Prerequisites
You need a Linux server (mounting NFS volumes on Windows is not currently supported)
You need to have at least one NFS volume created and located in the same space as your server
Note: If you don’t know how to create an NFS volume or want to learn more about the NFS offering in Spinup please see How do I use the Spinup NFS storage offering?
Info |
---|
Additional performance tips can be found here: Amazon EFS Performance Tips. |
Procedure
The first time you will need to download and run this script to install amazon-efs-utils on your server. This is required to easily mount an NFS volume with encryption. The script will install all required pre-requisites depending on your specific Linux distro (see note below if this is not the case for ubuntu). Wait until it finishes running:
Code Block curl https://raw.githubusercontent.com/YaleSpinup/utils-storage/master/amazon-efs-utils/install_efs_utils.sh -o install_efs_utils.sh && \ chmod 755 install_efs_utils.sh && \ sudo ./install_efs_utils.sh
Note: However, if you do run into install errors on ubuntu. Run the following commands in the terminal and that should fix any package related issues.Code Block sudo apt install cargo pkg-config libssl-dev -y sudo rm -rf /tmp/efs-utils && sudo ./install_efs_utils.sh
You can run the script again to confirm amazon-efs-utils is installed, e.g.
Code Block $ sudo ./install_efs_utils.sh Detected OS: CentOS Linux 7 (Core) amazon-efs-utils already installed stunnel already installed stunnel 5.57 on x86_64-pc-linux-gnu platform No need to patch stunnel, version 5.57 already installed
If you run into issues or errors when running the script, you can contact spinup@yale.edu for support
Determine the File System id of your NFS volume (from the Spinup web interface) - in this case it’s
fs-d08e6d24
- you’ll need that to mount the volume
If mounting a volume without the use of an NFS user follow the following steps below:
Mount the volume using the file system id - in this case we’ll mount it on
/mnt
- make sure you use thetls
option to enable encryptionCode Block sudo mount -t efs -o tls fs-d08e6d24:/ /mnt
Confirm that you see the volume, e.g.
Code Block $ df -h /mnt Filesystem Size Used Avail Use% Mounted on 127.0.0.1:/ 8.0E 0 8.0E 0% /mnt
Keep in mind the size of the volume is unlimited, so you can store any amount of data on it and you will only be charged based on your average usage
To mount the volume persistently so it shows up after a reboot, add an entry to your
/etc/fstab
file (make sure you replacefs-d08e6d24
with your id and/mnt
with your mount point):Code Block echo 'fs-d08e6d24:/ /mnt efs _netdev,noresvport,tls 0 0' | sudo tee -a /etc/fstab
Test that the fstab works:
Code Block $ sudo mount -fav / : ignored /mnt : successfully mounted $ df -h /mnt Filesystem Size Used Avail Use% Mounted on 127.0.0.1:/ 8.0E 0 8.0E 0% /mnt
If you see any errors above or the volume is not mounted properly, you will need to edit your
/etc/fstab
and fix any issues before rebooting your server! Errors in your fstab file may render your server unusable after a reboot.
Use the following steps if you are mounting a volume that requires the use of an NFS user:
In order to mount a volume with the use of an NFS user (required for high risk spaces) AWS cli is also required to be downloaded and installed. The install steps for this are located here: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html However it should be noted that on linux server instances if possible please install the awscli tools through your instances package managing system.
For example, in the case of a CentOS - CIS server:Code Block $ sudo yum install awscli
This will install the toolset and prevent any issues with it being accessed via your users linux profile. You can verify its success by performing the following:
Code Block $ aws --version
Once the AWS cli tool has been installed the next step is to create the AWS profile where the key id/secret will be stored and used for the NFS mount. In order to do this use the following snippet:
Code Block $ sudo aws configure --profile user1
The profile name can be anything you wish but for clarity it is recommended to name it the same as the user created on the NFS.
Once the command has ran it will prompt you for the access key id, secret access key, default region name, and default output format. The access key id and secret access key can be found on the created NFS user in spinup and looks like the following:
...
Simply copy the values for the access key id and the secret access key and input us-east-1 for the region. Default output format can simply be left as none. It should look similar to this:
Code Block $ sudo aws configure --profile user1 AWS Access Key ID [None]: AKIAZ2KMXEJOEWFQDKUK AWS Secret Access Key [None]: 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 Default region name [None]: us-east-1 Default output format [None]:
Once this step has been completed the NFS is ready to be mounted with the IAM user profile. The following command will achieve this step:
Code Block $ sudo mount -t efs -o tls,iam,awsprofile=user1 fs-097397fa171119b8d:/ /mnt/user1
The key parts to this command are specifying the aw sprofile name given in the previous step in this case "user1" while providing the filesystem id located on the NFS view page in spinup. The last part is the target of where you wish to mount the NFS filesystem and should be created ahead of time.
To mount the volume persistently so it shows up after a reboot, add an entry to your /etc/fstab file. Make sure to replace the fs-097397fa171119b8d with your filesystem id provided on the NFS resource in spinup and the mount target with your specified location.
Code Block $ echo 'fs-097397fa171119b8d:/ /mnt/user1 efs _netdev,tls,iam,awsprofile=user1 0 0' | sudo tee -a /etc/fstab fs-097397fa171119b8d:/ /mnt/user1 efs _netdev,tls,iam,awsprofile=user1 0 0
Test that the fstab works:
Code Block sudo mount -fav / : ignored /dev/shm : already mounted /mnt/user1 : successfully mounted
If any errors are generated from the previous commands than there has been an issue with mounting your NFS filesystem. You will need to edit your /etc/fstab to fix any issues before rebooting your server! Errors in your fstab file may render your server unusable after a reboot