Commit 46286ce0 authored by Max Beckett's avatar Max Beckett
Browse files

Update stunnel idle timeout.

The default stunnel idle timeout is many hours. By setting it to a value based
on the NFS lease length we can recover from network partitions sooner.
parent 94e667c5
...@@ -113,7 +113,7 @@ For more information on mounting with the mount helper, see the [documentation]( ...@@ -113,7 +113,7 @@ For more information on mounting with the mount helper, see the [documentation](
## Upgrading stunnel for RHEL/CentOS ## Upgrading stunnel for RHEL/CentOS
By default, when using the EFS mount helper with TLS, it enforces certificate hostname checking. The EFS mount helper uses the `stunnel` program for its TLS functionality. Please note that some versions of Linux do not include a version of `stunnel` that supports TLS features by default. When using such a Linux version, mounting an EFS file system using TLS will fail. By default, when using the EFS mount helper with TLS, it enforces certificate hostname checking. The EFS mount helper uses the `stunnel` program for its TLS functionality. Please note that some versions of Linux do not include a version of `stunnel` that supports TLS features by default. When using such a Linux version, mounting an EFS file system using TLS will fail.
Once you’ve installed the `amazon-efs-utils` package, to upgrade your system’s version of `stunnel`, see [Upgrading Stunnel](https://docs.aws.amazon.com/efs/latest/ug/using-amazon-efs-utils.html#upgrading-stunnel). Once you’ve installed the `amazon-efs-utils` package, to upgrade your system’s version of `stunnel`, see [Upgrading Stunnel](https://docs.aws.amazon.com/efs/latest/ug/using-amazon-efs-utils.html#upgrading-stunnel).
......
...@@ -11,7 +11,7 @@ set -ex ...@@ -11,7 +11,7 @@ set -ex
BASE_DIR=$(pwd) BASE_DIR=$(pwd)
BUILD_ROOT=${BASE_DIR}/build/debbuild BUILD_ROOT=${BASE_DIR}/build/debbuild
VERSION=1.11 VERSION=1.12
echo 'Cleaning deb build workspace' echo 'Cleaning deb build workspace'
rm -rf ${BUILD_ROOT} rm -rf ${BUILD_ROOT}
......
Package: amazon-efs-utils Package: amazon-efs-utils
Architecture: all Architecture: all
Version: 1.11 Version: 1.12
Section: utils Section: utils
Depends: python|python2, nfs-common, stunnel4 (>= 4.56) Depends: python|python2, nfs-common, stunnel4 (>= 4.56)
Priority: optional Priority: optional
......
...@@ -20,7 +20,7 @@ ...@@ -20,7 +20,7 @@
%endif %endif
Name : amazon-efs-utils Name : amazon-efs-utils
Version : 1.11 Version : 1.12
Release : 1%{?dist} Release : 1%{?dist}
Summary : This package provides utilities for simplifying the use of EFS file systems Summary : This package provides utilities for simplifying the use of EFS file systems
......
...@@ -54,7 +54,7 @@ except ImportError: ...@@ -54,7 +54,7 @@ except ImportError:
from urllib.error import URLError from urllib.error import URLError
from urllib.request import urlopen from urllib.request import urlopen
VERSION = '1.11' VERSION = '1.12'
CONFIG_FILE = '/etc/amazon/efs/efs-utils.conf' CONFIG_FILE = '/etc/amazon/efs/efs-utils.conf'
CONFIG_SECTION = 'mount' CONFIG_SECTION = 'mount'
...@@ -102,6 +102,7 @@ STUNNEL_EFS_CONFIG = { ...@@ -102,6 +102,7 @@ STUNNEL_EFS_CONFIG = {
'renegotiation': 'no', 'renegotiation': 'no',
'TIMEOUTbusy': '20', 'TIMEOUTbusy': '20',
'TIMEOUTclose': '0', 'TIMEOUTclose': '0',
'TIMEOUTidle': '70',
'delay': 'yes', 'delay': 'yes',
} }
......
...@@ -25,7 +25,7 @@ try: ...@@ -25,7 +25,7 @@ try:
except ImportError: except ImportError:
from configparser import ConfigParser from configparser import ConfigParser
VERSION = '1.11' VERSION = '1.12'
CONFIG_FILE = '/etc/amazon/efs/efs-utils.conf' CONFIG_FILE = '/etc/amazon/efs/efs-utils.conf'
CONFIG_SECTION = 'mount-watchdog' CONFIG_SECTION = 'mount-watchdog'
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment