Alibaba Cloud Apsara File Storage NAS (NAS) is a distributed network file storage system that provides secure, unlimited capacity, high performance, high reliability, and easy-to-use file storage services for ECS, HPC, Docker, and Batch Compute.

Background information

Alibaba Cloud Function service supports seamless integration with Apsara File Storage NAS. You can configure NAS on Function service services, including the region, mount point, and group of NAS. After you configure the NAS file system, all functions in the service can access files in the NAS file system as they do in the on-premises file system.

The benefits of using NAS as a mount point for Function service are as follows:
  • Temporary files can be stored in NAS. The size of temporary files is not limited by the local disk space of the instance.
  • Multiple functions can use one NAS file system to share files.

Prerequisites

Configure a NAS file system

Function service NAS configurations are service-level. After a NAS mount point is configured for a service, all functions under this service can access files on the specified NAS file system.

  1. Log on to the Function Compute console.
  2. In the left-side navigation pane, click Services and Functions.
  3. In the top navigation bar, select the region where your Kubernetes cluster is deployed.
  4. On the Services page, find the target service. In the Actions column, click Configure.
  5. In the Storage Configuration section of the Edit page, set the following parameters and click Save.
    Storage
    • NAS File System: specifies whether to enable the NAS file system. Valid values:
      • Enable: enables the NAS file system.
      • Disable: disables the NAS file system.
    • Configuration Method: the configuration method of the NAS file system. Valid values:
      • Automatic Configuration: The system automatically configures a NAS file system for you.
        Note
        • Before you select Automatic Configuration, you must allow the function to access resources in the VPC, and select a Virtual Private Cloud, VSwitch, and Security Group. If this parameter is not selected, the system automatically creates the preceding resources for you and binds them to the current service. For more information about fees, see Billing.
        • If you select Automatic Configuration, a new general-purpose NAS file system is created. If you select Automatic Configuration again, the system will not recreate the general-purpose NAS file system that was created when Automatic Configuration was selected. For more information about fees, see Billing of General-purpose NAS file systems.
      • Custom: You must manually configure the following parameters to configure a NAS file system.
        • (Optional) User: Enter a custom user ID in the field. If you do not enter any value, the system will randomly select a user. For more information, see NAS users and user groups.
        • (Optional) User Group: Enter the user group ID in the field. If you do not enter any value, the system will randomly select a user group. For more information, see NAS users and user groups.
        • Mount Point: Select the added general-purpose NAS or Extreme NAS from the drop-down list. Enter Directory in Remote NAS and Local Directory in Function Running Environment. For more information, see Configure a NAS mount target.
          • Directory in remote NAS: general-purpose NAS must start with /and Extreme NAS must start with /share.
          • Local directory in the function running environment: It must be a /home or /mnt subdirectory.
    Note
    • Before you configure a mount point, you must allow the function to access resources in the VPC and select a Virtual Private Cloud and a VSwitch in the same region. For more information, see Configure a network.
    • A maximum of five NAS mount targets can be configured for a service.

NAS users and user groups

When you configure a NAS mount target for a function, you must first set the UserId and GroupId parameters, which are equivalent to the user and user group in NAS. You must set the file owner and the corresponding group permissions as needed to ensure the consistency of read and write permissions on files.

The UserID and GroupID values range from -1 to 65534, excluding 0 (for execution security, the Function service does not provide the root user for the time being), where -1 represents the system default value. The UserID and GroupID values are optional. If you do not specify UserID, the system uses -1 as the UserID value. If you do not specify GroupID, the system uses UserID as the GroupID value.

When the Function service executes user code, use non-root permissions. To mount a subdirectory of the remote NAS file system, make sure that the executing user in the function instance has the read and write permissions on the subdirectory. We recommend that you select either of the following two methods:
  • Use a NAS instance to mount a remote NAS root directory. For more information, see Configure a NAS file system. After the mount is successful, use the following example to create a subdirectory, as fc-1. Then, change the directory in the remote NAS in the NAS mount point from root directory to the created subdirectory (from /to /fc-1) to implement remote mounting of the subdirectory.
    #!/usr/bin/env python
    # -*- coding: utf-8 -*-
    
    import os
    
    def handler(event, context):
      print('uid : ' + str(os.geteuid()))
      print('gid : ' + str(os.getgid()))
    
      # Manually change it to the local directory where the NAS file system is mounted.
      local_nas_dir = "/home/app"
      # Please manually change it to the target subdirectory name.
      target_sub_dir = "fc-1"
    
      # Create the target directory by using the current instance execution user permissions in FC.
      new_dir = local_nas_dir + '/' + target_sub_dir + '/'
      print('new_dir : ' + str(new_dir))
    
      os.mkdir(new_dir)
      return 'success'
    Mount a subdirectory
  • Use an ECS instance to mount a NAS file system. For more information, see Use an ECS instance to mount a NAS file system. After the subdirectory is mounted, create a subdirectory and execute the chmod 777 to authorize the subdirectory.
Note
  • By default, users and user groups of the system do not have read and write permissions on files. Therefore, we strongly recommend that you set UserId and GroupId to specific values, that is, any number from 1 to 65534. In this case, different functions under the service can share these file resources.
  • The permissions for uploading files to NAS are exactly the same as those for local files.

Configure a NAS mount target

Each mount point consists of a directory in a remote NAS file system and a local directory in the function running environment. The remote directory is combined with the local directory to form a mapping from a directory in the NAS file system to a directory in the local file system.

  • Directory in remote NAS

    The directory in the remote NAS describes the directory of the NAS file system that the service needs to access. It consists of a mount point and an absolute directory. You can add mount targets in the NAS console. Split the mount point and absolute directory to obtain the remote directory. For example, if the mount point of the NAS file system is xxxx-nas.aliyuncs.com, the absolute directory you want to access is /workspace/document, and the corresponding complete remote directory is xxxx-nas.aliyuncs.com:/workspace/document.

    Log on to the NAS console. In the left-side navigation pane, click File System List. On the File System List page, find the file system that you require and click Management in the Operations column. In the left-side navigation pane, click Mounting Use. On the Mount Target page, view the mount target information.

  • Local directory in the function running environment

    The local directory in the function running environment refers to the mount point of the local file system. Do not use common Linux and Unix system directories, such as bin, opt, var, and dev, to mount NAS. Function service allows you to mount NAS using non-system directories such as mnt and home.

References

In addition to using the console, you can use Serverless Devs to mount NAS systems for services. For more information, see YAML files and Non-YAML files.