Creating a File System
Create a new file system.
When creating a file system using the Console, you can create the mount target and export necessary to access the file system. If you don't create a mount target while creating a file system, you can create a mount target and export later.
-
Open the navigation menu and click Storage. Under File Storage, click File Systems.
- In the List scope section, under Compartment, select a compartment.
-
Click Create File System.
Note
File systems are encrypted by default. You can't turn off encryption. - Select the type of file system that you want to create:
- File System for NFS: Create a file system, an associated mount target, and an export that lets you mount and access the file system as soon as it's created.
- File System for Replication: Create an unexported file system. Unexported file systems are used as target file systems for replications. For more information, see File System Replication.
- In the File System information section, you can choose to accept the system defaults, or change them by clicking Edit details.
- Name: File Storage service creates a default name using
FileSystem-YYMMDD-HHMM
. Optionally, change the default name for the file system. It doesn't have to be unique; an Oracle Cloud Identifier (OCID) uniquely identifies the file system. Avoid entering confidential information. - Availability Domain: The first availability domain selected in the left panel list is used as default.
- Create in Compartment: Specify the compartment you want to create the file system in.
-
Encryption: File systems use Oracle-managed keys by default, which leaves all encryption-related matters to Oracle. Optionally, you can encrypt the data in this file system using your own Vault encryption key.NoteTo use Vault for your encryption needs, select Encrypt using customer-managed keys and see the required IAM policies. Select the vault compartment and vault that contains the master encryption key that you want to use, and then select the master encryption key compartment and master encryption key.
Only symmetric Advanced Encryption Standard (AES) keys are supported for file system encryption.Caution
Be sure to back up your vaults and keys. Deleting a vault and key otherwise means losing the ability to decrypt any resource or data that the key was used to encrypt. For more information, see Backing Up and Restoring Vaults and Keys. - To attach a snapshot policy to the file system, select Attach Snapshot Policy and select the snapshot policy. For more information, see Policy-Based Snapshots and Scheduling.
(Optional) To add tags to the file system, click Show tagging options.
If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.
- Name: File Storage service creates a default name using
-
Export information
Mount targets use exports to manage access to file systems. The path name uniquely identifies the file system within the mount target, and is used by an instance to mount the file system.
You can choose to accept the system defaults, or change them by clicking Edit details.
-
Export path: The File Storage service creates a default export path using the file system name. Optionally, replace the default export path name with a new path name, preceded by a forward slash (/). For example,
/fss
. This value specifies the mount path to the file system (relative to the mount target IP address or hostname). Avoid entering confidential information.Important
The export path must start with a slash (/) followed by a sequence of zero or more slash-separated elements. If there are many file systems associated with a single mount target, the export path sequence for the first file system can't contain the complete path element sequence of the second file system export path sequence. Export paths can't end in a slash. No export path element can be a period (.) or two periods in sequence (..). No export path can exceed 1024 bytes. Lastly, no export path element can exceed 255 bytes.
Valid examples:
/example
and/path
/example
and/example2
Invalid examples:
/example
and/example/path
/
and/example
/example/
/example/path/../example1
Caution
If one file system associated with a mount target has '/' specified as an export path, you can't associate another file system with that mount target.Note
Export paths can't be edited after the export is created. To use a different export path, you must create a new export with the appropriate path. Optionally, you can then delete the export with the old path.For more information, see Paths in File Systems.
-
Use secure Export options: Select to set the export options to require NFS clients to use a privileged port (1-1023) as its source port. This option enhances security because only a client with root privileges can use a privileged source port. After the export is created, you can edit the export options to adjust security. For more information, see Working with NFS Exports and Export Options.
Caution
Leaving the Use secure Export options setting disabled allows unprivileged users to read and modify any file or directory on the target file system. -
Use LDAP for group list: Select to use a configured LDAP server to map the user to UNIX groups instead of the groups listed within the NFS request's RPC header. For more information, see Using LDAP for Authorization.
-
-
Mount Target information
File systems must be associated with a mount target to be mounted by an instance. You can choose to accept the system defaults, choose another mount target, or create a new mount target.
You can choose to accept the defaults for the mount target, or change them by clicking Edit details.
If you have existing mount targets in the availability domain, the File Storage service automatically chooses the most recently created mount target in the list.
If you don't have a mount target in the selected availability domain, the File Storage service creates one using the following defaults.
- New Mount Target name: File Storage service creates a default mount target name using
Mount-YYYYMMDD-HHMM
. - Compartment: The compartment you're currently working in.
- Virtual Cloud Network: The first VCN listed in the current compartment is used as default.
- Subnet: The most recently created subnet listed in the selected availability domain is used as default. Subnets can be either AD-specific or regional (regional ones have "regional" after the name). For more information, see VCN and Subnet Management.
Select an existing Mount Target: Use this option to select a different, existing mount target.
Tip
If there aren't any mount targets in the current combination of availability domain and compartment, this option is disabled. You can:
- Choose a different compartment.
- Choose a different availability domain in the File System information section.
- Create a new mount target.
Create new Mount Target
Choose this option to create a new mount target associated with this file system. By default, the mount target is created in the current compartment and you can use network resources in that compartment. Click the click here link in the dialog box to enable compartment selection for the mount target, its VCN, or subnet resources.
Important
The mount target is always in the same availability domain as the file system. While it's possible to access mount targets from any AD in a region, for best performance, the mount target and file system should be in the same availability domain as the compute instances that access them. For more information, see Regions and Availability Domains.- Create in Compartment: Specify the compartment you want to create the mount target in.
-
New Mount Target name: Optionally, replace the default with a friendly name for the mount target. It doesn't have to be unique; an Oracle Cloud Identifier (OCID) uniquely identifies the mount target. Avoid entering confidential information.
Note
The mount target name is different than the DNS hostname, which is specified in the advanced options. - Virtual Cloud Network Compartment: The compartment containing the cloud network (VCN) in which to create the mount target.
- Virtual Cloud Network: Select the cloud network (VCN) where you want to create the new mount target.
- Subnet Compartment: Specify the compartment containing a subnet within the VCN to attach the mount target to.
-
Subnet: Select a subnet to attach the mount target to. Subnets can be either AD-specific or regional (regional ones have "regional" after the name). For more information, see VCN and Subnet Management.
Caution
Each mount target requires three IP addresses. Don't use /30 or smaller subnets for mount target creation because they don't have enough available IP addresses. For more information, see Mount Target Limitations and Considerations. -
Use Network Security Groups to control traffic: Select this option to add this mount target to an existing NSG. Choose an NSG from the list.
Important
Rules for the NSG you select must be configured to allow traffic to the mount target's VNIC using specific protocols and ports. For more information, see Configuring VCN Security Rules for File Storage. -
(Optional) Show advanced options: Click to configure the mount target's advanced options, including IP details and tagging.
(Optional) IP Details:
- IP address: You can specify an unused IP address in the subnet you selected for the mount target.
-
Hostname: You can specify a hostname you want to assign to the mount target.
Note
The File Storage service constructs a fully qualified domain name (FQDN) by combining the hostname with the FQDN of the subnet the mount target is located in.
For example,
myhostname.subnet123.dnslabel.oraclevcn.com
.After it's created, the hostname can be changed in the mount target's details page. For more information, see Managing Mount Targets.
Important
If enabling Kerberos authentication for a mount target in a VCN that uses the default Internet and VCN Resolver for DNS, you must specify a hostname.
- (Optional) To add tags to the mount target, click Tagging.
If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.
- New Mount Target name: File Storage service creates a default mount target name using
- To create the file system, click Create.
- (Optional) To save the configuration as a Resource Manager stack, click Save as stack. For more information, see Managing Stacks.
-
Use the
fs file-system create
command and required parameters to create a file system:oci fs file-system create --availability-domain <target_availability_domain> --display-name "<My File System>" --compartment-id <target_compartment_id>
File systems use Oracle-managed keys by default, which leaves all encryption-related matters to Oracle. Optionally, you can encrypt the data in this file system using your own Vault encryption key. For more information, see Encryption and Overview of Vault. Include the
--kms-key-id
parameter to create a file system that uses your own encryption key:oci fs file-system create --availability-domain <target_availability_domain> --display-name "<My File System>" --compartment-id <target_compartment_id> --kms-key-id <target_key_id>
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Run the CreateFileSystem operation to create a file system.
For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.