Back up data for disaster recovery

This page shows you how to back up data for disaster recovery using Filestore backups. To learn more about backups, common use cases, and best practices, see Backups.

Supported tiers

The following table shows the Filestore service tiers that support backups, encryption, and related restore operations:

Tier Backups
support
restore to
new instance
restore to
existing instance
restore to
source instance
CMEK
support
Basic HDD Yes Yes Yes Yes No
Basic SSD Yes Yes Yes Yes No
Zonal Yes Yes No No Yes
Regional Yes Yes No No Yes
Enterprise Yes Yes No No Yes

Before you begin

  1. Install gcloud.

  2. Update gcloud components:

    gcloud components update
    
  3. Ensure that the account you are using has either the Cloud Filestore Editor role, or the Project Owner or Project Editor basic role. For more information about roles and permissions for Filestore, see Access Control, IAM permissions, or About supported protocols.

Back up a file share

Filestore backups don't include file locks and certain instance-specific information. The following table shows what information backups preserve and what information they don't:

Preserved Not preserved
Instance ID Description
Tier of the source instance Location
Capacity Network
File share name IP address
Creation time
IP-based access controls
File locks
Lock state
Snapshots

Backup chains and encryption

A backup chain is a collection of backups that reference the same source instance. Even if stored in a region separate from the source, a backup chain is collectively located in its own bucket and region, and, if applicable, each backup in the chain is encrypted using the same CMEK. All service tiers support multiple backup chains.

When creating a backup chain encrypted with CMEK, consider the following limitations:

  • CMEK support is not available for basic HDD and basic SSD backups.

  • A single CMEK is applied to the bucket where the backup chain is stored and cannot be combined or replaced.

For more information see Customer-managed encryption keys and Backups.

Create a backup

You can create a backup of a file share using one of the following methods:

Console

  1. Go to the Filestore instances page
  2. Click the Filestore instance that you want to create a backup of.
  3. Click the Backups tab.
  4. Click Create backup.
  5. For Backup ID, type a name for the backup.
  6. For Region, select the Google Cloud region where you want the backup to be located.
  7. Optional: Add a description.
  8. Optional: Click Add label to add labels to the backup.
  9. Click Create.

gcloud

Run the following gcloud filestore backups create command in a terminal window on your local machine. The --kms-key flag is optional:

  gcloud filestore backups create BACKUP-NAME \
  --instance=INSTANCE-NAME \
  --file-share=FILE-SHARE-NAME \
  --instance-zone=ZONE \
  --region=BACKUP-LOCATION \
  --kms-key=projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEYRING/cryptoKeys/CRYPTO-KEY

where:

  • BACKUP-NAME is the name you want to give the backup.
  • INSTANCE-NAME is the name of the Filestore instance to back up.
  • FILE-SHARE-NAME is the name of the file share on the Filestore instance.
  • ZONE is the zone where the Filestore instance is located.
  • BACKUP-LOCATION is the region where the backup will be stored. If a region is not indicated, the backup is created in the same region as the Filestore instance.
  • KMS-PROJECT is the project name where the KMS key resource is stored.
  • KMS-LOCATION is the region of the KMS key resource.
  • KEYRING is the name of the key ring.
  • CRYPTO-KEY is the KMS key resource.

Example

The following command creates a backup of file share vol1 on the Filestore instance nfs-server, which is located in zone us-central1-c. The backup is named mybackup, is located in region asia-east2, and has an associated encryption key that will encrypt the instance when restored:

  gcloud filestore backups create mybackup \
  --instance=nfs-server \
  --file-share=vol1 \
  --instance-zone=us-central1-c \
  --region=asia-east2 \
  --kms-key=projects/purple-project/locations/us-central1/keyRings/filestore-keyring/cryptoKeys/filestore-key

List, view, update, and delete backups

Filestore backups can be listed, viewed, updated, and deleted.

Console

  1. To view a list of all backups in your current project:

    Go to the Filestore backups page

  2. To see details about a backup, click the backup ID.

  3. To delete a backup:

    1. Click the backup ID of the backup you want to delete.
    2. Click Delete.
    3. When prompted, type the backup ID.
    4. Click Delete.

gcloud

List all backups in your current project

To view a list of backups for your current project, run the backups list command:

  gcloud filestore backups list

View information about a backup

To view information about a backup, run the backups describe command:

  gcloud filestore backups describe BACKUP-NAME \
  --region=BACKUP-LOCATION

Where:

  • BACKUP-NAME is the name of the backup whose information you want to view.
  • BACKUP-LOCATION is the region where the backup is stored.

Update a backup

To update a backup, run the backups update command:

gcloud filestore backups update BACKUP-NAME \
  --region=BACKUP-LOCATION \
  --description="NEW-DESCRIPTION" \
  --update-labels=KEY=VALUE,...

Where:

  • BACKUP-NAME is the name of the backup whose information you want to view.
  • BACKUP-LOCATION is the region where the backup is stored. The region cannot be changed.
  • NEW-DESCRIPTION is the description of the backup.
  • KEY=VALUE,... is a list of KEY=VALUE pairs you want to update. If a label exists, its value is updated, otherwise a new label is created.

Delete a backup

To delete a backup, run the backups delete command:

gcloud filestore backups delete BACKUP-NAME \
  --region=BACKUP-LOCATION

Where:

  • BACKUP-NAME is the name of the backup whose information you want to view.
  • BACKUP-LOCATION is the region where the backup is stored.

Restore a file share

Before initiating a restore operation, we recommend pausing applications and unmounting from the file system to reduce the risk of application errors. You must then remount the file share after it is restored from a backup. All outstanding file locks are revoked upon successful restoration. During restoration, client READ and WRITE operations are paused.

Limitations

  • Basic-tier backups can be restored to the source, a new instance, or to an existing instance.

  • If you want to restore a backup of a zonal, regional, or enterprise instance, you must create a new instance.

  • When creating a new instance to complete a backup restore operation, the new instance must match the source instance's service tier and capacity range. For example, if the source was created using the zonal service tier with lower capacity range, the new instance must use the same service tier and capacity range.

  • When restoring a backup, the new instance must use the same protocol as the source instance.

Before you begin

When restoring a backup to an existing instance, if the backup and the instance use separate customer-managed encryption keys (CMEKs), you'll need to grant access to the backup's key from the target instance's project-level service account.

gcloud

Ensure you have the proper permissions such as the roles/cloudkms.admin role to run the following command:

 gcloud projects add-iam-policy-binding KMS_PROJECT_NUMBER \
     --member serviceAccount:service-TARGET_INSTANCE_PROJECT_NUMBER@cloud-filer.iam.gserviceaccount.com \
     --role roles/cloudkms.cryptoKeyEncrypterDecrypter

where:

  • KMS_PROJECT_NUMBER is the project number where the key is located.
  • TARGET_INSTANCE_PROJECT_NUMBER is the project number for the instance you want associated with the key.

For gcloud flag details, see the gcloud projects add-iam-policy-binding page.

Restore to the source or an existing instance

You can restore a basic tier backup to the source instance or to a file share of an existing Filestore instance.

When restoring a backup to an existing Filestore instance, the capacity of the target instance must be greater than or equal to that of the original instance from which the backup was created. If the original instance has a greater capacity, you must first increase the target instance's capacity before attempting the restore operation.

If a backup restore to a basic HDD or basic SSD instance fails, the file share state remains unchanged.

If, once the operation begins, a backup restore to a zonal, regional, or enterprise instance fails, the file system resets to an empty state. Users are responsible for retrying the operation.

Console

  1. Go to the Filestore instances page
  2. Click the instance ID of the instance you want to restore a backup from.
  3. Click the Backups tab.
  4. Locate the backup you want to restore from and click (...) More actions.
  5. Click Restore backup.
  6. Choose a target instance to restore:
    1. If restoring the source instance, click Source instance.
    2. If restoring to another existing instance, click Other existing instance.
      1. Click Select instance.
      2. Select the target instance where you want the restored backup to reside and click Select.
  7. Click Restore and a confirmation dialog appears.
    1. Click the acknowledgement checkbox.
    2. Enter the name of the backup in the input field and click Restore.

gcloud

To restore a Filestore file share to an existing instance, run the instances restore command:

  gcloud filestore instances restore INSTANCE-NAME \
  --source-backup=BACKUP-NAME \
  --source-backup-region=BACKUP-LOCATION \
  --file-share=FILE-SHARE-NAME \
  --zone=INSTANCE-LOCATION

Where:

  • INSTANCE-NAME is the name of the existing Filestore instance to restore the file share to.
  • BACKUP-NAME is the name of the backup to restore from.
  • BACKUP-LOCATION is the region where the backup is located.
  • FILE-SHARE-NAME is the name of the file share to restore to.
  • INSTANCE-LOCATION is the zone that the Filestore instance is located.

Example

The following command restores mybackup, which is located in region asia-east2, to file share vol1 on Filestore instance myinstance, which is located in zone us-central1-c:

  gcloud filestore instances restore myinstance \
  --source-backup=mybackup \
  --source-backup-region=asia-east2  \
  --file-share=vol1 \
  --zone=us-central1-c

Restore to a new instance

When a backup is restored to a new Filestore instance, the capacity of the new file share must be greater than or equal to the capacity of the backup. For zonal, regional, and enterprise tier instances, the capacity of the new file share must be greater than or equal to the capacity of the source share.

You must use the same service tier as the source backup.

Console

  1. In the Google Cloud console, go to the Filestore instances page.

    Go to the Filestore instances page

  2. Click Backups.

  3. Click the name of the backup you want to restore from.

  4. Click Restore.

  5. Click New instance.

  6. Configure the new instance by following the instructions on the page. For details, see Creating instances.

  7. Click Restore.

gcloud

To restore a Filestore file share to a new instance, run the instances create command:

  gcloud filestore instances create INSTANCE-NAME \
  --zone=ZONE \
  --tier=TIER \
  --file-share=name=FILE-SHARE-NAME,capacity=FILE-SHARE-CAPACITY,source-backup=SOURCE-BACKUP-NAME,source-backup-region=SOURCE-BACKUP-LOCATION \
  --network=name=VPC-NETWORK,reserved-ip-range=RESERVED-IP-ADDRESS

Where:

  • INSTANCE-NAME is the name you want to give to the new Filestore instance.
  • ZONE is the zone where the Filestore instance resides.
  • TIER is the service tier you want to use. This should be the same as the source backup.
  • FILE-SHARE-NAME is the name you specify for the NFS file share that is served from the instance.
  • FILE-SHARE-CAPACITY is the capacity you want for the file share.
  • SOURCE-BACKUP-NAME is the name of the backup to restore from.
  • SOURCE-BACKUP-LOCATION is the region where the backup is located.
  • VPC-NETWORK is the name of the VPC network you want the instance to use.
  • RESERVED-IP-ADDRESS is the IP address range for the Filestore instance.

For gcloud flag details, see Creating instances.

Example

The following command creates a new Filestore instance myinstance-restored located in zone us-central1-c on network default. Backup mybackup located in region asia-east2 is restored on file share vol1 of myinstance-restored with a 2TiB capacity:

  gcloud filestore instances create myinstance-restored \
  --zone=us-central1-c \
  --tier=zonal \
  --network=name=default \
  --file-share=name=vol1,capacity=2TiB,source-backup=mybackup,source-backup-region=asia-east2

What's next