feat: Add support to setup stack with AWS EFS-based mounts (#159)

IllumiDesk · Jun 24, 2020 · d50d311 · d50d311
1 parent 82bb671
commit d50d311
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -210,6 +210,13 @@ Three `nbgrader_config.py` files should exist:
 
 4. For this setup, the deployment configuration is defined primarily with `docker-compose.yml`.
 
+5. Cloud specific setup options by specifying settings in the `hosts` file. For now, these options are specific to `AWS EFS` mounts. This allows administrators to leverage AWS's EFS service for additional data redundancy, security, and sharing options. Shared file systems are particularly helpful when using a setup with multiple hosts such as with Docker Swarm or Kubernetes since the user's container may launch on any available virtual machine (host). To enable and use EFS, update the following `hosts` file variables:
+
+- **aws_efs_enabled (Required)**: set to true to enable mounts with AWS EFS, defaults to `false`.
+- **aws_region (Required)**: the AWS region where the EFS service is running, defaults to `us-west-2`.
+- **efs_id (Required)**: and existing AWS EFS identifier, for example `fs-0726eyyd`. Defaults to an empty string.
+- **mnt_root (Recommended)**: if you test without NFS-based mounts and then mount an existing folder to an NFS-based shared directory, then you run the risk of losing your files. Change this value to use a folder other than the default `/mnt` directory to either another directory or a sub-directory within the `/mnt` directory, such as `/mnt/efs/fs1`.
+
 ### Build the Stack
 
 The following docker images are created/pulled with this setup:

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
@@ -47,6 +47,15 @@ jupyter_notebook_config: "{{ jupyter_notebook_config_param | default('jupyter_no
 # Mount directories
 mnt_root: "{{ mnt_root_param | default('/mnt') }}"
 
+# Mount with AWS EFS
+aws_efs_enabled: "{{ aws_efs_enabled_param | default('false') }}"
+
+# Specify the EFS id
+efs_id: "{{ efs_id_param | default('') }}"
+
+# Specify the AWS region (used for EFS mounts)
+aws_region: "{{ aws_region_param | default('us-west-2') }}"
+
 # Postgres for notebooks labs
 postgres_labs_enabled: "{{ postgres_labs_enabled_param | default('false') }}"
 

diff --git a/ansible/hosts.example b/ansible/hosts.example
@@ -34,6 +34,20 @@ all:
       # users to connect to a shared postgres container (useful for lab environments)
       # postgres_labs_enabled: true
 
+      ## NFS/EFS settings
+      # uncomment and set to true to enable mounts with aws efs, defaults to false
+      # aws_efs_enabled: true
+
+      # uncomment and specify the efs id for your AWS EFS service, defaults to an empty string
+      # efs_id:
+
+      # uncomment and confirm your aws region, defaults to us-west-2
+      # aws_region: us-west-2
+
+      # uncomment and set mount directory a subdirectory within the /mnt directory, such as
+      # /mnt/efs/fs1, to reduce the risk of overwriting content that may already exist in /mnt
+      # mnt_root: /mnt/efs/fs1
+
       ## Authentication settings
       #-------------------
 
@@ -42,8 +56,6 @@ all:
       #   lti11_enabled and lti13_enabled are mutually exclusive, therefore
       #   set one to true to enable the desired lti auth standard.
 
-
-
       ### LTI 1.1
       #-------------------
 
@@ -79,5 +91,3 @@ all:
       # lti13_endpoint: https://illumidesk.instructure.com/api/lti/security/jwks
       # lti13_token_url: https://illumidesk.instructure.com/login/oauth2/token
       # lti13_authorize_url: https://illumidesk.instructure.com/api/lti/authorize_redirect
-
-
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
@@ -1,5 +1,5 @@
 # Default to python3
-- name: install python for Ansible
+- name: install python for ansible
   raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
   changed_when: False
 - setup: # noqa 502
@@ -46,6 +46,30 @@
   with_items:
     - { dest: "{{ mnt_root }}", mode: '0755', owner: 'root', group: 'root' }
 
+- name: ensure rpcbind service is running
+  service:
+    name: rpcbind
+    state: started
+    enabled: yes
+  when: aws_efs_enabled|bool
+
+- name: get current availability zone from aws
+  uri:
+    url: http://169.254.169.254/latest/meta-data/placement/availability-zone
+    return_content: yes
+  register: _aws_current_az
+  when: aws_efs_enabled|bool
+
+- name: mount efs volume
+  mount:
+    backup: "yes"
+    name: "{{ mnt_root }}"
+    src: "{{ _aws_current_az.content }}.{{ efs_id }}.efs.{{ aws_region }}.amazonaws.com:/"
+    fstype: nfs4
+    opts: "nfsvers=4.1"
+    state: mounted
+  when: aws_efs_enabled|bool
+
 - name: create directories within mount/nfs directory
   file:
     path: "{{ item.dest }}"
@@ -60,7 +84,7 @@
     - { dest: "{{ mnt_root }}/{{ org_name }}/home/grader-{{ course_id }}/.jupyter", mode: '0755', owner: '10001', group: '100' }
     - { dest: "{{ mnt_root }}/{{ org_name }}/home/grader-{{ course_id }}/{{ course_id }}", mode: '0755', owner: '10001', group: '100' }
 
-- name: add Docker gpg apt key
+- name: add docker gpg apt key
   apt_key:
     url: https://download.docker.com/linux/ubuntu/gpg
     state: present