This topic provides answers to some frequently asked questions (FAQ) about the mounting of Apsara File Storage NAS (NAS) file systems, such as the supported mount protocols, the supported compute nodes, how to change the maximum number of concurrent Network File System (NFS) requests, how to verify the mount results, and the potential risks of forcibly unmounting a NAS file system.
Mounting
Can I mount a NAS file system over the Internet or by using a local IP address?
How do I mount a NAS file system on a local computer or a third-party host?
Can I mount an NFS file system and an SMB file system on the same ECS instance?
Which mount options are supported by the batch mount feature?
How do I check the output of a batch mount or batch unmount command?
How do I create and mount a subdirectory of a NAS file system on Linux?
Protocol
Unmounting
Others
How do I change the maximum number of concurrent NFS requests from an NFS client?
How do I fix the error that occurs when I use IIS to access a NAS file system?
Does an NFS file system that is mounted on Windows support the file lock feature?
How do I check the security group configurations of an ECS instance?
Can I modify the security group rule that is automatically generated by an Extreme NAS file system?
Can I use a NAS file system as a storage directory for Docker services?
How do I view the mount directory of a NAS file system on a server?
Can I mount a NAS file system over the Internet or by using a local IP address?
No, you cannot. A NAS file system must be mounted over a private network. If you want to mount a NAS file system from an on-premises network, you must connect the on-premises network to the virtual private cloud (VPC) where the NAS file system resides. For more information, see Access file systems in on-premises data centers.
Why am I unable to mount an SMB file system on Linux?
You may not be able to mount a Server Message Block (SMB) file system on Linux due to various causes. For more information about how to troubleshoot this issue, see Mount an SMB file system on a Linux ECS instance.
How do I mount a NAS file system on a local computer or a third-party host?
Operating environment | Usage notes |
Linux operating systems | You can use one of the following methods to access a NAS file system:
|
Windows operating systems | |
macOS client | Mount an SMB file system on a macOS client and access the SMB file system by using the Kerberos protocol. For more information, see Mount an SMB file system on a macOS client over a VPN. |
How do I mount a NAS file system on WUYING Workspace?
WUYING Workspace can work with NAS to implement shared storage. You can create a NAS file system for each workspace to share files between cloud desktops in the workspace.
If cloud desktops in the same workspace need to share files, you can use one of the following methods to mount a NAS file system:
No NAS file system is created on WUYING Workspace
Log on to the WUYING Workspace console and create a NAS file system. The system automatically mounts the NAS file system on the cloud desktops in the corresponding workspace. After the NAS file system is created, you can view it on the Apsara File Storage NAS page. When the status of the file system changes to Started, the NAS file system is created. For more information, see Mount a NAS file system on a Windows cloud computer.
A NAS file system is created on WUYING Workspace
On WUYING Workspace, if an available NAS file system exists in a workspace, the NAS file system is automatically mounted when you create, start, restart, or recreate a cloud desktop in the workspace. If the NAS file system is unmounted or if you want to mount the NAS file system to another path, you can mount the NAS file system again. For more information, see Mount a NAS file system on a Linux cloud computer.
Can I mount an NFS file system and an SMB file system on the same ECS instance?
No, you cannot mount an NFS file system and an SMB file system on the same ECS instance. A file system can be mounted by using only one protocol.
You can mount an NFS file system on Linux and mount an SMB file system on Windows. To prevent compatibility issues, we recommend that you do not mount an SMB file system on Linux or mount an NFS file system on Windows. For example, Windows and Linux support different character sets and have different limits on the length of file names. In Windows, a file name can contain up to 255 wide characters encoded in the Unicode format. In Linux, a file name can contain up to 255 characters encoded in the UTF-8 format. For more information, see Usage notes and FAQ about read and write access to files.
Which operating systems and file system protocols are supported by the mount feature?
You can mount NFS file systems on Linux or Windows. You can also mount SMB file systems on Linux or Windows. To mount a file system on a Windows or Linux ECS instance, log on to the ECS instance and run a mount command. For more information, see Mount an SMB file system on a Windows ECS instance, Mount a General-purpose NFS file system on a Windows ECS instance, and Mount an SMB file system on a Linux ECS instance.
Can I mount a NAS file system on an ECS instance that resides in the classic network or a different VPC by using the NAS console?
No, you cannot.
To mount a NAS file system on an ECS instance by using the NAS console, the NAS file system and the ECS instance must reside in the same VPC. To mount a NAS file system on an ECS instance that resides in the classic network or a different VPC, go to the Cloud Assistant page in the ECS console and follow the instructions. For more information, see Mount a NAS file system on multiple ECS instances at the same time.
When you mount a NAS file system on an ECS instance that resides in a different VPC, note that the ECS instance and the NAS file system must reside in the same region.
Can I mount a NAS file system across zones?
You can mount a General-purpose NAS file system across multiple zones. We recommend that you mount an Extreme NAS file system on an ECS instance that resides in the same zone as the file system. Otherwise, the performance of the Extreme NAS file system is degraded.
What happens if I forcibly unmount a NAS file system?
If you forcibly unmount a NAS file system, in-memory data may fail to be saved to the disk and related applications may unexpectedly exit. To prevent these issues, we recommend that you perform the following steps to unmount a NAS file system: Log on to the ECS instance and run a command that follows the fuser -mv <Mount path> syntax to check the processes that are connected to the file system. Stop all these processes except the mount process. Then, unmount the file system.
If a NAS file system to which no processes are connected fails to be unmounted, you can forcibly unmount the NAS file system. After you forcibly unmount a NAS file system, some temporary files may exist in the kernel. You must restart the ECS instance to remove the files. Otherwise, you may be unable to mount the NAS file system again.
Why am I unable to view the ECS instance that I created in the ECS instance list when I mount a file system in the NAS console?
We recommend that you refresh the page on which the ECS instance list is displayed. Then, you can run the mount command again and check whether the ECS instance is displayed.
Why does the new protocol type or the new value of a mount parameter not take effect when I use the mount feature?
If the specified mount target is mounted on the mount path, the new protocol type and the new value of a mount parameter are ignored. You must unmount the file system from the mount path before you can use the new protocol type and the new value of the mount parameter to mount the file system again.
Which operating systems and file system protocols are supported by the batch mount feature?
You can mount NFS file systems on Linux or Windows. You can also mount SMB file systems on Linux or Windows. To mount a file system on a Windows or Linux ECS instance, log on to the ECS instance and run a mount command. For more information, see Mount an SMB file system on a Windows ECS instance, Mount a General-purpose NFS file system on a Windows ECS instance, and Mount an SMB file system on a Linux ECS instance.
Which mount options are supported by the batch mount feature?
You can mount a file system on a host in the classic network. You can also mount a file system across multiple VPCs that reside in the same region. You cannot mount a file system across multiple regions. Even if two VPCs that reside in different regions are connected, you still cannot mount a file system across the VPCs.
Can I use the batch mount feature to mount a NAS file system on a host in a self-managed data center?
No, you cannot. If you want to mount a file system on a host in a self-managed data center, you must configure a VPN gateway or a NAT gateway. For more information, see Access a NAS file system from a data center by using a NAT gateway or Access a NAS file system from a data center by using VPN gateways.
How do I check the output of a batch mount or batch unmount command?
To check the output of a batch mount or batch unmount command, perform the following steps: Log on to the ECS console. In the left-side navigation pane, choose . On the Command Execution Result tab of the Cloud Assistant page, you can view all tasks that are in the Task Failed, Successful, or Partially Failed state. To query the execution result of a task that you run on each ECS instance, you can click View in the Actions column of the task.
How do I view the mount information on the Cloud Assistant page after I mount multiple file systems on an ECS instance at the same time?
Perform the following steps: Log on to the NAS console. Go to the details page of the file system that you want to manage. On the Mount Targets tab, find the mount target that you want to manage and click Query Mount Details in the Actions column to view the mount information about the corresponding ECS instance. For more information, see Query the mount status of an ECS instance.
Why does the new protocol type or the new value of a mount parameter not take effect when I use the batch mount feature?
If the specified mount target is mounted on the mount path, the new protocol type and the new value of a mount parameter are ignored. You must unmount the file system from the mount path before you can use the new protocol type and the new value of the mount parameter to mount the file system again.
How do I change the maximum number of concurrent NFS requests from an NFS client?
By default, the maximum number of concurrent requests from a NFS agent is 2. This affects the performance of NFS file systems. We recommend that you set the maximum number to 128.
Install an NFS client. For more information, see Install an NFS client.
Run the following commands to set the maximum number of concurrent NFS requests to 128:
echo "options sunrpc tcp_slot_table_entries=128" >> /etc/modprobe.d/sunrpc.conf echo "options sunrpc tcp_max_slot_table_entries=128" >> /etc/modprobe.d/sunrpc.conf sysctl -w sunrpc.tcp_slot_table_entries=128NoteThe first time you install an NFS agent, run the preceding commands with root permissions. After you run the preceding commands, you do not need to run the commands again.
Optional. Run the following command to restart the ECS instance:
rebootImportantIf you restart the ECS instance, services are interrupted. We recommend that you perform the operation during off-peak hours.
Mount the file system. For more information, see Mount an NFS file system on a Linux ECS instance.
Run the following command to check the result.
If the value 128 is returned, the maximum number is changed.
cat /proc/sys/sunrpc/tcp_slot_table_entries
How do I create and mount a subdirectory of a NAS file system on Linux?
Make sure that a file system is mounted. For more information, see Mount an NFS file system on a Linux ECS instance.
If you mount the /mnt directory of the NAS file system on a Linux ECS instance, the /mnt directory is used as the root directory of the NAS file system. You can create subdirectories in the /mnt directory.
Create a subdirectory in the root directory of the NAS file system on the Linux ECS instance.
mkdir /mnt/subdirCreate a local directory on which you want to mount the NAS file system.
mkdir /tmp/mntNoteAfter you create a local directory on a server, you can mount only one file system on the local directory. If you want to mount multiple file systems, you must create multiple local directories.
Remount the file system.
sudo mount -t nfs -o vers=3,nolock,proto=tcp,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,file-system-id.region.nas.aliyuncs.com:/subdir /tmp/mntThe following list describes the required fields. Replace the values of these fields with the actual values.
file-system-id.region.nas.aliyuncs.com: specifies the domain name of the mount target. To obtain the domain name of the mount target, perform the following steps: Log on to the NAS console. On the File System List page, click the ID of the file system. On the details page, click Mount Targets and copy the mount command.
/subdir: specifies the subdirectory of the NAS file system.
/tmp/mnt: specifies the local directory of the server.
How do I resolve the issues that occur after I accidentally delete a mount target on a Linux ECS instance?
Issue
A file system is mounted on a Linux ECS instance by using Mount Target A. However, the mount target is deleted from the NAS console before the file system is unmounted. As a result, issues occur on Linux. For example, the system responds slowly or does not respond when you run commands.
Solution
Log on to the Linux ECS instance and press
Ctrl+Cto stop the commands that are being run.Run the
mountcommand to view the mount information.Obtain the mount directory from the mount information, for example, /mnt/data, as shown in the following figure.
Run the
umount -f /mnt/datacommand to unmount the file system.Command syntax:
unmount -f <Mount directory>NoteIf the file system fails to be unmounted by running the
unmount -f <Mount directory>command, run theumount -l <Mount directory>command.After you unmount the file system, you can create a mount target to remount the file system.
How do I prevent the listening port of an NFSv4.0 file system from being considered as a Trojan horse?
Issue
After you mount an NFSv4.0 file system on a compute node, a random listening port of 0.0.0.0 is listened to by using the protocol. The netstat command cannot identify the process of the listening port.
The listening port is a random port. Therefore, the backend application of the listening port cannot be identified. As a result, the listening port is considered as a Trojan horse.
Cause
An NFSv4.0 client listens to the random port to implement the callback feature. The default value of the fs.nfs.nfs_callback_tcpport kernel parameter is 0. Therefore, the NFSv4.0 client listens to a random port. This random port does not cause security risks.
Solution
Before you mount the file system, specify a non-zero value for the fs.nfs.nfs_callback_tcpport parameter. The non-zero value is used as the listening port.
sudo sysctl fs.nfs.nfs_callback_tcpport=<port> In the following example, the fs.nfs.nfs_callback_tcpport parameter is set to 45450. After you mount an NFSv4.0 file system, the output of the netstat command indicates that the system listens to port 45450.
Why am I unable to mount an SMB file system on a Windows operating system that is later than Windows Server 2016?
Issue
An error occurs when you run the following command:
C:\Users\Administrator>net use z: \\xxxxx-xxxx.xxxxx.nas.aliyuncs.com\myshare
System error 1272 has occurred.
You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.Cause
This error occurs because the security policies of Windows operating systems that are later than Windows Server 2016 do not allow guest users to access remote shared directories.
Solution
Find the following registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] "AllowInsecureGuestAuth"=dword:0Modify the key.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] "AllowInsecureGuestAuth"=dword:1Open PowerShell and run the following command:
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force
For more information, see Guest access in SMB2 disabled by default in Windows 10, Windows Server 2016 version 1709, and Windows Server 2019.
How do I fix the error that occurs when I use IIS to access a NAS file system?
When you mount an SMB file system on Windows Server 2016, an HTTP error 500.19 (error code: 0x8007003a) occurs. For information about how to fix this error, see Best practices for using IIS to access a NAS file system.
How do I remove the handles exposed by a client when an SMB file system fails to terminate the related processes?
You can use the following tool to remove all connections from an SMB file system. This way, all handles are released.
Does an NFS file system that is mounted on Windows support the file lock feature?
No, NFS does not support the file lock feature. If you want to use the file lock feature on Windows, we recommend that you use an SMB file system.
How do I check the security group configurations of an ECS instance?
When you mount an NFS file system on an ECS instance, the NFS file system depends on the following ports: 2049, 111, 4001, and 4002. When you mount an SMB file system on an ECS instance, the SMB file system depends on port 445. If the outbound rules of the security group are configured to deny access to these ports, the NAS file system fails to be mounted.
You can perform the following steps to check and modify the configurations of security group rules.
Log on to the ECS console.
In the left-side navigation pane, choose .
In the top navigation bar, select a region.
Click the ID of the security group rule to go to the details page of the security group rule.
Click the Outbound tab. On the Outbound tab, check whether the IP address or CIDR block of the mount target for the file system and the required ports can be accessed over TCP. For an NFS file system, ports 2049, 111, 4001, and 4002 are required. For an SMB file system, port 445 is required.
NoteBy default, the outbound rule of a basic security group allows all access requests. In this case, no modification is required.
By default, the outbound rule of an advanced security group denies all access requests. In this case, you need to allow access from the related TCP ports in the outbound rule for the IP address of the mount target for the file system.
If the preceding ports and the IP address or CIDR block of the mount target for the file system are denied access by the outbound rule of a security group, click Edit in the Actions column to modify the settings of Action, Port Range, or Authorization Object. For more information about security group rules, see Security group rules.
If a resolution error occurs, you can add the following rule to the security group to support default DNS resolution.
Action
Priority
Protocol type
Port range
Authorization object
Allow
1
Custom UDP
Dest: 53/53
Dest: 0.0.0.0/0
For example, you can allow outbound data transfer over port 2049 for the IP address (192.168.12.151) of the mount target for the file system.
Basic security group
Action
Priority
Protocol type
Port range
Authorization object
Allow
1
Custom TCP
Dest: 2049/2049
The following CIDR blocks include the IP address of the mount target (192.168.12.151). You can configure one of the following CIDR blocks:
0.0.0.0/0
192.0.0.0/8
192.168.0.0/16
192.168.12.0/24
192.168.12.151/32
Advanced security group
Action
Priority
Protocol type
Port range
Authorization object
Allow
1
Custom TCP
Dest: 2049/2049
The following CIDR blocks include the IP address of the mount target (192.168.12.151). You can configure one of the following CIDR blocks:
0.0.0.0/0
192.0.0.0/8
192.168.0.0/16
192.168.12.0/24
192.168.12.151/32
How do I check NAS permission group rules?
In NAS, each permission group represents a whitelist. The private IP address of the ECS instance must be in the whitelist of the permission group configured for the mount target. If the permission group rule of the mount target does not include the IP address or CIDR block of the ECS instance on which the file system is mounted, you cannot mount the NAS file system.
We recommend that you add all private IP addresses (including secondary private IP addresses) of your ECS instance to the permission group that is attached to the mount target. This ensures that the NAS file system can still be accessed during switching of network interface cards (NICs).
You can perform the following steps to check and modify a permission group rule:
Log on to the NAS console.
In the left-side navigation pane, choose File System > File System List.
In the top navigation bar, select a region.
Find the file system that you want to manage and click Manage in the Actions column. The details page of the file system appears.
Click Mount Targets. On the Mount Target tab, view the permission group configured for the mount target.
If the permission group is VPC default permission group (all allowed), no modification is required.
The default permission group allows read and write access from all IP addresses to a file system. No limits are specified for Linux system users. The default permission group cannot be deleted or modified.
For a custom permission group, click the name of the permission group to view the rule of the custom permission group.
If the rule does not include the IP address or CIDR block of the ECS instance on which the file system is mounted, you can click Edit to add the IP address of the ECS instance to Authorized Address.
For example, if the IP address (192.168.12.150) of the ECS instance on which the file system is mounted is not displayed in the Authorized Address column, you can add one of the following CIDR blocks to Authorized Address:
192.168.12.150/32
192.168.12.0/24
192.168.0.0/16
192.0.0.0/8
0.0.0.0/0
Can I modify the security group rule that is automatically generated by an Extreme NAS file system?
No, you cannot modify or delete the security group rule that is automatically generated by an Extreme NAS file system. If the description of the security group rule is Created by nas. Should not delete it, the security group rule is automatically generated by the Extreme NAS file system. This security group rule applies only to the ENI of the Extreme NAS server. If you receive a high-risk alert about the security group of the Extreme NAS file system from Security Center, we recommend that you add the IP address in the alert to the whitelist.
Why does Security Center send a high-risk alert about the security group of an Extreme NAS file system?
Security Center detects ECS security group rules based on modules. The security group on the ECS instance is the default security group. If unnecessary ports are detected, Security Center generates an alert and prompts you to configure the minimum access permissions on the security group. If the description of the security group rule is Created by nas. Should not delete it, the security group rule is automatically generated by the Extreme NAS file system. This security group rule applies only to the ENI of the Extreme NAS server. If the alert affects your use, we recommend that you add the IP address in the alert to the whitelist.
Can I use a NAS file system as a storage directory for Docker services?
No, you cannot. The overlay feature is required for Docker storage. NAS does not support the overlay feature.
How do I view the mount directory of a NAS file system on a server?
Linux: Log on to the server and run the
df -hcommand to view the mount directory.The following code shows a sample output.
/mntin the Mounted on column is the directory of the ECS instance to which the NAS file system is mounted.Filesystem Size Used Avail Use% Mounted on devtmpfs 3.7G 0 3.7G 0% /dev tmpfs 3.8G 0 3.8G 0% /dev/shm tmpfs 3.8G 452K 3.8G 1% /run tmpfs 3.8G 0 3.8G 0% /sys/fs/cgroup /dev/vda1 40G 3.0G 35G 8% / tmpfs 3.8G 0 3.8G 0% /tmp tmpfs 761M 0 761M 0% /run/user/0 19f04a4****-i****.cn-chengdu.nas.aliyuncs.com:/ 10P 0 10P 0% /mntWindows: You can view the mount directory in File Explorer.