Articles in this section

Displaying Views and View Policies

Sara Levy
  • Updated
Follow

VAST Cluster has one default view and one default view policy. A view policy is a reusable set of configurations. Every view has a view policy and a view policy may be used by multiple views.

Initially, a view is pre-configured for access via NFS. It exposes the top location of the file system "/". The default view policy gives read/write access to all hosts and root squashes all hosts. Both the initially configured view and the default view policy can be modified.

Displaying Views and View Policies via the VAST Web UI

To see the existing views configured on the cluster, go to the Element Store page and select the Views tab.

The following settings are displayed:

Path

The full path from the top level of the storage system on the cluster to the location exposed by the view.

Alias

An alias for the mount path of an NFS export.

Share

For SMB shares, the share name.

Bucket

Name of the S3 bucket used to access the view via S3, if there is one.

Bucket Owner

User name of the S3 bucket owner.

Policy Name

The view policy.

Protocols

The protocol(s) the view is exposed to. Possible values:

  • NFS. Refers to NFS version 3.

  • NFS4. Refers to NFS version 4.1.

  • SMB. Refers to SMB version 2.

  • S3 Bucket. The view has an S3 bucket.

  • S3 Endpoint. This means the view is a template for creating S3 buckets via the S3 API. It specifies a path under which buckets can be created, a view policy that will be attached to any bucket view created using the template, and the users and groups who can use the template to create buckets.

Physical Capacity

The amount of physical capacity used by the view.

Logical Capacity

The amount of data logically written to the view directory prior to data reduction.

You can modify and remove views using the Actions menu in the far right column.

To see the existing view policies configured on the cluster, go to the Element Store page and select the View Policies tab.

The following settings can be displayed (to change which fields appear, click the Choose Columns to Display button (columnbutton.png):

Name

The name of the policy.

Atime Frequency

atime is a metadata attribute of NFS files that represents the last time the file was updated. atime is updated on read operations if the difference between the current time and the file's atime value is greater than the configured atime frequency.

0 means no atime updates.

Flavor

The security flavor of the policy.

The security flavor determines how file and directory permissions are controlled. For a full description of the security flavors, see Controlling File and Directory Permissions Across Protocols. In brief, the possible values are:

  • NFS. NFS clients can set permission mode bits on files and directories when creating new files and directories or modifying existing files and directories. Attempts by SMB clients to set file and directory permissions are ignored. Files and directories created by SMB clients receive a configurable set of initial permission bits.

  • SMB. SMB clients can set permissions on files and directories. Attempts by NFS clients to set permission bits for files and directories are ignored. Files and directories created on NFS clients inherit permissions set on the parent directory by the SMB client.

  • Mixed Last Wins. This flavor is designed to act as natively as possible to whichever protocol is used to create or modify a file or directory. It allows permissions to be set and modified from all clients. As far as possible, this flavor is designed such that whenever a user changes permissions via a given protocol, the permission change that is applied in vast permissions is as the user intended.

  • S3 Native. Supports S3 and provides a native experience for S3 usage. Also supports NFSv3 and NFSv4.1. S3 clients can set S3 ACLs on objects and on the view bucket. Attempts by NFS clients to set permission bits for files and directories are ignored. Access checks are done using the S3 access check algorithm. New objects created by NFS clients or created by S3 without setting ACL receive a default initial S3 object ACL, which gives the owner FullControl.

Group Membership Source

Determines the source for retrieving group memberships of NFS users for the purposes of authorizing access to files and directories. Possible values:

  • Client. The GIDs declared in the RPC as the user's leading group and auxiliary groups are trusted and provider-sourced groups are not considered.

  • Providers. Group memberships retrieved from authorization providers are considered as the user's group memberships (as for SMB-only and multiprotocol views). The GIDs declared in the RPC are ignored.

  • Client and Providers. Both the GIDs declared in the RPC and group memberships retrieved from authorization providers are considered.

For more information about the impact of this setting, see The VAST Cluster Authorization Flow.

Read Write

The hosts that have read/write access to the view via NFS. * is a wildcard indicating all hosts.

Read Only

The hosts that have read only access to the view via NFS. * is a wildcard indicating all hosts.

All Squash

The hosts that have all squash applied to them when accessing the view via NFS. With all squash, all client users are mapped to nobody for all file and folder management operations on the export.

No Squash

The hosts that have no squash applied to them when accessing the view via NFS. With no squash, all operations are supported. Use this option if you trust the root user not to perform operations that will corrupt data.

Root Squash

The hosts that have root squash applied to them when accessing the view via NFS. With root squash, the root user is mapped to nobody for all file and folder management operations on the export.

Trash

The hosts that have access to the trash folder when accessing the view via NFS (NFSv3 only). These hosts have the ability to delete files by moving them into a trash folder, from which they are automatically deleted.

You can modify and remove view policies using the Actions menu in the far right column.

Displaying Views and View Policies via the VAST CLI

Run the view list and viewpolicy list commands to list existing views and view policies via the VAST CLI.

Related articles

Comments

0 comments

Article is closed for comments.