Versions Compared

Old Version 5

changes.mady.by.user Camden Fisher

Saved on

compared with

New Version Current

changes.mady.by.user Brandon Tassone

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The first time you will need to download and run this script to install amazon-efs-utils on your server. This is required to easily mount an NFS volume with encryption. The script will install all required pre-requisites depending on your specific Linux distro (see note below if this is not the case for ubuntu). Wait until it finishes running:

    Code Block
    curl https://raw.githubusercontent.com/YaleSpinup/utils-storage/master/amazon-efs-utils/install_efs_utils.sh -o install_efs_utils.sh && \
chmod 755 install_efs_utils.sh && \
sudo ./install_efs_utils.sh


    Note: However, if you do run into install errors on ubuntu. Run the following commands in the terminal and that should fix any package related issues.

    Code Block
    sudo apt install cargo pkg-config libssl-dev -y
sudo rm -rf /tmp/efs-utils && sudo ./install_efs_utils.sh

...

  • Determine the File System id of your NFS volume (from the Spinup web interface) - in this case it’s fs-d08e6d24 - you’ll need that to mount the volume


If mounting a volume without the use of an NFS user follow the following steps below:

  • Mount the volume using the file system id - in this case we’ll mount it on /mnt - make sure you use the tls option to enable encryption

    Code Block
    sudo mount -t efs -o tls fs-d08e6d24:/ /mnt

  • Confirm that you see the volume, e.g.

    Code Block
    $ df -h /mnt
Filesystem      Size  Used Avail Use% Mounted on
127.0.0.1:/     8.0E     0  8.0E   0% /mnt

  • Keep in mind the size of the volume is unlimited, so you can store any amount of data on it and you will only be charged based on your average usage

...

  • To mount the volume persistently so it shows up after a reboot, add an entry to your /etc/fstab file (make sure you replace fs-d08e6d24 with your id and /mnt with your mount point):

    Code Block
    echo 'fs-d08e6d24:/ /mnt efs _netdev,noresvport,tls 0 0' | sudo tee -a /etc/fstab

  • Test that the fstab works:

    Code Block
    $ sudo mount -fav
/                        : ignored
/mnt                     : successfully mounted
$ df -h /mnt
Filesystem      Size  Used Avail Use% Mounted on
127.0.0.1:/     8.0E     0  8.0E   0% /mnt

  • If you see any errors above or the volume is not mounted properly, you will need to edit your /etc/fstab and fix any issues before rebooting your server! Errors in your fstab file may render your server unusable after a reboot.


Use the following steps if you are mounting a volume that requires the use of an NFS user:

  • In order to mount a volume with the use of an NFS user (required for high risk spaces) AWS cli is also required to be downloaded and installed. The install steps for this are located here: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html However it should be noted that on linux server instances if possible please install the awscli tools through your instances package managing system.

    For example, in the case of a CentOS - CIS server:

    Code Block
    $ sudo yum install awscli

  • This will install the toolset and prevent any issues with it being accessed via your users linux profile. You can verify its success by performing the following:

    Code Block
    $ aws --version


  • Once the AWS cli tool has been installed the next step is to create the AWS profile where the key id/secret will be stored and used for the NFS mount. In order to do this use the following snippet:

    Code Block
    $ sudo aws configure --profile user1

  • The profile name can be anything you wish but for clarity it is recommended to name it the same as the user created on the NFS.

  • Once the command has ran it will prompt you for the access key id, secret access key, default region name, and default output format. The access key id and secret access key can be found on the created NFS user in spinup and looks like the following:

...

  • Simply copy the values for the access key id and the secret access key and input us-east-1 for the region. Default output format can simply be left as none. It should look similar to this:

    Code Block
    $ sudo aws configure --profile user1
AWS Access Key ID [None]: AKIAZ2KMXEJOEWFQDKUK
AWS Secret Access Key [None]: 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
Default region name [None]: us-east-1
Default output format [None]:


  • Once this step has been completed the NFS is ready to be mounted with the IAM user profile. The following command will achieve this step:

    Code Block
    $ sudo mount -t efs -o tls,iam,awsprofile=user1 fs-097397fa171119b8d:/ /mnt/user1

  • The key parts to this command are specifying the aw sprofile name given in the previous step in this case "user1" while providing the filesystem id located on the NFS view page in spinup. The last part is the target of where you wish to mount the NFS filesystem and should be created ahead of time.

  • To mount the volume persistently so it shows up after a reboot, add an entry to your /etc/fstab file. Make sure to replace the fs-097397fa171119b8d with your filesystem id provided on the NFS resource in spinup and the mount target with your specified location.

    Code Block
    $ echo 'fs-097397fa171119b8d:/ /mnt/user1 efs _netdev,tls,iam,awsprofile=user1 0 0' | sudo tee -a /etc/fstab
fs-097397fa171119b8d:/ /mnt/user1 efs _netdev,tls,iam,awsprofile=user1 0 0

  • Test that the fstab works:

    Code Block
    sudo mount -fav
/                        : ignored
/dev/shm                 : already mounted
/mnt/user1               : successfully mounted

  • If any errors are generated from the previous commands than there has been an issue with mounting your NFS filesystem. You will need to edit your /etc/fstab to fix any issues before rebooting your server! Errors in your fstab file may render your server unusable after a reboot