Customer would like multip "NFS" like mount points per namespace for segmentation and security.

[henriquedanc]

Hi! I did an initial deployment with viya4-iac-aws for infrastructure, and this for the first namespace deployment. Then I tried to deploy a second namespace and run into some issues.

1. No effect when setting V4_CFG_FILESTORE_ENDPOINT in ansible-vars.yaml. Probably because it will parse that from terraform.tfstate whenever it finds it there:

https://github.com/sassoftware/viya4-deployment/blob/main/roles/common/tasks/main.yaml, 34-39

• name: tfstate - nfs endpoint set_fact: V4_CFG_RWX_FILESTORE_ENDPOINT: "{{ tfstate.rwx_filestore_endpoint.value }}" when:
  • tfstate.rwx_filestore_endpoint is defined
  • tfstate.rwx_filestore_endpoint.value|length > 0

2. Even after I could set it manually, the /pvs folder wasn't created, because it is done by terraform: https://github.com/sassoftware/viya4-iac-aws/blob/main/files/cloud-init/jump/cloud-config

Should we move the /pvs folder creation and permissions configs here instead of viya4-iac-xxx? Also, should we add a counter of how many deployments we want in viya4-iac-xxx? That way it would create the needed EFSs without any manual customization.

[thpang]

Nope. IAC code base setups up the infra for NFS/Enterprise Storage and sets permissions, mount points, etc. If you want to control your own storage you can. To do this you would not install Jump/NFS servers and then work through the docs on storage here and here from the viya4-deployment repo.

[henriquedanc]

But we are creating folders here as well, just not the pvs one, see below. The point is that this customer do want to use both Terraform and Ansible for the deployment, just couldn't find a way of doing it when deploying multiple namespaces. And this will likely be a common pattern, so it would be good to be able to have a way of doing it using the tools.

https://github.com/sassoftware/viya4-deployment/blob/main/roles/jump-server/tasks/main.yml, 38-53

• name: jump-server - create folders file: state: directory path: "{{ JUMP_SVR_RWX_FILESTORE_PATH | replace('/$', '') }}/{{ hostvars['localhost']['NAMESPACE'] }}/{{ item }}" owner: "{{ folder_owner }}" group: "{{ folder_group }}" mode: "0777" with_items:
  • bin
  • homes
  • data
  • astores delegate_to: "{{ groups['jump'][0] }}" become: yes tags:
  • install

[thpang]

yes the folders are created when your run viya,install which creates what's needed for Viya. This is done with the viya4-deployment repo. The base folder/storage setup is infrastructure. Which needs mounts, permissions, etc. You can do it at the deployment level but it does not belong there.

[thpang]

Clarifying information here after talking with @henriquedanc . The need here is to have multiple nfs mount locations that are used by each individual customer. So for each customer they are looking to have a difference disk and mount entry.

The one issue I see here is we have 1 storage class that the IAC supports and it's the sas storage class. What's being asked here is that a new storage class be generated for each tenant as it's created. This then falls back to the IAC code base which sets up the infra. Again, the change here would need to verify that a new mount-point can be added without disrupting current systems. Adding these thoughts here for reference during our investigation.

[sayeun]

This requires PM review and Viya Architecture team's involvement.

[dhoucgitter]

PM review was done on 9 April, 2024.

Closing this issue after PM review and team discussion this morning. If this request is still warranted or seen as a necessary addition to iac-aws, open a new feature request for it. Search for "Feature Request Form for SAS Software" on the Inside SAS site for a link to the feature request form.