| page_title | subcategory | description |
|---|---|---|
cbs_array_azure Resource - terraform-provider-cbs |
Allows the deployment and management of a Cloud Block Store instance on Azure. The instance is deployed as an Azure Managed Application.
Refer to the deployment guide for information on how to configure the Azure environment for the CBS instance.
~>Along with the infrastructure components defined in the deployment guide, an Azure Key Vault
is required to deploy Cloud Block Store in Azure using Terraform. An existing Key Vault may be used or a new
one can be created for the array. Multiple arrays may reuse the same Key Vault. Any Azure account
that wishes to use Terraform to perform management operations on the array must be granted Get,
Set, Delete, List, and Recover permissions on secrets within the Key Vault. All secrets created
or accessed by the CBS Terraform Provider will use a cbs- prefix. An example Key Vault creation using the
azurerm_key_vault resource from the azurerm provider
is shown below.
~>In order to set up long term management of new arrays, the provider must obtain access to the array
during deployment in order to obtain management credentials. In order to accomplish this, the provider
must be supplied a private SSH key, either a file path to the key with the pureuser_private_key_path
parameter or the key text itself with the pureuser_private_key parameter. The management credentials
are stored in the Azure Key Vault that is specified by the key_vault_id parameter (see the above
note for more information about the key vault). To retrieve the credentials, the provider requires
access to the management port of the array, and therefore the machine running Terraform must be
able to access the management subnet used for the array.
~>Updates are currently not supported for this resource.
// retrieves information about the configuration of the azurerm provider
// The client configuration used for the "cbs" provider must match the client configuration used
// for the "azurerm" provider, otherwise the "cbs" provider will not be able to access the key vault.
data "azurerm_client_config" "client_config" {}
// Key Vault name must be globally unique
resource "random_id" "vault_id" {
byte_length = 8
}
resource "azurerm_key_vault" "cbs_key_vault" {
name = "cbs-${random_id.vault_id.hex}"
location = "location_xxxx"
resource_group_name = "resource_yyyy"
tenant_id = data.azurerm_client_config.client_config.tenant_id
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.client_config.tenant_id
object_id = data.azurerm_client_config.client_config.object_id
secret_permissions = ["Get", "Set", "Delete", "List", "Recover"]
}
}
data "cbs_plan_azure" "version_plan" {
plan_version = "6.6.x"
}
resource "cbs_array_azure" "azure_instance" {
array_name = "terraform-example-instance"
location = "location_xxxx"
resource_group_name = "resource_xxxx"
license_key = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"
log_sender_domain = "example-company.org"
alert_recipients = ["[email protected]", "[email protected]"]
array_model = "V10MUR1"
zone = 1
key_vault_id = azurerm_key_vault.cbs_key_vault.id
pureuser_private_key_path = "/path/to/private_key"
virtual_network_id = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx/resourceGroups/mock_resource_group_name/providers/Microsoft.Network/virtualNetworks/xxxxxxxx",
management_subnet = "SN-xxxxxxxxxxxxxx"
system_subnet = "SN-xxxxxxxxxxxxxx"
iscsi_subnet = "SN-xxxxxxxxxxxxxx"
replication_subnet = "SN-xxxxxxxxxxxxxx"
user_assigned_identity = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx/resourcegroups/mock_resource_group_name/providers/Microsoft.ManagedIdentity/userAssignedIdentities/xxxxxxx",
jit_approval_group_object_ids = ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]
plan {
name = data.cbs_plan_azure.version_plan.name
product = data.cbs_plan_azure.version_plan.product
publisher = data.cbs_plan_azure.version_plan.publisher
version = data.cbs_plan_azure.version_plan.version
}
}alert_recipients(Optional) - List of email addresses to receive alerts.array_model(Required) - CBS array size to launch. The possible values areV10MUR1,V20MUR1,V10MP2R2orV20MP2R2.array_name(Required) - Name of the array, and the name of the managed application. Required when the array is deployed for use in a Fusion cluster.iscsi_subnet(Required) - Subnet containing the iSCSI interfaces on the array.jit_approval_group_object_ids(Required) - A list of Azure group object IDs for people who are allowed to approve JIT requests. When used the maximum possible duration of a JIT access request will be set toPT8H. The azuread_group datasource can be used to look up the group_id from the name of the group.key_vault_id(Required) - Key Vault where provider stores sensitive information.license_key(Required) - Pure Storage-provided license key.location(Required) - Azure location in which to deploy the array.log_sender_domain(Required) - Domain name used to determine how CBS logs are parsed and treated by Pure Storage Support and Escalations.management_subnet(Required) - Subnet containing the management interfaces on the array.plan(Optional) - A managed application plan configuration block. See below for nested schema.pureuser_private_key_path(Optional) - File path of the private key to enable SSH access to the controllers. You must specify onepureuser_private_key_pathor onepureuser_private_key.pureuser_private_key(Optional) - Text content of the private key to enable SSH access to the controllers. You must specify onepureuser_private_key_pathor onepureuser_private_key.replication_subnet(Required) - Subnet containing the replication interfaces on the array.resource_group_name(Required) - Name of the resource group in which to deploy the managed application.system_subnet(Required) - Subnet for the system interface of the Array.tags(Optional) - A list of tags to apply to all resources in the managed application.resource_tags(Optional) - A list of objects defining specific tags for specific resource types, overriding global tags if conflicting. See below for nested schemauser_assigned_identity(Required) - A required input that denotes the identity of the customer User Assigned identity.virtual_network_id(Required) - The ID of the virtual network that contains the network interfaces of the array.zone(Required) - The Availability Zone within the deployment location.
name(Required) - Specifies the name of the plan from the marketplace.product(Required) - Specifies the product of the plan from the marketplace.publisher(Required) - Specifies the publisher of the plan.version(Required) - Specifies the version of the plan from the marketplace.
resource(Required) - Specifies the Azure resource type to tag with custom tags defined inside of this block. ExampleMicrosoft.Compute/virtualMachines,Microsoft.Network/networkInterfacesorMicrosoft.Compute/diskstag(Required) - Configuration block defining a custom tag for given resource type. See below for nested schema
name(Required) - Name of the custom tagvalue(Required) - Value for the custom tag
application_name- The name of the managed application.ct0_name- The name of the controller ct0 instance.ct1_name- The name of the controller ct1 instance.iscsi_endpoint_ct0- iSCSI IP address and port of the ct0 instance.iscsi_endpoint_ct1- iSCSI IP address and port of the ct1 instance.managed_resource_group_name- The name of the managed resource group of the managed application.management_endpoint- Management IP address of the CBS instance.management_endpoint_ct0- Management IP address of the ct0 instance.management_endpoint_ct1- Management IP address of the ct1 instance.replication_endpoint_ct0- Replication IP address of the ct0 instance.replication_endpoint_ct1- Replication IP address of the ct1 instance.