Error when mounting FSx for ONTAP file system - mount.nfs: Failed to resolve server ... Name or service not known ... Operation already in progress

0

I followed the documentation as to how to mount the file system on an Amazon Linux EC2 instance: https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/getting-started-step2.html

$ sudo mkdir /fsx $ sudo mount -t nfs -o nfsvers=3 svm-abcdef1234567890c.fs-012345abcdef6789b.fsx.us-east-2.amazonaws.com:/vol1 /fsx

These are the errors: mount.nfs: Failed to resolve server svm-abcdef1234567890c.fs-012345abcdef6789b.fsx.us-east-2.amazonaws.com: Name or service not known mount.nfs: Operation already in progress

I suspect it may be a security issue. The FSx file system is in the same VPC as the EC2 instance. I believe the security group associated with the EC2 instance has all the right Inbound TCP and UDF rules. I found this in the Troubleshooting documentation:

You can't access your file system The file system's security group lacks the required inbound rules

But it is not obvious to me how I associate a security group to the file system. I am not sure that this is even my issue.

asked a year ago1262 views
3 Answers
3

I will suggest reviewing the inbound rules specified in your VPC security group, and make sure that the security group associated with your file system has the corresponding inbound rules. https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/limit-access-security-groups.html#create-security-group

AWS
bodep
answered a year ago
profile picture
EXPERT
reviewed 3 months ago
0

Thank you @AWS-User-1542197 for the helpful clue. I had a well configured security group with all the right rules, with consistent VPC and subnet, but the security group needed to be "associated with the file system" in the right way.

Navigating to FSx > File Systems > [my file system] ... at the bottom of the page, under "Network interface", I found two elastic network interfaces associated with my file system. Accessing each one of those ENIs (EC2 > Network interfaces > [eni-...], I went to Actions > Change security groups. I removed the "default" security group that was there and added my own security group with all the right inbound and outbound rules.

For the mount command over on my EC2 instance, I could not get the DNS name to work (error: "Name or service not known"). Presumably a DNS lookup problem. Ping didn't work either. The NFS DNS name and IP address were found here: FSx > File Systems > [my file system] > Storage virtual machines > [my SVM] > Endpoints > [my NFS DNS name] and [my NFS IP address]

$ sudo mount -t nfs -o nfsvers=4.1 svm-abcdef1234567890c.fs-012345abcdef6789b.fsx.us-east-2.amazonaws.com:/vol1 /fsxN $ mount.nfs: Failed to resolve server svm-abcdef1234567890c.fs-012345abcdef6789b.fsx.us-east-2.amazonaws.com: Name or service not known

However, using the NFS IP address worked.

$ sudo mount -t nfs -o nfsvers=4.1 [my NFS IP address]:/vol1 /fsxN $

answered a year ago
profile picture
EXPERT
reviewed 3 months ago
-1

"Ensure that there's an Amazon EFS mount target in the same Availability Zone as the Amazon EC2 instance" https://docs.aws.amazon.com/efs/latest/ug/troubleshooting-efs-mounting.html#mount-fails-dns-name

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions