Skip to content

Commit def9adf

Browse files
IsaacYangSLAIsaacYangSLA
committed
Backport AWS VPC/Subnet enhancement from main branch
1 parent 90cda8c commit def9adf

File tree

2 files changed

+140
-10
lines changed

2 files changed

+140
-10
lines changed

nvflare/dashboard/cli.py

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,11 @@ def cloud(args):
152152
"t",
153153
exe=True,
154154
)
155-
print(f"Dashboard launch script for cloud is written at {dest}. Now running the script.")
155+
print(f"Dashboard launch script for cloud is written at {dest}. Now running it.")
156+
if args.vpc_id and args.subnet_id:
157+
option = [f"--vpc-id={args.vpc_id}", f"--subnet-id={args.subnet_id}"]
158+
print(f"Option of the script: {option}")
159+
dest = [dest] + option
156160
_ = subprocess.run(dest)
157161
os.remove(dest)
158162

@@ -191,6 +195,18 @@ def define_dashboard_parser(parser):
191195
parser.add_argument("--cred", help="set credential directly in the form of USER_EMAIL:PASSWORD")
192196
parser.add_argument("-i", "--image", help="set the container image name")
193197
parser.add_argument("--local", action="store_true", help="start dashboard locally without docker image")
198+
parser.add_argument(
199+
"--vpc-id",
200+
type=str,
201+
default="",
202+
help="VPC id for AWS EC2 instance. Applicable to AWS only. Ignored if subnet-id is not specified.",
203+
)
204+
parser.add_argument(
205+
"--subnet-id",
206+
type=str,
207+
default="",
208+
help="Subnet id for AWS EC2 instance. Applicable to AWS only. Ignored if vpc-id is not specified.",
209+
)
194210

195211

196212
def handle_dashboard(args):

nvflare/lighter/impl/master_template.yml

Lines changed: 123 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -950,6 +950,14 @@ cloud_script_header: |
950950
image_name=$2
951951
shift
952952
;;
953+
--vpc-id)
954+
vpc_id=$2
955+
shift
956+
;;
957+
--subnet-id)
958+
subnet_id=$2
959+
shift
960+
;;
953961
esac
954962
shift
955963
done
@@ -1669,6 +1677,13 @@ aws_start_svr_sh: |
16691677
check_binary dig "Please install it first."
16701678
check_binary jq "Please install it first."
16711679
1680+
if [ -z ${vpc_id+x} ]
1681+
then
1682+
using_default_vpc=true
1683+
else
1684+
using_default_vpc=false
1685+
fi
1686+
16721687
if [ -z ${image_name+x} ]
16731688
then
16741689
container=false
@@ -1718,6 +1733,25 @@ aws_start_svr_sh: |
17181733
prompt ans "Press ENTER when it's done or no additional dependencies. "
17191734
fi
17201735
1736+
# Check if default VPC exists
1737+
if [ $using_default_vpc == true ]
1738+
then
1739+
echo "Checking if default VPC exists"
1740+
found_default_vpc=$(aws ec2 describe-vpcs | jq '.Vpcs[] | select(.IsDefault == true)')
1741+
if [ -z "${found_default_vpc}" ]
1742+
then
1743+
echo "No default VPC found. Please create one before running this script with the following command."
1744+
echo "aws ec2 create-default-vpc"
1745+
echo "or specify your own vpc and subnet with --vpc-id and --subnet-id"
1746+
exit
1747+
else
1748+
echo "Default VPC found"
1749+
fi
1750+
else
1751+
echo "Please check the vpc-id $vpc_id and subnet-id $subnet_id are correct and they support EC2 with public IP and internet gateway with proper routing."
1752+
echo "This script will use the above info to create EC2 instance."
1753+
fi
1754+
17211755
cd $DIR/..
17221756
# Generate key pair
17231757
@@ -1730,8 +1764,12 @@ aws_start_svr_sh: |
17301764
chmod 400 $KEY_FILE
17311765
17321766
# Generate Security Group
1733-
1734-
sg_result=$(aws ec2 create-security-group --group-name $SECURITY_GROUP --description "NVFlare security group")
1767+
if [ $using_default_vpc == true ]
1768+
then
1769+
sg_result=$(aws ec2 create-security-group --group-name $SECURITY_GROUP --description "NVFlare security group")
1770+
else
1771+
sg_result=$(aws ec2 create-security-group --group-name $SECURITY_GROUP --description "NVFlare security group" --vpc-id $vpc_id)
1772+
fi
17351773
report_status "$?" "Only one NVFL server VM and its security group is allowed. $SECURITY_GROUP exists and thus creating duplicate security group"
17361774
sg_id=$(echo $sg_result | jq -r .GroupId)
17371775
my_public_ip=$(dig +short myip.opendns.com @resolver1.opendns.com)
@@ -1749,7 +1787,12 @@ aws_start_svr_sh: |
17491787
17501788
echo "Creating VM at region $REGION, may take a few minutes."
17511789
1752-
aws ec2 run-instances --region $REGION --image-id $AMI_IMAGE --count 1 --instance-type $EC2_TYPE --key-name $KEY_PAIR --security-group-ids $sg_id > vm_create.json
1790+
if [ $using_default_vpc == true ]
1791+
then
1792+
aws ec2 run-instances --region $REGION --image-id $AMI_IMAGE --count 1 --instance-type $EC2_TYPE --key-name $KEY_PAIR --security-group-ids $sg_id > vm_create.json
1793+
else
1794+
aws ec2 run-instances --region $REGION --image-id $AMI_IMAGE --count 1 --instance-type $EC2_TYPE --key-name $KEY_PAIR --security-group-ids $sg_id --subnet-id $subnet_id > vm_create.json
1795+
fi
17531796
report_status "$?" "creating VM"
17541797
instance_id=$(jq -r .Instances[0].InstanceId vm_create.json)
17551798
@@ -1807,6 +1850,13 @@ aws_start_cln_sh: |
18071850
check_binary dig "Please install it first."
18081851
check_binary jq "Please install it first."
18091852
1853+
if [ -z ${vpc_id+x} ]
1854+
then
1855+
using_default_vpc=true
1856+
else
1857+
using_default_vpc=false
1858+
fi
1859+
18101860
if [ -z ${image_name+x} ]
18111861
then
18121862
container=false
@@ -1855,6 +1905,25 @@ aws_start_cln_sh: |
18551905
prompt ans "Press ENTER when it's done or no additional dependencies. "
18561906
fi
18571907
1908+
# Check if default VPC exists
1909+
if [ $using_default_vpc == true ]
1910+
then
1911+
echo "Checking if default VPC exists"
1912+
found_default_vpc=$(aws ec2 describe-vpcs | jq '.Vpcs[] | select(.IsDefault == true)')
1913+
if [ -z "${found_default_vpc}" ]
1914+
then
1915+
echo "No default VPC found. Please create one before running this script with the following command."
1916+
echo "aws ec2 create-default-vpc"
1917+
echo "or specify your own vpc and subnet with --vpc-id and --subnet-id"
1918+
exit
1919+
else
1920+
echo "Default VPC found"
1921+
fi
1922+
else
1923+
echo "Please check the vpc-id $vpc_id and subnet-id $subnet_id are correct and they support EC2 with public IP and internet gateway with proper routing."
1924+
echo "This script will use the above info to create EC2 instance."
1925+
fi
1926+
18581927
cd $DIR/..
18591928
# Generate key pair
18601929
@@ -1868,7 +1937,12 @@ aws_start_cln_sh: |
18681937
18691938
# Generate Security Group
18701939
# Try not reusing existing security group because we have to modify it for our own need.
1871-
sg_id=$(aws ec2 create-security-group --group-name $SECURITY_GROUP --description "NVFlare security group" | jq -r .GroupId)
1940+
if [ $using_default_vpc == true ]
1941+
then
1942+
sg_id=$(aws ec2 create-security-group --group-name $SECURITY_GROUP --description "NVFlare security group" | jq -r .GroupId)
1943+
else
1944+
sg_id=$(aws ec2 create-security-group --group-name $SECURITY_GROUP --description "NVFlare security group" --vpc-id $vpc_id | jq -r .GroupId)
1945+
fi
18721946
report_status "$?" "creating security group"
18731947
my_public_ip=$(dig +short myip.opendns.com @resolver1.opendns.com)
18741948
if [ "$?" -eq 0 ] && [[ "$my_public_ip" =~ ^(([1-9]?[0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))\.){3}([1-9]?[0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))$ ]]
@@ -1884,7 +1958,12 @@ aws_start_cln_sh: |
18841958
18851959
echo "Creating VM at region $REGION, may take a few minutes."
18861960
1887-
aws ec2 run-instances --region $REGION --image-id $AMI_IMAGE --count 1 --instance-type $EC2_TYPE --key-name $KEY_PAIR --security-group-ids $sg_id > vm_create.json
1961+
if [ $using_default_vpc == true ]
1962+
then
1963+
aws ec2 run-instances --region $REGION --image-id $AMI_IMAGE --count 1 --instance-type $EC2_TYPE --key-name $KEY_PAIR --security-group-ids $sg_id > vm_create.json
1964+
else
1965+
aws ec2 run-instances --region $REGION --image-id $AMI_IMAGE --count 1 --instance-type $EC2_TYPE --key-name $KEY_PAIR --security-group-ids $sg_id --subnet-id $subnet_id > vm_create.json
1966+
fi
18881967
report_status "$?" "creating VM"
18891968
instance_id=$(jq -r .Instances[0].InstanceId vm_create.json)
18901969
@@ -1949,6 +2028,13 @@ aws_start_dsb_sh: |
19492028
check_binary dig "Please install it first."
19502029
check_binary jq "Please install it first."
19512030
2031+
if [ -z ${vpc_id+x} ]
2032+
then
2033+
using_default_vpc=true
2034+
else
2035+
using_default_vpc=false
2036+
fi
2037+
19522038
echo "One initial user will be created when starting dashboard."
19532039
echo "Please enter the email address for this user."
19542040
read email
@@ -1964,9 +2050,33 @@ aws_start_dsb_sh: |
19642050
report_status "$?" "creating key pair"
19652051
chmod 400 $KEY_FILE
19662052
1967-
# Generate Security Group
2053+
# Check if default VPC exists
2054+
if [ $using_default_vpc == true ]
2055+
then
2056+
echo "Checking if default VPC exists"
2057+
found_default_vpc=$(aws ec2 describe-vpcs | jq '.Vpcs[] | select(.IsDefault == true)')
2058+
if [ -z "${found_default_vpc}" ]
2059+
then
2060+
echo "No default VPC found. Please create one before running this script with the following command."
2061+
echo "aws ec2 create-default-vpc"
2062+
echo "or specify your own vpc and subnet with --vpc-id and --subnet-id"
2063+
exit
2064+
else
2065+
echo "Default VPC found"
2066+
fi
2067+
else
2068+
echo "Please check the vpc-id $vpc_id and subnet-id $subnet_id are correct and they support EC2 with public IP and internet gateway with proper routing."
2069+
echo "This script will use the above info to create EC2 instance."
2070+
fi
19682071
1969-
sg_id=$(aws ec2 create-security-group --group-name $SECURITY_GROUP --description "NVFlare security group" | jq -r .GroupId)
2072+
# Generate Security Group
2073+
# Try not reusing existing security group because we have to modify it for our own need.
2074+
if [ $using_default_vpc == true ]
2075+
then
2076+
sg_id=$(aws ec2 create-security-group --group-name $SECURITY_GROUP --description "NVFlare security group" | jq -r .GroupId)
2077+
else
2078+
sg_id=$(aws ec2 create-security-group --group-name $SECURITY_GROUP --description "NVFlare security group" --vpc-id $vpc_id | jq -r .GroupId)
2079+
fi
19702080
report_status "$?" "creating security group"
19712081
echo "Security group id: ${sg_id}"
19722082
my_public_ip=$(dig +short myip.opendns.com @resolver1.opendns.com)
@@ -1983,8 +2093,12 @@ aws_start_dsb_sh: |
19832093
# Start provisioning
19842094
19852095
echo "Creating VM at region $REGION, may take a few minutes."
1986-
1987-
aws ec2 run-instances --region $REGION --image-id $AMI_IMAGE --count 1 --instance-type $EC2_TYPE --key-name $KEY_PAIR --security-group-ids $sg_id > vm_create.json
2096+
if [ $using_default_vpc == true ]
2097+
then
2098+
aws ec2 run-instances --region $REGION --image-id $AMI_IMAGE --count 1 --instance-type $EC2_TYPE --key-name $KEY_PAIR --security-group-ids $sg_id > vm_create.json
2099+
else
2100+
aws ec2 run-instances --region $REGION --image-id $AMI_IMAGE --count 1 --instance-type $EC2_TYPE --key-name $KEY_PAIR --security-group-ids $sg_id --subnet-id $subnet_id > vm_create.json
2101+
fi
19882102
report_status "$?" "creating VM"
19892103
instance_id=$(jq -r .Instances[0].InstanceId vm_create.json)
19902104

0 commit comments

Comments
 (0)