Object Storage Service (OSS) is a secure, cost-effective, and highly reliable cloud storage service. OSS allows you to store large amounts of data in the cloud. You can mount OSS buckets for a service of Function Compute so that functions in the service can access OSS buckets in a way similar to accessing on-premises file systems. This simplifies resource access and data processing.
Limits
You can configure a maximum of five File Storage NAS (NAS) mount targets and five OSS mount targets for a service in Function Compute in a region.
The local directories in the function runtime of the NAS mount target cannot be the same as the local directories in the function runtime of the OSS mount target.
For more information about how to configure a NAS mount target, see Configure a NAS file system.
Before you start
OSS
Function Compute
Creates a service. For more information, see Create Services.
Configure permissions for the role of the service. When you enable the OSS mounting feature, you need to configure a role that has permissions on OSS for the service in Function Compute. For more information, see Grant Function Compute permissions to access other Alibaba Cloud services.
Procedure
Step 1: Configure OSS mounting
After an OSS mount target is configured for a service in Function Compute, all functions in the service can access files in the specified OSS bucket.
Log on to the Function Compute console. In the left-side navigation pane, click Services & Functions.
In the top navigation bar, select a region. On the Services page, find the desired service and click Configure in the Actions column.
In the Storage Configuration section on the Modify Service page, configure the following parameters and click Save.
Parameter
Description
Example
Mount OSS
Specify whether to enable OSS mounting. Valid values:
Enable
Disable
Enable
OSS Mount Target: Configure OSS mount targets.
Bucket
Select existing buckets. To create an OSS bucket, click Create OSS Bucket in the lower part of the page to go to the OSS console. For more information about billing of OSS, see Billing overview.
example-bucket
Bucket Subdirectory
Specify an absolute path as the subdirectory in the bucket. If you leave this parameter empty or set this parameter to /, the root directory of the bucket is mounted.
/files
OSS Endpoint
Specify an endpoint. By default, the endpoint of the bucket is used. You can select Custom Endpoint to specify a custom endpoint. For more information about OSS endpoints in different regions, see Regions, endpoints and open ports.
NoteIf you select a bucket that resides in the same region as the service in Function Compute, we recommend that you use an internal OSS endpoint.
If you select a bucket that resides in a different region, you must use a public endpoint. In this case, you are charged for data transferred over the Internet.
Default Endpoint
Local Function Directory
Specify a local function directory. The directory must be a subdirectory of /home, /mnt, or /data.
NoteYou do not need to manually create a local function directory. You can directly use an existing directory.
/mnt/oss
Permissions on Local Function Directory
Specify permissions on the directory after the bucket is mounted to the local function directory. You can select Read-only or Read and Write.
Read and Write
NoteThe OSS mounting feature depends on network settings of the service. If you set Access to VPC to Yes and Access to Internet to No, you must use a public OSS endpoint so that the function can access the Internet over the specified VPC. For more information, see Configure static public IP addresses.
Step 2: Create a function and write code to access the mounted OSS directory
After you mount an OSS bucket, you can perform the following steps to access files in the mounted OSS directory in a way similar to accessing on-premises files:
In the Create Function page, configure the following parameters. Retain the default values for other parameters and click Create.
Method to create the function: Use Built-in Runtime.
Basic Settings: Configure Function Name and set Handler Type to Event Handler.
Code: Set Runtime to Python 3.10 and Code Upload Method to Use Sample Code.
On the function details page, click the Code tab, write code in the code editor, and then click Deploy.
The following sample code provides an example on how to write function code in Python:
import os def handler(event, context): # Mounted directory. mount_path = '/mnt/oss' # List files in the mounted directory. files = os.listdir(mount_path) print("Files in OSS mount:", files) # Read a file in the mounted directory. file_path = os.path.join(mount_path, 'example.txt') if os.path.exists(file_path): with open(file_path, 'r') as file: content = file.read() print("Content of example.txt:", content) else: print("example.txt does not exist.") # Write a file to the mounted directory. write_path = os.path.join(mount_path, 'output.txt') with open(write_path, 'w') as file: file.write("Hello, OSS mount!") print("Wrote to output.txt in OSS mount.") return "Function execution completed."NoteReplace
example.txtwith the name of an existing file in the mounted directory.After the code is deployed, click Test Function on the Code tab.
After the execution is complete, you can view the execution result in the lower part of the Code tab. On the Log Output tab, you can view the content of the file that is read (in this example,
example.txt) in the directory. You can also view the content of the file that is written (in this example,output.txt) in the directory.
FAQ
What do I do if OSS mounting fails and the bucket not found error is reported?
Check whether the OSS endpoint and bucket name are correct.
What do I do if OSS mounting fails and the host resolv error or deadline exceeded error is reported?
Check whether the endpoint is correctly configured.
host resolv erroris reported if the domain name in the endpoint fails to be resolved.Internal endpoints cannot be used across regions. If you use an internal endpoint in another region, a connection timeout error occurs and the
deadline exceedederror is reported.
What do I do if OSS mounting fails and the invalid credentials error is reported?
Check whether the RAM role that you configured for the service has the permissions on OSS. The following items describe the permissions. For more information, see Grant Function Compute permissions to access other Alibaba Cloud services.
Read-only:
oss:ListObjectsandoss:GetObject.Read and write:
oss:ListObjects,oss:GetObject,oss:PutObject,oss:DeleteObject,oss:ListParts, andoss:AbortMultipartUpload.
oss:ListObjects is a bucket-level action. If you enable accesses to a specific bucket, the policy must include bucket-level resource indications, such as acs:oss:*:*:bucketName. For more information, see Resource element in RAM policies for OSS.
What do I do if Input/output error is reported when I read a file in the mounted directory?
Check the storage class of the OSS bucket that you configured. If the storage class is Archive or Cold Archive, all objects stored in the bucket are frozen and be accessed only after they are unfrozen. We recommend that you set the storage class of the OSS bucket to Standard.
How do I view files in a local directory of my function?
On the function details page, click Instances to view instances that are in the Running state. Find the desired instance and click Log On in the Actions column.
After you connect to the instance, you can run commands to view files in the local directory of the function. The following figure shows a sample command output.
What do I do if the Transport endpoint is not connected error is reported when I access a mount target in a function instance.
This error may be reported if the OSS mounting feature becomes unavailable due to insufficient memory, which may be caused by low memory specifications or large memory usage. We recommend that you increase the memory specification of your function based on your business requirements. Set the memory capacity to at a value greater than or equal to 512 MB if you use OSS mount targets.
Is data written to a local function directory permanently stored?
No, when a function instance is destroyed, the data written by the instance in the directory is also deleted. If you want data to be permanently stored, we recommend that you mount a file system, such as a NAS file system or OSS buckets. For more information, see Configure a NAS file system and Configure an OSS file system.
How do I use a permission policy to allow only read-only access to a specified bucket?
How do I use a permission policy to allow read and write access to a specified bucket?
How do I use a permission policy to allow only read-only access to subdirectories of a specified bucket?
How do I use a permission policy to allow read and write access to subdirectories of a specified bucket?
What do I do if I cannot see data I write from an OSS mount target in OSS?
When you write a file from an OSS mount target, the system uploads the content to OSS only when you call the Flush operation or close the file.
What do I do if operations, such as compression, decompression, and file transmission, in an OSS mount target are slow?
OSS does not support file system APIs. After you mount an OSS bucket as a directory, Function Compute encapsulates the OSS API to implement a file system API. For example, OSS does not support random writes. If you need to use the file system API to change an existing file on an OSS mount target, Function Compute downloads a source file from OSS, rewrites the file, and then uploads it to OSS again.
When the features of file system API correspond to those of OSS API, such as the sequential file read and write feature, the performance of general operations is usually better. However, for operations that require the OSS API to be combined and encapsulated, such as random read and write operations on files during compression and decompression, multiple interactions with OSS may be required. Therefore, the performance is slightly inferior to that of an on-premises file system.
Are operations synchronized among function instances on the same OSS target?
No. Function instances are independent of each other. The content of OSS mount targets accessed by different instances may be different. For example, when Instance A creates the file F in the OSS mount target, Instance B may not be able to access the file right away.