Enable watchdog to check stunnel health periodically and restart hang…

…ing stunnel process when necessary.

* Enable watchdog to check stunnel health periodically and restart hanging stunnel process when necessary.
* Fix potential race condition issue when removing lock files.
* Add efs-utils Support for MacOS Monterey EC2 instances.

.circleci/config.yml

@@ -49,7 +49,7 @@ commands:
       - run:
           name: Install package
           command: |
-            apt-get -y install ./build/amazon-efs-utils*deb
+            DEBIAN_FRONTEND=noninteractive apt-get -y install ./build/amazon-efs-utils*deb
       - run:
           name: Check installed successfully
           command: |
@@ -105,6 +105,13 @@ commands:
           name: Check changelog
           command: |
             rpm -q --changelog amazon-efs-utils
+  build-centos-repo:
+    steps:
+    - run:
+        name: change the mirrors to vault.centos.org
+        command: |
+          sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
+          sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
 jobs:
   test:
     parameters:
@@ -142,6 +149,16 @@ jobs:
       image: << parameters.image >>
     steps:
       - build-suse-rpm
+  build-centos-rpm-package:
+    parameters:
+      image:
+        type: string
+    executor:
+      name: linux
+      image: << parameters.image >>
+    steps:
+      - build-centos-repo
+      - build-rpm
 workflows:
   workflow:
     jobs:
@@ -163,12 +180,24 @@ workflows:
       - test:
           name: python34
           image: circleci/python:3.4.9
+      - build-deb-package:
+          name: ubuntu-latest
+          image: ubuntu:latest
       - build-deb-package:
           name: ubuntu16
           image: ubuntu:16.04
       - build-deb-package:
           name: ubuntu18
           image: ubuntu:18.04
+      - build-deb-package:
+          name: ubuntu20
+          image: ubuntu:20.04
+      - build-deb-package:
+          name: ubuntu21
+          image: ubuntu:21.04
+      - build-deb-package:
+          name: ubuntu22
+          image: ubuntu:22.04
       - build-deb-package:
           name: debian9
           image: debian:stretch
@@ -178,24 +207,30 @@ workflows:
       - build-deb-package:
           name: debian11
           image: debian:bullseye
+      - build-centos-rpm-package:
+          name: centos-latest
+          image: centos:latest
       - build-rpm-package:
           name: centos7
           image: centos:centos7
-      - build-rpm-package:
+      - build-centos-rpm-package:
           name: centos8
           image: centos:centos8
       - build-rpm-package:
           name: rocky8
           image: rockylinux/rockylinux:8
       - build-rpm-package:
-          name: almalinux8
-          image: almalinux:8
+          name: amazon-linux-latest
+          image: amazonlinux:latest
       - build-rpm-package:
           name: amazon-linux-2
           image: amazonlinux:2
       - build-rpm-package:
           name: amazon-linux
           image: amazonlinux:1
+      - build-rpm-package:
+          name: fedora-latest
+          image: fedora:latest
       - build-rpm-package:
           name: fedora28
           image: fedora:28
@@ -214,12 +249,27 @@ workflows:
       - build-rpm-package:
           name: fedora33
           image: fedora:33
+      - build-rpm-package:
+          name: fedora34
+          image: fedora:34
+      - build-rpm-package:
+          name: fedora35
+          image: fedora:35
+      - build-rpm-package:
+          name: fedora36
+          image: fedora:36
       - build-suse-rpm-package:
           name: opensuse-leap15.1
           image: opensuse/leap:15.1
       - build-suse-rpm-package:
           name: opensuse-leap15.2
           image: opensuse/leap:15.2
+      - build-suse-rpm-package:
+          name: opensuse-leap15.3
+          image: opensuse/leap:15.3
+      - build-suse-rpm-package:
+          name: opensuse-leap15.4
+          image: opensuse/leap:15.4
       - build-suse-rpm-package:
           name: opensuse-leap-latest
-          image: opensuse/leap:latest
+          image: opensuse/leap:latest

README.md

@@ -31,9 +31,10 @@ The `efs-utils` package has been verified against the following Linux distributi
 
 The `efs-utils` package has been verified against the following MacOS distributions:
 
-| Distribution | `init` System |
-| ------------ | ------------- |
-| MacOS Big Sur | `launchd` |
+| Distribution   | `init` System |
+| -------------- | ------------- |
+| MacOS Big Sur  | `launchd` |
+| MacOS Monterey | `launchd` |
 
 ## Prerequisites
 
@@ -116,16 +117,16 @@ $ ./build-deb.sh
 $ sudo apt-get -y install ./build/amazon-efs-utils*deb
 ```
 
-### On MacOS Big Sur distribution
+### On MacOS Big Sur and macOS Monterey distribution
 
-For EC2 Mac instances running macOS Big Sur, you can install amazon-efs-utils from the 
+For EC2 Mac instances running macOS Big Sur and macOS Monterey, you can install amazon-efs-utils from the 
 [homebrew-aws](https://github.com/aws/homebrew-aws) respository. **Note that this will ONLY work on EC2 instances
-running macOS Big Sur, not local Mac computers.**
+running macOS Big Sur and macOS Monterey, not local Mac computers.**
 ```
 brew install amazon-efs-utils
 ```
 
-This will install amazon-efs-utils on your EC2 Mac Instance running macOS Big Sur in the directory `/usr/local/Cellar/amazon-efs-utils`. At the end of the installation, it will print a set of commands that must be executed in order to start using efs-utils. The instructions that are printed after amazon-efs-utils and must be executed are:
+This will install amazon-efs-utils on your EC2 Mac Instance running macOS Big Sur and macOS Monterey in the directory `/usr/local/Cellar/amazon-efs-utils`. At the end of the installation, it will print a set of commands that must be executed in order to start using efs-utils. The instructions that are printed after amazon-efs-utils and must be executed are:
 
 ```
 Perform below actions to start using efs:
@@ -280,7 +281,9 @@ you can upgrade the botocore by following the [upgrade botocore section](#Upgrad
 sudo yum -y install wget
 ```
 ```bash
-if [[ "$(python3 -V 2>&1)" =~ ^(Python 3.5.*) ]]; then
+if [[ "$(python3 -V 2>&1)" =~ ^(Python 3.6.*) ]]; then
+    sudo wget https://bootstrap.pypa.io/3.6/get-pip.py -O /tmp/get-pip.py
+elif [[ "$(python3 -V 2>&1)" =~ ^(Python 3.5.*) ]]; then
     sudo wget https://bootstrap.pypa.io/3.5/get-pip.py -O /tmp/get-pip.py
 elif [[ "$(python3 -V 2>&1)" =~ ^(Python 3.4.*) ]]; then
     sudo wget https://bootstrap.pypa.io/3.4/get-pip.py -O /tmp/get-pip.py
@@ -294,7 +297,9 @@ sudo apt-get update
 sudo apt-get -y install wget
 ```
 ```bash
-if echo $(python3 -V 2>&1) | grep -e "Python 3.5"; then
+if echo $(python3 -V 2>&1) | grep -e "Python 3.6"; then
+    sudo wget https://bootstrap.pypa.io/3.6/get-pip.py -O /tmp/get-pip.py
+elif echo $(python3 -V 2>&1) | grep -e "Python 3.5"; then
     sudo wget https://bootstrap.pypa.io/3.5/get-pip.py -O /tmp/get-pip.py
 elif echo $(python3 -V 2>&1) | grep -e "Python 3.4"; then
     sudo wget https://bootstrap.pypa.io/3.4/get-pip.py -O /tmp/get-pip.py
@@ -348,7 +353,7 @@ sudo sed -i -e '/\[cloudwatch-log\]/{N;s/# enabled = true/enabled = true/}' /etc
 
 - For MacOS:
 ```bash
-sudo sed -i -e '/\[cloudwatch-log\]/{N;s/# enabled = true/enabled = true/;}' /usr/local/Cellar/amazon-efs-utils/<version>/etc/amazon/efs/efs-utils.conf
+sudo sed -i -e '/\[cloudwatch-log\]/{N;s/# enabled = true/enabled = true/;}' /usr/local/Cellar/amazon-efs-utils/<version>/libexec/etc/amazon/efs/efs-utils.conf
 ```
 You can also configure CloudWatch log group name and log retention days in the config file.
 If you want to have separate log groups in Cloudwatch for every mounted file system, add `/{fs_id}` to the end of the `log_group_name` field in `efs-utils.conf` file. For example, the `log_group_name` in `efs-utils.conf` file would look something like:

amazon-efs-utils.spec

@@ -18,20 +18,24 @@
 %global with_systemd 1
 %endif
 
-%if 0%{?is_opensuse}
-%global platform .opensuse
+%if 0%{?dist:1}
+%global platform %{dist}
 %else
-
-%if 0%{?sle_version}
+%if 0%{?suse_version}
 %global platform .suse
 %else
-%global platform %{dist}
+%global platform .unknown
+%endif
 %endif
 
+%if 0%{?amzn} > 2
+%global efs_bindir %{_sbindir}
+%else
+%global efs_bindir /sbin
 %endif
 
 Name      : amazon-efs-utils
-Version   : 1.31.3
+Version   : 1.32.1
 Release   : 1%{platform}
 Summary   : This package provides utilities for simplifying the use of EFS file systems
 
@@ -78,14 +82,14 @@ mkdir -p %{buildroot}%{_sysconfdir}/init
 install -p -m 644 %{_builddir}/%{name}/dist/amazon-efs-mount-watchdog.conf %{buildroot}%{_sysconfdir}/init
 %endif
 
-mkdir -p %{buildroot}/sbin
+mkdir -p %{buildroot}%{efs_bindir}
 mkdir -p %{buildroot}%{_bindir}
 mkdir -p %{buildroot}%{_localstatedir}/log/amazon/efs
 mkdir -p  %{buildroot}%{_mandir}/man8
 
 install -p -m 644 %{_builddir}/%{name}/dist/efs-utils.conf %{buildroot}%{_sysconfdir}/amazon/efs
 install -p -m 444 %{_builddir}/%{name}/dist/efs-utils.crt %{buildroot}%{_sysconfdir}/amazon/efs
-install -p -m 755 %{_builddir}/%{name}/src/mount_efs/__init__.py %{buildroot}/sbin/mount.efs
+install -p -m 755 %{_builddir}/%{name}/src/mount_efs/__init__.py %{buildroot}%{efs_bindir}/mount.efs
 install -p -m 755 %{_builddir}/%{name}/src/watchdog/__init__.py %{buildroot}%{_bindir}/amazon-efs-mount-watchdog
 install -p -m 644 %{_builddir}/%{name}/man/mount.efs.8 %{buildroot}%{_mandir}/man8
 
@@ -97,7 +101,7 @@ install -p -m 644 %{_builddir}/%{name}/man/mount.efs.8 %{buildroot}%{_mandir}/ma
 %config(noreplace) %{_sysconfdir}/init/amazon-efs-mount-watchdog.conf
 %endif
 %{_sysconfdir}/amazon/efs/efs-utils.crt
-/sbin/mount.efs
+%{efs_bindir}/mount.efs
 %{_bindir}/amazon-efs-mount-watchdog
 /var/log/amazon
 %{_mandir}/man8/mount.efs.8.gz
@@ -131,7 +135,12 @@ fi
 %clean
 
 %changelog
-* Thu Nov 23 2021 Jigar Dedhia <dedhiajd@amazon.com> - 1.31.3
+* Thu Mar 31 2022 Shivam Gupta <lshigupt@amazon.com> - 1.32.1
+- Enable watchdog to check stunnel health periodically and restart hanging stunnel process when necessary.
+- Fix potential race condition issue when removing lock files.
+- Add efs-utils Support for MacOS Monterey EC2 instances.
+
+* Tue Nov 23 2021 Jigar Dedhia <dedhiajd@amazon.com> - 1.31.3
 - Add unmount_time and unmount_count to handle inconsistent mount reads
 - Allow specifying fs_id in cloudwatch log group name
 

build-deb.sh

@@ -11,7 +11,7 @@ set -ex
 
 BASE_DIR=$(pwd)
 BUILD_ROOT=${BASE_DIR}/build/debbuild
-VERSION=1.31.3
+VERSION=1.32.1
 RELEASE=1
 DEB_SYSTEM_RELEASE_PATH=/etc/os-release
 

config.ini

@@ -7,5 +7,5 @@
 #
 
 [global]
-version=1.31.3
+version=1.32.1
 release=1

dist/amazon-efs-utils.control

@@ -1,6 +1,6 @@
 Package: amazon-efs-utils
 Architecture: all
-Version: 1.31.3
+Version: 1.32.1
 Section: utils
 Depends: python3, nfs-common, stunnel4 (>= 4.56), openssl (>= 1.0.2), util-linux
 Priority: optional

dist/efs-utils.conf

@@ -55,10 +55,6 @@ dns_name_suffix = amazonaws.com.cn
 dns_name_suffix = c2s.ic.gov
 stunnel_cafile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
-[mount.us-isob-east-1]
-dns_name_suffix = sc2s.sgov.gov
-stunnel_cafile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
-
 [mount-watchdog]
 enabled = true
 poll_interval_sec = 1
@@ -68,6 +64,11 @@ unmount_grace_period_sec = 30
 # Set client auth/access point certificate renewal rate. Minimum value is 1 minute.
 tls_cert_renewal_interval_min = 60
 
+# Periodically check the health of stunnel to make sure the connection is fully established
+stunnel_health_check_enabled = true
+stunnel_health_check_interval_min = 5
+stunnel_health_check_command_timeout_sec = 30
+
 [cloudwatch-log]
 # enabled = true
 log_group_name = /aws/efs/utils