Never Ending Storage

This post describes how you could setup AWS Elastic File Store (EFS) network storage to your RHEL 7.5 instance. AWS Elastic File Store (EFS) provides network storage that is scalable, reliable and elastic. In other words – never lose data and never ending storage! Of course, you pay for what you use.

Why am I trying to implement this? Well, I have a scenario in which I need to implement a simple web server using Amazon Web Services (AWS) Lightsail. Amazon Web Services (AWS) Lightsail provides a package deal consisting of an EC2 instance with data. It seems running a web server using Lightsail would be more cost-effective than running an EC2 instance on its own and then adding the data costs independently. The problem is that the EC2 instances on Lightsail starts with 1 CPU core, more expensive instances have up to  2 CPU cores.

Let’s say you would like to start hosting websites. You could install a LAMP stack, split the disk space and network traffic and resell them as hosting packages. A Machine of this size could struggle to service more than one customer. Thus, we would need to upgrade the platform frequently and/or add new server instances. Also, you will probably want more than one server to start with to share the load and provide redundancy to your websites. Thus you need some sort of networked files share like NFS.

I decided to use Amazon Web Services (AWS) Elastic File Store (EFS) to solve this issue. The plan is to attach an Elastic File Store (EFS) volume which provides unlimited growth, is super reliable and can be accessed by multiple servers at the same time (from within the same VPC).

The following steps show what I did using an RHEL 7.5 instance. Note that I used the Amazon Web Services (AWS) notes and had to go some extra research to get this going. It is better if you use the AWS guides, but mine serves as an excellent summary for non-experts figuring this stuff out for the first time – like myself!

My way took longer because I decided not to use Amazon Linux, which is packaged with the required software such as Amazon EFS helper. This is because an app that I plan to install only runs on RHEL 7+. Furthermore – I wanted to enable encryption is transit, thus I could not simply do a NFS mount.

You must prepare the following items before we get started.

  1. Create an Elastic File Store (EFS) and note the Elastic File Store (EFS) id that is assigned to you using the Amazon Web Services (AWS).
  2. Setup an AWS EC2 instance using RHEL 7.5.
  3. Ensure your security group allows inbound NFS traffic.
  4. Check the latest version of Stunnel.

The Elastic File Store takes a few minutes to be created. The life cycle state will be set to ‘Creating’ until it’s created. You will only be able to mount the Elastic File Store once the life cycle status is set to ‘Available’.

I used Stunnel 5.44 in the example below. Visit the Stunnel downloads page to see the latest version and adjust the steps accordingly. Stunnel was providing version 5.46 at the time of this post.

Step 1 – Set the hostname for the instance

The hostname changes dynamically when the server restarts. I assume Transport Layer Security (TLS) 1.2 uses the hostname when it encrypts the data sent to and from connected clients. I did not want this to be an issue, so I set the hostname on my RHEL instance.

Set the hostname and ensure it does not change when it the instance is restarted.
-> sudo hostnamectl set-hostname --static testwebserver.localdomain

Restart the server to apply the hostname change.
-> sudo reboot

Check the hostname after the reboot to see if it changed.
-> hostname

If the previous steps did not result in a changed hostname then try these steps:

Open the network file using:
-> sudo vi /etc/sysconfig/network

Add the following line to the network file:
-> hostaname=testwebserver.localdomain
Enter ‘[esc] ZZ’ to save and exit.

Create a hosts file entry like the one below. I called my server ‘testwebserver.localdomain’.

Open the hosts file using:
-> sudo vi /etc/hosts

Enter the info to look something like this:
127.0.0.1 testwebserver.localdomain testwebserver localhost4 localhost4.localdomain4
Enter ‘[esc] ZZ’ to save and exit.

Restart the server to apply the hostname change.
-> sudo reboot

Step 2 – Install the required software

I need the following software according to the Amazon Web Services (AWS) instructions: GIT, RPM Build and most importantly Elastic File Store (EFS) Helper. We also need to upgrade Stunnel (a tunnelling service for TLS) since the version supplied by RHEL 7.5 is out of date.

Update yum
-> sudo yum -y update

Install GIT
-> sudo yum -y install git

Let’s download Elastic File Store (EFS)-Utils.
-> git clone https://github.com/aws/efs-utils

Run the following to see if GIT installed.
-> git –version

Continue to install RPM Build if you can confirm GIT installed.
-> sudo yum -y install rpm-build

Enter the downloaded Elastic File Store (EFS)-Utils folder.
-> cd efs-utils

Make the RPM package.
-> make rpm

Install the RPM package.
-> sudo yum -y install build/amazon-efs-utils*rpm

Next, we upgrade Stunnel to enable TLS encryption between the server and the Elastic File Store (EFS) storage.
-> sudo yum install -y gcc openssl-devel tcp_wrappers-devel
-> curl -o stunnel-5.44.tar.gz https://www.stunnel.org/downloads/stunnel-5.44.tar.gz
-> tar xvfz stunnel-5.44.tar.gz
-> cd stunnel-5.44/
-> ./configure
-> make
-> sudo make install
-> if [[ -f /bin/stunnel ]]; then
-> sudo mv /bin/stunnel /root
-> fi
-> sudo ln -s /usr/local/bin/stunnel /bin/stunnel

Step 3 – Configure Elastic File Store (EFS)

Now we need to create the mount point from root.
-> cd /

We create the mount folder
-> sudo mkdir efs

Mount the Elastic File Store (EFS) using our previously create EFS id (fs-34343c).
-> sudo mount -t efs -o tls fs-34343c:/ efs

Note that adding the ‘-o tls’ enables TLS encryption using Stunnel. If you get a message saying “mount.nfs4: Connection reset by peer”, then check your security group and ensure that you enabled inbound NFS traffic.

We need to add our Elastic File Store (EFS) mount to the fstab, so it does not get lost during restarts.

Open the fstab file using:
-> sudo vi /etc/fstab

Add the following entry, but be sure that you change fs-34343c to the Elastic File Store (EFS) identifier assigned to you.
-> fs-34343c /efs efs defaults,_netdev 0 0
Enter ‘[esc] ZZ’ to save and exit.

You are all set! You can try to add something in the EFS folder, un-mount the Elastic File Store (EFS) using ‘umount /mnt/efs’ and mount it again to test your first EFS mount.

Useful commands that helped me was:

  • df -T
    • Allowed me to check the mount status.
  • grep -E “Successfully mounted.*efs” /var/log/amazon/efs/mount.log | tail -1
    • Checks if the mount was successful.
  • mount | column -t
    • Allows you to the see amount of mounts. I used this to debug a ‘mount if busy’ message. I realised that I mounted etc using fstab and then ran the mount command afterwards.
  • For testing purposes – if you want to un-mount the folder and remove the efs folder.
    • cd /
      sudo umount efs
      sudo rm -d -r -f efs

Herewith the resources I used:

About Anto

Hi, my name is Anto! I am a cloud computing hobbyist! Give me anything to do with the cloud, and I am interested. I work for a Cloud computing company by day and as a Cloud computing hobbyist by night! My projects use PHP, NodeJs, Ubuntu, MySQL and of course Amazon Web Services. Hopefully, my blog aids your cloud journey! Feel free to post a comment and share your thoughts.

View all posts by Anto →

One Comment on “Never Ending Storage”

Leave a Reply

Your email address will not be published. Required fields are marked *