...
Info |
---|
The content of this article only apply to the users of the EUMETSAT part of the EWC. |
Table of Contents |
---|
Pre-requisites
Warning |
---|
Setting up SFS in a tenancy can be done only by users with ewcloud-tenant-admin role! |
Ticket
SFS should be available for tenants created after 28/10/2022, if the tenant is older and you wish to use SFS, please open us a ticket here.
1. Create Server Openstack SFS
1.1 From Morpheus go to Infrastructure → Storage, select the Servers tab and click +ADD
...
1.2. Fill the following data:
- Select TYPE as Openstack SFS
- Add a NAME as <tenant name>-sfs-server, e.g., be-rmib-rss-sfs-server
- Select the CLOUD from the list (usually you only have one)
Once saved this will create the storage server.
2. Create a File share
Now that you have a storage server for SFS, you can create the File shares,
...
This will create the Shared Filesystem in the storage backend. Wait until you have the "Share Path:" defined in Morpheus. This will take some time.
3. Network configuration required for the VMs that need to access the SFS
Now that you have created the SFS, you can use it in a VM.
...
Once provisioned is finished, ssh into your machine and verify if the SFS network is up:
Code Block |
---|
ip addr show |
Ubuntu 22 known issue due to race condition in cloud-init - Nov 2023
When running the ip addr show
command, you will notice that one network is not up by default. This is due to a known issue in Ubuntu 22 cloud-init that will be fixed in future updates.
If the SFS network is not UP by default. You need to perform these extra instructions as sudo:
...
network: {config: disabled}
Modify and save the cloud file at this path /etc/netplan/50-cloud-init.yaml adding the following lines in the list of ethernets:
Code Block |
---|
ens4:
dhcp4: true
match:
macaddress: COPY HERE THE ONE IDENTIFED FROM the command ip addr show for ens4 (e.g. fa:16:3e:14:d6:4c)
set-name: ens4
optional: true |
So you will have something like this at the end:
Code Block |
---|
# This file is generated from information provided by the datasource. Changes
# to it will not persist across an instance reboot. To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
ethernets:
ens3:
dhcp4: true
match:
macaddress: fa:16:3e:c3:6d:1f
set-name: ens3
ens4:
dhcp4: true
match:
macaddress: fa:16:3e:14:d6:4c
set-name: ens4
optional: true
version: 2 |
Run the following command:
Code Block |
---|
netplan apply |
Finally verify the network is up, running ip addr show
again
...
4. Adding permissions to use the Shared Filesystem
Once the Shared Filesystem is created, you need to add access rules to allow read-only or read/write operations to one machine or multiple machines.
...
You will be able to see your private network and sfs network IPs:
5. Mount file share to VM
Now that everything is configured and permissions have been given for access, you can login into your machine and mount the shared filesystem in a VM using the following commands:
...
To test this, unmount the share with sudo umount /sfs-test
and then run sudo mount -a
. This should cause the share to mount again if you have everything correct, otherwise you'll see an error message. If it worked, it's then safe to reboot the machine to test mounting on boot up. If it didn't work, don't reboot until you've fixed it or commented out the entry as it may prevent a proper boot up and you'd have to look at the VM console in Morpheus to correct the problem.
6. Managing Directory Permissions
When setting up your Shared File System (SFS) share, it's important to ensure correct directory permissions to maintain security and accessibility. Below are recommendations for managing directory permissions, and you can choose the one that best fits your requirements
Change Ownership: Use the
chown
command to change the ownership of directories and files to specific users or groups. This ensures that the appropriate users have access to the files and directories. For example:sudo chown -R desired_user:desired_group /path/to/mount/point
Grant Write Permissions: If needed, grant write permissions to everyone on the base directory using the
chmod
command. However, this is less secure but convenient for a small, trusted group. For example:sudo chmod a+w /path/to/mount/point
Create Subdirectories Securely: When creating subdirectories, it's recommended to do so as the root user and then change the ownership to the target user or users. This approach enhances security, especially for single users.
Utilize Shared Groups: If multiple users need access, consider using the Unix group model and changing the ownership to a shared group. This allows multiple users to share a directory securely.
By following any of these steps, you can effectively manage directory permissions on your SFS share, ensuring both security and accessibility.