Huawei Scalable File Service User Manual

Scalable File Service

User Guide

Issue	06
Date	2019-05-30

HUAWEI TECHNOLOGIES CO., LTD.

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise fi in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every ff has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.

Issue 06 (2019-05-30)

Scalable File Service
User Guide	Contents

Contents


1	Permissions Management.....................................................................................................				1
1.1		Creating a User and Granting SFS Permissions............................................................................................................			1
1.2		Creating a Custom Policy		.....................................................................................................................................................	2
2	File System Management......................................................................................................				5
3	Network n g ..........................................................................................................			n	8
3.1		nfig	ng VPCs.....................................................................................................................................................................		8
3.2		nfig	ng DNS...................................................................................................................................................................		12
4	File System Resizing.............................................................................................................				16
5	Quotas......................................................................................................................................				19
6	Backup......................................................................................................................................				21
7	Monitoring..............................................................................................................................				23
7.1		SFS Metrics..............................................................................................................................................................................			23
7.2		SFS Turbo Metrics.................................................................................................................................................................			24
8	Typical Applications..............................................................................................................				27
8.1		HPC............................................................................................................................................................................................			27
8.2		Media Processing..................................................................................................................................................................			29
8.3		Enterprise Website/App Background.............................................................................................................................			30
8.4		Log Printing.............................................................................................................................................................................			31
9	Other Operations..................................................................................................................				33
9.1		Testing SFS Turbo Performance.......................................................................................................................................			33
9.2		Mounting a File System to .............................................................an ECS Running Linux as a Non-root User			38
9.3		Data Migration......................................................................................................................................................................			40
9.3.1 Migrating Data Using Direct ........................................................................................................................Connect					40
9.3.2 Migrating Data Using the ..............................................................................................................................Internet					41
A Change History......................................................................................................................					45

Issue 06 (2019-05-30)

Scalable File Service
User Guide	1 Permissions Management

1Permissions Management

1.1 Creating a User and Granting SFS Permissions

This chapter describes how to use IAM to implement fin g n permissions control for your SFS resources. With IAM, you can:

●Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing SFS resources.

● Grant only the permissions required for users to perform a

fi task.

If your account does not require individual IAM users, skip this section.

This section describes the procedure for granting permissions (see Figure 1-1).

Prerequisites

Learn about the permissions (see	m	n roles and policies) supported
by SFS and choose policies or roles according to your requirements.

Restrictions

●	All	m	fin	policies and custom policies are supported in SFS Capacity-
	Oriented fi		systems.
●	Only	m	fin	policies are supported in SFS Turbo fi systems and
	custom policies are not supported.

Issue 06 (2019-05-30)

Scalable File Service
User Guide	1 Permissions Management

Process Flow

Figure 1-1 Process for granting SFS permissions

1.Create a user group and assign permissions to it.

Create a user group on the IAM console, and attach the SFS ReadOnlyAccess or SFS Turbo ReadOnlyAccess policy to the group.

2.Create a user and add it to a user group.

Create a user on the IAM console and add the user to the group created in 1.

3.Log in and verify permissions.

–Choose Scalable File Service. Click Create File System on SFS Console. If

a message appears indicating that you have n ffi n permissions to perform the operation, the SFS ReadOnlyAccess or SFS Turbo ReadOnlyAccess policy has already taken ff

–Choose any other service. If a message appears indicating that you have

n ffi n permissions to access the service, the SFS ReadOnlyAccess or SFS Turbo ReadOnlyAccess policy has already taken ff

1.2 Creating a Custom Policy

Custom policies can be created to supplement the m fin policies of SFS. For the actions supported for custom policies, see Permissions Policies and Supported Actions.

You can create custom policies in either of the following two ways:

●Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.

Issue 06 (2019-05-30)

Scalable File Service
User Guide	1 Permissions Management

●JSON: Edit JSON policies from scratch or based on an existing policy.

For details, see Creating a Custom Policy. This section provides examples of common custom SFS policies.

Restrictions

A custom policy applies only to SFS Capacity-Oriented fi systems, not SFS Turbo fi systems.

Example Custom Policies

● Example 1: Allowing users to create fi systems

{

"Version": "1.1", "Statement": [

{

"Action": [ "sfs:shares:createShare"

ff "Allow"

}

]

}

● Example 2: Denying fi system deletion

A policy with only "Deny" permissions must be used in conjunction with other policies to take ff If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.

The following method can be used if you need to assign permissions of the SFS FullAccess policy to a user but also forbid the user from deleting fi

systems. Create a custom policy for denying fi	system deletion, and attach
both policies to the group to which the user belongs. Then, the user can
perform all operations on SFS except deleting fi	systems. The following is an
example of a deny policy:

{

"Version": "1.1", "Statement": [

{

ff "Deny", "Action": [

"sfs:shares:deleteShare"

]

}

]

}

●Example 3: fin ng permissions for multiple services in a policy

A custom policy can contain actions of multiple services that are all of the global or project-level type. The following is an example policy containing actions of multiple services:

{

"Version": "1.1", "Statement": [

{

ff "Allow", "Action": [

"sfs:shares:createShare",

"sfs:shares:deleteShare",

"sfs:shares:updateShare"

Issue 06 (2019-05-30)

Scalable File Service
User Guide	1 Permissions Management

]

{

ff "Allow", "Action": [

"ecs:servers:delete"

]

}

]

}

Issue 06 (2019-05-30)

Scalable File Service
User Guide	2 File System Management

2File System Management

Viewing a File System

You can search for fi systems by fi system name keyword or fi system status, and view their basic information.

Procedure

Step 1	Log in to SFS Console.
Step 2	In the fi system list, view the fi systems you have created. Table 2-1 describes

the parameters of each fi system.

Table 2-1 Parameter description

Parameter	Description

Name	Name of the fi system, for example, sfs-name-001

AZ	Availability zone where the fi	system is located

Status	Possible values are Available, Unavailable, Frozen,
	Creating, Deleting.

Type	File system type.

Protocol Type	The NFS protocol is supported.

Used Capacity	Used space of the fi system for storing data
(GB)	NOTE
	This information is refreshed every 15 minutes.

Maximum	Maximum capacity of the fi	system
Capacity (GB)

Mount Address	File system mount point. The format is File system domain
	name:/path or File system IP address:/.
	NOTE
	If the mount point is too long to display completely, you can adjust
	the column width.

Issue 06 (2019-05-30)

Scalable File Service
User Guide			2 File System Management

	Parameter	Description

	Operation	For an SFS Capacity-Oriented fi system, operations include
		resizing, deletion, and monitoring indicator viewing.
		For an SFS Turbo fi	system, operations include capacity
		expansion, deletion, and monitoring indicator viewing.

Step 3 (Optional) Search for fi systems by fi			system name keyword, key ID, or fi
	system status.
	----End

Deleting a File System

After a fi system is deleted, data in it cannot be restored. To prevent data loss, before deleting a fi system, ensure that fi in it have been backed up.

Prerequisites

You have unmounted the fi system to be deleted. For details about how to unmount the fi system, see Unmounting a File System.

Procedure

Step 1	Log in to SFS Console.
Step 2	In the fi system list, click Delete in the row of the fi		system you want to delete.
	If you want to delete more than one fi system at a time, select the fi			systems,
	and then click Delete in the upper left part of the fi		system list. In the dialog
	box that is displayed,	nfi m the information, enter Delete in the text box, and
	then click Yes. The batch deletion function can be used to delete SFS fi			systems
	only.
Step 3	In the displayed dialog box, as shown in Figure 2-1,		nfi m the information,
	enter Delete in the text box, and then click Yes.
	NOTE
	Only Available and Unavailable fi systems can be deleted.
	Figure 2-1 Deleting a fi	system

Issue 06 (2019-05-30)

Scalable File Service
User Guide	2 File System Management
Step 4 Check the fi system list to	nfi m that the fi system is deleted successfully.
----End

Issue 06 (2019-05-30)

Scalable File Service
User Guide	3 Network nfig	n

3Network n g

3.1n g ng VPCs

VPC provisions an isolated virtual network environment fin and managed by yourself, improving the security of cloud resources and simplifying network deployment. When using SFS, a fi system and the associated ECSs need to belong to the same VPC for fi sharing.

In addition, VPC can use network access control lists (ACLs) to implement access control. A network ACL is an access control policy system for one or more subnets. Based on inbound and outbound rules, it determines whether data packets are allowed in or out of any associated subnet. In the VPC list of a fi system, each time an authorization address is added and the corresponding permissions are set, a network ACL is created.

For more information about VPC, see the Virtual Private Cloud.

Scenarios

Multiple VPCs can be	nfig	for an SFS Capacity-Oriented fi	system so that
ECSs belonging to ff	n VPCs can share the same fi system, as long as the
VPCs that the ECSs belong to are added to the VPC list of the fi			system or the
ECSs are added to the authorized addresses of the VPCs.

Restrictions

●	You can add a maximum of 20 VPCs for each fi system. A maximum of 400
	ACL rules for added VPCs can be created. When adding a VPC, the default IP
	address 0.0.0.0/0 is automatically added.
●	If a VPC bound to the fi system has been deleted from the VPC console, the
	IP address/address segment of this VPC in the VPC list of the fi system can
	still be seen as activated. However, this VPC cannot be used any longer and
	you are advised to delete the VPC from the list.
●	SFS Turbo fi systems do not support multiple VPCs at the moment.

Issue 06 (2019-05-30)

Scalable File Service
User Guide	3 Network nfig	n

Procedure

Step 1	Log in to SFS Console.
Step 2	In the fi system list, click the name of the target fi system. On the page that is
	displayed, locate the Authorizations area.
Step 3	If no VPCs are available, apply for one. You can add multiple VPCs for a fi
	system. Click Add Authorized VPC and the Add Authorized VPC dialog box is
	displayed. See Figure 3-1.
	You can select multiple VPCs from the drop-down list.
	Figure 3-1 Adding VPCs

Step 4 Click OK. A successfully added VPC is displayed in the list. When adding a VPC, the default IP address 0.0.0.0/0 is automatically added. The default read/write permission is Read-write, the default user permission is no_all_squash, and the default root permission is no_root_squash.

Step 5 View the VPC information in the VPC list. For details about the parameters, see

Table 3-1.

Table 3-1 Parameter description

Parameter	Description

Name	Name of the added VPC, for example,
	vpc-01

Authorized Addresses/Segments	Number of added IP addresses or IP
	address segments

Operation	The value can be Add or Delete. Add:
	Adds an authorized VPC. This
	operation nfig	the IP address,
	read/write permission, user permission,
	user root permission, and priority. For
	details, see Table 3-2. Delete: Deletes
	this VPC.

Step 6 Click on the left of the VPC name to view details about the IP addresses/ segments added to this VPC. You can add, edit, or delete IP addresses/segments. In

Issue 06 (2019-05-30)

Scalable File Service
User Guide	3 Network nfig	n

the Operation column of the target VPC, click Add. The Add Authorized Address/Segment dialog box is displayed. See Figure 3-2. Table 3-2 describes the parameters to be nfig

Figure 3-2 Adding an authorized address or segment

Table 3-2 Parameter description

Parameter	Description

Authorized	● Only one IPv4 address or address segment can be
Address/Segment	entered.
	● The entered IPv4 address or address segment must be
	valid and cannot be an IP address or address segment
	starting with 0 except 0.0.0.0/0. The value 0.0.0.0/0
	indicates any IP address in the VPC. In addition, the IP
	address or address segment cannot start with 127 or any
	number from 224 to 255, such as 127.0.0.1, 224.0.0.1, or
	255.255.255.255. This is because IP addresses or address
	segments starting with any number from 224 to 239 are
	class D addresses and they are reserved for multicast. IP
	addresses or address segments starting with any number
	from 240 to 255 are class E addresses and they are
	reserved for research purposes. If an invalid IP address or
	address segment is used, the access rule may fail to be
	added or the added access rule cannot take ff
	● Multiple addresses separated by commas (,), such as
	10.0.1.32,10.5.5.10 are not allowed.
	● An address segment, for example, 192.168.1.0 to
	192.168.1.255, needs to be in the mask format like
	192.168.1.0/24. Other formats such as 192.168.1.0-255
	are not allowed. The number of bits in a subnet mask
	must be an integer ranging from 0 to 31. The number of
	bits 0 is valid only in 0.0.0.0/0.

Read-Write	The value can be Read-write or Read-only. The default
Permission	value is Read-write.

Issue 06 (2019-05-30)

Scalable File Service
User Guide			3 Network nfig	n

	Parameter	Description

	User Permission	fi	whether to retain the user n fi (UID) and
		group	n fi (GID) of the shared directory. The default
		value is no_all_squash.
		● all_squash: The UID and GID of a shared directory are
		mapped to user nobody, which is applicable to public
		directories.
		● no_all_squash: The UID and GID of a shared directory
		are retained.

	User Root	fi	whether to allow the root permission of the client.
	Permission	The default value is no_root_squash.
		● root_squash: Clients cannot access as the root user.
		When a client accesses as the root user, the user is
		mapped to the nobody user.
		● no_root_squash: Clients are allowed to access as the
		root user who has full control and access permissions of
		the root directories.

	Priority	The value must be an integer ranging from 0 to 100. 0
		indicates the highest priority, and 100 indicates the lowest
		priority. In the same VPC, the permission of the IP address
		or address segment with the highest priority is
		preferentially used. If some IP addresses or address
		segments are of the same priority, the permission of the
		most recently added or m fi one prevails.
		For example, if the IP address for mounting is 10.1.1.32 and
		both 10.1.1.32 (read/write) with priority 100 and
		10.1.1.0/24 (read-only) with priority 50 meet the
		requirements, the permission of 10.1.1.0/24 (read-only)
		with priority 50 prevails. That is, if there is no other
		authorized priority, the permission of all IP addresses in the
		10.1.1.0/24 segment, including 10.1.1.32, is read-only.

	NOTE
	For an ECS in VPC A, its IP address can be added to the authorized IP address list of VPC B,
	but the fi system of VPC B cannot be mounted to this ECS. The VPC used by the ECS and
	the fi system must be the same one.
	----End

After another VPC is nfig		for the fi system, if the fi	system can be
mounted to ECSs in the VPC and the ECSs can access the fi			system, the
nfig	n is successful.

Issue 06 (2019-05-30)

Scalable File Service
User Guide	3 Network nfig	n

Example

A user creates an SFS Capacity-Oriented fi system A in VPC-B. The network segment is 10.0.0.0/16. The user has an ECS D in VPC-C, using the private IP address 192.168.10.11 in network segment 192.168.10.0/24. If the user wants to mount fi system A to ECS D and allow the fi system to be read and written, the user needs to add VPC-C to fi system A's VPC list, add ECS D's private IP address or address segment to the authorized addresses of VPC-C, and then set ReadWrite Permission to Read-write.

The user purchases an ECS F that uses the private IP address 192.168.10.22 in the VPC-C network segment 192.168.10.0/24. If the user wants ECS F to have only the read permission for fi system A and its read priority to be lower than that of ECS D, the user needs to add ECS F's private IP address to VPC-C's authorized addresses, set Read-Write Permission to Read-only, and set Priority to an integer between 0 and 100 and greater than the priority set for ECS D.

3.2n g ng DNS

A DNS server is used to resolve domain names of fi systems. For details about DNS server IP addresses, see What Are the Private DNS Server Addresses

Provided by the DNS Service?

Scenarios

By default, the IP address of the DNS server used to resolve domain names of fi


systems is automatically nfig		on ECSs when creating ECSs. No manual
nfig	n is needed except when the resolution fails due to a change in the
DNS server IP address.

Windows Server 2012 is used as an example in the operation procedures for Windows.

Procedure (Linux)

Step 1 Log in to the ECS as user root.

Step 2 Run the vi /etc/resolv.conf command to edit the /etc/resolv.conf fi Add the DNS server IP address above the existing nameserver information. See Figure 3-3.

Figure 3-3 nfig ng DNS

The format is as follows:

nameserver 100.125.1.250

Step 3 Press Esc, input :wq, and press Enter to save the changes and exit the vi editor. Step 4 Run the following command to check whether the IP address is successfully added:

Issue 06 (2019-05-30)

+ 34 hidden pages

Huawei Scalable File Service User Manual

Contents

1 Permissions Management

1.1 Creating a User and Granting SFS Permissions

1.2 Creating a Custom Policy

2 File System Management