all: update nfs tf module

sean-freeman · sean-freeman · commit 2d06c5e64f23 · 2025-06-15T00:26:19.000+01:00
diff --git a/aws_ec2_instance/host_nfs/host_file_storage.tf b/aws_ec2_instance/host_nfs/host_file_storage.tf
@@ -1,6 +1,5 @@
 
 resource "aws_efs_file_system" "file_storage_sapmnt" {
-  count = var.module_var_nfs_boolean_sapmnt ? 1 : 0
   creation_token = "${var.module_var_resource_prefix}-nfs-sapmnt"
 
   tags = {
@@ -19,20 +18,46 @@ resource "aws_efs_file_system" "file_storage_sapmnt" {
 }
 
 resource "aws_efs_mount_target" "file_storage_attach_sapmnt" {
-  count = var.module_var_nfs_boolean_sapmnt ? 1 : 0
-
-  file_system_id  = aws_efs_file_system.file_storage_sapmnt[0].id
+  file_system_id  = aws_efs_file_system.file_storage_sapmnt.id
   subnet_id       = var.module_var_aws_vpc_subnet_id
   security_groups = [var.module_var_host_sg_id]
 }
 
-resource "aws_efs_access_point" "file_storage_shared_mount_point" {
-  count = var.module_var_nfs_boolean_sapmnt ? 1 : 0
+resource "aws_efs_access_point" "file_storage_shared_mount_point_sapmnt" {
+  file_system_id = aws_efs_file_system.file_storage_sapmnt.id
+  root_directory {
+    path = "/"
+  }
+}
+
 
-  file_system_id = aws_efs_file_system.file_storage_sapmnt[0].id
+resource "aws_efs_file_system" "file_storage_transport" {
+  creation_token = "${var.module_var_resource_prefix}-nfs-trans"
 
+  tags = {
+    Name = "${var.module_var_resource_prefix}-nfs-trans"
+  }
+
+  availability_zone_name = local.target_vpc_availability_zone # One Zone storage class
+  encrypted = true
+  performance_mode = "generalPurpose"
+  throughput_mode = "bursting"
+
+#  lifecycle_policy {
+#    transition_to_ia = "AFTER_90_DAYS"
+#  }
+
+}
+
+resource "aws_efs_mount_target" "file_storage_attach_transport" {
+  file_system_id  = aws_efs_file_system.file_storage_transport.id
+  subnet_id       = var.module_var_aws_vpc_subnet_id
+  security_groups = [var.module_var_host_sg_id]
+}
+
+resource "aws_efs_access_point" "file_storage_shared_mount_point_transport" {
+  file_system_id = aws_efs_file_system.file_storage_transport.id
   root_directory {
     path = "/"
   }
-
 }
diff --git a/aws_ec2_instance/host_nfs/module_outputs.tf b/aws_ec2_instance/host_nfs/module_outputs.tf
@@ -1,4 +1,8 @@
 
-output "output_nfs_fqdn" {
-  value = try(aws_efs_mount_target.file_storage_attach_sapmnt[0].mount_target_dns_name,"")
+output "output_nfs_fqdn_sapmnt" {
+  value = try(aws_efs_mount_target.file_storage_attach_sapmnt.mount_target_dns_name,"")
+}
+
+output "output_nfs_fqdn_transport" {
+  value = try(aws_efs_mount_target.file_storage_attach_transport.mount_target_dns_name,"")
 }
diff --git a/aws_ec2_instance/host_nfs/module_variables.tf b/aws_ec2_instance/host_nfs/module_variables.tf
@@ -3,6 +3,4 @@ variable "module_var_resource_prefix" {}
 
 variable "module_var_aws_vpc_subnet_id" {}
 
-variable "module_var_nfs_boolean_sapmnt" {}
-
 variable "module_var_host_sg_id" {}
diff --git a/gcp_ce_vm/host_nfs/host_file_storage.tf b/gcp_ce_vm/host_nfs/host_file_storage.tf
@@ -22,3 +22,28 @@ resource "google_filestore_instance" "file_storage_sapmnt" {
   }
 
 }
+
+
+resource "google_filestore_instance" "file_storage_transport" {
+  name            = "${var.module_var_resource_prefix}-trans"  // Letters, Numbers, Hyphens only
+  location        = var.module_var_gcp_region_zone
+  tier            = "BASIC_HDD" // "BASIC_SSD"
+
+  file_shares {
+    name          = "${var.module_var_resource_prefix}_trans_share"  // Letters, Numbers, Underscores only
+    capacity_gb   = 2048 // 2560  // Minimum GB capacity for the Basic SSD if 2,560GB
+
+    nfs_export_options {
+      ip_ranges   = ["${local.target_vpc_subnet_range}"]
+      access_mode = "READ_WRITE"
+      squash_mode = "NO_ROOT_SQUASH"
+    }
+  }
+
+  networks {
+    network      = basename(local.target_vpc_id)
+    modes        = ["MODE_IPV4"]
+    connect_mode = "DIRECT_PEERING" # DIRECT_PEERING or PRIVATE_SERVICE_ACCESS
+  }
+
+}
diff --git a/gcp_ce_vm/host_nfs/module_outputs.tf b/gcp_ce_vm/host_nfs/module_outputs.tf
@@ -1,5 +1,9 @@
 
 # NFS Mount Point
-output "output_nfs_fqdn" {
+output "output_nfs_fqdn_sapmnt" {
   value = "${google_filestore_instance.file_storage_sapmnt.networks[0].ip_addresses[0]}:/${google_filestore_instance.file_storage_sapmnt.file_shares[0].name}"
 }
+
+output "output_nfs_fqdn_transport" {
+  value = "${google_filestore_instance.file_storage_transport.networks[0].ip_addresses[0]}:/${google_filestore_instance.file_storage_sapmnt.file_shares[0].name}"
+}
diff --git a/gcp_ce_vm/host_nfs/module_variables.tf b/gcp_ce_vm/host_nfs/module_variables.tf
@@ -4,5 +4,3 @@ variable "module_var_resource_prefix" {}
 variable "module_var_gcp_region_zone" {}
 
 variable "module_var_gcp_vpc_subnet_name" {}
-
-variable "module_var_nfs_boolean_sapmnt" {}
diff --git a/ibmcloud_vs/host_nfs/host_file_storage.tf b/ibmcloud_vs/host_nfs/host_file_storage.tf
@@ -1,19 +1,43 @@
 
 resource "ibm_is_share" "file_storage_sapmnt" {
-  count = var.module_var_nfs_boolean_sapmnt ? 1 : 0
   name = "${var.module_var_resource_prefix}-nfs-sapmnt"
+  resource_group = var.module_var_resource_group_id
 
+  access_control_mode = "vpc"
   zone = local.target_vpc_availability_zone
-
   size = 2048
   profile = "dp2"
 
+  lifecycle {
+    ignore_changes = [ allowed_transit_encryption_modes ]
+  }
 }
 
 resource "ibm_is_share_mount_target" "file_storage_attach_sapmnt" {
-  count = var.module_var_nfs_boolean_sapmnt ? 1 : 0
   name = "${var.module_var_resource_prefix}-nfs-sapmnt-attach"
 
-  share = ibm_is_share.file_storage_sapmnt[0].id
+  share = ibm_is_share.file_storage_sapmnt.id
+  vpc   = local.target_vpc_id
+}
+
+
+resource "ibm_is_share" "file_storage_transport" {
+  name = "${var.module_var_resource_prefix}-nfs-trans"
+  resource_group = var.module_var_resource_group_id
+
+  access_control_mode = "vpc"
+  zone = local.target_vpc_availability_zone
+  size = 2048
+  profile = "dp2"
+
+  lifecycle {
+    ignore_changes = [ allowed_transit_encryption_modes ]
+  }
+}
+
+resource "ibm_is_share_mount_target" "file_storage_attach_transport" {
+  name = "${var.module_var_resource_prefix}-nfs-trans-attach"
+
+  share = ibm_is_share.file_storage_transport.id
   vpc   = local.target_vpc_id
 }
diff --git a/ibmcloud_vs/host_nfs/module_outputs.tf b/ibmcloud_vs/host_nfs/module_outputs.tf
@@ -1,5 +1,9 @@
 
 # Mount path
-output "output_nfs_fqdn" {
-  value = try(ibm_is_share_mount_target.file_storage_attach_sapmnt[0].mount_path,"")
+output "output_nfs_fqdn_sapmnt" {
+  value = try(ibm_is_share_mount_target.file_storage_attach_sapmnt.mount_path,"")
+}
+
+output "output_nfs_fqdn_transport" {
+  value = try(ibm_is_share_mount_target.file_storage_attach_transport.mount_path,"")
 }
diff --git a/ibmcloud_vs/host_nfs/module_variables.tf b/ibmcloud_vs/host_nfs/module_variables.tf
@@ -5,4 +5,4 @@ variable "module_var_ibmcloud_vpc_subnet_name" {}
 
 variable "module_var_host_security_group_id" {}
 
-variable "module_var_nfs_boolean_sapmnt" {}
+variable "module_var_resource_group_id" {}
diff --git a/msazure_vm/host_nfs/host_file_storage_azapi_secured.tf b/msazure_vm/host_nfs/host_file_storage_azapi_secured.tf
@@ -17,8 +17,6 @@ data "azurerm_resource_group" "id_lookup" {
 
 # https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts?pivots=deployment-language-terraform
 resource "azapi_resource" "storage_account_sap" {
-  count = var.module_var_nfs_boolean_sapmnt ? 1 : 0
-
   type = "Microsoft.Storage/storageAccounts@2022-05-01"
   name = "${var.module_var_resource_prefix}stgacc${random_string.random_suffix.result}"
   location = var.module_var_az_location_region
@@ -75,11 +73,24 @@ resource "azapi_resource" "storage_account_sap" {
 
 # https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts/fileservices/shares?pivots=deployment-language-terraform
 resource "azapi_resource" "file_storage_sapmnt" {
-  count = var.module_var_nfs_boolean_sapmnt ? 1 : 0
+  type = "Microsoft.Storage/storageAccounts/fileServices/shares@2022-05-01"
+  name = "${var.module_var_resource_prefix}nfssapmnt"
+  parent_id = "${azapi_resource.storage_account_sap.id}/fileServices/default"
+  body = {
+    properties = {
+      accessTier = "Premium"
+      enabledProtocols = "NFS"
+      shareQuota = 2048  // Maximum GB capacity of NFS
+#      metadata = {}
+#      rootSquash = "string"
+    }
+  }
+}
 
+resource "azapi_resource" "file_storage_transport" {
   type = "Microsoft.Storage/storageAccounts/fileServices/shares@2022-05-01"
-  name = "${var.module_var_resource_prefix}nfs"
-  parent_id = "${azapi_resource.storage_account_sap[0].id}/fileServices/default"
+  name = "${var.module_var_resource_prefix}nfstrans"
+  parent_id = "${azapi_resource.storage_account_sap.id}/fileServices/default"
   body = {
     properties = {
       accessTier = "Premium"
@@ -102,12 +113,12 @@ resource "azapi_resource" "file_storage_sapmnt" {
 #data "azapi_resource" "data_storage_account_file_service" {
 #  type       = "Microsoft.Storage/storageAccounts/fileServices@2022-05-01"
 #  name       = "default"
-#  parent_id  = "${azapi_resource.storage_account_sap[0].id}"
+#  parent_id  = "${azapi_resource.storage_account_sap.id}"
 #}
 
 #data "azapi_resource" "data_storage_account_file_service_shares" {
 #  type       = "Microsoft.Storage/storageAccounts/fileServices/shares@2022-05-01"
 #  name       = azapi_resource.file_storage_sapmnt.name
-#  parent_id  = "${azapi_resource.storage_account_sap[0].id}/fileServices/default"
+#  parent_id  = "${azapi_resource.storage_account_sap.id}/fileServices/default"
 #}
 
diff --git a/msazure_vm/host_nfs/host_file_storage_azurerm_insecure.txt b/msazure_vm/host_nfs/host_file_storage_azurerm_insecure.txt
@@ -26,7 +26,6 @@ locals {
 # Create Azure Storage Account for File Storage
 
 resource "azurerm_storage_account" "storage_account_sap" {
-  count = var.module_var_nfs_boolean_sapmnt ? 1 : 0
 
   name                     = "${var.module_var_resource_prefix}stgacc1${random_string.random_suffix1.result}"
   resource_group_name      = var.module_var_az_resource_group_name
@@ -71,9 +70,8 @@ resource "azurerm_storage_account" "storage_account_sap" {
 ## Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation"
 
 resource "azurerm_storage_share" "file_storage_sapmnt" {
-  count = var.module_var_nfs_boolean_sapmnt ? 1 : 0
 
-  storage_account_name     = azurerm_storage_account.storage_account_sap[0].name
+  storage_account_name     = azurerm_storage_account.storage_account_sap.name
   name                     = "${var.module_var_resource_prefix}nfs1"
   access_tier              = "Premium"
   enabled_protocol         = "NFS"
diff --git a/msazure_vm/host_nfs/host_file_storage_private_endpoint.tf b/msazure_vm/host_nfs/host_file_storage_private_endpoint.tf
@@ -1,15 +1,14 @@
 
 # Create Azure Storage Account Private Endpoint connection
 resource "azurerm_private_endpoint" "endpoint" {
-  count = var.module_var_nfs_boolean_sapmnt ? 1 : 0
   name                = "${var.module_var_resource_prefix}stgacc${random_string.random_suffix.result}-private-endpoint"
   resource_group_name = var.module_var_az_resource_group_name
   location            = var.module_var_az_location_region
   subnet_id           = local.target_vnet_subnet_id
 
   private_service_connection {
     name                           = "${var.module_var_resource_prefix}stgacc${random_string.random_suffix.result}-private-service-connection"
-    private_connection_resource_id = azapi_resource.storage_account_sap[0].id
+    private_connection_resource_id = azapi_resource.storage_account_sap.id
     is_manual_connection           = false
     subresource_names              = ["file"]
   }
@@ -25,10 +24,9 @@ resource "azurerm_private_endpoint" "endpoint" {
 # Create DNS A Records
 # This is alternative to creating the default private endpoint with a new Private DNS Zone 'privatelink.file.core.windows.net'
 resource "azurerm_private_dns_a_record" "dns_a_record_short" {
-  count = var.module_var_nfs_boolean_sapmnt ? 1 : 0
   name                = "${var.module_var_resource_prefix}stgacc${random_string.random_suffix.result}"
   resource_group_name = var.module_var_az_resource_group_name
   zone_name           = var.module_var_dns_zone_name
   ttl                 = 1000
-  records             = [azurerm_private_endpoint.endpoint[0].private_service_connection.0.private_ip_address]
+  records             = [azurerm_private_endpoint.endpoint.private_service_connection.0.private_ip_address]
 }
diff --git a/msazure_vm/host_nfs/module_outputs.tf b/msazure_vm/host_nfs/module_outputs.tf
@@ -1,16 +1,20 @@
 
 #output "output_nfs_fqdn" {
-#  value = azurerm_storage_share.file_storage_sapmnt[0].url
+#  value = azurerm_storage_share.file_storage_sapmnt.url
 #}
 
 #output "output_nfs_fqdn_default_public" {
-#  value = "${azapi_resource.storage_account_sap[0].name}.file.core.windows.net:/${azapi_resource.storage_account_sap[0].name}/${azapi_resource.file_storage_sapmnt[0].name}"
+#  value = "${azapi_resource.storage_account_sap.name}.file.core.windows.net:/${azapi_resource.storage_account_sap.name}/${azapi_resource.file_storage_sapmnt.name}"
 #}
 
 #output "output_nfs_fqdn_default_private" {
-#  value = "${azapi_resource.storage_account_sap[0].name}.privatelink.file.core.windows.net:/${azapi_resource.storage_account_sap[0].name}/${azapi_resource.file_storage_sapmnt[0].name}"
+#  value = "${azapi_resource.storage_account_sap.name}.privatelink.file.core.windows.net:/${azapi_resource.storage_account_sap.name}/${azapi_resource.file_storage_sapmnt.name}"
 #}
 
-output "output_nfs_fqdn" {
-  value = try("${azurerm_private_dns_a_record.dns_a_record_short[0].fqdn}:/${azapi_resource.storage_account_sap[0].name}/${azapi_resource.file_storage_sapmnt[0].name}","")
+output "output_nfs_fqdn_sapmnt" {
+  value = try("${azurerm_private_dns_a_record.dns_a_record_short.fqdn}:/${azapi_resource.storage_account_sap.name}/${azapi_resource.file_storage_sapmnt.name}","")
+}
+
+output "output_nfs_fqdn_transport" {
+  value = try("${azurerm_private_dns_a_record.dns_a_record_short.fqdn}:/${azapi_resource.storage_account_sap.name}/${azapi_resource.file_storage_transport.name}","")
 }
diff --git a/msazure_vm/host_nfs/module_variables.tf b/msazure_vm/host_nfs/module_variables.tf
@@ -13,6 +13,4 @@ variable "module_var_az_vnet_subnet_name" {}
 
 variable "module_var_host_security_group_name" {}
 
-variable "module_var_nfs_boolean_sapmnt" {}
-
 variable "module_var_dns_zone_name" {}

Original file line number	Diff line number	Diff line change
`@@ -5,4 +5,4 @@ variable "module_var_ibmcloud_vpc_subnet_name" {}`
`5`	`5`
`6`	`6`	`variable "module_var_host_security_group_id" {}`
`7`	`7`
`8`		`-variable "module_var_nfs_boolean_sapmnt" {}`
	`8`	`+variable "module_var_resource_group_id" {}`