Tweaking NFS settings and enabling for UToronto on Azure

[GeorgianaElena]

This follows @sgibson91's lead and is a pair PR of #887

• Still needs to update hub config to use NFS

[sgibson91]

Good idea on the conditional for the account kind and tier

[GeorgianaElena]

Output of terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # azurerm_storage_account.homes must be replaced
-/+ resource "azurerm_storage_account" "homes" {
      ~ access_tier                      = "Hot" -> (known after apply)
      ~ account_kind                     = "StorageV2" -> "FileStorage" # forces replacement
      ~ account_tier                     = "Standard" -> "Premium" # forces replacement
      ~ id                               = "/subscriptions/ead3521a-d994-4a44-a68d-b16e35642d5b/resourceGroups/2i2c-utoronto-cluster/providers/Microsoft.Storage/storageAccounts/2i2cutorontohubstorage" -> (known after apply)
      + large_file_share_enabled         = (known after apply)
        name                             = "2i2cutorontohubstorage"
      ~ primary_access_key               = (sensitive value)
      ~ primary_blob_connection_string   = (sensitive value)
      ~ primary_blob_endpoint            = "https://2i2cutorontohubstorage.blob.core.windows.net/" -> (known after apply)
      ~ primary_blob_host                = "2i2cutorontohubstorage.blob.core.windows.net" -> (known after apply)
      ~ primary_connection_string        = (sensitive value)
      ~ primary_dfs_endpoint             = "https://2i2cutorontohubstorage.dfs.core.windows.net/" -> (known after apply)
      ~ primary_dfs_host                 = "2i2cutorontohubstorage.dfs.core.windows.net" -> (known after apply)
      ~ primary_file_endpoint            = "https://2i2cutorontohubstorage.file.core.windows.net/" -> (known after apply)
      ~ primary_file_host                = "2i2cutorontohubstorage.file.core.windows.net" -> (known after apply)
      ~ primary_location                 = "canadacentral" -> (known after apply)
      ~ primary_queue_endpoint           = "https://2i2cutorontohubstorage.queue.core.windows.net/" -> (known after apply)
      ~ primary_queue_host               = "2i2cutorontohubstorage.queue.core.windows.net" -> (known after apply)
      ~ primary_table_endpoint           = "https://2i2cutorontohubstorage.table.core.windows.net/" -> (known after apply)
      ~ primary_table_host               = "2i2cutorontohubstorage.table.core.windows.net" -> (known after apply)
      ~ primary_web_endpoint             = "https://2i2cutorontohubstorage.z9.web.core.windows.net/" -> (known after apply)
      ~ primary_web_host                 = "2i2cutorontohubstorage.z9.web.core.windows.net" -> (known after apply)
      ~ secondary_access_key             = (sensitive value)
      + secondary_blob_connection_string = (sensitive value)
      + secondary_blob_endpoint          = (known after apply)
      + secondary_blob_host              = (known after apply)
      ~ secondary_connection_string      = (sensitive value)
      + secondary_dfs_endpoint           = (known after apply)
      + secondary_dfs_host               = (known after apply)
      + secondary_file_endpoint          = (known after apply)
      + secondary_file_host              = (known after apply)
      + secondary_location               = (known after apply)
      + secondary_queue_endpoint         = (known after apply)
      + secondary_queue_host             = (known after apply)
      + secondary_table_endpoint         = (known after apply)
      + secondary_table_host             = (known after apply)
      + secondary_web_endpoint           = (known after apply)
      + secondary_web_host               = (known after apply)
      - tags                             = {} -> null
        # (11 unchanged attributes hidden)

      ~ blob_properties {
          ~ change_feed_enabled      = false -> (known after apply)
          + default_service_version  = (known after apply)
          ~ last_access_time_enabled = false -> (known after apply)
          ~ versioning_enabled       = false -> (known after apply)

          + container_delete_retention_policy {
              + days = (known after apply)
            }

          + cors_rule {
              + allowed_headers    = (known after apply)
              + allowed_methods    = (known after apply)
              + allowed_origins    = (known after apply)
              + exposed_headers    = (known after apply)
              + max_age_in_seconds = (known after apply)
            }

          + delete_retention_policy {
              + days = (known after apply)
            }
        }

      + identity {
          + identity_ids = (known after apply)
          + principal_id = (known after apply)
          + tenant_id    = (known after apply)
          + type         = (known after apply)
        }

      ~ network_rules {
          ~ bypass                     = [
              - "AzureServices",
            ] -> (known after apply)
          ~ default_action             = "Allow" -> (known after apply)
          ~ ip_rules                   = [] -> (known after apply)
          ~ virtual_network_subnet_ids = [] -> (known after apply)

          + private_link_access {
              + endpoint_resource_id = (known after apply)
              + endpoint_tenant_id   = (known after apply)
            }
        }

      ~ queue_properties {
          + cors_rule {
              + allowed_headers    = (known after apply)
              + allowed_methods    = (known after apply)
              + allowed_origins    = (known after apply)
              + exposed_headers    = (known after apply)
              + max_age_in_seconds = (known after apply)
            }

          ~ hour_metrics {
              ~ enabled               = true -> (known after apply)
              ~ include_apis          = true -> (known after apply)
              ~ retention_policy_days = 7 -> (known after apply)
              ~ version               = "1.0" -> (known after apply)
            }

          ~ logging {
              ~ delete                = false -> (known after apply)
              ~ read                  = false -> (known after apply)
              ~ retention_policy_days = 0 -> (known after apply)
              ~ version               = "1.0" -> (known after apply)
              ~ write                 = false -> (known after apply)
            }

          ~ minute_metrics {
              ~ enabled               = false -> (known after apply)
              ~ include_apis          = false -> (known after apply)
              ~ retention_policy_days = 0 -> (known after apply)
              ~ version               = "1.0" -> (known after apply)
            }
        }

      + routing {
          + choice                      = (known after apply)
          + publish_internet_endpoints  = (known after apply)
          + publish_microsoft_endpoints = (known after apply)
        }

      ~ share_properties {
          + cors_rule {
              + allowed_headers    = (known after apply)
              + allowed_methods    = (known after apply)
              + allowed_origins    = (known after apply)
              + exposed_headers    = (known after apply)
              + max_age_in_seconds = (known after apply)
            }

          ~ retention_policy {
              ~ days = 7 -> (known after apply)
            }

          + smb {
              + authentication_types            = (known after apply)
              + channel_encryption_type         = (known after apply)
              + kerberos_ticket_encryption_type = (known after apply)
              + versions                        = (known after apply)
            }
        }
    }

  # azurerm_storage_share.homes must be replaced
-/+ resource "azurerm_storage_share" "homes" {
      ~ enabled_protocol     = "SMB" -> "NFS" # forces replacement
      ~ id                   = "https://2i2cutorontohubstorage.file.core.windows.net/homes" -> (known after apply)
      ~ metadata             = {} -> (known after apply)
        name                 = "homes"
      ~ resource_manager_id  = "/subscriptions/ead3521a-d994-4a44-a68d-b16e35642d5b/resourceGroups/2i2c-utoronto-cluster/providers/Microsoft.Storage/storageAccounts/2i2cutorontohubstorage/fileServices/default/fileshares/homes" -> (known after apply)
      ~ url                  = "https://2i2cutorontohubstorage.file.core.windows.net/homes" -> (known after apply)
        # (2 unchanged attributes hidden)
    }

  # kubernetes_secret.homes will be updated in-place
  ~ resource "kubernetes_secret" "homes" {
      ~ data      = (sensitive value)
        id        = "azure-file/access-credentials"
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 2 to add, 1 to change, 2 to destroy.

Changes to Outputs:
  + azure_fileshare_url = (known after apply)

[sgibson91]

Green light to apply and merge @GeorgianaElena!

[GeorgianaElena]

Thanks @sgibson91! I've applied the changes and got the URL of the nfs share!
I will try a manual deploy of the hub too. But I should expect this to fail, right?

Yep, it failed in the same way!

[sgibson91]

Thanks @GeorgianaElena! At least @yuvipanda isn't blocked by me being too lazy to get up in the morning 😁

[yuvipanda]

I've cherry-picked this and a few other config changes into sgibson91#94, which is a PR on top of #887. I'll close this one for now?