Installing the Mount Helper utility

Install Mount Helper on your compute host to automate encrypted connections to File Storage for VPC. You can download the package from GitHub or build it from source code.

Before you begin

Before you install Mount Helper, review the requirements and limitations to ensure your environment is compatible.

You must connect to your compute host:

If you want to mount a regional file share on an IBM Power VSI, download the installation package, and follow the steps of Installing the Mount Helper to mount regional file shares.

Downloading the installation package

  1. Download the Mount Helper package from GitHub.

    curl -LO https://github.com/IBM/vpc-file-storage-mount-helper/releases/download/latest/mount.ibmshare-latest.tar.gz
    

    To establish an encrypted connection between a bare metal server and a file share, download Mount Helper version 0.2.1.

  2. Extract the compressed file.

    tar -xvf mount.ibmshare-latest.tar.gz
    

    The file contains the following items: installation and uninstallation scripts, rpm and deb packages, root CA certificates, and the configuration file.

    Closed environments: To install Mount Helper on a virtual server instance without internet connection, create or update a local repository on the VSI based on the OS. Copy the Mount Helper package along with its dependencies to the local directory.

Installing the Mount Helper to mount zonal file shares

  1. To install the Mount Helper and all the dependencies, use the following script and specify the region where the file share is going to be mounted.

    ./install.sh region=us-south
    

    The region argument is used to copy region-specific root CA cert. If no region is specified, then the utility copies all the root CA certs. The following table shows the values that you can use to specify the region.

    Region values that the script accepts
    Location New value Previous Value
    Australia - Sydney au-syd syd
    Brazil - Sao Paulo br-sao sao
    Canada - Montreal ca-mon
    Canada - Toronto ca-tor tor
    Germany - Frankfurt eu-de fra
    India - Chennai - Airtel in-che
    India - Mumbai - Airtel in-mum
    Japan - Osaka jp-osa osa
    Japan - Tokyo jp-tok tok
    Spain - Madrid eu-es mad
    United Kingdom - London eu-gb lon
    United States - Washington, DC us-east wdc
    United States - Dallas, TX us-south dal
  2. Optional - Every installation image is accompanied by a file that contains the checksum value for the image file. For example, the image file ibmshare-0.0.1.tar.gz is accompanied by the ibmshare-0.0.1.tar.gz.sha256 file that contains the checksum value. To verify the integrity of the downloaded package, use the following commands.

    curl -LO https://github.com/IBM/vpc-file-storage-mount-helper/releases/download/latest/mount.ibmshare-latest.tar.gz.sha256
    
    sha256sum -c mount.ibmshare-latest.tar.gz.sha256
    

    A successful response shows "OK". The output looks like the following example.

    # sha256sum -c mount.ibmshare-latest.tar.gz.sha256
    ./mount.ibmshare-latest.tar.gz: OK
    
  3. Optional - By default, a certificate lasts 1 hour, and new certificates are fetched in every 45 minutes. However, you can modify the certificate_duration_seconds option in the configuration file /etc/ibmcloud/share.conf to a different time interval. The new value must be between 5 minutes and 1 hour, and expressed in seconds.

    certificate_duration_seconds = 600
    

    The valid range for certificate_duration_seconds value is 300 - 3600 seconds. The certificates are renewed when the current certs reach 70% of their lifetime.

  4. Optional - If you want to renew the certs immediately with the new expiration time, then run the following command.

    /sbin/mount.ibmshare -RENEW_CERTIFICATE_NOW
    

Installing the Mount Helper to mount regional file shares

Standard installation with stunnel

  1. To install the Mount Helper and all the dependencies, use the following script and specify the --stunnel option.
    ./install.sh --stunnel
    
  2. Optional - Every installation image is accompanied by a file that contains the checksum value for the image file. For example, the image file ibmshare-0.0.1.tar.gz is accompanied by the ibmshare-0.0.1.tar.gz.sha256 file that contains the checksum value. To verify the integrity of the downloaded package, use the following commands.
    curl -LO https://github.com/IBM/vpc-file-storage-mount-helper/releases/download/latest/mount.ibmshare-latest.tar.gz.sha256
    
    sha256sum -c mount.ibmshare-latest.tar.gz.sha256
    
    A successful response shows "OK". The output looks like the following example.
    # sha256sum -c mount.ibmshare-latest.tar.gz.sha256
    ./mount.ibmshare-latest.tar.gz: OK
    

Installing without EPEL and StrongSwan dependencies

If you need to mount regional file shares with encryption in transit but want to avoid installing EPEL and StrongSwan packages, you can use the DO_NOT_INSTALL_IPSEC environment variable. This approach installs only the stunnel components needed for regional file share mounting.

  1. Install the NFS utilities package.
    dnf install nfs-utils
    
  2. Download the Mount Helper package from GitHub.
    curl -LO https://github.com/IBM/vpc-file-storage-mount-helper/releases/download/latest/mount.ibmshare-latest.tar.gz
    
  3. Extract the compressed file.
    tar -xvf mount.ibmshare-latest.tar.gz
    
  4. Set the environment variable to skip IPsec installation.
    export DO_NOT_INSTALL_IPSEC=true
    
  5. Install the Mount Helper with the stunnel option.
    ./install.sh --stunnel
    
  6. Verify that StrongSwan and EPEL were not installed.
    rpm -q strongswan epel-release && dnf repolist enabled | grep -i epel
    
    A successful response shows that the packages are not installed:
    package strongswan is not installed
    package epel-release is not installed
    

After installation, you can mount regional file shares following the procedures in Mounting a regional file share. Traffic between the client and the file storage service is encrypted by using stunnel.

Building the Mount Helper utility from the source code

  • On Debian-based instances, run the following commands:
    apt-get update -y
    apt-get install git make python3 -y
    git clone https://github.com/IBM/vpc-file-storage-mount-helper.git
    cd vpc-file-storage-mount-helper
    make build-deb
    
  • On rpm-based instances, run the following commands:
    yum update -y
    dnf install git make python3 rpm-build -y
    git clone https://github.com/IBM/vpc-file-storage-mount-helper.git
    cd vpc-file-storage-mount-helper
    make build-rpm
    

Updating the Mount Helper

To update the installation package, run the install.sh script again.

./install.sh

Use the --stunnel option when you want to upgrade the stunnel package, too.

Uninstalling the Mount Helper

The following command uninstalls the utility.

./uninstall.sh

Next steps