Oracle Cloud Infrastructure Documentation

Creating an Export

Create an export for an existing File Storage file system and mount target.

Typically, an export is created in a mount target when a file system is created. Thereafter, you can create additional exports for a file system in any mount target that resides in the same availability domain as the file system.

Important

The export path must start with a slash (/) followed by a sequence of zero or more slash-separated elements. If there are many file systems associated with a single mount target, the export path sequence for the first file system can't contain the complete path element sequence of the second file system export path sequence. Export paths can't end in a slash. No export path element can be a period (.) or two periods in sequence (..). No export path can exceed 1024 bytes. Lastly, no export path element can exceed 255 bytes.

Valid examples:

  • /example and /path
  • /example and /example2

Invalid examples:

  • /example and /example/path
  • / and /example
  • /example/
  • /example/path/../example1
Caution

If one file system associated with a mount target has '/' specified as an export path, you can't associate another file system with that mount target.
Note

Export paths can't be edited after the export is created. To use a different export path, you must create a new export with the appropriate path. Optionally, you can then delete the export with the old path.

For more information, see Paths in File Systems.

    1. Open the navigation menu and click Storage. Under File Storage, click File Systems.
    2. In the List scope section, under Compartment, select a compartment.
    3. Click the name of the file system you want to create an export for.
    4. On the file system's details page, under Exports, click Create Export.
    5. To accept the system defaults for the export, click Create. The export is created with the information displayed. To choose another mount target or change the default information, click the corresponding Edit details links.

    6. In the Export information section, specify details for the export that's associated with the file system:

      • Export path: The File Storage service creates a default export path using the file system name. Optionally, replace the default export path name with a new path name, preceded by a forward slash (/). For example, /fss. This value specifies the mount path to the file system (relative to the mount target IP address or hostname). Avoid entering confidential information. For more information, see Paths in File Systems.

      • Use secure Export options: Select to set the export options to require NFS clients to use a privileged port (1-1023) as its source port. This option enhances security because only a client with root privileges can use a privileged source port. After the export is created, you can edit the export options to adjust security. For more information, see Working with NFS Exports and Export Options.

        Caution

        Leaving the Use secure Export options setting disabled allows unprivileged users to read and modify any file or directory on the target file system.

      • Use LDAP for group list: Select to use a configured LDAP server to map the user to UNIX groups instead of the groups listed within the NFS request's RPC header when using AUTH_SYS authentication. For more information, see Using LDAP for Authorization. This option has no effect when using Kerberos authentication, because mapping is always enabled.

    7. In the Mount Target information section, specify information for the mount target that's associated with the file system:

      • Select an existing Mount Target: Choose this option to associate the file system with a mount target that you already created. Choose the Mount Target from the list. Click the click here link in the dialog box to enable compartment selection for the mount target.

        If there aren't any mount targets in the current combination of availability domain and compartment, this option is disabled. You can choose a different compartment or create a new mount target.

      • Create new Mount Target: Choose this option to create a new mount target associated with this file system. By default, the mount target is created in the current compartment and you can use network resources in that compartment. Click the click here link in the dialog box to enable compartment selection for the mount target, its VCN, or subnet resources.

        Important

        The mount target is always in the same availability domain as the file system. While it's possible to access mount targets from any AD in a region, for best performance, the mount target and file system should be in the same availability domain as the compute instances that access them. For more information, see Regions and Availability Domains.

    8. If you're creating a new mount target, provide the following information:

      1. Create in Compartment: Specify the compartment you want to create the mount target in.

      2. New Mount Target name: Optionally, replace the default with a friendly name for the mount target. It doesn't have to be unique; an Oracle Cloud Identifier (OCID) uniquely identifies the mount target. Avoid entering confidential information.

        Note

        The mount target name is different than the DNS hostname, which is specified in the advanced options.
      3. Virtual Cloud Network Compartment: The compartment containing the cloud network (VCN) in which you want to create the mount target.
      4. Virtual Cloud Network: Select the cloud network (VCN) where you want to create the new mount target.
      5. Subnet Compartment: Specify the compartment containing a subnet within the VCN to attach the mount target to.

      6. Subnet: Select a subnet to attach the mount target to. Subnets can be either AD-specific or regional (regional ones have "regional" after the name). For more information, see VCNs and Subnets.

        Caution

        Each mount target requires three internal IP addresses in the subnet to function. Don't use /30 or smaller subnets for mount target creation because they don't have enough available IP addresses. Two of the IP addresses are used during mount target creation. The third IP address must remain available for the mount target to use for high availability failover.

      7. Use Network Security Groups to control traffic: Select this option to add this mount target to an existing NSG. Choose an NSG from the list.

        Important

        Rules for the NSG you select must be configured to allow traffic to the mount target's VNIC using specific protocols and ports. For more information, see Configuring VCN Security Rules for File Storage.

      8. (Optional) Show advanced options: Click to configure the mount target's advanced options.

        • IP address: You can specify an unused IP address in the subnet you selected for the mount target.

        • Hostname: You can specify a hostname you want to assign to the mount target.

          Note

          The File Storage service constructs a fully qualified domain name (FQDN) by combining the hostname with the FQDN of the subnet the mount target is located in.

          For example, myhostname.subnet123.dnslabel.oraclevcn.com.

          After it's created, the hostname can be changed in the mount target's details page. For more information, see Managing Mount Targets.

          Important

          If enabling Kerberos authentication for a mount target in a VCN that uses the default Internet and VCN Resolver for DNS, you must specify a hostname.
      9. To add tags to the mount target, click Show tagging options.

        If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.

    9. To create the export, click Create.
    10. (Optional) To save the configuration as a Resource Manager stack, click Save as stack. For more information, see Managing Stacks.

    Next, mount the file system from an instance so that you can read and write directories and files in the file system. For instructions about obtaining mount commands for the OS type and mounting the file system, see Mounting File Systems.

  • Use the fs export create command and required parameters to create an export for a specified file system within a specified export set:

    oci fs export create --export-set-id <export_set_OCID> --file-system-id <file_system_OCID> --path "</pathname>"

    Include the --export-options parameter with required values to set export options when you create the export. If you don't want a file system to be visible to any clients through this export, you can set source to an empty value. For example:

    oci fs export create --export-set-id <export_set_OCID> --file-system-id <file_system_OCID> --path "</pathname>" --export-options '[{"source":"","require-privileged-source-port":"true","access":"READ_ONLY","identity-squash":"ROOT","anonymous-uid":"65534","anonymous-gid":"65534"}]'

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the CreateExport operation to create an export.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.