Here's the problem (best I can tell)
Standard mount command for AWS EFS is just a typical NFS mount (example):
/usr/bin/mount -t nfs4 -o nfsvers=4.1 fs-xxxxxxxx.efs.us-west-2.amazonaws.com:/ /import
I'm able to mount the EFS from CLI without any issues.
Webmin Disk and network filesystems can see the mount just fine (see attached):
Screenshot detailing the issues with mount here
However, if i try to "save" the mount in webmin, i get the following error: Failed to save mount : The host 'fs-xxxxxxxx.efs.us-west-2.amazonaws.com' is down
Looking into the script /usr/libexec/webmin/mount/linux-lib.pl around line 1639 I see it's checking the validity of the mount with with showmount and ping.
# check_location(type)
# Parse and check inputs from %in, calling &error() if something is wrong.
# Returns the location string for storing in the fstab file
sub check_location
{
if (($_[0] eq "nfs") || ($_[0] eq "nfs4")) {
local($out, $temp, $mout, $dirlist, @dirlist);
if (&has_command("showmount")) {
# Use ping and showmount to see if the host exists and is up
if ($in{nfs_host} !~ /^\S+$/) {
&error(&text('linux_ehost', $in{'nfs_host'}));
}
$out = &backquote_command("ping -c 1 '$in{nfs_host}' 2>&1");
if ($out =~ /unknown host/) {
&error(&text('linux_ehost2', $in{'nfs_host'}));
}
elsif ($out =~ /100\% packet loss/) {
&error(&text('linux_edown', $in{'nfs_host'}));
}
$out = &backquote_command("showmount -e '$in{nfs_host}' 2>&1");
if ($out =~ /Unable to receive/) {
&error(&text('linux_enfs', $in{'nfs_host'}));
}
elsif ($?) {
&error(&text('linux_elist', $out));
}
The problem - amazon EFS does not respond to showmount or EFS (it appears they block both on their end and no way to change that). My best guess is Amazon figures "hey, you made the EFS, you should damn well know what's in it so we're not going to let people probe our EFS system for info"
An additional problem, is webmin doesn't have an option to specify nfsvers=4.1 and it also forces a selection for security method. EFS will fallback to 4.0 compatibility, but 4.1 is preferred. And the security method isn't one recognized by webmin (probably because EFS is a private network system that uses amazons IAM user authentication when mounting from outside of amazon).
So - does anyone have a suggestion as to how I can save this mount in webmin Disk and Network filesystems so that I can easily enable/disable the mount from within webmin when needed? I don't mind creating the initial mount from CLI...but i would really like to be able to save that mount in webmin, and have one click access to enable/disable as needed.
Or is the only solution to get this working is webmin needs a patch to let the user choose to skip the checks?
P.S. The main reason for doing this, is i can use EFS as the /home directory which allows redundant protection and redundancy across availability zones. But if apache starts before the file system is mounted, then apache can't start automatically at boot and must be started manually after book. If i add it to the disc and files system, I can set to priority to mount.
Comments
Submitted by JamieCameron on Sat, 07/08/2017 - 10:55 Comment #1
Interesting, I didn't know that an NFS server could block
showmount
. What output do you get if you runshowmount -e fs-xxxxxxxx.efs.us-west-2.amazonaws.com
from your server?Regarding NFS v4.1, I will add support for that as an option in the next Webmin release.
Submitted by h2ojunkie on Sun, 07/09/2017 - 17:26 Comment #2
Here you can see it's currently mounted and operating fine:
[root@production ~]# /etc/init.d/efsmount status fs-xxxxxxxx.efs.us-west-2.amazonaws.com:/ /import nfs4 rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=xxx.xxx.xxx.xxx,local_lock=none,addr=xxx.xxx.xxx.xxx 0 0
And here's the return from showmount command: [root@production ~]# showmount -e fs-xxxxxxxx.efs.us-west-2.amazonaws.com clnt_create: RPC: Port mapper failure - Timed out [root@production ~]#
Submitted by JamieCameron on Sun, 07/09/2017 - 20:31 Comment #3
What I'll do to resolve this is add an option on the module configuration page to control whether
showmount
is used to check the remote NFS server or not. I think it makes sense for this to be on by default, because a mount attempt to a down or unreachable NFS server can be really slow due to the way the protocol works ... but in cases like yours, I can see why you'd want to turn off the check.Submitted by JamieCameron on Sun, 07/09/2017 - 20:31 Comment #4
Submitted by h2ojunkie on Sun, 07/09/2017 - 22:08 Comment #5
I agree. It makes sense for the check to be in there by default. Certainly in most cases it would apply and be useful to most users. The option to bypass the showmount & ping check would certainly be best served as an optional switch to bypass. I did give a quick try at bypassing just the check in the code when I noticed it took me down a rabbit hole of other functions that were dependent on that running before saving a mount. Otherwise, I would have attempted to provide a direct fix myself. I was concerned there was enough other stuff going on that I may not be aware of that it seemed best to just report the facts of this bug and leave it to someone familiar with the full code dependencies.
Maybe (as aa thought). You could just add a new option for EFS to the drop down menu when selecting the mount type. Of course, that would also box you in to just amazon's EFS, and might not be as versatile as just having the option to bypass the check.
Submitted by JamieCameron on Mon, 07/10/2017 - 19:12 Comment #6
EFS is just accessed via NFS though, right? It's not actually a different type of filesystem?
Submitted by h2ojunkie on Mon, 07/10/2017 - 19:38 Comment #7
Correct. There's really nothing special about. Just a typical NFS system with essentially infinite redundant storage.
Mounts pretty much like any other NFS: Here's a direct copy/paste of Amazon's official recommended mount parameters:
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-xxxxxxxx.efs.us-west-2.amazonaws.com:/ efs
https://www.screencast.com/t/EzkQl1Xw
Submitted by h2ojunkie on Tue, 07/11/2017 - 01:15 Comment #8
I forgot to mention. Whenever you do get a chance to patch this, if you link me the patch I'll test it out and report back.
In the mean time I've worked around it with a custom serviced and setting apache to have the custom service as an After option (so apache won't start until the mount is available)
Submitted by JamieCameron on Tue, 07/11/2017 - 14:39 Comment #9
The patch is here : https://github.com/webmin/webmin/commit/8396e71c960a11caa39d9dd915ccaa59...
Submitted by h2ojunkie on Wed, 07/12/2017 - 00:26 Comment #10
I will apply tomorrow and report back. Thanks
Submitted by h2ojunkie on Wed, 07/12/2017 - 23:04 Comment #11
Worked like a charm!
PS. I got a nice chuckle about the "suppport " typo fix that was in the same file. Mostly because I thought to myself... Hell.. Support is so good you deserve an extra S. lol
Submitted by IssueBot on Wed, 07/26/2017 - 23:07 Comment #12
Automatically closed - issue fixed for 2 weeks with no activity.