EFS volume mounts not applicable in Amazon Linux 2 AMIs

[jmrieger]

https://github.com/awsdocs/elastic-beanstalk-samples/blob/master/configuration-files/aws-provided/instance-configuration/storage-efs-mountfilesystem.config#L54

The get-config command is no longer available in AL2 AMIs. It would be nice to have updated examples for these scripts that will work in those environments.

[faizanakram99]

Update: Indeed /opt/elasticbeanstalk/bin/get-config is non-existent

For now I hardcoded mount dir and fs id to fix it

The script throws this error

mount: :/: can't find in /etc/fstab.

I opened an issue earlier too but then closed it, thought I was missing something
#119

[Computer15776]

Likewise; I was able to hardcode the parameters in, though the EFS mount was successful for me with this workaround.

[jpswade]

See: #111

I think this is a bit of a show stopper at the moment and really needs to be fixed.

Being unable to get environment variables at all makes it almost impossible to do anything dynamically.

• Edit, here's my workaround:

#!/usr/bin/env bash
set -e
EB_META_DATA_FILE=/var/app/metadata.json
ENV_VARS_FILE=/var/app/envvars
sudo /opt/aws/bin/cfn-get-metadata -s $(</opt/elasticbeanstalk/config/ebenvinfo/stackid) -r AWSEBBeanstalkMetadata --region $(</opt/elasticbeanstalk/config/ebenvinfo/region) -k "AWS::ElasticBeanstalk::Ext">${EB_META_DATA_FILE}
ENV_VARS=$(jq -r '.Parameters.EnvironmentVariables' < ${EB_META_DATA_FILE})
echo ${ENV_VARS} | jq -r 'to_entries[] | [.value] | join("")'>${ENV_VARS_FILE}

[faizanakram99]

See: #111

I think this is a bit of a show stopper at the moment and really needs to be fixed.

Being unable to get environment variables at all makes it almost impossible to do anything dynamically.

Can't believe they closed the issue with "its great and post to aws forum", lol

[ofriedrich]

The environment variables are available as soon as the environment has been successfully deployed, e. g. as global environment variables in PHP. But if you need them during deployment process, for example in a hook, there seems to be no solution from AWS side yet.

Some people will run into the next problem, if they change an environment variable in a running instance. The hooks won't be executed. So if you have used a hook to replace something with an environment variable in your artifact, it will not be replaced with the new value after configuration update.

[curtismorte]

Hey Guys,
Here is an updated config file for EFS using the method from #111.

@jpswade, I found out about /opt/elasticbeanstalk/deployment/env after posting #111. Admittedly, I felt pretty stupid when I found it (the next morning), but the file would make configuration files much cleaner to just reference that and get an environment variable from it. Let's just say I was determined to get this done late one night :)

#!/bin/bash

# Get the environment variables
ENV_REGION="$(</opt/elasticbeanstalk/config/ebenvinfo/region)"
ENV_STACK_ID="$(</opt/elasticbeanstalk/config/ebenvinfo/stackid)"
ENV_VARS_KWARGS="$(sudo /opt/aws/bin/cfn-get-metadata -s $ENV_STACK_ID -r AWSEBBeanstalkMetadata --region $ENV_REGION -k "AWS::ElasticBeanstalk::Ext.Parameters.EnvironmentVariables" | jq -c '. |= reduce (.[] | split("=")) as [$key, $value] ({}; .[$key] = $value)')"

EFS_MOUNT_DIR=$(jq -r '.MOUNT_DIRECTORY' <<< $ENV_VARS_KWARGS)
EFS_FILE_SYSTEM_ID=$(jq -r '.FILE_SYSTEM_ID' <<< $ENV_VARS_KWARGS)

echo "Mounting EFS filesystem ${EFS_FILE_SYSTEM_ID} to directory ${EFS_MOUNT_DIR} ..."

echo 'Stopping NFS ID Mapper...'
service rpcidmapd status &> /dev/null
if [ $? -ne 0 ] ; then
    echo 'rpc.idmapd is already stopped!'
else
    service rpcidmapd stop
    if [ $? -ne 0 ] ; then
        echo 'ERROR: Failed to stop NFS ID Mapper!'
        exit 1
    fi
fi

echo 'Checking if EFS mount directory exists...'
if [ ! -d ${EFS_MOUNT_DIR} ]; then
    echo "Creating directory ${EFS_MOUNT_DIR} ..."
    mkdir -p ${EFS_MOUNT_DIR}
    if [ $? -ne 0 ]; then
        echo 'ERROR: Directory creation failed!'
        exit 1
    fi
else
    echo "Directory ${EFS_MOUNT_DIR} already exists!"
fi

mountpoint -q ${EFS_MOUNT_DIR}
if [ $? -ne 0 ]; then
    echo "mount -t efs -o tls ${EFS_FILE_SYSTEM_ID}:/ ${EFS_MOUNT_DIR}"
    mount -t efs -o tls ${EFS_FILE_SYSTEM_ID}:/ ${EFS_MOUNT_DIR}
    if [ $? -ne 0 ] ; then
        echo 'ERROR: Mount command failed!'
        exit 1
    fi
    chmod 777 ${EFS_MOUNT_DIR}
    runuser -l  ec2-user -c "touch ${EFS_MOUNT_DIR}/it_works"
    if [[ $? -ne 0 ]]; then
        echo 'ERROR: Permission Error!'
        exit 1
    else
        runuser -l  ec2-user -c "rm -f ${EFS_MOUNT_DIR}/it_works"
    fi
else
    echo "Directory ${EFS_MOUNT_DIR} is already a valid mountpoint!"
fi

echo 'EFS mount complete.'

[dankhen]

All,

We appreciate the sentiment and acknowledge that this is a serious issue. The reason I closed #111 and will close this one isn't that this isn't important - it's because we're already aware of the problem and are tracking it internally. The Beanstalk team indicated that they're working on re-implementing get-config for the AL2 platforms.

[tomchiverton]

Oh, I'm sorry.
I clearly didn't get the governance modal. AWS aren't tracking issues here "live" - instead more like what Google do with "open" Android and things are just tossed over the wall ?
I'm used to Apache where the issue tracker and code is the tracker and code :)

Do you have a timeline ? Otherwise I'm just going to write my own version of get-config today so we can continue our project without having to by hand update every single script...

[dankhen]

@tomchiverton This is a repo of documented examples - not a tracking system for Elastic Beanstalk issues.
We do have a place where everyone can post suggestions and track progress - it's the Elastic Beanstalk roadmap, here.