Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature to support provisioning of Azure Files NFS for CML at runtime #39

Merged
merged 15 commits into from
Oct 30, 2023
Merged

Feature to support provisioning of Azure Files NFS for CML at runtime #39

merged 15 commits into from
Oct 30, 2023

Conversation

tush4hworks
Copy link
Contributor

See detailed explanation in README.md

Provisions a storage account with Premium Tier and Disabled Https traffic only. Creates a NFS file share of 100 GB in the storage account Creates a private dns zone of type privatelink.file.core.windows.net Creates a VNET link between CDP workload VNET and private DNS zone Creates a private endpoint for NFS Storage Account (File sub-resource) for one of the subnets in the CDP VNET - this should be extended to all subnets for CML. Creates a public IP , security group allowing port 22 from everywhere Creates a ubuntu VM with public IP, security group in the CDP VNET to which private endpoint was created.

@tush4hworks
Copy link
Contributor Author

Plan

module.ex01_nfs_filesahre.data.azurerm_virtual_network.nfs_vnet: Reading...
module.ex01_nfs_filesahre.data.azurerm_subnet.nfs_subnet: Reading...
module.ex01_nfs_filesahre.data.azurerm_virtual_network.nfs_vnet: Read complete after 5s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/virtualNetworks/e2eazp1-tf-net]
module.ex01_nfs_filesahre.data.azurerm_subnet.nfs_subnet: Read complete after 5s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/virtualNetworks/e2eazp1-tf-net/subnets/e2eazp1-tf-sbnt-02]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.ex01_nfs_filesahre.azurerm_linux_virtual_machine.nfs_vm will be created
  + resource "azurerm_linux_virtual_machine" "nfs_vm" {
      + admin_username                                         = "adminuser"
      + allow_extension_operations                             = true
      + bypass_platform_safety_checks_on_user_schedule_enabled = false
      + computer_name                                          = (known after apply)
      + disable_password_authentication                        = true
      + extensions_time_budget                                 = "PT1H30M"
      + id                                                     = (known after apply)
      + location                                               = "francecentral"
      + max_bid_price                                          = -1
      + name                                                   = "azbnknfsvm"
      + network_interface_ids                                  = (known after apply)
      + patch_assessment_mode                                  = "ImageDefault"
      + patch_mode                                             = "ImageDefault"
      + platform_fault_domain                                  = -1
      + priority                                               = "Regular"
      + private_ip_address                                     = (known after apply)
      + private_ip_addresses                                   = (known after apply)
      + provision_vm_agent                                     = true
      + public_ip_address                                      = (known after apply)
      + public_ip_addresses                                    = (known after apply)
      + resource_group_name                                    = "e2eazp1-tf-rmgp"
      + size                                                   = "Standard_F2"
      + virtual_machine_id                                     = (known after apply)

      + admin_ssh_key {
          + public_key = <<-EOT
                ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWW7HfwYMrzlWCx6qHzHd42cUr5d6EEdIRB8rNczHE5+AIumGanJcbJnWNjgNNQJjzDramUP0vEMuTer/gQqZhrAvTVVPATh4BGZRpGQYb62VGw/d8N7JGCQJCO73/NC4AnilD+hHpaEgY6v8uK421XN63ZRyWugR+QdwdUCyq2EyOIC6xNSqLPP+6KQscDTEdkva8mPw2c6BARARVZP/Z91KeO8qUA0JEj1bjajF6yRiI38npwDklGlGMdfuUNDGq8bhP3wEQiMHCdPc3R2z5TQ73GMVfxKEZOZSXPHdbnmKqXGQuGmcMYsmEQDJzssmQ+om2Vao2ORFvtimsd7nqAjUnvlV7t6UEdGHTJnq21MoTrWS7LuG55Zg9o8Iy8vpT1PwuzSwJaPn4x976tcSFy4JeIl/Zg1Xqynxm+iUwoD6OEKNPRsidlEAk7QiFsBdFLuv5kmarvaQdJhJ2OH1IvSJOwjttrnihBtMAp6HG8PoOSqhHsvFZT+fqw42Znts= [email protected]
            EOT
          + username   = "adminuser"
        }

      + os_disk {
          + caching                   = "ReadWrite"
          + disk_size_gb              = (known after apply)
          + name                      = (known after apply)
          + storage_account_type      = "Standard_LRS"
          + write_accelerator_enabled = false
        }

      + source_image_reference {
          + offer     = "0001-com-ubuntu-server-focal"
          + publisher = "Canonical"
          + sku       = "20_04-lts"
          + version   = "latest"
        }
    }

  # module.ex01_nfs_filesahre.azurerm_network_interface.nfsvm_nic will be created
  + resource "azurerm_network_interface" "nfsvm_nic" {
      + applied_dns_servers           = (known after apply)
      + dns_servers                   = (known after apply)
      + enable_accelerated_networking = false
      + enable_ip_forwarding          = false
      + id                            = (known after apply)
      + internal_dns_name_label       = (known after apply)
      + internal_domain_name_suffix   = (known after apply)
      + location                      = "francecentral"
      + mac_address                   = (known after apply)
      + name                          = "azbnknfsvm-nic"
      + private_ip_address            = (known after apply)
      + private_ip_addresses          = (known after apply)
      + resource_group_name           = "e2eazp1-tf-rmgp"
      + virtual_machine_id            = (known after apply)

      + ip_configuration {
          + gateway_load_balancer_frontend_ip_configuration_id = (known after apply)
          + name                                               = "internal"
          + primary                                            = (known after apply)
          + private_ip_address                                 = (known after apply)
          + private_ip_address_allocation                      = "Dynamic"
          + private_ip_address_version                         = "IPv4"
          + public_ip_address_id                               = (known after apply)
          + subnet_id                                          = "/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/virtualNetworks/e2eazp1-tf-net/subnets/e2eazp1-tf-sbnt-02"
        }
    }

  # module.ex01_nfs_filesahre.azurerm_network_interface_security_group_association.nfsvm_nic_sg will be created
  + resource "azurerm_network_interface_security_group_association" "nfsvm_nic_sg" {
      + id                        = (known after apply)
      + network_interface_id      = (known after apply)
      + network_security_group_id = (known after apply)
    }

  # module.ex01_nfs_filesahre.azurerm_network_security_group.nfsvm_sg will be created
  + resource "azurerm_network_security_group" "nfsvm_sg" {
      + id                  = (known after apply)
      + location            = "francecentral"
      + name                = "azbnknfsvm-sg"
      + resource_group_name = "e2eazp1-tf-rmgp"
      + security_rule       = [
          + {
              + access                                     = "Allow"
              + description                                = ""
              + destination_address_prefix                 = "*"
              + destination_address_prefixes               = []
              + destination_application_security_group_ids = []
              + destination_port_range                     = "22"
              + destination_port_ranges                    = []
              + direction                                  = "Inbound"
              + name                                       = "allowssh"
              + priority                                   = 100
              + protocol                                   = "Tcp"
              + source_address_prefix                      = "*"
              + source_address_prefixes                    = []
              + source_application_security_group_ids      = []
              + source_port_range                          = "*"
              + source_port_ranges                         = []
            },
        ]
    }

  # module.ex01_nfs_filesahre.azurerm_private_dns_zone.nfs_privatednszone will be created
  + resource "azurerm_private_dns_zone" "nfs_privatednszone" {
      + id                                                    = (known after apply)
      + max_number_of_record_sets                             = (known after apply)
      + max_number_of_virtual_network_links                   = (known after apply)
      + max_number_of_virtual_network_links_with_registration = (known after apply)
      + name                                                  = "privatelink.file.core.windows.net"
      + number_of_record_sets                                 = (known after apply)
      + resource_group_name                                   = "e2eazp1-tf-rmgp"
    }

  # module.ex01_nfs_filesahre.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link will be created
  + resource "azurerm_private_dns_zone_virtual_network_link" "nfs_vnet_link" {
      + id                    = (known after apply)
      + name                  = "azbnk_vnetlink"
      + private_dns_zone_name = "privatelink.file.core.windows.net"
      + registration_enabled  = false
      + resource_group_name   = "e2eazp1-tf-rmgp"
      + virtual_network_id    = "/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/virtualNetworks/e2eazp1-tf-net"
    }

  # module.ex01_nfs_filesahre.azurerm_private_endpoint.nfs_private_endpoint will be created
  + resource "azurerm_private_endpoint" "nfs_private_endpoint" {
      + custom_dns_configs       = (known after apply)
      + id                       = (known after apply)
      + location                 = "francecentral"
      + name                     = "azbnk_e2eazp1-tf-sbnt-02_nfs_private_endpoint"
      + network_interface        = (known after apply)
      + private_dns_zone_configs = (known after apply)
      + resource_group_name      = "e2eazp1-tf-rmgp"
      + subnet_id                = "/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/virtualNetworks/e2eazp1-tf-net/subnets/e2eazp1-tf-sbnt-02"

      + private_dns_zone_group {
          + id                   = (known after apply)
          + name                 = "nfs-dns-zone-group"
          + private_dns_zone_ids = (known after apply)
        }

      + private_service_connection {
          + is_manual_connection           = false
          + name                           = "nfs-privateserviceconnection"
          + private_connection_resource_id = (known after apply)
          + private_ip_address             = (known after apply)
          + subresource_names              = [
              + "file",
            ]
        }
    }

  # module.ex01_nfs_filesahre.azurerm_public_ip.nfsvm_public_ip will be created
  + resource "azurerm_public_ip" "nfsvm_public_ip" {
      + allocation_method       = "Static"
      + ddos_protection_mode    = "VirtualNetworkInherited"
      + fqdn                    = (known after apply)
      + id                      = (known after apply)
      + idle_timeout_in_minutes = 4
      + ip_address              = (known after apply)
      + ip_version              = "IPv4"
      + location                = "francecentral"
      + name                    = "azbnknfsvm-publicip"
      + resource_group_name     = "e2eazp1-tf-rmgp"
      + sku                     = "Standard"
      + sku_tier                = "Regional"
    }

  # module.ex01_nfs_filesahre.azurerm_storage_account.nfs_storage_account will be created
  + resource "azurerm_storage_account" "nfs_storage_account" {
      + access_tier                       = (known after apply)
      + account_kind                      = "FileStorage"
      + account_replication_type          = "LRS"
      + account_tier                      = "Premium"
      + allow_nested_items_to_be_public   = true
      + cross_tenant_replication_enabled  = true
      + default_to_oauth_authentication   = false
      + enable_https_traffic_only         = false
      + id                                = (known after apply)
      + infrastructure_encryption_enabled = false
      + is_hns_enabled                    = false
      + large_file_share_enabled          = (known after apply)
      + location                          = "francecentral"
      + min_tls_version                   = "TLS1_2"
      + name                              = "nfsvml11sg"
      + nfsv3_enabled                     = false
      + primary_access_key                = (sensitive value)
      + primary_blob_connection_string    = (sensitive value)
      + primary_blob_endpoint             = (known after apply)
      + primary_blob_host                 = (known after apply)
      + primary_connection_string         = (sensitive value)
      + primary_dfs_endpoint              = (known after apply)
      + primary_dfs_host                  = (known after apply)
      + primary_file_endpoint             = (known after apply)
      + primary_file_host                 = (known after apply)
      + primary_location                  = (known after apply)
      + primary_queue_endpoint            = (known after apply)
      + primary_queue_host                = (known after apply)
      + primary_table_endpoint            = (known after apply)
      + primary_table_host                = (known after apply)
      + primary_web_endpoint              = (known after apply)
      + primary_web_host                  = (known after apply)
      + public_network_access_enabled     = true
      + queue_encryption_key_type         = "Service"
      + resource_group_name               = "e2eazp1-tf-rmgp"
      + secondary_access_key              = (sensitive value)
      + secondary_blob_connection_string  = (sensitive value)
      + secondary_blob_endpoint           = (known after apply)
      + secondary_blob_host               = (known after apply)
      + secondary_connection_string       = (sensitive value)
      + secondary_dfs_endpoint            = (known after apply)
      + secondary_dfs_host                = (known after apply)
      + secondary_file_endpoint           = (known after apply)
      + secondary_file_host               = (known after apply)
      + secondary_location                = (known after apply)
      + secondary_queue_endpoint          = (known after apply)
      + secondary_queue_host              = (known after apply)
      + secondary_table_endpoint          = (known after apply)
      + secondary_table_host              = (known after apply)
      + secondary_web_endpoint            = (known after apply)
      + secondary_web_host                = (known after apply)
      + sftp_enabled                      = false
      + shared_access_key_enabled         = true
      + table_encryption_key_type         = "Service"
    }

  # module.ex01_nfs_filesahre.azurerm_storage_share.nfs_storage_share will be created
  + resource "azurerm_storage_share" "nfs_storage_share" {
      + access_tier          = (known after apply)
      + enabled_protocol     = "NFS"
      + id                   = (known after apply)
      + metadata             = (known after apply)
      + name                 = "100"
      + quota                = 100
      + resource_manager_id  = (known after apply)
      + storage_account_name = "nfsvml11sg"
      + url                  = (known after apply)
    }

Plan: 10 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.

@tush4hworks
Copy link
Contributor Author

Apply

Plan: 10 to add, 0 to change, 0 to destroy.
module.ex01_nfs_filesahre.azurerm_public_ip.nfsvm_public_ip: Creating...
module.ex01_nfs_filesahre.azurerm_private_dns_zone.nfs_privatednszone: Creating...
module.ex01_nfs_filesahre.azurerm_network_security_group.nfsvm_sg: Creating...
module.ex01_nfs_filesahre.azurerm_storage_account.nfs_storage_account: Creating...
module.ex01_nfs_filesahre.azurerm_private_dns_zone.nfs_privatednszone: Still creating... [10s elapsed]
module.ex01_nfs_filesahre.azurerm_public_ip.nfsvm_public_ip: Still creating... [10s elapsed]
module.ex01_nfs_filesahre.azurerm_network_security_group.nfsvm_sg: Still creating... [10s elapsed]
module.ex01_nfs_filesahre.azurerm_storage_account.nfs_storage_account: Still creating... [10s elapsed]
module.ex01_nfs_filesahre.azurerm_network_security_group.nfsvm_sg: Creation complete after 11s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/networkSecurityGroups/azbnknfsvm-sg]
module.ex01_nfs_filesahre.azurerm_public_ip.nfsvm_public_ip: Creation complete after 12s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/publicIPAddresses/azbnknfsvm-publicip]
module.ex01_nfs_filesahre.azurerm_network_interface.nfsvm_nic: Creating...
module.ex01_nfs_filesahre.azurerm_private_dns_zone.nfs_privatednszone: Still creating... [20s elapsed]
module.ex01_nfs_filesahre.azurerm_storage_account.nfs_storage_account: Still creating... [20s elapsed]
module.ex01_nfs_filesahre.azurerm_network_interface.nfsvm_nic: Still creating... [10s elapsed]
module.ex01_nfs_filesahre.azurerm_private_dns_zone.nfs_privatednszone: Still creating... [30s elapsed]
module.ex01_nfs_filesahre.azurerm_storage_account.nfs_storage_account: Still creating... [30s elapsed]
module.ex01_nfs_filesahre.azurerm_network_interface.nfsvm_nic: Still creating... [20s elapsed]
module.ex01_nfs_filesahre.azurerm_network_interface.nfsvm_nic: Creation complete after 23s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/networkInterfaces/azbnknfsvm-nic]
module.ex01_nfs_filesahre.azurerm_network_interface_security_group_association.nfsvm_nic_sg: Creating...
module.ex01_nfs_filesahre.azurerm_linux_virtual_machine.nfs_vm: Creating...
module.ex01_nfs_filesahre.azurerm_storage_account.nfs_storage_account: Creation complete after 35s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Storage/storageAccounts/nfsvml11sg]
module.ex01_nfs_filesahre.azurerm_storage_share.nfs_storage_share: Creating...
module.ex01_nfs_filesahre.azurerm_storage_share.nfs_storage_share: Creation complete after 4s [id=https://nfsvml11sg.file.core.windows.net/100]
module.ex01_nfs_filesahre.azurerm_private_dns_zone.nfs_privatednszone: Still creating... [40s elapsed]
module.ex01_nfs_filesahre.azurerm_network_interface_security_group_association.nfsvm_nic_sg: Creation complete after 8s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/networkInterfaces/azbnknfsvm-nic|/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/networkSecurityGroups/azbnknfsvm-sg]
module.ex01_nfs_filesahre.azurerm_linux_virtual_machine.nfs_vm: Still creating... [10s elapsed]
module.ex01_nfs_filesahre.azurerm_private_dns_zone.nfs_privatednszone: Creation complete after 45s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net]
module.ex01_nfs_filesahre.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Creating...
module.ex01_nfs_filesahre.azurerm_private_endpoint.nfs_private_endpoint: Creating...
module.ex01_nfs_filesahre.azurerm_linux_virtual_machine.nfs_vm: Still creating... [20s elapsed]
module.ex01_nfs_filesahre.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Still creating... [10s elapsed]
module.ex01_nfs_filesahre.azurerm_private_endpoint.nfs_private_endpoint: Still creating... [10s elapsed]
module.ex01_nfs_filesahre.azurerm_linux_virtual_machine.nfs_vm: Still creating... [30s elapsed]
module.ex01_nfs_filesahre.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Still creating... [20s elapsed]
module.ex01_nfs_filesahre.azurerm_private_endpoint.nfs_private_endpoint: Still creating... [20s elapsed]
module.ex01_nfs_filesahre.azurerm_linux_virtual_machine.nfs_vm: Still creating... [40s elapsed]
module.ex01_nfs_filesahre.azurerm_private_endpoint.nfs_private_endpoint: Still creating... [30s elapsed]
module.ex01_nfs_filesahre.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Still creating... [30s elapsed]
module.ex01_nfs_filesahre.azurerm_linux_virtual_machine.nfs_vm: Still creating... [50s elapsed]
module.ex01_nfs_filesahre.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Still creating... [40s elapsed]
module.ex01_nfs_filesahre.azurerm_private_endpoint.nfs_private_endpoint: Still creating... [40s elapsed]
module.ex01_nfs_filesahre.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Creation complete after 42s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net/virtualNetworkLinks/azbnk_vnetlink]
module.ex01_nfs_filesahre.azurerm_linux_virtual_machine.nfs_vm: Still creating... [1m0s elapsed]
module.ex01_nfs_filesahre.azurerm_private_endpoint.nfs_private_endpoint: Still creating... [50s elapsed]
module.ex01_nfs_filesahre.azurerm_linux_virtual_machine.nfs_vm: Creation complete after 1m1s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Compute/virtualMachines/azbnknfsvm]
module.ex01_nfs_filesahre.azurerm_private_endpoint.nfs_private_endpoint: Creation complete after 52s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/privateEndpoints/azbnk_e2eazp1-tf-sbnt-02_nfs_private_endpoint]

Apply complete! Resources: 10 added, 0 changed, 0 destroyed.

Changes to Outputs:
  + nfs_file_share_url = "https://nfsvml11sg.file.core.windows.net/100"
  + nfs_vm_public_ip   = "51.103.64.217"

You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

nfs_file_share_url = "https://nfsvml11sg.file.core.windows.net/100"
nfs_vm_public_ip = "51.103.64.217"

jimright
jimright requested changes Oct 23, 2023
View reviewed changes
Copy link
Contributor

@jimright jimright left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @tush4hworks,

Thanks for this. Please see review comments for some changes in line with our conversation.

Thanks,
Jim

modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/.terraform-docs.yaml Outdated Show resolved Hide resolved
modules/terraform-azure-nfs/README.md Outdated Show resolved Hide resolved
modules/terraform-azure-nfs/defaults.tf Outdated Show resolved Hide resolved
modules/terraform-azure-nfs/main.tf Outdated Show resolved Hide resolved
modules/terraform-azure-nfs/main.tf Outdated Show resolved Hide resolved
modules/terraform-azure-nfs/main.tf Outdated
}


resource "azurerm_linux_virtual_machine" "nfs_vm" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest to create a create_vm bool input variable to control the creation of the VM.

Use the variable with e.g. count = var.create_vm ? 1 : 0

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will think about this later, didn't add it now because we need VM creation always.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tush4hworks - I would like to incorporate the variable, even with default value of true. We can work together on this to get it into this PR.

As the VM is potentially short-lived and only used for a single purpose of performing a chown on the nfs directory it should be optional.

modules/terraform-azure-nfs/main.tf Show resolved Hide resolved
modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/variables.tf Outdated Show resolved Hide resolved
@tush4hworks
Copy link
Contributor Author 

(tfquickstart) tsharma@MacBook-Pro-8 ex01-nfs_fileshare % terraform apply -auto-approve
module.ex01_nfs_fileshare.data.template_file.vm-cloud-init: Reading...
module.ex01_nfs_fileshare.data.template_file.vm-cloud-init: Read complete after 0s [id=95942c33d6c24cf0384b0e3f812ccba4c522be1674076c5d644673a713301cae]
module.ex01_nfs_fileshare.data.azurerm_virtual_network.nfs_vnet: Reading...
module.ex01_nfs_fileshare.data.azurerm_subnet.nfs_subnets["e2eazp1-tf-sbnt-02"]: Reading...
module.ex01_nfs_fileshare.data.azurerm_subnet.nfs_subnets["e2eazp1-tf-sbnt-03"]: Reading...
module.ex01_nfs_fileshare.data.azurerm_subnet.nfs_subnets["e2eazp1-tf-sbnt-03"]: Read complete after 2s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/virtualNetworks/e2eazp1-tf-net/subnets/e2eazp1-tf-sbnt-03]
module.ex01_nfs_fileshare.data.azurerm_subnet.nfs_subnets["e2eazp1-tf-sbnt-02"]: Read complete after 2s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/virtualNetworks/e2eazp1-tf-net/subnets/e2eazp1-tf-sbnt-02]
module.ex01_nfs_fileshare.data.azurerm_virtual_network.nfs_vnet: Read complete after 3s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/virtualNetworks/e2eazp1-tf-net]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.ex01_nfs_fileshare.azurerm_linux_virtual_machine.nfs_vm[0] will be created
  + resource "azurerm_linux_virtual_machine" "nfs_vm" {
      + admin_username                                         = "adminuser"
      + allow_extension_operations                             = true
      + bypass_platform_safety_checks_on_user_schedule_enabled = false
      + computer_name                                          = (known after apply)
      + custom_data                                            = (sensitive value)
      + disable_password_authentication                        = true
      + extensions_time_budget                                 = "PT1H30M"
      + id                                                     = (known after apply)
      + location                                               = "francecentral"
      + max_bid_price                                          = -1
      + name                                                   = "nfsvm1"
      + network_interface_ids                                  = (known after apply)
      + patch_assessment_mode                                  = "ImageDefault"
      + patch_mode                                             = "ImageDefault"
      + platform_fault_domain                                  = -1
      + priority                                               = "Regular"
      + private_ip_address                                     = (known after apply)
      + private_ip_addresses                                   = (known after apply)
      + provision_vm_agent                                     = true
      + public_ip_address                                      = (known after apply)
      + public_ip_addresses                                    = (known after apply)
      + resource_group_name                                    = "e2eazp1-tf-rmgp"
      + size                                                   = "Standard_F2"
      + virtual_machine_id                                     = (known after apply)

      + admin_ssh_key {
          + public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWW7HfwYMrzlWCx6qHzHd42cUr5d6EEdIRB8rNczHE5+AIumGanJcbJnWNjgNNQJjzDramUP0vEMuTer/gQqZhrAvTVVPATh4BGZRpGQYb62VGw/d8N7JGCQJCO73/NC4AnilD+hHpaEgY6v8uK421XN63ZRyWugR+QdwdUCyq2EyOIC6xNSqLPP+6KQscDTEdkva8mPw2c6BARARVZP/Z91KeO8qUA0JEj1bjajF6yRiI38npwDklGlGMdfuUNDGq8bhP3wEQiMHCdPc3R2z5TQ73GMVfxKEZOZSXPHdbnmKqXGQuGmcMYsmEQDJzssmQ+om2Vao2ORFvtimsd7nqAjUnvlV7t6UEdGHTJnq21MoTrWS7LuG55Zg9o8Iy8vpT1PwuzSwJaPn4x976tcSFy4JeIl/Zg1Xqynxm+iUwoD6OEKNPRsidlEAk7QiFsBdFLuv5kmarvaQdJhJ2OH1IvSJOwjttrnihBtMAp6HG8PoOSqhHsvFZT+fqw42Znts= [email protected]"
          + username   = "adminuser"
        }

      + os_disk {
          + caching                   = "ReadWrite"
          + disk_size_gb              = (known after apply)
          + name                      = (known after apply)
          + storage_account_type      = "Standard_LRS"
          + write_accelerator_enabled = false
        }

      + source_image_reference {
          + offer     = "0001-com-ubuntu-server-focal"
          + publisher = "Canonical"
          + sku       = "20_04-lts"
          + version   = "latest"
        }
    }

  # module.ex01_nfs_fileshare.azurerm_network_interface.nfsvm_nic[0] will be created
  + resource "azurerm_network_interface" "nfsvm_nic" {
      + applied_dns_servers           = (known after apply)
      + dns_servers                   = (known after apply)
      + enable_accelerated_networking = false
      + enable_ip_forwarding          = false
      + id                            = (known after apply)
      + internal_dns_name_label       = (known after apply)
      + internal_domain_name_suffix   = (known after apply)
      + location                      = "francecentral"
      + mac_address                   = (known after apply)
      + name                          = "nfsvimnic"
      + private_ip_address            = (known after apply)
      + private_ip_addresses          = (known after apply)
      + resource_group_name           = "e2eazp1-tf-rmgp"
      + virtual_machine_id            = (known after apply)

      + ip_configuration {
          + gateway_load_balancer_frontend_ip_configuration_id = (known after apply)
          + name                                               = "internal"
          + primary                                            = (known after apply)
          + private_ip_address                                 = (known after apply)
          + private_ip_address_allocation                      = "Dynamic"
          + private_ip_address_version                         = "IPv4"
          + public_ip_address_id                               = (known after apply)
          + subnet_id                                          = "/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/virtualNetworks/e2eazp1-tf-net/subnets/e2eazp1-tf-sbnt-02"
        }
    }

  # module.ex01_nfs_fileshare.azurerm_network_interface_security_group_association.nfsvm_nic_sg[0] will be created
  + resource "azurerm_network_interface_security_group_association" "nfsvm_nic_sg" {
      + id                        = (known after apply)
      + network_interface_id      = (known after apply)
      + network_security_group_id = (known after apply)
    }

  # module.ex01_nfs_fileshare.azurerm_network_security_group.nfsvm_sg[0] will be created
  + resource "azurerm_network_security_group" "nfsvm_sg" {
      + id                  = (known after apply)
      + location            = "francecentral"
      + name                = "nfsvsad12"
      + resource_group_name = "e2eazp1-tf-rmgp"
      + security_rule       = (known after apply)
    }

  # module.ex01_nfs_fileshare.azurerm_network_security_rule.nfsvm_sg_rule[0] will be created
  + resource "azurerm_network_security_rule" "nfsvm_sg_rule" {
      + access                      = "Allow"
      + destination_address_prefix  = "*"
      + destination_port_range      = "22"
      + direction                   = "Inbound"
      + id                          = (known after apply)
      + name                        = "allowssh"
      + network_security_group_name = "nfsvsad12"
      + priority                    = 100
      + protocol                    = "Tcp"
      + resource_group_name         = "e2eazp1-tf-rmgp"
      + source_address_prefixes     = [
          + "0.0.0.0/0",
        ]
      + source_port_range           = "*"
    }

  # module.ex01_nfs_fileshare.azurerm_private_dns_zone.nfs_privatednszone will be created
  + resource "azurerm_private_dns_zone" "nfs_privatednszone" {
      + id                                                    = (known after apply)
      + max_number_of_record_sets                             = (known after apply)
      + max_number_of_virtual_network_links                   = (known after apply)
      + max_number_of_virtual_network_links_with_registration = (known after apply)
      + name                                                  = "privatelink.file.core.windows.net"
      + number_of_record_sets                                 = (known after apply)
      + resource_group_name                                   = "e2eazp1-tf-rmgp"
    }

  # module.ex01_nfs_fileshare.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link will be created
  + resource "azurerm_private_dns_zone_virtual_network_link" "nfs_vnet_link" {
      + id                    = (known after apply)
      + name                  = "nfsdsvvnet"
      + private_dns_zone_name = "privatelink.file.core.windows.net"
      + registration_enabled  = false
      + resource_group_name   = "e2eazp1-tf-rmgp"
      + virtual_network_id    = "/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/virtualNetworks/e2eazp1-tf-net"
    }

  # module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-02"] will be created
  + resource "azurerm_private_endpoint" "nfs_private_endpoint" {
      + custom_dns_configs       = (known after apply)
      + id                       = (known after apply)
      + location                 = "francecentral"
      + name                     = "azbnk_e2eazp1-tf-sbnt-02_nfs_private_endpoint"
      + network_interface        = (known after apply)
      + private_dns_zone_configs = (known after apply)
      + resource_group_name      = "e2eazp1-tf-rmgp"
      + subnet_id                = "/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/virtualNetworks/e2eazp1-tf-net/subnets/e2eazp1-tf-sbnt-02"

      + private_dns_zone_group {
          + id                   = (known after apply)
          + name                 = "nfs-dns-zone-group"
          + private_dns_zone_ids = (known after apply)
        }

      + private_service_connection {
          + is_manual_connection           = false
          + name                           = "nfs-privateserviceconnection"
          + private_connection_resource_id = (known after apply)
          + private_ip_address             = (known after apply)
          + subresource_names              = [
              + "file",
            ]
        }
    }

  # module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-03"] will be created
  + resource "azurerm_private_endpoint" "nfs_private_endpoint" {
      + custom_dns_configs       = (known after apply)
      + id                       = (known after apply)
      + location                 = "francecentral"
      + name                     = "azbnk_e2eazp1-tf-sbnt-03_nfs_private_endpoint"
      + network_interface        = (known after apply)
      + private_dns_zone_configs = (known after apply)
      + resource_group_name      = "e2eazp1-tf-rmgp"
      + subnet_id                = "/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/virtualNetworks/e2eazp1-tf-net/subnets/e2eazp1-tf-sbnt-03"

      + private_dns_zone_group {
          + id                   = (known after apply)
          + name                 = "nfs-dns-zone-group"
          + private_dns_zone_ids = (known after apply)
        }

      + private_service_connection {
          + is_manual_connection           = false
          + name                           = "nfs-privateserviceconnection"
          + private_connection_resource_id = (known after apply)
          + private_ip_address             = (known after apply)
          + subresource_names              = [
              + "file",
            ]
        }
    }

  # module.ex01_nfs_fileshare.azurerm_public_ip.nfsvm_public_ip[0] will be created
  + resource "azurerm_public_ip" "nfsvm_public_ip" {
      + allocation_method       = "Static"
      + ddos_protection_mode    = "VirtualNetworkInherited"
      + fqdn                    = (known after apply)
      + id                      = (known after apply)
      + idle_timeout_in_minutes = 4
      + ip_address              = (known after apply)
      + ip_version              = "IPv4"
      + location                = "francecentral"
      + name                    = "nfsvmpub1"
      + resource_group_name     = "e2eazp1-tf-rmgp"
      + sku                     = "Standard"
      + sku_tier                = "Regional"
    }

  # module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account will be created
  + resource "azurerm_storage_account" "nfs_storage_account" {
      + access_tier                       = (known after apply)
      + account_kind                      = "FileStorage"
      + account_replication_type          = "LRS"
      + account_tier                      = "Premium"
      + allow_nested_items_to_be_public   = true
      + cross_tenant_replication_enabled  = true
      + default_to_oauth_authentication   = false
      + enable_https_traffic_only         = false
      + id                                = (known after apply)
      + infrastructure_encryption_enabled = false
      + is_hns_enabled                    = false
      + large_file_share_enabled          = (known after apply)
      + location                          = "francecentral"
      + min_tls_version                   = "TLS1_2"
      + name                              = "nfsvml11sg"
      + nfsv3_enabled                     = false
      + primary_access_key                = (sensitive value)
      + primary_blob_connection_string    = (sensitive value)
      + primary_blob_endpoint             = (known after apply)
      + primary_blob_host                 = (known after apply)
      + primary_connection_string         = (sensitive value)
      + primary_dfs_endpoint              = (known after apply)
      + primary_dfs_host                  = (known after apply)
      + primary_file_endpoint             = (known after apply)
      + primary_file_host                 = (known after apply)
      + primary_location                  = (known after apply)
      + primary_queue_endpoint            = (known after apply)
      + primary_queue_host                = (known after apply)
      + primary_table_endpoint            = (known after apply)
      + primary_table_host                = (known after apply)
      + primary_web_endpoint              = (known after apply)
      + primary_web_host                  = (known after apply)
      + public_network_access_enabled     = true
      + queue_encryption_key_type         = "Service"
      + resource_group_name               = "e2eazp1-tf-rmgp"
      + secondary_access_key              = (sensitive value)
      + secondary_blob_connection_string  = (sensitive value)
      + secondary_blob_endpoint           = (known after apply)
      + secondary_blob_host               = (known after apply)
      + secondary_connection_string       = (sensitive value)
      + secondary_dfs_endpoint            = (known after apply)
      + secondary_dfs_host                = (known after apply)
      + secondary_file_endpoint           = (known after apply)
      + secondary_file_host               = (known after apply)
      + secondary_location                = (known after apply)
      + secondary_queue_endpoint          = (known after apply)
      + secondary_queue_host              = (known after apply)
      + secondary_table_endpoint          = (known after apply)
      + secondary_table_host              = (known after apply)
      + secondary_web_endpoint            = (known after apply)
      + secondary_web_host                = (known after apply)
      + sftp_enabled                      = false
      + shared_access_key_enabled         = true
      + table_encryption_key_type         = "Service"
    }

  # module.ex01_nfs_fileshare.azurerm_storage_share.nfs_storage_share will be created
  + resource "azurerm_storage_share" "nfs_storage_share" {
      + access_tier          = (known after apply)
      + enabled_protocol     = "NFS"
      + id                   = (known after apply)
      + metadata             = (known after apply)
      + name                 = "nfsvml11"
      + quota                = 100
      + resource_manager_id  = (known after apply)
      + storage_account_name = "nfsvml11sg"
      + url                  = (known after apply)
    }

Plan: 12 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + nfs_file_share_url = (known after apply)
  + nfs_vm_mount_path  = "/mount/nfsvml11sg/nfsvml11"
  + nfs_vm_public_ip   = (known after apply)
  + nfs_vm_username    = "adminuser"
module.ex01_nfs_fileshare.azurerm_network_security_group.nfsvm_sg[0]: Creating...
module.ex01_nfs_fileshare.azurerm_private_dns_zone.nfs_privatednszone: Creating...
module.ex01_nfs_fileshare.azurerm_public_ip.nfsvm_public_ip[0]: Creating...
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Creating...
module.ex01_nfs_fileshare.azurerm_private_dns_zone.nfs_privatednszone: Still creating... [10s elapsed]
module.ex01_nfs_fileshare.azurerm_public_ip.nfsvm_public_ip[0]: Still creating... [10s elapsed]
module.ex01_nfs_fileshare.azurerm_network_security_group.nfsvm_sg[0]: Still creating... [10s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [10s elapsed]
module.ex01_nfs_fileshare.azurerm_network_security_group.nfsvm_sg[0]: Creation complete after 11s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/networkSecurityGroups/nfsvsad12]
module.ex01_nfs_fileshare.azurerm_network_security_rule.nfsvm_sg_rule[0]: Creating...
module.ex01_nfs_fileshare.azurerm_network_security_rule.nfsvm_sg_rule[0]: Creation complete after 4s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/networkSecurityGroups/nfsvsad12/securityRules/allowssh]
module.ex01_nfs_fileshare.azurerm_public_ip.nfsvm_public_ip[0]: Creation complete after 17s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/publicIPAddresses/nfsvmpub1]
module.ex01_nfs_fileshare.azurerm_network_interface.nfsvm_nic[0]: Creating...
module.ex01_nfs_fileshare.azurerm_private_dns_zone.nfs_privatednszone: Still creating... [20s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [20s elapsed]
module.ex01_nfs_fileshare.azurerm_network_interface.nfsvm_nic[0]: Still creating... [10s elapsed]
module.ex01_nfs_fileshare.azurerm_private_dns_zone.nfs_privatednszone: Still creating... [30s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [30s elapsed]
module.ex01_nfs_fileshare.azurerm_network_interface.nfsvm_nic[0]: Creation complete after 14s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/networkInterfaces/nfsvimnic]
module.ex01_nfs_fileshare.azurerm_network_interface_security_group_association.nfsvm_nic_sg[0]: Creating...
module.ex01_nfs_fileshare.azurerm_linux_virtual_machine.nfs_vm[0]: Creating...
module.ex01_nfs_fileshare.azurerm_network_interface_security_group_association.nfsvm_nic_sg[0]: Creation complete after 5s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/networkInterfaces/nfsvimnic|/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/networkSecurityGroups/nfsvsad12]
module.ex01_nfs_fileshare.azurerm_private_dns_zone.nfs_privatednszone: Creation complete after 40s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net]
module.ex01_nfs_fileshare.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Creating...
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [40s elapsed]
module.ex01_nfs_fileshare.azurerm_linux_virtual_machine.nfs_vm[0]: Still creating... [10s elapsed]
module.ex01_nfs_fileshare.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Still creating... [10s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [50s elapsed]
module.ex01_nfs_fileshare.azurerm_linux_virtual_machine.nfs_vm[0]: Still creating... [20s elapsed]
module.ex01_nfs_fileshare.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Still creating... [20s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [1m0s elapsed]
module.ex01_nfs_fileshare.azurerm_linux_virtual_machine.nfs_vm[0]: Still creating... [30s elapsed]
module.ex01_nfs_fileshare.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Still creating... [30s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [1m10s elapsed]
module.ex01_nfs_fileshare.azurerm_linux_virtual_machine.nfs_vm[0]: Still creating... [40s elapsed]
module.ex01_nfs_fileshare.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Still creating... [40s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [1m20s elapsed]
module.ex01_nfs_fileshare.azurerm_linux_virtual_machine.nfs_vm[0]: Still creating... [50s elapsed]
module.ex01_nfs_fileshare.azurerm_linux_virtual_machine.nfs_vm[0]: Creation complete after 58s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Compute/virtualMachines/nfsvm1]
module.ex01_nfs_fileshare.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Still creating... [50s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [1m30s elapsed]
module.ex01_nfs_fileshare.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Still creating... [1m0s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [1m40s elapsed]
module.ex01_nfs_fileshare.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Still creating... [1m10s elapsed]
module.ex01_nfs_fileshare.azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link: Creation complete after 1m10s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net/virtualNetworkLinks/nfsdsvvnet]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [1m50s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [2m0s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [2m10s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [2m51s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [3m1s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [3m11s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [3m21s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Still creating... [3m31s elapsed]
module.ex01_nfs_fileshare.azurerm_storage_account.nfs_storage_account: Creation complete after 3m32s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Storage/storageAccounts/nfsvml11sg]
module.ex01_nfs_fileshare.azurerm_storage_share.nfs_storage_share: Creating...
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-03"]: Creating...
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-02"]: Creating...
module.ex01_nfs_fileshare.azurerm_storage_share.nfs_storage_share: Creation complete after 2s [id=https://nfsvml11sg.file.core.windows.net/nfsvml11]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-03"]: Still creating... [10s elapsed]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-02"]: Still creating... [10s elapsed]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-02"]: Still creating... [20s elapsed]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-03"]: Still creating... [20s elapsed]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-03"]: Still creating... [30s elapsed]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-02"]: Still creating... [30s elapsed]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-02"]: Still creating... [40s elapsed]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-03"]: Still creating... [40s elapsed]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-03"]: Still creating... [50s elapsed]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-02"]: Still creating... [50s elapsed]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-02"]: Still creating... [1m0s elapsed]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-03"]: Still creating... [1m0s elapsed]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-03"]: Creation complete after 1m4s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/privateEndpoints/azbnk_e2eazp1-tf-sbnt-03_nfs_private_endpoint]
module.ex01_nfs_fileshare.azurerm_private_endpoint.nfs_private_endpoint["e2eazp1-tf-sbnt-02"]: Creation complete after 1m7s [id=/subscriptions/9c0efd86-d1e7-4bfa-a9fd-fa6f36b92458/resourceGroups/e2eazp1-tf-rmgp/providers/Microsoft.Network/privateEndpoints/azbnk_e2eazp1-tf-sbnt-02_nfs_private_endpoint]

Apply complete! Resources: 12 added, 0 changed, 0 destroyed.

Outputs:

nfs_file_share_url = "https://nfsvml11sg.file.core.windows.net/nfsvml11"
nfs_vm_mount_path = "/mount/nfsvml11sg/nfsvml11"
nfs_vm_public_ip = "51.103.64.219"
nfs_vm_username = "adminuser"

@tush4hworks
Copy link
Contributor Author

NFS is mounted on the VM

(tfquickstart) tsharma@MacBook-Pro-8 ex01-nfs_fileshare % ssh [email protected]
The authenticity of host '51.103.64.219 (51.103.64.219)' can't be established.
ECDSA key fingerprint is SHA256:YyaG0iGiN+XEh8faM5dncdm47x3LVRnAYFc6TbPTGBk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '51.103.64.219' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 20.04.6 LTS (GNU/Linux 5.15.0-1045-azure x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Wed Oct 25 06:57:09 UTC 2023

  System load:  0.0               Processes:             127
  Usage of /:   5.9% of 28.89GB   Users logged in:       0
  Memory usage: 7%                IPv4 address for eth0: 10.10.32.4
  Swap usage:   0%

Expanded Security Maintenance for Applications is not enabled.

42 updates can be applied immediately.
34 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status



The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

adminuser@nfsvm1:~$ sudo su 
root@nfsvm1:/home/adminuser# ls /mount/nfsvml11sg/nfsvml11
root@nfsvm1:/home/adminuser# 
root@nfsvm1:/home/adminuser# ls /mount/nfsvml11sg/
nfsvml11
root@nfsvm1:/home/adminuser# 
root@nfsvm1:/home/adminuser# df -kh /mount/nfsvml11sg/nfsvml11/
Filesystem      Size  Used Avail Use% Mounted on
/dev/root        29G  1.7G   28G   6% /

balazsgaspar
balazsgaspar approved these changes Oct 27, 2023
View reviewed changes
Copy link
Contributor

@balazsgaspar balazsgaspar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jimright
jimright approved these changes Oct 27, 2023
View reviewed changes
Copy link
Contributor

@jimright jimright left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Approved.

@tush4hworks tush4hworks force-pushed the feature/azure_nfs_module branch 2 times, most recently from 7bfbb19 to cebee8c Compare October 30, 2023 07:29
tush4hworks and others added 15 commits October 30, 2023 14:00
@tush4hworks
Feature to support provisioning of Azure Files NFS for CML at runtime
7958334 
See detailed explanation in README.md

Provisions a storage account with Premium Tier and Disabled Https traffic only.
Creates a NFS file share of 100 GB in the storage account
Creates a private dns zone of type privatelink.file.core.windows.net
Creates a VNET link between CDP workload VNET and private DNS zone
Creates a private endpoint for NFS Storage Account (File sub-resource) for one of the subnets in the CDP VNET - this should be extended to all subnets for CML.
Creates a public IP , security group allowing port 22 from everywhere
Creates a ubuntu VM with public IP, security group in the CDP VNET to which private endpoint was created.

Signed-off-by: tsharma <[email protected]>
@tush4hworks
Add output flags
01e7296 
Signed-off-by: tsharma <[email protected]>
@tush4hworks
Addressing Review comments, also made subnets a list
8bd12fd 
Signed-off-by: tsharma <[email protected]>
@tush4hworks
Missed doc fragments
6cb0149 
Signed-off-by: tsharma <[email protected]>
@tush4hworks
1. Add support to auto-mount NFS on created VM via custom_data. 2. Ad…
29bd13a 
…d conditional provisioning of VM

Signed-off-by: tsharma <[email protected]>
@tush4hworks
Provider standardization, use templatefile
273ae48 
Signed-off-by: tsharma <[email protected]>
@tush4hworks
removed not needed providers
dffb8db 
Signed-off-by: tsharma <[email protected]>
@tush4hworks
invoke terraform-azure-nfs from terraform-cdp-azure-prereqs
353ef9f 
Signed-off-by: tsharma <[email protected]>
@tush4hworks
minor naming change
58cb431 
Signed-off-by: tsharma <[email protected]>
@tush4hworks
fixes to variables and outputs
a017984 
Signed-off-by: tsharma <[email protected]>
@tush4hworks
take value from local
7fe0604 
Signed-off-by: tsharma <[email protected]>
@tush4hworks
formatting errors
645617f 
Signed-off-by: tsharma <[email protected]>
@tush4hworks
Final fixes (hopefully)
8831cbb 
Signed-off-by: tsharma <[email protected]>
@tush4hworks
Add NFS Storage Account Name output
a15e6f8 
Signed-off-by: tsharma <[email protected]>
@tush4hworks
sign with gpg key
10fa910 
Signed-off-by: tsharma <[email protected]>
@tush4hworks tush4hworks force-pushed the feature/azure_nfs_module branch 2 times, most recently from 4f0f0ed to 10fa910 Compare October 30, 2023 08:35
@jimright jimright merged commit d490650 into cloudera-labs:main Oct 30, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimright jimright jimright approved these changes

@balazsgaspar balazsgaspar balazsgaspar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tush4hworks @balazsgaspar @jimright