Creating a single-node file server using Terraform
To create an infrastructure for a single-node file server using Terraform:
If you no longer need the resources you created, delete them.
Getting started
Sign up for Yandex Cloud and create a billing account:
- Go to the management console and log in to Yandex Cloud or create an account if you do not have one yet.
- On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the
ACTIVEorTRIAL_ACTIVEstatus. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page to create or select a folder for your infrastructure to operate in.
Learn more about clouds and folders.
Required paid resources
The cost for hosting a single node file server includes:
- Fee for a continuously running VM (see Yandex Compute Cloud pricing).
- Fee for using a dynamic or static public IP address (see Yandex Virtual Private Cloud pricing).
- Fee for the outbound traffic (see Yandex Virtual Private Cloud pricing).
Create an infrastructure
Terraform allows you to quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. Configuration files store the infrastructure description in the HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Business Source License.
For more information about the provider resources, see the documentation on the Terraform website or the mirror.
If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
To create an infrastructure using Terraform:
-
Install Terraform, get the authentication credentials, and specify the source for installing the Yandex Cloud provider (see Configure a provider, step 1).
-
Prepare files with the infrastructure description:
Ready-made archiveManually- Create a directory for files.
- Download the archive (1 KB).
- Unpack the archive to the directory. Now, it should contain the
single-node-file-server.tfconfiguration file.
-
Create a directory for files.
-
Create a configuration file named
single-node-file-server.tfin the folder:single-node-file-server.tf
terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = ">= 0.47.0" } } } provider "yandex" { zone = "ru-central1-a" } resource "yandex_vpc_network" "network-1" { name = "network1" } resource "yandex_vpc_subnet" "subnet-1" { name = "subnet1" zone = "ru-central1-a" network_id = yandex_vpc_network.network-1.id v4_cidr_blocks = ["192.168.1.0/24"] } resource "yandex_vpc_security_group" "fileserver-tutorial-sg" { name = "fileserver-tutorial-sg" network_id = yandex_vpc_network.network-1.id egress { protocol = "ANY" description = "any" v4_cidr_blocks = ["0.0.0.0/0"] } ingress { protocol = "TCP" description = "ext-http" v4_cidr_blocks = ["0.0.0.0/0"] port = 80 } ingress { protocol = "TCP" description = "ext-ssh" v4_cidr_blocks = ["0.0.0.0/0"] port = 22 } ingress { protocol = "TCP" description = "ext-https" v4_cidr_blocks = ["0.0.0.0/0"] port = 443 } ingress { protocol = "TCP" description = "ext-msql" v4_cidr_blocks = ["0.0.0.0/0"] port = 3306 } ingress { protocol = "TCP" description = "nfs" v4_cidr_blocks = ["0.0.0.0/0"] port = 2049 } } resource "yandex_compute_image" "ubuntu-1804-lts" { source_family = "ubuntu-1804-lts" } resource "yandex_compute_disk" "boot-disk-ubuntu" { name = "fileserver-tutorial-disk" type = "network-ssd" zone = "ru-central1-a" size = "100" image_id = yandex_compute_image.ubuntu-1804-lts.id } resource "yandex_compute_instance" "fileserver-tutorial" { name = "fileserver-tutorial" platform_id = "standard-v3" zone = "ru-central1-a" resources { core_fraction = 100 cores = 8 memory = 56 } boot_disk { disk_id = yandex_compute_disk.boot-disk-ubuntu.id } network_interface { subnet_id = yandex_vpc_subnet.subnet-1.id security_group_ids = [yandex_vpc_security_group.fileserver-tutorial-sg.id] nat = true } metadata = { user-data = "#cloud-config\nusers:\n - name: <username>\n groups: sudo\n shell: /bin/bash\n sudo: 'ALL=(ALL) NOPASSWD:ALL'\n ssh_authorized_keys:\n - ${file("<path_to_public_SSH_key>")}" } }
For more information about the parameters of resources used in Terraform, see the provider documentation:
-
Under
metadata, enter your username and the contents of your SSH key. For more information, see VM metadata. -
Create resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validateIf the configuration is correct, the following message is returned:
Success! The configuration is valid. -
Run the command:
terraform planThe terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply -
Confirm the changes: type
yesin the terminal and press Enter.
-
After creating the infrastructure, configure Samba and NFS.
Set up Samba and NFS
After the fileserver-tutorial VM's status changes to RUNNING, do the following:
-
On the VM page of the management console, under Network, find the VM's public IP address.
-
Connect to the VM over SSH.
The recommended authentication method when connecting over SSH is using a key pair. Make sure to set up the created key pair so that the private key matches the public key sent to the VM.
-
Configure Samba and NFS:
Ubuntu-
Download and install Samba:
sudo apt-get update sudo apt-get install nfs-kernel-server samba -
Prepare and mount the file system on the disk:
sudo mkfs -t ext4 -L data /dev/vdb -
Prepare and mount the folder for data storage on the disk:
sudo mkdir /<folder_name> echo "LABEL=data /<folder_name> ext4 defaults 0 0" | sudo tee -a /etc/fstab sudo mount /<folder_name> -
Set the NFS configuration in the
/etc/exportsfile. You can edit the file using thenanoutility:sudo nano /etc/exportsAdd the following lines to the file:
/<folder_name> <IP_address>(rw,no_subtree_check,fsid=100) /<folder_name> 127.0.0.1(rw,no_subtree_check,fsid=100)Where
<IP_address>is the IP address of the computer you are going to connect the network data disk to via NFS. -
Set the Samba configuration in the
/etc/samba/smb.conffile. You can edit the file using thenanoutility:sudo nano /etc/samba/smb.confEdit the file as follows:
[global] workgroup = WORKGROUP server string = %h server (Samba) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = standalone server passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [data] comment = /<folder_name> path = /<folder_name> browseable = yes read only = no writable = yes guest ok = yes hosts allow = <IP_address> 127.0.0.1 hosts deny = 0.0.0.0/0Where
<IP_address>in the[data]section is the IP address of the computer you are going to connect the network data disk to via NFS. -
Restart Samba and NFS:
sudo service nfs-kernel-server restart sudo service smbd restart
-
Test your file server
-
Install ACL on the
fileserver-tutorialVM:Ubuntusudo apt install acl -
On the
fileserver-tutorialVM instance, create a directory namedremoteand thetest.txtfile:Ubuntusudo mkdir /<folder_name>/remote sudo setfacl -m u:<name_of_your_user>:rwx /<folder_name>/remote echo "Hello world!" > /<folder_name>/remote/test.txt -
Connect the network disk to your computer via NFS and check if the test file is available:
Linux/macOSWindowsIf needed, install the network disk utility:
sudo apt-get install nfs-commonCreate a mount point:
sudo mkdir /remote-test-dirAttach a network disk:
sudo mount -t nfs <VM_public_IP_address>:/<folder_name> /remote-test-dirAs as result, the test directory and the file should become available at the mount point.
-
Run the cmd.exe utility. To do this, use the Windows + R keyboard shortcut and run the
cmdcommand. -
From the command line, run:
net use x: \\<VM_public_IP_address>\folder_name
This will create a disk X with the test directory and file.
-
How to delete the resources you created
To stop paying for the resources you created:
-
Open the
single-node-file-server.tfconfiguration file and delete from it the description of the infrastructure you created. -
Apply the changes:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validateIf the configuration is correct, the following message is returned:
Success! The configuration is valid. -
Run the command:
terraform planThe terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply -
Confirm the changes: type
yesin the terminal and press Enter.
-