Json Can'；t在ECS实例中挂载EFS_Json_Amazon Web Services_Amazon Cloudformation_User Data

Json Can'；t在ECS实例中挂载EFS

json amazon-web-services amazon-cloudformation

Json Can'；t在ECS实例中挂载EFS,json,amazon-web-services,amazon-cloudformation,user-data,Json,Amazon Web Services,Amazon Cloudformation,User Data,我的cloudformation模板中的configurationConfig资源中有此用户数据： "UserData":{ "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xv\n", "yum -y update\n", "yum -y install aws-cfn-bootstrap\n", "yu

我的cloudformation模板中的

configurationConfig

资源中有此用户数据：

"UserData":{  "Fn::Base64" : {
            "Fn::Join" : ["", [
              "#!/bin/bash -xv\n",
              "yum -y update\n",
              "yum -y install aws-cfn-bootstrap\n",
              "yum -y install awslogs jq\n",
              "#Install NFS client\n",
              "yum -y install nfs-utils\n",
              "#Install pip\n",
              "yum -y install python27 python27-pip\n",
              "#Install awscli\n",
              "pip install awscli\n",
              "#Upgrade to the latest version of the awscli\n",
              "#pip install --upgrade awscli\n",
              "#Add support for EFS to the CLI configuration\n",
              "aws configure set preview.efs true\n",
              "#Get region of EC2 from instance metadata\n",
              "EC2_AVAIL_ZONE=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`\n",
              "EC2_REGION=",{ "Ref": "AWS::Region"} ,"\n",
              "mkdir /efs-tmp/\n",
              "chown -R ec2-user:ec2-user /efs-tmp/\n",
              "DIR_SRC=$EC2_AVAIL_ZONE.",{ "Fn::FindInMap" : [ "FileSystemMap", {"Ref" : "EnvParam"}, "FileSystemID"] },".efs.$EC2_REGION.amazonaws.com\n",
              "DIR_TGT=/efs-tmp/\n",
              "touch /home/ec2-user/echo.res\n",
              "echo ",{ "Fn::FindInMap" : [ "FileSystemMap", {"Ref" : "EnvParam"}, "FileSystemID"] }," >> /home/ec2-user/echo.res\n",
              "echo $EC2_AVAIL_ZONE >> /home/ec2-user/echo.res\n",
              "echo $EC2_REGION >> /home/ec2-user/echo.res\n",
              "echo $DIR_SRC >> /home/ec2-user/echo.res\n",
              "echo $DIR_TGT >> /home/ec2-user/echo.res\n",
              "#Mount EFS file system\n",
              "mount -t nfs4 -o vers=4.1 $DIR_SRC:/ $DIR_TGT >> /home/ec2-user/echo.res\n",
              "#Backup fstab\n",
              "cp -p /etc/fstab /etc/fstab.back-$(date +%F)\n",
              "echo -e \"$DIR_SRC:/ $DIR_TGT nfs4 nfsvers=4.1 0 0 | tee -a /etc/fstab\n",
                      "docker ps\n",
              "service docker stop\n",
              "service docker start\n",
              "/opt/aws/bin/cfn-init -v",
              "         --stack ", { "Ref": "AWS::StackName" },
              "         --resource ContainerInstances",
              "         --region ", { "Ref" : "AWS::Region" },"\n",
              "service awslogs start\n",
              "chkconfig awslogs on\n"
            ]]}

以下是ECS容器的安全组：

  "EcsSecurityGroup":{
    "Type" : "AWS::EC2::SecurityGroup",
    "Properties" : {
      "GroupDescription" : "ECS SecurityGroup",
      "SecurityGroupIngress" : [
        {
          "IpProtocol" : "tcp",
          "FromPort" : "2049",
          "ToPort" : "2049",
          "CidrIp" : {"Ref" : "CIDRVPC"}
        },
        {
          "IpProtocol" : "tcp",
          "FromPort" : "22",
          "ToPort" : "22",
          "CidrIp" : "0.0.0.0/0"
        }
      ],
      "SecurityGroupEgress" :  [
        {
          "IpProtocol" : "-1",
          "FromPort" : "-1",
          "ToPort" : "-1",
          "CidrIp" : "0.0.0.0/0"
        }
      ],
      "VpcId":{ "Ref":"VpcId" }
    }
  },

运行模板后，我使用ssh连接到实例中，等待

userdata

完成执行，然后在

/var/log/cloud init-ouptut.log

中发现以下错误：

mount.nfs4: Connection timed out

此外，

/etc/fstab

文件不包含装载线。我无法访问文件系统，因为为EFS创建的文件夹为空

请告诉我问题出在哪里

脚本中的这一行有一个输入错误（缺少结尾

\“

），导致尝试写入

/etc/fstab

失败：

echo -e \"$DIR_SRC:/ $DIR_TGT nfs4 nfsvers=4.1 0 0 | tee -a /etc/fstab\n",

应改为：

echo -e \"$DIR_SRC:/ $DIR_TGT nfs4 nfsvers=4.1 0 0\" | tee -a /etc/fstab\n",

您需要确保指定的可用性区域中存在资源。否则，使用DNS名称装载文件系统的尝试将无法正确解析。有关详细文档，请参阅和

脚本中的这一行有一个输入错误（缺少结尾

\“

），导致尝试写入

/etc/fstab

失败：

echo -e \"$DIR_SRC:/ $DIR_TGT nfs4 nfsvers=4.1 0 0 | tee -a /etc/fstab\n",

应改为：

echo -e \"$DIR_SRC:/ $DIR_TGT nfs4 nfsvers=4.1 0 0\" | tee -a /etc/fstab\n",

您需要确保指定的可用性区域中存在资源。否则，使用DNS名称装载文件系统的尝试将无法正确解析。有关更多文档，请参阅和

确保已创建EFS安全组，并在入口规则中允许ec2安全：

 "EfsSecurityGroup": {
        "Properties": {
            "GroupDescription": "EFS security group",
            "SecurityGroupIngress": [
                {
                    "FromPort": 2049,
                    "IpProtocol": "tcp",
                    "SourceSecurityGroupId": {
                        "Ref": "YOUR_EC2_SECURITY_GROUP"
                    },
                    "ToPort": 2049
                },
            ],
            "Tags": [
                {
                    "Key": "Application",
                    "Value": {
                        "Ref": "AWS::StackName"
                    }
                },
                {
                    "Key": "Name",
                    "Value": "efs-sg"
                }
            ],
            "VpcId": {
                "Ref": "YOUR_VPC_ID"
            }
        },
        "Type": "AWS::EC2::SecurityGroup"
    }

确保EFS MountTarget存在：

"EFSMountTargetYourAZ": {
        "Properties": {
            "FileSystemId": "EFS_id",
            "SecurityGroups": [
                {
                    "Ref": "EFS_SECURITY_GROUP"
                }
            ],
            "SubnetId": {
                "Ref": "SUBNET_ID"
            }
        },
        "Type": "AWS::EFS::MountTarget"
    },

确保已创建EFS安全组，并在入口规则中允许ec2安全：

 "EfsSecurityGroup": {
        "Properties": {
            "GroupDescription": "EFS security group",
            "SecurityGroupIngress": [
                {
                    "FromPort": 2049,
                    "IpProtocol": "tcp",
                    "SourceSecurityGroupId": {
                        "Ref": "YOUR_EC2_SECURITY_GROUP"
                    },
                    "ToPort": 2049
                },
            ],
            "Tags": [
                {
                    "Key": "Application",
                    "Value": {
                        "Ref": "AWS::StackName"
                    }
                },
                {
                    "Key": "Name",
                    "Value": "efs-sg"
                }
            ],
            "VpcId": {
                "Ref": "YOUR_VPC_ID"
            }
        },
        "Type": "AWS::EC2::SecurityGroup"
    }

确保EFS MountTarget存在：

"EFSMountTargetYourAZ": {
        "Properties": {
            "FileSystemId": "EFS_id",
            "SecurityGroups": [
                {
                    "Ref": "EFS_SECURITY_GROUP"
                }
            ],
            "SubnetId": {
                "Ref": "SUBNET_ID"
            }
        },
        "Type": "AWS::EFS::MountTarget"
    },

在您的ec2安全组中，您不应该拥有用于EFS的端口2049的入口规则，您应该创建一个EFS安全组，并在该端口2049上允许您的ec2安全作为

SourceSecurityGroupId

。在您的ec2安全组中，您不应该拥有用于EFS的端口2049的入口规则，您应该创建一个efs安全组，并在该端口2049上允许您的ec2安全设置为

SourceSecurityGroupId

。