18

I am having an issue where I am unable to mount my EFS on red hat ec2 instance using the DNS names. It throws the error

mount.nfs4: Failed to resolve server us-east-1a.fs-c2aXXXX.efs.us-east-1.amazon
aws.com: Name or service not known

I am following the instructions provided by AWS. I tried below two ways to do it and both throw the same above error. I can confirm that the DNS names are correct.

1st:

mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport fs-c2aXXXX.efs.us-east-1.amazonaws.com:/ efs

2nd:

mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 $(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone).fs-c2a7XXXX.efs.us-east-1.amazonaws.com:/ /efs

However, if I use IP instead of DNS names, I am able to mount it just fine. So below command works.

mount -t nfs4 -o 
nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 10.38.X.XX:/ /efs

I am fine with using IP instead of DNS as long as I am able to mount it.

Now my issue is as soon as I stop and start the instance again, my mount is gone. Even after I add the below entry to the /etc/fstab, it doesn't do auto mount.

10.38.X.XXX:/ /efs efs defaults,_netdev 0 0

Can someone please help me in either resolving the issue with DNS or tell me how to auto mount using IPs?

TylerH
  • 20,799
  • 66
  • 75
  • 101
Naxi
  • 1,504
  • 5
  • 33
  • 72
  • 3
    [*"The VPC of the connecting EC2 instance must have both DNS Resolution and DNS Hostnames enabled."*](https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html) Check this? – Michael - sqlbot Oct 26 '18 at 23:36
  • @Michael-sqlbot this is the real answer, thanks. Also you need to restart your ec2 to affect after the modification. – Red Bottle May 14 '21 at 09:50

3 Answers3

9

If you have opened all security groups, network ACLs, confirmed that you are in a valid AZ and still not working; probably the VPC you created doesn't have DNS hostnames enabled, validate that you have this setting:

vpc

The default VPC that comes with your account has this enabled, others don't.

Luigi Lopez
  • 1,037
  • 10
  • 23
  • 1
    I have no idea why a private VPC had to have this enabled but enabling this allowed my ECS Fargate service to resolve the service. – Chris Rice Nov 12 '21 at 19:25
  • @ChrisRice You had to have this enabled so the internal DNS resolution of the AWS services can work, in this case for the EFS private URL. – Luigi Lopez Jul 15 '22 at 19:36
6

To attach to EFS from the command line use this as your template, replacing fs-12345678 with your id:

$ sudo mount -t efs fs-12345678:/ /efs

Use this in your /etc/fstab (do not add .efs.us-east-1.amazonaws.com after it)

fs-12345678:/ /efs efs vers=4.1,rw,tls,_netdev,relatime,acl,nofail 0 0

The fstab version also turns on encryption for data transport. Check out the resource for more information

Resources

https://docs.aws.amazon.com/efs/latest/ug/mounting-fs.html https://docs.aws.amazon.com/efs/latest/ug/troubleshooting-efs-mounting.html#automount-fails

kenlukas
  • 3,616
  • 9
  • 25
  • 36
0

There seems to be an issue with the new efs-utils dns. A walkaround would be to mount a chosen availability zone mount target (this is probably still in development).

To solve this, I tried to add entries for the efs in the /etc/hosts file like so;

[efs-az-private-ip] [efs hostname (e.g;fs-xx.efs.us-east-1.amazonaws.com)]
Mekky_Mayata
  • 197
  • 2
  • 11
  • 1
    I'm currently trying to mount on CodeBuild and running into dns issues. What "new efs-utils dns" issue are you referring to? – nitsujri May 13 '21 at 01:34
  • 1
    @nitsujri for my case, the new efs-utils DNS requirement prevented the mount of the efs across AZ's (mount point should be located within the same AZ of originating DNS request). I was only able to resolve using /etc/hosts. However, upon ensuring that the mount points were located within the same AZ, I created efs access points as well and the mounts worked fine. https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html – Mekky_Mayata May 13 '21 at 10:03
  • that was it! I needed them to all be in the same AZ, same subnet. Once I got that it got past DNS and ran into timeout issues - allowing the NFS port was the last bit to fully connect. THANKS! – nitsujri May 13 '21 at 11:11