diff --git a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/EC2-cloud_formation.yaml b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/EC2-cloud_formation.yaml index d6cdacf..6fce7d6 100644 --- a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/EC2-cloud_formation.yaml +++ b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/EC2-cloud_formation.yaml @@ -61,7 +61,7 @@ Metadata: SvmName: default: "SVM Name" Username: - default: "Username" + default: "ONTAP Username" DriveLetter: default: "Drive Letter (Windows Only)" CidrIp: @@ -115,14 +115,15 @@ Parameters: Description: SVM Name Username: Type: String - Description: Username to run under + Description: Username to run ONTAP APIs as. + Default: fsxadmin DriveLetter: Type: String Default: d Description: Drive Letter - valid for Windows only CidrIp: Type: String - Description: CIDR IP for SSH access to the instance + Description: CIDR IP for SSH or RDP access to the instance. MUST be a CIDR! LinuxUserDataUrl: Type: String Default: https://raw.githubusercontent.com/NetApp/FSx-ONTAP-samples-scripts/refs/heads/main/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh @@ -219,4 +220,4 @@ Resources: Outputs: InstanceId: Description: EC2 Instance ID - Value: !Ref MyEC2Instance \ No newline at end of file + Value: !Ref MyEC2Instance diff --git a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/README.md b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/README.md index 920b86c..5653b75 100644 --- a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/README.md +++ b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/README.md @@ -5,12 +5,13 @@ These sample scripts provide a way to launch an AWS EC2 instance with `user data volume and LUN, mount it to the instance, while installing all the needed libraries and resources. ## Notes -- LUN size will be set to 90% of the volume size, the remain space is needed for the the LUN managment operation. - This means that usuable volume size is 90% of the requestd size. -- The process might take several minutes to be compleetd. +- LUN size will be set to 90% of the volume size, the remaining space is needed for the LUN management operation. + This means that usable volume size is 90% of the requested size. +- The process might take several minutes to be complete. -## Set Up -1. Create an AWS SecretsManager secret to hold the password of the account you plan to use to authenicate to the FSxN file system with. +## Preperation + +1. Create an AWS SecretsManager secret to hold the password of the account you plan to use to authenticate to the FSxN file system with. The secret should be of type `other` with value set to `Plain Text` that holds just the password. 2. Create an AWS IAM role that has EC2 as the trusted entity and has permissions to read the secret value. Here is an example policy that will do that: ```json @@ -30,16 +31,33 @@ The secret should be of type `other` with value set to `Plain Text` that holds j ``` Replace the "Resource" ARN with the ARN of your secret. -3. Download the needed script according to the instance type you want to run (Linux or Windows). +## Deployment Options + +There are two ways to deploy an EC2 instance with the needed user data script: +1. Copy the CloudFormation template found in the repo [EC2-cloud_formation.yaml](EC2-cloud_formation.yaml) to you local machine and deploy a CloudFormation stack using it. CloudFormation will prompt you for all the required parameters. +2. Follow the instruction below to deploy an EC2 instance from the AWS console. + +## AWS console deployment + +1. Download the needed script according to the instance type you want to run. Either [linux_userData.sh](linux_userData.sh) +for a Linux distribution or [windows_userData.ps1](windows_userData.ps1) for Windows. The Linux script has been tested +with `Amazon Linux 2023`, `Ubuntu 24.04`, `Red Hat Enterprise Linux 10` and `Debian 13` distributions, +while the Windows script is designed for `Windows Server 2025 Base`. + + Note that since AWS has a 16KB limit for the user data the linux_userData.sh script is made up of the variable + assignment noted below, and a compressed, base64 encoded version of the `linux_userData_real.sh` script. When the + `linux_userData.sh` script is run, it will decode and uncompress what was the `linux_userData_real.sh` script + and run it. + + Once you have downloaded the script, open it in a text editor and set the required values as noted below. For the Linux version of the script, set the following values at the top of it: - - SECRET_NAME - Secret name has has the password for the `ONTAP-USER`. - - AWS_REGION - AWS secret manager region. + - SECRET_ARN - The ARN of the secret that has the password for the `ONTAP-USER`. - FSXN_ADMIN_IP - IP address, or hostname, of the FSxN management endpoint. - VOLUME_NAME - The name of the volume you want to create in your FSxN. - - VOLUME_SIZE - The size of the volume you want to create in GB e.g [100g] + - VOLUME_SIZE - The size of the volume you want to create in GB e.g [100] - SVM_NAME - The name of the SVM where the volume is to be created. - - ONTAP_USER - The ONTAP user id you wish to authenicate with. + - ONTAP_USER - The ONTAP user id you wish to authenticate with. For the Windows version of the script, set the following values at the top of it: - $secretId - secret ARN that holds the password for the `$user`. @@ -47,24 +65,21 @@ The secret should be of type `other` with value set to `Plain Text` that holds j - $volName - The name of the volume you want to create in your FSxN. - $volSize - The size of the volume you want to create in GB e.g [100] - $drive_letter - The drive letter to assign to the volume. - - $user - The ONTAP user id you wish to authenicate with. + - $user - The ONTAP user id you wish to authenticate with. - $svm_name - The name of the SVM where the volume is to be created. -4. Save the script file. +2. Save the script file. -## On AWS console EC2 - ### For Linux installation:
  1. Launch new instance
    1. Fill in the server name.
      2. -
    2. Select 'Amazon Linux'.
      3. -
    3. Under Amazon Machine Image select 'Amazon Linux 2023 AMI'.
      4. +
    4. Under the Quick Start tab select the Linux distribution of your choice. The supported distributions are: `Amazon Linux 2023`, `Ubuntu 24.04`, `Red Hat Enterprise Linux 10` and `Debian 13`
    5. Fill in the other settings based on your networking and business needs.
    6. Under 'Advanced details':
        -
      1. Set the 'IAM instance profile' to the policy you created in the steps above.
        2. +
      2. Set the 'IAM instance profile' to the policy you created in the preperation step above.
      3. At the bottom, under the 'User data' section, press 'choose file' and select the script saved above.
      7. @@ -73,7 +88,7 @@ The secret should be of type `other` with value set to `Plain Text` that holds j
    7. Launch the instance.
    -The installation log file can be found at: `/home/ec2-user/install.log`. +The installation log file can be found at: `/var/log/iscsi-install.log`. If an error occurs while the installation is running, the script will terminate and all installations and setup will roll back. ### For Windows installation: @@ -96,6 +111,24 @@ If an error occurs while the installation is running, the script will terminate
The installation log file can be found at: `C:\Users\Administrator\install.log`. -If an error occurs while the installation is running, a message will be inserted into the installation log file, it will attempt to roll back any work that it preformed, finally the script will terminate. +If an error occurs while the installation is running, a message will be inserted into the +installation log file, it will attempt to roll back any work that it preformed, finally the script will terminate. + +**Note:** It can take 10 to 15 minutes for the script to complete. Check the installation log file to confirm it is done. +The line `Uninstall script removed` should be at the bottom of the file when the script has finished. + +## Author Information + +This repository is maintained by the contributors listed on [GitHub](https://github.com/NetApp/FSx-ONTAP-samples-scripts/graphs/contributors). + +## License + +Licensed under the Apache License, Version 2.0 (the "License"). + +You may obtain a copy of the License at [apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0). + +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an _"AS IS"_ basis, without WARRANTIES or conditions of any kind, either express or implied. + +See the License for the specific language governing permissions and limitations under the License. -**Note:** It can take 20 to 30 minutes for the script to compplete. Check the installation log file to confirm it is done. The line `Uninstall script removed` should be at the bottom of the file when the script has finished. +© 2026 NetApp, Inc. All Rights Reserved. diff --git a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/build_linux_userData b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/build_linux_userData new file mode 100755 index 0000000..0601d01 --- /dev/null +++ b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/build_linux_userData @@ -0,0 +1,69 @@ +#!/bin/bash +# +# Since, for some reason, the maximum size of a EC2 User Data script is +# 16KB we have to compress the real script, with some logic to uncompress +# it on the EC2 instance when it is deployed, and then pass that as the +# user data content. +# +# This script is used to create the linux_userData.sh script from the +# linux_userData_real.sh file. +################################################################################ + +cat <<'EOF' > linux_userData.sh +#!/bin/bash +# +# Set the ARN of the secret that should contain just the password for the ONTAP admin user set below. +SECRET_ARN="" +# +# Set the FSx admin IP. +FSXN_ADMIN_IP="" +# +# Set the name of the volume to be created on the FSx for ONTAP file system. Note, volume names cannot have dashes in them. +VOLUME_NAME="" +# +# Set the volume size in GB. It should just be a number, without the 'GB' suffix. +VOLUME_SIZE= +# +# Set the SVM name. The default is 'fsx'. +SVM_NAME="fsx" +# +# Set the ONTAP admin user. The default is fsxadmin. +ONTAP_USER="fsxadmin" +# +################################################################################ +# **** You should not need to edit anything below this line **** +################################################################################ +# +# When called from the CloudFormation template, the parameters are passsed as +# arguments. +SECRET_ARN="${SECRET_ARN:=$1}" +FSXN_ADMIN_IP="${FSXN_ADMIN_IP:=$2}" +VOLUME_NAME="${VOLUME_NAME:=$3}" +VOLUME_SIZE="${VOLUME_SIZE:=$4}" +SVM_NAME="${5:-$SVM_NAME}" +ONTAP_USER="${6:-$ONTAP_USER}" +# +# Since AWS only allows up to 16KB for the user data script, the rest of this script +# will be the compressed version of the linux_userData_real.sh file, which will be +# uncompressed and executed on the EC2 instance when it is deployed. +cat < /tmp/linux_userData.sh +#!/bin/bash +export SECRET_ARN="$SECRET_ARN" +export FSXN_ADMIN_IP="$FSXN_ADMIN_IP" +export VOLUME_NAME="$VOLUME_NAME" +export VOLUME_SIZE="$VOLUME_SIZE" +export SVM_NAME="$SVM_NAME" +export ONTAP_USER="$ONTAP_USER" +EOF2 + +cat <> /tmp/linux_userData.sh +EOF + +cat linux_userData_real.sh | gzip -c | base64 >> linux_userData.sh + +cat <> linux_userData.sh +EOF3 + +chmod +x /tmp/linux_userData.sh +/tmp/linux_userData.sh +EOF4 diff --git a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh index ac4b468..cfb8d08 100755 --- a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh +++ b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh @@ -1,402 +1,134 @@ #!/bin/bash - -# user data -# Set the secret name and region -SECRET_NAME= -AWS_REGION= -# Set the FSx admin IP -FSXN_ADMIN_IP= -# Volume name -VOLUME_NAME= -# Volume size in GB +# +# Set the ARN of the secret that should contain just the password for the ONTAP admin user set below. +SECRET_ARN="" +# +# Set the FSx admin IP. +FSXN_ADMIN_IP="" +# +# Set the name of the volume to be created on the FSx for ONTAP file system. Note, volume names cannot have dashes in them. +VOLUME_NAME="" +# +# Set the volume size in GB. It should just be a number, without the 'GB' suffix. VOLUME_SIZE= -# SVM name (default: fsx) -SVM_NAME=fsx -# ONTAP admin user (default: fsxadmin) -ONTAP_USER=fsxadmin -# end - user data -SECRET_NAME="${SECRET_NAME:=$1}" -AWS_REGION="${AWS_REGION:=$2}" -FSXN_ADMIN_IP="${FSXN_ADMIN_IP:=$3}" -VOLUME_NAME="${VOLUME_NAME:=$4}" -VOLUME_SIZE="${VOLUME_SIZE:=$5}" -SVM_NAME="${6:-$SVM_NAME}" - -min=100 -max=999 -LUN_NAME=${VOLUME_NAME}_$(($RANDOM%($max-$min+1)+$min)) -# defaults -# Log file in ec2-user home -LOG_FILE=/home/ec2-user/install.log -TIMEOUT=5 - -LUN_SIZE=$(bc -l <<< "0.90*$VOLUME_SIZE" ) -echo "# Uninstall file" >> uninstall.sh -chmod u+x uninstall.sh - -function getSecretValue() { - secret_name=$1 - aws_region=$2 - SECRET_VALUE="$(aws secretsmanager get-secret-value \ - --secret-id "$secret_name" \ - --region "$aws_region" \ - --query 'SecretString' \ - --output text)" - - if [ $? -ne 0 ]; then - echo "Failed to retrieve the secret: $secret_name, Aborting." - exit 1 - fi -} -logMessage() { - echo "$(date) - $1" >> $LOG_FILE -} -checkCommand() { - if [ $? -ne 0 ]; then - logMessage "$1 failed. Aborting." - ./uninstall.sh - exit 1 - fi -} -addUndoCommand() { - sed -i "1i$1" uninstall.sh -} -invokeLambda() { - aws lambda invoke \ - --function-name "arn:aws:lambda:${AWS_REGION}:718273455463:function:reporting-monitoring-dashboard-usage" \ - --payload "$LAMBDA_PAYLOAD" \ - --cli-binary-format raw-in-base64-out \ - /home/ec2-user/lambda_response.json 2>/home/ec2-user/lambda_error.log -} -logMessage "Get secret data" -getSecretValue "${SECRET_NAME}" "${AWS_REGION}" -FSXN_PASSWORD="${SECRET_VALUE}" -logMessage "Secret data retrieved successfully" -commandDescription="Install linux iSCSI packages" -logMessage "${commandDescription}" -yum install -y device-mapper-multipath iscsi-initiator-utils -checkCommand "${commandDescription}" -addUndoCommand "yum remove -y device-mapper-multipath iscsi-initiator-utils" -commandDescription="Set multisession timeout from 120s to 5s" -logMessage "${commandDescription}" -sed -i 's/node.session.timeo.replacement_timeout = .*/node.session.timeo.replacement_timeout = 5/' /etc/iscsi/iscsid.conf; cat /etc/iscsi/iscsid.conf | grep node.session.timeo.replacement_timeout -cat /etc/iscsi/iscsid.conf | grep "node.session.timeo.replacement_timeout = 5" -checkCommand "${commandDescription}" -addUndoCommand "sed -i 's/node.session.timeo.replacement_timeout = .*/node.session.timeo.replacement_timeout = 120/' /etc/iscsi/iscsid.conf;" -commandDescription="Start iscsi service" -logMessage "${commandDescription}" -systemctl enable iscsid -systemctl start iscsid -checkCommand "${commandDescription}" -# check service status -isIscsciServiceRunning=$(systemctl is-active --quiet iscsid.service && echo "1" || echo "0") -if [ "$isIscsciServiceRunning" -eq 1 ]; then - logMessage "iscsi service is running" - addUndoCommand "systemctl --now disable iscsid.service" -else - logMessage "iscsi service is not running, aborting" - ./uninstall.sh -fi -commandDescription="Set multipath config for automatic failover" -logMessage "${commandDescription}" -mpathconf --enable --with_multipathd y -checkCommand "${commandDescription}" -addUndoCommand "mpathconf --disable" -# set Linux host initiator name -name=$(cat /etc/iscsi/initiatorname.iscsi) -initiatorName="${name:14}" -logMessage "initiatorName is: ${initiatorName}" -# Test connection to ONTAP -logMessage "Testing connection to ONTAP." -versionResponse=$(curl -m $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/cluster?fields=version") -if [[ "$versionResponse" == *"version"* ]]; then - logMessage "Connection to ONTAP is successful." -else - logMessage "Connection to ONTAP failed, aborting." - ./uninstall.sh -fi -# group name = hostname -groupName=$(hostname) -iGroupResult=$(curl -m $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/protocols/san/igroups?svm.name=$SVM_NAME&name=$groupName&initiators.name=$initiatorName&protocol=iscsi&os_type=linux") -initiatorExists=$(echo "${iGroupResult}" | jq '.num_records') -if [ "$initiatorExists" -eq 0 ]; then - logMessage "Initiator ${initiatorName} with group ${groupName} does not exist, creating it." - logMessage "Create initiator group for vserver: ${SVM_NAME} group: ${groupName} initiator: ${initiatorName}" - createGroupResult=$(curl -m $TIMEOUT -X POST -u "$ONTAP_USER":"$FSXN_PASSWORD" -H "Content-Type: application/json" -k "https://$FSXN_ADMIN_IP/api/protocols/san/igroups" -d '{ - "protocol": "iscsi", - "initiators": [ - { - "name": "'$initiatorName'" - } - ], - "os_type": "linux", - "name": "'$groupName'", - "svm": { - "name": "'$SVM_NAME'" - } - }') - iGroupResult=$(curl -m $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/protocols/san/igroups?svm.name=$SVM_NAME&name=$groupName&initiators.name=$initiatorName&protocol=iscsi&os_type=linux") - iGroupUuid=$(echo ${iGroupResult} | jq -r '.records[] | select(.name == "'$groupName'" ) | .uuid') - # Check if iGroup was created successfully - if [ -n "$iGroupUuid" ]; then - logMessage "Initiator group ${groupName} was created successfully with UUID: ${iGroupUuid}" - else - logMessage "Initiator group ${groupName} was not created, aborting" - ./uninstall.sh - fi - # Add undo for iGroup - addUndoCommand "curl -m $TIMEOUT -X DELETE -u \"$ONTAP_USER\":\"$FSXN_PASSWORD\" -k \"https://$FSXN_ADMIN_IP/api/protocols/san/igroups/$iGroupUuid\"" -else - logMessage "Initiator ${initiatorName} with group ${groupName} already exists, skipping creation." -fi - -instance_id=$(ec2-metadata -i | awk '{print $2}') -if [ -z "$instance_id" ]; then - instance_id="unknown" -fi - -logMessage "Create volume: ${SVM_NAME} vol: ${VOLUME_NAME} size: ${VOLUME_SIZE}g" -createVolumeResult=$(curl -m $TIMEOUT -X POST -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/storage/volumes" -d '{ - "name": "'$VOLUME_NAME'", - "size": "'$VOLUME_SIZE'g", - "state": "online", - "svm": { - "name": "'$SVM_NAME'" - }, - "aggregates": [{ - "name": "aggr1" - }], - "_tags": [ - "instanceId:'$instance_id'", - "hostName:'$(hostname)'", - "mountPoint:'$VOLUME_NAME'" - ] -}') -sleep 10 -jobId=$(echo "${createVolumeResult}" | jq -r '.job.uuid') -jobStatus=$(curl -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/cluster/jobs/$jobId") -jobState=$(echo "$jobStatus" | jq -r '.state') -if [ "$jobState" != "success" ]; then - logMessage "Volume creation job did not complete successfully, aborting" - jobError=$(echo "$jobStatus" | jq -r '.error') - logMessage "Error details: $jobError" - ./uninstall.sh -fi - -# validate volume creation -volumeResult=$(curl -m $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/storage/volumes?name=${VOLUME_NAME}&svm.name=${SVM_NAME}") -volumeUUid=$(echo "${volumeResult}" | jq -r '.records[] | select(.name == "'$VOLUME_NAME'" ) | .uuid') -if [ -n "$volumeUUid" ]; then - logMessage "Volume ${VOLUME_NAME} was created successfully with UUID: ${volumeUUid}" -else - logMessage "Volume ${VOLUME_NAME} was not created, aborting" - ./uninstall.sh -fi -addUndoCommand "curl -m $TIMEOUT -X DELETE -u \"$ONTAP_USER\":\"$FSXN_PASSWORD\" -k \"https://$FSXN_ADMIN_IP/api/storage/volumes/${volumeUUid}\"" - -logMessage "Create iscsi lun: ${SVM_NAME} vol: ${VOLUME_NAME} lun: ${LUN_NAME} size: ${LUN_SIZE}g (90% of volume)" -createLunResult=$(curl -m $TIMEOUT -X POST -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/storage/luns" -d '{ - "name": "'/vol/${VOLUME_NAME}/$LUN_NAME'", - "space": { - "size": "'$LUN_SIZE'GB", - "scsi_thin_provisioning_support_enabled": true - }, - "svm": { - "name": "'$SVM_NAME'" - }, - "os_type": "linux" -}') -lunResult=$(curl -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/storage/luns?fields=uuid&name=/vol/${VOLUME_NAME}/$LUN_NAME") -# Validate LUN creation -lunUuid=$(echo "${lunResult}" | jq -r '.records[] | select(.name == "'/vol/${VOLUME_NAME}/$LUN_NAME'" ) | .uuid') -if [ -n "$lunUuid" ]; then - logMessage "LUN ${LUN_NAME} was created successfully with UUID: ${lunUuid}" -else - logMessage "LUN ${LUN_NAME} was not created, aborting" - ./uninstall.sh -fi - -addUndoCommand "curl -m $TIMEOUT -X DELETE -u \"$ONTAP_USER\":\"$FSXN_PASSWORD\" -k \"https://$FSXN_ADMIN_IP/api/storage/luns/${lunUuid}\"" - -# LUN ID is mapping-specific, used by initiators as Logical Unit Number -logMessage "Create a mapping from the LUN you created to the igroup you created" - -lunMapResult=$(curl -m $TIMEOUT -X POST -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/protocols/san/lun-maps" -d '{ - "lun": { - "name": "/vol/'${VOLUME_NAME}'/'${LUN_NAME}'" - }, - "igroup": { - "name": "'${groupName}'" - }, - "svm": { - "name": "'${SVM_NAME}'" - }, - "logical_unit_number": 0 -}') -logMessage "Validate the lun mapping was created" - -getLunMap=$(curl -m $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/protocols/san/lun-maps?lun.name=/vol/${VOLUME_NAME}/${LUN_NAME}&igroup.name=${groupName}&svm.name=${SVM_NAME}") -lunGroupCreated=$(echo "${getLunMap}" | jq -r '.num_records') -if [ "$lunGroupCreated" -eq 0 ]; then - logMessage "LUN mapping was not created, aborting" - ./uninstall.sh -else - logMessage "LUN mapping was created successfully" -fi - -addUndoCommand "curl -m $TIMEOUT -X DELETE -u \"$ONTAP_USER\":\"$FSXN_PASSWORD\" -k \"https://$FSXN_ADMIN_IP/api/protocols/san/lun-maps?lun.name=/vol/${VOLUME_NAME}/${LUN_NAME}&igroup.name=${groupName}&svm.name=${SVM_NAME}\"" - -# Serial hex needed for readable block device name -getLunSerialNumberResult=$(curl -m $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/storage/luns?fields=serial_number") -serialNumber=$(echo "${getLunSerialNumberResult}" | jq -r '.records[] | select(.name == "'/vol/$VOLUME_NAME/$LUN_NAME'" ) | .serial_number') -serialHex=$(echo -n "${serialNumber}" | xxd -p) -if [ -z "$serialHex" ]; then - logMessage "Serial number for the LUN is not available, aborting" - ./uninstall.sh -fi - -logMessage "Get the iscsi interface addresses for the svm ${SVM_NAME}" -getInterfacesResult=$(curl -m $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/network/ip/interfaces?svm.name=$SVM_NAME&fields=ip") -iscsi1IP=$(echo "$getInterfacesResult" | jq -r '.records[] | select(.name == "iscsi_1") | .ip.address') -iscsi2IP=$(echo "$getInterfacesResult" | jq -r '.records[] | select(.name == "iscsi_2") | .ip.address') - -if [ -n "$iscsi1IP" ] && [ -n "$iscsi2IP" ]; then - iscsi1IP=$(echo ${iscsi1IP%/*}) - iscsi2IP=$(echo ${iscsi2IP%/*}) - logMessage "iscsi interface addresses for the svm ${SVM_NAME} are: ${iscsi1IP} and ${iscsi2IP}" -else - logMessage "iscsi interface addresses for the svm ${SVM_NAME} are not available, aborting" - ./uninstall.sh -fi - -logMessage "Discover the target iSCSI nodes, iscsi IP: ${iscsi1IP}" -iscsiadm --mode discovery --op update --type sendtargets --portal $iscsi1IP -checkCommand "${commandDescription}" -addUndoCommand "iscsiadm --mode discovery --op delete --type sendtargets --portal ${iscsi1IP}" -addUndoCommand "iscsiadm --mode discovery --op delete --type sendtargets --portal ${iscsi2IP}" - -logMessage "Getting target initiator" -targetInitiator=$(iscsiadm --mode discovery --op update --type sendtargets --portal $iscsi1IP | awk '{print $2}' | head -n 1) -logMessage "Target initiator is: ${targetInitiator}" - -# update sessions to 8 (optional) -#iscsiadm --mode node -T $targetInitiator --op update -n node.session.nr_sessions -v 8 -# Login to target initiators - iSCSI LUNs presented as disks -logMessage "Log into target initiator: ${targetInitiator}" -iscsiadm --mode node -T $targetInitiator --login -addUndoCommand "iscsiadm --mode node -T $targetInitiator --logout" - -# Add the following section to the /etc/multipath.conf file: -# multipaths { -# multipath { -# wwid 3600a0980${serialHex} -# alias ${VOLUME_NAME} -# } -# } -# Assign block device name -logMessage "Update /etc/multipath.conf file, Assign name to block device." -cp /etc/multipath.conf /etc/multipath.conf_backup - -SERIAL_HEX=$serialHex -ALIAS=$VOLUME_NAME -CONF=/etc/multipath.conf -chmod o+rw $CONF -grep -q '^multipaths {' $CONF -UNCOMMENTED=$? -if [ $UNCOMMENTED -eq 0 ]; then - sed -i '/^multipaths {/a\\tmultipath {\n\t\twwid 3600a0980'"${SERIAL_HEX}"'\n\t\talias '"${ALIAS}"'\n\t}\n' $CONF -else - printf "multipaths {\n\tmultipath {\n\t\twwid 3600a0980$SERIAL_HEX\n\t\talias $ALIAS\n\t}\n}" >> $CONF -fi - -fileContent="$(cat $CONF)" -logMessage "Updated /etc/multipath.conf file content: $fileContent" - -commandDescription="Restart multipathd for /etc/multipathd.conf changes" -logMessage "${commandDescription}" -systemctl restart multipathd.service -checkCommand "${commandDescription}" -addUndoCommand "cp /etc/multipath.conf_backup /etc/multipath.conf" -addUndoCommand "systemctl restart multipathd.service" - -logMessage "Checking if the new partition exists." -timeout=90 -interval=5 -elapsed=0 - -while [ $elapsed -lt $timeout ]; do - if [ -e "/dev/mapper/$VOLUME_NAME" ]; then - logMessage "The device $VOLUME_NAME exists." - break - fi - sleep $interval - elapsed=$((elapsed + interval)) -done -if [ ! -e "/dev/mapper/$VOLUME_NAME" ]; then - logMessage "The device $VOLUME_NAME does not exists. Exiting." - ./uninstall.sh - exit 1 -fi - -# Partition the LUN -# mount the LUN on Linux client -# Create mount point directory -directory_path=mnt -mount_point=$VOLUME_NAME - -commandDescription="Create mount point /${directory_path}/${mount_point}" -logMessage "${commandDescription}" -mkdir /$directory_path/$mount_point -checkCommand "${commandDescription}" -addUndoCommand "rm -rf /$directory_path/$mount_point" -# volume_name = friendly device name from multipath.conf -commandDescription="Create file system for /dev/mapper/${ALIAS}" -logMessage "${commandDescription}" -mkfs.ext4 /dev/mapper/$ALIAS -checkCommand "${commandDescription}" - -commandDescription="Mount the file system" -logMessage "${commandDescription}" -mount -t ext4 /dev/mapper/$ALIAS /$directory_path/$mount_point -checkCommand "${commandDescription}" -addUndoCommand "umount /$directory_path/$mount_point" -# verify read/write access -commandDescription="Verify read/write access" -logMessage "${commandDescription}" -echo "test mount iscsci" > /$directory_path/$mount_point/testIscsi.txt -cat /$directory_path/$mount_point/testIscsi.txt -checkCommand "${commandDescription}" -rm /$directory_path/$mount_point/testIscsi.txt - -logMessage "FSXn iSCSI volume mount successful." -# Add mount to /etc/fstab -commandDescription="Add mount to /etc/fstab" -logMessage "${commandDescription}" -echo "/dev/mapper/$ALIAS /$directory_path/$mount_point ext4 defaults,_netdev 0 0" >> /etc/fstab -checkCommand "${commandDescription}" -addUndoCommand "sed -i '/\/dev\/mapper\/$ALIAS \/mnt\/$mount_point ext4 defaults,_netdev 0 0/d' /etc/fstab" - -# Report usage -logMessage "Report usage" -logMessage "Attempting Lambda invoke" -LAMBDA_PAYLOAD='{"ResourceProperties":{"Source":"Deploy_EC2_Wizard","Region":"'$AWS_REGION'"},"RequestType":"CLI"}' - -# Try Lambda invoke -invokeLambda -if [ $? -ne 0 ] && grep -q "initializing" /home/ec2-user/lambda_error.log 2>/dev/null; then - logMessage "Lambda initializing, retrying in 10s..." - sleep 10 - invokeLambda -fi - -# Check final result -if [ $? -eq 0 ]; then - logMessage "Usage reporting completed successfully" -else - logMessage "Usage reporting failed" -fi - -# End -logMessage "Script completed successfully." - -rm -f uninstall.sh \ No newline at end of file +# +# Set the SVM name. The default is 'fsx'. +SVM_NAME="fsx" +# +# Set the ONTAP admin user. The default is fsxadmin. +ONTAP_USER="fsxadmin" +# +################################################################################ +# **** You should not need to edit anything below this line **** +################################################################################ +# +# When called from the CloudFormation template, the parameters are passsed as +# arguments. +SECRET_ARN="${SECRET_ARN:=$1}" +FSXN_ADMIN_IP="${FSXN_ADMIN_IP:=$2}" +VOLUME_NAME="${VOLUME_NAME:=$3}" +VOLUME_SIZE="${VOLUME_SIZE:=$4}" +SVM_NAME="${5:-$SVM_NAME}" +ONTAP_USER="${6:-$ONTAP_USER}" +# +# Since AWS only allows up to 16KB for the user data script, the rest of this script +# will be the compressed version of the linux_userData_real.sh file, which will be +# uncompressed and executed on the EC2 instance when it is deployed. +cat < /tmp/linux_userData.sh +#!/bin/bash +export SECRET_ARN="$SECRET_ARN" +export FSXN_ADMIN_IP="$FSXN_ADMIN_IP" +export VOLUME_NAME="$VOLUME_NAME" +export VOLUME_SIZE="$VOLUME_SIZE" +export SVM_NAME="$SVM_NAME" +export ONTAP_USER="$ONTAP_USER" +EOF2 + +cat <> /tmp/linux_userData.sh +H4sIAAAAAAAAA908aVPbSNrf9St6FA2GDJJsJslOPOOkvOAkrjVHYchkd5jXJaQ2aJAlRQdHiP/7 +Pk8fUkuWwbAkU/WmZsDu47nPVotnP9infmifOum59kx7RsZ+6FLiT4lzlRIf/gvTzAkC6hE/I2cR +xZEsInaeJnYQuU6A2y3toH/0oWfc4q95tzqpaaP995N3w9GgZ186OHFm+6mb+qaAbcGIdjTcHewf +H/VeMire04xk55Ts22My8sP8mnh+miX+aZ75EaCziE0z145SM6EBdVKqufCD6MZwRwcCNUKc2Zfw +q0uB1vRrck6DDRgjZH88Ofr3waCHI7/+CkP5aR5m+VePnvpOWF3Dx9iq53yGuucR0Y/DizC6CmEd +yW5i2iUtwNqydPLmDTEkq3z9NcisAxBo6riadkazMXUTmn10gpyub5BbWJWykYmThD2jA9/Hg+3D +wdHkY390POjpxjqqga9JZ07onNGEAByTD5mXCImcMGymHPQ9EEQJVy/mP+c0uSEtTsQYxBmetYrJ +KM/iHKROr7MNXYNBsIE/iPGWmCElbfLnr6iQUJHDO8dHswBjAGiJTy8pUxlHTKZJNAPJlGS0Nkn/ +NEoyQGrpinjg49TX5hoYwS5NU+BQSIZjMdY9J6MbxCRGpybiueaeU/diO5qBZDyxaznVJQKA2iFT +Rr5VJ8qy81DaJbjEIp2O5x2HXlTFmoIgTJ/oHR+prECYayNnduo5gySJkneAs6fb2Sy2AzY6oTiM +HqCLdYc0jaMwpYtLEzFj/ZVGoa754WV0QfkmQQYaC19M+Gyh3Wkeuug6ZujMgH/QRxcWd/nirnHb +/308ORy8H+7vzbv/6Pyy9Y+fX7x8+eLVz125sZvQmAvKnEWhn0VoPaYHYeM0chLPzFGwpanFzk0Q +OWiIo/7uP3f6k4P+v0f7/Z1yhRv4JkQHJ7kxp1EyczKSOFcQEkwIRfTVC7RHsdZYFAzZemPUxAqC +Tujn3E+otz3z0p7u5kkAqvjix+Svz+TUJdfXHkgN7UM3hJPrpNcjOkYDXbGVm3xG8hjtjpg38F01 +M6KXs2gxQDtxZxAdQ2Ko+H8lXsSoB4Q/EFdsNi+JgavX3hDbo5d2mAeBYqJVIx1yIwI5s026WCI4 +wBFG/V+f9Yqd479n5B3QdfhhMLK3IQbujzdlIEdZMN8cHAxGBJWaojJviq3Inlxr3hAa06AIsnJN +VSCCzspSJhegTGwBz2mEjlxod8FUGa96HldEQmfRJZWg+EqGzItCWkQxnhd+AGFhWqiKi5mJmZLz +LIvTrm2DW4BpWs7M+RKF8MUC3YlBk15TM8B0ZF7/8mry6oWFxmVGhE9fbuF3BpSbnfl5ccZCWLYQ +ARtJZsRMeL6trQZGaNBksDw1qXw4cWZCXpBmq5gXAV9Z6/wtliqJeiqFS3h3K/2bqHSZQuvqXKZM +IE8bHe9NxsP/DHrGOkQjMyC//fYb0dvW6/Zz4+P+6Hh3wKZ1ssGW7vV3YemtmMFv84mxvm4c9vd2 +9nd/XH/dbm/81IEfG5rGc+UzciwzD8gjgHD8ppqL3PNZ5JH8p+vqsKbqEksvkcPBlBy9VraAKd6K +GqV/uDfXtXfjT3sQ3cfj3/cPd3rlLKtgYF6FPS7hFkWDR9LcdWHFFCzsRteEAe7Q1E38GFNPrzAO +pijij7fHQxI77gUATasYjNvF/fPVo75iqWD0vkvNmRPHNDFneZD5sZOdE1m6+pnvQOA0oSIN0oUk +sYSO+4LYg5DqTxEdRHBocNUCu5lFUZCSKKahyQh5PLeLHrwci45O02QNYwDAtqWgdRghmT+jWC6w +vNbZaqdYlL5czTJE5dZK7TDyqCVAWgykBekxcFw6gxQ6kUh6xHq++tqXdou3Kowl/tOD+BNOtTPY +QfTVIenLAK2ki7omvjHfoIWlnDf7+DhzkowbOsSfBP1gNQXepBmduRnUH6FzCqUhx6SMpyVkbzVh +PeP2LelACFmean46BCCuP+bDh3kIUfQMwnmJy09NB+pltG1ot3wq8VoS1NqaaGygT/j6VXxu6xsy +RDXj0IlJP5PO0n6mIjZs2xOxT2vKoyW5pgmtLPbWiuSsQvo0EDXfnajCKJPoNokjuqn7mqn7XJtF +PTQW/4wVLk6eRdAj+C7r2yB2JKvHfRkdG6M+ITPEhahAGsKETPPKz84nBSUe4fXxilFvUeIqDiHt +InpXyFuM3dBc1i28pKs2zy29Nr0y0X76IMNWpLPUqJV+pQ69yaTrtqagWGbbD7HvEpw4gAiUnuZ+ +vHcY+hJjVwyel6hYBlqVsChTOvblFs+u1cpazO9h3+6nXWLcVsZAd5UNRzRFstB3Qso6d0yG+3tH +/QNL18BvMHTLVho0LGrlGTHECRwxP5H3A/iVY12B+ybH48Gh3tWNSqkH+rsguiyx+Vx/Z3e4Nxke +2E7s226QgxqSt1OfBtCPC9RgINiCmgmxxEgR+mrE8WIGixQdC3LzS9OSZQFxe5F9ceJTqu7eEx/U +1lkS5TEKGmR1HqUZ6gkofo/DQAYYyjcVYpxEWeRCYWSnTmj7jJr0bXo5s0JG0/jjLmsN1vjXgtq1 +wrBSsbJiNWsSbo+Z3FqUTvAss8cKbExGcvHg2k+zFFgUp3G3KudzocyWFeazSULdKPHSVpnKqkC4 +wy8/kysIXDBxgtGYMN5gruBxDv0e5W5JEcMmge7CYdbvZ0K5FZvAWXCiAg+HiOnlEt2cJuhdUqJz +Pt2tYiw2Nzkii7YMyQrmcbA/Xsk+PjBjzqC8Mo/YcTP0BoHvOmjbNjsJfJQNwS6PtG5FmNLlGr0r +Mry+KadKS4LJP4q4dlt8gjVoYri1VTWzVhkd5+LTnwVcYXO4jZtdMVNCKyTfKmfB+GGyRK8sl7or +8HKs85bIRP/Pvbbk8Tj3Pem0NZ8t4m/LEh77x58wltIA4uU6Q8sCb0X4ZAOWWDlABVGWWd0M0c0L +jIvnkM3+3eDJV04qXKd6HsBd//h4uNMtGEFU83sy+L3IMGoIhI9K5pjNG0u9RqvaGYwGRwM0rBPV +sk707knNtk6YcZ082LpsRQ8n+pLa/REh1glASN4Nj7DpJkkv/DhmBQaLtdAGsj5dfWg32N7i5wgh +9IVkuGNpR/v/GuyVHgfBD8TCWAQOO69eW1svX1jitx2ATtKMcZpFFzTkMfCT6VylJnW3zBnNHDxB +MtmsmWUBPviKQg+Ko63OqzZrphh6l06YGwi0d0AB42I06uRuonCXidtsicH0vQ2tfHpSYHtSZEWH +bSf0jJVMPMeymkjhVXVAVQR6zp9ZMlVpDTnxMgryGa2mPxjDAfX8kaT+F6oM4nHlHLyGO9JHBuRp +st7d8TUFswXybU62ksuUXKDQzZOHjsRX5pD81pmYzPCBDsxGIYRTKgaVVLMszczZSufsDFSDesMk +WduBkx22lmU/fZI5Z2Uy1aWmhl63pWpT5jwd6070Rpgua9BidhblYXYQ+WHWrXEN839qmPzSgNKY +dNraX9Hp0FOquUXFzXUlQcByGfTh45idgqhu/JR9gg0YIIoxCvUCHy2JLShQKWRqK0tOuYs/7BGJ +ZHmXwBkvQhmB7dAsejw5RLM4oOAbajqqpwrYwB5A3kMle8grihAVP9tLPPBzP8DWToJbpTG5XMHb +nkQ/NWd7ywuTSlxYK0ubMoCAEvmW42NftbnLZdZ2TzlSMe1KQVLWIiXCe5Vei2yrFSAl/PmSFLsc ++h0Vx52a/v4FRk3jdoVvLC6aUgg/Fwzy8P4sIhbJh1xlWpFPyOZnZP11+0cSTUVm2pA5ZpSH3zPB +AKWN2QVFY1e5sg3Jj0w3MSTtMn2U2Udy2Xr/TxnDUXaT7NwPJ1DcXfp4xgHGMUnzGC9dTPi5nwfb +sySnRdJZPT0t9FosLQSLwnzimIHykwdA6Ky84blTehA2kDC1g4GgUZD6gIhxj5KWhBCBe3n8AAgV +410tcgiwy8JGE9DHBoy/MWKgvu2S2WWxwiH4hBO7CPbIDpsGFMBNlBeSzCI2zLsbdUZn5rHrPNHx +ykMaecCLj2bViABDiy7IDK9VtbwWDhT6VVyTc9jkx0obpqxf4vRlyFXWguh91wkmYCzZJMxnpzSB +1W3u/GrScgKfPRlGkQNLhXoU29bZBcYRE/13PDyRMn8LH6zl0aMU7RoXqCxHShkuK1IAMOucuW2q +QafgtxJ0Gs86a0DuO+tEa1dl/ChXXxpIGrRXu2Tx90SJ76pZjD3sQjNNfCcg5/SahJR6IAo88MVD +DfZM6DSI3Atx74IgDGHlfNse85nvWGSrCTNlJEi/hS5OIWnBShfpfXCmVOS+mCcrxLQkMR/otaSE +Jc9blUZGwPW1R8x4QzmvKHYuT7FCZxwZ05dMEeIxnHMJHRPq72GJsX7PiWUYVrdC90yTKZ5XgVsk +sIamBV6wLrWkZTeihnJ9+h2MI6TZVZRc2H5sF3Q2HicLw/FjPAJDvjrDg9JSGshe2UQYtElHZ7bg +x5aQUkvg2XpaPFsNeJQSTbIGBoSPntXRLTaqmFVdDMatHPnRfj7fKNdsLazZUtcsXoF4gMkQJ2H9 +jUQNAxBxSzTLqsJHIfpfHKTpTsYOUIEXLhi+zEnYNTF2BQ9vA6WbwoOGBxUOV7uegasdb0ZMcwaw +8EE9Q3WD7yPExR1sE3sXsJXQ4+hTvGAOTEGIKGzhcbeg7iHAo+wE6E4CVJa/GXhuI/X4xR51So3I +43xd4yPF+T5Y9RPKGfzSubqA6jdOwC6JsTVvwdA5pFP0wk61rjyq0SYuMNQIRM7qFKJpEfOIGLW1 +VYJDUrmQFiYT8THF+8u/VAU2is74u0t1iTWT9ACKsMwO71X+3QCiPOP1St/zmKdNoyCIrlDDaXmR +ASfY7ZHihgq7Ucdu+3Zhs0enDsyk0B88A8/OIddOpokPGg1uJhhkU3JDUzY39UOvvOEkx+fwvzLI +wShXssQA/ru68j3y86t222m//qUtUz/k9Xm5BvoKqEGrJR2fnTNkqn6OuVKXsbdJ+qDas5AVaSgL +tXKzwIQgtQ77o8mHwadeWWNo/dGwP+6ptY22vb/3rteAhqUYyq5lmp+Jzmg/yZ4btwzG3NCJgVuL +5MLTHTuw3cSxhN0Skg/MnFBw74dMbQ0sFVGcH3KRlsEwtWovJS2EbOUOXcxpAhHjr/nk1HEv8lhc +9H714gWfZpxJxlrSSFo1fthD3WJVg+0sbijefGrZDevttGnUet40ivZnCwT1R7sFDkm57ZycZEuA +qDDEaycqWzWzv5Ol2lpgpzYCrDS40cPYaABQY6EAwULulOgnYennJ+FSSeBUA/STcH4S8lfpGBbM ++6rht/5PDQCLAirYqKxjvChxApGfZNUY0WJvB0gvnestvoi7CU5yR+PjQKSUw4IAVMS49h68RolU +xci9TeBalMlibPKWBie8bodXdCCVrLtOxqHga5RNBRWUxLV7miwQVGHzq9LEPXfCVV9yKK89JgsY +5KXeR14WXwHy4i4ITg3yEiGqaap+WIiksttcUxYlQ3pFYkDus2zILyRAgBSXznuv2xqrlC+doPcS +bMaJwVJ7bU27OkcN/UEMMUbMADQk76r/qb7/BK0EIGZvR/B3MCpd8d33W46ARHGOoG4qCZWbTiFB +XKjxiT+eNST1Im5w+o31dUn2T0Su2NjQ2KtOjOIfHkDzKvRWL9WlFhlAull2XZLUOwjPh/4OXyic +oFp7szDT2APqSYxPqKuJuNE7xBEx20TYJmIbt1WweCykQF2t2ZhdABCAVQVlGwqgx3mHeOfrTshL +QoFgloUQ7mQ8FKjKlFFxNR6nqUWvsxdVEAzCasw1krnLlMGq0pLS1QhiO000pkaivoU+co70Mfr4 +CHXj9IadDtpXiY+PKvgVglV45fUgXt0R1uuzNznwLbw7abFxC7714VvZNfDs3EN7ff0qMgIbfQjM +Crvvxp9C0fGLQpWzVx4pW0vEib0MX4t/MgID/hQCx+kDpPlQi+F2JsujzUlIM4BA2qTNsntJw//2 +1pThtSr8VBg6ZG/KE/5GfGWmn4HfxKxtH6mv6eta9S35XusWq4QoT1x6kETAfObjzaJbfczG9K6+ +Q+MgupkMtrcmv/tfnMTTN2ELXg6DSWgkihtpLX2OM59zUPARewasb4+G+rylVf6CgFb7wwl4sFa0 +QrxVDvwv7L2N+pv3ZOtN0yvCld5bclvC2WRvgN6w/B6STju1LJFhittKLCmrNIpSldN55wOWY/ar ++JsFxW2e+oOQxmO3+mb+4sDi5bkxs5QlsNEnMDNMq+/a/heZnhrpcEUAAA== +EOF3 + +chmod +x /tmp/linux_userData.sh +/tmp/linux_userData.sh diff --git a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData_real.sh b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData_real.sh new file mode 100755 index 0000000..ceed41d --- /dev/null +++ b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData_real.sh @@ -0,0 +1,477 @@ +#!/bin/bash +# +# Since if aws is installed it goes into /usr/local/bin. +PATH=${PATH}:/usr/local/bin + +LOG_FILE=/var/log/iscsi-install.log +TIMEOUT=5 +# +# Get the O/S Linux distribution. +. /etc/os-release +case "$ID" in + amzn|centos|rhel) + OS_TYPE=rhel;; + ubuntu|debian) + OS_TYPE=debian;; + *) + echo "Unknown OS type: '$ID'." >> $LOG_FILE + exit 1;; +esac + +getSecretValue() { + secret_arn=$1 + SECRET_VALUE="$(aws secretsmanager get-secret-value \ + --secret-id "$secret_arn" \ + --query 'SecretString' \ + --output text)" + + if [ $? -ne 0 ]; then + echo "Failed to retrieve the secret from '$secret_arn', Aborting." + exit 1 + fi +} +logMessage() { + echo "$(date) - $1" >> $LOG_FILE +} +checkCommand() { + if [ $? -ne 0 ]; then + logMessage "$1 failed. Aborting." + ./uninstall.sh + exit 1 + fi +} +addUndoCommand() { + sed -i "1i$1" uninstall.sh +} +LambdaErrorFile="/tmp/lambda_error.log" +LambdaResponseFile="/tmp/lambda_response.json" +invokeLambda() { + aws lambda invoke \ + --function-name "arn:aws:lambda:${AWS_REGION}:718273455463:function:reporting-monitoring-dashboard-usage" \ + --payload "$LAMBDA_PAYLOAD" \ + --cli-binary-format raw-in-base64-out \ + $LambdaResponseFile 2>$LambdaErrorFile +} +requiredCmds="curl unzip jq bc xxd" +if [ "$OS_TYPE" == "rhel" ]; then + yum update -y + checkCommand "yum update" + for cmd in $requiredCmds; do + if ! command -v $cmd &> /dev/null; then + logMessage "Installing $cmd" + if [ "$cmd" == "jq" ]; then + # For RHEL/CentOS, install jq from EPEL repository + yum install -y epel-release + checkCommand "Install epel-release for jq" + fi + yum install -y $cmd + checkCommand "Install $cmd" + addUndoCommand "yum remove -y $cmd" + fi + done + + if [ "$ID" != "amzn" ]; then + curl -s https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip + unzip -q awscliv2.zip + ./aws/install + rm -rf aws awscliv2.zip + fi +elif [ "$OS_TYPE" == "debian" ]; then + apt-get update > /dev/null 2>&1 + for cmd in $requiredCmds; do + if ! command -v $cmd &> /dev/null; then + logMessage "Installing $cmd" + apt-get install -y $cmd + checkCommand "Install $cmd" + addUndoCommand "apt-get remove -y $cmd" + fi + done + curl -s https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip + unzip -q awscliv2.zip + ./aws/install + rm -rf aws awscliv2.zip +fi + +LUN_SIZE=$(bc -l <<< "0.90*$VOLUME_SIZE" ) +LUN_NAME=${VOLUME_NAME}_$(($RANDOM%(900)+100)) + +echo "# Uninstall file" > uninstall.sh +chmod u+x uninstall.sh + +logMessage "Get secret data" +getSecretValue "${SECRET_ARN}" +FSXN_PASSWORD="${SECRET_VALUE}" +logMessage "Secret data retrieved successfully" +commandDescription="Install linux iSCSI packages" +logMessage "${commandDescription}" +if [ "$OS_TYPE" == "rhel" ]; then + yum install -y device-mapper-multipath iscsi-initiator-utils + checkCommand "${commandDescription}" + addUndoCommand "yum remove -y device-mapper-multipath iscsi-initiator-utils" +elif [ "$OS_TYPE" == "debian" ]; then + apt-get update > /dev/null 2>&1 + apt-get install -y multipath-tools open-iscsi + checkCommand "${commandDescription}" + addUndoCommand "apt-get remove -y multipath-tools open-iscsi" +fi +commandDescription="Set multisession timeout from 120s to 5s" +logMessage "${commandDescription}" +sed -i 's/node.session.timeo.replacement_timeout = .*/node.session.timeo.replacement_timeout = 5/' /etc/iscsi/iscsid.conf +grep "node.session.timeo.replacement_timeout = 5" /etc/iscsi/iscsid.conf +checkCommand "${commandDescription}" +addUndoCommand "sed -i 's/node.session.timeo.replacement_timeout = .*/node.session.timeo.replacement_timeout = 120/' /etc/iscsi/iscsid.conf" +commandDescription="Start iscsi service" +logMessage "${commandDescription}" +systemctl enable iscsid +systemctl start iscsid +checkCommand "${commandDescription}" +# check service status +isIscsciServiceRunning=$(systemctl is-active --quiet iscsid.service && echo "1" || echo "0") +if [ "$isIscsciServiceRunning" -eq 1 ]; then + logMessage "iscsi service is running" + addUndoCommand "systemctl --now disable iscsid.service" +else + logMessage "iscsi service is not running, aborting" + ./uninstall.sh + exit 1 +fi +commandDescription="Set multipath config for automatic failover" +logMessage "${commandDescription}" +if [ $OS_TYPE == "rhel" ]; then + mpathconf --enable --with_multipathd y + checkCommand "${commandDescription}" + addUndoCommand "mpathconf --disable" +elif [ $OS_TYPE == "debian" ]; then + systemctl enable multipathd + systemctl start multipathd + checkCommand "${commandDescription}" + isServiceRunning=$(systemctl is-active --quiet multipathd && echo "1" || echo "0") + if [ "$isServiceRunning" -eq 1 ]; then + logMessage "multipathd service is running" + addUndoCommand "systemctl --now disable multipathd" + else + logMessage "multipathd service is not running, aborting" + ./uninstall.sh + exit 1 + fi +fi + +. /etc/iscsi/initiatorname.iscsi +logMessage "InitiatorName is: ${InitiatorName}" + +logMessage "Testing connection to ONTAP." +versionResponse=$(curl -sm $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/cluster?fields=version" | jq -r .version) +if [ "$versionResponse" == "null" -o -z "$versionResponse" ]; then + logMessage "Connection to ONTAP failed, aborting." + ./uninstall.sh + exit 1 +fi + +groupName=$(hostname) +iGroupResult=$(curl -sm $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/protocols/san/igroups?svm.name=$SVM_NAME&name=$groupName&initiators.name=$InitiatorName&protocol=iscsi&os_type=linux") +initiatorExists=$(echo "${iGroupResult}" | jq '.num_records') +if [ "$initiatorExists" -eq 0 ]; then + logMessage "Initiator ${InitiatorName} with group ${groupName} does not exist, creating it." + logMessage "Create initiator group for vserver: ${SVM_NAME} group: ${groupName} initiator: ${InitiatorName}" + createGroupResult=$(curl -sm $TIMEOUT -X POST -u "$ONTAP_USER":"$FSXN_PASSWORD" -H "Content-Type: application/json" -k "https://$FSXN_ADMIN_IP/api/protocols/san/igroups" -d '{ + "protocol": "iscsi", + "initiators": [ + { + "name": "'$InitiatorName'" + } + ], + "os_type": "linux", + "name": "'$groupName'", + "svm": { + "name": "'$SVM_NAME'" + } + }') + iGroupResult=$(curl -sm $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/protocols/san/igroups?svm.name=$SVM_NAME&name=$groupName&initiators.name=$InitiatorName&protocol=iscsi&os_type=linux") + iGroupUuid=$(echo ${iGroupResult} | jq -r '.records[] | select(.name == "'$groupName'" ) | .uuid') + + if [ -n "$iGroupUuid" ]; then + logMessage "Initiator group ${groupName} was created successfully with UUID: ${iGroupUuid}" + else + logMessage "Initiator group ${groupName} was not created, aborting" + ./uninstall.sh + exit 1 + fi + + addUndoCommand "curl -sm $TIMEOUT -X DELETE -u \"$ONTAP_USER\":\"$FSXN_PASSWORD\" -k \"https://$FSXN_ADMIN_IP/api/protocols/san/igroups/$iGroupUuid\"" +else + logMessage "Initiator ${InitiatorName} with group ${groupName} already exists, skipping creation." +fi +# +# Get the EC2 instanace ID. +TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") +instance_id=$(curl -sH "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id) +AWS_REGION=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/placement/region) + +if [ -z "$instance_id" ]; then + instance_id="unknown" +fi + +logMessage "Create volume: ${SVM_NAME} vol: ${VOLUME_NAME} size: ${VOLUME_SIZE}g" +createVolumeResult=$(curl -sm $TIMEOUT -X POST -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/storage/volumes" -d '{ + "name": "'$VOLUME_NAME'", + "size": "'$VOLUME_SIZE'g", + "state": "online", + "svm": { + "name": "'$SVM_NAME'" + }, + "aggregates": [{ + "name": "aggr1" + }], + "_tags": [ + "instanceId:'$instance_id'", + "hostName:'$(hostname)'", + "mountPoint:'$VOLUME_NAME'" + ] +}') +sleep 10 +jobId=$(echo "${createVolumeResult}" | jq -r '.job.uuid') +jobStatus=$(curl -sX GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/cluster/jobs/$jobId") +jobState=$(echo "$jobStatus" | jq -r '.state') +if [ "$jobState" != "success" ]; then + logMessage "Volume creation job did not complete successfully, aborting" + jobError=$(echo "$jobStatus" | jq -r '.error') + logMessage "Error details: $jobError" + ./uninstall.sh + exit 1 +fi + +volumeResult=$(curl -sm $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/storage/volumes?name=${VOLUME_NAME}&svm.name=${SVM_NAME}") +volumeUUid=$(echo "${volumeResult}" | jq -r '.records[] | select(.name == "'$VOLUME_NAME'" ) | .uuid') +if [ -n "$volumeUUid" ]; then + logMessage "Volume ${VOLUME_NAME} was created successfully with UUID: ${volumeUUid}" +else + logMessage "Volume ${VOLUME_NAME} was not created, aborting" + ./uninstall.sh + exit 1 +fi +addUndoCommand "curl -sm $TIMEOUT -X DELETE -u \"$ONTAP_USER\":\"$FSXN_PASSWORD\" -k \"https://$FSXN_ADMIN_IP/api/storage/volumes/${volumeUUid}\"" + +logMessage "Create iscsi lun: ${SVM_NAME} vol: ${VOLUME_NAME} lun: ${LUN_NAME} size: ${LUN_SIZE}g (90% of volume)" +createLunResult=$(curl -sm $TIMEOUT -X POST -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/storage/luns" -d '{ + "name": "'/vol/${VOLUME_NAME}/$LUN_NAME'", + "space": { + "size": "'$LUN_SIZE'GB", + "scsi_thin_provisioning_support_enabled": true + }, + "svm": { + "name": "'$SVM_NAME'" + }, + "os_type": "linux" +}') +lunResult=$(curl -sX GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/storage/luns?fields=uuid&name=/vol/${VOLUME_NAME}/$LUN_NAME") + +lunUuid=$(echo "${lunResult}" | jq -r '.records[] | select(.name == "'/vol/${VOLUME_NAME}/$LUN_NAME'" ) | .uuid') +if [ -n "$lunUuid" ]; then + logMessage "LUN ${LUN_NAME} was created successfully with UUID: ${lunUuid}" +else + logMessage "LUN ${LUN_NAME} was not created, aborting" + ./uninstall.sh + exit 1 +fi + +addUndoCommand "curl -sm $TIMEOUT -X DELETE -u \"$ONTAP_USER\":\"$FSXN_PASSWORD\" -k \"https://$FSXN_ADMIN_IP/api/storage/luns/${lunUuid}\"" + +logMessage "Create a mapping from the LUN you created to the igroup you created" + +lunMapResult=$(curl -sm $TIMEOUT -X POST -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/protocols/san/lun-maps" -d '{ + "lun": { + "name": "/vol/'${VOLUME_NAME}'/'${LUN_NAME}'" + }, + "igroup": { + "name": "'${groupName}'" + }, + "svm": { + "name": "'${SVM_NAME}'" + }, + "logical_unit_number": 0 +}') +logMessage "Validate the lun mapping was created" + +getLunMap=$(curl -sm $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/protocols/san/lun-maps?lun.name=/vol/${VOLUME_NAME}/${LUN_NAME}&igroup.name=${groupName}&svm.name=${SVM_NAME}") +lunGroupCreated=$(echo "${getLunMap}" | jq -r '.num_records') +if [ "$lunGroupCreated" -eq 0 ]; then + logMessage "LUN mapping was not created, aborting" + ./uninstall.sh + exit 1 +else + logMessage "LUN mapping was created successfully" +fi + +addUndoCommand "curl -sm $TIMEOUT -X DELETE -u \"$ONTAP_USER\":\"$FSXN_PASSWORD\" -k \"https://$FSXN_ADMIN_IP/api/protocols/san/lun-maps?lun.name=/vol/${VOLUME_NAME}/${LUN_NAME}&igroup.name=${groupName}&svm.name=${SVM_NAME}\"" +# +# Serial hex needed for readable block device name +getLunSerialNumberResult=$(curl -sm $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/storage/luns?fields=serial_number") +serialNumber=$(echo "${getLunSerialNumberResult}" | jq -r '.records[] | select(.name == "'/vol/$VOLUME_NAME/$LUN_NAME'" ) | .serial_number') +serialHex=$(echo -n "${serialNumber}" | xxd -p) +if [ -z "$serialHex" ]; then + logMessage "Serial number for the LUN is not available, aborting" + ./uninstall.sh + exit 1 +fi + +logMessage "Get the iscsi interface addresses for the svm ${SVM_NAME}" +getInterfacesResult=$(curl -sm $TIMEOUT -X GET -u "$ONTAP_USER":"$FSXN_PASSWORD" -k "https://$FSXN_ADMIN_IP/api/network/ip/interfaces?svm.name=$SVM_NAME&fields=ip") +iscsi1IP=$(echo "$getInterfacesResult" | jq -r '.records[] | select(.name == "iscsi_1") | .ip.address') +iscsi2IP=$(echo "$getInterfacesResult" | jq -r '.records[] | select(.name == "iscsi_2") | .ip.address') + +if [ -n "$iscsi1IP" ] && [ -n "$iscsi2IP" ]; then + iscsi1IP=$(echo ${iscsi1IP%/*}) + iscsi2IP=$(echo ${iscsi2IP%/*}) + logMessage "iscsi interface addresses for the svm ${SVM_NAME} are: ${iscsi1IP} and ${iscsi2IP}" +else + logMessage "iscsi interface addresses for the svm ${SVM_NAME} are not available, aborting" + ./uninstall.sh + exit 1 +fi + +commandDescription="Discover the target iSCSI nodes, iscsi IP: ${iscsi1IP}" +logMessage "${commandDescription}" +iscsiadm --mode discovery --op update --type sendtargets --portal $iscsi1IP +checkCommand "${commandDescription}" +addUndoCommand "iscsiadm --mode discovery --op delete --type sendtargets --portal ${iscsi1IP}" +addUndoCommand "iscsiadm --mode discovery --op delete --type sendtargets --portal ${iscsi2IP}" + +logMessage "Getting target initiator" +targetInitiator=$(iscsiadm --mode discovery --op update --type sendtargets --portal $iscsi1IP | awk '{print $2}' | head -n 1) +logMessage "Target initiator is: ${targetInitiator}" + +iscsiadm --mode node -T $targetInitiator --op update -n node.session.nr_sessions -v 8 + +logMessage "Log into target initiator: ${targetInitiator}" +iscsiadm --mode node -T $targetInitiator --login +addUndoCommand "iscsiadm --mode node -T $targetInitiator --logout" +# +# Add the following section to the /etc/multipath.conf file: +# defaults { +# user_friendly_names yes +# find_multipaths yes +# } +# multipaths { +# multipath { +# wwid 3600a0980${serialHex} +# alias ${VOLUME_NAME} +# } +# } +logMessage "Update /etc/multipath.conf file, Assign name to block device." + +SERIAL_HEX=$serialHex +ALIAS=$VOLUME_NAME +CONF=/etc/multipath.conf + +if egrep -q "alias\t*${ALIAS}$" $CONF; then + echo "Error, there is already an alias in the multipath.conf file for the volume '$ALIAS'. Aborting." + ./uninstall.sh + exit 1 +fi +cp $CONF ${CONF}_backup +chmod 644 $CONF + +if grep -q 'defaults' $CONF; then + if grep -q 'user_friendly_names' $CONF; then + sed -i '/user_friendly_names/s/user_friendly_names.*/user_friendly_names yes/' $CONF + else + sed -i '/defaults/a\\tuser_friendly_names yes' $CONF + fi + if grep -q 'find_multipaths' $CONF; then + sed -i '/find_multipaths/s/find_multipaths.*/find_multipaths yes/' $CONF + else + sed -i '/defaults/a\\tfind_multipaths yes' $CONF + fi +else + printf "\ndefaults {\n\tuser_friendly_names yes\n\tfind_multipaths yes\n}\n" >> $CONF +fi + +if egrep -q '^multipaths {' $CONF; then + sed -i '/^multipaths {/a\\tmultipath {\n\t\twwid 3600a0980'"${SERIAL_HEX}"'\n\t\talias '"${ALIAS}"'\n\t}\n' $CONF +else + printf "multipaths {\n\tmultipath {\n\t\twwid 3600a0980$SERIAL_HEX\n\t\talias $ALIAS\n\t}\n}\n" >> $CONF +fi + +logMessage "Updated /etc/multipath.conf file content: $(cat $CONF)" + +commandDescription="Restart multipathd for /etc/multipathd.conf changes" +logMessage "${commandDescription}" +systemctl restart multipathd.service +checkCommand "${commandDescription}" +addUndoCommand "systemctl restart multipathd.service" +addUndoCommand "cp /etc/multipath.conf_backup /etc/multipath.conf" + +logMessage "Checking if the new partition exists." +timeout=90 +interval=5 +elapsed=0 + +while [ $elapsed -lt $timeout ]; do + if [ -e "/dev/mapper/$VOLUME_NAME" ]; then + logMessage "The device $VOLUME_NAME exists." + break + fi + sleep $interval + elapsed=$((elapsed + interval)) +done +if [ ! -e "/dev/mapper/$VOLUME_NAME" ]; then + logMessage "The device $VOLUME_NAME does not exists. Exiting." + ./uninstall.sh + exit 1 +fi + +directory_path=mnt +mount_point=$VOLUME_NAME + +commandDescription="Create mount point /${directory_path}/${mount_point}" +logMessage "${commandDescription}" +mkdir /$directory_path/$mount_point +checkCommand "${commandDescription}" +addUndoCommand "rm -rf /$directory_path/$mount_point" + +commandDescription="Create file system for /dev/mapper/${ALIAS}" +logMessage "${commandDescription}" +mkfs.ext4 /dev/mapper/$ALIAS +checkCommand "${commandDescription}" + +commandDescription="Mount the file system" +logMessage "${commandDescription}" +mount -t ext4 /dev/mapper/$ALIAS /$directory_path/$mount_point +checkCommand "${commandDescription}" +addUndoCommand "umount /$directory_path/$mount_point" + +commandDescription="Verify read/write access" +logMessage "${commandDescription}" +echo "test mount iscsci" > /$directory_path/$mount_point/testIscsi.txt +cat /$directory_path/$mount_point/testIscsi.txt +checkCommand "${commandDescription}" +rm /$directory_path/$mount_point/testIscsi.txt + +logMessage "FSXn iSCSI volume mount successful." + +commandDescription="Add mount to /etc/fstab" +logMessage "${commandDescription}" +echo "/dev/mapper/$ALIAS /$directory_path/$mount_point ext4 defaults,_netdev 0 0" >> /etc/fstab +checkCommand "${commandDescription}" +addUndoCommand "sed -i '$d' /etc/fstab" + +logMessage "Report usage" +logMessage "Attempting Lambda invoke" +LAMBDA_PAYLOAD='{"ResourceProperties":{"Source":"Deploy_EC2_Wizard","Region":"'$AWS_REGION'"},"RequestType":"CLI"}' + +invokeLambda +if [ $? -ne 0 ] && grep -q "initializing" $LambdaErrorFile 2>/dev/null; then + logMessage "Lambda initializing, retrying in 10s..." + sleep 10 + invokeLambda +fi + +if [ $? -eq 0 ]; then + logMessage "Usage reporting completed successfully" +else + logMessage "Usage reporting failed" +fi + +logMessage "Script completed successfully." + +rm -f uninstall.sh