Creating replica file shares
Create a replica file share in the UI, from the CLI, with the API, or with Terraform. Replica file shares can be created in another zone of the same metro region as the primary share's zone, or a zone of a different metro region in the same geography.
The following table shows which metro regions can replicate with each other within each geography.
Americas | Europe | Asia |
---|---|---|
|
|
|
The specified source file share must not have another replica already, and must not be a replica of another share.
If you want to create a replica in another region, you need to establish service-to-service authorizations first. Both file service instances must belong to the same account. Cross-account replication is not supported. For more information, see Establishing service-to-service authorizations for File Storage for VPC.
Adding replication to a file share in the UI
You can create a replica of your file share from the list of all file shares or the file share details page. If you don't already have a source file share, provision one as described in Create a file share and mount target in the UI. When the file share appears as "stable" on the File shares for VPC page, click the Actions icon and click Create replica.
On the File share replica create page, review the source file share details, and complete the replica details.
-
Name - Provide a unique name for the replica share.
-
Replica location - The geography is preselected and cannot be changed. Select the metro (region) and zone in which the replica share is to be created. The UI presents the available options in the menu.
-
Resource group - Select the resource group from the list.
-
Tags - Optionally, specify user tags. The tags that you apply to the replica can be the same as or different from the source share's tags.
-
Profile - The
dp2
profile is preselected, even if the source file share is based on a profile from a previous release. Specify the maximum value for IOPS. It determines the performance that you get on the replica after you perform a failover. -
Mount Targets - Optionally, create a mount target for the replica share. You can skip this step if you do not want to create a mount target now. Otherwise, click Create. You can create one mount target per VPC per file share. Depending on the mount target access mode of the share, the Create mount target form looks different.
-
If you selected security group as the access mode, enter the information as described in the Table 2. This action creates and attaches a virtual network interface to your mount target that identifies the file share with a reserved IP address and applies the rules of the selected Security group. This mount target supports encryption-in-transit and cross-zone mounting.
Values for creating a mount target. Field Value Details Mount target name Specify a mount target name. The name can be up to 63 lowercase alpha-numeric characters and include the hyphen (-), and must begin with a lowercase letter. You can later edit the name if you want. Zone Zone is inherited from the file share (for example, Dallas 2). VPC Select an available VPC. The list includes only those VPCs with a subnet in the selected zone. Subnet Select a subnet from the list. Reserved IP address Required for the mount target. The IP address cannot be changed afterward. However, you can delete the mount target and create another one with a different IP address. Reserving method You can have the file service select an IP address for you. The reserved IP becomes visible after the mount target is created. Or, specify your own IP. Auto-release Releases the IP address when you delete the mount target. Enabled by default. Security groups The default security group for the VPC is selected. You can use it or select another security group from the list. -
If you selected VPC as the access mode, provide a name for the mount target and select a VPC from the list. This mount target can be used to mount the file share on any virtual server instance of the selected VPC in the same zone as the file share. Cross-zone mounting is not supported.
-
-
Sync frequency - Specify how often you want to synchronize changes from the primary file share to the replica share. The Summary shows the selections that you made. For Frequency, the options are hourly, daily, weekly, monthly, or by
cron-spec
expression:- For hourly replication, enter a value in the range 0 - 60 to specify exactly how many minutes past the hour, every hour, every day the replication is to start.
- For daily replication, specify the starting time in hours and minutes in Coordinated Universal Time. Enter a value between 00:00 and 23:59. For your convenience, the Coordinated Universal Time value is converted into your local time.
- For weekly replication, specify the days of the week you want replication to run and the start time in Coordinated Universal Time. Enter a value between 00:00 and 23:59.
- For monthly replication, choose a Day 1 - 28. For the start time, enter a value between 00:00 and 23:59.
- If you specify a
cron-spec
expression, replications must be scheduled not less than 15 minutes. Enter the replication frequency incron-spec
format: minute, hour, day, month, and weekday. For example, to replicate every day at 5:30 PM you need to enter30 17 * * *
.
-
Encryption
- Encryption in transit is disabled by default, you can click the toggle to enable. For more information about this feature, see Encryption in transit - Securing mount connections between file share and host. |
- When you replicate to another zone of the same region, the encryption is inherited from the primary share. If you specified customer-managed encryption, the key management system is shown along with the root key. You can't encrypt a replica share with a different key.
- When you replicate to another region, the encryption type (provider-managed vs customer-managed) of the replica must match the source share. However, it is not inherited from the source, and you must select a Customer Root Key for your replica if the source share is protected by customer-managed encryption.
Values for customer-managed encryption for file shares. Field Value Encryption Select either Key Protect or Hyper Protect Crypto Services. Encryption service instance If you provisioned multiple KMS instances in your account, select the one that includes the root key that you want to use for customer-managed encryption. Ensure that service-to-service authorizations between the file service and the target KMS are in place. Key name Select the root key within the KMS instance that you want to use for encrypting the share. Key ID The field shows the key ID that is associated with the data encryption key that you selected. -
In the side panel, review your estimated cost, and apply a discount code, if you have one.
-
Click Create file share.
If you're not ready to order yet or just looking for pricing information, you can add the information that you see in the side panel to an Estimate. For more information about how this feature works, see Estimating your costs.
Adding replication to file share from the CLI
You can use the CLI to create a file share with a replica share in another zone or region, or to create a replica share for an existing file share.
Before you can use the CLI, you must install the IBM Cloud CLI and the VPC CLI plug-in. For more information, see the CLI prerequisites.
Adding replication to file share with the API
You can programmatically set up replication by calling the /shares
method in the VPC API as shown in the following sample requests.
Before you begin, first set up the API environment. For more information about the file shares VPC API, see the VPC API reference.
Adding replication to file share with Terraform
You can use the ibm_is_share
resource in Terraform to create a file share with replication, or update a file share to include replication. The following example creates a replica share in the us-south-3
zone and associates
it to the parent share that is specified by its ID ibm_is_share.example.id
.
resource "ibm_is_share" "my-replica1" {
zone = "us-south-3"
source_share = ibm_is_share.example.id
name = "my-replica1"
profile = "dp2"
replication_cron_spec = "0 */5 * * *"
}
The following example creates a file share in us-south-1
with a replica in us-south-3
.
resource "ibm_is_share" "my-replica" {
zone = "us-south-1"
size = 220
name = "my-share"
profile = "dp2"
replica_share {
name = "my-replica"
replication_cron_spec = "0 */5 * * *"
profile = "dp2"
zone = "us-south-3"
}
}
When you create a replica of a file share in another region, you must use the CRN of the source file share. If the source file share has user_managed
encryption, you must provide the encryption_key
. The encryption_key
value must not be specified otherwise. See the following example.
resource "ibm_is_share" "my-cross-regional-replica" {
zone = "us-east-1"
source_share_crn = "crn:v1:bluemix:public:is:us-south-1:a/a1234567::share:r006-d8c8821c-a227-451d-a9ed-0c0cd2358829"
encryption_key = "crn:v1:bluemix:public:kms:us-south:a/a1234567:1be45161-6dae-44ca-b248-837f98004057:key:3dd21cc5-cc20-4f7c-bc62-8ec9a8a3d1bd"
replication_cron_spec = "5 * * * *"
name = "my-cross-regional-replica"
profile = "dp2"
}
For more information about the arguments and attributes, see ibm_is_share.