Uncategorized

Setting up your ANF stack with Terraform (IaaC) in existing Azure environment

Rizul Khannaby
1 Comment on Setting up your ANF stack with Terraform (IaaC) in existing Azure environment

With the advancement in Cloud computing space, enterprises are increasing their adoption of public cloud every year. Organizations are looking at Hybrid or Multi-Cloud strategy and this also comes with a rather interesting pain point around centralized management of these cloud resources. Infrastructure as a Code helps addresses this pain-point very efficiently. Terraform by Hashicorp provides a very powerful platform-agnostic framework for managing your multi-cloud hyperscaler Infrastructure via code. Engineers love terraform and often integrate it with their Infrastructure and Application DevOps pipeline, configuration management, security & other 3rd party tool.

Azure NetApp Files is a first party Microsoft Azure Cloud service that provides the best in class performance for File storage protocols: SMB and NFS, better than any other cloud storage service in the market and is the chosen platform of choice by many large enterprises for enterprise-grade deployment of their application workloads like WVD, Citrix VDI, SAP, Databases, File Server consolidation, High Performance Computing, Azure PaaS services like AKS, Azure Batch etc.

Let’s look at the steps to setup Azure NetApp Files in an existing Azure Environment.

Pre-requisite:

Setup an Azure Service principal that allows terraform to interact with your Azure account and modify the Infrastructure

Steps:

Make sure your user has the right privilege to create and destroy resources in Azure with certain RG or region or subscription

Navigate to Azure Active Directory and perform a new Application Registration. It generates the following information

Add a client secret to the ‘Registered App’

  • Download terraform binaries and install them in your local computer or remote system
  • Setup terraform path with environment variables
  • Open Visual studio code and test if terraform is working correctly terraform –version. You will get a response similar to this one:

Create a new file, main.tf and add the following content

Run ‘terraform init’ command and you should get this response:

  • This indicates terraform has been setup correctly and we can start creating Azure resources
  • Now we are implementing ANF in an existing Azure environment and we already have the following resources in our account:

Resource group for ANF resources – terraform-rg

VNET – eu-north-hub is a part of the Resource group – eu-north-core

Delegated Subnet for ANF – ANF-rg

Create a new file terraformanf.tf and start by declaring these known resources in the Azure environment

Add details on the Azure NetApp Account and a capacity pool:

  • Save the terraform file, terraformanf.tf and run ‘terraform plan’ to check if there are any issues, once everything looks good, run ‘terraform apply’
  • There seems to a bug in the terraform module for ANF and it does not update the credentials for Active Directory connection with ANF and hence I tested a workaround by making an API call to Azure NetApp Files and update the Active Directory connection details

We start by making an API call to our azure tenant and generate the access token for the ANF API call : POST https://login.microsoftonline.com/{{tenant}}/oauth2/token and specifying grant_type as Client Credentials, client_id, client_secret_id and resource as https://management.azure.com/

We will receive a response similar to this:

  • We will use the access token generated as above to make an additional API call for Active Directory connection update as follows:

Replace the {subscriptionId}, {resourceGroupName}, {accountName} with actual values

PATCH

https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.NetApp/netAppAccounts/{accountName}?api-version=2020-02-01

Use authorization as Bearer {{token}} where token is the above generated token, Content-Type as application/json and use the below json in payload. Replace the values with actual values

We should get a 200 OK response similar to this one:

We will create ANF volume both CIFS and NFS now. For this, edit the terraformanf.tf file in visual studio code and add the following resource(s) in the file:

We can also add resources for snapshot creation in the terraformanf.tf file as below:

Save the terraformanf.tf file once again and run terraform plan followed by terraform apply command to form all the resources. We should get a success response similar to this:

Interested to explore use-cases for Azure NetApp Files further, read the official documentation at https://docs.microsoft.com/en-us/azure/azure-netapp-files/azure-netapp-files-solution-architectures

Check out other cool posts around Azure NetApp Files at: anfcommunity.com

Tags:

Published by Rizul Khanna

Azure Cloud Solution Architect @NetApp. I'm a multi-cloud specialist certified in all leading Hyperscalers - Azure, AWS, GCP, Alibaba Cloud and VMware. I have spent all my professional career working on Infrastructure and Cloud Solutions helping customers get the best of their IT Investments and build state of the art solution architectures. I also specialize in DevOps Transformation programs & Open-Source solutions. Get in touch to learn how Azure NetApp Files can help you achieve the best-in-class storage performance across all Cloud service providers!

1 comment

  1. Pingback: Azure NetApp Files with Terraform – Update! – anfcommunity

Leave a Reply

%d