Prerequisites
- The JuiceFS Community Edition client. Install it per the JuiceFS docs and check with
juicefs version. This recipe was verified end-to-end with JuiceFS CE 1.4.0. - A Linux host or container with FUSE (a usable
/dev/fuse). JuiceFS mounts through FUSE. - A created CloudFS filesystem, and the
meta_urlandmeta_tokenfrom its create response. The token is returned only at create (and on rotate) — if you didn’t store it, you cannot reconstruct it and must rotate to get a new one.
Running JuiceFS inside a Linux container is the most portable way to mount — it needs no FUSE install on the host and behaves identically everywhere, which is why the walkthrough below uses it. You can also mount natively on any Linux or macOS host that has FUSE (macOS requires macFUSE).
Credentials the Client Needs
The client holds three things. None of them is a raw database password — the metadata token is the password, embedded in the URL.
The
meta_url returned by create already has the token inline as the password:
meta_url returned by GET /v2/storage/cloudfs/{id} is the same string without the token:
meta_token in as the password (postgres://fs_<hex>:<meta_token>@...). The host is always the region metadata host us-east-1.telnyxcloudfs.com — metadata is centralized there regardless of the filesystem’s data region.
Set the Environment
AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY at mount time. Set them explicitly. Telnyx Cloud Storage authenticates on the access key alone and ignores the SigV4 signature, so the secret can be any non-empty string — see Cloud Storage authentication. An empty secret fails: JuiceFS’s AWS SDK rejects it with static credentials are empty.
Mount
Mount in the background and write logs to a file so the mount doesn’t block your terminal./mnt/agentfs. Watch /tmp/juicefs.log for the mount status and any warnings.
The
--no-usage-report flag opts out of JuiceFS’s anonymous usage reporting. By default the JuiceFS client reports core metrics (such as its version) to the JuiceFS project on mount; it does not include user data. These docs pass --no-usage-report on every mount so CloudFS filesystems don’t phone home by default — drop the flag if you’d like to share usage data with the upstream project.Formatting a needs_format Filesystem
If GET /v2/storage/cloudfs/{id} reports "status": "needs_format", the bucket and metadata database exist but the volume was never formatted, and mounting fails with database is not formatted, please run juicefs format ... first. This is the one case where you run juicefs format — once, then mount as normal:
<s3_endpoint> and <s3_bucket> come from the filesystem’s detail response, and the JuiceFS volume name must be the s3_bucket value (cloudfs-fs-<hex>) — any other name is rejected. Keep AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY exported (format probes the bucket over S3) and leave --access-key / --secret-key unset: the stored volume config then carries no credentials, same as a factory-formatted filesystem. Note that --no-usage-report is a mount flag — format doesn’t accept it.
In a Container (Docker)
The container needs FUSE and thejuicefs binary. Run it privileged and pass the FUSE device through with --device /dev/fuse.
--privileged and --device /dev/fuse are what let FUSE mount inside the container. Without them the mount fails to open /dev/fuse. If you bake the juicefs binary and fuse into your own image, you can skip the install step and go straight to juicefs mount.Verify the Mount
git init and git commit inside the mountpoint behave as expected.
Unmount
META_URL brings all files back.
Troubleshooting
Next Steps
- Concurrent Access — mount the same filesystem from many clients at once, and coordinate writers with locks
- How CloudFS Works — the metadata and data lanes, and what lives where
- API Reference — create, list, get, update, delete, and rotate the metadata token
- Overview — what CloudFS is and when to reach for it