Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
95 commits
Select commit Hold shift + click to select a range
afef1e2
modules/silicon_design: use deeplearning images
proppy Mar 31, 2022
458b19d
modules/silicon_design: add missing license headers
proppy Mar 31, 2022
62e6729
Spinning silicon design module in new GCP project.
guptamukul-google Apr 6, 2022
51459bb
modules/silicon_design: add local.project_number
proppy Apr 12, 2022
bc5a8fb
docs/images/V1_Silicon: add gcs
proppy Apr 12, 2022
ebb0a23
modules/silicon_design: add roles/serviceusage.serviceUsageAdmin to c…
proppy Apr 12, 2022
c6cd937
modules/silicon_design: use google_project_service_identity for cloud…
proppy May 2, 2022
dd9f9d6
modules/silicon: pass network down to daisy tooling
proppy May 12, 2022
52fbbbf
modules/silicon_design: clarify cloud build permissions
proppy May 24, 2022
c8ba8a3
Update radlab.py
guptamukul-google May 24, 2022
f38ee00
modules/silicon_design: use partial url for network
proppy May 24, 2022
e405abf
Revert "Update radlab.py"
guptamukul-google May 24, 2022
21edab4
modules/silicon_design: use deeplearning images
proppy Mar 31, 2022
17bb142
modules/silicon_design: add missing license headers
proppy Mar 31, 2022
8aabdf4
Spinning silicon design module in new GCP project.
guptamukul-google Apr 6, 2022
dfb28d3
modules/silicon_design: add local.project_number
proppy Apr 12, 2022
eca8f44
docs/images/V1_Silicon: add gcs
proppy Apr 12, 2022
c42b55a
modules/silicon_design: add roles/serviceusage.serviceUsageAdmin to c…
proppy Apr 12, 2022
237d1c5
modules/silicon_design: use google_project_service_identity for cloud…
proppy May 2, 2022
1a28d0b
modules/silicon: pass network down to daisy tooling
proppy May 12, 2022
24aaa60
modules/silicon_design: clarify cloud build permissions
proppy May 24, 2022
fa95787
modules/silicon_design: use partial url for network
proppy May 24, 2022
0bbbec4
modules/silicon_design: pass subnetwork down to daisy
proppy May 25, 2022
d0bee38
Merge branch 'daisy' of https://github.com/proppy/rad-lab into pr/50
guptamukul-google May 25, 2022
3fe6b3b
modules/silicon_design: drop obsolete patches
proppy May 25, 2022
f51211f
modules/silicon_design: bump compute image timeout
proppy May 25, 2022
075219b
Merge branch 'daisy' of https://github.com/proppy/rad-lab into pr/50
guptamukul-google May 25, 2022
0860142
modules/silicon_design/build/provision: notify daisy on errors
proppy May 26, 2022
47dad1b
modules/silicon_design/scripts: remove -x
proppy May 26, 2022
6e3778d
modules/silicon_design: add storage scope to cloud build sa
proppy May 26, 2022
d7df945
modules/silicon_design: use cloud build sa with daisy
proppy Jun 14, 2022
8ac4722
modules/silicon: add image builder service account
proppy Jun 15, 2022
d62ca1a
modules/silicon: grant cloudbuild sa image_builder access
proppy Jun 15, 2022
946416f
modules/silicon_design: fix env and add container test
proppy Jun 22, 2022
5eda481
modules/silicon_design/environment: drop yosys constraint
proppy Jul 13, 2022
f460c9e
modules/silicon_design/environment: add xls
proppy Jul 13, 2022
344f116
modules/silicon_design: workaround OpenLane/issues/1195
proppy Jul 13, 2022
61024a1
modules/silicon_design: use separate environment
proppy Jul 13, 2022
9919aca
Added bash to run script command
guptamukul-google Jul 18, 2022
5847d7a
modules/silicon_design: use name prefix
proppy Jul 22, 2022
926bbf2
modules/silicon_design: use prefix
proppy Jul 22, 2022
e9f9e1e
modules/silicon_design: fix sa length
proppy Jul 22, 2022
070c329
modules/silicon_design: remove bash command prefix
proppy Jul 22, 2022
92f08eb
modules/silicon_design: remove intermediate script
proppy Jul 22, 2022
c2369c8
modules/silicon_design: remove obsolete file
proppy Jul 22, 2022
b86edef
modules/silicon_design: add install-wide tcl for openlane
proppy Jul 22, 2022
7f56030
modules/silicon_design: patch entrypoint
proppy Jul 22, 2022
1e645b3
modules/silicon_design: fix install.tcl
proppy Jul 22, 2022
9300029
modules/silicon_design: refresh inverter config
proppy Jul 22, 2022
1ed10e5
modules/silicon_design: refresh conda environment
proppy Jul 22, 2022
9efebfa
modules/silicon_design: patch openlane
proppy Jul 22, 2022
5c83545
modules/silicon_design: patch run_jupyter
proppy Jul 22, 2022
7bb3981
modules/silicon_design/terraform: make image build name dependent
proppy Jul 22, 2022
a8b6f9a
modules/silicon_design/terraform: do not disable services
proppy Jul 22, 2022
76f4213
modules/silicon_design: drop patches
proppy Jul 26, 2022
6cd5205
bump provider version
proppy May 27, 2022
f9dfd53
add bucket variable
proppy May 27, 2022
99a50ed
modules/silicon_design: add parameter tuning notebook
proppy Apr 12, 2022
280a147
modules/silicon_design/notebooks/tuning: add plots
proppy Apr 13, 2022
ac92887
modules/silicon_design/notebooks/tuning: add headings
proppy Apr 13, 2022
a7bd055
modules/silicon_design/notebooks/tuning: fix experiments ordering
proppy May 12, 2022
4614fe8
modules/silicon_design/notebooks: add subservient experiment
proppy May 13, 2022
5fe8e24
conda update all
proppy May 27, 2022
c299708
add lut notebook
proppy May 27, 2022
381fb56
enable compute build and fix storage service account
proppy May 27, 2022
76c0b7f
remove managed notebook
proppy May 27, 2022
535d7ce
switch to micromamba
proppy May 27, 2022
afc1be2
modules/silicon: pin some packages
proppy Jun 16, 2022
dc12343
added minimal example
HelgeGehring Jul 7, 2022
e674c54
modules/silicon/provision: guard gce only command
proppy Jul 26, 2022
2aa4c29
modules/silicon/notebooks/inverter: fix config path
proppy Jul 26, 2022
aa9a0c3
modules/silicon: install orfs
proppy Jul 26, 2022
f6d231f
modules/silicon: add lock
proppy Jul 26, 2022
8c9206c
modules/silicon/build/images: fix command prefix
proppy Jul 26, 2022
20d70b3
modules/silicon/build/images: fix orfs name
proppy Jul 26, 2022
8c9d600
modules/silicon: add asap7 notebook
proppy Jul 27, 2022
a1fcffe
modules/silicon/notebook: fix inverter
proppy Jul 27, 2022
02f118b
modules/silicon/notebooks/asap7: genmetrics
proppy Jul 27, 2022
2a7bc78
modules/silicon: reorganize notebooks
proppy Aug 8, 2022
632a1e8
modules/silicon_design: fix inverter filepath
proppy Aug 8, 2022
d907cac
modules/silicon: remove obsolete artifact section
proppy Aug 8, 2022
6985600
modules/silicon: fix notebook build
proppy Aug 8, 2022
92e4cac
modules/silicon: add missing sudo
proppy Aug 8, 2022
09a6da5
modules/silicon: fix filter
proppy Aug 8, 2022
8205835
modules/silicon: fix venv package name
proppy Aug 8, 2022
3ab0ded
modules/silicon/cloudbuild: apt-get update
proppy Aug 8, 2022
e572a10
modules/silicon/build/notebook: fix rsync regexp
proppy Aug 8, 2022
5624e4b
modules/silicon/notebooks/inverter: fix config and report path
proppy Aug 8, 2022
cbbd58e
modules/silicon: unique bucket name
proppy Aug 8, 2022
5e44478
modules/silicon: fix output variables
proppy Aug 8, 2022
6229c6c
modules/silicon: fix notebook staging bucket name
proppy Aug 8, 2022
f2094fa
modules/silicon: fix hardcoded bucket name
proppy Aug 8, 2022
053adcf
modules/silicon: fix permissions
proppy Aug 9, 2022
97d7609
Add CFU Playground env and setup needed to rad-lab
ShvetankPrakash Aug 9, 2022
d069d29
Added CFU-Playground dse notebook in md format
ShvetankPrakash Aug 9, 2022
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file modified docs/images/V1_Silicon.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
5 changes: 3 additions & 2 deletions modules/silicon_design/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ This RAD Lab module provides a managed environment for custom silicon design usi

## Samples notebooks

- [Inverter](scripts/build/notebooks/inverter.md)
- [Inverter](scripts/build/notebooks/inverter/experiment.md)

![gds render](scripts/build/notebooks/inverter.svg)
![gds render](scripts/build/notebooks/inverter/layout.svg)

## GCP Products/Services

Expand Down Expand Up @@ -44,6 +44,7 @@ When deploying in an existing project, ensure the identity has the following per
- `roles/resourcemanager.projectIamAdmin`
- `roles/iam.serviceAccountAdmin`
- `roles/iam.serviceAccountUser`
- `roles/serviceusage.serviceUsageAdmin`

NOTE: Additional [permissions](./radlab-launcher/README.md#iam-permissions-prerequisites) are required when deploying the RAD Lab modules via [RAD Lab Launcher](./radlab-launcher)

Expand Down
127 changes: 95 additions & 32 deletions modules/silicon_design/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
nnn * You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
Expand All @@ -19,9 +19,16 @@ locals {
project = (var.create_project
? try(module.project_radlab_silicon_design.0, null)
: try(data.google_project.existing_project.0, null)
)
)
project_number = (var.create_project
? try(module.project_radlab_silicon_design.0.project_number, null)
: try(data.google_project.existing_project.0.number, null)
)
region = join("-", [split("-", var.zone)[0], split("-", var.zone)[1]])

network_name = var.network_name != null ? var.network_name : "${var.name}-network"
subnet_name = var.subnet_name != null ? var.subnet_name : "${var.name}-subnet"

network = (
var.create_network
? try(module.vpc_ai_notebook.0.network.network, null)
Expand All @@ -30,7 +37,7 @@ locals {

subnet = (
var.create_network
? try(module.vpc_ai_notebook.0.subnets["${local.region}/${var.subnet_name}"], null)
? try(module.vpc_ai_notebook.0.subnets["${local.region}/${local.subnet_name}"], null)
: try(data.google_compute_subnetwork.default.0, null)
)

Expand All @@ -39,17 +46,31 @@ locals {
"roles/notebooks.admin",
"roles/compute.instanceAdmin",
"roles/iam.serviceAccountUser",
"roles/storage.objectViewer",
"roles/storage.admin",
"roles/aiplatform.admin",
]

cloudbuild_sa_project_roles = [
"roles/compute.admin",
"roles/storage.admin",
]

image_builder_sa_project_roles = [
"roles/compute.instanceAdmin",
"roles/compute.storageAdmin",
"roles/storage.admin",
]

project_services = var.enable_services ? [
"compute.googleapis.com",
"notebooks.googleapis.com",
"cloudbuild.googleapis.com",
"artifactregistry.googleapis.com",
"aiplatform.googleapis.com",
] : []

notebook_names = length(var.notebook_names) > 0 ? var.notebook_names : [for i in range(var.notebook_count): "silicon-design-notebook-${i}"]
notebook_names = length(var.notebook_names) > 0 ? var.notebook_names : [for i in range(var.notebook_count): "${var.name}-nodebook-${i}"]
image_tag = var.image_tag != "" ? var.image_tag : formatdate("YYYYMMDDhhmm", timestamp())
}

resource "random_id" "default" {
Expand All @@ -61,14 +82,14 @@ resource "random_id" "default" {
############################

data "google_project" "existing_project" {
count = var.create_project ? 0 : 1
project_id = var.project_name
count = var.create_project ? 0 : 1
project_id = var.project_name
}

module "project_radlab_silicon_design" {
count = var.create_project ? 1 : 0
source = "terraform-google-modules/project-factory/google"
version = "~> 11.0"
version = "~> 13.0"

name = format("%s-%s", var.project_name, local.random_id)
random_project_id = false
Expand All @@ -83,8 +104,12 @@ resource "google_project_service" "enabled_services" {
for_each = toset(local.project_services)
project = local.project.project_id
service = each.value
disable_dependent_services = true
disable_on_destroy = true
disable_dependent_services = false
disable_on_destroy = false

lifecycle {
prevent_destroy = true
}

depends_on = [
module.project_radlab_silicon_design
Expand All @@ -94,29 +119,29 @@ resource "google_project_service" "enabled_services" {
data "google_compute_network" "default" {
count = var.create_network ? 0 : 1
project = local.project.project_id
name = var.network_name
name = local.network_name
}

data "google_compute_subnetwork" "default" {
count = var.create_network ? 0 : 1
project = local.project.project_id
name = var.subnet_name
name = local.subnet_name
region = local.region
}

module "vpc_ai_notebook" {
count = var.create_network ? 1 : 0
source = "terraform-google-modules/network/google"
version = "~> 3.0"
version = "~> 5.0"

project_id = local.project.project_id
network_name = var.network_name
network_name = local.network_name
routing_mode = "GLOBAL"
description = "VPC Network created via Terraform"

subnets = [
{
subnet_name = var.subnet_name
subnet_name = local.subnet_name
subnet_ip = var.ip_cidr_range
subnet_region = local.region
description = "Subnetwork inside *vpc-silicon-design* VPC network, created via Terraform"
Expand All @@ -126,7 +151,7 @@ module "vpc_ai_notebook" {

firewall_rules = [
{
name = "fw-silicon-design-notebook-allow-internal"
name = "${var.name}-allow-internal"
description = "Firewall rule to allow traffic on all ports inside *vpc-silicon-design* VPC network."
priority = 65534
ranges = ["10.0.0.0/8"]
Expand All @@ -146,7 +171,7 @@ module "vpc_ai_notebook" {

resource "google_service_account" "sa_p_notebook" {
project = local.project.project_id
account_id = format("sa-p-notebook-%s", local.random_id)
account_id = "${var.name}-n-sa"
display_name = "Notebooks in trusted environment"
}

Expand All @@ -157,24 +182,55 @@ resource "google_project_iam_member" "sa_p_notebook_permissions" {
role = each.value
}

resource "google_project_service_identity" "sa_cloudbuild_identity" {
provider = google-beta
project = local.project.project_id
service = "cloudbuild.googleapis.com"
}

resource "google_project_iam_member" "sa_cloudbuild_permissions" {
for_each = toset(local.cloudbuild_sa_project_roles)
member = "serviceAccount:${google_project_service_identity.sa_cloudbuild_identity.email}"
project = local.project.project_id
role = each.value
}

resource "google_service_account_iam_member" "sa_cloudbuild_image_builder_access" {
member = "serviceAccount:${google_project_service_identity.sa_cloudbuild_identity.email}"
role = "roles/iam.serviceAccountUser"
service_account_id = google_service_account.sa_image_builder_identity.id
}

resource "google_service_account" "sa_image_builder_identity" {
project = local.project.project_id
account_id = "${var.name}-i-sa"
}

resource "google_project_iam_member" "sa_image_builder_permissions" {
for_each = toset(local.image_builder_sa_project_roles)
project = local.project.project_id
member = "serviceAccount:${google_service_account.sa_image_builder_identity.email}"
role = each.value
}

resource "google_service_account_iam_member" "sa_ai_notebook_user_iam" {
for_each = var.trusted_users
member = each.value
member = "user:${each.value}"
role = "roles/iam.serviceAccountUser"
service_account_id = google_service_account.sa_p_notebook.id
}

resource "google_project_iam_member" "ai_notebook_user_role1" {
for_each = var.trusted_users
project = local.project.project_id
member = each.value
member = "user:${each.value}"
role = "roles/notebooks.admin"
}

resource "google_project_iam_member" "ai_notebook_user_role2" {
for_each = var.trusted_users
project = local.project.project_id
member = each.value
member = "user:${each.value}"
role = "roles/viewer"
}

Expand All @@ -186,10 +242,10 @@ resource "google_notebooks_instance" "ai_notebook" {
machine_type = var.machine_type

container_image {
repository = "${google_artifact_registry_repository.containers_repo.location}-docker.pkg.dev/${local.project.project_id}/${google_artifact_registry_repository.containers_repo.repository_id}/openlane-jupyterlab"
tag = "latest"
repository = "${google_artifact_registry_repository.containers_repo.location}-docker.pkg.dev/${local.project.project_id}/${google_artifact_registry_repository.containers_repo.repository_id}/${var.image_name}"
tag = local.image_tag
}

service_account = google_service_account.sa_p_notebook.email

install_gpu_driver = false
Expand All @@ -202,7 +258,7 @@ resource "google_notebooks_instance" "ai_notebook" {
network = local.network.self_link
subnet = local.subnet.self_link

post_startup_script = "gs://${google_storage_bucket.notebooks_bucket.name}/copy-notebooks.sh"
post_startup_script = "gs://${google_storage_bucket.staging_bucket.name}/copy-notebooks.sh"

labels = {
module = "silicon-design"
Expand All @@ -223,7 +279,7 @@ resource "google_artifact_registry_repository" "containers_repo" {

project = local.project.project_id
location = local.region
repository_id = "containers"
repository_id = "${var.name}-containers"
description = "container image repository"
format = "DOCKER"

Expand All @@ -232,9 +288,9 @@ resource "google_artifact_registry_repository" "containers_repo" {
]
}

resource "google_storage_bucket" "notebooks_bucket" {
resource "google_storage_bucket" "staging_bucket" {
project = local.project.project_id
name = "${local.project.project_id}-silicon-design-notebooks"
name = "${local.project.project_id}-${var.name}-staging"
location = local.region
force_destroy = true
uniform_bucket_level_access = true
Expand All @@ -245,18 +301,25 @@ resource "google_storage_bucket" "notebooks_bucket" {
resource "null_resource" "build_and_push_image" {
triggers = {
cloudbuild_yaml_sha = filesha1("${path.module}/scripts/build/cloudbuild.yaml")
build_script_sha = filesha1("${path.module}/scripts/build/build.sh")
dockerfile_sha = filesha1("${path.module}/scripts/build/containers/openlane-jupyterlab/Dockerfile")
notebook_sha = filesha1("${path.module}/scripts/build/notebooks/inverter.md")
workflow_sha = filesha1("${path.module}/scripts/build/images/compute_image.wf.json")
dockerfile_sha = filesha1("${path.module}/scripts/build/images/Dockerfile")
environment_sha = filesha1("${path.module}/scripts/build/images/provision/environment.yml")
env_sha = filesha1("${path.module}/scripts/build/images/provision/install.tcl")
profile_sha = filesha1("${path.module}/scripts/build/images/provision/profile.sh")
notebook_sha = filesha1("${path.module}/scripts/build/notebooks/inverter/inverter.md")
image_tag = local.image_tag
}

provisioner "local-exec" {
working_dir = path.module
command = "scripts/build/build.sh ${local.project.project_id} ${google_artifact_registry_repository.containers_repo.location} ${google_artifact_registry_repository.containers_repo.repository_id} ${google_storage_bucket.notebooks_bucket.name}"
command = "gcloud --project=${local.project.project_id} builds submit . --config ./scripts/build/cloudbuild.yaml --substitutions \"_ZONE=${var.zone},_COMPUTE_IMAGE=${var.image_name},_CONTAINER_IMAGE=${google_artifact_registry_repository.containers_repo.location}-docker.pkg.dev/${local.project.project_id}/${google_artifact_registry_repository.containers_repo.repository_id}/${var.image_name},_STAGING_BUCKET=${google_storage_bucket.staging_bucket.name},_COMPUTE_NETWORK=${local.network.id},_COMPUTE_SUBNET=${local.subnet.id},_IMAGE_TAG=${local.image_tag},_CLOUD_BUILD_SA=${google_service_account.sa_image_builder_identity.email}\""
}

depends_on = [
google_artifact_registry_repository.containers_repo,
google_storage_bucket.notebooks_bucket,
google_storage_bucket.staging_bucket,
google_project_iam_member.sa_image_builder_permissions,
google_project_iam_member.sa_cloudbuild_permissions,
google_service_account_iam_member.sa_cloudbuild_image_builder_access,
]
}
19 changes: 12 additions & 7 deletions modules/silicon_design/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ output "deployment_id" {
value = local.random_id
}

output "project_radlab_silicon_design_id" {
output "project_id" {
description = "Silicon Design RAD Lab Project ID"
value = local.project.project_id
}
Expand All @@ -29,17 +29,22 @@ output "notebooks_instance_names" {
value = join(", ", google_notebooks_instance.ai_notebook[*].name)
}

output "notebooks_bucket_name" {
description = "Notebooks GCS Bucket Name"
value = google_storage_bucket.notebooks_bucket.name
}

output "artifact_registry_repository_id" {
description = "Artifact Registry Repository ID"
value = google_artifact_registry_repository.containers_repo.repository_id
}

output "notebooks_container_image" {
description = "Container Image URI"
value = "${google_notebooks_instance.ai_notebook[0].container_image[0].repository}:${google_notebooks_instance.ai_notebook[0].container_image[0].tag}"
value = "${google_artifact_registry_repository.containers_repo.location}-docker.pkg.dev/${local.project.project_id}/${google_artifact_registry_repository.containers_repo.repository_id}/${var.image_name}:${local.image_tag}"
}

output "notebooks_vm_image" {
description = "GCE VM Image Name"
value = "${var.image_name}-${local.image_tag}"
}

output "notebooks_staging_bucket" {
description = "Noteooks Staging bucket"
value = "${google_storage_bucket.staging_bucket.name}"
}
Loading