Terraform：如何将 EFS 访问点安装到 EC2？

Question

我的目标是在 EFS 上安装一些 python 包并将其连接到我的 Lambda。现在我正在将 EFS 安装到 EC2 实例并安装某些库，例如 numpy。整个基础设施是在 Terraform 中定义的。

\n

部署（terraform apply）后，所有资源都已部署，没有任何问题，但似乎访问点目录不存在。我在aws_efs_access_point中定义了它，并将根目录设置为/access，因此当我在 EC2 上挂载 EFS 时，/home/ubuntu/mount-point我预计它/access会出现在该目录中，如本例所示。但它不见了。

\n

除最后一个资源外，所有资源均已创建，没有任何例外。我错过了什么吗？

\n

日志：（更详细的日志在最后发布）

\n

\n
1. 回复cd mount-point/access：
\n

\n

null_resource.configure_nfs (remote-exec): /tmp/terraform_1300245673.sh: 17: cd: can\'t cd to access\n

\n

\n
2. 将 python 库移动到不存在的目录时出现 PermissionError：
\n

\n

null_resource.configure_nfs (remote-exec): PermissionError: [Errno 13] Permission denied: \'/home/ubuntu/mount-point/access\'\n\xe2\x95\xb7\n\xe2\x94\x82 Error: remote-exec provisioner error\n\xe2\x94\x82\n\xe2\x94\x82   on main.tf line 133, in resource "null_resource" "configure_nfs":\n\xe2\x94\x82  133:   provisioner "remote-exec" {\n\xe2\x94\x82\n\xe2\x94\x82 error executing "/tmp/terraform_1300245673.sh": Process exited with status 2\n\xe2\x95\xb5\n

\n

我不太确定 EFS 是否已成功安装。“sudo mount -t nfs4 (...)”并没有真正返回任何响应。

\n

main.tf的内容：

\n

provider "aws" {\n  region = var.region\n}\n\nresource "aws_default_vpc" "default" {}\n\nresource "aws_security_group" "ec2_security_group" {\n  name        = "ec2_security_group"\n  description = "Allow SSH and HTTP"\n  vpc_id      = aws_default_vpc.default.id\n  ingress {\n    description = "SSH from VPC"\n    from_port   = 22\n    to_port     = 22\n    protocol    = "tcp"\n    cidr_blocks = ["0.0.0.0/0"]\n    }\n  ingress {\n    description = "EFS mount target"\n    from_port   = 2049\n    to_port     = 2049\n    protocol    = "tcp"\n    cidr_blocks = ["0.0.0.0/0"]\n    }\n  ingress {\n    description = "HTTP from VPC"\n    from_port   = 80\n    to_port     = 80\n    protocol    = "tcp"\n    cidr_blocks = ["0.0.0.0/0"]\n    }\n  egress {\n    from_port   = 0\n    to_port     = 0\n    protocol    = "-1"\n    cidr_blocks = ["0.0.0.0/0"]\n  }\n}\n\nresource "tls_private_key" "key" {\n  algorithm = "RSA"\n  rsa_bits  = 4096\n}\n\nresource "aws_key_pair" "generated_key" {\n  key_name   = "ec2-efs-access-key"\n  public_key = tls_private_key.key.public_key_openssh\n}\n\nresource "aws_instance" "ec2-instance-with-efs" {\n  ami                    = "ami-0b1deee75235aa4bb"\n  security_groups = [aws_security_group.ec2_security_group.name]\n  instance_type          = "t2.micro"\n\n  key_name = aws_key_pair.generated_key.key_name\n}\n\nresource "aws_efs_file_system" "efs" {}\n\nresource "aws_efs_mount_target" "mount" {\n  file_system_id = aws_efs_file_system.efs.id\n  subnet_id      = aws_instance.ec2-instance-with-efs.subnet_id\n  security_groups = [aws_security_group.ec2_security_group.id]\n}\n\nresource "aws_efs_access_point" "access-point" {\n  file_system_id = aws_efs_file_system.efs.id\n\n  posix_user {\n    gid = 1000\n    uid = 1000\n  }\n\n  root_directory {\n    path = "/access"\n    creation_info {\n      owner_gid   = 1000\n      owner_uid   = 1000\n      permissions = "0777"\n    }\n  }\n}\n\nresource "null_resource" "configure_nfs" {\n  depends_on = [aws_efs_mount_target.mount]\n  connection {\n    type     = "ssh"\n    user     = "ubuntu"\n    private_key = tls_private_key.key.private_key_pem\n    host     = aws_instance.ec2-instance-with-efs.public_ip\n  }\n  provisioner "remote-exec" {\n    inline = [\n      "sudo apt-get update -y",\n      "sudo apt-get install nfs-common -y",\n      "sudo apt-get install python3.8 -y",\n      "sudo apt-get install python3-pip -y",\n      "python --version",\n      "python3 --version",\n      "echo ${aws_efs_file_system.efs.dns_name}",\n      "ls -la",\n      "pwd",\n      "sudo mkdir -p mount-point",\n      "ls -la",\n      "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport ${aws_efs_file_system.efs.dns_name}:/ mount-point",\n      "ls",\n      "cd mount-point",\n      "ls",\n      "cd access",\n      "sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1",\n      "sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 2",\n      "printf \'2\\n\' | sudo update-alternatives --config python3",\n      "pwd",\n      "ls -la",\n      "echo \'Python version:\'",\n      "python3 --version",\n      "pip3 install --upgrade --target access/ numpy --system"\n    ]\n  }\n}\n

\n

日志：

\n

Plan: 10 to add, 0 to change, 0 to destroy.\ntls_private_key.key: Creating...\naws_default_vpc.default: Creating...\naws_efs_file_system.efs: Creating...\ntls_private_key.key: Creation complete after 3s [id=80dd2cd196b9f026cf21076666e718ae75e6802d]\naws_key_pair.generated_key: Creating...\naws_key_pair.generated_key: Creation complete after 0s [id=ec2-efs-access-key]\naws_efs_file_system.efs: Creation complete after 6s [id=fs-91f47fca]\naws_efs_access_point.access-point: Creating...\naws_efs_access_point.access-point: Creation complete after 2s [id=fsap-0515864194da07104]\naws_default_vpc.default: Still creating... [10s elapsed]\naws_default_vpc.default: Creation complete after 13s [id=vpc-a7b5dbcd]\naws_security_group.ec2_security_group: Creating...\naws_security_group.ec2_security_group: Creation complete after 3s [id=sg-0dacec217adacc3dd]\naws_instance.ec2-instance-with-efs: Creating...\n...\naws_instance.ec2-instance-with-efs: Creation complete after 34s [id=i-0078c219f3e6e58e1]\naws_efs_mount_target.mount: Creating...\n...\naws_efs_mount_target.mount: Still creating... [1m20s elapsed]\naws_efs_mount_target.mount: Creation complete after 1m25s [id=fsmt-85ae45dd]\nnull_resource.configure_nfs: Creating...\nnull_resource.configure_nfs: Provisioning with \'remote-exec\'...\nnull_resource.configure_nfs (remote-exec): Connecting to remote host via SSH...\nnull_resource.configure_nfs (remote-exec):   Host: 18.195.16.239\nnull_resource.configure_nfs (remote-exec):   User: ubuntu\nnull_resource.configure_nfs (remote-exec):   Password: false\nnull_resource.configure_nfs (remote-exec):   Private key: true\nnull_resource.configure_nfs (remote-exec):   Certificate: false\nnull_resource.configure_nfs (remote-exec):   SSH Agent: false\nnull_resource.configure_nfs (remote-exec):   Checking Host Key: false\nnull_resource.configure_nfs (remote-exec):   Target Platform: unix\nnull_resource.configure_nfs (remote-exec): Connected!\nnull_resource.configure_nfs (remote-exec): /tmp/terraform_1300245673.sh: 6: /tmp/terraform_1300245673.sh: python: not found\nnull_resource.configure_nfs (remote-exec): Python 3.6.9\nnull_resource.configure_nfs (remote-exec): fs-81x47xca.efs.eu-central-1.amazonaws.com\nnull_resource.configure_nfs (remote-exec): total 32\nnull_resource.configure_nfs (remote-exec): drwxr-xr-x 5 ubuntu ubuntu 4096 Oct  7 20:25 .\nnull_resource.configure_nfs (remote-exec): drwxr-xr-x 3 root   root   4096 Oct  7 20:24 ..\nnull_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu  220 Apr  4  2018 .bash_logout\nnull_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 3771 Apr  4  2018 .bashrc\nnull_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct  7 20:25 .cache\nnull_resource.configure_nfs (remote-exec): drwx------ 3 ubuntu ubuntu 4096 Oct  7 20:25 .gnupg\nnull_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu  807 Apr  4  2018 .profile\nnull_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct  7 20:24 .ssh\nnull_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu    0 Oct  7 20:25 .sudo_as_admin_successful\nnull_resource.configure_nfs (remote-exec): /home/ubuntu\nnull_resource.configure_nfs (remote-exec): total 36\nnull_resource.configure_nfs (remote-exec): drwxr-xr-x 6 ubuntu ubuntu 4096 Oct  7 20:26 .\nnull_resource.configure_nfs (remote-exec): drwxr-xr-x 3 root   root   4096 Oct  7 20:24 ..\nnull_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu  220 Apr  4  2018 .bash_logout\nnull_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu 3771 Apr  4  2018 .bashrc\nnull_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct  7 20:25 .cache\nnull_resource.configure_nfs (remote-exec): drwx------ 3 ubuntu ubuntu 4096 Oct  7 20:25 .gnupg\nnull_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu  807 Apr  4  2018 .profile\nnull_resource.configure_nfs (remote-exec): drwx------ 2 ubuntu ubuntu 4096 Oct  7 20:24 .ssh\nnull_resource.configure_nfs (remote-exec): -rw-r--r-- 1 ubuntu ubuntu    0 Oct  7 20:25 .sudo_as_admin_successful\nnull_resource.configure_nfs (remote-exec): drwxr-xr-x 2 root   root   4096 Oct  7 20:26 mount-point\nnull_resource.configure_nfs (remote-exec): mount-point\nnull_resource.configure_nfs (remote-exec): /tmp/terraform_1300245673.sh: 17: cd: can\'t cd to access\nnull_resource.configure_nfs (remote-exec): update-alternatives: using /usr/bin/python3.6 to provide /usr/bin/python3 (python3) in auto mode\nnull_resource.configure_nfs (remote-exec): update-alternatives: using /usr/bin/python3.8 to provide /usr/bin/python3 (python3) in auto mode\nnull_resource.configure_nfs (remote-exec): There are 2 choices for the alternative python3 (providing /usr/bin/python3).\n\nnull_resource.configure_nfs (remote-exec):   Selection    Path                Priority   Status\nnull_resource.configure_nfs (remote-exec): ------------------------------------------------------------\nnull_resource.configure_nfs (remote-exec): * 0            /usr/bin/python3.8   2         auto mode\nnull_resource.configure_nfs (remote-exec):   1            /usr/bin/python3.6   1         manual mode\nnull_resource.configure_nfs (remote-exec):   2            /usr/bin/python3.8   2         manual mode\n\nnull_resource.configure_nfs (remote-exec): Press <enter> to keep the current choice[*], or type selection number: /home/ubuntu/mount-point\nnull_resource.configure_nfs (remote-exec): total 8\nnull_resource.configure_nfs (remote-exec): drwxr-xr-x 2 root   root   6144 Oct  7 20:23 .\nnull_resource.configure_nfs (remote-exec): drwxr-xr-x 6 ubuntu ubuntu 4096 Oct  7 20:26 ..\nnull_resource.configure_nfs (remote-exec): Python version:\nnull_resource.configure_nfs (remote-exec): Python 3.8.0\nnull_resource.configure_nfs (remote-exec): Collecting numpy\nnull_resource.configure_nfs (remote-exec):   Downloading https://files.pythonhosted.org/packages/18/d3/0b5dbf3dd99f6a645612dc8cd78c633130139d98afb5303a3ce09723609b/numpy-1.21.2-cp38-cp38-\nmanylinux_2_5_x86_64.manylinux1_x86_64.whl (14.1MB)\nnull_resource.configure_nfs (remote-exec):     100% |\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88| 14.1MB 96kB/s\nnull_resource.configure_nfs (remote-exec): Installing collected packages: numpy\nnull_resource.configure_nfs (remote-exec): Successfully installed numpy-1.21.2\nnull_resource.configure_nfs (remote-exec): Exception:\nnull_resource.configure_nfs (remote-exec): Traceback (most recent call last):\nnull_resource.configure_nfs (remote-exec):   File "/usr/lib/python3/dist-packages/pip/basecommand.py", line 215, in main\nnull_resource.configure_nfs (remote-exec):     status = self.run(options, args)\nnull_resource.configure_nfs (remote-exec):   File "/usr/lib/python3/dist-packages/pip/commands/install.py", line 406, in run\nnull_resource.configure_nfs (remote-exec):     ensure_dir(options.target_dir)\nnull_resource.configure_nfs (remote-exec):   File "/usr/lib/python3/dist-packages/pip/utils/__init__.py", line 83, in ensure_dir\nnull_resource.configure_nfs (remote-exec):     os.makedirs(path)\nnull_resource.configure_nfs (remote-exec):   File "/usr/lib/python3.8/os.py", line 221, in makedirs\nnull_resource.configure_nfs (remote-exec):     mkdir(name, mode)\nnull_resource.configure_nfs (remote-exec): PermissionError: [Errno 13] Permission denied: \'/home/ubuntu/mount-point/access\'\n\xe2\x95\xb7\n\xe2\x94\x82 Error: remote-exec provisioner error\n\xe2\x94\x82\n\xe2\x94\x82   on main.tf line 133, in resource "null_resource" "configure_nfs":\n\xe2\x94\x82  133:   provisioner "remote-exec" {\n\xe2\x94\x82\n\xe2\x94\x82 error executing "/tmp/terraform_1300245673.sh": Process exited with status 2\n\xe2\x95\xb5\n

\n

Answer 1

该错误是因为您仅为 root 设置了挂载点，而您尝试以ubuntu用户身份访问它，正如我在评论中所写。要修复该添加sudo chown ubuntu.ubuntu mount-point，将所有权mount-point授予ubuntu. 此外，文件夹access本身并不存在，因为它是在 EFS 级别而不是实例级别创建的。因此应该是：

resource "null_resource" "configure_nfs" {
  depends_on = [aws_efs_access_point.access-point, aws_efs_mount_target.mount]
  connection {
    type     = "ssh"
    user     = "ubuntu"
    private_key = tls_private_key.key.private_key_pem
    host     = aws_instance.ec2-instance-with-efs.public_ip
  }
  provisioner "remote-exec" {
    inline = [
      "sudo apt-get update -y",
      "sudo apt-get install nfs-common -y",
      "sudo apt-get install python3.8 -y",
      "sudo apt-get install python3-pip -y",
      "python --version",
      "python3 --version",
      "echo ${aws_efs_file_system.efs.dns_name}",
      "ls -la",
      "pwd",
      "sudo mkdir -p mount-point",
      "ls -la",
      "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport ${aws_efs_file_system.efs.dns_name}:/ mount-point",
      "ls",
      "sudo chown -R ubuntu.ubuntu mount-point",      
      "cd mount-point",
      "ls",
      "mkdir access",      
      "sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1",
      "sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 2",
      "printf '2\n' | sudo update-alternatives --config python3",
      "pwd",
      "ls -la",
      "echo 'Python version:'",
      "python3 --version",
      "pip3 install --upgrade --target ./access/ numpy --system"
    ]
  }
}