From 80cbd3abd0324e9780da2632e06ae18594db1605 Mon Sep 17 00:00:00 2001 From: nichollri Date: Thu, 3 Oct 2024 08:15:47 -0500 Subject: [PATCH] added deploy of DR system, commented out source stuff for now --- Terraform/fsxn-replicate/main.tf | 135 ++++++---- Terraform/fsxn-replicate/output.tf | 20 +- Terraform/fsxn-replicate/security_groups.tf | 269 ++++++++++++++++++++ Terraform/fsxn-replicate/variables.tf | 173 ++++++++++++- 4 files changed, 535 insertions(+), 62 deletions(-) create mode 100644 Terraform/fsxn-replicate/security_groups.tf diff --git a/Terraform/fsxn-replicate/main.tf b/Terraform/fsxn-replicate/main.tf index 3956ae0..05df2da 100644 --- a/Terraform/fsxn-replicate/main.tf +++ b/Terraform/fsxn-replicate/main.tf @@ -25,59 +25,94 @@ data "aws_secretsmanager_secret_version" "ontap_dr_username_pass" { } -provider "netapp-ontap" { +#provider "netapp-ontap" { # A connection profile defines how to interface with an ONTAP cluster or svm. # At least one is required. - connection_profiles = [ - { - name = "primary_clus" - hostname = var.prime_hostname - username = jsondecode(data.aws_secretsmanager_secret_version.ontap_prime_username_pass.secret_string)["username"] - password = jsondecode(data.aws_secretsmanager_secret_version.ontap_prime_username_pass.secret_string)["password"] - validate_certs = var.validate_certs - }, - { - name = "dr_clus" - username = jsondecode(data.aws_secretsmanager_secret_version.ontap_dr_username_pass.secret_string)["username"] - password = jsondecode(data.aws_secretsmanager_secret_version.ontap_dr_username_pass.secret_string)["password"] - hostname = var.dr_hostname - validate_certs = var.validate_certs - }, - ] -} +# connection_profiles = [ +# { +# name = "primary_clus" +# hostname = var.prime_hostname +# username = jsondecode(data.aws_secretsmanager_secret_version.ontap_prime_username_pass.secret_string)["username"] +# password = jsondecode(data.aws_secretsmanager_secret_version.ontap_prime_username_pass.secret_string)["password"] +# validate_certs = var.validate_certs +# }, +# { +# name = "dr_clus" +# username = jsondecode(data.aws_secretsmanager_secret_version.ontap_dr_username_pass.secret_string)["username"] +# password = jsondecode(data.aws_secretsmanager_secret_version.ontap_dr_username_pass.secret_string)["password"] +# hostname = var.dr_hostname +# validate_certs = var.validate_certs +# }, +# ] +#} -data "netapp-ontap_storage_volume_data_source" "my_vol" { - for_each = toset(var.list_of_volumes_to_replicate) - cx_profile_name = "primary_clus" - svm_name = var.prime_svm - name = each.value -} +resource "aws_fsx_ontap_file_system" "terraform-fsxn" { + subnet_ids = var.dr_fsx_deploy_type == "MULTI_AZ_1" || var.dr_fsx_deploy_type == "MULTI_AZ_2" ? [var.dr_fsx_subnets["primarysub"], var.dr_fsx_subnets["secondarysub"]] : [var.dr_fsx_subnets["primarysub"]] + preferred_subnet_id = var.dr_fsx_subnets["primarysub"] + + storage_capacity = var.dr_fsx_capacity_size_gb + security_group_ids = var.create_sg ? [element(aws_security_group.fsx_sg[*].id, 0)] : var.security_group_ids + deployment_type = var.dr_fsx_deploy_type + throughput_capacity_per_ha_pair = var.dr_fsx_tput_in_MBps + ha_pairs = var.dr_ha_pairs + endpoint_ip_address_range = var.dr_endpoint_ip_address_range + route_table_ids = var.dr_route_table_ids + dynamic "disk_iops_configuration" { + for_each = length(var.dr_disk_iops_configuration) > 0 ? [var.dr_disk_iops_configuration] : [] -resource "netapp-ontap_storage_volume_resource" "example" { - cx_profile_name = "primary_clus" - name = "rvwn_vol1_tf" - svm_name = var.prime_svm - aggregates = [ - { - name = "aggr1" - }, - ] - space_guarantee = "none" - snapshot_policy = "default" - space = { - size = 100 - size_unit = "gb" - logical_space = { - enforcement = true - reporting = true + content { + iops = try(disk_iops_configuration.value.iops, null) + mode = try(disk_iops_configuration.value.mode, null) } } - tiering = { - policy_name = "auto" - } - nas = { - export_policy_name = "default" - security_style = "unix" - junction_path = "/rvwn_vol1_tf" - } -} \ No newline at end of file + + tags = merge(var.dr_tags, {Name = var.dr_fsx_name}) + weekly_maintenance_start_time = var.dr_maintenance_start_time + kms_key_id = var.dr_kms_key_id + automatic_backup_retention_days = var.dr_backup_retention_days + daily_automatic_backup_start_time = var.dr_backup_retention_days > 0 ? var.dr_daily_backup_start_time : null + fsx_admin_password = jsondecode(data.aws_secretsmanager_secret_version.ontap_dr_username_pass.secret_string)["password"] +} + +# Define a storage virtual machine. +resource "aws_fsx_ontap_storage_virtual_machine" "mysvm" { + file_system_id = aws_fsx_ontap_file_system.terraform-fsxn.id + name = var.dr_svm_name + root_volume_security_style = var.dr_root_vol_sec_style +} + +#data "netapp-ontap_storage_volume_data_source" "my_vol" { +# for_each = toset(var.list_of_volumes_to_replicate) +# cx_profile_name = "primary_clus" +# svm_name = var.prime_svm +# name = each.value +#} + +# resource "netapp-ontap_storage_volume_resource" "example" { +# cx_profile_name = "primary_clus" +# name = "rvwn_vol1_tf" +# svm_name = var.prime_svm +# aggregates = [ +# { +# name = "aggr1" +# }, +# ] +# space_guarantee = "none" +# snapshot_policy = "default" +# space = { +# size = 100 +# size_unit = "gb" +# logical_space = { +# enforcement = true +# reporting = true +# } +# } +# tiering = { +# policy_name = "auto" +# } +# nas = { +# export_policy_name = "default" +# security_style = "unix" +# junction_path = "/rvwn_vol1_tf" +# } +#} diff --git a/Terraform/fsxn-replicate/output.tf b/Terraform/fsxn-replicate/output.tf index ad54c9f..fdff0a4 100644 --- a/Terraform/fsxn-replicate/output.tf +++ b/Terraform/fsxn-replicate/output.tf @@ -1,10 +1,10 @@ -output "volume_details" { - value = { - for key, volume in data.netapp-ontap_storage_volume_data_source.my_vol : key => { - name = volume.name - type = volume.type - size = "${volume.space.size}${volume.space.size_unit}" - } - } - description = "Details of the volumes including name, type, size, and size unit" -} \ No newline at end of file +#output "volume_details" { +# value = { +# for key, volume in data.netapp-ontap_storage_volume_data_source.my_vol : key => { +# name = volume.name +# type = volume.type +# size = "${volume.space.size}${volume.space.size_unit}" +# } +# } +# description = "Details of the volumes including name, type, size, and size unit" +#} diff --git a/Terraform/fsxn-replicate/security_groups.tf b/Terraform/fsxn-replicate/security_groups.tf new file mode 100644 index 0000000..ccac53c --- /dev/null +++ b/Terraform/fsxn-replicate/security_groups.tf @@ -0,0 +1,269 @@ +/* + * The following defines a Security Group for FSx ONTAP that allows the required ports for NFS, CIFS, + * Kerberos, and iSCSI as well as SnapMirror. + * + * While you don't have to use this SG, one will need to be assigned to the FSx ONTAP file system, + * otherwise it won't be able to communicate with the clients. + * + * To not create the security group, set the variable create_sg to false in the variables.tf file. + * Will will also need to set the security_group_id to the ID of the security group you want to use + * in the variables.tf file. + * + */ + +resource "aws_security_group" "fsx_sg" { + description = "Allow FSx ONTAP required ports" + count = var.create_sg ? 1 : 0 + name_prefix = var.security_group_name_prefix + vpc_id = var.dr_vpc_id +} + +resource "aws_vpc_security_group_ingress_rule" "all_icmp" { + description = "Allow all ICMP traffic" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = -1 + to_port = -1 + ip_protocol = "icmp" +} + +resource "aws_vpc_security_group_ingress_rule" "nfs_tcp" { + description = "Remote procedure call for NFS" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 111 + to_port = 111 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "nfs_udp" { + description = "Remote procedure call for NFS" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 111 + to_port = 111 + ip_protocol = "udp" +} + +resource "aws_vpc_security_group_ingress_rule" "cifs" { + description = "NetBIOS service session for CIFS" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 139 + to_port = 139 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "snmp_tcp" { + description = "Simple network management protocol for log collection" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 161 + to_port = 162 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "snmp_udp" { + description = "Simple network management protocol for log collection" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 161 + to_port = 162 + ip_protocol = "udp" +} + +resource "aws_vpc_security_group_ingress_rule" "smb_cifs" { + description = "Microsoft SMB/CIFS over TCP with NetBIOS framing" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 445 + to_port = 445 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "nfs_mount_tcp" { + description = "NFS mount" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 635 + to_port = 635 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "kerberos" { + description = "Kerberos authentication" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 749 + to_port = 749 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "nfs_server_daemon" { + description = "NFS server daemon" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 2049 + to_port = 2049 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "nfs_server_daemon_udp" { + description = "NFS server daemon" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 2049 + to_port = 2049 + ip_protocol = "udp" +} + +resource "aws_vpc_security_group_ingress_rule" "nfs_lock_daemon" { + description = "NFS lock daemon" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 4045 + to_port = 4045 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "nfs_lock_daemon_udp" { + description = "NFS lock daemon" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 4045 + to_port = 4045 + ip_protocol = "udp" +} + +resource "aws_vpc_security_group_ingress_rule" "nfs_status_monitor" { + description = "Status monitor for NFS" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 4046 + to_port = 4046 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "nfs_status_monitor_udp" { + description = "Status monitor for NFS" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 4046 + to_port = 4046 + ip_protocol = "udp" +} + +resource "aws_vpc_security_group_ingress_rule" "nfs_rquotad" { + description = "Remote quota server for NFS" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 4049 + to_port = 4049 + ip_protocol = "udp" +} + +resource "aws_vpc_security_group_ingress_rule" "iscsi_tcp" { + description = "iSCSI" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 3260 + to_port = 3260 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "Snapmirror_Intercluster_communication" { + description = "Snapmirror Intercluster communication" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 11104 + to_port = 11104 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "Snapmirror_data_transfer" { + description = "Snapmirror data transfer" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 11105 + to_port = 11105 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "nfs_mount_udp" { + description = "NFS mount" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 635 + to_port = 635 + ip_protocol = "udp" +} + +resource "aws_vpc_security_group_ingress_rule" "ssh" { + description = "ssh" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 22 + to_port = 22 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_ingress_rule" "s3_and_api" { + description = "Provice acccess to S3 and the ONTAP REST API" + count = var.create_sg ? 1 : 0 + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = (var.cidr_for_sg != "" ? var.cidr_for_sg : null) + referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null) + from_port = 443 + to_port = 443 + ip_protocol = "tcp" +} + +resource "aws_vpc_security_group_egress_rule" "allow_all_traffic" { + count = var.create_sg ? 1 : 0 + description = "Allow all out bound traffic" + security_group_id = aws_security_group.fsx_sg[count.index].id + cidr_ipv4 = "0.0.0.0/0" + ip_protocol = "-1" +} diff --git a/Terraform/fsxn-replicate/variables.tf b/Terraform/fsxn-replicate/variables.tf index 04a8435..f0379d2 100644 --- a/Terraform/fsxn-replicate/variables.tf +++ b/Terraform/fsxn-replicate/variables.tf @@ -14,7 +14,7 @@ variable "prime_svm" { variable "secrets_aws_region" { description = "Region where the AWS secret for username/password reside" type = string - default = "us-west-2" + default = "us-east-2" } variable "username_pass_secrets_id" { @@ -29,6 +29,175 @@ variable "list_of_volumes_to_replicate" { default = ["cifs_share", "rvwn_from_bxp", "unix"] } +variable "dr_fsx_name" { + description = "The name to assign to the destination FSxN file system." + type = string + default = "terraform-dr-fsxn" +} + +variable "dr_fsx_deploy_type" { + description = "The file system deployment type. Supported values are 'MULTI_AZ_1', 'SINGLE_AZ_1', 'MULTI_AZ_2', and 'SINGLE_AZ_2'. MULTI_AZ_1 and SINGLE_AZ_1 are Gen 1. MULTI_AZ_2 and SINGLE_AZ_2 are Gen 2." + type = string + default = "SINGLE_AZ_1" + validation { + condition = contains(["MULTI_AZ_1", "SINGLE_AZ_1", "MULTI_AZ_2", "SINGLE_AZ_2"], var.dr_fsx_deploy_type) + error_message = "Invalid deployment type. Valid values are MULTI_AZ_1, SINGLE_AZ_1, MULTI_AZ_2 or SINGLE_AZ_2." + } +} + +variable "dr_fsx_subnets" { + description = "The primary subnet ID, and secondary subnet ID if you are deploying in a Multi AZ environment, file system will be accessible from. For MULTI_AZ deployment types both subnets are required. For SINGLE_AZ deployment type, only the primary subnet is used." + type = map(any) + default = { + "primarysub" = "subnet-0a64530a9c7afc84c" + "secondarysub" = "subnet-33333333" + } +} + +variable "dr_fsx_capacity_size_gb" { + description = "The storage capacity in GiBs of the FSxN file system. Valid values between 1024 (1 TiB) and 1048576 (1 PiB). Gen 1 deployment types are limited to 192 TiB. Gen 2 Multi AZ is limited to 512 TiB. Gen 2 Single AZ is limited to 1 PiB." + type = number + default = 1024 + validation { + condition = var.dr_fsx_capacity_size_gb >= 1024 && var.dr_fsx_capacity_size_gb <= 1048576 + error_message = "Invalid capacity size. Valid values are between 1024 (1TiB) and 1045876 (1 PiB)." + } +} + +variable "dr_fsx_tput_in_MBps" { + description = "The throughput capacity (in MBps) for the file system. Valid values are 128, 256, 512, 1024, 2048, and 4096 for Gen 1, and 384, 768, 1536, 3072 and 6144 for Gen 2." + type = string + default = "128" + validation { + condition = contains(["128", "256", "384", "512", "768", "1024", "1536", "2048", "3072", "4086", "6144"], var.dr_fsx_tput_in_MBps) + error_message = "Invalid throughput value. Valid values are 128, 256, 384, 512, 768, 1024, 1536, 2048, 3072, 4086, 6144." + } +} + +variable "dr_ha_pairs" { + description = "The number of HA pairs in the file system. Valid values are from 1 through 12. Only single AZ Gen 2 deployment type supports more than 1 HA pair." + type = number + default = 1 + validation { + condition = var.dr_ha_pairs >= 1 && var.dr_ha_pairs <= 12 + error_message = "Invalid number of HA pairs. Valid values are from 1 through 12." + } +} + +variable "dr_endpoint_ip_address_range" { + description = "The IP address range that the FSxN file system will be accessible from. This is only used for Multi AZ deployment types and must be left a null for Single AZ deployment types." + type = string + default = null +} + +variable "dr_route_table_ids" { + description = "An array of routing table IDs that will be modified to allow access to the FSxN file system. This is only used for Multi AZ deployment types and must be left as null for Single AZ deployment types." + type = list(string) + default = [] +} + +variable "dr_disk_iops_configuration" { + description = "The SSD IOPS configuration for the file system. Valid modes are 'AUTOMATIC' (3 iops per GB provisioned) or 'USER_PROVISIONED'. NOTE: Due to a bug in the AWS FSx provider, if you want AUTOMATIC, then leave this variable empty. If you want USER_PROVISIONED, then add a 'mode=USER_PROVISIONED' (with USER_PROVISIONED enclosed in double quotes) and 'iops=number' where number is between 1 and 160000." + type = map(any) + default = {} +} + +variable "dr_tags" { + description = "Tags to be applied to the FSxN file system. The format is '{Name1 = value, Name2 = value}' where value should be enclosed in double quotes." + type = map(any) + default = {} +} + +variable "dr_maintenance_start_time" { + description = "The preferred start time to perform weekly maintenance, in UTC time zone. The format is 'D:HH:MM' format. D is the day of the week, where 1=Monday and 7=Sunday." + type = string + default = "7:00:00" +} + +variable "dr_kms_key_id" { + description = "ARN for the KMS Key to encrypt the file system at rest. Defaults to an AWS managed KMS Key." + type = string + default = null +} + +variable "dr_backup_retention_days" { + description = "The number of days to retain automatic backups. Setting this to 0 disables automatic backups. You can retain automatic backups for a maximum of 90 days." + type = number + default = 0 + validation { + condition = var.dr_backup_retention_days >= 0 && var.dr_backup_retention_days <= 90 + error_message = "Invalid backup retention days. Valid values are between 0 and 90." + } +} + +variable "dr_daily_backup_start_time" { + description = "A recurring daily time, in the format HH:MM. HH is the zero-padded hour of the day (0-23), and MM is the zero-padded minute of the hour. Requires automatic_backup_retention_days to be set." + type = string + default = "00:00" +} + +variable "dr_svm_name" { + description = "The name of the Storage Virtual Machine" + type = string + default = "fsx-dr" +} + +variable "dr_root_vol_sec_style" { + description = "Specifies the root volume security style, Valid values are UNIX, NTFS, and MIXED (although MIXED is not recommended). All volumes created under this SVM will inherit the root security style unless the security style is specified on the volume." + type = string + default = "UNIX" +} + +/* + * These last set of variables have to do with a security group that can be optionally + * created. The security group will have all the ingress rules that will allow access + * to all the protocols that an FSxN supports (e.g. SMB, NFS, etc). See the security_groups.tf + * for more information. + * + * If you decide to create the security group, you can specify either the CIDR block to + * be used as the source to the ingress rules OR the ID of a security group to be used as + * the source to the ingress rules. You can't specify both. + * + * If you decide not to create the security group, you must set the security_group_id to + * the ID of the security group that you want to use. + * + */ +variable "create_sg" { + description = "Determines whether the Security Group should be created as part of this deployment or not." + type = bool + default = true +} + +variable "security_group_ids" { + description = "If you are not creating the security group, provide a list of IDs of security groups to be used." + type = list(string) + default = [] +} + +variable "security_group_name_prefix" { + description = "The prefix to the security group name that will be created." + type = string + default = "fsxn-sg" +} + +variable "cidr_for_sg" { + description = "The cidr block to be used for the created security ingress rules. Set to an empty string if you want to use the source_sg_id as the source." + type = string + default = "10.0.0.0/8" +} + +variable "source_sg_id" { + description = "The ID of the security group to allow access to the FSxN file system. Set to an empty string if you want to use the cidr_for_sg as the source." + type = string + default = "" +} + +variable "dr_vpc_id" { + description = "The VPC ID where the security group will be created." + type = string + default = "vpc-0684c5d22c4b48dd4" +} + variable "dr_username_pass_secrets_id" { description = "Name of secret ID in AWS secrets" type = string @@ -46,4 +215,4 @@ variable "validate_certs" { description = "Do we validate the cluster certs (true or false)" type = string default = "false" -} \ No newline at end of file +}