b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/hadoop: disable openFirewall by default

Browse source
This commit is contained in:
illustris 2022-01-08 16:19:15 +05:30
parent f6cf1ced33
commit 0f97c9ae82
5 changed files with 56 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/services/cluster/hadoop/hdfs.nix
View file

@ -22,7 +22,7 @@ let
} // (optionalAttrs firewallOption { } // (optionalAttrs firewallOption {
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
default = true; default = false;
description = "Open firewall ports for ${serviceName}."; description = "Open firewall ports for ${serviceName}.";
}; };
}); });

4
nixos/modules/services/cluster/hadoop/yarn.nix
View file

@ -21,7 +21,7 @@ in
inherit restartIfChanged; inherit restartIfChanged;
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
default = true; default = false;
description = '' description = ''
Open firewall ports for resourcemanager Open firewall ports for resourcemanager
''; '';
@ -39,7 +39,7 @@ in
}; };
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
default = true; default = false;
description = '' description = ''
Open firewall ports for nodemanager. Open firewall ports for nodemanager.
Because containers can listen on any ephemeral port, TCP ports 102465535 will be opened. Because containers can listen on any ephemeral port, TCP ports 102465535 will be opened.

45
nixos/tests/hadoop/hadoop.nix
View file

@ -55,14 +55,20 @@ import ../make-test-python.nix ({pkgs, ...}: {
nn1 = {pkgs, options, ...}: { nn1 = {pkgs, options, ...}: {
services.hadoop = { services.hadoop = {
inherit package coreSite hdfsSite; inherit package coreSite hdfsSite;
hdfs.namenode.enable = true; hdfs.namenode = {
enable = true;
openFirewall = true;
};
hdfs.zkfc.enable = true; hdfs.zkfc.enable = true;
}; };
}; };
nn2 = {pkgs, options, ...}: { nn2 = {pkgs, options, ...}: {
services.hadoop = { services.hadoop = {
inherit package coreSite hdfsSite; inherit package coreSite hdfsSite;
hdfs.namenode.enable = true; hdfs.namenode = {
enable = true;
openFirewall = true;
};
hdfs.zkfc.enable = true; hdfs.zkfc.enable = true;
}; };
}; };
@ -70,26 +76,38 @@ import ../make-test-python.nix ({pkgs, ...}: {
jn1 = {pkgs, options, ...}: { jn1 = {pkgs, options, ...}: {
services.hadoop = { services.hadoop = {
inherit package coreSite hdfsSite; inherit package coreSite hdfsSite;
hdfs.journalnode.enable = true; hdfs.journalnode = {
enable = true;
openFirewall = true;
};
}; };
}; };
jn2 = {pkgs, options, ...}: { jn2 = {pkgs, options, ...}: {
services.hadoop = { services.hadoop = {
inherit package coreSite hdfsSite; inherit package coreSite hdfsSite;
hdfs.journalnode.enable = true; hdfs.journalnode = {
enable = true;
openFirewall = true;
};
}; };
}; };
jn3 = {pkgs, options, ...}: { jn3 = {pkgs, options, ...}: {
services.hadoop = { services.hadoop = {
inherit package coreSite hdfsSite; inherit package coreSite hdfsSite;
hdfs.journalnode.enable = true; hdfs.journalnode = {
enable = true;
openFirewall = true;
};
}; };
}; };
dn1 = {pkgs, options, ...}: { dn1 = {pkgs, options, ...}: {
services.hadoop = { services.hadoop = {
inherit package coreSite hdfsSite; inherit package coreSite hdfsSite;
hdfs.datanode.enable = true; hdfs.datanode = {
enable = true;
openFirewall = true;
};
}; };
}; };
@ -98,14 +116,20 @@ import ../make-test-python.nix ({pkgs, ...}: {
services.hadoop = { services.hadoop = {
inherit package coreSite hdfsSite; inherit package coreSite hdfsSite;
yarnSite = options.services.hadoop.yarnSite.default // yarnSiteHA; yarnSite = options.services.hadoop.yarnSite.default // yarnSiteHA;
yarn.resourcemanager.enable = true; yarn.resourcemanager = {
enable = true;
openFirewall = true;
};
}; };
}; };
rm2 = {pkgs, options, ...}: { rm2 = {pkgs, options, ...}: {
services.hadoop = { services.hadoop = {
inherit package coreSite hdfsSite; inherit package coreSite hdfsSite;
yarnSite = options.services.hadoop.yarnSite.default // yarnSiteHA; yarnSite = options.services.hadoop.yarnSite.default // yarnSiteHA;
yarn.resourcemanager.enable = true; yarn.resourcemanager = {
enable = true;
openFirewall = true;
};
}; };
}; };
nm1 = {pkgs, options, ...}: { nm1 = {pkgs, options, ...}: {
@ -113,7 +137,10 @@ import ../make-test-python.nix ({pkgs, ...}: {
services.hadoop = { services.hadoop = {
inherit package coreSite hdfsSite; inherit package coreSite hdfsSite;
yarnSite = options.services.hadoop.yarnSite.default // yarnSiteHA; yarnSite = options.services.hadoop.yarnSite.default // yarnSiteHA;
yarn.nodemanager.enable = true; yarn.nodemanager = {
enable = true;
openFirewall = true;
};
}; };
}; };
}; };

11
nixos/tests/hadoop/hdfs.nix
View file

@ -7,9 +7,13 @@ import ../make-test-python.nix ({...}: {
hdfs = { hdfs = {
namenode = { namenode = {
enable = true; enable = true;
openFirewall = true;
formatOnInit = true; formatOnInit = true;
}; };
httpfs.enable = true; httpfs = {
enable = true;
openFirewall = true;
};
}; };
coreSite = { coreSite = {
"fs.defaultFS" = "hdfs://namenode:8020"; "fs.defaultFS" = "hdfs://namenode:8020";
@ -21,7 +25,10 @@ import ../make-test-python.nix ({...}: {
datanode = {pkgs, ...}: { datanode = {pkgs, ...}: {
services.hadoop = { services.hadoop = {
package = pkgs.hadoop; package = pkgs.hadoop;
hdfs.datanode.enable = true; hdfs.datanode = {
enable = true;
openFirewall = true;
};
coreSite = { coreSite = {
"fs.defaultFS" = "hdfs://namenode:8020"; "fs.defaultFS" = "hdfs://namenode:8020";
"hadoop.proxyuser.httpfs.groups" = "*"; "hadoop.proxyuser.httpfs.groups" = "*";

10
nixos/tests/hadoop/yarn.nix
View file

@ -3,14 +3,20 @@ import ../make-test-python.nix ({...}: {
nodes = { nodes = {
resourcemanager = {pkgs, ...}: { resourcemanager = {pkgs, ...}: {
services.hadoop.package = pkgs.hadoop; services.hadoop.package = pkgs.hadoop;
services.hadoop.yarn.resourcemanager.enable = true; services.hadoop.yarn.resourcemanager = {
enable = true;
openFirewall = true;
};
services.hadoop.yarnSite = { services.hadoop.yarnSite = {
"yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler"; "yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler";
}; };
}; };
nodemanager = {pkgs, ...}: { nodemanager = {pkgs, ...}: {
services.hadoop.package = pkgs.hadoop; services.hadoop.package = pkgs.hadoop;
services.hadoop.yarn.nodemanager.enable = true; services.hadoop.yarn.nodemanager = {
enable = true;
openFirewall = true;
};
services.hadoop.yarnSite = { services.hadoop.yarnSite = {
"yarn.resourcemanager.hostname" = "resourcemanager"; "yarn.resourcemanager.hostname" = "resourcemanager";
"yarn.nodemanager.log-dirs" = "/tmp/userlogs"; "yarn.nodemanager.log-dirs" = "/tmp/userlogs";