Elastic File System (EFS) from Amazon was introduced at the end of 2016 (at re:Invent 2016) and in fact adds great value to cloud compute services like EC2. If you are not aware of this new service, in short - it is file share that you can mount to your cloud (or even on-prem servers connected to your VPC through Direct Connect service). Simply saying you can do
mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 :/ /tmp. This is copy/paste from AWS console with recommendation on mounting file share to Linux instance (of course you need to have NFS client with v4.1 support). And you can do this to multiple EC2 instances as well (even more - you can add this into Advanced details -> User's data for launching new instances with EFS attached by default for all new instances). Something like this:
However this is limitation, - MS Windows is not supported. So if you have either 2012 or 2016 or something else, you are not able to mount your EFS to it. Bad. Let's think wide and try to figure out available options. What if we can re-export mounted NFS as SMB share and map it to MS Windows of our choice?
NB! I do run the below commands as
root, so if you are not, prepend
sudo where applicable.
Setting up EFS
First of all make sure you are in the region, that supports AWS EFS. At the time of writing this post you are looking at 6 regions out of 14. Withing each region you can either allow or deny access to your share for each availability zone. Each AZ points to your security group(s). For the EFS availability we just need to open up to the world
2049 port (EC2 -> Security Group) and it is pre-defined in the list of protocols (just pick it and define your IP, CIDR or another Security Group). EFS creation takes some time, when done you should be able to see further instructions. For example for ubuntu just drop the following into your shell:
apt-get install -y nfs-common
mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 your-efs-fqdn:/ /mnt/efs
Just change your
your-efs-fqdn to your output from the AWS -> EFS section. As I said earlier you can drop this boilerplate into User's data section of your EC2 launch, so your instance is going to access this share once ready.
Re-exporting NFS share for using in Windows
Now, when we have EFS mounted we want to give our Windows user's access to it's files. Let's do this using samba. Again, drop the following to your shell for installing SMB services in your ubuntu:
apt-get install -y samba samba-common python-glade2 system-config-samba
cp -pf /etc/samba/smb.conf /etc/samba/smb.conf.bak
cat /dev/null > /etc/samba/smb.conf
If you don't have
vim use texteditor of your choice (for example
nano /etc/samba/smb.conf) and paste the following boilerplate (feel free to customize it if you need):
workgroup = WORKGROUP
server string = AWS-EFS-Windows
netbios name = ubuntu
dns proxy = no
socket options = TCP_NODELAY
path = /mnt/efs
read only = no
browseable = yes
guest ok = yes
Save and start your samba by
/etc/init.d/smbd restart. Just to make sure you have set the configuration file right
testparm can help to validate it.
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[efs]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
netbios name = UBUNTU
server string = SMB-Server
dns proxy = No
idmap config * : backend = tdb
path = /mnt/efs
read only = No
guest ok = Yes
Our SMB is ready, let's move to Windows environment and map this share to some drive latter as "Add a network location".
Mapping AWS EFS to Windows
This is done for EC2 instances (but I am sure you can map SMB share from anywhere). Just make sure you have setup your security group accordingly (445 and 139 ports should be open between source and target). For the test purposes you can do quick script to fill up your folder with images from google and return back to your Windows and see if it has those files available for read. Drop something to this share from your Windows environment and check back from your Linux machine and it's available. Check further from other instances and see if this concept works.
There might be some performance issues with SMB, I am happy to hear back other creative ideas on how to re-export NFS share for Windows boxes.