-
Notifications
You must be signed in to change notification settings - Fork 858
infrastructure AWS
Open MPI has two accounts on Amazon Web Services (AWS): ompi-aws-production and ompi-aws-testing. The ompi-aws-production account is used for production services, including Jenkins testing. The ompi-aws-testing account is used for more ad-hoc testing, such as scale testing done by Jeff and his student in 2016. If you need access to the AWS services API for either account, contact Brian Barrett (bbarrett@amazon.com) or Raghu Raja (craghun@amazon.com). If you need a login to aws.open-mpi.org, contact Brian Barrett (bbarrett@amazon.com) or Jeff Squyres (jsquyres@cisco.com)
AWS supports Open MPI with a limited amount number of credits every year to cover the costs of the services currently hosted in AWS. The credits are significant, but not unlimited, so please talk to one of the Amazon contributors before scaling up any new resources.
Production services (with the exception of CloudFront CDN) are entirely in the us-west-2 (Oregon) region. Rather than specify the region everywhere, the rest of this document assumes us-west-2.
All access to the ompi-aws-production account should be authenticated through an individual IAM user (ask Brian if you need a user / forgot your password). As with all AWS accounts, you'll have two sets of credentials: a username/password for logging into the web console and an account id/secret for using in applications. Please treat both with care!
Download the [AWS CLI]https://aws.amazon.com/cli/). You'll need to generate an access key for your user in the IAM Users console. Don't lose your secret key, as there's no way to restore it (other than generating a new key pair). Back on your machine, run aws configure to configure your account. Note that this will store your key pair in ~/.aws/, so please only run on machines you trust.
Because logins in all but emergency situations are with IAM users, there's an account specific login page, rather than the normal AWS front door. After that, everything will work like any regular AWS account.
https://ompi-aws-production.signin.aws.amazon.com/console
aws.open-mpi.org is a t2.medium with 2 20 GiB EBS data volumes (soon hopefully to be back to 1). aws.open-mpi.org hosts MTT, Jenkins, Trac, the GitHub webhooks, and the nightly build scripts. Additionally, release tarballs are currently built on aws.open-mpi.org. aws.open-mpi.org has its own wiki page
Jenkins manages a fleet of t2.micro/m4.large instances for build servers. These instances are started / stopped as necessary by Jenkins. Because EC2 bills by the instance-hour, build servers will remain up in 1 hour increments, even if there's nothing to do for the second half of the hour. More information on the OMPI Jenkins configuration is available here
In addition to the pretty graphs (AWS Dashboard), most logs from aws.open-mpi.org are automatically archived in CloudWatch. If you're going log-diving, that's probably where you want to start.
This bucket contains all distribution artifacts, except for nightly tarballs. This bucked is not directly publicly accessible; for public URLs to the contents of this bucket, use https://download.open-mpi.or/, which is the CloudFront distribution for this bucket (as well as the open-mpi-nightly bucket). Versioning is enabled on this bucket, so a delete will not remove the actual objects, but only install a "delete marker" (so we'll continue paying for storage of the deleted objects). So don't unnecessarily create / delete objects.
This bucket is for nightly build artifacts. Unlike open-mpi-release, this bucket is not versioned, as it's pretty common to delete objects and we don't need to worry about losing them forever. The keyspace */failed-builds/ is used for tarballs of failed builds and is set to auto-delete contents older than 14 days. This bucket is not publicly accessible; for public URLs to the contents of this bucket, use https://download.open-mpi.org/nightly/, which is the CloudFront distribution for this bucket (as well as the open-mpi-release bucket).
A bucket set up for testing part of the nightly build scripts. It is not publicly accessible and can probably be ignored if you're not modifying the nightly build scripts.
This bucket is used to store random artifacts for the Jenkins build servers. It is not publicly accessible because some of the artifacts should not be distributed. The build servers all have read access to the bucket through the jenkins IAM role. The actual builder scripts are stored in the ompi-scripts GitHub repo; this bucket is for larger, binary artifacts.
PostgreSQL database hosted by RDS, including daily backups (last 7 days stored) and multi-AZ replicas.
CloudFront is AWS's content distribution network, with POPs around the world. CloudFront will manage SSL certificates automatically, including rotation.
download.open-mpi.org is the CDN-fronted access to the open-mpi-release and open-mpi-nightly S3 buckets. CloudFront stitches the two buckets together, with all requests to /nightly/* going to the open-mpi-nightly bucket and all other requests being served from the open-mpi-release bucket.