Configuring Multi-VPC Access

Scenarios

You can configure multiple VPCs for a general-purpose file system so that cloud servers in different VPCs can share the same file system, as long as the VPCs are added as authorized VPCs of the file system or the server IP addresses are added as authorized IP addresses of the VPC.

This section describes how to access a general-purpose file system from different VPCs.

Constraints

• If a VPC added to a general-purpose file system has been deleted from the VPC console, the IP addresses or IP address ranges of this VPC can still be seen as activated in the file system's VPC list. But this VPC can no longer be used and you are advised to remove it from the list.
• Before adding an authorized VPC for a general-purpose file system, you need to create a VPC endpoint to establish communication between the compute resources and the file system.
• You need to configure a VPC endpoint for each VPC you want to add as an authorized VPC of a general-purpose file system. Or, the file system will fail to be mounted.

Procedure

1. Log in to the SFS console.
2. In the general-purpose file system list, click the name of the desired file system to go to its details page.
3. In the navigation pane on the left, choose Permissions Management.
4. If no VPCs are available, create a VPC first. Click Add Authorization Rule. A dialog box is displayed, as shown in Figure 1.
   Table 1 describes the parameters.

   Figure 1 Add Authorization Rule
   

   Table 1 Parameter description

   Parameter	Description
   VPC	Select the VPC you want to add, for example, vpc-30e0. If no VPC is available, create one.
   Authorizations	You can select Read/Write or Read-only. Read/Write is preselected.
   User Authorizations	You can select no_root_squash, root_squash, or all_squash. no_root_squash allows the root user on the client to access the general-purpose file system as root. root_squash allows the root user on the client to access the general-purpose file system as the nobody user. all_squash allows any user on the client to access the general-purpose file system as the nobody user, and the user can modify and delete the file system.
   Authorized Addresses	You can select All IP addresses or Specific IP address/CIDR block. All IP addresses is preselected. NOTE: If you select Specific IP address/CIDR block, you can add multiple IP addresses or CIDR blocks. Enter each one on a separate line. After the authorized addresses are added, you can click the number shown under Authorized Addresses in the permissions management list to check their information.

5. Click OK. View the added VPC in the list.
6. On the VPC Endpoints page, click Buy VPC Endpoint.

   The Buy VPC Endpoint page is displayed.

   Figure 2 Buy VPC Endpoint
   

7. Configure VPC endpoint parameters.

   Table 2 VPC endpoint parameters

   Parameter	Description
   Region	Region where the VPC endpoint is located. Ensure that this region is the same as the one where the planned general-purpose file system resides.
   Billing Mode	Pay-per-use is preselected by default, but you will not be billed for the endpoint purchased for general-purpose file systems.
   Service Category	Select Find a service by name. Enter a VPC endpoint service name based on the region selected. If the CN North-Beijing4 region is selected, enter cn-north-4.com.myhuaweicloud.v4.storage.lz13. If the CN South-Guangzhou region (AZ1) is selected, enter cn-south-1.com.myhuaweicloud.v4.obsv2. NOTE: General-purpose file systems created in AZ1 of the CN South-Guangzhou region cannot be mounted to containers. If the CN South-Guangzhou region (AZ6) is selected, enter cn-south-1.com.myhuaweicloud.v4.obsv2.storage.lz06. If the CN East-Shanghai1 region is selected, enter cn-east-3.com.myhuaweicloud.v4.storage.lz07. If the CN Southwest-Guiyang1 region is selected, enter com.myhuaweicloud.cn-southwest-2.ipv4.sfs. If the CN-Hong Kong region is selected, enter ap-southeast-1.com.myhuaweicloud.v4.obsv2.storage.lz005. After entering the service name, click Verify. If Service name found is displayed, proceed with subsequent steps. If Service name not found is displayed, check whether the entered service name is correct. If the problem persists, submit a service ticket.
   VPC	VPC where the planned general-purpose file system and ECSs reside.
   Tag	Optional VPC endpoint tags. Each tag consists of a key and a value. You can add a maximum of 10 tags to a VPC endpoint. Tag keys and values must meet the requirements listed in Table 3. NOTE: If you have created a predefined tag in TMS, you can select the corresponding tag key and value. For details about predefined tags, see Predefined Tags.

   Table 3 describes the tag parameters.

   Table 3 Tag parameters

   Parameter	Description	Example Value
   Tag key	Each tag has a unique key. You can customize a key or select the key of an existing tag created in TMS. A tag key: Cannot be an empty string. Must be unique for each resource. Can contain a maximum of 128 characters. Can contain letters, digits, spaces, and the following characters: _.:=+-@; cannot start or end with a space, or start with _sys_.	Key_0001
   Tag value	A tag value can be repetitive or left blank. A tag value: Can be an empty string. Can contain a maximum of 255 characters. Can contain letters, digits, spaces, and the following characters _.:/=+-@; cannot start or end with a space.	Value_0001

8. Click Next.
   • If you do not need to modify the configuration, click Submit.
   • If you need to modify the configuration, click Previous, modify the configuration as needed, and then click Submit.

9. Go back to the VPC endpoint list and check whether the status of the VPC endpoint changes to Accepted. If so, the VPC endpoint has been connected to the VPC endpoint service.

Verification

After a VPC is added to the general-purpose file system, mount the file system to a server in the added VPC. If the mount is successful and the server can access the file system, the multi-VPC access configuration is successful.