From 7958334b268fb51056bd5885c7f2067dd99e73c6 Mon Sep 17 00:00:00 2001 From: tsharma Date: Mon, 23 Oct 2023 13:02:46 +0530 Subject: [PATCH 01/15] Feature to support provisioning of Azure Files NFS for CML at runtime See detailed explanation in README.md Provisions a storage account with Premium Tier and Disabled Https traffic only. Creates a NFS file share of 100 GB in the storage account Creates a private dns zone of type privatelink.file.core.windows.net Creates a VNET link between CDP workload VNET and private DNS zone Creates a private endpoint for NFS Storage Account (File sub-resource) for one of the subnets in the CDP VNET - this should be extended to all subnets for CML. Creates a public IP , security group allowing port 22 from everywhere Creates a ubuntu VM with public IP, security group in the CDP VNET to which private endpoint was created. Signed-off-by: tsharma --- .../terraform-azure-nfs/.terraform-docs.yaml | 21 +++ modules/terraform-azure-nfs/README.md | 68 +++++++++ modules/terraform-azure-nfs/data.tf | 24 +++ modules/terraform-azure-nfs/defaults.tf | 17 +++ .../ex01-nfs_fileshare/.terraform-docs.yaml | 21 +++ .../examples/ex01-nfs_fileshare/main.tf | 27 ++++ .../examples/ex01-nfs_fileshare/provider.tf | 29 ++++ .../terraform.tfvars.sample | 26 ++++ .../examples/ex01-nfs_fileshare/variables.tf | 58 +++++++ modules/terraform-azure-nfs/main.tf | 142 ++++++++++++++++++ modules/terraform-azure-nfs/outputs.tf | 24 +++ modules/terraform-azure-nfs/provider.tf | 28 ++++ modules/terraform-azure-nfs/variables.tf | 60 ++++++++ 13 files changed, 545 insertions(+) create mode 100644 modules/terraform-azure-nfs/.terraform-docs.yaml create mode 100644 modules/terraform-azure-nfs/README.md create mode 100644 modules/terraform-azure-nfs/data.tf create mode 100644 modules/terraform-azure-nfs/defaults.tf create mode 100644 modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/.terraform-docs.yaml create mode 100644 modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf create mode 100644 modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/provider.tf create mode 100644 modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/terraform.tfvars.sample create mode 100644 modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/variables.tf create mode 100644 modules/terraform-azure-nfs/main.tf create mode 100644 modules/terraform-azure-nfs/outputs.tf create mode 100644 modules/terraform-azure-nfs/provider.tf create mode 100644 modules/terraform-azure-nfs/variables.tf diff --git a/modules/terraform-azure-nfs/.terraform-docs.yaml b/modules/terraform-azure-nfs/.terraform-docs.yaml new file mode 100644 index 0000000..0936036 --- /dev/null +++ b/modules/terraform-azure-nfs/.terraform-docs.yaml @@ -0,0 +1,21 @@ +formatter: markdown +header-from: doc_fragments/header.md +settings: + anchor: true + color: true + default: true + escape: true + html: true + indent: 2 + required: true + sensitive: true + type: true + + +sort: + enabled: true + by: required + +output: + file: README.md + mode: replace \ No newline at end of file diff --git a/modules/terraform-azure-nfs/README.md b/modules/terraform-azure-nfs/README.md new file mode 100644 index 0000000..f69a065 --- /dev/null +++ b/modules/terraform-azure-nfs/README.md @@ -0,0 +1,68 @@ + +# Terraform Module for Azure NFS + +This module contains resource files and example variable definition files for creation of the Azure NFS File Share required for Cloudera Machine Learning (CML) Public Cloud. + +* Provisions a storage account with Premium Tier and Disabled Https traffic only. +* Creates a NFS file share of 100 GB in the storage account +* Creates a private dns zone of type privatelink.file.core.windows.net +* Creates a VNET link between CDP workload VNET and private DNS zone +* Creates a private endpoint for NFS Storage Account (File sub-resource) for one of the subnets in the CDP VNET - this should be extended to all subnets for CML. +* Creates a public IP , security group allowing port 22 from everywhere +* Creates a ubuntu VM with public IP, security group in the CDP VNET to which private endpoint was created. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3.0 | +| [azurerm](#requirement\_azurerm) | 3.45.0 | + +## Providers + +| Name | Version | +|------|---------| +| [azuread](#provider\_azuread) | 2.39.0 | +| [azurerm](#provider\_azurerm) | 3.45.0 | + +## Usage + +The [examples](./examples) directory has example Azure Cloud Service Provider deployments for different scenarios: + +* `ex01-nfs_fileshare` uses a set of inputs for the module. + +In each directory an example `terraform.tfvars.sample` values file is included to show input variable values. + +## Resources +| Name | Type | +|------|------| +| [azurem_storage_account.nfs_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account.html) | resource | +| [azurerm_storage_share.nfs_storage_share](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_share.html) | resource | +| [azurerm_private_dns_zone.nfs_privatednszone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_public_ip.nfs_vm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | +| [azurerm_network_interface.nfsvm_nic](https://registry.terraform.io/providers/hashicorp/Azurerm/3.41.0/docs/resources/network_interface) | resource | +| [azurerm_network_security_group.nfsvm_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | +| [azurerm_network_interface_security_group_association.nfsvm_nic_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association.html) | resource | +| [azurerm_linux_virtual_machine.nfs_vm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [resourcegroup\_name](#input\_resourcegroup\_name) | CDP Resource Group | `string` | n/a | yes | +| [vent\_name](#input\_vnet\_name) | CDP Workload VNET Name | `string` | n/a | yes | +| [azure\_region](#azure\_region) | Azure Region | `string` | n/a | yes | +| [aws\_region](#nfs\_storage\_account\_name) | NFS Storage Account Name | `string` | n/a | yes | +| [env\_prefix](#env\_prefix) | Shorthand name for the environment. Used in resource descriptions | `string` | n/a | yes | +| [nfs\_file\_share\_name](#nfs\_file\_share\_name) | NFS File Share Name | `string` | n/a | yes | +| [aws\_region](#nfs\_private\_endpoint\_target\_subnet\_name) | Subnet to which Azure Files private endpoint is created | `string` | n/a | yes | +| [nfs\_file\_share\_size](#nfs\_file\_share\_size) | NFS File Share Size | `number` | 100 | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [nfs\_file\_share\_url](#output\_nfs\_file\_share\_url) | NFS File Share Url | +| [nfs\_vm\_public\_ip](#output\_nfs\_vm\_public\_ip) | Public IP of VM to manage NFS | diff --git a/modules/terraform-azure-nfs/data.tf b/modules/terraform-azure-nfs/data.tf new file mode 100644 index 0000000..165daee --- /dev/null +++ b/modules/terraform-azure-nfs/data.tf @@ -0,0 +1,24 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +data "azurerm_subnet" "nfs_subnet" { + name = var.nfs_private_endpoint_target_subnet_name + virtual_network_name = var.vnet_name + resource_group_name = var.resourcegroup_name +} + +data "azurerm_virtual_network" "nfs_vnet" { + name = var.vnet_name + resource_group_name = var.resourcegroup_name +} \ No newline at end of file diff --git a/modules/terraform-azure-nfs/defaults.tf b/modules/terraform-azure-nfs/defaults.tf new file mode 100644 index 0000000..5680fb6 --- /dev/null +++ b/modules/terraform-azure-nfs/defaults.tf @@ -0,0 +1,17 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +locals { + nfs_file_share_size = 100 +} diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/.terraform-docs.yaml b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/.terraform-docs.yaml new file mode 100644 index 0000000..0936036 --- /dev/null +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/.terraform-docs.yaml @@ -0,0 +1,21 @@ +formatter: markdown +header-from: doc_fragments/header.md +settings: + anchor: true + color: true + default: true + escape: true + html: true + indent: 2 + required: true + sensitive: true + type: true + + +sort: + enabled: true + by: required + +output: + file: README.md + mode: replace \ No newline at end of file diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf new file mode 100644 index 0000000..6701468 --- /dev/null +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf @@ -0,0 +1,27 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +module "ex01_nfs_filesahre" { + source = "../.." + + resourcegroup_name = var.resourcegroup_name + azure_region = var.azure_region + nfs_file_share_name = var.nfs_file_share_size + nfs_file_share_size = var.nfs_file_share_size + nfs_private_endpoint_target_subnet_name = var.nfs_private_endpoint_target_subnet_name + vnet_name = var.vnet_name + env_prefix = var.env_prefix + nfs_storage_account_name = var.nfs_storage_account_name + +} diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/provider.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/provider.tf new file mode 100644 index 0000000..c3e28f7 --- /dev/null +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/provider.tf @@ -0,0 +1,29 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.11.0, <4.0" + } + } + + required_version = ">= 1.3.0" +} + +provider "azurerm" { + skip_provider_registration = true # This is only required when the User, Service Principal, or Identity running Terraform lacks the permissions to register Azure Resource Providers. + features {} +} diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/terraform.tfvars.sample b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/terraform.tfvars.sample new file mode 100644 index 0000000..b291f6b --- /dev/null +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/terraform.tfvars.sample @@ -0,0 +1,26 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# ------- Global settings ------- +env_prefix = "" # Required name prefix for cloud and CDP resources, e.g. cldr1 + +# ------- Cloud Settings ------- +azure_region = "" # Change this to specify Cloud Provider region, e.g. eastus + +resourcegroup_name = "" +nfs_file_share_name = "" +nfs_file_share_size = +nfs_private_endpoint_target_subnet_name = "" +vnet_name = "" +nfs_storage_account_name = "" \ No newline at end of file diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/variables.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/variables.tf new file mode 100644 index 0000000..998cd64 --- /dev/null +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/variables.tf @@ -0,0 +1,58 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +variable "resourcegroup_name" { + type = string + description = "Resource Group Name" +} + +variable "vnet_name" { + type = string + description = "Vnet name" + +} + + +variable "azure_region" { + type = string + description = "Region for CDP" + +} + +variable "env_prefix" { + type = string + description = "Shorthand name for the environment. Used in resource descriptions" +} + + +variable "nfs_file_share_name" { + type = string + description = "nfs file share name" +} + +variable "nfs_private_endpoint_target_subnet_name" { + type = string + description = "Subnet to which private endpoint is created" +} + +variable "nfs_storage_account_name" { + type = string + description = "NFS Storage account name" +} + +variable "nfs_file_share_size" { + type = number + description = "NFS File Share size" +} \ No newline at end of file diff --git a/modules/terraform-azure-nfs/main.tf b/modules/terraform-azure-nfs/main.tf new file mode 100644 index 0000000..49639b3 --- /dev/null +++ b/modules/terraform-azure-nfs/main.tf @@ -0,0 +1,142 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "azurerm_storage_account" "nfs_storage_account" { + name = var.nfs_storage_account_name + resource_group_name = var.resourcegroup_name + location = var.azure_region + account_tier = "Premium" + account_replication_type = "LRS" + account_kind = "FileStorage" + enable_https_traffic_only = false +} + + +resource "azurerm_storage_share" "nfs_storage_share" { + name = var.nfs_file_share_name + storage_account_name = azurerm_storage_account.nfs_storage_account.name + enabled_protocol = "NFS" + quota = var.nfs_file_share_size +} + + +resource "azurerm_private_dns_zone" "nfs_privatednszone" { + name = "privatelink.file.core.windows.net" + resource_group_name = var.resourcegroup_name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "nfs_vnet_link" { + name = "${var.env_prefix}_vnetlink" + resource_group_name = var.resourcegroup_name + private_dns_zone_name = azurerm_private_dns_zone.nfs_privatednszone.name + virtual_network_id = data.azurerm_virtual_network.nfs_vnet.id +} + + +resource "azurerm_private_endpoint" "nfs_private_endpoint" { + name = "${var.env_prefix}_${data.azurerm_subnet.nfs_subnet.name}_nfs_private_endpoint" + location = var.azure_region + resource_group_name = var.resourcegroup_name + subnet_id = data.azurerm_subnet.nfs_subnet.id + + private_service_connection { + name = "nfs-privateserviceconnection" + private_connection_resource_id = azurerm_storage_account.nfs_storage_account.id + subresource_names = [ + + "file", + ] + is_manual_connection = false + } + + private_dns_zone_group { + name = "nfs-dns-zone-group" + private_dns_zone_ids = [ + azurerm_private_dns_zone.nfs_privatednszone.id] + } +} + +resource "azurerm_public_ip" "nfsvm_public_ip" { + name = "${var.env_prefix}nfsvm-publicip" + resource_group_name = var.resourcegroup_name + location = var.azure_region + allocation_method = "Static" + sku = "Standard" +} + +resource "azurerm_network_interface" "nfsvm_nic" { + name = "${var.env_prefix}nfsvm-nic" + resource_group_name = var.resourcegroup_name + location = var.azure_region + + ip_configuration { + name = "internal" + subnet_id = data.azurerm_subnet.nfs_subnet.id + private_ip_address_allocation = "Dynamic" + public_ip_address_id = azurerm_public_ip.nfsvm_public_ip.id + } +} + +resource "azurerm_network_security_group" "nfsvm_sg" { + name = "${var.env_prefix}nfsvm-sg" + resource_group_name = var.resourcegroup_name + location = var.azure_region + + security_rule { + name = "allowssh" + priority = 100 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "22" + source_address_prefix = "*" + destination_address_prefix = "*" + } +} + +resource "azurerm_network_interface_security_group_association" "nfsvm_nic_sg" { + network_interface_id = azurerm_network_interface.nfsvm_nic.id + network_security_group_id = azurerm_network_security_group.nfsvm_sg.id +} + + +resource "azurerm_linux_virtual_machine" "nfs_vm" { + name = "${var.env_prefix}nfsvm" + resource_group_name = var.resourcegroup_name + location = var.azure_region + size = "Standard_F2" + admin_username = "adminuser" + network_interface_ids = [ + azurerm_network_interface.nfsvm_nic.id, + ] + + admin_ssh_key { + username = "adminuser" + public_key = file("~/.ssh/id_rsa.pub") + } + + os_disk { + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + } + + source_image_reference { + publisher = "Canonical" + offer = "0001-com-ubuntu-server-focal" + sku = "20_04-lts" + version = "latest" + } +} + diff --git a/modules/terraform-azure-nfs/outputs.tf b/modules/terraform-azure-nfs/outputs.tf new file mode 100644 index 0000000..a149b29 --- /dev/null +++ b/modules/terraform-azure-nfs/outputs.tf @@ -0,0 +1,24 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +output "nfs_file_share_url" { + value = azurerm_storage_share.nfs_storage_share.url + description = "NFS File Share url" +} + +output "nfs_vm_public_ip" { + value = azurerm_public_ip.nfsvm_public_ip.ip_address + description = "NFS VM public IP address" +} diff --git a/modules/terraform-azure-nfs/provider.tf b/modules/terraform-azure-nfs/provider.tf new file mode 100644 index 0000000..937a858 --- /dev/null +++ b/modules/terraform-azure-nfs/provider.tf @@ -0,0 +1,28 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.11.0, <4.0" + } + } + + required_version = ">= 1.3.0" +} +provider "azurerm" { + skip_provider_registration = true # This is only required when the User, Service Principal, or Identity running Terraform lacks the permissions to register Azure Resource Providers. + features {} +} diff --git a/modules/terraform-azure-nfs/variables.tf b/modules/terraform-azure-nfs/variables.tf new file mode 100644 index 0000000..d4e73eb --- /dev/null +++ b/modules/terraform-azure-nfs/variables.tf @@ -0,0 +1,60 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +variable "resourcegroup_name" { + type = string + description = "Resource Group Name" +} + +variable "vnet_name" { + type = string + description = "Vnet name" + +} + + +variable "azure_region" { + type = string + description = "Region for CDP" + +} + +variable "env_prefix" { + type = string + description = "Shorthand name for the environment. Used in resource descriptions" +} + + +variable "nfs_file_share_name" { + type = string + description = "nfs file share name" +} + + +variable "nfs_private_endpoint_target_subnet_name" { + type = string + description = "Subnet to which private endpoint is created" +} + +variable "nfs_storage_account_name" { + type = string + description = "NFS Storage account name" +} + +variable "nfs_file_share_size" { + type = number + description = "NFS File Share size" + +} \ No newline at end of file From 01e7296345bfb6a89c9bc38807546a4272d238df Mon Sep 17 00:00:00 2001 From: tsharma Date: Mon, 23 Oct 2023 13:32:49 +0530 Subject: [PATCH 02/15] Add output flags Signed-off-by: tsharma --- .../examples/ex01-nfs_fileshare/main.tf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf index 6701468..36dfd31 100644 --- a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf @@ -25,3 +25,10 @@ module "ex01_nfs_filesahre" { nfs_storage_account_name = var.nfs_storage_account_name } + +output "nfs_file_share_url" { + value = module.ex01_nfs_filesahre.nfs_file_share_url +} +output "nfs_vm_public_ip" { + value = module.ex01_nfs_filesahre.nfs_vm_public_ip +} \ No newline at end of file From 8bd12fd26444e8f9d22fda8633faf0e9b27dd35d Mon Sep 17 00:00:00 2001 From: tsharma Date: Mon, 23 Oct 2023 20:02:42 +0530 Subject: [PATCH 03/15] Addressing Review comments, also made subnets a list Signed-off-by: tsharma --- modules/terraform-azure-nfs/README.md | 72 ++++++----- modules/terraform-azure-nfs/data.tf | 11 +- modules/terraform-azure-nfs/defaults.tf | 2 +- .../ex01-nfs_fileshare/.terraform-docs.yaml | 21 ---- .../examples/ex01-nfs_fileshare/main.tf | 36 ++++-- .../terraform.tfvars.sample | 14 ++- .../examples/ex01-nfs_fileshare/variables.tf | 60 ++++++++-- modules/terraform-azure-nfs/main.tf | 112 ++++++++++-------- modules/terraform-azure-nfs/outputs.tf | 9 +- modules/terraform-azure-nfs/variables.tf | 52 ++++++-- 10 files changed, 247 insertions(+), 142 deletions(-) delete mode 100644 modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/.terraform-docs.yaml diff --git a/modules/terraform-azure-nfs/README.md b/modules/terraform-azure-nfs/README.md index f69a065..36c3018 100644 --- a/modules/terraform-azure-nfs/README.md +++ b/modules/terraform-azure-nfs/README.md @@ -7,62 +7,78 @@ This module contains resource files and example variable definition files for cr * Creates a NFS file share of 100 GB in the storage account * Creates a private dns zone of type privatelink.file.core.windows.net * Creates a VNET link between CDP workload VNET and private DNS zone -* Creates a private endpoint for NFS Storage Account (File sub-resource) for one of the subnets in the CDP VNET - this should be extended to all subnets for CML. +* Creates a private endpoint for NFS Storage Account (File sub-resource) for the specified subnets in the CDP VNET. * Creates a public IP , security group allowing port 22 from everywhere -* Creates a ubuntu VM with public IP, security group in the CDP VNET to which private endpoint was created. +* Creates a ubuntu VM with public IP, security group in the CDP Subnets to which private endpoint was created. +## Usage + +The [examples](./examples) directory has example Azure Cloud Service Provider deployments for different scenarios: + +* `ex01-nfs_fileshare` uses a set of inputs for the module. + +In each directory an example `terraform.tfvars.sample` values file is included to show input variable values. ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | -| [azurerm](#requirement\_azurerm) | 3.45.0 | +| [azurerm](#requirement\_azurerm) | >=3.11.0, <4.0 | ## Providers | Name | Version | |------|---------| -| [azuread](#provider\_azuread) | 2.39.0 | -| [azurerm](#provider\_azurerm) | 3.45.0 | - -## Usage +| [azurerm](#provider\_azurerm) | >=3.11.0, <4.0 | -The [examples](./examples) directory has example Azure Cloud Service Provider deployments for different scenarios: +## Modules -* `ex01-nfs_fileshare` uses a set of inputs for the module. - -In each directory an example `terraform.tfvars.sample` values file is included to show input variable values. +No modules. ## Resources + | Name | Type | |------|------| -| [azurem_storage_account.nfs_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account.html) | resource | -| [azurerm_storage_share.nfs_storage_share](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_share.html) | resource | +| [azurerm_linux_virtual_machine.nfs_vm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) | resource | +| [azurerm_network_interface.nfsvm_nic](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource | +| [azurerm_network_interface_security_group_association.nfsvm_nic_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association) | resource | +| [azurerm_network_security_group.nfsvm_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | +| [azurerm_network_security_rule.nfsvm_sg_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource | | [azurerm_private_dns_zone.nfs_privatednszone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | | [azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_public_ip.nfs_vm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | -| [azurerm_network_interface.nfsvm_nic](https://registry.terraform.io/providers/hashicorp/Azurerm/3.41.0/docs/resources/network_interface) | resource | -| [azurerm_network_security_group.nfsvm_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | -| [azurerm_network_interface_security_group_association.nfsvm_nic_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association.html) | resource | -| [azurerm_linux_virtual_machine.nfs_vm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) | resource | +| [azurerm_private_endpoint.nfs_private_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_public_ip.nfsvm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | +| [azurerm_storage_account.nfs_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource | +| [azurerm_storage_share.nfs_storage_share](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_share) | resource | +| [azurerm_subnet.nfs_subnets](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | +| [azurerm_virtual_network.nfs_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [resourcegroup\_name](#input\_resourcegroup\_name) | CDP Resource Group | `string` | n/a | yes | -| [vent\_name](#input\_vnet\_name) | CDP Workload VNET Name | `string` | n/a | yes | -| [azure\_region](#azure\_region) | Azure Region | `string` | n/a | yes | -| [aws\_region](#nfs\_storage\_account\_name) | NFS Storage Account Name | `string` | n/a | yes | -| [env\_prefix](#env\_prefix) | Shorthand name for the environment. Used in resource descriptions | `string` | n/a | yes | -| [nfs\_file\_share\_name](#nfs\_file\_share\_name) | NFS File Share Name | `string` | n/a | yes | -| [aws\_region](#nfs\_private\_endpoint\_target\_subnet\_name) | Subnet to which Azure Files private endpoint is created | `string` | n/a | yes | -| [nfs\_file\_share\_size](#nfs\_file\_share\_size) | NFS File Share Size | `number` | 100 | yes | +| [azure\_region](#input\_azure\_region) | Region for CDP | `string` | n/a | yes | +| [nfs\_file\_share\_name](#input\_nfs\_file\_share\_name) | nfs file share name | `string` | n/a | yes | +| [nfs\_private\_endpoint\_target\_subnet\_names](#input\_nfs\_private\_endpoint\_target\_subnet\_names) | Subnet to which private endpoints are created | `list(string)` | n/a | yes | +| [nfs\_storage\_account\_name](#input\_nfs\_storage\_account\_name) | NFS Storage account name | `string` | n/a | yes | +| [nfs\_vnet\_link\_name](#input\_nfs\_vnet\_link\_name) | Name for NFS VNET Link | `string` | n/a | yes | +| [nfsvm\_name](#input\_nfsvm\_name) | Name for NFS VM | `string` | n/a | yes | +| [nfsvm\_nic\_name](#input\_nfsvm\_nic\_name) | Name for NFS VM NIC | `string` | n/a | yes | +| [nfsvm\_public\_ip\_name](#input\_nfsvm\_public\_ip\_name) | Name for NFS VM Public IP | `string` | n/a | yes | +| [nfsvm\_sg\_name](#input\_nfsvm\_sg\_name) | Name for NFS VM Security Group | `string` | n/a | yes | +| [private\_endpoint\_prefix](#input\_private\_endpoint\_prefix) | Shorthand name for the environment. Used in resource descriptions | `string` | n/a | yes | +| [public\_key\_text](#input\_public\_key\_text) | SSH Public key string for the nodes of the CDP environment | `string` | n/a | yes | +| [resourcegroup\_name](#input\_resourcegroup\_name) | Resource Group Name | `string` | n/a | yes | +| [source\_address\_prefixes](#input\_source\_address\_prefixes) | Source address prefixes for VM ssh access | `list(string)` | n/a | yes | +| [vnet\_name](#input\_vnet\_name) | Vnet name | `string` | n/a | yes | +| [nfs\_file\_share\_size](#input\_nfs\_file\_share\_size) | NFS File Share size | `number` | `100` | no | ## Outputs | Name | Description | |------|-------------| -| [nfs\_file\_share\_url](#output\_nfs\_file\_share\_url) | NFS File Share Url | -| [nfs\_vm\_public\_ip](#output\_nfs\_vm\_public\_ip) | Public IP of VM to manage NFS | +| [nfs\_file\_share\_url](#output\_nfs\_file\_share\_url) | NFS File Share url | +| [nfs\_vm\_public\_ip](#output\_nfs\_vm\_public\_ip) | NFS VM public IP address | +| [nfs\_vm\_username](#output\_nfs\_vm\_username) | NFS VM Admin Username | + \ No newline at end of file diff --git a/modules/terraform-azure-nfs/data.tf b/modules/terraform-azure-nfs/data.tf index 165daee..51f95bd 100644 --- a/modules/terraform-azure-nfs/data.tf +++ b/modules/terraform-azure-nfs/data.tf @@ -11,14 +11,17 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +data "azurerm_subnet" "nfs_subnets" { -data "azurerm_subnet" "nfs_subnet" { - name = var.nfs_private_endpoint_target_subnet_name + for_each = toset(var.nfs_private_endpoint_target_subnet_names) + + name = each.value virtual_network_name = var.vnet_name - resource_group_name = var.resourcegroup_name + resource_group_name = var.resourcegroup_name } + data "azurerm_virtual_network" "nfs_vnet" { - name = var.vnet_name + name = var.vnet_name resource_group_name = var.resourcegroup_name } \ No newline at end of file diff --git a/modules/terraform-azure-nfs/defaults.tf b/modules/terraform-azure-nfs/defaults.tf index 5680fb6..81bc124 100644 --- a/modules/terraform-azure-nfs/defaults.tf +++ b/modules/terraform-azure-nfs/defaults.tf @@ -13,5 +13,5 @@ # limitations under the License. locals { - nfs_file_share_size = 100 + } diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/.terraform-docs.yaml b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/.terraform-docs.yaml deleted file mode 100644 index 0936036..0000000 --- a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/.terraform-docs.yaml +++ /dev/null @@ -1,21 +0,0 @@ -formatter: markdown -header-from: doc_fragments/header.md -settings: - anchor: true - color: true - default: true - escape: true - html: true - indent: 2 - required: true - sensitive: true - type: true - - -sort: - enabled: true - by: required - -output: - file: README.md - mode: replace \ No newline at end of file diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf index 36dfd31..51c9934 100644 --- a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf @@ -12,23 +12,35 @@ # See the License for the specific language governing permissions and # limitations under the License. -module "ex01_nfs_filesahre" { +module "ex01_nfs_fileshare" { source = "../.." - resourcegroup_name = var.resourcegroup_name - azure_region = var.azure_region - nfs_file_share_name = var.nfs_file_share_size - nfs_file_share_size = var.nfs_file_share_size - nfs_private_endpoint_target_subnet_name = var.nfs_private_endpoint_target_subnet_name - vnet_name = var.vnet_name - env_prefix = var.env_prefix - nfs_storage_account_name = var.nfs_storage_account_name - + resourcegroup_name = var.resourcegroup_name + azure_region = var.azure_region + nfs_file_share_name = var.nfs_file_share_name + nfs_file_share_size = var.nfs_file_share_size + nfs_private_endpoint_target_subnet_names = var.nfs_private_endpoint_target_subnet_names + vnet_name = var.vnet_name + nfs_storage_account_name = var.nfs_storage_account_name + source_address_prefixes = var.source_address_prefixes + nfsvm_nic_name = var.nfsvm_nic_name + nfsvm_public_ip_name = var.nfsvm_public_ip_name + nfsvm_sg_name = var.nfsvm_sg_name + nfs_vnet_link_name = var.nfs_vnet_link_name + nfsvm_name = var.nfsvm_name + public_key_text = var.public_key_text + private_endpoint_prefix = var.private_endpoint_prefix } output "nfs_file_share_url" { - value = module.ex01_nfs_filesahre.nfs_file_share_url + value = module.ex01_nfs_fileshare.nfs_file_share_url } output "nfs_vm_public_ip" { - value = module.ex01_nfs_filesahre.nfs_vm_public_ip + value = module.ex01_nfs_fileshare.nfs_vm_public_ip +} + + +output "nfs_vm_username" { + value = module.ex01_nfs_fileshare.nfs_vm_username + description = "NFS VM Admin Username" } \ No newline at end of file diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/terraform.tfvars.sample b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/terraform.tfvars.sample index b291f6b..5d2fc67 100644 --- a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/terraform.tfvars.sample +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/terraform.tfvars.sample @@ -12,8 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# ------- Global settings ------- -env_prefix = "" # Required name prefix for cloud and CDP resources, e.g. cldr1 +private_endpoint_prefix = "" # ------- Cloud Settings ------- azure_region = "" # Change this to specify Cloud Provider region, e.g. eastus @@ -21,6 +20,13 @@ azure_region = "" # Change this to specify Cloud Provider region, e resourcegroup_name = "" nfs_file_share_name = "" nfs_file_share_size = -nfs_private_endpoint_target_subnet_name = "" +nfs_private_endpoint_target_subnet_names = ["", ""] vnet_name = "" -nfs_storage_account_name = "" \ No newline at end of file +nfs_storage_account_name = "" +nfsvm_public_ip_name = "" +nfsvm_nic_name = "" +nfsvm_sg_name = +nfs_vnet_link_name = "" +nfsvm_name = "" +public_key_text = "" +source_address_prefixes = ["", ""] \ No newline at end of file diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/variables.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/variables.tf index 998cd64..323b3c0 100644 --- a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/variables.tf +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/variables.tf @@ -14,45 +14,83 @@ variable "resourcegroup_name" { - type = string + type = string description = "Resource Group Name" } variable "vnet_name" { - type = string + type = string description = "Vnet name" } variable "azure_region" { - type = string + type = string description = "Region for CDP" } -variable "env_prefix" { - type = string +variable "private_endpoint_prefix" { + type = string description = "Shorthand name for the environment. Used in resource descriptions" } variable "nfs_file_share_name" { - type = string + type = string description = "nfs file share name" } -variable "nfs_private_endpoint_target_subnet_name" { - type = string - description = "Subnet to which private endpoint is created" +variable "nfs_private_endpoint_target_subnet_names" { + type = list(string) + description = "Subnets to which private endpoints are created" } variable "nfs_storage_account_name" { - type = string + type = string description = "NFS Storage account name" } variable "nfs_file_share_size" { - type = number + type = number description = "NFS File Share size" +} + + +variable "nfsvm_public_ip_name" { + type = string + description = "Name for NFS VM Public IP" +} + +variable "nfsvm_nic_name" { + type = string + description = "Name for NFS VM NIC" +} + +variable "nfsvm_sg_name" { + type = string + description = "Name for NFS VM Security Group" +} + +variable "nfs_vnet_link_name" { + type = string + description = "Name for NFS VNET Link" +} + + +variable "nfsvm_name" { + type = string + description = "Name for NFS VM" +} + +variable "public_key_text" { + type = string + + description = "SSH Public key string for the nodes of the CDP environment" +} + +variable "source_address_prefixes" { + type = list(string) + description = "Source address prefixes for VM ssh access" } \ No newline at end of file diff --git a/modules/terraform-azure-nfs/main.tf b/modules/terraform-azure-nfs/main.tf index 49639b3..8595f51 100644 --- a/modules/terraform-azure-nfs/main.tf +++ b/modules/terraform-azure-nfs/main.tf @@ -13,45 +13,48 @@ # limitations under the License. resource "azurerm_storage_account" "nfs_storage_account" { - name = var.nfs_storage_account_name - resource_group_name = var.resourcegroup_name - location = var.azure_region - account_tier = "Premium" - account_replication_type = "LRS" - account_kind = "FileStorage" + name = var.nfs_storage_account_name + resource_group_name = var.resourcegroup_name + location = var.azure_region + account_tier = "Premium" + account_replication_type = "LRS" + account_kind = "FileStorage" enable_https_traffic_only = false } resource "azurerm_storage_share" "nfs_storage_share" { - name = var.nfs_file_share_name + name = var.nfs_file_share_name storage_account_name = azurerm_storage_account.nfs_storage_account.name - enabled_protocol = "NFS" - quota = var.nfs_file_share_size + enabled_protocol = "NFS" + quota = var.nfs_file_share_size } resource "azurerm_private_dns_zone" "nfs_privatednszone" { - name = "privatelink.file.core.windows.net" + name = "privatelink.file.core.windows.net" resource_group_name = var.resourcegroup_name } resource "azurerm_private_dns_zone_virtual_network_link" "nfs_vnet_link" { - name = "${var.env_prefix}_vnetlink" - resource_group_name = var.resourcegroup_name + name = var.nfs_vnet_link_name + resource_group_name = var.resourcegroup_name private_dns_zone_name = azurerm_private_dns_zone.nfs_privatednszone.name - virtual_network_id = data.azurerm_virtual_network.nfs_vnet.id + virtual_network_id = data.azurerm_virtual_network.nfs_vnet.id } resource "azurerm_private_endpoint" "nfs_private_endpoint" { - name = "${var.env_prefix}_${data.azurerm_subnet.nfs_subnet.name}_nfs_private_endpoint" - location = var.azure_region + + for_each = data.azurerm_subnet.nfs_subnets + + name = "${var.private_endpoint_prefix}_${each.value.name}_nfs_private_endpoint" + location = var.azure_region resource_group_name = var.resourcegroup_name - subnet_id = data.azurerm_subnet.nfs_subnet.id + subnet_id = each.value.id private_service_connection { - name = "nfs-privateserviceconnection" + name = "nfs-privateserviceconnection" private_connection_resource_id = azurerm_storage_account.nfs_storage_account.id subresource_names = [ @@ -63,80 +66,85 @@ resource "azurerm_private_endpoint" "nfs_private_endpoint" { private_dns_zone_group { name = "nfs-dns-zone-group" private_dns_zone_ids = [ - azurerm_private_dns_zone.nfs_privatednszone.id] + azurerm_private_dns_zone.nfs_privatednszone.id + ] } } resource "azurerm_public_ip" "nfsvm_public_ip" { - name = "${var.env_prefix}nfsvm-publicip" + name = var.nfsvm_public_ip_name resource_group_name = var.resourcegroup_name - location = var.azure_region - allocation_method = "Static" - sku = "Standard" + location = var.azure_region + allocation_method = "Static" + sku = "Standard" } resource "azurerm_network_interface" "nfsvm_nic" { - name = "${var.env_prefix}nfsvm-nic" + name = var.nfsvm_nic_name resource_group_name = var.resourcegroup_name - location = var.azure_region + location = var.azure_region ip_configuration { - name = "internal" - subnet_id = data.azurerm_subnet.nfs_subnet.id + name = "internal" + subnet_id = data.azurerm_subnet.nfs_subnets[var.nfs_private_endpoint_target_subnet_names[0]].id private_ip_address_allocation = "Dynamic" - public_ip_address_id = azurerm_public_ip.nfsvm_public_ip.id + public_ip_address_id = azurerm_public_ip.nfsvm_public_ip.id } } resource "azurerm_network_security_group" "nfsvm_sg" { - name = "${var.env_prefix}nfsvm-sg" + name = var.nfsvm_sg_name resource_group_name = var.resourcegroup_name - location = var.azure_region - - security_rule { - name = "allowssh" - priority = 100 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "22" - source_address_prefix = "*" - destination_address_prefix = "*" - } + location = var.azure_region } + +resource "azurerm_network_security_rule" "nfsvm_sg_rule" { + name = "allowssh" + priority = 100 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "22" + source_address_prefixes = var.source_address_prefixes + destination_address_prefix = "*" + resource_group_name = var.resourcegroup_name + network_security_group_name = azurerm_network_security_group.nfsvm_sg.name +} + + resource "azurerm_network_interface_security_group_association" "nfsvm_nic_sg" { - network_interface_id = azurerm_network_interface.nfsvm_nic.id + network_interface_id = azurerm_network_interface.nfsvm_nic.id network_security_group_id = azurerm_network_security_group.nfsvm_sg.id } resource "azurerm_linux_virtual_machine" "nfs_vm" { - name = "${var.env_prefix}nfsvm" + name = var.nfsvm_name resource_group_name = var.resourcegroup_name - location = var.azure_region - size = "Standard_F2" - admin_username = "adminuser" + location = var.azure_region + size = "Standard_F2" + admin_username = "adminuser" network_interface_ids = [ azurerm_network_interface.nfsvm_nic.id, ] admin_ssh_key { - username = "adminuser" - public_key = file("~/.ssh/id_rsa.pub") + username = "adminuser" + public_key = var.public_key_text } os_disk { - caching = "ReadWrite" + caching = "ReadWrite" storage_account_type = "Standard_LRS" } source_image_reference { publisher = "Canonical" - offer = "0001-com-ubuntu-server-focal" - sku = "20_04-lts" - version = "latest" + offer = "0001-com-ubuntu-server-focal" + sku = "20_04-lts" + version = "latest" } } diff --git a/modules/terraform-azure-nfs/outputs.tf b/modules/terraform-azure-nfs/outputs.tf index a149b29..c0b6d59 100644 --- a/modules/terraform-azure-nfs/outputs.tf +++ b/modules/terraform-azure-nfs/outputs.tf @@ -14,11 +14,16 @@ output "nfs_file_share_url" { - value = azurerm_storage_share.nfs_storage_share.url + value = azurerm_storage_share.nfs_storage_share.url description = "NFS File Share url" } output "nfs_vm_public_ip" { - value = azurerm_public_ip.nfsvm_public_ip.ip_address + value = azurerm_public_ip.nfsvm_public_ip.ip_address description = "NFS VM public IP address" } + +output "nfs_vm_username" { + value = azurerm_linux_virtual_machine.nfs_vm.admin_username + description = "NFS VM Admin Username" +} \ No newline at end of file diff --git a/modules/terraform-azure-nfs/variables.tf b/modules/terraform-azure-nfs/variables.tf index d4e73eb..9cb3846 100644 --- a/modules/terraform-azure-nfs/variables.tf +++ b/modules/terraform-azure-nfs/variables.tf @@ -31,30 +31,68 @@ variable "azure_region" { } -variable "env_prefix" { +variable "private_endpoint_prefix" { type = string description = "Shorthand name for the environment. Used in resource descriptions" } variable "nfs_file_share_name" { - type = string + type = string description = "nfs file share name" } -variable "nfs_private_endpoint_target_subnet_name" { - type = string - description = "Subnet to which private endpoint is created" +variable "nfs_private_endpoint_target_subnet_names" { + type = list(string) + description = "Subnet to which private endpoints are created" } variable "nfs_storage_account_name" { - type = string + type = string description = "NFS Storage account name" } variable "nfs_file_share_size" { - type = number + type = number description = "NFS File Share size" + default = 100 + +} + +variable "nfsvm_public_ip_name" { + type = string + description = "Name for NFS VM Public IP" +} + +variable "nfsvm_nic_name" { + type = string + description = "Name for NFS VM NIC" +} + +variable "nfsvm_sg_name" { + type = string + description = "Name for NFS VM Security Group" +} + +variable "nfs_vnet_link_name" { + type = string + description = "Name for NFS VNET Link" +} + + +variable "nfsvm_name" { + type = string + description = "Name for NFS VM" +} + +variable "public_key_text" { + type = string + + description = "SSH Public key string for the nodes of the CDP environment" +} +variable "source_address_prefixes" { + type = list(string) + description = "Source address prefixes for VM ssh access" } \ No newline at end of file From 6cb0149694d04142cc1ab5a55363a6e72e105f57 Mon Sep 17 00:00:00 2001 From: tsharma Date: Mon, 23 Oct 2023 20:12:53 +0530 Subject: [PATCH 04/15] Missed doc fragments Signed-off-by: tsharma --- .../doc_fragments/header.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 modules/terraform-azure-nfs/doc_fragments/header.md diff --git a/modules/terraform-azure-nfs/doc_fragments/header.md b/modules/terraform-azure-nfs/doc_fragments/header.md new file mode 100644 index 0000000..21d094c --- /dev/null +++ b/modules/terraform-azure-nfs/doc_fragments/header.md @@ -0,0 +1,19 @@ +# Terraform Module for Azure NFS + +This module contains resource files and example variable definition files for creation of the Azure NFS File Share required for Cloudera Machine Learning (CML) Public Cloud. + +* Provisions a storage account with Premium Tier and Disabled Https traffic only. +* Creates a NFS file share of 100 GB in the storage account +* Creates a private dns zone of type privatelink.file.core.windows.net +* Creates a VNET link between CDP workload VNET and private DNS zone +* Creates a private endpoint for NFS Storage Account (File sub-resource) for the specified subnets in the CDP VNET. +* Creates a public IP , security group allowing port 22 from everywhere +* Creates a ubuntu VM with public IP, security group in the CDP Subnets to which private endpoint was created. + +## Usage + +The [examples](./examples) directory has example Azure Cloud Service Provider deployments for different scenarios: + +* `ex01-nfs_fileshare` uses a set of inputs for the module. + +In each directory an example `terraform.tfvars.sample` values file is included to show input variable values. From 29bd13ae0308ac8baf75b6c552cda4cb4cd63752 Mon Sep 17 00:00:00 2001 From: tsharma Date: Wed, 25 Oct 2023 12:30:24 +0530 Subject: [PATCH 05/15] 1. Add support to auto-mount NFS on created VM via custom_data. 2. Add conditional provisioning of VM Signed-off-by: tsharma --- modules/terraform-azure-nfs/README.md | 7 +- .../examples/ex01-nfs_fileshare/main.tf | 5 + .../examples/ex01-nfs_fileshare/provider.tf | 4 + modules/terraform-azure-nfs/main.tf | 78 ------------- .../terraform-azure-nfs/mount_nfs_on_vm.sh | 6 + modules/terraform-azure-nfs/outputs.tf | 9 +- modules/terraform-azure-nfs/provider.tf | 4 + modules/terraform-azure-nfs/variables.tf | 6 + modules/terraform-azure-nfs/vm.tf | 108 ++++++++++++++++++ 9 files changed, 146 insertions(+), 81 deletions(-) create mode 100644 modules/terraform-azure-nfs/mount_nfs_on_vm.sh create mode 100644 modules/terraform-azure-nfs/vm.tf diff --git a/modules/terraform-azure-nfs/README.md b/modules/terraform-azure-nfs/README.md index 36c3018..4011048 100644 --- a/modules/terraform-azure-nfs/README.md +++ b/modules/terraform-azure-nfs/README.md @@ -25,12 +25,14 @@ In each directory an example `terraform.tfvars.sample` values file is included t |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | | [azurerm](#requirement\_azurerm) | >=3.11.0, <4.0 | +| [template](#requirement\_template) | >= 2.1 | ## Providers | Name | Version | |------|---------| -| [azurerm](#provider\_azurerm) | >=3.11.0, <4.0 | +| [azurerm](#provider\_azurerm) | 3.77.0 | +| [template](#provider\_template) | 2.2.0 | ## Modules @@ -53,6 +55,7 @@ No modules. | [azurerm_storage_share.nfs_storage_share](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_share) | resource | | [azurerm_subnet.nfs_subnets](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_virtual_network.nfs_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | +| [template_file.vm-cloud-init](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | ## Inputs @@ -72,6 +75,7 @@ No modules. | [resourcegroup\_name](#input\_resourcegroup\_name) | Resource Group Name | `string` | n/a | yes | | [source\_address\_prefixes](#input\_source\_address\_prefixes) | Source address prefixes for VM ssh access | `list(string)` | n/a | yes | | [vnet\_name](#input\_vnet\_name) | Vnet name | `string` | n/a | yes | +| [create\_vm\_mounting\_nfs](#input\_create\_vm\_mounting\_nfs) | Whether to create a VM which mounts this NFS | `bool` | `true` | no | | [nfs\_file\_share\_size](#input\_nfs\_file\_share\_size) | NFS File Share size | `number` | `100` | no | ## Outputs @@ -79,6 +83,7 @@ No modules. | Name | Description | |------|-------------| | [nfs\_file\_share\_url](#output\_nfs\_file\_share\_url) | NFS File Share url | +| [nfs\_vm\_mount\_path](#output\_nfs\_vm\_mount\_path) | Path where NFS is mounted on the VM | | [nfs\_vm\_public\_ip](#output\_nfs\_vm\_public\_ip) | NFS VM public IP address | | [nfs\_vm\_username](#output\_nfs\_vm\_username) | NFS VM Admin Username | \ No newline at end of file diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf index 51c9934..fe4269b 100644 --- a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf @@ -43,4 +43,9 @@ output "nfs_vm_public_ip" { output "nfs_vm_username" { value = module.ex01_nfs_fileshare.nfs_vm_username description = "NFS VM Admin Username" +} + +output "nfs_vm_mount_path" { + value = module.ex01_nfs_fileshare.nfs_vm_mount_path + description = "Path where NFS is mounted on the VM" } \ No newline at end of file diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/provider.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/provider.tf index c3e28f7..02d9d1f 100644 --- a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/provider.tf +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/provider.tf @@ -18,6 +18,10 @@ terraform { source = "hashicorp/azurerm" version = ">=3.11.0, <4.0" } + template = { + source = "hashicorp/template" + version = ">= 2.1" + } } required_version = ">= 1.3.0" diff --git a/modules/terraform-azure-nfs/main.tf b/modules/terraform-azure-nfs/main.tf index 8595f51..b49e240 100644 --- a/modules/terraform-azure-nfs/main.tf +++ b/modules/terraform-azure-nfs/main.tf @@ -70,81 +70,3 @@ resource "azurerm_private_endpoint" "nfs_private_endpoint" { ] } } - -resource "azurerm_public_ip" "nfsvm_public_ip" { - name = var.nfsvm_public_ip_name - resource_group_name = var.resourcegroup_name - location = var.azure_region - allocation_method = "Static" - sku = "Standard" -} - -resource "azurerm_network_interface" "nfsvm_nic" { - name = var.nfsvm_nic_name - resource_group_name = var.resourcegroup_name - location = var.azure_region - - ip_configuration { - name = "internal" - subnet_id = data.azurerm_subnet.nfs_subnets[var.nfs_private_endpoint_target_subnet_names[0]].id - private_ip_address_allocation = "Dynamic" - public_ip_address_id = azurerm_public_ip.nfsvm_public_ip.id - } -} - -resource "azurerm_network_security_group" "nfsvm_sg" { - name = var.nfsvm_sg_name - resource_group_name = var.resourcegroup_name - location = var.azure_region -} - - -resource "azurerm_network_security_rule" "nfsvm_sg_rule" { - name = "allowssh" - priority = 100 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "22" - source_address_prefixes = var.source_address_prefixes - destination_address_prefix = "*" - resource_group_name = var.resourcegroup_name - network_security_group_name = azurerm_network_security_group.nfsvm_sg.name -} - - -resource "azurerm_network_interface_security_group_association" "nfsvm_nic_sg" { - network_interface_id = azurerm_network_interface.nfsvm_nic.id - network_security_group_id = azurerm_network_security_group.nfsvm_sg.id -} - - -resource "azurerm_linux_virtual_machine" "nfs_vm" { - name = var.nfsvm_name - resource_group_name = var.resourcegroup_name - location = var.azure_region - size = "Standard_F2" - admin_username = "adminuser" - network_interface_ids = [ - azurerm_network_interface.nfsvm_nic.id, - ] - - admin_ssh_key { - username = "adminuser" - public_key = var.public_key_text - } - - os_disk { - caching = "ReadWrite" - storage_account_type = "Standard_LRS" - } - - source_image_reference { - publisher = "Canonical" - offer = "0001-com-ubuntu-server-focal" - sku = "20_04-lts" - version = "latest" - } -} - diff --git a/modules/terraform-azure-nfs/mount_nfs_on_vm.sh b/modules/terraform-azure-nfs/mount_nfs_on_vm.sh new file mode 100644 index 0000000..fd1d16d --- /dev/null +++ b/modules/terraform-azure-nfs/mount_nfs_on_vm.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +apt-get -y update +apt-get -y install nfs-common +mkdir -p /mount/${nfs_storage_account_name}/${nfs_file_share_name} +mount -t nfs ${nfs_storage_account_name}.file.core.windows.net:/${nfs_storage_account_name}/${nfs_file_share_name} /mount/${nfs_storage_account_name}/${nfs_file_share_name} -o vers=4,minorversion=1,sec=sys \ No newline at end of file diff --git a/modules/terraform-azure-nfs/outputs.tf b/modules/terraform-azure-nfs/outputs.tf index c0b6d59..47b140a 100644 --- a/modules/terraform-azure-nfs/outputs.tf +++ b/modules/terraform-azure-nfs/outputs.tf @@ -19,11 +19,16 @@ output "nfs_file_share_url" { } output "nfs_vm_public_ip" { - value = azurerm_public_ip.nfsvm_public_ip.ip_address + value = var.create_vm_mounting_nfs ? azurerm_public_ip.nfsvm_public_ip[0].ip_address : null description = "NFS VM public IP address" } output "nfs_vm_username" { - value = azurerm_linux_virtual_machine.nfs_vm.admin_username + value = var.create_vm_mounting_nfs ? azurerm_linux_virtual_machine.nfs_vm[0].admin_username : null description = "NFS VM Admin Username" +} + +output "nfs_vm_mount_path" { + value = var.create_vm_mounting_nfs ? "/mount/${var.nfs_storage_account_name}/${var.nfs_file_share_name}" : null + description = "Path where NFS is mounted on the VM" } \ No newline at end of file diff --git a/modules/terraform-azure-nfs/provider.tf b/modules/terraform-azure-nfs/provider.tf index 937a858..6374f87 100644 --- a/modules/terraform-azure-nfs/provider.tf +++ b/modules/terraform-azure-nfs/provider.tf @@ -18,6 +18,10 @@ terraform { source = "hashicorp/azurerm" version = ">=3.11.0, <4.0" } + template = { + source = "hashicorp/template" + version = ">= 2.1" + } } required_version = ">= 1.3.0" diff --git a/modules/terraform-azure-nfs/variables.tf b/modules/terraform-azure-nfs/variables.tf index 9cb3846..3a32cc4 100644 --- a/modules/terraform-azure-nfs/variables.tf +++ b/modules/terraform-azure-nfs/variables.tf @@ -95,4 +95,10 @@ variable "public_key_text" { variable "source_address_prefixes" { type = list(string) description = "Source address prefixes for VM ssh access" +} + +variable "create_vm_mounting_nfs" { + type = bool + description = "Whether to create a VM which mounts this NFS" + default = true } \ No newline at end of file diff --git a/modules/terraform-azure-nfs/vm.tf b/modules/terraform-azure-nfs/vm.tf new file mode 100644 index 0000000..865acfd --- /dev/null +++ b/modules/terraform-azure-nfs/vm.tf @@ -0,0 +1,108 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +resource "azurerm_public_ip" "nfsvm_public_ip" { + count = var.create_vm_mounting_nfs ? 1 : 0 + name = var.nfsvm_public_ip_name + resource_group_name = var.resourcegroup_name + location = var.azure_region + allocation_method = "Static" + sku = "Standard" +} + +resource "azurerm_network_interface" "nfsvm_nic" { + count = var.create_vm_mounting_nfs ? 1 : 0 + name = var.nfsvm_nic_name + resource_group_name = var.resourcegroup_name + location = var.azure_region + + ip_configuration { + name = "internal" + subnet_id = data.azurerm_subnet.nfs_subnets[var.nfs_private_endpoint_target_subnet_names[0]].id + private_ip_address_allocation = "Dynamic" + public_ip_address_id = azurerm_public_ip.nfsvm_public_ip[count.index].id + } +} + +resource "azurerm_network_security_group" "nfsvm_sg" { + count = var.create_vm_mounting_nfs ? 1 : 0 + name = var.nfsvm_sg_name + resource_group_name = var.resourcegroup_name + location = var.azure_region +} + + +resource "azurerm_network_security_rule" "nfsvm_sg_rule" { + count = var.create_vm_mounting_nfs ? 1 : 0 + name = "allowssh" + priority = 100 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "22" + source_address_prefixes = var.source_address_prefixes + destination_address_prefix = "*" + resource_group_name = var.resourcegroup_name + network_security_group_name = azurerm_network_security_group.nfsvm_sg[count.index].name +} + + +resource "azurerm_network_interface_security_group_association" "nfsvm_nic_sg" { + count = var.create_vm_mounting_nfs ? 1 : 0 + network_interface_id = azurerm_network_interface.nfsvm_nic[count.index].id + network_security_group_id = azurerm_network_security_group.nfsvm_sg[count.index].id +} + + +data "template_file" "vm-cloud-init" { + template = file("${path.module}/mount_nfs_on_vm.sh") + vars = { + nfs_file_share_name = var.nfs_file_share_name + nfs_storage_account_name = var.nfs_storage_account_name + } +} + + +resource "azurerm_linux_virtual_machine" "nfs_vm" { + count = var.create_vm_mounting_nfs ? 1 : 0 + name = var.nfsvm_name + resource_group_name = var.resourcegroup_name + location = var.azure_region + size = "Standard_F2" + admin_username = "adminuser" + network_interface_ids = [ + azurerm_network_interface.nfsvm_nic[count.index].id, + ] + + admin_ssh_key { + username = "adminuser" + public_key = var.public_key_text + } + + os_disk { + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + } + + source_image_reference { + publisher = "Canonical" + offer = "0001-com-ubuntu-server-focal" + sku = "20_04-lts" + version = "latest" + } + + custom_data = base64encode(data.template_file.vm-cloud-init.rendered) +} From 273ae486f2b46033585e37ad4d1c4219acc58e34 Mon Sep 17 00:00:00 2001 From: tsharma Date: Wed, 25 Oct 2023 17:24:15 +0530 Subject: [PATCH 06/15] Provider standardization, use templatefile Signed-off-by: tsharma --- modules/terraform-azure-nfs/README.md | 45 +++++++++---------- .../examples/ex01-nfs_fileshare/main.tf | 8 ++++ .../examples/ex01-nfs_fileshare/provider.tf | 33 -------------- .../mount_nfs_on_vm.sh.tpl} | 0 modules/terraform-azure-nfs/provider.tf | 17 +++---- modules/terraform-azure-nfs/variables.tf | 20 +++++---- modules/terraform-azure-nfs/vm.tf | 13 ++---- 7 files changed, 54 insertions(+), 82 deletions(-) delete mode 100644 modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/provider.tf rename modules/terraform-azure-nfs/{mount_nfs_on_vm.sh => files/mount_nfs_on_vm.sh.tpl} (100%) diff --git a/modules/terraform-azure-nfs/README.md b/modules/terraform-azure-nfs/README.md index 4011048..89f10aa 100644 --- a/modules/terraform-azure-nfs/README.md +++ b/modules/terraform-azure-nfs/README.md @@ -24,15 +24,15 @@ In each directory an example `terraform.tfvars.sample` values file is included t | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | -| [azurerm](#requirement\_azurerm) | >=3.11.0, <4.0 | -| [template](#requirement\_template) | >= 2.1 | +| [azuread](#requirement\_azuread) | 2.39.0 | +| [azurerm](#requirement\_azurerm) | 3.45.0 | +| [random](#requirement\_random) | 3.4.3 | ## Providers | Name | Version | |------|---------| | [azurerm](#provider\_azurerm) | 3.77.0 | -| [template](#provider\_template) | 2.2.0 | ## Modules @@ -42,20 +42,19 @@ No modules. | Name | Type | |------|------| -| [azurerm_linux_virtual_machine.nfs_vm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) | resource | -| [azurerm_network_interface.nfsvm_nic](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource | -| [azurerm_network_interface_security_group_association.nfsvm_nic_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association) | resource | -| [azurerm_network_security_group.nfsvm_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | -| [azurerm_network_security_rule.nfsvm_sg_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource | -| [azurerm_private_dns_zone.nfs_privatednszone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | -| [azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_endpoint.nfs_private_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | -| [azurerm_public_ip.nfsvm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | -| [azurerm_storage_account.nfs_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource | -| [azurerm_storage_share.nfs_storage_share](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_share) | resource | -| [azurerm_subnet.nfs_subnets](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | -| [azurerm_virtual_network.nfs_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | -| [template_file.vm-cloud-init](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | +| [azurerm_linux_virtual_machine.nfs_vm](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/linux_virtual_machine) | resource | +| [azurerm_network_interface.nfsvm_nic](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/network_interface) | resource | +| [azurerm_network_interface_security_group_association.nfsvm_nic_sg](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/network_interface_security_group_association) | resource | +| [azurerm_network_security_group.nfsvm_sg](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/network_security_group) | resource | +| [azurerm_network_security_rule.nfsvm_sg_rule](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/network_security_rule) | resource | +| [azurerm_private_dns_zone.nfs_privatednszone](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_endpoint.nfs_private_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/private_endpoint) | resource | +| [azurerm_public_ip.nfsvm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/public_ip) | resource | +| [azurerm_storage_account.nfs_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/storage_account) | resource | +| [azurerm_storage_share.nfs_storage_share](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/storage_share) | resource | +| [azurerm_subnet.nfs_subnets](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/data-sources/subnet) | data source | +| [azurerm_virtual_network.nfs_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/data-sources/virtual_network) | data source | ## Inputs @@ -66,17 +65,17 @@ No modules. | [nfs\_private\_endpoint\_target\_subnet\_names](#input\_nfs\_private\_endpoint\_target\_subnet\_names) | Subnet to which private endpoints are created | `list(string)` | n/a | yes | | [nfs\_storage\_account\_name](#input\_nfs\_storage\_account\_name) | NFS Storage account name | `string` | n/a | yes | | [nfs\_vnet\_link\_name](#input\_nfs\_vnet\_link\_name) | Name for NFS VNET Link | `string` | n/a | yes | -| [nfsvm\_name](#input\_nfsvm\_name) | Name for NFS VM | `string` | n/a | yes | -| [nfsvm\_nic\_name](#input\_nfsvm\_nic\_name) | Name for NFS VM NIC | `string` | n/a | yes | -| [nfsvm\_public\_ip\_name](#input\_nfsvm\_public\_ip\_name) | Name for NFS VM Public IP | `string` | n/a | yes | -| [nfsvm\_sg\_name](#input\_nfsvm\_sg\_name) | Name for NFS VM Security Group | `string` | n/a | yes | | [private\_endpoint\_prefix](#input\_private\_endpoint\_prefix) | Shorthand name for the environment. Used in resource descriptions | `string` | n/a | yes | -| [public\_key\_text](#input\_public\_key\_text) | SSH Public key string for the nodes of the CDP environment | `string` | n/a | yes | | [resourcegroup\_name](#input\_resourcegroup\_name) | Resource Group Name | `string` | n/a | yes | -| [source\_address\_prefixes](#input\_source\_address\_prefixes) | Source address prefixes for VM ssh access | `list(string)` | n/a | yes | | [vnet\_name](#input\_vnet\_name) | Vnet name | `string` | n/a | yes | | [create\_vm\_mounting\_nfs](#input\_create\_vm\_mounting\_nfs) | Whether to create a VM which mounts this NFS | `bool` | `true` | no | | [nfs\_file\_share\_size](#input\_nfs\_file\_share\_size) | NFS File Share size | `number` | `100` | no | +| [nfsvm\_name](#input\_nfsvm\_name) | Name for NFS VM | `string` | `null` | no | +| [nfsvm\_nic\_name](#input\_nfsvm\_nic\_name) | Name for NFS VM NIC | `string` | `null` | no | +| [nfsvm\_public\_ip\_name](#input\_nfsvm\_public\_ip\_name) | Name for NFS VM Public IP | `string` | `null` | no | +| [nfsvm\_sg\_name](#input\_nfsvm\_sg\_name) | Name for NFS VM Security Group | `string` | `null` | no | +| [public\_key\_text](#input\_public\_key\_text) | SSH Public key string for the nodes of the CDP environment | `string` | `null` | no | +| [source\_address\_prefixes](#input\_source\_address\_prefixes) | Source address prefixes for VM ssh access | `list(string)` | `null` | no | ## Outputs diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf index fe4269b..ed59d51 100644 --- a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf @@ -12,6 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +provider "azurerm" { + features { + resource_group { + prevent_deletion_if_contains_resources = false + } + } +} + module "ex01_nfs_fileshare" { source = "../.." diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/provider.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/provider.tf deleted file mode 100644 index 02d9d1f..0000000 --- a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/provider.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2023 Cloudera, Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -terraform { - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = ">=3.11.0, <4.0" - } - template = { - source = "hashicorp/template" - version = ">= 2.1" - } - } - - required_version = ">= 1.3.0" -} - -provider "azurerm" { - skip_provider_registration = true # This is only required when the User, Service Principal, or Identity running Terraform lacks the permissions to register Azure Resource Providers. - features {} -} diff --git a/modules/terraform-azure-nfs/mount_nfs_on_vm.sh b/modules/terraform-azure-nfs/files/mount_nfs_on_vm.sh.tpl similarity index 100% rename from modules/terraform-azure-nfs/mount_nfs_on_vm.sh rename to modules/terraform-azure-nfs/files/mount_nfs_on_vm.sh.tpl diff --git a/modules/terraform-azure-nfs/provider.tf b/modules/terraform-azure-nfs/provider.tf index 6374f87..5f2d9dd 100644 --- a/modules/terraform-azure-nfs/provider.tf +++ b/modules/terraform-azure-nfs/provider.tf @@ -16,17 +16,18 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">=3.11.0, <4.0" + version = "3.45.0" } - template = { - source = "hashicorp/template" - version = ">= 2.1" + azuread = { + source = "hashicorp/azuread" + version = "2.39.0" + } + random = { + source = "hashicorp/random" + version = "3.4.3" } } required_version = ">= 1.3.0" } -provider "azurerm" { - skip_provider_registration = true # This is only required when the User, Service Principal, or Identity running Terraform lacks the permissions to register Azure Resource Providers. - features {} -} + diff --git a/modules/terraform-azure-nfs/variables.tf b/modules/terraform-azure-nfs/variables.tf index 3a32cc4..a5a8e89 100644 --- a/modules/terraform-azure-nfs/variables.tf +++ b/modules/terraform-azure-nfs/variables.tf @@ -60,41 +60,45 @@ variable "nfs_file_share_size" { } +variable "nfs_vnet_link_name" { + type = string + description = "Name for NFS VNET Link" +} + variable "nfsvm_public_ip_name" { type = string description = "Name for NFS VM Public IP" + default = null } variable "nfsvm_nic_name" { type = string description = "Name for NFS VM NIC" + default = null } variable "nfsvm_sg_name" { type = string description = "Name for NFS VM Security Group" + default = null } -variable "nfs_vnet_link_name" { - type = string - description = "Name for NFS VNET Link" -} - - variable "nfsvm_name" { type = string description = "Name for NFS VM" + default = null } variable "public_key_text" { - type = string - + type = string description = "SSH Public key string for the nodes of the CDP environment" + default = null } variable "source_address_prefixes" { type = list(string) description = "Source address prefixes for VM ssh access" + default = null } variable "create_vm_mounting_nfs" { diff --git a/modules/terraform-azure-nfs/vm.tf b/modules/terraform-azure-nfs/vm.tf index 865acfd..eb85613 100644 --- a/modules/terraform-azure-nfs/vm.tf +++ b/modules/terraform-azure-nfs/vm.tf @@ -67,15 +67,6 @@ resource "azurerm_network_interface_security_group_association" "nfsvm_nic_sg" { } -data "template_file" "vm-cloud-init" { - template = file("${path.module}/mount_nfs_on_vm.sh") - vars = { - nfs_file_share_name = var.nfs_file_share_name - nfs_storage_account_name = var.nfs_storage_account_name - } -} - - resource "azurerm_linux_virtual_machine" "nfs_vm" { count = var.create_vm_mounting_nfs ? 1 : 0 name = var.nfsvm_name @@ -104,5 +95,7 @@ resource "azurerm_linux_virtual_machine" "nfs_vm" { version = "latest" } - custom_data = base64encode(data.template_file.vm-cloud-init.rendered) + custom_data = base64encode(templatefile("${path.module}/files/mount_nfs_on_vm.sh.tpl", + { nfs_file_share_name = var.nfs_file_share_name + nfs_storage_account_name = var.nfs_storage_account_name })) } From dffb8db04dfb779b97bf64d8b4969a62697d7d5f Mon Sep 17 00:00:00 2001 From: tsharma Date: Wed, 25 Oct 2023 17:34:52 +0530 Subject: [PATCH 07/15] removed not needed providers Signed-off-by: tsharma --- modules/terraform-azure-nfs/README.md | 2 -- modules/terraform-azure-nfs/provider.tf | 8 -------- 2 files changed, 10 deletions(-) diff --git a/modules/terraform-azure-nfs/README.md b/modules/terraform-azure-nfs/README.md index 89f10aa..ddba3bd 100644 --- a/modules/terraform-azure-nfs/README.md +++ b/modules/terraform-azure-nfs/README.md @@ -24,9 +24,7 @@ In each directory an example `terraform.tfvars.sample` values file is included t | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | -| [azuread](#requirement\_azuread) | 2.39.0 | | [azurerm](#requirement\_azurerm) | 3.45.0 | -| [random](#requirement\_random) | 3.4.3 | ## Providers diff --git a/modules/terraform-azure-nfs/provider.tf b/modules/terraform-azure-nfs/provider.tf index 5f2d9dd..04ff351 100644 --- a/modules/terraform-azure-nfs/provider.tf +++ b/modules/terraform-azure-nfs/provider.tf @@ -18,14 +18,6 @@ terraform { source = "hashicorp/azurerm" version = "3.45.0" } - azuread = { - source = "hashicorp/azuread" - version = "2.39.0" - } - random = { - source = "hashicorp/random" - version = "3.4.3" - } } required_version = ">= 1.3.0" From 353ef9f6b16297652c82b85152066a13260b8c2f Mon Sep 17 00:00:00 2001 From: tsharma Date: Wed, 25 Oct 2023 18:04:50 +0530 Subject: [PATCH 08/15] invoke terraform-azure-nfs from terraform-cdp-azure-prereqs Signed-off-by: tsharma --- .../terraform-cdp-azure-pre-reqs/README.md | 15 +++++++- .../terraform-cdp-azure-pre-reqs/defaults.tf | 11 ++++++ modules/terraform-cdp-azure-pre-reqs/main.tf | 22 +++++++++++ .../terraform-cdp-azure-pre-reqs/outputs.tf | 21 +++++++++++ .../terraform-cdp-azure-pre-reqs/variables.tf | 37 ++++++++++++++++++- 5 files changed, 104 insertions(+), 2 deletions(-) diff --git a/modules/terraform-cdp-azure-pre-reqs/README.md b/modules/terraform-cdp-azure-pre-reqs/README.md index 47b889e..fc43bdb 100644 --- a/modules/terraform-cdp-azure-pre-reqs/README.md +++ b/modules/terraform-cdp-azure-pre-reqs/README.md @@ -33,6 +33,7 @@ In each directory an example `terraform.tfvars.sample` values file is included t | Name | Source | Version | |------|--------|---------| | [azure\_cdp\_vnet](#module\_azure\_cdp\_vnet) | ./modules/vnet | n/a | +| [azure\_cml\_nfs](#module\_azure\_cml\_nfs) | ../terraform-azure-nfs | n/a | ## Resources @@ -77,13 +78,19 @@ In each directory an example `terraform.tfvars.sample` values file is included t |------|-------------|------|---------|:--------:| | [deployment\_template](#input\_deployment\_template) | Deployment Pattern to use for Cloud resources and CDP | `string` | n/a | yes | | [env\_prefix](#input\_env\_prefix) | Shorthand name for the environment. Used in resource descriptions | `string` | n/a | yes | +| [nfs\_file\_share\_name](#input\_nfs\_file\_share\_name) | nfs file share name | `string` | n/a | yes | +| [nfs\_storage\_account\_name](#input\_nfs\_storage\_account\_name) | NFS Storage account name | `string` | n/a | yes | +| [public\_key\_text](#input\_public\_key\_text) | SSH Public key string for the nodes of the CDP environment | `string` | n/a | yes | | [agent\_source\_tag](#input\_agent\_source\_tag) | Tag to identify deployment source | `map(any)` | 
{
  "agent_source": "tf-cdp-module"
}
| no | | [azure\_region](#input\_azure\_region) | Region which Cloud resources will be created | `string` | `null` | no | | [backup\_storage](#input\_backup\_storage) | Optional Backup location for CDP environment. If not provided follow the data\_storage variable | 
object({
    backup_storage_bucket = string
    backup_storage_object = string
  })
| `null` | no | | [cdp\_gw\_subnet\_names](#input\_cdp\_gw\_subnet\_names) | List of subnet names for CDP Gateway. Required if create\_vnet is false. | `list(any)` | `null` | no | | [cdp\_resourcegroup\_name](#input\_cdp\_resourcegroup\_name) | Pre-existing Resource Group for CDP environment. Required if create\_vnet is false. | `string` | `null` | no | | [cdp\_subnet\_names](#input\_cdp\_subnet\_names) | List of subnet names for CDP Resources. Required if create\_vnet is false. | `list(any)` | `null` | no | +| [cdp\_subnet\_range](#input\_cdp\_subnet\_range) | Size of each (internal) cluster subnet. Required if create\_vpc is true. | `number` | `19` | no | | [cdp\_vnet\_name](#input\_cdp\_vnet\_name) | Pre-existing VNet Name for CDP environment. Required if create\_vnet is false. | `string` | `null` | no | +| [create\_azure\_cml\_nfs](#input\_create\_azure\_cml\_nfs) | Whether to create NFS for CML | `bool` | `true` | no | +| [create\_vm\_mounting\_nfs](#input\_create\_vm\_mounting\_nfs) | Whether to create a VM which mounts this NFS | `bool` | `true` | no | | [create\_vnet](#input\_create\_vnet) | Flag to specify if the VNet should be created | `bool` | `true` | no | | [data\_storage](#input\_data\_storage) | Data storage locations for CDP environment | 
object({
    data_storage_bucket = string
    data_storage_object = string
  })
| `null` | no | | [datalake\_admin\_backup\_container\_role\_assignments](#input\_datalake\_admin\_backup\_container\_role\_assignments) | List of Role Assignments for the Datalake Admin Managed Identity assigned to the Backup Storage Container. | 
list(object({
    role        = string
    description = string
    })
  )
| 
[
  {
    "description": "Assign Storage Blob Data Owner Role to Data Lake Admin Identity at Backup Container Level",
    "role": "Storage Blob Data Owner"
  }
]
| no | @@ -92,12 +99,14 @@ In each directory an example `terraform.tfvars.sample` values file is included t | [datalake\_admin\_managed\_identity\_name](#input\_datalake\_admin\_managed\_identity\_name) | Datalake Admin Managed Identity name | `string` | `null` | no | | [enable\_raz](#input\_enable\_raz) | Flag to enable Ranger Authorization Service (RAZ) | `bool` | `true` | no | | [env\_tags](#input\_env\_tags) | Tags applied to provisioned resources | `map(any)` | `null` | no | +| [gateway\_subnet\_range](#input\_gateway\_subnet\_range) | Size of each gateway subnet. Required if create\_vpc is true. | `number` | `24` | no | | [idbroker\_managed\_identity\_name](#input\_idbroker\_managed\_identity\_name) | IDBroker Managed Identity name | `string` | `null` | no | | [idbroker\_role\_assignments](#input\_idbroker\_role\_assignments) | List of Role Assignments for the IDBroker Managed Identity | 
list(object({
    role        = string
    description = string
    })
  )
| 
[
  {
    "description": "Assign VM Contributor Role to IDBroker Identity at Subscription Level",
    "role": "Virtual Machine Contributor"
  },
  {
    "description": "Assign Managed Identity Operator Role to IDBroker Identity at Subscription Level",
    "role": "Managed Identity Operator"
  }
]
| no | | [ingress\_extra\_cidrs\_and\_ports](#input\_ingress\_extra\_cidrs\_and\_ports) | List of extra CIDR blocks and ports to include in Security Group Ingress rules | 
object({
    cidrs = list(string)
    ports = list(number)
  })
| 
{
  "cidrs": [],
  "ports": []
}
| no | | [log\_data\_access\_managed\_identity\_name](#input\_log\_data\_access\_managed\_identity\_name) | Log Data Access Managed Identity name | `string` | `null` | no | | [log\_data\_access\_role\_assignments](#input\_log\_data\_access\_role\_assignments) | List of Role Assignments for the Log Data Access Managed Identity. | 
list(object({
    role        = string
    description = string
    })
  )
| 
[
  {
    "description": "Assign Storage Blob Data Contributor Role to Log Role at Logs and Backup Container level",
    "role": "Storage Blob Data Contributor"
  }
]
| no | | [log\_storage](#input\_log\_storage) | Optional log locations for CDP environment. If not provided follow the data\_storage variable | 
object({
    log_storage_bucket = string
    log_storage_object = string
  })
| `null` | no | +| [nfs\_file\_share\_size](#input\_nfs\_file\_share\_size) | NFS File Share size | `number` | `100` | no | | [random\_id\_for\_bucket](#input\_random\_id\_for\_bucket) | Create a random suffix for the Storage Account names | `bool` | `true` | no | | [ranger\_audit\_backup\_container\_role\_assignments](#input\_ranger\_audit\_backup\_container\_role\_assignments) | List of Role Assignments for the Ranger Audit Managed Identity assigned to the Backup Storage Container. | 
list(object({
    role        = string
    description = string
    })
  )
| 
[
  {
    "description": "Assign Storage Blob Data Contributor Role to Ranger Audit Role at Backup Container level",
    "role": "Storage Blob Data Contributor"
  }
]
| no | | [ranger\_audit\_data\_access\_managed\_identity\_name](#input\_ranger\_audit\_data\_access\_managed\_identity\_name) | Ranger Audit Managed Identity name | `string` | `null` | no | @@ -109,7 +118,7 @@ In each directory an example `terraform.tfvars.sample` values file is included t | [security\_group\_default\_name](#input\_security\_group\_default\_name) | Default Security Group for CDP environment | `string` | `null` | no | | [security\_group\_knox\_name](#input\_security\_group\_knox\_name) | Knox Security Group for CDP environment | `string` | `null` | no | | [subnet\_count](#input\_subnet\_count) | Number of Subnets Required | `string` | `"3"` | no | -| [vnet\_cidr](#input\_vnet\_cidr) | VNet CIDR Block | `string` | `"10.10.0.0/16"` | no | +| [vnet\_cidr](#input\_vnet\_cidr) | VNet CIDR Block. Required if create\_vpc is true. | `string` | `"10.10.0.0/16"` | no | | [vnet\_name](#input\_vnet\_name) | VNet name | `string` | `null` | no | | [xaccount\_app\_name](#input\_xaccount\_app\_name) | Cross account application name within Azure Active Directory | `string` | `null` | no | @@ -141,4 +150,8 @@ In each directory an example `terraform.tfvars.sample` values file is included t | [azure\_vnet\_name](#output\_azure\_vnet\_name) | Azure Virtual Network Name | | [azure\_xaccount\_app\_pword](#output\_azure\_xaccount\_app\_pword) | Password for the Azure AD Cross Account Application | | [azure\_xaccount\_app\_uuid](#output\_azure\_xaccount\_app\_uuid) | UUID for the Azure AD Cross Account Application | +| [nfs\_file\_share\_url](#output\_nfs\_file\_share\_url) | NFS File Share Url | +| [nfs\_vm\_mount\_path](#output\_nfs\_vm\_mount\_path) | Path where NFS is mounted on the VM | +| [nfs\_vm\_public\_ip](#output\_nfs\_vm\_public\_ip) | NFS VM Public IP | +| [nfs\_vm\_username](#output\_nfs\_vm\_username) | NFS VM Admin Username | \ No newline at end of file diff --git a/modules/terraform-cdp-azure-pre-reqs/defaults.tf b/modules/terraform-cdp-azure-pre-reqs/defaults.tf index adef4a8..2793f18 100644 --- a/modules/terraform-cdp-azure-pre-reqs/defaults.tf +++ b/modules/terraform-cdp-azure-pre-reqs/defaults.tf @@ -88,4 +88,15 @@ locals { } ] ]) + + # ---- Azure CML NFS Resources + + nfs_file_share_name = coalesce(var.nfs_file_share_name, "${var.env_prefix}-nfs-file-share") + nfs_storage_account_name = coalesce(var.nfs_storage_account_name, "${replace(var.env_prefix, "/[-_]/", "")}nfsstor") + nfsvm_nic_name = "${var.env_prefix}-nfs-vm-nic" + nfsvm_public_ip_name = "${var.env_prefix}-nfs-vm-public-ip" + nfsvm_sg_name = "${var.env_prefix}-nfs-vm-sg" + nfs_vnet_link_name = "${var.env_prefix}-nfs-vm-vent-link" + nfsvm_name = "${var.env_prefix}-nfs_vm" + private_endpoint_prefix = var.env_prefix } diff --git a/modules/terraform-cdp-azure-pre-reqs/main.tf b/modules/terraform-cdp-azure-pre-reqs/main.tf index 2d35526..0a1da40 100644 --- a/modules/terraform-cdp-azure-pre-reqs/main.tf +++ b/modules/terraform-cdp-azure-pre-reqs/main.tf @@ -366,3 +366,25 @@ resource "azurerm_role_assignment" "cdp_raz_assign" { description = each.value.description } + +module "azure_cml_nfs" { + count = var.create_azure_cml_nfs ? 1 : 0 + source = "../terraform-azure-nfs" + + resourcegroup_name = var.resourcegroup_name + azure_region = var.azure_region + nfs_file_share_name = local.nfs_file_share_name + nfs_file_share_size = var.nfs_file_share_size + nfs_private_endpoint_target_subnet_names = local.cdp_subnet_names + vnet_name = var.vnet_name + nfs_storage_account_name = local.nfs_storage_account_name + source_address_prefixes = var.ingress_extra_cidrs_and_ports.cidrs + nfsvm_nic_name = local.nfsvm_nic_name + nfsvm_public_ip_name = local.nfsvm_public_ip_name + nfsvm_sg_name = local.nfsvm_sg_name + nfs_vnet_link_name = local.nfs_vnet_link_name + nfsvm_name = local.nfsvm_name + public_key_text = var.public_key_text + private_endpoint_prefix = local.private_endpoint_prefix + create_vm_mounting_nfs = var.create_vm_mounting_nfs +} \ No newline at end of file diff --git a/modules/terraform-cdp-azure-pre-reqs/outputs.tf b/modules/terraform-cdp-azure-pre-reqs/outputs.tf index 9d842dd..2c1ddc9 100644 --- a/modules/terraform-cdp-azure-pre-reqs/outputs.tf +++ b/modules/terraform-cdp-azure-pre-reqs/outputs.tf @@ -162,3 +162,24 @@ output "azure_raz_identity_id" { description = "RAZ Managed Identity ID. Value returned if RAZ is enabled" } + + +output "nfs_file_share_url" { + value = module.azure_cml_nfs.nfs_file_share_url + description = "NFS File Share Url" +} + +output "nfs_vm_public_ip" { + value = module.azure_cml_nfs.nfs_vm_public_ip + description = "NFS VM Public IP" +} + +output "nfs_vm_username" { + value = module.azure_cml_nfs.nfs_vm_username + description = "NFS VM Admin Username" +} + +output "nfs_vm_mount_path" { + value = module.azure_cml_nfs.nfs_vm_mount_path + description = "Path where NFS is mounted on the VM" +} \ No newline at end of file diff --git a/modules/terraform-cdp-azure-pre-reqs/variables.tf b/modules/terraform-cdp-azure-pre-reqs/variables.tf index 908cd0f..bd30696 100644 --- a/modules/terraform-cdp-azure-pre-reqs/variables.tf +++ b/modules/terraform-cdp-azure-pre-reqs/variables.tf @@ -434,4 +434,39 @@ variable "raz_storage_role_assignments" { } ] -} \ No newline at end of file +} + +variable "public_key_text" { + type = string + + description = "SSH Public key string for the nodes of the CDP environment" +} + +variable "create_azure_cml_nfs" { + type = bool + description = "Whether to create NFS for CML" + default = true +} + +variable "nfs_file_share_name" { + type = string + description = "nfs file share name" +} + +variable "nfs_storage_account_name" { + type = string + description = "NFS Storage account name" +} + +variable "create_vm_mounting_nfs" { + type = bool + description = "Whether to create a VM which mounts this NFS" + default = true +} + +variable "nfs_file_share_size" { + type = number + description = "NFS File Share size" + default = 100 +} + From 58cb431e799c2ad890d13cea3e1661e41186449b Mon Sep 17 00:00:00 2001 From: tsharma Date: Wed, 25 Oct 2023 18:10:41 +0530 Subject: [PATCH 09/15] minor naming change Signed-off-by: tsharma --- modules/terraform-cdp-azure-pre-reqs/defaults.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/terraform-cdp-azure-pre-reqs/defaults.tf b/modules/terraform-cdp-azure-pre-reqs/defaults.tf index 2793f18..67b6b55 100644 --- a/modules/terraform-cdp-azure-pre-reqs/defaults.tf +++ b/modules/terraform-cdp-azure-pre-reqs/defaults.tf @@ -97,6 +97,6 @@ locals { nfsvm_public_ip_name = "${var.env_prefix}-nfs-vm-public-ip" nfsvm_sg_name = "${var.env_prefix}-nfs-vm-sg" nfs_vnet_link_name = "${var.env_prefix}-nfs-vm-vent-link" - nfsvm_name = "${var.env_prefix}-nfs_vm" + nfsvm_name = "${var.env_prefix}-nfs-vm" private_endpoint_prefix = var.env_prefix } From a01798486214ac76993e119725cbf85652114495 Mon Sep 17 00:00:00 2001 From: tsharma Date: Wed, 25 Oct 2023 18:36:28 +0530 Subject: [PATCH 10/15] fixes to variables and outputs Signed-off-by: tsharma --- modules/terraform-cdp-azure-pre-reqs/outputs.tf | 8 ++++---- modules/terraform-cdp-azure-pre-reqs/variables.tf | 3 +++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/terraform-cdp-azure-pre-reqs/outputs.tf b/modules/terraform-cdp-azure-pre-reqs/outputs.tf index 2c1ddc9..b09926e 100644 --- a/modules/terraform-cdp-azure-pre-reqs/outputs.tf +++ b/modules/terraform-cdp-azure-pre-reqs/outputs.tf @@ -165,21 +165,21 @@ output "azure_raz_identity_id" { output "nfs_file_share_url" { - value = module.azure_cml_nfs.nfs_file_share_url + value = module.azure_cml_nfs[0].nfs_file_share_url description = "NFS File Share Url" } output "nfs_vm_public_ip" { - value = module.azure_cml_nfs.nfs_vm_public_ip + value = module.azure_cml_nfs[0].nfs_vm_public_ip description = "NFS VM Public IP" } output "nfs_vm_username" { - value = module.azure_cml_nfs.nfs_vm_username + value = module.azure_cml_nfs[0].nfs_vm_username description = "NFS VM Admin Username" } output "nfs_vm_mount_path" { - value = module.azure_cml_nfs.nfs_vm_mount_path + value = module.azure_cml_nfs[0].nfs_vm_mount_path description = "Path where NFS is mounted on the VM" } \ No newline at end of file diff --git a/modules/terraform-cdp-azure-pre-reqs/variables.tf b/modules/terraform-cdp-azure-pre-reqs/variables.tf index bd30696..737827f 100644 --- a/modules/terraform-cdp-azure-pre-reqs/variables.tf +++ b/modules/terraform-cdp-azure-pre-reqs/variables.tf @@ -440,6 +440,7 @@ variable "public_key_text" { type = string description = "SSH Public key string for the nodes of the CDP environment" + default = null } variable "create_azure_cml_nfs" { @@ -451,11 +452,13 @@ variable "create_azure_cml_nfs" { variable "nfs_file_share_name" { type = string description = "nfs file share name" + default = null } variable "nfs_storage_account_name" { type = string description = "NFS Storage account name" + default = null } variable "create_vm_mounting_nfs" { From 7fe0604e047540cc1e3e623c3ff98ddd4f6ece00 Mon Sep 17 00:00:00 2001 From: tsharma Date: Wed, 25 Oct 2023 18:41:54 +0530 Subject: [PATCH 11/15] take value from local Signed-off-by: tsharma --- modules/terraform-cdp-azure-pre-reqs/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/terraform-cdp-azure-pre-reqs/main.tf b/modules/terraform-cdp-azure-pre-reqs/main.tf index 0a1da40..abe60d0 100644 --- a/modules/terraform-cdp-azure-pre-reqs/main.tf +++ b/modules/terraform-cdp-azure-pre-reqs/main.tf @@ -371,12 +371,12 @@ module "azure_cml_nfs" { count = var.create_azure_cml_nfs ? 1 : 0 source = "../terraform-azure-nfs" - resourcegroup_name = var.resourcegroup_name + resourcegroup_name = local.resourcegroup_name azure_region = var.azure_region nfs_file_share_name = local.nfs_file_share_name nfs_file_share_size = var.nfs_file_share_size nfs_private_endpoint_target_subnet_names = local.cdp_subnet_names - vnet_name = var.vnet_name + vnet_name = local.vnet_name nfs_storage_account_name = local.nfs_storage_account_name source_address_prefixes = var.ingress_extra_cidrs_and_ports.cidrs nfsvm_nic_name = local.nfsvm_nic_name From 645617f6a704f5639394dadd328b56e62908971e Mon Sep 17 00:00:00 2001 From: tsharma Date: Wed, 25 Oct 2023 18:43:33 +0530 Subject: [PATCH 12/15] formatting errors Signed-off-by: tsharma --- modules/terraform-cdp-azure-pre-reqs/outputs.tf | 4 ++-- modules/terraform-cdp-azure-pre-reqs/variables.tf | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/terraform-cdp-azure-pre-reqs/outputs.tf b/modules/terraform-cdp-azure-pre-reqs/outputs.tf index b09926e..667850f 100644 --- a/modules/terraform-cdp-azure-pre-reqs/outputs.tf +++ b/modules/terraform-cdp-azure-pre-reqs/outputs.tf @@ -165,12 +165,12 @@ output "azure_raz_identity_id" { output "nfs_file_share_url" { - value = module.azure_cml_nfs[0].nfs_file_share_url + value = module.azure_cml_nfs[0].nfs_file_share_url description = "NFS File Share Url" } output "nfs_vm_public_ip" { - value = module.azure_cml_nfs[0].nfs_vm_public_ip + value = module.azure_cml_nfs[0].nfs_vm_public_ip description = "NFS VM Public IP" } diff --git a/modules/terraform-cdp-azure-pre-reqs/variables.tf b/modules/terraform-cdp-azure-pre-reqs/variables.tf index 737827f..4517bd4 100644 --- a/modules/terraform-cdp-azure-pre-reqs/variables.tf +++ b/modules/terraform-cdp-azure-pre-reqs/variables.tf @@ -440,7 +440,7 @@ variable "public_key_text" { type = string description = "SSH Public key string for the nodes of the CDP environment" - default = null + default = null } variable "create_azure_cml_nfs" { @@ -452,13 +452,13 @@ variable "create_azure_cml_nfs" { variable "nfs_file_share_name" { type = string description = "nfs file share name" - default = null + default = null } variable "nfs_storage_account_name" { type = string description = "NFS Storage account name" - default = null + default = null } variable "create_vm_mounting_nfs" { From 8831cbb4a362b4e967cc07f4684d01d1501cad26 Mon Sep 17 00:00:00 2001 From: tsharma Date: Wed, 25 Oct 2023 19:50:36 +0530 Subject: [PATCH 13/15] Final fixes (hopefully) Signed-off-by: tsharma --- .../terraform-cdp-azure-pre-reqs/README.md | 8 ++++---- modules/terraform-cdp-azure-pre-reqs/main.tf | 19 ++++++++++++++----- .../terraform-cdp-azure-pre-reqs/outputs.tf | 8 ++++---- .../terraform-cdp-azure-pre-reqs/variables.tf | 2 +- 4 files changed, 23 insertions(+), 14 deletions(-) diff --git a/modules/terraform-cdp-azure-pre-reqs/README.md b/modules/terraform-cdp-azure-pre-reqs/README.md index fc43bdb..5cd1e9b 100644 --- a/modules/terraform-cdp-azure-pre-reqs/README.md +++ b/modules/terraform-cdp-azure-pre-reqs/README.md @@ -78,9 +78,6 @@ In each directory an example `terraform.tfvars.sample` values file is included t |------|-------------|------|---------|:--------:| | [deployment\_template](#input\_deployment\_template) | Deployment Pattern to use for Cloud resources and CDP | `string` | n/a | yes | | [env\_prefix](#input\_env\_prefix) | Shorthand name for the environment. Used in resource descriptions | `string` | n/a | yes | -| [nfs\_file\_share\_name](#input\_nfs\_file\_share\_name) | nfs file share name | `string` | n/a | yes | -| [nfs\_storage\_account\_name](#input\_nfs\_storage\_account\_name) | NFS Storage account name | `string` | n/a | yes | -| [public\_key\_text](#input\_public\_key\_text) | SSH Public key string for the nodes of the CDP environment | `string` | n/a | yes | | [agent\_source\_tag](#input\_agent\_source\_tag) | Tag to identify deployment source | `map(any)` | 
{
  "agent_source": "tf-cdp-module"
}
| no | | [azure\_region](#input\_azure\_region) | Region which Cloud resources will be created | `string` | `null` | no | | [backup\_storage](#input\_backup\_storage) | Optional Backup location for CDP environment. If not provided follow the data\_storage variable | 
object({
    backup_storage_bucket = string
    backup_storage_object = string
  })
| `null` | no | @@ -89,7 +86,7 @@ In each directory an example `terraform.tfvars.sample` values file is included t | [cdp\_subnet\_names](#input\_cdp\_subnet\_names) | List of subnet names for CDP Resources. Required if create\_vnet is false. | `list(any)` | `null` | no | | [cdp\_subnet\_range](#input\_cdp\_subnet\_range) | Size of each (internal) cluster subnet. Required if create\_vpc is true. | `number` | `19` | no | | [cdp\_vnet\_name](#input\_cdp\_vnet\_name) | Pre-existing VNet Name for CDP environment. Required if create\_vnet is false. | `string` | `null` | no | -| [create\_azure\_cml\_nfs](#input\_create\_azure\_cml\_nfs) | Whether to create NFS for CML | `bool` | `true` | no | +| [create\_azure\_cml\_nfs](#input\_create\_azure\_cml\_nfs) | Whether to create NFS for CML | `bool` | `false` | no | | [create\_vm\_mounting\_nfs](#input\_create\_vm\_mounting\_nfs) | Whether to create a VM which mounts this NFS | `bool` | `true` | no | | [create\_vnet](#input\_create\_vnet) | Flag to specify if the VNet should be created | `bool` | `true` | no | | [data\_storage](#input\_data\_storage) | Data storage locations for CDP environment | 
object({
    data_storage_bucket = string
    data_storage_object = string
  })
| `null` | no | @@ -106,7 +103,10 @@ In each directory an example `terraform.tfvars.sample` values file is included t | [log\_data\_access\_managed\_identity\_name](#input\_log\_data\_access\_managed\_identity\_name) | Log Data Access Managed Identity name | `string` | `null` | no | | [log\_data\_access\_role\_assignments](#input\_log\_data\_access\_role\_assignments) | List of Role Assignments for the Log Data Access Managed Identity. | 
list(object({
    role        = string
    description = string
    })
  )
| 
[
  {
    "description": "Assign Storage Blob Data Contributor Role to Log Role at Logs and Backup Container level",
    "role": "Storage Blob Data Contributor"
  }
]
| no | | [log\_storage](#input\_log\_storage) | Optional log locations for CDP environment. If not provided follow the data\_storage variable | 
object({
    log_storage_bucket = string
    log_storage_object = string
  })
| `null` | no | +| [nfs\_file\_share\_name](#input\_nfs\_file\_share\_name) | nfs file share name | `string` | `null` | no | | [nfs\_file\_share\_size](#input\_nfs\_file\_share\_size) | NFS File Share size | `number` | `100` | no | +| [nfs\_storage\_account\_name](#input\_nfs\_storage\_account\_name) | NFS Storage account name | `string` | `null` | no | +| [public\_key\_text](#input\_public\_key\_text) | SSH Public key string for the nodes of the CDP environment | `string` | `null` | no | | [random\_id\_for\_bucket](#input\_random\_id\_for\_bucket) | Create a random suffix for the Storage Account names | `bool` | `true` | no | | [ranger\_audit\_backup\_container\_role\_assignments](#input\_ranger\_audit\_backup\_container\_role\_assignments) | List of Role Assignments for the Ranger Audit Managed Identity assigned to the Backup Storage Container. | 
list(object({
    role        = string
    description = string
    })
  )
| 
[
  {
    "description": "Assign Storage Blob Data Contributor Role to Ranger Audit Role at Backup Container level",
    "role": "Storage Blob Data Contributor"
  }
]
| no | | [ranger\_audit\_data\_access\_managed\_identity\_name](#input\_ranger\_audit\_data\_access\_managed\_identity\_name) | Ranger Audit Managed Identity name | `string` | `null` | no | diff --git a/modules/terraform-cdp-azure-pre-reqs/main.tf b/modules/terraform-cdp-azure-pre-reqs/main.tf index abe60d0..4a013a1 100644 --- a/modules/terraform-cdp-azure-pre-reqs/main.tf +++ b/modules/terraform-cdp-azure-pre-reqs/main.tf @@ -110,7 +110,9 @@ resource "random_id" "bucket_suffix" { resource "azurerm_storage_account" "cdp_storage_locations" { # Create buckets for the unique list of buckets in data and log storage - for_each = toset(concat([local.data_storage.data_storage_bucket], [local.log_storage.log_storage_bucket], [local.backup_storage.backup_storage_bucket])) + for_each = toset(concat([local.data_storage.data_storage_bucket], [local.log_storage.log_storage_bucket], [ + local.backup_storage.backup_storage_bucket + ])) name = "${each.value}${local.storage_suffix}" resource_group_name = local.cdp_resourcegroup_name @@ -357,8 +359,10 @@ resource "azurerm_user_assigned_identity" "cdp_raz" { # Assign the required roles to the managed identity resource "azurerm_role_assignment" "cdp_raz_assign" { - for_each = { for idx, item in local.raz_storage_role_assignments : idx => item - if var.enable_raz == true } + for_each = { + for idx, item in local.raz_storage_role_assignments : idx => item + if var.enable_raz == true + } scope = each.value.scope role_definition_name = each.value.role @@ -371,12 +375,12 @@ module "azure_cml_nfs" { count = var.create_azure_cml_nfs ? 1 : 0 source = "../terraform-azure-nfs" - resourcegroup_name = local.resourcegroup_name + resourcegroup_name = local.cdp_resourcegroup_name azure_region = var.azure_region nfs_file_share_name = local.nfs_file_share_name nfs_file_share_size = var.nfs_file_share_size nfs_private_endpoint_target_subnet_names = local.cdp_subnet_names - vnet_name = local.vnet_name + vnet_name = local.cdp_vnet_name nfs_storage_account_name = local.nfs_storage_account_name source_address_prefixes = var.ingress_extra_cidrs_and_ports.cidrs nfsvm_nic_name = local.nfsvm_nic_name @@ -387,4 +391,9 @@ module "azure_cml_nfs" { public_key_text = var.public_key_text private_endpoint_prefix = local.private_endpoint_prefix create_vm_mounting_nfs = var.create_vm_mounting_nfs + + depends_on = [ + azurerm_resource_group.cdp_rmgp, + module.azure_cdp_vnet + ] } \ No newline at end of file diff --git a/modules/terraform-cdp-azure-pre-reqs/outputs.tf b/modules/terraform-cdp-azure-pre-reqs/outputs.tf index 667850f..b088f71 100644 --- a/modules/terraform-cdp-azure-pre-reqs/outputs.tf +++ b/modules/terraform-cdp-azure-pre-reqs/outputs.tf @@ -165,21 +165,21 @@ output "azure_raz_identity_id" { output "nfs_file_share_url" { - value = module.azure_cml_nfs[0].nfs_file_share_url + value = var.create_azure_cml_nfs ? module.azure_cml_nfs[0].nfs_file_share_url : null description = "NFS File Share Url" } output "nfs_vm_public_ip" { - value = module.azure_cml_nfs[0].nfs_vm_public_ip + value = var.create_azure_cml_nfs ? module.azure_cml_nfs[0].nfs_vm_public_ip : null description = "NFS VM Public IP" } output "nfs_vm_username" { - value = module.azure_cml_nfs[0].nfs_vm_username + value = var.create_azure_cml_nfs ? module.azure_cml_nfs[0].nfs_vm_username : null description = "NFS VM Admin Username" } output "nfs_vm_mount_path" { - value = module.azure_cml_nfs[0].nfs_vm_mount_path + value = var.create_azure_cml_nfs ? module.azure_cml_nfs[0].nfs_vm_mount_path : null description = "Path where NFS is mounted on the VM" } \ No newline at end of file diff --git a/modules/terraform-cdp-azure-pre-reqs/variables.tf b/modules/terraform-cdp-azure-pre-reqs/variables.tf index 4517bd4..9e3e267 100644 --- a/modules/terraform-cdp-azure-pre-reqs/variables.tf +++ b/modules/terraform-cdp-azure-pre-reqs/variables.tf @@ -446,7 +446,7 @@ variable "public_key_text" { variable "create_azure_cml_nfs" { type = bool description = "Whether to create NFS for CML" - default = true + default = false } variable "nfs_file_share_name" { From a15e6f83cf29e385063c80aaa6dd25368bdfcb4c Mon Sep 17 00:00:00 2001 From: tsharma Date: Thu, 26 Oct 2023 12:56:46 +0530 Subject: [PATCH 14/15] Add NFS Storage Account Name output Signed-off-by: tsharma --- modules/terraform-azure-nfs/README.md | 1 + modules/terraform-azure-nfs/outputs.tf | 8 +++++++- modules/terraform-cdp-azure-pre-reqs/README.md | 1 + modules/terraform-cdp-azure-pre-reqs/outputs.tf | 5 +++++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/terraform-azure-nfs/README.md b/modules/terraform-azure-nfs/README.md index ddba3bd..2d03547 100644 --- a/modules/terraform-azure-nfs/README.md +++ b/modules/terraform-azure-nfs/README.md @@ -80,6 +80,7 @@ No modules. | Name | Description | |------|-------------| | [nfs\_file\_share\_url](#output\_nfs\_file\_share\_url) | NFS File Share url | +| [nfs\_storage\_account\_name](#output\_nfs\_storage\_account\_name) | NFS Storage Account Name | | [nfs\_vm\_mount\_path](#output\_nfs\_vm\_mount\_path) | Path where NFS is mounted on the VM | | [nfs\_vm\_public\_ip](#output\_nfs\_vm\_public\_ip) | NFS VM public IP address | | [nfs\_vm\_username](#output\_nfs\_vm\_username) | NFS VM Admin Username | diff --git a/modules/terraform-azure-nfs/outputs.tf b/modules/terraform-azure-nfs/outputs.tf index 47b140a..2d7172f 100644 --- a/modules/terraform-azure-nfs/outputs.tf +++ b/modules/terraform-azure-nfs/outputs.tf @@ -18,6 +18,11 @@ output "nfs_file_share_url" { description = "NFS File Share url" } +output "nfs_storage_account_name" { + value = azurerm_storage_account.nfs_storage_account.name + description = "NFS Storage Account Name" +} + output "nfs_vm_public_ip" { value = var.create_vm_mounting_nfs ? azurerm_public_ip.nfsvm_public_ip[0].ip_address : null description = "NFS VM public IP address" @@ -31,4 +36,5 @@ output "nfs_vm_username" { output "nfs_vm_mount_path" { value = var.create_vm_mounting_nfs ? "/mount/${var.nfs_storage_account_name}/${var.nfs_file_share_name}" : null description = "Path where NFS is mounted on the VM" -} \ No newline at end of file +} + diff --git a/modules/terraform-cdp-azure-pre-reqs/README.md b/modules/terraform-cdp-azure-pre-reqs/README.md index 5cd1e9b..3e7f2d4 100644 --- a/modules/terraform-cdp-azure-pre-reqs/README.md +++ b/modules/terraform-cdp-azure-pre-reqs/README.md @@ -151,6 +151,7 @@ In each directory an example `terraform.tfvars.sample` values file is included t | [azure\_xaccount\_app\_pword](#output\_azure\_xaccount\_app\_pword) | Password for the Azure AD Cross Account Application | | [azure\_xaccount\_app\_uuid](#output\_azure\_xaccount\_app\_uuid) | UUID for the Azure AD Cross Account Application | | [nfs\_file\_share\_url](#output\_nfs\_file\_share\_url) | NFS File Share Url | +| [nfs\_storage\_account\_name](#output\_nfs\_storage\_account\_name) | NFS Storage Account Name | | [nfs\_vm\_mount\_path](#output\_nfs\_vm\_mount\_path) | Path where NFS is mounted on the VM | | [nfs\_vm\_public\_ip](#output\_nfs\_vm\_public\_ip) | NFS VM Public IP | | [nfs\_vm\_username](#output\_nfs\_vm\_username) | NFS VM Admin Username | diff --git a/modules/terraform-cdp-azure-pre-reqs/outputs.tf b/modules/terraform-cdp-azure-pre-reqs/outputs.tf index b088f71..8a461a6 100644 --- a/modules/terraform-cdp-azure-pre-reqs/outputs.tf +++ b/modules/terraform-cdp-azure-pre-reqs/outputs.tf @@ -169,6 +169,11 @@ output "nfs_file_share_url" { description = "NFS File Share Url" } +output "nfs_storage_account_name" { + value = var.create_azure_cml_nfs ? module.azure_cml_nfs[0].nfs_storage_account_name : null + description = "NFS Storage Account Name" +} + output "nfs_vm_public_ip" { value = var.create_azure_cml_nfs ? module.azure_cml_nfs[0].nfs_vm_public_ip : null description = "NFS VM Public IP" From 10fa910f98a293395c474bd7f4aab31239c53c0c Mon Sep 17 00:00:00 2001 From: tsharma Date: Mon, 30 Oct 2023 12:27:32 +0530 Subject: [PATCH 15/15] sign with gpg key Signed-off-by: tsharma --- .../terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf index ed59d51..c732a2e 100644 --- a/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf +++ b/modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf @@ -56,4 +56,9 @@ output "nfs_vm_username" { output "nfs_vm_mount_path" { value = module.ex01_nfs_fileshare.nfs_vm_mount_path description = "Path where NFS is mounted on the VM" +} + +output "nfs_storage_account_name" { + value = module.ex01_nfs_fileshare.nfs_storage_account_name + description = "NFS Storage Account Name" } \ No newline at end of file