6

Gentlemen, I followed the instruction on this excellent post but failed to connect. Elastic file system (EFS) mount outside of AWS

I use CoreOS in a Mesos Cluster. We have an EFS connected to all the nodes in the cluster so they can share data, scripts, etc. We have a VPN tunnel to the AWS VPC so we can connect from the office.

My users would like to upload some scripts to the EFS and get the computation results so they would like to mount the NFS locally. So I launch a haproxy as recommended in the article above.

sudo docker run -d --net=host haproxy /bin/bash -c "echo -e 'listen fs-1e7bb658-us-east-1\n    bind :2049\n    mode tcp\n    option tcplog\n    timeout tunnel 300000\n    server fs-1e7bb658-us-east-1a us-east-1a.fs-1e7bb658.efs.us-east-1.amazonaws.com:2049 check inter 60000 fastinter 15000 downinter 5000' > /haproxy.cfg && haproxy -f /haproxy.cfg"

The config is this in case it is not clear:

listen fs-1e7bb658-us-east-1
    bind :2049
    mode tcp
    option tcplog
    timeout tunnel 300000 
    server fs-1e7bb658-us-east-1a us-east-1a.fs-1e7bb658.efs.us-east-1.amazonaws.com:2049 check inter 60000 fastinter 15000 downinter 5000

Which starts haproxy with a tunnel to the EFS as proposed in the above mentioned topic. I know it is working because I can mount the EFS using the Haproxy IP into a second folder in a cluster node (i.e. /testing) and when I write a file to /testing I can see it in all the nodes in the /shared folder. For example:

sudo mount 100.100.100.68:/ /testing           # Mount using haproxy
echo "testing123!" > /testing/testing.txt    # write to a file
cat /shared/testing.txt                      # get from any node in the cluster
>>> testing123!

So the problem is that when I want to mount from OSX I get:

grodriguez:/ Guimo$ sudo mount 100.100.100.68:/ /sharedfiles
mount_nfs: can't mount / from 100.100.100.68 onto /sharedfiles: RPC prog. not avail

I know HaProxy is listening because I can do from OSX:

grodriguez:/ Guimo$ telnet 100.100.100.68 2049
Trying 100.100.100.68...
Connected to 100.100.100.68.
Escape character is '^]'.

So it connects to the service using telnet, but won't connect using nfs.

The security group is quite liberal and besides I wouldn't have connected using telnet if it didn't work. So the service is working at that port.

I read I could try and look for the mountd and nfs services but nothing. Maybe EFS is hiding them. Maybe that's why OSX complains for the missing service.

grodriguez:/ Guimo$ rpcinfo -p 100.100.100.68
program vers proto   port
100000    4   tcp    111  portmapper
100000    3   tcp    111  portmapper
100000    2   tcp    111  portmapper
100000    4   udp    111  portmapper
100000    3   udp    111  portmapper
100000    2   udp    111  portmapper
100024    1   udp  45358  status
100024    1   tcp  60755  status
100021    1   udp  43439  nlockmgr
100021    3   udp  43439  nlockmgr
100021    4   udp  43439  nlockmgr
100021    1   tcp  34893  nlockmgr
100021    3   tcp  34893  nlockmgr
100021    4   tcp  34893  nlockmgr

But still if the tunnel didn't work, why should the agents successfully connect?

BTW. I also tried the AWS way to connect, but OSX also has problems.

grodriguez:/ Guimo$ mount -t nfs4 -o nfsvers=4.1 100.100.100.68:/ /sharedfiles
mount: exec /System/Library/Filesystems/nfs4.fs/Contents/Resources/mount_nfs4 for /sharedfiles: No such file or directory

Any help appreciated.

Regards, Guimo

Edit: In case is not clear from my note below. I started a debian using docker for mac, then I installed nfs4 support in the container, then I connected to the HaProxy tunnel. All went fine and I can see my testing.txt file.

So I guess this is an OSX problem specifically and nothing to do with the solution above which is awesome.

G Rodriguez
  • 61
  • 1
  • 1
  • 3
  • Just FYI, I run a debian docker image, installed nfs support, connected to the EFS from my machine... all worked fine. I guess its OSX then. – G Rodriguez Aug 31 '16 at 11:13
  • Speculation, based on [this](http://serverfault.com/q/325012/153161) -- `mount -t nfs -o vers=4`. Maybe other options, too, like `tcp` since EFS only runs over TCP. – Michael - sqlbot Aug 31 '16 at 23:07
  • Thanks Michael, tried that as well. My suspicion is that OSX is expecting a share folder like nfsip:/sharedfolder and the EFS shares are like nfsip:/ I believe it is trying to create a folder with the same name in the /Volumes folder. – G Rodriguez Sep 01 '16 at 02:02
  • What's the response you get from `sudo mount -t nfs -o vers=4 -o tcp x.x.x.x:/ /sharedfiles`? – Michael - sqlbot Sep 01 '16 at 02:34
  • Or [this config change](http://apple.stackexchange.com/a/209068/65314) or [this pseudo-URI](http://apple.stackexchange.com/a/55863/65314) from Finder. With the EFS share always being at the root, you'll want a trailing slash, though it might be possible to mount with a subdirectory name in the target, if you create one in the EFS share. – Michael - sqlbot Sep 01 '16 at 02:41
  • Hi Michael. I get this: ``` grodriguez:~ Guimo$ sudo mount -t nfs4 -o nfsvers=4.1,proto=tcp,port=2049 100.100.100.68:/ /Users/Guimo/sharedfiles mount: exec /System/Library/Filesystems/nfs4.fs/Contents/Resources/mount_nfs4 for /Users/Guimo/sharedfiles: No such file or directory ``` And I'm quite sure the folder exists locally. – G Rodriguez Sep 01 '16 at 03:34
  • Thank you for your help Michael but is too much time lost in something the OS should handle. We have decided for another alternative and drop AWS EFS from the design. – G Rodriguez Sep 02 '16 at 02:44
  • 1
    I'm not affiliated with AWS, but I'm sorry to hear that. It sounds like there's a missing binary on the system. I'd like to think we'll find an answer -- it certainly has the potential to be useful to future visitors. – Michael - sqlbot Sep 02 '16 at 13:50

1 Answers1

10

For anyone who is looking for answers to this kind of question, the comment from Michael solved my problem.

We have direct connect to AWS and after adding the right inbound rule (TCP 2049 office subnet) to the security group, I am able to mount EFS to my local macbook.

sudo mount -t nfs -o vers=4 -o tcp -w x.x.x.x:/ efs
Sheng
  • 201
  • 2
  • 4