From 318c413051764c489245d215afb56b294b07061b Mon Sep 17 00:00:00 2001
From: tsharma <tsharma@cloudera.com>
Date: Thu, 19 Oct 2023 23:23:57 +0530
Subject: [PATCH] Add Support for creating Azure FilesShare NFS for CML
 provisions a storage account with Premium Tier and Disabled Https traffic
 only. Creates a NFS file share of 100 GB in the storage account Creates a
 private dns zone of type privatelink.file.core.windows.net Creates a VNET
 link between CDP workload VNET and private DNS zone Creates a private
 endpoint for NFS Storage Account (File sub-resource) for one of the subnets
 in the CDP VNET - this should be extended to all subnets for CML. Creates a
 public IP , security group allowing port 22 from everywhere Creates a ubuntu
 VM with public IP, security group in the CDP VNET to which private endpoint
 was created.

---
 .../modules/nfs/data.tf                       |  24 ++++
 .../modules/nfs/main.tf                       | 127 ++++++++++++++++++
 .../modules/nfs/provider.tf                   |  24 ++++
 .../modules/nfs/variables.tf                  |  65 +++++++++
 4 files changed, 240 insertions(+)
 create mode 100644 modules/terraform-cdp-azure-pre-reqs/modules/nfs/data.tf
 create mode 100644 modules/terraform-cdp-azure-pre-reqs/modules/nfs/main.tf
 create mode 100644 modules/terraform-cdp-azure-pre-reqs/modules/nfs/provider.tf
 create mode 100644 modules/terraform-cdp-azure-pre-reqs/modules/nfs/variables.tf

diff --git a/modules/terraform-cdp-azure-pre-reqs/modules/nfs/data.tf b/modules/terraform-cdp-azure-pre-reqs/modules/nfs/data.tf
new file mode 100644
index 0000000..86ebfa9
--- /dev/null
+++ b/modules/terraform-cdp-azure-pre-reqs/modules/nfs/data.tf
@@ -0,0 +1,24 @@
+# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+data "azurerm_subnet" "nfs_subnet" {
+  name = var.nfs_private_endpoint_target_subnet_name
+  virtual_network_name = var.vnet_name
+  resource_group_name = var.resourcegroup_name
+}
+
+data "azurerm_virtual_network" "nfs_vnet" {
+  name = var.vnet_name
+  resource_group_name = var.resourcegroup_name
+}
diff --git a/modules/terraform-cdp-azure-pre-reqs/modules/nfs/main.tf b/modules/terraform-cdp-azure-pre-reqs/modules/nfs/main.tf
new file mode 100644
index 0000000..a49d006
--- /dev/null
+++ b/modules/terraform-cdp-azure-pre-reqs/modules/nfs/main.tf
@@ -0,0 +1,127 @@
+resource "azurerm_storage_account" "nfs_storage_account" {
+  name = var.nfs_storage_account_name
+  resource_group_name = var.resourcegroup_name
+  location = var.vnet_region
+  account_tier = "Premium"
+  account_replication_type = "LRS"
+  account_kind = "FileStorage"
+  enable_https_traffic_only = false
+}
+
+
+resource "azurerm_storage_share" "nfs_storage_share" {
+  name = var.nfs_file_share_name
+  storage_account_name = azurerm_storage_account.nfs_storage_account.name
+  enabled_protocol = "NFS"
+  quota = 100
+}
+
+
+resource "azurerm_private_dns_zone" "nfs_privatedns" {
+  name = "privatelink.file.core.windows.net"
+  resource_group_name = var.resourcegroup_name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "nfs_vnet_link" {
+  name = "${var.env_prefix}vnetlink"
+  resource_group_name = var.resourcegroup_name
+  private_dns_zone_name = azurerm_private_dns_zone.nfs_privatedns.name
+  virtual_network_id = data.azurerm_virtual_network.nfs_vnet.id
+}
+
+
+resource "azurerm_private_endpoint" "nfs_private_endpoint" {
+  name = "nfs_private_endpoint"
+  location = var.vnet_region
+  resource_group_name = var.resourcegroup_name
+  subnet_id = data.azurerm_subnet.nfs_subnet.id
+
+  private_service_connection {
+    name = "nfs-privateserviceconnection"
+    private_connection_resource_id = azurerm_storage_account.nfs_storage_account.id
+    subresource_names = [
+
+      "file",
+    ]
+    is_manual_connection = false
+  }
+
+  private_dns_zone_group {
+    name = "nfs-dns-zone-group"
+    private_dns_zone_ids = [
+      azurerm_private_dns_zone.nfs_privatedns.id]
+  }
+}
+
+resource "azurerm_public_ip" "nfsvm_public_ip" {
+  name = var.nfs_vm_public_ip_name
+  resource_group_name = var.resourcegroup_name
+  location = var.vnet_region
+  allocation_method = "Static"
+  sku = "Standard"
+}
+
+resource "azurerm_network_interface" "nfsvm_nic" {
+  name = "${var.env_prefix}bastion-nic"
+  resource_group_name = var.resourcegroup_name
+  location = var.vnet_region
+
+  ip_configuration {
+    name = "internal"
+    subnet_id = data.azurerm_subnet.nfs_subnet.id
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id = azurerm_public_ip.nfsvm_public_ip.id
+  }
+}
+
+resource "azurerm_network_security_group" "nfsvm_sg" {
+  name = "${var.env_prefix}nfsvm-sg"
+  resource_group_name = var.resourcegroup_name
+  location = var.vnet_region
+
+  security_rule {
+    name = "allowssh"
+    priority = 100
+    direction = "Inbound"
+    access = "Allow"
+    protocol = "Tcp"
+    source_port_range = "*"
+    destination_port_range = "22"
+    source_address_prefix = "*"
+    destination_address_prefix = "*"
+  }
+}
+
+resource "azurerm_network_interface_security_group_association" "bastion_nic_sg" {
+  network_interface_id = azurerm_network_interface.nfsvm_nic.id
+  network_security_group_id = azurerm_network_security_group.nfsvm_sg.id
+}
+
+
+resource "azurerm_linux_virtual_machine" "nfs_vm" {
+  name = "${var.env_prefix}nfsvm"
+  resource_group_name = var.resourcegroup_name
+  location = var.vnet_region
+  size = "Standard_F2"
+  admin_username = "adminuser"
+  network_interface_ids = [
+    azurerm_network_interface.nfsvm_nic.id,
+  ]
+
+  admin_ssh_key {
+    username = "adminuser"
+    public_key = file("~/.ssh/id_rsa.pub")
+  }
+
+  os_disk {
+    caching = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "Canonical"
+    offer = "0001-com-ubuntu-server-focal"
+    sku = "20_04-lts"
+    version = "latest"
+  }
+}
\ No newline at end of file
diff --git a/modules/terraform-cdp-azure-pre-reqs/modules/nfs/provider.tf b/modules/terraform-cdp-azure-pre-reqs/modules/nfs/provider.tf
new file mode 100644
index 0000000..cf05981
--- /dev/null
+++ b/modules/terraform-cdp-azure-pre-reqs/modules/nfs/provider.tf
@@ -0,0 +1,24 @@
+# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">=3.11.0, <4.0"
+    }
+  }
+
+  required_version = ">= 1.3.0"
+}
diff --git a/modules/terraform-cdp-azure-pre-reqs/modules/nfs/variables.tf b/modules/terraform-cdp-azure-pre-reqs/modules/nfs/variables.tf
new file mode 100644
index 0000000..155e8a7
--- /dev/null
+++ b/modules/terraform-cdp-azure-pre-reqs/modules/nfs/variables.tf
@@ -0,0 +1,65 @@
+# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+variable "resourcegroup_name" {
+  type        = string
+  description = "Resource Group Name"
+}
+
+variable "vnet_name" {
+  type        = string
+  description = "VNet name"
+
+}
+
+
+variable "vnet_region" {
+  type        = string
+  description = "Region which VNet will be created"
+
+}
+
+variable "env_prefix" {
+  type        = string
+  description = "Shorthand name for the environment. Used in resource descriptions"
+}
+
+
+variable "nfs_file_share_name" {
+  type = string
+  description = "nfs file share name"
+}
+
+variable "nfs_vm_public_ip_name" {
+  type = string
+  description = "nfs vm public ip"
+}
+
+
+variable "nfs_private_endpoint_target_subnet_name" {
+  type = string
+  description = "Subnet to which private endpoint is created"
+}
+
+variable "nfs_storage_account_name" {
+  type = string
+  description = "NFS Storage account name"
+}
+
+variable "nfs_file_share_size" {
+  type = number
+  description = "NFS File Share size"
+
+}
\ No newline at end of file