skatteetaten / terraform-nomad-trino Goto Github PK
View Code? Open in Web Editor NEWTerraform module to set up presto on nomad
License: Apache License 2.0
Terraform module to set up presto on nomad
License: Apache License 2.0
I miss information about how to create local proxy to presto instance to make http://localhost:8080 avaliable (presto-gui and running queries from intelliJ).
I suggest to include information about how to create local proxy to presto instance, which is:make proxy-presto
. The commands already exists in Makefile.
We have a slash at the start of a path for a template in presto_standalone.hcl
and presto.hcl
https://github.com/fredrikhgrelland/terraform-nomad-presto/blob/11ef41ef3ca2472d7f32226a2c7425f350554d71/conf/nomad/presto_standalone.hcl#L153
https://github.com/fredrikhgrelland/terraform-nomad-presto/blob/11ef41ef3ca2472d7f32226a2c7425f350554d71/conf/nomad/presto.hcl#L204
Shouldn't be there, and will, according to Fredrik, cause an error in Foundation 2.
Remove the first slash
Throws warnings when running targets from makefile
~/projects/terraform-nomad-presto(master) » make clean m88614@SKE-DC6KF-MD6T
Makefile:77: warning: overriding commands for target `status'
Makefile:60: warning: ignoring old commands for target `status'
No warnings
Run make clean
or make up
Will look at why it happens tomorrow. Making this now so that I don't forget
Canaries will not work with limited resources on the vagrant box. Create a switch to turn it off and use it in example.
A random secret is required for cluster communication in presto.
This secret should be added to vault and used by presto by referencing vault in a template stanza.
No healthchecks
Commented helathchecks should be implemented: https://github.com/fredrikhgrelland/terraform-nomad-presto/blob/master/conf/nomad/presto_standalone.hcl#L50-L67
make up-standalone
Maybe add a service proxie to do the checks for us.
We can use docker in the makefile to remove any dependencies other than docker.
Input section in readme does not contain info about local_docker_image
Update readme
In order to form a functioning cluster of presto nodes in a consul-connect service mesh, we need presto to resolve inside of the cluster. We can not rely in service discovery inside of the cluster, as presto will announce and resolve its workers with the discovery-server built into airlift.io.
In order to connect-enable presto we need the entire uri to match "inside and outside" of the containers connected by consul connect. In order for this to work in nomad and resolve hive metastore and minio by normal sidecards, we will use a combination of consul connect native designation, a certificates-handler sidecar and update /etc/hosts by noop templating of the service catalog.
There will be a draft PR shortly for all of this. We keep the option of standlone container without all the trickery, as well as a fully fledged cluster job.
Based on recommendations here: https://prestosql.io/blog/2020/08/27/training-performance.html
We should implement sane defaults (t-shirt sizing maybe) and calculated memory allocation.
The locals block in our examples is a little messy, and there is quite a bit of excess code.
Better readability
Remove the locals block and write the variables directly.
I'm following the setup here: https://github.com/fredrikhgrelland/terraform-nomad-presto#option-3-local-presto-cli
Eivinds-MacBook-Pro:terraform-nomad-presto eivindberg$ sudo make presto-cli
Password:
Makefile:78: warning: overriding commands for target `status'
Makefile:61: warning: ignoring old commands for target `status'
make: *** No rule to make target `y', needed by `presto-cli'. Stop.
Removing the :y-flag in the Makefile gives the Presto-cli, however I have no connection to Presto.
Eivinds-MacBook-Pro:terraform-nomad-presto eivindberg$ sudo make presto-cli
Makefile:78: warning: overriding commands for target `status'
Makefile:61: warning: ignoring old commands for target `status'
CID=$(docker run --rm -d --network host consul:1.8 connect proxy -token master -service presto-local -upstream presto:8080)
docker run --rm -it --network host prestosql/presto:341 presto --server localhost:8080 --http-proxy localhost:8080 --catalog hive --schema default --user presto --debug
presto:default> show catalogs;
Error running command: java.net.ConnectException: Failed to connect to localhost/0:0:0:0:0:0:0:1:8080
java.io.UncheckedIOException: java.net.ConnectException: Failed to connect to localhost/0:0:0:0:0:0:0:1:8080
Having no connection could be related to issue #46 Update documentation, distributed mode deployment.
The make presto-cli not working is something else.
To enter the CLI and being able to run a query successfully from the cli by running:
make presto-cli
and then the query (like SHOW CATALOGS;).
Lacking optional features in tests:
Increase memory allocation for presto sidecar proxy
Proxy crashes due to beeing out of memory
Increase memory allocation
Side car proxy services are running with more memory
show catalogs;
throw the error
presto:default> show catalogs;
Catalog
---------
hive
jmx
memory
system
tpcds
tpch
(6 rows)
Query 20201026_132630_00069_hhwdp, FINISHED, 1 node
http://localhost:8080/ui/query.html?20201026_132630_00069_hhwdp
Splits: 19 total, 19 done (100.00%)
CPU Time: 0.0s total, 0 rows/s, 0B/s, 5% active
Per Node: 0.0 parallelism, 0 rows/s, 0B/s
Parallelism: 0.0
Peak Memory: 0B
0.47 [0 rows, 0B] [0 rows/s, 0B/s]
make up
make presto-cli
show catalogs;
Log
~/src/github.com/zhenik/terraform-nomad-presto │ master *1 !1 make presto-cli ✔ │ 11s │ 14:27:29
Makefile:77: warning: overriding recipe for target 'status'
Makefile:60: warning: ignoring old recipe for target 'status'
CID=$(docker run --rm -d --network host consul:1.8 connect proxy -token master -service presto-local -upstream presto:8080)
docker run --rm -it --network host prestosql/presto:341 presto --server localhost:8080 --http-proxy localhost:8080 --catalog hive --schema default --user presto --debug
docker rm -f $CID
presto:default> show catalogs;
Error running command: java.net.SocketException: Connection reset
java.io.UncheckedIOException: java.net.SocketException: Connection reset
at io.prestosql.client.JsonResponse.execute(JsonResponse.java:154)
at io.prestosql.client.StatementClientV1.<init>(StatementClientV1.java:134)
at io.prestosql.client.StatementClientFactory.newStatementClient(StatementClientFactory.java:24)
at io.prestosql.cli.QueryRunner.startInternalQuery(QueryRunner.java:146)
at io.prestosql.cli.QueryRunner.startQuery(QueryRunner.java:132)
at io.prestosql.cli.Console.process(Console.java:347)
at io.prestosql.cli.Console.runConsole(Console.java:273)
at io.prestosql.cli.Console.run(Console.java:172)
at io.prestosql.cli.Console.call(Console.java:101)
at io.prestosql.cli.Console.call(Console.java:74)
at picocli.CommandLine.executeUserObject(CommandLine.java:1933)
at picocli.CommandLine.access$1100(CommandLine.java:145)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2332)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2326)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2291)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2159)
at picocli.CommandLine.execute(CommandLine.java:2058)
at io.prestosql.cli.Presto.main(Presto.java:32)
Caused by: java.net.SocketException: Connection reset
at java.base/java.net.SocketInputStream.read(SocketInputStream.java:186)
at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)
at okio.Okio$2.read(Okio.java:139)
at okio.AsyncTimeout$2.read(AsyncTimeout.java:237)
at okio.RealBufferedSource.indexOf(RealBufferedSource.java:345)
at okio.RealBufferedSource.readUtf8LineStrict(RealBufferedSource.java:217)
at okio.RealBufferedSource.readUtf8LineStrict(RealBufferedSource.java:211)
at okhttp3.internal.http1.Http1Codec.readResponseHeaders(Http1Codec.java:187)
at okhttp3.internal.http.CallServerInterceptor.intercept(CallServerInterceptor.java:88)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at io.prestosql.client.OkHttpUtil.lambda$interceptRequest$3(OkHttpUtil.java:106)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:45)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:125)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200)
at okhttp3.RealCall.execute(RealCall.java:77)
at io.prestosql.client.JsonResponse.execute(JsonResponse.java:131)
... 17 more
presto:default>
Fix proxy and cli commands
Ref: https://github.com/fredrikhgrelland/terraform-nomad-presto#option-2-presto-and-nomad
Verifying setup -> Option 2 does not work when deploying presto in distributed mode.
It fails on the step when the user needs to execute a command
show catalogs;
After command presto
Check the configuration of coordinator
.
http
disabled, only https
node.id=3b1c9ca0-2096-9018-22c1-017d58008f1c
node.environment=presto
node.internal-address=presto
coordinator=true
node-scheduler.include-coordinator=false
discovery-server.enabled=true
discovery.uri=https://127.0.0.1:25056
dynamic.http-client.https.hostname-verification=false
failure-detector.http-client.https.hostname-verification=false
memoryManager.http-client.https.hostname-verification=false
scheduler.http-client.https.hostname-verification=false
workerInfo.http-client.https.hostname-verification=false
discovery.http-client.https.hostname-verification=false
node-manager.http-client.https.hostname-verification=false
exchange.http-client.https.hostname-verification=false
http-server.http.enabled=false
http-server.authentication.type=CERTIFICATE
# Work behind proxy
http-server.authentication.allow-insecure-over-http=true
http-server.process-forwarded=true
http-server.https.enabled=true
http-server.https.port=25056
http-server.https.keystore.path=/local/presto.pem
http-server.https.truststore.path=/local/roots.pem
# This is the same jks, but it will not do the consul connect authorization in intra cluster communication
internal-communication.https.required=true
internal-communication.shared-secret= "asdasdsadafdsa"
internal-communication.https.keystore.path=/local/presto.pem
internal-communication.https.truststore.path=/local/roots.pem
query.client.timeout=5m
query.min-expire-age=30m
query.max-memory=76MB
Add CPU as a variable you can set in the module
More flexibility and control for the user
add to variables.tf
User can set CPU from input variable to module
To support airgapped environments the artefact source uri for the plugin must be configurable
Add support for fetching credentials for dependent modules from the Vault and render them directly to nomad job.
Follow hive pr Skatteetaten/terraform-nomad-hive#53
Creds with vault
Upgrade and test v0.7.0 of the hashistack box.
https://app.vagrantup.com/fredrikhgrelland/boxes/hashistack/versions/0.7.0
Change Vagrantfile.default
versioning to fetch newest box between 0.7 and 0.8.
Automate the release process and add appropriate labels
patch
minor
major
Blocker #9
Need to update modules to latest versions
Change in main.tf
. https://github.com/fredrikhgrelland/terraform-nomad-presto/blob/master/example/main.tf#L57
After digging in the source code of presto I realized that presto can handle concatinated pem-formated files as well as jks. Moving the template stanzas into the server task to simplify.
Make clean sletter ikke det som ligger under /examples/presto-cluster. Måtte slette dem manuelt ved å kjøre rm -rf .terrafom/ terraform.tfstate
.terraform/ og terraform.tfstate under /examples/presto-cluster slettes når man kjører make clean
As a user of the module we want proper render of credentials, without using vault provider
To make it easier to use the module.
Done in Presto module: https://github.com/fredrikhgrelland/terraform-nomad-presto/blob/master/conf/nomad/presto.hcl#L327
.hcl
fileNo documentation about intentions.
Add intetions documentation in README.md
Fail at resolving variables
TASK [Terraform presto standalone] *********************************************
fatal: [default]: FAILED! => {
"changed": false
}
MSG:
Failed to validate Terraform configuration files:
Error: Unsupported argument
on main.tf line 37, in module "presto":
37: shared_secret_provider = local.presto.shared_secret_provider
An argument named "shared_secret_provider" is not expected here.
Error: Unsupported argument
on main.tf line 39, in module "presto":
39: shared_secret_vault = {
An argument named "shared_secret_vault" is not expected here.
PLAY RECAP *********************************************************************
default : ok=9 changed=1 unreachable=0 failed=1 skipped=12 rescued=0 ignored=0
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
make: *** [up-standalone] Error 1
Up and running a standalone example
make clean
make up-standalone
Setup proper variables
The locals block in our examples is a little messy, and there is quite a bit of excess code.
Better readability
Remove the locals block and write the variables directly.
Add standalone example for simplification
add new directory example/standalone
or example/presto_standalone
Using the nomad autoscaler we could implement an autoscaler.
Remember, we can not kill nodes only add.
The APM could be prometheus with a jmx plugin scraping presto jmx emitter.
It is requested a better healthcheck for Presto in the presto_cluster
example. Similar to the one in presto_standalone.hcl#L44-L52.
For better coverage and make sure presto is healthy 🧑⚕️
Need to do something similar as the one in presto_standalone.hcl#L44-L52.
Think we need to create a proxy service that is continuously checking the Presto service for us.
When we have a simliar feature as the one in presto_standalone.hcl#L44-L52.
Error message:
TASK [service_bootstrap : vault - post/pki - enable PKI backend] ***************
fatal: [default]: FAILED! => {
"changed": false
}
MSG:
Failed to initialize Terraform modules:
Error: Failed to install provider
Error while installing hashicorp/vault v2.15.0: could not query provider
registry for registry.terraform.io/hashicorp/vault: failed to retrieve
authentication checksums for provider: the request failed after 2 attempts,
please try again later: Get
"https://releases.hashicorp.com/terraform-provider-vault/2.15.0/terraform-provider-vault_2.15.0_SHA256SUMS":
x509: certificate signed by unknown authority
PLAY RECAP *********************************************************************
default : ok=23 changed=5 unreachable=0 failed=1 skipped=6 rescued=0 ignored=0
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
make: *** [up] Error 1
Succesful run
make up
from root
No idea just yet
Lacking HTTP request to verify that presto health checks have passing
status
Add ansible playbook. Example in terraform-nomad-minio module
bump
Update, new features, stability improvements
I suggest we move the whole generation of secrets used in the module over to the module itself, and remove it from the ansible scripts. The ansible scripts are not part of the module, meaning anyone using our module would need to create secrets in their vault before using this. We could still keep all the funtionality we have now, of being able to use user-provided secrets, as well as setting a custom path to the vault secrets, but also bundle in a creation and usage of secrets in vault with the module itself.
User experience
Take this part, and convert it to terraform code
https://github.com/fredrikhgrelland/terraform-nomad-presto/blob/6fbb7ae2e50cd6c06fab59526ef6a103872aaaae/dev/ansible/00_generate_secrets_vault.yml#L1-L10
Using the vault provider
Ansible code to generate secrets is moved into the terraform code in the module itself
All existing features are kept
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.