Most of the posts highlight what I am focused on and express work and personal experience. Reason I put them here - recall later or help someone else with similar challenge.
Elastic File System (EFS) from Amazon was introduced at the end of 2016 (at re:Invent 2016) and in fact adds great value to cloud compute services like EC2. If you are not aware of this new service, in short - it is file share that you can mount to your cloud (or even on-prem servers connected to your VPC through Direct Connect service). Simply saying you can do
mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . This is copy/paste from AWS console with recommendation on mounting file share to Linux instance (of course you need to have NFS client with v4.1 support). And you can do this to multiple EC2 instances as well (even more - you can add this into Advanced details -> User's data for launching new instances with EFS attached by default for all new instances). Something like this:
However this is limitation, - MS Windows is not supported. So if you have either 2012 or 2016 or something else, you are not able to mount your EFS to it. Bad. Let's think wide and try to figure out available options. What if we can re-export mounted NFS as SMB share and map it to MS Windows of our choice?
NB! I do run the below commands as
root, so if you are not, prepend
sudo where applicable.
First of all make sure you are in the region, that supports AWS EFS. At the time of writing this post you are looking at 6 regions out of 14. Withing each region you can either allow or deny access to your share for each availability zone. Each AZ points to your security group(s). For the EFS availability we just need to open up to the world
2049 port (EC2 -> Security Group) and it is pre-defined in the list of protocols (just pick it and define your IP, CIDR or another Security Group). EFS creation takes some time, when done you should be able to see further instructions. For example for ubuntu just drop the following into your shell:
apt-get install -y nfs-common mkdir /mnt/efs mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 your-efs-fqdn:/ /mnt/efs
Just change your
your-efs-fqdn to your output from the AWS -> EFS section. As I said earlier you can drop this boilerplate into User's data section of your EC2 launch, so your instance is going to access this share once ready.
Now, when we have EFS mounted we want to give our Windows user's access to it's files. Let's do this using samba. Again, drop the following to your shell for installing SMB services in your ubuntu:
apt-get install -y samba samba-common python-glade2 system-config-samba cp -pf /etc/samba/smb.conf /etc/samba/smb.conf.bak cat /dev/null > /etc/samba/smb.conf vim /etc/samba/smb.conf
If you don't have
vim use texteditor of your choice (for example
nano /etc/samba/smb.conf) and paste the following boilerplate (feel free to customize it if you need):
[global] workgroup = WORKGROUP server string = AWS-EFS-Windows netbios name = ubuntu dns proxy = no socket options = TCP_NODELAY [efs] path = /mnt/efs read only = no browseable = yes guest ok = yes
Save and start your samba by
/etc/init.d/smbd restart. Just to make sure you have set the configuration file right
testparm can help to validate it.
testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[efs]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] netbios name = UBUNTU server string = SMB-Server dns proxy = No idmap config * : backend = tdb [efs] path = /mnt/efs read only = No guest ok = Yes
Our SMB is ready, let's move to Windows environment and map this share to some drive latter as "Add a network location".
This is done for EC2 instances (but I am sure you can map SMB share from anywhere). Just make sure you have setup your security group accordingly (445 and 139 ports should be open between source and target). For the test purposes you can do quick script to fill up your folder with images from google and return back to your Windows and see if it has those files available for read. Drop something to this share from your Windows environment and check back from your Linux machine and it's available. Check further from other instances and see if this concept works.
There might be some performance issues with SMB, I am happy to hear back other creative ideas on how to re-export NFS share for Windows boxes.