Terraform: How to mount EFS access point to EC2?
Question
My goal is to install some python packages on the EFS and connect it to my Lambda. Now I'm at the point were I mount EFS to the EC2 instance and install certain libraries, like numpy. The whole infrastructure is defined in Terraform.
After deployment (terraform apply) all resources are being deployed without any problems but it seems that the access point directory doesn't exist. I defined it at aws_efs_access_point setting the root directory to /access , so when I mount EFS with EC2 at /home/ubuntu/mount-point I expect that /access appears in that directory like in this example . But it's missing.
All resources are created without any exceptions, except the last one. Am I missing something?
Logs: (more detailed logs posted at the end)
- response from
cd mount-point/access:
null_resource.configure_nfs (remote-exec): /tmp/terraform_1300245673.sh: 17: cd: can't cd to access
- PermissionError when python library is being moved to non-existing directory:
null_resource.configure_nfs (remote-exec): PermissionError: [Errno 13] Permission denied: '/home/ubuntu/mount-point/access'
╷
│ Error: remote-exec provisioner error
│
│ on main.tf line 133, in resource "null_resource" "configure_nfs":
│ 133: provisioner "remote-exec" {
│
│ error executing "/tmp/terraform_1300245673.sh": Process exited with status 2
╵
I'm not quite sure if EFS is successfuly mounted. "sudo mount -t nfs4 (...)" doesn't really return any response.
Contents of main.tf :
provider "aws" {
region = var.region
}
resource "aws_default_vpc" "default" {}
resource "aws_security_group" "ec2_security_group" {
name = "ec2_security_group"
description = "Allow SSH and HTTP"
vpc_id = aws_default_vpc.default.id
ingress {
description = "SSH from VPC"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "EFS mount target"
from_port = 2049
to_port = 2049
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTP from VPC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "tls_private_key" "key" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "aws_key_pair" "generated_key" {
key_name = "ec2-efs-access-key"
public_key = tls_private_key.key.public_key_openssh
}
resource "aws_instance" "ec2-instance-with-efs" {
ami = "ami-0b1deee75235aa4bb"
security_groups = [aws_security_group.ec2_security_group.name]
instance_type = "t2.micro"
key_name = aws_key_pair.generated_key.key_name
}
resource "aws_efs_file_system" "efs" {}
resource "aws_efs_mount_target" "mount" {
file_system_id = aws_efs_file_system.efs.id
subnet_id = aws_instance.ec2-instance-with-efs.subnet_id
security_groups = [aws_security_group.ec2_security_group.id]
}
resource "aws_efs_access_point" "access-point" {
file_system_id = aws_efs_file_system.efs.id
posix_user {
gid = 1000
uid = 1000
}
root_directory {
path = "/access"
creation_info {
owner_gid = 1000
owner_uid = 1000
permissions = "0777"
}
}
}
resource "null_resource" "configure_nfs" {
depends_on = [aws_efs_mount_target.mount]
connection {
type = "ssh"
user = "ubuntu"
private_key = tls_private_key.key.private_key_pem
host = aws_instance.ec2-instance-with-efs.public_ip
}
provisioner "remote-exec" {
inline = [
"sudo apt-get update -y",
"sudo apt-get install nfs-common -y",
"sudo apt-get install python3.8 -y",
"sudo apt-get install python3-pip -y",
"python --version",
"python3 --version",
"echo ${aws_efs_file_system.efs.dns_name}",
"ls -la",
"pwd",
"sudo mkdir -p mount-point",
"ls -la",
"sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport ${aws_efs_file_system.efs.dns_name}:/ mount-point",
"ls",
"cd mount-point",
"ls",
"cd access",
"sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1",
"sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 2",
"printf '2\n' | sudo update-alternatives --config python3",
"pwd",
"ls -la",
"echo 'Python version:'",
"python3 --version",
"pip3 install --upgrade --target access/ numpy --system"
]
}
}
Logs:
Plan: 10 to add, 0 to change, 0 to destroy.
tls_private_key.key: Creating...
aws_default_vpc.default: Creating...
aws_efs_file_system.efs: Creating...
tls_private_key.key: Creation complete after 3s [id=80dd2cd196b9f026cf21076666e718ae75e6802d]
aws_key_pair.generated_key: Creating...
aws_key_pair.generated_key: Creation complete after 0s [id=ec2-efs-access-key]
aws_efs_file_system.efs: Creation complete after 6s [id=fs-91f47fca]
aws_efs_access_point.access-point: Creating...
aws_efs_access_point.access-point: Creation complete after 2s [id=fsap-0515864194da07104]
aws_default_vpc.default: Still creating... [10s elapsed]
aws_default_vpc.default: Creation complete after 13s [id=vpc-a7b5dbcd]
aws_security_group.ec2_security_group: Creating...
aws_security_group.ec2_security_group: Creation complete after 3s [id=sg-0dacec217adacc3dd]
aws_instance.ec2-instance-with-efs: Creating...
...
aws_instance.ec2-instance-with-efs: Creation complete after 34s [id=i-0078c219f3e6e58e1]
aws_efs_mount_target.mount: Creating...
...
aws_efs_mount_target.mount: Still creating... [1m20s elapsed]
aws_efs_mount_target.mount: Creation complete after 1m25s [id=fsmt-85ae45dd]
null_resource.configure_nfs: Creating...
null_resource.configure_nfs: Provisioning with 'remote-exec'...
null_resource.configure_nfs (remote-exec): Connecting to remote host via SSH...
null_resource.configure_nfs (remote-exec): Host: 18.195.16.239
null_resource.configure_nfs (remote-exec): User: ubuntu
null_resource.configure_nfs (remote-exec): Password: false
null_resource.configure_nfs (remote-exec): Private key: true
null_resource.configure_nfs (remote-exec): Certificate: false
null_resource.configure_nfs (remote-exec): SSH Agent: false
null_resource.configure_nfs (remote-exec): Checking Host Key: false
null_resource.configure_nfs (remote-exec): Target Platform: unix
null_resource.configure_nfs (remote-exec): Connected!
null_resource.configure_nfs (remote-exec): /tmp/terraform_1300245673.sh: 6: /tmp/terraform_1300245673.sh: python: not found
null_resource.configure_nfs (remote-exec): Python 3.6.9
null_resource.configure_nfs (remote-exec): fs-81x47xca.efs.eu-central-1.amazonaws.com
null_resource.configure_nfs (remote-exec): total 32
null_resource.configure_nfs (remote-exec): drwxr-xr-x 5 ubuntu ubuntu 4096 Oct 7 20:25 .
null_resource.configure_nfs (remote-exec): drwxr-xr-x 3 root root 4096 Oct 7 20:24 ..
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 220 Apr 4 2018 .bash_logout
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 3771 Apr 4 2018 .bashrc
null_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct 7 20:25 .cache
null_resource.configure_nfs (remote-exec): drwx------ 3 ubuntu ubuntu 4096 Oct 7 20:25 .gnupg
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 807 Apr 4 2018 .profile
null_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct 7 20:24 .ssh
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 0 Oct 7 20:25 .sudo_as_admin_successful
null_resource.configure_nfs (remote-exec): /home/ubuntu
null_resource.configure_nfs (remote-exec): total 36
null_resource.configure_nfs (remote-exec): drwxr-xr-x 6 ubuntu ubuntu 4096 Oct 7 20:26 .
null_resource.configure_nfs (remote-exec): drwxr-xr-x 3 root root 4096 Oct 7 20:24 ..
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 220 Apr 4 2018 .bash_logout
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 3771 Apr 4 2018 .bashrc
null_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct 7 20:25 .cache
null_resource.configure_nfs (remote-exec): drwx------ 3 ubuntu ubuntu 4096 Oct 7 20:25 .gnupg
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 807 Apr 4 2018 .profile
null_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct 7 20:24 .ssh
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 0 Oct 7 20:25 .sudo_as_admin_successful
null_resource.configure_nfs (remote-exec): drwxr-xr-x 2 root root 4096 Oct 7 20:26 mount-point
null_resource.configure_nfs (remote-exec): mount-point
null_resource.configure_nfs (remote-exec): /tmp/terraform_1300245673.sh: 17: cd: can't cd to access
null_resource.configure_nfs (remote-exec): update-alternatives: using /usr/bin/python3.6 to provide /usr/bin/python3 (python3) in auto mode
null_resource.configure_nfs (remote-exec): update-alternatives: using /usr/bin/python3.8 to provide /usr/bin/python3 (python3) in auto mode
null_resource.configure_nfs (remote-exec): There are 2 choices for the alternative python3 (providing /usr/bin/python3).
null_resource.configure_nfs (remote-exec): Selection Path Priority Status
null_resource.configure_nfs (remote-exec): ------------------------------------------------------------
null_resource.configure_nfs (remote-exec): * 0 /usr/bin/python3.8 2 auto mode
null_resource.configure_nfs (remote-exec): 1 /usr/bin/python3.6 1 manual mode
null_resource.configure_nfs (remote-exec): 2 /usr/bin/python3.8 2 manual mode
null_resource.configure_nfs (remote-exec): Press <enter> to keep the current choice[*], or type selection number: /home/ubuntu/mount-point
null_resource.configure_nfs (remote-exec): total 8
null_resource.configure_nfs (remote-exec): drwxr-xr-x 2 root root 6144 Oct 7 20:23 .
null_resource.configure_nfs (remote-exec): drwxr-xr-x 6 ubuntu ubuntu 4096 Oct 7 20:26 ..
null_resource.configure_nfs (remote-exec): Python version:
null_resource.configure_nfs (remote-exec): Python 3.8.0
null_resource.configure_nfs (remote-exec): Collecting numpy
null_resource.configure_nfs (remote-exec): Downloading https://files.pythonhosted.org/packages/18/d3/0b5dbf3dd99f6a645612dc8cd78c633130139d98afb5303a3ce09723609b/numpy-1.21.2-cp38-cp38-
manylinux_2_5_x86_64.manylinux1_x86_64.whl (14.1MB)
null_resource.configure_nfs (remote-exec): 100% |████████████████████████████████| 14.1MB 96kB/s
null_resource.configure_nfs (remote-exec): Installing collected packages: numpy
null_resource.configure_nfs (remote-exec): Successfully installed numpy-1.21.2
null_resource.configure_nfs (remote-exec): Exception:
null_resource.configure_nfs (remote-exec): Traceback (most recent call last):
null_resource.configure_nfs (remote-exec): File "/usr/lib/python3/dist-packages/pip/basecommand.py", line 215, in main
null_resource.configure_nfs (remote-exec): status = self.run(options, args)
null_resource.configure_nfs (remote-exec): File "/usr/lib/python3/dist-packages/pip/commands/install.py", line 406, in run
null_resource.configure_nfs (remote-exec): ensure_dir(options.target_dir)
null_resource.configure_nfs (remote-exec): File "/usr/lib/python3/dist-packages/pip/utils/__init__.py", line 83, in ensure_dir
null_resource.configure_nfs (remote-exec): os.makedirs(path)
null_resource.configure_nfs (remote-exec): File "/usr/lib/python3.8/os.py", line 221, in makedirs
null_resource.configure_nfs (remote-exec): mkdir(name, mode)
null_resource.configure_nfs (remote-exec): PermissionError: [Errno 13] Permission denied: '/home/ubuntu/mount-point/access'
╷
│ Error: remote-exec provisioner error
│
│ on main.tf line 133, in resource "null_resource" "configure_nfs":
│ 133: provisioner "remote-exec" {
│
│ error executing "/tmp/terraform_1300245673.sh": Process exited with status 2
╵
1 answers
solution1
3 ACCPTED 2021-10-10 10:51:51
The error is because you setup your mount point for root only , while you try to access it as ubuntu user, as I wrote in the comments. To fix that add sudo chown ubuntu.ubuntu mount-point which gives ownership of mount-point to ubuntu . Also folder access does not exist by itself as it is created at the EFS level, not instance level. Thus it should be:
resource "null_resource" "configure_nfs" {
depends_on = [aws_efs_access_point.access-point, aws_efs_mount_target.mount]
connection {
type = "ssh"
user = "ubuntu"
private_key = tls_private_key.key.private_key_pem
host = aws_instance.ec2-instance-with-efs.public_ip
}
provisioner "remote-exec" {
inline = [
"sudo apt-get update -y",
"sudo apt-get install nfs-common -y",
"sudo apt-get install python3.8 -y",
"sudo apt-get install python3-pip -y",
"python --version",
"python3 --version",
"echo ${aws_efs_file_system.efs.dns_name}",
"ls -la",
"pwd",
"sudo mkdir -p mount-point",
"ls -la",
"sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport ${aws_efs_file_system.efs.dns_name}:/ mount-point",
"ls",
"sudo chown -R ubuntu.ubuntu mount-point",
"cd mount-point",
"ls",
"mkdir access",
"sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1",
"sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 2",
"printf '2\n' | sudo update-alternatives --config python3",
"pwd",
"ls -la",
"echo 'Python version:'",
"python3 --version",
"pip3 install --upgrade --target ./access/ numpy --system"
]
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to mount the AWS EFS with EC2 on different availability zone?
Unable to mount EFS on EC2 instance
AWS EFS Access Point mount
How to attach and mount an EFS to my EC2 instance using AWS CDK
AWS EC2 user data - how to debug failed EFS mount failure
Python Permission error when running EC2 EFS mount helper
Can Windows Server 2016 EC2 mount EFS?
Failed to Mount some EFS file system on Some EC2 ASG
How to configure permissions between EFS and EC2
How to access and mount Amazon public dataset to EC2
Related Tags