Skip to content

Blobfuse Configuring and Running

Gauri Prasad edited this page Oct 12, 2022 · 1 revision

Preparing

blobfuse uses local file system as a buffer cache. On Azure, use the ephemeral drive (usually SSD) or ramdisk to get the most performance out of the buffer cache. Note that blobfuse will need to have write access to the directory you choose as a buffer cache.

Sample mount script provided in this repository uses /mnt/blobfusetmp as the cache location. Create this directory and change owner to the user that mounts blobfuse.

sudo mkdir /mnt/blobfusetmp
sudo chown <youruser> /mnt/blobfusetmp

Note for RHEL on Azure: Use /mnt/resource/blobfusetmp as the ephemeral drive is mounted on /mnt/resource in Azure. On Ubuntu, this is mounted on /mnt.

Optionally, you could use ramdisk. Create a ramdisk sized enough for your workload:

sudo mount -t tmpfs -o size=16g tmpfs /mnt/blobfusetmp

Configuring

  • Option 1 - Store credentials in a file You will need a configuration file containing the Azure Storage connection information (account name, account key or SAS, blob endpoint and container name.) The owner of this file should be the user mounting blobfuse. The container must already exist (if not, you can create it through the Azure portal.) A sample configuration file is at https://github.com/Azure/azure-storage-fuse/blob/master/connection.cfg

  • Option 2 - Store credentials in environment variables You can store your account credentials in the environment variables. Use AZURE_STORAGE_ACCOUNT for the account name, AZURE_STORAGE_ACCESS_KEY for the account key, and AZURE_STORAGE_SAS_TOKEN for the SAS token. Only provide one of AZURE_STORAGE_ACCESS_KEY or AZURE_STORAGE_SAS_TOKEN.Check the ReadMe.txt file for the list of other environment variables.

export AZURE_STORAGE_ACCOUNT=myaccountname
export AZURE_STORAGE_ACCESS_KEY=myaccesskey

or

export AZURE_STORAGE_SAS_TOKEN=?tokenhere

Mounting

One time mount

NOTE Use absolute paths when providing directory paths in the commands below. Relative paths, and shortcuts do not work.

Sample command line for Option 1:

blobfuse /path/to/desired/mountpoint --tmp-path=/mnt/blobfusetmp -o attr_timeout=240 -o entry_timeout=240 -o negative_timeout=120 --config-file=../connection.cfg --log-level=LOG_DEBUG --file-cache-timeout-in-seconds=120

Sample command line for Option 2:

blobfuse /path/to/desired/mountpoint --tmp-path=/mnt/blobfusetmp -o attr_timeout=240 -o entry_timeout=240 -o negative_timeout=120 --container-name=mycontainer --log-level=LOG_DEBUG --file-cache-timeout-in-seconds=120

  • /path/to/desired/mountpoint is the directory where you want the container to be mounted
  • --tmp-path=/mnt/blobfusetmp is the cache directory, created above.
  • --config-file=connection.cfg is the configuration file, created above.
  • attr_timeout, entry_timeout, and negative_timeout are standard FUSE configuration options. We recommend these values as defaults.
  • Container provided in the option --container-name must exist prior to mounting. You can create the container from the Azure Portal

There is a sample mount script, to help simplify this: https://github.com/Azure/azure-storage-fuse/blob/master/mount.sh To run: ./mount.sh </path/to/desired/mountpoint>

Multiple mounts

Blobfuse allows multiple mounts to support additional containers. Additional containers can be mounted using the command above but the mount directory and --tmp-path should be unique and not conflict with any of the earlier mount points or temp directories. NOTE config files are recommended for multiple mounts as environment variables for container names and storage accounts are shared among all blobfuse mounts.

Allow other users, or root access to the mount

Use -o allow_other or -o allow_root flags while mounting in the blobfuse command to export the file system not just to the current user, but to others, or root user.

Persisting

  1. Make sure the fuse package is installed (e.g. yum install fuse)
  2. Update connection.cfg file with your storage account information.
  3. Edit /etc/fstab with the blobfuse script.

Add the following line to use mount.sh:

/<path_to_blobfuse_mount.sh_file>/mount.sh   </path/to/desired/mountpoint>     fuse    _netdev

OR

Add the following line to run without mount.sh

blobfuse /home/azureuser/mntblobfuse fuse defaults,_netdev,--tmp-path=/home/azureuser/tmppath,--config-file=/home/azureuser/connection.cfg,--log-level=LOG_DEBUG,allow_other 0 0

Unmounting

The standard way to unmount a FUSE adapter is to use 'fusermount': fusermount -u </path/to/desired/mountpoint>

Sovereign Clouds

Blobfuse now supports Sovereign Clouds such as USGovernment (Fairfax), Azure China (Mooncake) and Azure Germany (Black Forest) via a new configuration option: "blobEndpoint". To access a sovereign cloud, you must supply the blobEndpoint parameter with the full blob endpoint for your storage account.
Ex:

Environment blobEndpoint
Azure USGovernment <youraccountname>.blob.core.usgovcloudapi.net
Azure China <youraccountname>.blob.core.chinacloudapi.cn
Azure Germany <youraccountname>.blob.core.cloudapi.de

An example USGovernment configuration file is at: https://github.com/Azure/azure-storage-fuse/blob/master/connectionUSGov.cfg

Private Link

Blobfuse mounts storage accounts that have private links just the same way as it mounts storage accounts with a public IP only. The Blobfuse config file should specify the accountName as the original Storage account name and not the privatelink storage account name. For Eg: myblobstorageaccount.blob.core.windows.net is correct while privatelink.myblobstorageaccount.blob.core.windows.net is wrong. The VNET or the on-prem machine hosting Blobfuse should be able to translate the original storage account name to the privatelink name and thereafter the private link IP. Behind the scenes, Blobfuse accesses the storage account with its private Ip. If for some reason the translation fails please confirm the VNet settings to ensure that it is forwarding DNS translation requests to Azure Provided DNS 168.63.129.16. In case the Blobfuse hosting VM is set up to forward to a Custom DNS Server, the Custom DNS settings should be verified, it should forward DNS requests to the Azure Provided DNS 168.63.129.16.