Reusable Terraform Modules for Pure Cloud Block Store

Start with nothing and scale to infinity

Posted by Adam Mazouz on Sunday, July 2, 2023
Reading Time: 5 minutes

Photo by Audrius Sutkus on Unsplash

Since I joined Pure Storage - over 2 years now - I started mainly focusing on Pure Cloud Block Store and its use cases, I have been learning and using Terraform to do mostly all the repeatable tasks in the public cloud, from infrastructure deployment to resource management. Terraform as a tool is easy to use, authenticate to the cloud provider, describe your infrastructure, and hit apply. However, there is an art of using Terraform to create reusable code, with a sense of abstraction where you can describe your infrastructure in terms of its architecture, rather than directly in terms of resources objects.

In this blog post I will showcase how I leveraged the art of Terraform Modules for building a couple of examples for provisioning Pure Cloud Block Store prerequisite, deploying the array as standalone or managed by Pure Fusion. Let’s get into the details.

Starting point

This blog and Terraform code covers Pure Cloud Block Store deployment in Azure only. AWS work are in progress.

Last year David Stamen wrote the Terraform Quick Launch for CBS. I jumped to use it of course, and it became the preferred way for testing new CBS releases, or delivering a PoC.

On parallel I started breaking the code into modules. Rather than having one with multiple resources, it was hard sometimes to abstract the infrastructure (VNet, NAT GW, Managed Identity) from the CBS array resource or sharing infra to multiple CBSs without screwing the state if you deleted one CBS.

Modules are the main way to package and reuse resource configurations with Terraform. The table below shows the modules I have put together, then I call those modules from the root modules in terms of “Deploy-*” examples

Module Name Functionality
CBS-VNET Creates an Azure VNet with four Subnet
CBS-NAT-GW Creates an Azure NAT GW and associate it with CBS System Subnet
CBS-Key-Vault Creates an Azure Key Valut that is used by CBS Terraform Provider to perform management operations
CBS-Identity Creates an Azure Custom Role and Assign it to a User Managed Identity
VM-JUMPBOX Creates an Azure VM on the same CBS VNet, it can be used as a Jump Host or repurpose as an initiator
CBS-Array Creates a Cloud Block Store Array
Fusion-SEC Create a Fusion Storage Endpoint Collection
Fusion-CBS-Array Creates a Cloud Block Store Array that can be associated to a Fusion SEC

Before you Start

You should have or prepared the following:

  1. Have an Azure Subscription you can authenticate to using Az login or Service Priniciple.
  2. Select Supported region. You can find a list of regions here.
  3. Deploy an Azure VM in the same subscription where you are planning to deploy CBS. Then SSH to the VM.

    The reason for deploying the VM in Azure is to establish network connectivity between the Azure VM VNet and the CBS VNet created in the example. The VNet Peering is part of the modules created, you just need to pass the Azure VM VNet id and resource group, and it would be automatically configured for you.

  4. Clone the repo:
git clone

Example 1: Deploy-CBS-Prerequisits-Only

The main use case for this example is to offer an easy workflow for those who want to PoC or demonstrate deploying Pure CBS from the Azure portal and don’t want to spend time creating all the prerequisite. One click to deploy all the required resource just 5 minutes before your demonstration, neat ain’t it!

  1. Once you have cloned the repo, navigate to the directory:
cd Pure-CBS-Terraform-Modules/deploy-CBS-Prerequisites-Only
  1. Modify the terraform.tfvars file with your own naming and VNet/Subnets IP ranges.
vi terraform.tfvars 
  1. Hit terraform init, then terraform apply. Thats it! You can find navigate to Azure Portal, search for the Resource Group to find all the resources.

Example 2: Deploy-CBS-Greenfield

This example deploys both the prerequisite and CBS array. it takes from 15 to 20 minutes to finish a successful deployment, and it outputs all the CBS interfaces endpoint IPs (Management, iSCSI, Replication), besides the public and private IP address of the VM used as a JumpBox or a storage initiator.Your choice!

CBS Greenfield is a term I used here to refer to Standalone CBS since I am working on Cloud Block Store managed by Fusion in the next examples. if you have better name for it, reach out or leave a comment below.

  1. Similar to the previous example, once you have cloned the repo, navigate to the directory:
cd Pure-CBS-Terraform-Modules/deploy-CBS-Prerequisites-Only
  1. Then modify the terraform.tfvars. On top of the prerequisite variable, you would need to select a couple of CBS variables.
CBS Variable Description
license_key Pure Cloud Block Store License Key, you can use CBS-TRIAL-LICENSE for 45 days evaluation mode, more info here
log_sender_domain Domain to be used for CBS, ex:
alert_recipients Email Address to be used for CBS Alerts
array_model CBS Model (V10MUR1 or V20MUR1 or V20MP2R2)
zone Zone in Region to deploy (1,2 or 3), Check before you select thr zone, some regions do not have support for Ultra SSD or PremiumV2, more info here
groups Azure AD Group id for JIT Approval
New key_file_path Private Key File Path for pureuser
  1. Hit terraform init, then terraform apply. Terraform will deploy and configure all the resource you can see in the diagram below.

So, What is next?

A couple of things really, mostly finishing Fusion Provider example for an end-to-end CBS + Fusion workflow.

The other thing I will look into is how to wrap those examples with a CLI tool. Something like:

purecbstf deploy cbs_standalone –tfvar_file_path /home/amazouz/terraform.tfvars –project test_cbs or

purecbstf list –project test_cbs or

Purecbstf destroy –project test_cbs

Many other exciting stuff coming for Pure Cloud Block Store, we have only just begun to scratch the surface.

comments powered by Disqus