Amazon EFS Mount from OSX

Gentlemen, I followed the instruction on this excellent post but failed to connect. Elastic file system (EFS) mount outside of AWS

I use CoreOS in a Mesos Cluster. We have an EFS connected to all the nodes in the cluster so they can share data, scripts, etc. We have a VPN tunnel to the AWS VPC so we can connect from the office.

My users would like to upload some scripts to the EFS and get the computation results so they would like to mount the NFS locally. So I launch a haproxy as recommended in the article above.

sudo docker run -d --net=host haproxy /bin/bash -c "echo -e 'listen fs-1e7bb658-us-east-1\n    bind :2049\n    mode tcp\n    option tcplog\n    timeout tunnel 300000\n    server fs-1e7bb658-us-east-1a us-east-1a.fs-1e7bb658.efs.us-east-1.amazonaws.com:2049 check inter 60000 fastinter 15000 downinter 5000' > /haproxy.cfg && haproxy -f /haproxy.cfg"

The config is this in case it is not clear:

listen fs-1e7bb658-us-east-1
    bind :2049
    mode tcp
    option tcplog
    timeout tunnel 300000 
    server fs-1e7bb658-us-east-1a us-east-1a.fs-1e7bb658.efs.us-east-1.amazonaws.com:2049 check inter 60000 fastinter 15000 downinter 5000

Which starts haproxy with a tunnel to the EFS as proposed in the above mentioned topic. I know it is working because I can mount the EFS using the Haproxy IP into a second folder in a cluster node (i.e. /testing) and when I write a file to /testing I can see it in all the nodes in the /shared folder. For example:

sudo mount 100.100.100.68:/ /testing           # Mount using haproxy
echo "testing123!" > /testing/testing.txt    # write to a file
cat /shared/testing.txt                      # get from any node in the cluster
>>> testing123!

So the problem is that when I want to mount from OSX I get:

grodriguez:/ Guimo$ sudo mount 100.100.100.68:/ /sharedfiles
mount_nfs: can't mount / from 100.100.100.68 onto /sharedfiles: RPC prog. not avail

I know HaProxy is listening because I can do from OSX:

grodriguez:/ Guimo$ telnet 100.100.100.68 2049
Trying 100.100.100.68...
Connected to 100.100.100.68.
Escape character is '^]'.

So it connects to the service using telnet, but won't connect using nfs.

The security group is quite liberal and besides I wouldn't have connected using telnet if it didn't work. So the service is working at that port.

I read I could try and look for the mountd and nfs services but nothing. Maybe EFS is hiding them. Maybe that's why OSX complains for the missing service.

grodriguez:/ Guimo$ rpcinfo -p 100.100.100.68
program vers proto   port
100000    4   tcp    111  portmapper
100000    3   tcp    111  portmapper
100000    2   tcp    111  portmapper
100000    4   udp    111  portmapper
100000    3   udp    111  portmapper
100000    2   udp    111  portmapper
100024    1   udp  45358  status
100024    1   tcp  60755  status
100021    1   udp  43439  nlockmgr
100021    3   udp  43439  nlockmgr
100021    4   udp  43439  nlockmgr
100021    1   tcp  34893  nlockmgr
100021    3   tcp  34893  nlockmgr
100021    4   tcp  34893  nlockmgr

But still if the tunnel didn't work, why should the agents successfully connect?

BTW. I also tried the AWS way to connect, but OSX also has problems.

grodriguez:/ Guimo$ mount -t nfs4 -o nfsvers=4.1 100.100.100.68:/ /sharedfiles
mount: exec /System/Library/Filesystems/nfs4.fs/Contents/Resources/mount_nfs4 for /sharedfiles: No such file or directory

Any help appreciated.

Regards, Guimo

Edit: In case is not clear from my note below. I started a debian using docker for mac, then I installed nfs4 support in the container, then I connected to the HaProxy tunnel. All went fine and I can see my testing.txt file.

So I guess this is an OSX problem specifically and nothing to do with the solution above which is awesome.


For anyone who is looking for answers to this kind of question, the comment from Michael solved my problem.

We have direct connect to AWS and after adding the right inbound rule (TCP 2049 office subnet) to the security group, I am able to mount EFS to my local macbook.

sudo mount -t nfs -o vers=4 -o tcp -w x.x.x.x:/ efs