This package provisions a PacBio SMRT Link server.
The module takes the following variables as input:
-
name: Name to give to the vm.
-
vcpus: Number of vcpus to assign to the vm. Defaults to 4.
-
memory: Amount of memory to assign to the vm in MiB. Defaults to 16 * 1024 (16 GiB).
-
volume_id: Id of the disk volume to attach to the vm.
-
data_volume_id: Id for an optional separate disk volume to attach to the vm on smrt-link's data path
-
libvirt_networks: Parameters to connect to libvirt networks. Each entry has the following keys:
- network_name: Name of the libvirt network to connect to (in which case network_id should be an empty string).
- network_id: Id (ie, uuid) of the libvirt network to connect to (in which case network_name should be an empty string).
- ip: Ip of interface connecting to the libvirt network.
- mac: Mac address of interface connecting to the libvirt network.
- gateway: Ip of the network's gateway. Usually the gateway the first assignable address of a libvirt's network.
- dns_servers: Dns servers to use. Usually the dns server is first assignable address of a libvirt's network.
-
macvtap_interfaces: List of macvtap interfaces to connect the vm to if you opt for macvtap interfaces. Each entry in the list is a map with the following keys:
- interface: Host network interface that you plan to connect your macvtap interface with.
- prefix_length: Length of the network prefix for the network the interface will be connected to. For a 192.168.1.0/24 for example, this would be 24.
- ip: Ip associated with the macvtap interface.
- mac: Mac address associated with the macvtap interface
- gateway: Ip of the network's gateway for the network the interface will be connected to.
- dns_servers: Dns servers for the network the interface will be connected to. If there aren't dns servers setup for the network your vm will connect to, the ip of external dns servers accessible from the network will work as well.
-
cloud_init_volume_pool: Name of the volume pool that will contain the cloud-init volume of the vm.
-
cloud_init_volume_name: Name of the cloud-init volume that will be generated by the module for your vm. If left empty, it will default to
<vm name>-cloud-init.iso. -
ssh_admin_user: Username of the default sudo user in the image. Defaults to ubuntu.
-
admin_user_password: Optional password for the default sudo user of the image. Note that this will not enable ssh password connections, but it will allow you to log into the vm from the host using the virsh console command.
-
ssh_admin_public_key: Public part of the ssh key that will be used to login as the admin on the vm.
-
chrony: Optional chrony configuration for when you need a more fine-grained ntp setup on your vm. It is an object with the following fields:
- enabled: If set to false (the default), chrony will not be installed and the vm ntp settings will be left to default.
- servers: List of ntp servers to sync from with each entry containing two properties, url and options (see: https://chrony.tuxfamily.org/doc/4.2/chrony.conf.html#server)
- pools: A list of ntp server pools to sync from with each entry containing two properties, url and options (see: https://chrony.tuxfamily.org/doc/4.2/chrony.conf.html#pool)
- makestep: An object containing remedial instructions if the clock of the vm is significantly out of sync at startup. It is an object containing two properties, threshold and limit (see: https://chrony.tuxfamily.org/doc/4.2/chrony.conf.html#makestep)
-
fluentbit: Fluent Bit configuration for log routing and metrics collection. It is an object with the following fields:
- enabled: If set to false (the default), Fluent Bit will not be installed.
- smrtlink_tag: Tag to assign to logs coming from Smrt-link.
- s3_backup_tag: Tag to assign to logs coming from the s3 backup service, if it is enabled.
- s3_restore_tag: Tag to assign to logs coming from the s3 restore service which runs once when the vm is created, if it is enabled.
- node_exporter_tag: Tag for logs from the Prometheus node exporter.
- metrics: Configuration for metrics collection.
- forward: Configuration for the forward plugin to communicate with a remote Fluentbit node.
-
fluentbit_dynamic_config: Configuration for dynamic Fluent Bit setup. It is an object with the following fields:
- enabled: Whether dynamic config is enabled.
- source: The source of dynamic configuration (e.g., 'etcd', 'git').
- etcd: Configuration for etcd as a source.
- git: Configuration for Git as a source.
-
install_dependencies: Whether cloud-init should install external dependencies (should be set to false if you already provide an image with the external dependencies built-in). Defaults to true.
-
smrtlink: Smrt-link configuration. It has the following keys:
- domain_name: Fully qualified domain name of the server.
- tls_custom: Tls custom configuration to replace the default self-signed one. It has the following keys:
- cert: Certificate file.
- key: Private key file.
- vault_agent_secret_path: Optional vault secret path for an optional vault agent to configure the Certificate file + Private key file and keep them up-to-date. If set, cert + key values above can be left empty. The secret in vault is expected to have the cert and key keys.
- user: Smrt-link name + ssh_authorized_keys of the install user.
- revio: Revio sequencing system settings. It has the following keys:
- srs_transfer: File Transfer Location settings (name + description + host + dest_path + username + ssh_key).
- instrument: Intrument (connected to the File Transfer Location) settings (name + ip_address + secret_key).
- release_version: Smrt-link release version to install.
- install_lite: Whether to install smrt-link lite edition.
- workers_count: Maximum number of simultaneous analysis jobs.
- keycloak_user_passwords: Keycloak user passwords of built-in users (admin + pbicsuser) to change from defaults.
- keycloak_users: Keycloak users to create (id + password + role + first_name + last_name + email).
- smtp: Smtp configuration (host + port + user + password) for email notifications of analysis jobs.
- db_backups: Database backups configuration (enabled + cron_expression + retention_days). Backups are done on a periodic basis and stored locally, if enabled.
-
vault_agent: Parameters for the optional vault agent that will be used to manage the dynamic secrets in the vm.
- enabled: If set to true, a vault agent service will be setup and will run in the vm.
- auth_method: Auth method the vault agent will use to authenticate with vault. Currently, only approle is supported.
- config: Configuration parameters for the auth method.
- role_id: Id of the app role to us.
- secret_id: Authentication secret to use the app role.
- config: Configuration parameters for the auth method.
- vault_address: Endpoint to use to talk to vault.
- vault_ca_cert: CA certificate to use to validate vault's certificate.
-
s3_backups: Configuration to continuously synchronize the data directories used by smrt-link on an s3-compatible object store bucket. It has the following keys:
- enabled: Whether enable to s3 backups.
- restore: If set to true, an incoming synchronization will be done once from the backups when the vm is created, and before backups are started, to populate the data directories with backed up data.
- symlinks: Determines how symlinks will be handled. Can be skip (symlinks will be ignored), copy (symlinks will be preserved) or follow (the destination file of the symlinks will be copied).
- url: Url of the s3-compatible object store.
- region: Region to use in the object store.
- access_key: User id for the object store.
- secret_key: User password for the object store.
- server_side_encryption: Encryption format (ex: aws:kms) of the s3 bucket if any. An empty string can be passed if the bucket is not encrypted. It will be passed to the server_side_encryption property in rclone's configuration.
- calendar: Frequency of the backup synchronization, in systemd time format (see: https://www.freedesktop.org/software/systemd/man/systemd.time.html#).
- bucket: Bucket to backup the filesystem info.
- ca_cert: Optional CA certificate to use to authentify the object store's server certificate. Can be left empty if the object store doesn't use https or has a server certificate that is signed by a CA already in the vm's system.