Updates to allow IP based EFS mount

Author: jl-0

Dockerfile

@@ -36,6 +36,8 @@ RUN apt-get update && apt-get install -y \
     sqlite3 \
     python3 \
     python3-pip \
+    nfs-common \
+    gosu \
     && rm -rf /var/lib/apt/lists/*
 
 # Install Terraform
@@ -74,11 +76,15 @@ WORKDIR /app
 COPY --from=backend-builder /app/management-console ./
 COPY --from=frontend-builder /app/build ./build
 
-# Set ownership
-RUN chown -R unity:unity /app
+# Copy entrypoint script
+COPY docker-entrypoint.sh /usr/local/bin/
 
-# Switch to non-root user
-USER unity
+# Set ownership and permissions
+RUN chown -R unity:unity /app && \
+    chmod +x /usr/local/bin/docker-entrypoint.sh
+
+# Note: We don't switch to unity user here because we need root for NFS mounting
+# The entrypoint script will handle proper permissions
 
 # Create Unity config directory in container
 RUN mkdir -p /home/unity/.unity
@@ -95,5 +101,8 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
 # Expose port
 EXPOSE 8080
 
+# Set entrypoint
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+
 # Default command
 CMD ["./management-console", "webapp"]

docker-entrypoint.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+set -e
+
+# Function to mount EFS with IP address
+mount_efs_with_ip() {
+    local efs_ip="$1"
+    local efs_id="$2"
+    local access_point="$3"
+    local mount_path="$4"
+    
+    echo "Mounting EFS with IP address: $efs_ip"
+    
+    # Create mount options
+    MOUNT_OPTIONS="nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport"
+    
+    # Add access point if provided
+    if [ -n "$access_point" ]; then
+        MOUNT_OPTIONS="${MOUNT_OPTIONS},accesspoint=${access_point}"
+    fi
+    
+    # Ensure mount path exists
+    mkdir -p "$mount_path"
+    
+    # Mount using IP address
+    mount -t nfs4 -o "$MOUNT_OPTIONS" "${efs_ip}:/" "$mount_path"
+    
+    echo "EFS mounted successfully at $mount_path"
+}
+
+# Check if EFS mounting is needed
+if [ -n "$EFS_IP_ADDRESS" ] && [ -n "$EFS_FILE_SYSTEM_ID" ]; then
+    echo "EFS IP address provided, attempting to mount..."
+    
+    # Default mount path
+    MOUNT_PATH="${EFS_MOUNT_PATH:-/data}"
+    
+    # Mount EFS using IP address
+    mount_efs_with_ip "$EFS_IP_ADDRESS" "$EFS_FILE_SYSTEM_ID" "$EFS_ACCESS_POINT_ID" "$MOUNT_PATH"
+    
+    # Verify mount
+    if mountpoint -q "$MOUNT_PATH"; then
+        echo "EFS mount verified at $MOUNT_PATH"
+        
+        # Create required directories with proper permissions
+        mkdir -p "$MOUNT_PATH/workdir" "$MOUNT_PATH/database" "$MOUNT_PATH/config"
+        chown -R unity:unity "$MOUNT_PATH"
+    else
+        echo "ERROR: EFS mount failed"
+        exit 1
+    fi
+else
+    echo "No EFS_IP_ADDRESS provided, skipping EFS mount"
+fi
+
+# Drop privileges and execute the main command as unity user
+exec gosu unity:unity "$@"

infrastructure/ecs-task-definition-with-efs-ip.json

@@ -0,0 +1,126 @@
+{
+  "family": "unity-management-console",
+  "networkMode": "awsvpc",
+  "requiresCompatibilities": ["FARGATE"],
+  "cpu": "512",
+  "memory": "1024",
+  "executionRoleArn": "arn:aws:iam::<ACCOUNT_ID>:role/unity-dev-ecs-task-execution",
+  "taskRoleArn": "arn:aws:iam::<ACCOUNT_ID>:role/unity-dev-ecs-task",
+  "containerDefinitions": [
+    {
+      "name": "unity-console",
+      "image": "<ACCOUNT_ID>.dkr.ecr.us-west-2.amazonaws.com/unity-dev-console:latest",
+      "essential": true,
+      "portMappings": [
+        {
+          "containerPort": 8080,
+          "hostPort": 8080,
+          "protocol": "tcp"
+        }
+      ],
+      "environment": [
+        {
+          "name": "UNITY_WORKDIR",
+          "value": "/data/workdir"
+        },
+        {
+          "name": "UNITY_DATABASE_PATH",
+          "value": "/data/database"
+        },
+        {
+          "name": "UNITY_CONFIG_PATH",
+          "value": "/data/config/unity.yaml"
+        },
+        {
+          "name": "UNITY_AWSREGION",
+          "value": "us-west-2"
+        },
+        {
+          "name": "UNITY_PROJECT",
+          "value": "myproject"
+        },
+        {
+          "name": "UNITY_VENUE",
+          "value": "dev"
+        },
+        {
+          "name": "UNITY_INSTALLPREFIX",
+          "value": "unity"
+        },
+        {
+          "name": "UNITY_BUCKETNAME",
+          "value": "unity-myproject-dev-terraform-state"
+        },
+        {
+          "name": "UNITY_MARKETPLACEOWNER",
+          "value": "unity-sds"
+        },
+        {
+          "name": "UNITY_MARKETPLACEREPO",
+          "value": "unity-marketplace"
+        },
+        {
+          "name": "EFS_IP_ADDRESS",
+          "value": "<EFS_MOUNT_TARGET_IP>"
+        },
+        {
+          "name": "EFS_FILE_SYSTEM_ID",
+          "value": "<EFS_FILE_SYSTEM_ID>"
+        },
+        {
+          "name": "EFS_ACCESS_POINT_ID",
+          "value": "<EFS_ACCESS_POINT_ID>"
+        },
+        {
+          "name": "EFS_MOUNT_PATH",
+          "value": "/data"
+        }
+      ],
+      "logConfiguration": {
+        "logDriver": "awslogs",
+        "options": {
+          "awslogs-group": "/ecs/unity-management-console",
+          "awslogs-region": "us-west-2",
+          "awslogs-stream-prefix": "ecs"
+        }
+      },
+      "healthCheck": {
+        "command": [
+          "CMD-SHELL",
+          "curl -f http://localhost:8080/health || exit 1"
+        ],
+        "interval": 30,
+        "timeout": 5,
+        "retries": 3,
+        "startPeriod": 60
+      },
+      "stopTimeout": 30,
+      "startTimeout": 120,
+      "linuxParameters": {
+        "capabilities": {
+          "add": ["SYS_ADMIN"]
+        }
+      },
+      "privileged": false
+    }
+  ],
+  "placementConstraints": [],
+  "tags": [
+    {
+      "key": "Project",
+      "value": "unity"
+    },
+    {
+      "key": "Environment",
+      "value": "dev"
+    },
+    {
+      "key": "ManagedBy",
+      "value": "terraform"
+    },
+    {
+      "key": "Application",
+      "value": "unity-management-console"
+    }
+  ]
+}