Object Storage Service (OSS) is a secure, cost-effective, and highly reliable cloud storage service. OSS allows you to store large amounts of data in the cloud. You can configure an OSS file system for a function in Function Compute. OSS file systems can work similarly as on-premises file systems and help streamline resource access and data processing.
Limits
You can configure a maximum of five Apsara File Storage NAS (NAS) mount targets and five OSS mount targets for a function in Function Compute in a region.
For the same function, the local directories in the function runtime of NAS mount targets cannot be the same as those of OSS mount targets.
For more information about how to configure a mount target of a NAS file system, see Configure a NAS file system.
Before you start
Object Storage Service (OSS)
Function Compute
Grant required permissions to the role that is assumed by the function. When you enable the OSS mounting feature, you need to configure a role that has permissions to access OSS for your function. For more information, see Grant Function Compute permissions to access other Alibaba Cloud services.
Procedure
Step 1: Configure OSS mounting
Log on to the Function Compute console. In the left-side navigation pane, click Functions.
In the top navigation bar, select a region. On the Functions page, click the function that you want to manage.
On the function details page, click the Configurations tab. In the left-side navigation tree, click Storage. In the OSS section, click Modify. In the OSS panel, configure the parameters and click Deploy. The following table describes the parameters.
Parameter
Description
Example
Mount OSS
Specify whether to enable OSS mounting. Options:
Enable
Disable
Enable
OSS Mount Target: Configure OSS mount targets.
Bucket
Select an existing bucket. To create an OSS bucket, click Create OSS Bucket in the lower part of the page to go to the OSS console. For more information about the billing of OSS, see Billing overview.
example-bucket
Bucket Subdirectory
Specify an absolute path as the subdirectory in the bucket. If you leave this parameter empty or set this parameter to /, the root directory of the bucket is mounted.
/files
OSS Endpoint
Specify an endpoint. By default, the endpoint that corresponds to the bucket you selected is used. You can select Custom Endpoint to specify a custom endpoint. For more information about OSS endpoints in different regions, see Regions and endpoints.
NoteIf you select a bucket in the same region as the Function Compute function, we recommend that you use an internal OSS endpoint.
If you select a bucket in a different region, you must use a public endpoint. In this case, you are charged for outbound Internet traffic.
Default Endpoint
Local Function Directory
Specify a local directory in the function runtime. The directory must be a subdirectory of /home, /mnt, or /data.
NoteYou do not need to manually create the local directory of the function. You can directly use an existing directory.
/mnt/oss
Permissions on Local Function Directory
Specify the permissions on the directory after the bucket is mounted to the local directory in the function runtime. You can select Read-only or Read and Write.
Read and Write
NoteThe OSS mounting feature depends on the network configurations of the function. If you set Function Invocation only by Specified VPCs to Yes and Allow Default NIC to Access Internet to No, your function must be able to access the Internet through the specified VPC if you want to use a public OSS endpoint. For more information, see Assign a static public IP address.
Step 2: Access files in the mounted directory
After you configure OSS mounting, you can perform the following steps to access files in the mounted directory to check whether the mounting takes effect:
On the function details page, click the Code tab, write code in the code editor, and then click Deploy.
The following sample code provides an example of function code in Python:
import os def handler(event, context): # The mounted directory. mount_path = '/mnt/oss' # List files in the mounted directory. files = os.listdir(mount_path) print("Files in OSS mount:", files) # Read a file in the mounted directory. file_path = os.path.join(mount_path, 'example.txt') if os.path.exists(file_path): with open(file_path, 'r') as file: content = file.read() print("Content of example.txt:", content) else: print("example.txt does not exist.") # Write a file to the mounted directory. write_path = os.path.join(mount_path, 'output.txt') with open(write_path, 'w') as file: file.write("Hello, OSS mount!") print("Wrote to output.txt in OSS mount.") return "Function execution completed."NoteReplace
example.txtwith the name of an existing file in the mounted directory.After the code is deployed, click Test Function on the Code tab.
After the code is executed, you can view the execution result in the lower part of the Code tab. In the log output, you can view the file that is read (in this example,
example.txt) from the directory. You can also view the file that is written (in this example,output.txt) to the directory.
FAQ
What do I do if OSS mounting fails and the bucket not found error is reported?
Check whether the OSS endpoint and bucket name are correct.
What do I do if OSS mounting fails and the host resolv error or deadline exceeded error is reported?
Check whether the endpoint is correctly configured.
host resolv erroris reported if the domain name in the endpoint fails to be resolved.Internal endpoints cannot be used across regions. If you use an internal endpoint of another region, a connection timeout error occurs and the
deadline exceedederror is reported.
What do I do if OSS mounting fails and the invalid credentials error is reported?
Check whether the Resource Access Management (RAM) role that you configured for your function has permissions to access OSS. The following items list the permissions. For more information, see Grant Function Compute permissions to access other Alibaba Cloud services.
Read-only:
oss:ListObjectsandoss:GetObject.Read and write:
oss:ListObjects,oss:GetObject,oss:PutObject,oss:DeleteObject,oss:ListParts, andoss:AbortMultipartUpload.
oss:ListObjects is a bucket-level action. If you enable access to a specific bucket, the policy must include the bucket-level resource indication, such as acs:oss:*:*:bucketName. For more information, see Resource element in RAM policies for OSS.
What do I do if the Input/output error error is reported when I read a file from the mounted directory?
Check the storage class of the OSS bucket that you configured. If the storage class is Archive or Cold Archive, all objects stored in the bucket are frozen. These objects can be accessed only after they are unfrozen. We recommend that you set the storage class of the OSS bucket to Standard.
How do I view files in the local directory of my function?
On the details page of the function, click the Instances tab to view instances in the Running state and click Connect to Instance in the Actions column of an instance.
After you connect to the instance, you can run commands to view files in the local directory of the function. The following figure shows an example.
What do I do if the Transport endpoint is not connected error is reported when I access a mount target in a function instance?
This error may be reported if the OSS mounting feature becomes unavailable due to insufficient memory, which may be caused by low memory specifications or large memory usage. We recommend that you increase the memory specification of your function based on your business requirements. Set the memory capacity to a value greater than or equal to 512 MB if you use OSS mount targets.
Is data written to the local directory of a function permanently stored?
No. The data written by an instance in the directory is deleted when the function instance is destroyed. If you want data to be permanently stored, we recommend that you mount a file system, such as a NAS file system or an OSS file system. For more information, see Configure a NAS file system and Configure an OSS file system.
How do I use a permission policy to allow only read-only access to a specified bucket?
How do I use a permission policy to allow read and write access to a specified bucket?
How do I use a permission policy to allow only read-only access to the subdirectories of a specified bucket?
How do I use a permission policy to allow read and write access to the subdirectories of a specified bucket?
Why cannot I see data that is being written from an OSS mount target on the OSS side?
When you write a file from an OSS mount target, the system uploads the content to OSS only when you call Flush or close the file.
What do I do if operations, such as compression, decompression, and file transmission, in an OSS mount target are slow?
OSS itself does not support file system APIs. After you mount an OSS bucket as a directory, Function Compute integrates and encapsulates the OSS API to achieve the effect of a file system API. For example, OSS does not support random writes. If you need to use a file system API to modify an existing file on an OSS mount target, Function Compute downloads the source file from OSS, rewrites the file, and then uploads it to OSS again.
When file system API features directly correspond to OSS API functionalities, such as sequential file reads and writes, the performance of these operations tends to be favorable. However, for operations that require the OSS API to be integrated and encapsulated, such as random reads and writes on files during compression and decompression, multiple interactions with OSS may be required. Therefore, the performance is slightly lower than that of an on-premises file system.
Are operations synchronized among function instances on the same OSS target?
No. Function instances are independent of each other. The content of OSS mount targets accessed by different instances may be different. For example, when Instance A creates file F in the OSS mount target, Instance B may not be able to access the file right away.