akkornel
commented
3 years ago Done in e0b15541590d74e68c30b5ee7c83543389b546a1 and 83c38d37d15b8c70ac2718fbfdd10d1ed767d2f1 and cd15c8d6276d6428a37a5d6bc4f4f274416bd59c.
Closed akkornel closed 3 years ago
akkornel
commented
3 years ago Done in e0b15541590d74e68c30b5ee7c83543389b546a1 and 83c38d37d15b8c70ac2718fbfdd10d1ed767d2f1 and cd15c8d6276d6428a37a5d6bc4f4f274416bd59c.
There are several operations that are better done on some sort of management node.
The management node should use the Globus image, but be on a low-end instance type. It should be tagged for management (not gcs), so that it allows in SSH instead of HTTPS and GridFTP. It should use OSLogin for authentication.
We also need a Service Account for instances to run. In addition to whatever basic functions the instance needs, it also needs write access to appropriate secrets.
The Terraform code should define an instance template only, and not actually start any instances. This depends on #6 for the core configuration.