You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org
Analytics/Systems/Airflow
WIP documentation page.
See also https://phabricator.wikimedia.org/T272973
Airflow Instances
analytics
Airflow instance owned by the Data / Analytics engineering team.
TODO
analytics-test
Airflow test instance owned by the Data / Analytics engineering team.
| Host | an-test-coord1001.eqiad.wmnet |
| Web UI Port | 8600 |
| Dags | refinery/airflow/dags |
SSH Tunnel to Web UI:
ssh -t -N -L8600:127.0.0.1:8600 an-test-coord1001.eqiad.wmnet
search
TODO
Administration
Creating a new Airflow Instance
In this example, we'll be creating a new Airflow instance named 'test'.
Create the Airflow MySQL Database
You'll need a running MariaDB instance somewhere. If your MariaDB instance is replicated, you'll need to run the GRANT statement on the replicas as well.
CREATE DATABASE airflow_test;
CREATE USER 'airflow_test' IDENTIFIED BY 'password_here';
GRANT ALL PRIVILEGES ON airflow_test.* TO 'airflow_test';
Make sure your MariaDB config sets explicit_defaults_for_timestamp = on. See:
https://airflow.apache.org/docs/apache-airflow/2.1.0/howto/set-up-database.html#setting-up-a-mysql-database
Configure the Airflow instance in Puppet
Add the profile::airflow class to your node's role in Puppet and configure the Airflow instance(s) in your role's hiera.
Let's assume we're adding this instance in a role class role::airflow::test.
class role::airflow::test {
include ::profile::airflow
# profile::kerberos::keytabs is needed if your Airflow
# instance needs to authenticate with Kerberos.
# You'll need to create and configure the keytab for the Airflow instance's
# $service_user we'll set below.
include ::profile::kerberos::keytabs
}
Then, in hieradata/role/common/airflow/test.yaml:
# Set up airflow instances.
profile::airflow::instances:
# airflow@test instance.
test:
# Since we set security: kerberos a keytab must be deployed for the service_user.
service_user: test_user
service_group: test_group
# Set this to true if you want enable alerting for your airflow instance.
monitoring_enabled: false
# Configuration for /srv/airflow-test/airflow.cfg
# Any airflow configs can go here. See:
# https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#webserver
airflow_config:
core:
security: kerberos # you don't need to set this if you don't use Kerberos.
executor: LocalExecutor
# This can be an ERB template that will be rendered in airflow::instance.
# db_user and db_password params should be set in puppet private
# in profile::airflow::instances_secrets.
sql_alchemy_conn: mysql://<%= @db_user %>:<%= @db_password %>@my-db-host.eqiad.wmnet/airflow_analytics?ssl_ca=/etc/ssl/certs/Puppet_Internal_CA.pem
# Make sure the keytab for test_user is deployed via profile::kerberos::keytabs
profile::kerberos::keytabs::keytabs_metadata:
- role: 'test_user'
owner: 'test_user'
group: 'test_group'
filename: 'test_user.keytab'
See Create_a_keytab_for_a_service for instructions on creating keytabs.
Note that we didn't set db_user or db_password. These are secrets and should be set in the operations puppet private repository in the hiera variable profile::airflow::instances_secrets. So, in puppet private in the hieradata/role/common/airflow/test.yaml file:
# Set up airflow instances.
profile::airflow::instances_secrets:
# airflow@test instance.
test:
db_user: airflow_test
db_password: password_here
profile::airflow::instances_secrets will be merged with profile::airflow::instances by the profile::airflow class, and the parameters to airflow::instance will be available for use in the sql_alchemy_conn as an ERb template.
Once this is merged and applied, the node with the role::airflow::test will run the systemd services airflow-scheduler@test, airflow-webserver@test, airflow-kerberos@test, as well as some 'control' systemd services airflow@test and airflow that can be used to manage the Airflow test instance.