search

aws / efs-utils

Utilities for Amazon Elastic File System (EFS)
MIT License
300 stars 191 forks source link

Mount fails when 'localhost' resolves to an external IP #221

Open jgard opened 5 months ago

jgard commented 5 months ago

In our network recently the stars aligned so that:

During a mount -t efs attempt, this resulted in this server sending queries for localhost.<our-internal-domain>.com to our DNS server, getting successful responses with an IP address, which caused the mount to fail:

root@<server>:~# mount -t efs -o tls,iam,accesspoint=fsap-012345 fs-67890:/ /mnt/efs
Failed to locate an available port in the range [20049, 21049], try specifying a different port range in /etc/amazon/efs/efs-utils.conf

I believe this is caused by using sock.bind(("localhost", tls_port)) in find_tls_port_in_range_and_get_bind_sock()

Is there a workaround where we can avoid sending DNS queries for localhost?

mskanth972 commented 5 months ago

Hi @jgard, can you update the efs-utils to latest version(v2.0.2)which has the fix for this Port issue. https://github.com/aws/efs-utils/pull/219

jgard commented 5 months ago

Hi @mskanth972 . What commit that ended up in v2.0.2 was supposed to resolve this issue? Regardless, I have reproduced on the newest version:

## Show we're on 2.0.2
# dpkg --status amazon-efs-utils
Package: amazon-efs-utils
Status: install ok installed
Priority: optional
Section: utils
Maintainer: Amazon.com, Inc. <efs-utils@amazon.com>
Architecture: all
Version: 2.0.2
Depends: python3, nfs-common, stunnel4 (>= 4.56), openssl (>= 1.0.2), util-linux
Conffiles:
 /etc/amazon/efs/efs-utils.conf 2bd2a5ebdceb1b1a6f0d46547af61d82
Description: This package provides utilities for simplifying the use of EFS file systems
Copyright: MIT License

## Show a broken hosts file that lets "localhost" resolve on the network
# cat /etc/hosts
127.0.0.1 <instance_fqdn> <instance_hostname> localhost4 localhost4.localdomain4

## Show mount fails
# mount -t efs -o tls,iam,accesspoint=<fsap-id> <fs-id>:/ /mnt/efs
Failed to locate an available port in the range [20049, 21049], try specifying a different port range in /etc/amazon/efs/efs-utils.conf

## Show fixed hosts file that resolves "localhost" properly
# cat /etc/hosts
127.0.0.1 <instance_fqdn> <instance_hostname> localhost4 localhost4.localdomain4 localhost localhost.localdomain

## Show mount succeeds
# mount -t efs -o tls,iam,accesspoint=<fsap-id> <fs-id>:/ /mnt/efs
# ls -ahl /mnt/efs
total 24K
drwxrwxr-x 2 ssm-user ssm-user 6.0K Jun 18 10:56 .
drwxr-xr-x 3 root     root     4.0K Jun 18 11:30 ..
-rw-r--r-- 1 ssm-user ssm-user 1.5K Jun 14 14:50 <file_in_efs>