La página que has solicitado no está disponible en tu idioma. Puedes traducir cualquier página web al instante al idioma que prefieras con la función de traducción integrada de Google Chrome.

Setup a GCP Shared VPC with default subnet using gcloud cli

 

The Host project will contain a network the Elastifile deployment will use

The service project will contain the Elastifile compute resources

Project Type Project Name

Host Project

support-team-a

Service Project

support-team-b

 

Configure the Service Project ("support-team-b")

Login to service account for service project

gcloud auth login chutch@support-team-b.iam.gserviceaccount.com

Set config to the service project

gcloud config set project support-team-b

Add roles required for deployment into service project

gcloud projects add-iam-policy-binding support-team-b --member "serviceAccount:chutch@support-team-b.iam.gserviceaccount.com" --role "roles/compute.instanceAdmin.v1"
gcloud projects add-iam-policy-binding support-team-b --member "serviceAccount:chutch@support-team-b.iam.gserviceaccount.com" --role "roles/iam.serviceAccountUser"
gcloud projects add-iam-policy-binding support-team-b --member "serviceAccount:chutch@support-team-b.iam.gserviceaccount.com" --role "roles/compute.networkAdmin"
gcloud projects add-iam-policy-binding support-team-b --member "serviceAccount:chutch@support-team-b.iam.gserviceaccount.com" --role "roles/compute.networkUser"
gcloud projects add-iam-policy-binding support-team-b --member "serviceAccount:chutch@support-team-b.iam.gserviceaccount.com" --role "roles/storage.admin"
gcloud projects add-iam-policy-binding support-team-b --member "serviceAccount:chutch@support-team-b.iam.gserviceaccount.com" --role "roles/compute.imageUser"
gcloud projects add-iam-policy-binding support-team-b --member "serviceAccount:chutch@support-team-b.iam.gserviceaccount.com" --role "roles/editor"

 

Configure the Host Project ("support-team-a")

 

Login to service account for host project

gcloud auth login chutch@support-team-a.iam.gserviceaccount.com

Set config to the host project

gcloud config set project support-team-a

 

Verify credentials, region and zone are set for host project

gcloud config list
[compute]
region = us-central1
zone = us-central1-f
[core]
account = chutch@support-team-a.iam.gserviceaccount.com
project = support-team-a

Enabled SharedVPC on host project

This requires “compute.organizations.enableXpnHost” granted from parent org

gcloud compute shared-vpc enable support-team-a

Add the service project to the host project SharedVPC

gcloud compute shared-vpc associated-projects add --host-project=support-team-a support-team-b

Verify service project is configured from the host project

gcloud compute shared-vpc associated-projects list support-team-a
RESOURCE_ID     RESOURCE_TYPE
support-team-b  PROJECT

Verify host project is configured from the service project

gcloud compute shared-vpc get-host-project support-team-b
kind: compute#project
name: support-team-a

 

Setup Host Project subnets

Share all subnets from host project with service project (Project based rules)

gcloud projects add-iam-policy-binding support-team-a --member "serviceAccount:chutch@support-team-b.iam.gserviceaccount.com" --role "roles/compute.networkUser"

Add firewall rules to host projects subnet used in deployment

gcloud compute firewall-rules create elastifile-storage-management --network default --priority 1000 --direction ingress --target-tags elastifile-management-node --source-tags elastifile-storage-node,elastifile-replication-node,elastifile-clients --source-ranges 10.128.0.0/20 --allow icmp,tcp:22,tcp:53,tcp:80,tcp:8080,tcp:443,tcp:10014-10017,udp:53,udp:123,udp:6667 --no-disabled

 

gcloud compute firewall-rules create elastifile-storage-service --network default --priority 1000 --direction ingress --target-tags elastifile-storage-node,elastifile-replication-node --source-ranges 10.128.0.0/20 --source-tags elastifile-management-node,elastifile-clients --allow icmp,tcp:22,tcp:111,tcp:2049,tcp:644,tcp:4040,tcp:4045,tcp:10015-10017,tcp:8000-9224,tcp:32768-60999,udp:111,udp:2049,udp:644,udp:4040,udp:4045,udp:6667,udp:8000,udp:9224,udp:32768,udp:60999 --no-disabled

 

Deploy into service project using host project’s default subnet

List subnets in the host project

gcloud compute networks subnets list-usable --project support-team-a
PROJECT         REGION                   NETWORK            SUBNET               RANGE          SECONDARY_RANGES
support-team-a  us-central1              default             default              10.128.0.0/20

Obtain URI for target subnet in the host project

gcloud compute networks subnets list --project support-team-a --uri
https://www.googleapis.com/compute/v1/projects/support-team-a/regions/us-central1/subnetworks/default

Update terraform.tfvars to use “NETWORK” and “SUBNETWORK” from host project

ZONE = "us-central1-f"
PROJECT = "support-team-b"
NETWORK = "default"
SUBNETWORK = "/projects/support-team-a/regions/us-central1/subnetworks/default"
IMAGE = "elastifile-storage-2-7-5-12-ems"
CREDENTIALS = "support-team-b-0715a3734e41.json"
SERVICE_EMAIL = "chutch@support-team-b.iam.gserviceaccount.com"

 

Or launch EMS directly via gcloud and complete provisioning via UI

gcloud beta compute --project=support-team-b instances create elastifile-storage-sp --zone=us-central1-f --machine-type=n1-standard-4 --subnet=/projects/support-team-a/regions/us-central1/subnetworks/default --network-tier=PREMIUM --maintenance-policy=MIGRATE --service-account=chutch@support-team-b.iam.gserviceaccount.com --scopes=https://www.googleapis.com/auth/cloud-platform --image=https://www.googleapis.com/compute/v1/projects/elastifle-public-196717/global/images/elastifile-storage-2-7-5-12-ems --boot-disk-size=100GB --boot-disk-type=pd-standard --boot-disk-device-name=elastifile-storage-sp --tags=elastifile-management-node

 

Was this helpful?

How can we improve it?
true
Search
Clear search
Close search
Main menu
5963958771361442385
true
Search Help Center
true
true
true
false
false