All Products
Search

This Product

    Apsara File Storage NAS:Use an access point to access a file system on Linux

    Document Center

    Apsara File Storage NAS:Use an access point to access a file system on Linux

    Last Updated:Sep 18, 2024

    This topic describes how to use an access point to access a General-purpose Apsara File Storage NAS (NAS) Network File System (NFS) file system on an Elastic Compute Service (ECS) instance.

    Prerequisites

    • A General-purpose NFS file system is created. For more information, see Create a file system.

    • An access point is created. For more information, see Create an access point.

    • A Linux ECS instance is available in the region where you create the NFS file system. The ECS instance is associated with an elastic IP address (EIP) or configured with a public IP address. For more information, see Creation methods.

      View the operating systems supported by access points

      Operating system

      Version

      Alibaba Cloud Linux

      Alibaba Cloud Linux 2.1903 64-bit

      Red Hat

      • Red Hat Enterprise Linux 7.x 64-bit

      • Red Hat Enterprise Linux 8.x 64-bit

      CentOS

      • CentOS 7.x 64-bit

      • CentOS 8.x 64-bit

      Ubuntu

      • Ubuntu 16.04 64-bit

      • Ubuntu 18.04 64-bit

      • Ubuntu 20.04 64-bit

      Debian

      • Debian 9.x 64-bit

      • Debian 10.x 64-bit

    Procedure

    1. Connect to the ECS instance. For more information, see Connection method overview.

      Important

      You must download the NAS client over the Internet. Before you connect to the ECS instance, make sure that the ECS instance has been associated with an EIP or configured with a public IP address.

    2. Install the NAS client.

      3. Alibaba Cloud Linux

      1. Download the NAS client. 

        wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.3-0.20240914145556.91a304.al7.noarch.rpm

      2. Install the NAS client. 

        sudo yum install aliyun-alinas-utils-*.rpm

      3. Check whether the NAS client is installed. 

        which mount.alinas

        If an output similar to the following example appears, the NAS client is installed.

        image.png

      CentOS

      1. Download the NAS client.

        • CentOS 7.x

          wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.1-8.el7.noarch.rpm

        • CentOS 8.x

          wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.1-8.el8.noarch.rpm

      2. Install the NAS client. 

        sudo yum install aliyun-alinas-utils-*.rpm

      3. Check whether the NAS client is installed. 

        which mount.alinas

        If an output similar to the following example appears, the NAS client is installed.

        image.png

      Red Hat Enterprise Linux

      1. Download the NAS client.

        • Red Hat Enterprise Linux 7.x

          wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.1-8.el7.noarch.rpm

        • Red Hat Enterprise Linux 8.x

          wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.1-8.el8.noarch.rpm

      2. Install the NAS client. 

        sudo yum --disablerepo=rhui-rhel-7-server-rhui-extras-debug-rpms install aliyun-alinas-utils-*.rpm

      3. Check whether the NAS client is installed. 

        which mount.alinas

        If an output similar to the following example appears, the NAS client is installed.

        image.png

      Ubuntu and Debian

      1. Download the NAS client. 

        wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.1-8.deb

      2. Install the NAS client. 

        sudo apt update
sudo dpkg -i aliyun-alinas-utils-*.deb
sudo apt-get install -f
sudo dpkg -i aliyun-alinas-utils-*.deb

      3. Check whether the NAS client is installed. 

        which mount.alinas

        If an output similar to the following example appears, the NAS client is installed.

        image.png

    3. Mount the NFS file system.

      No RAM policy is enabled for the access point

      • NFSv3

        sudo mount -t alinas -o tls,vers=3 <access-point>:/ /mnt

      • NFSv4.0

        sudo mount -t alinas -o tls,vers=4.0 <access-point>:/ /mnt

        The following table describes the parameters.

        Parameter

        Description

        tls

        Enables Transport Layer Security (TLS).

        Important

        To use an access point to access a file system, you must enable TLS.

        <access-point>:/

        Indicates <Domain name of the access point>:<Relative path of the access point>. Replace the variables with the actual values.

        • Domain name of the access point: You can perform the following operations to obtain the domain name of an access point: Log on to the NAS console. Choose File System > File System List. On the File System List page, click Manage in the Actions column of the file system. On the Mount Targets tab, click the Access Point tab and obtain the domain name of the access point. For more information, see View the domain name of an access point. Example: ap-BLC2mN****.9e7de4b923-efr27.cn-zhangjiakou.nas.aliyuncs.com.

        • Relative path of the access point: Enter /.

          Note

          For example, when you create an access point, if you set the root directory of the access point to /test, the access point is directly mounted to the /test directory of the NAS file system by using /. If you set the value to another relative path /path/to/dir, the access point is mounted to the /test/path/to/dir directory of the NAS file system. Make sure that the /test/path/to/dir directory already exists in the NAS file system.

        /mnt

        The mount directory that resides on the current ECS instance.

        The value is a subdirectory such as /mnt of a Linux ECS instance. Make sure that the subdirectory exists in the on-premises file system.

      A RAM policy is enabled for the access point

      1. Configure the Resource Access Management (RAM) information.

        1. Create the /etc/aliyun/alinas/.credentials file. 

          touch /etc/aliyun/alinas/.credentials

        2. Run the vi /etc/aliyun/alinas/.credentials command to open the /etc/aliyun/alinas/.credentials file and add the following content:

          • RAM user

            [NASCredentials]
accessKeyID = your_accesskey_id
accessKeySecret = your_accesskey_secret

            Replace your_accesskey_id and your_accesskey_secret with your AccessKey ID and AccessKey secret. The policy for the access point client has been attached to the RAM user. For more information, see (Optional) Configure a policy for the access point client. For information about how to obtain an AccessKey pair, see How do I obtain an AccessKey pair?

          • RAM role

            [NASCredentials]
accessKeyID = your_accesskey_id
accessKeySecret = your_accesskey_secret
securityToken = your_security_token

            Replace your_accesskey_id, your_accesskey_secret, and your_security_token with your AccessKey ID, AccessKey secret, and Security Token Service (STS) token used to assume the RAM role, respectively. The policy for the access point client has been attached to the RAM user. For more information, see (Optional) Configure a policy for the access point. You can call the AssumeRole operation to obtain the STS token, AccessKey ID, and AccessKey secret of the RAM role.

      2. Mount the NFS file system.

        • NFSv3

          sudo mount -t alinas -o tls,vers=3,ram <access-point>:/ /mnt

        • NFSv4.0

          sudo mount -t alinas -o tls,vers=4.0,ram <access-point>:/ /mnt

          The following table describes the parameters.

          Parameter

          Description

          tls

          Enables TLS.

          Important

          To use an access point to access a file system, you must enable TLS.

          ram

          Uses the configured RAM information to mount the file system. The RAM information is generally stored in the /etc/aliyun/alinas/.credentials path. If you need to change the path, change the ram parameter to ram_config_file=The specified path.

          <access-point>:/

          Indicates <Domain name of the access point>:<Relative path of the access point>. Replace the variables with the actual values.

          • Domain name of the access point: You can perform the following operations to obtain the domain name of an access point: Log on to the NAS console. Choose File System > File System List. On the File System List page, click Manage in the Actions column of the file system. On the Mount Targets tab, click the Access Point tab and obtain the domain name of the access point. For more information, see View the domain name of an access point. Example: ap-BLC2mN****.9e7de4b923-efr27.cn-zhangjiakou.nas.aliyuncs.com.

          • Relative path of the access point: Enter /.

            Note

            For example, when you create an access point, if you set the root directory of the access point to /test, the access point is directly mounted to the /test directory of the NAS file system by using /. If you set the value to another relative path /path/to/dir, the access point is mounted to the /test/path/to/dir directory of the NAS file system. Make sure that the /test/path/to/dir directory already exists in the NAS file system.

          /mnt

          The mount directory that resides on the current ECS instance.

          The value is a subdirectory such as /mnt of a Linux ECS instance. Make sure that the subdirectory exists in the on-premises file system.

    4. Verify the mount result.

      • Command

        mount -l

      • Sample output

        If a command output similar to the following example appears, the mount is successful.

        493861480f6a55a971ad05c51b406a46.png

        After the file system is mounted, you can run the df -h command to view the storage capacity of the file system.

        If the file system fails to be mounted, troubleshoot the issue. For more information, see Troubleshoot mount issues for access points.

    5. After the file system is mounted, you can view data of, read data from, and write data to the NAS file system on the Linux ECS instance. Sample commands:

      mkdir /mnt/dir1
mkdir /mnt/dir2
touch /mnt/file1
echo 'some file content' > /mnt/file2
ls /mnt

    6. Optional. Configure automatic mounting at startup.

      When you restart the ECS instance on which the file system is mounted, the information about all the mounted file systems may be lost. To prevent the loss of such information, you can edit the /etc/fstab configuration file on the Linux ECS instance to enable automatic mounting of the NFS file system at startup.

      1. Open the /etc/fstab configuration file to add mounting configurations.

        • If the RAM policy is not enabled for the access point, run the following command: 

          access-point:/ /mnt alinas _netdev,tls,vers=3 0 0

        • If the RAM policy is enabled for the access point, run the following command: 

          access-point:/ /mnt alinas _netdev,tls,vers=3,ram 0 0

          For more information, see Mount parameters. The following table describes the parameters that are used in the preceding examples.

          Parameter

          Description

          _netdev

          Prevents automatic mounting before the network is connected.

          vers

          The protocol version of the file system.

          • vers=3: uses NFSv3 to mount the file system.

          • vers=4.0: uses NFSv4 to mount the file system.

          0 (the first value after ram)

          Specifies whether to back up the file system by running the dump command. A non-zero value indicates that a file system is backed up. The default value is 0 for NAS file systems.

          0 (the second value after ram)

          Specifies the order in which the fsck command checks a file system at startup. The default value is 0 for NAS file systems. The default value 0 indicates that the fsck command is not run at startup.

      2. Run the reboot command to restart the ECS instance.

        Note

        Before you restart the ECS instance, make sure that the manual mounting is successful. Otherwise, the ECS instance may fail to restart. If automatic mounting is enabled, after the ECS instance is restarted, you can run the df -h command to view the mounted NAS file systems.

    Troubleshoot mount issues for access points

    What do I do if mount: unknown filesystem type 'alinas' is returned when I mount a file system?

    Reinstall the client alinas-utils. For more information, see Install the NAS client.

    What do I do if mount.nfs: an incorrect mount option was specified is returned when I mount a file system?

    • Cause

      The mount command is incorrect or the NAS client version is outdated.

    • Solution

      1. Check whether the parameter values in the mount command are correct. For more information, see Mount the NFS file system.

      2. Run the following command to check the version of the NAS client. If the version is earlier than 1.1-8, upgrade the NAS client to the latest version. 

        rpm -qa | grep alinas

    What do I do if mount.nfs: Unknown error 521 is returned when I mount a file system?

    • Cause

      1. The domain name of the access point is incorrect.

      2. The permission group configuration of the access point is incorrect.

      3. After the RAM policy is enabled, the RAM policy is not configured or the AccessKey ID or AccessKey secret is incorrectly configured in the .credential configuration file.

      4. The STS token has expired.

    • Solution

      1. Check whether the domain name specified in the mount command is correct.

        For more information about how to view the domain name of an access point, see View the domain name of an access point.

      2. Check the permission group configuration of the access point.

        You can click Manage in the Actions column of the access point on the Access Point tab to go to the access point details page and view the permission group to which the access point belongs. For more information about permission groups, see Manage permission groups.

      3. If the RAM policy is enabled for the access point, perform the following operations:

        1. Check whether the mount command contains the ram parameter. Sample mount commands:

          NFSv3

          sudo mount -t alinas -o tls,vers=3,ram <access-point>:/ /mnt

          NFSv4.0

          sudo mount -t alinas -o tls,vers=4.0,ram <access-point>:/ /mnt

        2. Check whether the AccessKey pair configured for the RAM user is correct.

          For more information about how to configure the RAM information, see Configure the RAM information.

        3. Check whether the nas:ClientMount permission on the access point is granted to the RAM user and whether the policy for the access point client is correct.

          For more information about the policy for the access point client, see Configure a policy for the access point client.

        4. If you use an STS token to access the file system, check whether the STS token has expired.

    What to do next