-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Feature to support provisioning of Azure Files NFS for CML at runtime (…
…#39) Signed-off-by: tsharma <[email protected]>
- Loading branch information
1 parent
8cb2587
commit d490650
Showing
19 changed files
with
840 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
formatter: markdown | ||
header-from: doc_fragments/header.md | ||
settings: | ||
anchor: true | ||
color: true | ||
default: true | ||
escape: true | ||
html: true | ||
indent: 2 | ||
required: true | ||
sensitive: true | ||
type: true | ||
|
||
|
||
sort: | ||
enabled: true | ||
by: required | ||
|
||
output: | ||
file: README.md | ||
mode: replace |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
<!-- BEGIN_TF_DOCS --> | ||
# Terraform Module for Azure NFS | ||
|
||
This module contains resource files and example variable definition files for creation of the Azure NFS File Share required for Cloudera Machine Learning (CML) Public Cloud. | ||
|
||
* Provisions a storage account with Premium Tier and Disabled Https traffic only. | ||
* Creates a NFS file share of 100 GB in the storage account | ||
* Creates a private dns zone of type privatelink.file.core.windows.net | ||
* Creates a VNET link between CDP workload VNET and private DNS zone | ||
* Creates a private endpoint for NFS Storage Account (File sub-resource) for the specified subnets in the CDP VNET. | ||
* Creates a public IP , security group allowing port 22 from everywhere | ||
* Creates a ubuntu VM with public IP, security group in the CDP Subnets to which private endpoint was created. | ||
|
||
## Usage | ||
|
||
The [examples](./examples) directory has example Azure Cloud Service Provider deployments for different scenarios: | ||
|
||
* `ex01-nfs_fileshare` uses a set of inputs for the module. | ||
|
||
In each directory an example `terraform.tfvars.sample` values file is included to show input variable values. | ||
|
||
## Requirements | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 | | ||
| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | 3.45.0 | | ||
|
||
## Providers | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.77.0 | | ||
|
||
## Modules | ||
|
||
No modules. | ||
|
||
## Resources | ||
|
||
| Name | Type | | ||
|------|------| | ||
| [azurerm_linux_virtual_machine.nfs_vm](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/linux_virtual_machine) | resource | | ||
| [azurerm_network_interface.nfsvm_nic](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/network_interface) | resource | | ||
| [azurerm_network_interface_security_group_association.nfsvm_nic_sg](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/network_interface_security_group_association) | resource | | ||
| [azurerm_network_security_group.nfsvm_sg](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/network_security_group) | resource | | ||
| [azurerm_network_security_rule.nfsvm_sg_rule](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/network_security_rule) | resource | | ||
| [azurerm_private_dns_zone.nfs_privatednszone](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/private_dns_zone) | resource | | ||
| [azurerm_private_dns_zone_virtual_network_link.nfs_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/private_dns_zone_virtual_network_link) | resource | | ||
| [azurerm_private_endpoint.nfs_private_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/private_endpoint) | resource | | ||
| [azurerm_public_ip.nfsvm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/public_ip) | resource | | ||
| [azurerm_storage_account.nfs_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/storage_account) | resource | | ||
| [azurerm_storage_share.nfs_storage_share](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/resources/storage_share) | resource | | ||
| [azurerm_subnet.nfs_subnets](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/data-sources/subnet) | data source | | ||
| [azurerm_virtual_network.nfs_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/3.45.0/docs/data-sources/virtual_network) | data source | | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_azure_region"></a> [azure\_region](#input\_azure\_region) | Region for CDP | `string` | n/a | yes | | ||
| <a name="input_nfs_file_share_name"></a> [nfs\_file\_share\_name](#input\_nfs\_file\_share\_name) | nfs file share name | `string` | n/a | yes | | ||
| <a name="input_nfs_private_endpoint_target_subnet_names"></a> [nfs\_private\_endpoint\_target\_subnet\_names](#input\_nfs\_private\_endpoint\_target\_subnet\_names) | Subnet to which private endpoints are created | `list(string)` | n/a | yes | | ||
| <a name="input_nfs_storage_account_name"></a> [nfs\_storage\_account\_name](#input\_nfs\_storage\_account\_name) | NFS Storage account name | `string` | n/a | yes | | ||
| <a name="input_nfs_vnet_link_name"></a> [nfs\_vnet\_link\_name](#input\_nfs\_vnet\_link\_name) | Name for NFS VNET Link | `string` | n/a | yes | | ||
| <a name="input_private_endpoint_prefix"></a> [private\_endpoint\_prefix](#input\_private\_endpoint\_prefix) | Shorthand name for the environment. Used in resource descriptions | `string` | n/a | yes | | ||
| <a name="input_resourcegroup_name"></a> [resourcegroup\_name](#input\_resourcegroup\_name) | Resource Group Name | `string` | n/a | yes | | ||
| <a name="input_vnet_name"></a> [vnet\_name](#input\_vnet\_name) | Vnet name | `string` | n/a | yes | | ||
| <a name="input_create_vm_mounting_nfs"></a> [create\_vm\_mounting\_nfs](#input\_create\_vm\_mounting\_nfs) | Whether to create a VM which mounts this NFS | `bool` | `true` | no | | ||
| <a name="input_nfs_file_share_size"></a> [nfs\_file\_share\_size](#input\_nfs\_file\_share\_size) | NFS File Share size | `number` | `100` | no | | ||
| <a name="input_nfsvm_name"></a> [nfsvm\_name](#input\_nfsvm\_name) | Name for NFS VM | `string` | `null` | no | | ||
| <a name="input_nfsvm_nic_name"></a> [nfsvm\_nic\_name](#input\_nfsvm\_nic\_name) | Name for NFS VM NIC | `string` | `null` | no | | ||
| <a name="input_nfsvm_public_ip_name"></a> [nfsvm\_public\_ip\_name](#input\_nfsvm\_public\_ip\_name) | Name for NFS VM Public IP | `string` | `null` | no | | ||
| <a name="input_nfsvm_sg_name"></a> [nfsvm\_sg\_name](#input\_nfsvm\_sg\_name) | Name for NFS VM Security Group | `string` | `null` | no | | ||
| <a name="input_public_key_text"></a> [public\_key\_text](#input\_public\_key\_text) | SSH Public key string for the nodes of the CDP environment | `string` | `null` | no | | ||
| <a name="input_source_address_prefixes"></a> [source\_address\_prefixes](#input\_source\_address\_prefixes) | Source address prefixes for VM ssh access | `list(string)` | `null` | no | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| <a name="output_nfs_file_share_url"></a> [nfs\_file\_share\_url](#output\_nfs\_file\_share\_url) | NFS File Share url | | ||
| <a name="output_nfs_storage_account_name"></a> [nfs\_storage\_account\_name](#output\_nfs\_storage\_account\_name) | NFS Storage Account Name | | ||
| <a name="output_nfs_vm_mount_path"></a> [nfs\_vm\_mount\_path](#output\_nfs\_vm\_mount\_path) | Path where NFS is mounted on the VM | | ||
| <a name="output_nfs_vm_public_ip"></a> [nfs\_vm\_public\_ip](#output\_nfs\_vm\_public\_ip) | NFS VM public IP address | | ||
| <a name="output_nfs_vm_username"></a> [nfs\_vm\_username](#output\_nfs\_vm\_username) | NFS VM Admin Username | | ||
<!-- END_TF_DOCS --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Copyright 2023 Cloudera, Inc. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
data "azurerm_subnet" "nfs_subnets" { | ||
|
||
for_each = toset(var.nfs_private_endpoint_target_subnet_names) | ||
|
||
name = each.value | ||
virtual_network_name = var.vnet_name | ||
resource_group_name = var.resourcegroup_name | ||
} | ||
|
||
|
||
data "azurerm_virtual_network" "nfs_vnet" { | ||
name = var.vnet_name | ||
resource_group_name = var.resourcegroup_name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Copyright 2023 Cloudera, Inc. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
locals { | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# Terraform Module for Azure NFS | ||
|
||
This module contains resource files and example variable definition files for creation of the Azure NFS File Share required for Cloudera Machine Learning (CML) Public Cloud. | ||
|
||
* Provisions a storage account with Premium Tier and Disabled Https traffic only. | ||
* Creates a NFS file share of 100 GB in the storage account | ||
* Creates a private dns zone of type privatelink.file.core.windows.net | ||
* Creates a VNET link between CDP workload VNET and private DNS zone | ||
* Creates a private endpoint for NFS Storage Account (File sub-resource) for the specified subnets in the CDP VNET. | ||
* Creates a public IP , security group allowing port 22 from everywhere | ||
* Creates a ubuntu VM with public IP, security group in the CDP Subnets to which private endpoint was created. | ||
|
||
## Usage | ||
|
||
The [examples](./examples) directory has example Azure Cloud Service Provider deployments for different scenarios: | ||
|
||
* `ex01-nfs_fileshare` uses a set of inputs for the module. | ||
|
||
In each directory an example `terraform.tfvars.sample` values file is included to show input variable values. |
64 changes: 64 additions & 0 deletions
64
modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/main.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
# Copyright 2023 Cloudera, Inc. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
provider "azurerm" { | ||
features { | ||
resource_group { | ||
prevent_deletion_if_contains_resources = false | ||
} | ||
} | ||
} | ||
|
||
module "ex01_nfs_fileshare" { | ||
source = "../.." | ||
|
||
resourcegroup_name = var.resourcegroup_name | ||
azure_region = var.azure_region | ||
nfs_file_share_name = var.nfs_file_share_name | ||
nfs_file_share_size = var.nfs_file_share_size | ||
nfs_private_endpoint_target_subnet_names = var.nfs_private_endpoint_target_subnet_names | ||
vnet_name = var.vnet_name | ||
nfs_storage_account_name = var.nfs_storage_account_name | ||
source_address_prefixes = var.source_address_prefixes | ||
nfsvm_nic_name = var.nfsvm_nic_name | ||
nfsvm_public_ip_name = var.nfsvm_public_ip_name | ||
nfsvm_sg_name = var.nfsvm_sg_name | ||
nfs_vnet_link_name = var.nfs_vnet_link_name | ||
nfsvm_name = var.nfsvm_name | ||
public_key_text = var.public_key_text | ||
private_endpoint_prefix = var.private_endpoint_prefix | ||
} | ||
|
||
output "nfs_file_share_url" { | ||
value = module.ex01_nfs_fileshare.nfs_file_share_url | ||
} | ||
output "nfs_vm_public_ip" { | ||
value = module.ex01_nfs_fileshare.nfs_vm_public_ip | ||
} | ||
|
||
|
||
output "nfs_vm_username" { | ||
value = module.ex01_nfs_fileshare.nfs_vm_username | ||
description = "NFS VM Admin Username" | ||
} | ||
|
||
output "nfs_vm_mount_path" { | ||
value = module.ex01_nfs_fileshare.nfs_vm_mount_path | ||
description = "Path where NFS is mounted on the VM" | ||
} | ||
|
||
output "nfs_storage_account_name" { | ||
value = module.ex01_nfs_fileshare.nfs_storage_account_name | ||
description = "NFS Storage Account Name" | ||
} |
32 changes: 32 additions & 0 deletions
32
modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/terraform.tfvars.sample
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# Copyright 2023 Cloudera, Inc. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
private_endpoint_prefix = "<ENTER_VALUE>" | ||
|
||
# ------- Cloud Settings ------- | ||
azure_region = "<ENTER_VALUE>" # Change this to specify Cloud Provider region, e.g. eastus | ||
|
||
resourcegroup_name = "<ENTER_VALUE>" | ||
nfs_file_share_name = "<ENTER_VALUE>" | ||
nfs_file_share_size = <ENTER_VALUE> | ||
nfs_private_endpoint_target_subnet_names = ["<ENTER_VALUE>", "<ENTER_VALUE>"] | ||
vnet_name = "<ENTER_VALUE>" | ||
nfs_storage_account_name = "<ENTER_VALUE>" | ||
nfsvm_public_ip_name = "<ENTER_VALUE>" | ||
nfsvm_nic_name = "<ENTER_VALUE>" | ||
nfsvm_sg_name = <ENTER_VALUE> | ||
nfs_vnet_link_name = "<ENTER_VALUE>" | ||
nfsvm_name = "<ENTER_VALUE>" | ||
public_key_text = "<ENTER_VALUE>" | ||
source_address_prefixes = ["<ENTER_VALUE>", "<ENTER_VALUE>"] |
96 changes: 96 additions & 0 deletions
96
modules/terraform-azure-nfs/examples/ex01-nfs_fileshare/variables.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,96 @@ | ||
# Copyright 2023 Cloudera, Inc. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
|
||
variable "resourcegroup_name" { | ||
type = string | ||
description = "Resource Group Name" | ||
} | ||
|
||
variable "vnet_name" { | ||
type = string | ||
description = "Vnet name" | ||
|
||
} | ||
|
||
|
||
variable "azure_region" { | ||
type = string | ||
description = "Region for CDP" | ||
|
||
} | ||
|
||
variable "private_endpoint_prefix" { | ||
type = string | ||
description = "Shorthand name for the environment. Used in resource descriptions" | ||
} | ||
|
||
|
||
variable "nfs_file_share_name" { | ||
type = string | ||
description = "nfs file share name" | ||
} | ||
|
||
variable "nfs_private_endpoint_target_subnet_names" { | ||
type = list(string) | ||
description = "Subnets to which private endpoints are created" | ||
} | ||
|
||
variable "nfs_storage_account_name" { | ||
type = string | ||
description = "NFS Storage account name" | ||
} | ||
|
||
variable "nfs_file_share_size" { | ||
type = number | ||
description = "NFS File Share size" | ||
} | ||
|
||
|
||
variable "nfsvm_public_ip_name" { | ||
type = string | ||
description = "Name for NFS VM Public IP" | ||
} | ||
|
||
variable "nfsvm_nic_name" { | ||
type = string | ||
description = "Name for NFS VM NIC" | ||
} | ||
|
||
variable "nfsvm_sg_name" { | ||
type = string | ||
description = "Name for NFS VM Security Group" | ||
} | ||
|
||
variable "nfs_vnet_link_name" { | ||
type = string | ||
description = "Name for NFS VNET Link" | ||
} | ||
|
||
|
||
variable "nfsvm_name" { | ||
type = string | ||
description = "Name for NFS VM" | ||
} | ||
|
||
variable "public_key_text" { | ||
type = string | ||
|
||
description = "SSH Public key string for the nodes of the CDP environment" | ||
} | ||
|
||
variable "source_address_prefixes" { | ||
type = list(string) | ||
description = "Source address prefixes for VM ssh access" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/bin/bash | ||
|
||
apt-get -y update | ||
apt-get -y install nfs-common | ||
mkdir -p /mount/${nfs_storage_account_name}/${nfs_file_share_name} | ||
mount -t nfs ${nfs_storage_account_name}.file.core.windows.net:/${nfs_storage_account_name}/${nfs_file_share_name} /mount/${nfs_storage_account_name}/${nfs_file_share_name} -o vers=4,minorversion=1,sec=sys |
Oops, something went wrong.