Oracle Cloud Infrastructure Documentation

OCIFS Utility

Use the OCIFS utility to mount Oracle Cloud Infrastructure Object Storage buckets as file systems.

After an Object Storage bucket is mounted with OCIFS, you can access the objects in that bucket as regular files or directories. Although objects in a bucket exist in a flat structure, OCIFS simulates a directory structure by using prefix strings that are present in object names that include one or more forward slashes (/).

Note

OCIFS isn't a shared file system. To avoid object data corruption, don't use OCIFS to mount the same Object Storage bucket (or any overlapping bucket subfolder) many times, simultaneously. Also, don't directly change a bucket object (for example, with the Console, CLI or API) while the Object Storage bucket is mounted.

For more information about Object Storage, see Overview of Object Storage.

Installing the OCIFS Utility

Install the OCIFS utility package to mount Object Storage buckets as file systems.

Prerequisites:

The OCIFS utility (ocifs) package is available on instances launched with Oracle Linux 8, or later. Before installing the OCIFS utility, ensure the following prerequisites are met:

  • OCI Object Storage - OCIFS must be installed on a system or Oracle Cloud Infrastructure (OCI) compute instance that can access, or connect to, an existing Object Storage bucket. The Object Storage bucket to be mounted with OCIFS must already exist before mounting. For more information about Object Storage, see Overview of Storage Connect. For information about how to create an Object Storage bucket, see Creating a Bucket.

  • Local Disk Space - OCIFS consumes local disk space for caching Object Storage objects. OCIFS caches objects of a mounted Object Storage bucket in a directory. For best performance, choose a local directory for caching that's on a storage device with fast access time.

    Also, ensure that the cache directory is on a storage device with enough free space to host the entire contents of the mounted Object Storage bucket path, or, at minimum, all objects in the bucket to be read or written. OCIFS operations might fail if the storage device where the cache directory is located gets full. For more information about OCIFS caching, see OCIFS Cache Options.

To install the OCIFS utility:

  1. Complete the Prerequisites.
  2. Enable the oci_included repository, which contains the ocifs package. This repository is enabled by default in Oracle Linux platform images.
    For more information, see Installing Software on Oracle Linux Instances.
  3. Install the ocifs package: 
    sudo dnf install ocifs
    Note

    If you need to remove the ocifs package at a later time, for any reason, run: sudo dnf remove ocifs

Mounting and Unmounting with OCIFS

OCIFS lets you mount Object Storage buckets to be used as file systems, and lets you manage the objects in the mounted buckets as regular directories and files.

You can specify the Object Storage bucket to mount by its bucket path. Bucket paths can be either of the following:

  • A bucket name: All objects from the specified Object Storage bucket are accessible as regular files or directories in the mounted directory.

    For example, to mount the Object Storage bucket, bucket-1, on directory mydir:
    $ ocifs bucket-1 mydir

  • A bucket subfolder that's an Object Storage bucket name with a subfolder from that bucket: Only objects from the specified bucket subfolder are accessible as regular files or directories in the mounted directory.

    For example, to mount the subfolder marathon/participants from the Object Storage bucket bucket-1 on directory mydir:
    $ ocifs bucket-1/marathon/participants mydir

Mounting an Object Storage Bucket

Prerequisites:

Before using OCIFS to mount an Object Storage bucket, review the following:

To mount an Object Storage bucket:

  • Use the ocifs command:
    ocifs [<options>] <bucket-path> <dir>

    Or:

  • Use the mount(8) command:
    mount -t fuse.ocifs [-o <options>] <bucket-path> <dir>
    Note

    The mount command requires the appropriate privileges (such as root).

Examples:

  • Mount the Object Storage bucket bucket-1 on directory mydir using the ocifs command:

    $ ocifs bucket-1 mydir

  • Mount the Object Storage bucket bucket-1 on directory /mnt using the mount command:

    # mount -t fuse.ocifs bucket-1 /mnt

By default, the Object Storage bucket is mounted using API-based authentication. See OCIFS Authentication.

Unmounting an Object Storage Bucket

  • Use the fusermount command:
    fusermount -u <dir>

    Or:

  • Use the umount(8) command:
    umount <dir>
    Note

    The umount command requires appropriate privileges (such as root).
Examples:

  • Unmount the Object Storage bucket mounted on directory mydir using the fusermount command:

    $ fusermount -u mydir

  • Unmount the Object Storage bucket mounted on directory /mnt using the umount command:

    # umount /mnt
Note

Unmounting an OCIFS file system removes its corresponding cache directory, unless the file system is mounted with the cache-keep option. See OCIFS Cache Options.

OCIFS Mounting Restrictions

OCIFS has several mounting restrictions to consider.

Before mounting an Object Storage bucket with OCIFS, review the OCIFS mounting rules and restrictions:

File Types, Attributes and Sizing

Review the OCIFS file type, attribute, and sizing restrictions.

File Types
OCIFS supports only regular files and directories. OCIFS does not support symbolic links, physical links, and special files (block, character, fifo, special).
File Attributes
File attributes (permissions, user and group ownership, access/modification/change times) aren't persistent across mounts. All attributes are reset when an OCIFS file system is unmounted and remounted.
By default, permissions are set to 0755 for directories and 0644 for files. Ownership is set with the uid and gid of the owner of the file system. File permissions and ownership can't be changed, unless the OCIFS file system is mounted by the root user. Removing the write permission to a file prevents newly read data from being cached. In this case, OCIFS doesn't have permission to write to the cached file.
File Size
OCIFS write is limited to 50 GB. Because of this, you can't create or change a file that's larger than 50 GB in size.

Naming Rules

Follow the OCIFS naming rules for files, paths, objects, and prefixes.

File Names
OCIFS file name size is limited to the size that's supported by the file system being used for the OCIFS cache. The most common file name size limit for file systems is 255 characters. If an Object Storage bucket has an object with a file name size larger than 255 characters, the object might be visible as a file or directory on the OCIFS file system, but the object is read-only and can't be cached. Because the object isn't cached, the object access time might be slow.
OCIFS read/write access and caching of the object can be restored by renaming the object with a name that's compatible with the file system used for the OCIFS cache. You can use the Oracle Cloud Console to rename an object, or you can rename the object with OCIFS using the mv(1) command.
Path Names
OCIFS supports path names with a maximum of 1023 characters.
Incompatible Object Names
An Object Storage bucket can have objects with names that aren't compatible with Linux file system naming conventions (For example: //directory or directory////mydirectory). However, these objects aren't accessible nor visible with OCIFS. To be usable with OCIFS, such objects must be renamed with names that are compatible with Linux file system naming conventions. You can use the Oracle Cloud Console to rename an object.
An object name can have up to 1024 characters, and it can have a corresponding OCIFS file name that's larger than the usual file system file name limit (255 characters). However, access to such objects with OCIFS are limited.
To verify whether an Object Storage bucket has names that aren't compatible with the OCIFS file system, use the --check-bucket option of the ocifs command.
Object and Prefix Name Conflicts
If the same name is used both as an Object Storage object name and as a prefix name, then that name is displayed as a directory entry with OCIFS. The object with the same name isn't accessible through OCIFS. To make the object visible through OCIFS, you must rename the object with a name that's not used as a prefix.
For example, if an Object Storage bucket has objects directory and directory/mydirectory, then directory is used both as an object name and as a prefix name. In that case, OCIFS shows the entry directory as a directory and provides access to all objects starting with prefix directory/ (For example, object directory/mydirectory). However, object directory isn't accessible.
Use the --check-bucket option of the ocifs command to verify if a bucket has conflicting object and prefix names.

Data Synchronization

OCIFS provides different options for data synchronization.

When writing to an OCIFS file, data is synchronized (data is effectively written back to the corresponding Object Storage object) when the OCIFS file is closed. Any data synchronization error is reported by the close(2) system call. For information about dealing with error returns from close(), see the NOTES section of the close(2) man page. You can also request data to be explicitly synchronized using fsync(2) or fdatasync(2).

Or, you can make write operations immediately synchronize data either for a specific file (by opening the file with the O_SYNC or O_DSYNC flag) or for all files (by mounting the OCIFS file system with the sync option (-o sync).
Note

Using the O_SYNC or O_DSYNC open flags, or the sync mount option can negatively impact performance.

OCIFS Mount Options

Use these OCIFS mount options to further specify how an Object Storage bucket is mounted.

OCIFS Mount Options

Option

Description

auth=<method>

Set the authentication method. See OCIFS Authentication.

cache=<path>

Set the path to the cache directory. See cache.

cache-fsfree=<value>

Specify the amount of space to remain free on the file system where the cache directory is located. See cache-fsfree .

cache-keep

Don't remove the cache directory when the file system is unmounted. See cache-keep.

cache-purge=<value>

Specify the cache purge delay. See cache-purge

cache-reuse

Reuse the existing cache directory, even if the directory isn't empty. See cache-reuse.

config=<file>

Set the path to the CLI configuration file used for API key-based authentication. See API Key-Based Authentication.

debug=<level>[,<level>...]

Set the debug level.

region=<name>

Override the region name.

OCIFS mount options can be specified with the ocifs command as long options --<option>[=<value>] or with the -o option: 
-o <option>[=<value>]

With the mount command, options are specified with the -o option: -o <option>[=<value>].

The ocifs command accepts the following FUSE options:

  • -d : Enable FUSE debug output.

  • -f : Run the ocifs command in foreground.

  • -s : Run the ocifs command single-threaded instead of multithreaded.

In addition, FUSE mount options, described in the fuse(8) man page, can be specified with the -o option.

OCIFS Authentication

Use the API key-based (default) or instance principal authentication methods with OCIFS.

When mounting an Object Storage object with OCIFS, you can use the auth=<method> option with the ocifs command to specify the authentication method. The authentication method values are auth=api_key for API key-based authentication or auth=instance_principal for instance principal authentication.

API Key-Based Authentication

Specify and configure the API key-based authentication method to mount Object Storage buckets with OCIFS.

API key-based authentication is the default authentication method for OCIFS, and can be used from an OCI compute instance or from any other system. This authentication method requires a local OCI SDK and a CLI configuration file. You can specify the configuration file by using the config=<file> option with the ocifs command. By default, the configuration file is ~/.oci/config.

For example, to mount an Object Storage bucket using API key-based authentication and the ~/my_config configuration file:
$ ocifs --auth=api_key --config=~/my_config bucket-1 mydir

Before mounting an Object Storage bucket using the API key-based authentication method, ensure that the CLI configuration file (~/.oci/config) has a [DEFAULT] profile, and the entries specified in the following table.

Configuration File Entries for API Key-Based Authentication

Entry

Description

Example

user

OCID of the user who is accessing the Oracle Cloud Infrastructure

user=ocid1.user.oc1..<unique_ID>

tenancy

OCID of your tenancy

tenancy=ocid1.tenancy.oc1..<unique_ID>

region

An Oracle Cloud Infrastructure region

region=<regional_area>

key_file

Full path and file name to the private key

key_file=~/.oci/oci_api_key.pem

fingerprint

Fingerprint for the public key used for this user

finderprint=00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff

For more information, see SDK and CLI Configuration File.

Instance Principal Authentication

Instead of the default API key-based authentication method, you can use the instance principal authentication method with OCIFS.

Use the instance principal authentication method for OCIFS only from an authorized Oracle Cloud Infrastructure instance. This authentication method lets specified instances access Object Storage without a CLI configuration file. The instance then automatically discovers information to authenticate.

Instance principal authentication must be used to mount an Object Storage bucket on a compute instance that has been configured as an instance principal.

For example, to mount an Object Storage bucket (bucket-1) using instance principal authentication:

$ ocifs --auth=instance_principal bucket-1 mydir

To use instance principal authentication, a compute instance must be part of a dynamic group, and a policy must allow the dynamic group to manage Object Storage. You can use the manage object-family verb and resource type to define a policy that allows managing of Object Storage objects. For more information about dynamic groups, see Managing Dynamic Groups.

For example, to allow a compute instance (with instance id ocid1.instance.<id>) to use instance principal authentication:

  1. Create a dynamic group dgroup-ocifs with the following rule that matches the compute instance:

    All {instance.id = 'ocid1.instance.<id>'}

  2. Create a policy that allows that dynamic group (dgroup-ocifs) to manage Object Storage:

    Allow dynamic-group dgroup-ocifs to manage object-family in compartment id ocid1.tenancy.<tenancy_id>

For more information, see Calling Services from an Instance.

OCIFS Cache Options

Use OCIFS cache options to specify how the OCIFS cache functions.

The OCIFS utility caches objects of a mounted Object Storage bucket path in a local directory (by default: ~/.ocifs/<bucket>/).

If the storage device where the cache directory is located gets full, then some OCIFS operations might fail.

You can specify how OCIFS cache is used and functions with the following ocifs cache options:

cache

You can change the OCIFS cache directory with the cache=<path> option.

By default, OCIFS caches objects in ~/.ocifs/. You can change this cache directory using the cache=<path> option. This option sets the cache directory to the specified path. The path can be an absolute path or relative path to the user's home directory.

For example, to use /var/tmp/ocifs-cache as the cache directory:
$ ocifs --cache=/var/tmp/ocifs-cache bucket-1 mydir

cache-fsfree

You can prevent the OCIFS from accidentally filling up space on the cache file system with the cache-fsfree option.

Use the cache-fsfree option to specify the amount of space that must remain free on the cache file system. If the free space is greater than the amount specified, then OCIFS tries to cache data. Otherwise, OCIFS doesn't perform caching. If OCIFS is unable to cache data, then some OCIFS operations can fail, such as write operations.

Note

The cache-fsfree option doesn't change the way the attributes for OCIFS entries (such as the size) are cached.

The cache directory size values are listed in the following table.

Cache Directory Size Values

Value

Description

Example

0

Don't check for free space on the cache file system. With this option, OCIFS tries to cache data, no matter how much free space is available on the cache file system.

$ ocifs --cache-fsfree=0 bucket-1 mydir

<percent>%

This value specifies the percentage of space (between 0% and 100%) that must remain free on the cache file system.

If the percentage is 100% then no data is cached.

$ ocifs --cache-fsfree=20% bucket-1 mydir

<num>[K|M|G|T]

This value specifies the amount of space in Kilobytes (K), Megabytes (M), Gigabytes (G) or Terabytes (T) that must remain free on the cache file system.

$ ocifs --cache-fsfree=1G bucket-1 mydir

<num>[K|M|G|T]i

This value specifies the amount of space in Kilobytes (Ki), Megabytes (Mi), Gigabytes (Gi) or Terabytes (Ti) that must remain free on the cache file system.

$ ocifs --cache-fsfree=1Gi bucket-1 mydir

Notes:

  • The default setting is cache-fsfree=5%.
  • Using the option 0, 0%, 0[K|M|G|T], or 0[K|M|G|T]i have the same effect.
  • Using the option 100% or an amount of space larger, or equal than the size of the file system, have the same effect.

cache-keep

The cache-keep option lets you retain the cache, even if the OCIFS file system is unmounted.

Unmounting the file system removes the OCIFS cache directory, unless you mount the file system with the cache-keep option.

For example, to mount a bucket and have the cache preserved when unmounting:

$ ocifs --cache-keep bucket-1 mydir

Notes:

  • If you use the cache-keep option, you might be unable to mount the file system again unless you then use the cache-reuse option.
  • Keeping data in cache after unmounting the file system can improve performances the next time you mount the file system. However, OCIFS doesn't check if there any discrepancies between data in cache and the actual data in the Object Storage bucket.

cache-purge

The cache-purge option lets you remove data from the cache for files that have been closed for a specified amount of time.

By default, the cache is never purged. The cache data is kept in the cache directory as long as the file system is mounted. The cache directory is only removed when the file system is unmounted.

Using the cache-purge option, you can specify the amount of time data remains in cache after a file is closed. You can use this to preserve disk space, especially if files aren't often accessed. This is useful, for example, if you write new files and don't access the files again.

The cache purge delay can be specified as listed in the following table:

Cache Purge Delay Values

Value

Description

Example

never

Never purge the cache. With this option, cached data is preserved as long as the OCIFS file system is mounted. (Default)

$ ocifs --cache-purge=never bucket-1 mydir

<delay>

The purge delay in seconds before purging cached data. If the purge delay is set 0, then cached data for a file is purged immediately after the file is closed.

$ ocifs --cache-purge=30 bucket-1 mydir
Note

Setting a cache purge delay, in particular with a small value, can negatively impact performance. This is because data is eventually removed from the cache when a file isn't used. If a file is reopened later and read, performance can be slow as the file data isn't in the cache.

cache-reuse

The cache-reuse option lets an OCIFS file system be mounted, even if there is an existing, nonempty cache directory.

By default, OCIFS prevents mounting a file system if it has an nonempty cache directory. With the cache-reuse option, you can remount the file system and reuse the existing cache directory, if present.

For example, to mount a bucket (bucket-1) and reuse the existing cache directory:

$ ocifs --cache-reuse bucket-1 mydir

Notes:

  • You can have a nonempty cache directory if the file system was previously mounted with the cache-keep option, or if the ocifs process was killed or had crashed.
  • Reusing an existing cache can improve performance as OCIFS can access data already in the cache more quickly. However, using the cache-reuse option isn't recommended because OCIFS doesn't check for discrepancies between data in cache and the actual data in the Object Storage bucket.