No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 18500 V3 and 18800 V3 Mission Critical Storage System V300R003 Basic Storage Service Guide for File 16

"This document describes the basic storage services and explains how to configure and managebasic storage services."
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an HTTP Share

Configuring an HTTP Share

The OceanStor 18500 V3/18800 V3 supports the HTTP share file system. After enabling the HTTP service, you can share a file system in HTTP share mode. After enabling the DAV function, you can manage contents in a shared file system.

Configuration Process

This section describes the HTTP share configuration process.

Figure 3-17 shows the HTTP share configuration process.
Figure 3-17  HTTP share configuration process

Preparing Data

Before configuring an HTTP share, obtain information about storage system IP addresses, shared file systems, and local authentication users to assist in the follow-up configuration.

Table 3-51 describes preparations required for configuring an HTTP share.
Table 3-51  Preparations required for configuring an HTTP share

Item

Description

Example

IP address of the storage system

Indicates the service IP address used by a storage system.

OceanStor 18500 V3/18800 V3 storage system can provide HTTP share for the client by using the Ethernet port or the Logical port.

Logical IP address

172.16.128.10

File system

Indicates a file system for which an HTTP share is configured.

The OceanStor 18500 V3/18800 V3 enables you to configure a file system as an HTTP share.

FileSystem001

User

Indicates a user that accesses an HTTP share. Storage systems employ local authentication users to enable clients to access HTTP shares.
The user name:
  • Must contain 8 to 32 characters by default.
  • Cannot contain space, double quotation mark ("), slash (/), backslash (\), square brackets ([]), less than (<), larger than (>), plus (+), colon (:), semicolon (;), comma (,), question mark (?), asterisk (*), vertical bar (|), equal mark (=), (@), or end with a period (.).
NOTE:
You cannot use the user accounts retained in the system, including:
  • User accounts retained in Windows: Everyone, Local, Creator Owner, Creator Group, Creator Owner Server, Creator Group Server, Owner Rights, Group Rights, NT Pseudo Domain, Dialup, Network, Batch, Interactive, Service, Anonymous Logon, Proxy, Enterprise Domain Controllers, Self, Authenticated Users, Restricted, Terminal Server User, Remote Interactive Logon, This Organization, System, Local Service, Network Service, Write Restricted, Other Organization, Builtin, Internet$, Members can fully administer the computer/domain, Users, Guests, Power Users, Members can share directories, Account Operators, Server Operators, Print Operators, Backup Operators, Members can bypass file security to back up files, Replicator, Current Owner, Current Group.
  • User accounts retained in Linux: root, nogroup, nobody, ftp, anonymous.
  • User accounts retained in a storage system: ibc_os_hs.

user1

User group

User group that employs local authentication.
The user group name:
  • Must contain 1 to 32 characters.
  • Cannot contain space, double quotation mark ("), slash (/), backslash (\), square brackets ([]), less than (<), larger than (>), plus (+), colon (:), semicolon (;), comma (,), question mark (?), asterisk (*), vertical bar (|), equal mark (=), (@), or end with a period (.).
NOTE:
You cannot use the user accounts retained in the system, including:
  • User accounts retained in Windows: Everyone, Local, Creator Owner, Creator Group, Creator Owner Server, Creator Group Server, Owner Rights, Group Rights, NT Pseudo Domain, Dialup, Network, Batch, Interactive, Service, Anonymous Logon, Proxy, Enterprise Domain Controllers, Self, Authenticated Users, Restricted, Terminal Server User, Remote Interactive Logon, This Organization, System, Local Service, Network Service, Write Restricted, Other Organization, Builtin, Internet$, Members can fully administer the computer/domain, Users, Guests, Power Users, Members can share directories, Account Operators, Server Operators, Print Operators, Backup Operators, Members can bypass file security to back up files, Replicator, Current Owner, Current Group.
  • User accounts retained in Linux: root, nogroup, nobody, ftp, anonymous.
  • User accounts retained in a storage system: ibc_os_hs.

default_group

DAV

DAV can be used to manage HTTP share contents.

-

Enable

Configuring a Network

This section describes how to use DeviceManager to configure IP addresses for a storage system.

Procedure

  1. Log in to DeviceManager and choose Provisioning > Port.

    The Port page is displayed.

  2. Optional: Create a bond port.

    Port bonding provides more bandwidth and redundancy for links. After Ethernet ports are bonded, MTU changes to the default value and you must set the link aggregation mode for the ports. On Huawei switches, you must set the ports to work in static LACP mode.

    • The port bond mode of a storage system has the following restrictions:
      • On the same controller, a bond port is formed by a maximum of eight Ethernet ports.
      • Only the interface modules with the same port rate (GE or 10GE) can be bonded.
      • The port cannot be bonded across controllers. Non-Ethernet network ports cannot be bonded.
      • SmartIO cards cannot be bonded if they work in cluster or FC mode or run FCoE service in FCoE/iSCSI mode.
      • The MTU value of the SmartIO port must be the same as that of the host.
      • Read-only users are unable to bind Ethernet ports.
      • Each port only allows to be added to one bonded port. It cannot be added to multiple bonded ports.
      • Physical ports are bonded to create a bond port that cannot be added to the port group.
    • Although ports are bonded, each host still transmits data through a single port and the total bandwidth can be increased only when there are multiple hosts. Determine whether to bond ports based on site requirements.
    • The link aggregation modes vary with switch manufacturers. If a non-Huawei switch is used, contact technical support of the switch manufacturer for specific link aggregation configurations.

    1. In Ethernet Ports, select a Ethernet port and click More > Bond Port.

      The Bond Port dialog box is displayed.

    2. Enter bond port information. Table 3-52 describes related parameters.

      Table 3-52  Bond port parameters

      Parameter

      Description

      Value

      Bond Name

      Name of the bond port.

      [Example]

      bond01

      Available Ports

      Ports that you select and ports to which you want to bond the selected ports.

      [Example]

      CTE0.A.IOM1.P0

    3. Click OK.

      The Danger dialog box is displayed.

    4. Select I have read and understood the consequences associated with performing this operation. And click OK.
  3. Create a logical port.

    NOTE:
    The number of logical ports created for each controller is recommended not more than 64. If the number exceeds 64 and a large number of ports do not work properly, logical ports drift towards the small number of ports available. As a result, service performance deteriorates.

    1. Select Logical Ports and click Create.

      The Create Logical Port dialog box is displayed.

    2. Enter logical port information. Table 3-53 describes related parameters.

      Table 3-53  Create Logical Port parameters

      Parameter

      Description

      Value

      Name

      Name of the logical port.

      [Example]

      logip

      IP Address Type

      Type of the IP address: IPv4 Address or IPv6 Address.

      [Example]

      IPv4 Address

      IPv4 Address (IPv6 Address)

      IP address of the logical port.

      [Example]

      172.16.128.10

      Subnet Mask (Prefix)

      Subnet mask (Prefix) of the logical port.

      [Example]

      255.255.255.0

      IPv4 Gateway (IPv6 Gateway)

      Address of the gateway.

      [Example]

      172.16.128.1

      Primary Port

      Physical port preferred by the logical port.

      [Example]

      CTE0.A.IOM0.P0

      IP Address Floating

      Whether IP address floating is enabled.

      OceanStor 18500 V3/18800 V3 support IP address floating. When the primary port is disabled, the IP address will be floated to another port that can be used. For details, see OceanStor 18500 V3&18800 V3 Mission Critical Storage System V300R003 IP Address Floating Deployment Guide.
      NOTE:

      Shares of file systems do not support the multipathing mode. IP address floating is used to improve reliability of links.

      [Example]

      Enable

      Failback Mode

      Failback mode of the IP address: Automatic and Manual.
      NOTE:
      • If Failback Mode is Manual, ensure that the link to the primary port is normal before the failback. Services will manually fail back to the primary port only when the link to the primary port keeps normal for over five minutes.
      • If Failback Mode is Automatic, ensure that the link to the primary port is normal before the failback. Services will auto fail back to the primary port only when the link to the primary port keeps normal for over five minutes.

      [Example]

      Automatic

      Activate Now

      Whether the logical port is activated immediately. After activated, the logical IP can be used to access the shared space.

      [Example]

      Enable

    3. Click OK.

      The Success dialog box is displayed.

    4. Click OK.
  4. Optional: Managing a Route.

    You need to configure a route when the HTTP server and the storage system are not on the same network. If the HTTP server and logical IP addresses cannot ping each other, add a route from the logical IP addresses to the network segment of the HTTP server.

    1. Select the locical port for which you want to add a route and click Route Management.

      The Route Management dialog box is displayed.

    2. Configure the route information for the logical port.

      1. In IP Address, select the IP address of the logical port.
      2. Click Add.
        The Add Route dialog box is displayed.

        The default IP addresses of the internal heartbeat on the dual-controller storage system are 127.127.127.10 and 127.127.127.11, and the default IP addresses of the internal heartbeat on the four-controller storage system are 127.127.127.10, 127.127.127.11, 127.127.127.12, and 127.127.127.13. Therefore, the IP address of the router cannot fall within the 127.127.127.XXX segment. Besides, the IP address of the gateway cannot be 127.127.127.10, 127.127.127.11, 127.127.127.12, or 127.127.127.13. Otherwise, routing will fail. (Internal heartbeat links are established between controllers for these controllers to detect each other's working status. You do not need to separately connect cables. In addition, internal heartbeat IP addresses have been assigned before delivery, and you cannot change these IP addresses).

      3. In Type, select the type of the route to be added.
        There are three route options:
        • Default route

          Data is forwarded through this route by default if no preferred route is available. The target address field and the target mask field (IPv4) or prefix (IPv6) of the default route are automatically set to 0. To use this option, you only need to add a gateway.

        • Host route

          The host route is the route to an individual host. The target mask (IPv4) or prefix (IPv6) of the host route are automatically set respectively to 255.255.255.255 or 128. To use this option, you only need to add the target address and a gateway.

        • Network segment route

          The network segment route is the route to a network segment. You need to add the target address, target mask (IPv4) or prefix (IPv6), and gateway. Such as the target address is 172.17.0.0, target mask is 255.255.0.0, and gateway is 172.16.0.1.

      4. Set Destination Address.
        • If IP Address is an IPv4 address, set Destination Address to the IPv4 address or network segment of the application server's service network port or that of the other storage system's logical port.
        • If IP Address is an IPv6 address, set Destination Address to the IPv6 address or network segment of the application server's service network port or that of the other storage system's logical port.
        • Set Destination Mask (IPv4) or Prefix (IPv6).
        • If a Destination Mask is set for an IPv4 address, this parameter specifies the subnet mask of the IP address for the service network port on the application server or storage device.
        • If a Prefix is set for an IPv6 address, this parameter specifies the prefix of the IPv6 address for application server's service network port or that of the other storage system's logical port.
      5. In Gateway, enter the gateway of the local storage system's logical port IP address.

    3. Click OK. The route information is added to the route list.

      The Danger dialog box is displayed.

    4. Confirm the information of the dialog box and select I have read and understood the consequences associated with performing this operation..
    5. Click OK.

      The Success dialog box is displayed indicating that the operation succeeded.

      NOTE:

      To remove a route, select it and click Remove.

    6. Click Close.

Creating an HTTP Share

Hypertext Transfer Protocol (HTTP) is an application layer protocol oriented to objects. This chapter guides administrators through folder sharing over HTTP in the shared file system.

Procedure

  1. Log in to OceanStor DeviceManager.
  2. Choose Settings > Storage Settings > File Storage Service > HTTP Service.
  3. Configure the HTTP service parameters. The related parameters are shown in Table 3-54.

    Table 3-54  HTTP Parameters

    Parameter

    Description

    Setting

    HTTP Service

    Global control over the enable and disable status of the HTTP sharing service. If this parameter is set to disable, all the other parameter configurations become invalid.
    NOTE:
    • By default, the storage system provides the HTTPS service certificate. You are advised to replace the certificate with the private certificate before accessing HTTPS shares. After the certificate is replaced, the CA certificate of the storage system must be imported for the browser to eliminate security alarms. As the service IP address is used to access the HTTPS service, alarm This website's address does not match the address in the security certificate cannot be cleared.
    • When the HTTP service is disabled, the system automatically deletes information about shared file systems and directories. When the HTTP service is enabled again, configure the HTTP shared file systems and directories.

    [Example]

    Enable

    Max. Number of Connections

    Maximum number of HTTP share connections allowed by the system.
    NOTE:

    The maximum number of connections varies depending on the device model.

    [Value range]

    1 to 256

    HTTP Default Port

    Only the HTTPS port is enabled for the storage system when the HTTP service is enabled, To enable the HTTP port, select Enable.
    NOTE:
    Exercise caution when enabling the HTTP port.

    [Example]

    Enable

    Share Path

    Share Path that you want to share over HTTP. This parameter contains File System and Folder.
    • File System, File system that owns the directory that you want to share over HTTP.
    • Optional: Folder, Folder that you want to share over HTTP.

    [Example]

    File System

    test_001

    DAV

    DAV, also known as WebDAV (Web-based Distributed Authoring and Versioning), is a communication protocol based on HTTP. Once WebDAV enabled, the system allows the DAV client to read/write the shared directory, and supports file locking, file unlocking, and file version control.

    [Example]

    Enable

  4. Click Save. The HTTP sharing service is configured.

Creating a Local Authentication User

This section describes how to create a local user. For applications that use local authentication, local user accounts are used to access a share.

Procedure

  1. Log in to DeviceManager.
  2. Choose Provisioning > User Authentication.
  3. Click Local Authentication User tab.
  4. Click Create.

    The Local Authentication User dialog box is displayed.

  5. In Username, enter a new user name.

    The user name:
    • Cannot contain space, double quotation mark ("), slash (/), backslash (\), square brackets ([]), less than (<), larger than (>), plus (+), colon (:), semicolon (;), comma (,), question mark (?), asterisk (*), vertical bar (|), equal mark (=), (@), or end with a period (.).
    • The user name can contain case-insensitive letters. Therefore, aaaaaaaa and AAAAAAAA cannot be created at the same time.
    • The user name cannot be the same as the name of the local authentication user group.
    • Contains 8 to 32 characters by default.
      NOTE:

      You can modify the minimum length of user name in More > Set Security Policies.

  6. In Password, enter the password of the user.

    The system default password requirements are:
    • Contain 8 to 16 characters.
    • Contain special characters. Special characters include: !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and space.
    • Contain any two types of the uppercase letters, lowercase letters, and digits.
    • Cannot contain three consecutive same characters.
    • Be different from the user name or the user name typed backwards.
    NOTE:

    Click More and choose Set Security Policies to set a security policy for the password of the local authentication user in the file system. If Password Validity Period (days) is not selected, your password will never expire. For the security purpose, you are advised to select Password Validity Period (days) and set a validity period. The default validity period is 90 days. After the password expires, you cannot access shares, but you can set a password again and modify the password security policy.

  7. In Confirm Password, enter the new password again.
  8. Select Primary Group.

    The Select Primary Group dialog box is displayed.

    NOTE:

    The primary group to which users belong controls the users' permission for CIFS shares. A user must and can only belong to one primary group.

  9. Select the user group to which the user belongs to and click OK.
  10. (Optional) Select Secondary Group.

    The Select Secondary Group dialog box is displayed.

    NOTE:
    The concepts of primary group and secondary group are for local authentication users and have no relationship with each other. A local authentication user must belong to a primary group but not to a secondary group.

  11. Click Add.

    The Select User Group dialog box is displayed.

  12. Select one or multiple groups which the user belongs to and click OK.

    The system goes back to Select Secondary Group dialog box.

  13. Click OK.

    The system goes back to Local Authentication User dialog box.

  14. Optional: In Description text box, enter the description for the local authentication user, for later management or search.
  15. Click OK.
  16. In the Success dialog box that is displayed, click OK.

Accessing HTTP Shares

This section describes how to access an HTTP share in different ways.

Cadaver Software

Cadaver is a program that is commonly used to manage WebDAV share queries and modifications in Linux and UNIX, but HTTPS is not supported.

  1. Log in to the client as user root.
  2. Download and install Cadaver. For details about how to install Cadaver, see the related document.
  3. Run the cadaver logical ip address command. logical ip address indicates the logical IP address used by the storage system to provide HTTP shares, for details to view the logical IP address, see Viewing Logical Port Details.
  4. Enter the user name and password of the local authentication user as prompted.
Web Browser

HTTP is a non-security protocol. If the web browser supports HTTPS, you are advised to use HTTPS to connect to the storage system.

  1. Open a web browser.
  2. In the address box, enter http://logical ip address, where logical ip address indicates the logical IP address used by the storage system to provide HTTP shares, for details to view the logical IP address, see Viewing Logical Port Details.

    NOTE:
    • By default, the storage system provides the HTTPS service certificate. You are advised to replace the certificate with the private certificate before accessing HTTPS shares. After the certificate is replaced, the CA certificate of the storage system must be imported for the browser to eliminate security alarms. As the service IP address is used to access the HTTPS service, alarm This website's address does not match the address in the security certificate cannot be cleared.
    • After the certificate provided by the storage system expired or is revoked, the browser displays the security alarm. Replace the certificate accordingly.

  3. Enter the user name and password of the local authentication user as prompted.
Translation
Download
Updated: 2019-08-14

Document ID: EDOC1000084081

Views: 37235

Downloads: 83

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next