You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Terraform/deploy-fsx-ontap/module/README.md
+51-46Lines changed: 51 additions & 46 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,15 +21,23 @@ Calling this terraform module will result the following:
21
21
* Create a new AWS Security Group in your VPC with the following rules:
22
22
-**Ingress** allow all ICMP traffic
23
23
-**Ingress** allow nfs port 111 (both TCP and UDP)
24
-
-**Ingress** allow cifc TCP port 139
24
+
-**Ingress** allow cifs TCP port 139
25
25
-**Ingress** allow snmp ports 161-162 (both TCP and UDP)
26
26
-**Ingress** allow smb cifs TCP port 445
27
-
-**Ingress** alloe bfs mount port 635 (both TCP and UDP)
27
+
-**Ingress** allow nfs mount port 635 (both TCP and UDP)
28
+
-**Ingress** allow kerberos TCP port 749
29
+
-**Ingress** allow nfs port 2049 (both TCP and UDP)
30
+
-**Ingress** allow nfs lock and monitoring 4045-4046 (both TCP and UDP)
31
+
-**Ingress** allow nfs quota TCP 4049
32
+
-**Ingress** allow Snapmirror Intercluster communication TCP port 11104
33
+
-**Ingress** allow Snapmirror data transfer TCP port 11105
34
+
-**Ingress** allow ssh port 22
35
+
-**Ingress** allow https port 443
28
36
-**Egress** allow all traffic
29
37
* Create a new FSx for Netapp ONTAP file-system in your AWS account named "_terraform-fsxn_". The file-system will be created with the following configuration parameters:
30
38
* 1024Gb of storage capacity
31
39
* Multi AZ deployment type
32
-
*256Mbps of throughput capacity
40
+
*128Mbps of throughput capacity
33
41
34
42
* Create a Storage Virtual Maching (SVM) in this new file-system named "_first_svm_"
35
43
* Create a new FlexVol volume in this SVM named "_vol1_" with the following configuration parameters:
@@ -49,8 +57,8 @@ Calling this terraform module will result the following:
@@ -68,24 +76,23 @@ Calling this terraform module will result the following:
68
76
> [!NOTE]
69
77
> In this sample, the AWS Credentials were configured through [AWS CLI](https://aws.amazon.com/cli/), which adds them to a shared configuration file (option 4 above). Therefore, this documentation only provides guidance on setting-up the AWS credentials with shared configuration file using AWS CLI.
70
78
71
-
#### Configure AWS Credentials using AWS CLI
79
+
#### Configure AWS Credentials using AWS CLI
72
80
73
-
The AWS Provider can source credentials and other settings from the shared configuration and credentials files. By default, these files are located at `$HOME/.aws/config` and `$HOME/.aws/credentials` on Linux and macOS, and `"%USERPROFILE%\.aws\credentials"` on Windows.
81
+
The AWS Provider can source credentials and other settings from the shared configuration and credentials files. By default, these files are located at `$HOME/.aws/config` and `$HOME/.aws/credentials` on Linux and macOS, and `"%USERPROFILE%\.aws\credentials"` on Windows.
74
82
75
-
There are several ways to set your credentials and configuration setting using AWS CLI. We will use [`aws configure`](https://docs.aws.amazon.com/cli/latest/reference/configure/index.html) command:
83
+
There are several ways to set your credentials and configuration setting using AWS CLI. We will use [`aws configure`](https://docs.aws.amazon.com/cli/latest/reference/configure/index.html) command:
76
84
77
-
Run the following command to quickly set and view your credentails, region, and output format. The following example shows sample values:
85
+
Run the following command to quickly set and view your credentails, region, and output format. The following example shows sample values:
Default region name [None]: < YOUR-PREFERRED-REGION >
84
-
Default output format [None]: json
85
-
```
86
-
87
-
To list configuration data, use the [`aws configire list`](https://docs.aws.amazon.com/cli/latest/reference/configure/list.html) command. This command lists the profile, access key, secret key, and region configuration information used for the specified profile. For each configuration item, it shows the value, where the configuration value was retrieved, and the configuration variable name.
Default region name [None]: < YOUR-PREFERRED-REGION >
92
+
Default output format [None]: json
93
+
```
88
94
95
+
To list configuration data, use the [`aws configire list`](https://docs.aws.amazon.com/cli/latest/reference/configure/list.html) command. This command lists the profile, access key, secret key, and region configuration information used for the specified profile. For each configuration item, it shows the value, where the configuration value was retrieved, and the configuration variable name.
89
96
90
97
## Usage
91
98
@@ -126,9 +133,9 @@ module "fsxontap" {
126
133
primarysub = "<YOUR-PRIMARY-SUBNET>"
127
134
secondarysub = "<YOUR-SECONDAY-SUBNET>"
128
135
}
129
-
create_sg = <true / false> // true to create Security Group for the Fs / false otherwise
136
+
create_sg = true // true to create Security Group for the Fs / false otherwise
130
137
cidr_for_sg = "<YOUR-CIDR-BLOCK>"
131
-
fsx_admin_password = "<YOUR_PASSWORD>"
138
+
fsx_secret_name = "<YOUR_SECRET>" // The name of a secret in AWS Secrets Manager that contains the FSxN admin password.
132
139
tags = {
133
140
Terraform = "true"
134
141
Environment = "dev"
@@ -140,7 +147,7 @@ module "fsxontap" {
140
147
> To Override default values assigned to other variables in this module, add them to this source block as well. The above source block includes the minimum requirements only.
141
148
142
149
> [!NOTE]
143
-
> The default deployment type is: MULTI_AZ_1. For SINGLE AZ deployment, override the `fsx_deploy_type` variable in the module block, and make sure to only provide one subnet as `primarysub`
150
+
> The default deployment type is: MULTI_AZ_1. For SINGLE AZ deployment, set the `fsx_deploy_type` variable to SINGLE_AZ_1 in the module block.
144
151
145
152
Please read the vriables descriptions in `variables.tf` file for more information regarding the variables passed to the module block.
| fsx_admin_password | The ONTAP administrative password for the fsxadmin user that you can use to administer your file system using the ONTAP CLI and REST API |`string`| n/a | yes |
254
258
| backup_retention_days | The number of days to retain automatic backups. Setting this to 0 disables automatic backups. You can retain automatic backups for a maximum of 90 days. |`number`|`0`| no |
255
-
| cidr_for_sg | cide block to be used for the ingress rules |`string`|`"0.0.0.0/0"`| no |
256
-
| create_sg | Determines whether the SG should be deployed as part of this execution or not |`bool`|`false`| no |
259
+
| capacity_size_gb | The storage capacity (GiB) of the FSxN file system. Valid values between 1024 and 196608 |`number`|`1024`| no |
260
+
| cidr_for_sg | cidr block to be used for the created security ingress rules. Set to an empty string if you want to use the source_sg_id as the source. |`string`|`""`| no |
261
+
| create_sg | Determines whether the SG should be deployed as part of this deployment or not. |`bool`|`true`| no |
257
262
| daily_backup_start_time | A recurring daily time, in the format HH:MM. HH is the zero-padded hour of the day (0-23), and MM is the zero-padded minute of the hour. Requires automatic_backup_retention_days to be set. |`string`|`"00:00"`| no |
258
-
| disk_iops_configuration | The SSD IOPS configuration for the Amazon FSx for NetApp ONTAP file system |`map(any)`|`null`| no |
259
-
| fsx_capacity_size_gb | The storage capacity (GiB) of the FSxN file system. Valid values between 1024 and 196608 |`number`|`1024`| no |
260
-
| fsx_deploy_type | The filesystem deployment type. Supports MULTI_AZ_1 and SINGLE_AZ_1 |`string`|`"MULTI_AZ_1"`| no |
261
-
| fsx_maintenance_start_time | The preferred start time (in d:HH:MM format) to perform weekly maintenance, in the UTC time zone. |`string`|`"1:00:00"`| no |
262
-
| fsx_name | The deployed filesystem name |`string`|`"terraform-fsxn"`| no |
263
-
| fsx_subnets | A list of IDs for the subnets that the file system will be accessible from. Up to 2 subnets can be provided. |`map(any)`|<pre>{<br>"primarysub": "",<br>"secondarysub": ""<br>}</pre>| no |
264
-
| fsx_tput_in_MBps | The throughput capacity (in MBps) for the file system. Valid values are 128, 256, 512, 1024, 2048, and 4096. |`number`|`256`| no |
263
+
| deployment_type | The filesystem deployment type. Supports MULTI_AZ_1 and SINGLE_AZ_1 |`string`|`"MULTI_AZ_1"`| no |
264
+
| disk_iops_configuration | The SSD IOPS configuration forthe file system. Valid modes are 'AUTOMATIC' (3 iops per GB provided) or 'USER_PROVISIONED'. NOTE: Due to a bugin the AWS FSx provider, if you want AUTOMATIC, then leave this variable empty. If you want USER_PROVIDEDED, then add a 'mode=USER_PROVISIONED' (with USER_PROVISIONED enclosed in doube quotes) and 'iops=number' where number is between 1 and 160000. |`map(any)`|`{}`| no |
265
265
| kms_key_id | ARN for the KMS Key to encrypt the file system at rest, Defaults to an AWS managed KMS Key. |`string`|`null`| no |
266
-
| root_vol_sec_style | Specifies the root volume security style, Valid values are UNIX, NTFS, and MIXED. All volumes created under this SVM will inherit the root security style unless the security style is specified on the volume. |`string`|`"UNIX"`| no |
267
-
| route_table_ids | Specifies the VPC route tables in which your file system's endpoints will be created. You should specify all VPC route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table. |`list(any)`|`null`| no |
268
-
| storage_type | The filesystem storage type|`string`|`"SSD"`| no |
269
-
| svm_name | The name of the Storage Virtual Machine |`string`|`"first_svm"`| no |
270
-
| tags | Tags to be applied to the resources |`map(any)`|<pre>{<br>"Name": "terraform-fsxn"<br>}</pre>| no |
271
-
| vol_info | Details for the volume creation |`map(any)`|<pre>{<br>"bypass_sl_retention": false,<br>"cooling_period": 31,<br>"copy_tags_to_backups": false,<br>"efficiency": true,<br>"junction_path": "/vol1",<br>"sec_style": "UNIX",<br>"size_mg": 1024,<br>"skip_final_backup": false,<br>"tier_policy_name": "AUTO",<br>"vol_name": "vol1",<br>"vol_type": "RW"<br>}</pre>| no |
272
-
| vol_snapshot_policy | Specifies the snapshot policy for the volume |`map(any)`|`null`| no |
273
-
| vpc_id | The ID of the VPC in which the FSxN fikesystem should be deployed |`string`|`"vpc-111111111"`| no |
266
+
| maintenance_start_time | The preferred start time (in d:HH:MM format) to perform weekly maintenance, in the UTC time zone. |`string`|`"1:00:00"`| no |
267
+
| name | The name to assigne to the FSxN file system. |`string`|`"fsx1"`| no |
268
+
| root_vol_sec_style | Specifies the root volume security style, Valid values are UNIX, NTFS, and MIXED (although MIXED is not recommended). All volumes created under this SVM will inherit the root security style unless the security style is specified on the volume. |`string`|`"UNIX"`| no |
269
+
| route_table_ids | Specifies the VPC route tables in which your file system's endpoints will be created. You should specify all VPC route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table. Note, this variable is only used for MULTI_AZ_1 type deployments. |`list(any)`|`null`| no |
270
+
| secret_name | The name of the secure where the FSxN passwood is stored. |`string`|`""`| no |
271
+
| security_group_id | If you are not creating the security group, provide the ID of the security group to be used. |`string`|`""`| no |
272
+
| source_sg_id | The ID of the security group to allow access to the FSxN file system. Set to an empty string if you want to use the cidr_for_sg as the source. |`string`|`""`| no |
273
+
| subnets | The subnets from where the file system will be accessible from. For MULTI_AZ_1 deployment type, provide both primvary and secondary subnets. For SINGLE_AZ_1 deployment type, only the primary subnet is used. |`map(string)`|<pre>{<br>"primarysub": "subnet-111111111",<br>"secondarysub": "subnet-222222222"<br>}</pre>| no |
274
+
| svm_name | The name of the Storage Virtual Machine, (a.k.a. vserver). |`string`|`"first_svm"`| no |
275
+
| tags | Tags to be applied to the FSxN file system. |`map(any)`|`{}`| no |
276
+
| throughput_in_MBps | The throughput capacity (in MBps) for the file system. Valid values are 128, 256, 512, 1024, 2048, and 4096. |`number`|`128`| no |
277
+
| vol_info | Details for the volume creation |`map(any)`|<pre>{<br>"cooling_period": 31,<br>"copy_tags_to_backups": false,<br>"efficiency": true,<br>"junction_path": "/vol1",<br>"sec_style": "UNIX",<br>"size_mg": 1024,<br>"skip_final_backup": false,<br>"snapshot_policy": "default",<br>"tier_policy_name": "AUTO",<br>"vol_name": "vol1",<br>"vol_type": "RW"<br>}</pre>| no |
278
+
| vpc_id | The ID of the VPC in where the security group will be created. |`string`|`""`| no |
274
279
275
280
### Outputs
276
281
@@ -297,4 +302,4 @@ See the License for the specific language governing permissions and limitations
0 commit comments