Open in app

Sign in

Write

Sign in

Cloud Filestore in GCP

Fredrick Sachita
5 min readDec 1, 2020

--

Login to the GCP Console and navigate to storage thenFilestore

Click on create instance

Enter a unique instance ID, description(optional), Configure service tier, select a storage type suiting the current needs

After creating and inserting above record fields click on create, after the instance is installed you will be able to view it as below:

Select the created instance to view more details about i.e as below:

Create a new compute instance in the same project as the filestore, initially created above, see below snippet for of a newly created compute instance:

Go to VPC network and select firewall to create a new rule to allow SSH on the newly created compute instance

Add/configure a new rule to allow SSH communication by clicking on create firewall rule, enter the rule name,leave it as default network or choose created network containing the previously created resources, give it a priority for rule application.

Creating a firewall ingress rule

Use the following procedure to create a firewall rule to enable traffic from Filestore instances.

  1. Go to the Firewall page in the Google Cloud Console.
  2. Click Create firewall rule.
  3. Enter a Name for the firewall rule. This name must be unique for the project.
  4. Specify the Network in which you want to implement the firewall rule.
  5. Specify the Priority of the rule.
    If this rule will not conflict with any other rules, you can leave the default of 1000. If there is another ingress rule that targets the same IP address range, protocols, and ports, and also has a value of Deny for the Action on match field, then set the priority of the new ingress rule to be a lower value than that of the existing ingress rule, so that Google Cloud will apply it.
  6. Choose Ingress for Direction of traffic.
  7. Choose Allow for Action on match.
  8. For Targets, take one of the following actions:
  • If you want to allow traffic to all clients in the network from Filestore instances, choose All instances in the network .
  • If you want to allow traffic to specific clients from Filestore instances, choose Specified target tags. Type the instance names of the clients in Target tags.
  1. Leave the default value of IP ranges for the Source filter.
  2. For Source IP ranges, type the IP address ranges of the Filestore instances you want to allow access from. You can enter the internal IP address ranges that you are using with your Filestore instances to enable all Filestore traffic, or you can enter the IP addresses of specific Filestore instances. You must use CIDR notation.
  3. Leave the default value of None for the Second source filter.
  4. For Protocols and ports, choose Specified protocols and ports and then:
  • Select the tcp check box and enter 111,STATDOPTS,nlm_tcpport in the associated field, where:
  • STATDOPTS is the port used by the statd daemon on the client.
  • nlm_tcpport is the tcp port used by the nlockmgr daemon on the client.
  • (High Scale SSD only) Select the udp check box and enter the value of nlm_udpport, which is the udp port used by nlockmgr.
  1. Choose Create.

Creating a firewall egress rule

Use the following procedure to create a firewall rule to enable traffic to Filestore instances.

  1. Go to the Firewall page in the Google Cloud Console.
  2. Click Create firewall rule.
  3. Enter a Name for the firewall rule. This name must be unique for the project.
  4. Specify the Network in which you want to implement the firewall rule.
  5. Specify the Priority of the rule.
  6. If this rule will not conflict with any other rules, you can leave the default of 1000. If there is another egress rule that targets the same IP address range, protocols, and ports, and also has a value of Deny for the Action on match field, then set the priority of the new egress rule to be a lower value than that of the existing egress rule, so that Google Cloud will apply it.
  7. Choose Egress for Direction of traffic.
  8. Choose Allow for Action on match.
  9. For Targets, take one of the following actions:
  • If you want to allow traffic from all clients in the network to Filestore instances, choose All instances in the network .
  • If you want to allow traffic from specific clients to Filestore instances, choose Specified target tags. Type the instance names of the clients in Target tags.
  1. For Destination IP ranges, type the IP address ranges of the Filestore instances you want to allow access to. You can enter the internal IP address ranges that you are using with your Filestore instances to enable traffic to all Filestore instances, or you can enter the IP addresses of specific Filestore instances. You must use CIDR notation.
  2. For Protocols and ports, choose Specified protocols and ports. Then select the tcp check box and enter 111,2046,2049,2050,4045 in the associated field.
  3. Choose Create.

See below ports required for the three stated rules:

Ingress-111, 2046,2049,2050,4045

Egress-111, 2046,2049,2050,4045

SSH- 22

HTTP- 80

Note:

STATDOPTS is the port used by the statd daemon on the client.

nlm_tcpport is the tcp port used by the nlockmgr daemon on the client.

SSH into your compute instance initially created, and mount your fileshare on the instance

Use link below to execute the mounting on the following operating systems Linux: mount, Linux: /etc/fstab, Linux: autofs and Windows

https://cloud.google.com/filestore/docs/mounting-fileshares

Firestore
File Store
Nfs Server
Gcp
Cloud Computing

--

--

Fredrick Sachita
Fredrick Sachita

Written by Fredrick Sachita

22 Followers
16 Following

Solutions Architect | Certified Gogle Cloud, Microsoft Azure,AWS

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams