YCDOCIO-3558: Updated Terraform manifests (#255)

* YCDOCIO-3558: Updated Terraform manifests * YCDOCIO-3558: Grammatical edits
yandex-cloud · May 23, 2024 · e60e7e4 · e60e7e4
1 parent 0730e07
commit e60e7e4
Show file tree

Hide file tree

Showing 2 changed files with 110 additions and 77 deletions.
diff --git a/tutorials/terraform/sqoop/clusters-mysql-data-proc-and-vm.tf b/tutorials/terraform/sqoop/clusters-mysql-data-proc-and-vm.tf
@@ -1,25 +1,28 @@
-# Infrastructure for the Yandex Cloud Managed Service for MySQL® cluster.
+# Infrastructure for the Yandex Cloud Managed Service for MySQL® cluster, Data Proc cluster, and Virtual Machine
 #
-# RU: https://cloud.yandex.ru/docs/managed-mysql/tutorials/sqoop
+# RU: https://yandex.cloud/ru/docs/managed-mysql/tutorials/sqoop
+# EN: https://yandex.cloud/en/docs/managed-mysql/tutorials/sqoop
 #
-# Set the configuration of the Managed Service for MySQL® cluster, Managed Service for Data Proc cluster, and Virtual machine:
+# Set the configuration of the Managed Service for MySQL® cluster, Managed Service for Data Proc cluster, and Virtual Machine:
 locals {
-  folder_id           = ""      # Your folder ID.
-  network_id          = ""      # Network ID for the Managed Service for MySQL® cluster, Data Proc cluster, and VM.
-  subnet_id           = ""      # Subnet ID (enable NAT for this subnet).
-  storage_sa_id       = ""      # Service account ID for creating a bucket in Object Storage.
-  data_proc_sa        = ""      # Set a Data Proc service account name. It must be unique in the folder.
-  my_cluster_version  = "8.0"   # Set the MySQL® version: 5.7 or 8.0.
-  my_cluster_db       = "db1"   # Set a database name.
-  my_cluster_username = "user1" # Set a database owner name.
-  my_cluster_password = ""      # Set a database owner password.
-  vm_image_id         = ""      # Set a public image ID from https://cloud.yandex.com/en/docs/compute/operations/images-with-pre-installed-software/get-list.
-  vm_username         = ""      # Set a username for VM. Images with Ubuntu Linux use the username `ubuntu` by default.
-  vm_public_key       = ""      # Set a full path to the SSH public key for VM.
-  bucket_name         = ""      # Set an Object Storage bucket name. It must be unique throughout Object Storage.
-  dp_public_key       = ""      # Set a full path to SSH public key for the Data Proc Cluster.
+  folder_id           = ""      # Your folder ID
+  network_id          = ""      # Network ID for the Managed Service for MySQL® cluster, Data Proc cluster, and VM
+  subnet_id           = ""      # Subnet ID (enable NAT for this subnet)
+  storage_sa_id       = ""      # Service account ID for creating a bucket in Object Storage
+  data_proc_sa        = ""      # Data Proc service account name. It must be unique in the folder.
+  my_cluster_version  = "8.0"   # MySQL® version: 5.7 or 8.0
+  my_cluster_db       = "db1"   # Database name
+  my_cluster_username = "user1" # Database owner's name
+  my_cluster_password = ""      # Database owner's password
+  vm_image_id         = ""      # Public image ID from https://yandex.cloud/en/docs/compute/operations/images-with-pre-installed-software/get-list
+  vm_username         = ""      # Username for VM. Images with Ubuntu Linux use the `ubuntu` username by default.
+  vm_public_key       = ""      # Full path to the SSH public key for VM
+  bucket_name         = ""      # Object Storage bucket name. It must be unique throughout Object Storage.
+  dp_public_key       = ""      # Full path to the SSH public key for the Data Proc Cluster
 }
 
+# Security groups for the Managed Service for MySQL® cluster, Data Proc cluster, and VM
+
 resource "yandex_vpc_security_group" "cluster-security-group" {
   description = "Security group for the Managed Service for MySQL® cluster"
   network_id  = local.network_id
@@ -80,12 +83,14 @@ resource "yandex_vpc_security_group" "data-proc-security-group" {
   }
 }
 
+# The service account for the Data Proc cluster
+
 resource "yandex_iam_service_account" "data-proc-sa" {
   description = "Service account to manage the Data Proc cluster"
   name        = local.data_proc_sa
 }
 
-# Assign the `dataproc.agent` role to the service account.
+# Assign the `dataproc.agent` role to the service account
 resource "yandex_resourcemanager_folder_iam_binding" "dataproc-agent" {
   folder_id = local.folder_id
   role      = "dataproc.agent"
@@ -94,7 +99,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "dataproc-agent" {
   ]
 }
 
-# Assign the `dataproc.provisioner` role to the service account.
+# Assign the `dataproc.provisioner` role to the service account
 resource "yandex_resourcemanager_folder_iam_binding" "dataproc-provisioner" {
   folder_id = local.folder_id
   role      = "dataproc.provisioner"
@@ -103,7 +108,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "dataproc-provisioner" {
   ]
 }
 
-# Assign the `monitoring-viewer` role to the service account.
+# Assign the `monitoring-viewer` role to the service account
 resource "yandex_resourcemanager_folder_iam_binding" "monitoring-viewer" {
   folder_id = local.folder_id
   role      = "monitoring.viewer"
@@ -112,7 +117,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "monitoring-viewer" {
   ]
 }
 
-# Assign the `storage.viewer` role to the service account.
+# Assign the `storage.viewer` role to the service account
 resource "yandex_resourcemanager_folder_iam_binding" "bucket-viewer" {
   folder_id = local.folder_id
   role      = "storage.viewer"
@@ -121,7 +126,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "bucket-viewer" {
   ]
 }
 
-# Assign the `storage.uploader` role to the service account.
+# Assign the `storage.uploader` role to the service account
 resource "yandex_resourcemanager_folder_iam_binding" "bucket-uploader" {
   folder_id = local.folder_id
   role      = "storage.uploader"
@@ -130,6 +135,8 @@ resource "yandex_resourcemanager_folder_iam_binding" "bucket-uploader" {
   ]
 }
 
+# Infrastructure for the Managed Service for MySQL cluster
+
 resource "yandex_mdb_mysql_cluster" "mysql-cluster" {
   description        = "Managed Service for MySQL® cluster"
   name               = "mysql-cluster"
@@ -144,25 +151,34 @@ resource "yandex_mdb_mysql_cluster" "mysql-cluster" {
     disk_size          = "10" # GB
   }
 
-  database {
-    name = local.my_cluster_db
-  }
-
-  user {
-    name     = local.my_cluster_username
-    password = local.my_cluster_password
-    permission {
-      database_name = local.my_cluster_db
-      roles         = ["ALL"]
-    }
-  }
-
   host {
     zone      = "ru-central1-a"
     subnet_id = local.subnet_id
   }
 }
 
+# Database of the Managed Service for MySQL cluster
+resource "yandex_mdb_mysql_database" "db1" {
+  cluster_id = yandex_mdb_mysql_cluster.mysql-cluster.id
+  name       = local.my_cluster_db
+}
+
+# User of the Managed Service for MySQL cluster
+resource "yandex_mdb_mysql_user" "user1" {
+  cluster_id = yandex_mdb_mysql_cluster.mysql-cluster.id
+  name       = local.my_cluster_username
+  password   = local.my_cluster_password
+  permission {
+    database_name = yandex_mdb_mysql_database.db1.name
+    roles         = ["ALL"]
+  }
+  depends_on = [
+    yandex_mdb_mysql_database.db1
+  ]
+}
+
+# VM infrastructure
+
 resource "yandex_compute_instance" "vm-linux" {
   description = "Virtual Machine in Yandex Compute Cloud"
   name        = "vm-linux"
@@ -182,7 +198,7 @@ resource "yandex_compute_instance" "vm-linux" {
 
   network_interface {
     subnet_id = local.subnet_id
-    nat       = true # Required for connection from the Internet.
+    nat       = true # Required for connection from the Internet
 
     security_group_ids = [
       yandex_vpc_security_group.vm-security-group.id,
@@ -191,12 +207,14 @@ resource "yandex_compute_instance" "vm-linux" {
   }
 
   metadata = {
-    ssh-keys = "${local.vm_username}:${file(local.vm_public_key)}" # Username and SSH public key full path.
+    ssh-keys = "${local.vm_username}:${file(local.vm_public_key)}" # Username and the SSH public key full path
   }
 }
 
+# Infrastructure for the Object Storage bucket
+
 resource "yandex_iam_service_account_static_access_key" "bucket-key" {
-  description        = "Object Storage bucket static key"
+  description        = "Static key for the Object Storage bucket"
   service_account_id = local.storage_sa_id
 }
 
@@ -207,6 +225,8 @@ resource "yandex_storage_bucket" "storage-bucket" {
   secret_key = yandex_iam_service_account_static_access_key.bucket-key.secret_key
 }
 
+# Infrastructure for the Data Proc cluster
+
 resource "yandex_dataproc_cluster" "my-dp-cluster" {
   description        = "Data Proc cluster"
   depends_on         = [yandex_resourcemanager_folder_iam_binding.dataproc-agent]

diff --git a/tutorials/terraform/sqoop/clusters-postgresql-data-proc-and-vm.tf b/tutorials/terraform/sqoop/clusters-postgresql-data-proc-and-vm.tf
@@ -1,25 +1,28 @@
-# Infrastructure for the Yandex Cloud Managed Service for PostgreSQL cluster.
+# Infrastructure for the Yandex Cloud Managed Service for PostgreSQL cluster, Data Proc cluster, and Virtual Machine
 #
-# RU: https://cloud.yandex.ru/docs/managed-postgresql/tutorials/sqoop
+# RU: https://yandex.cloud/ru/docs/managed-postgresql/tutorials/sqoop
+# EN: https://yandex.cloud/en/docs/managed-postgresql/tutorials/sqoop
 #
-# Set the configuration of the Managed Service for PostgreSQL cluster, Managed Service for Data Proc cluster, and Virtual machine:
+# Set the configuration of the Managed Service for PostgreSQL cluster, Managed Service for Data Proc cluster, and Virtual Machine:
 locals {
-  folder_id           = ""      # Your folder ID.
-  network_id          = ""      # Network ID for the Managed Service for PostgreSQL cluster, Data Proc cluster, and VM.
-  subnet_id           = ""      # Subnet ID (enable NAT for this subnet).
-  storage_sa_id       = ""      # Service account ID for creating a bucket in Object Storage.
-  data_proc_sa        = ""      # Set a Data Proc service account name. It must be unique in the folder.
-  pg_cluster_version  = "14"    # Set the PostgreSQL version.See the complete list of supported versions in https://cloud.yandex.com/en/docs/managed-postgresql/.
-  pg_cluster_db       = "db1"   # Set a database name.
-  pg_cluster_username = "user1" # Set a database owner name.
-  pg_cluster_password = ""      # Set a database owner password.
-  vm_image_id         = ""      # Set a public image ID from https://cloud.yandex.com/en/docs/compute/operations/images-with-pre-installed-software/get-list.
-  vm_username         = ""      # Set a username for VM. Images with Ubuntu Linux use the username `ubuntu` by default.
-  vm_public_key       = ""      # Set a full path to the SSH public key for VM.
-  bucket_name         = ""      # Set an Object Storage bucket name. It must be unique throughout Object Storage.
-  dp_public_key       = ""      # Set a full path to SSH public key for the Data Proc Cluster.
+  folder_id           = ""      # Your folder ID
+  network_id          = ""      # Network ID for the Managed Service for PostgreSQL cluster, Data Proc cluster, and VM
+  subnet_id           = ""      # Subnet ID (enable NAT for this subnet)
+  storage_sa_id       = ""      # Service account ID for creating a bucket in Object Storage
+  data_proc_sa        = ""      # Data Proc service account name. It must be unique in the folder.
+  pg_cluster_version  = "14"    # PostgreSQL version. See the complete list of supported versions in https://yandex.cloud/en/docs/managed-postgresql/.
+  pg_cluster_db       = "db1"   # Database name
+  pg_cluster_username = "user1" # Database owner's name
+  pg_cluster_password = ""      # Database owner's password
+  vm_image_id         = ""      # Public image ID from https://yandex.cloud/en/docs/compute/operations/images-with-pre-installed-software/get-list
+  vm_username         = ""      # Username for VM. Images with Ubuntu Linux use the `ubuntu` username by default.
+  vm_public_key       = ""      # Full path to the SSH public key for VM
+  bucket_name         = ""      # Object Storage bucket name. It must be unique throughout Object Storage.
+  dp_public_key       = ""      # Full path to the SSH public key for the Data Proc Cluster
 }
 
+# Security groups for the Managed Service for PostgreSQL cluster, Data Proc cluster, and VM
+
 resource "yandex_vpc_security_group" "cluster-security-group" {
   description = "Security group for the Managed Service for PostgreSQL cluster"
   network_id  = local.network_id
@@ -80,12 +83,14 @@ resource "yandex_vpc_security_group" "data-proc-security-group" {
   }
 }
 
+# The service account for the Data Proc cluster
+
 resource "yandex_iam_service_account" "data-proc-sa" {
   description = "Service account to manage the Data Proc cluster"
   name        = local.data_proc_sa
 }
 
-# Assign the `dataproc.agent` role to the service account.
+# Assign the `dataproc.agent` role to the service account
 resource "yandex_resourcemanager_folder_iam_binding" "dataproc-agent" {
   folder_id = local.folder_id
   role      = "dataproc.agent"
@@ -94,7 +99,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "dataproc-agent" {
   ]
 }
 
-# Assign the `dataproc.provisioner` role to the service account.
+# Assign the `dataproc.provisioner` role to the service account
 resource "yandex_resourcemanager_folder_iam_binding" "dataproc-provisioner" {
   folder_id = local.folder_id
   role      = "dataproc.provisioner"
@@ -103,7 +108,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "dataproc-provisioner" {
   ]
 }
 
-# Assign the `monitoring-viewer` role to the service account.
+# Assign the `monitoring-viewer` role to the service account
 resource "yandex_resourcemanager_folder_iam_binding" "monitoring-viewer" {
   folder_id = local.folder_id
   role      = "monitoring.viewer"
@@ -112,7 +117,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "monitoring-viewer" {
   ]
 }
 
-# Assign the `storage.viewer` role to the service account.
+# Assign the `storage.viewer` role to the service account
 resource "yandex_resourcemanager_folder_iam_binding" "bucket-viewer" {
   folder_id = local.folder_id
   role      = "storage.viewer"
@@ -121,7 +126,7 @@ resource "yandex_resourcemanager_folder_iam_binding" "bucket-viewer" {
   ]
 }
 
-# Assign the `storage.uploader` role to the service account.
+# Assign the `storage.uploader` role to the service account
 resource "yandex_resourcemanager_folder_iam_binding" "bucket-uploader" {
   folder_id = local.folder_id
   role      = "storage.uploader"
@@ -130,6 +135,8 @@ resource "yandex_resourcemanager_folder_iam_binding" "bucket-uploader" {
   ]
 }
 
+# Infrastructure for the Managed Service for PostgreSQL cluster
+
 resource "yandex_mdb_postgresql_cluster" "postgresql-cluster" {
   description        = "Managed Service for PostgreSQL cluster"
   name               = "postgresql-cluster"
@@ -146,26 +153,28 @@ resource "yandex_mdb_postgresql_cluster" "postgresql-cluster" {
     }
   }
 
-  database {
-    name  = local.pg_cluster_db
-    owner = local.pg_cluster_username
-  }
-
-  user {
-    name     = local.pg_cluster_username
-    password = local.pg_cluster_password
-
-    permission {
-      database_name = local.pg_cluster_db
-    }
-  }
-
   host {
     zone      = "ru-central1-a"
     subnet_id = local.subnet_id
   }
 }
 
+# Database of the Managed Service for PostgreSQL cluster
+resource "yandex_mdb_postgresql_database" "db1" {
+  cluster_id = yandex_mdb_postgresql_cluster.postgresql-cluster.id
+  name       = local.pg_cluster_db
+  owner      = yandex_mdb_postgresql_user.user1.name
+}
+
+# User of the Managed Service for PostgreSQL cluster
+resource "yandex_mdb_postgresql_user" "user1" {
+  cluster_id = yandex_mdb_postgresql_cluster.postgresql-cluster.id
+  name       = local.pg_cluster_username
+  password   = local.pg_cluster_password
+}
+
+# VM infrastructure
+
 resource "yandex_compute_instance" "vm-linux" {
   description = "Virtual Machine in Yandex Compute Cloud"
   name        = "vm-linux"
@@ -185,7 +194,7 @@ resource "yandex_compute_instance" "vm-linux" {
 
   network_interface {
     subnet_id = local.subnet_id
-    nat       = true # Required for connection from the Internet.
+    nat       = true # Required for connection from the Internet
 
     security_group_ids = [
       yandex_vpc_security_group.vm-security-group.id,
@@ -194,12 +203,14 @@ resource "yandex_compute_instance" "vm-linux" {
   }
 
   metadata = {
-    ssh-keys = "${local.vm_username}:${file(local.vm_public_key)}" # Username and SSH public key full path.
+    ssh-keys = "${local.vm_username}:${file(local.vm_public_key)}" # Username and the SSH public key full path
   }
 }
 
+# Infrastructure for the Object Storage bucket
+
 resource "yandex_iam_service_account_static_access_key" "bucket-key" {
-  description        = "Object Storage bucket static key"
+  description        = "Static key for the Object Storage bucket"
   service_account_id = local.storage_sa_id
 }
 
@@ -210,6 +221,8 @@ resource "yandex_storage_bucket" "storage-bucket" {
   secret_key = yandex_iam_service_account_static_access_key.bucket-key.secret_key
 }
 
+# Infrastructure for the Data Proc cluster
+
 resource "yandex_dataproc_cluster" "my-dp-cluster" {
   description        = "Data Proc cluster"
   depends_on         = [yandex_resourcemanager_folder_iam_binding.dataproc-agent]