Creating a Namespace

This section describes how to create a namespace for data storage.

Procedure

Choose Resources > Resources > Namespace.
Select the desired account from the Account drop-down list in the upper left corner.
Click Create.
The Create Namespace page is displayed.

Set basic information for the namespace.

Table 1 describes related parameters.

**Table 1** Namespace parameters
Parameter	Description
Name	Indicates the name of the namespace. NOTE: The naming rules of a namespace are as follows: The name must be unique. The value can contain letters, digits, underscores (_), hyphens (-), and periods (.), and must contain letters or digits. The name contains 1 to 255 characters. To enable the object service for a namespace, the namespace name must meet the following rules. Otherwise, the bucket cannot be accessed in virtual hosting mode, and the domain name resolution will fail. In this case, the bucket can be accessed only in path mode. The name can contain only lowercase letters, digits, periods (.), and hyphens (-), and must start and end with a letter or digit. In addition, the name cannot contain the combination of a period and a hyphen (.- or -.), and cannot contain consecutive periods (..). The name contains 3 to 63 characters.
Storage Pool	Indicates the storage pool to which the namespace belongs.
Redundancy Ratio	The redundancy ratio of the new namespace must be the same as that of the owning storage pool.
Security Style	Select a security style based on service requirements. Possible options are: Mixed: applies to the scenario where users of CIFS clients (using SMB) and UNIX clients (using NFS/HDFS/DPC) can access and control namespaces. In this style, the permissions are subject to the last permissions set for CIFS clients or UNIX clients. CIFS permissions (NT ACL) and UNIX permissions (UNIX Mode/POSIX ACL/NFSv4 ACL) do not coexist. UNIX: applies to the scenario where UNIX mode bits, POSIX ACLs, or NFSv4 ACLs control user permissions. NOTE: In Mixed style (which supports NT ACLs), if you have configured an NT ACL for a file or directory on a Windows client and switched Mixed to UNIX, the NT ACL in Mixed style will become invalid.

Set a directory quota for the namespace.

Table 2 describes related parameters.

**Table 2** Quota parameters
Parameter		Description
Space Quota	Hard Quota	Indicates the space hard quota. If the quota is reached, the system immediately forbids writes and reports an alarm. [Value range] 1 KB to 256 PB The value must be greater than those of Soft Quota and Advisory Quota. NOTE: If the used file space reaches the hard quota, the system forbids writes. If you want the system to report an alarm before writes are forbidden, set a soft quota and an advisory quota.
	Soft Quota	Indicates the space soft quota. If the quota is reached, the system reports an alarm but still allows writes. If the soft quota grace period elapses or hard quota is reached, the system immediately forbids writes and reports an alarm. [Value range] 1 KB to 256 PB The value must be greater than that of Advisory Quota and less than that of Hard Quota.
	Advisory Quota	Indicates the space advisory quota. If the quota is reached, the system reports an alarm but still allows writes. [Value range] 1 KB to 256 PB The value must be less than those of Soft Quota and Hard Quota.
File Quantity Quota	Hard Quota (K)	Indicates the file quantity hard quota. If the quota is reached, the system reports an alarm and new files cannot be added. However, operations on existing files are not affected. The unit is thousands. [Value range] 1 to 100,000,000 The value must be greater than those of Soft Quota (K) and Advisory Quota (K). NOTE: If the number of files reaches the hard quota, the system forbids file adding. If you want the system to report an alarm before files cannot be added, set a soft quota and an advisory quota.
	Soft Quota (K)	Indicates the file quantity soft quota. If the quota is reached, the system reports an alarm but new files can still be added. If the soft quota grace period elapses or hard quota is reached, new files cannot be added and an alarm is reported. The unit is thousands. [Value range] 1 to 100,000,000 The value must be greater than that of Advisory Quota (K) and less than that of Hard Quota (K).
	Advisory Quota (K)	Indicates the file quantity advisory quota. If the quota is reached, the system reports an alarm but new files can still be added. [Value range] 1 to 100,000,000 The value must be less than those of Soft Quota (K) and Hard Quota (K).
Grace Period	Soft Quota Grace Period (Days)	If the used file space or number of files reaches the soft quota, the system reports an alarm but still allows writes or new files can still be added within this period. If this period elapses, the system immediately forbids writes and new files cannot be added. In addition, an alarm is reported. NOTE: This parameter is available only when Soft Quota or Soft Quota (K) is set.

Whether to enable the DPC function of the namespace. After this function is enabled, the namespace can be mounted to the DPC node.

After the DPC function is enabled, the object service cannot set the maximum and minimum WORM retention periods at the prefix level in the converged interworking scenario.
Configure an NFS share.
- After the NFS share function is enabled, the object service cannot set the maximum and minimum WORM retention periods at the prefix level in the converged interworking scenario.
- This step is required only when the file service is enabled for the storage pool.
1. In Protocol, enable NFS. Then, click Configure in NFS Share.
  The Configure NFS Share page is displayed.
2. Configure access permissions for the NFS share.
  Click Add to add a client. For details, see Adding an NFS Share Client.
  You can click More on the right of a client and select Modify to modify its information.
  
  You can select one or more clients and click Remove, or click More on the right of a client and select Remove, to remove clients.
Configure a CIFS share.
- After the CIFS share function is enabled, the object service cannot set the maximum and minimum WORM retention periods at the prefix level in the converged interworking scenario.
- This step is required only when the file service is enabled for the storage pool.
1. In Protocol, enable CIFS. Then, click Configure in CIFS Share.
  The Configure CIFS Share page is displayed.
2. Set the name of the CIFS share.
  - The name must be unique.
  - The name cannot contain characters " / \ [ ] : | < > + ; , ? * =, and cannot be ipc$, autohome, ~, or print$ reserved by the system.
  - The name contains 1 to 80 characters.
3. Configure access permissions for the CIFS share.
  Click Add to add a user or user group. For details, see Adding a User or User Group.
  Click More on the right of a user or user group and select Modify to modify the user or user group.
  
  Select one or more users or user groups and click Remove, or click More on the right of a user or user group and select Remove to remove added users or user groups.
Configure the HDFS service.

This step can be performed only when the HDFS service is enabled for a storage pool.
1. In Protocol, enable HDFS.
2. Select the zone associated with the namespace.
  1. In Associate Zone, click Select.
    The Associate Zone page is displayed on the right.
  2. Select the subnet to which the Access zone to be associated with belongs.
  3. Select the Access zone to be associated.
    If no subnet is configured, you can click Create to create one. For details, see Creating a Subnet.
    
    If a subnet has been configured, you can click Modify in Subnet to modify the subnet parameters. For details, see Modifying a Subnet.
    
    After creating a subnet, you can click Create to create an Access zone. For details, see Creating an Access Zone.
  4. Click OK.
Configure the object service.

This step can be performed only when the object service is enabled for a storage pool.
1. In Protocol, enable Object.
2. Configure bucket permissions for the namespace. Possible options are:
  - Private
    The owner of the bucket (the account that creates the bucket) has full control of the bucket. Other users cannot access the bucket without authorization.
  - Public Read
    All users can read objects in the bucket, and only the owner of the bucket (the account that creates the bucket) has the write permission.
  - Public Read and Write
    All users can read, write, and delete objects written by the owner of the bucket (the account that creates the bucket). Unauthorized users cannot read objects written by other accounts but can write or delete objects.
    
    For data security, you are advised to select Private.
Click Advanced and set advanced information about the namespace.
1. Select whether to enable Automatic Update of Atime. Atime indicates the time when a namespace is accessed. After this function is enabled, the system updates the Atime based on the value of Update Frequency.
  
  Enabling Automatic Update of Atime compromises system performance.
2. After Automatic Update of Atime enabled, you need to set the update frequency of Atime. The value can be Hourly or Daily.
Enable QoS Policy. Select the QoS policy to be configured for the namespace from the QoS Policy drop-down list.

You can click Create to create a QoS policy.

Set the data security and protection functions of the namespace.

Table 3 describes related parameters.

**Table 3** Data security and protection parameters
Parameter	Description
Snapshot Directory Visibility	Indicates whether the directory of namespace snapshots is visible. If this parameter is set to Visible, the system displays the .snapshot directory in the namespace.
Data Encryption	Indicates whether to enable the data encryption function. After this function is enabled, the system generates a key to encrypt the data written to the namespace. NOTE: To use the data encryption function, you need to import an advanced license. Data encryption can be configured for a namespace only during the creation of the namespace. In addition, it cannot be disabled once being enabled. Before enabling data encryption for a namespace, enable data encryption for the account. After data encryption is enabled, the I/O performance of non-encrypted services will be affected. Confirm that this function needs to be enabled.
Encryption Algorithm	After Data Encryption is enabled, you need to select an encryption algorithm. The value can be XTS-AES-128 or XTS-AES-256.
Recycle Bin	Indicates whether to enable the recycle bin function of the namespace. After the recycle bin function is enabled, the system automatically generates the .recyclebininternal directory in the namespace or a dtree of the namespace when files are deleted from the namespace or dtree for the first time. Files are not deleted immediately. Instead, they are moved to the recycle bin and are deleted only after the retention period expires. NOTE: After the recycle bin function is enabled, temporary files generated by applications will also be moved to the recycle bin when deleting a file.
Retention Period	Set the retention period of deleted files of the namespace. If you select Fixed period, you need to set a specific retention period. NOTE: Both the retention period of the recycle bin and the deletion policy of the namespace take effect on the data in the recycle bin. The data is deleted when either of the two policies is met. The retention period takes effect for both the namespace and HDFS recycle bins. If you select Permanent, files will not be deleted after being moved to the recycle bin. You can go to the .recyclebininternal directory in the namespace to manually delete the files.
Audit Log	Indicates whether to enable the audit log function of the namespace. After this function is enabled, the system logs operations of the namespace. NOTE: This function can be set only when the data pilot service is enabled for the storage pool.
Record Type	After the audit log function is enabled, set the operation type to be audit logged. Possible options are Create, Delete, and Rename.

Configure SmartIndexing. After SmartIndexing is enabled, the system creates indexes for the system metadata and custom metadata fields of files in the namespace. You can search for a list of files through metadata.

This function can be set only when the data pilot service is enabled for the storage pool.

Set the WORM attribute of a namespace. That is, data is written once and read multiple times. You can set a protection period for a file. During the protection period, the file can be read but cannot be modified or deleted. After the protection period expires, the file can be deleted.

Enable WORM.

Select a policy mode. Possible options are:

Enterprise: used by enterprises to implement internal control. The retention period and permissions of common users and privileged users are set to ensure secure data access security and prevent data tampering, protecting archived files and data of enterprises. Common users cannot modify, rename, or delete files within the retention period. Privileged users (system administrators) cannot modify or rename files within the retention period, but they can use the privilege to delete files. Common users and system administrators cannot modify or rename files whose retention period expires, but can read or delete the files.

Table 4 describes related parameters.

**Table 4** Parameters of the Enterprise policy mode
Parameter	Description
Max. Retention Period	Specifies the maximum protection period supported by a namespace.
Min. Retention Period	Specifies the minimum protection period supported by a namespace.
Default Retention Period	Indicates the default protection period after a file enters the protection state.
Auto Lock	After this function is enabled, if a file is not modified within the default waiting time, the file automatically enters the locked state.
Legal Hold File Modification	Common users and privileged users cannot delete legal hold files within the retention period. After the function is enabled, the retention periods of the legal hold files can be modified.

None: indicates the None mode, which means that uploaded objects are not protected by default.
After Legal Hold File Modification is enabled, the retention periods of the legal hold files can be modified.

Click OK.
Confirm your operation as prompted.