8 File System Storage

The File Storage service provides scalable and secure shared network file systems.

The File Storage service encrypts all file system and snapshot data at rest.

You can mount a File Storage service file system on any compute instance in your Virtual Cloud Network (VCN).

For more conceptual information, refer to the File Storage Overview chapter in the Oracle Private Cloud Appliance Concepts Guide.

Creating a File System, Mount Target, and Export

This section describes how to perform all the tasks that are required to create a file system and make it available for instances.

Task Flow

No.	Description	Links to Procedures
1.	Ensure a mount target is available that is assigned to the VCN and subnet of your choice. Create a mount target if one doesn't exist. Only one mount target can be created per VCN. A mount target can be used for many file systems. Note – the file system and mount target must be in the same compartment when you create an export.	Creating a Mount Target
2.	Create the file system.	Creating a File System
3.	Create a file system export in the mount target.	Creating an Export for a File System
4.	Enable Security Rules for File Storage.	Controlling Access to File Storage
5.	Change NFS export options to control access to the file system.	Setting NFS Export Options

After the file system is exported, on the NFS client, perform these tasks to mount the file system:

1. (If needed) Install NFS client software.

2. Create a mount point.

3. On the client, mount the file system to the mount point.

4. On the client, add whatever files, directories, and data that you want in the file system.

For more information about mounting file systems, see Mounting File Systems on UNIX-Based Instances.

Creating a Mount Target

A mount target is an NFS endpoint assigned to a subnet of your choice. The mount target provides the IP address or DNS name that is used in the mount command when connecting NFS clients to a file system.

For an instance to mount a file system, the instance's VCN must have a Mount Target.

You can only create one mount target per VCN. If a mount target is already created in the VCN you want to use, do not create a new mount target. Instead, use the mount target that is already available.

You can reuse the same mount target to make many file systems available on the network. To reuse the same mount target for multiple file systems, create an export in the mount target for each file system.

Caution:

Do not use /30 or smaller subnets for mount target creation because they might not have sufficient available IP addresses.

Important:

When more than one file system is exported to the same mount target, you must export to the mount target with the smallest network (largest CIDR number) first. For detailed information and instructions, refer to My Oracle Support document PCA File system as a Service Exports (Doc ID 2823994.1).

Before you can create a mount target, ensure that these items are configured:

• At least one Virtual Cloud Network (VCN) in the compartment where the file system will be created. See Configuring VCN Gateways

• An internet gateway with a route rule in the VCN. See Configuring VCN Rules and Options.

• (Optional) Security rules for the file system mount target. Security rules can be created in the security list for the mount target subnet, or in a Network Security Group (NSG) that you add the mount target to. See Controlling Access to File Storage.

  Note – You don't need security rules to create a mount target, but you need the rules to eventually mount files systems that are associated with this mount target.

Using the Compute Web UI

1. In the navigation menu, under File Storage, click Mount Target.

   If a mount target is listed, you can use the existing mount target if it is on the subnet you are planning to assign the mount target. Click the mount target name to see the details. If the mount target meets your needs, skip this procedure and go to Creating a File System.

2. Click Create Mount Target.

3. Enter the mount target information:

   • Name: It doesn't have to be unique. An Oracle Cloud Identifier (OCID) uniquely identifies the mount target. Avoid entering confidential information.

     Note:

     The mount target name is different than the DNS hostname.

   • Create in Compartment: Specify the compartment.

   • VCN: Select the VCN where you want to create the new mount target.

   • Subnet: Select a subnet to attach the mount target to.

   • Enable Network Security Groups: Select this option to add this mount target to an NSG you've created.

     Important:

     Rules for the NSG you select must be configured to allow traffic to the mount target's VNIC using specific protocols and ports. For more information, see Controlling Access to File Storage Configuring VCN Security Rules for File Storage.

   • IP Address: Optionally, you can specify an unused IP address in the subnet you selected for the mount target. If left blank, an IP address is automatically assigned.

   • Hostname: Optionally, you can specify a hostname you want to assign to the mount target.

     Note:

     The File Storage service constructs a fully qualified domain name (FQDN) by combining the hostname with the FQDN of the mount target subnet.

     For example, myhostname.subnet123.dnslabel.examplevcn.com.

   • Tagging: Optionally, add one or more tags to this resource.

     If you are not sure whether to apply tags, skip this option (you can apply tags later).

     For more information about tagging resources, see Working with Resource Tags.

4. Click Create Mount Target.

   Next, create a file system. See Creating a File System.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Availability Domain Name (oci iam availability-domain list)

   • Compartment OCID (oci iam compartment list)

   • Subnet OCID (oci network subnet list)

   • (Optional) Display Name you wanted assigned to this mount target.

2. Run this command.

   Note:

   This procedure shows the minimum required parameters for this command. For information about optional parameters, run the command with the --help option.

   Syntax (entered on a single line):

   oci fs mount-target create
   --availability-domain <availability_domain_name> 
   --compartment-id <compartment_OCID>
   --subnet-id <subnet_OCID> 
   --display-name <name_to_assign_to_mount-target>
   

   Example:

   oci fs mount-target create  \
   --availability-domain MyAD  \
   --compartment-id ocid1.compartment.….….….uniqueID  \
   --subnet-id ocid1.subnet.….….….uniqueID  \
   --display-name MyMountTarget2
   {
     "data": {
       "availability-domain": "pca",
       "compartment-id": "ocid1.compartment.….….….uniqueID",
       "defined-tags": {},
       "display-name": "MyMountTarget2",
       "export-set-id": "ocid1.exportset.….….….uniqueID",
       "freeform-tags": {},
       "id": "ocid1.mounttarget.….….….uniqueID",
       "lifecycle-details": null,
       "lifecycle-state": "CREATING",
       "nsg-ids": null,
       "private-ip-ids": null,
       "subnet-id": "ocid1.subnet.….….….uniqueID",
       "time-created": null
     },
     "etag": "2d278b37-a74a-4fec-b74a-fd9e9a1c72de"

3. Next, create a file system. See Creating a File System.

Creating a File System

Using the OCI CLI, you can set a value for the databaseRecordSize property.

Using the Compute Web UI

1. In the navigation menu, under File Storage, click File Systems.

2. In the left panel, select File Systems.

3. Click Create File System.

4. Enter this information:

   • File System Information:

     • Name: It doesn't have to be unique. An Oracle Cloud Identifier (OCID) uniquely identifies the file system. Avoid entering confidential information.

     • Create in Compartment: Select the compartment where the file system is created.

     • Tagging: Optionally, add one or more tags to this resource.

       If you are not sure whether to apply tags, skip this option (you can apply tags later).

       For more information about tagging resources, see Working with Resource Tags.

5. Click Create File System.

   The file system is created.

   Next, create an export for the file system. See Creating an Export for a File System.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Availability Domain Name (oci iam availability-domain list)

   • Compartment OCID (oci iam compartment list)

   • File System Name: The display name you want assigned to this file system

2. Run this command.

   Syntax:

   oci fs file-system create --availability-domain availability_domain_name \
   --compartment-id compartment_OCID

   Example:

   oci fs file-system create --availability-domain ad1 \
   --compartment-id ocid1.compartment.unique_ID --display-name MyFileSystem
   
   {
     "data": {
       "availability-domain": "pca",
       "compartment-id": "ocid1.compartment.unique_ID",
       "defined-tags": {},
       "display-name": "MyFileSystem",
       "freeform-tags": {},
       "id": "ocid1.filesystem.unique_ID",
       "kms-key-id": null,
       "lifecycle-state": "CREATING",
       "metered-bytes": 0,
       "time-created": null
     },
     "etag": "58dec47e-4732-4730-9e18-6b5db1ac30d6"
   }

   Example specifying values for the databaseRecordSize property:

   You can use OraclePCA defined tags to set a value for the databaseRecordSize property. See Adding Tags at Resource Creation for information about how to specify a defined tag.

   The value of the databaseRecordSize property must one of the following, in bytes: 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536, 131072, 262144, 524288, 1048576. The default database record size is 131072 bytes.

   The databaseRecordSize property can be set only when the file system is created. You cannot change the database record size with the update command.

   oci fs file-system create --availability-domain ad1 \
   --compartment-id ocid1.compartment.unique_ID --display-name myfilesystem \
   --defined-tags '{"OraclePCA":{"databaseRecordSize":8192}}'

3. Next, create an export for the file system. See Creating an Export for a File System.

Creating an Export for a File System

Exports control how NFS clients access file systems when they connect to a mount target.

A file system must have at least one export in one mount target for instances to mount the file system.

Important:

When more than one file system is exported to the same mount target, you must export to the mount target with the smallest network (largest CIDR number) first. For detailed information and instructions, refer to My Oracle Support document PCA File system as a Service Exports (Doc ID 2823994.1).

Using the Compute Web UI

1. In the navigation menu, under File Storage, click File Systems.

2. In the left panel, select File Systems.

3. Click the name of the file system that you plan to create an export for.

4. In the lower panel, click Create Export.

5. Enter the required information:

   • Mount Target: Select a mount target from the list.

   • Source CIDR: Enter the longest CIDR (smallest network) in the CIDR range. Starting with the smallest CIDR range (largest network) will result in an error later in the process, because CIDR ranges larger than existing ones will not be accepted. For example, 10.0.0.0/29 is a longer CIDR than 10.0.0.0/28, so 10.0.0.0/29 should be added first.

6. Click Create Export.

   The file system export is created and the export details page is displayed.

7. In the export details page, make note of the export path. The export path is used to mount the file system on an instance. Example:

   
   
   

8. In the lower panel, review the NFS Export Options.

   The NFS export options for that file system are set to the default values, which allow full access for all NFS client source connections. These defaults must be changed if you want to restrict access.

9. Consider your next action:

   • Mount the file system from an NFS client. See Mounting File Systems on UNIX-Based Instances.

   • Configure NFS options to secure the exported file system. See Setting NFS Export Options.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Export set OCID (oci fs export-set list --availability-domain <name> --compartment-id <compartment_OCID> )

   • File system OCID (oci fs file-system list --availability-domain <name> --compartment-id <compartment_OCID> )

   • (Required) Export path of your choice. The system assigns an auto-generated path to the export. The auto-generated path is eventually used to mount the file system. The path you enter here is recorded, but not used.

2. Run this command.

   Note:

   This procedure shows the minimum required parameters for this command. For information about optional parameters, run the command with the --help option.

   Syntax (entered on a single line):

   oci fs export create 
   --export-set-id <export_set_OCID> 
   --file-system-id <file_system_OCID> 
   --path "</pathname>"

   Example:

   oci fs export create  \
   --export-set-id  ocid1.exportset.….….….uniqueID  \
   --file-system-id  ocid1.filesystem.….….….uniqueID  \
   --path "/export/departmentA"
   {
     "data": {
       "export-options": [
         {
           "access": "READ_WRITE",
           "anonymous-gid": 65534,
           "anonymous-uid": 65534,
           "identity-squash": "NONE",
           "require-privileged-source-port": false,
           "source": "0.0.0.0/0"
         }
       ],
       "export-set-id": "ocid1.exportset.….….….uniqueID",
       "file-system-id": "ocid1.filesystem.….….….uniqueID",
       "id": "ocid1.export.….….….uniqueID",
       "lifecycle-state": "ACTIVE",
       "path": "/export/18lt6v4drhddiz2mn7vwmqt7mjiz3kfbw4reqaew33y50pdrj35p4ef5p04x",
       "time-created": "2021-09-02T22:41:36.284348+00:00"
     },
     "etag": "a0842b0b-b27b-4c98-a1ff-da85ae4bf150"
   }

3. In the output, make note of the value for "path". The path value is used to mount the file system. Example:

   ...
         "path": "/export/18lt6v4drhddiz2mn7vwmqt7mjiz3kfbw4reqaew33y50pdrj35p4ef5p04x",
         "time-created": "2021-09-01T19:23:15.774764+00:00"
   ...

4. In the output, review the export options.

   In this example, the NFS export options for the file system are set to the default values, which allow full access for all NFS client source connections. These defaults must be changed if you want to restrict access

5. Next, control access to the file system.

   See Controlling Access to File Storage.

Controlling Access to File Storage

Before you can mount a file system, you must configure security rules to allow traffic to the mount target's VNIC using specific protocols and ports. Security rules enable traffic for the following protocols:

• Open Network Computing Remote Procedure Call (ONC RPC) rpcbind utility protocol

• Network File System (NFS) protocol

• Network File System (MOUNT) protocol

For more conceptual information, refer to the File Storage Overview chapter in the Oracle Private Cloud Appliance Concepts Guide.

Configuring VCN Security Rules for File Storage

You can add the required rules to a preexisting security list associated with a subnet, such as the default security list that is created along with the VCN.

For specific information about which security rules are required for the File Storage service, refer to File Storage Network Ports in the File Storage Overview chapter in the Oracle Private Cloud Appliance Concepts Guide.

For more information about managing VCNs and subnets, see Managing VCNs and Subnets.

Using the Compute Web UI

1. In the navigation menu, under Networking, click Virtual Cloud Networks.

2. Select the compartment where the VCN is located.

3. Click the name of the VCN.

4. Under Resources, click Security Lists.

5. Click the name of the security.

6. Under Resources, click Ingress Rules.

7. Click Create Ingress Security Rule, and enter the required information:

   • Stateless check box: Specify a stateful rule by leaving the check box unchecked.

   • Ingress CIDR: Enter the CIDR block for the subnet. For example, 10.0.0.0/24.

   • IP Protocol: Choose the protocol. For example, TCP.

   • Description: Enter a meaningful description for the rule.

8. Click Create Security List Rule.

9. Under Resources, click Egress Rules.

10. Click Create Egress Security Rule and enter the required information:

    • Stateless check box: Specify a stateful rule by leaving the check box unchecked.

    • Egress Type: To allow traffic from the subnet, select CIDR.

    • Egress CIDR: Enter the CIDR block for the subnet. For example, 10.0.0.0/24.

    • IP Protocol: Choose the protocol. For example, TCP.

    • Description: Enter a meaningful description for the rule.

11. Click Create Security List Rule.

Adding File Storage to a Network Security Group

Task Flow

No.	Description	Links to Procedures
1.	Create an NSG with the required security rules. (Alternatively, you can add them to a previously existing NSG.)	Controlling Traffic with Network Security Groups
2.	Add the mount target (or more specifically, the mount target's VNIC) to the NSG. You can do this task when you create the mount target, or you can update the mount target and add it to one or more NSGs that contain the required security rules.	Adding a Mount Target to a Network Security Group
3.	If you're setting up a mount target and instance in different subnets, add the instance (or more specifically, the instance's primary VNIC) to the NSG that contains the required security rules. You can do this task when you create the instance, or you can directly update the instance's primary VNIC.	Updating a VNIC

Adding a Mount Target to a Network Security Group

You can add the mount target to one or more Network Security Groups (NSGs). File storage requires specific rules to be configured for NSGs that are associated with mount targets.

Using the Compute Web UI

1. Ensure that an NSG with ingress and egress rules has been configured.

   See Configuring VCN Rules and Options.

2. Ensure that a mount target is created.

   See Managing VCNs and Subnets.

3. In the navigation menu, under File Storage, click Mount Targets.

4. Click the mount target name to see the details page.

5. Click Edit.

6. Enable Network Security Groups.

7. Select the NSG from the list.

8. Click Save Changes.

Using the OCI CLI

1. Ensure that an NSG with ingress and egress rules has been configured.

   See Configuring VCN Rules and Options.

2. Ensure that a mount target is created.

   See Managing VCNs and Subnets.

3. Gather the information that you need to run the command:

   • Mount target OCID (oci fs mount-target list)

   • NSG OCIDs (oci network nsg list)

4. Run this command.

   Syntax (entered on a single line):

   oci fs mount-target update 
   --mount-target-id <mount_target_OCID>  
   --nsg-ids '["<nsg1_OCID>","i"]'

   Example:

   oci fs export update  \
   --mount-target-id ocid1.mounttarget.….….….uniqueID  \
   --nsg-ids '["ocid1.networksecuritygroup.….….….uniqueID-01","ocid1.networksecuritygroup.….….….uniqueID-02"]'
   

Setting NFS Export Options

When you create a file system and export, the NFS export options for that file system are set to the defaults listed in this table. The default values allow full access for all NFS client source connections. These defaults must be changed if you want to restrict access:

Caution:

If a file system is mounted by any clients, creating, deleting, or editing the Source value can disrupt file system I/O operations.

Export Option in the UI	Export Option in the CLI	Default Value	Description
Source:	source	0.0.0.0/0	The IP address or CIDR block of a connecting NFS client.
Ports:	require-privileged-source-port	Any	Always set to: UI: Any CLI: false
Access:	access	Read/Write	Specifies the source NFS client access. Can be set to one of these values: READ_WRITE READ_ONLY
Squash:	identity-squash	None	Determines whether the clients accessing the file system as root have their User ID (UID) and Group ID (GID) remapped to the squash UID/GID. Possible values: Root – Only the root user is remapped. None – No users are remapped.
Squash UID/GID:	anonymous-uid and anonymous-gid	65534	This setting is used along with the Squash option. When remapping a root user, you can use this setting to change the default anonymousUid and anonymousGid to any user ID of your choice.

Note – If you change the RW/RO permissions of an export option for an SMB share, the changes are only enforced for newly network-mapped drives of that share. Any previously mapped drives of the same share retain the original permissions. To have the changed permissions enforced on previously mapped drives on SMB clients, disconnect the shares and map them again.

For more information about configuring the options to suit various access scenarios, refer to the section titled NFS Access Control and Export Options in the File Storage Overview chapter in the Oracle Private Cloud Appliance Concepts Guide.

Using the Compute Web UI

1. In the navigation menu, under File Storage, click File Systems.

2. Select the appropriate compartment.

3. Click the file system name.

4. Under Resources, select Exports.

5. Click the export's export path.

   The NFS Export Options are displayed.

6. Click Edit Options.

7. In the NFS Export Options dialog, configure the NFS options.

8. Click Update Options.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Export ID (oci fs export list --all --compartment-id <compartment_OCID> )

   • Export options, listed in json format, in a json file or as a string on the command line.

2. Run this command.

   Note:

   This procedure shows the minimum required parameters for this command. For information about optional parameters, run the command with the --help option.

   Syntax (entered on a single line):

   oci fs export update
   --export-id <export_id> 
   --export-options <file://json_file or json_string>
                           

   Note – The require-privileged-source-port option can only be set to false.

   This example sets the export options for file system A to allow read/write access only to Client A, who is assigned to CIDR block 10.0.0.0/24. Client B and Client C are not included in this CIDR block, and cannot access the file system:

   oci fs export update  \
   --export-id File_system_A_export_ID  \
   --export-options  \
   '[{"source":"10.0.0.0/24","require-privileged-source-port":"false","access":"READ_WRITE","identity-squash":"NONE","anonymous-uid":"65534","anonymous-gid":"65534"}]'
   
   WARNING: Updates to export-options will replace any existing values. Are you sure you want to continue? [y/N]: y
   {
     "data": {
       "export-options": [
         {
           "access": "READ_WRITE",
           "anonymous-gid": 65534,
           "anonymous-uid": 65534,
           "identity-squash": "NONE",
           "require-privileged-source-port": false,
           "source": "10.0.0.0/24"
         }
       ],
       "export-set-id": "ocid1.exportset.….….….uniqueID",
       "file-system-id": "ocid1.filesystem.….….….uniqueID",
       "id": "ocid1.export.oc1.pca.….….….uniqueID",
       "lifecycle-state": "ACTIVE",
       "path": "/export/85aiiadc1w81s8id63knxdq22nt95pe63sgs9c45yp3qovhut14cq9r6eqhn",
       "time-created": "2021-09-27T20:20:34.231009+00:00"
     },
     "etag": "bc660e11-644a-4043-9ad7-622d9581da9b"
   }

Mounting File Systems on UNIX-Based Instances

Instance users of UNIX based operating systems, such as Linux and Oracle Solaris, can use OS commands to mount and access file systems.

Mount targets serve as network access points for file systems. After your mount target is assigned an IP address, you can use it together with the export path to mount the file system.

On the instance from which you want to mount the file system, you need to install an NFS client package and create a mount point. When you mount the file system, the mount point effectively represents the root directory of the File Storage file system, allowing you to write files to the file system from the instance.

Prerequisites

• The file system must be created and have at least one export in a mount target. See Creating a File System, Mount Target, and Export.

• The mount target must have correctly configured security rules or be assigned to an NSG. See Configuring VCN Security Rules for File Storage.

Note:

Only for NFSv4 Mounts in Oracle Linux instances – If you find that the file system owner is assigned as nobody instead of the actual user who mounts the file system, and if you have not set identity squash, you might need to edit the /etc/idmapd.conf file. In the file, set the DOMAIN entry to either localdomain or to the Active Directory domain name, if applicable. After the change, run service rpcidmapd restart to restart the rpcidmapd service.

Defining settings in the /etc/idmapd.conf file is specific to Oracle Linux, and there are other ways to configure the domain depending on the OS in use. Consult your operating system documentation.

For more conceptual information, refer to the File Storage Overview chapter in the Oracle Private Cloud Appliance Concepts Guide.

Obtaining the Mount Target IP Address

To mount a file system, you need to know the private IP address of the mount target that has the export for the file system.

Using the Compute Web UI

1. In the navigation menu, under File Storage, click Mount Target.

2. Click the Mount Target name to see the details page.

   The IP address is displayed.

Using the OCI CLI

1. Gather the information that you need to run the commands:

   • Mount Target ID (oci fs mount-target list --availability-domain <availability_domain_name> --compartment-id <compartment_OCID>)

2. Run this command to get the mount target IP ID.

   Syntax (entered on a single line):

   oci fs mount-target get
   --mount-target-id <mount_target_OCID>
                           

   Example:

   oci fs mount-target get  \
   --mount-target-id ocid1.mounttarget.….….….uniqueID 
   {
     "data": {
       "availability-domain": "ad1",
       "compartment-id": "ocid1.tenancy.….….….uniqueID
       "defined-tags": {
         "Finance": {
           "CostCenter": "admin"
         }
       },
       "display-name": "mount-target01",
       "export-set-id": "ocid1.exportset.….….….uniqueID",
       "freeform-tags": {},
       "id": "ocid1.mounttarget.….….….uniqueID",
       "lifecycle-details": null,
       "lifecycle-state": "ACTIVE",
       "nsg-ids": [],
       "private-ip-ids": [
         "ocid1.privateip.….….….uniqueID"
       ],
       "subnet-id": "ocid1.subnet.….….….uniqueID",
       "time-created": "2021-09-01T18:45:25.251048+00:00"
     },
     "etag": "c2f84c0b-d0b5-422c-9761-9e43d7fc4214"
   }

3. Run this command to get the mount target IP address.

   Syntax (entered on a single line):

   oci network private-ip get 
   --private-ip-id <mount_target_IP_OCID>
                           

   Example:

   oci network private-ip get  \
   --private-ip-id ocid1.….….….uniqueID{
     "data": {
       "availability-domain": "ad1",
       "compartment-id": "ocid1.tenancy..….….….uniqueID",
       "defined-tags": {},
       "display-name": "privateip20210901184525",
       "freeform-tags": {},
       "hostname-label": null,
       "id": "ocid1.privateip.….….….uniqueID",
       "ip-address": "10.200.0.3",
       "is-primary": false,
       "subnet-id": "ocid1.subnet.….….….uniqueID",
       "time-created": "2021-09-01T18:45:25.406808+00:00",
       "vlan-id": null,
       "vnic-id": "ocid1.vnic.….….….uniqueID"
     },
     "etag": "c98377e4-ae89-46cf-9c61-52aea68a3476"
   }

Mounting a File System on Linux, RedHat, or CentOS

1. Log into the instance where you want to mount the file system.

   See Connecting to a Compute Instance.

   Example:

   ssh user@192.0.2.0

2. Install the NFS client using this command:

   sudo yum install nfs-utils

3. Create a directory that will be used as the mount point.

   Replace <yourmountpoint> with a directory name of your choice. Example: /mnt/mountpoint-A

   sudo mkdir -p <yourmountpoint>

4. Mount the file system.

   Caution:

   Omitting the -o nosuid option can allow unprivileged users to escalate their permissions to 'root'. The nosuid option disables set-user-identifier or set-group-identifier bits within the mounted system, which are rarely used.

   Example:

   sudo mount -t nfs -o nfsvers=<version>,nosuid <10.x.x.x>:<fs-export-path>
                              <yourmountpoint>

   • Replace <version> with one of the following, based on the NFS protocol version you want to use:

     • 3,noacl

     • 4.0

     • 4.1

   • Replace <10.x.x.x> with the mount target's private IP address. See Obtaining the Mount Target IP Address.

   • Replace <fs-export-path> with the export path that was generated when the export was created. See Creating an Export for a File System.

   • Replace <yourmountpoint>with the full path to the local mount point.

5. View the mounted file system.

   df -h

6. Write a file to the file system.

   Replace <yourmountpoint> with the path to the local mount point and <filename>with your file name.

   sudo touch /mnt/<yourmountpoint>/<filename>

7. Verify that you can access the file system and view the file.

   Replace yourmountpoint with the path to the local mount point.

   cd <yourmountpoint>
   ls

8. Add the file system mount information to the appropriate mount file for your OS.

   So far, the file system is manually mounted to the client. If the client is rebooted, the file system won't automatically mount unless you add it to the mount file (for example the /etc/fstab or /etc/vfstab file).

Mounting a File System on Ubuntu or Debian

Operating Systems and versions of operating systems differ in the way software is added. Consult the documentation for our specific operating system for details.

1. On the NFS client, open a command window, and install the NFS client using this command:

   sudo apt-get install nfs-common

2. Create a directory that will be used as the mount point.

   Replace <yourmountpoint> with a directory name of your choice. Example: /mnt/mountpoint-A

   sudo mkdir -p <yourmountpoint>

3. Mount the file system.

   Caution:

   Omitting the -o nosuid option might allow unprivileged users to escalate their permissions to 'root'. The nosuid option disables set-user-identifier or set-group-identifier bits within the mounted system, which are rarely used.

   Example:

   sudo mount -t nfs -o nfsvers=<version>,nosuid <10.x.x.x>:<fs-export-path>
                              <yourmountpoint>

   • Replace <version> with one of the following, based on the NFS protocol version you want to use:

     • 3,noacl

     • 4.0

     • 4.1

   • Replace <10.x.x.x> with the mount target's private IP address. See Obtaining the Mount Target IP Address.

   • Replace <fs-export-path> with the export path that was generated when the export was created.

     See Creating an Export for a File System.

   • Replace <yourmountpoint>with the full path to the local mount point.

4. View the file system.

   df -h

5. Write a file to the file system.

   Replace <yourmountpoint> with the path to the local mount point and <filename>with your file name.

   sudo touch /mnt/<yourmountpoint>/<filename>

6. Verify that you can access the file system and view the file.

   Replace yourmountpoint with the path to the local mount point.

   cd <yourmountpoint>
   ls

7. Add the file system mount information to the appropriate mount file for your OS.

   So far, the file system is manually mounted to the client. If the client is rebooted, the file system won't automatically mount unless you add it to the mount file (for example the /etc/fstab or /etc/vfstab file).

Configuring a File System to Automatically Mount (Linux Instances)

On Linux instances, if you want to automatically mount exported file systems during an instance boot, you need to add the mount information in the /etc/fstab file.

1. Log into the instance where you want the file system mounted.

   See Connecting to a Compute Instance.

2. Create a mount point, if one has not been created.

   Example:

   mkdir /mnt/fs01

3. Open the /etc/fstab file in an editor and add a line for the nfs file systems you want automatically mounted.

   This is an example of an /etc/fstab file entry.

   192.0.2.0:/export/3ywflz8hhqfde81miewqwjfd049zju69502t9ouo6shzidr4dndaz1hd6qfi /mnt/fs01 nfs nfsvers=4.1,nosuid,nofail 0 0

   The /etc/fstab file space-separated fields are specified with these entries:

   • Field 1: Device to mount. For network file systems, specify: <mount target IP> : <export_path>

     See Obtaining the Mount Target IP Address and Creating an Export for a File System.

   • Field 2: Full path of the mount point on the instance.

   • Field 3: File system type. In this case, specify nfs.

   • Field 4: NFS mount options separated with commas, such as:

     nfsvers=<version>,nosuid,nofail

     • nfsvers= where <version> is one of the following:

       • 3,noacl

       • 4.0

       • 4.1

     • nosuid – prevents unprivileged users from escalating their permissions to root.

     • nofail – Ensures that an unavailable file system does not cause the instance reboot process to fail.

     In this case, use the same options as described in Mounting a File System on Linux, RedHat, or CentOS. Each option is separated by a comma (no spaces).

   • Field 5: Obsolete option for dump backups. Specify 0 (zero) for no dump backup.

   • Field 6: File system check (fsck) order. Specify 0 (zero) for no check.

4. Use this command to mount the volumes that are in the /etc/fstab file:

   sudo mount -a

   If you get any error messages, fix the cause before proceeding.

5. Verify that the file systems are mounted:

   mount | grep nfs

6. To verify that the file system will automatically mount, reboot the instance.

   sudo reboot
   

7. After the reboot, log into the instance and check to see if the nfs file system is mounted.

   mount | grep nfs

Mounting File Systems On Microsoft Windows Instances

You can make file systems available to Microsoft Windows instances by mapping a network drive to the mount target IP address and export path provided by the File Storage service. You can accomplish this task using NFS or SMB protocols.

Using the SMB protocol requires that the Microsoft Windows instances and Oracle Private Cloud Appliance belong to the same Active Directory domain.

For more information about configuring Active Directory in the Service Enclave, refer to Configuring the Active Directory Domain for File Storage in the Hardware Administration chapter of the Oracle Private Cloud Appliance Administrator Guide.

For more conceptual information, refer to the File Storage Overview chapter in the Oracle Private Cloud Appliance Concepts Guide.

Mounting a File System On a Microsoft Windows Instance Using NFS

Prerequisites

• The file system must be created and have at least one export in a mount target. See Creating a File System, Mount Target, and Export.

• The mount target must have correctly configured security rules or be assigned to an NSG. See Configuring VCN Security Rules for File Storage.

• You must know the mount target's IP address. See Obtaining the Mount Target IP Address.

• You must be able to log into the Microsoft Windows OS on the instance with superuser or administrator privileges.

Before You Begin

The following tasks are included in this procedure, and you might want to be aware of them before you begin.

• Installation of the Microsoft Windows NFS Client – This service must be installed on the instance from which you want to mount the file system. Installing the client often requires a restart of the instance.

• The AnonymousGid and AnonymousUid identity values must be configured to allow write access. – Access to NFS file systems requires UNIX user and group identities, which are not the same as Microsoft Windows user and group identities. By default, file systems write permissions are only granted to the root user. To enable user access to NFS shared resources, the Microsoft Windows client for NFS accesses file systems anonymously, using AnonymousGid and AnonymousUid.

  Caution:

  Updating the AnonymousGid and AnonymousUid values require registry changes to your instance.

Choose one the following methods:

• Using the Microsoft Windows Command Prompt

• Using Microsoft Windows File Explorer

Using the Microsoft Windows Command Prompt

1. Log into your Microsoft Windows instance.

   See Connecting to a Compute Instance.

2. Open Microsoft Windows PowerShell and run as Administrator:

   1. Go to Start and open Microsoft Windows PowerShell.

   2. In Microsoft Windows PowerShell, type the following to run as Administrator:

      Start-Process powershell -Verb runAs

   3. In the User Account Control window, click Yes. A new Administrator: PowerShell window opens. You can close the standard PowerShell window to avoid confusing them.

3. In Administrator: PowerShell, get the NFS client and update the registry by typing the following:

   Install-WindowsFeature -Name NFS-Client
   Set-ItemProperty HKLM:\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default -Name AnonymousUid -Value 0
   Set-ItemProperty HKLM:\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default -Name AnonymousGid -Value 0
   Stop-Service -Name NfsClnt
   Restart-Service -Name NfsRdr
   Start-Service -Name NfsClnt

4. Open a standard Command Prompt Window.

   Important:

   NFS file systems mounted as Administrator are not available to standard users.

5. From the Command Prompt window, mount the file system.

   See the cautions and notes below the example.

   In the following example, replace:

   • 10.x.x.x with the mount point IP address (see Obtaining the Mount Target IP Address)

   • fs-export-path with the file system export path (see Creating an Export for a File System)

   • X with the drive letter of any available drive you want to map the file system to.

   Example:

   mount 10.x.x.x:/fs-export-path X:

6. Verify that you can access and write to the file system.

   1. Access the file system.

      In the example, replace X with the drive letter you used to mount the file system.

      X:

   2. Write a file.

      echo > myfile.txt

   3. Verify that you can view the file.

      dir

Using Microsoft Windows File Explorer

1. Log into your Microsoft Windows instance.

   See Connecting to a Compute Instance.

2. Open Microsoft Windows PowerShell and run as Administrator:

   1. Go to Start and open Microsoft Windows PowerShell.

   2. In Microsoft Windows PowerShell, type the following to run as Administrator:

      Start-Process powershell -Verb runAs

   3. In the User Account Control window, click Yes. A new Administrator: PowerShell window opens. You can close the standard PowerShell window to avoid confusing them.

3. In Administrator: PowerShell, get the NFS client by typing the following:

   Install-WindowsFeature -Name NFS-Client

4. If necessary, restart your system.

5. Open the registry editor (regedit) to map the AnonymousGid and AnonymousUid to the root user.

   Caution:

   User identity mapping requires changes to your system registry.

   1. Click Windows Search.

   2. Enter regedit in the Search field and press Enter.

   3. Click Yes to allow changes to your device.

   4. Click HKEY_LOCAL_MACHINE. Then, browse to: Software\Microsoft\ClientForNFS\CurrentVersion\Default.

6. Add a new DWORD32 registry entry for AnonymousGid:

   1. Click Edit, and select New DWORD (32 bit) Value.

   2. In the Name field, enter AnonymousGid. Leave the value at 0.

7. Repeat the previous step to add a second DWORD32 registry entry named AnonymousUid with a value of 0.

8. Open Microsoft Windows Command Line (CMD) and run as Administrator:

   1. Go to Start and scroll down to Apps.

   2. In the Windows System section, press Ctrl+Shift and click Command Prompt.

9. In the Microsoft Windows Command Line (CMD) window, restart the NFS Client by typing the following:

   nfsadmin client stop

   nfsadmin client start

10. Open File Explorer and select This PC. In the Computer tab, select Map network drive.

11. Select the Drive letter that you want to assign to the file system.

12. In the Folder field, enter the following line, replacing:

    • 10.x.x.x with the mount point IP address (see Obtaining the Mount Target IP Address)

    • fs-export-path with the file system export path (see Creating an Export for a File System)

    Line:

    \\10.x.x.x\fs-export-path
                            

13. Click the Finish button when complete.

Mounting a File System on a Window Instance Using SMB

General Prerequisites

• The file system must be created and have at least one export in a mount target. See Creating a File System, Mount Target, and Export.

• The mount target must have correctly configured security rules or be assigned to an NSG. See Configuring VCN Security Rules for File Storage.

• You must know the mount target's IP address. See Obtaining the Mount Target IP Address.

• You must be able to log into the Microsoft Windows OS on the instance with superuser or administrator privileges.

Specific Prerequisites for SMB Support

SMB support for the File Storage service requires that both Oracle Private Cloud Appliance and the client Microsoft Windows instances belong to the same Active Directory (AD) domain.

This procedure assumes that the AD service is already configured in your data center infrastructure.

To add a Microsoft Windows instance to your AD service, perform the necessary administrative tasks according to the documentation for your version of Microsoft Windows OS.

To add the appliance to your AD service, an administrator with privileges to the OOracle Private Cloud Appliance Service Enclave must add the AD domain name to the appliance's Active Directory Domain configuration. For information on how to perform this task, refer to Hardware Administration in the Oracle Private Cloud Appliance Administrator Guide.

Relaxing File System Permissions Before Network Mapping with SMB

By default, write permissions to a file system are limited to the UNIX superuser and group identity. To provide write permission to AD domain users, the permissions need to be relaxed.

1. Mount the network drive using NFS protocol.

   See Mounting a File System On a Microsoft Windows Instance Using NFS.

2. Relax the file system permissions:

   1. Open File Explorer, select the mapped drive and right-click on it, then select Properties.

   2. Select the NFS Attributes tab.

   3. Change File permissions by checking all RWX check boxes to relax the permissions for Owner, Group, and Other.

   4. Click OK.

3. Disconnect the NFS-mounted drive.

   Now that the file system permissions are relaxed, you can mount the file system using the SMB protocol.

Mounting a File System Using SMB

1. Log into your Microsoft Windows instance.

   See Connecting to a Compute Instance.

2. Open File Explorer and select This PC.

3. In the Computer tab, select Map network drive.

4. In the Folder field, enter the following line and replace these items:

   • 10.x.x.x with the mount target IP address.

   • fs-export-path-ID with the file system export path (see Creating an Export for a File System)

     Note – Do not include \export in the fs-export-path-ID string when mounting using SMB.

   \\10.x.x.x\fs-export-path-ID

   Example:

   \\192.0.2.0\39u21btystm8x1axizezb9a3lfnpzjho98evi3ij450i96vj0a8jpf36au26

5. select the 'Drive' letter of any available drive you want to map the file system to.

6. If needed, select the Connect using different credentials check box.

7. Click Finish.

8. When prompted, provide the user name and password of the AD domain user used for mapping the network drive.

9. Click OK.

10. In a Command Prompt window (cmd), verify that the drive is properly mapped using this command:

    C:\>net use
    New connections will be remembered.
    Status       Local     Remote                    Network
    -------------------------------------------------------------------------------
    OK           Z:        \\10.0.0.2\uvj1iw6ytyecqijcbdgpy7ec15mgsv044i7609giqx7ukfn6t2pwgfqot0ma
                                                    Microsoft Windows Network
    The command completed successfully.
    C:\>

Managing Mount Targets and Exports

A mount target is an NFS endpoint assigned to a VCN subnet of your choice and provides network access for file systems. The mount target provides the IP address or DNS name that is used together with a unique export path to mount the file system.

For an instance to mount a file system, the instance's VCN must have a Mount Target. A VCN can only have one mount target.

You can reuse the same mount target to make as many file systems available on the network as you want. To reuse the same mount target for multiple file systems, create an export in the mount target for each file system.

Important:

When more than one file system is exported to the same mount target, you must export to the mount target with the smallest network (largest CIDR number) first. For detailed information and instructions, refer to My Oracle Support document PCA File system as a Service Exports (Doc ID 2823994.1).

For instructions to create a mount target, see Creating a File System, Mount Target, and Export.

For more conceptual information, refer to the File Storage Overview chapter in the Oracle Private Cloud Appliance Concepts Guide.

This section provides instructions for administering mount targets.

Listing Mount Targets and Viewing Details

Using the Compute Web UI

1. In the navigation menu, under File Storage, click Mount Targets.

2. Select the compartment where the mount target resides.

   The mount targets are displayed.

3. To see the mount target details, click the mount target name.

Using the OCI CLI

• Listing Mount Targets

  1. Gather the information that you need to run the command:

     • Availability Domain Name (oci iam availability-domain list)

     • Compartment OCID (oci iam compartment list)

  2. Run this command.

     Syntax (entered on a single line):

     oci fs mount-target list
     --availability-domain <availability_domain_name> 
     --compartment-id <compartment_id>

     Example:

     oci fs mount-target list  \
     --availability-domain MyAD  \
     --compartment-id ocid1.compartment.….….….uniqueID
     
     {
       "data": [
         {
           "availability-domain": "MyAD",
           "compartment-id": "ocid1.compartment.….….….uniqueID",
           "defined-tags": {},
           "display-name": "MyMountTarget",
           "export-set-id": "ocid1.exportset.….….….uniqueID",
           "freeform-tags": {},
           "id": "ocid1.mounttarget.….….….uniqueID",
           "lifecycle-state": "ACTIVE",
           "nsg-ids": null,
           "private-ip-ids": [
             "ocid1.privateip.….….….uniqueID"
           ],
           "subnet-id": "ocid1.subnet.….….….uniqueID",
           "time-created": "2021-07-16T22:56:57+00:00"
         },
         {
           "availability-domain": "MyAD",
           "compartment-id": "ocid1.compartment.….….….uniqueID",
           "defined-tags": {},
           "display-name": "AnotherMountTarget",
           "export-set-id": "ocid1.exportset.….….….uniqueID",
           "freeform-tags": {},
           "id": "ocid1.mounttarget.….….….uniqueID",
           "lifecycle-state": "ACTIVE",
           "nsg-ids": [],
           "private-ip-ids": [
             "ocid1.privateip.….….….uniqueID"
           ],
           "ocid1.privateip.….….….uniqueID"
           "subnet-id": "ocid1.subnet.….….….uniqueID",
           "time-created": "2021-06-16T22:56:57+00:00"
         }
       ]
     }

• Getting Mount Target Details

  1. Gather the information that you need to run the command:

     • Mount target ID (oci fs mount-target list)

  2. Run this command.

     Syntax (entered on a single line):

     oci fs mount-target get 
     --mount-target-id <mount_target_OCID>

     Example:

     oci fs mount-target get  \
     --mount-target-id ocid1.mounttarget.….….….uniqueID
     {
       "data": {
           "availability-domain": "MyAD",
           "compartment-id": "ocid1.compartment.….….….uniqueID",
           "defined-tags": {},
           "display-name": "MyMountTarget",
           "export-set-id": "ocid1.exportset.….….….uniqueID",
           "freeform-tags": {},
           "id": "ocid1.mounttarget.….….….uniqueID",
           "lifecycle-state": "ACTIVE",
           "nsg-ids": null,
           "private-ip-ids": [
             "ocid1.privateip.….….….uniqueID"
           ],
           "subnet-id": "ocid1.subnet.….….….uniqueID",
           "time-created": "2021-07-16T22:56:57+00:00"
         }
     }

Changing the Mount Target Name

Using the Compute Web UI

1. In the navigation menu, under File Storage, click Mount Targets.

2. Select the compartment where the mount target resides.

3. Click the Action menu (three dots) for the mount target, and select Edit.

4. Change the name.

5. Click Save.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Mount target ID (oci network subnet list)

2. Run this command.

   Syntax (entered on a single line):

   oci fs mount-target update
   --mount-target-id <mount_target_OCID> 
   --display-name "<New_Mount_Target_Name>" 
   

   Example:

   oci fs mount-target update \
   --mount-target-id ocid1.mounttarget.….….….uniqueID \
   --display-name "MyMountTarget"
   
   {
     "data": {
       "availability-domain": "pca",
       "compartment-id": "ocid1.compartment.….….….uniqueID",
       "defined-tags": {},
       "display-name": "MyMountTarget",
       "export-set-id": "ocid1.exportset.….….….uniqueID",
       "freeform-tags": {},
       "id": "ocid1.mounttarget.….….….uniqueID",
       "lifecycle-details": null,
       "lifecycle-state": "ACTIVE",
       "nsg-ids": null,
       "private-ip-ids": [
         "ocid1.privateip.….….….uniqueID"
       ],
       "subnet-id": "ocid1.subnet.….….….uniqueID",
       "time-created": "2021-06-17T19:01:37+00:00"
     },
     "etag": "b7efb0d7-d5fb-45d8-8bdd-a4a2f3f0371d"
   }

Listing Exports

Using the Compute Web UI

1. In the navigation menu, under File Storage, click Mount Targets.

2. Select the compartment where the mount target resides.

3. Click the mount target name.

   The exports are display at the bottom of the page.

4. To see the export details, click the export name.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Compartment OCID (oci iam compartment list)

2. Run this command.

   Syntax (entered on a single line):

   oci fs export list
   --compartment-id <compartment_id>

   Example:

   oci fs export list  \
   --compartment-id ocid1.….….….uniqueID
   {
     "data": [
       {
         "export-set-id": "ocid1.exportset.….….….uniqueID",
         "file-system-id": "ocid1.filesystem.….….….uniqueID",
         "id": "ocid1.export.….….….uniqueID-1",
         "lifecycle-state": "ACTIVE",
         "path": "/export/8g0afgj16nuwx77a4wublc3ekkdaekef1bct2zt8qcbukfsconxmkp9su0ys",
         "time-created": "2021-06-17T21:15:44+00:00"
       },
       {
         "export-set-id": "ocid1.exportset.….….….uniqueID",
         "file-system-id": ".….….….uniqueID",
         "id": "ocid1.export.….….….uniqueID-2",
         "lifecycle-state": "ACTIVE",
         "path": "/export/8g0afgj16nuwx77a4wublc3ekkdaekef1bct2zt8qcbukfsconxmkp9su0ys",
         "time-created": "2021-06-17T21:20:55+00:00"
       }
     ]
   }

Listing Export Sets

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Availability Domain Name (oci iam availability-domain list)

   • Compartment OCID (oci iam compartment list)

2. Run this command.

   Syntax (entered on a single line):

   oci fs export-set list
   --availability-domain <availability_domain_name> 
   --compartment-id <compartment_id>

   Example:

   oci fs export-set list  \
   --availability-domain pca  \
   --compartment-id ocid1.compartment.….….….uniqueID
   
   {
     "data": [
       {
         "availability-domain": "pca",
         "compartment-id": "ocid1.compartment.….….….uniqueID",
         "display-name": "MyMountTarget2 - export set",
         "id": "ocid1.exportset.….….….uniqueID6",
         "lifecycle-state": "ACTIVE",
         "time-created": "2021-06-17T19:01:37+00:00",
         "vcn-id": "ocid1.vcn.….….….uniqueID"
       }
     ]
   }

Deleting an Export

Deleting an export deletes the file system path that clients use to mount the file system. Deleting an export does not delete any file systems.

Caution:

When you delete an export, you can no longer mount the file system using the file path specified in the deleted export. Any clients that use the export path to mount a file system will not be able to access the file system.

Using the Compute Web UI

1. In the navigation menu, under File Storage, click File Systems.

2. Select the appropriate compartment.

3. Click the name of a file system that uses the export you plan to delete.

4. Click the Action menu (three dots) for the export and select Delete.

5. Confirm the deletion.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • export OCID (oci fs file-system list)

2. Run this command.

   Syntax (entered on a single line):

   oci fs export delete
   --export-id <export_OCID>

   Example:

   oci fs export delete --export-id ocid1.export.….….….uniqueID
   Are you sure you want to delete this resource? [y/N]: y

Moving a Mount Target to a Different Compartment

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Mount target OCID (oci fs mount-target list)

   • Destination Compartment OCID (oci iam compartment list)

2. Run this command.

   Syntax (entered on a single line):

   oci fs mount-target change-compartment 
   --mount-target-id <mount_target_OCID>
   --compartment-id <destination_compartment_OCID>

   Example:

   oci fs mount-target change-compartment  \
   --mount-target-id ocid1.….….….uniqueID  \
   --compartment-id ocid1.compartment.….….….uniqueID
   {
     "etag": "864d51bd-ed69-44bc-8c54-2a65d55fe07b"
   }

Deleting a Mount Target

Caution:

Deleting a mount target deletes all the exports that are associated with the mount target.

Using the Compute Web UI

1. In the navigation menu, under File Storage, click Mount Targets.

2. Select the compartment where the mount target resides.

3. Click the Action menu (three dots) for the mount target you plan to delete.

4. Select Delete.

5. Confirm the deletion.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Mount target OCID (oci fs mount-target list)

2. Run this command.

   Syntax (entered on a single line):

   oci fs mount-target delete 
   --mount-target-id <mount_target_OCID>

   Example:

   oci fs mount-target delete  \
   --mount-target-id ocid1.mounttarget.….….….uniqueID
   Are you sure you want to delete this resource? [y/N]: y

Managing File Systems

A file system in the File Storage service represents a network file system that is mounted by one or more clients. File systems are associated with a single compartment. File systems must have at least one export in one mount target for any client to mount and use the file system. Data is added to a file system from the client.

This section describes how to manage file systems after they are created. For instructions to create a file system, see Creating a File System, Mount Target, and Export.

Listing and Viewing the Details of a File System

Using the Compute Web UI

1. In the navigation menu, under File Storage, click File Systems.

2. Select the appropriate compartment.

   The file systems for the compartment are listed.

3. To see file system details, click the name of the file system.

Using the OCI CLI

• Listing File Systems

  1. Gather the information that you need to run the command:

     • Availability Domain Name (oci iam availability-domain list)

     • Compartment OCID (oci iam compartment list)

  2. Run this command.

     Syntax (entered on a single line):

     oci fs file-system list 
     --availability-domain <availability_domain_name> 
     --compartment-id <compartment_OCID>

     Example:

     oci fs file-system list  \
     --availability-domain MyAD  \
     --compartment-id ocid1.compartment.….….….uniqueID
     {
       "data": [
         {
           "availability-domain": "pca",
           "compartment-id": "ocid1.compartment.….….….uniqueID",
           "defined-tags": {},
           "display-name": "MyFileSystem",
           "freeform-tags": {},
           "id": "ocid1.filesystem.….….….uniqueID-1",
           "kms-key-id": null,
           "lifecycle-state": "ACTIVE",
           "metered-bytes": 180224,
           "time-created": "2021-06-16T19:48:18+00:00"
         },
         {
           "availability-domain": "pca",
           "compartment-id": "ocid1.compartment.….….….uniqueID",
           "defined-tags": {},
           "display-name": "pluto",
           "freeform-tags": {},
           "id": "ocid1.filesystem.….….….uniqueID-2",
           "kms-key-id": null,
           "lifecycle-state": "ACTIVE",
           "metered-bytes": 147456,
           "time-created": "2021-06-17T23:16:43+00:00"
         }
       ]
     }

• Getting the File System Details

  1. Gather the information that you need to run the command:

     • File System OCID (oci fs file-system list)

  2. Run this command.

     Note:

     This procedure shows the minimum required parameters for this command. For information about optional parameters, run the command with the --help option.

     Syntax (entered on a single line):

     oci fs file-system get 
     --file-system-id <file_system_OCID>

     Example:

     oci fs file-system get  \
     --file-system-id ocid1.filesystem.….….….uniqueID-1
     {
       "data": {
         "availability-domain": "pca",
         "compartment-id": "ocid1.compartment.….….….uniqueID",
         "defined-tags": {},
         "display-name": "MyFileSystem",
         "freeform-tags": {},
         "id": "ocid1.filesystem.….….….uniqueID-1",
         "kms-key-id": null,
         "lifecycle-state": "ACTIVE",
         "metered-bytes": 180224,
         "time-created": "2021-06-16T19:48:18+00:00"
       },
       "etag": "58dec47e-4732-4730-9e18-6b5db1ac30d6"
     }

Changing the File System Name

Using the Compute Web UI

1. In the navigation menu, under File Storage, click File Systems.

2. Select the appropriate compartment.

3. Click the Action menu (three dots) for the file system, and select Edit.

4. Enter a new name in the name field.

5. Click Save Changes.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • File System OCID (oci fs file-system list)

2. Run this command.

   Syntax (entered on a single line):

   oci fs file-system update
   --file-system-id <file_system_OCID>
   --display-name <new_file-system_name>

   Example:

   oci fs file-system update  \
   --file-system-id ocid1.filesystem.….….….uniqueID-2  \
   --display-name neptune
   
   {
     "data": {
       "availability-domain": "pca",
       "compartment-id": "ocid1.compartment.….….….uniqueID",
       "defined-tags": {},
       "display-name": "neptune",
       "freeform-tags": {},
       "id": "ocid1.filesystem.….….….uniqueID-2",
       "kms-key-id": null,
       "lifecycle-state": "ACTIVE",
       "metered-bytes": 147456,
       "time-created": "2021-06-17T23:16:43+00:00"
     },
     "etag": "6536c835-51bc-4288-a907-ae37d1af080b"
   }

Moving a File System to a Different Compartment

Using the OCI CLI

1. Gather the information that you need to run the command:

   • File System OCID (oci fs file-system list)

   • Destination compartment OCID (oci iam compartment list)

2. Run this command.

   Syntax (entered on a single line):

   oci fs file-system change-compartment 
   --file-system-id <file-system_OCID> 
   --compartment-id <destination_compartment_OCID>

   Example:

   oci fs file-system change-compartment  \
   --file-system-id ocid1.filesystem.….….….uniqueID  \
   --compartment-id ocid1.compartment.….….….destination-uniqueID
   {
     "etag": "0acc73ca-839d-451e-b079-4013889c233a"
   }

Deleting a File System

A file system that has an export cannot be deleted. To delete the export, see Deleting an Export.

You cannot delete file systems that have dependencies. For example, if you have created a snapshot of this file system and then created a new file system from the snapshot, you cannot delete the source file system. For details, see File Storage Overview in the Oracle Private Cloud Appliance Concepts Guide.

Using the Compute Web UI

1. In the navigation menu, under File Storage, click File Systems.

2. Select the appropriate compartment.

3. Click the Action menu (three dots) for the file system and select Delete.

4. Confirm the deletion.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • File System OCID (oci fs file-system list)

2. Run this command.

   Syntax (entered on a single line):

   oci fs file-system delete
   --file-system-id <file-system_OCID>

   Example:

   oci fs file-system delete  \
   --file-system-id ocid1.filesystem.….….….uniqueID 
   Are you sure you want to delete this resource? [y/N]: y

Managing Snapshots

The File Storage service supports snapshots for data protection of your file system.

Snapshots are a consistent, point-in-time view of your file systems. Snapshots are copy-on-write, and scoped to the entire file system. The File Storage service encrypts all file system and snapshot data at rest. You can take as many snapshots as you need.

For more conceptual information, refer to Snapshots in the File Storage Overview chapter of the Oracle Private Cloud Appliance Concepts Guide.

This section provides instructions for managing file system snapshots.

Listing and Getting Snapshot Details

Using the Compute Web UI

1. In the navigation menu, under File Storage, click File Systems.

2. Select the appropriate compartment.

3. Click the file system name.

4. In the Resources panel, click Snapshots.

   The file system snapshots are listed.

5. To get the details for a specific snapshot, click the snapshot name.

Using the OCI CLI

• Listing Snapshots

  1. Gather the information that you need to run the command:

     • File system OCID (oci fs file-system list)

  2. Run this command.

     Syntax (entered on a single line):

     oci fs snapshot list
     --file-system-id <file-system_OCID>

     Example:

     oci fs snapshot list  \
     --file-system-id ocid1.filesystem.….….….uniqueID
     {
       "data": [
         {
           "defined-tags": {},
           "file-system-id": "ocid1.filesystem.….….….uniqueID
     ",
           "freeform-tags": {},
           "id": "ocid1.snapshot.….….….uniqueID-1",
           "lifecycle-state": "ACTIVE",
           "name": "MySnapshot",
           "time-created": "2021-06-21T17:12:37+00:00"
         }
       ]
         {
           "defined-tags": {},
           "file-system-id": "ocid1.filesystem.….….….uniqueID",
           "freeform-tags": {},
           "id": "ocid1.snapshot.….….….uniqueI-2",
           "lifecycle-state": "ACTIVE",
           "name": "MySnapshot2",
           "time-created": "2021-06-21T17:31:18+00:00"
         }
       ]
     }

• Getting a Specific Snapshot

  1. Gather the information that you need to run the command:

     • Snapshot OCID (oci fs snapshot list)

  2. Run this command.

     Syntax (entered on a single line):

     oci fs snapshot get  \
     --snapshot-id <snapshot_OCID>

     Example:

      oci fs snapshot get --snapshot-id ocid1.snapshot.….….….uniqueID
     {
       "data": {
         "defined-tags": {},
         "file-system-id": "ocid1.filesystem.….….….uniqueID",
         "freeform-tags": {},
         "id": "ocid1.snapshot.….….….uniqueID",
         "lifecycle-state": "ACTIVE",
         "name": "MySnapshot",
         "time-created": "2021-06-21T17:12:37+00:00"
       },
       "etag": "f38aa070-0f3e-407f-a0b4-9bc841ff3fa4"
     }

Creating a Snapshot

You can create a snapshot of a file system. A snapshot is a point-in-time view of the file system. The snapshot is accessible at .zfs/snapshot/ name.

Using the Compute Web UI

1. In the navigation menu, under File Storage, click File Systems.

2. Select the appropriate compartment.

3. Click the file system name.

4. In the Resources panel, click Snapshots.

5. Click Create Snapshot.

6. Enter a name for the snapshot.

   The name is limited to 64 characters and it must be unique among all other snapshots for this file system. The name can't be changed. Avoid entering confidential information.

7. Click Create Snapshot.

   The snapshot is accessible under the root directory of the file system at .zfs/snapshot/name.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • File system OCID (oci fs file-system list)

   • Snapshot name of your choice. The name is limited to 64 characters and it must be unique among all other snapshots for this file system. The name can't be changed. Avoid entering confidential information.

2. Run this command.

   Note:

   This procedure shows the minimum required parameters for this command. For information about optional parameters, run the command with the --help option.

   Syntax (entered on a single line):

   oci fs snapshot create
   --file-system-id <file-system_OCID> 
   --name <snapshot_name>

   Example:

   oci fs snapshot create  \
   --file-system-id ocid1.filesystem.….….….uniqueID  \
   --name "MySnapshot"
   {
     "data": {
       "defined-tags": {},
       "file-system-id": "ocid1.filesystem.….….….uniqueID",
       "freeform-tags": {},
       "id": "ocid1.snapshot.….….….uniqueID",
       "lifecycle-state": "CREATING",
       "name": "MySnapshot",
       "time-created": null
     },
     "etag": "f38aa070-0f3e-407f-a0b4-9bc841ff3fa4"
   }

Accessing a Snapshot on the Mounted File System

When a file system snapshot is created, the snapshot is placed in the file system. If the file system is mounted in a client system, you can access the snapshot on the client system.

The snapshot is accessible in this directory path: <mount-point>/.zfs/snapshot/<snapshot-name>.

Using a UNIX OS

1. Log into the instance OS that has the mounted the file system from which the snapshot was made.

2. List the snapshots.

   Syntax:

   ls -la <mount-point>/.zfs/snapshot/

   Example:

   ls -la  /mnt/MyMountPoint/.zfs/snapshot
   total 17
   dr-xr-xr-x. 4 root root 4 Sep  8 15:54 .
   dr-xr-xr-x. 4 root root 4 Sep  1 17:27 ..
   drwxr-xr-x. 4 root root 7 Sep  8 15:53 file-system-FS-snapshot-02
   drwxr-xr-x. 4 root root 6 Sep  1 18:12 file-system-FS-snapshot-01

3. Change to the directory of a snapshot.

   Example:

   cd /mnt/MyMountPoint/.zfs/snapshot/file-system-FS-snapshot-02

4. List the contents of the snapshot.

   ls -la
   total 3027
   drwxr-xr-x. 4 root root       7 Sep  8 15:53 .
   dr-xr-xr-x. 4 root root       4 Sep  8 15:54 ..
   -rwxr-xr-x. 1 root root     429 Sep  8 15:53 example1
   drwxr-x---. 2 root sys        3 Sep  1 17:28 .$EXTEND
   drwxr-xr-x. 2 root root       2 Sep  1 18:10 ABC-directory
   -rw-r--r--. 1 root root       0 Sep  1 18:10 xyz-file
   -rw-r--r--. 1 root root 3073219 Sep  1 18:12 zap.zip

Restoring a Snapshot (UNIX-Based Instances)

You can restore individual snapshot files or an entire snapshot using the cp command.

Note:

Optionally, you can use rsync, tar, or another tool that supports NFS to copy your data to another remote location.

Using the Instance OS

1. Log into the instance OS that has the mounted the file system from which the snapshot was made.

2. List the snapshots.

   Syntax:

   ls -la <mount-point>/.zfs/snapshot/

   Example:

   ls -la  /mnt/MyMountPoint/.zfs/snapshot
   total 17
   dr-xr-xr-x. 4 root root 4 Sep  8 15:54 .
   dr-xr-xr-x. 4 root root 4 Sep  1 17:27 ..
   drwxr-xr-x. 4 root root 7 Sep  8 15:53 file-system-FS-snapshot-02
   drwxr-xr-x. 4 root root 6 Sep  1 18:12 file-system-FS-snapshot-01

3. Use the cp command to copy individual snapshot files, or the entire snapshot to a location of your choice.

   Use the -r option when restoring a snapshot that contains subdirectories.

   Example:

   cp -r /mnt/MyMountPoint/.zfs/snapshot/<snapshot_name>/* <destination_directory>

Deleting a Snapshot

There are dependencies between file systems, snapshots, and clones. The appliance will not allow you to delete any resources for which there is a dependency. For details, see File Storage Overview in the Oracle Private Cloud Appliance Concepts Guide.

Using the Compute Web UI

1. In the navigation menu, under File Storage, click File Systems.

2. Select the appropriate compartment.

3. Click the name of the file system where the snapshot resides.

4. In the Resources panel, click Snapshots.

5. Click the Actions icon (three dots), and then click Delete.

6. Confirm the deletion.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Snapshot OCID (oci fs snapshot list)

2. Run this command.

   Syntax (entered on a single line):

   oci fs snapshot delete
   --snapshot-id <snapshot_OCID>

   Example:

   oci fs snapshot delete  \
   --snapshot-id ocid1.snapshot.….….….uniqueID
   Are you sure you want to delete this resource? [y/N]: y

Managing Clones

A clone is a new file system that is created based on a snapshot of an existing file system. Snapshots preserve the state of the data of a file system at a particular point in time. If you take snapshots of a file system at regular intervals, you can create clones of the file system as it existed at multiple points in its lifetime.

Cloned file systems are managed in the same way that any other file system is managed. See Managing File Systems.

Creating a File System Clone

Prerequisite

A snapshot of the file system must exist. See Creating a Snapshot.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Availability Domain Name (oci iam availability-domain list)

   • Compartment OCID (oci iam compartment list)

   • Display Name: The display name you want assigned to this file system clone

   • Source snapshot OCID (oci fs snapshot list)

2. Run this command.

   Note:

   This procedure shows the minimum required parameters for this command. For information about optional parameters, run the command with the --help option.

   Syntax (entered on a single line):

   oci fs file-system create
   --availability-domain <availability_domain_name> 
   --compartment-id <compartment_id>
   --display-name <fs_clone_display_name>
   --source-snapshot-id <fs_snapshot_id>

   Example:

   oci fs file-system create \
   --availability-domain ad1 \
   --compartment-id ocid1...unique_id  \
   --display-name fs-1-clone-1  \
   --source-snapshot-id ocid1.snapshot...unique_id

Deleting a File System Clone

Cloned file systems are managed in the same way that any other file system is managed, so you delete a clone the same way you delete a file system. However, there are dependencies between file systems, snapshots, and clones. The appliance will not allow you to delete any resources for which there is a dependency. For details, see File Storage Overview in the Oracle Private Cloud Appliance Concepts Guide.

To delete a file system clone, see Deleting a File System.