Creating an NFS Share

Procedure

1. Choose Resources > Resources > Namespace.
2. Select a desired account from the Account drop-down list in the upper left corner.
3. Click More on the right of a desired namespace and select Create NFS Share.

   The Create NFS Share page is displayed.

4. Describe the NFS share.
   

   The description can be left blank or contain up to 255 characters.

5. Configure access permissions for the NFS share.
   

   • You can click More on the right of a client and select Modify to modify its information.
   • You can select one or more clients and click Remove, or click More on the right of a client and select Remove, to remove clients.
   1. Click Add.

      The Add Client page is displayed.

   2. Set client properties.

      Table 1 describes related parameters.

      Table 1 Client parameters

      Parameter	Description
      Type	Client type of the NFS share. NOTE: When a client is included in multiple share permissions, the priority of share authentication from high to low is in the following sequence: host name > IP address > network segment > wildcard > network group > *.
      Name or IP Address	When Type is set to Host, enter client host names (FQDNs are recommended), IP addresses, or IP address segments, or use the asterisk (*) to represent IP addresses of all clients. When Type is set to Network group, enter the network group names configured in the LDAP or NIS domain. NOTE: You can enter multiple host names, IP addresses, or network group names separated by semicolons (;), spaces, or carriage returns. A host name: Contains 1 to 255 letters, including letters, digits, hyphens (-), periods (.), and underscores (_). Must start with a letter or digit and cannot end with a hyphen (-) or underscore (_). Cannot contain a combination of a period and underscore (_. or ._), a combination of a period and hyphen (-. or .-), consecutive periods (..), or pure digits. For IP addresses: You can enter client IP addresses, client IP address segments, or an asterisk (*) to represent IP addresses of all clients. IPv4 addresses, IPv6 addresses, or the combination of IPv4 and IPv6 addresses are supported. The mask of an IPv4 address ranges from 1 to 32. The prefix of an IPv6 address ranges from 1 to 128. A network group name: Contains 1 to 254 characters. Can contain only letters, digits, underscores (_), hyphens (-), and periods (.).
      UNIX Permission Level	Permission level for the UNIX client to access the NFS share, including: Read-only: The client can only read files in the share. Read/Write: The client can read and write files in the share. None: No operation is allowed on the share. NOTE: When a share is created for the audit log namespace, you cannot set the permission to Read/Write.
      Kerberos5 Permission	Permission level for the Kerberos5 client to access the NFS share, including: Read-only: The client can only read files in the share. Read/Write: The client can read and write files in the share. None: No operation is allowed on the share. This parameter applies only to the scenario where the NFS Kerberos service is configured. NOTE: When a share is created for the audit log namespace, you cannot set the permission to Read/Write.
      Kerberos5i Permission	Permission level for the Kerberos5i client to access the NFS share, including: Read-only: The client can only read files in the share. Read/Write: The client can read and write files in the share. None: No operation is allowed on the share. This parameter applies only to the scenario where the NFS Kerberos service is configured. NOTE: When a share is created for the audit log namespace, you cannot set the permission to Read/Write.
      Kerberos5p Permission	Permission level for the Kerberos5p client to access the NFS share, including: Read-only: The client can only read files in the share. Read/Write: The client can read and write files in the share. None: No operation is allowed on the share. This parameter applies only to the scenario where the NFS Kerberos service is configured. NOTE: When a share is created for the audit log namespace, you cannot set the permission to Read/Write.

      

      In the NFS Kerberos service application scenario, the settings of Kerberos5 Permission, Kerberos5i Permission, and Kerberos5p Permission in the preceding table must match the sec field specified when an NFS share is mounted on a client.

      For example, if the sec field is set to krb5i when an NFS share is mounted to a client, at least Kerberos5i Permission must be set for the client.

   3. Modify advanced client parameters. Click Advanced.
      Table 2 describes related parameters.

      Table 2 Advanced client parameters

      Parameter	Description
      Write Mode	How the system writes data onto disks. Synchronous: The system writes data onto disks instantly. Asynchronous: The system writes data to the cache and then onto disks. The asynchronous write mode delivers higher write performance. However, if the client and a mount node fail at the same time, data may be lost. NOTE: This parameter is displayed only when at least one of UNIX Permission Level, Kerberos5 Permission, Kerberos5i Permission, and Kerberos5p Permission is set to Read/Write.
      Permission Constraint	Whether to retain the user ID (UID) and group ID (GID) of a shared directory. all_squash: The UID and GID of a shared directory are mapped to user nobody, which is applicable to public directories. no_all_squash: The UID and GID of a shared directory are retained.
      root Permission Constraint	Whether to allow the root permission of the client. root_squash: does not allow the client to access the share as user root. Otherwise, the client will be mapped as an anonymous user. no_root_squash: allows the client to access the share as user root who has full control and access permissions for shared directories. NOTE: If a VM needs to be created in the NFS share, set root Permission Constraint to no_root_squash. Otherwise, the VM may run abnormally.
      Source Port Verification Constraint	Whether to enable source port verification. secure: allows the client to access the NFS share using ports 1 to 1023. insecure: allows the client to access the NFS share using any port.

6. Click OK.
7. Confirm your operation as prompted.