Controlling Virtual Machine Types

The selection of virtual machine types can be restricted by using an allow list or a deny list (or both).

Feature Description

When the OpCenter selects a virtual machine, for example, to start a new job or to migrate an existing job to a new virtual machine, the virtual machine must meet the requirements specified by the user. The requirements are defined either by the number of vCPUs and memory capacity, or by the machine type (for example, t2.medium in AWS terminology).

The user can restrict the selection further by stipulating that the virtual machine must be one that appears on an allow list of virtual machine types or must not appear on a deny list of virtual machine types (or both).

Configuration

The allow list can be specified in two ways:
  • Global configuration (applies to all jobs)
  • Per-job configuration using float submit with the --allowList or --denyList options (or both) or populating the equivalent fields in the web interface

The per-job configuration overrides the global configuration for that job.

The format for specifying an allow list or deny list is to concatenate one or more of the leading characters in the virtual machine type with * to indicate that the remaining characters can be anything. For example, to specify any virtual machine in the "t" family of virtual machine types, use t*. To specify any virtual machine in the "t2" family, use t2*, and so on. To specify a particular virtual machine, use the complete virtual machine name, for example, t2.xlarge. To specify any virtual machine type, use *.

To set the allow list and deny list in the global configuration using the CLI, complete the following steps.
  • Display the current setting by entering:
    float config get provider.allowList
    key: allowList
    value: '[*]' <--- this is the default setting, allows all virtual machine types
    editable: true
    needRestart: false
    float config get provider.denyList
    key: denyList
    value: '[]' <--- this is the default setting, denies no virtual machine types
    editable: true
    needRestart: false
  • Set the allow list and deny list by entering, for example:
    float config set provider.allowList c*
    allow list  is set to [c*]
    float config set provider.denyList t2*
    deny list is set to [t2*]
  • Multiple entries can be inserted by separating the entries by "," or " ". For example:
    float config set provider.allowList c*,m*,r*
    allow list is set to [c* m* r*]
    float config set provider.allowList "c* r5.8xlarge"
    allow list is set to [c* r5.8xlarge]
To set the allow list and deny list for a particular job, use the following procedure:
  • CLI: Submit the job with the --allowList and --denyList options. For example, to select from the "c" family of virtual machines and exclude the "t" family, use:
    float submit -i tidyverse -j run_genericr.sh -c 2 -m 4 --dataVolume [size=10]:/data --allowList "c*" --denyList "t*"
    float sinfo
    +---------------------+--------+-------------------------+---------+---
    |       ENTITY        | STATUS |      INSTANCETYPE       | PAYTYPE |  
    +---------------------+--------+-------------------------+---------+---
    | i-078c6919a1ef1c839 | normal | c5.large(2 vCPU, 4 GB)  | Spot    | 
    +---------------------+--------+-------------------------+---------+---
    (edited)
    To do the opposite (select from "t" family and exclude "c" family), use:
    float submit -i tidyverse -j run_genericr.sh -c 2 -m 4 --dataVolume [size=10]:/data --allowList "t*" --denyList "c*"
    float sinfo
    +---------------------+--------+-------------------------+---------+---
    |       ENTITY        | STATUS |      INSTANCETYPE       | PAYTYPE |  
    +---------------------+--------+-------------------------+---------+---
    | i-08f32df05d6aa8369 | normal | t3.medium(2 vCPU, 4 GB) | Spot    | 
    +---------------------+--------+-------------------------+---------+---
    (edited)
    To allow any virtual machine type, use --allowList "*" and --denyList " ".
  • Web interface: Open the Submit Job screen and click the Start from Scratch tab. Click the Misc. tab. Scroll down to the Allow List and Deny List fields, and populate in the same format as used in the CLI, for example, c5*. Click Add to specify additional virtual machine families.

Operation

How the allow list is applied depends on how the virtual machine instance is specified when the job is submitted.
  • Job is submitted with the --type option

    The --type option specifies a particular virtual machine type (for example, r5.8xlarge). In this case, the allow list is not applied — the OpCenter attempts to start a virtual machine of the type specified. As the job executes, a job migration event may be triggered (manually, by policy, programmatically, or by a Spot Instance reclaim. If the job must be moved to a new virtual machine of the same type or of a type specified by name, then the allow list is ignored. If the job must be moved to a new virtual machine specified by the --cpu and --mem options, then the allow list applies.

  • Job is submitted with the --cpu and --mem options

    If the job is submitted with these options, the OpCenter searches for a virtual machine type that meets the requirements and also satisfies the constraints of the allow list (either the global configuration if --allowList not used or the types specified by the --allowList if used). If a migration event is triggered, then the allow list is applied unless the VM policy is modified to select an instance by name (in which case the allow list is ignored).

The deny list behaves in the same manner, that is, the deny list is ignored when the job is submitted with the -t option or migrated to an instance of a specific type.

When both allow and deny lists are used, the instances that are eligible for use (unless specified by name) must occur on the allow list and not occur on the deny list (see figure). For example,
float submit -i tidyverse -j run_genericr.sh -c2 -m 4 --dataVolume [size=10]:/data --denyList "t3.*" --allowList "t3.medium"
Error: No instance types meet combined --cpu, --mem and --allowList constraints. (code: 8148)
float submit -i tidyverse -j run_genericr.sh -c2 -m 4 --dataVolume [size=10]:/data --denyList "t3.medium" --allowList "t3.*"
float hosts
+---------------------+--------+-------------------------+---------+---
|       ENTITY        | STATUS |      INSTANCETYPE       | PAYTYPE |  
+---------------------+--------+-------------------------+---------+---
| i-02a7484defb307b0e | normal | t3.large(2 vCPU, 8 GB)  | Spot    | 
+---------------------+--------+-------------------------+---------+---
(edited)
Figure 1. Deny list takes precedence over allow list