โ11-02-2022 08:16 AM
Hi,
I want to mount an uncrypted AWS EFS in AWS Databricks. When I do:
mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport fs-abcdef.efs.region.amazonaws.com:/ /mnt/efs-uncrypted
I get this error:
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting fs-abcdef.efs.region.amazonaws.com:/
mount.nfs4: timeout set for Wed Nov 2 15:14:35 2022
mount.nfs4: trying text-based options 'nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,addr=...,clientaddr=...'
I have made sure my EFS is in the same Availability Zone and the same VPC as the EC2 created by Databricks.
Do you have ideas about what I could set up or configure to successfully mount my EFS?
If you need further information, please let me know.
I wish you a good day.
โ11-02-2022 11:55 PM
Hi @Augustin Griselโ , Could you please check https://docs.aws.amazon.com/efs/latest/ug/troubleshooting-efs-mounting.html , also, https://stackoverflow.com/questions/61648721/efs-mount-failing-with-mount-nfs4-access-denied-by-serv....
Also, try with different NFS version.
Please let us know if this helps.
โ11-06-2022 01:46 AM
Hi @Augustin Griselโ
Does @Debayan Mukherjeeโ response answer your question? If yes, would you be happy to mark it as best so that other members can find the solution more quickly?
We'd love to hear from you.
Thanks!
โ12-02-2022 08:25 AM
I'm also unable to mount an EFS drive from the Spark Driver.
In my setup, I use the following:
These are the errors:
# mount -t efs -o tls fs-0844e1ea16eb32797:/ efs
Failed to mount fs-0844e1ea16eb32797 because the network was not yet available, add "_netdev" to your mount options
# mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 10.115.12.239:/ efs
mount.nfs4: access denied by server while mounting 10.115.12.239:/
root@1201-184524-l5k7rc6p-10-115-25-109:/tmp#
I suspect the difference is that my Spark Driver uses an instance profile, and maybe I have not configured that properly for EFS. But I am not sure, b/c I started an ec2 instance manually with the same instance profile, and EFS access worked.
โ12-02-2022 08:44 AM
Running "dmesg", I see the following error:
[ 2403.606334] audit: type=1400 audit(1669997382.596:431): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=7607 comm="(ionclean)" flags="rw, rslave"
[ 2847.490460] audit: type=1400 audit(1669997826.464:441): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default-cgns" name="/tmp/efs/" pid=8093 comm="mount.nfs4" fstype="nfs4" srcname="10.115.12.239:/"
And noticed "lxc" is listed in the error. That stands for Linux Container. Which leads me to believe the EFS mount problems are, perhaps, related to how Databricks sets up its runtime using LXC.
Must be related to LXC permissions, somehow.
โ12-02-2022 08:46 AM
"To support NFS under LXC, some of the apparmor protections need to be lifted." (see https://theorangeone.net/posts/mount-nfs-inside-lxc/)
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโt want to miss the chance to attend and share knowledge.
If there isnโt a group near you, start one and help create a community that brings people together.
Request a New Group