Managing Mount Targets

Learn the basics of managing File Storage mount targets.

Overview

A mount target is an NFS endpoint that lives in a VCN subnet of your choice and provides network access for file systems. The mount target provides the IP address or DNS name that is used together with a unique export path to mount the file system. When you use the console to create your first file system, the workflow also creates a mount target and export for it.

You can reuse the same mount target to make as many file systems available on the network as you wish. To reuse the same mount target for multiple file systems, create an export in the mount target for each file system.

You can perform the following mount target management tasks:

Exports

Exports control how NFS clients access file systems when they connect to a mount target. File systems are exported (made available) through mount targets. Each mount target maintains an export set which contains one or many exports. A file system may be exported through one or more mount targets. A file system must have at least one export in one mount target in order for instances to mount the file system. The information used by an export includes the file system OCID, mount target OCID, export set OCID, export path, and client export options. When you use the console to create your first file system, the workflow also creates a mount target and export for it. Thereafter:

  • You can create as many exports in a mount target for different file systems as you wish.
  • You can create as many exports in a mount target for a single file system as you wish.
  • You can delete and re-create exports in a mount target as often as you need to.
  • You can add export options to an export to control access to the file system.

NFS Export Options

NFS export options are a set of parameters within the export that specify the level of access granted to NFS clients when they connect to a mount target. An NFS export options entry within an export defines access for a single IP address or CIDR block range. You can have up to 100 options per export.

For more information, see Working with NFS Exports and Export Options.

Details About Your Mount Target

The mount target details page provides the following information about your mount target:

MOUNT TARGET OCID
Every Oracle Cloud Infrastructure resource has an Oracle-assigned unique ID called an Oracle Cloud Identifier (OCID). You need your mount target's OCID to use the Command Line Interface (CLI) or the API. You also need the OCID when contacting support.
CREATED
The date and time that the mount target was created.
Availability Domain
When you create a mount target, you specify the availability domain that it resides in. An availability domain is one or more data centers located within a region. You need your mount target's availability domain to use the Command Line Interface (CLI) or the API. For more information, see Regions and Availability Domains.
COMPARTMENT
When you create a mount target, you specify the compartment that it resides in. A compartment is a collection of related resources (such as cloud networks, compute instances, or file systems) that are accessible only to those groups that have been given permission by an administrator in your organization. You need your mount target's compartment to use the Command Line Interface (CLI) or the API. For more information, see Managing Compartments.
REPORTED SIZE (GIB)
The maximum capacity in gibibytes reported by the file systems exported through this mount target. The File Storage service currently reports 8589934592 gibibytes (GiB) of available capacity by default. If you are installing an application that requires a specific reported size, you can change the reported size. Typically, setting the size to 1024 GiB is sufficient for most applications. This value is updated hourly. See Setting a File System's Reported Size for more information.
REPORTED INODES (GII)
The maximum capacity in gibiinodes reported by the file systems exported through this mount target. The File Storage service currently reports gibiinodes (GiI) of available inodes by default. If you are installing an application that requires specific reported inodes, you can change the reported inodes. Typically, setting the inodes to 1024 GiI is sufficient for most applications. This value is updated hourly. See Setting a File System's Reported Size for more information.
NETWORK SECURITY GROUPS
The network security groups that the mount target belongs to. Each mount target can belong to up to five (5) NSGs. See Adding a Mount Target to a Network Security Group for more information.
VIRTUAL CLOUD NETWORK
The VCN that contains the subnet where the mount target VNIC resides.
SUBNET
The subnet within the VCN where the mount target VNIC resides. Subnets can be either AD-specific or regional (regional ones have "regional" after the name). For more information, see VCNs and Subnets.
IP ADDRESS
The IP address that was assigned to the mount target when it was created. You need your mount target's IP address to mount associated file systems.
HOSTNAME
The hostname that was assigned to the mount target, if any. For more information about hostnames, see DNS in Your Virtual Cloud Network.
FULLY QUALIFIED DOMAIN NAME
The hostname together with the subnet domain name. For more information, see DNS in Your Virtual Cloud Network. If you specify a hostname, you can use the FQDN to mount the file system.
EXPORT SET OCID
The OCID of the mount target's export set resource. Each mount target has one export set, which contains all of the exports for the mount target. You need your mount target's export set OCID when you perform export-related tasks in the Command Line Interface (CLI) or the API.
EXPORTS
All of the mount target's exports are listed here. The export path and name of each file system is also listed. You need the export path to mount a file system.

NFS Tab

The NFS tab on the mount target details page provides the following information about your mount target:

KERBEROS ENABLED
Whether or not the mount target is configured to use Kerberos.
KERBEROS REALM
The Kerberos realm that this mount target has joined.
KEYTAB SECRET OCID
The Keytab secret used by the mount target.
CURRENT KEYTAB SECRET VERSION
The version of the Keytab secret used by the mount target.
BACKUP KEYTAB SECRET VERSION
The version of the backup Keytab secret.
LDAP ENABLED
Whether or not the mount target should use an LDAP server for secondary group lookup. The file system's export must also have ID Mapping enabled.
SCHEMA TYPE
The schema type of the LDAP account.
CACHE REFRESH INTERVAL IN SECONDS
How often the mount target should contact the LDAP server for updates.
CACHE LIFETIME IN SECONDS
How long cached entries may be used.
NEGATIVE CACHE LIFETIME IN SECONDS
How long to cache if ID mapping information is missing.
SEARCH BASE FOR USERS
All LDAP searches are recursive starting at this user.
SEARCH BASE FOR GROUPS
All LDAP searches are recursive starting at this group.
OUTBOUND CONNECTOR 1 OCID
The first connector to use to communicate with the LDAP server.
OUTBOUND CONNECTOR 2 OCID
The second connector to use to communicate with the LDAP server.

Limitations and Considerations

  • Each availability domain is limited to two mount targets by default.

    See Service Limits for a list of applicable limits and instructions for requesting a limit increase.

  • Each mount target can accept up to 100,000 NFS client connections. If you use in-transit encryption, each mount target can accept up to 64 NFS/SSL client connections. See Using In-transit TLS Encryption for more information.
  • Each tenancy in a region can have one CreateMountTarget or ChangeMountTargetCompartment operation in progress at a time. See 409 error occurs when creating or moving a file system or mount target for more information.
  • Mount targets use IPv4 addresses to communicate with file systems. Each mount target requires three internal IP addresses in the subnet to function:

    • Two of the IP addresses are used during mount target creation. The third IP address must remain available for the mount target to use for high availability failover.
    • The third IP address is used to create a new VNIC for the mount target during failover. The original primary IP address is retained.
    • The File Storage service doesn't "reserve" the third IP address required for high availability failover.
    • Use care to ensure that enough unallocated IP addresses remain available for your mount targets to use during failover.
    • Do not use /30 or smaller subnets for mount target creation because they do not have sufficient available IP addresses for mount target creation.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  to work in.

For administrators: The policy in Let users create, manage, and delete file systems allows users to manage mount targets. Since mount targets are network endpoints, users must also have "use" permissions for VNICs, private IPs, private DNS zones, and subnets to create or delete a mount target. See the Policy Reference for more information.

If you're new to policies, see Getting Started with Policies and Common Policies.