diff --git a/tutorials/terraform/sqoop/clusters-mysql-data-proc-and-vm.tf b/tutorials/terraform/sqoop/clusters-mysql-data-proc-and-vm.tf index afd5d04b..a64611b2 100644 --- a/tutorials/terraform/sqoop/clusters-mysql-data-proc-and-vm.tf +++ b/tutorials/terraform/sqoop/clusters-mysql-data-proc-and-vm.tf @@ -1,25 +1,28 @@ -# Infrastructure for the Yandex Cloud Managed Service for MySQL® cluster. +# Infrastructure for the Yandex Cloud Managed Service for MySQL® cluster, Data Proc cluster, and Virtual Machine # -# RU: https://cloud.yandex.ru/docs/managed-mysql/tutorials/sqoop +# RU: https://yandex.cloud/ru/docs/managed-mysql/tutorials/sqoop +# EN: https://yandex.cloud/en/docs/managed-mysql/tutorials/sqoop # -# Set the configuration of the Managed Service for MySQL® cluster, Managed Service for Data Proc cluster, and Virtual machine: +# Set the configuration of the Managed Service for MySQL® cluster, Managed Service for Data Proc cluster, and Virtual Machine: locals { - folder_id = "" # Your folder ID. - network_id = "" # Network ID for the Managed Service for MySQL® cluster, Data Proc cluster, and VM. - subnet_id = "" # Subnet ID (enable NAT for this subnet). - storage_sa_id = "" # Service account ID for creating a bucket in Object Storage. - data_proc_sa = "" # Set a Data Proc service account name. It must be unique in the folder. - my_cluster_version = "8.0" # Set the MySQL® version: 5.7 or 8.0. - my_cluster_db = "db1" # Set a database name. - my_cluster_username = "user1" # Set a database owner name. - my_cluster_password = "" # Set a database owner password. - vm_image_id = "" # Set a public image ID from https://cloud.yandex.com/en/docs/compute/operations/images-with-pre-installed-software/get-list. - vm_username = "" # Set a username for VM. Images with Ubuntu Linux use the username `ubuntu` by default. - vm_public_key = "" # Set a full path to the SSH public key for VM. - bucket_name = "" # Set an Object Storage bucket name. It must be unique throughout Object Storage. - dp_public_key = "" # Set a full path to SSH public key for the Data Proc Cluster. + folder_id = "" # Your folder ID + network_id = "" # Network ID for the Managed Service for MySQL® cluster, Data Proc cluster, and VM + subnet_id = "" # Subnet ID (enable NAT for this subnet) + storage_sa_id = "" # Service account ID for creating a bucket in Object Storage + data_proc_sa = "" # Data Proc service account name. It must be unique in the folder. + my_cluster_version = "8.0" # MySQL® version: 5.7 or 8.0 + my_cluster_db = "db1" # Database name + my_cluster_username = "user1" # Database owner's name + my_cluster_password = "" # Database owner's password + vm_image_id = "" # Public image ID from https://yandex.cloud/en/docs/compute/operations/images-with-pre-installed-software/get-list + vm_username = "" # Username for VM. Images with Ubuntu Linux use the `ubuntu` username by default. + vm_public_key = "" # Full path to the SSH public key for VM + bucket_name = "" # Object Storage bucket name. It must be unique throughout Object Storage. + dp_public_key = "" # Full path to the SSH public key for the Data Proc Cluster } +# Security groups for the Managed Service for MySQL® cluster, Data Proc cluster, and VM + resource "yandex_vpc_security_group" "cluster-security-group" { description = "Security group for the Managed Service for MySQL® cluster" network_id = local.network_id @@ -80,12 +83,14 @@ resource "yandex_vpc_security_group" "data-proc-security-group" { } } +# The service account for the Data Proc cluster + resource "yandex_iam_service_account" "data-proc-sa" { description = "Service account to manage the Data Proc cluster" name = local.data_proc_sa } -# Assign the `dataproc.agent` role to the service account. +# Assign the `dataproc.agent` role to the service account resource "yandex_resourcemanager_folder_iam_binding" "dataproc-agent" { folder_id = local.folder_id role = "dataproc.agent" @@ -94,7 +99,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "dataproc-agent" { ] } -# Assign the `dataproc.provisioner` role to the service account. +# Assign the `dataproc.provisioner` role to the service account resource "yandex_resourcemanager_folder_iam_binding" "dataproc-provisioner" { folder_id = local.folder_id role = "dataproc.provisioner" @@ -103,7 +108,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "dataproc-provisioner" { ] } -# Assign the `monitoring-viewer` role to the service account. +# Assign the `monitoring-viewer` role to the service account resource "yandex_resourcemanager_folder_iam_binding" "monitoring-viewer" { folder_id = local.folder_id role = "monitoring.viewer" @@ -112,7 +117,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "monitoring-viewer" { ] } -# Assign the `storage.viewer` role to the service account. +# Assign the `storage.viewer` role to the service account resource "yandex_resourcemanager_folder_iam_binding" "bucket-viewer" { folder_id = local.folder_id role = "storage.viewer" @@ -121,7 +126,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "bucket-viewer" { ] } -# Assign the `storage.uploader` role to the service account. +# Assign the `storage.uploader` role to the service account resource "yandex_resourcemanager_folder_iam_binding" "bucket-uploader" { folder_id = local.folder_id role = "storage.uploader" @@ -130,6 +135,8 @@ resource "yandex_resourcemanager_folder_iam_binding" "bucket-uploader" { ] } +# Infrastructure for the Managed Service for MySQL cluster + resource "yandex_mdb_mysql_cluster" "mysql-cluster" { description = "Managed Service for MySQL® cluster" name = "mysql-cluster" @@ -144,25 +151,34 @@ resource "yandex_mdb_mysql_cluster" "mysql-cluster" { disk_size = "10" # GB } - database { - name = local.my_cluster_db - } - - user { - name = local.my_cluster_username - password = local.my_cluster_password - permission { - database_name = local.my_cluster_db - roles = ["ALL"] - } - } - host { zone = "ru-central1-a" subnet_id = local.subnet_id } } +# Database of the Managed Service for MySQL cluster +resource "yandex_mdb_mysql_database" "db1" { + cluster_id = yandex_mdb_mysql_cluster.mysql-cluster.id + name = local.my_cluster_db +} + +# User of the Managed Service for MySQL cluster +resource "yandex_mdb_mysql_user" "user1" { + cluster_id = yandex_mdb_mysql_cluster.mysql-cluster.id + name = local.my_cluster_username + password = local.my_cluster_password + permission { + database_name = yandex_mdb_mysql_database.db1.name + roles = ["ALL"] + } + depends_on = [ + yandex_mdb_mysql_database.db1 + ] +} + +# VM infrastructure + resource "yandex_compute_instance" "vm-linux" { description = "Virtual Machine in Yandex Compute Cloud" name = "vm-linux" @@ -182,7 +198,7 @@ resource "yandex_compute_instance" "vm-linux" { network_interface { subnet_id = local.subnet_id - nat = true # Required for connection from the Internet. + nat = true # Required for connection from the Internet security_group_ids = [ yandex_vpc_security_group.vm-security-group.id, @@ -191,12 +207,14 @@ resource "yandex_compute_instance" "vm-linux" { } metadata = { - ssh-keys = "${local.vm_username}:${file(local.vm_public_key)}" # Username and SSH public key full path. + ssh-keys = "${local.vm_username}:${file(local.vm_public_key)}" # Username and the SSH public key full path } } +# Infrastructure for the Object Storage bucket + resource "yandex_iam_service_account_static_access_key" "bucket-key" { - description = "Object Storage bucket static key" + description = "Static key for the Object Storage bucket" service_account_id = local.storage_sa_id } @@ -207,6 +225,8 @@ resource "yandex_storage_bucket" "storage-bucket" { secret_key = yandex_iam_service_account_static_access_key.bucket-key.secret_key } +# Infrastructure for the Data Proc cluster + resource "yandex_dataproc_cluster" "my-dp-cluster" { description = "Data Proc cluster" depends_on = [yandex_resourcemanager_folder_iam_binding.dataproc-agent] diff --git a/tutorials/terraform/sqoop/clusters-postgresql-data-proc-and-vm.tf b/tutorials/terraform/sqoop/clusters-postgresql-data-proc-and-vm.tf index 14b74f61..143d3eb7 100644 --- a/tutorials/terraform/sqoop/clusters-postgresql-data-proc-and-vm.tf +++ b/tutorials/terraform/sqoop/clusters-postgresql-data-proc-and-vm.tf @@ -1,25 +1,28 @@ -# Infrastructure for the Yandex Cloud Managed Service for PostgreSQL cluster. +# Infrastructure for the Yandex Cloud Managed Service for PostgreSQL cluster, Data Proc cluster, and Virtual Machine # -# RU: https://cloud.yandex.ru/docs/managed-postgresql/tutorials/sqoop +# RU: https://yandex.cloud/ru/docs/managed-postgresql/tutorials/sqoop +# EN: https://yandex.cloud/en/docs/managed-postgresql/tutorials/sqoop # -# Set the configuration of the Managed Service for PostgreSQL cluster, Managed Service for Data Proc cluster, and Virtual machine: +# Set the configuration of the Managed Service for PostgreSQL cluster, Managed Service for Data Proc cluster, and Virtual Machine: locals { - folder_id = "" # Your folder ID. - network_id = "" # Network ID for the Managed Service for PostgreSQL cluster, Data Proc cluster, and VM. - subnet_id = "" # Subnet ID (enable NAT for this subnet). - storage_sa_id = "" # Service account ID for creating a bucket in Object Storage. - data_proc_sa = "" # Set a Data Proc service account name. It must be unique in the folder. - pg_cluster_version = "14" # Set the PostgreSQL version.See the complete list of supported versions in https://cloud.yandex.com/en/docs/managed-postgresql/. - pg_cluster_db = "db1" # Set a database name. - pg_cluster_username = "user1" # Set a database owner name. - pg_cluster_password = "" # Set a database owner password. - vm_image_id = "" # Set a public image ID from https://cloud.yandex.com/en/docs/compute/operations/images-with-pre-installed-software/get-list. - vm_username = "" # Set a username for VM. Images with Ubuntu Linux use the username `ubuntu` by default. - vm_public_key = "" # Set a full path to the SSH public key for VM. - bucket_name = "" # Set an Object Storage bucket name. It must be unique throughout Object Storage. - dp_public_key = "" # Set a full path to SSH public key for the Data Proc Cluster. + folder_id = "" # Your folder ID + network_id = "" # Network ID for the Managed Service for PostgreSQL cluster, Data Proc cluster, and VM + subnet_id = "" # Subnet ID (enable NAT for this subnet) + storage_sa_id = "" # Service account ID for creating a bucket in Object Storage + data_proc_sa = "" # Data Proc service account name. It must be unique in the folder. + pg_cluster_version = "14" # PostgreSQL version. See the complete list of supported versions in https://yandex.cloud/en/docs/managed-postgresql/. + pg_cluster_db = "db1" # Database name + pg_cluster_username = "user1" # Database owner's name + pg_cluster_password = "" # Database owner's password + vm_image_id = "" # Public image ID from https://yandex.cloud/en/docs/compute/operations/images-with-pre-installed-software/get-list + vm_username = "" # Username for VM. Images with Ubuntu Linux use the `ubuntu` username by default. + vm_public_key = "" # Full path to the SSH public key for VM + bucket_name = "" # Object Storage bucket name. It must be unique throughout Object Storage. + dp_public_key = "" # Full path to the SSH public key for the Data Proc Cluster } +# Security groups for the Managed Service for PostgreSQL cluster, Data Proc cluster, and VM + resource "yandex_vpc_security_group" "cluster-security-group" { description = "Security group for the Managed Service for PostgreSQL cluster" network_id = local.network_id @@ -80,12 +83,14 @@ resource "yandex_vpc_security_group" "data-proc-security-group" { } } +# The service account for the Data Proc cluster + resource "yandex_iam_service_account" "data-proc-sa" { description = "Service account to manage the Data Proc cluster" name = local.data_proc_sa } -# Assign the `dataproc.agent` role to the service account. +# Assign the `dataproc.agent` role to the service account resource "yandex_resourcemanager_folder_iam_binding" "dataproc-agent" { folder_id = local.folder_id role = "dataproc.agent" @@ -94,7 +99,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "dataproc-agent" { ] } -# Assign the `dataproc.provisioner` role to the service account. +# Assign the `dataproc.provisioner` role to the service account resource "yandex_resourcemanager_folder_iam_binding" "dataproc-provisioner" { folder_id = local.folder_id role = "dataproc.provisioner" @@ -103,7 +108,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "dataproc-provisioner" { ] } -# Assign the `monitoring-viewer` role to the service account. +# Assign the `monitoring-viewer` role to the service account resource "yandex_resourcemanager_folder_iam_binding" "monitoring-viewer" { folder_id = local.folder_id role = "monitoring.viewer" @@ -112,7 +117,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "monitoring-viewer" { ] } -# Assign the `storage.viewer` role to the service account. +# Assign the `storage.viewer` role to the service account resource "yandex_resourcemanager_folder_iam_binding" "bucket-viewer" { folder_id = local.folder_id role = "storage.viewer" @@ -121,7 +126,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "bucket-viewer" { ] } -# Assign the `storage.uploader` role to the service account. +# Assign the `storage.uploader` role to the service account resource "yandex_resourcemanager_folder_iam_binding" "bucket-uploader" { folder_id = local.folder_id role = "storage.uploader" @@ -130,6 +135,8 @@ resource "yandex_resourcemanager_folder_iam_binding" "bucket-uploader" { ] } +# Infrastructure for the Managed Service for PostgreSQL cluster + resource "yandex_mdb_postgresql_cluster" "postgresql-cluster" { description = "Managed Service for PostgreSQL cluster" name = "postgresql-cluster" @@ -146,26 +153,28 @@ resource "yandex_mdb_postgresql_cluster" "postgresql-cluster" { } } - database { - name = local.pg_cluster_db - owner = local.pg_cluster_username - } - - user { - name = local.pg_cluster_username - password = local.pg_cluster_password - - permission { - database_name = local.pg_cluster_db - } - } - host { zone = "ru-central1-a" subnet_id = local.subnet_id } } +# Database of the Managed Service for PostgreSQL cluster +resource "yandex_mdb_postgresql_database" "db1" { + cluster_id = yandex_mdb_postgresql_cluster.postgresql-cluster.id + name = local.pg_cluster_db + owner = yandex_mdb_postgresql_user.user1.name +} + +# User of the Managed Service for PostgreSQL cluster +resource "yandex_mdb_postgresql_user" "user1" { + cluster_id = yandex_mdb_postgresql_cluster.postgresql-cluster.id + name = local.pg_cluster_username + password = local.pg_cluster_password +} + +# VM infrastructure + resource "yandex_compute_instance" "vm-linux" { description = "Virtual Machine in Yandex Compute Cloud" name = "vm-linux" @@ -185,7 +194,7 @@ resource "yandex_compute_instance" "vm-linux" { network_interface { subnet_id = local.subnet_id - nat = true # Required for connection from the Internet. + nat = true # Required for connection from the Internet security_group_ids = [ yandex_vpc_security_group.vm-security-group.id, @@ -194,12 +203,14 @@ resource "yandex_compute_instance" "vm-linux" { } metadata = { - ssh-keys = "${local.vm_username}:${file(local.vm_public_key)}" # Username and SSH public key full path. + ssh-keys = "${local.vm_username}:${file(local.vm_public_key)}" # Username and the SSH public key full path } } +# Infrastructure for the Object Storage bucket + resource "yandex_iam_service_account_static_access_key" "bucket-key" { - description = "Object Storage bucket static key" + description = "Static key for the Object Storage bucket" service_account_id = local.storage_sa_id } @@ -210,6 +221,8 @@ resource "yandex_storage_bucket" "storage-bucket" { secret_key = yandex_iam_service_account_static_access_key.bucket-key.secret_key } +# Infrastructure for the Data Proc cluster + resource "yandex_dataproc_cluster" "my-dp-cluster" { description = "Data Proc cluster" depends_on = [yandex_resourcemanager_folder_iam_binding.dataproc-agent]