Skip to main content
Pure Technical Services

Using Terraform to Deploy Cloud Block Store in Azure

Currently viewing public documentation. Please login to access the full scope of documentation.

Introduction

This document demonstrates the steps required to deploy Cloud Block Store in Azure using Terraform. 

Requirements

Azure Prerequisites

A number of mandatory resources have to be checked and configured prior to deployment, please refer to the Cloud Block Store Deployment and Configuration Guide for Azure for more details on the following high-level steps: 

  • Have an Azure Active Directory Premium 2 license 
  • Set the appropriate User IAM roles and permissions 
  • Networking - Internet access using NAT GW or Azure Firewall 
  • Networking - service endpoint (CosmosDB and KeyVault) attached to the designated subnet
  • Cloud Block Store license key 

Terraform Prerequisites

Install Terraform

Download and install  the appropriate Terraform package for your operating system and hardware architecture via the link below:

https://www.terraform.io/downloads.html

Download Cloud Block Store Terraform provider files Edit section

Create a new directory for the Terraform deployment, and copy or download Terraform provider sample for CBS Azure (Three files shown on the screenshot)from the below link: 

https://github.com/PureStorage-OpenConnect/terraform-provider-cbs/tree/main/examples/azure_array

 

clipboard_e8c378d7aaf3e3450c8bb50583f29d2e9.png

Authentication Azure

There are two ways to authenticate to an Azure account:

1. Azure CLI

Download and install the latest version of the Azure CLI tool via the link below: 

https://docs.microsoft.com/en-us/cli/azure/install-azure-cli

For authentication, log in to the Azure CLI:

az login

And list the Subscriptions associated with the account:

az account list

if the user logging in has more than one Subscription. Specify the Subscription to be the default:

az account set --subscription="SUBSCRIPTION_ID"

2.Azure Service Principal

Terraform can be authenticated with a Service Principal in the provider configuration under main.tf file by adding the following:

provider "cbs" {
    azure {
        client_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        client_secret = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        subscription_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        tenant_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    }
}

Deployment

By navigating to the downloaded Terraform sample, use any text editor to edit the terraform.tfvars file and fill the prerequisites. An example screenshot is provided below for additional guidance.

 

clipboard_e7b76143915d608fc8a51183cee4e71f3.png

Variables Reference:

  1. array_name (Required) - Name of the array, and the name of the managed application.
  2. location (Required) - Azure location in which to deploy the array.
  3. resource_group_name (Required) - Name of the resource group in which to deploy the managed application.
  4. license_key (Required) - Pure Storage-provided license key.
  5. log_sender_domain (Required) - Domain name used to determine how CBS logs are parsed and treated by Pure Storage Support and Escalations.
  6. alert_recipients (Optional) - List of email addresses to receive alerts.
  7. array_model (Required) - CBS array size to launch. The possible values are V10MUR1 or V20MUR1.
  8. zone (Required) - The Availability Zone within the deployment location.
  9. virtual_network (Required) - Virtual network that contains the network interfaces of the array.
  10. management_subnet (Required) - Subnet containing the management interfaces on the array.
  11. system_subnet (Required) - Subnet for the system interface of the Array.
  12. iscsi_subnet (Required) - Subnet containing the iSCSI interfaces on the array.
  13. replication_subnet (Required) - Subnet containing the replication interfaces on the array.
  14. management_resource_group (Required) - Resource Group containing the Management Network Resources on the array.
  15. system_resource_group (Required) - Resource group name for the virtual network containing the system interfaces.
  16. iscsi_resource_group (Required) - The Resource Group containing the iSCSI Virtual Network.
  17. replication_resource_group (Required) - The Resource Group containing the Replication Virtual Network.
  18. groups (Required) - A list of Azure Active Directory groups that enable their users to approve JIT access requests.

Save the changes to the file, and open a terminal window and navigate to the Terraform deployment directory that has been created, and Run terraform init command to initialize the working directory.

clipboard_e97cee94ee240f7f2ac8a737579382c3a.png

Next, Run the terraform plan command to create the execution plan.

clipboard_ed48cd6566c44f809a4942dbcfc393942.png

 

Finally, Run the terraform apply command to execute the plan and start deploying.

clipboard_e1d61e176b01e9a162eeb00cc78a88eda.png

The Cloud Block Store deployment process takes around 10 to 15 minutes. Go to Azure Managed Applications, A new managed application should be created and in the deployment state.

clipboard_e34a71ca712634ceef062ccafd4e0b091.png

Once the terraform apply command is complete, Run terraform show command to list the output information of the CBS deployment stack. This includes the management IP address that is used to log into the CBS.

clipboard_e086036a5cda71a87907a3b4cc69ba0f2.png

More information can be found by logging to Azure console and navigating to Managed Application, then under the tab Parameters and Output. The Management IP address used to log in CBS is addressed as FloatingManagementIP.

clipboard_eaaf9395e12514c43136f3d1277f589c0.png

Use the Management IP address to log into GUI Management Console via any browser. To access the CBS instance via CLI, refer to Logging onto CBS via CLI section in the Deployment and Configuration Guide.

 

clipboard_e4ebd03179792e6e8529155ea4fb94583.png

Do not use the terraform destroy command to destroy Cloud Block Store instance deployed via Terraform. Please refer to Removing Cloud Block Store section in the Deployment and Configuration Guide and follow the instructions.