This project is mirrored from https://github.com/aws/efs-utils.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
- 30 Jan, 2020 1 commit
-
-
stvhu authored
* Ensure that certificate renewals always use the original credentials source * Include file system ID in all client TLS certificates * Updates to man page and README
-
- 24 Jan, 2020 1 commit
-
-
Yuan Gao authored
Fixes the mount issue with full DNS name in the AWS China Regions; Upgrades unit test coverage version dependency to enable accurate python3.8 coverage test
-
- 21 Jan, 2020 1 commit
-
-
Yuan Gao authored
Added region localization, Integrate repository with CircleCI to enable package build visualization, Unit tests bug fixes for python3.5
-
- 13 Jan, 2020 1 commit
-
-
stvhu authored
-
- 17 Dec, 2019 1 commit
-
-
Yuan Gao authored
-
- 05 Dec, 2019 1 commit
-
- 04 Dec, 2019 2 commits
- 11 Nov, 2019 1 commit
-
-
Yuan Gao authored
-
- 28 Oct, 2019 1 commit
-
-
Yuan Gao authored
-
- 05 Aug, 2019 1 commit
-
-
Max Beckett authored
The default stunnel idle timeout is many hours. By setting it to a value based on the NFS lease length we can recover from network partitions sooner.
-
- 23 Jul, 2019 2 commits
-
-
Max Beckett authored
- Fixes Python shebangs to work on systems without a default "python" version. - Fixes watchdog process not being properly started on systemd systems.
-
Max Beckett authored
To use OCSP, the client accessing EFS must be able to reach the Amazon Certificate Authority (CA). To maximize file system availability in the event that the CA is not reachable from your VPC, the EFS mount helper no longer enables OCSP by default. See here for more info: https://aws.amazon.com/about-aws/whats-new/2019/07/configuration-update-for-amazon-efs-encryption-data-in-transit/
-
- 09 Apr, 2019 5 commits
-
-
Matthias Gerstner authored
-
Matthias Gerstner authored
While a bit exotic there can exist mounts of locally exported nfs shares that aren't related to EFS. In this case the watchdog fails, because it tries to access the port option that is not present in these unrelated mount entries. To fix this discard entries from /proc/mounts that don't carry a port option.
-
Matthias Gerstner authored
This function only closes the socket on success, i.e. for each unsuccessful bind attempt a socket "leaks". It does not actually leak, because the Python interface implements reference counting. Still it is unclean, because after successful bind the socket is explicitly closed. So either the application is responsible for closing the socket, or not. Since it is better not to rely on the implementation of the Python interpreter and the socket module it should be prefered to always explicitly close the socket. Also this function opens a new socket for each port to try. This is inefficient, since the same socket can be reused for testing. Therefore only open and close a single socket.
-
Matthias Gerstner authored
`os.makedirs()` uses default mode 0777 in Python2. Therefore the protection level of the state_file_dir depends on the inherited umask. A default mode of 0750 is a good conservative default for this. To allow admins and system integrators to tune this setting it is configurable via the new config file setting 'state_file_dir_mode'. This also requires to adjust test_bootstrap_tls to cover the new config option.
-
Matthias Gerstner authored
In python2 the default for `close_fds` is still False, therefore it is possible that open file descriptors like the logfile are inherited to child processes. This is prevented by explicitly passing this parameter to all subprocess invocations.
-
- 07 Mar, 2019 1 commit
-
-
patelia authored
Fix for additional unexpected arguments
-
- 06 Mar, 2019 1 commit
-
-
Eddie Ramirez authored
add test for additional unexpected arguments increment version number
-
- 11 Oct, 2018 1 commit
-
-
Ian Patel authored
This prevents waiting for a close_notify when shutting down a connection.
-
- 25 Sep, 2018 1 commit
-
-
Ian Patel authored
Make "delay = yes" a default stunnel option. Also permit non-root users to view the help text again.
-
- 27 Aug, 2018 5 commits
-
-
Pit Kleyersburg authored
-
Pit Kleyersburg authored
-
Pit Kleyersburg authored
-
Pit Kleyersburg authored
This includes the following changes: * Reduce inline comments that were mostly redundant to the code it described * Added another example to the man-page to make clear that TLS is supported for CNAMEs. For that matter, all other options will also work without change, given that internally the CNAME will only be resolved to an FS-ID before handing back over to the same logic that is already in place. * Small modifications to better adhere to the given codestyle. * Adjusted log messages as suggested.
-
Pit Kleyersburg authored
This change introduces additional logic which allows the user to specify either a fully-qualified EFS DNS name, or a custom DNS name that resolves to a fully-qualified EFS DNS name via a CNAME record. The EFS DNS name will then be compared to the EFS name we would have expected for the given EFS ID. If it doesn't match, we'll show the user a readable error message for this to aid in troubleshooting. Once the EFS DNS name has been verified, the rest of the logic is untouched. This means that this change only impacts the parameter logic at the very start and does not touch anything of the already tested, more critical logic. Important: the usage and internal logic to mount by EFS ID is unchanged, making this change fully backwards compatible. Fixes #9.
-
- 10 Jul, 2018 1 commit
-
-
Ian Patel authored
-
- 09 Jul, 2018 1 commit
-
-
Nick Fiacco authored
* Add a manpage for mount.efs * Improve warning messages in the mount helper * Improve stunnel cleanup functionality
-
- 19 Apr, 2018 1 commit
-
-
Ian Patel authored
* Improve detection of root user * Require OCSPaia and checkHost options for stunnel * Install and use a hand-managed trust store
-
- 02 Apr, 2018 1 commit
-
-
Max Beckett authored
Includes a mount helper utility (mount.efs), an associated watchdog process, unit tests, and build scripts. The utility simplifies mounting and using EFS file systems and optionally enables clients to mount over a TLS tunnel.
-