cloudera-labs
diff --git a/‎public-cloud/aws/terraform/.gitignore
Lines changed: 30 additions & 0 deletions b/‎public-cloud/aws/terraform/.gitignore
Lines changed: 30 additions & 0 deletions
diff --git a/‎public-cloud/aws/terraform/README.md
Lines changed: 93 additions & 0 deletions b/‎public-cloud/aws/terraform/README.md
Lines changed: 93 additions & 0 deletions
diff --git a/‎public-cloud/aws/terraform/ansible-navigator.yml
Lines changed: 53 additions & 0 deletions b/‎public-cloud/aws/terraform/ansible-navigator.yml
Lines changed: 53 additions & 0 deletions
diff --git a/‎public-cloud/aws/terraform/config.yml
Lines changed: 101 additions & 0 deletions b/‎public-cloud/aws/terraform/config.yml
Lines changed: 101 additions & 0 deletions
@@ -0,0 +1,30 @@
+# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ansible-navigator.log
+runs
+context
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# .lock files
+*.terraform.lock.hcl
+
+# .tfvars files
+*.tfvars
@@ -0,0 +1,93 @@
+# CDP Public Cloud - Environment and Data Services Example
+
+Constructs a CDP Public Cloud Environment, Datalake and specified Data Services on AWS.
+
+> Uses the [cdp-tf-quickstarts](https://github.com/cloudera-labs/cdp-tf-quickstarts) Terraform module, called via Ansible, to generate the AWS infrastructure pre-requisite resources and the CDP environment and datalake. The [cloudera.cloud](https://github.com/cloudera-labs/cloudera.cloud) Ansible collection is used to deploy the data services.
+
+> **NOTE:** This deployment example does not use a `definition.yml` based configuration file. Instead a standard Ansible extra vars configuration file is used.
+
+## Requirements
+
+To run, you need:
+
+* Docker (or a Docker alterative)
+* AWS credentials (set via `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` env vars)
+* CDP credentials (set via `CDP_ACCESS_KEY_ID`, `CDP_PRIVATE_KEY` env vars)
+
+## Set Up
+
+First, set up your `ansible-navigator` aka `cdp-navigator` environment -- follow the instructions in the [NAVIGATOR document](https://github.com/cloudera-labs/cldr-runner/blob/main/NAVIGATOR.md) in `cloudera-labs/cldr-runner`.
+
+Then, clone this project and change your working directory.
+
+```bash
+git clone https://github.com/cloudera-labs/cloudera-deploy.git; cd cloudera-deploy/public-cloud/aws/terraform
+```
+
+## Configure
+
+Set the required environment variables:
+
+```bash
+export AWS_ACCESS_KEY_ID=your-aws-access-key-id
+export AWS_SECRET_ACCESS_KEY=your-aws-secret-access-key
+export AWS_SESSION_TOKEN=your-aws-session-token # (optional if using AWS SSO)
+export CDP_ACCESS_KEY_ID=your-cdp-access-key-id
+export CDP_PRIVATE_KEY=your-cdp-private-id
+```
+
+Tweak the `config.yml` parameters to your liking. Notably, you should add and/or change the below parameters. The Data Services configurations (e.g. GPU for CML) can be edited in the config.yml file.
+
+```yaml
+name_prefix:    ex01      # Keep this short (4-7 characters)
+infra_region:   us-east-2 # CSP region for infra
+
+deployment_template: public # Specify the deployment pattern below. Options are public, semi-private or private
+
+# Change data services to enable as required
+enable_cdf: False
+enable_cml: False
+enable_cdw: False
+enable_cde: False
+```
+
+> [!NOTE]
+> You can override these parameters with any typical Ansible _extra variables_ flags, i.e. `-e name_prefix=ex03`. See the [cldr-runner FAQ](https://github.com/cloudera-labs/cldr-runner/blob/main/FAQ.md#how-do-i-add-extra-variables-and-tags-to-ansible-navigator) for details.
+
+### SSH Keys
+
+This definition will create a new SSH keypair on the host of the name `<name_prefix>-ssh-key.{pem,pub}`. This is stored in the `./tf-cdp-env` directory. A AWS Keypair will be created using the generated public key.
+
+## Execute
+
+Then set up the CDP Public Cloud by running the playbook:
+
+```bash
+ansible-navigator run setup.yml -e @./config.yml
+```
+
+> ⏱️ **Note:** The deployment can take up to **60 minutes**.
+
+> ⚠️ **Note:** Since Terraform is used to deploy the Cloudera environment and datalake, caution is advised when cancelling a deployment mid-execution, as it may lead to corruption of the Terraform state file.
+
+### Terraform resource files
+
+The Terraform root module resource files run by the playbook is in the `./tf-cdp-env/` sub-directory.
+
+Standard Terraform commands - e.g. `terraform output`, `terraform console`, can be run from within these directories.
+
+## Tear Down
+
+The cleanup is split into two separate playbooks - one to remove all Data Services and the second to remove the Cloudera Environment and infrastructure.
+
+Tear down data services by running the following command:
+
+```bash
+ansible-navigator run teardown-cdp-ds.yml -e @./config.yml
+```
+
+Tear down the CDP environment and infrastructure by running the command below:
+
+```bash
+ansible-navigator run teardown-cdp-env.yml -e @./config.yml
+```
@@ -0,0 +1,53 @@
+---
+# Copyright 2024 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ansible-navigator:
+  playbook-artifact:
+    save-as: "runs/{playbook_name}-{time_stamp}.json"
+
+  ansible-runner:
+    artifact-dir: runs
+    rotate-artifacts-count: 3
+
+  logging:
+    level: debug
+    append: False
+
+  ansible:
+    inventory:
+      entries:
+        - inventory.yml
+
+  execution-environment:
+    enabled: True
+    environment-variables:
+      pass:
+        - CDP_ACCESS_KEY_ID
+        - CDP_PRIVATE_KEY
+        - AWS_ACCESS_KEY_ID
+        - AWS_SECRET_ACCESS_KEY
+        - AWS_SESSION_TOKEN
+      set:
+        ANSIBLE_CALLBACK_WHITELIST: "ansible.posix.profile_tasks"
+        ANSIBLE_GATHERING: "smart"
+        ANSIBLE_DEPRECATION_WARNINGS: False
+        ANSIBLE_HOST_KEY_CHECKING: False
+        ANSIBLE_SSH_RETRIES: 10
+        ANSIBLE_SSH_CONTROL_PATH: "/dev/shm/cp%%h-%%p-%%r"
+    image: ghcr.io/cloudera-labs/cldr-runner-aws:latest
+    pull:
+      policy: missing
+    container-options:
+      - "--network=host"
@@ -0,0 +1,101 @@
+---
+# Copyright 2024 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Short prefix to append to all resources created
+name_prefix: "<ENTER_VALUE>"                         # str; keep short 4-7 characters
+
+# AWS region for the CDP Public Cloud
+infra_region:  "<ENTER_VALUE>"                       # str; e.g. (us-east-2)
+
+# Tags to apply to resources, examples shown below
+tags:
+  owner: "<ENTER_VALUE>"
+  enddate: "<ENTER_VALUE>"
+
+# CDP Environment Deployment type. Options are public, semi-private and private
+deployment_template: public  
+
+# Limit UI and SSH access to the caller/controller
+# Edit with list of CIDRs if access required from other endpoints
+allowed_cidrs: "{{ lookup('ansible.builtin.url', 'https://api.ipify.org', wantlist=True) | product(['32']) | map('join', '/') | list }}"
+
+# Network connectivity
+ingress_extra_cidrs_and_ports:
+  cidrs: "{{ allowed_cidrs }}"
+  ports: [22, 443]      # Cloud-only access
+
+# Data Services to enable
+enable_cdf: False
+enable_cml: False
+enable_cdw: False
+enable_cde: False
+# NOTE: Data Services configurations (e.g. GPU for CML) can be edited below.
+
+# Data Flow Configurations
+df:
+  nodes_min: 3
+  nodes_max: 20
+  public_loadbalancer: yes
+  loadbalancer_ip_ranges: "{{ ingress_extra_cidrs_and_ports.cidrs }}"
+  k8s_ip_ranges: "{{ ingress_extra_cidrs_and_ports.cidrs }}"
+
+# ML workspace definition
+ml:
+  definitions:
+    - name: "{{ name_prefix }}-default-ml"
+      tls: yes
+      governance: yes
+      metrics: yes
+      monitoring: yes
+      private_cluster: no
+      public_loadbalancer: yes
+      instance_groups:
+        - name: cpu_settings
+          instanceCount: 1
+          instanceType: "m5.2xlarge"
+          instanceTier: "ON_DEMAND"
+          autoscaling:
+            minInstances: 1
+            maxInstances: 3
+            enabled: yes
+          rootVolume:
+            size: 300
+        # Example GPU instance group shown below; Uncomment to use
+        # - name: gpu_settings
+        #   autoscaling:
+        #     maxInstances: 1
+        #     minInstances: 0
+        #   instanceCount: 0
+        #   instanceTier: "ON_DEMAND"
+        #   instanceType: "p2.8xlarge" # AWS
+        #   rootVolume:
+        #     size: 300
+        
+# Data Warehouse Service
+dw:
+  private_loadbalancer: no
+  public_worker_node: yes
+  overlay: yes
+
+# Data Engineering Service
+de:
+  definitions:
+    - name: "{{ name_prefix }}-sandbox-default-de"
+      instanceType: "m5.4xlarge"
+      private_cluster: no
+      public_loadbalancer: yes
+      workload_analytics: yes
+      k8s_ip_ranges: "{{ ingress_extra_cidrs_and_ports.cidrs }}"
+      loadbalancer_ip_ranges: "{{ ingress_extra_cidrs_and_ports.cidrs }}"