fredrikhgrelland / docker-hive Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
Research how to integrate github actions with vagrant
Enterprise feature Namespaces
is implemented in Consul, Nomad and Vault.
The main idea is isolation in a shared cluster. (teams, deployments, services, policies, etc...)
Acceptance Criteria
Consul namespaces allow global operators to create isolated environments in a shared cluster and apply any required service access restrictions for authenticated users.
Namespaces enhance the usability of a shared cluster by isolating teams from the jobs of others, by providing fine grain access control to jobs when coupled with ACLs, and by preventing bad actors from negatively impacting the whole cluster.
Many organizations implement Vault as a "service", providing centralized management for teams within an organization while ensuring that those teams operate within isolated environments known as tenants.
Requires changing prebuild switches in vagrant-hashistack.
Vault has a Nomad secrets backend that generates tokens based on policies in vault. This needs to be added to vagrant-hashistack
https://www.vaultproject.io/docs/secrets/nomad
This user story implements ....
Create a table
CREATE External TABLE my_table (
description STRING,
foo STRUCT<bar: STRING, quux: STRING, level1: STRUCT<l2string: STRING, l2struct: STRUCT<level3: STRING>>>,
wibble STRING,
wobble ARRAY<STRUCT <entry: INT, EntryDetails: STRUCT<details1: STRING, details2: INT>>>)
ROW FORMAT SERDE 'org.openx.data.jsonserde.JsonSerDe' location 's3a://hive/warehouse/json/';
{
"description": "my doc",
"foo": {
"bar": "baz",
"quux": "revlos",
"level1": {
"l2string": "l2val",
"l2struct": {
"level3": "l3val"
}
}
},
"wibble": "123",
"wobble": [
{
"entry": 1,
"EntryDetails": {
"details1": "lazybones",
"details2": 414
}
}
]
}
FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot validate serde: org.openx.data.jsonserde.JsonSerDe
hive>
Vault has a consul secrets engine that allows generating API-token dynamically. This needs to be added to vagrant-hashistack
https://www.vaultproject.io/docs/secrets/consul
Make sure encryption is enabled where applicable (I believe the only relevant module is MinIO at the time being)
Documentation on MinIO encryption using Service Side Encryption with vault
todo
As of today we use user provided screts to access minio, however, going forward we would like to generate these secrets from Vault. The KV Secrets Engine feature could be made use of to achieve this.
Acceptance Criteria
References: fredrikhgrelland/data-mesh#51
Invalid reference format if we use the branch name
~/Makefile
branch = $(shell git rev-parse --abbrev-ref HEAD)
build: custom_ca
docker build . -t local/hive:$(branch)
docker tag local/hive:$(branch) local/hive:latest
~/src/github.com/zhenik/docker-hive make build
docker build . -t local/hive:feature/refactor-to-r.0.2.2
invalid argument "local/hive:feature/refactor-to-r.0.2.2" for "-t, --tag" flag: invalid reference format
See 'docker build --help'.
make: *** [build] Error 125
I would suggest using last commit's hash
~/Makefile
branch = $(shell git rev-parse --verify HEAD)
This might be relevant in some modules, and not relevant in others.
todo:
make test
on branches with prefix feature
or fix
Example ref: https://github.com/fredrikhgrelland/vagrant-hashistack/blob/master/.github/workflows/build.yml
We need to have docker image TAG convention for new releases:
I offer the next options
Link to official documentation
All modules will have consul-connect enabled, and intentions need to be created so that modules can communicate with each other
Nomad supports several task drivers to deploy "things".
We focusing on docker driver.
TLDR -> nomad has control of docker host. Docker host supports volumes.
There is an opportunity to manage docker volumes via nomad-job.
Link to official documentation
nomad job stop -purge <nomad-job>
.NB
docker volumes stored in the docker host file system, basically inside the vagrant-hashistack box.
Potentially https://github.com/sethvargo/vault-secrets-gen
This repository is docker base image of terraform-nomad-hive
@fredrikhgrelland You might need to transfer ownership to Skatteetaten
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.