On using Google Cloud Engine
Firewall rules
Source: GCE Default firewall rules
Egress rules on instances meant for deny type of rules, since all outbound
traffic is enabled by default on GCE instances:
All networks, whether a project’s
defaultnetwork or a manually created network, have the following implied rules. These rules cannot be changed or deleted, but rules with a higher priority can override them.
- A default “allow egress” rule. Allows all egress connections. Rule has a priority of
65535.- A default “deny ingress” rule. Deny all ingress connection. Rule has a priority of
65535
Allowing all egress traffic by default is apparently common practice on servers, under the assumption that the code running on the server is - to itself - trustable.
Drives and instances
Information given by Nicola Montecchio.
- Using an SSD over a hard drive does not significantly increase costs
- GPU instances cost a lot, even when idle, so turn them off as often as possible
- On throughput:
- Much higher throughput (On GCE disk performance) on large drives, thus it is more efficient to create the instance with a small internal drive AND create a (possibly shared) large SSD (e.g. 400Gb) and mount it on the instance.
- in that case the drive has to be created as a blank drive, then be attached to the instance. see the procedure in the references for mounting and formatting the drive
- the created disk can be used in read-only mode by several instances simultaneously
- also has the benefit of allowing to shutdown the instance and still access the files on the drive: an idle drive does not cost much
Mounting drive
Code available to format drive on this page: Adding and formatting drives
Properly creating the /mnt/disks folder
The code given on this Google page omits the creation of the /mnt/disks
folder, which could result in bugs regarding the file permissions.
Code to properly create this folder and set the permissions:
$ sudo mkdir /mnt/disks
$ sudo chmod -R a+rx /mnt/disks # `+x` necessary to enter and perform ls on folder