Creating an NFS Share

Procedure

1. Choose Resources > Resources > Dtree.
2. Select a desired account from the Account drop-down list in the upper-left corner.
3. Select an owning namespace, click More on the right of a desired dtree, and select Create NFS Share.

   The Create NFS Share page is displayed.

4. Describe the NFS share.
   

   The description can be left blank or contain up to 255 characters.

5. Configure access permissions for the NFS share.
   

   • You can click More on the right of a client and select Modify to modify its information.
   • You can select one or more clients and click Remove, or click More on the right of a client and select Remove, to remove clients.
   1. Click Add.

      The Add Client page is displayed.

   2. Set client properties.

      Table 1 describes related parameters.

      Table 1 Client parameters

      Parameter	Description
      Type	Client type of the NFS share. NOTE: When a client is included in multiple share permissions, the priority of share authentication from high to low is in the following sequence: host name > IP address > network segment > wildcard > network group > *.
      Name or IP Address	When Type is set to Host, enter client host names (FQDNs are recommended), IP addresses, or IP address segments, or use the asterisk (*) to represent IP addresses of all clients. When Type is set to Network group, enter the network group names configured in the LDAP or NIS domain. NOTE: You can enter multiple host names, IP addresses, or network group names separated by semicolons (;), spaces, or carriage returns. A host name: Contains 1 to 255 letters, including letters, digits, hyphens (-), periods (.), and underscores (_). Must start with a letter or digit and cannot end with a hyphen (-) or underscore (_). Cannot contain a combination of a period and underscore (_. or ._), a combination of a period and hyphen (-. or .-), consecutive periods (..), or pure digits. For IP addresses: You can enter client IP addresses, client IP address segments, or an asterisk (*) to represent IP addresses of all clients. IPv4 addresses, IPv6 addresses, or the combination of IPv4 and IPv6 addresses are supported. The mask of an IPv4 address ranges from 1 to 32. The prefix of an IPv6 address ranges from 1 to 128. A network group name: Contains 1 to 254 characters. The value can contain only letters, digits, underscores (_), periods (.), and hyphens (-).
      UNIX Permission Level	Permission level for the UNIX client to access the NFS share, including: Read-only: The client can only read files in the share. Read/Write: The client can read and write files in the share. None: No operation is allowed on the share.
      Kerberos5 Permission	Permission level for the Kerberos5 client to access the NFS share, including: Read-only: The client can only read files in the share. Read/Write: The client can read and write files in the share. None: No operation is allowed on the share. This parameter applies only to the scenario where the NFS Kerberos service is configured.
      Kerberos5i Permission	Permission level for the Kerberos5i client to access the NFS share, including: Read-only: The client can only read files in the NFS share. Read/Write: The client can read and write files in the share. None: No operation is allowed on the share. This parameter applies only to the scenario where the NFS Kerberos service is configured.
      Kerberos5p Permission	Permission level for the Kerberos5p client to access the NFS share, including: Read-only: The client can only read files in the share. Read/Write: The client can read and write files in the share. None: No operation is allowed on the share. This parameter applies only to the scenario where the NFS Kerberos service is configured.

      

      In the NFS Kerberos service application scenario, the settings of Kerberos5 Permission, Kerberos5i Permission, and Kerberos5p Permission in the preceding table must match the sec field specified when an NFS share is mounted on a client.

      For example, if the sec field is set to krb5i when an NFS share is mounted to a client, at least Kerberos5i Permission must be set for the client.

   3. Modify advanced client parameters. Click Advanced.
      Table 2 describes related parameters.

      Table 2 Advanced client parameters

      Parameter	Description
      Write Mode	Indicates how the system writes data onto disks. Synchronous: The system writes data onto disks instantly. Asynchronous: The system writes data to the cache first. The asynchronous write mode delivers higher write performance. However, if the client and a mount node fail at the same time, data may be lost. NOTE: This parameter is displayed only when at least one of UNIX Permission Level, Kerberos5 Permission, Kerberos5i Permission, and Kerberos5p Permission is set to Read/Write.
      Permission Constraint	Whether to retain the user ID (UID) and group ID (GID) of a shared directory. all_squash: The UID and GID of a shared directory are mapped to user nobody, which is applicable to public directories. no_all_squash: retains the UID and GID of a shared directory.
      root Permission Constraint	Controls the root permission of the client. root_squash: does not allow the client to access the share as user root. Otherwise, the client will be mapped as an anonymous user. no_root_squash: allows the client to access the share as user root that has full control and access permissions for shared directories. NOTE: If a VM needs to be created in the NFS share, select no_root_squash. Otherwise, the VM may run abnormally.
      Source Port Verification Constraint	Whether to enable source port verification. secure: allows the client to access the NFS share using ports 1 to 1023. insecure: allows the client to access the NFS share using any port.

6. Click OK.
7. Confirm your operation as prompted.