user's needs can be met with the default configuration, and they want to install a collection from Ansible Galaxy to the default location (as a third-party collection), it is recommended to use the following command:
ansible-galaxy collection install <intel.ansible-intel-gcp-vm>
-
Case 2:- When user's needs cannot be met with the default configuration, wants to extend/modify existing configuration and flow, they can install collection using Ansible Galaxy in user's define location. Use below approaches:
-
ansible-galaxy collection install -p <local path> <intel.ansible-intel-gcp-vm>
Note: collection will download collection, you can remove as per need.
-
Download source and copy role directory to your Ansible boilerplate from GitHub (used to extended behavior of role)
git clone https://github.com/OTCShare2/ansible-intel-gcp-vm.git cd ansible-intel-gcp-vm cp -r role/gcp_linux_fastchat_simple /<your project path>/
-
- Download and Install Google Cloud CLI: https://cloud.google.com/sdk/docs/install
- GCP account access configured: https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference.html#running-terraform-on-your-workstation
Use playbook to execute Terraform module terraform-intel-gcp-vm using Ansible module community.general.terraform as below
- hosts: localhost
vars:
terraform_source: https://github.com/intel/terraform-intel-gcp-vm.git
tasks:
- set_fact:
terraform_module_download_path: '/home/{{ansible_env.USER}}/terraform/main/intel_gcp_vm/'
- name: Clone a github repository
git:
repo: '{{ terraform_source }}'
dest: '{{ terraform_module_download_path }}'
clone: yes
update: yes
version: main
- name: GCP VM Module
community.general.terraform:
project_path: '{{ terraform_module_download_path }}'
state: absent
force_init: true
complex_vars: true
# for additional variables
# https://github.com/intel/terraform-intel-gcp-vm/blob/main/variables.tf
variables:
name: gcp-vm-playbook
project: "fluid-tuner-405104"
boot_image_project: "ubuntu-os-cloud"
boot_image_family: "ubuntu-2204-lts"
zone: "us-central1-a"
machine_type: "e2-micro"
allow_stopping_for_update: true
register: vm_output
- debug:
var: vm_output
Use below Command:
ansible-playbook intel_gcp_vm.yml
- name: GCP VM Module
community.general.terraform:
project_path: '{{ terraform_module_download_path }}'
state: planned
force_init: true
complex_vars: true
# for additional variables
# https://github.com/intel/terraform-intel-gcp-vm/blob/main/variables.tf
variables:
name: gcp-vm-playbook
- name: GCP VM Module
community.general.terraform:
project_path: '{{ terraform_module_download_path }}'
state: present
force_init: true
complex_vars: true
# for additional variables
# https://github.com/intel/terraform-intel-gcp-vm/blob/main/variables.tf
variables:
name: gcp-vm-playbook
- name: GCP VM Module
community.general.terraform:
project_path: '{{ terraform_module_download_path }}'
state: absent
force_init: true
complex_vars: true
# for additional variables
# https://github.com/intel/terraform-intel-gcp-vm/blob/main/variables.tf
variables:
name: gcp-vm-playbook
Role Name |
---|
gcp_linux_fastchat_simple |
gcp_linux_stable_diffusion |
gcp_rhel_vm |
Name | Description | Type | Default | Required |
---|---|---|---|---|
access_config | Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet. If omitted, ssh provisioners will not work unless Terraform can send traffic to the instance's network. This can be represented as multiple maps | list(object({ |
[] |
no |
allow_stopping_for_update | If true, allows Terraform to stop the instance to update its properties | bool |
null |
no |
automatic_restart | Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user). | bool |
true |
no |
boot_disk_auto_delete | Whether the disk will be auto-deleted when the instance is deleted. | bool |
true |
no |
boot_disk_byo_encryption_key | A 256-bit [customer-supplied encryption key] (https://cloud.google.com/compute/docs/disks/customer-supplied-encryption), encoded in RFC 4648 base64 to encrypt this disk. | string |
null |
no |
boot_disk_labels | A set of key/value label pairs assigned to the disk. This field is only applicable for persistent disks. | map(string) |
{} |
no |
boot_disk_mode | The mode in which to attach this disk, either READ_WRITE or READ_ONLY. | string |
"READ_WRITE" |
no |
boot_disk_size | Size of the OS disk | number |
100 |
no |
boot_disk_source | The name or self_link of the existing disk (such as those managed by google_compute_disk) or disk image. | string |
null |
no |
boot_disk_type | Disk type associated with the OS disk. Values can be either pd-ssd, local-ssd, or pd-standard | string |
"pd-ssd" |
no |
boot_image_family | The image from which to initialize this disk | string |
"ubuntu-2204-lts" |
no |
boot_image_project | The ID of the project in which the source image resides. | string |
"ubuntu-os-cloud" |
no |
can_ip_forward | Conditional that allows sending and receiving of packets with non-matching source or destination IPs. | bool |
false |
no |
deletion_protection | Enable deletion protection on this instance | bool |
false |
no |
description | A brief description of this resource | string |
"Intel accelerated virtual machine." |
no |
desired_status | Desired status of the instance. | string |
"RUNNING" |
no |
enable_integrity_monitoring | Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. | bool |
true |
no |
enable_nested_virtualization | Boolean that specifies if nested virtualization should be enabled or disabled on the instance. | bool |
false |
no |
enable_secure_boot | Verify the digital signature of all boot components, and halt the boot process if signature verification fails. | bool |
false |
no |
enable_vtpm | Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. | bool |
true |
no |
hostname | A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid | string |
null |
no |
ipv6_access_config | Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet. If omitted, ssh provisioners will not work unless Terraform can send traffic to the instance's network. This can be represented as multiple maps | list(object({ |
[] |
no |
machine_type | The machine type to create | string |
"c3-standard-4" |
no |
name | A unique name for the resource, required by GCE. Changing this forces a new resource to be created. | string |
n/a | yes |
network | The name or self_link of the network to attach this interface to. | string |
"default" |
no |
network_ip | The private IP address to assign to the instance. If empty, the address will be automatically assigned. | string |
"" |
no |
nic_type | The type of vNIC to be used on this compute instance. | string |
null |
no |
on_host_maintenance | Describes maintenance behavior for the instance. Can be MIGRATE or TERMINATE | string |
"MIGRATE" |
no |
preemptible | Specifies if the instance is preemptible. If this field is set to true, then automatic_restart must be set to false. | bool |
false |
no |
project | The ID of the project in which the resource resides. | string |
"" |
no |
provisioning_model | Describe the type of preemptible VM. This field accepts the value STANDARD or SPOT | string |
"STANDARD" |
no |
service_account | Service account and scopes that will be associated with the GCE instance. | object({ |
{} |
no |
stack_type | he stack type for this network interface to identify whether the IPv6 feature is enabled or not. | string |
"IPV4_ONLY" |
no |
subnetwork | The name or self_link of the subnetwork to attach this interface to. Either network or subnetwork must be provided. | string |
null |
no |
subnetwork_project | The project in which the subnetwork belongs. If the subnetwork is a name and this field is not provided, the provider project is used. | string |
null |
no |
tags | A list of network tags to attach to the instance | list(string) |
[] |
no |
termination_action | The action that will be applied to the instance when it is terminated. | string |
null |
no |
threads_per_core | The action that will be applied to the instance when it is terminated. | number |
null |
no |
user_data | User data to be placed on the instance. Used to place cloud-init on VMs | string |
null |
no |
visible_core_count | The number of physical cores to expose to an instance. | number |
null |
no |
zone | The zone that the machine should be created in. If it is not provided, the provider zone is used. | string |
null |
no |
Name | Description |
---|---|
boot_disk_size | Size of the boot disk of the instance |
cpu_platform | The CPU platform of the VM instance |
current_status | Current status of the VM instance |
id | An identifier for the resource |
instance_id | The server-assigned unique identifier of this instance |
machine_type | Type of the machine created |
min_cpu_platform | Minimum CPU platform for the VM instance |
name | Unique name of the instance created |
private_ip | Internal IP address of the instance |
public_ip | Public IP address of the instance |
self_link | The URI of the created resource |