5.3. Exporting Storage via NFS¶
Acronis Cyber Infrastructure allows you to organize nodes into a highly available NFS cluster in which you can create NFS shares. In Acronis Cyber Infrastructure terms, an NFS share is an access point for a volume and as such it can be assigned an IP address or DNS name. The volume, in turn, can be assigned the usual properties: redundancy type, tier, and failure domain. In each share you can create multiple NFS exports which are actual exported directories for user data. Each export has, among other properties, a path that, combined with share’s IP address, uniquely identifies the export on the network and allows you to mount it using standard commands.
On the technical side, NFS volumes are based on object storage. Aside from offering high availability and scalability, object storage eliminates the limit on the amount of files and the size of data you can keep in the NFS cluster. Each share is perfect for keeping billions of files of any size. However, such scalability implies IO overhead that is wasted on file size changes and rewrites. For this reason, an NFS cluster makes a perfect cold and warm file storage but is not recommended for hot and high performance, often rewritten data (like running virtual machines). Integration of Acronis Cyber Infrastructure with solutions from VMware, for example, is best done via iSCSI to achieve better performance.
Note
Acronis Cyber Infrastructure only supports NFS version 4 and newer, including pNFS.
5.3.1. Setting Up an NFS Cluster¶
Since NFS is based on object storage, creating an NFS cluster is similar to creating an S3 one. Do the following:
On the INFRASTRUCTURE > Networks screen, make sure that the OSTOR private and NFS traffic types are added to your networks.
In the left menu, click STORAGE SERVICES > NFS.
Select one or more nodes and click Create NFS cluster in the right menu.
Make sure the correct network interface is selected in the drop-down list.
If necessary, click the cogwheel icon and configure node’s network interfaces on the Network Configuration screen.
Click CREATE.
After the NFS cluster has been created, you can proceed to creating NFS shares.
5.3.3. Creating NFS Exports¶
The process of creating NFS exports includes the following steps:
- Creating a root export that will contain user exports.
- Mounting the root export.
- Creating user exports in the mounted root export.
5.3.3.1. Creating the Root Export¶
To create a root NFS export, do the following:
On the STORAGE SERVICES > NFS > SHARES screen, click the number in the Exports column in the row of the desired share. This will open the share screen.
On the share screen, click ADD EXPORT, specify
root
as the export name and/
as path and select theread and write
access mode.Important
Do not use other names or paths for the root export.
This will create a directory with a default path that designates export location inside the share. This path is automatically generated based on the share name and used (alongside the share’s IP address) to mount the export.
Important
Do not give the users access to the root export.
The root export will be shown in the export list.
After creating the root export, mount it as described in the Storage User’s Guide.
Warning
Do not mount NFS shares on cluster nodes. It may lead to node freeze.
5.3.3.2. Creating User Exports¶
After creating and mounting the root export, you can proceed to creating user NFS exports. To do this:
- In the mounted root export, create a subdirectory for a user export, e.g.,
export1
. - On the share screen, click ADD EXPORT, enter a user export name, specify
/export1
as path, and select the access mode. - Click Done.
The user export will appear in the export list.
5.3.4. Setting Up User Authentication and Authorization¶
Acronis Cyber Infrastructure allows you to authenticate users for access to specific NFS shares via Kerberos and authorize them to access specific NFS exports inside these shares via LDAP.
5.3.4.2. Authorizing NFS Export Users with LDAP¶
By configuring access to a user directory via LDAP, you can control which users can access which NFS exports. You will need a directory of user accounts with desired NFS access parameters.
To configure access to an LDAP server, do the following:
- On the SETTINGS > Security > LDAP tab, specify the following information:
- Address, the IP address of the LDAP server;
- Base DN, the distinguished name of the search starting point;
- Click Save.