Configure a NAS file system

Background information

Function Compute can seamlessly integrate with NAS. You can configure the NAS settings for a service in Function Compute. The settings includes the information such as the region, mount target, and group. After you configure a NAS file system for a service, all functions in the service can access the files in the NAS file system in the same manner in which you access the on-premises file system.

A NAS file system has the following benefits when it works as the mount target for Function Compute:

Temporary files can be stored in a NAS file system. The size of temporary files is not limited by the capacity of on-premises disks.
Multiple functions can share files by using one NAS file system.

Prerequisites

Function Compute
- Configure the network
  A NAS file system can be only mounted in a virtual private cloud (VPC). You must configure a valid VPC that allows you to access the specified NAS file system.
NAS
- Create a General-purpose NAS file system in the NAS console
- Create a mount target

NAS settings in Function Compute are configured at the service level. After a NAS mount target is configured for a service, all functions in the service can access the files in the specified NAS file system.

Log on to the Function Compute console.
In the left-side navigation pane, click Services and Functions.
In the top navigation bar, select the region where your Kubernetes cluster is deployed.
On the Services page, find the target service. In the Actions column, click Configure.
In the Storage Configuration section on the Modify Service page, configure the following parameters and click Save.
- Apsara File Storage NAS: specifies whether to enable the NAS file system. Valid values:
  - Enable: enables the NAS file system.
  - Disable: does not enable the NAS file system.
- Configuration Mode: specifies the configuration mode of the NAS file system. Valid values:
  - Automatic Configuration: The system automatically configures a NAS file system.
    Note
    
    Before you select Automatic Configuration, you must allow functions to access resources in the VPC, and configure VPC, vSwitch, and Security Group. If you do not configure the VPC settings, the system automatically creates the preceding resources and allocates them to the service. For more information about billing, see Billing.
    
    If you select Automatic Configuration, the system creates a General-purpose NAS file system for you. When you select Automatic Configuration again after the NAS file system is created, the system queries and uses the existing General-purpose NAS file system that was created last time when you selected Automatic Configuration. For more information about billing, see Billing of General-purpose NAS file systems.
  - Custom Configuration: You must configure the following parameters to configure a NAS file system.
    - Apsara File Storage NAS: Select a NAS file system. You can also click Create NAS File System to go to the NAS console and create a NAS file system.
    - User: Enter a custom user ID. This field is optional. If you do not specify a value, the system uses the ID of the root user (UID=0). For more information, see NAS users and user groups.
    - User Group: Enter the custom ID of a user group. This field is optional. If you do not specify a value, the system uses the ID of the root user group (GID=0). For more information, see NAS users and user groups.
    - Mount Point: Select the mount target of the NAS file system that matches the configured VPC and vSwitch from the drop-down list. Configure the following parameters: The directory in the remote NAS file system and The local directory in the function runtime environment. For more information, see Configure a NAS mount target.
      
      The directory in the remote NAS file system: The directory of a General-purpose NAS file system must start with /. The directory of an Extreme NAS file system must start with /share. If the directory you configured does not exist in the remote NAS file system, Function Compute creates the directory for you. The directory owner is the user and the user group of the file system, and the permission level is 777.
      
      The local directory in the function runtime environment: Enter a subdirectory in the /home or /mnt directory.
Note
- Before you configure Mount Point, you must allow the function to access resources in the VPC and select a VPC and a vSwitch that resides in the same region. For more information, see Configure the network.
- A maximum of five NAS mount targets can be configured for a service.

NAS users and user groups

When you configure a NAS mount target for a function, you must first specify the user ID and group ID, which are equivalent to the user and user group in NAS. You must specify the file owner and configure the corresponding group permissions based on your business requirements to ensure the consistency of read and write permissions on files.

Valid values of the user ID and group ID range from 0 to 65534. If you do not specify the user ID, the system uses the ID of the root user (0). If you do not specify the group ID, the system uses the ID of the root user group (0).

When Function Compute uses non-root permissions to execute user code, make sure that the user who executes the code in the function instance has the read and write permissions on the subdirectory if you want to mount a subdirectory of the remote NAS file system. We recommend that you use one of the following methods:

Use a NAS instance to mount a root directory of the remote NAS file system. For more information, see Configure a NAS file system. After the root directory is mounted, create a subdirectory, for example, fc-1, by using the code provided in the following example. Then, change the value of The directory in the remote NAS file system in the NAS mount target from the root directory / to the created subdirectory /fc-1 to mount the subdirectory remotely.

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import os

def handler(event, context):
  print('uid : ' + str(os.geteuid()))
  print('gid : ' + str(os.getgid()))

  # Change the value to the local directory in the on-premises file system to which the NAS file system is mounted.
  local_nas_dir = "/home/app"
  # Change the value to the name of the destination subdirectory.
  target_sub_dir = "fc-1"

  # Create a subdirectory in the directory to which the NAS file system is mounted.
  new_dir = local_nas_dir + '/' + target_sub_dir + '/'
  print('new_dir : ' + str(new_dir))

  os.mkdir(new_dir)
  return 'success'

Mount a NAS file system on an ECS instance. For more information, see Mount a file system on an ECS instance. After the NAS file system is mounted on the ECS instance, create a subdirectory and run chmod 777 to grant permissions on the subdirectory.

Note

The default user and user group do not have the read and write permissions on files. Therefore, we recommend that you set the user ID and group ID to specific values from 1 to 65534. After that, different functions in the service can share these file resources.
The permissions on files that are uploaded to NAS are the same as those on on-premises files.

Configure a NAS mount target

For each mount target, you must configure The directory in the remote NAS file system and The local directory in the function runtime environment. A local directory in the on-premises file system is mapped to a remote directory in a NAS file system.

The directory in the remote NAS file system
A directory in the remote NAS file system specifies the directory of the NAS file system that the service needs to access. The directory consists of a mount target and an absolute directory. You can add mount targets in the NAS console. You can assemble a mount target and the absolute directory into a remote directory. For example, if the mount target of a NAS file system is xxxx-nas.aliyuncs.com and the absolute directory is /workspace/document, the remote directory is xxxx-nas.aliyuncs.com:/workspace/document.

You can log on to the NAS console, click the destination file system in the file system list, and then click Mount Targets to obtain the mount target.
The local directory in the function runtime environment
The local directory in the function runtime environment is a mount target in an on-premises file system. Do not use common directories in Linux or UNIX, such as bin, opt, var, and dev, to mount a NAS file system. Function Compute allows you to use non-system directories such as mnt and home to mount a NAS file system.

References

Aside from the Function Compute console, you can also use Serverless Devs to configure a NAS file system. For more information, see Run the s nas command to mount an Apsara File Storage NAS file system.