Each view is attached to a view policy which governs some of the configuration of the view. A view policy can be reused.
If there is no view policy with the configuration that you need for a particular view, you need to create a suitable view policy first. See Creating View Policies for instructions.
-
In the VAST Web UI, select Element Store from the left navigation menu and then select Views.
-
Click Create View to add a new view.
The Add View dialog appears.
-
In the Path field, enter the full path from the top level of the storage system on the cluster to the location that you want to expose.
The directory may exist already, such as if it was created by a client inside a mounted parent directory. It could also be a path to a new directory which you'll create now. (see step 9)
-
Open the Protocols dropdown, select which protocols you want the view to be accessible from. You can select any combination with the exception that S3 Endpoint can only be selected alone. The options are:
-
NFS exposes the view as an NFS export to clients using NFS version 3.
-
NFS4 exposes the view as an NFS export to clients using NFS version 4.1.
-
SMB exposes the view as an SMB share to SMB clients.
-
S3 Bucket exposes the view as an S3 bucket.
-
S3 Endpoint creates a template for creating buckets via S3 APIs. Whenever a bucket is created using this endpoint, a new view is created under the specified path. See Managing S3 Request-Initiated Bucket Creation for more information about S3 Endpoint buckets.
You can enable NFS and/or NFS4 together with S3 Endpoint. In this case, the view path is exported for NFS access while multiple S3 buckets may also be created under the view path.
-
Bucket Database exposes tabular data to database query engines. This value is used for each view that VAST Cluster creates when a user chooses to create a database on the cluster. For more information, see Creating a Database and a Schema.
-
-
If you selected SMB in the Protocols dropdown, enter a name for the SMB share in the SMB Share Name field.
This is required for SMB.
The name cannot include the following characters: /\:|<>*?"
-
If you selected NFS in the Protocols dropdown, you can optionally specify an alias for the mount path of the NFS export. An alias must begin with a forward slash ("/") and must consist of only ASCII characters. Enter the alias in the NFS Alias field.
-
If you selected S3 Bucket in the Protocols dropdown, enter a name for the bucket in the S3 Bucket Name field.
S3 Bucket name is required for S3 buckets.
-
Complete the following fields:
Policy Name
Select the view policy that has the configuration you want to use for the view.
Tenant
Associate the view with a tenant. By default, the view is associated with the default tenant.
QOS Policy
Select a QoS policy to associate the view with a QoS policy.
QoS policies are supported for NFSv3, NFSv4.1 and SMB
Create Directory
If the directory does not already exist in the file system, enable the Create Directory setting to create the directory.
-
If you selected S3 Bucket or S3 Endpoint in the Protocols dropdown, select the S3 tab and set the relevant settings:
-
For S3 Bucket:
-
S3 Bucket Owner. Specify a user to be the bucket owner.
S3 Bucket owner is required for S3 buckets.
-
S3 Features :
Note
These features are not available if NFS, NFS4 and/or SMB are enabled in the Protocols dropdown.
-
S3 Versioning. Enable this setting if you want to enable object versioning on the bucket. Versioning cannot be disabled after the view is created.
Note
This setting must be enabled if object locking is enabled and therefore it is automatically enabled when you enable S3 Object Lock.
-
S3 Object Lock. Enable this setting if you want to enable object locking on the bucket. Object locking cannot be disabled after the view is created.
Note
S3 Versioning is required with object locking and is automatically enabled when you enable S3 Object Lock.
-
S3 Retention Period. This field is enabled only if object locking is enabled. It is optional and enables you to set a default retention period for objects in the bucket. If set, object versions that are placed in the bucket are automatically protected with a retention lock with the specified retention period, unless S3 Retention Mode is set to None. Otherwise, by default, each object version has no automatic protection but can be configured with a retention lock or legal hold. For more information, see S3 Object Locking Overview.
-
S3 Retention Mode. This field is enabled only if object locking is enabled. It is optional and enables you to set a default retention mode for objects in the bucket. For information about retention modes, see S3 Object Locking Overview.
Possible values:
-
None (default). Object versions that are placed in the bucket have no automatic protection but can be configured with a retention period or legal hold.
-
Governance. Object versions that are placed in the bucket are automatically protected with a retention lock with retention mode set to governance.
-
Compliance. Object versions that are placed in the bucket are automatically protected with a retention lock with retention mode set to compliance.
-
-
-
Anonymous Access. Enable this setting to allow anonymous S3 access to the bucket. If enabled, anonymous requests are granted provided that the object ACL grants access to the All Users group (in S3 Native security flavor) or the permission mode bits on the requested file and directory path grant access permission to "others" (in NFS security flavor).
-
-
For S3 Endpoint:
-
Bucket Creators (Users). List users here by user name. Any request to create an S3 bucket that is sent by S3 API by a user listed here will use the S3 Endpoint view that you are configuring.
Note
Users should not be specified as bucket creators in more than one S3 Endpoint view.
Naming a user as a bucket creator in two S3 Endpoint views will fail the creation of the view with an error.
-
Bucket Creators (Groups). List groups here by group name. Any request to create an S3 bucket that is sent by S3 API by a user who belongs to a group listed here will use the S3 Endpoint view that you are configuring.
Caution
Take extra care not to duplicate bucket creators through groups: If you specify a group as a bucket creator group in one view and you also specify a user who belongs to that group as a bucket creator user in another view, view creation will not fail. Yet, there is a conflict between the two configurations and the selection of a view for configuring the user's buckets is not predictable.
-
Anonymous Access. Enable this setting to allow anonymous S3 access to the bucket. If enabled, anonymous requests are granted provided that the object ACL grants access to the All Users group (in S3 Native security flavor) or the permission mode bits on the requested file and directory path grant access permission to "others" (in NFS security flavor).
-
-
-
If you selected SMB in the Protocols dropdown, you can optionally configure share-level ACL:
-
Move the Enable Share-level ACL slider to ON position. This setting enables share-level ACL on the view, which means that SMB requests to access the view will fail unless permission is granted to the requesting user by an ACE (see next step).
-
Under Search, enter details to query a user or group that you want to define an ACE for:
-
Click Add ACE. The grantee's type and name are entered into the ACL grid.
-
In Permission column of the ACL grid, select the permission type that you want to grant to the grantee.
-
Repeat steps b to d until you have created all the ACEs that you want to configure.
-
-
Click Create.
The view is now created and can be accessed via all the protocols you enabled. You can see it displayed in the Views tab.
Use the view create command to create the view.
Note
Share-level ACLs can be added via CLI only using the view modify command after creating the view.
Comments
0 comments
Article is closed for comments.