本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
使用地形部署 ParallelCluster API
在本教程中,您將定義一個簡單的 Terraform 項目來部署 API。 ParallelCluster
先決條件
已安裝地形 v1.5.7 +。
具有部署 ParallelCluster API 權限的 IAM 角色。請參閱所需的許可。
定義地形專案
創建一個名為的目錄
my-pcluster-api。您建立的所有檔案都會位於此目錄中。
建立檔案
provider.tf以設定提 AWS 供者。provider "aws" { region = var.region profile = var.profile }使用 ParallelCluster模組建立檔案
main.tf以定義資源。module"parallelcluster_pcluster_api"{ source ="aws-tf/parallelcluster/aws//modules/pcluster_api"version ="1.0.0"region = var.region api_stack_name = var.api_stack_name api_version = var.api_version deploy_pcluster_api = true parameters = { EnableIamAdminAccess ="true"} }創建文件
variables.tf以定義可以為此項目注入的變量。variable "region" { description = "The region the ParallelCluster API is deployed in." type = string default = "us-east-1" } variable "profile" { type = string description = "The AWS profile used to deploy the clusters." default = null } variable "api_stack_name" { type = string description = "The name of the CloudFormation stack used to deploy the ParallelCluster API." default = "ParallelCluster" } variable "api_version" { type = string description = "The version of the ParallelCluster API." }建立檔案
terraform.tfvars以設定變數的任意值。下面的文件
us-east-1使用堆棧名稱部署了一個 ParallelCluster API 3.10.0。MyParallelClusterAPI-310您將能夠使用其堆棧名稱引用此 ParallelCluster API 部署。region = "us-east-1" api_stack_name = "MyParallelClusterAPI-310" api_version = "3.10.0"建立檔案
outputs.tf以定義此專案傳回的輸出。output "pcluster_api_stack_outputs" { value = module.parallelcluster_pcluster_api.stack_outputs }項目目錄是:
my-pcluster-api ├── main.tf - Terraform entrypoint to define the resources using the ParallelCluster module. ├── outputs.tf - Defines the outputs returned by Terraform. ├── providers.tf - Configures the AWS provider. ├── terraform.tfvars - Set the arbitrary values for the variables, i.e. region, PCAPI version, PCAPI stack name └── variables.tf - Defines the variables, e.g. region, PCAPI version, PCAPI stack name.
部署 API
若要部署 API,請依序執行標準的地形命令。
建立專案:
terraform init定義部署計劃:
terraform plan -out tfplan部署計劃:
terraform apply tfplan
所需的許可
您需要以下權限才能使用 Terraform 部署 ParallelCluster API:
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudformation:DescribeStacks", "cloudformation:GetTemplate" ], "Resource": "arn:PARTITION:cloudformation:REGION:ACCOUNT:stack/*", "Effect": "Allow", "Sid": "CloudFormationRead" }, { "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:CreateChangeSet" ], "Resource": "arn:PARTITION:cloudformation:REGION:ACCOUNT:stack/MyParallelClusterAPI*", "Effect": "Allow", "Sid": "CloudFormationWrite" }, { "Action": [ "cloudformation:CreateChangeSet" ], "Resource": [ "arn:PARTITION:cloudformation:REGION:aws:transform/Include", "arn:PARTITION:cloudformation:REGION:aws:transform/Serverless-2016-10-31" ], "Effect": "Allow", "Sid": "CloudFormationTransformWrite" }, { "Action": [ "s3:GetObject" ], "Resource": [ "arn:PARTITION:s3:::*-aws-parallelcluster/parallelcluster/*/api/ParallelCluster.openapi.yaml", "arn:PARTITION:s3:::*-aws-parallelcluster/parallelcluster/*/layers/aws-parallelcluster/lambda-layer.zip" ], "Effect": "Allow", "Sid": "S3ParallelClusterArtifacts" }, { "Action": [ "iam:CreateRole", "iam:DeleteRole", "iam:GetRole", "iam:CreatePolicy", "iam:DeletePolicy", "iam:GetPolicy", "iam:GetRolePolicy", "iam:AttachRolePolicy", "iam:DetachRolePolicy", "iam:PutRolePolicy", "iam:DeleteRolePolicy", "iam:ListPolicyVersions" ], "Resource": [ "arn:PARTITION:iam::ACCOUNT:role/*", "arn:PARTITION:iam::ACCOUNT:policy/*" ], "Effect": "Allow", "Sid": "IAM" }, { "Action": [ "iam:PassRole" ], "Resource": [ "arn:PARTITION:iam::ACCOUNT:role/ParallelClusterLambdaRole-*", "arn:PARTITION:iam::ACCOUNT:role/APIGatewayExecutionRole-*" ], "Effect": "Allow", "Sid": "IAMPassRole" }, { "Action": [ "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:PublishLayerVersion", "lambda:DeleteLayerVersion", "lambda:GetLayerVersion", "lambda:TagResource", "lambda:UntagResource" ], "Resource": [ "arn:PARTITION:lambda:REGION:ACCOUNT:layer:PCLayer-*", "arn:PARTITION:lambda:REGION:ACCOUNT:function:*-ParallelClusterFunction-*" ], "Effect": "Allow", "Sid": "Lambda" }, { "Action": [ "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:DescribeLogGroups", "logs:PutRetentionPolicy", "logs:TagLogGroup", "logs:UntagLogGroup" ], "Resource": [ "arn:PARTITION:logs:REGION:ACCOUNT:log-group:/aws/lambda/*-ParallelClusterFunction-*" ], "Effect": "Allow", "Sid": "Logs" }, { "Action": [ "apigateway:DELETE", "apigateway:GET", "apigateway:PATCH", "apigateway:POST", "apigateway:PUT", "apigateway:UpdateRestApiPolicy" ], "Resource": [ "arn:PARTITION:apigateway:REGION::/restapis", "arn:PARTITION:apigateway:REGION::/restapis/*", "arn:PARTITION:apigateway:REGION::/tags/*" ], "Effect": "Allow", "Sid": "APIGateway" } ] }
