Enter a descriptive name for your cloud provider setup, such as “My GC Account”. From the drop-down, select Google Cloud Platform as the provider. Use the Choose File button to locate the JSON file you downloaded when creating your Google Cloud setup, then enter a Default Bucket name to use for storing configuration and application data for your cluster. If it does not already exist, the bucket will be created.
If this Google Cloud account will be your main cloud provider for CycleCloud, check the “Set Default” option. Once you have completed setting the parameters for your Google Cloud account, click Save to continue.
GC Developers Console
The GCP Developers Console provides an interface for managing cloud services and resources. For all actions described here, “can-edit” permissions to the cloud project are sufficient, with the exception of Creating a Service Account which requires “is-owner” permissions.
You will need the following:
- A unique project set up within GC for CycleCloud
- A Service Account Key with owner permissions
- Several Firewall Rules added to your project Networking settings
Service Account API Credentials
CycleCloud uses API credentials for authentication. Below are the steps to create a service account with attached credentials, and download the credential data required for CycleCloud.
Generating Access Keys:
- Log into your GC console
- From the menu, click on IAM & Admin then Service accounts
- Click Add New Service Account
- Give your service account a unique name
- Choose Project – Owner as the account role
- Click the Furnish a new private key option, and select JSON
- You do not need to enable G Suite Domain-wide Delegation
- Click Create
- The JSON containing credentials will be downloaded by your browser.
You will need to import the SSH public key you created on the previous page into GC. Copy the contents of your public key file to paste into the GC console, which will use this key to set up remote proxies and to connect to the instances.
Importing the CycleCloud public key to GC:
- Log into GC and open your CycleCloud project from the dashboard
- Open the menu and choose Compute Engine
- On the left, click Metadata and open the SSH Keys tab
- Click Add SSH keys
- Paste the contents of the public ssh key file into the blank field
- The key name will inherit the username from the key contents that you paste. Use the format “cyclecloud@yourdomain“.
- Click Save
Adding Firewall Rules
Google Cloud has most of the firewall rules already configured by default, but you will need to add a few more to allow CycleCloud the necessary access:
- From your project dashboard, click the menu and select Networking under the Compute heading
- Click Firewall Rules on the left sidebar
- Select “All instances in the network” as your Targets
- Create the following firewall rules:
|Name||Network||Source Filter||Allowed Protocols/Ports|
|ganglia||default||Allow from any source (0.0.0.0/0)||tcp:8652|
|https-443||default||Allow from any source (0.0.0.0/0)||tcp:443|
|https-8443||default||Allow from any source (0.0.0.0/0)||tcp:8443|
- Click Create to save your firewall rules
GCP Network Rules and CycleCloud
The default routing rule in a new Network allows all tcp, udp and icmp communication between hosts in the same network. Other GCP network defaults include having an Internet Gateway attached, and for all traffic bound for addresses outside of the GCP network to route to the Internet Gateway on first bounce. We recommended setting up the first cluster in GCP with this default configuration to minimize the firewall-related issues that may be encountered.
Additionally, CycleCloud defaults the VM network settings to be ONE_TO_ONE_NAT. This can be overridden and is intended to reduce the chance of firewall-related issues. CycleCloud integrates VM management with GCP networking by controlling Tags, Network, and IP forwarding instance properties. See the GCP networking guide for more details on these settings.
From the GC Developers Console you should note the desired Network Name as well as any Tags that are relevant to networking rules. These values will be used to configure CycleCloud clusters. As an example, suppose that you have created a network named “site1gcppublic” and created networking route rules with tags: publicaccess, databaseaccess, natinstance.
Your abridged cluster configuration may look like:
[[node defaults]] Zone = uscentral1c Network = site1gcppublic KeyPairLocation = /Users/local.user/.ssh/idrsa [[node nat]] TagList = natinstance [[node master]] TagList = publicaccess, databaseaccess AssociatePublicIp = false
Note that the KeyPairLocation should point to the private key corresponding to the public key that was entered as the CycleCloud keypair in this GCP project.