1. ホーム
  2. amazon-web-services

[解決済み] Terraformです。EFSアクセスポイントをEC2にマウントするには?

2022-02-07 14:09:51

質問

私の目標は、EFSにいくつかのPythonパッケージをインストールし、それを私のLambdaに接続することです。現在、私はEC2インスタンスにEFSをマウントし、numpyのような特定のライブラリをインストールする段階にいます。インフラ全体はTerraformで定義しています。

デプロイ(terraform apply)後、全てのリソースは問題なくデプロイされているのですが、アクセスポイントのディレクトリが存在しないようです。私はそれを aws_efs_access_point を設定し、ルートディレクトリを /access にEC2でEFSをマウントした場合、そのEFSは /home/ubuntu/mount-point 私は /access のように、そのディレクトリに表示されます。 この例では . しかし、それは行方不明です。

最後の1つを除いて、すべてのリソースが例外なく作成されます。何か見落としているのでしょうか?

ログを見る (詳細なログは最後に掲載します)

  1. からの応答 cd mount-point/access :
null_resource.configure_nfs (remote-exec): /tmp/terraform_1300245673.sh: 17: cd: can't cd to access

  1. Python ライブラリを存在しないディレクトリに移動しようとすると PermissionError が発生します。
null_resource.configure_nfs (remote-exec): PermissionError: [Errno 13] Permission denied: '/home/ubuntu/mount-point/access'
╷
│ Error: remote-exec provisioner error
│
│   on main.tf line 133, in resource "null_resource" "configure_nfs":
│  133:   provisioner "remote-exec" {
│
│ error executing "/tmp/terraform_1300245673.sh": Process exited with status 2
╵

sudo mount -t nfs4 (...)"では、何も応答がありません。

の内容 main.tf :

provider "aws" {
  region = var.region
}

resource "aws_default_vpc" "default" {}

resource "aws_security_group" "ec2_security_group" {
  name        = "ec2_security_group"
  description = "Allow SSH and HTTP"
  vpc_id      = aws_default_vpc.default.id
  ingress {
    description = "SSH from VPC"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    }
  ingress {
    description = "EFS mount target"
    from_port   = 2049
    to_port     = 2049
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    }
  ingress {
    description = "HTTP from VPC"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "tls_private_key" "key" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "aws_key_pair" "generated_key" {
  key_name   = "ec2-efs-access-key"
  public_key = tls_private_key.key.public_key_openssh
}

resource "aws_instance" "ec2-instance-with-efs" {
  ami                    = "ami-0b1deee75235aa4bb"
  security_groups = [aws_security_group.ec2_security_group.name]
  instance_type          = "t2.micro"

  key_name = aws_key_pair.generated_key.key_name
}

resource "aws_efs_file_system" "efs" {}

resource "aws_efs_mount_target" "mount" {
  file_system_id = aws_efs_file_system.efs.id
  subnet_id      = aws_instance.ec2-instance-with-efs.subnet_id
  security_groups = [aws_security_group.ec2_security_group.id]
}

resource "aws_efs_access_point" "access-point" {
  file_system_id = aws_efs_file_system.efs.id

  posix_user {
    gid = 1000
    uid = 1000
  }

  root_directory {
    path = "/access"
    creation_info {
      owner_gid   = 1000
      owner_uid   = 1000
      permissions = "0777"
    }
  }
}

resource "null_resource" "configure_nfs" {
  depends_on = [aws_efs_mount_target.mount]
  connection {
    type     = "ssh"
    user     = "ubuntu"
    private_key = tls_private_key.key.private_key_pem
    host     = aws_instance.ec2-instance-with-efs.public_ip
  }
  provisioner "remote-exec" {
    inline = [
      "sudo apt-get update -y",
      "sudo apt-get install nfs-common -y",
      "sudo apt-get install python3.8 -y",
      "sudo apt-get install python3-pip -y",
      "python --version",
      "python3 --version",
      "echo ${aws_efs_file_system.efs.dns_name}",
      "ls -la",
      "pwd",
      "sudo mkdir -p mount-point",
      "ls -la",
      "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport ${aws_efs_file_system.efs.dns_name}:/ mount-point",
      "ls",
      "cd mount-point",
      "ls",
      "cd access",
      "sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1",
      "sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 2",
      "printf '2\n' | sudo update-alternatives --config python3",
      "pwd",
      "ls -la",
      "echo 'Python version:'",
      "python3 --version",
      "pip3 install --upgrade --target access/ numpy --system"
    ]
  }
}

ログを表示します。

Plan: 10 to add, 0 to change, 0 to destroy.
tls_private_key.key: Creating...
aws_default_vpc.default: Creating...
aws_efs_file_system.efs: Creating...
tls_private_key.key: Creation complete after 3s [id=80dd2cd196b9f026cf21076666e718ae75e6802d]
aws_key_pair.generated_key: Creating...
aws_key_pair.generated_key: Creation complete after 0s [id=ec2-efs-access-key]
aws_efs_file_system.efs: Creation complete after 6s [id=fs-91f47fca]
aws_efs_access_point.access-point: Creating...
aws_efs_access_point.access-point: Creation complete after 2s [id=fsap-0515864194da07104]
aws_default_vpc.default: Still creating... [10s elapsed]
aws_default_vpc.default: Creation complete after 13s [id=vpc-a7b5dbcd]
aws_security_group.ec2_security_group: Creating...
aws_security_group.ec2_security_group: Creation complete after 3s [id=sg-0dacec217adacc3dd]
aws_instance.ec2-instance-with-efs: Creating...
...
aws_instance.ec2-instance-with-efs: Creation complete after 34s [id=i-0078c219f3e6e58e1]
aws_efs_mount_target.mount: Creating...
...
aws_efs_mount_target.mount: Still creating... [1m20s elapsed]
aws_efs_mount_target.mount: Creation complete after 1m25s [id=fsmt-85ae45dd]
null_resource.configure_nfs: Creating...
null_resource.configure_nfs: Provisioning with 'remote-exec'...
null_resource.configure_nfs (remote-exec): Connecting to remote host via SSH...
null_resource.configure_nfs (remote-exec):   Host: 18.195.16.239
null_resource.configure_nfs (remote-exec):   User: ubuntu
null_resource.configure_nfs (remote-exec):   Password: false
null_resource.configure_nfs (remote-exec):   Private key: true
null_resource.configure_nfs (remote-exec):   Certificate: false
null_resource.configure_nfs (remote-exec):   SSH Agent: false
null_resource.configure_nfs (remote-exec):   Checking Host Key: false
null_resource.configure_nfs (remote-exec):   Target Platform: unix
null_resource.configure_nfs (remote-exec): Connected!
null_resource.configure_nfs (remote-exec): /tmp/terraform_1300245673.sh: 6: /tmp/terraform_1300245673.sh: python: not found
null_resource.configure_nfs (remote-exec): Python 3.6.9
null_resource.configure_nfs (remote-exec): fs-81x47xca.efs.eu-central-1.amazonaws.com
null_resource.configure_nfs (remote-exec): total 32
null_resource.configure_nfs (remote-exec): drwxr-xr-x 5 ubuntu ubuntu 4096 Oct  7 20:25 .
null_resource.configure_nfs (remote-exec): drwxr-xr-x 3 root   root   4096 Oct  7 20:24 ..
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu  220 Apr  4  2018 .bash_logout
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 3771 Apr  4  2018 .bashrc
null_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct  7 20:25 .cache
null_resource.configure_nfs (remote-exec): drwx------ 3 ubuntu ubuntu 4096 Oct  7 20:25 .gnupg
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu  807 Apr  4  2018 .profile
null_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct  7 20:24 .ssh
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu    0 Oct  7 20:25 .sudo_as_admin_successful
null_resource.configure_nfs (remote-exec): /home/ubuntu
null_resource.configure_nfs (remote-exec): total 36
null_resource.configure_nfs (remote-exec): drwxr-xr-x 6 ubuntu ubuntu 4096 Oct  7 20:26 .
null_resource.configure_nfs (remote-exec): drwxr-xr-x 3 root   root   4096 Oct  7 20:24 ..
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu  220 Apr  4  2018 .bash_logout
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 3771 Apr  4  2018 .bashrc
null_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct  7 20:25 .cache
null_resource.configure_nfs (remote-exec): drwx------ 3 ubuntu ubuntu 4096 Oct  7 20:25 .gnupg
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu  807 Apr  4  2018 .profile
null_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct  7 20:24 .ssh
null_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu    0 Oct  7 20:25 .sudo_as_admin_successful
null_resource.configure_nfs (remote-exec): drwxr-xr-x 2 root   root   4096 Oct  7 20:26 mount-point
null_resource.configure_nfs (remote-exec): mount-point
null_resource.configure_nfs (remote-exec): /tmp/terraform_1300245673.sh: 17: cd: can't cd to access
null_resource.configure_nfs (remote-exec): update-alternatives: using /usr/bin/python3.6 to provide /usr/bin/python3 (python3) in auto mode
null_resource.configure_nfs (remote-exec): update-alternatives: using /usr/bin/python3.8 to provide /usr/bin/python3 (python3) in auto mode
null_resource.configure_nfs (remote-exec): There are 2 choices for the alternative python3 (providing /usr/bin/python3).

null_resource.configure_nfs (remote-exec):   Selection    Path                Priority   Status
null_resource.configure_nfs (remote-exec): ------------------------------------------------------------
null_resource.configure_nfs (remote-exec): * 0            /usr/bin/python3.8   2         auto mode
null_resource.configure_nfs (remote-exec):   1            /usr/bin/python3.6   1         manual mode
null_resource.configure_nfs (remote-exec):   2            /usr/bin/python3.8   2         manual mode

null_resource.configure_nfs (remote-exec): Press <enter> to keep the current choice[*], or type selection number: /home/ubuntu/mount-point
null_resource.configure_nfs (remote-exec): total 8
null_resource.configure_nfs (remote-exec): drwxr-xr-x 2 root   root   6144 Oct  7 20:23 .
null_resource.configure_nfs (remote-exec): drwxr-xr-x 6 ubuntu ubuntu 4096 Oct  7 20:26 ..
null_resource.configure_nfs (remote-exec): Python version:
null_resource.configure_nfs (remote-exec): Python 3.8.0
null_resource.configure_nfs (remote-exec): Collecting numpy
null_resource.configure_nfs (remote-exec):   Downloading https://files.pythonhosted.org/packages/18/d3/0b5dbf3dd99f6a645612dc8cd78c633130139d98afb5303a3ce09723609b/numpy-1.21.2-cp38-cp38-
manylinux_2_5_x86_64.manylinux1_x86_64.whl (14.1MB)
null_resource.configure_nfs (remote-exec):     100% |████████████████████████████████| 14.1MB 96kB/s
null_resource.configure_nfs (remote-exec): Installing collected packages: numpy
null_resource.configure_nfs (remote-exec): Successfully installed numpy-1.21.2
null_resource.configure_nfs (remote-exec): Exception:
null_resource.configure_nfs (remote-exec): Traceback (most recent call last):
null_resource.configure_nfs (remote-exec):   File "/usr/lib/python3/dist-packages/pip/basecommand.py", line 215, in main
null_resource.configure_nfs (remote-exec):     status = self.run(options, args)
null_resource.configure_nfs (remote-exec):   File "/usr/lib/python3/dist-packages/pip/commands/install.py", line 406, in run
null_resource.configure_nfs (remote-exec):     ensure_dir(options.target_dir)
null_resource.configure_nfs (remote-exec):   File "/usr/lib/python3/dist-packages/pip/utils/__init__.py", line 83, in ensure_dir
null_resource.configure_nfs (remote-exec):     os.makedirs(path)
null_resource.configure_nfs (remote-exec):   File "/usr/lib/python3.8/os.py", line 221, in makedirs
null_resource.configure_nfs (remote-exec):     mkdir(name, mode)
null_resource.configure_nfs (remote-exec): PermissionError: [Errno 13] Permission denied: '/home/ubuntu/mount-point/access'
╷
│ Error: remote-exec provisioner error
│
│   on main.tf line 133, in resource "null_resource" "configure_nfs":
│  133:   provisioner "remote-exec" {
│
│ error executing "/tmp/terraform_1300245673.sh": Process exited with status 2
╵

解決方法は?

このエラーは、あなたが マウントポイントをrootのみに設定する としてアクセスしようとすると ubuntu ユーザーであることは、コメントで書いたとおりです。それを修正するために sudo chown ubuntu.ubuntu mount-point の所有権を与える mount-point から ubuntu . また、フォルダ access はインスタンスレベルではなく、EFSレベルで作成されるため、それ自体では存在しません。したがって、そうなるはずです。

resource "null_resource" "configure_nfs" {
  depends_on = [aws_efs_access_point.access-point, aws_efs_mount_target.mount]
  connection {
    type     = "ssh"
    user     = "ubuntu"
    private_key = tls_private_key.key.private_key_pem
    host     = aws_instance.ec2-instance-with-efs.public_ip
  }
  provisioner "remote-exec" {
    inline = [
      "sudo apt-get update -y",
      "sudo apt-get install nfs-common -y",
      "sudo apt-get install python3.8 -y",
      "sudo apt-get install python3-pip -y",
      "python --version",
      "python3 --version",
      "echo ${aws_efs_file_system.efs.dns_name}",
      "ls -la",
      "pwd",
      "sudo mkdir -p mount-point",
      "ls -la",
      "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport ${aws_efs_file_system.efs.dns_name}:/ mount-point",
      "ls",
      "sudo chown -R ubuntu.ubuntu mount-point",      
      "cd mount-point",
      "ls",
      "mkdir access",      
      "sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1",
      "sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 2",
      "printf '2\n' | sudo update-alternatives --config python3",
      "pwd",
      "ls -la",
      "echo 'Python version:'",
      "python3 --version",
      "pip3 install --upgrade --target ./access/ numpy --system"
    ]
  }
}