When you use WUYING Workspace, you can create an Apsara File Storage NAS instance and mount it to multiple cloud desktops to enable file sharing. This lets you access the shared storage as a local directory.
Solution overview
Alibaba Cloud WUYING Workspace lets you mount Apsara File Storage NAS instances to multiple cloud desktops for shared storage. Using the SMB protocol, the cloud file system is mapped to a local path, which enables concurrent read and write operations from multiple instances. This overcomes the limitations of local storage and improves collaboration efficiency and data consistency. To ensure uninterrupted access after a restart, you can configure an automatic mount at system startup.
Apsara File Storage NAS supports two authentication methods for cloud computer access: anonymous access (guest) and Active Directory (AD) domain authentication. You can choose the method that best suits your environment:
Anonymous access (guest): No username or password is required. This method is quick to set up and suitable for staging environments.
AD domain with Kerberos authentication: This method integrates with enterprise domain controllers and enables access control based on SMB Access Control Lists (ACLs). It is suitable for production environments.
When you create a shared Apsara File Storage NAS instance, ensure that the instance is in the same office network as your cloud desktop. You must also allow outbound traffic on port 445 in the security group policy for your cloud desktop to ensure stable and secure file access.
Procedure
1. Get the Apsara File Storage NAS mount target
Go to the WUYING Workspace console.
In the left navigation pane, under Networks & Storage, click Apsara File Storage NAS.
From the list, copy the Mount Target Domain of the Apsara File Storage NAS instance to mount.
If no Apsara File Storage NAS instance is available, click Create NAS File System. The shared Apsara File Storage NAS must be in the same office network as the target cloud desktop.
Creating an Apsara File Storage NAS instance incurs storage fees that are based on the storage type, size, and duration. For more information about the billing of General-purpose NAS file systems, see General-purpose NAS billing.
2. Install the CIFS client tools
To enable communication between Linux and SMB/CIFS shares, you must install the cifs-utils package.
On your cloud desktop, open a terminal and run the installation command for your operating system.
Ubuntu/Debian
# Update the package management tool
sudo apt-get update
# Fix incorrectly configured packages
sudo dpkg --configure -a
# Install CIFS utilities
sudo apt-get install cifs-utilsRHEL/CentOS/Alibaba Cloud Linux
sudo yum install cifs-utilsOpenSUSE/SLES12-SP2
sudo zypper install cifs-utilsCoreOS
Configure SELinux.
sed -i 's/SELINUXTYPE=mcs/SELINUXTYPE=targeted/' /etc/selinux/configManually compile the CIFS client tools on CoreOS.
You can follow these steps to compile the CIFS client tools in a Fedora container. Alternatively, you can download the official Alibaba Cloud CIFS utilities package for CoreOS and copy it to the /tmp/ or /bin directory.
Start a Fedora container to compile cifs-utils.
docker run -t -i -v /tmp:/cifs fedora /bin/bashRun the following commands inside the Docker container.
yum groupinstall -y "Development Tools" "Development Libraries"yum install -y bzip2curl https://download.samba.org/pub/linux-cifs/cifs-utils/cifs-utils-6.9.tar.bz2 --output cifs-utils-6.9.tar.bz2;bunzip2 cifs-utils-6.9.tar.bz2 && tar xvf cifs-utils-6.9.tarcd cifs-utils-6.9; ./configure && makecp mount.cifs /cifs/exit
3. Create a local mount point
A mount point is the directory in the local Linux file system where the NAS file system is attached.
bash# Create a directory as the mount point
sudo mkdir -p /mnt/nas4. Mount the file system
Mounting connects the local mount point to the Apsara File Storage NAS mount target. After the file system is mounted, your cloud desktop can use the NAS file system as a local directory.
Before you mount the file system, verify the network connectivity between your cloud desktop and the Apsara File Storage NAS mount target using the telnet command. For more information, see Network connectivity.
Choose one of the following methods based on your authentication setup.
Anonymous access: Use this method if you are accessing and mounting the NAS file system as a convenience user, or if your cloud desktop is in an AD office network but the mounted NAS file system does not have SMB ACL enabled.
AD domain authentication: Use this method if your cloud desktop is in an AD office network and the NAS file system has SMB ACL enabled. In this case, mounting requires enterprise AD domain user credentials.
The following examples use variables. Replace them with your actual values.
nas-example.cn-hangzhou.nas.aliyuncs.com: The NAS mount target that you obtained in Step 1./mnt/nas: The local mount target that you created in Step 2.myshare: The default SMB share name for NAS. This cannot be changed.
Anonymous access
If you are accessing and mounting the NAS file system as a convenience user, or if your cloud desktop is in an AD office network but the mounted NAS file system does not have SMB ACL enabled, run the following command to mount the file system.
This method requires no credentials and is not recommended for production environments.
Mount the file system
# Get the current user's UID
id -u
# Get the current user's GID
id -g
# Mount the file system
sudo mount -t cifs //nas-example.cn-hangzhou.nas.aliyuncs.com/myshare /mnt/nas -o vers=2.1,guest,uid=0,gid=0,dir_mode=0755,file_mode=0755,mfsymlinks,cache=strict,rsize=1048576,wsize=1048576uid/gid: Replace these with the UID and GID values that you obtained.
Configure automatic mount
To prevent the mount from being lost after the cloud desktop restarts, you can configure an automatic mount at system startup.
Edit the /etc/fstab file and add the following line.
# //nas-server/share /mount/point type options dump pass
//<mount target domain>/myshare /mnt cifs vers=2.1,guest,uid=0,gid=0,dir_mode=0755,file_mode=0755,mfsymlinks,cache=strict,rsize=1048576,wsize=1048576 0 0After you complete the configuration, run sudo systemctl daemon-reload to apply the changes.
AD domain authentication
If your cloud desktop is in an AD office network and the NAS file system has SMB ACL enabled, run the following command to mount the file system. If SMB ACL is not yet enabled, see Join an SMB file system mount target to an AD domain.
Mount the file system
# Get the current user's UID
id -u
# Get the current user's GID
id -g
# Mount the file system
sudo mount -t cifs //nas-example.cn-hangzhou.nas.aliyuncs.com/myshare /mnt/nas -o vers=3.0,sec=krb5,cruid=0,uid=0,gid=0vers=3.0: When SMB ACL is enabled, use version 3.0 for theversparameter.cruidanduid: Replace these with the UID that you obtained.gid: Replace this with the GID that you obtained.
Configure automatic mount
To prevent the mount from being lost after the cloud desktop restarts, you can configure an automatic mount at system startup.
Edit the /etc/fstab file and add the following line.
# //nas-server/share /mount/point type options dump pass
//<mount target domain>/myshare /mnt cifs vers=3.0,sec=krb5,cruid=0,uid=0,gid=0 0 0After you complete the configuration, run sudo systemctl daemon-reload to apply the changes.
Verify the result
Run the following command. If the command output contains the mount information of the NAS file system, the mount is successful. If the command returns no output or the output does not contain your configured mount point, the mount failed.
bash# Check the mount point status
mount | grep cifs
# View file system capacity information
df -h | grep /mnt/nasTroubleshooting
If the mount is unsuccessful, the issue may be caused by one of the following reasons.
Network connectivity
Run the following command to test the network connectivity from your cloud desktop to the mount target.
bash# Test network port connectivity
telnet nas-example.cn-hangzhou.nas.aliyuncs.com 445If your cloud desktop cannot connect to the mount target, check the following items:
The Apsara File Storage NAS instance and your cloud desktop are in the same office network.
The cloud computer policy does not block outbound port 445.