Each view is attached to a view policy which governs some of the configuration of the view. A view policy can be reused.
If there is no view policy with the configuration that you need for a particular view, you need to create a suitable view policy first. See Creating View Policies for instructions.
-
In the VAST Web UI, select Element Store from the left navigation menu and then select Views.
-
Click + Create View to add a new view.
The Add View dialog appears.
-
In the Tenant field, associate the view with a tenant. By default, the view is associated with the default tenant.
-
In the Path field, enter the full path from the top level of the storage system on the cluster to the location that you want to expose.
The directory may exist already, such as if it was created by a client inside a mounted parent directory. It could also be a path to a new directory which you'll create now. (see step 9)
-
From the Protocols dropdown, select one or more protocols you want the view to be accessible from. The options are:
-
NFS exposes the view as an NFS export to clients using NFS version 3.
-
NFS4 exposes the view as an NFS export to clients using NFS version 4.1.
-
SMB exposes the view as an SMB share to SMB clients.
-
S3 Bucket exposes the view as an S3 bucket.
-
S3 Endpoint creates a template for creating buckets via S3 APIs. Whenever a bucket is created using this endpoint, a new view is created under the specified path. See Managing S3 Request-Initiated Bucket Creation for more information about S3 Endpoint buckets.
You can enable NFS and/or NFS4 together with S3 Endpoint. In this case, the view path is exported for NFS access while multiple S3 buckets may also be created under the view path.
-
Database exposes tabular data to database query engines. This value is used for each view that VAST Cluster creates when a user chooses to create a database on the cluster. For more information, see Creating a Database and a Schema.
-
-
If you selected SMB in the Protocols dropdown, enter a name for the SMB share in the SMB share name field. This setting is required for SMB.
The SMB share name cannot include the following characters: /\:|<>*?"
-
If you selected NFS in the Protocols dropdown to enable NFS3 access, you can use the NFS alias field to optionally specify an alias for the mount path of the NFS3 export. An alias must begin with a forward slash ("/") and must consist of only ASCII characters.
-
If you selected S3 Bucket in the Protocols dropdown, enter a name for the bucket in the S3 Bucket Name field. This setting is required for S3 buckets.
-
Complete the following fields:
Policy name
Select the view policy that has the configuration you want to use for the view.
QoS Policy
Select a QoS policy to associate the view with a QoS policy.
QoS policies are supported for NFSv3, NFSv4.1 and SMB.
Create Directory
If the directory does not already exist in the file system, enable the Create Directory setting to create the directory.
-
If you selected S3 Bucket or S3 Endpoint in the Protocols dropdown, go to the S3 tab and set the relevant settings:
-
For S3 Bucket:
-
S3 Owner. Specify a user to be the bucket owner. This setting is required for S3 buckets.
-
Under S3 Features:
Note
These features are not available if NFS, NFS4 and/or SMB were selected in the Protocols dropdown.
-
S3 Versioning. Enables S3 Object Versioning on the bucket. Versioning cannot be disabled after the view is created.
Note
This setting must be enabled if S3 Object Locking is enabled, so it is automatically toggled on when you enable S3 Object Lock.
-
S3 Object Lock. Enables S3 Oobject Locking on the bucket. Object locking cannot be disabled after the view is created.
Note
S3 Object Versioning is required to use S3 Object Locking, so the S3 Versioning option is automatically toggeled on when you enable S3 Object Lock.
-
Retention Mode. If S3 Object Locking is enabled, you can optionally select a default retention mode for objects in the bucket:
-
None (default). Object versions that are placed in the bucket have no automatic protection but can be configured with a retention period or legal hold.
-
Governance. Object versions that are placed in the bucket are automatically protected with a retention lock with retention mode set to governance.
-
Compliance. Object versions that are placed in the bucket are automatically protected with a retention lock with retention mode set to compliance.
For more information about retention modes, see S3 Object Locking Overview.
-
-
S3 Retention Period. If S3 Object Locking is enabled, you can optionally set a default retention period for objects in the bucket. If set, object versions that are placed in the bucket are automatically protected with a retention lock with the specified retention period, unless S3 Retention Mode is set to None. Otherwise, by default, each object version has no automatic protection but can be configured with a retention lock or legal hold. For more information the S3 retention period, see S3 Object Locking Overview.
-
-
Under S3 Access Control:
-
Anonymous access. Allows anonymous S3 access to the bucket. If enabled, anonymous requests are allowed, provided that the object ACL grants access to the All Users group (for S3 Native security flavor) or the permission mode bits on the requested file and directory path grant access permission to others (for NFS security flavor).
-
-
-
For S3 Endpoint:
-
Under S3 Access Control:
-
Bucket Creators (Users). List bucket users by user name. Any request to create an S3 bucket that is sent by S3 API by a user listed here will use the S3 Endpoint view that you are configuring.
Note
Users should not be specified as bucket creators in more than one S3 Endpoint view.
Naming a user as a bucket creator in two S3 Endpoint views will fail the creation of the view with an error.
-
Bucket Creators (Groups). List user groups by group name. Any request to create an S3 bucket that is sent by S3 API by a user who belongs to a group listed here will use the S3 Endpoint view that you are configuring.
Caution
Take extra care not to duplicate bucket creators through groups. If you specify a group as a bucket creator group in one view and you also specify a user who belongs to that group as a bucket creator user in another view, view creation will not fail. Yet, there is a conflict between the two configurations and the selection of a view for configuring the user's buckets is not predictable.
-
Anonymous access. Allows anonymous S3 access to the bucket. If enabled, anonymous requests are allowed, provided that the object ACL grants access to the All Users group (for S3 Native security flavor) or the permission mode bits on the requested file and directory path grant access permission to others (for NFS security flavor).
-
-
-
-
If you selected SMB in the Protocols dropdown, you can optionally configure a share-level ACL:
-
Go to the Share-level ACL tab.
-
Toggle Enable Share-level ACL on to enable share-level ACL on the view.
When enabled, SMB requests to access the view will fail unless permission is granted to the requesting user by an ACE configured in this dialog.
When disabled, the default share-level ACL applies to the view.
Tip
The default share-level ACL grants Full Control permissions to the Everyone group by default. You can alter this setting on the General tab of the Tenant dialog (choose Element Store -> Tenants -> choose to edit a tenant).
-
Add share-level ACEs:
-
Under Search, query a user or group that you want to define an ACE for:
-
Click + Add ACE. The grantee's type and name displayed in the ACL grid.
-
In the Permission column of the ACL grid, select the permission type that you want to grant to the grantee.
-
Repeat steps c1 to c3 until you have created all the ACEs that you want to configure.
-
-
-
Click Create.
The view is now created and can be accessed via all the protocols you enabled. You can see it displayed in the Views tab.
Use the view create command to create the view.
Note
Share-level ACLs can be added via CLI only using the view modify command after creating the view.
Comments
0 comments
Article is closed for comments.