Creating a single-node file server using the management console
To create an infrastructure for a single-node file server using the Yandex Cloud management console:
- Prepare your cloud.
- Create a security group.
- Create a virtual machine for your file server.
- Set up Samba and NFS.
- Test your file server.
If you no longer need the resources you created, delete them.
Getting started
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
The cost for hosting a single node file server includes:
- Fee for a continuously running VM (see Yandex Compute Cloud pricing).
- Fee for using a dynamic or static public IP address (see Yandex Virtual Private Cloud pricing).
- Fee for the outbound traffic (see Yandex Virtual Private Cloud pricing).
Prepare the network infrastructure
- Go to the Yandex Cloud management console
and select the folder where you will perform the operations. - Make sure the selected folder has a network with a subnet that the VM can be connected to. To do this, select Virtual Private Cloud on the folder page. If the list contains a network, click its name to see the available subnets. If there is neither network nor subnet, create them.
Create a security group
To create a security group for your file server:
-
In the management console
, select Virtual Private Cloud. -
Open the Security groups tab.
-
Create a security group:
-
Click Create security group.
-
In the Name field, specify the name:
fileserver-sg
. -
In the Network field, select the network where the
fileserver-tutorial
VM is located. -
Under Rules, create the following rules using the instructions below the table:
Traffic
directionDescription Port range Protocol Destination name /
SourceCIDR blocks Outgoing any
All
Any
CIDR
0.0.0.0/0
Incoming ssh
22
TCP
CIDR
0.0.0.0/0
Incoming ext-http
80
TCP
CIDR
0.0.0.0/0
Incoming ext-https
443
TCP
CIDR
0.0.0.0/0
Incoming nfs
2049
TCP
CIDR
0.0.0.0/0
- Select the Egress or Ingress tab.
- Click Add rule.
- In the Port range field of the window that opens, specify a single port or a range of ports that traffic will come to or from. To open all ports, click Select the full range.
- In the Protocol field, specify the appropriate protocol or leave Any to allow traffic transmission over any protocol.
- In the Destination name or Source field, select the
CIDR
, and the rule will apply to a range of IP addresses. In the CIDR blocks field, specify0.0.0.0/0
. - Click Save. Repeat the steps to create all the rules from the table.
-
Click Save.
-
Create a virtual machine for your file server
To create a VM:
-
In the management console
, select the folder to create your VM in. -
In the list of services, select Compute Cloud.
-
In the left-hand panel, select
Virtual machines. -
Click Create virtual machine.
-
Under Boot disk image, select the Ubuntu public image.
-
Under Location, select an availability zone to place your VM in.
-
Add a secondary disk for data storage:
-
Under Disks and file storages, click Add.
-
In the window that opens, select Disk.
-
Select
Create new disk
and specify the parameters:- Contents:
Empty
. - Name:
fileserver-tutorial-disk
. - Type:
SSD
. - Size:
100 GB
.
- Contents:
-
Click Add disk.
-
-
Under Computing resources, navigate to the Custom tab, select the platform and specify the recommended parameters for the file server:
- vCPU:
8
or more - Guaranteed vCPU performance:
100%
. - RAM:
56 GB
or more
- vCPU:
-
Under Network settings:
-
In the Subnet field, enter the ID of a subnet in the new VM’s availability zone. Alternatively, you can select a cloud network from the list.
-
Each network must have at least one subnet. If there is no subnet, create one by selecting Create subnet.
-
If you do not have a network, click Create network to create one:
- In the window that opens, enter the network name and select the folder to host the network.
- (Optional) Select the Create subnets option to automatically create subnets in all availability zones.
- Click Create network.
-
-
In the Public IP field, select
Auto
to assign the VM a random external IP address from the Yandex Cloud pool or select a static address from the list if you reserved one in advance. -
In the Security groups field, select the
fileserver-sg
security group you created earlier.
-
-
Under Access, select SSH key and specify the details for access to the VM:
-
In the Login field, enter a name for the user you want to create on the VM, e.g.,
ubuntu
.Alert
Do not use
root
or other usernames reserved by the operating system. To perform operations requiring superuser permissions, use thesudo
command. -
In the SSH key field, select the SSH key saved in your organization user profile.
If there are no saved SSH keys in your profile, or you want to add a new key:
- Click Add key.
- Enter a name for the SSH key.
- Upload or paste the contents of the public key file. You need to create a key pair for the SSH connection to a VM yourself.
- Click Add.
The SSH key will be added to your organization user profile.
If users cannot add SSH keys to their profiles in the organization, the added public SSH key will only be saved to the user profile of the VM being created.
-
-
Under General information, specify the VM name:
fileserver-tutorial
. -
Click Create VM.
It may take a few minutes to create the VM. When the VM status switches to RUNNING
, copy the public IP address: it will be listed on the VM page in the Network section. You will need the IP address later to configure NFS and Samba.
Set up Samba and NFS
After the fileserver-tutorial
VM's status changes to RUNNING
, do the following:
-
On the VM page of the management console
, under Network, find the VM's public IP address. -
Connect to the VM over SSH.
The recommended authentication method when connecting over SSH is using a key pair. Make sure to set up the created key pair so that the private key matches the public key sent to the VM.
-
Configure Samba and NFS:
Ubuntu-
Download and install Samba:
sudo apt-get update sudo apt-get install nfs-kernel-server samba
-
Prepare and mount the file system on the disk:
sudo mkfs -t ext4 -L data /dev/vdb
-
Prepare and mount the folder for data storage on the disk:
sudo mkdir /<folder_name> echo "LABEL=data /<folder_name> ext4 defaults 0 0" | sudo tee -a /etc/fstab sudo mount /<folder_name>
-
Set the NFS configuration in the
/etc/exports
file. You can edit the file using thenano
utility:sudo nano /etc/exports
Add the following lines to the file:
/<folder_name> <IP_address>(rw,no_subtree_check,fsid=100) /<folder_name> 127.0.0.1(rw,no_subtree_check,fsid=100)
Where
<IP_address>
is the IP address of the computer you are going to connect the network data disk to via NFS. -
Set the Samba configuration in the
/etc/samba/smb.conf
file. You can edit the file using thenano
utility:sudo nano /etc/samba/smb.conf
Edit the file as follows:
[global] workgroup = WORKGROUP server string = %h server (Samba) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = standalone server passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [data] comment = /<folder_name> path = /<folder_name> browseable = yes read only = no writable = yes guest ok = yes hosts allow = <IP_address> 127.0.0.1 hosts deny = 0.0.0.0/0
Where
<IP_address>
in the[data]
section is the IP address of the computer you are going to connect the network data disk to via NFS. -
Restart Samba and NFS:
sudo service nfs-kernel-server restart sudo service smbd restart
-
Test your file server
-
Install ACL on the
fileserver-tutorial
VM:Ubuntusudo apt install acl
-
On the
fileserver-tutorial
VM instance, create a directory namedremote
and thetest.txt
file:Ubuntusudo mkdir /<folder_name>/remote sudo setfacl -m u:<name_of_your_user>:rwx /<folder_name>/remote echo "Hello world!" > /<folder_name>/remote/test.txt
-
Connect the network disk to your computer via NFS and check if the test file is available:
Linux/macOSWindowsIf needed, install the network disk utility:
sudo apt-get install nfs-common
Create a mount point:
sudo mkdir /remote-test-dir
Attach a network disk:
sudo mount -t nfs <VM_public_IP_address>:/<folder_name> /remote-test-dir
As as result, the test directory and the file should become available at the mount point.
-
Run the cmd.exe utility. To do this, use the Windows + R keyboard shortcut and run the
cmd
command. -
From the command line, run:
net use x: \\<VM_public_IP_address>\folder_name
This will create a disk X with the test directory and file.
-
How to delete the resources you created
To stop paying for the resources you created:
- Delete the VM.
- Delete the static public IP address if you reserved one.