Skip to content

Commit

Permalink
Release efs-utils v2.0.0
Browse files Browse the repository at this point in the history
This commit replaces stunnel, which provides TLS encryptions for mounts, with efs-proxy, a component built in-house at AWS.
 Efs-proxy lays the foundation for upcoming feature launches at EFS.
  • Loading branch information
RyanStan committed Apr 12, 2024
1 parent ddc2bd0 commit 0c5b52d
Show file tree
Hide file tree
Showing 39 changed files with 5,793 additions and 361 deletions.
113 changes: 73 additions & 40 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,20 @@ commands:
name: Repo update
command: |
apt-get update
- run:
name: Install curl
command: |
apt-get -y install curl
- run:
name: Install latest Rust
command: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
. "$HOME/.cargo/env"
- run:
name: Install dependencies
command: |
apt-get -y install binutils git
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
apt-get -y install binutils git rustc cargo pkg-config libssl-dev
- run:
name: Add local build repo as safe git directory
command: |
Expand All @@ -49,6 +59,9 @@ commands:
- run:
name: Build DEB
command: |
. "$HOME/.cargo/env"
rustc --version
cargo --version
./build-deb.sh
- run:
name: Install package
Expand All @@ -64,7 +77,7 @@ commands:
- run:
name: Install dependencies
command: |
yum -y install rpm-build make systemd
yum -y install rpm-build make systemd rust cargo openssl-devel
- run:
name: Build RPM
command: |
Expand All @@ -81,21 +94,65 @@ commands:
name: Check changelog
command: |
rpm -q --changelog amazon-efs-utils
build-rpm-rustup:
steps:
- run:
name: Install dependencies
command: |
yum install -y curl
- run:
name: Install latest Rust
command: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
- checkout
- run:
name: Install dependencies
command: |
yum -y install rpm-build make systemd rust cargo openssl-devel
- run:
name: Build RPM
command: |
. "$HOME/.cargo/env"
rustc --version
make rpm
- run:
name: Install package
command: |
yum -y install build/amazon-efs-utils*rpm
- run:
name: Check installed successfully
command: |
mount.efs --version
- run:
name: Check changelog
command: |
rpm -q --changelog amazon-efs-utils
build-suse-rpm:
steps:
- checkout
- run:
name: Refresh source
command: |
zypper refresh
- run:
name: Install curl
command: |
zypper install -y curl
- run:
name: Install latest Rust
command: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
- run:
name: Install dependencies
command: |
zypper install -y --force-resolution rpm-build
zypper install -y make systemd
zypper install -y make systemd rust cargo openssl-devel
- run:
name: Build RPM
command: |
. "$HOME/.cargo/env"
rustc --version
make rpm
- run:
name: Install package
Expand All @@ -116,14 +173,6 @@ commands:
command: |
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
build-debian-eol-repo:
steps:
- run:
name: change repo url to archive.debian.org and remove updates repo for EOL versions
command: |
sed -i 's/deb.debian.org/archive.debian.org/g' /etc/apt/sources.list
sed -i 's/security.debian.org/archive.debian.org/g' /etc/apt/sources.list
sed -i '/stretch-updates/d' /etc/apt/sources.list
jobs:
test:
parameters:
Expand Down Expand Up @@ -152,35 +201,34 @@ jobs:
image: << parameters.image >>
steps:
- build-rpm
build-suse-rpm-package:
build-rpm-package-rustup:
parameters:
image:
type: string
executor:
name: linux
image: << parameters.image >>
steps:
- build-suse-rpm
build-centos-rpm-package:
- build-rpm-rustup
build-suse-rpm-package:
parameters:
image:
type: string
executor:
name: linux
image: << parameters.image >>
steps:
- build-centos-repo
- build-rpm
build-debian-eol-rpm-package:
- build-suse-rpm
build-centos-rpm-package:
parameters:
image:
type: string
executor:
name: linux
image: << parameters.image >>
steps:
- build-debian-eol-repo
- build-deb
- build-centos-repo
- build-rpm-rustup
workflows:
workflow:
jobs:
Expand Down Expand Up @@ -217,21 +265,12 @@ workflows:
- build-deb-package:
name: ubuntu22
image: ubuntu:22.04
- build-debian-eol-rpm-package:
name: debian9
image: debian:stretch
- build-deb-package:
name: debian10
image: debian:buster
- build-deb-package:
name: debian11
image: debian:bullseye
- build-centos-rpm-package:
name: centos-latest
image: centos:latest
- build-rpm-package:
name: centos7
image: centos:centos7
- build-centos-rpm-package:
name: centos8
image: centos:centos8
Expand All @@ -244,31 +283,25 @@ workflows:
- build-rpm-package:
name: amazon-linux-2
image: amazonlinux:2
- build-rpm-package:
name: amazon-linux
image: amazonlinux:1
- build-rpm-package:
name: fedora-latest
image: fedora:latest
- build-rpm-package:
name: fedora28
image: fedora:28
- build-rpm-package:
- build-rpm-package-rustup:
name: fedora29
image: fedora:29
- build-rpm-package:
- build-rpm-package-rustup:
name: fedora30
image: fedora:30
- build-rpm-package:
- build-rpm-package-rustup:
name: fedora31
image: fedora:31
- build-rpm-package:
- build-rpm-package-rustup:
name: fedora32
image: fedora:32
- build-rpm-package:
- build-rpm-package-rustup:
name: fedora33
image: fedora:33
- build-rpm-package:
- build-rpm-package-rustup:
name: fedora34
image: fedora:34
- build-rpm-package:
Expand Down
5 changes: 4 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ PACKAGE_NAME = amazon-efs-utils
SOURCE_TARBALL = $(PACKAGE_NAME).tar.gz
SPECFILE = $(PACKAGE_NAME).spec
BUILD_DIR = build/rpmbuild
PROXY_VERSION = 2.0.0
export PYTHONPATH := $(shell pwd)/src

.PHONY: clean
Expand All @@ -31,6 +32,7 @@ tarball: clean
mkdir -p $(PACKAGE_NAME)/src
cp -rp src/mount_efs $(PACKAGE_NAME)/src
cp -rp src/watchdog $(PACKAGE_NAME)/src
cp -rp src/proxy $(PACKAGE_NAME)/src

mkdir -p ${PACKAGE_NAME}/man
cp -rp man/mount.efs.8 ${PACKAGE_NAME}/man
Expand All @@ -45,7 +47,8 @@ rpm-only:
mkdir -p $(BUILD_DIR)/{SPECS,COORD_SOURCES,DATA_SOURCES,BUILD,RPMS,SOURCES,SRPMS}
cp $(SPECFILE) $(BUILD_DIR)/SPECS
cp $(SOURCE_TARBALL) $(BUILD_DIR)/SOURCES
rpmbuild -ba --define "_topdir `pwd`/$(BUILD_DIR)" $(BUILD_DIR)/SPECS/$(SPECFILE)
cp config.toml $(BUILD_DIR)/SOURCES
rpmbuild -ba --define "_topdir `pwd`/$(BUILD_DIR)" --define "include_vendor_tarball false" $(BUILD_DIR)/SPECS/$(SPECFILE)
cp $(BUILD_DIR)/RPMS/*/*rpm build

.PHONY: rpm
Expand Down
40 changes: 29 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,17 @@ The `efs-utils` package has been verified against the following Linux distributi

| Distribution | Package Type | `init` System |
|----------------------| ----- | --------- |
| Amazon Linux 2017.09 | `rpm` | `upstart` |
| Amazon Linux 2 | `rpm` | `systemd` |
| Amazon Linux 2023 | `rpm` | `systemd` |
| CentOS 7 | `rpm` | `systemd` |
| CentOS 8 | `rpm` | `systemd` |
| RHEL 7 | `rpm` | `systemd` |
| RHEL 8 | `rpm` | `systemd` |
| RHEL 9 | `rpm` | `systemd` |
| Fedora 28 | `rpm` | `systemd` |
| Fedora 29 | `rpm` | `systemd` |
| Fedora 30 | `rpm` | `systemd` |
| Fedora 31 | `rpm` | `systemd` |
| Fedora 32 | `rpm` | `systemd` |
| Debian 9 | `deb` | `systemd` |
| Debian 10 | `deb` | `systemd` |
| Debian 11 | `deb` | `systemd` |
| Ubuntu 16.04 | `deb` | `systemd` |
| Ubuntu 18.04 | `deb` | `systemd` |
| Ubuntu 20.04 | `deb` | `systemd` |
Expand Down Expand Up @@ -55,6 +51,7 @@ The `efs-utils` package has been verified against the following MacOS distributi
- [MacOS](#macos)
- [amazon-efs-mount-watchdog](#amazon-efs-mount-watchdog)
- [Troubleshooting](#troubleshooting)
- [Upgrading to efs-utils v2.0.0](#upgrading-from-efs-utils-v1-to-v2)
- [Upgrading stunnel for RHEL/CentOS](#upgrading-stunnel-for-rhelcentos)
- [Upgrading stunnel for SLES12](#upgrading-stunnel-for-sles12)
- [Upgrading stunnel for MacOS](#upgrading-stunnel-for-macos)
Expand All @@ -81,9 +78,11 @@ The `efs-utils` package has been verified against the following MacOS distributi
## Prerequisites

* `nfs-utils` (RHEL/CentOS/Amazon Linux/Fedora) or `nfs-common` (Debian/Ubuntu)
* OpenSSL 1.0.2+
* OpenSSL-devel 1.0.2+
* Python 3.4+
* `stunnel` 4.56+
- `rust` 1.68+
- `cargo`

## Optional

Expand All @@ -93,7 +92,7 @@ The `efs-utils` package has been verified against the following MacOS distributi

### On Amazon Linux distributions

For those using Amazon Linux or Amazon Linux 2, the easiest way to install `efs-utils` is from Amazon's repositories:
For those using Amazon Linux, the easiest way to install `efs-utils` is from Amazon's repositories:

```bash
$ sudo yum -y install amazon-efs-utils
Expand Down Expand Up @@ -121,7 +120,7 @@ Other distributions require building the package from source and installing it.
If the distribution is not OpenSUSE or SLES

```bash
$ sudo yum -y install git rpm-build make
$ sudo yum -y install git rpm-build make rust cargo openssl-devel
$ git clone https://github.com/aws/efs-utils
$ cd efs-utils
$ make rpm
Expand All @@ -132,7 +131,7 @@ Otherwise

```bash
$ sudo zypper refresh
$ sudo zypper install -y git rpm-build make
$ sudo zypper install -y git rpm-build make rust cargo openssl-devel
$ git clone https://github.com/aws/efs-utils
$ cd efs-utils
$ make rpm
Expand All @@ -152,13 +151,20 @@ sudo zypper refresh

```bash
$ sudo apt-get update
$ sudo apt-get -y install git binutils
$ sudo apt-get -y install git binutils rustc cargo pkg-config libssl-dev
$ git clone https://github.com/aws/efs-utils
$ cd efs-utils
$ ./build-deb.sh
$ sudo apt-get -y install ./build/amazon-efs-utils*deb
```

If your Debian distribution doesn't provide a rust or cargo package, or your distribution provides versions
that are older than 1.68, then you can install rust and cargo through rustup:
```bash
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
. "$HOME/.cargo/env"
```

### On MacOS Big Sur, macOS Monterey, macOS Sonoma and macOS Ventura distribution

For EC2 Mac instances running macOS Big Sur, macOS Monterey, macOS Sonoma and macOS Ventura, you can install amazon-efs-utils from the
Expand Down Expand Up @@ -194,8 +200,10 @@ $ make test
## Usage

### mount.efs
`efs-utils` includes a mount helper utility, `mount.efs`, that simplifies and improves the performance of EFS file system mounts.

`efs-utils` includes a mount helper utility to simplify mounting and using EFS file systems.
`mount.efs` launches a proxy process that forwards NFS traffic from the kernel's NFS client to EFS.
This proxy is responsible for TLS encryption, and for providing improved throughput performance.

To mount with the recommended default options, simply run:

Expand Down Expand Up @@ -318,6 +326,16 @@ You can also enable stunnel debug logs with

Make sure to perform the failed mount again after running the prior commands before pulling the logs.

## Upgrading from efs-utils v1 to v2
Efs-utils v2.0.0 replaces stunnel, which provides TLS encryptions for mounts, with efs-proxy, a component built in-house at AWS.
Efs-proxy lays the foundation for upcoming feature launches at EFS.

To utilize the improved performance benefits of efs-proxy, you must re-mount any existing mounts.

Efs-proxy is not compatible with OCSP or Mac clients. In these cases, efs-utils will automatically revert back to using stunnel.

If you are building efs-utils v2.0.0 from source, then you need Rust and Cargo >= 1.68.

## Upgrading stunnel for RHEL/CentOS

By default, when using the EFS mount helper with TLS, it enforces certificate hostname checking. The EFS mount helper uses the `stunnel` program for its TLS functionality. Please note that some versions of Linux do not include a version of `stunnel` that supports TLS features by default. When using such a Linux version, mounting an EFS file system using TLS will fail.
Expand Down
Loading

0 comments on commit 0c5b52d

Please sign in to comment.