Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Corrections to Terraform manifest #4

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Corrections to Terraform manifest #4

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion s3-dataproc-ch.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,13 @@ resource "yandex_vpc_security_group" "dataproc-security-group" {
v4_cidr_blocks = ["0.0.0.0/0"]
}

egress {
description = "Allow access to NTP servers for time syncing"
protocol = "UDP"
port = 123
v4_cidr_blocks = ["0.0.0.0/0"]
}

egress {
description = "Allow connections to the ClickHouse port from any IP address"
protocol = "TCP"
Expand Down Expand Up @@ -154,6 +161,10 @@ resource "yandex_storage_bucket" "input-bucket" {
secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key
bucket = local.input-bucket

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Не могу комментить нужную строку, поэтому здесь.
Давай в строке 147 исправим название ресурса с s3-editor на s3-admin.
Аналогичная правка нужна во всех референсах на этот ресурс.

depends_on = [
yandex_resourcemanager_folder_iam_binding.s3-editor
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
yandex_resourcemanager_folder_iam_binding.s3-editor
yandex_resourcemanager_folder_iam_binding.s3-admin

]

grant {
id = yandex_iam_service_account.dataproc-sa.id
type = "CanonicalUser"
Expand All @@ -167,6 +178,10 @@ resource "yandex_storage_bucket" "output-bucket" {
secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key
bucket = local.output-bucket

depends_on = [
yandex_resourcemanager_folder_iam_binding.s3-editor
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
yandex_resourcemanager_folder_iam_binding.s3-editor
yandex_resourcemanager_folder_iam_binding.s3-admin

]

grant {
id = yandex_iam_service_account.dataproc-sa.id
type = "CanonicalUser"
Expand All @@ -188,7 +203,7 @@ resource "yandex_dataproc_cluster" "dataproc-cluster" {

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Давай добавим в кластер зависимости от ресурсов с ролями dataproc.agent и dataproc.provisioner, как в других манифестах.

hadoop {
services = ["HDFS", "SPARK", "YARN"]
ssh_public_keys = [file(local.dp_ssh_key)]
ssh_public_keys = ["${file(local.dp_ssh_key)}"]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Здесь было правильно. Давай вернём, как было.

}

subcluster_spec {
Expand Down