Skip to content

claranet/terraform-azurerm-storage-file

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

168 Commits
.config
.config
 
 
.github
.github
 
 
.gitlab/merge_request_templates
.gitlab/merge_request_templates
 
 
examples
examples
 
 
.commitlintrc.yml
.commitlintrc.yml
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.releaserc
.releaserc
 
 
.tool-versions
.tool-versions
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
locals.tf
locals.tf
 
 
outputs.tf
outputs.tf
 
 
r-backup.tf
r-backup.tf
 
 
r-storage-account.tf
r-storage-account.tf
 
 
renovate.json
renovate.json
 
 
terraform.tfvars.ci
terraform.tfvars.ci
 
 
variables-logs.tf
variables-logs.tf
 
 
variables-naming.tf
variables-naming.tf
 
 
variables-tags.tf
variables-tags.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Azure Storage Account for file shares

Changelog Notice Apache V2 License TF Registry

Common Azure terraform module to create a Storage Account dedicated to file shares with backup enabled (except for NFS due to Azure limitation).

Storage is created with Premium SKU by default for production ready performances.

Global versioning rule for Claranet Azure modules

Module version Terraform version AzureRM version
>= 7.x.x 1.3.x >= 3.0
>= 6.x.x 1.x >= 3.0
>= 5.x.x 0.15.x >= 2.0
>= 4.x.x 0.13.x / 0.14.x >= 2.0
>= 3.x.x 0.12.x >= 2.0
>= 2.x.x 0.12.x < 2.0
< 2.x.x 0.11.x < 2.0

Contributing

If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.

More details are available in the CONTRIBUTING.md file.

Usage

This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module. More details about variables set by the terraform-wrapper available in the documentation.

data "http" "ip" {
  url = "http://ip4.clara.net/?raw"
}

module "azure_region" {
  source  = "claranet/regions/azurerm"
  version = "x.x.x"

  azure_region = var.azure_region
}

module "rg" {
  source  = "claranet/rg/azurerm"
  version = "x.x.x"

  location    = module.azure_region.location
  client_name = var.client_name
  environment = var.environment
  stack       = var.stack
}

module "run" {
  source  = "claranet/run/azurerm"
  version = "x.x.x"

  client_name         = var.client_name
  environment         = var.environment
  stack               = var.stack
  location            = module.azure_region.location
  location_short      = module.azure_region.location_short
  resource_group_name = module.rg.resource_group_name

  monitoring_function_enabled = false
  vm_monitoring_enabled       = false
  backup_vm_enabled           = false
  update_center_enabled       = false

  backup_file_share_enabled = true
}

module "storage_file" {
  source  = "claranet/storage-file/azurerm"
  version = "x.x.x"

  location       = module.azure_region.location
  location_short = module.azure_region.location_short
  client_name    = var.client_name
  environment    = var.environment
  stack          = var.stack

  resource_group_name = module.rg.resource_group_name

  account_replication_type = "LRS"

  logs_destinations_ids = [
    module.run.logs_storage_account_id,
    module.run.log_analytics_workspace_id
  ]

  backup_policy_id = module.run.file_share_backup_policy_id

  allowed_cidrs  = [format("%s/32", data.http.ip.response_body)]
  network_bypass = ["AzureServices"] # Mandatory for backup purpose

  file_shares = [
    {
      name        = "share-smb"
      quota_in_gb = 500
    },
    {
      name             = "share-nfs"
      quota_in_gb      = 700
      enabled_protocol = "NFS" # Note that NFS file shares are not backed up due to Azure limitation
    }
  ]

  file_share_authentication = {
    directory_type = "AADDS"
  }

  extra_tags = {
    foo = "bar"
  }
}

# Sample Cloud Init script that can be used in a VM or VMSS custom data
locals {
  # tflint-ignore: terraform_unused_declarations
  cloud_init_script = <<EOC
#!/bin/bash

apt install -o DPkg::Lock::Timeout=120 -y nfs-common cifs-utils

mkdir -p $(dirname ${module.storage_file.default_cifs_configuration_file_path})
echo "${module.storage_file.cifs_credentials_file_content}"  > ${module.storage_file.default_cifs_configuration_file_path}

mkdir -p ${module.storage_file.storage_file_shares_default_mount_paths["share-smb"]}
mkdir -p ${module.storage_file.storage_file_shares_default_mount_paths["share-nfs"]}

echo "${module.storage_file.storage_file_shares_default_fstab_entries["share-smb"]}" >> /etc/fstab
echo "${module.storage_file.storage_file_shares_default_fstab_entries["share-nfs"]}" >> /etc/fstab

mount ${module.storage_file.storage_file_shares_default_mount_paths["share-smb"]}
mount ${module.storage_file.storage_file_shares_default_mount_paths["share-nfs"]}}
EOC
}

Providers

Name Version
azurerm ~> 3.114

Modules

Name Source Version
storage_account claranet/storage-account/azurerm ~> 7.13.3

Resources

Name Type
azurerm_backup_container_storage_account.backup resource
azurerm_backup_protected_file_share.backup resource

Inputs

Name Description Type Default Required
account_replication_type Defines the type of replication to use for this Storage Account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS. string "ZRS" no
advanced_threat_protection_enabled Boolean flag which controls if advanced threat protection is enabled, see documentation for more information. bool false no
allowed_cidrs List of CIDR to allow access to that Storage Account. list(string) [] no
backup_policy_id ID of the Recovery Services Vault policy for file share backups. string n/a yes
client_name Client name/account used in naming string n/a yes
custom_diagnostic_settings_name Custom name of the diagnostics settings, name will be 'default' if not set. string "default" no
default_firewall_action Which default firewalling policy to apply. Valid values are Allow or Deny. string "Deny" no
default_tags_enabled Option to enable or disable default tags. bool true no
environment Project environment string n/a yes
extra_tags Additional tags to associate with your Azure Storage Account. map(string) {} no
file_share_authentication Storage Account file shares authentication configuration. 
object({
    directory_type = string
    active_directory = optional(object({
      storage_sid         = string
      domain_name         = string
      domain_sid          = string
      domain_guid         = string
      forest_name         = string
      netbios_domain_name = string
    }))
  })
 null no
file_share_cors_rules Storage Account file shares CORS rule. Please refer to the documentation for more information. 
object({
    allowed_headers    = list(string)
    allowed_methods    = list(string)
    allowed_origins    = list(string)
    exposed_headers    = list(string)
    max_age_in_seconds = number
  })
 null no
file_share_properties_smb Storage Account file shares smb properties. Multichannel is enabled by default on Premium Storage Accounts. 
object({
    versions                        = optional(list(string), null)
    authentication_types            = optional(list(string), null)
    kerberos_ticket_encryption_type = optional(list(string), null)
    channel_encryption_type         = optional(list(string), null)
    multichannel_enabled            = optional(bool, null)
  })
 null no
file_share_retention_policy_in_days Storage Account file shares retention policy in days. number 14 no
file_shares List of objects to create some File Shares in this Storage Account. 
list(object({
    name             = string
    quota_in_gb      = number
    enabled_protocol = optional(string)
    metadata         = optional(map(string))
    acl = optional(list(object({
      id          = string
      permissions = string
      start       = optional(string)
      expiry      = optional(string)
    })))
  }))
 n/a yes
https_traffic_only_enabled Boolean flag which forces HTTPS if enabled. Disabled if any NFS file share is provisioned. bool true no
identity_ids Specifies a list of User Assigned Managed Identity IDs to be assigned to this Storage Account. list(string) null no
identity_type Specifies the type of Managed Service Identity that should be configured on this Storage Account. Possible values are SystemAssigned, UserAssigned, SystemAssigned, UserAssigned (to enable both). string "SystemAssigned" no
is_premium True to enable Premium tier for this Storage Account. bool true no
location Azure location string n/a yes
location_short Short string for Azure location string n/a yes
logs_categories Log categories to send to destinations. list(string) null no
logs_destinations_ids List of destination resources IDs for logs diagnostic destination.
Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set.
If you want to use Azure EventHub as destination, you must provide a formatted string with both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the | character.		 list(string) n/a yes
logs_metrics_categories Metrics categories to send to destinations. list(string) null no
min_tls_version The minimum supported TLS version for the Storage Account. Possible values are TLS1_0, TLS1_1, and TLS1_2. string "TLS1_2" no
name_prefix Optional prefix for the generated name string "" no
name_suffix Optional suffix for the generated name string "" no
network_bypass Specifies whether traffic is bypassed for 'Logging', 'Metrics', 'AzureServices' or 'None'. list(string) 
[
  "Logging",
  "Metrics",
  "AzureServices"
]
 no
network_rules_enabled Boolean to enable Network Rules on the Storage Account, requires network_bypass, allowed_cidrs, subnet_ids or default_firewall_action correctly set if enabled. bool true no
private_link_access List of Private Link objects to allow access from. 
list(object({
    endpoint_resource_id = string
    endpoint_tenant_id   = optional(string, null)
  }))
 [] no
resource_group_name Resource group name string n/a yes
shared_access_key_enabled Indicates whether the Storage Account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). bool true no
stack Project stack name string n/a yes
storage_account_custom_name Custom Azure Storage Account name, generated if not set string "" no
subnet_ids Subnets to allow access to that Storage Account. list(string) [] no
use_caf_naming Use the Azure CAF naming provider to generate default resource name. storage_account_custom_name override this if set. Legacy default name is used if this is set to false. bool true no

Outputs

Name Description
cifs_credentials_file_content Content of the CIFS credentials file
default_cifs_configuration_file_path Default configuration file path for CIFS credentials file
storage_account_id Created Storage Account ID
storage_account_identity Created Storage Account identity block
storage_account_name Created Storage Account name
storage_account_properties Created Storage Account properties
storage_file_shares Created file shares in the Storage Account
storage_file_shares_default_fstab_entries Default fstab entries for the file shares
storage_file_shares_default_mount_commands Default mount commands for the file shares
storage_file_shares_default_mount_paths Default mount paths for the file shares
storage_file_shares_mount_endpoints Mount endpoints of created file shares
storage_file_shares_mount_options Mount options for the file shares

About

Terraform module for Azure Storage file shares

Topics

module azure terraform claranet

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

11 tags

Packages

No packages published

Contributors 6

Languages