Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://docs.databricks.com/aws/en/admin/workspace/create-workspace-api below:

Create a workspace using the Account API

This page explains how to use the Workspace APIs to deploy a new workspace in your Databricks account.

To create a Databricks workspace, you must reference the following two configuration objects. You can use existing configurations in your account, or create new ones if needed.

• Storage configuration: Defines and grants Databricks access to the root S3 bucket where workspace assets such as data, libraries, and logs are stored. See Create a storage configuration
• Credential configuration: Grants Databricks permission to deploy resources in your AWS account. See Create a credential configuration.

If you would like to use any of the following features, you must reference specific configuration objects when you deploy your workspace:

• Network configuration: To deploy the workspace in your own VPC (customer-managed VPC), you must reference a network configuration. See Create network configurations for custom VPC deployment.
• Key configuration: To use customer-managed keys to encrypt managed services, workspace storage, or both, you must reference a key configuration. See Configure customer-managed keys for encryption.
• Private access settings To provide private connectivity with AWS PrivateLink, you must reference a private access settings object. See Manage private access settings.

Here is an example CLI command that creates a new workspace:

Bash

databricks account workspaces create --json '{
  "aws_region": "us-west-2",
  "workspace_name": "string",
  "deployment_name": "workspace-1",
  "pricing_tier": "PREMIUM",
  "storage_configuration_id": "b43a6064-04c1-4e1c-88b6-d91e5b136b13",
  "credentials_id": "ccc64f28-ebdc-4c89-add9-5dcb6d7727d8",
  "network_id": "fd0cc5bc-683c-47e9-b15e-144d7744a496",
  "private_access_settings_id": "3b3bbcb5-46bd-4b03-944e-97eb44ed7991",
  "managed_services_customer_managed_key_id": "849b3d6b-e68e-468d-b3e5-deb08b03c56d",
  "storage_customer_managed_key_id": "14138d0f-a575-4ae2-be71-ddfd0b602286",
  "custom_tags": {
    "property1": "string",
    "property2": "string"
  }
}'

• aws_region: The AWS region of the workspace’s compute plane. See Databricks clouds and regions.
• workspace_name: Human-readable name for your workspace. This is the workspace name users see in the Databricks UI.
• deployment_name: (Recommended but optional) Unique deployment name for your workspace. For details, see the Workspace API reference.
• custom_tags: Key-value pairs that act as metadata for organizing resources. Tags can help to manage, identify, organize, search, and filter resources, as well as monitor cost and attribute usage.
• pricing_tier: The pricing tier of the workspace. PREMIUM, ENTERPRISE, or COMMUNITY_EDITION
• storage_configuration_id: Your storage configuration ID, which represents your root S3 bucket. Use an existing configuration or create a new storage configuration.
• credentials_id: Your credential configuration ID. Use an existing configuration or create a new credential configuration.

Use the following optional parameters to configure networking and security features in your workspace:

• network_id: The network configuration ID. Required when deploying the workspace in a customer-managed VPC. See Create network configurations for custom VPC deployment.
• private_access_settings_id: The ID of the private access settings object used to enable AWS PrivateLink. See Manage private access settings. Required for PrivateLink access for all connection types (front-end, back-end, or both). Must be configured when you deploy the workspace.
• managed_services_customer_managed_key_id: The key configuration ID for managed services, which is the customer_managed_key_id field from a key configuration object. Used to encrypt managed services such as notebook and secret data in the control plane. If you are encrypting both managed services and workspace storage, use the same ID in the storage_customer_managed_key_id field. Must be configured when you deploy the workspace. See Customer-managed keys for managed services.
• storage_customer_managed_key_id: The key configuration ID for workspace storage, which is the customer_managed_key_id field from the key configuration object. If you are encrypting both managed services and workspace storage, use the same ID in the managed_services_customer_managed_key_id field. Used only to encrypt workspace storage. Must be configured when you deploy the workspace. See Customer-managed keys for workspace storage.

After you call the create workspace API, you will receive a response similar to the following:

JSON

{
  "account_id": "449e7a5c-69d3-4b8a-aaaf-5c9b713ebc65",
  "aws_region": "string",
  "creation_time": 0,
  "credentials_id": "c7814269-df58-4ca3-85e9-f6672ef43d77",
  "custom_tags": {
    "property1": "string",
    "property2": "string"
  },
  "deployment_name": "string",
  "managed_services_customer_managed_key_id": "faacdc79-6530-4583-a154-5d427a663e53",
  "network_id": "d6797cf4-42b9-4cad-8591-9dd91c3f0fc3",
  "pricing_tier": "PREMIUM",
  "private_access_settings_id": "3b3bbcb5-46bd-4b03-944e-97eb44ed7991",
  "storage_configuration_id": "04aae505-1b1e-4cb9-997d-e1c49282675d",
  "storage_customer_managed_key_id": "14138d0f-a575-4ae2-be71-ddfd0b602286",
  "workspace_id": 1614665312930232,
  "workspace_name": "string",
  "workspace_status": "PROVISIONING",
  "workspace_status_message": "Workspace resources are being set up."
}

If you receive an error when creating your workspace, see Troubleshoot workspace creation errors.

To check workspace status, call the get workspace API.

Use the workspace_id value from the JSON response returned when you created the workspace.

In the response, possible workspace_status values are:

• NOT_PROVISIONED:  Not yet provisioned.
• PROVISIONING: Still provisioning. Wait a few minutes and repeat this API request.
• RUNNING: Successful deployment and now running.
• FAILED: Failed deployment.
• BANNED: Banned.
• CANCELLING: In process of cancellation.

See Troubleshoot workspace creation errors for how to handle unsuccessful status values.

For example:

Bash

curl -X GET
'https://accounts.cloud.databricks.com/api/2.0/accounts/<databricks-account-id>/workspaces/<databricks-workspace-id>' \
  --header 'Authorization: Bearer $OAUTH_TOKEN'

Response:

JSON

{
  "workspace_id": 123456789,
  "workspace_name": "my-company-example",
  "aws_region": "us-west-2",
  "creation_time": 1579768294842,
  "deployment_name": "my-company-example",
  "workspace_status": "RUNNING",
  "account_id": "<databricks-account-id>",
  "credentials_id": "<aws-credentials-id>",
  "storage_configuration_id": "<databricks-storage-config-id>",
  "workspace_status_message": "Workspace is running.",
  "network_id": "339f16b9-b8a3-4d50-9d1b-7e29e49448c3",
  "managed_services_customer_managed_key_id": "<aws-kms-managed-services-key-id>",
  "storage_customer_managed_key_id": "<aws-kms-notebook-workspace-storage-id>",
  "pricing_tier": "ENTERPRISE"
}

In this example, the workspace status (workspace_status) is set to RUNNING, so it was successful. If it is PROVISIONING, repeat this API request until it succeeds.

The pricing tier defaults to the plan associated with your account. See AWS platform tiers.

Test your new workspace after its status is RUNNING:

• User interface login on the new workspace — Confirm you can log in to the web application at URL https://<deployment-name>.cloud.databricks.com. For example, if the deployment name you specified during workspace creation is ABCSales, your workspace URL is https://abcsales.cloud.databricks.com. Log in using your account username.

• REST API login on the new workspace — Confirm that you can access the REST API. The following example calls the Workspace Users API to get a list of users.

  Bash

  curl  -u <user-name> -X GET 'https://<deployment-name>.cloud.databricks.com/api/2.0/scim/v2/Users' \
  --header 'Authorization: Bearer $OAUTH_TOKEN'
  

  For more information about using Databricks REST APIs, including other authentication options, see the Workspace API.

This step is necessary only if you are configuring AWS PrivateLink.

After workspace creation:

1. If you are implementing a front-end PrivateLink connection, implement relevant DNS configuration changes as described in Step 5: Configure internal DNS to redirect user requests to the web application.
2. Optionally create other VPC endpoints, as described in Step 5: Add VPC endpoints for other AWS services.

You might want to consider these optional configuration steps for your new workspace.

Configure which IP addresses can connect to the web application, REST APIs, JDBC/ODBC endpoints, and DBConnect. You can specify allow lists and block lists as IP addresses or ranges. See Configure IP access lists for workspaces.

Databricks strongly recommends that you enable the audit log system table to monitor the activities performed and usage incurred by your Databricks users. Your workspace must have Unity Catalog enabled. See Monitor account activity with system tables for instructions.

The following sections provide solutions for common workspace creation errors.

When Databricks creates a VPC on your behalf, you must have at least one unused Elastic IP. Otherwise, the VPC isn't created and the following error occurs:

Console

The maximum number of addresses has been reached.

Increase the number of Elastic IPs and try again.

For all workspace creation errors, try the following troubleshooting steps in the order provided.

If the workspace creation or status check steps indicate a network-related error, call the get network configuration API to ensure that the network settings are correct.

In the response, view the warning_messages error_messages fields. If both arrays are empty, there are no warnings or errors.

Otherwise, review the warnings and error JSON objects carefully:

• For warnings, the warning_type enumeration indicates that the problem was with either a subnet or security group. The warning_message provides additional details. Be aware that if you have a firewall or NAT instance (instead of a NAT gateway), the network validation always issues a warning.
• For errors, the error_type enumeration indicates that the problem was with either credentials, VPC, subnet, security group, or network ACL. The error_message provides additional details.

Depending on the errors in the response to the get network configuration API API request, confirm that:

• Your security group complies with the customer-managed VPC requirements.
• Your cross-account IAM policy includes the required permissions. See Create an IAM role for workspace deployment for the policy to use for your deployment type.

To update the failed workspace, call the Update workspace API.

note

You can use the same API to update a running (successfully deployed) workspace but you only can change the credential and network configurations.

You can pass these workspace configuration fields to change them: credentials_id, storage_configuration_id, network_id, managed_services_customer_managed_key_id, and storage_customer_managed_key_id.

If the workspace_status value returns PROVISIONING, keep checking for RUNNING state using the get workspace API.

If the update workspace API doesn't work, you must delete and recreate the network (if you provided your own VPC) and the failed workspace in the following order.

1. Delete the workspace using the delete workspace API.

2. If you provided your own VPC, delete the network configuration using the delete network configuration API.

3. Recreate the network using the correct values for vpc_id, subnet_ids and security_group_ids.

4. Recreate the workspace using the correct values for credentials_id, storage_configuration_id, network_id, managed_services_customer_managed_key_id, and storage_customer_managed_key_id.

   If you get the workspace_status value PROVISIONING, keep checking for RUNNING state using the get workspace API.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4