search

aws-samples / 1click-hpc

Deploy your HPC Cluster on AWS in 20min. with just 1-Click.
MIT No Attribution
62 stars 44 forks source link

Can't use my own Active Directory #16

Closed rvencu closed 2 years ago

rvencu commented 2 years ago

Getting this after leaving everything on AUTO but Active Directory

Template format error: Unresolved resource dependencies [ActiveDirectory] in the Resources block of the template

rvencu commented 2 years ago

Hm,

Directory under maintenance This directory is currently undergoing maintenance (for example, taking snapshots or applying patches). This can take from a few minutes up to an hour. During this process some functionalities will be unavailable.

This is a fresh new directory.

rvencu commented 2 years ago

After maintenance - got the same error. I added then the VPC and the public subnets exactly as the AD has them. Same problem

nicolaven commented 2 years ago

Hi @rvencu , unfortunately at the moment 1Click-HPC only supports AUTO in the Active Directory field. In this case, AUTO means: it will build and attach automatically an AD dedicated to the cluster, as of today and external or a pre-existing AD can't be use. Feel free to clone the git repo, make your modifications (and if you feel comfortable send a PR).

Thanks

rvencu commented 2 years ago

Hi, thanks for confirming. I also tried the custom FSx and it seems it tries to mount it on the HeadNode but fails with an error which suggests the security groups are not properly configured.

Is custom FSx also not fully implemented?

nicolaven commented 2 years ago

FSx-Lustre support is fully implemented (you can use both AUTO or an existing FSX). When using an existing FSx-Lustre, make sure the security groups are set correctly. https://docs.aws.amazon.com/fsx/latest/LustreGuide/limit-access-security-groups.html

rvencu commented 2 years ago

This is great. But it seems I am not in control of the security groups 1click-hpc uses. I have my own that are working just not sure how to specify them

nicolaven commented 2 years ago

You don't need to be in control of the of the security groups 1click-hpc uses, you need to be in control of the of the security groups FSXLustre uses. What I typically do is: 1) deploy FSx on the same subnet as the cluster 2) give FSx a SG that opens the FSx required ports for the CIDR block used by the subnet (or the entire vpc)

rvencu commented 2 years ago

Hurray! Good hack, my cluster is now launched successfully using the custom FSx