大佬教程收集整理的这篇文章主要介绍了如何使用 terraform 部署 EMR Terraform,这是一个简单的开箱即用示例,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在使用 terraform v0.14.5 并尝试官方 Terraform example 使用其指定的版本:
terraform {
required_provIDers {
aws = {
source = "hashicorp/aws"
version = "3.25.0"
}
}
}
provIDer "aws" {
region = var.region
}
“解决”几个明显的BUG后
变化:从allow_all到allow_access(安全组的名字)
aws_security_group.allow_access.ID
变化:从allow_all到allow_access(安全组的名字)
使 cIDr_blocks 成为一个列表
更新emr版本
aws_security_group.allow_access.ID
cIDr_blocks = [aws_vpc.main.cIDr_block]
release_label = "emr-6.2.0"
我设法进行了初始化和计划,但未能成功
Error: Error waiTing for EMR Cluster state to be "WAITinG" or "RUNNING": TERMINATinG: bootstrap_FAILURE: Master instance (i-07e34ac1b04ebde01) Failed attempTing to download bootstrap action 1 file from S3
该错误似乎源于:
bootstrap_action {
path = "s3://elasticmapreduce/bootstrap-actions/run-if"
name = "runif"
args = ["instance.ismaster=true","echo running on master node"]
}
所以我下载了文件
aws s3 cp s3://elasticmapreduce/bootstrap-actions/run-if .
并在本地添加:
bootstrap_action {
path = "file://${path.modulE}/run-if"
// path = "s3://elasticmapreduce/bootstrap-actions/run-if"
name = "runif"
args = ["instance.ismaster=true","echo running on master node"]
}
这是完整的代码:
terraform {
required_provIDers {
aws = {
source = "hashicorp/aws"
version = "3.25.0"
}
}
}
provIDer "aws" {
region = var.region
}
resource "aws_emr_cluster" "cluster" {
name = "emr-test-arn"
release_label = "emr-6.2.0"
applications = ["Spark","Zeppelin"]
ec2_attributes {
subnet_ID = aws_subnet.main.ID
emr_managed_master_security_group = aws_security_group.allow_access.ID
emr_managed_slave_security_group = aws_security_group.allow_access.ID
instance_profile = aws_iam_instance_profile.emr_profile.arn
}
master_instance_group {
instance_type = "m5.xlarge"
}
core_instance_group {
instance_count = 1
instance_type = "m5.xlarge"
}
Tags = {
role = "rolename"
dns_zone = "env_zone"
env = "env"
name = "name-env"
}
bootstrap_action {
// path = "s3://elasticmapreduce/bootstrap-actions/run-if"
path = "file://${path.modulE}/run-if"
name = "runif"
args = ["instance.ismaster=true","echo running on master node"]
}
configurations_Json = <<EOF
[
{
"Classification": "hadoop-env","Configurations": [
{
"Classification": "export","PropertIEs": {
"JAVA_HOME": "/usr/lib/jvm/java-1.8.0"
}
}
],"PropertIEs": {}
},{
"Classification": "spark-env","PropertIEs": {}
}
]
EOF
service_role = aws_iam_role.iam_emr_service_role.arn
}
resource "aws_security_group" "allow_access" {
name = "allow_access"
description = "Allow inbound traffic"
vpc_ID = aws_vpc.main.ID
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cIDr_blocks = [aws_vpc.main.cIDr_block]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cIDr_blocks = ["0.0.0.0/0"]
}
depends_on = [aws_subnet.main]
lifecycle {
ignore_changes = [
ingress,egress,]
}
Tags = {
name = "emr_test"
}
}
resource "aws_vpc" "main" {
cIDr_block = "168.31.0.0/16"
enable_dns_hostnames = true
Tags = {
name = "emr_test"
}
}
resource "aws_subnet" "main" {
vpc_ID = aws_vpc.main.ID
cIDr_block = "168.31.0.0/20"
Tags = {
name = "emr_test"
}
}
resource "aws_internet_gateway" "gw" {
vpc_ID = aws_vpc.main.ID
}
resource "aws_route_table" "r" {
vpc_ID = aws_vpc.main.ID
route {
cIDr_block = "0.0.0.0/0"
gateway_ID = aws_internet_gateway.gw.ID
}
}
resource "aws_main_route_table_association" "a" {
vpc_ID = aws_vpc.main.ID
route_table_ID = aws_route_table.r.ID
}
###
# IAM Role setups
###
# IAM role for EMR service
resource "aws_iam_role" "iam_emr_service_role" {
name = "iam_emr_service_role"
assume_role_policy = <<EOF
{
"Version": "2008-10-17","Statement": [
{
"SID": "","Effect": "Allow","Principal": {
"service": "elasticmapreduce.amazonaws.com"
},"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "iam_emr_service_policy" {
name = "iam_emr_service_policy"
role = aws_iam_role.iam_emr_service_role.ID
policy = <<EOF
{
"Version": "2012-10-17","Statement": [{
"Effect": "Allow","resource": "*","Action": [
"ec2:AuthorizeSecurityGroupEgress","ec2:AuthorizeSecurityGrouPingress","ec2:CancelSpoTinstancerequests","ec2:CreateNetworkInterface","ec2:CreateSecurityGroup","ec2:CreateTags","ec2:deleteNetworkInterface","ec2:deleteSecurityGroup","ec2:deleteTags","ec2:DescribeAvailabilityZones","ec2:DescribeAccountAttributes","ec2:DescribedhcpOptions","ec2:DescribeInstanceStatus","ec2:DescribeInstances","ec2:DescribeKeyPairs","ec2:DescribeNetworkAcls","ec2:DescribeNetworkInterfaces","ec2:DescribePrefixLists","ec2:DescribeRoutetables","ec2:DescribeSecurityGroups","ec2:DescribeSpoTinstancerequests","ec2:DescribeSpotPriceHistory","ec2:Describesubnets","ec2:DescribeVpcAttribute","ec2:DescribeVpcEndpoints","ec2:DescribeVpcEndpointservices","ec2:DescribeVpcs","ec2:DetachNetworkInterface","ec2:ModifyImageAttribute","ec2:ModifyInstanceAttribute","ec2:requestSpoTinstances","ec2:revokeSecurityGroupEgress","ec2:runInstances","ec2:TerminateInstances","ec2:deleteVolume","ec2:DescribeVolumeStatus","ec2:DescribeVolumes","ec2:DetachVolume","iam:GetRole","iam:GetRolePolicy","iam:LisTinstanceProfiles","iam:ListRolePolicIEs","iam:PassRole","s3:CreateBucket","s3:Get*","s3:List*","sdb:BatchPutAttributes","sdb:SELEct","sqs:CreateQueue","sqs:delete*","sqs:GetQueue*","sqs:PurgeQueue","sqs:receivemessage"
]
}]
}
EOF
}
# IAM Role for EC2 Instance Profile
resource "aws_iam_role" "iam_emr_profile_role" {
name = "iam_emr_profile_role"
assume_role_policy = <<EOF
{
"Version": "2008-10-17","Principal": {
"service": "ec2.amazonaws.com"
},"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_instance_profile" "emr_profile" {
name = "emr_profile"
role = aws_iam_role.iam_emr_profile_role.name
}
resource "aws_iam_role_policy" "iam_emr_profile_policy" {
name = "iam_emr_profile_policy"
role = aws_iam_role.iam_emr_profile_role.ID
policy = <<EOF
{
"Version": "2012-10-17","Action": [
"clouDWatch:*","dynamodb:*","ec2:Describe*","elasticmapreduce:Describe*","elasticmapreduce:ListbootstrapActions","elasticmapreduce:Listclusters","elasticmapreduce:LisTinstanceGroups","elasticmapreduce:LisTinstances","elasticmapreduce:ListSteps","kinesis:CreateStream","kinesis:deleteStream","kinesis:DescribeStream","kinesis:GetRecords","kinesis:GetShardIterator","kinesis:MergeShards","kinesis:PutRecord","kinesis:SplitShard","rds:Describe*","s3:*","sdb:*","sns:*","sqs:*"
]
}]
}
EOF
}
谁能推荐一个工作示例或帮助解决 VPC 错误?
事实证明我有一个新版本的 terraform CLI,即 14.5,它不适用于网络上的大多数示例。因此,对于未启动的人(对版本没有特殊知识的人......),我添加了一个关于如何启动和运行集群的特定“接收”。
我使用了 https://github.com/cloudposse/terraform-aws-emr-cluster.git 因为它首先出现并持续维护。请记住,它使用了许多远程模块,尽管它们在 Github 上,但它们具有版本依赖性,维护它们本身就是一个挑战。还要记住,就我而言,这只是一个“Hello World”。
brew install tfswitch
tfswitch 0.13.5
git clone https://github.com/cloudposse/terraform-aws-emr-cluster.git
cd /terraform-aws-emr-cluster/examples/complete/
terraform init
这将从 Github 下载源
cp fixtureS.Us-east-2.tfvars terraform.tfvars
@H_891_5@mkdir <path of your choice>secrets ssh_public_key_path = <path of your choice>secrets
terraform plan
terraform apply -auto-approve
这应该会产生一个 EMR 集群。
附言
我想要的只是一个 POC 来测试架构解决方案。过去花了我 20 分钟的事情对于外行来说变得非常复杂和具有挑战性。 DevOps Babylon Tower 的特性和安全性似乎损害了基础设施即代码、声明性代码、简单性、干净代码和简单理智的原则。
以上是大佬教程为你收集整理的如何使用 terraform 部署 EMR Terraform,这是一个简单的开箱即用示例全部内容,希望文章能够帮你解决如何使用 terraform 部署 EMR Terraform,这是一个简单的开箱即用示例所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。