Articles in this section

See more

Displaying Views and View Policies

Sara Levy
  • Updated
Follow

VAST Cluster has one default view and one default view policy. A view policy is a reusable set of configurations. Every view has a view policy and a view policy may be used by multiple views.

Initially, a view is preconfigured for access via NFS. It exposes the top location of the file system "/". The default view policy gives read/write access to all hosts and root squashes all hosts. Both the initially configured view and the default view policy can be modified.

Displaying Views and View Policies via VAST Web UI

To see the existing views configured on the cluster, go to the Element Store page and select the Views tab.

The following settings are displayed:

Path

The full path from the top level of the storage system on the cluster to the location exposed by the view.

Alias

An alias for the mount path of an NFS export.

Share

For SMB shares, the share name.

Bucket

Name of the S3 bucket used to access the view via S3, if there is one.

Bucket Owner

User name of the S3 bucket owner.

Policy Name

The view policy.

Protocols

The protocol(s) the view is exposed to. Possible values:

  • NFS. Refers to NFS version 3.

  • NFS4. Refers to NFS version 4.1.

  • SMB. Refers to SMB version 2.

  • S3 Bucket. The view has an S3 bucket.

  • S3 Endpoint. This means the view is a template for creating S3 buckets via the S3 API. It specifies a path under which buckets can be created, a view policy that will be attached to any bucket view created using the template, and the users and groups who can use the template to create buckets.

  • Bucket Database. This protocol exposes tabular data to database query engines. For more information, see ???.

S3 Versioning

Applicable if S3 Bucket is enabled.

Indicates if S3 object versioning is enabled on the view.

S3 Locks

Applicable if S3 Bucket is enabled.

Indicates if object locking is enabled on the view.

S3 Retention Mode

Applicable if S3 Bucket and S3 object locking are enabled on the view.

Possible values:

  • None (default). Object versions that are placed in the bucket have no automatic protection but can be configured with a retention period or legal hold.

  • Governance. Object versions that are placed in the bucket are automatically protected with a retention lock with retention mode set to governance.

  • Compliance. Object versions that are placed in the bucket are automatically protected with a retention lock with retention mode set to compliance.

S3 Retention Period

Applicable if S3 Bucket and S3 object locking are enabled on the view.

Default retention period for objects in the bucket. If set, object versions that are placed in the bucket are automatically protected with a retention lock with the specified retention period, unless S3 Retention Mode is set to None. Otherwise, by default, each object version has no automatic protection but can be configured with a retention lock or legal hold. For more information, see S3 Object Locking Overview.

S3 Anonymous Access

Applicable if S3 Bucket or S3 Endpoint is enabled on the view.

Indicates if S3 anonymous access is enabled. This setting allows anonymous S3 access to the bucket. If enabled, anonymous requests are granted provided that the object ACL grants access to the All Users group (in S3 Native security flavor, configured in the view policy) or the permission mode bits on the requested file and directory path grant access permission to "others" (in NFS security flavor, configured in the view policy).

Physical Capacity

The amount of physical capacity used by the view.

Logical Capacity

The amount of data logically written to the view directory prior to data reduction.

Live Monitor

Indicates if live monitoring is enabled (yes) or not (no). Live monitoring can be enabled for up to ten views at one time.

Analytics data for views is polled every 5 minutes by default and every 10 seconds with live monitoring.

Created Time

The date and time when the view was created.

Tenant

The tenant associated with the view. Views are associated by default with a default tenant.

QOS Policy

If the view is associated with a QoS policy, the name of the QoS policy is displayed here.

You can modify and remove views using the Actions menu in the far right column.

To see the existing view policies configured on the cluster, go to the Element Store page and select the View Policies tab.

The following settings can be displayed (to change which fields appear, click the Choose Columns to Display button (columnbutton.png):

Name

The name of the policy.

Atime Frequency

atime is a metadata attribute of NFS files that represents the last time the file was updated. atime is updated on read operations if the difference between the current time and the file's atime value is greater than the configured atime frequency.

0 means no atime updates.

Flavor

The security flavor of the policy.

The security flavor determines how file and directory permissions are controlled. For a full description of the security flavors, see Controlling File and Directory Permissions Across Protocols. In brief, the possible values are:

  • NFS. NFS clients can set permission mode bits on files and directories when creating new files and directories or modifying existing files and directories. Attempts by SMB clients to set file and directory permissions are ignored. Files and directories created by SMB clients receive a configurable set of initial permission bits.

  • SMB. SMB clients can set permissions on files and directories. Attempts by NFS clients to set permission bits for files and directories are ignored. Files and directories created on NFS clients inherit permissions set on the parent directory by the SMB client.

  • Mixed Last Wins. This flavor is designed to act as natively as possible to whichever protocol is used to create or modify a file or directory. It allows permissions to be set and modified from all clients. As far as possible, this flavor is designed such that whenever a user changes permissions via a given protocol, the permission change that is applied in vast permissions is as the user intended.

  • S3 Native. Supports S3 and provides a native experience for S3 usage. Also supports NFSv3 and NFSv4.1. S3 clients can set S3 ACLs on objects and on the view bucket. Attempts by NFS clients to set permission bits for files and directories are ignored. Access checks are done using the S3 access check algorithm. New objects created by NFS clients or created by S3 without setting ACL receive a default initial S3 object ACL, which gives the owner FullControl.

Group Membership Source

Determines the source for retrieving group memberships of NFS users for the purposes of authorizing access to files and directories. Possible values:

  • Client. The GIDs declared in the RPC as the user's leading group and auxiliary groups are trusted and provider-sourced groups are not considered.

  • Providers. Group memberships retrieved from authorization providers are considered as the user's group memberships (as for SMB-only and multiprotocol views). The GIDs declared in the RPC are ignored.

  • Client And Providers. Both the GIDs declared in the RPC and group memberships retrieved from authorization providers are considered.

For more information about the impact of this setting, see The VAST Cluster Authorization Flow.

NFS Read Write

The hosts that have read/write access to the view via NFS. An asterisk (*) is a wildcard character that includes all hosts.

NFS Read Only

The hosts that have read-only access to the view via NFS. An asterisk (*) is a wildcard character that includes all hosts.

SMB Read Write

The hosts that have read/write access to the view via SMB. An asterisk (*) is a wildcard character that includes all hosts.

SMB Ready Only

The hosts that have read-only access to the view via SMB. An asterisk (*) is a wildcard character that includes all hosts.

S3 Read Write

The hosts that have read/write access to the view via S3. An asterisk (*) is a wildcard character that includes all hosts.

S3 Read Only

The hosts that have read-only access to the view via S3. An asterisk (*) is a wildcard character that includes all hosts.

All Squash

The hosts that have all squash applied to them when accessing the view via NFS. With all squash, all client users are mapped to nobody for all file and folder management operations on the export.

No Squash

The hosts that have no squash applied to them when accessing the view via NFS. With no squash, all operations are supported. Use this option if you trust the root user not to perform operations that will corrupt data.

Root Squash

The hosts that have root squash applied to them when accessing the view via NFS. With root squash, the root user is mapped to nobody for all file and folder management operations on the export.

Trash

The hosts that have access to the trash folder when accessing the view via NFS (NFSv3 only). These hosts have the ability to delete files by moving them into a trash folder, from which they are automatically deleted.

Created Time

The date and time at which the view policy was created.

Tenant

The tenant associated with the policy.

You can modify and remove view policies using the Actions menu in the far right column.

Displaying Views and View Policies via VAST CLI

Run the view list and viewpolicy list commands to list existing views and view policies via the VAST CLI.

Related articles

Comments

0 comments

Article is closed for comments.