A Storage Virtual Machine (SVM) is a logical grouping of one or more volumes.

Let's say you have the following files on your Terraform server.

├── required_providers.tf
├── netapp (directory)
│   ├── data.tf
│   ├── outputs.tf
│   ├── provider.tf
│   ├── resources.tf

required_providers.tf will almost always have this.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
    }
  }
}

Let's say provider.tf has the following. In this example, the "default" profile in /home/username/.aws/config and /home/username/.aws/credentials is being used. This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.

provider "aws" {
  alias   = "default"
  profile = "default"
  region  = "default"
}

Let's say there are three Virtual Private Cloud (VPC) Subnets, each in a different availability zone.

And data.tf could have something like this.

data "aws_subnet" "us-east-1a-subnet" {
  filter {
    name = "tag:Name"
    values = ["us-east-1a-subnet"]
  }
}

data "aws_subnet" "us-east-1b-subnet" {
  filter {
    name = "tag:Name"
    values = ["us-east-1b-subnet"]
  }
}

And resources.tf could have something like this.

• By default, the minimum storage_capacity is 1024 GB (that's 1 TB)
• throughput_capacity is MB/s (128 MB/s in this example)
• The Virtual Private Cloud (VPC) subnet IDs are obtain from data.tf

AVOID TROUBLE

When we setup NetApp FSx ONTAP file system without the Trident csi.trident.netapp.io Storage Class, we were getting Permission Denied when attempting to create files in the NetApp FSx ONTAP file system. I think this is because by default, only root has write permission. Of course, root has permission to create files, but we didn't want to run containers as root. On the other hand, after setting up the Trident csi.trident.netapp.io Storage Class, we no longer got Permission Denied when attempting to create files in the NetApp FSx ONTAP file system as a non-root user. We had to set to fsx_admin_password and svm_admin_password on the Storage Virtual Machine for vsadmin.

resource "aws_fsx_ontap_file_system" "my-fsx-netapp-ontap-file-system" {

  # GB (e.g. 1024 GB)
  # must be a value between 1024 and 196608
  storage_capacity = 1024

  # MB/s (megabits per second)
  # valid values are: 128 256 512 1024 2048
  throughput_capacity = 128

  # MULTI_AZ_1 (multiple availability zones such as us-east-1 and us-east-2) or SINGLE_AZ_1 (a single availability zone such as us-east-1)
  deployment_type = "MULTI_AZ_1"

  # If deployment_type is SINGLE_AZ_1 then subnet_ids should have 1 subnet ID
  # If deployment_type is MULTI_AZ_1 then subnet_ids should have 2 subnet IDs. Only 2 subnet IDs maximum may be listed.
  subnet_ids = [data.aws_subnet.us-east-1a-subnet.id, data.aws_subnets.us-east-1b-subnet.id]

  # The preferred subnet ID must also be in subnet_ids
  preferred_subnet_id = data.aws_subnet.us-east-1a-subnet.id

  # Optional
  automatic_backup_retention_days = 14
  daily_automatic_backup_start_time = "01:00"
  fsx_admin_password = "your password"

  # Optional - A dedicated Security Group for the NetApp FSx ONTAP file system
  security_group_ids = aws_security_group.aws_fsx_ontap_file_system_security_group.id
}

resource "aws_fsx_ontap_storage_virtual_machine" "my_aws_fsx_ontap_storage_virtual_machine" {
  file_system_id     = aws_fsx_ontap_file_system.fsx_netapp_ontap_file_system.id
  name               = FSx-NetApp-ONTAP-SVM

  # Optional
  svm_admin_password = "your password"
  lifecycle {
    ignore_changes = [svm_admin_password]
  }
}

You may need to reissue the terraform init command.

~]# terraform init
Initializing the backend...
Initializing modules...
Initializing provider plugins...
Terraform has been successfully initialized!

The terraform plan command can be used to see what Terraform will try to do.

By default, the terraform.tfstate file should be found in your root module directory (/usr/local/terraform/aws in this example).

• If the NetApp file system does not exist and the terraform.tfstate file does not contain the NetApp file system, Terraform will create the NetApp file system.
• If the NetApp file system exists and the terraform.tfstate file contains the NetApp file system and a difference is found between the netapp.tf file and the terraform.tfstate file, Terraform will update the NetApp File System.
• If the NetApp file system exists and the terraform.tfstate file contains the NetApp file system and the NetApp file system is removed from the netapp.tf file, Terraform will destroy (delete) the NetApp File System.

The terraform apply command can be used to create, update or delete the NetApp file system. Be aware that this will probably take a long time, probably because the minimum storage capacity is 1024 GB (1 TB).

netapp.aws_fsx_ontap_file_system.my-fsx-netapp-ontap-file-system: Creating...
netapp.aws_fsx_ontap_file_system.my-fsx-netapp-ontap-file-system: Creation complete after 5s [id=fs-056a3b9ea34bd8067 ]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

You should see something like this in the AWS Amazon FSx Console.

You should now be able to access the NetApp FSx ONTAP File System command line interface from an EC2 instance that is in the same Availability Zone as the FSx NetApp ONTAP file system.

AVOID TROUBLE

The EC2 instance should be in the same Virtual Private Cloud as the FSx NetApp ONTAP file system

The EC2 instance will need to be in the same subnet as the FSx NetApp ONTAP file system (e.g. 10.0.2.0/24)

[ec2-user@ip-172-31-29-217 ~]$ ssh vsadmin@svm-0f47a227f90621ffc.fs-0adf810837c461d5d.fsx.us-east-1.amazonaws.com
Password:

FSx-NetApp-ONTAP-SVM::> whoami
  (security login whoami)

User: vsadmin
Role: vsadmin