79222c36bf
This changeset adds volumes but does not mount them to instances so
that we can test the mounting ("staging") via CSI plugins. The CSI
plugins themselves will be installed as Nomad jobs.
In order to ensure we can always mount the EFS volume, this changeset
pins the deployment of the cluster to a specific subnet. In future
work we should spread the cluster out among several AZs and test that
behavior explicitly.
95 lines
1.6 KiB
HCL
95 lines
1.6 KiB
HCL
data "aws_vpc" "default" {
|
|
default = true
|
|
}
|
|
|
|
data "aws_subnet" "default" {
|
|
availability_zone = var.availability_zone
|
|
vpc_id = data.aws_vpc.default.id
|
|
}
|
|
|
|
resource "aws_security_group" "primary" {
|
|
name = local.random_name
|
|
vpc_id = data.aws_vpc.default.id
|
|
|
|
ingress {
|
|
from_port = 22
|
|
to_port = 22
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
# Nomad
|
|
ingress {
|
|
from_port = 4646
|
|
to_port = 4646
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
# Fabio
|
|
ingress {
|
|
from_port = 9998
|
|
to_port = 9999
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
# Consul
|
|
ingress {
|
|
from_port = 8500
|
|
to_port = 8500
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
# HDFS NameNode UI
|
|
ingress {
|
|
from_port = 50070
|
|
to_port = 50070
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
# HDFS DataNode UI
|
|
ingress {
|
|
from_port = 50075
|
|
to_port = 50075
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
# Spark history server UI
|
|
ingress {
|
|
from_port = 18080
|
|
to_port = 18080
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
ingress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
self = true
|
|
}
|
|
|
|
egress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
}
|
|
|
|
resource "aws_security_group" "nfs" {
|
|
name = "${local.random_name}-nfs"
|
|
vpc_id = data.aws_vpc.default.id
|
|
|
|
ingress {
|
|
from_port = 2049
|
|
to_port = 2049
|
|
protocol = "tcp"
|
|
security_groups = [aws_security_group.primary.id]
|
|
}
|
|
}
|