DocsICP FilingConsole
官方文档
首页

Configure OSS file system

更新时间:
复制 MD 格式
产品详情
我的收藏

Object Storage Service (OSS) is a massively scalable, secure, low-cost, and highly reliable cloud storage service. You can configure OSS mounting for your Function Compute service so that functions under the service can use OSS with an operational experience similar to that of a local file system, thereby simplifying resource access and data processing workflows.

Limits

  • Function Compute supports up to five NAS mount targets and five OSS mount targets for a single service in the same region.

  • The local directories assigned to NAS and OSS mount points in the function runtime environment must not conflict.

    For more information about configuring NAS mount points, see Configure NAS file system.

Prerequisites

Procedure

Step 1: Configure OSS mounting

Function Compute applies OSS configuration at the service level. After you configure an OSS mount target for a service, all functions in that service can access files in the specified OSS bucket.

  1. Log on to the Function Compute console. In the left-side navigation pane, click Services & Functions.

  2. In the top navigation bar, select a region. On the Services page, find the desired service and click Configure in the Actions column.

  3. In the Storage Configuration section of the Edit Service page, configure the following parameters and click Save.

    Configuration item

    Description

    Example

    Mount OSS

    Enable or disable the OSS file system. Options:

    • Enable: Enable the OSS file system.

    • Disable: Do not enable the OSS file system.

    Enable

    OSS mount point: Enter the OSS mount point details.

    Bucket

    Select an existing OSS bucket. To create a new bucket, click Create new OSS Bucket to go to the OSS console. For pricing details, see OSS Billing overview.

    example-bucket

    Bucket subdirectory

    Enter an absolute path to a subdirectory in the bucket. Leave this field empty or set it to / to mount the bucket root.

    /files

    OSS endpoint

    After selecting a bucket, the system auto-fills its default endpoint. You can choose Custom endpoint to change this value. For endpoints by region, see Regions and endpoints.

    Note

    • If you select a bucket in the same region as your Function Compute service, we recommend using the OSS private network endpoint as the endpoint.

    • If the bucket is in a different region, you must use the OSS public endpoint. This incurs outbound traffic over Internet charges.

    default address

    Local directory in function

    Set a local directory in the function runtime environment. It must be a subdirectory of /home, /mnt, or /data.

    Note

    You do not need to manually create this directory. Use it directly.

    /mnt/oss

    Function Local Directory Permissions

    Set access permissions for the mounted directory in the function runtime environment. Choose Read-only or Read/Write.

    Read/Write
    Note

    OSS mounting depends on your service’s network configuration. If you set Allow only specified VPC to invoke functions to Yes and Allow functions to access the Internet to No, then using a public OSS endpoint requires your VPC to have Internet access. For more information, see Configure static public IP address.

Step 2: Create a function and access files in the mounted OSS directory

After configuring OSS mounting, access files in the mounted directory as if they were local files.

  1. On the Create Function page, configure the following settings. Keep all other settings at their defaults and click Create.

    • Creation method: Create with built-in runtime.

    • Basic settings: Enter a Function name and set Handler type to Handle event requests.

    • Function code: Set Runtime to Python 3.10 and Code upload method to Use sample code.

  2. On the function details page, click the Function Code tab. Write your code in the editor and click Deploy Code.

    This example uses Python. Sample code:

    import os
def handler(event, context):
    # Mount directory
    mount_path = '/mnt/oss'
    # List files in the mounted directory
    files = os.listdir(mount_path)
    print("Files in OSS mount:", files)  
    # Read a file from the mounted directory
    file_path = os.path.join(mount_path, 'example.txt')
    if os.path.exists(file_path):
        with open(file_path, 'r') as file:
            content = file.read()
            print("Content of example.txt:", content)
    else:
        print("example.txt does not exist.")
    # Write a file to the mounted directory
    write_path = os.path.join(mount_path, 'output.txt')
    with open(write_path, 'w') as file:
        file.write("Hello, OSS mount!")
        print("Wrote to output.txt in OSS mount.")
    return "Function execution completed."
    Note

    In the code above, replace example.txt with the name of an actual file in your mounted OSS directory.

  3. After successful deployment, click Test Function on the Function Code tab.

    When execution finishes, view results under the Function Code tab. The Logs tab shows the content of example.txt from OSS. The output.txt file appears in your OSS bucket’s mounted directory.

FAQ

OSS mounting fails with error bucket not found.

Verify that the OSS endpoint and bucket name are correct.

OSS mounting fails with error host resolv error or deadline exceeded.

Verify that the endpoint is correct.

  • A host resolv error occurs when DNS resolution for the endpoint fails.

  • Internal endpoints cannot be used across regions. Using an internal endpoint from another region causes a timeout and a deadline exceeded error.

Mounting fails with error invalid credentials.

Confirm whether the RAM role you configured for the service has permission to access OSS. The permission information is as follows. For more information, see Grant Function Compute permission to access other Alibaba Cloud services.

  • Read-only: Includes oss:ListObjects and oss:GetObject.

  • Read/Write: Includes oss:ListObjects, oss:GetObject, oss:PutObject, oss:DeleteObject, oss:ListParts, and oss:AbortMultipartUpload.

Note

oss:ListObjects is a bucket-level operation. Your policy must include a bucket-level resource such as acs:oss:*:*:bucketName. For more information, see OSS Resource description.

Reading a mounted file returns error Input/output error.

Confirm the storage class of your OSS bucket. Files in Archive Storage or Cold Archive are frozen and must be restored before access. We recommend using Standard storage for buckets used with mounting.

How do I view files in my configured local function directory?

  1. On the function details page, click Instances. Find an instance with status Running, then click Log on to Instance in the Actions column.

  2. After logging in, run commands to view files in your local directory. Example:

    root@sr-65b2eb76-d67d842307af4c428169:/code# cd /mnt/oss
root@sr-65b2eb76-d67d842307af4c428169:/mnt/oss# ls
 my.zip   output.txt  's (1).yaml'   download.html   download.json
root@sr-65b2eb76-d67d842307af4c428169:/mnt/oss# cd ../
root@sr-65b2eb76-d67d842307af4c428169:/mnt# ls
oss
root@sr-65b2eb76-d67d842307af4c428169:/mnt#

Accessing a mount point from a function instance returns Transport endpoint is not connected.

This error may occur if your function has low memory or high memory usage, causing OSS mounting to fail due to insufficient memory. Increase your function’s memory. We recommend at least 512 MB when using OSS mounting.

Is data written to the function directory persisted?

Data written to the function directory is deleted when the function instance is destroyed. To persist data, configure mounting—either NAS or OSS. For more information, see Configure NAS file system and Configure OSS file system.

How do I grant read-only access to a specific bucket using a permission policy?

See the sample policy below. Replace bucketName with your bucket name. For more information, see RAM Policy overview.

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "oss:ListObjects",
        "oss:GetObject"
      ],
      "Resource": [
        "acs:oss:*:*:bucketName",
        "acs:oss:*:*:bucketName/*"
      ],
      "Effect": "Allow"
    }
  ]
}

How do I grant read/write access to a specific bucket using a permission policy?

See the sample policy below. Replace bucketName with your bucket name. For more information, see RAM Policy overview.

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "oss:ListObjects",
        "oss:GetObject",
        "oss:PutObject",
        "oss:DeleteObject",
        "oss:AbortMultipartUpload",
        "oss:ListParts"
      ],
      "Resource": [
        "acs:oss:*:*:bucketName",
        "acs:oss:*:*:bucketName/*"
      ],
      "Effect": "Allow"
    }
  ]
}

How do I grant read-only access to a specific subdirectory in a bucket using a permission policy?

See the sample policy below. Replace bucketName with your bucket name and bucketPath with your subdirectory path. For more information, see RAM Policy overview.

{
  "Version": "1",
  "Statement": [
    {
      "Action": "oss:ListObjects",
      "Effect": "Allow",
      "Resource": [
        "acs:oss:*:*:bucketName"
      ],
      "Condition": {
        "StringLike": {
          "oss:Prefix": [
            "bucketPath/*"
          ]
        }
      }
    },
    {
      "Action": [
        "oss:GetObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "acs:oss:*:*:bucketName/bucketPath/*"
      ]
    }
  ]
}

How do I grant read/write access to a specific subdirectory in a bucket using a permission policy?

See the sample policy below. Replace bucketName with your bucket name and bucketPath with your subdirectory path. For more information, see RAM Policy overview.

{
  "Version": "1",
  "Statement": [
    {
      "Action": "oss:ListObjects",
      "Effect": "Allow",
      "Resource": [
        "acs:oss:*:*:bucketName"
      ],
      "Condition": {
        "StringLike": {
          "oss:Prefix": [
            "bucketPath/*"
          ]
        }
      }
    },
    {
      "Action": [
        "oss:GetObject",
        "oss:PutObject",
        "oss:DeleteObject",
        "oss:AbortMultipartUpload",
        "oss:ListParts"
      ],
      "Effect": "Allow",
      "Resource": [
        "acs:oss:*:*:bucketName/bucketPath/*"
      ]
    }
  ]
}

During file writes via an OSS mount point, the file appears empty from the OSS side.

When writing through an OSS mount point, data uploads to OSS only after you explicitly call Flush or close the file.

Operations like compression, decompression, or file transfer on an OSS mount point are slow.

OSS itself does not support file system APIs. After you mount an OSS bucket as a directory, Function Compute encapsulates OSS APIs to implement file system APIs. For example, OSS itself does not support random writes. When you need to use file system APIs to modify existing files on an OSS mount target, Function Compute downloads the entire source file from OSS, rewrites it, and re-uploads it to OSS.

Operations that map directly to OSS APIs—such as sequential reads and writes—perform well. Operations requiring multiple OSS interactions—such as random reads/writes used in compression—perform slower than on a local file system.

Do different function instances synchronize access to the OSS mount point?

Function instances are independent. Changes made in one instance may not appear immediately in another. For example, if instance A creates file F in the OSS mount point, instance B might not see file F right away.