错误: Databricks API要求您设置‘`host`’属性
相关问题:Terraform Databricks AWS实例配置文件--“身份验证不是为提供者配置的”
在解决了该问题并继续进行之后,我开始在多个不同的操作(创建databricks实例概要、查询terraform数据源(如databricks_current_user或databricks_spark_version) )上遇到以下错误:
Error: cannot create instance profile: Databricks API (/api/2.0/instance-profiles/add) requires you to set `host` property (or DATABRICKS_HOST env variable) to result of `databricks_mws_workspaces.this.workspace_url`. This error may happen if you're using provider in both normal and multiworkspace mode. Please refactor your code into different modules. Runnable example that we use for integration testing can be found in this repository at https://registry.terraform.io/providers/databrickslabs/databricks/latest/docs/guides/aws-workspace
我能够在Databricks工作区管理控制台中手动创建实例配置文件,并能够在其中创建集群并运行笔记本。
相关守则:
main.tf:
module "create-workspace" {
source = "./modules/create-workspace"
env = var.env
region = var.region
databricks_host = var.databricks_host
databricks_account_username = var.databricks_account_username
databricks_account_password = var.databricks_account_password
databricks_account_id = var.databricks_account_id
}
providers-main.tf:
terraform {
required_version = ">= 1.1.0"
required_providers {
databricks = {
source = "databrickslabs/databricks"
version = "0.4.4"
}
aws = {
source = "hashicorp/aws"
version = ">= 3.49.0"
}
}
}
provider "aws" {
region = var.region
profile = var.aws_profile
}
provider "databricks" {
host = var.databricks_host
token = var.databricks_manually_created_workspace_token
}
modules/create-workspace/providers.tf:
terraform {
required_version = ">= 1.1.0"
required_providers {
databricks = {
source = "databrickslabs/databricks"
version = "0.4.4"
}
aws = {
source = "hashicorp/aws"
version = ">= 3.49.0"
}
}
}
provider "aws" {
region = var.region
profile = var.aws_profile
}
provider "databricks" {
host = var.databricks_host
# token = var.databricks_manually_created_workspace_token - doesn't make a difference switching from username/password to token
username = var.databricks_account_username
password = var.databricks_account_password
account_id = var.databricks_account_id
}
provider "databricks" {
alias = "mws"
# host =
username = var.databricks_account_username
password = var.databricks_account_password
account_id = var.databricks_account_id
}
modules/create-workspace/databricks-workspace.tf:
resource "databricks_mws_credentials" "this" {
provider = databricks.mws
account_id = var.databricks_account_id
role_arn = aws_iam_role.cross_account_role.arn
credentials_name = "${local.prefix}-creds"
depends_on = [aws_iam_role_policy.this]
}
resource "databricks_mws_workspaces" "this" {
provider = databricks.mws
account_id = var.databricks_account_id
aws_region = var.region
workspace_name = local.prefix
deployment_name = local.prefix
credentials_id = databricks_mws_credentials.this.credentials_id
storage_configuration_id = databricks_mws_storage_configurations.this.storage_configuration_id
network_id = databricks_mws_networks.this.network_id
}
modules/create-workspace/IAM.tf:
data "databricks_aws_assume_role_policy" "this" {
external_id = var.databricks_account_id
}
resource "aws_iam_role" "cross_account_role" {
name = "${local.prefix}-crossaccount"
assume_role_policy = data.databricks_aws_assume_role_policy.this.json
}
resource "time_sleep" "wait" {
depends_on = [
aws_iam_role.cross_account_role]
create_duration = "10s"
}
data "databricks_aws_crossaccount_policy" "this" {}
resource "aws_iam_role_policy" "this" {
name = "${local.prefix}-policy"
role = aws_iam_role.cross_account_role.id
policy = data.databricks_aws_crossaccount_policy.this.json
}
data "aws_iam_policy_document" "pass_role_for_s3_access" {
statement {
effect = "Allow"
actions = ["iam:PassRole"]
resources = [aws_iam_role.cross_account_role.arn]
}
}
resource "aws_iam_policy" "pass_role_for_s3_access" {
name = "databricks-shared-pass-role-for-s3-access"
path = "/"
policy = data.aws_iam_policy_document.pass_role_for_s3_access.json
}
resource "aws_iam_role_policy_attachment" "cross_account" {
policy_arn = aws_iam_policy.pass_role_for_s3_access.arn
role = aws_iam_role.cross_account_role.name
}
resource "aws_iam_instance_profile" "shared" {
name = "databricks-shared-instance-profile"
role = aws_iam_role.cross_account_role.name
}
resource "databricks_instance_profile" "shared" {
instance_profile_arn = aws_iam_instance_profile.shared.arn
depends_on = [databricks_mws_workspaces.this]
}回答 1
Stack Overflow用户
发布于 2022-01-21 07:36:10
在这种情况下,问题是需要有两个Databricks提供程序:
- 对于Databricks工作区本身的设置,它使用帐户ID、用户名和密码
- 对于Databricks工作区中的资源配置,它使用了host & token
这些提供程序中的一个需要使用别名来声明,这样Terraform就可以区分彼此。数据库提供程序展示了如何做到这一点的文档。但是问题是Terraform试图尽可能多地并行应用所有更改,因为它不知道资源之间的依赖关系,直到您显式地使用depends_on,并且在它知道Databricks工作区的主机值之前尝试创建Databricks资源(即使它已经创建了)。
不幸的是,不可能将depends_on放入提供者块中。因此,当前避免此类问题的建议是将代码分成几个模块:
- 模块,该模块创建Databricks工作区并返回主机&令牌。
- 模块,该模块创建由接收的主机/令牌初始化提供者的Databricks对象
另外,Terraform doc建议认为提供者的初始化不发生在模块中--最好在顶层模板中声明所有具有别名的提供者,并显式地将提供程序传递给模块(参见下面的示例)。在这种情况下,模块应该只声明所需的模块,而不是它们的配置。
例如,顶层模板可能如下所示:
terraform {
required_version = ">= 1.1.0"
required_providers {
databricks = {
source = "databrickslabs/databricks"
version = "0.4.5"
}
}
}
provider "databricks" {
host = var.databricks_host
token = var.token
}
provider "databricks" {
alias = "mws"
host = "https://accounts.cloud.databricks.com"
username = var.databricks_account_username
password = var.databricks_account_password
account_id = var.databricks_account_id
}
module "workspace" {
source = "./workspace"
providers = {
databricks = databricks.workspace
}}
module "databricks" {
depends_on = [ module.workspace ]
source = "./databricks"
# No provider block required as we're using default provider
}模块本身是这样的:
terraform {
required_version = ">= 1.1.0"
required_providers {
databricks = {
source = "databrickslabs/databricks"
version = ">= 0.4.4"
}
}
}
resource "databricks_cluster" {
...
}https://stackoverflow.com/questions/70688783
复制相似问题
腾讯云开发者
