Shared File Systems
About Shared File Systems
There are different types of storage (with different access protocols), each is best suitable for specific purposes. Virtual machines (instances) usually use block storage devices (also known as Volumes) to format it with a file system and then mount, to make that file system available to the services and applications. For read and write data directly from the applications, the Object Storage is often the preferred choice. For structured data and records, use of the databases is the most common.
Additionally to those types of storage, a shared file system (sometimes referred as a "network share", or even "NAS" - "Network Attached Storage") is a popular choice for many applications. Like volumes, it is used to store files and directories. Unlike volumes, it allows the storage to be used simultaneously by many users over the network.
A shared file is accessed through the network - and thus relies on a networking protocol implementing such file system access. The User platform allows access through either NFS (which is more common for Linux or Unix environments), or CIFS (more common in Windows ). However, usage of these protocol is not a requirement or even a preference - there are drivers and clients allowing NFS to be used on Windows, and CIFS on Linux - so the choice is mostly driven by the application and administrator preferences.
Creating a new Share Network
To create a new share, you first need to create a share network. A share network is simply a reference to one of the subnets/networks in your project - by having a share network, the Shared File System service can make sure that the networking backend is properly interconnected and the users on that network can access the shared file system.
Only networks connected to routers can have share networks associated with them. The reason of this requirement is that shared file systems are created on a separate network - and connected to the same routers as you target network. So, if a network is not connected to any router, the platform cannot provide connectivity between the instances on that network, and the file system shares.
Note that even if a network is not referred by a share network, it may be still possible to get access to the share. Imagine the following configuration:
- Two networks,
network2 are connected to the router
- A share network
share-net1 refers the network
- A shared file system
share1 is created on
In this case, instances on both
network2 networks may get access to
share1 (assuming access control list allows it), because
router1 will be able to deliver traffic between shares and instances to either of these networks.
To create a new share network, click on the "Shared file systems" section in the left-hand navigation menu. From there, click Networks and then "Create share network" button. Specify Name, optional Description, and select proper target subnet in the dropdown list of Networks (Network configuration section).
Once the share network is ready, you can create a shared file system.
Creating Shared File Systems
To create a new shared file system, click on the "Shared file systems" section in the left-hand navigation menu. From there, you can manage Shares (shown as "File systems" in the portal) and Share networks (shown as "Networks").
When creating a shared file system, you can use the following options:
- Name of the share, and optional Description.
- Protocol through which you want to access the share - either NFS or CIFS.
- Size of the share (the amount of storage available on the share), in GB.
- Create from: you can create either a new (empty) share, or create one from a snapshot .
- Share network, a reference to the network in your project on which the share will be available.
Managing Shared File Systems
Once a share is created (the status becomes "Available"), you can assess it by connecting to the export path shown as "Export location". To see the export location assigned to a share, click on the share action menu, and select the "Export Locations" item. The export location is a reference that the users will use to access (or mount) the share.
For example, an NFS export location may look like this: 10.254.0.39:/shares/share-8c142825-c2e2-4cba-bf14-077be64dfd2f
In this case, a Linux client can mount this share with the following command:
# mount.nfs 10.254.0.39:/shares/share-8c142825-c2e2-4cba-bf14-077be64dfd2f /mnt
However, if you will attempt to mount the share immediately after its creation, the mount will fail with "access denied" message. The reason of this is because a newly create share has default access permissions - and by default, it is not accessible by anyone. So, before the share can be used, you need to specify who can access it.
Managing share access
The platform supports IP-based access control to the shares - that means, permission to access the share is granted based on the IP address of the requestor. Since the platform tightly controls the IP address assignment and does not allow to change the IP address from within the instance, this method is more secure than in regular environments where machine owner can easily alter its own IP address.
By default, access is denied to anyone. To change that, click on the action menu of the share you want to manage, and select "Access List".
On the screen that pops up, you can a new access, or remove an existing access. To addd new access, do the following:
- Specify Access level (read and write or read-only).
- Access type (only "IP address" is currently supported).
- Network CIDR to grant access to. You need to provide access as a CIDR notation (ip/number). For example, to specify 192.168.3.0-192.168.3.254 block, use
192.168.3.0/24. To add an individual IP, such as 10.1.1.5, add it in the format
10.1.1.5/32. CIDR like
0.0.0.0/0 will allow access to everyone.
- Click "Add" to add access to the list, and then close the window.
From this moment, the share can be accessed from the IP addresses you specified.
For an existing share, you can create a snapshot by clicking the share action menu, and selecting "Snapshots". Then, specify a snapshot name, and click "create".
Snapshot is a reference to the share data in specific point in time. Later on, you can recover that share content by creating a new share, and specifying the snapshot (as an alternative to "New") for the share origin.
The "Force" flag will attempt to create the snapshot even if the share is busy; you may use this flag if snapshot creation fails otherwise with corresponding diagnostics.
Resizing a share
If you need more storage for your share, you can resize it at any time.
To do that, click on the share action menu and select "Resize". From there, enter new desirable size (it needs to be larger than the existing one). Then, confirm the operation. The new space should become available as soon as the operation completes.