view create

This command creates a view, which exposes a resource location to data clients. A view can expose a path to various different protocols, some in combination with each other, such as NFSv3 and SMB. Protocols include SMB, NFS versions 3 and 4 (including 4.1 and 4,2), S3 object storage, which enables clients to use the view as an S3 bucket, tabular, where the view is exposed to third-party database query engines, block storage where the view allocates a path as a block storage subsystem, and Kafka, which exposes VAST Database tables as topics to publish and consume events.

Usage

view create --path PATH
            --protocols PROTOCOLS
            --policy-id ID
           [--tenant-id TENANT_ID]
           [--alias ALIAS]
           [--bucket BUCKET]
           [--bucket-owner-type USER|ROLE]
           [--bucket-owner BUCKET_OWNER]
           [--bucket-creators BUCKET_CREATORS]
           [--bucket-creators-groups BUCKET_CREATORS_GROUPS]
           [--create-dir [--inherit-parent-acl]]
           [--enable-global-sync]
           [--enable-live-monitoring]
           [--enable-s3-unverified-lookup]
           [--qos-policy-id QOS_POLICY_ID]
           [--share SHARE]
           [--s3-versioning]
           [--locking]
           [--default-retention-period DEFAULT_RETENTION_PERIOD]
           [--s3-locks-retention-mode NONE|GOVERNANCE|COMPLIANCE]
           [--allow-s3-anonymous-access]|[--block-s3-anonymous-access]
           [--enable-acls|--disable-acls]
           [--abe-protocols SMB]
           [--abe-max-depth LEVEL]
           [--files-retention-mode NONE|GOVERNANCE|COMPLIANCE]
           [--max-retention-period MAX_RETENTION_PERIOD]
           [--min-retention-period MIN_RETENTION_PERIOD]
           [--auto-commit AUTO_COMMIT]
           [--abac-tags TAGS]
           [--bucket-logging-destination-id DESTINATION_BUCKET_ID]
           [--bucket-logging-prefix PREFIX]
           [--bucket-logging-key-format SIMPLE_PREFIX|PARTITIONED_PREFIX_EVENT_TIME|PARTITIONED_PREFIX_DELIVERY_TIME]
           [--disable-bucket-logging]
           [--enable-user-impersonation|--disable-user-impersonation]
           [--user-impersonation-identifier-type ID_TYPE]
           [--user-impersonation-identifier ID]
           [--user-impersonation-username NAME]
           [--name NAME]
           [--set-is-default-subsystem]
           [--enable-indestructible-object]
           [--indestructible-object-duration RETENTION_PERIOD]
           [--smb-encryption-state AVAILABLE|DESIRED|REQUIRED]
           [--kafka-vip-pools POOL_ID]
           [--kafka-first-join-group-timeout-sec SECONDS]
           [--kafka-rejoin-group-timeout-sec SECONDS]
           [--enable-kafka-unencrypted-conn|--disable-kafka-unencrypted-conn]
           [--kafka-unencrypted-auth-mechanism SASL_PLAIN|NONE]
           [--enable-kafka-encrypted-conn|--disable-kafka-encrypted-conn]
           [--kafka-encrypted-auth-mechanism SASL_PLAIN|NONE]
           [--require-kafka-authorization|--cancel-kafka-authorization]

Required Parameters

--path PATH

Specifies a path to a file system directory to be exposed to clients. It can be a directory that was already created by a client inside an exposed parent directory, or it can be a new directory, in which case you must specify the --create_dir option to create the directory.

Note
For block storage subsystem views, there is no need to specify --create_dir.

Example:

--path /a/b/c

If you are going to use the path to create an S3 bucket, ensure that none of the subdirectories under the path has a replication protected path defined on it.

Note
If the path is an encrypted path, the path must be created as an encrypted path before you create the view.

--policy-id ID

Specifies which view policy to apply. Specify ID as an integer value. To display view policy configurations with their IDs, use viewpolicy list. viewpolicy list

--protocols PROTOCOLS

Specifies the protocol(s) to which the view is exposed.

Specify PROTOCOLS as a string value for a single protocol or a comma separated list of strings to enable multiple protocols. Valid string values are:

NFS. To expose the view as an NFS export to clients using NFS version 3.
NFS4. To expose the view as an NFS export to clients using NFS version 4.1 or 4.2.
SMB (Not in combination with ENDPOINT). To expose the view as an SMB share to SMB clients.
Note
If you want to configure share-level ACL for an SMB-enabled view, see Share-Level ACLs for the relevant commands to run after the view is created. Share-Level ACLs
S3 (Not in combination with ENDPOINT). To expose the view as an S3 bucket.
ENDPOINT (Not in combination with SMB or S3). To create an S3 Endpoint, which is a template for creating buckets via S3 APIs. Whenever a bucket is created using this endpoint, a new view is created under the specified path. See Managing S3 Request-Initiated Bucket Creation for more information about S3 Endpoint buckets.
DATABASE. To expose the view as a VAST database. This option is used for each view that VAST Cluster creates when a user chooses to create a database on the cluster. For more information, see Configuring the VAST Cluster for Database Access.
KAFKA exposes VAST Database tables that are used as topics to publish and consume events. For more information, see Publishing Events to VAST Event Broker. If you specify KAFKA, you also need to specify DATABASE and S3 protocols for the view.
BLOCK. To expose the view as a block storage subsystem. The specified path must be an empty directory. BLOCK cannot be specified in combination with any other protocol.

Examples:

--protocols NFS,SMB

--protocols NFS,NFS4,ENDPOINT

--protocols NFS,S3

--protocols SMB

--protocols DATABASE

--protocols KAFKA,DATABASE,S3

--protocols BLOCK

Options

`--tenant-id TENANT_ID`	Specifies a non-default tenant to associate with the view.
`--alias ALIAS`	For NFSv3 exports, specifies an alternative shorter name for the path that can be used alternatively when mounting. Optional and relevant only if the view is exposed to NFS. An alias must begin with a forward slash ("/") and must consist of only ASCII characters. An NFS export alias must be unique within the tenant.
`--bucket BUCKETNAME`	Specifies the name of an S3 bucket. Required if `S3` is specified in `--protocols`. A bucket name must be unique across all tenants of the cluster. For more guidelines on bucket naming, see Overview of VAST Cluster S3 Implementation.
`--bucket-owner-type USER\|ROLE`	Specifies whether the bucket owner is a user (`USER`) or a IAM role (`ROLE`). The default is `USER`.
`--bucket-owner BUCKET_OWNER`	Specifies a user to be the bucket owner. Required if `S3` is specified in `--protocols`.
`--bucket-creators BUCKET_CREATORS`	Relevant if `ENDPOINT` is specified in `--protocols`. Specifies users such that any request to create an S3 bucket that is sent by S3 API by a specified user will use this S3 Endpoint view. Specify `BUCKET_CREATORS` as a comma separated list of user names. Note Users should not be specified as bucket creators in more than one S3 Endpoint view.
`bucket-creators-groups BUCKET_CREATORS_GROUPS`	Relevant if `ENDPOINT` is specified in `--protocols`. Specifies groups such that any request to create an S3 bucket that is sent by S3 API by a user who belongs to a specified group will use this S3 Endpoint view. Specify `BUCKET_CREATORS_GROUPS` as a comma separated list of group names. Caution Take extra care not to duplicate bucket creators through groups: If you specify a group as a bucket creator group in one view and you also specify a user who belongs to that group as a bucket creator user in another view, view creation will not fail. Yet, there is a conflict between the two configurations and the selection of a view for configuring the user's buckets is not predictable.
`--create-dir`	Creates a directory at the specified path. Include this option of the directory does not already exist. Note When creating a view on an encrypted path, do not include this option. The path is created when you create the encrypted path, before you create the view.
`--inherit-parent-acl`	This option can only be used together with the `--create-dir` option, when creating a new directory for the view. If specified, the newly created directory will inherit the ACL of the parent directory. If not specified, and also in case the parent directory does not have an inherited ACL, the newly created directory will be assigned an ACL granting POSIX 777 permissions.
`--enable-global-sync`	Supports seamless failover between replication peers by syncing file handles between the view and remote views on the replicated path on replication peers. This enables NFSv3 client users to retain the same mount point to the view in the event of a failover of the view path to a replication peer. Enabling this option may cause overhead and should only be enabled when the use case is relevant. For more information about seamless replication, see Preparing for Seamless Replication Failover (NFSv3).
`--enable-live-monitoring`	Enables live monitoring on the view. Live monitoring can be enabled for up to ten views at one time and can also be enabled any time after view creation using view modify. view modify Analytics data for views is polled every 5 minutes by default and every 10 seconds with live monitoring.
`--qos-policy-id QOS_POLICY_ID`	Associates a QoS policy with the view. Specify the QoS policy by its ID. To list QoS policy definitions, use qospolicy list .
`--share SHARE`	Specifies the SMB share name. Required if the view is exposed to SMB. The name cannot include the following characters: /\:\|<>*?" An SMB share name must be unique within the tenant.
`--s3-versioning`	Enables object versioning on the bucket if `S3` is specified in `--protocols`.
`--locking`	Enables object locking on the view bucket, if `S3` is specified in `--protocols`, or file locking in NFSv3/SMB, if they are selected in `--protocols`. This setting can't be disabled after the view is created.
`--s3-locks-retention-mode NONE\|GOVERNANCE\|COMPLIANCE`	Sets a default retention mode for objects in the bucket. Possible values: `NONE` (default). Object versions that are placed in the bucket have no automatic protection but can be configured with a retention period or legal hold. `GOVERNANCE`. Object versions that are placed in the bucket are automatically protected with a retention lock with retention mode set to governance. `COMPLIANCE`. Object versions that are placed in the bucket are automatically protected with a retention lock with retention mode set to compliance.
`--allow-anonymous-access`	If the view has S3 Bucket or S3 Endpoint enabled, include this option to allow anonymous S3 access to the view's S3 bucket. If allowed, anonymous requests are granted access provided that the object ACL grants access to the All Users group (in S3 Native security flavor) or the permission mode bits on the requested file and directory path grant access permission to "others" (in NFS security flavor). For views with SMB security flavor, anonymous requests are not granted access.
`--block-anonymous-access`	Blocks anonymous S3 access to the view's S3 bucket, if applicable. This is the default setting.
`--enable-acls`	When this option is specified, the user which uploads the object, becomes the object owner. Access is authorized based on ACLs and identity or bucket policies. For more information about the ACLs enabled mode, see S3 Object Ownership. S3 Object Ownership
`--disable-acls`	When this option is specified, the bucket owner has full control over any object in the bucket. Access to objects is controlled based on identity and bucket policies. ACLs are not used. For more information about the ACLs disabled mode, see S3 Object Ownership.S3 Object Ownership
`--abe-protocols SMB`	Enables Access-Based Enumeration (ABE) for the view, if `SMB` is specified in `--protocols`.Access-Based Enumeration (ABE) By default, ABE is disabled.
`--abe-max-depth LEVEL`	Sets the maximum directory level (depth) at which ABE is enabled. By default, ABE depth is unlimited. Specify `LEVELS` as an integer, for example: `--abe-max-depth 3`
`--files-retention-mode NONE\|GOVERNANCE\|COMPLIANCE`	Sets the retention mode for files saved in the view, if locking (--locking ) is enabled. Possible values: `NONE` (default). Files that are saved to the view have no automatic protection but can be manually configured with a retention period or legal hold. `GOVERNANCE`. Files that are saved in the view are automatically protected with a retention lock with retention mode set to governance. In this mode, the retention period can be lengthened or shortened. `COMPLIANCE`. Files that are saved in the view are automatically protected with a retention lock with retention mode set to compliance. In this mode, the retention period can be lengthened, but not shortened.
`--default-retention-period DEFAULT_RETENTION`	Sets the default retention period for files that are locked in the view to `DEFAULT_RETENTION`. Files that are locked automatically using auto-commit will be locked for this period of time, after which they will be unlocked. Files that are locked manually (by setting the atime for the file to a future time) do not use the default retention period. The value `DEFAULT_RETENTION` must be in the range between the min-retention-period and max-retention-period. Set it as an integer value, including units (m - minutes, h - hours, d - days, y - years). Example: 5d (5 days).
`--max-retention-period MAX_RETENTION`	Sets the maximum retention period for files that are locked in the view to `MAX_RETENTION`. Files cannot be locked for longer than this period, whether they are locked manually (by setting the atime) or automatically, using auto-commit. It must be larger than the min-retention-period. Set it as an integer value, including units (m - minutes, h - hours, d - days, y - years). Example: 2m (2 months).
`--min-retention-period MIN_RETENTION`	Sets the minimum retention period for files that are locked in the view to `MIN_RETENTION`. Files cannot be locked for less than this period, whether locked manually (by setting the atime) or automatically, using auto-commit. It must be less than the max-retention-period. Set it as an integer value, including units (m - minutes, h - hours, d - days, y - years). Example: 3d (3 days).
`--auto-commit AUTO_COMMIT`	Sets the auto-commit time to `AUTO_COMMIT` for files that are locked automatically. These files are locked automatically after the `AUTO_COMMIT` period elapses from the time the file is saved. Files locked automatically are locked for the default-retention-period, after which they are unlocked. If set, then `--default-retention-period, --min-retention-period,` and `--max-retention-period` must also be set. Set it as an integer value, including units (m - minutes, h - hours, d - days, y - years). Example: 5m (5 minutes).
`--abac-tags TAGS`	If you are going to use Attribute-Based Access Control (ABAC), enter a comma-separated list of ABAC tags.Attribute-Based Access Control (ABAC) Up to 20 ABAC tags can be defined per view. ABAC tags are case-sensitive and can include alphanumeric characters, a hyphen (-), a colon (:), a plus sign (+), and an underline (_). For example: `red,green,yellow`
`--smb-encryption-state AVAILABLE\|DESIRED\|REQUIRED`	For views of a tenant that has SMB encryption enabled, you can optionally configure the view with SMB encryption protection that is equal to or stronger than that of the tenant: `AVAILABLE` (low): Encryption is used only for SMB clients which have requested it explicitly. For clients that do not support encryption, access is allowed but no encryption is used. `DESIRED` (medium): The cluster uses encryption for any SMB client that supports encryption. For clients that do not support encryption, access is allowed but no encryption is used. `REQUIRED` (high): SMB clients that do not support encryption are denied access.

Block Storage Configuration Options

Use the following options with the --protocol BLOCK to configure a Block storage subsystem:

`--name NAME`	A name for the subsystem.
`--set-is-default-subsystem`	Sets the view to be the default subsystem view from which to provision block volumes.

S3 Bucket Logging Options

The following options let you configure S3 Bucket Logging for an S3 Bucket view:

`--bucket-logging-destination-id DESTINATION_BUCKET_ID`	Enables S3 bucket logging for the bucket and determines the destination bucket which will be used to store the logs. `DESTINATION_BUCKET_ID` is an ID of a view that exposes the destination bucket.
`--bucket-logging-prefix PREFIX`	Optionally, specify a prefix that will be prepended to each key of a log object uploaded to the destination bucket. This prefix can be used to categorize log objects; for example, if you use the same destination bucket for multiple source buckets. The prefix can be up to 128 characters and must follow S3 object naming rules.
`--bucket-logging-key-format SIMPLE_PREFIX\| PARTITIONED_PREFIX_EVENT_TIME\| PARTITIONED_PREFIX_DELIVERY_TIME`	Specify the format for the log object keys: `SIMPLE_PREFIX` adds log object keys in the following format: `[DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]` This is the default format. `PARTITIONED_PREFIX_EVENT_TIME` and `PARTITIONED_PREFIX_DELIVERY_TIME` add log object keys in the following format: `[DestinationPrefix][SourceUsername]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]` This format enables timestamp-based partitioning of log objects. With `PARTITIONED_PREFIX_EVENT_TIME`, the partitioning is done based on the time when the logged events occurred. With `PARTITIONED_PREFIX_DELIVERY_TIME`, the partitioning is done based on the time when the log object has been delivered to the destination bucket. In the formats: `[DestinationPrefix]` is the optional prefix that prepends keys of log objects uploaded to the destination bucket. You define this prefix with the `--bucket-logging-prefix` parameter. `[SourceUsername]` is the username for the owner of the bucket being logged. `[SourceBucket]` is the bucket being logged. UTC time is used in timestamps. `[UniqueString]` is a unique string added to prevent overwriting of objects.
`--disable-bucket-logging`	Disables S3 bucket logging configured for the bucket.

User Impersonation Options

The following options let you configure user impersonation for a view:User Impersonation

`--enable-user-impersonation`	Enables user impersonation.
`--disable-user-impersonation`	Disables user impersonation.
`--user-impersonation-identifier-type ID_TYPE`	The type of a user identifier that you are going to specify on the `--user-impersonation-identifier` option to identify the impersonator (the user account to be used instead of the original user). Valid values for `ID_TYPE`: `username` for user's username in format username@domain. `sid_str` for user's Security ID (SID). `uid` for user's POSIX UID attribute. This option is required if `--enable-user-impersonation` is specified on the command.
`--user-impersonation-identifier ID`	The impersonator user ID or name. The ID or name must be of the type specified on the `--user-impersonation-identifier-type` option (username@domain, SID or UID). This option is required if `--enable-user-impersonation` is specified on the command.
`--user-impersonation-username NAME`	The impersonator username. If `--user-impersonation-identifier ID` and `--user-impersonation-username NAME` point to different users, the user specified with `--user-impersonation-identifier ID` becomes the impersonator.

Event Publishing Options

The following options let you configure a view for VAST Event Broker:

`--kafka-vip-pools POOL_ID`	Specifies a virtual IP pool to be used to access event topics exposed by the view. Note Only one virtual IP pool can be used per view. The pool must belong to the same VAST tenant as the Kafka-enabled view. If the view is associated with a view policy that includes virtual IP pools, the pool specified as the Kafka pool must be one of the view policy pools.
`--kafka-first-join-group-timeout-sec SECONDS`	Specifies the amount of time to wait for more consumers to join a new group before performing the first rebalance. Valid values are 1-3600. The default value is 60 seconds.
`--kafka-rejoin-group-timeout-sec SECONDS`	Specifies the maximum allowed session timeout for registered consumers. Valid values are 1-3600. The default value is 60 seconds.
`--enable-kafka-unencrypted-conn`	Enables authentication of clients that use non-TLS connections to access a Kafka-enabled view. When specifying this option, also include `--kafka-unencrypted-auth-mechanism SASL_PLAIN` to request SASL plain authentication for the connection.
`--disable-kafka-unencrypted-conn`	Disables authentication of clients that use non-TLS connections to access a Kafka-enabled view.
`--kafka-unencrypted-auth-mechanism SASL_PLAIN\|NONE`	Specify `SASL_PLAIN` to enable SASL plain authentication on non-TLS connections to a Kafka-enabled view.
`--enable-kafka-encrypted-conn`	Enables authentication of clients that use TLS connections to access a Kafka-enabled view. This option requires a Kafka TLS certificate to be provided for the VAST cluster. When specifying this option, also include `--kafka-encrypted-auth-mechanism SASL_PLAIN` to request SASL plain authentication for the connection.
`--disable-kafka-encrypted-conn`	Disables authentication of clients that use TLS connections to access a Kafka-enabled view.
`--kafka-encrypted-auth-mechanism SASL_PLAIN\|NONE`	Specify `SASL_PLAIN` to enable SASL plain authentication on TLS connections to a Kafka-enabled view.
`--require-kafka-authorization`	Enables authorization for clients connecting to a Kafka-enabled view.
`--cancel-kafka-authorization`	Disables authorization for clients connecting to a Kafka-enabled view.

Indestructible Object Mode Options

Note
These options are not supported by default. To use these options, first enable indestructible object mode on the cluster. For complete feature information, see Indestructible Object Mode.

--enable-indestructible-object

Enables indestructible object mode on the view.

See also --indestructible-object-duration RETENTION_PERIOD since this value cannot be changed after creating the view without unlocking the cluster's indestructibility mechanism.

--indestructible-object-duration RETENTION_PERIOD

Sets the number of days for which objects in the bucket should be protected by indestructible object mode.

Specify RETENTION_PERIOD as an integer.

Default: 8

Supported range: 1-400

Note
If you are enabling indestructibility mode, you will not be able to change this retention period after view creation without first unlocking the cluster's indestructibility mechanism, which requires a secure authentication procedure.

Example

This example creates a view of the pre-existing /dev directory, with an NFS export, using the default view policy.

vcli: admin> view create --path /dev --protocols NFS

This example creates a multiprotocol view of a directory at the /home/users/devteam path using a non default view policy.

vcli: admin> view create --path  /home/users/devteam --protocols NFS,SMB
    --alias /devteam --share devteamusers  --policy-id 2 --create-dir