filiphagan
Reputation: 304
Terraform: How to mount EFS access point to EC2?
My goal is to install some python packages on the EFS and connect it to my Lambda. Now I'm at the point were I mount EFS to the EC2 instance and install certain libraries, like numpy. The whole infrastructure is defined in Terraform.
After deployment (terraform apply) all resources are being deployed without any problems but it seems that the access point directory doesn't exist. I defined it at aws_efs_access_point setting the root directory to /access, so when I mount EFS with EC2 at /home/ubuntu/mount-point I expect that /access appears in that directory like in this example. But it's missing.
All resources are created without any exceptions, except the last one. Am I missing something?
Logs: (more detailed logs posted at the end)
- response from
cd mount-point/access:
null_resource.configure_nfs (remote-exec): /tmp/terraform_1300245673.sh: 17: cd: can't cd to access
- PermissionError when python library is being moved to non-existing directory:
null_resource.configure_nfs (remote-exec): PermissionError: [Errno 13] Permission denied: '/home/ubuntu/mount-point/access'
╷
│ Error: remote-exec provisioner error
│
│ on main.tf line 133, in resource "null_resource" "configure_nfs":
│ 133: provisioner "remote-exec" {
│
│ error executing "/tmp/terraform_1300245673.sh": Process exited with status 2
╵
I'm not quite sure if EFS is successfuly mounted. "sudo mount -t nfs4 (...)" doesn't really return any response.
Contents of main.tf:
provider "aws" {
region = var.region
}
resource "aws_default_vpc" "default" {}
resource "aws_security_group" "ec2_security_group" {
name = "ec2_security_group"
description = "Allow SSH and HTTP"
vpc_id = aws_default_vpc.default.id
ingress {
description = "SSH from VPC"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "EFS mount target"
from_port = 2049
to_port = 2049
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTP from VPC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "tls_private_key" "key" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "aws_key_pair" "generated_key" {
key_name = "ec2-efs-access-key"
public_key = tls_private_key.key.public_key_openssh
}
resource "aws_instance" "ec2-instance-with-efs" {
ami = "ami-0b1deee75235aa4bb"
security_groups = [aws_security_group.ec2_security_group.name]
instance_type = "t2.micro"
key_name = aws_key_pair.generated_key.key_name
}
resource "aws_efs_file_system" "efs" {}
resource "aws_efs_mount_target" "mount" {
file_system_id = aws_efs_file_system.efs.id
subnet_id = aws_instance.ec2-instance-with-efs.subnet_id
security_groups = [aws_security_group.ec2_security_group.id]
}
resource "aws_efs_access_point" "access-point" {
file_system_id = aws_efs_file_system.efs.id
posix_user {
gid = 1000
uid = 1000
}
root_directory {
path = "/access"
creation_info {
owner_gid = 1000
owner_uid = 1000
permissions = "0777"
}
}
}
resource "null_resource" "configure_nfs" {
depends_on = [aws_efs_mount_target.mount]
connection {
type = "ssh"
user = "ubuntu"
private_key = tls_private_key.key.private_key_pem
host = aws_instance.ec2-instance-with-efs.public_ip
}
provisioner "remote-exec" {
inline = [
"sudo apt-get update -y",
"sudo apt-get install nfs-common -y",
"sudo apt-get install python3.8 -y",
"sudo apt-get install python3-pip -y",
"python --version",
"python3 --version",
"echo ${aws_efs_file_system.efs.dns_name}",
"ls -la",
"pwd",
"sudo mkdir -p mount-point",
"ls -la",
"sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport ${aws_efs_file_system.efs.dns_name}:/ mount-point",
"ls",
"cd mount-point",
"ls",
"cd access",
"sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1",
"sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 2",
"printf '2\n' | sudo update-alternatives --config python3",
"pwd",
"ls -la",
"echo 'Python version:'",
"python3 --version",
"pip3 install --upgrade --target access/ numpy --system"
]
}
}
Logs:
Plan: 10 to add, 0 to change, 0 to destroy.
tls_private_key.key: Creating...
aws_default_vpc.default: Creating...
aws_efs_file_system.efs: Creating...
tls_private_key.key: Creation complete after 3s [id=80dd2cd196b9f026cf21076666e718ae75e6802d]
aws_key_pair.generated_key: Creating...
aws_key_pair.generated_key: Creation complete after 0s [id=ec2-efs-access-key]
aws_efs_file_system.efs: Creation complete after 6s [id=fs-91f47fca]
aws_efs_access_point.access-point: Creating...
aws_efs_access_point.access-point: Creation complete after 2s [id=fsap-0515864194da07104]
aws_default_vpc.default: Still creating... [10s elapsed]
aws_default_vpc.default: Creation complete after 13s [id=vpc-a7b5dbcd]
aws_security_group.ec2_security_group: Creating...
aws_security_group.ec2_security_group: Creation complete after 3s [id=sg-0dacec217adacc3dd]
aws_instance.ec2-instance-with-efs: Creating...
...
aws_instance.ec2-instance-with-efs: Creation complete after 34s [id=i-0078c219f3e6e58e1]
aws_efs_mount_target.mount: Creating...
...
aws_efs_mount_target.mount: Still creating... [1m20s elapsed]
aws_efs_mount_target.mount: Creation complete after 1m25s [id=fsmt-85ae45dd]
null_resource.configure_nfs: Creating...
null_resource.configure_nfs: Provisioning with 'remote-exec'...
null_resource.configure_nfs (remote-exec): Connecting to remote host via SSH...
null_resource.configure_nfs (remote-exec): Host: 18.195.16.239
null_resource.configure_nfs (remote-exec): User: ubuntu
null_resource.configure_nfs (remote-exec): Password: false
null_resource.configure_nfs (remote-exec): Private key: true
null_resource.configure_nfs (remote-exec): Certificate: false
null_resource.configure_nfs (remote-exec): SSH Agent: false
null_resource.configure_nfs (remote-exec): Checking Host Key: false
null_resource.configure_nfs (remote-exec): Target Platform: unix
null_resource.configure_nfs (remote-exec): Connected!
null_resource.configure_nfs (remote-exec): /tmp/terraform_1300245673.sh: 6: /tmp/terraform_1300245673.sh: python: not found
null_resource.configure_nfs (remote-exec): Python 3.6.9
null_resource.configure_nfs (remote-exec): fs-81x47xca.efs.eu-central-1.amazonaws.com
null_resource.configure_nfs (remote-exec): total 32
null_resource.configure_nfs (remote-exec): drwxr-xr-x 5 ubuntu ubuntu 4096 Oct 7 20:25 .
null_resource.configure_nfs (remote-exec): drwxr-xr-x 3 root root 4096 Oct 7 20:24 ..
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 220 Apr 4 2018 .bash_logout
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 3771 Apr 4 2018 .bashrc
null_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct 7 20:25 .cache
null_resource.configure_nfs (remote-exec): drwx------ 3 ubuntu ubuntu 4096 Oct 7 20:25 .gnupg
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 807 Apr 4 2018 .profile
null_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct 7 20:24 .ssh
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 0 Oct 7 20:25 .sudo_as_admin_successful
null_resource.configure_nfs (remote-exec): /home/ubuntu
null_resource.configure_nfs (remote-exec): total 36
null_resource.configure_nfs (remote-exec): drwxr-xr-x 6 ubuntu ubuntu 4096 Oct 7 20:26 .
null_resource.configure_nfs (remote-exec): drwxr-xr-x 3 root root 4096 Oct 7 20:24 ..
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 220 Apr 4 2018 .bash_logout
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 3771 Apr 4 2018 .bashrc
null_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct 7 20:25 .cache
null_resource.configure_nfs (remote-exec): drwx------ 3 ubuntu ubuntu 4096 Oct 7 20:25 .gnupg
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 807 Apr 4 2018 .profile
null_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct 7 20:24 .ssh
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 0 Oct 7 20:25 .sudo_as_admin_successful
null_resource.configure_nfs (remote-exec): drwxr-xr-x 2 root root 4096 Oct 7 20:26 mount-point
null_resource.configure_nfs (remote-exec): mount-point
null_resource.configure_nfs (remote-exec): /tmp/terraform_1300245673.sh: 17: cd: can't cd to access
null_resource.configure_nfs (remote-exec): update-alternatives: using /usr/bin/python3.6 to provide /usr/bin/python3 (python3) in auto mode
null_resource.configure_nfs (remote-exec): update-alternatives: using /usr/bin/python3.8 to provide /usr/bin/python3 (python3) in auto mode
null_resource.configure_nfs (remote-exec): There are 2 choices for the alternative python3 (providing /usr/bin/python3).
null_resource.configure_nfs (remote-exec): Selection Path Priority Status
null_resource.configure_nfs (remote-exec): ------------------------------------------------------------
null_resource.configure_nfs (remote-exec): * 0 /usr/bin/python3.8 2 auto mode
null_resource.configure_nfs (remote-exec): 1 /usr/bin/python3.6 1 manual mode
null_resource.configure_nfs (remote-exec): 2 /usr/bin/python3.8 2 manual mode
null_resource.configure_nfs (remote-exec): Press <enter> to keep the current choice[*], or type selection number: /home/ubuntu/mount-point
null_resource.configure_nfs (remote-exec): total 8
null_resource.configure_nfs (remote-exec): drwxr-xr-x 2 root root 6144 Oct 7 20:23 .
null_resource.configure_nfs (remote-exec): drwxr-xr-x 6 ubuntu ubuntu 4096 Oct 7 20:26 ..
null_resource.configure_nfs (remote-exec): Python version:
null_resource.configure_nfs (remote-exec): Python 3.8.0
null_resource.configure_nfs (remote-exec): Collecting numpy
null_resource.configure_nfs (remote-exec): Downloading https://files.pythonhosted.org/packages/18/d3/0b5dbf3dd99f6a645612dc8cd78c633130139d98afb5303a3ce09723609b/numpy-1.21.2-cp38-cp38-
manylinux_2_5_x86_64.manylinux1_x86_64.whl (14.1MB)
null_resource.configure_nfs (remote-exec): 100% |████████████████████████████████| 14.1MB 96kB/s
null_resource.configure_nfs (remote-exec): Installing collected packages: numpy
null_resource.configure_nfs (remote-exec): Successfully installed numpy-1.21.2
null_resource.configure_nfs (remote-exec): Exception:
null_resource.configure_nfs (remote-exec): Traceback (most recent call last):
null_resource.configure_nfs (remote-exec): File "/usr/lib/python3/dist-packages/pip/basecommand.py", line 215, in main
null_resource.configure_nfs (remote-exec): status = self.run(options, args)
null_resource.configure_nfs (remote-exec): File "/usr/lib/python3/dist-packages/pip/commands/install.py", line 406, in run
null_resource.configure_nfs (remote-exec): ensure_dir(options.target_dir)
null_resource.configure_nfs (remote-exec): File "/usr/lib/python3/dist-packages/pip/utils/__init__.py", line 83, in ensure_dir
null_resource.configure_nfs (remote-exec): os.makedirs(path)
null_resource.configure_nfs (remote-exec): File "/usr/lib/python3.8/os.py", line 221, in makedirs
null_resource.configure_nfs (remote-exec): mkdir(name, mode)
null_resource.configure_nfs (remote-exec): PermissionError: [Errno 13] Permission denied: '/home/ubuntu/mount-point/access'
╷
│ Error: remote-exec provisioner error
│
│ on main.tf line 133, in resource "null_resource" "configure_nfs":
│ 133: provisioner "remote-exec" {
│
│ error executing "/tmp/terraform_1300245673.sh": Process exited with status 2
╵
Upvotes: 5
Views: 7675
Answers (1)
Marcin
Reputation: 238407
The error is because you setup your mount point for root only, while you try to access it as ubuntu user, as I wrote in the comments. To fix that add sudo chown ubuntu.ubuntu mount-point which gives ownership of mount-point to ubuntu. Also folder access does not exist by itself as it is created at the EFS level, not instance level. Thus it should be:
resource "null_resource" "configure_nfs" {
depends_on = [aws_efs_access_point.access-point, aws_efs_mount_target.mount]
connection {
type = "ssh"
user = "ubuntu"
private_key = tls_private_key.key.private_key_pem
host = aws_instance.ec2-instance-with-efs.public_ip
}
provisioner "remote-exec" {
inline = [
"sudo apt-get update -y",
"sudo apt-get install nfs-common -y",
"sudo apt-get install python3.8 -y",
"sudo apt-get install python3-pip -y",
"python --version",
"python3 --version",
"echo ${aws_efs_file_system.efs.dns_name}",
"ls -la",
"pwd",
"sudo mkdir -p mount-point",
"ls -la",
"sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport ${aws_efs_file_system.efs.dns_name}:/ mount-point",
"ls",
"sudo chown -R ubuntu.ubuntu mount-point",
"cd mount-point",
"ls",
"mkdir access",
"sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1",
"sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 2",
"printf '2\n' | sudo update-alternatives --config python3",
"pwd",
"ls -la",
"echo 'Python version:'",
"python3 --version",
"pip3 install --upgrade --target ./access/ numpy --system"
]
}
}
Upvotes: 5
Related Questions
- How do I create a folder on EFS?
- How to create EFS in Multi-AZ with Terraform
- How to mount a ebs_block_device using Terraform?
- Terraform: Dynamically Create AWS EFS Mount Targets
- terraform - mount EFS to ECS fargate: No such file or directory
- Unable to mount an EFS volume on an ECS task definition container using Terraform
- Terraform and ElasticBeanstalk. How do I mount a EFS in EC2 when EC2 is spun up by elasticbeanstalk?
- Add efs volume to ecs fargate
- In Terraform aws_ecs_task_definition how do I define bind mount in the volume section
- How to add EBS volume to ECS instance in Terraform