Cloud Parallel File Storage (CPFS) can be accessed over the NFS protocol. After creating a CPFS file system, enable the protocol service and create an export directory to generate a mount target. Then install the CPFS-NFS client on an Elastic Compute Service (ECS) instance and run the mount command to access it. The export-directory mount target is independent of the POSIX mount target: for NFS-only access you don’t need a POSIX mount target, and deleting it does not affect access through the export directory.
Prerequisites
A CPFS file system has been created. See Create a file system.
A protocol service has been created. See Create a protocol service.
An export directory has been created. See Create an export directory.
One or more ECS instances have been created and meet the following conditions. See Create an ECS instance.
A public IPv4 address is assigned or an Elastic IP (EIP) address is associated.
For CPFS-NFS clients, see supported operating systems.
Usage notes
Supported operating systems
Operating system type | Operating system version |
Alibaba Cloud Linux |
|
CentOS |
|
Ubuntu |
|
Debian |
|
SUSE |
|
IP addresses and ports
The CPFS-NFS client uses the local IP address 127.0.1.255 and the TCP port range from 30000 to 60000 on this address for port mapping during the mount operation.
If the 127.0.1.255 IP address or the port range from 30000 to 60000 is already in use by other software, modify the CPFS-NFS client configuration. See Client configuration.
File directories
After you install the CPFS-NFS client, the following directories are created on the ECS instance: the configuration file directory (/etc/aliyun/cpfs), the runtime directory (/var/run/cpfs), and the log directory (/var/log/aliyun/cpfs/).
The runtime directory stores the automatically generated haproxy configuration file. If you specify a custom path using the hp_config_dir option, that path is used instead.Processes
After you mount a CPFS file system with the CPFS-NFS client, an haproxy process starts on the ECS instance for I/O access. A watchdog process also starts to monitor the health of the CPFS-NFS client.
Client logs
Access the CPFS-NFS client logs in the /var/log/aliyun/cpfs/ path to find information about mount errors. Customize the client log content by modifying parameters in the /etc/aliyun/cpfs/cpfs-utils.conf log configuration file. After modifying the configuration file, run the sudo service aliyun-cpfs-mount-watchdog restart command to restart the backend watchdog process.
Step 1: Download and install the CPFS-NFS client
This client is open source. For the source code or to compile it manually, visit the GitHub repository.
Log on to the ECS instance on which you want to mount the CPFS file system. See Select a method to connect to an ECS instance.
Download and install the CPFS-NFS client.
Alibaba Cloud Linux
Download the CPFS-NFS client.
wget https://cpfs-hangzhou-nfs-client.oss-cn-hangzhou.aliyuncs.com/aliyun-alinas-utils-latest.al.noarch.rpmInstall the CPFS-NFS client.
sudo yum install aliyun-alinas-utils-*.rpm
CentOS
Download the CPFS-NFS client.
wget https://cpfs-hangzhou-nfs-client.oss-cn-hangzhou.aliyuncs.com/aliyun-alinas-utils-latest.el.noarch.rpmInstall the CPFS-NFS client.
sudo yum install aliyun-alinas-utils-*.rpm
Ubuntu
Download the CPFS-NFS client.
sudo wget https://cpfs-hangzhou-nfs-client.oss-cn-hangzhou.aliyuncs.com/aliyun-alinas-utils-latest.deb -O /tmp/aliyun-alinas-utils-latest.debInstall the CPFS-NFS client.
sudo apt-get update sudo apt-get install /tmp/aliyun-alinas-utils-latest.deb
Debian
Download the CPFS-NFS client.
sudo wget https://cpfs-hangzhou-nfs-client.oss-cn-hangzhou.aliyuncs.com/aliyun-alinas-utils-latest.deb -O /tmp/aliyun-alinas-utils-latest.debInstall the CPFS-NFS client.
sudo apt-get update sudo apt-get install /tmp/aliyun-alinas-utils-latest.deb
SUSE
Download the CPFS-NFS client.
wget https://cpfs-hangzhou-nfs-client.oss-cn-hangzhou.aliyuncs.com/aliyun-alinas-utils-latest.lp15.x86_64.rpmInstall the CPFS-NFS client.
sudo zypper --no-gpg-checks install -y aliyun-alinas-utils-*.rpm
Check whether the installation is successful.
which mount.cpfs-nfsA successful response is shown in the following example:
/usr/sbin/mount.cpfs-nfs
Step 2: Mount the file system using the CPFS-NFS client
Mount the CPFS file system.
Scenario 1: General mount (default path)
This scenario applies to most environments where AppArmor, SELinux, or special path access restrictions are not enabled.
sudo mount -t cpfs-nfs -o vers=3,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport file-system-id.region.cpfs.aliyuncs.com:/share/path /mntScenario 2: Mount in a high-security environment (such as systems with SELinux or AppArmor enabled)
If security hardening is enabled on your operating system through policies such as AppArmor or SELinux, the default mount might cause access exceptions. In this case, specify a path explicitly using
hp_config_dir. When you run the command, replace<custom_directory>with a path that your system's security policy allows.sudo mount -t cpfs-nfs -o vers=3,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,hp_config_dir=<custom_directory> file-system-id.region.cpfs.aliyuncs.com:/share/path /mnt
Mount command parameters
Parameter
Description
file-system-id.region.cpfs.aliyuncs.com:/share/path /mnt
Represents <mount_path> <local_path_to_mount_on_the_server>. Replace them as needed.
Mount path: The mount path of the export directory. In the File Storage NAS console, go to the File System list page and click Manage next to the target file system. On the Protocol Service page, click Export Directory in the Actions column. In the Export Directory panel that appears, obtain the mount path.
Example:
cpfs-196f91a8e58b****-195ceeac7b6ac****.cn-chengdu.cpfs.aliyuncs.com:/share/filesetLocal path to mount on the server: The root directory (/) or any subdirectory (for example, /mnt) of the Linux ECS instance. If it is a subdirectory, make sure the subdirectory exists.
vers
The file system version. CPFS supports mounting file systems only with the NFSv3 protocol.
Mount options
Separate multiple mount options with commas (,). The options are described as follows:
rsize: Defines the size of the data block for reading data between the client and the file system. Recommended value: 1048576.
wsize: Defines the size of the data block for writing data between the client and the file system. Recommended value: 1048576.
NoteTo change the I/O size parameters (rsize and wsize), use the maximum value (1048576) whenever possible to avoid performance degradation.
hard: If the CPFS file system is temporarily unavailable, local applications that use a file on the file system stop and wait until the file system is back online. Enabling this parameter is recommended.
timeo: The time in tenths of a second that the CPFS-NFS client waits for a response before it retries a request to the file system. Recommended value: 600 (60 seconds).
NoteIf you must change the timeout parameter (timeo), use a value of 150 or greater. The unit of the timeo parameter is a tenth of a second, so 150 represents 15 seconds.
retrans: The number of times the CPFS-NFS client retries a request. Recommended value: 2.
noresvport: Uses a new TCP port on network reconnection to ensure that the connection is not interrupted during network fault recovery. Enabling this parameter is recommended.
ImportantDo not use the
softoption. It poses a data consistency threat. If you use the `soft` option, you assume all associated threats.Avoid setting any other mount options that differ from the default values. Changing the read or write buffer sizes or disabling attribute caching can degrade performance.
hp_config_dir: (Optional) Explicitly specifies the directory for the haproxy configuration file. Set this parameter if your operating system has Security Enforcement (such as AppArmor or SELinux) or other high-security policies that restrict processes to reading configurations or running only in specific paths.
Path selection recommendation: Select a suitable directory from your system's security policy whitelist and ensure the path is authorized by the security module.
Logic: The CPFS client first tries to use the directory specified by this parameter. If not specified, it attempts to automatically parse the security policy whitelist. If parsing fails, it falls back to the default path
/var/run/cpfs.
Run the
mount -lcommand to view the mount result.After a successful mount, run the
df -hcommand to view the capacity information of the current file system.(Optional) Configure automatic mount on startup
To prevent mount information from being lost after the ECS instance restarts, configure the
/etc/fstabfile. If you used thehp_config_dirparameter during the manual mount, also configure it here.Open the
/etc/fstabconfiguration file and add the mount configuration.Configuration for a general environment:
file-system-id.region.nas.aliyuncs.com:/share/path /mnt cpfs-nfs vers=3,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,_netdev,noresvport 0 0Example configuration for a high-security environment (using a custom directory):
Replace
<custom_directory>with a path that your system's security policy allows.file-system-id.region.nas.aliyuncs.com:/share/path /mnt cpfs-nfs vers=3,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,_netdev,noresvport,hp_config_dir=<custom_directory> 0 0Other parameter descriptions
Parameter
Description
_netdev
This parameter prevents the client from mounting the file system before the network is ready.
0 (the first item after noresvport)
A non-zero value indicates that the file system must be backed up by dump. For CPFS file systems, this value is 0 by default.
0 (the second item after noresvport)
This value indicates the order in which fsck checks the file system at startup. For CPFS file systems, this value is 0 by default, which means fsck does not run at startup.
Run the
rebootcommand to restart the ECS instance.Before restarting the ECS instance, confirm that the manual mount was successful to prevent the instance from failing to restart. If the automatic mount is configured successfully, run the
df -hcommand to view the mounted CPFS file system after the ECS instance restarts.
Client configuration
Configuration file
To modify the CPFS-NFS client configuration, contact the CPFS technical support team. Modify the configuration file under their guidance to avoid affecting I/O access. The configuration file path is /etc/aliyun/cpfs/cpfs-utils.conf. The following code provides an example configuration:
[DEFAULT]
logging_level = INFO
logging_max_bytes = 1048576
logging_file_count = 10
[mount]
stunnel_debug_enabled = false
# Validate the certificate hostname on mount. This option is not supported by certain stunnel versions.
stunnel_check_cert_hostname = false
# Use OCSP to check certificate validity. This option is not supported by certain stunnel versions.
stunnel_check_cert_validity = false
proxy_port = 12049
cpfs_proxy_addr = 127.0.1.255
cpfs_proxy_port_min = 30000
cpfs_proxy_port_max = 60000
[mount-watchdog]
poll_interval_sec = 1
unmount_grace_period_sec = 30
dns_refresh_interval = 60
[client-tool]The following table describes the important parameters in the configuration file.
Parameter | Description |
logging_level | Log level. Default: INFO. |
logging_max_bytes | The maximum size of a log file. Default: 1048576 bytes, which means a single log file can be up to 1 MiB. |
logging_file_count | The maximum number of log files to retain. Default: 10, which means a maximum of 10 log files are kept. |
cpfs_proxy_addr | The proxy IP address for the CPFS client. Default: 127.0.1.255. |
cpfs_proxy_port_min | The minimum value of the proxy port range for the CPFS client. Default: 30000. |
cpfs_proxy_port_max | The maximum value of the proxy port range for the CPFS client. Default: 60000. |
poll_interval_sec | The detection interval for the background watchdog service. Default: 1s. |
unmount_grace_period_sec | The silence period for cleaning up the corresponding configuration file after you unmount a CPFS-NFS mount target. Default: 30s. |
dns_refresh_interval | The interval at which the background watchdog service checks whether the primary and secondary nodes corresponding to the DNS are available. Default: 60s. |
haproxy configuration
During the mount process, the CPFS-NFS client automatically generates a haproxy configuration file and starts the related processes. Do not manually modify this configuration file. Otherwise, I/O access may be disrupted. View the haproxy-config.dns configuration file for more details. By default, this file is stored in the /var/run/cpfs/ directory. If you explicitly specify the hp_config_dir parameter during the mount process, the file is stored in the specified custom directory. The following is an example of the file content.
global
maxconn 4096
defaults
mode tcp
balance leastconn
timeout client 60s
timeout server 60s
timeout connect 3s
retries 3
frontend cpfs2049
bind 127.0.1.255:30000
default_backend bk2049
backend bk2049
server cpfs_primary 172.27.1.189:2049 maxconn 2048 check port 2049 inter 2s fall 5 rise 30 on-marked-up shutdown-backup-sessions
server cpfs_backup 172.27.0.214:2049 maxconn 2048 check port 2049 inter 2s fall 5 rise 30 backupThe following table describes the important parameters.
Parameter | Description |
defaults | The default parameter values should not be modified. |
frontend | The local IP address and port for the haproxy agent. The default IP address is 127.0.1.255, and the port range is 30000–60000. |
backend | The IP addresses of the backend CPFS-NFS service. |