- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
I found this code in efs_utils. It seems like this code is looking for instance metadata service on codebuild. Maybe it cannot find that in docker?
https://github.com/aws/efs-utils/blob/master/src/mount_efs/init.py#L130
I found 2 problems and changed code to work around those problems.
- in ap-south-1, codebuild does not support ap-south-1c AZ, hence one of my mount points was probably not good for Codebuild.
- efs-utils codebase makes an instance metadata lookup for finding current region. Not sure whether or not Codebuild supports instance metadata lookup.
To work around: I deleted the EFS mountpoint in ap-south-1c that codebuild does not support and switched to nfs-utils instead of efs-utils.
Now, my setup works.
I am disappointed about the snowflakish variation that ap-south-1c is not supported. How will I account for that in my automation? I will need to code in such one off exclusions. No?
I opened a bug on efs-utils for them to fix the instance metadata lookup.
https://github.com/aws/efs-utils/issues/37
Of the two changes you made, it's likely #2 is the only one that made a difference. When you mount an EFS file system via DNS, Route53 will return the IP address for the mount target in the same AZ as the client. If there is no mount target in the local AZ the mount will fail in order to avoid cross-az network charges. However, there is no problem with mount targets in extra AZs, they will simply be ignored by your client.
The EFS mount helper forms the DNS name using the file system id and local region, with the latter looked up in EC2 instance metadata. Since your codebuild instance is running inside a container, and the metadata URL is different than with traditional EC2, this call is failing. As a workaround, you can edit the EFS mount helper configuration file (/etc/amazon/efs/efs-utils.conf) and hardcode region in the line that defines DNS name format:
dns_name_format = {fs_id}.efs.{region}.amazonaws.com
One reason you may decide to try this rather than using nfs-utils is if you want to take advantage of TLS encryption, IAM authorization, or EFS Access Points.
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa