Azure - Why are my fileshares not mounting to my aci?

pieterjangoeman
August 23, 2023
195 views
0 votes
2 Answers

I’ve got a deployment to do in azure, using terraform. I’m trying to couple some file shares to an Azure Container Instance, but it doesn’t seem to work well.

I’m using following pieces of code:

resource "azurerm_storage_account" "file_share_storage_account" {
    name                     = "st${var.lztri}${substr(var.st_file_share.name, 0, 3)}${var.env}${var.loc}${var.stage}01"
    resource_group_name      = azurerm_resource_group.storage_rg.name
    location                 = var.location

    account_replication_type = var.st_file_share.account_replication_type
    account_kind             = var.st_file_share.account_kind
    access_tier              = var.st_file_share.access_tier

    enable_https_traffic_only       = var.st_file_share.enable_https_traffic_only
    min_tls_version                  = var.st_file_share.min_tls_version

    is_hns_enabled                  = var.st_file_share.is_hns_enabled  // must be true for ADLS Gen2
    account_tier                    = var.st_file_share.account_tier    // must be Standard for HNS enabled

  public_network_access_enabled   = true
  default_to_oauth_authentication = true

  dynamic "network_rules" {
    for_each = local.st_net_rules
    content {
      default_action             = network_rules.value.default_action
      bypass                     = network_rules.value.bypass
      ip_rules                   = network_rules.value.ip_rules
      virtual_network_subnet_ids = network_rules.value.virtual_network_subnet_ids
    }
  }

  tags = merge(local.mandatory_tags, {  })
  lifecycle { ignore_changes = [tags] }
}

/*   resource "azurerm_role_assignment" "st_role_assignment" {
  for_each           = var.st_file_share
  scope              = azurerm_storage_account.file_share_storage_account[each.key].id
  role_definition_name = "Storage Blob Data Contributor"
  principal_id       =  data.azurerm_client_config.client_config.object_id
}  */

resource "azurerm_role_assignment" "st_role_assignment" {
  for_each           = toset(["Storage Blob Data Contributor"])
  scope              = azurerm_storage_account.file_share_storage_account.id
  role_definition_name = each.key
  principal_id       =  data.azurerm_client_config.client_config.object_id
}

resource "azurerm_storage_share" "file_share" {
  for_each             = { for each in var.shares_config : each.share_name => each }
  name                 = each.value.share_name
  quota                = each.value.quota_gb
  storage_account_name = azurerm_storage_account.file_share_storage_account.name
}

resource "azurerm_container_group" "containergroup" {
  name                = "ci-${var.lztri}-sonarqube-${var.env}-${var.loc}${var.stage != "" ? "-" : ""}${var.stage}-01"
  location            = var.location
  resource_group_name = azurerm_resource_group.sonarqube_rg.name
  ip_address_type     = var.ci_sonarqube_ip_address_type
  os_type             = var.ci_sonarqube_os_type
 
  container {
    name   = var.ci_sonarqube_container_name
    image  = var.ci_sonarqube_image_name
    cpu    = var.ci_sonarqube_cpu_core_number
    memory = var.ci_sonarqube_memory_size

    ports {
        port     = var.ci_sonarqube_ports
        protocol = var.ci_sonarqube_protocol
      }

    dynamic "volume" {
      for_each = var.shares_config
      content {
        name                 = volume.value.share_name
        mount_path           = "/opt/sonarqube/${volume.value.share_name}"
        share_name           = volume.value.share_name
        storage_account_name = azurerm_storage_account.file_share_storage_account.name
        storage_account_key  = azurerm_storage_account.file_share_storage_account.primary_access_key
      }
    }
  }

  timeouts {
    create = "2h"
    delete = "15m"
  }
}

I’m always getting following error:

polling after ContainerGroupsCreateOrUpdate: Code="Failed" Message="The async operation failed." AdditionalInfo=[{"error":{"message":"Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Failed to mount Azure File Volume.;Subscription deployment didn’t reach a successful provisioning state after ’00:30:00′."}

Strange that the error is repeated this amount of times, there’s only 4 shares…

Answers

Chosen as BEST ANSWER
- pieterjangoeman
- August 23, 2023 at 8:19 am
- 0 votes
0
In the end, it seemed that the networking part of the storage account was to closed down, the container couldn't connect to it.

(Edit)

I’m trying to couple some file shares to an Azure Container Instance, but it doesn’t seem to work well.

Here is the updated code to create multiple Azure File shares and mount the same to a Container Instance

provider "azurerm" {
  features {}
}
data "azurerm_client_config" "current" {
}
resource "azurerm_storage_account" "storage" {
  name                      = "venkatstoragetest"
  resource_group_name       = var.resource_group_name
  location                  = var.location
  account_kind              = var.account_kind
  account_tier              = var.account_tier
  account_replication_type  = var.account_replication_type
  access_tier               = var.access_tier
  enable_https_traffic_only = true
  min_tls_version           = var.min_tls_version

  blob_properties {
    delete_retention_policy {
      days = var.soft_delete_retention
    }
    dynamic "cors_rule" {
      for_each = var.cors_rule
      content {
        allowed_origins    = cors_rule.value.allowed_origins
        allowed_methods    = cors_rule.value.allowed_methods
        allowed_headers    = cors_rule.value.allowed_headers
        exposed_headers    = cors_rule.value.exposed_headers
        max_age_in_seconds = cors_rule.value.max_age_in_seconds
      }
    }
  }

  dynamic "network_rules" {
    for_each = var.network_rules != null ? ["true"] : []
    content {
      default_action             = "Deny"
      ip_rules                   = var.network_rules.ip_rules
      virtual_network_subnet_ids = var.network_rules.subnet_ids
      bypass                     = var.network_rules.bypass
    }
  }
}

resource "azurerm_role_assignment" "st_role_assignment" {
  for_each           = toset(["Storage Blob Data Contributor"])
  scope              = azurerm_storage_account.storage.id
  role_definition_name = each.key
  principal_id       =  data.azurerm_client_config.current.object_id
depends_on = [ azurerm_storage_account.storage ]
}

resource "azurerm_storage_share" "jms-sftp-share" {
  for_each             = toset(["one", "two", "three"])
  name                 = each.key
  quota                = 5120
  storage_account_name = azurerm_storage_account.storage.name

  acl {
    id = "${each.key}_this_is_my_id"

    access_policy {
      permissions = "rwl"
    }
  }
  depends_on = [ azurerm_role_assignment.st_role_assignment ]
}

resource "azurerm_container_group" "jms-sftp" {
  dns_name_label = "doccji-dts-dev-jms-sftp"
  exposed_port = [
    {
      port     = 22
      protocol = "TCP"
    },
  ]
  location            = var.location
  name                = "container-sftp-1"
  os_type             = "Linux"
  resource_group_name = var.resource_group_name
  restart_policy      = "Always"

  container {
    commands = []
    cpu      = 1
    image    = "atmoz/sftp:latest"
    memory   = 1.5
    name     = "jms-sftp-1"

    ports {
      port     = 22
      protocol = "TCP"
    }
    dynamic "volume" {
      for_each = [for v in azurerm_storage_share.jms-sftp-share : {
        name = v.name
      }]
      content {
        empty_dir            = false
        mount_path           = "/home/${volume.value.name}"
        name                 = "${volume.value.name}-home-folder"
        read_only            = false
        share_name           = azurerm_storage_share.jms-sftp-share["one"].name
        storage_account_key  = azurerm_storage_account.storage.primary_access_key
        storage_account_name = azurerm_storage_account.storage.name
      }

    }
    volume {
      empty_dir            = false
      mount_path           = "/etc/sftp"
      name                 = "sftp-users-conf"
      read_only            = true
      share_name           = azurerm_storage_share.jms-sftp-share["one"].name
      storage_account_key  = azurerm_storage_account.storage.primary_access_key
      storage_account_name = azurerm_storage_account.storage.name
    }
  }

  depends_on = [
    azurerm_storage_share.jms-sftp-share
  ]
}

Terraform Apply:

After running the above code, three file shares have been created in the Azure Storage account and the same shares are mounted to the container instances.