Amazon EFS Mount from OSX
Gentlemen, I followed the instruction on this excellent post but failed to connect. Elastic file system (EFS) mount outside of AWS
I use CoreOS in a Mesos Cluster. We have an EFS connected to all the nodes in the cluster so they can share data, scripts, etc. We have a VPN tunnel to the AWS VPC so we can connect from the office.
My users would like to upload some scripts to the EFS and get the computation results so they would like to mount the NFS locally. So I launch a haproxy as recommended in the article above.
sudo docker run -d --net=host haproxy /bin/bash -c "echo -e 'listen fs-1e7bb658-us-east-1\n bind :2049\n mode tcp\n option tcplog\n timeout tunnel 300000\n server fs-1e7bb658-us-east-1a us-east-1a.fs-1e7bb658.efs.us-east-1.amazonaws.com:2049 check inter 60000 fastinter 15000 downinter 5000' > /haproxy.cfg && haproxy -f /haproxy.cfg"
The config is this in case it is not clear:
listen fs-1e7bb658-us-east-1
bind :2049
mode tcp
option tcplog
timeout tunnel 300000
server fs-1e7bb658-us-east-1a us-east-1a.fs-1e7bb658.efs.us-east-1.amazonaws.com:2049 check inter 60000 fastinter 15000 downinter 5000
Which starts haproxy with a tunnel to the EFS as proposed in the above mentioned topic. I know it is working because I can mount the EFS using the Haproxy IP into a second folder in a cluster node (i.e. /testing) and when I write a file to /testing I can see it in all the nodes in the /shared folder. For example:
sudo mount 100.100.100.68:/ /testing # Mount using haproxy
echo "testing123!" > /testing/testing.txt # write to a file
cat /shared/testing.txt # get from any node in the cluster
>>> testing123!
So the problem is that when I want to mount from OSX I get:
grodriguez:/ Guimo$ sudo mount 100.100.100.68:/ /sharedfiles
mount_nfs: can't mount / from 100.100.100.68 onto /sharedfiles: RPC prog. not avail
I know HaProxy is listening because I can do from OSX:
grodriguez:/ Guimo$ telnet 100.100.100.68 2049
Trying 100.100.100.68...
Connected to 100.100.100.68.
Escape character is '^]'.
So it connects to the service using telnet, but won't connect using nfs.
The security group is quite liberal and besides I wouldn't have connected using telnet if it didn't work. So the service is working at that port.
I read I could try and look for the mountd and nfs services but nothing. Maybe EFS is hiding them. Maybe that's why OSX complains for the missing service.
grodriguez:/ Guimo$ rpcinfo -p 100.100.100.68
program vers proto port
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 45358 status
100024 1 tcp 60755 status
100021 1 udp 43439 nlockmgr
100021 3 udp 43439 nlockmgr
100021 4 udp 43439 nlockmgr
100021 1 tcp 34893 nlockmgr
100021 3 tcp 34893 nlockmgr
100021 4 tcp 34893 nlockmgr
But still if the tunnel didn't work, why should the agents successfully connect?
BTW. I also tried the AWS way to connect, but OSX also has problems.
grodriguez:/ Guimo$ mount -t nfs4 -o nfsvers=4.1 100.100.100.68:/ /sharedfiles
mount: exec /System/Library/Filesystems/nfs4.fs/Contents/Resources/mount_nfs4 for /sharedfiles: No such file or directory
Any help appreciated.
Regards, Guimo
Edit: In case is not clear from my note below. I started a debian using docker for mac, then I installed nfs4 support in the container, then I connected to the HaProxy tunnel. All went fine and I can see my testing.txt file.
So I guess this is an OSX problem specifically and nothing to do with the solution above which is awesome.
For anyone who is looking for answers to this kind of question, the comment from Michael solved my problem.
We have direct connect to AWS and after adding the right inbound rule (TCP 2049 office subnet) to the security group, I am able to mount EFS to my local macbook.
sudo mount -t nfs -o vers=4 -o tcp -w x.x.x.x:/ efs