diff --git a/nixos/modules/services/cluster/hadoop/hdfs.nix b/nixos/modules/services/cluster/hadoop/hdfs.nix index 71bd4478670..451e74df712 100644 --- a/nixos/modules/services/cluster/hadoop/hdfs.nix +++ b/nixos/modules/services/cluster/hadoop/hdfs.nix @@ -22,7 +22,7 @@ let } // (optionalAttrs firewallOption { openFirewall = mkOption { type = types.bool; - default = true; + default = false; description = "Open firewall ports for ${serviceName}."; }; }); diff --git a/nixos/modules/services/cluster/hadoop/yarn.nix b/nixos/modules/services/cluster/hadoop/yarn.nix index cc42d8f388a..90ae75a44b7 100644 --- a/nixos/modules/services/cluster/hadoop/yarn.nix +++ b/nixos/modules/services/cluster/hadoop/yarn.nix @@ -21,7 +21,7 @@ in inherit restartIfChanged; openFirewall = mkOption { type = types.bool; - default = true; + default = false; description = '' Open firewall ports for resourcemanager ''; @@ -39,7 +39,7 @@ in }; openFirewall = mkOption { type = types.bool; - default = true; + default = false; description = '' Open firewall ports for nodemanager. Because containers can listen on any ephemeral port, TCP ports 1024–65535 will be opened. diff --git a/nixos/tests/hadoop/hadoop.nix b/nixos/tests/hadoop/hadoop.nix index 48737debab5..adc3c9f393c 100644 --- a/nixos/tests/hadoop/hadoop.nix +++ b/nixos/tests/hadoop/hadoop.nix @@ -55,14 +55,20 @@ import ../make-test-python.nix ({pkgs, ...}: { nn1 = {pkgs, options, ...}: { services.hadoop = { inherit package coreSite hdfsSite; - hdfs.namenode.enable = true; + hdfs.namenode = { + enable = true; + openFirewall = true; + }; hdfs.zkfc.enable = true; }; }; nn2 = {pkgs, options, ...}: { services.hadoop = { inherit package coreSite hdfsSite; - hdfs.namenode.enable = true; + hdfs.namenode = { + enable = true; + openFirewall = true; + }; hdfs.zkfc.enable = true; }; }; @@ -70,26 +76,38 @@ import ../make-test-python.nix ({pkgs, ...}: { jn1 = {pkgs, options, ...}: { services.hadoop = { inherit package coreSite hdfsSite; - hdfs.journalnode.enable = true; + hdfs.journalnode = { + enable = true; + openFirewall = true; + }; }; }; jn2 = {pkgs, options, ...}: { services.hadoop = { inherit package coreSite hdfsSite; - hdfs.journalnode.enable = true; + hdfs.journalnode = { + enable = true; + openFirewall = true; + }; }; }; jn3 = {pkgs, options, ...}: { services.hadoop = { inherit package coreSite hdfsSite; - hdfs.journalnode.enable = true; + hdfs.journalnode = { + enable = true; + openFirewall = true; + }; }; }; dn1 = {pkgs, options, ...}: { services.hadoop = { inherit package coreSite hdfsSite; - hdfs.datanode.enable = true; + hdfs.datanode = { + enable = true; + openFirewall = true; + }; }; }; @@ -98,14 +116,20 @@ import ../make-test-python.nix ({pkgs, ...}: { services.hadoop = { inherit package coreSite hdfsSite; yarnSite = options.services.hadoop.yarnSite.default // yarnSiteHA; - yarn.resourcemanager.enable = true; + yarn.resourcemanager = { + enable = true; + openFirewall = true; + }; }; }; rm2 = {pkgs, options, ...}: { services.hadoop = { inherit package coreSite hdfsSite; yarnSite = options.services.hadoop.yarnSite.default // yarnSiteHA; - yarn.resourcemanager.enable = true; + yarn.resourcemanager = { + enable = true; + openFirewall = true; + }; }; }; nm1 = {pkgs, options, ...}: { @@ -113,7 +137,10 @@ import ../make-test-python.nix ({pkgs, ...}: { services.hadoop = { inherit package coreSite hdfsSite; yarnSite = options.services.hadoop.yarnSite.default // yarnSiteHA; - yarn.nodemanager.enable = true; + yarn.nodemanager = { + enable = true; + openFirewall = true; + }; }; }; }; diff --git a/nixos/tests/hadoop/hdfs.nix b/nixos/tests/hadoop/hdfs.nix index b63cbf48032..c5aee0d5ee7 100644 --- a/nixos/tests/hadoop/hdfs.nix +++ b/nixos/tests/hadoop/hdfs.nix @@ -7,9 +7,13 @@ import ../make-test-python.nix ({...}: { hdfs = { namenode = { enable = true; + openFirewall = true; formatOnInit = true; }; - httpfs.enable = true; + httpfs = { + enable = true; + openFirewall = true; + }; }; coreSite = { "fs.defaultFS" = "hdfs://namenode:8020"; @@ -21,7 +25,10 @@ import ../make-test-python.nix ({...}: { datanode = {pkgs, ...}: { services.hadoop = { package = pkgs.hadoop; - hdfs.datanode.enable = true; + hdfs.datanode = { + enable = true; + openFirewall = true; + }; coreSite = { "fs.defaultFS" = "hdfs://namenode:8020"; "hadoop.proxyuser.httpfs.groups" = "*"; diff --git a/nixos/tests/hadoop/yarn.nix b/nixos/tests/hadoop/yarn.nix index 09bdb35791c..fbf05b19cd2 100644 --- a/nixos/tests/hadoop/yarn.nix +++ b/nixos/tests/hadoop/yarn.nix @@ -3,14 +3,20 @@ import ../make-test-python.nix ({...}: { nodes = { resourcemanager = {pkgs, ...}: { services.hadoop.package = pkgs.hadoop; - services.hadoop.yarn.resourcemanager.enable = true; + services.hadoop.yarn.resourcemanager = { + enable = true; + openFirewall = true; + }; services.hadoop.yarnSite = { "yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler"; }; }; nodemanager = {pkgs, ...}: { services.hadoop.package = pkgs.hadoop; - services.hadoop.yarn.nodemanager.enable = true; + services.hadoop.yarn.nodemanager = { + enable = true; + openFirewall = true; + }; services.hadoop.yarnSite = { "yarn.resourcemanager.hostname" = "resourcemanager"; "yarn.nodemanager.log-dirs" = "/tmp/userlogs";