File Storage NAS:Use an access point to access a file system on Linux

Prerequisites

• A General-purpose NFS file system is created. For more information, see Create a file system.

• An access point is created. For more information, see Create an access point.

• A Linux ECS instance is available in the region where you create the NFS file system. The ECS instance is associated with an elastic IP address (EIP) or configured with a public IP address. For more information, see Creation methods.

  View the operating systems supported by access points

  Operating system	Version
  Alibaba Cloud Linux	Alibaba Cloud Linux 2.1903 64-bit Alibaba Cloud Linux 3.2104 LTS 64-bit
  Red Hat	Red Hat Enterprise Linux 7.x 64-bit Red Hat Enterprise Linux 8.x 64-bit
  CentOS	CentOS 7.x 64-bit CentOS 8.x 64-bit
  Ubuntu	Ubuntu 16.04 64-bit Ubuntu 18.04 64-bit Ubuntu 20.04 64-bit
  Debian	Debian 9.x 64-bit Debian 10.x 64-bit

Procedure

1. Connect to the ECS instance. For more information, see Connection method overview.

   Important

   You must download the NAS client over the Internet. Before you connect to the ECS instance, make sure that the ECS instance has been associated with an EIP or configured with a public IP address.

2. Install the NAS client.

   Alibaba Cloud Linux

   1. Download the NAS client.

      wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.3-0.20240914145556.91a304.al7.noarch.rpm

   2. Install the NAS client.

      sudo yum install aliyun-alinas-utils-*.rpm

   3. Check whether the NAS client is installed.

      which mount.alinas

      If an output similar to the following example appears, the NAS client is installed.

      

   CentOS

   1. Download the NAS client.

      • CentOS 7.x

        wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.1-8.el7.noarch.rpm

      • CentOS 8.x

        wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.1-8.el8.noarch.rpm

   2. Install the NAS client.

      sudo yum install aliyun-alinas-utils-*.rpm

   3. Check whether the NAS client is installed.

      which mount.alinas

      If an output similar to the following example appears, the NAS client is installed.

      

   Red Hat Enterprise Linux

   1. Download the NAS client.

      • Red Hat Enterprise Linux 7.x

        wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.1-8.el7.noarch.rpm

      • Red Hat Enterprise Linux 8.x

        wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.1-8.el8.noarch.rpm

   2. Install the NAS client.

      sudo yum --disablerepo=rhui-rhel-7-server-rhui-extras-debug-rpms install aliyun-alinas-utils-*.rpm

   3. Check whether the NAS client is installed.

      which mount.alinas

      If an output similar to the following example appears, the NAS client is installed.

      

   Ubuntu and Debian

   1. Download the NAS client.

      wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.1-8.deb

   2. Install the NAS client.

      sudo apt update
      sudo dpkg -i aliyun-alinas-utils-*.deb
      sudo apt-get install -f
      sudo dpkg -i aliyun-alinas-utils-*.deb

   3. Check whether the NAS client is installed.

      which mount.alinas

      If an output similar to the following example appears, the NAS client is installed.

      

3. Mount the NFS file system.

   No RAM policy is enabled for the access point

   • NFSv3

     sudo mount -t alinas -o tls,vers=3 <access-point>:/ /mnt

   • NFSv4.0

     sudo mount -t alinas -o tls,vers=4.0 <access-point>:/ /mnt

     The following table describes the parameters.

     Parameter	Description
     tls	Enables Transport Layer Security (TLS). Important To use an access point to access a file system, you must enable TLS.
     <access-point>:/	Indicates <Domain name of the access point>:<Relative path of the access point>. Replace the variables with the actual values. Domain name of the access point: You can perform the following operations to obtain the domain name of an access point: Log on to the NAS console. Choose File System > File System List. On the File System List page, click Manage in the Actions column of the file system. On the Mount Targets tab, click the Access Point tab and obtain the domain name of the access point. For more information, see View the domain name of an access point. Example: ap-BLC2mN****.9e7de4b923-efr27.cn-zhangjiakou.nas.aliyuncs.com. Relative path of the access point: Enter /. Note For example, when you create an access point, if you set the root directory of the access point to /test, the access point is directly mounted to the /test directory of the NAS file system by using /. If you set the value to another relative path /path/to/dir, the access point is mounted to the /test/path/to/dir directory of the NAS file system. Make sure that the /test/path/to/dir directory already exists in the NAS file system.
     /mnt	The mount directory that resides on the current ECS instance. The value is a subdirectory such as /mnt of a Linux ECS instance. Make sure that the subdirectory exists in the on-premises file system.

   A RAM policy is enabled for the access point

   1. Configure the Resource Access Management (RAM) information.

      1. Create the /etc/aliyun/alinas/.credentials file.

         touch /etc/aliyun/alinas/.credentials

      2. Run the vi /etc/aliyun/alinas/.credentials command to open the /etc/aliyun/alinas/.credentials file and add the following content:

         • RAM user

           [NASCredentials]
           accessKeyID = your_accesskey_id
           accessKeySecret = your_accesskey_secret

           Replace your_accesskey_id and your_accesskey_secret with your AccessKey ID and AccessKey secret. The policy for the access point client has been attached to the RAM user. For more information, see (Optional) Configure a policy for the access point client. For information about how to obtain an AccessKey pair, see How do I obtain an AccessKey pair?

         • RAM role

           [NASCredentials]
           accessKeyID = your_accesskey_id
           accessKeySecret = your_accesskey_secret
           securityToken = your_security_token

           Replace your_accesskey_id, your_accesskey_secret, and your_security_token with your AccessKey ID, AccessKey secret, and Security Token Service (STS) token used to assume the RAM role, respectively. The policy for the access point client has been attached to the RAM user. For more information, see (Optional) Configure a policy for the access point. You can call the AssumeRole operation to obtain the STS token, AccessKey ID, and AccessKey secret of the RAM role.

   2. Mount the NFS file system.

      • NFSv3

        sudo mount -t alinas -o tls,vers=3,ram <access-point>:/ /mnt

      • NFSv4.0

        sudo mount -t alinas -o tls,vers=4.0,ram <access-point>:/ /mnt

        The following table describes the parameters.

        Parameter	Description
        tls	Enables TLS. Important To use an access point to access a file system, you must enable TLS.
        ram	Uses the configured RAM information to mount the file system. The RAM information is generally stored in the /etc/aliyun/alinas/.credentials path. If you need to change the path, change the ram parameter to ram_config_file=The specified path.
        <access-point>:/	Indicates <Domain name of the access point>:<Relative path of the access point>. Replace the variables with the actual values. Domain name of the access point: You can perform the following operations to obtain the domain name of an access point: Log on to the NAS console. Choose File System > File System List. On the File System List page, click Manage in the Actions column of the file system. On the Mount Targets tab, click the Access Point tab and obtain the domain name of the access point. For more information, see View the domain name of an access point. Example: ap-BLC2mN****.9e7de4b923-efr27.cn-zhangjiakou.nas.aliyuncs.com. Relative path of the access point: Enter /. Note For example, when you create an access point, if you set the root directory of the access point to /test, the access point is directly mounted to the /test directory of the NAS file system by using /. If you set the value to another relative path /path/to/dir, the access point is mounted to the /test/path/to/dir directory of the NAS file system. Make sure that the /test/path/to/dir directory already exists in the NAS file system.
        /mnt	The mount directory that resides on the current ECS instance. The value is a subdirectory such as /mnt of a Linux ECS instance. Make sure that the subdirectory exists in the on-premises file system.

4. Verify the mount result.

   • Command

     mount -l

   • Sample output

     If a command output similar to the following example appears, the mount is successful.

     

     After the file system is mounted, you can run the df -h command to view the storage capacity of the file system.

     If the file system fails to be mounted, troubleshoot the issue. For more information, see Troubleshoot mount issues for access points.

5. After the file system is mounted, you can view data of, read data from, and write data to the NAS file system on the Linux ECS instance. Sample commands:

   mkdir /mnt/dir1
   mkdir /mnt/dir2
   touch /mnt/file1
   echo 'some file content' > /mnt/file2
   ls /mnt

6. Optional. Configure automatic mounting at startup.

   When you restart the ECS instance on which the file system is mounted, the information about all the mounted file systems may be lost. To prevent the loss of such information, you can edit the /etc/fstab configuration file on the Linux ECS instance to enable automatic mounting of the NFS file system at startup.

   1. Open the /etc/fstab configuration file to add mounting configurations.

      • If the RAM policy is not enabled for the access point, run the following command:

        access-point:/ /mnt alinas _netdev,tls,vers=3 0 0

      • If the RAM policy is enabled for the access point, run the following command:

        access-point:/ /mnt alinas _netdev,tls,vers=3,ram 0 0

        For more information, see Mount parameters. The following table describes the parameters that are used in the preceding examples.

        Parameter	Description
        _netdev	Prevents automatic mounting before the network is connected.
        vers	The protocol version of the file system. vers=3: uses NFSv3 to mount the file system. vers=4.0: uses NFSv4 to mount the file system.
        0 (the first value after ram)	Specifies whether to back up the file system by running the dump command. A non-zero value indicates that a file system is backed up. The default value is 0 for NAS file systems.
        0 (the second value after ram)	Specifies the order in which the fsck command checks a file system at startup. The default value is 0 for NAS file systems. The default value 0 indicates that the fsck command is not run at startup.

   2. Run the reboot command to restart the ECS instance.

      Note

      Before you restart the ECS instance, make sure that the manual mounting is successful. Otherwise, the ECS instance may fail to restart. If automatic mounting is enabled, after the ECS instance is restarted, you can run the df -h command to view the mounted NAS file systems.

Troubleshoot mount issues for access points

What to do next

• Unmount a file system. For more information, see Unmount a file system from a Linux ECS instance.

• Configure directory quotas. For more information, see Manage directory quotas.

• Enable an NFS access control list (ACL). For more information, see File Storage NAS NFS ACLs.

• Back up data in a file system. For more information, see Back up files from a General-purpose NAS file system.