Adding an NFS Share Client

An NFS share client enables client users to access shared namespaces over networks.

Prerequisites

Procedure

  1. Choose Resources > Resources > Share > NFS Share.
  2. Select a desired account from the Account drop-down list in the upper left corner.
  3. Click More on the right of a desired NFS share and select Add Client.

    The Add Client page is displayed.

    You can also click the path of the desired NFS share. On the page that is displayed, click Add in the Permission area.

  4. Set client properties.

    Table 1 describes related parameters.

    Table 1 Client parameters

    Parameter

    Description

    Type
    Client type of the NFS share.
    NOTE:

    When a client is included in multiple share permissions, the priority of share authentication from high to low is in the following sequence: host name > IP address > network segment > wildcard > network group > *.

    Name or IP Address

    When Type is set to Host, enter client host names (FQDNs are recommended), IP addresses, or IP address segments, or use the asterisk (*) to represent IP addresses of all clients. When Type is set to Network group, enter the network group names configured in the LDAP or NIS domain.

    NOTE:

    You can enter multiple host names, IP addresses, or network group names separated by semicolons (;), spaces, or carriage returns.

    A host name:

    • Contains 1 to 255 letters, including letters, digits, hyphens (-), periods (.), and underscores (_).
    • Must start with a letter or digit and cannot end with a hyphen (-) or underscore (_).
    • Cannot contain a combination of a period and underscore (_. or ._), a combination of a period and hyphen (-. or .-), consecutive periods (..), or pure digits.

    For IP addresses:

    • You can enter client IP addresses, client IP address segments, or an asterisk (*) to represent IP addresses of all clients.
    • IPv4 addresses, IPv6 addresses, or the combination of IPv4 and IPv6 addresses are supported.
    • The mask of an IPv4 address ranges from 1 to 32. The prefix of an IPv6 address ranges from 1 to 128.
    A network group name:
    • Contains 1 to 254 characters.
    • The value can contain only letters, digits, underscores (_), periods (.), and hyphens (-).

    UNIX Permission Level

    Permission level for the UNIX client to access the NFS share. Includes:

    • Read-only: The client can only read files in the NFS share.
    • Read/Write: The client can read and write files in the NFS share.
    • None: No operation is allowed on the NFS share.
    NOTE:

    When a share is created for the audit log namespace, you cannot set the permission to Read/Write.

    Kerberos5 Permission

    Permission level for the Kerberos5 client to access the NFS share. Includes:

    • Read-only: The client can only read files in the NFS share.
    • Read/Write: The client can read and write files in the NFS share.
    • None: No operation is allowed on the NFS share.

    This parameter applies only to the scenario where the NFS Kerberos service is configured.

    NOTE:

    When a share is created for the audit log namespace, you cannot set the permission to Read/Write.

    Kerberos5i Permission

    Permission level for the Kerberos5i client to access the NFS share. Includes:

    • Read-only: The client can only read files in the NFS share.
    • Read/Write: The client can read and write files in the NFS share.
    • None: No operation is allowed on the NFS share.

    This parameter applies only to the scenario where the NFS Kerberos service is configured.

    NOTE:

    When a share is created for the audit log namespace, you cannot set the permission to Read/Write.

    Kerberos5p Permission

    Permission level for the Kerberos5p client to access the NFS share. Includes:

    • Read-only: The client can only read files in the NFS share.
    • Read/Write: The client can read and write files in the NFS share.
    • None: No operation is allowed on the NFS share.

    This parameter applies only to the scenario where the NFS Kerberos service is configured.

    NOTE:

    When a share is created for the audit log namespace, you cannot set the permission to Read/Write.

  5. Modify advanced client parameters. Click Advanced.

    Table 2 describes related parameters.
    Table 2 Advanced client parameters

    Parameter

    Description

    Write Mode

    How the system writes data onto disks.

    • Synchronous: The system writes data onto disks instantly.
    • Asynchronous: The system writes data to the cache first. The asynchronous write mode delivers higher write performance. However, if the client and a mount node fail at the same time, data may be lost.
      NOTE:

      This parameter is displayed only when at least one of UNIX Permission Level, Kerberos5 Permission, Kerberos5i Permission, and Kerberos5p Permission is set to Read/Write.

    Permission Constraint

    Whether to retain the user ID (UID) and group ID (GID) of a shared directory.

    • all_squash: The UID and GID of a shared directory are mapped to user nobody, which is applicable to public directories.
    • no_all_squash: retains the UID and GID of a shared directory.

    root Permission Constraint

    Controls the root permission of the clients.

    • root_squash: does not allow the clients to access the share as user root. Otherwise, the client will be mapped as an anonymous user.
    • no_root_squash: allows the clients to access the share as user root that has full control and access permissions for shared directories.
      NOTE:

      If a VM needs to be created in the NFS share, select no_root_squash. Otherwise, the VM may run abnormally.

    Source Port Verification Constraint

    Whether to enable source port verification.

    • secure: allows the clients to access the NFS share using ports 1 to 1023.
    • insecure: allows the clients to access the NFS share using any port.

  6. Click OK.
Parent topic: Configuring and Managing NFS Shares