From 6bcebb62facd29581a4a180ae892827762706e40 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 15 Aug 2024 10:50:35 +0100 Subject: [PATCH 1/2] Fix deprecation warning by using new variable name --- terraform/azure/storage.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/azure/storage.tf b/terraform/azure/storage.tf index 4bfe7f8e9..66c26ef69 100644 --- a/terraform/azure/storage.tf +++ b/terraform/azure/storage.tf @@ -8,7 +8,7 @@ resource "azurerm_storage_account" "homes" { # Disable 'secure link' because we only want to use NFS # see https://docs.microsoft.com/en-us/azure/storage/files/storage-files-how-to-mount-nfs-shares#disable-secure-transfer - enable_https_traffic_only = false + https_traffic_only_enabled = false network_rules { # Allow NFS access only from our nodes, deny access from all other networks From 58e5a161b300d9ce17c23e76546725c3c830b25a Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 15 Aug 2024 10:51:36 +0100 Subject: [PATCH 2/2] Do not enable cross tenant replication I think the default value for this changed in a version update and I'm not sure if it's something we want or not --- terraform/azure/storage.tf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/terraform/azure/storage.tf b/terraform/azure/storage.tf index 66c26ef69..f92771567 100644 --- a/terraform/azure/storage.tf +++ b/terraform/azure/storage.tf @@ -6,6 +6,8 @@ resource "azurerm_storage_account" "homes" { account_kind = "FileStorage" account_replication_type = "LRS" + cross_tenant_replication_enabled = false + # Disable 'secure link' because we only want to use NFS # see https://docs.microsoft.com/en-us/azure/storage/files/storage-files-how-to-mount-nfs-shares#disable-secure-transfer https_traffic_only_enabled = false @@ -48,6 +50,12 @@ resource "azurerm_recovery_services_vault" "homedir_recovery_vault" { sku = "Standard" } +resource "azurerm_backup_container_storage_account" "protection_container" { + resource_group_name = azurerm_resource_group.jupyterhub.name + recovery_vault_name = azurerm_recovery_services_vault.homedir_recovery_vault.name + storage_account_id = azurerm_storage_account.homes.id +} + resource "azurerm_backup_policy_file_share" "backup_policy" { name = "homedir-recovery-vault-policy" resource_group_name = azurerm_resource_group.jupyterhub.name @@ -64,3 +72,12 @@ resource "azurerm_backup_policy_file_share" "backup_policy" { count = 5 } } + +resource "azurerm_backup_protected_file_share" "homes_share" { + resource_group_name = azurerm_resource_group.jupyterhub.name + recovery_vault_name = azurerm_recovery_services_vault.homedir_recovery_vault.name + source_storage_account_id = azurerm_backup_container_storage_account.protection_container.storage_account_id + source_file_share_name = azurerm_storage_share.homes.name + backup_policy_id = azurerm_backup_policy_file_share.backup_policy.id + depends_on = [azurerm_backup_container_storage_account.protection_container] +}