Creating a File System

• Console
• CLI
• API

• 1. Open the navigation menu and click Storage. Under File Storage, click File Systems.

  2. In the List scope section, under Compartment, select a compartment.

  3. Click Create File System.

     Note
     
     File systems are encrypted by default. You can't turn off encryption.
  4. Select the type of file system that you want to create:
     1. File System for NFS: Create a file system, an associated mount target, and an export that lets you mount and access the file system as soon as it's created.
     2. File System for Replication: Create an unexported file system. Unexported file systems are used as target file systems for replications. For more information, see File System Replication.
  5. In the File System information section, you can choose to accept the system defaults, or change them by clicking Edit details.
     • Name: File Storage service creates a default name using FileSystem-YYMMDD-HHMM. Optionally, change the default name for the file system. It doesn't have to be unique; an Oracle Cloud Identifier (OCID) uniquely identifies the file system. Avoid entering confidential information.
     • Availability Domain: The first availability domain selected in the left panel list is used as default.
     • Create in Compartment: Specify the compartment you want to create the file system in.
     • Encryption: File systems use Oracle-managed keys by default, which leaves all encryption-related matters to Oracle. Optionally, you can encrypt the data in this file system using your own Vault encryption key.

       Note
       
       Only symmetric Advanced Encryption Standard (AES) keys are supported for file system encryption.

       To use Vault for your encryption needs, select Encrypt using customer-managed keys. Select the vault compartment and vault that contains the master encryption key that you want to use, and then select the master encryption key compartment and master encryption key.
       Caution
       
       Be sure to back up your vaults and keys. Deleting a vault and key otherwise means losing the ability to decrypt any resource or data that the key was used to encrypt. For more information, see Backing Up and Restoring Vaults and Keys.
     • To attach a snapshot policy to the file system, select Attach Snapshot Policy and select the snapshot policy. For more information, see Policy-Based Snapshots and Scheduling.

     • (Optional) To add tags to the file system, click Show tagging options.

       If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.

  6. Export information

     Mount targets use exports to manage access to file systems. The path name uniquely identifies the file system within the mount target, and is used by an instance to mount the file system.

     You can choose to accept the system defaults, or change them by clicking Edit details.

     • Export path: The File Storage service creates a default export path using the file system name. Optionally, replace the default export path name with a new path name, preceded by a forward slash (/). For example, /fss. This value specifies the mount path to the file system (relative to the mount target IP address or hostname). Avoid entering confidential information.

       Important
       
       

       The export path must start with a slash (/) followed by a sequence of zero or more slash-separated elements. If there are many file systems associated with a single mount target, the export path sequence for the first file system can't contain the complete path element sequence of the second file system export path sequence. Export paths can't end in a slash. No export path element can be a period (.) or two periods in sequence (..). No export path can exceed 1024 bytes. Lastly, no export path element can exceed 255 bytes.

       Valid examples:

       • /example and /path
       • /example and /example2

       Invalid examples:

       • /example and /example/path
       • / and /example
       • /example/
       • /example/path/../example1

       Caution
       
       If one file system associated with a mount target has '/' specified as an export path, you can't associate another file system with that mount target.

       Note
       
       Export paths can't be edited after the export is created. To use a different export path, you must create a new export with the appropriate path. Optionally, you can then delete the export with the old path.

       For more information, see Paths in File Systems.

     • Use secure Export options: Select to set the export options to require NFS clients to use a privileged port (1-1023) as its source port. This option enhances security because only a client with root privileges can use a privileged source port. After the export is created, you can edit the export options to adjust security. For more information, see Working with NFS Exports and Export Options.

       Caution
       
       Leaving the Use secure Export options setting disabled allows unprivileged users to read and modify any file or directory on the target file system.

     • Use LDAP for group list: Select to use a configured LDAP server to map the user to UNIX groups instead of the groups listed within the NFS request's RPC header. For more information, see Using LDAP for Authorization.

  7. Mount Target information

     File systems must be associated with a mount target to be mounted by an instance. You can choose to accept the system defaults, choose another mount target, or create a new mount target.

     You can choose to accept the defaults for the mount target, or change them by clicking Edit details.

     If you have existing mount targets in the availability domain, the File Storage service automatically chooses the most recently created mount target in the list.

     If you don't have a mount target in the selected availability domain, the File Storage service creates one using the following defaults.

     • New Mount Target name: File Storage service creates a default mount target name using Mount-YYYYMMDD-HHMM.
     • Compartment: The compartment you're currently working in.
     • Virtual Cloud Network: The first VCN listed in the current compartment is used as default.
     • Subnet: The most recently created subnet listed in the selected availability domain is used as default. Subnets can be either AD-specific or regional (regional ones have "regional" after the name). For more information, see VCNs and Subnets.

     Select an existing Mount Target: Use this option to select a different, existing mount target.

     Tip
     
     

     If there aren't any mount targets in the current combination of availability domain and compartment, this option is disabled. You can:

     • Choose a different compartment.
     • Choose a different availability domain in the File System information section.
     • Create a new mount target.

     Create new Mount Target

     Choose this option to create a new mount target associated with this file system. By default, the mount target is created in the current compartment and you can use network resources in that compartment. Click the click here link in the dialog box to enable compartment selection for the mount target, its VCN, or subnet resources.

     Important
     
     The mount target is always in the same availability domain as the file system. While it's possible to access mount targets from any AD in a region, for best performance, the mount target and file system should be in the same availability domain as the compute instances that access them. For more information, see Regions and Availability Domains.
     • Create in Compartment: Specify the compartment you want to create the mount target in.

     • New Mount Target name: Optionally, replace the default with a friendly name for the mount target. It doesn't have to be unique; an Oracle Cloud Identifier (OCID) uniquely identifies the mount target. Avoid entering confidential information.

       Note
       
       The mount target name is different than the DNS hostname, which is specified in the advanced options.
     • Virtual Cloud Network Compartment: The compartment containing the cloud network (VCN) in which to create the mount target.
     • Virtual Cloud Network: Select the cloud network (VCN) where you want to create the new mount target.
     • Subnet Compartment: Specify the compartment containing a subnet within the VCN to attach the mount target to.

     • Subnet: Select a subnet to attach the mount target to. Subnets can be either AD-specific or regional (regional ones have "regional" after the name). For more information, see VCNs and Subnets.

       Caution
       
       Each mount target requires three IP addresses. Don't use /30 or smaller subnets for mount target creation because they don't have enough available IP addresses. For more information, see Mount Target Limitations and Considerations.

     • Use Network Security Groups to control traffic: Select this option to add this mount target to an existing NSG. Choose an NSG from the list.

       Important
       
       Rules for the NSG you select must be configured to allow traffic to the mount target's VNIC using specific protocols and ports. For more information, see Configuring VCN Security Rules for File Storage.

     • (Optional) Show advanced options: Click to configure the mount target's advanced options, including IP details and tagging.

     • (Optional) IP Details:

       • IP address: You can specify an unused IP address in the subnet you selected for the mount target.

       • Hostname: You can specify a hostname you want to assign to the mount target.

         Note
         
         

         The File Storage service constructs a fully qualified domain name (FQDN) by combining the hostname with the FQDN of the subnet the mount target is located in.

         For example, myhostname.subnet123.dnslabel.oraclevcn.com.

         After it's created, the hostname can be changed in the mount target's details page. For more information, see Managing Mount Targets.

         Important
         
         If enabling Kerberos authentication for a mount target in a VCN that uses the default Internet and VCN Resolver for DNS, you must specify a hostname.
     • (Optional) To add tags to the mount target, click Tagging.

       If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.

  8. To create the file system, click Create.
  9. (Optional) To save the configuration as a Resource Manager stack, click Save as stack. For more information, see Managing Stacks.

• Use the fs file-system create command and required parameters to create a file system:

  oci fs file-system create --availability-domain <target_availability_domain> --display-name "<My File System>" --compartment-id <target_compartment_id>

  File systems use Oracle-managed keys by default, which leaves all encryption-related matters to Oracle. Optionally, you can encrypt the data in this file system using your own Vault encryption key. For more information, see Encryption and Overview of Vault. Include the --kms-key-id parameter to create a file system that uses your own encryption key:

  oci fs file-system create --availability-domain <target_availability_domain> --display-name "<My File System>" --compartment-id <target_compartment_id> --kms-key-id <target_key_id>

  For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

• Run the CreateFileSystem operation to create a file system.

  For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.