-
Notifications
You must be signed in to change notification settings - Fork 197
/
Copy pathamazon-efs-utils.spec
350 lines (271 loc) · 12.4 KB
/
amazon-efs-utils.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
#
# Copyright 2017-2018 Amazon.com, Inc. and its affiliates. All Rights Reserved.
#
# Licensed under the MIT License. See the LICENSE accompanying this file
# for the specific language governing permissions and limitations under
# the License.
#
%bcond_without check
%if 0%{?amzn1}
%global python_requires python36
%else
%global python_requires python3
%endif
%if 0%{?amzn1} || 0%{?rhel} == 6
%global with_systemd 0
%else
%global with_systemd 1
%endif
%if 0%{?dist:1}
%global platform %{dist}
%else
%if 0%{?suse_version}
%global platform .suse
%else
%global platform .unknown
%endif
%endif
%if 0%{?amzn} > 2
%global efs_bindir %{_sbindir}
%else
%global efs_bindir /sbin
%endif
%global proxy_name efs-proxy
%{?!include_vendor_tarball:%define include_vendor_tarball true}
Name : amazon-efs-utils
Version : 2.2.0
Release : 1%{platform}
Summary : This package provides utilities for simplifying the use of EFS file systems
Group : Amazon/Tools
License : MIT
URL : https://aws.amazon.com/efs
BuildArchitectures: x86_64 aarch64
Requires : nfs-utils
%if 0%{?amzn2}
Requires : stunnel5
%else
Requires : stunnel >= 4.56
%endif
Requires : %{python_requires}
Requires : openssl >= 1.0.2
Requires : util-linux
Requires : which
%if %{with_systemd}
BuildRequires : systemd
%{?systemd_requires}
%else
Requires(post) : /sbin/chkconfig
Requires(preun) : /sbin/service /sbin/chkconfig
Requires(postun) : /sbin/service
%endif
# Conditional to allow building without
# rust installed with yum
%bcond_without system_rust
# If yum provides rust and cargo
# use rpmbuild --with system_rust
%if %{with system_rust}
BuildRequires: cargo rust
%endif
BuildRequires: openssl-devel
Source0 : %{name}.tar.gz
%if "%{include_vendor_tarball}" == "true"
Source1 : %{proxy_name}-%{version}-vendor.tar.xz
Source2 : config.toml
%endif
%description
This package provides utilities for simplifying the use of EFS file systems
%global debug_package %{nil}
%prep
# If yum doesn't provides rust and cargo
# use rpmbuild --without system_rust
%if %{without system_rust}
source $HOME/.cargo/env || true
%endif
# Ensure cargo is installed
if ! command -v cargo &> /dev/null; then
echo "Error: cargo is not in PATH. Please install cargo."
exit 1
fi
# Ensure rustc is installed
if ! command -v rustc &> /dev/null; then
echo "Error: rustc is not PATH. Please install rustc."
exit 1
fi
%setup -n %{name}
mkdir -p %{_builddir}/%{name}/src/proxy/.cargo
%if "%{include_vendor_tarball}" == "true"
cp %{SOURCE2} %{_builddir}/%{name}/src/proxy/.cargo/
tar xf %{SOURCE1}
mv vendor %{_builddir}/%{name}/src/proxy/
%endif
%build
cd %{_builddir}/%{name}/src/proxy
cargo build --release --manifest-path %{_builddir}/%{name}/src/proxy/Cargo.toml
%install
mkdir -p %{buildroot}%{_sysconfdir}/amazon/efs
%if %{with_systemd}
mkdir -p %{buildroot}%{_unitdir}
install -p -m 644 %{_builddir}/%{name}/dist/amazon-efs-mount-watchdog.service %{buildroot}%{_unitdir}
%else
mkdir -p %{buildroot}%{_sysconfdir}/init
install -p -m 644 %{_builddir}/%{name}/dist/amazon-efs-mount-watchdog.conf %{buildroot}%{_sysconfdir}/init
%endif
mkdir -p %{buildroot}%{efs_bindir}
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_localstatedir}/log/amazon/efs
mkdir -p %{buildroot}%{_mandir}/man8
install -p -m 644 %{_builddir}/%{name}/dist/efs-utils.conf %{buildroot}%{_sysconfdir}/amazon/efs
install -p -m 444 %{_builddir}/%{name}/dist/efs-utils.crt %{buildroot}%{_sysconfdir}/amazon/efs
install -p -m 755 %{_builddir}/%{name}/src/mount_efs/__init__.py %{buildroot}%{efs_bindir}/mount.efs
install -p -m 755 %{_builddir}/%{name}/src/watchdog/__init__.py %{buildroot}%{_bindir}/amazon-efs-mount-watchdog
install -p -m 644 %{_builddir}/%{name}/man/mount.efs.8 %{buildroot}%{_mandir}/man8
install -p -m 755 %{_builddir}/%{name}/src/proxy/target/release/efs-proxy %{buildroot}%{efs_bindir}/efs-proxy
%files
%defattr(-,root,root,-)
%if %{with_systemd}
%{_unitdir}/amazon-efs-mount-watchdog.service
%else
%config(noreplace) %{_sysconfdir}/init/amazon-efs-mount-watchdog.conf
%endif
%{_sysconfdir}/amazon/efs/efs-utils.crt
%{efs_bindir}/mount.efs
%{efs_bindir}/efs-proxy
%{_bindir}/amazon-efs-mount-watchdog
/var/log/amazon
%{_mandir}/man8/mount.efs.8.gz
%config(noreplace) %{_sysconfdir}/amazon/efs/efs-utils.conf
%if %{with_systemd}
%post
%systemd_post amazon-efs-mount-watchdog.service
%preun
%systemd_preun amazon-efs-mount-watchdog.service
%postun
%systemd_postun_with_restart amazon-efs-mount-watchdog.service
%else
%preun
if [ $1 -eq 0 ]; then
/sbin/stop amazon-efs-mount-watchdog &> /dev/null || true
fi
%postun
if [ $1 -eq 1 ]; then
/sbin/restart amazon-efs-mount-watchdog &> /dev/null || true
fi
%endif
%clean
%changelog
* Wed Nov 13 2024 Anthony Tse <anthotse@amazon.com> - 2.2.0
- Use region-specific domain suffixes for dns endpoints where missing
- Merge PR #211 - Amend Debian control to use binary architecture
* Wed Sep 18 2024 Julie Rakas <jrakas@amazon.com> - 2.1.0
- Add mount option for specifying region
- Add new ISO regions to config file
* Tue Jun 25 2024 Anthony Tse <anthotse@amazon.com> - 2.0.4
- Add retry logic to and increase timeout for EC2 metadata token retrieval requests
* Tue Jun 18 2024 Arnav Gupta <arnavgup@amazon.com> - 2.0.3
- Upgrade py version
- Replace deprecated usage of datetime
* Mon May 20 2024 Anthony Tse <anthotse@amazon.com> - 2.0.2
- Check for efs-proxy PIDs when cleaning tunnel state files
- Add PID to log entries
* Tue Apr 23 2024 Ryan Stankiewicz <rjstank@amazon.com> - 2.0.1
- Disable Nagle's algorithm for efs-proxy TLS mounts to improve latencies
* Mon Apr 08 2024 Ryan Stankiewicz <rjstank@amazon.com> - 2.0.0
- Replace stunnel, which provides TLS encryptions for mounts, with efs-proxy, a component built in-house at AWS. Efs-proxy lays the foundation for upcoming feature launches at EFS.
* Mon Mar 18 2024 Sean Zatz <zatzsea@amazon.com> - 1.36.0
- Support new mount option: crossaccount, conduct cross account mounts via ip address. Use client AZ-ID to choose mount target.
* Fri Feb 09 2024 Rakesh Yelisetty <rakeshye@amazon.com> - 1.35.2
- Revert "Add warning if using older Version"
- Support MacOS Sonoma
* Wed Jan 10 2024 Sean Zatz <zatsea@amazon.com> - 1.35.1
- Add 'fsap' to ignored mount option list
- Accept openssl 3.0 in rpm spec file
- Watchdog now prints a log message if efs-utils is on an old version
- Regenerate the private key if the file is empty
* Wed Mar 15 2023 Soyeon Ju <mjsoyeon@amazon.com> - 1.35.0
- Support MacOS Ventura, Oracle8 distribution
- Add debug statement for size of state file write
- Add parameters in mount options for assume web role with web identity
* Wed Jan 4 2023 Ryan Stankiewicz <rjstank@amazon.com> - 1.34.5
- Watchdog detect empty private key and regenerate
- Update man page
- Avoid redundant get_target_region call
- Handle invalid mount point name
* Tue Dec 13 2022 Ryan Stankiewicz <rjstank@amazon.com> - 1.34.4
- Fix potential tlsport selection collision by using state file as tlsport lock file.
* Thu Dec 1 2022 Preetham Puneeth Munipalli <tmunipre@amazon.com> - 1.34.3
- Fix potential tlsport selection race condition by closing socket right before establishing stunnel
- Fix stunnel constantly restart issue when upgrading from 1.32.1 and before version to latest version
- Speed up the way to check network availability by using systemctl is-active
* Tue Nov 22 2022 Preetham Puneeth Munipalli <tmunipre@amazon.com> - 1.34.2
- Fix potential issue on AL2 when watchdog trying to restart stunnel for the TLS mounts that existing before upgrade
* Thu Sep 29 2022 Preetham Puneeth Munipalli <tmunipre@amazon.com> - 1.34.1
- Update Amazon Linux 2 platform to use namespaced stunnel5
* Thu Sep 1 2022 Yuan Gao <ygaochn@amazon.com> - 1.33.4
- Fix potential issue where watchdog sending signal to incorrect processes.
- Add support for enabling FIPS mode for both stunnel and AWS API calls.
* Wed Jul 13 2022 Yuan Gao <ygaochn@amazon.com> - 1.33.3
- Fix potential stunnel hanging issue caused by full subprocess PIPE filled by stunnel log.
* Mon Jun 6 2022 Yuan Gao <ygaochn@amazon.com> - 1.33.2
- Fix the incorrect path to generate read_ahead_kb config file.
- Bump the default tls port range from 400 to 1000.
* Fri May 6 2022 Yuan Gao <ygaochn@amazon.com> - 1.33.1
- Enable mount process to retry on failed or timed out mount.nfs command.
* Thu Apr 28 2022 Yuan Gao <ygaochn@amazon.com> - 1.32.2
- Fix potential race condition issue when stunnel creating pid file.
* Thu Mar 31 2022 Shivam Gupta <lshigupt@amazon.com> - 1.32.1
- Enable watchdog to check stunnel health periodically and restart hanging stunnel process when necessary.
- Fix potential race condition issue when removing lock files.
- Add efs-utils Support for MacOS Monterey EC2 instances.
* Tue Nov 23 2021 Jigar Dedhia <dedhiajd@amazon.com> - 1.31.3
- Add unmount_time and unmount_count to handle inconsistent mount reads
- Allow specifying fs_id in cloudwatch log group name
* Thu Jun 10 2021 Yuan Gao <ygaochn@amazon.com> - 1.31.2
- Handle the fallback to IMDSv1 call when either HTTPError or unknown exception is thrown
- Cleanup private key lock file at watchdog startup
* Thu May 06 2021 Yuan Gao <ygaochn@amazon.com> - 1.31.1
- Support new option: mounttargetip, enable mount file system to specific mount target ip address
- Support using botocore to retrieve and mount via file system mount target ip address when DNS resolution fails
- Use IMDSv2 by default to access instance metadata service
* Thu Apr 15 2021 Yue Wang <wangnyue@amazon.com> - 1.30.2
- Fix the throughput regression due to read_ahead configuration change on Linux distribution with kernel version 5.4.x and above
* Mon Mar 22 2021 Yuan Gao <ygaochn@amazon.com> - 1.30.1
- Support new option: az, enable mount file system to specific availability zone mount target
- Merge PR #84 on Github. Fix to use regional AWS STS endpoints instead of the global endpoint to reduce latency
* Mon Jan 25 2021 Yuan Gao <ygaochn@amazon.com> - 1.29.1
- Update the python dependency to python3
- Support SLES and OpenSUSE
* Thu Oct 8 2020 Yuan Gao <ygaochn@amazon.com> - 1.28.2
- Fix an issue where fs cannot be mounted with iam using instance profile when IMDSv2 is enabled
* Fri Sep 18 2020 Yuan Gao <ygaochn@amazon.com> - 1.28.1
- Introduce botocore to publish mount success/failure notification to cloudwatch log
- Revert stop emitting unrecognized init system supervisord if the watchdog daemon has already been launched by supervisor check
* Tue Aug 4 2020 Karthik Basavaraj <kbbasav@amazon.com> - 1.27.1
- Merge PR #60 on GitHub. Adds support for AssumeRoleWithWebIdentity
* Wed Jul 1 2020 Yuan Gao <ygaochn@amazon.com> - 1.26.3
- Fix an issue where watchdog crashed during restart because stunnel was killed and pid key was removed from state file
* Tue Jun 16 2020 Karthik Basavaraj <kbbasav@amazon.com> - 1.26.2
- Clean up stunnel PIDs in state files persisted by previous efs-csi-driver to ensure watchdog spawns a new stunnel after driver restarts.
- Fix an issue where fs cannot be mounted with tls using systemd.automount-units due to mountpoint check
* Tue May 26 2020 Yuan Gao <ygaochn@amazon.com> - 1.25.3
- Fix an issue where subprocess was not killed successfully
- Stop emitting unrecognized init system supervisord if the watchdog daemon has already been launched by supervisor
- Support Fedora
- Check if mountpoint is already mounted beforehand for tls mount
* Tue May 05 2020 Yuan Gao <ygaochn@amazon.com> - 1.25.2
- Fix the issue that IAM role name format is not correctly encoded in python3
- Add optional override for stunnel debug log output location
* Mon Apr 20 2020 Yuan Gao <ygaochn@amazon.com> - 1.25.1
- Create self-signed certificate for tls-only mount
* Tue Apr 7 2020 Yuan Gao <ygaochn@amazon.com> - 1.24.4
- Fix the malformed certificate info
* Fri Mar 27 2020 Yuan Gao <ygaochn@amazon.com> - 1.24.3
- Use IMDSv1 by default, and use IMDSv2 where required
* Tue Mar 10 2020 Yuan Gao <ygaochn@amazon.com> - 1.24.2
- List which as dependency
* Tue Mar 10 2020 Yuan Gao <ygaochn@amazon.com> - 1.24.1
- Enable efs-utils to source region from config file for sigv4 auth
- Fix the issue that stunnel bin exec cannot be found in certain linux distributions
* Tue Mar 03 2020 Yuan Gao <ygaochn@amazon.com> - 1.23.2
- Support new option: netns, enable file system to mount in given network namespace
- Support new option: awscredsuri, enable sourcing iam authorization from aws credentials relative uri
- List openssl and util-linux as package dependency for IAM/AP authorization and command nsenter to mount file system to given network namespace