目的
- 複数台でデータ共有する
方法
- s3fsでS3バケットをマウントする
- goofysで実装したかったが、s3fsプラグインの開発が進んでいた為、s3fsに倒した。
- terraformとitamaeでprovisioning
前提
- terraform及びitamaeの設定は割愛
- バケットに対する接続制限はIAMロールを使用。設定は割愛
- VPCエンドポイントは未使用
環境
- terraform stable 0.9.2 (bottled)
- itamae (1.9.10)
- s3fs (Release verson 1.80)
設定
- terraform
s3_bucket.tf
resource "aws_s3_bucket" "<resouce-name>" {
bucket = "<bucket-name>"
acl = "private"
tags {
Name = "****"
Service = "****"
Environment = "****"
}
}
- itamaeの構成
cookbooks/s3fs/
├── <s3-bucket>
│ ├── s3fs-install.rb
│ └── file
│ └── etc
│ ├── fuse.conf
│ └── rc.d
│ └── rc.local
(snip)
s3fs-install.rb
package 'gcc' do
action :install
end
package 'libstdc++-devel' do
action :install
end
package 'gcc-c++' do
action :install
end
package 'fuse' do
action :install
end
package 'fuse-devel' do
action :install
end
package 'curl-devel' do
action :install
end
package 'libxml2-devel' do
action :install
end
package 'mailcap' do
action :install
end
package 'automake' do
action :install
end
package 'openssl-devel' do
action :install
end
execute "mkdir <mount-point>" do
command "mkdir -p <mount-point>"
not_if 'test -e <mount-point>'
end
execute "chown <mount-point>" do
command "sudo chown -R <user:group> <<mount-point>>"
end
execute "ln -s" do
command "ln -s <<mount-point>> <shares-file>"
not_if 'test -e <shares-file>'
end
execute "chown symbolic link" do
command "sudo chown -R <user:group> <shares-file>"
end
remote_file "/etc/rc.d/rc.local" do
source "file/etc/rc.d/rc.local"
end
execute "chown /etc/rc.d/rc.local" do
command "sudo chown root:root /etc/rc.d/rc.local"
end
execute "chmod /etc/rc.d/rc.local" do
command "sudo chmod 755 /etc/rc.d/rc.local"
end
execute "git clone" do
command "git clone https://github.com/s3fs-fuse/s3fs-fuse"
not_if 'test -e /home/ec2-user/s3fs-fuse'
end
execute "chown s3fs" do
command "sudo chown -R ec2-user:ec2-user /home/ec2-user/s3fs-fuse"
end
execute "s3fs-install" do
command "cd /home/ec2-user/s3fs-fuse;sudo ./autogen.sh"
not_if 'test -e /usr/bin/s3fs'
end
execute "s3fs-install" do
command "cd /home/ec2-user/s3fs-fuse;sudo ./configure --prefix=/usr --with-openssl"
not_if 'test -e /usr/bin/s3fs'
end
execute "chown s3fs" do
command "sudo chown -R ec2-user:ec2-user /home/ec2-user/s3fs-fuse"
end
execute "s3fs-install" do
command "cd /home/ec2-user/s3fs-fuse;make"
not_if 'test -e /usr/bin/s3fs'
end
execute "s3fs-install" do
command "cd /home/ec2-user/s3fs-fuse;sudo make install"
not_if 'test -e /usr/bin/s3fs'
end
remote_file "/etc/fuse.conf" do
source "file/etc/fuse.conf"
end
execute "chown fuse.conf" do
command "sudo chown <user:group> /etc/fuse.conf"
end
/etc/fuse.conf
# mount_max = 1000
# 一般ユーザで実行できるようアンコメント
user_allow_other
/etc/rc.d/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
# fstabではAPIコールできない為、起動時にスクリプトが実行されるタイミングでマウント
# debugはログにアクセスキーなどが吐かれるので非推奨
sudo -u <user> /usr/bin/s3fs <--debug> <s3-bucket> <mount-point> -o umask=022,rw,allow_other,uid=<id>,gid=<id>,iam_role=<role-name>