如何装载 NFS 文件共享How to mount an NFS file share

Azure 文件存储是 Azure 的易用云文件系统。Azure Files is Azure's easy to use cloud file system. 可以使用服务器消息块 (SMB) 协议或网络文件系统 (NFS) 协议在 Linux 发行版中装载 Azure 文件共享。Azure file shares can be mounted in Linux distributions using either the Server Message Block protocol (SMB) or the Network File System (NFS) protocol. 本文重点介绍使用 NFS 进行装载,有关使用 SMB 进行装载的详细信息,请参阅通过 Linux 使用 Azure 文件存储This article is focused on mounting with NFS, for details on mounting with SMB, see Use Azure Files with Linux. 有关每个可用协议的详细信息,请参阅 Azure 文件共享协议For details on each of the available protocols, see Azure file share protocols.

限制Limitations

在预览版阶段,NFS 具有以下限制:While in preview, NFS has the following limitations:

  • NFS 4.1 目前只支持协议规范中的大部分功能。NFS 4.1 currently only supports most features from the protocol specification. 有些功能(如所有类型的委托和回叫、锁定升级和降级、Kerberos 身份验证和加密)不受支持。Some features such as delegations and callback of all kinds, lock upgrades and downgrades, Kerberos authentication, and encryption are not supported.
  • 如果大多数请求是以元数据为中心的,那么,与读取/写入/更新操作相比,延迟将会更加严重。If the majority of your requests are metadata-centric, then the latency will be worse when compared to read/write/update operations.
  • 必须创建新的存储帐户才能创建 NFS 共享。Must create a new storage account in order to create an NFS share.
  • 只支持管理平面 REST API。Only the management plane REST APIs are supported. 数据平面 REST API 不可用,这意味着存储资源管理器之类的工具将无法用于 NFS 共享,你也无法在 Azure 门户中浏览 NFS 共享数据。Data plane REST APIs are not available, which means that tools like Storage Explorer will not work with NFS shares nor will you be able to browse NFS share data in the Azure portal.
  • 目前不支持 AzCopy。AzCopy is not currently supported.
  • 只适用于高级层。Only available for the premium tier.
  • NFS 共享只接受数字 UID/GID。NFS shares only accept numeric UID/GID. 为了避免客户端发送字母数字 UID/GID,应禁用 ID 映射。To avoid your clients sending alphanumeric UID/GID, you should disable ID mapping.
  • 在使用专用链接时,只能从单个 VM 上的一个存储帐户装载共享。Shares can only be mounted from one storage account on an individual VM, when using private links. 尝试从其他存储帐户装载共享将会失败。Attempting to mount shares from other storage accounts will fail.
  • 最好依赖于分配到主要组的权限。It is best to rely on the permissions assigned to primary group. 由于一个已知的 bug,分配到非主要组用户的权限有时可能会导致访问被拒绝。Sometimes, permissions allocated to the non-primary group of the user may result in access denied due to a known bug.

尚不支持 Azure 存储功能Azure Storage features not yet supported

另外,以下 Azure 文件存储功能也不可与 NFS 共享配合使用:Also, the following Azure Files features are not available with NFS shares:

  • 基于标识的身份验证Identity-based authentication
  • Azure 备份支持Azure Backup support
  • 快照Snapshots
  • 软删除Soft delete
  • 完全支持传输中加密(有关详细信息,请参阅 NFS 安全性Full encryption-in-transit support (for details see NFS security)

区域可用性Regional availability

可使用高级文件存储的所有区域都支持 NFS。NFS is supported in ALL regions where Premium Files Storage is available.

我们会继续添加区域。We are continuously adding regions. 有关最新列表,请使用下面的示例查询具有 NFS 支持的区域列表。For the most up-to-date list, use the sample below to query the list of regions with NFS support. 还可以在“高级文件存储”下的各区域的 Azure 产品可用性页面中检查区域支持。You can also check for your region support at Azure Products available by region page under Premium Files Storage.

# Log in first with Connect-AzAccount -Environment AzureChinaCloud

$azContext = Get-AzContext
$azProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
$profileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($azProfile)
$token = $profileClient.AcquireAccessToken($azContext.Subscription.TenantId)
$authHeader = @{
    'Content-Type'='application/json'
    'Authorization'='Bearer ' + $token.AccessToken
}

# Provide specific subscription id if you want  list for a different subscription
$subscription = $azContext.Subscription.Id

# Invoke the REST API
$restUri = "https://management.chinacloudapi.cn/subscriptions/$subscription/providers/Microsoft.Storage/skus?api-version=2019-06-01"
$response = Invoke-RestMethod -Uri $restUri -Method Get -Headers $authHeader

# List of all regions that has NFS support.
$response.value| Where-Object -FilterScript {$_.capabilities| Where-Object { $_.name -eq 'supportsNfsShare' -and $_.value -eq 'true'}}| Select-Object locations, kind, name

示例响应Sample response

List of regions that support NFS
locations
---------
{chinanorth2}
{chinaeast2}

先决条件Prerequisites

禁用安全传输Disable secure transfer

  1. 登录到 Azure 门户并访问包含所创建的 NFS 共享的存储帐户。Sign in to the Azure portal and access the storage account containing the NFS share you created.

  2. 选择“配置”。Select Configuration.

  3. 对于“需要安全传输”,请选择“禁用” 。Select Disabled for Secure transfer required.

  4. 选择“保存”。Select Save.

    存储帐户配置屏幕的屏幕截图,其中安全传输处于禁用状态。

装载 NFS 共享Mount an NFS share

  1. 创建文件共享后,请选择该共享并选择“从 Linux 连接”。Once the file share is created, select the share and select Connect from Linux.

  2. 输入要使用的装载路径,然后复制该脚本。Enter the mount path you'd like to use, then copy the script.

  3. 连接到客户端,并使用提供的装载脚本。Connect to your client and use the provided mounting script.

    文件共享连接边栏选项卡的屏幕截图

现已装载 NFS 共享。You have now mounted your NFS share.

验证连接Validate connectivity

如果装载失败,可能是专用终结点未正确设置或无法访问。If your mount failed, it's possible that your private endpoint was not setup correctly or is inaccessible. 有关确认连接性的详细信息,请参阅网络终结点一文的验证连接性部分。For details on confirming connectivity, see the Verify connectivity section of the networking endpoints article.

后续步骤Next steps