Merge pull request #330 from sassoftware/staging

riragh · web-flow · commit cc1e0f5d16c0 · 2023-07-20T12:51:54.000-05:00
8.0.0 - July 20, 2023
diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md
@@ -315,7 +315,7 @@ When `storage_type=ha` (high availability), [Microsoft Azure NetApp Files](https
 | :--- | ---: | ---: | ---: | ---: |
 | netapp_service_level | The target performance level of the file system. Valid values include Premium, Standard, or Ultra. | string | "Premium" | |
 | netapp_size_in_tb | Provisioned size of the pool in TB. Value must be between 4 and 500 | number | 4 | |
-| netapp_protocols | The target volume protocol expressed as a list. Supported single value include CIFS, NFSv3, or NFSv4.1. If argument is not defined, it defaults to NFSv3. Changing this forces a new resource to be created and data will be lost. | list of strings | ["NFSv3"] | |
+| netapp_protocols | The target volume protocol expressed as a list. Supported single value include CIFS, NFSv3, or NFSv4.1. If argument is not defined, it defaults to NFSv4.1. Changing this forces a new resource to be created and data will be lost. | list of strings | ["NFSv4.1"] | |
 | netapp_volume_path |A unique file path for the volume. Used when creating mount targets. Changing this forces a new resource to be created. | string | "export" | |
 | netapp_network_features |Indicates which network feature to use, accepted values are `Basic` or `Standard`, it defaults to `Basic` if not defined. | string | "Basic" | This is a feature in public preview. For more information about it and how to register, please refer to [Configure network features for an Azure NetApp Files volume](https://docs.microsoft.com/en-us/azure/azure-netapp-files/configure-network-features)|
 
diff --git a/docs/Troubleshooting.md b/docs/Troubleshooting.md
@@ -1,13 +1,21 @@
 # Troubleshooting
 
+- [Troubleshooting](#troubleshooting)
+  - [Kubernetes Version is not supported in Azure region](#kubernetes-version-is-not-supported-in-azure-region)
+  - [Failure to delete AKS Node Pool](#failure-to-delete-aks-node-pool)
+  - [Import Azure Resource into Terraform state](#import-azure-resource-into-terraform-state)
+  - [Not able to access AKS with kubectl](#not-able-to-access-aks-with-kubectl)
+  - [Azure NetApp Files creation fails](#azure-netapp-files-creation-fails)
+  - [Azure NetApp NFSv3 volume file lock issue](#azure-netapp-nfsv3-volume-file-lock-issue)
+
 ##  Kubernetes Version is not supported in Azure region
 ```bash
 Error: creating Managed Kubernetes Cluster "viya-tst-aks" (Resource Group "viya-tst-rg"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="AgentPoolK8sVersionNotSupported" Message="Version 1.18.14 is not supported in this region. Please use [az aks get-versions] command to get the supported version list in this region. For more information, please check https://aka.ms/supported-version-list"
 
   on modules/azure_aks/main.tf line 2, in resource "azurerm_kubernetes_cluster" "aks":
    2: resource "azurerm_kubernetes_cluster" "aks" {
 ```
-**Resolution:**
+### Resolution:
 Run this Azure CLI command to get the supported Kubernetes versions in your Azure region and use value for `kubernetes_version` variable in input tfvars.
 ```bash
 az aks get-versions --location <YOUR_AZURE_LOCATION> --output table 
@@ -29,7 +37,7 @@ Error: waiting for the deletion of Node Pool "stateful" (Managed Kubernetes Clus
 Error: A resource with the ID "/subscriptions/REDACTED/resourcegroups/viya-tst-rg/providers/Microsoft.ContainerService/managedClusters/viya-tst-aks/agentPools/stateless" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_kubernetes_cluster_node_pool" for more information.
 ```
 
-**Resolution:**
+### Resolution:
 
 ```bash
 terraform import -var-file=sample-input.tfvars module.aks.azurerm_kubernetes_cluster.aks '/subscription/REDACTED/../../'
@@ -44,7 +52,7 @@ Error: authorization.RoleAssignmentsClient#Create: Failure responding to request
   18: resource "azurerm_role_assignment" "acr" {
 ```
 
-**Resolution:**
+### Resolution:
 Check values of environment variables - `ARM_* and TF_*`
 
 ## Azure NetApp Files creation fails
@@ -57,5 +65,25 @@ Error: Error creating NetApp Account "sse-vdsdp-ha1-netappaccount" (Resource Gro
   29: resource "azurerm_netapp_account" "anf" {
  ```
 
- **Resolution:**
+ ### Resolution:
  Check your Azure Subscription has been granted access to Azure NetApp Files service: [Azure Netapp Quickstart](https://docs.microsoft.com/en-us/azure/azure-netapp-files/azure-netapp-files-quickstart-set-up-account-create-volumes?tabs=azure-portal#before-you-begin)
+
+
+## Azure NetApp NFSv3 volume file lock issue
+In event of SAS Viya Platform deployment shutdown on an AKS cluster with Azure NetApp NFSv3 volume, the file locks persist and `sas-consul-server` cannot access raft.db until the file locks are broken. 
+
+### Resolution:
+There are two options to avoid this issue:
+
+1. Break the file locks from Azure Portal. For details see [Troubleshoot file locks on an Azure NetApp Files volume](https://learn.microsoft.com/en-us/azure/azure-netapp-files/troubleshoot-file-locks).
+
+2. Use Azure NetApp NFS volume version 4.1. Update to the latest version of `sassoftware/viya4-iac-azure` to use NFSv4.1 by default. If you are using sassoftware/viya4-iac-azure's release v7.2.0 or before, then add the variable `netapp_protocols` to your terraform.tfvars to switch to NFSv4.1.
+
+   **Note:** Changing this on existing cluster will result in data loss.
+   
+   Example:
+   ```bash
+   # Storage HA
+   storage_type = "ha"
+   netapp_protocols = ["NFSv4.1"]
+   ``` 
diff --git a/files/cloud-init/jump/cloud-config b/files/cloud-init/jump/cloud-config
@@ -43,12 +43,15 @@ runcmd:
       # mount the nfs
       #
   -   while [ `df -h | grep "${rwx_filestore_endpoint}:${rwx_filestore_path}" | wc -l` -eq 0 ]; do sleep 5 && mount -a ; done
-      #
-      # Change permissions and owner
-      #
-  -   mkdir -p ${jump_rwx_filestore_path}/pvs
-  -   $(chmod -fR 777 ${jump_rwx_filestore_path} ; echo)
-  -   $(chown -R nobody:nogroup ${jump_rwx_filestore_path} ; echo)
+  -   if ! [ -d "${jump_rwx_filestore_path}/pvs" ]
+  -   then
+        #
+        # Change permissions and owner
+        #
+  -     mkdir -p ${jump_rwx_filestore_path}/pvs
+  -     $(chmod -fR 777 ${jump_rwx_filestore_path} ; echo)
+  -     $(chown -R nobody:nogroup ${jump_rwx_filestore_path} ; echo)
+  -   fi
   - fi
   #
   # Update user for Docker, user=${vm_admin}
diff --git a/files/cloud-init/nfs/cloud-config b/files/cloud-init/nfs/cloud-config
@@ -58,10 +58,13 @@ runcmd:
   #
   - if [ "${aks_cidr_block}" != "${misc_cidr_block}" ]
   - then
-  -   echo "/export         ${aks_cidr_block}(rw,no_root_squash,async,insecure,fsid=0,crossmnt,no_subtree_check)" >> /etc/exports
-  -   echo "/export         ${misc_cidr_block}(rw,no_root_squash,async,insecure,fsid=0,crossmnt,no_subtree_check)" >> /etc/exports
+  -   echo "/         ${aks_cidr_block}(ro,fsid=0)" >> /etc/exports
+  -   echo "/         ${misc_cidr_block}(ro,fsid=0)" >> /etc/exports
+  -   echo "/export   ${aks_cidr_block}(rw,no_root_squash,async,insecure,crossmnt,no_subtree_check)" >> /etc/exports
+  -   echo "/export   ${misc_cidr_block}(rw,no_root_squash,async,insecure,crossmnt,no_subtree_check)" >> /etc/exports
   - else
-  -   echo "/export         ${aks_cidr_block}(rw,no_root_squash,async,insecure,fsid=0,crossmnt,no_subtree_check)" >> /etc/exports
+  -   echo "/         ${aks_cidr_block}(ro,fsid=0)" >> /etc/exports
+  -   echo "/export   ${aks_cidr_block}(rw,no_root_squash,async,insecure,crossmnt,no_subtree_check)" >> /etc/exports
   - fi
   #
   # Restart nfs-server service
diff --git a/main.tf b/main.tf
@@ -252,6 +252,19 @@ module "netapp" {
   depends_on          = [module.vnet]
 }
 
+module "message_broker" {
+  source = "./modules/azurerm_message_broker"
+  count  = var.create_azure_message_broker ? 1 : 0
+
+  resource_group_name     = local.aks_rg.name
+  location                = var.location
+  prefix                  = var.prefix
+  message_broker_sku      = var.message_broker_sku
+  message_broker_name     = var.message_broker_name
+  message_broker_capacity = var.message_broker_capacity
+  tags                    = var.tags
+}
+
 data "external" "git_hash" {
   program = ["files/tools/iac_git_info.sh"]
 }
diff --git a/modules/azurerm_message_broker/main.tf b/modules/azurerm_message_broker/main.tf
@@ -0,0 +1,26 @@
+# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+# Azure Service Bus
+# - https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-messaging-overview
+# - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/servicebus_namespace
+# - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/servicebus_namespace_authorization_rule
+
+resource "azurerm_servicebus_namespace" "message_broker" {
+  name                = "${var.prefix}-message-broker"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  sku                 = var.message_broker_sku
+  capacity            = var.message_broker_capacity
+
+  tags = var.tags
+}
+
+resource "azurerm_servicebus_namespace_authorization_rule" "message_broker_config" {
+  name         = var.message_broker_name
+  namespace_id = azurerm_servicebus_namespace.message_broker.id
+
+  listen = true
+  send   = true
+  manage = true
+}
diff --git a/modules/azurerm_message_broker/outputs.tf b/modules/azurerm_message_broker/outputs.tf
@@ -0,0 +1,10 @@
+# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+output "message_broker_hostname" {
+  value = regex("//(.*):", azurerm_servicebus_namespace.message_broker.endpoint)
+}
+
+output "message_broker_primary_key" {
+  value = azurerm_servicebus_namespace_authorization_rule.message_broker_config.primary_key
+}
diff --git a/modules/azurerm_message_broker/variables.tf b/modules/azurerm_message_broker/variables.tf
@@ -0,0 +1,40 @@
+# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+variable "prefix" {
+  description = "A prefix used in the name for all the Azure resources created by this script."
+  type        = string
+}
+
+variable "resource_group_name" {
+  description = "The name of the resource group in which to create the PostgreSQL Server. Changing this forces a new resource to be created."
+  type        = string
+}
+
+variable "location" {
+  description = "Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created."
+  type        = string
+}
+
+variable "message_broker_sku" {
+  description = "Defines which tier to use. Options are Basic, Standard or Premium. SAS Viya Platform recommends using 'Premium'."
+  type        = string
+  default     = "Premium"
+}
+
+variable "message_broker_name" {
+  description = "Specifies the name of the message broker, also specified for the ServiceBus Namespace Authorization Rule resource. Changing this forces a new resource to be created."
+  type        = string
+  default     = "Arke"
+}
+
+variable "message_broker_capacity" {
+  description = "Specifies the capacity. When sku is Premium, capacity can be 1, 2, 4, 8 or 16. When sku is Basic or Standard, capacity can be 0 only."
+  type        = number
+  default     = 1
+}
+
+variable "tags" {
+  description = "Map of common tags to be placed on the Resources"
+  type        = map(any)
+}
diff --git a/modules/azurerm_netapp/variables.tf b/modules/azurerm_netapp/variables.tf
@@ -55,9 +55,9 @@ variable "volume_path" {
 }
 
 variable "protocols" {
-  description = "The target volume protocol expressed as a list. Supported single value include CIFS, NFSv3, or NFSv4.1. If argument is not defined it will default to NFSv3. Changing this forces a new resource to be created and data will be lost."
+  description = "The target volume protocol expressed as a list. Supported single value include CIFS, NFSv3, or NFSv4.1. If argument is not defined it will default to NFSv4.1. Changing this forces a new resource to be created and data will be lost."
   type        = list(string)
-  default     = ["NFSv3"]
+  default     = ["NFSv4.1"]
 }
 
 variable "allowed_clients" {
diff --git a/outputs.tf b/outputs.tf
@@ -144,3 +144,17 @@ output "cluster_node_pool_mode" {
 output "cluster_api_mode" {
   value = var.cluster_api_mode
 }
+
+## Message Broker - Azure Service Bus
+output "message_broker_hostname" {
+  value = var.create_azure_message_broker ? element(flatten(module.message_broker[*].message_broker_hostname), 0) : null
+}
+
+output "message_broker_primary_key" {
+  value     = var.create_azure_message_broker ? element(coalescelist(module.message_broker[*].message_broker_primary_key, [""]), 0) : null
+  sensitive = true
+}
+
+output "message_broker_name" {
+  value = var.create_azure_message_broker ? var.message_broker_name : null
+}
diff --git a/variables.tf b/variables.tf
@@ -451,9 +451,9 @@ variable "netapp_size_in_tb" {
 }
 
 variable "netapp_protocols" {
-  description = "The target volume protocol expressed as a list. Supported single value include CIFS, NFSv3, or NFSv4.1. If argument is not defined it will default to NFSv3. Changing this forces a new resource to be created and data will be lost."
+  description = "The target volume protocol expressed as a list. Supported single value include CIFS, NFSv3, or NFSv4.1. If argument is not defined it will default to NFSv4.1. Changing this forces a new resource to be created and data will be lost."
   type        = list(string)
-  default     = ["NFSv3"]
+  default     = ["NFSv4.1"]
 }
 
 variable "netapp_volume_path" {
@@ -741,3 +741,28 @@ variable "aks_identity" {
     error_message = "ERROR: Supported values for `aks_identity` are: uai, sp."
   }
 }
+
+## Message Broker - Azure Service Bus - Experimental
+variable "create_azure_message_broker" {
+  description = "Allows user to create a fully managed enterprise message broker: Azure Service Bus"
+  type        = bool
+  default     = false
+}
+
+variable "message_broker_sku" {
+  description = "Defines which tier to use. Options are Basic, Standard or Premium. SAS Viya Platform recommends using 'Premium'."
+  type        = string
+  default     = "Premium"
+}
+
+variable "message_broker_name" {
+  description = "Specifies the name of the message broker, also specified for the ServiceBus Namespace Authorization Rule resource. Changing this forces a new resource to be created."
+  type        = string
+  default     = "Arke"
+}
+
+variable "message_broker_capacity" {
+  description = "Specifies the capacity. When sku is Premium, capacity can be 1, 2, 4, 8 or 16. When sku is Basic or Standard, capacity can be 0 only."
+  type        = number
+  default     = 1
+}
diff --git a/versions.tf b/versions.tf
@@ -8,11 +8,11 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.54.0"
+      version = "3.64.0"
     }
     azuread = {
       source  = "hashicorp/azuread"
-      version = "2.38.0"
+      version = "2.39.0"
     }
     external = {
       source  = "hashicorp/external"
diff --git a/vms.tf b/vms.tf
@@ -7,6 +7,8 @@ locals {
     : var.storage_type == "ha" ? module.netapp[0].netapp_endpoint : module.nfs[0].private_ip_address
   )
 
+  protocol_version = var.storage_type == "ha" && startswith(var.netapp_protocols[0], "NFS") ? split("v", var.netapp_protocols[0])[1] : "4.1"
+
   rwx_filestore_path = (var.storage_type == "none"
     ? ""
     : var.storage_type == "ha" ? module.netapp[0].netapp_path : "/export"
@@ -19,7 +21,7 @@ locals {
         ["${local.rwx_filestore_endpoint}:${local.rwx_filestore_path}",
           var.jump_rwx_filestore_path,
           "nfs",
-          "_netdev,auto,x-systemd.automount,x-systemd.mount-timeout=10,timeo=14,x-systemd.idle-timeout=1min,relatime,hard,rsize=1048576,wsize=1048576,vers=3,tcp,namlen=255,retrans=2,sec=sys,local_lock=none",
+          "_netdev,auto,x-systemd.automount,x-systemd.mount-timeout=10,timeo=14,x-systemd.idle-timeout=1min,relatime,hard,rsize=1048576,wsize=1048576,vers=${local.protocol_version},tcp,namlen=255,retrans=2,sec=sys,local_lock=none",
           "0",
           "0"
       ])

Original file line number	Diff line number	Diff line change
`@@ -55,9 +55,9 @@ variable "volume_path" {`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`variable "protocols" {`
`58`		`- description = "The target volume protocol expressed as a list. Supported single value include CIFS, NFSv3, or NFSv4.1. If argument is not defined it will default to NFSv3. Changing this forces a new resource to be created and data will be lost."`
	`58`	`+ description = "The target volume protocol expressed as a list. Supported single value include CIFS, NFSv3, or NFSv4.1. If argument is not defined it will default to NFSv4.1. Changing this forces a new resource to be created and data will be lost."`
`59`	`59`	`type = list(string)`
`60`		`- default = ["NFSv3"]`
	`60`	`+ default = ["NFSv4.1"]`
`61`	`61`	`}`
`62`	`62`
`63`	`63`	`variable "allowed_clients" {`