Huawei Scalable File Service User Manual

Scalable File Service

User Guide

Issue 06

Date 2019-05-30

HUAWEI TECHNOLOGIES CO., LTD.

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specied in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every eort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.

Scalable File Service User Guide Contents

1 Permissions Management..................................................................................................... 1

1.1 Creating a User and Granting SFS Permissions............................................................................................................ 1

1.2 Creating a Custom Policy..................................................................................................................................................... 2

2 File System Management...................................................................................................... 5

3 Network Conguration.......................................................................................................... 8

3.1

Conguring VPCs..................................................................................................................................................................... 8

3.2 Conguring DNS................................................................................................................................................................... 12

4 File System Resizing............................................................................................................. 16

5 Quotas......................................................................................................................................19

6 Backup......................................................................................................................................21

7 Monitoring.............................................................................................................................. 23

7.1 SFS Metrics.............................................................................................................................................................................. 23

7.2 SFS Turbo Metrics................................................................................................................................................................. 24

8 Typical Applications..............................................................................................................27

8.1 HPC............................................................................................................................................................................................ 27

8.2 Media Processing.................................................................................................................................................................. 29

8.3 Enterprise Website/App Background............................................................................................................................. 30

8.4 Log Printing.............................................................................................................................................................................31

9 Other Operations.................................................................................................................. 33

9.1 Testing SFS Turbo Performance....................................................................................................................................... 33

9.2 Mounting a File System to an ECS Running Linux as a Non-root User.............................................................38

9.3 Data Migration...................................................................................................................................................................... 40

9.3.1 Migrating Data Using Direct Connect........................................................................................................................ 40

9.3.2 Migrating Data Using the Internet..............................................................................................................................41

A Change History...................................................................................................................... 45

Scalable File Service User Guide 1 Permissions Management

1 Permissions Management

1.1 Creating a User and Granting SFS Permissions

This chapter describes how to use IAM to implement ne-grained permissions control for your SFS resources. With IAM, you can:

Prerequisites

Restrictions

● Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing SFS resources.

● Grant only the permissions required for users to perform a

If your account does not require individual IAM users, skip this section.

This section describes the procedure for granting permissions (see Figure 1-1).

Learn about the permissions (see by SFS and choose policies or roles according to your requirements.

● All system-dened policies and custom policies are supported in SFS CapacityOriented

● Only system-dened policies are supported in SFS Turbo le systems and custom policies are not supported.

le systems.

System-dened roles and policies) supported

specic task.

Scalable File Service User Guide 1 Permissions Management

Process Flow

Figure 1-1 Process for granting SFS permissions

1. Create a user group and assign permissions to it.

Create a user group on the IAM console, and attach the SFS ReadOnlyAccess or SFS Turbo ReadOnlyAccess policy to the group.

2. Create a user and add it to a user group.

Create a user on the IAM console and add the user to the group created in 1.

3. Log in and verify permissions.

– Choose Scalable File Service. Click Create File System on SFS Console. If

a message appears indicating that you have perform the operation, the SFS ReadOnlyAccess or SFS Turbo ReadOnlyAccess policy has already taken

– Choose any other service. If a message appears indicating that you have

insucient permissions to access the service, the SFS ReadOnlyAccess or SFS Turbo ReadOnlyAccess policy has already taken

1.2 Creating a Custom Policy

Custom policies can be created to supplement the system-dened policies of SFS. For the actions supported for custom policies, see Permissions Policies and

Supported Actions.

insucient permissions to

eect.

You can create custom policies in either of the following two ways:

● Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.

Scalable File Service User Guide 1 Permissions Management

● JSON: Edit JSON policies from scratch or based on an existing policy.

For details, see Creating a Custom Policy. This section provides examples of common custom SFS policies.

Restrictions

A custom policy applies only to SFS Capacity-Oriented le systems, not SFS Turbo le systems.

Example Custom Policies

● Example 1: Allowing users to create le systems

{ "Version": "1.1", "Statement": [ { "Action": [ "sfs:shares:createShare" ],

} ] }

● Example 2: Denying le system deletion

A policy with only "Deny" permissions must be used in conjunction with other policies to take eect. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.

The following method can be used if you need to assign permissions of the SFS FullAccess policy to a user but also forbid the user from deleting systems. Create a custom policy for denying le system deletion, and attach both policies to the group to which the user belongs. Then, the user can perform all operations on SFS except deleting example of a deny policy:

{ "Version": "1.1", "Statement": [ {

"Action": [ "sfs:shares:deleteShare" ] } ] }

● Example 3:

A custom policy can contain actions of multiple services that are all of the global or project-level type. The following is an example policy containing actions of multiple services:

{ "Version": "1.1", "Statement": [ {

"Action": [ "sfs:shares:createShare", "sfs:shares:deleteShare", "sfs:shares:updateShare"

"Eect": "Allow"

le

le systems. The following is an

"Eect": "Deny",

Dening permissions for multiple services in a policy

"Eect": "Allow",

Scalable File Service User Guide 1 Permissions Management

] }, { "Eect": "Allow", "Action": [ "ecs:servers:delete" ] } ] }

Scalable File Service User Guide 2 File System Management

2 File System Management

Viewing a File System

Procedure

Step 1 Log in to SFS Console.

Step 2 In the

You can search for and view their basic information.

le system list, view the le systems you have created. Table 2-1 describes

the parameters of each le system.

Table 2-1 Parameter description

Parameter

Name Name of the le system, for example, sfs-name-001

AZ Availability zone where the le system is located

Status Possible values are Available, Unavailable, Frozen,

Type File system type.

Protocol Type The NFS protocol is supported.

le systems by le system name keyword or le system status,

Description

Creating, Deleting.

Used Capacity (GB)

Maximum Capacity (GB)

Mount Address File system mount point. The format is

Used space of the le system for storing data

NOTE

This information is refreshed every 15 minutes.

Maximum capacity of the le system

File system domain

name:/path

NOTE

If the mount point is too long to display completely, you can adjust the column width.

File system IP address

:/.

NO TE

Scalable File Service User Guide 2 File System Management

Parameter Description

Operation For an SFS Capacity-Oriented le system, operations include

resizing, deletion, and monitoring indicator viewing.

For an SFS Turbo le system, operations include capacity expansion, deletion, and monitoring indicator viewing.

Step 3 (Optional) Search for

system status.

----End

Deleting a File System

After a le system is deleted, data in it cannot be restored. To prevent data loss, before deleting a le system, ensure that les in it have been backed up.

Prerequisites

You have unmounted the unmount the le system, see Unmounting a File System.

Procedure

Step 1 Log in to SFS Console.

Step 2 In the

If you want to delete more than one le system at a time, select the le systems, and then click Delete in the upper left part of the box that is displayed, conrm the information, enter Delete in the text box, and then click Yes. The batch deletion function can be used to delete SFS only.

le system list, click Delete in the row of the le system you want to delete.

le systems by le system name keyword, key ID, or le

le system to be deleted. For details about how to

le system list. In the dialog

le systems

Step 3 In the displayed dialog box, as shown in Figure 2-1,

enter Delete in the text box, and then click Yes.

Only Available and Unavailable le systems can be deleted.

Figure 2-1 Deleting a le system

conrm the information,

Scalable File Service User Guide 2 File System Management

Step 4 Check the le system list to conrm that the le system is deleted successfully.

----End

Scalable File Service User Guide 3 Network Conguration

3 Network Conguration

3.1 Conguring VPCs

VPC provisions an isolated virtual network environment dened and managed by yourself, improving the security of cloud resources and simplifying network deployment. When using SFS, a belong to the same VPC for le sharing.

le system and the associated ECSs need to

Scenarios

Restrictions

In addition, VPC can use network access control lists (ACLs) to implement access control. A network ACL is an access control policy system for one or more subnets. Based on inbound and outbound rules, it determines whether data packets are allowed in or out of any associated subnet. In the VPC list of a time an authorization address is added and the corresponding permissions are set, a network ACL is created.

For more information about VPC, see the Virtual Private Cloud.

Multiple VPCs can be ECSs belonging to VPCs that the ECSs belong to are added to the VPC list of the le system or the ECSs are added to the authorized addresses of the VPCs.

● You can add a maximum of 20 VPCs for each ACL rules for added VPCs can be created. When adding a VPC, the default IP address 0.0.0.0/0 is automatically added.

● If a VPC bound to the IP address/address segment of this VPC in the VPC list of the le system can still be seen as activated. However, this VPC cannot be used any longer and you are advised to delete the VPC from the list.

● SFS Turbo

le systems do not support multiple VPCs at the moment.

congured for an SFS Capacity-Oriented le system so that

dierent VPCs can share the same le system, as long as the

le system. A maximum of 400

le system has been deleted from the VPC console, the

le system, each

Scalable File Service User Guide 3 Network Conguration

Procedure

Step 1 Log in to SFS Console.

Step 2 In the

displayed, locate the Authorizations area.

Step 3 If no VPCs are available, apply for one. You can add multiple VPCs for a

system. Click Add Authorized VPC and the Add Authorized VPC dialog box is displayed. See Figure 3-1.

You can select multiple VPCs from the drop-down list.

Figure 3-1 Adding VPCs

Step 4 Click OK. A successfully added VPC is displayed in the list. When adding a VPC, the

default IP address 0.0.0.0/0 is automatically added. The default read/write permission is Read-write, the default user permission is no_all_squash, and the default root permission is no_root_squash.

le system list, click the name of the target le system. On the page that is

le

Step 5 View the VPC information in the VPC list. For details about the parameters, see

Table 3-1.

Table 3-1 Parameter description

Parameter

Name Name of the added VPC, for example,

Authorized Addresses/Segments Number of added IP addresses or IP

Operation The value can be Add or Delete. Add:

Step 6 Click on the left of the VPC name to view details about the IP addresses/

segments added to this VPC. You can add, edit, or delete IP addresses/segments. In

Description

vpc-01

address segments

Adds an authorized VPC. This operation congures the IP address, read/write permission, user permission, user root permission, and priority. For details, see Table 3-2. Delete: Deletes this VPC.

Scalable File Service User Guide 3 Network Conguration

the Operation column of the target VPC, click Add. The Add Authorized Address/Segment dialog box is displayed. See Figure 3-2. Table 3-2 describes the parameters to be congured.

Figure 3-2 Adding an authorized address or segment

Table 3-2 Parameter description

Parameter Description

Authorized Address/Segment

● Only one IPv4 address or address segment can be entered.

● The entered IPv4 address or address segment must be valid and cannot be an IP address or address segment starting with 0 except 0.0.0.0/0. The value 0.0.0.0/0 indicates any IP address in the VPC. In addition, the IP address or address segment cannot start with 127 or any number from 224 to 255, such as 127.0.0.1, 224.0.0.1, or

255.255.255.255. This is because IP addresses or address segments starting with any number from 224 to 239 are class D addresses and they are reserved for multicast. IP addresses or address segments starting with any number from 240 to 255 are class E addresses and they are reserved for research purposes. If an invalid IP address or address segment is used, the access rule may fail to be added or the added access rule cannot take

● Multiple addresses separated by commas (,), such as

10.0.1.32,10.5.5.10 are not allowed.

● An address segment, for example, 192.168.1.0 to

192.168.1.255, needs to be in the mask format like

192.168.1.0/24. Other formats such as 192.168.1.0-255 are not allowed. The number of bits in a subnet mask must be an integer ranging from 0 to 31. The number of bits 0 is valid only in 0.0.0.0/0.

eect.

Read-Write Permission

The value can be Read-write or Read-only. The default value is Read-write.

NO TE

Scalable File Service User Guide 3 Network Conguration

Parameter Description

User Permission Species whether to retain the user identier (UID) and

group identier (GID) of the shared directory. The default value is no_all_squash.

● all_squash: The UID and GID of a shared directory are mapped to user nobody, which is applicable to public directories.

● no_all_squash: The UID and GID of a shared directory are retained.

User Root Permission

Species whether to allow the root permission of the client. The default value is no_root_squash.

● root_squash: Clients cannot access as the root user. When a client accesses as the root user, the user is mapped to the nobody user.

● no_root_squash: Clients are allowed to access as the root user who has full control and access permissions of the root directories.

Priority The value must be an integer ranging from 0 to 100. 0

indicates the highest priority, and 100 indicates the lowest priority. In the same VPC, the permission of the IP address or address segment with the highest priority is preferentially used. If some IP addresses or address segments are of the same priority, the permission of the most recently added or

modied one prevails.

For example, if the IP address for mounting is 10.1.1.32 and both 10.1.1.32 (read/write) with priority 100 and

10.1.1.0/24 (read-only) with priority 50 meet the

requirements, the permission of 10.1.1.0/24 (read-only) with priority 50 prevails. That is, if there is no other authorized priority, the permission of all IP addresses in the

10.1.1.0/24 segment, including 10.1.1.32, is read-only.

For an ECS in VPC A, its IP address can be added to the authorized IP address list of VPC B, but the le system of VPC B cannot be mounted to this ECS. The VPC used by the ECS and the le system must be the same one.

----End

Verication

After another VPC is congured for the le system, if the le system can be mounted to ECSs in the VPC and the ECSs can access the conguration is successful.

le system, the

Scalable File Service User Guide 3 Network Conguration

Example

A user creates an SFS Capacity-Oriented le system A in VPC-B. The network segment is 10.0.0.0/16. The user has an ECS D in VPC-C, using the private IP address 192.168.10.11 in network segment 192.168.10.0/24. If the user wants to mount le system A to ECS D and allow the le system to be read and written, the user needs to add VPC-C to or address segment to the authorized addresses of VPC-C, and then set Read- Write Permission to Read-write.

The user purchases an ECS F that uses the private IP address 192.168.10.22 in the VPC-C network segment 192.168.10.0/24. If the user wants ECS F to have only the read permission for D, the user needs to add ECS F's private IP address to VPC-C's authorized addresses, set Read-Write Permission to Read-only, and set Priority to an integer between 0 and 100 and greater than the priority set for ECS D.

le system A and its read priority to be lower than that of ECS

le system A's VPC list, add ECS D's private IP address

3.2 Conguring DNS

A DNS server is used to resolve domain names of le systems. For details about DNS server IP addresses, see What Are the Private DNS Server Addresses

Provided by the DNS Service?

Scenarios

By default, the IP address of the DNS server used to resolve domain names of systems is automatically congured on ECSs when creating ECSs. No manual conguration is needed except when the resolution fails due to a change in the DNS server IP address.

Windows Server 2012 is used as an example in the operation procedures for Windows.

Procedure (Linux)

Step 1 Log in to the ECS as user root.

Step 2 Run the vi /etc/resolv.conf command to edit the /etc/resolv.conf

DNS server IP address above the existing nameserver information. See Figure 3-3.

Figure 3-3 Conguring DNS

le

le. Add the

The format is as follows:

nameserver 100.125.1.250

Step 3 Press Esc, input :wq, and press Enter to save the changes and exit the vi editor.

Step 4 Run the following command to check whether the IP address is successfully added:

+ 34 hidden pages